Installing from the Linux Bible CD or DVD

Installing from the Linux Bible CD or DVD
Linux Bible
®
2007 Edition
Boot Up Ubuntu®, Fedora™, KNOPPIX,
Debian®, SUSE™, and 11 Other Distributions
Christopher Negus
Linux Bible
®
2007 Edition
Boot Up Ubuntu®, Fedora™, KNOPPIX,
Debian®, SUSE™, and 11 Other Distributions
Christopher Negus
Linux® Bible 2007 Edition: Boot Up Ubuntu®, Fedora™, KNOPPIX, Debian®, SUSE™, and 11 Other Distributions
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-08279-9
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United
States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the
appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978)
646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475
Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at
http://www.wiley.com/go/permissions.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO
REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE
CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT
LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR
EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN
MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT
THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL
SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL
PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR
DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS
WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY
PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET
WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK
WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services or to obtain technical support, please contact our Customer Care
Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Library of Congress Cataloging-in-Publication Data
Negus, Chris, 1957Linux bible : boot up to Ubuntu, Fedora, KNOPPIX, Debian, SUSE, and 11 other distributions / Christopher Negus. -- 2007 ed.
p. cm.
Includes index.
ISBN 978-0-470-08279-9 (paper/dvd)
1. Linux. 2. Operating systems (Computers) I. Title.
QA76.76.O63N42153 2007
005.4'32--dc22
2007000458
Trademarks: Wiley, the Wiley logo, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
and/or its affiliates, in the United States and other countries, and may not be used without written permission. Linux is a registered
trademark of Linus Torvalds. Fedora is a trademark of Red Hat, Inc. Debian is a registered trademark of Software in the Public
Interest, Inc. SUSE is a trademark of Novell, Inc. Ubuntu is a registered trademark of Canonical Limited Company. All other
trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associated with any product or vendor
mentioned in this book.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in
electronic books.
About the Authors
Chris Negus has written or co-written dozens of books on Linux and UNIX, including Red Hat
Linux Bible (all editions), Fedora and Red Hat Enterprise Linux Bible, Linux Troubleshooting Bible, and
the recent Linux Toys II. For eight years he worked with the organization at AT&T that developed
UNIX before moving to Utah to help contribute to Novell’s short-lived UnixWare project in the
early 1990s. When not writing about Linux, Chris enjoys playing soccer and just hanging out with
his family.
Wayne Tucker is a Linux enthusiast and has been a professional system administrator for six years.
He is currently a technical manager, systems administrator, and network engineer at an Internet
company in Washington state. He lives in Bellingham, Washington, with his beloved wife,
Danielle, whom he would like to thank for her patience while he was working on this project. His
future projects include continuing his education and working on the things that have recently
accumulated on his “honey-do” list.
Eric Foster-Johnson is a veteran software developer and the author or co-author of over 18 books
on programming, operating systems, and open source software.
William von Hagen (Bill) has been a UNIX system administrator for over twenty years, and a
Linux fanatic since the early 1990s. He has worked as a systems programmer, system administrator, writer, application developer, programmer, drummer, and content manager. Bill has written
books on such topics as Linux server hacks, Linux filesystems, SUSE Linux, Red Hat Linux, GCC,
SGML, Mac OS X, and hacking the TiVo. He has also written numerous articles on Linux, embedded computing, Unix, and Open Source topics.
Jaldhar Vyas is a 35-year-old Hindu priest and Linux consultant currently working for Linspire,
Inc. Jaldhar has been using Linux for eleven years and has been one of the volunteer maintainers of
Debian GNU/Linux for nine years. He lives in Jersey City, NJ with his wife Jyoti, daughter
Shailaja, and son Nilagriva.
As always, I dedicate this book to my wife, Sheree.
Credits
Executive Editor
Carol Long
Project Coordinator
Bill Ramsey
Acquisitions Editor
Kit Kemper
Graphics and Production Specialists
Sean Decker
Joyce Haughey
Jennifer Mayberry
Alicia B. South
Development Editor
Sara Shlaer
Technical Editors
Thomas Blader
John Kennedy
Production Editor
Angela Smith
Copy Editor
Nancy Rapoport
Editorial Manager
Mary Beth Wakefield
Production Manager
Tim Tate
Vice President and Executive Group
Publisher
Richard Swadley
Vice President and Executive Publisher
Joseph B. Wikert
Proofreading
Christopher Jones
Indexing
Johnna vanHoose Dinse
Anniversary Logo Design
Richard Pacifico
I
consider anyone who has contributed to the open source community to be a contributor to the
book you are holding. The backbone of any Linux distribution is formed by the organizations
that produce the distributions, the major projects included in Linux, and the thousands of
people who give their time and code to support Linux. So, thanks to you all!
As for direct contributors to the book, the good people at Wiley put together a great team of people
to help bring the Linux Bible 2007 Edition in on time. Primary contributors include Wayne Tucker
(who originally wrote and then updated the chapters on Debian, LAMP servers, and mail servers)
and Eric Foster-Johnson (who worked through updates to six of the chapters). Bill von Hagen contributed updates to the SUSE, Yellow Dog, and Ubuntu chapters. Jaldhar Vyas updated the Linspire
chapter.
Thanks to the folks at Wiley for helping me press through the project. Kit Kemper helped put
together the team to handle this edition. Sara Shlaer did her usual great job of keeping everyone on
track to get the book done on time. Nancy Rapoport provided an excellent copyediting pass on the
book. Thomas Blader and John Kennedy did a thorough job of technical editing. Thanks to Margot
Maley Hutchison and Maureen Maloney from Waterside Productions for contracting the book for
me with Wiley.
And finally, special thanks to my wife, Sheree. There’s no way I could do the work I do without the
solid support I get on the home front. I love you, and thanks for taking such good care of Seth,
Caleb, and me.
v
Acknowledgments ..........................................................................................................................v
Introduction ..............................................................................................................................xxix
Part I: Linux First Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 1: Starting with Linux........................................................................................................3
Chapter 2: Running Commands from the Shell ............................................................................33
Chapter 3: Getting into the Desktop ............................................................................................77
Part II: Running the Show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 4: Learning Basic Administration ..................................................................................125
Chapter 5: Getting on the Internet ..............................................................................................171
Chapter 6: Securing Linux ..........................................................................................................195
Part III: Choosing and Installing a Linux Distribution . . . . . . . . 241
Chapter 7: Installing Linux ........................................................................................................243
Chapter 8: Running Fedora Core and Red Hat Enterprise Linux ................................................273
Chapter 9: Running Debian GNU/Linux ....................................................................................295
Chapter 10: Running SUSE Linux ..............................................................................................319
Chapter 11: Running KNOPPIX..................................................................................................337
Chapter 12: Running Yellow Dog Linux ......................................................................................361
Chapter 13: Running Gentoo Linux ............................................................................................381
Chapter 14: Running Slackware Linux ........................................................................................401
Chapter 15: Running Linspire and Freespire ..............................................................................417
Chapter 16: Running Mandriva ..................................................................................................433
Chapter 17: Running Ubuntu Linux ..........................................................................................447
Chapter 18: Running a Linux Firewall/Router ............................................................................467
Chapter 19: Running Bootable Linux Distributions ....................................................................493
vi
Part IV: Running Applications . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Chapter 20: Playing Music and Video ........................................................................................515
Chapter 21: Working with Words and Images ............................................................................553
Chapter 22: E-Mailing and Web Browsing ..................................................................................591
Chapter 23: Gaming with Linux..................................................................................................625
Part V: Running Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
Chapter 24: Running a Linux, Apache, MySQL, and PHP (LAMP) Server ..................................655
Chapter 25: Running a Mail Server ............................................................................................679
Chapter 26: Running a Print Server ............................................................................................695
Chapter 27: Running a File Server ..............................................................................................719
Part VI: Programming in Linux . . . . . . . . . . . . . . . . . . . . . . . . . 753
Chapter 28: Programming Environments and Interfaces ............................................................755
Chapter 29: Programming Tools and Utilities..............................................................................785
Appendix A: Media ....................................................................................................................817
Appendix B: Entering the Linux Community ............................................................................827
Index ..........................................................................................................................................833
GNU General Public License ......................................................................................................849
vii
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Part I: Linux First Steps
1
Chapter 1: Starting with Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Taking Your First Step ................................................................................................4
Starting Right Now................................................................................................................6
Understanding Linux ............................................................................................................6
Exploring Linux History........................................................................................................9
From a Free-Flowing UNIX Culture at Bell Labs..........................................................9
To a Commercialized UNIX ......................................................................................11
BSD Arrives ....................................................................................................11
UNIX Laboratory and Commercialization ........................................................12
To a GNU Free-Flowing (not) UNIX ..........................................................................13
BSD Loses Some Steam..............................................................................................14
Linus Builds the Missing Piece ..................................................................................14
What’s So Great About Linux? ............................................................................................16
Features in Linux ......................................................................................................16
OSI Open Source Definition ......................................................................................17
Vibrant Communities ................................................................................................19
Major Software Projects ............................................................................................20
Linux Myths, Legends, and FUD ........................................................................................21
Can You Stop Worrying About Viruses? ....................................................................21
Will You Be Sued for Using Linux? ............................................................................22
The SCO Lawsuits ..........................................................................................23
Software Patents ..............................................................................................24
Other Litigious Issues ......................................................................................24
Can Linux Really Run on Everything from Handhelds to Supercomputers? ..............25
Will Microsoft Crush Linux?......................................................................................25
Are You on Your Own If You Use Linux? ..................................................................26
Is Linux Only for Geeks? ..........................................................................................26
How Do Companies Make Money with Linux? ..........................................................27
How Different Are Linux Distributions from One Another? ......................................28
Is the Linux Mascot Really a Penguin? ......................................................................29
Getting Started with Linux ..................................................................................................29
Summary ............................................................................................................................31
ix
Contents
Chapter 2: Running Commands from the Shell . . . . . . . . . . . . . . . . 33
Starting a Shell ....................................................................................................................34
Using the Shell Prompt..............................................................................................34
Using a Terminal Window ........................................................................................35
Using Virtual Terminals ............................................................................................36
Choosing Your Shell ............................................................................................................36
Using bash (and Earlier sh) Shells..............................................................................37
Using tcsh (and Earlier csh) Shells ............................................................................37
Using ash ..................................................................................................................37
Using ksh ..................................................................................................................38
Using zsh ..................................................................................................................38
Exploring the Shell..............................................................................................................38
Checking Your Login Session ....................................................................................38
Checking Directories and Permissions ......................................................................39
Checking System Activity ..........................................................................................40
Exiting the Shell ........................................................................................................42
Using the Shell in Linux ......................................................................................................42
Locating Commands..................................................................................................43
Rerunning Commands ..............................................................................................45
Command-Line Editing ..................................................................................46
Command-Line Completion ............................................................................48
Command-Line Recall ....................................................................................49
Connecting and Expanding Commands ....................................................................51
Piping Commands ..........................................................................................51
Sequential Commands ....................................................................................51
Background Commands ..................................................................................52
Expanding Commands ....................................................................................52
Expanding Arithmetic Expressions ..................................................................53
Expanding Environment Variables ..................................................................53
Creating Your Shell Environment ........................................................................................53
Configuring Your Shell ..............................................................................................54
Setting Your Prompt ........................................................................................54
Adding Environment Variables ........................................................................56
Adding Aliases ................................................................................................57
Using Shell Environment Variables ............................................................................57
Common Shell Environment Variables ............................................................58
Set Your Own Environment Variables ..............................................................59
Managing Background and Foreground Processes......................................................60
Starting Background Processes ........................................................................61
Using Foreground and Background Commands ..............................................61
Working with the Linux File System....................................................................................62
Creating Files and Directories....................................................................................65
Using Metacharacters and Operators................................................................66
Using File-Matching Metacharacters ................................................................66
x
Contents
Using File-Redirection Metacharacters ............................................................68
Understanding File Permissions ......................................................................68
Moving, Copying, and Deleting Files ........................................................................71
Using the vi Text Editor ......................................................................................................71
Starting with vi ..........................................................................................................72
Moving Around the File ............................................................................................75
Searching for Text......................................................................................................75
Using Numbers with Commands ..............................................................................76
Summary ............................................................................................................................76
Chapter 3: Getting into the Desktop . . . . . . . . . . . . . . . . . . . . . . 77
Understanding Your Desktop ..............................................................................................77
Starting the Desktop ..................................................................................................78
Boot to the Desktop ........................................................................................78
Boot to Graphical Login ..................................................................................78
Boot to a Text Prompt ......................................................................................81
K Desktop Environment ......................................................................................................82
Using the KDE Desktop ............................................................................................83
Managing Files with the Konqueror File Manager......................................................86
Working with Files ..........................................................................................87
Searching for Files ..........................................................................................89
Creating New Files and Folders ......................................................................90
Using Other Browser Features..........................................................................91
Configuring Konqueror Options................................................................................92
Managing Windows ..................................................................................................95
Using the Taskbar ............................................................................................95
Uncluttering the Desktop ................................................................................95
Moving Windows ............................................................................................95
Resizing Windows ..........................................................................................96
Pinning Windows on Top or Bottom................................................................96
Using Virtual Desktops ....................................................................................96
Configuring the Desktop ..........................................................................................96
Changing the Display ......................................................................................97
Changing Panel Attributes ..............................................................................98
Adding Application Launchers and MIME Types ......................................................99
Adding Applications to the Panel ....................................................................99
Adding Applications to the Desktop ................................................................99
The GNOME Desktop ......................................................................................................100
Using the Metacity Window Manager ......................................................................102
Using the GNOME panels ......................................................................................103
Using the Applications and System Menu ......................................................104
Adding an Applet ..........................................................................................105
Adding Another Panel....................................................................................106
Adding an Application Launcher ..................................................................106
Adding a Drawer............................................................................................107
Changing Panel Properties ............................................................................107
xi
Contents
Using the Nautilus File Manager..............................................................................108
3D Effects with AIGLX ............................................................................................110
Changing GNOME Preferences................................................................................113
Exiting GNOME ......................................................................................................114
Configuring Your Own Desktop ........................................................................................115
Configuring X..........................................................................................................116
Creating a Working X Configuration File ......................................................116
Getting New X Drivers ..................................................................................117
Tuning Up Your X Configuration File ............................................................117
Choosing a Window Manager..................................................................................119
Choosing Your Personal Window Manager ..............................................................121
Getting More Information ................................................................................................121
Summary ..........................................................................................................................122
Part II: Running the Show
123
Chapter 4: Learning Basic Administration . . . . . . . . . . . . . . . . . . 125
Graphical Administration Tools ........................................................................................126
Using Web-Based Administration ............................................................................126
Open Source Projects Offering Web Administration ......................................126
The Webmin Administration Tool ..................................................................127
Graphical Administration with Different Distributions ............................................128
Red Hat Config Tools ....................................................................................128
SUSE YaST Tools............................................................................................130
Using the root Login..........................................................................................................131
Becoming Root from the Shell (su Command) ........................................................132
Allowing Limited Administrative Access ..................................................................133
Exploring Administrative Commands, Configuration Files, and Log Files ........................134
Administrative Commands ......................................................................................134
Administrative Configuration Files ..........................................................................135
Administrative Log Files ..........................................................................................139
Using sudo and Other Administrative Logins ..................................................................139
Administering Your Linux System ....................................................................................142
Creating User Accounts ....................................................................................................142
Adding Users with useradd......................................................................................143
Setting User Defaults ..............................................................................................146
Configuring Hardware ......................................................................................................148
Managing Removable Hardware ..............................................................................149
Removable Media on a Fedora GNOME Desktop ..........................................149
Removable Media on a SUSE KDE Desktop ..................................................151
Working with Loadable Modules ............................................................................152
Listing Loaded Modules ................................................................................153
Loading Modules ..........................................................................................154
Removing Modules ........................................................................................155
xii
Contents
Managing File Systems and Disk Space ............................................................................155
Mounting File Systems ............................................................................................158
Supported File Systems..................................................................................158
Using the fstab File to Define Mountable File Systems ..................................160
Using the mount Command to Mount File Systems ......................................161
Using the umount Command ......................................................................164
Using the mkfs Command to Create a File System ..................................................164
Adding a Hard Disk ................................................................................................165
Checking System Space ..........................................................................................168
Displaying System Space with df....................................................................168
Checking Disk Usage with du ........................................................................169
Finding Disk Consumption with find ............................................................169
Monitoring System Performance........................................................................................170
Summary ..........................................................................................................................170
Chapter 5: Getting on the Internet . . . . . . . . . . . . . . . . . . . . . . 171
Connecting to the Network ..............................................................................................172
Connecting via Dial-Up Service ..............................................................................172
Connecting a Single Computer to Broadband ..........................................................173
Connecting Multiple Computers to Broadband........................................................174
Connecting Servers..................................................................................................176
Connecting Other Equipment..................................................................................177
Using Ethernet Connections to the Internet ......................................................................178
Configuring Ethernet During Installation ................................................................178
Configuring Ethernet from the Desktop ..................................................................179
Using Network Configuration GUI in Fedora ..........................................................179
Identifying Other Computers (Hosts and DNS) ......................................................181
Using Network Settings GUI in Ubuntu ..................................................................182
Understanding Your Internet Connection ................................................................184
Using Dial-Up Connections to the Internet ......................................................................186
Getting Information ................................................................................................186
Setting Up Dial-Up PPP ..........................................................................................187
Creating a Dial-Up Connection with the Internet Configuration Wizard..................188
Launching Your PPP Connection ............................................................................190
Launching Your PPP Connection on Demand ..........................................................191
Checking Your PPP Connection ..............................................................................191
Checking That Your Modem Was Detected ....................................................192
Connecting to the Internet with Wireless ..........................................................................192
Summary ..........................................................................................................................194
Chapter 6: Securing Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Linux Security Checklist....................................................................................................196
Finding Distribution-Specific Security Resources ....................................................198
Finding General Security Resources ........................................................................199
xiii
Contents
Using Linux Securely ........................................................................................................199
Using Password Protection ......................................................................................199
Choosing Good Passwords ......................................................................................200
Using a Shadow Password File ................................................................................201
Breaking Encrypted Passwords ......................................................................201
Checking for the Shadow Password File ........................................................202
Using Log Files..................................................................................................................203
The Role of Syslogd ................................................................................................206
Redirecting Logs to a Loghost with syslogd..............................................................206
Understanding the messages Log File ......................................................................208
Using Secure Shell Tools....................................................................................................208
Starting the ssh Service ............................................................................................209
Using the ssh, sftp, and scp Commands ..................................................................209
Using ssh, scp, and sftp Without Passwords ............................................................211
Securing Linux Servers ......................................................................................................212
Controlling Access to Services with TCP Wrappers..................................................212
Understanding Attack Techniques ..........................................................................215
Protecting Against Denial of Service Attacks ............................................................216
Mailbombing ................................................................................................216
Spam Relaying ..............................................................................................218
Smurf Amplification Attack............................................................................218
Protecting Against Distributed DOS Attacks ............................................................219
Protecting Against Intrusion Attacks ........................................................................223
Evaluating Access to Network Services ..........................................................224
Disabling Network Services ..........................................................................225
Securing Servers with SELinux ................................................................................226
Protecting Web Servers with Certificates and Encryption ........................................227
Symmetric Cryptography ..............................................................................228
Asymmetric Cryptography ............................................................................228
Secure Socket Layer ......................................................................................229
Using Security Tools Linux Live CDs ................................................................................237
Advantages of Security Live CDs..............................................................................238
Using INSERT to check for rootkits ........................................................................238
Summary ..........................................................................................................................239
Part III: Choosing and Installing a Linux Distribution
241
Chapter 7: Installing Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Choosing a Linux Distribution ..........................................................................................244
Linux at Work ........................................................................................................244
Other Distributions ................................................................................................245
Getting Your Own Linux Distribution ..............................................................................245
Finding Another Linux Distribution ........................................................................246
Understanding What You Need ..............................................................................247
Downloading the Distribution ................................................................................247
Burning the Distribution to CD ..............................................................................248
xiv
Contents
Exploring Common Installation Topics ............................................................................249
Knowing Your Computer Hardware ........................................................................249
Upgrading or Installing from Scratch ......................................................................251
Dual Booting with Windows or Just Linux? ............................................................251
Using Installation Boot Options ..............................................................................253
Partitioning Hard Drives ..........................................................................................253
Partitioning with Disk Druid During Installation ..........................................254
Partitioning with fdisk ..................................................................................257
Tips for Creating Partitions ............................................................................260
Using LILO or GRUB Boot Loaders..........................................................................261
Booting Your Computer with GRUB ..............................................................261
Booting with GRUB ......................................................................................262
Temporarily Changing Boot Options..............................................................262
Permanently Changing Boot Options ............................................................264
Adding a New GRUB Boot Image ..................................................................265
Booting Your Computer with LILO ................................................................266
Changing Your Boot Loader ..........................................................................270
Configuring Networking..........................................................................................270
Configuring Other Administrative Features ............................................................271
Installing from the Linux Bible CD or DVD ......................................................................272
Summary ..........................................................................................................................272
Chapter 8: Running Fedora Core and Red Hat Enterprise Linux. . . . . . . 273
Digging into Features ........................................................................................................275
Red Hat Installer (Anaconda) ..................................................................................275
RPM Package Management ......................................................................................276
Kudzu Hardware Detection ....................................................................................276
Red Hat Desktop Look-and-Feel..............................................................................277
System Configuration Tools ....................................................................................277
Going Forward with Fedora Core......................................................................................277
Growing Community Support for Fedora ................................................................278
Fedora Extras ..........................................................................................................278
Fedora Legacy Project ............................................................................................279
Forums and Mailing Lists ........................................................................................280
Fedora Comes of Age ........................................................................................................280
Looking Forward with Fedora ..........................................................................................282
Installing Fedora Core ......................................................................................................282
Choosing Computer Hardware ................................................................................282
Choosing an Installation Method ............................................................................283
Installing Without a Bootable CD Drive ........................................................284
Installing on Multiple Computers ..................................................................284
Installation Guides ........................................................................................284
Choosing to Install or Upgrade................................................................................284
Beginning the Installation ........................................................................................285
Running the Fedora Setup Agent ............................................................................293
Summary ..........................................................................................................................293
xv
Contents
Chapter 9: Running Debian GNU/Linux . . . . . . . . . . . . . . . . . . . 295
Inside Debian GNU/Linux ................................................................................................296
Debian Packages ......................................................................................................296
Debian Package Management Tools ........................................................................297
Debian Releases ......................................................................................................299
Getting Help with Debian..................................................................................................299
Installing Debian GNU/Linux ............................................................................................300
Hardware Requirements and Installation Planning ..................................................300
Workstations..................................................................................................301
Servers ..........................................................................................................301
Running the Installer ..............................................................................................301
Stage 1 ..........................................................................................................302
Stage 2 ..........................................................................................................303
Managing Your Debian System ..........................................................................................307
Configuring Network Connections ..........................................................................307
IP Networks: Ethernet and Wireless ..............................................................307
Dial-Up PPP Connections ..............................................................................308
PPPoE Connections ......................................................................................310
Package Management Using APT ............................................................................310
Managing the List of Package Repositories ....................................................310
Updating the APT Package Database..............................................................311
Finding and Installing Packages ....................................................................311
Removing Packages........................................................................................312
Upgrading Your System ................................................................................312
Package Management Using dpkg............................................................................313
Installing and Removing Packages ................................................................313
Querying the Package Database ....................................................................313
Examining a Package File ..............................................................................314
Installing Package Sets (Tasks) with Tasksel ............................................................315
Alternatives, Diversions, and Stat Overrides ............................................................315
Managing Package Configuration with debconf ......................................................317
Summary ..........................................................................................................................318
Chapter 10: Running SUSE Linux . . . . . . . . . . . . . . . . . . . . . . . 319
Understanding SUSE ........................................................................................................321
What’s in SUSE..................................................................................................................321
Installation and Configuration with YaST ................................................................322
RPM Package Management ......................................................................................325
Automated Software Updates ..................................................................................326
Getting Support for SUSE..................................................................................................327
Installing openSUSE..........................................................................................................327
Before You Begin......................................................................................................328
Starting Installation ................................................................................................329
Preparation ..................................................................................................329
Installation Settings........................................................................................330
Configuration Settings ..................................................................................332
xvi
Contents
Starting with SUSE ............................................................................................................333
Summary ..........................................................................................................................335
Chapter 11: Running KNOPPIX . . . . . . . . . . . . . . . . . . . . . . . . 337
KNOPPIX Features............................................................................................................338
Understanding KNOPPIX..................................................................................................338
KNOPPIX News ......................................................................................................338
Looking Inside KNOPPIX........................................................................................339
What’s Cool About KNOPPIX ..................................................................................340
Examining Challenges with KNOPPIX ....................................................................342
Seeing Where KNOPPIX Comes From ....................................................................343
Exploring Uses for KNOPPIX ..................................................................................343
Starting KNOPPIX ............................................................................................................344
Getting a Computer ................................................................................................344
Booting KNOPPIX ..................................................................................................345
Correcting Boot Problems........................................................................................346
Customizing KNOPPIX..................................................................................348
Special Features and Workarounds ................................................................350
Using KNOPPIX................................................................................................................351
Using the KDE Desktop in KNOPPIX ......................................................................352
Getting on the Network ..........................................................................................353
Installing Software in KNOPPIX ..............................................................................353
Saving Files in KNOPPIX ........................................................................................354
Writing to Hard Disk ....................................................................................355
Creating a Persistent Home Directory ............................................................356
Keeping Your KNOPPIX Configuration....................................................................357
Restarting KNOPPIX................................................................................................357
Summary ..........................................................................................................................358
Chapter 12: Running Yellow Dog Linux . . . . . . . . . . . . . . . . . . . . 361
Understanding Yellow Dog Linux ......................................................................................362
Going Forward with Yellow Dog ......................................................................................363
Digging into Yellow Dog....................................................................................................364
Installing Yellow Dog Linux ..............................................................................................365
Hardware Support ..................................................................................................366
Planning Your Installation........................................................................................367
Installing Mac OS X and Yellow Dog Linux on One Hard Drive ....................368
Installing Mac OS 9 or Earlier and Yellow Dog Linux on One Hard Drive......369
Installing Mac OS 9 or Earlier, Mac OS X, and Yellow Dog Linux on
Multiple Hard Drives ................................................................................369
Yellow Dog Linux 3.0.1 Special Considerations ............................................369
Beginning the Installation ........................................................................................370
Rebooting Your Linux Mac ......................................................................................376
Updating Yellow Dog Linux ..............................................................................................376
Running Mac Applications with Mac-on-Linux ................................................................377
Support Options ..............................................................................................................378
Summary ..........................................................................................................................379
xvii
Contents
Chapter 13: Running Gentoo Linux . . . . . . . . . . . . . . . . . . . . . . 381
Understanding Gentoo ......................................................................................................382
Gentoo’s Open Source Spirit ....................................................................................382
The Gentoo Community..........................................................................................383
Building, Tuning, and Tweaking Linux ....................................................................383
Where Gentoo Is Used ............................................................................................384
What’s in Gentoo ..............................................................................................................385
Managing Software with Portage..............................................................................386
Finding Software Packages ......................................................................................386
New Gentoo Features Entering 2007 ......................................................................387
Installing Gentoo ..............................................................................................................387
Getting Gentoo ........................................................................................................387
Live CD Install ..............................................................................................388
Minimal/Universal Install CD ........................................................................388
Starting Gentoo Installation from a Live CD ............................................................389
Starting Gentoo Installation from a Minimal CD ......................................................391
Getting Software with Emerge ................................................................................399
Summary ..........................................................................................................................399
Chapter 14: Running Slackware Linux . . . . . . . . . . . . . . . . . . . . 401
Getting into Slackware ......................................................................................................401
Characterizing the Slackware Community ........................................................................403
The Slackware Creator ............................................................................................403
Slackware Users ......................................................................................................405
Slackware Internet Sites ..........................................................................................405
Challenges of Using Slackware ..........................................................................................406
Using Slackware as a Development Platform ....................................................................406
Installing Slackware ..........................................................................................................407
Getting Slackware....................................................................................................407
New Features in Slackware 11.0 ..............................................................................408
Hardware Requirements ..........................................................................................408
Starting Installation ................................................................................................409
Starting with Slackware ....................................................................................................414
Summary ..........................................................................................................................416
Chapter 15: Running Linspire and Freespire . . . . . . . . . . . . . . . . . 417
Overview of Linspire ........................................................................................................417
Which Version Is Right For You? ......................................................................................419
Installing Software with Click-N-Run ......................................................................421
Other Installation Options ......................................................................................422
Linspire and Freespire Support ........................................................................................423
Forums and Information ........................................................................................423
Audio Assistant........................................................................................................423
Installing Linspire or Freespire ..........................................................................................424
Hardware Requirements ..........................................................................................424
Installing Linspire or Freespire ................................................................................425
xviii
Contents
Securing Linspire and Freespire ........................................................................................430
Summary ..........................................................................................................................431
Chapter 16: Running Mandriva . . . . . . . . . . . . . . . . . . . . . . . . 433
Mandriva Features ............................................................................................................433
Exploring Mandriva ..........................................................................................................436
Mandriva Installer (DrakX)......................................................................................436
RPM Package Management with RPMDrake ............................................................437
Mandriva Linux Control Center ..............................................................................439
The Mandriva Community ................................................................................................440
RPM Repository on Mandrivaclub ..........................................................................440
Mandriva Forums ....................................................................................................440
Installing Mandriva Limited Edition ................................................................................441
The Right Hardware for Mandriva ..........................................................................441
Begin the DrakX Installation ....................................................................................442
Summary ..........................................................................................................................445
Chapter 17: Running Ubuntu Linux . . . . . . . . . . . . . . . . . . . . . . 447
Overview of Ubuntu..........................................................................................................448
Ubuntu Releases ......................................................................................................448
Ubuntu Installer ......................................................................................................449
Ubuntu as a Desktop ..............................................................................................449
Ubuntu as a Server ..................................................................................................451
Ubuntu Spin-Offs ....................................................................................................452
Challenges Facing Ubuntu ......................................................................................453
Installing Ubuntu ..............................................................................................................454
Starting with Ubuntu ........................................................................................................458
Trying Out the Desktop ..........................................................................................459
Adding More Software ............................................................................................461
Getting More Information About Ubuntu ..........................................................................464
Summary ..........................................................................................................................465
Chapter 18: Running a Linux Firewall/Router . . . . . . . . . . . . . . . . 467
Understanding Firewalls....................................................................................................468
Protecting Desktops with Firewalls....................................................................................469
Starting Your Firewall in Fedora ..............................................................................469
Configuring a Firewall in Mandriva ........................................................................470
Using Firewalls with iptables ............................................................................................472
Starting with iptables ..............................................................................................472
Setting Some Rules ........................................................................................472
Saving Firewall Settings ................................................................................476
Checking Your Firewall..................................................................................476
Using iptables to Do SNAT or IP Masquerading ......................................................477
Adding Modules with iptables ................................................................................478
Using iptables as a Transparent Proxy ......................................................................479
xix
Contents
Using iptables for Port Forwarding ..........................................................................479
Getting iptables Scripts ..................................................................................480
Finding Out More About iptables ..................................................................480
Making a Coyote Linux Bootable Floppy Firewall ............................................................481
Creating a Coyote Linux Firewall ............................................................................481
Building the Coyote Linux Floppy ..........................................................................482
Running the Coyote Linux Floppy Firewall ............................................................488
Managing the Coyote Linux Floppy Firewall ..........................................................488
Using a Web Interface ....................................................................................488
Using a Remote Login ....................................................................................489
Using Other Firewall Distributions....................................................................................490
Summary ..........................................................................................................................491
Chapter 19: Running Bootable Linux Distributions . . . . . . . . . . . . . 493
Overview of Bootable Linux Distributions ........................................................................494
Choosing a Bootable Linux................................................................................................494
Security and Rescue Bootables ................................................................................495
BackTrack Network Security Suite ................................................................497
System Rescue CD ........................................................................................498
KNOPPIX Security Tools Distribution............................................................498
The Inside Security Rescue Toolkit ................................................................499
Demonstration Bootables ........................................................................................500
Multimedia Bootables ..............................................................................................501
MoviX2..........................................................................................................501
GeeXboX ......................................................................................................502
KnoppMyth ..................................................................................................502
Dyne:bolic ....................................................................................................503
Tiny Desktops ........................................................................................................503
Damn Small Linux ........................................................................................504
Puppy Linux ..................................................................................................505
Special Purpose Bootables ................................................................................................506
Customizing a Bootable Linux ..........................................................................................508
Summary ..........................................................................................................................510
Part IV: Running Applications
513
Chapter 20: Playing Music and Video . . . . . . . . . . . . . . . . . . . . . 515
Playing Digital Media and Obeying the Law ......................................................................516
Copyright Protection Issues ....................................................................................516
Exploring Codecs ....................................................................................................518
Playing Music....................................................................................................................519
Setting Up Audio Cards ..........................................................................................519
Choosing an Audio CD Player ................................................................................521
Playing CDs with gnome-cd ..........................................................................522
Playing CDs with cdp ....................................................................................524
xx
Contents
Playing Music with Rhythmbox Audio Player ................................................525
Playing Music with XMMS Multimedia Player................................................527
Using MIDI Audio Players ......................................................................................531
Performing Audio File Conversion and Compression ..............................................531
Converting Audio Files with SoX ..................................................................531
Compressing Music Files with oggenc ..........................................................534
Recording and Ripping Music ..........................................................................................534
Creating an Audio CD with cdrecord ......................................................................535
Ripping CDs with Grip ............................................................................................536
Creating CD Labels with cdlabelgen ........................................................................538
Working with TV, Video, and Digital Imaging....................................................................539
Watching TV with tvtime ........................................................................................539
Getting a Supported TV Card ........................................................................539
Running tvtime..............................................................................................540
Video Conferencing with Ekiga ..............................................................................541
Getting a Supported Webcam ........................................................................541
Opening Your Firewall for Ekiga ....................................................................542
Running GnomeMeeting................................................................................542
Watching Movies and Video ..............................................................................................543
Watching Video with xine........................................................................................544
Using xine ....................................................................................................545
Creating Playlists with Xine ..........................................................................545
Xine Tips ......................................................................................................546
Using Helix Player and RealPlayer 10 ......................................................................547
Using a Digital Camera with Gtkam and gPhoto2..............................................................548
Downloading Digital Photos with Gtkam ................................................................550
Using Your Camera as a Storage Device ..................................................................551
Summary ..........................................................................................................................552
Chapter 21: Working with Words and Images . . . . . . . . . . . . . . . . 553
Using OpenOffice.org........................................................................................................554
Other Word Processors......................................................................................................556
Using StarOffice ......................................................................................................556
Using AbiWord........................................................................................................557
Using KOffice ..........................................................................................................558
Getting Away from Windows ..................................................................................558
Using Traditional Linux Publishing Tools ..........................................................................561
Creating Documents in Groff or LaTeX..............................................................................562
Text Processing with Groff ......................................................................................563
Formatting and Printing Documents with Groff ............................................564
Creating a Man Page with Groff ....................................................................565
Creating a Letter, Memo, or White Paper with Groff ......................................567
Adding Equations, Tables, and Pictures ........................................................571
xxi
Contents
Text Processing with TeX/LaTeX ..............................................................................573
Creating and Formatting a LaTeX Document ................................................574
Using the LyX LaTeX Editor ..........................................................................575
Printing LaTeX Files ......................................................................................576
Converting Documents............................................................................................576
Building Structured Documents ..............................................................................578
Understanding SGML and XML ....................................................................578
Understanding DocBook................................................................................578
Printing Documents in Linux ............................................................................................581
Printing to the Default Printer..................................................................................582
Printing from the Shell ............................................................................................582
Checking the Print Queues......................................................................................583
Removing Print Jobs ................................................................................................583
Checking Printer Status ..........................................................................................584
Displaying Documents with ghostscript and Acrobat ........................................................584
Using the ghostscript and gv Commands ................................................................584
Using Adobe Acrobat Reader ..................................................................................585
Working with Graphics ....................................................................................................586
Manipulating Images with The GIMP ......................................................................586
Acquiring Screen Captures ......................................................................................588
Modifying Images with KPaint ................................................................................589
Using Scanners Driven by SANE ......................................................................................589
Summary ..........................................................................................................................590
Chapter 22: E-Mailing and Web Browsing . . . . . . . . . . . . . . . . . . 591
Using E-Mail ....................................................................................................................591
Choosing an E-Mail Client ......................................................................................591
Getting Here from Windows....................................................................................593
Getting Started with E-Mail ....................................................................................594
Tuning Up E-Mail ....................................................................................................595
Reading E-Mail with Thunderbird ..........................................................................596
Connecting to the Mail Server........................................................................602
Managing Incoming Mail ..............................................................................602
Composing and Sending Mail ........................................................................603
Filtering Mail and Catching Spam..................................................................604
Managing E-Mail in Evolution ................................................................................605
Receiving, Composing, and Sending E-Mail ..................................................606
Managing E-Mail with Search Folders ............................................................607
Filtering E-Mail Messages ..............................................................................608
Reading E-Mail with Mozilla Mail ............................................................................609
Working with Text-Based E-Mail Readers ................................................................609
Mutt Mail Reader ..........................................................................................609
Pine Mail Reader............................................................................................610
Mail Reader....................................................................................................610
Choosing a Web Browser ..................................................................................................610
xxii
Contents
Exploring the Mozilla Suite ..............................................................................................611
Using Firefox ....................................................................................................................612
Setting Up Firefox ..................................................................................................612
Setting Firefox Preferences ............................................................................612
Adding Plug-ins ............................................................................................615
Changing Firefox Themes ..............................................................................616
Securing Firefox ......................................................................................................618
Tips for Using Firefox ..............................................................................................619
Using Firefox Controls ............................................................................................620
Improving Firefox Browsing ....................................................................................620
Adding a Preferences Toolbar ........................................................................620
Adding Java Support......................................................................................622
Doing Cool Things with Firefox ..............................................................................622
Blocking Pop-ups ..........................................................................................622
Using Tabbed Browsing ................................................................................622
Using the DOM Inspector ..............................................................................623
Resizing the Web Page ..................................................................................623
Using Text-Based Web Browsers ........................................................................................623
Summary ..........................................................................................................................624
Chapter 23: Gaming with Linux . . . . . . . . . . . . . . . . . . . . . . . . 625
Overview of Linux Gaming ..............................................................................................625
Basic Linux Gaming Information ......................................................................................626
Where to Get Information About Linux Gaming......................................................627
Choosing a Video Card for Gaming ........................................................................628
Binary-Only Video Card Drivers ....................................................................628
Open Source Video Drivers............................................................................629
Running Open Source Linux Games..................................................................................630
GNOME Games ......................................................................................................630
KDE Games ............................................................................................................631
Getting Extra Games................................................................................................633
Chess Games ..........................................................................................................635
Freeciv ....................................................................................................................637
Beginning with Freeciv ..................................................................................639
Building Your Civilization ..............................................................................640
Exploring Your World ....................................................................................641
Using More Controls and Actions ..................................................................641
PlanetPenguin Racer (TuxRacer) ..............................................................................642
Commercial Linux Games ................................................................................................643
Getting Started with Commercial Games in Linux ..................................................643
Playing Commercial Linux Games ..........................................................................644
id Software Games ..................................................................................................645
Quake III Arena ............................................................................................645
Return to Castle Wolfenstein..........................................................................646
Playing TransGaming and Cedega Games ................................................................646
xxiii
Contents
Loki Software Game Demos ....................................................................................648
Civilization: Call to Power ............................................................................649
Myth II: Soulblighter ....................................................................................650
Heretic II ......................................................................................................650
Neverwinter Nights........................................................................................651
Summary ..........................................................................................................................651
Part V: Running Servers
653
Chapter 24: Running a Linux, Apache, MySQL, and PHP (LAMP) Server. . . 655
Components of a LAMP Server..........................................................................................656
Apache ....................................................................................................................656
MySQL ....................................................................................................................656
PHP ........................................................................................................................657
Setting Up Your LAMP Server............................................................................................658
Installing Apache ....................................................................................................658
Installing PHP..........................................................................................................659
Installing MySQL ....................................................................................................660
Operating Your LAMP Server ............................................................................................662
Editing Your Apache Configuration Files ................................................................662
Adding a Virtual Host to Apache ............................................................................664
User Content and the UserDir Setting......................................................................666
Installing a Web Application: Coppermine Photo Gallery ........................................666
Troubleshooting ................................................................................................................669
Configuration Errors................................................................................................669
Access Forbidden and Server Internal Errors ..........................................................672
Securing Your Web Traffic with SSL/TLS............................................................................673
Generating Your Keys ..............................................................................................674
Configuring Apache to Support SSL/TLS ................................................................675
Summary ..........................................................................................................................677
Chapter 25: Running a Mail Server . . . . . . . . . . . . . . . . . . . . . . 679
Internet E-Mail’s Inner Workings ......................................................................................679
About the System and the Software Used ..........................................................................681
Preparing Your System ......................................................................................................681
Configuring DNS for Direct Delivery ......................................................................682
Configuring for Retrieval from a Mail Host ..............................................................683
Installing and Configuring the Mail Server Software ..........................................................683
Installing Exim and Courier ....................................................................................684
Installing ClamAV and SpamAssassin ......................................................................685
Testing and Troubleshooting..............................................................................................688
Checking Logs ........................................................................................................688
Common Errors (and How to Fix Them) ................................................................689
Messages Rejected by Exim ............................................................................689
Messages Not Delivered by Exim ..................................................................690
Login Failures When Connecting to Courier..................................................690
xxiv
Contents
Configuring Mail Clients ..................................................................................................691
Configuring Fetchmail ............................................................................................692
Configuring Web-Based Mail ..................................................................................693
Securing Communications with SSL/TLS ..........................................................................693
Summary ..........................................................................................................................694
Chapter 26: Running a Print Server . . . . . . . . . . . . . . . . . . . . . . 695
Common UNIX Printing Service ......................................................................................696
Setting Up Printers ............................................................................................................697
Using Web-Based CUPS Administration ..................................................................697
Using the Red Hat Printer Configuration Window ..................................................700
Configuring Local Printers in Fedora ............................................................701
Configuring Remote Printers in Fedora..........................................................705
Adding a Remote CUPS Printer......................................................................705
Adding a Remote UNIX Printer......................................................................706
Adding a Windows (Samba) Printer ..............................................................706
Working with CUPS Printing ............................................................................................708
Configuring the CUPS Server (cupsd.conf)..............................................................708
Starting the CUPS Server ........................................................................................709
Configuring CUPS Printer Options Manually ..........................................................710
Using Printing Commands ................................................................................................711
Printing with lpr ......................................................................................................711
Listing Status with lpc ............................................................................................712
Removing Print Jobs with lprm................................................................................712
Configuring Print Servers ..................................................................................................713
Configuring a Shared CUPS Printer ........................................................................713
Configuring a Shared Samba Printer ........................................................................715
Understanding smb.conf for Printing ............................................................715
Setting Up SMB Clients..................................................................................715
Summary ..........................................................................................................................716
Chapter 27: Running a File Server . . . . . . . . . . . . . . . . . . . . . . . 719
Setting Up an NFS File Server ..........................................................................................720
Getting NFS ............................................................................................................722
Sharing NFS File Systems ........................................................................................722
Configuring the /etc/exports File....................................................................723
Exporting the Shared File Systems ................................................................726
Starting the nfs Daemons ..............................................................................726
Using NFS File Systems ..........................................................................................727
Manually Mounting an NFS File System ........................................................727
Automatically Mounting an NFS File System ................................................728
Using autofs to Mount NFS File Systems on Demand ....................................731
Unmounting NFS File Systems ................................................................................732
Other Cool Things to Do with NFS ........................................................................733
Setting Up a Samba File Server..........................................................................................733
xxv
Contents
Getting and Installing Samba ..................................................................................735
Configuring Samba with SWAT ..............................................................................735
Turning on the SWAT Service ........................................................................736
Starting with SWAT ......................................................................................736
Creating Global Samba Settings in SWAT ......................................................737
Configuring Shared Directories with SWAT ..................................................743
Checking Your Samba Setup with SWAT ......................................................744
Working with Samba Files and Commands ............................................................744
Editing the smb.conf File ..............................................................................744
Adding Samba Users......................................................................................746
Starting the Samba Service ............................................................................747
Testing Your Samba Permissions ....................................................................747
Checking the Status of Shared Directories......................................................747
Using Samba Shared Directories ..............................................................................747
Using Samba from Nautilus ..........................................................................747
Mounting Samba Directories in Linux............................................................748
Troubleshooting Your Samba Server ........................................................................748
Basic Networking in Place? ............................................................................748
Samba Service Running? ................................................................................749
Firewall Open? ..............................................................................................750
User Passwords Working? ..............................................................................750
Summary ..........................................................................................................................751
Part VI: Programming in Linux
753
Chapter 28: Programming Environments and Interfaces . . . . . . . . . . . 755
Understanding Programming Environments......................................................................756
Using Linux Programming Environments..........................................................................756
The Linux Development Environment ....................................................................757
The Process Model ........................................................................................758
CPU and Memory Protection ........................................................................759
The Security Model........................................................................................760
Preemptive Multitasking ................................................................................761
Multiuser by Design ......................................................................................762
Interprocess Communication ........................................................................763
The Building Blocks Philosophy ....................................................................763
Graphical Programming Environments ....................................................................765
Eclipse: The Universal Tool Platform..............................................................765
KDevelop: KDE’s IDE ....................................................................................767
Code Crusader ..............................................................................................768
The Command-Line Programming Environment ....................................................770
Linux Programming Interfaces ..........................................................................................771
Creating Command-Line Interfaces ........................................................................771
Creating Text-Mode User Interfaces with ncurses ..........................................773
Creating Text-Mode User Interfaces with S-Lang............................................776
xxvi
Contents
Creating Graphical Interfaces ..................................................................................778
Application Programming Interfaces........................................................................780
Summary ..........................................................................................................................784
Chapter 29: Programming Tools and Utilities . . . . . . . . . . . . . . . . . 785
The Well-Stocked Toolkit ..................................................................................................785
Using the GCC Compiler ..................................................................................................786
Compiling Multiple Source Code Files ....................................................................788
GCC Command-Line Options ................................................................................791
Automating Builds with make ..........................................................................................792
Library Utilities ................................................................................................................795
The nm Command ..................................................................................................796
The ar Command ....................................................................................................797
The ldd Command ..................................................................................................798
The ldconfig Command ..........................................................................................799
Environment Variables and Configuration Files ......................................................799
Source Code Control ........................................................................................................800
Source Code Control Using RCS..............................................................................800
Checking Files In and Out ............................................................................801
Making Changes to Repository Files ..............................................................802
Additional Command-Line Options ..............................................................802
Source Code Control with CVS................................................................................803
Debugging with GNU Debugger........................................................................................807
Starting GDB ..........................................................................................................808
Inspecting Code in the Debugger ............................................................................810
Examining Data ......................................................................................................811
Setting Breakpoints..................................................................................................813
Working with Source Code......................................................................................814
Summary ..........................................................................................................................815
Appendix A: Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
Appendix B: Entering the Linux Community . . . . . . . . . . . . . . . . . 827
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
GNU General Public License . . . . . . . . . . . . . . . . . . . . . . . . . 849
xxvii
I
nsert the DVD or CD that comes with this book into a PC. Within five minutes, you’ll be able
to try out Linux with a full range of desktop applications. Within an hour, you can have a fullblown Linux desktop or server system installed on your computer. If you are like most of us
who have been bitten by the Linux bug, you won’t ever look back.
Linux Bible 2007 Edition is here to open your eyes to what Linux is, where it came from, and where
it’s going. But, most of all, the book is here to hand you Linux and help you get started. Because
Linux is the operating system of free speech and free choice, Linux Bible gives you choices in selecting the Linux that is right for you.
On the DVD and CD that come with this book are 16 different Linux distributions that you are free
to install and try out. You learn how those distributions are alike or different, and the book leads
you through the basics of installing and setting up your Linux system as:
n A desktop computer—You have a full range of office, music, gaming, graphics, and
other applications to use.
n A server computer—Using some of the world’s best server software, you can set up your
computer to be a Web server, file server, mail server, or print server.
n A workstation—You can draw on thousands of open source programming tools to
develop your own software applications.
Several of the Linux distributions offered on the DVD and CD that come with this book are live
CDs that let you try a Linux distribution without installing. Some of those live CDs include features that let you install the contents of those live CDs to your hard disk. For example, you can try
out Gentoo, Ubuntu, and Mandriva as live CDs, and then install those distributions permanently to
your hard drive from icons on the desktops of those live CDs.
Unlike other books on Linux, this book doesn’t tie you to one Linux distribution. The book
teaches you the essentials of Linux graphical interfaces, shell commands, and basic system administration. Separate chapters break down many of the major Linux distributions available today.
Then descriptions of the major software projects in most Linux distributions (KDE and GNOME
desktops, Apache Web servers, Samba file and printer sharing, and so on) guide you in setting up
and using those features, regardless of which Linux you choose.
xxix
Introduction
Understanding the Linux Mystique
To calm your fears that “free” software can’t be that good, this book guides you through the strange
and circuitous path of open source software development that led to the Linux phenomenon. It
also details the major companies and organizations that are behind Linux and the open source
movement today.
Along the way, you learn how you can become part of the open source and free software communities, whose stars are known by a single name (such as Linus) or a few initials (such as rms). You’ll
find a staggering number of open source projects, forums, and mailing lists that are thriving today
(and always looking for more people to get involved).
How This Book Is Organized
Learn the basics of what goes into Linux and you will be able to use all sorts of devices and computers in the future. The book is organized in a way that enables you to start off at the very beginning with Linux, but still grow to the point where you can get going with some powerful server
and programming features, if you care to.
Part I assumes that someone has set up a Linux system in front of you. So after “Starting with
Linux” in Chapter 1, you learn the basics of how to
n Use the shell (Chapter 2)
n Work with your graphical desktop (Chapter 3)
In Part II, you learn how to
n Do basic administration (Chapter 4)
n Connect to the Internet (Chapter 5)
n Secure your Linux system (Chapter 6)
If you don’t have Linux installed yet, this book helps you out in a big way: The companion DVD
and CD include a variety of Linux distributions you can try. Part III (Chapters 7 through 19)
describes each of those distributions and how to install them.
In Part IV, you learn to get some fun and useful features going in Linux so that you can
n Play music and video (Chapter 20)
n Write documents and work with graphics (Chapter 21)
n Use Web browsers and e-mail clients (Chapter 22)
n Play games (Chapter 23)
xxx
Introduction
Linux creates powerful servers, and in Part V you learn to
n Set up a Web server using Apache, MySQL, and PHP in Linux (Chapter 24)
n Run a mail server (Chapter 25)
n Share printers with a CUPS print server (Chapter 26)
n Share files with a Samba or NFS file server (Chapter 27)
If you are coming to Linux for its programming environment, Part VI provides chapters that
describe
n Programming environments and interfaces (Chapter 28)
n Programming tools and utilities (Chapter 29)
In addition, Appendix A tells you what’s on the DVD and CD, how to install from the DVD or CD,
and how to burn additional installation CDs from the software that comes with this book.
Appendix B helps get you “plugged in” to the Linux community.
What You Will Get from This Book
By the time you finish this book, you’ll have a good basic understanding of many of the major features in Linux and how you can use them. If you decide then that you want to go a bit deeper into
any Red Hat Linux distribution, Fedora 6 and Enterprise Linux Bible is a good next step, with content that includes how to set up many different types of Linux servers. If you are more technically
oriented, Linux Troubleshooting Bible (Wiley, 2004) can be a good way to learn more advanced skills
for securing and troubleshooting Linux systems. If you are looking for some fun, try out some projects with an old PC and free software from Linux Toys II (Wiley, 2005).
xxxi
Linux First Steps
IN THIS PART
Chapter 1
Starting with Linux
Chapter 2
Running Commands from the Shell
Chapter 3
Getting into the Desktop
Starting with Linux
I
n the last quarter of 2006, the world’s largest commercial software makers publicly acknowledged what many free and open source software
proponents have known for a while: Linux is a force to be reckoned
with. Although the results of the following announcements from Oracle and
Microsoft regarding Linux are still playing out, they reinforce the contention
that Linux is taking the world by storm:
n Oracle’s Unbreakable Linux — With Red Hat Enterprise Linux
products growing in popularity, and the expansion of Red Hat
products (from Red Hat’s purchase of JBoss) into Oracle’s territory
of middleware software, Oracle decided to offer its own Linux system. Unbreakable Linux is a rebuild of Red Hat Enterprise Linux,
and Oracle now offers tech support for it at prices that undercut
Red Hat’s price schedule.
n Microsoft’s alliance with Novell — An alliance between Microsoft
and Novell (maker of SUSE Linux) was formed to have the two
companies collaborate more closely to build, support, and market
Microsoft and Novell products so they work better together. The
agreement includes assurances from Microsoft and Novell that they
will not exercise patent claims against each other’s customers.
However, Microsoft put a stake in the ground, stating that anyone
developing for or using Linux that isn’t paying Microsoft for the
privilege (by contributing only to SUSE) “has an undisclosed balance sheet liability,” to Microsoft, according to Microsoft President
Steve Ballmer (http://www.computerworld.com/action/
article.do?command=viewArticleBasic&articleId=
9005171&source=NLT_AM&nlid=1).
3
IN THIS CHAPTER
Understanding Linux
Using Linux
Linux myths, legends, and FUD
Part I
Linux First Steps
Suddenly the Linux system that was once relegated to a small band of geeks and computer enthusiasts became the prime focus of the commercial software industry. The free and open source software (FOSS) development model that espoused sharing, freedom, and openness was beginning to
look like an approach that could threaten the market share of the world’s largest commercial software vendors.
While software industry heavy hitters have focused on commercial Linux distributions such as Red
Hat, the FOSS community that builds the pieces that make up Linux systems has made strides in
other software technology as well. Open source has help fuel ports of Linux to everything from
handheld Linux devices (see www.linuxdevices.com) to super computers (see www.cray.
com/products). From desktop to server features to application programming tools, Linux has
become a formidable operating system across a variety of businesses and applications.
What were once weak components of Linux, such as easy-to-use desktops and personal productivity applications, have improved at a rapid pace. In areas of security, usability, connectivity, and network services, Linux has continued to improve and outshine the competition.
So, if you have been waiting to try Linux because you thought it was just for geeks, too hard to
use, and inaccessible to the average person, you can think again. Judging from the actions of the
worlds biggest proprietary computer software makers, Linux is ready for you.
Let this book help you grab your first look at the distributions, applications, services, and community that make up the phenomenon that has become Linux.
Taking Your First Step
In your hands, you have 16 Linux distributions (on CD and DVD), thousands of applications, and
descriptions for getting it all running on your own computer. For you right now, the worldwide
Linux phenomenon is just a reboot away.
Linux Bible 2007 Edition brings you into the world of free and open source software that, through
some strange twists and turns, has fallen most publicly under the “Linux” banner. Through
descriptions and procedures, this book helps you:
n Understand what Linux is, who “owns” it, and where it comes from
n Sort through the various distributions of Linux to choose one (or more) that is right for
you (you get several on this book’s CD and DVD, and Linux is all about choice too!)
n Try out Linux as a desktop computer, server computer, or programmer’s workstation
n Become connected to the open source software movement, as well as many separate highquality software projects that are included with Linux
Whether you are using Linux for the first time or just want to try out a new Linux distribution,
Linux Bible 2007 Edition is your guide to using Linux and the latest open source technology. While
4
Starting with Linux
different Linux distributions vary in the exact software they include, this book describes the most
popular software available for Linux to:
n Manage your desktop (menus, icons, windows, and so on)
n Listen to music and watch video
n Use word processor, spreadsheet, and other office productivity applications
n Browse the Web and send e-mail
n Play games
n Find thousands of other open source software packages you can get for free
Because most Linux distributions also include features that let them act as servers (in fact, that’s
one of the things Linux has always been best at), you’ll also learn about software available for
Linux that lets you do the following:
n Connect to the Internet or other network
n Use Linux as a firewall, router, and DHCP server to protect and manage your private
network
n Run a Web server (using Apache, MySQL, and PHP)
n Run a mail server (using exim or other mail transfer agent)
n Run a print server (using Samba or CUPS)
n Run a file server (using FTP or Samba)
n Use the exact same enterprise-quality software used by major corporations (such as
Google and Amazon.com), universities, and businesses of all sizes.
This book guides you through the basics of getting started with the Linux features just mentioned,
plus many more features that I’ll get to later. You’ll go through the following basic steps:
1. Understanding Linux. You need to know where Linux came from, how it is developed,
and how it’s ultimately packaged. This chapter describes the UNIX heritage on which
Linux was founded, the free and open source software development efforts underway, and
the organizations and individuals that package and produce Linux distributions.
2. Trying Linux. In the past, an impediment to trying Linux was getting it installed on a
computer that was devoted solely to Microsoft Windows. With bootable Linux systems
such as KNOPPIX (and others included with this book), you can boot a fully functioning
Linux from DVD, CD, or floppy disk without disturbing the current contents of your
computer.
3. Installing Linux. You can install a fully functioning Linux system permanently on your
hard disk. Disk space required varies from a few hundred megabytes for a minimal installation to 6 gigabytes for a full range of desktop, server, and programming features.
Chapters in Part III, “Choosing and Installing a Linux Distribution,” describe how to
install several different Linux distributions.
5
1
Part I
Linux First Steps
4. Using Linux. You won’t know if Linux can be used to replace your current desktop or
server system until you start using it. This book helps you try OpenOffice.org software to
write documents, create spreadsheets, and build presentations. It describes xmms and
mplayer for playing your music and video content, respectively, and covers some of the
best Linux tools available for Web browsing (for example, Firefox, Seamonkey and
Konqueror) and managing your e-mail (such as Evolution and Thunderbird).
5. Configuring Linux. Linux works very well as a desktop system, and it can also be configured to act as a router, a firewall, and a variety of server types. While there are some
excellent graphical tools for administering Linux systems, most Linux administrators edit
configuration files and run commands to configure Linux. Part II, “Running the Show,”
contains basic information for administering Linux, and Part V, “Running Servers,” discusses procedures for setting up various types of servers.
Once you’ve been through the book, you should be proficient enough to track down your more
advanced questions through the volumes of man pages, FAQs, HOW-TOs, and forums that cover
different aspects of the Linux operating system.
Starting Right Now
Now that you have read a few pages, if you are impatient to get started, insert the DVD or CD that
come with this book into the appropriate drive on your PC and reboot. When you see the boot
screen, press Enter. When the DVD or CD boots, the following happens, respectively:
n KNOPPIX starts up. A fully-functional KNOPPIX desktop Linux system will boot directly
from the DVD. From that Linux system, you can do everything you’d expect to do from a
modern desktop computing system: write documents, play music, communicate over the
Internet, work with images, and so on. If you have a wired Ethernet connection that
connects to the Internet when you started up Windows, most likely it will also connect
automatically when KNOPPIX starts.
n Damn Small Linux starts up. This small, amazing desktop-oriented Linux system starts
up directly from the CD that comes with this book. Besides being expandable and adaptable, DSL runs on everything from low-end PCs to powerful workstation hardware while
being small enough to fit on a mini CD (only about 50MB in size).
Now that you have seen some examples of what Linux can be, read on to see what Linux is and
where it came from.
Understanding Linux
People who don’t know what Linux is sometimes ask me if it’s a program that runs on Microsoft
Windows. When I tell them that Linux is, itself, an operating system like Windows and that they
can remove (or never purchase) Windows, I sometimes get a surprised reaction: “A PC can run
with nothing from Microsoft on it?” The answer is yes!
6
Starting with Linux
The next question about Linux is often: “How can Linux be free?” While the full answer to that is a
bit longer (and covered later), the short answer is: “Because the people who write the code license
it to be freely distributed.” Keep in mind, however, that the critical issue relating to the word “free”
is “freedom,” meaning that you are free to rebuild, reuse, reconfigure, and otherwise do what you
like with the code. The only major responsibility is that if you change the software, you pass it
forward so that others may benefit from your work as well.
Linux is a full-blown operating system that is a free clone of the powerful and stable UNIX operating system. Start your computer with Linux, and Linux takes care of the operation of your PC and
manages the following aspects of your computer:
n Processor — Because Linux can run many processes from many different users at the
same time (even with multiple CPUs on the same machine), Linux needs to be able to
manage those processes. The Linux scheduler sets the priorities for running tasks and
manages which processes run on which CPUs (if multiple processors are present). The
scheduler can be tuned differently for different types of Linux systems. If it’s tuned properly, the most important processes get the quickest responses from the processor. For
example, a Linux scheduler on a desktop system gives higher priority to things such as
moving a window on the desktop than it does to a background file transfer.
n Memory — Linux tries to keep processes with the most immediate need in RAM, while
managing how processes that exceed the available memory are moved to swap space. Swap
space is a defined area on your hard disk that’s used to handle the overflow of running
processes and data. When RAM is full, processes are placed in swap space. When swap
space is full (something that you don’t want to happen), new processes can’t start up.
n Devices — Linux supports thousands of hardware devices, yet keeps the kernel a manageable size by including only a small set of drivers in the active kernel. Using loadable
modules, the kernel can add support for other hardware as needed. Modules can be
loaded and unloaded on demand, as hardware is added and removed. (The kernel,
described in detail a bit later on, is the heart of a Linux operating system.)
n File systems — File systems provide the structure in which files are stored on hard disk,
CD, DVD, floppy disks, or other media. Linux knows about different file system types
(such as Linux ext3 and reiserfs file systems, or VFAT and NTFS from Windows systems)
and how to manage them.
n Security — Like UNIX, Linux was built from the ground up to enable multiple users to
access the system simultaneously. To protect each user’s resources, every file, directory,
and application is assigned sets of read, write, and execute permissions that define who
can access them. In a standard Linux system, the root user has access to the entire system,
some special logins have access to control particular services (such as Apache for Web
services), and users can be assigned permission individually or in groups. Recent features
such as Security Enhanced Linux enable more refined tuning and protection in highly
secure computing environments.
What I have just described are components that are primarily managed by what is referred to as
the Linux kernel. In fact, the Linux kernel (which was created and is still maintained by Linus
7
1
Part I
Linux First Steps
Torvalds) is what gives Linux its name. The kernel is the software that starts up when you boot
your computer and interfaces with the programs you use so they can communicate effectively and
simply with your computer hardware.
Components such as administrative commands and applications from other free and open source
software projects work with the kernel to make Linux a complete operating system. The GNU project, in particular, contributed many implementations of standard UNIX components that are now
in Linux. Apache, KDE, GNOME, and other major open source projects in Linux, discussed a bit
later, have also contributed to the success of Linux. Those other projects added such things as:
n Graphical user interfaces (GUIs) — Consisting of a graphical framework (typically the
X Window System), window managers, panels, icons, and menus. GUIs enable you to
use Linux with a keyboard and mouse combination, instead of just typing commands
(as was done in the old days).
n Administrative utilities — Including hundreds (perhaps thousands) of commands and
graphical windows to do such things as add users, manage disks, monitor the network,
install software, and generally secure and manage your computer.
n Applications — Although no Linux distribution includes all of them, there are literally
thousands of games, office productivity tools, Web browsers, chat windows, multimedia
players, and other applications available for Linux.
n Programming tools — Including programming utilities for creating applications and
libraries for implementing specialty interfaces.
n Server features — Enabling you to offer services from your Linux computer to another
computer on the network. In other words, while Linux includes Web browsers to view
Web pages, it can also be the computer that serves up Web pages to others. Popular
server features include Web, mail, database, printer, file, DNS, and DHCP servers.
Once Linus Torvalds and friends had a working Linux kernel, pulling together a complete open
source operating system was possible because so much of the available “free” software was:
n Covered by the GNU Public License (GPL) or similar license — That allowed the
entire operating system to be freely distributed, provided guidelines were followed relating to how the source code for that software was made available going forward (see
http://www.gnu.org/licenses/gpl.html).
n Based on UNIX-like systems — Clones of virtually all the other user-level components
of a UNIX system had been created. Those and other utilities and applications were built
to run on UNIX or other UNIX-like systems.
Linux has become one of the most popular culminations of the open source software movement.
But the traditions of sharing code and building communities that made Linux possible started
years before Linux was born. You could argue that it began in a comfortable think tank known as
Bell Laboratories.
8
Starting with Linux
Exploring Linux History
Some histories of Linux begin with this message posted by Linus Torvalds to the comp.os.minix
newsgroup on August 25, 1991:
Hello everybody out there using minix I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu)
for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d
like any feedback on things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons) among other things) . .
. Any suggestions are welcome, but I won’t promise I’ll implement them :-)
Linus ([email protected])
PS. Yes — it’s free of any minix code, and it has a multi-threaded fs. It is NOT
protable[sic] (uses 386 task switching etc), and it probably never will support anything
other than AT-harddisks, as that’s all I have :-(.
Reprinted from Linux International Web site
(www.li.org/linuxhistory.php)
Minix was a UNIX-like operating system that ran on PCs in the early 1990s. Like Minix, Linux was
also a clone of the UNIX operating system.
NOTE
For a good way to learn more about how Linux was created, pick up the book: “Just For
Fun: The Story of an Accidental Revolutionary” by Linus Torvalds (2001, Harper Collins
Publishing).
To truly appreciate how a free operating system could have been modeled after a proprietary system from AT&T Bell Laboratories, it helps to understand the culture in which UNIX was created
and the chain of events that made the essence of UNIX possible to reproduce freely.
From a Free-Flowing UNIX Culture at Bell Labs
From the very beginning, the UNIX operating system was created and nurtured in a communal
environment. Its creation was not driven by market needs, but by a desire to overcome impediments to producing programs. AT&T, which owned the UNIX trademark originally, eventually
made UNIX into a commercial product, but by that time, many of the concepts (and even much of
the early code) that made UNIX special had fallen into the public domain.
If you are under 30 years old, you may not remember a time when AT&T was “the” phone company.
Up until the early 1980s, AT&T didn’t have to think much about competition, because if you wanted
a phone in the United States, you had to go to AT&T. It had the luxury of funding pure research projects. The Mecca for such projects was the Bell Laboratories site in Murray Hill, New Jersey.
After the failure of a project called Multics in around 1969, Bell Labs employees Ken Thompson
and Dennis Ritchie set off on their own to create an operating system that would offer an improved
9
1
Part I
Linux First Steps
environment for developing software. Up to that time, most programs were written on punch cards
that had to be fed in batches to mainframe computers. In a 1980 lecture on “The Evolution of the
UNIX Time-sharing System,” Dennis Ritchie summed up the spirit that started UNIX:
What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form. We knew from experience
that the essence of communal computing as supplied by remote-access, time-shared
machines is not just to type programs into a terminal instead of a keypunch, but to
encourage close communication.
The simplicity and power of the UNIX design began breaking down barriers that impeded software
developers. The foundation of UNIX was set with several key elements:
n The UNIX file system — After creating the structure that allowed levels of subdirectories
(which, for today’s desktop users, looks like folders inside of folders), UNIX could be
used to organize the files and directories in intuitive ways. Furthermore, complex methods of accessing disks, tapes, and other devices were greatly simplified by representing
those devices as individual device files that you could also access as items in a directory.
n Input/output redirection — Early UNIX systems also included input redirection and
pipes. From a command line, UNIX users could direct the output of a command to a file
using a right arrow key (>). Later, the concept of pipes was added (|) where the output
of one command could be directed to the input of another command. For example, the
command line
$ cat file1 file2 | sort | pr | lpr
concatenates (cat) file1 and file2, sorts (sort) the lines in those files alphabetically, paginates the sorted text for printing (pr), and directs the output to the computer’s default
printer (lpr). This method of directing input and output enabled developers to create
their own specialized utilities that could be joined together with existing utilities. This
modularity made it possible for lots of code to be developed by lots of different people.
n Portability — Much of the early work in simplifying the experience of using UNIX led
to its also becoming extraordinarily portable to run on different computers. By having
device drivers (represented by files in the file system tree), UNIX could present an interface to applications in such a way that the programs didn’t have to know about the
details of the underlying hardware. To later port UNIX to another system, developers
had only to change the drivers. The applications program didn’t have to change for different hardware!
To make the concept of portability a reality, however, a high-level programming language
was needed to implement the software needed. To that end, Brian Kernighan and Dennis
Ritchie created the C programming language. In 1973, UNIX was rewritten in C. Today, C
is still the primary language used to create the UNIX (and Linux) operating system
kernels.
10
Starting with Linux
As Ritchie went on to say in his 1980 lecture:
Today, the only important UNIX program still written in assembler is the assembler itself;
virtually all the utility programs are in C, and so are most of the applications programs,
although there are sites with many in Fortran, Pascal, and Algol 68 as well. It seems certain that much of the success of UNIX follows from the readability, modifiability, and
portability of its software that in turn follows from its expression in high-level languages.
If you are a Linux enthusiast and are interested in what features from the early days of Linux have
survived, an interesting read is Dennis Ritchie’s reprint of the first UNIX programmer’s manual (dated
November 3, 1971). You can find it at Dennis Ritchie’s Web site: http://cm.bell-labs.com/
cm/cs/who/dmr/1stEdman.html. The form of this documentation is UNIX man pages — which
is still the primary format for documenting UNIX and Linux operating system commands and programming tools today.
What’s clear as you read through the early documentation and accounts of the UNIX system is that
the development was a free-flowing process, lacked ego, and was dedicated to making UNIX excellent. This process led to a sharing of code (both inside and outside of Bell Labs) that allowed rapid
development of a high-quality UNIX operating system. It also led to an operating system that
AT&T would find difficult to reel back in later.
To a Commercialized UNIX
Before AT&T divestiture in 1984, when it was split up into AT&T and seven “baby Bell” companies, AT&T was forbidden to sell computer systems. Companies you now know by names such as
Verizon, Qwest, SBC Communications, and Lucent Technologies were all part of AT&T. As a result
of AT&T’s monopoly of the telephone system, the U.S. government was concerned that an unrestricted AT&T might dominate the fledgling computer industry.
Because AT&T was restricted from selling computers directly to customers before its divestiture,
UNIX source code was licensed to universities for a nominal fee. There was no UNIX operating
system for sale from AT&T that you didn’t have to compile yourself.
BSD Arrives
In 1975, UNIX V6 became the first version of UNIX available for widespread use outside of Bell
Laboratories. From this early UNIX source code, the first major variant of UNIX was created at
University of California at Berkeley. It was named the Berkeley Software Distribution (BSD).
For most of the next decade, the BSD and Bell Labs versions of UNIX headed off in separate directions. BSD continued forward in the free-flowing, share-the-code manner that was the hallmark of
the early Bell Labs UNIX, while AT&T started steering UNIX toward commercialization. With the
formation of a separate UNIX Laboratory, which moved out of Murray Hill and down the road to
Summit, New Jersey, AT&T began its attempts to commercialize UNIX. By 1984, divestiture was
behind AT&T and it was ready to really start selling UNIX.
11
1
Part I
Linux First Steps
UNIX Laboratory and Commercialization
The UNIX Laboratory was considered a jewel that couldn’t quite find a home or a way to make a
profit. As it moved between Bell Laboratories and other areas of AT&T, its name changed several
times. It is probably best remembered by its last name, which it had as it began its spin-off from
AT&T: UNIX System Laboratories (USL).
The UNIX source code that came out of USL, the legacy of which is now owned by Santa Cruz
Operation (SCO), has been used as the basis for ever-dwindling lawsuits by SCO against major
Linux vendors (such as IBM and Red Hat, Inc.). Because of that, I think the efforts from USL that
have contributed to the success of Linux are sometimes disrespected.
You have to remember that, during the 1980s, many computer companies were afraid that a newly
divested AT&T would pose more of a threat to controlling the computer industry than would an
upstart company in Redmond, Washington. To calm the fears of IBM, Intel, DEC, and others computer companies, the UNIX Lab made the following commitments to ensure a level playing field:
n Source code only — Instead of producing their own boxed set of UNIX, AT&T continued to sell only source code and to make it available equally to all licensees. Each company would then port UNIX to its own equipment. It wasn’t until about 1992, when the
lab was spun off as a joint venture with Novell (called Univel), and then eventually sold
to Novell, that a commercial boxed set of UNIX (called UnixWare) was produced directly
from that source code.
n Published interfaces — To create an environment of fairness and community to its
OEMs (original equipment manufacturers), AT&T began standardizing what different
ports of UNIX had to be able to do to still be called UNIX. To that end, Portable
Operating System Interface (POSIX) standards and the AT&T UNIX System V Interface
Definition (SVID) were specifications UNIX vendors could use to create compliant UNIX
systems. Those same documents also served as road maps for the creation of Linux.
In an early e-mail newsgroup post, Linus Torvalds made a request for a copy, preferably
online, of the POSIX standard. I think that nobody from AT&T expected someone to
actually be able to write their own clone of UNIX from those interfaces, without using any of its
UNIX source code.
NOTE
n Technical approach — Again, until the very end of USL, most decisions on the direction
of UNIX were made based on technical considerations. Management was promoted up
through the technical ranks and to my knowledge there was never any talk of writing software to break other companies’ software or otherwise restrict the success of USL’s partners.
When USL eventually started taking on marketing experts and creating a desktop UNIX product
for end users, Microsoft Windows already had a firm grasp on the desktop market. Also, because
the direction of UNIX had always been toward source-code licensing destined for large computing
systems, USL had pricing difficulties for its products. For example, on software it was including
with UNIX, USL found itself having to pay out per-computer licensing fees that were based on
$100,000 mainframes instead of $2,000 PCs. Add to that the fact that no application programs
were available with UnixWare, and you can see why the endeavor failed.
12
Starting with Linux
Successful marketing of UNIX systems at the time, however, was happening with other computer
companies. SCO had found a niche market, primarily selling PC versions of UNIX running dumb
terminals in small offices. Sun Microsystems was selling lots of UNIX workstations (originally
based on BSD but merged with UNIX in SVR4) for programmers and high-end technology
applications (such as stock trading).
Other commercial UNIXes were also emerging by the 1980s as well. This new ownership assertion
of UNIX was beginning to take its toll on the spirit of open contributions. Lawsuits were being initiated to protect UNIX source code and trademarks. In 1984, this new, restrictive UNIX gave rise to
an organization that eventually led a path to Linux: the Free Software Foundation.
To a GNU Free-Flowing (not) UNIX
In 1984, Richard M. Stallman started the GNU project (www.gnu.org), recursively named by the
phrase GNU is Not UNIX. As a project of the Free Software Foundation (FSF), GNU was intended
to become a recoding of the entire UNIX operating system that could be freely distributed. The
GNU Project page (www.gnu.org/tnu/thegnuproject.html) tells the story of how the
project came about in Stallman’s own words.
While rewriting millions of lines of code might seem daunting for one or two people, spreading the
effort across dozens or even hundreds of programmers made the project possible. It turned out that
not only could the same results be gained by all new code, but that in some cases that code was
better than the original UNIX versions. Because everyone could see the code being produced for
the project, poorly written code could be corrected quickly or replaced over time.
If you are familiar with UNIX, try searching the more than 3,400 GNU software packages for your
favorite UNIX command from the Free Software Directory (http://directory.fsf.org/GNU).
Chances are you will find it there, along with many, many other software projects available as add-ons.
Over time, the term free software has been mostly replaced by the term open source software. As a
nod to both the two camps, however, some people use the term Free and Open Source Software
(FOSS) instead. An underlying principle of FOSS, however, is that, while you are free to use the
software as you like, you have some responsibility to make the improvements you make to the
code available to others. In that way, everyone in the community can benefit from your work as
you have benefited from the work of others.
To clearly define how open source software should be handled, the GNU software project created
the GNU Public License (you can read the GPL in its entirety at the end of this book). While many
other software licenses cover slightly different approaches to protecting free software, the GPL is
perhaps the most well known — and it’s the one that covers the Linux kernel itself. Basic features
of the GNU Public License include:
n Author rights — The original author retains the rights to his or her software.
n Free distribution — People can use the GNU software in their own software, changing
and redistributing it as they please. They do, however, have to include the source code
with their distribution (or make it easily available).
13
1
Part I
Linux First Steps
n Copyright maintained — Even if you were to repackage and resell the software, the original GNU agreement must be maintained with the software, which means all future recipients of the software have the opportunity to change the source code, just as you did.
There is no warranty on GNU software. If something goes wrong, the original developer of the software has no obligation to fix the problem. However, there are many organizations, big and small,
that offer paid support packages for the software when it is included in their Linux or other open
source software distribution. (See the OSI Open Source Definition later in this chapter for a more
detailed definition of open source software.)
Despite its success producing thousands of UNIX utilities, the GNU project itself failed to produce
one critical piece of code: the kernel. Its attempts to build an open source kernel with the GNU
Hurd project (www.gnu.org/software/hurd) were unsuccessful.
BSD Loses Some Steam
The one software project that had a chance of beating out Linux to be the premier open source
software project was the venerable old BSD project. By the late 1980s, BSD developers at UC
Berkeley realized that they had already rewritten most of the UNIX source code they had received a
decade earlier.
In 1989, University of California (UC) Berkeley distributed its own UNIX-like code as Net/1 and
later (in 1991) as Net/2. Just as UC Berkeley was preparing a complete, UNIX-like operating system that was free from all AT&T code, AT&T hit them with a lawsuit in 1992. The suit claimed
that the software was written using trade secrets taken from AT&T’s UNIX system.
It’s important to note here that BSD developers had completely rewritten the copyright-protected
code from AT&T. Copyright was the primary means AT&T used to protect its rights to the UNIX
code. Some believe that if AT&T had patented the concepts covered in that code, there might not
be a Linux (or any UNIX clone) operating system today.
The lawsuit was dropped when Novell bought UNIX System Laboratories from AT&T in 1994.
But, during that critical time period, there was enough fear and doubt about the legality of the BSD
code that the momentum BSD had gained to that point in the fledgling open source community
was lost. Many people started looking for another open source alternative. The time was ripe for a
college student from Finland who was working on his own kernel.
Today, BSD versions are available from three projects: FreeBSD, NetBSD, and OpenBSD.
People generally characterize FreeBSD as the easiest to use, NetBSD as available on the
most computer hardware platforms, and OpenBSD as fanatically secure. Many security-minded individuals still prefer BSD over Linux.
NOTE
Linus Builds the Missing Piece
Linus Torvalds started work on Linux in 1991, while he was a student at the University of
Helsinki, Finland. He wanted to create a UNIX-like kernel so that he could use the same kind of
operating system on his home PC that he used at school. At the time, Linus was using Minix, but
he wanted to go beyond what the Minix standards permitted.
14
Starting with Linux
As noted earlier, Linus announced the first public version of the Linux kernel to the comp.os.minix
newsgroup on August 25, 1991, although Linus guesses that the first version didn’t actually come
out until mid-September of that year (see the Linux International Web site’s Linux History page:
www.li.org/linuxhistory.php).
Although Torvalds stated that Linux was written for the 386 processor and probably wasn’t portable,
others persisted in encouraging (and contributing to) a more portable approach in the early versions
of Linux. By October 5, Linux 0.02 was released with much of the original assembly code rewritten
in the C programming language, which made it possible to start porting it to other machines.
The Linux kernel was the last — and the most important — piece of code that was needed to complete a whole UNIX-like operating system under the GPL. So, when people started putting together
distributions, the name Linux and not GNU is what stuck. Some distributions such as Debian,
however, refer to themselves as GNU/Linux distributions. (Not including GNU in the title or subtitle of a Linux operating system is also a matter of much public grumbling of some members of
the GNU project. See www.gnu.org.)
Within the next few years, commercial and non-commercial Linux distributions began to emerge.
MCC Interim Linux (ftp.mcc.ac.uk/pub/linux/distributions/MCC) was released in
the U.K. in February, 1992. Slackware Linux (described in Chapter 14), which was first released in
April, 1993, is one of the oldest surviving Linux distributions.
Today, Linux can be described as an open source UNIX-like operating system that reflects a combination of SVID, POSIX, and BSD compliance. Linux continues to aim toward compliance with
POSIX as well as with standards set by the new owner of the UNIX trademark, The Open Group
(www.unix-systems.org).
The non-profit Open Source Development Labs (www.osdl.org), which employs Linus Torvalds,
manages the direction today of Linux development efforts. Its sponsors list is like a Who’s Who of
commercial Linux vendors, including IBM, Red Hat, SUSE (Novell), VA Software, HP, Dell,
Computer Associates, Intel, Cisco Systems, and others. OSDL’s primary charter is to accelerate the
growth of Linux in telecommunications and data centers.
Although much of the thrust of corporate Linux efforts is on corporate, enterprise computing, huge
improvements are continuing in the desktop arena as well. The KDE and GNOME desktop environments continuously improve the Linux experience for casual users. Major efforts are underway
to offer critical pieces of desktop components that are still not available in open source versions,
including multimedia software and office productivity applications.
Linus continues to maintain and improve the Linux kernel.
To get more detailed histories of Linux, I recommend visiting the LWN.net site. LWN.net
has kept a detailed Linux timeline from 1998 to the present day. For example, the 2003
timeline is available at http://lwn.net/Articles/Timeline2003. Another good resource is
the book Open Sources: Voices from the Open Source Revolution (O’Reilly). The whole first edition
(published in 1999) is available online (www.oreilly.com/catalog/opensources/book/
toc.html).
NOTE
15
1
Part I
Linux First Steps
What’s So Great About Linux?
Leveraging work done on UNIX and GNU projects helped to get Linux up and running quickly.
The culture of sharing in the open source community and adoption of a wide array of tools for
communicating on the Internet have helped Linux to move quickly through infancy and adolescence to become a mature operating system.
The simple commitment to share code is probably the single most powerful contributor to the
growth of the open source software movement in general, and Linux in particular. That commitment has also encouraged involvement from the kind of people who are willing to contribute back
to that community in all kinds of ways. The willingness of Linus to incorporate code from others in
the Linux kernel has also been critical to the success of Linux.
The following sections characterize Linux and the communities that support it.
Features in Linux
If you have not used Linux before, you should expect a few things to be different from using other
operating systems. Here is a brief list of some Linux features that you might find cool:
n No constant rebooting — Uptime is valued as a matter of pride (remember, Linux and
other UNIX systems are most often used as servers, which are expected to, and do, stay
up 24/7/365). After the original installation, you can install or remove most software
without having to reboot your computer.
n Start/stop services without interrupting others — You can start and stop individual
services (such as Web, file, and e-mail services) without rebooting or even interrupting
the work of any other users or features of the computer. In other words, you should not
have to reboot your computer every time someone sneezes. (Installing a new kernel is
just about the only reason you need to reboot.)
n Portable software — You can usually change to another Linux, UNIX, or BSD system
and still use the exact same software! Most open source software projects were created to
run on any UNIX-like system and many also run on Windows systems, if you need them
to. If it won’t run where you want it to, chances are that you, or someone you hire, can
port it to the computer you want. (Porting refers to modifying an application or driver so
it works in a different computer architecture or operating system.)
n Downloadable applications — If the applications you want are not delivered with your
version of Linux, you can often download and install them with a single command, using
tools such as apt, urpmi and yum.
n No settings hidden in code or registries — Once you learn your way around Linux,
you’ll find that (given the right permissions on your computer) most configuration is
done in plain text files that are easy to find and change. Because Linux is based on openness, nothing is hidden from you. Even the source code, for GPL-covered software, is
available for your review.
16
Starting with Linux
n Mature desktop — The X Window System (providing the framework for your Linux
desktop) has been around longer than Microsoft Windows. The KDE and GNOME desktop environments provide graphical interfaces (windows, menus, icons, and so forth) that
rival those on Microsoft systems. Ease-of-use problems with Linux systems are rapidly
evaporating.
n Freedom — Linux, in its most basic form, has no corporate agenda or bottom line to
meet. You are free to choose the Linux distribution that suits you, look at the code that
runs the system, add and remove any software you like, and make your computer do
what you want it to do. Linux runs on everything from supercomputers, to cell phones,
and everything in between. Many countries are rediscovering their freedom of choice and
making the switch at government and educational levels. France, Germany, Korea, and
India are just a few that have taken notice of Linux. The list continues to grow.
There are some aspects of Linux that make it hard for some new users to get started. One is that
Linux is typically set up to be secure by default, so you need to adjust to using an administrative
login (root) to make most changes that affect the whole computer system. Although this can be a
bit inconvenient, trust me, it makes your computer safer than just letting anyone do anything. This
model was built around a true multi-user system. You can set up logins for everyone that uses your
Linux computer, and you (and others) can customize your environment however you see fit without affecting anyone else’s settings.
For the same reason, many services are off by default, so you need to turn them on and do at least
minimal configuration to get them going. For someone who is used to Windows, Linux can be difficult just because it is different than Windows. But because you’re reading this book, I assume you
want to learn about those differences.
OSI Open Source Definition
For software developers, Linux provides a platform that lets them change the operating system as
they like and get a wide range of help creating the applications they need. One of the watchdogs of
the open source movement is the Open Source Initiative (www.opensource.org). This is how
the OSI Web site describes open source software:
The basic idea behind open source is very simple: When programmers can read, redistribute, and modify the source code for a piece of software, the software evolves. People
improve it, people adapt it, and people fix bugs. And this can happen at a speed that, if
one is used to the slow pace of conventional software development, seems astonishing.
We in the open source community have learned that this rapid evolutionary process
produces better software than the traditional closed model, in which only a very few
programmers can see the source and everybody else must blindly use an opaque
block of bits.
17
1
Part I
Linux First Steps
While the primary goal of open source software is to make source code available, other goals are
also defined by OSI in its Open Source Definition. Most of the following rules for acceptable open
source licenses are to protect the freedom and integrity of the open source code:
n Free distribution — An open source license can’t require a fee from anyone who resells
the software.
n Source code — The source code has to be included with the software and not be
restricted from being redistributed.
n Derived works — The license must allow modification and redistribution of the code
under the same terms.
n Integrity of the author’s source code — The license may require that those who use the
source code remove the original project’s name or version if they change the source code.
n No discrimination against persons or groups — The license must allow all people to be
equally eligible to use the source code.
n No discrimination against fields of endeavor — The license can’t restrict a project from
using the source code because it is commercial or because it is associated with a field of
endeavor that the software provider doesn’t like.
n Distribution of license — No additional license should be needed to use and redistribute the software.
n License must not be specific to a product — The license can’t restrict the source code
to a particular software distribution.
n License must not restrict other software — The license can’t prevent someone from
including the open source software on the same medium as non–open source software.
n License must be technology-neutral — The license can’t restrict methods in which the
source code can be redistributed.
Open source licenses used by software development projects must meet these criteria to be accepted
as open source software by OSI. More than 40 different licenses are accepted by OSI to be used to
label software as “OSI Certified Open Source Software.” In addition to the GPL, other popular OSIapproved licenses include:
n LGPL — The GNU Lesser General Public License (LGPL) is a license that is often used for
distributing libraries that other application programs depend upon.
n BSD — The Berkeley Software Distribution License allows redistribution of source code,
with the requirement that the source code keep the BSD copyright notice and not use the
names of contributors to endorse or promote derived software without written permission.
n MIT — The MIT license is like the BSD license, except that it doesn’t include the endorsement and promotion requirement.
18
Starting with Linux
n Mozilla — The Mozilla license covers use and redistribution of source code associated
with the Mozilla Web browser and related software. It is a much longer license than the
others just mentioned because it contains more definitions of how contributors and those
reusing the source code should behave. This includes submitting a file of changes when
submitting modifications and that those making their own additions to the code for redistribution should be aware of patent issues or other restrictions associated with their code.
The end result of open source code is software that has more flexibility to grow and fewer boundaries in how it can be used. Many believe that the fact that many people look over the source code
for a project will result in higher quality software for everyone. As open source advocate Eric S.
Raymond says in an often-quoted line, “Many eyes make all bugs shallow.”
Vibrant Communities
Communities of professionals and enthusiasts have grown around Linux and its related open
source projects. Many have shown themselves willing to devote their time, knowledge, and skills
on public mailing lists, forums, Wikis, and other Internet venues (provided you ask politely and
aren’t too annoying).
Linux User Groups (LUGs) have sprung up all over the world. Many LUGs sponsor Linux
installfests (where members help you install the Linux of your choice on your computer) or help
non-profit groups and schools use Linux on older computers that will no longer support the latest
Microsoft Windows software. The LUG I’m a member of holds monthly meetings with talks on
Linux topics and has an active Web site, mailing list, and chat server where members can help one
another with Linux questions that come up.
Free online bulletin board services have sprung up to get information on specific Linux topics. Popular
general Linux forums are available from www.LinuxQuestions.org, www.LinuxForums.org,
and www.LinuxHelp.net. Most of these sites are built with open source software (see www.
e107.org and www.phpBB.com for examples of open source forum software).
Communities also gather around specific software projects and Linux distributions. SourceForge
(www.sourceforge.net) is the home to thousands of open source software projects. Go to the
SourceForge.net site and try keyword searches for topics that interest you (for example, image
gallery or video editing). Each project provides links to project home pages, forums, and software
download sites. There are always projects looking for people to help write code or documentation
or just participate in discussions.
You’ll find that most major Linux distributions have associated mailing lists and forums. You can
go directly to the Web sites for Red Hat Fedora Linux (www.redhat.com/fedora), Debian
(www.debian.com), Ubuntu (http://ubuntuforums.org), Gentoo (www.gentoo.org),
and others to learn how to participate in forums and contribute to those projects.
19
1
Part I
Linux First Steps
Major Software Projects
Some software projects have grown beyond the status of being simply a component of Linux or
some other UNIX derivative. Some of these projects are sponsored and maintained by organizations that oversee multiple open source projects. This section introduces some of the most popular
open source projects and organizations.
n The Apache Software Foundation (www.apache.org) is not only the world’s most
popular open source Web server software, it’s the most popular of all Web server software. Most Linux distributions that contain server software include Apache. The Apache
Software Foundation maintains the Apache Web (HTTP) server and about a dozen other
projects, including SpamAssassin (for blocking and filtering e-mail spam), Apache Portals
(to provide portal software), and a bunch of projects for producing modules to use with
your Apache Web server.
n The Internet Systems Consortium (www.isc.org) supports critical Internet infrastructure projects under open-source licenses. Those projects include Bind (DNS server
software), DHCP (to assign IP addresses and other information to Internet clients), INN
(for creating Internet news servers), and OpenReg (a tool for managing delegation of
domains in a shared registry).
n The Free Software Foundation (www.fsf.org) is the principal sponsor of the GNU
Project. Most of the UNIX commands and utilities included in Linux that were not closely
associated with the kernel were produced under the umbrella of the GNU project.
n The Mozilla project’s (www.mozilla.org) first major Web browser product was
Mozilla Navigator, which was originally based on code released to the open source community from Netscape Communicator. Other open source browsers incorporate Mozilla’s
engine. The Mozilla project also offered a suite of related Internet clients that included
e-mail, composer, IRC Chat, and address book software. New software development from
the Mozilla project focuses on the Thunderbird e-mail and news client and Firefox Web
browser, which have seen enormous success on Linux, Windows, and Mac OS X platforms in the past few years. The old Mozilla suite is offered today under the name
Seamonkey (www.mozilla.org/projects/seamonkey).
n The Samba Project (www.samba.org) provides software for sharing files and printers
using CIFS and SMB clients. These protocols are the most common means of sharing files
and printers with Microsoft Windows operating systems.
n The Sendmail Consortium (www.sendmail.org) maintains the sendmail mail transport agent, which is the world’s most popular software for transporting mail across the
Internet.
There are, of course, many more open source projects and organizations that provide software
included in various Linux distributions, but the ones discussed here will give you a good feel for
the kind of organizations that produce open source software.
20
Starting with Linux
Linux Myths, Legends, and FUD
The unlikely rise in the popularity of Linux has led to rampant (and sometimes strange) speculation
about all the terrible things it could lead to or, conversely, to almost manic declarations of how Linux
will solve all the problems of the world. I’ll try as best I can (with my own admitted bias toward Linux)
to present facts to address beliefs about Linux and to combat some of the unrealistic fear, uncertainty,
and doubt (FUD) being spread by those with a vested interest in seeing Linux not succeed.
Can You Stop Worrying About Viruses?
Well, you can (and should) always worry about the security of any computer connected to the
Internet. At the moment, however, you are probably less likely to get a virus from infected e-mail
or untrusted Web sites with standard e-mail clients and Web browsers that come with Linux systems than you would with those that come with the average Microsoft Windows system.
The most commonly cited warnings to back up that statement come in a report from the United
States Computer Emergency Readiness Team (CERT) regarding a vulnerability in Microsoft Internet
Explorer (www.kb.cert.org/vuls/id/713878):
There are a number of significant vulnerabilities in technologies relating to the IE
domain/zone security model, the DHTML object model, MIME type determination, and
ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different
Web browser, especially when browsing untrusted sites. Such a decision may, however,
reduce the functionality of sites that require IE-specific features such as DHTML,
VBScript, and ActiveX. Note that using a different Web browser will not remove IE from
a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).
US-CERT Vulnerability Note VU#713878
While the note also recommends keeping up with patches from Microsoft to reduce your risks, it
seems that the only real solutions are to disable Active scripting and ActiveX, use plain text e-mail,
and don’t visit sites you don’t trust with Internet Explorer. In other words, use a browser that disables insecure features included in Microsoft products.
This announcement apparently caused quite a run on the Mozilla.org site to download a Mozilla or
Firefox browser and related e-mail client (described in Chapter 22 of this book). Versions of those
software projects run on Windows and Mac OS X, as well as on Linux. Many believe that browsers
such as Mozilla are inherently more secure because they don’t allow non-standard Web features that
might do such things as automatically download unrequested software without your knowledge.
Research into hijacked computers being taken over, by the thousands, to be used as botnets has
shown a very high percentage to be Microsoft Windows systems. The disturbing thing about the
statistics, however, is that many of these systems have been upgraded with Microsoft Service Pack
21
1
Part I
Linux First Steps
2 (SP2) or other patches that were supposed to protect from those types of infections. A type of
trojan referred to as SpamThru (resulting in botnets that turn out thousands of spam messages)
infected a high-percentage of Windows XP systems that have been upgraded to SP2 (see www.
secureworks.com/analysis/spamthru-stats).
Of course, no matter what browser or e-mail client you are using, you need to follow good security
practices (such as not opening attachments or downloading files you don’t trust). Also, as open
source browsers and e-mail clients, such as those from Mozilla.org, become more popular, the
number of possible machines to infect through those applications will make it more tempting to
virus writers. (At the moment, most viruses and worms are created specifically to attack Microsoft
software.)
Will You Be Sued for Using Linux?
There have been some well-financed lawsuits against Linux providers. Those with litigation against
Linux have gone primarily after big companies, such as IBM, Novell, and Red Hat, Inc. Linus
Torvalds himself is the rare individual who has been named in lawsuits. Most threats to individuals
have been vague, general declarations from proprietary software companies that claim some
infringement of their property, without being specific about what the exact infringement is.
Although as we enter 2007 few people have been sued because of an association with Linux, the
level of rhetoric surrounding who might be sued has been raised substantially. In the alliance
between Microsoft and Novell, the two companies agree not to sue each other’s customers for intellectual property rights violations. However, Microsoft lawyer Brad Smith had this to say about how
open source developers can avoid being sued by Microsoft:
So Microsoft today is making two, I think, important commitments, or promises to different groups of developers in the open source community. The first is a promise that
we won’t assert our patents against individual, non-commercial, open source developers. Who are these? These are individuals who are creating code, contributing code,
they’re not being paid for that code, they’re often working in the evenings or at home.
They’re not creating it as part of their job, but they’re acting in an individual non-commercial way. The promise doesn’t run to anybody who employs them, because after all,
they’re not acting in the course of their employment. But, it gives those folks a new
commitment from Microsoft.
The second thing we did in this area was add a promise that goes to developers, even
developers who are getting paid to create code to OpenSUSE.org, code that Novell then
takes and incorporates into its distribution, and that is then covered under the patent
cooperation agreement between us, because after all Novell is ensuring that our patent
rights are respected in an appropriate way, and that gives us the ability to address the
needs and interests of those individuals.
www.microsoft.com/presspass/exec/steve/2006/11-02NovellInterop.mspx
22
Starting with Linux
The actual liability to individual open source software developers, based on statements such as
these from Microsoft, is still unclear. That’s because there have still been no specific patent claims
in connection with Linux from Microsoft. That said, because I am not a lawyer, my opinions on the
subject should not be taken as legal advice. However, if you want opinions from lawyers on open
source software legality, refer to the Groklaw site (www.groklaw.net). Likewise, here is a
response from Eben Moglen of the Software Freedom Law Center:
I and my firm don’t take comfort from statement from Microsoft that they won’t sue
programmers as long as they don’t get paid. We represent developers of free and opensource software. If Microsoft or anyone else attempts to sue our clients for doing what
they do to create software, because they’re being paid for it, then the people doing that
will be sorry. We protect our clients.”
http://news.com.com/2061-10795_3-6132156.html
The SCO Lawsuits
The Linux lawsuits that got the most press in the past few years are the ones involving Santa Cruz
Operation (SCO). SCO is the current owner of the UNIX source code that passed from AT&T Bell
Labs to UNIX System Laboratories to Univel (a lot of people don’t know that one), to Novell, and
eventually to the company formed by joining SCO and Caldera Systems. Although the particulars
of the claims seem to change daily, and one-by-one the claims have been shot down, SCO’s basic
assertion in lawsuits against IBM and others is that Linux contains UNIX System V source code that
is owned by SCO. So those who sell or use Linux owe licensing fees to SCO. To a layman (I am not
a lawyer!), the assertions seem weak based on the following facts:
n There seems to be no original UNIX code in Linux. And, even if a small amount of code
that could be proved to be owned by SCO had made it in there by mistake, that code
could be easily dropped and rewritten.
n Concepts that created UNIX all seem to be in the public domain, with public specifications of UNIX interfaces blessed by AT&T itself in the form of published POSIX and
System V Interface Definition standards. While the AT&T UNIX code was covered by
copyright, the concepts that went into that code were never patented.
n AT&T dropped a similar lawsuit in 1994 against BSD, which had actually started with
UNIX source code, but had rewritten it completely over the years.
n Exactly what SCO owns has been brought into question because Novell still claims some
rights to the UNIX code it sold to SCO. (In fact, SCO doesn’t even own the UNIX trademark, which Novell gave away to the Open Group before it sold the source code to SCO.
Attempts were underway in 2004 by SCO to trademark the name UNIX System
Laboratories.)
Responses to SCO’s lawsuits (which certainly hold more weight than any explanations I could
offer) are available from Open Group (www.opengroup.org), OSDL (www.osdl.org), IBM
(ibm.com/linux), and Red Hat (www.redhat.com). The Groklaw site (www.groklaw.net)
is another good spot to learn about SCO lawsuits against Linux. If you are interested in the paper
23
1
Part I
Linux First Steps
trail relating SCO’s ownership of UNIX, I recommend the Novell’s Unique Legal Rights page
(www.novell.com/licensing/indemnity/legal.html).
OSDL.org has prepared a legal defense fund to protect Linux end users and other Linux litigants
(including Linus and OSDL itself). You can read about this fund at ODSL’s Linux Legal Defense
Fund page (www.osdl.org/about_osdl/legal/lldf).
Software Patents
Most agree that it is illegal for someone to copy a software company’s code and redistribute it
without permission. However, the concept of being able to patent an idea that a company might
incorporate in its code has become a major point of contention in recent years. Can someone
patent the idea of clicking an icon to open a window?
Software companies are scrambling to file thousands of patents related to how software is used. While
those companies may never create products based on those patents, the restrictions those patents
might place on other software companies or open source software development is a major issue.
In the alliance between Microsoft and Novell, both companies’ large patent portfolios have become
a major issue of concern among the free and open source community. The fear is that those patents
(in other words, the idea represented by code and not the code itself) could be used to claim a tax
on every piece of open source software that is freely distributed today.
To deal with the patent issue, the current proposal for GNU General Public License 3 (GPLv3) is to
include wording that restricts anyone who delivers software covered under the GPL to exercise
their patent rights against those who use or redistribute that software. The hope of the Free
Software Foundation (http://gplv3.fsf.org) is that this will definitively answer the patent
issues that might restrict free redistribution of GPL code. As of this writing, GPLv3 had not yet
been completed, although the sentiment in the community is that moving to GPLv3 might be the
best way to deal with patent threats coming from within the free and open source community.
On another front in the patent wars, the Foundation for a Free Information Infrastructure
(www.ffii.org) is a group “dedicated to establishing a free market in information technology, by the
removal of barriers to competition.” The FFII maintains an excellent FAQ page to answer questions
surrounding software patents and how they threaten innovation:
www.ffii.org/Frequently_Asked_Questions_about_software_patents
Other Litigious Issues
Particularly contentious legal issues surround audio and video software. In Red Hat Linux 8, Red
Hat, Inc. removed support for MP3 and DVD players because of questions about licensing associated with those music and movie formats. Red Hat’s advice at the time was to download and install
the players yourself for personal use. Red Hat didn’t want to distribute those players because companies owning patents related to certain audio and video encoders might ask Red Hat to pay licensing
fees for distributing those players (see www.redhat.com/advice/speaks_80mm.html).
Check with an attorney regarding any legal issues that concern you.
24
Starting with Linux
Can Linux Really Run on Everything from
Handhelds to Supercomputers?
Linux is extraordinarily scalable and runs on everything from handhelds to supercomputers.
Features in the Linux 2.6 kernel have been particularly aimed at making the kernel easier to port
to embedded Linux systems, as well as large multi-processor, enterprise-quality servers.
Will Microsoft Crush Linux?
Microsoft has shifted its fear, uncertainty, and doubt (FUD) rhetoric against using Linux to FUD
about using any Linux other than Novell’s SUSE. Any Linux user or developer who doesn’t make an
agreement with Microsoft to use Microsoft’s as-yet-unnamed intellectual property that is in Linux
has, in the words of Microsoft President Steve Ballmer, “an undisclosed balance sheet liability.”
In 1998, a series of memos were leaked from Microsoft that became known as the Halloween
Documents (http://www.catb.org/~esr/halloween/). The sudden publicity of these
memos forced Microsoft to acknowledge their authenticity. The documents fueled animosity and
suspicion about the intentions of Microsoft regarding Linux. In that light, you can see how some
regard the recent Novell and Microsoft Patent news as simply Fear, Uncertainty and Doubt (FUD).
As of November of 2006, there have been no specific patent infringements pointed out by anyone.
To many in the Linux community, statements from Microsoft in which Microsoft threatened to sue
Linux developers, users, and customers who don’t pay a fee to Microsoft (for code that Microsoft
had no part in creating) are viewed as extortion. The result has been to divide open source proponents into either the camp for the Novell/Microsoft deal or against it. However you look at it, the
battle lines have been clearly drawn.
The U.S. Justice department claimed that Microsoft used the phrase “Embrace, extend, and
extinguish” as its policy toward dealing with companies or technologies that it saw as a threat
(http://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish). By embracing SUSE Linux, Microsoft has already divided the Linux community. It has announced plans to
extend SUSE Linux to better interoperate with Windows. You can only guess what might happen
to SUSE when Microsoft’s five-year deal with Novell is up and much of the open source community isn’t working with Novell anymore.
But it’s not all gloom and doom for Linux. Major Linux vendors such as Red Hat, Inc. and the Free
Software Foundation have been gearing up for this fight for years. At the time of this writing, it
looks like they have a couple of aces up their sleeves as well:
n GPLv3 — As of the end of 2006, most of the free and open source software community
(including the Linux kernel developers) license their software using GPLv2. There is talk
now that GPLv3, which is currently under review, will be modified to require that anyone
distributing code under GPLv3 will agree to not exercise rights to patent fees associated
with that code.
25
1
Part I
Linux First Steps
n Open Invention Network (www.openinventionnetwork.com) — With sponsors
such as Red Hat, IBM, Novell, Philips, Sony, and NEC, the Open Invention Network was
formed as an organization for gathering patents to protect open source software. Instead
of using those patents as a royalty stream, however, those patents are seen as a defense
against someone who might seek to assert patent rights against open source software. It
seems to be like an arms race, where it is hoped that no country will attack another since
both have ammunition that could inflict damage.
n Open source community — So far, there have simply been pleas from the open source
community to Novell to abandon the patent portion of its agreement with Microsoft.
Projects such as the Samba project have come out publicly against the agreement, but so far
no one has taken action. Some believe, however, that many open source projects will not be
willing to work with Novell, given the aspects of the alliance with Microsoft that seem ready
to punish open source developers who do paid work for anyone other than Novell.
It’s hard to imagine how any major Linux distribution could survive without assistance
from the upstream projects that feed it. So, being set adrift from the open source community is surely not something Novell wants to have happen.
So, the bottom line about whether or not Microsoft will crush Linux is that a fight is brewing, but
the jury is still out. It seems, however, that the free and open source community is ready to protect
its rights and values.
Are You on Your Own If You Use Linux?
If you are new to Linux and are concerned about support, several companies are offering wellsupported versions of Linux. Those include Red Hat Enterprise Linux (from Red Hat, Inc.) and
Ubuntu Linux (from Canonical Global Support Services), as well as a number of other smaller
players. In the corporate arena, add IBM to that list.
As noted earlier, there are also many community sites on the Internet that offer forums, mailing
lists, and other venues for getting help if you get stuck.
Is Linux Only for Geeks?
It doesn’t hurt to be a geek if you want to fully explore all the potential of your Linux system.
However, with a good desktop Linux distribution, tremendous improvements over the past few
years relating to ease-of-use and features have made it possible to do most things you would do on
any Macintosh or Windows system without being a Linux expert. The great thing is that, if you
ever want to dig deeper, the opportunity is there and the education is free.
Start with a Linux system that uses the KDE or GNOME desktop. Simple menus enable you to
select word processors, Web browsers, games, and dozens of other applications you commonly use
on other operating systems. In most cases, you’ll get along fine just using your mouse to work with
windows, menus, and forms.
26
Starting with Linux
With Linux distributions that offer graphical tools for basic system administration (such as configuring a printer or network connection), you can be led through most tasks you need to do. Fedora,
Red Hat Enterprise Linux, and Mandriva are good examples of Linux distributions that offer simplified administration tools. With a basic understanding of the Linux shell (see Chapter 2) and
some help from a Linux forum, you should be able to troubleshoot most anything that goes wrong.
How Do Companies Make Money with Linux?
Open source enthusiasts believe that better software can result from an open source software development model than from proprietary development models. So in theory, any company creating
software for its own use can save money by adding its software contributions to those of others to
gain a much better end product for themselves.
Companies that want to make money selling software need to be more creative than they did in the
old days. While you can sell the software you create that includes GPL software, you must pass the
source code of that software forward. Of course, others can then recompile that product, basically
using your product without charge. Here are a few ways that companies are dealing with that issue:
n Software subscriptions — Red Hat, Inc. sells its Red Hat Enterprise Linux products on a
subscription basis. For a certain amount of money per year, you get binary code to run
Linux (so you don’t have to compile it yourself), guaranteed support, tools for tracking the
hardware and software on your computer, and access to the company’s knowledge base.
While Red Hat’s Fedora project includes much of the same software and is also available
in binary form, there are no guarantees associated with the software or future updates of
that software. A small office or personal user might take the risk on Fedora (which is
itself an excellent operating system) but a big company that’s running mission-critical
applications will probably put down a few dollars for RHEL.
n Donations — Many open source projects accept donations from individuals or open
source companies that use code from their projects. Amazingly, many open source projects support one or two developers and run exclusively on donations.
n Bounties — The concept of software bounties is a fascinating way for open source software companies to make money. Let’s say that you are using XYZ software package and
you need a new feature right away. By paying a software bounty to the project itself, or to
other software developers, you can have your needed improvements moved to the head
of the queue. The software you pay for will remain covered by its open source license,
but you will have the features you need, at probably a fraction of the cost of building the
project from scratch.
n Boxed sets, mugs, and T-shirts — Many open source projects have online stores where
you can buy boxed sets (some people still like physical CDs and hard copies of documentation) and a variety of mugs, T-shirts, mouse pads, and other items. If you really love a
project, for goodness sake, buy a T-shirt!
27
1
Part I
Linux First Steps
This is in no way an exhaustive list because more creative ways are being invented every day to support those who create open source software. Remember that many people have become contributors
to and maintainers of open source software because they needed or wanted the software themselves.
The contributions they make for free are worth the return they get from others who do the same.
How Different Are Linux Distributions
from One Another?
While different Linux systems will add different logos, choose some different software components
to include, and have different ways of installing and configuring Linux, most people who become
used to Linux can move pretty easily from one Linux to another. There are a few reasons for this:
n Linux Standard Base — There is an effort called the Linux Standard Base (www.
linuxbase.org) to which most major Linux systems subscribe. The Linux Standard
Base Specification (available from this site) has as one of its primary goals to ensure that
applications written for one Linux system will work on other systems. To that end, the
LSB will define what libraries need to be available, how software packages can be formatted, commands and utilities that must be available, and, to some extent, how the file system should be arranged. In other words, you can rely on many components of Linux
being in the same place on LSB-certified Linux systems.
n Open source projects — Many Linux distributions include the same open source projects. So, for example, the most basic command and configuration files for an Apache Web
server, Samba file/print server, and sendmail mail server will be the same whether you use
Red Hat, Debian, or many other Linux systems. And although they can change backgrounds, colors, and other elements of your desktop, most of the ways of navigating a
KDE or GNOME desktop stay the same, regardless of which Linux you use.
n A shell is a shell — Although you can put different pretty faces on it, once you open a
shell command line interpreter (such as bash or sh) in Linux, most experienced Linux or
UNIX users find it pretty easy to get around on most any Linux system. For that reason, I
recommend that if you are serious about using Linux, you take some time to try the shell
(as described in Chapter 2). Additionally, Chapters 24–27 focus on command line and
configuration file interfaces for setting up servers because learning those ways of configuring servers will make your skills most portable across different Linux systems.
Some of the ways that Linux distributions distinguish themselves, however, are with the installers
they use, their package management tools, and system administration tools. Also, distributions
such as those sponsored by Red Hat will include new features developed by its sponsors to meet its
commercial needs. For example, Red Hat has done a lot of work that is useful for enterprise computing environments, such as virtualization, global file systems, and software distribution tools.
28
Starting with Linux
Is the Linux Mascot Really a Penguin?
Figure 1.1 shows the penguin logo that Linus Torvalds approved as the official Linux mascot. His
name is Tux. Use of this logo is freely available, and you find it everywhere on Linux Web sites,
magazines, and other Linux venues. (I used it in my book Linux Toys II and on the Linuxtoys.net
Web site, for example.)
FIGURE 1.1
Tux, a gentle and pleasant penguin, is the official Linux mascot.
Tux was created by Larry Ewing. There are different versions of Tux available from his Web site
(www.isc.tamu.edu/~lewing/linux). Find out more about Tux from the Linux Online
Logos and Mascots page (www.linux.org/info/logos.html). Refer to the Why Linux Chose
a Penguin page (www.linux.org/info/penguin.html) if you would like Linus’ take on the
penguin mascot.
Getting Started with Linux
Although I’ve gone on a bit about Linux history and what it does, the primary goal of this book is
to get you using it. To that end, I’d like to describe some things that might help you get started
with Linux.
29
1
Part I
Linux First Steps
While Linux will run great on many low-end computers (even some old 486s and early Pentiums),
if you are completely new to Linux, I recommend that you start with a PC that has a little more
muscle. Here’s why:
n Full-blown Linux operating systems with complete GNOME or KDE desktop environments perform poorly on slow CPUs and less than the recommended amount of RAM.
The bells and whistles come at the price of processing power. Lighter-weight options do
exist if you have limited resources.
n You can create streamlined graphical Linux installations that will fit on small hard disks
(as small as 100MB) and run fairly well on slow processors. However, putting together
such a system requires some knowledge of which software packages to select and often
requires some additional configuration.
If you are starting with a Pentium II, 400 MHz, your desktop will run slowly in default KDE or
GNOME configurations with less than 128MB of RAM. A simpler desktop system, with just X and
a window manager, will work, but won’t give you the full flavor of a Linux desktop. (See Chapter 3
for information about different desktop choices and features.)
The good news is that cheap computers that you can buy from Wal-Mart or other retailers start at
less than $300. Those systems will perform better than most PCs you have laying around that are
more than a few years old and will come with Linux (usually Linspire) pre-installed. The bottom
line is that the less you know about Linux, the more you should try to have computer hardware
that is up to spec to have a pleasant experience.
If you already have a Linux system sitting in front of you, Chapters 2 through 6 will walk you
through the Linux shell, using the desktop, and some basic system administration. If you don’t
have a Linux system running on your computer yet, you have a couple of choices:
n Try a bootable Linux — If you have another OS on your machine and are reluctant to
disturb the contents of your computer, a bootable Linux enables you to run Linux
directly from a removable medium (DVD, CD, or even a floppy disk in some cases). You’ll
be able to try Linux without even touching the contents of your hard disk. Distributions
such as Damn Small Linux will run well even on less powerful machines.
n Install Linux on your hard disk — If you have available disk space that’s not already
assigned to Windows or another system, you can install Linux on your hard disk and
have a more permanent operating system. Some Linux distributions, such as SUSE and
Mandriva, enable you to resize your Windows hard disk to make room to install Linux.
Other Linux distributions, such as Ubuntu and Gentoo, enable you to try them out from
a live CD, and then install them to your hard disk from that running live CD.
Linux itself is just a kernel (like the engine of a car), so to use Linux you need to select a Linux distribution. Because the distribution you choose is so critical to your Linux experience, Part III of
this book is devoted to understanding, choosing, and installing the most popular Linux distributions. Several of these distributions are included with this book, along with several useful bootable
Linux distributions. If you don’t already have a Linux system in front of you, refer to Chapter 7 to
get started getting the Linux you want.
30
Starting with Linux
Summary
Linux is the most popular representation of the open source software model today and reflects a
rich history of shared software development techniques that date back to the first UNIX systems of
three decades ago. Today’s Linux computer systems form the backbone of many major computing
centers around the world.
In recent years, Linux has become a great choice as a desktop system as well. You will find many
open source applications available for any type of application you can imagine (word processing,
music playing, e-mail, games, and so on). With its powerful networking and built-in security features,
Linux can provide a much safer computing environment than other desktop computing systems.
Linux gives you the freedom to create the kind of computer system you need.
31
1
Running Commands
from the Shell
B
efore icons and windows took over computer screens, you typed
commands to run most computers. On UNIX systems, from which
Linux was derived, the program used to interpret and manage commands was referred to as the shell.
IN THIS CHAPTER
Understanding the Linux shell
Using the Linux shell
No matter which Linux distribution you are using, you can always count on
one thing being available to you: the shell. It provides a way to run programs, work with file systems, compile computer code, operate a system,
and manage the computer. Although the shell is less intuitive than common
graphic user interfaces (GUIs), most Linux experts consider the shell to be
much more powerful than GUIs. Shells have been around a long time, and
many advanced features have been built into them.
The Linux shell illustrated in this chapter is called the bash shell, which
stands for Bourne Again Shell. The name is derived from the fact that bash is
compatible with the first UNIX shell: the Bourne shell (represented by the
sh command). Other popular shells include the C shell (csh), which is popular among BSD UNIX users, and the Korn shell (ksh), which is popular
among UNIX System V users. Linux also has a tcsh shell (a C shell lookalike) and an ash shell (another Bourne shell look-alike). Several different
shells are introduced in this chapter.
Several major reasons for learning how to use the shell are:
n You will know how to get around any Linux or other UNIX-like system. For example, I can log in to my Red Hat Enterprise Linux
MySQL server, my bootable floppy router/firewall, or my wife’s iMac
and explore and use any of those computer systems from a shell.
33
Working with the Linux
file system
Using the vi text editor in Linux
Part I
Linux First Steps
n Special shell features enable you to gather data input and direct data output between
commands and the Linux file system. To save on typing, you can find, edit, and repeat
commands from your shell history. Many power users hardly touch a graphical interface,
doing most of their work from a shell.
n You can gather commands into a file using programming constructs such as loops and
case statements to quickly do complex operations that would be difficult to retype over
and over. Programs consisting of commands that are stored and run from a file are
referred to as shell scripts. Most Linux system administrators use shell scripts to automate
tasks such as backing up data, monitoring log files, or checking system health.
The shell is a command language interpreter. If you have used Microsoft operating systems, you’ll
see that using a shell in Linux is similar to — but generally much more powerful than — the interpreter used to run commands in DOS. You can happily use Linux from a graphical desktop interface, but as you grow into Linux you will surely need to use the shell at some point to track down
a problem or administer some features.
How to use the shell isn’t obvious at first, but with the right help you can quickly learn many of
the most important shell features. This chapter is your guide to working with the Linux system
commands, processes, and file system from the shell. It describes the shell environment and helps
you tailor it to your needs. It also explains how to use and move around the file system.
Starting a Shell
There are several ways to get to a shell interface in Linux. Three of the most common are the shell
prompt, Terminal window, and virtual terminal. They’re discussed in the following sections.
Using the Shell Prompt
If your Linux system has no graphical user interface (or one that isn’t working at the moment), you
will most likely see a shell prompt after you log in. Typing commands from the shell will probably
be your primary means of using the Linux system.
The default prompt for a regular user is simply a dollar sign:
$
The default prompt for the root user is a pound sign (also called a hash mark):
#
In most Linux systems, the $ and # prompts are preceded by your username, system name, and
current directory name. For example, a login prompt for the user named jake on a computer
named pine with /tmp as the current directory would appear as:
[[email protected] tmp]$
34
Running Commands from the Shell
You can change the prompt to display any characters you like — you can use the current directory,
the date, the local computer name, or any string of characters as your prompt, for example. To
configure your prompt, see the “Setting Your Prompt” section later in this chapter.
Although there are a tremendous number of features available with the shell, it’s easy to begin by
just typing a few commands. Try some of the commands shown in the remainder of this section to
become familiar with your current shell environment.
In the examples that follow, the dollar ($) and pound (#) symbols indicate a prompt. While a $
indicates that the command can be run by any user, a # typically means you should run the command as the root user. The prompt is followed by the command that you type (and then you press
Enter or Return, depending on your keyboard). The lines that follow show the output resulting
from the command.
Using a Terminal Window
With the desktop GUI running, you can open a terminal emulator program (sometimes referred to
as a Terminal window) to start a shell. Most Linux distributions make it easy for you to get to a shell
from the GUI. Here are two common ways to launch a Terminal window from a Linux desktop:
n Right-click the desktop. In the context menu that appears, look for Shells, New
Terminal, Terminal Window, Xterm, or some similar item and select it.
n Click on the panel menu. Many Linux desktops include a panel at the bottom of the
screen from which you can launch applications. For example, in Fedora systems that use
the GNOME desktop, you can select Applications ➪ Accessories ➪ Terminal to open a
Terminal window. For Mandriva, select System ➪ Terminals.
In all cases, you should just be able to type a command as you would from a shell with no GUI.
Different terminal emulators are available with Linux. One of the following is likely to be the
default used with your Linux system:
n xterm — A common terminal emulator for the X Window System (In fact, I’ve never seen
an X Window System for a major Linux distribution that didn’t include xterm). Although
it doesn’t provide menus or many special features, it is available with most Linux distributions that support a GUI.
n gnome-terminal — The default Terminal emulator window that comes with GNOME. It
consumes more system resources than xterm does, and it has useful menus for cutting
and pasting, opening new Terminal tabs or windows, and setting terminal profiles.
n konsole — The konsole terminal emulator that comes with the KDE desktop environment.
With konsole, you can display multi-language text encoding and text in different colors.
The differences in running commands within a Terminal window have more to do with the shell
you are running than the type of Terminal window you are using. Differences in Terminal windows
have more to do with the features each supports — for example, how much output is saved that
can be scrolled back to; whether you can change font types and sizes, and whether the Terminal
window supports features such as transparency.
35
2
Part I
Linux First Steps
Using Virtual Terminals
Most Linux systems that include a desktop interface start multiple virtual terminals running on the
computer. Virtual terminals are a way to have multiple shell sessions open at once outside of the
graphical interface you are using.
You can switch between virtual terminals much the same way that you would switch between
workspaces on a GUI. Press Ctrl+Alt+F1 (or F2, F3, F4, and so on up to F6 on Fedora and other
Linux systems) to display one of six virtual terminals. The next virtual workspace after the virtual
terminals is where the GUI is, so if there are six virtual terminals, you can return to the GUI (if one
is running) by pressing Ctrl+Alt+F7. (For a system with four virtual terminals, you’d return to the
GUI by pressing Ctrl+Alt+F5.)
Choosing Your Shell
In most Linux systems, your default shell is the bash shell. To find out what your current login
shell is, type the following command:
$ echo $SHELL
/bin/bash
In this example, it’s the bash shell. There are many other shells, and you can activate a different one
by simply typing the new shell’s command (ksh, tcsh, csh, sh, bash, and so forth) from the
current shell.
Most full Linux systems include all of the shells described in this section. However,
some smaller Linux distributions may include only one or two shells. The best way to
find out if a particular shell is available is to type the command and see if the shell starts.
NOTE
You might want to choose a different shell to use because:
n You are used to using UNIX System V systems (often ksh by default) or Sun Microsystems
and other Berkeley UNIX–based distributions (frequently csh by default), and you are
more comfortable using default shells from those environments.
n You want to run shell scripts that were created for a particular shell environment, and you
need to run the shell for which they were made so you can test or use those scripts.
n You might simply prefer features in one shell over those in another. For example, a
member of my Linux Users Group prefers ksh over bash because he doesn’t like the way
aliases are always set up with bash.
Although most Linux users have a preference for one shell or another, when you know how to use
one shell, you can quickly learn any of the others by occasionally referring to the shell’s man page
(for example, type man bash). Most people use bash just because they don’t have a particular reason
for using a different shell. In Chapter 4, you learn how to assign a different default shell for a user.
The following sections introduce several of the most common shells available with Linux.
36
Running Commands from the Shell
Using bash (and Earlier sh) Shells
The name bash is an acronym for Bourne Again Shell, acknowledging the roots of bash coming
from the Bourne shell (sh command) created by Steve Bourne at AT&T Bell Labs. Brian Fox of the
Free Software foundation created bash, under the auspices of the GNU project. Development was
later taken over by Chet Ramey at Case Western Reserve University.
Bash includes features originally developed for sh and ksh shells in early UNIX systems, as well as
some csh features. Expect bash to be the default shell in whatever Linux system you are using, with
the exception of some specialized Linux systems (such as those run on embedded devices or run
from a floppy disk) that may require a smaller shell that needs less memory and entails fewer features. Most of the examples in this chapter are based on the bash shell.
Bash can be run in various compatibility modes so that it behaves like different shells. It can be run
to behave as a Bourne shell (bash +B) or as a POSIX-compliant shell (type bash --posix), for
example, enabling it to read configuration files that are specific to those shells and run initialization
shell scripts written directly for those shells, with a greater chance of success.
All of the Linux distributions included with this book use bash as the default shell, with the exception of some bootable Linux distributions, which use the ash shell instead.
Using tcsh (and Earlier csh) Shells
The tcsh shell is the open source version of the C shell (csh). The csh shell was created by Bill Joy
and used with most Berkeley UNIX systems (such as those produced by Sun Microsystems) as the
default shell. Features from the TENEX and TOPS-20 operating systems (used on PDP-11s in the
1970s) that are included with this shell are responsible for the T in tcsh.
Many features of the original csh shell, such as command-line editing and its history mechanism,
are included in tcsh as well as in other shells. While you can run both csh and tcsh on most Linux
systems, both commands actually point to the same executable file. In other words, starting csh
actually runs the tcsh shell in csh compatibility mode.
Using ash
The ash shell is a lightweight version of the Berkeley UNIX sh shell. It doesn’t include many of the
sh shell’s basic features, and is missing such features as command histories. Kenneth Almquist created the ash shell.
The ash shell is a good shell for embedded systems that have fewer system resources available. The
ash shell is about one-seventh the size of bash (about 100K versus 712K for bash). Because of
cheaper memory prices these days, however, many embedded and small bootable Linux systems
have enough space to include the full bash shell.
37
2
Part I
Linux First Steps
Using ksh
The ksh shell was created by David Korn at AT&T Bell Labs and is the predecessor of the sh shell.
It became the default and most commonly used shell with UNIX System V systems. The open
source version of ksh was originally available in many rpm-based systems (such as Fedora and Red
Hat Enterprise Linux) as part of the pdksh package. Now, however, David Korn has released the
original ksh shell as open source, so you can look for it as part of a ksh software package in most
Linux systems (see www.kornshell.com).
Using zsh
The zsh shell is another clone of the sh shell. It is POSIX-compliant (as is bash), but includes some
different features, such as spell checking and a different approach to command editing. The first
Mac OS X systems used zsh as the default shell, although now bash is used by default.
Exploring the Shell
Once you have access to a shell in Linux, you can begin by typing some simple commands. The
“Using the Shell in Linux” section later in this chapter provides more details about options, arguments, and environment variables. For the time being, the following sections will help you poke
around the shell a bit.
If you don’t like your default shell, simply type the name of the shell you want to try out
temporarily. To change your shell permanently, use the usermod command. For example, to change your shell to the csh shell for the user named chris, type the following as root user
from a shell:
NOTE
# usermod -s /bin/csh chris
Checking Your Login Session
When you log in to a Linux system, Linux views you as having a particular identity, which includes
your username, group name, user ID, and group ID. Linux also keeps track of your login session: it
knows when you logged in, how long you have been idle, and where you logged in from.
To find out information about your identity, use the id command as follows:
$ id
uid=501(chris) gid=105(sales) groups=105(sales),4(adm),7(lp)
In this example, the username is chris, which is represented by the numeric user ID (uid) 501.
The primary group for chris is called sales, which has a group ID (gid) of 105. The user chris
also belongs to other groups called adm (gid 4) and lp (gid 7). These names and numbers represent the permissions that chris has to access computer resources. (Permissions are described in
the “Understanding File Permissions” section later in this chapter.)
38
Running Commands from the Shell
You can see information about your current login session by using the who command. In the following example, the -u option says to add information about idle time and the process ID and -H
asks that a header be printed:
$ who -uH
NAME
LINE
chris
tty1
TIME
Jan 13 20:57
IDLE
.
PID
2013
COMMENT
The output from this who command shows that the user chris is logged in on tty1 (which is the
monitor connected to the computer), and his login session began at 20:57 on January 13. The
IDLE time shows how long the shell has been open without any command being typed (the dot
indicates that it is currently active). PID shows the process ID of the user’s login shell. COMMENT
would show the name of the remote computer the user had logged in from, if that user had logged
in from another computer on the network, or the name of the local X display if you were using a
Terminal window (such as :0.0).
Checking Directories and Permissions
Associated with each shell is a location in the Linux file system known as the current or working
directory. Each user has a directory that is identified as the user’s home directory. When you first log
in to Linux, you begin with your home directory as the current directory.
When you request to open or save a file, your shell uses the current directory as the point of reference. Simply provide a filename when you save a file, and it is placed in the current directory.
Alternatively, you can identify a file by its relation to the current directory (relative path), or you
can ignore the current directory and identify a file by the full directory hierarchy that locates it
(absolute path). The structure and use of the file system is described in detail later in this chapter.
To find out what your current directory is, type the pwd command:
$ pwd
/usr/bin
In this example, the current/working directory is /usr/bin. To find out the name of your home
directory, type the echo command, followed by the $HOME variable:
$ echo $HOME
/home/chris
Here the home directory is /home/chris. To get back to your home directory, just type the
change directory (cd) command. (Although cd followed by a directory name changes the current
directory to the directory that you choose, simply typing cd with no directory name takes you to
your home directory):
$ cd
NOTE
Instead of typing $HOME, you can use the tilde (~) to refer to your home directory. So,
to return to your home directory, you could simply type: cd ~
39
2
Part I
Linux First Steps
To list the contents of your home directory, either type the full path to your home directory, or use
the ls command without a directory name. Using the -a option to ls enables you to view the
hidden files (dot files) as well as all other files. With the -l option, you can see a long, detailed list
of information on each file. (You can put multiple single-letter options together after a single dash,
for example, -la.)
$ ls -la /home/chris
total 158
drwxrwxrwx
2
chris
drwxr-xr-x
3
root
-rw------1
chris
-rw-r--r-1
chris
-rw-r--r-1
chris
-rw-r--r-1
chris
drw-r--r-1
chris
-rw-rw-r-1
chris
^
col 1
^
col 2
^
col 3
sales
root
sales
sales
sales
sales
sales
sales
^
col 4
4096
4096
2204
24
230
124
4096
149872
^
col 5
May
May
May
May
May
May
May
May
12
10
18
10
10
10
10
11
13:55
01:49
21:30
01:50
01:50
01:50
01:50
22:49
^
col 6
.
..
.bash_history
.bash_logout
.bash_profile
.bashrc
.kde
letter
^
col 7
Displaying a long list (-l option) of the contents of your home directory shows you more about
file sizes and directories. The total line shows the total amount of disk space used by the files in the
list (158 kilobytes in this example). Directories such as the current directory (.) and the parent
directory (..) — the directory above the current directory — are noted as directories by the letter d
at the beginning of each entry (each directory begins with a d and each file begins with a -).
The file and directory names are shown in column 7. In this example, a dot (.) represents
/home/chris and two dots (..) represents /home. Most of the files in this example are dot (.)
files that are used to store GUI properties (.kde directory) or shell properties (.bash files). The
only non-dot file in this list is the one named letter. Column 3 shows the directory or file
owner. The /home directory is owned by root, and everything else is owned by the user chris, who
belongs to the sales group (groups are listed in column 4).
In addition to the d or -, column 1 on each line contains the permissions set for that file or directory. (Permissions and configuring shell property files are described later in this chapter.) Other
information in the listing includes the number of links to the item (column 2) the size of each file
in bytes (column 5) and the date and time each file was most recently modified (column 6).
The number of characters shown for a directory (4096 bytes in these examples) reflects
the size of the file containing information about the directory. While this number can
grow above 4096 bytes for a directory that contains a lot of files, this number doesn’t reflect the size
of files contained in that directory.
NOTE
Checking System Activity
In addition to being a multiuser operating system, Linux is also a multitasking system. Multitasking
means that many programs can be running at the same time. An instance of a running program is
referred to as a process. Linux provides tools for listing running processes, monitoring system usage,
and stopping (or killing) processes when necessary.
40
Running Commands from the Shell
The most common utility for checking running processes is the ps command. Use it to see which
programs are running, the resources they are using, and who is running them. Here’s an example of
the ps command:
$ ps au
USER
PID %CPU %MEM VSZ
root
2146 0.0 0.8 1908
jake
2147 0.0 0.7 1836
jake
2310 0.0 0.7 2592
RSS
1100
1020
912
TTY
ttyp0
ttyp0
ttyp0
STAT
S
S
R
START
14:50
14:50
18:22
TIME
0:00
0:00
0:00
COMMAND
login -- jake
-bash
ps -au
In this example, the -a option asks to show processes of all users who are associated with your
current terminal, and the -u option asks that usernames be shown, as well as other information
such as the time the process started and memory and CPU usage. The concept of a terminal comes
from the old days, when people worked exclusively from character terminals, so a terminal typically represented a single person at a single screen. Now you can have many “terminals” on one
screen by opening multiple Terminal windows.
On this shell session, there isn’t much happening. The first process shows that the user named
jake logged in to the login process (which is controlled by the root user). The next process shows
that jake is using a bash shell and has just run the ps au command. The terminal device ttyp0
is being used for the login session. The STAT column represents the state of the process, with R
indicating a currently running process and S representing a sleeping process.
The USER column shows the name of the user who started the process. Each process is represented
by a unique ID number referred to as a process ID (PID). (You can use the PID if you ever need to
kill a runaway process.) The %CPU and %MEM columns show the percentages of the processor and
random access memory, respectively, that the process is consuming. VSZ (virtual set size) shows
the size of the image process (in kilobytes), and RSS (resident set size) shows the size of the program in memory. START shows the time the process began running, and TIME shows the cumulative system time used. (Many commands consume very little CPU time, as is reflected by 0:00 for
processes that haven’t even used a whole second of CPU time.)
Many processes running on a computer are not associated with a terminal. A normal Linux system
has many processes running in the background. Background system processes perform such tasks
as logging system activity or listening for data coming in from the network. They are often started
when Linux boots up and run continuously until it shuts down. To page through all the processes
running on your Linux system, add the pipe (|) and the less command to ps aux, like this:
$ ps aux | less
A pipe (above the backslash character on the keyboard) enables you to direct the output of one
command to be the input of the next command. In this example, the output of the ps command (a
list of processes) is directed to the less command, which lets you page through that information.
Use the spacebar to page through and type q to end the list. You can also use the arrow keys to
move one line at a time through the output.
41
2
Part I
Linux First Steps
Exiting the Shell
To exit the shell when you are done, type exit or press Ctrl+D.
You’ve just seen a few commands that can help you quickly familiarize yourself with your Linux
system. There are hundreds of other commands that you can try. You’ll find many in the /bin and
/usr/bin directories, and you can use ls to see a directory’s command list: ls /bin, for example, results in a list of commands in the /bin. Then use the man command (for example, man
hostname to see what each command does. Administrative commands are also in /sbin or
/usr/sbin directories.
Using the Shell in Linux
When you type a command in a shell, you can include other characters that change or add to how
the command works. In addition to the command itself, these are some of the other items that you
can type on a shell command line:
n Options — Most commands have one or more options you can add to change their
behavior. Options typically consist of a single letter, preceded by a dash. You can also
often combine several options after a single dash. For example, the command ls -la
lists the contents of the current directory. The -l asks for a detailed (long) list of information, and the -a asks that files beginning with a dot (.) also be listed. When a single
option consists of a word, it is usually preceded by a double dash (--). For example, to
use the help option on many commands, you enter --help on the command line.
NOTE
You can use the --help option with most commands to see the options and arguments
that they support. For example, hostname --help.
n Arguments — Many commands also accept arguments after certain options are entered or
at the end of the entire command line. An argument is an extra piece of information, such
as a filename, that can be used by the command. For example, cat /etc/passwd displays the contents of the /etc/passwd file on your screen. In this case, /etc/passwd
is the argument.
n Environment variables — The shell itself stores information that may be useful to the
user’s shell session in what are called environment variables. Examples of environment
variables include $SHELL (which identifies the shell you are using), $PS1 (which defines
your shell prompt), and $MAIL (which identifies the location of your mailbox). See the
“Using Shell Environment Variables” section later in this chapter for more information.
You can check your environment variables at any time. Type declare to list the current
environment variables. Or you can type echo $VALUE, where VALUE is replaced by the
name of a particular environment variable you want to list.
TIP
n Metacharacters — These are characters that have special meaning to the shell. They can
be used to direct the output of a command to a file (>), pipe the output to another command (|), and run a command in the background (&), to name a few. Metacharacters are
discussed later in this chapter.
42
Running Commands from the Shell
To save you some typing, there are shell features that store commands you want to reuse, recall
previous commands, and edit commands. You can create aliases that enable you to type a short
command to run a longer one. The shell stores previously entered commands in a history list,
which you can display and from which you can recall commands. You’ll see how this works a little
later in the chapter.
Unless you specifically change to another shell, the bash shell is the one you use with most Linux
systems. The bash shell contains most of the powerful features available in other shells. Although
the description in this chapter steps you through many bash shell features, you can learn more
about the bash shell by typing man bash, and the sidebar “Getting Help Using the Shell” shows
you a few other ways to learn about using the shell.
Locating Commands
If you know the directory that contains the command you want to run, one way to run it is to type
the full path to that command. For example, you run the date command from the /bin directory
by typing:
$ /bin/date
Of course, this can be inconvenient, especially if the command resides in a directory with a long
path name. The better way is to have commands stored in well-known directories, and then
add those directories to your shell’s PATH environment variable. The path consists of a list of
directories that are checked sequentially for the commands you enter. To see your current path,
type the following:
$ echo $PATH
/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin:/home/chris/bin
The results show the default path for a regular Linux user. Directories in the path list are separated
by colons. Most user commands that come with Linux are stored in the /bin, /usr/bin, or
/usr/local/bin directories. Although many graphical commands (that are used with GUIs) are
contained in /usr/bin, there are some special X commands that are in /usr/bin/X11 and
/usr/X11R6/bin directories. The last directory shown is the bin directory in the user’s home
directory.
If you want to add your own commands or shell scripts, place them in the bin directory
in your home directory (such as /home/chris/bin for the user named chris). This
directory is automatically added to your path in some Linux systems, although you may need to create that directory or add it to your PATH on other Linux systems. So as long as you add the command
to your bin with execute permission (described in the “Understanding File Permissions” section later
in this chapter), you can immediately begin using the command by simply typing the command name
at your shell prompt.
TIP
43
2
Part I
Linux First Steps
Getting Help Using the Shell
W
hen you first start using the shell, it can be intimidating. All you see is a prompt. How do you
know which commands are available, which options they use, or how to use advanced features? Fortunately, lots of help is available. Here are some places you can look to supplement what
you learn in this chapter:
n Check the PATH — Type echo $PATH. You see a list of the directories containing commands that are immediately accessible to you. Listing the contents of those directories
displays most standard Linux commands.
n Use the help command — Some commands are built into the shell, so they do not
appear in a directory. The help command lists those commands and shows options available with each of them. (Type help | less to page through the list.) For help with a particular built-in command, type help command, replacing command with the name that
interests you. The help command works with the bash shell only.
n Use --help with the command — Many commands include a --help option that you
can use to get information about how the command is used. For example, type date -help | less. The output shows not only options, but also time formats you can use with
the date command.
n Use the man command — To learn more about a particular command, type man command.
(Replace command with the command name you want.) A description of the command and
its options appears on the screen.
n Use the info command — The info command is another tool for displaying information
about commands from the shell. The info command can move among a hierarchy of
nodes to find information about commands and other items. Not all commands have
information available in the info database, but sometimes more information can be found
there than on a man page.
If you are the root user, directories containing administrative commands are typically in your path.
These directories include /sbin and /usr/sbin. (You may need to start your shell with a -l or
-login option to have /sbin and /usr/sbin added to your PATH.)
The path directory order is important. Directories are checked from left to right. So, in this example, if there is a command called foo located in both the /bin and /usr/bin directories, the
one in /bin is executed. To have the other foo command run, you either type the full path to the
command or change your PATH variable. (Changing your PATH and adding directories to it are
described later in this chapter.)
Not all the commands that you run are located in directories in your PATH variable. Some commands are built into the shell. Other commands can be overridden by creating aliases that define
any commands and options that you want the command to run. There are also ways of defining a
44
Running Commands from the Shell
function that consists of a stored series of commands. Here is the order in which the shell checks
for the commands you type:
1. Aliases — Names set by the alias command that represent a particular command and a
set of options. (Type alias to see what aliases are set.) Often, aliases enable you to define a
short name for a long, complicated command.
2. Shell reserved word — Words reserved by the shell for special use. Many of these are
words that you would use in programming-type functions, such as do, while, case,
and else.
3. Function — A set of commands that are executed together within the current shell.
4. Built-in command — A command built into the shell. As a result, there is no representation of the command in the file system. Some of the most common commands you will
use are shell built-in commands, such as cd (to change directories), echo (to echo text
to the screen), exit (to exit from a shell), fg (to bring a command running in the background to the foreground), history (to see a list of commands that were previously
run), pwd (to list the present working directory), set (to set shell options), and type
(to show the location of a command).
5. File system command — This is a command that is stored in and executed from the
computer’s file system. (These are the commands that are indicated by the value of the
PATH variable.)
To find out where a particular command is taken from, you can use the type command. (If you
are using a shell other than bash, use the which command instead.) For example, to find out
where the bash shell command is located, type the following:
$ type bash
bash is /bin/bash
Try these few words with the type command to see other locations of commands: which, case,
and return. If a command resides in several locations, you can add the -a option to have all the
known locations of the command printed.
Sometimes you run a command and receive an error message that the command was
not found or that permission to run the command was denied. In the first case, check
that you spelled the command correctly and that it is located in your PATH variable. In the second
case, the command may be in the PATH variable, but may not be executable. Adding execute permissions to a command is described later in this chapter.
TIP
Rerunning Commands
After typing a long or complex command line, it’s annoying to learn that you mistyped something.
Fortunately, some shell features let you recall previous command lines, edit those lines, or complete a partially typed command line.
45
2
Part I
Linux First Steps
The shell history is a list of the commands that you have entered before. Using the history command in a bash shell, you can view your previous commands. Then, using various shell features,
you can recall individual command lines from that list and change them however you please.
The rest of this section describes how to do command-line editing, how to complete parts of command lines, and how to recall and work with the history list.
Command-Line Editing
If you type something wrong on a command line, the bash shell ensures that you don’t have to
delete the entire line and start over. Likewise, you can recall a previous command line and change
the elements to make a new command.
By default, the bash shell uses command-line editing that is based on the emacs text editor. (Type
man emacs to read about it, if you care to.) If you are familiar with emacs, you probably already
know most of the keystrokes described here.
TIP
If you prefer the vi command for editing shell command lines, you can easily make that
happen. Add the line:
set -o vi
to the .bashrc file in your home directory. The next time you open a shell, you can use vi commands (as described in the tutorial later in this chapter) to edit your command lines.
To do the editing, you can use a combination of control keys, meta keys, and arrow keys. For
example, Ctrl+F means to hold the Ctrl key and type f. Alt+F means to hold the Alt key and type f.
(Instead of the Alt key, your keyboard may use a Meta key or the Esc key. On a Windows keyboard,
you can use the Windows key.)
To try out a bit of command-line editing, type the following:
$ ls /usr/bin | sort -f | less
This command lists the contents of the /usr/bin directory, sorts the contents in alphabetical
order (regardless of case), and pipes the output to less. The less command displays the first
page of output, after which you can go through the rest of the output a line (press Enter) or a page
(press space bar) at a time (press q when you are done). Now, suppose you want to change
/usr/bin to /bin. You can use the following steps to change the command:
1. Press Ctrl+A. This moves the cursor to the beginning of the command line.
2. Press Ctrl+F or the right arrow (→) key. Repeat this command a few times to position the
cursor under the first slash (/).
3. Press Ctrl+D. Type this command four times to delete /usr from the line.
4. Press Enter. This executes the command line.
46
Running Commands from the Shell
As you edit a command line, at any point you can type regular characters to add those characters
to the command line. The characters appear at the location of your cursor. You can use right (→)
and left (←) arrows to move the cursor from one end to the other on the command line. You can
also press the up (↑) and down (↓) arrow keys to step through previous commands in the history
list to select a command line for editing. (See the discussion on command recall for details on how
to recall commands from the history list.)
There are many keystrokes you can use to edit your command lines. Table 2-1 lists the keystrokes
that you can use to move around the command line.
TABLE 2-1
Keystrokes for Navigating Command Lines
Keystroke
Full Name
Meaning
Ctrl+F
Character forward
Go forward one character.
Ctrl+B
Character backward
Go backward one character.
Alt+F
Word forward
Go forward one word.
Alt+B
Word backward
Go backward one word.
Ctrl+A
Beginning of line
Go to the beginning of the current line.
Ctrl+E
End of line
Go to the end of the line.
Ctrl+L
Clear screen
Clear screen and leave line at the top of the screen.
The keystrokes in Table 2-2 can be used to edit command lines.
TABLE 2-2
Keystrokes for Editing Command Lines
Keystroke
Full Name
Meaning
Ctrl+D
Delete current
Delete the current character.
Backspace
Delete previous
Delete the previous character.
Ctrl+T
Transpose character
Switch positions of current and previous characters.
Alt+T
Transpose words
Switch positions of current and previous characters.
Alt+U
Uppercase word
Change the current word to uppercase.
Alt+L
Lowercase word
Change the current word to lowercase.
Alt+C
Capitalize word
Change the current word to an initial capital.
Ctrl+V
Insert special character
Add a special character. For example, to add a Tab
character, press Ctrl+V+Tab.
47
2
Part I
Linux First Steps
Use the keystrokes in Table 2-3 to cut and paste text on a command line.
TABLE 2-3
Keystrokes for Cutting and Pasting Text
in Command Lines
Keystroke
Full Name
Meaning
Ctrl+K
Cut end of line
Cut text to the end of the line.
Ctrl+U
Cut beginning of line
Cut text to the beginning of the line.
Ctrl+W
Cut previous word
Cut the word located behind the cursor.
Alt+D
Cut next word
Cut the word following the cursor.
Ctrl+Y
Paste recent text
Paste most recently cut text.
Alt+Y
Paste earlier text
Rotate back to previously cut text and paste it.
Ctrl+C
Delete whole line
Delete the entire line.
Command-Line Completion
To save you a few keystrokes, the bash shell offers several different ways of completing partially
typed values. To attempt to complete a value, type the first few characters, and then press Tab.
Here are some of the values you can type partially:
n Environment variable — If the text you type begins with a dollar sign ($), the shell completes the text with an environment variable from the current shell.
n Username — If the text you type begins with a tilde (~), the shell completes the text with
a username.
n Command, alias, or function — If the text you type begins with regular characters, the
shell tries to complete the text with a command, alias, or function name.
n Host name — If the text you type begins with an at (@) sign, the shell completes the text
with a host name taken from the /etc/hosts file.
To add host names from an additional file, you can set the HOSTFILE variable to the
name of that file. The file must be in the same format as /etc/hosts.
TIP
Here are a few examples of command completion. (When you see <Tab>, it means to press the Tab
key on your keyboard.) Type the following:
$
$
$
$
48
echo $OS<Tab>
cd ~ro<Tab>
fing<Tab>
mail [email protected]<Tab>
Running Commands from the Shell
The first example causes $OS to expand to the $OSTYPE variable. In the next example, ~ro
expands to the root user’s home directory (~root/). Next, fing expands to the finger command. Finally, the address of [email protected] expands to computer name localhost.
Of course, there will be times when there are several possible completions for the string of characters you have entered. In that case, you can check the possible ways text can be expanded by
pressing Esc+? (or by pressing Tab twice) at the point where you want to do completion. This
shows the result you would get if you checked for possible completions on $P.
$ echo $P<Esc+?>
$PATH $PPID $PS1 $PS2 $PS4 $PWD
$ echo $P
In this case, there are six possible variables that begin with $P. After possibilities are displayed, the
original command line returns, ready for you to complete it as you choose.
Command-Line Recall
After you type a command line, that entire command line is saved in your shell’s history list. The
list is stored in a history file, from which any command can be recalled to run again. After it is
recalled, you can modify the command line, as described earlier.
To view your history list, use the history command. Type the command without options or
followed by a number to list that many of the most recent commands. For example:
$ history 8
382 date
383 ls /usr/bin | sort -a | more
384 man sort
385 cd /usr/local/bin
386 man more
387 useradd -m /home/chris -u 101 chris
388 passwd chris
389 history 8
A number precedes each command line in the list. You can recall one of those commands using an
exclamation point (!). Keep in mind that when using an exclamation point, the command runs
blind, without presenting an opportunity to confirm the command you’re referencing. There are
several ways to run a command immediately from this list, including:
n !n — Run command number. Replace the n with the number of the command line, and
that line is run. For example, here’s how to repeat the date command shown as command number 382 in the preceding history listing:
$ !382
date
Thu Oct 26 21:30:06 PDT 2006
49
2
Part I
Linux First Steps
n !! — Run previous command. Runs the previous command line. Here’s how you’d
immediately run that same date command:
$ !!
date
Thu Oct 26 21:30:39 PDT 2006
n !?string? — Run command containing string. This runs the most recent command
that contains a particular string of characters. For example, you can run the date command again by just searching for part of that command line as follows:
$ !?dat?
date
Thu Oct 26 21:32:41 PDT 2006
Instead of just running a history command line immediately, you can recall a particular line and
edit it. You can use the following keys or key combinations to do that, as shown in Table 2-4.
TABLE 2-4
Key Strokes for Using Command History
Key(s)
Function Name
Description
Arrow Keys (↑ and ↓)
Step
Press the up and down arrow keys to step
through each command line in your
history list to arrive at the one you want.
(Ctrl+P and Ctrl+N do the same functions,
respectively.)
Ctrl+R
Reverse Incremental Search
After you press these keys, you enter a
search string to do a reverse search. As
you type the string, a matching command
line appears that you can run or edit.
Ctrl+S
Forward Incremental Search
Same as the preceding function but for
forward search.
Alt+P
Reverse Search
After you press these keys, you enter a
string to do a reverse search. Type a string
and press Enter to see the most recent
command line that includes that string.
Alt+N
Forward Search
Same as the preceding function but for
forward search.
Another way to work with your history list is to use the fc command. Type fc followed by a history line number, and that command line is opened in a text editor. Make the changes that you
want. When you exit the editor, the command runs. You can also give a range of line numbers (for
example, fc 100 105). All the commands open in your text editor, and then run one after the
other when you exit the editor.
50
Running Commands from the Shell
The history list is stored in the .bash_history file in your home directory. Up to 1,000 history
commands are stored for you by default.
Some people disable the history feature for the root user by setting the HISTFILE to
/dev/null or simply leaving HISTSIZE blank. This prevents information about the
root user’s activities from potentially being exploited.
NOTE
Connecting and Expanding Commands
A truly powerful feature of the shell is the capability to redirect the input and output of commands
to and from other commands and files. To allow commands to be strung together, the shell uses
metacharacters. As noted earlier, a metacharacter is a typed character that has special meaning to
the shell for connecting commands or requesting expansion.
Piping Commands
The pipe (|) metacharacter connects the output from one command to the input of another command. This lets you have one command work on some data, and then have the next command
deal with the results. Here is an example of a command line that includes pipes:
$ cat /etc/password | sort | less
This command lists the contents of the /etc/password file and pipes the output to the sort command. The sort command takes the usernames that begin each line of the /etc/password file,
sorts them alphabetically, and pipes the output to the less command (to page through the output).
Pipes are an excellent illustration of how UNIX, the predecessor of Linux, was created as an operating system made up of building blocks. A standard practice in UNIX was to connect utilities in different ways to get different jobs done. For example, before the days of graphical word processors,
users created plain-text files that included macros to indicate formatting. To see how the document
really appeared, they would use a command such as the following:
$ gunzip < /usr/share/man/man1/grep.1.gz | nroff -c -man | less
In this example, the contents of the grep man page (grep.1.gz) are directed to the gunzip command to be unzipped. The output from gunzip is piped to the nroff command to format the man
page using the manual macro (-man). The output is piped to the less command to display the output.
Because the file being displayed is in plain text, you could have substituted any number of options to
work with the text before displaying it. You could sort the contents, change or delete some of the content, or bring in text from other documents. The key is that, instead of all those features being in one
program, you get results from piping and redirecting input and output between multiple commands.
Sequential Commands
Sometimes you may want a sequence of commands to run, with one command completing before
the next command begins. You can do this by typing several commands on the same command
line and separating them with semicolons (;):
$ date ; troff -me verylargedocument | lpr ; date
51
2
Part I
Linux First Steps
In this example, I was formatting a huge document and wanted to know how long it would take.
The first command (date) showed the date and time before the formatting started. The troff
command formatted the document and then piped the output to the printer. When the formatting
was done, the date and time was printed again (so I knew how long the troff command took to
complete).
Another useful command to add to the end of a long command line is the mail command. You
could add mail -s “Finished the long command” [email protected] to the end of a
command line. Then, for example, a mail message is sent to the user you choose after the command completes.
Background Commands
Some commands can take a while to complete. Sometimes you may not want to tie up your shell
waiting for a command to finish. In those cases, you can have the commands run in the background by using the ampersand (&).
Text formatting commands (such as nroff and troff, described earlier) are examples of commands that are often run in the background to format a large document. You also might want to
create your own shell scripts that run in the background to check continuously for certain events
to occur, such as the hard disk filling up or particular users logging in.
Here is an example of a command being run in the background:
$ troff -me verylargedocument | lpr &
Other ways to manage background and foreground processes are described in the “Managing
Background and Foreground Processes” section later in this chapter.
Expanding Commands
With command substitution, you can have the output of a command interpreted by the shell
instead of by the command itself. In this way, you can have the standard output of a command
become an argument for another command. The two forms of command substitution are $
(command) and `command` (backticks, not single quotes).
The command in this case can include options, metacharacters, and arguments. Here is an example
of using command substitution:
$ vi $(find /home | grep xyzzy)
In this example, the command substitution is done before the vi command is run. First, the find
command starts at the /home directory and prints out all files and directories below that point in
the file system. The output is piped to the grep command, which filters out all files except for
those that include the string xyzzy in the filename. Finally, the vi command opens all filenames for editing (one at a time) that include xyzzy.
52
Running Commands from the Shell
This particular example is useful if you want to edit a file for which you know the name but not
the location. As long as the string is uncommon, you can find and open every instance of a filename existing beneath a point you choose in the file system. (In other words, don’t use grep a
from the root file system or you’ll match and try to edit several thousand files.)
Expanding Arithmetic Expressions
There may be times when you want to pass arithmetic results to a command. There are two forms
you can use to expand an arithmetic expression and pass it to the shell: $[expression] or
$(expression). Here is an example:
$ echo “I am $[2007 - 1957] years old.”
I am 50 years old.
The shell interprets the arithmetic expression first (2007 - 1957), and then passes that information to the echo command. The echo command displays the text, with the results of the arithmetic (50) inserted.
Here’s an example of the other form:
$ echo “There are $(ls | wc -w) files in this directory.”
There are 14 files in this directory.
This lists the contents of the current directory (ls) and runs the word count command to count
the number of files found (wc -w). The resulting number (14 in this case) is echoed back with the
rest of the sentence shown.
Expanding Environment Variables
Environment variables that store information within the shell can be expanded using the dollar
sign ($) metacharacter. When you expand an environment variable on a command line, the value
of the variable is printed instead of the variable name itself, as follows:
$ ls -l $BASH
-rwxr-xr-x 1 root
root
625516 Dec 5 11:13 /bin/bash
Using $BASH as an argument to ls -l causes a long listing of the bash command to be printed.
The following section discusses shell environment variables.
Creating Your Shell Environment
You can tune your shell to help you work more efficiently. Your prompt can provide pertinent
information each time you press Enter. You can set aliases to save your keystrokes and permanently
set environment variables to suit your needs. To make each change occur when you start a shell,
add this information to your shell configuration files.
53
2
Part I
Linux First Steps
Configuring Your Shell
Several configuration files support how your shell behaves. Some of the files are executed for every
user and every shell, while others are specific to the user who creates the configuration file. Table
2-5 shows the files that are of interest to anyone using the bash shell in Linux.
TABLE 2-5
Bash Configuration Files
File
Description
/etc/profile
Sets up user environment information for every user. It is executed when
you first log in. This file provides values for your path, as well as setting
environment variables for such things as the location of your mailbox and
the size of your history files. Finally, /etc/profile gathers shell settings
from configuration files in the /etc/profile.d directory.
/etc/bashrc
Executes for every user who runs the bash shell, each time a bash shell is
opened. It sets the default prompt and may add one or more aliases. Values
in this file can be overridden by information in each user’s ~/.bashrc file.
~/.bash_profile
Used by each user to enter information that is specific to his or her own use
of the shell. It is executed only once, when the user logs in. By default it sets
a few environment variables and executes the user’s .bashrc file.
~/.bashrc
Contains the information that is specific to your bash shells. It is read when you
log in and also each time you open a new bash shell. This is the best location
to add environment variables and aliases so that your shell picks them up.
~/.bash_logout
Executes each time you log out (exit the last bash shell). By default, it simply
clears your screen.
To change the /etc/profile or /etc/bashrc files, you must be the root user. Users can change
the information in the $HOME/.bash_profile, $HOME/.bashrc, and $HOME/.bash_logout
files in their own home directories.
The following sections provide ideas about items to add to your shell configuration files. In most
cases, you add these values to the .bashrc file in your home directory. However, if you administer
a system, you may want to set some of these values as defaults for all of your Linux system’s users.
Setting Your Prompt
Your prompt consists of a set of characters that appear each time the shell is ready to accept a command. The PS1 environment variable sets what the prompt contains. If your shell requires additional input, it uses the values of PS2, PS3, and PS4.
When your Linux system is installed, often a prompt is set to contain more than just a dollar sign
or pound sign. For example, in Fedora Core or Red Hat Enterprise Linux, your prompt is set to
include the following information: your username, your host name, and the base name of your
54
Running Commands from the Shell
current working directory. That information is surrounded by brackets and followed by a dollar
sign (for regular users) or a pound sign (for the root user). Here is an example of that prompt:
[[email protected] bin]$
If you change directories, the bin name would change to the name of the new directory. Likewise,
if you were to log in as a different user or to a different host, that information would change.
You can use several special characters (indicated by adding a backslash to a variety of letters) to
include different information in your prompt. These can include your terminal number, the date,
and the time, as well as other pieces of information. Table 2-6 provides some examples (you can
find more on the bash man page).
TABLE 2-6
Characters to Add Information to bash Prompt
Special Character
Description
\!
Shows the current command history number. This includes all previous commands
stored for your username.
\#
Shows the command number of the current command. This includes only the
commands for the active shell.
\$
Shows the user prompt ($) or root prompt (#), depending on which user you are.
\W
Shows only the current working directory base name. For example, if the current
working directory was /var/spool/mail, this value simply appears as mail.
\[
Precedes a sequence of nonprinting characters. This can be used to add a terminal
control sequence into the prompt for such things as changing colors, adding blink
effects, or making characters bold. (Your terminal determines the exact sequences
available.)
\]
Follows a sequence of nonprinting characters.
\\
Shows a backslash.
\d
Displays the day name, month, and day number of the current date. For example:
Sat Jan 23.
\h
Shows the host name of the computer running the shell.
\n
Causes a newline to occur.
\nnn
Shows the character that relates to the octal number replacing nnn.
\s
Displays the current shell name. For the bash shell, the value would be bash.
\t
Prints the current time in hours, minutes, and seconds (for example, 10:14:39).
\u
Prints your current username.
\w
Displays the full path to the current working directory.
55
2
Part I
Linux First Steps
If you are setting your prompt temporarily by typing at the shell, you should put the
value of PS1 in quotes. For example, you could type export PS1=”[\t \w]\$ “ to see a
prompt that looks like this: [20:26:32 /var/spool]$.
TIP
To make a change to your prompt permanent, add the value of PS1 to your .bashrc file in your
home directory (assuming that you are using the bash shell). There may already be a PS1 value in
that file that you can modify. Refer to the Bash Prompt HOWTO (www.tldp.org/HOWTO/
Bash-Prompt-HOWTO) for information on changing colors, commands, and other features of
your bash shell prompt.
Adding Environment Variables
You may consider adding a few environment variables to your .bashrc file. These can help make
working with the shell more efficient and effective:
n TMOUT — Sets how long the shell can be inactive before bash automatically exits. The
value is the number of seconds for which the shell has not received input. This can be a
nice security feature, in case you leave your desk while you are still logged in to Linux. So
as not to be logged off while you are working, you may want to set the value to something like TMOUT=1800 (to allow 30 minutes of idle time). You can use any terminal session to close the current shell after a set number of seconds, for example TMOUT=30.
n PATH — As described earlier, the PATH variable sets the directories that are searched for
commands you use. If you often use directories of commands that are not in your PATH,
you can permanently add them. To do this, add a PATH variable to your .bashrc file.
For example, to add a directory called /getstuff/bin, add the following:
PATH=$PATH:/getstuff/bin ; export PATH
This example first reads all the current path directories into the new PATH ($PATH), adds
the /getstuff/bin directory, and then exports the new PATH.
CAUTION
Some people add the current directory to their PATH by adding a directory identified
simply as a dot (.), as follows:
PATH=.:$PATH ; export PATH
This enables you always to run commands in your current directory before evaluating any other command in the path (which people may be used to if they have used DOS). However, the security risk
with this procedure is that you could be in a directory that contains a command that you don’t intend
to run from that directory. For example, a malicious person could put an ls command in a directory
that, instead of listing the content of your directory, does something devious.
n WHATEVER — You can create your own environment variables to provide shortcuts in
your work. Choose any name that is not being used and assign a useful value to it. For
example, if you do a lot of work with files in the /work/time/files/info/memos
directory, you could set the following variable:
M=/work/time/files/info/memos ; export M
56
Running Commands from the Shell
You could make that your current directory by typing cd $M. You could run a program
from that directory called hotdog by typing $M/hotdog. You could edit a file from
there called bun by typing vi $M/bun.
Adding Aliases
Setting aliases can save you even more typing than setting environment variables. With aliases, you
can have a string of characters execute an entire command line. You can add and list aliases with
the alias command. Here are some examples of using alias from a bash shell:
alias p=’pwd ; ls –CF’
alias rm=’rm -i’
alias p=’pwd ; ls -CF’
alias rm=’rm -i’
In the first example, the letter p is assigned to run the command pwd, and then to run ls -CF to
print the current working directory and list its contents in column form. The second runs the rm
command with the -i option each time you simply type rm. (This is an alias that is often set
automatically for the root user, so that instead of just removing files, you are prompted for each
individual file removal. This prevents you from automatically removing all the files in a directory
by mistakenly typing something such as rm *.)
While you are in the shell, you can check which aliases are set by typing the alias command. If
you want to remove an alias, type unalias. (Remember that if the alias is set in a configuration
file, it will be set again when you open another shell.)
Using Shell Environment Variables
Every active shell stores pieces of information that it needs to use in what are called environment
variables. An environment variable can store things such as locations of configuration files, mailboxes, and path directories. They can also store values for your shell prompts, the size of your
history list, and type of operating system.
To see the environment variables currently assigned to your shell, type the declare command.
(It will probably fill more than one screen, so type declare | more. The declare command also
shows functions as well as environment variables.) You can refer to the value of any of those variables
by preceding it with a dollar sign ($) and placing it anywhere on a command line. For example:
$ echo $USER
chris
This command prints the value of the USER variable, which holds your username (chris).
Substitute any other value for USER to print its value instead.
57
2
Part I
Linux First Steps
Common Shell Environment Variables
When you start a shell (by logging in or opening a Terminal window), a lot of environment variables are already set. Table 2-7 shows some variables that are either set when you use a bash shell
or that can be set by you to use with different features.
TABLE 2-7
Common Shell Environment Variables
Variable
Description
BASH
Contains the full path name of the bash command. This is usually
/bin/bash.
BASH_VERSION
A number representing the current version of the bash command.
EUID
This is the effective user ID number of the current user. It is assigned when the
shell starts, based on the user’s entry in the /etc/passwd file.
FCEDIT
If set, this variable indicates the text editor used by the fc command to edit
history commands. If this variable isn’t set, the vi command is used.
HISTFILE
The location of your history file. It is typically located at
$HOME/.bash_history.
HISTFILESIZE
The number of history entries that can be stored. After this number is reached,
the oldest commands are discarded. The default value is 1000.
HISTCMD
This returns the number of the current command in the history list.
HOME
This is your home directory. It is your current working directory each time you
log in or type the cd command with any options.
HOSTTYPE
A value that describes the computer architecture on which the Linux system is
running. For Intel-compatible PCs, the value is i386, i486, i586, i686, or
something like i386-linux. For AMD 64-bit machines, the value is x86_64.
MAIL
This is the location of your mailbox file. The file is typically your username in
the /var/spool/mail directory.
OLDPWD
The directory that was the working directory before you changed to the current
working directory.
OSTYPE
A name identifying the current operating system. For Fedora Core Linux, the
OSTYPE value is either linux or linux-gnu, depending on the type of shell
you are using. (Bash can run on other operating systems as well.)
PATH
The colon-separated list of directories used to find commands that you type.
The default value for regular users is /bin:/usr/bin:/usr/local/
bin:/usr/bin/X11:/usr/X11R6/bin:~/bin. You need to type the full
path or a relative path to a command you want to run that is not in your PATH.
For the root user, the value also includes /sbin, /usr/sbin, and
/usr/local/sbin.
58
Running Commands from the Shell
Variable
Description
PPID
The process ID of the command that started the current shell (for example, its
parent process).
PROMPT_COMMAND
Can be set to a command name that is run each time before your shell prompt
is displayed. Setting PROMPT_COMMAND=date lists the current date/time
before the prompt appears.
PS1
Sets the value of your shell prompt. There are many items that you can read
into your prompt (date, time, username, host name, and so on). Sometimes a
command requires additional prompts, which you can set with the variables
PS2, PS3, and so on.
PWD
This is the directory that is assigned as your current directory. This value
changes each time you change directories using the cd command.
RANDOM
Accessing this variable causes a random number to be generated. The number
is between 0 and 99999.
SECONDS
The number of seconds since the time the shell was started.
SHLVL
The number of shell levels associated with the current shell session. When you
log in to the shell, the SHLVL is 1. Each time you start a new bash command
(by, for example, using su to become a new user, or by simply typing bash),
this number is incremented.
TMOUT
Can be set to a number representing the number of seconds the shell can be
idle without receiving input. After the number of seconds is reached, the shell
exits. This is a security feature that makes it less likely for unattended shells to
be accessed by unauthorized people. (This must be set in the login shell for it
to actually cause the shell to log out the user.)
UID
The user ID number assigned to your username. The user ID number is stored
in the /etc/password file.
Set Your Own Environment Variables
Environment variables can provide a handy way to store bits of information that you use often
from the shell. You can create any variables that you want (avoiding those that are already in use)
so that you can read in the values of those variables as you use the shell. (The bash man page lists
variables already in use.)
To set an environment variable temporarily, you can simply type a variable name and assign it to a
value. Here’s an example:
$ AB=/usr/dog/contagious/ringbearer/grind ; export AB
This example causes a long directory path to be assigned to the AB variable. The export AB command says to export the value to the shell so that it can be propagated to other shells you may
open. With AB set, you go to the directory by typing the following:
$ cd $AB
59
2
Part I
Linux First Steps
The problem with setting environment variables in this way is that as soon as you exit the shell in
which you set the variable, the setting is lost. To set variables permanently, add variable settings to
a bash configuration file, as described later in this section.
If you want to have other text right up against the output from an environment variable, you can
surround the variable in braces. This protects the variable name from being misunderstood. For
example, if you want to add a command name to the AB variable shown earlier, you can type the
following:
$ echo ${AB}/adventure
/usr/dog/contagious/ringbearer/grind/adventure
Remember that you must export the variable so that it can be picked up by other shell commands.
You must add the export line to a shell configuration file for it to take effect the next time you log
in. The export command is fairly flexible. Instead of running the export command after you set
the variable, you can do it all in one step, as follows:
$ export XYZ=/home/xyz/bin
You can override the value of any environment variable. This can be temporary, by simply typing
the new value, or you can add the new export line to your $HOME/.bashrc file. One useful variable to update is PATH:
$ export PATH=$PATH:/home/xyz/bin
In this example, the /home/xyz/bin directory is added to the PATH, a useful technique if you
want to run a bunch of commands from a directory that is not normally in your PATH, without
typing the full or relative path each time.
If you decide that you no longer want a variable to be set, you can use the unset command to
erase its value. For example, you can type unset XYZ, which causes XYZ to have no value set.
(Remember to remove the export from the $HOME/.bashrc file — if you added it there — or it
will return the next time you open a shell.)
Managing Background and Foreground Processes
If you are using Linux over a network or from a dumb terminal (a monitor that allows only text
input with no GUI support), your shell may be all that you have. You may be used to a graphical
environment where you have a lot of programs active at the same time so that you can switch
among them as needed. This shell thing can seem pretty limited.
Although the bash shell doesn’t include a GUI for running many programs, it does let you move
active programs between the background and foreground. In this way, you can have a lot of stuff
running, while selectively choosing the one you want to deal with at the moment.
There are several ways to place an active program in the background. One mentioned earlier is to
add an ampersand (&) to the end of a command line. Another way is to use the at command to
run commands in a way in which they are not connected to the shell.
60
Running Commands from the Shell
To stop a running command and put it in the background, press Ctrl+Z. After the command is
stopped, you can either bring it to the foreground to run (the fg command) or start it running in
the background (the bg command). Keep in mind that any command running in the background
might spew output during commands that you run subsequently from that shell. For example, if
output appears from a backgrounded command during a vi session, simply type Ctrl+L to redraw
the screen to get rid of the output.
Starting Background Processes
If you have programs that you want to run while you continue to work in the shell, you can place
the programs in the background. To place a program in the background at the time you run the
program, type an ampersand (&) at the end of the command line, like this:
$ find /usr > /tmp/allusrfiles &
This example command finds all files on your Linux system (starting from /usr), prints those
filenames, and puts those names in the file /tmp/allusrfiles. The ampersand (&) runs that
command line in the background. To check which commands you have running in the background, use the jobs command, as follows:
$ jobs
[1] Stopped (tty output) vi /tmp/myfile
[2] Running
find /usr -print > /tmp/allusrfiles &
[3] Running
nroff -man /usr/man2/* >/tmp/man2 &
[4]- Running
nroff -man /usr/man3/* >/tmp/man3 &
[5]+ Stopped
nroff -man /usr/man4/* >/tmp/man4
The first job shows a text-editing command (vi) that I placed in the background and stopped by
pressing Ctrl+Z while I was editing. Job 2 shows the find command I just ran. Jobs 3 and 4 show
nroff commands currently running in the background. Job 5 had been running in the shell (foreground) until I decided too many processes were running and pressed Ctrl+Z to stop job 5 until a
few processes had completed.
The plus sign (+) next to number 5 shows that it was most recently placed in the background. The
minus sign (-) next to number 4 shows that it was placed in the background just before the most
recent background job. Because job 1 requires terminal input, it cannot run in the background. As
a result, it is Stopped until it is brought to the foreground again.
To see the process ID for the background job, add a -l (the lowercase letter L) option
to the jobs command. If you type ps, you can use the process ID to figure out which
command is for a particular background job.
TIP
Using Foreground and Background Commands
Continuing with the example, you can bring any of the commands on the jobs list to the foreground. For example, to edit myfile again, type:
$ fg %1
As a result, the vi command opens again, with all text as it was when you stopped the vi job.
61
2
Part I
Linux First Steps
Before you put a text processor, word processor, or similar program in the background,
make sure you save your file. It’s easy to forget you have a program in the background
and you will lose your data if you log out or the computer reboots later on.
CAUTION
To refer to a background job (to cancel or bring it to the foreground), use a percent sign (%)
followed by the job number. You can also use the following to refer to a background job:
n % — Refers to the most recent command put into the background (indicated by the plus sign
when you type the jobs command). This action brings the command to the foreground.
n %string — Refers to a job where the command begins with a particular string of
characters. The string must be unambiguous. (In other words, typing %vi when there
are two vi commands in the background results in an error message.)
n %?string — Refers to a job where the command line contains a string at any point.
The string must be unambiguous or the match will fail.
n %-- — Refers to the previous job stopped before the one most recently stopped.
If a command is stopped, you can start it running again in the background using the bg command.
For example, take job 5 from the jobs list in the previous example:
[5]+ Stopped
nroff -man man4/* >/tmp/man4
Type the following:
$ bg %5
After that, the job runs in the background. Its jobs entry appears as follows:
[5]
Running
nroff -man man4/* >/tmp/man4 &
Working with the Linux File System
The Linux file system is the structure in which all the information on your computer is stored.
Files are organized within a hierarchy of directories. Each directory can contain files, as well as
other directories.
If you were to map out the files and directories in Linux, it would look like an upside-down tree.
At the top is the root directory, which is represented by a single slash (/). Below that is a set of
common directories in the Linux system, such as bin, dev, home, lib, and tmp, to name a few.
Each of those directories, as well as directories added to the root, can contain subdirectories.
Figure 2-1 illustrates how the Linux file system is organized as a hierarchy. To demonstrate how directories are connected, the figure shows a /home directory that contains subdirectories for three users:
chris, mary, and tom. Within the chris directory are subdirectories: briefs, memos, and
62
Running Commands from the Shell
personal. To refer to a file called inventory in the chris/memos directory, you can type the
full path of /home/chris/memos/inventory. If your current directory is
/home/chris/memos, you can refer to the file as simply inventory.
FIGURE 2-1
The Linux file system is organized as a hierarchy of directories.
/
bin/
dev/
briefs/
etc/
home/
chris/
mary/
memos/
root/
tmp/ ...
tom/
personal/
Some of the Linux directories that may interest you include the following:
n /bin — Contains common Linux user commands, such as ls, sort, date, and chmod.
n /boot — Has the bootable Linux kernel and boot loader configuration files (GRUB).
n /dev — Contains files representing access points to devices on your systems. These
include terminal devices (tty*), floppy disks (fd*), hard disks (hd*), RAM (ram*), and
CD-ROM (cd*). (Users normally access these devices directly through the device files.)
n /etc — Contains administrative configuration files.
n /home — Contains directories assigned to each user with a login account.
n /media — Provides a standard location for mounting and automounting devices, such
as remote file systems and removable media (with directory names of cdrecorder,
floppy, and so on).
n /mnt — A common mount point for many devices before it was supplanted by the standard /media directory. Some bootable Linux systems still used this directory to mount
hard disk partitions and remote file systems.
63
2
Part I
Linux First Steps
n /proc — Contains information about system resources.
n /root — Represents the root user’s home directory.
n /sbin — Contains administrative commands and daemon processes.
n /sys (A /proc-like file system, new in the Linux 2.6 kernel and intended to contain
files for getting hardware status and reflecting the system’s device tree as it is seen by the
kernel. It pulls many of its functions from /proc.
n /tmp — Contains temporary files used by applications.
n /usr — Contains user documentation, games, graphical files (X11), libraries (lib), and a
variety of other user and administrative commands and files.
n /var — Contains directories of data used by various applications. In particular, this is
where you would place files that you share as an FTP server (/var/ftp) or a Web server
(/var/www). It also contains all system log files (/var/log) and spool files in
/var/spool (such as mail, cups, and news).
The file systems in the DOS or Microsoft Windows operating systems differ from Linux’s file structure, as the “Linux File Systems Versus Windows-Based File Systems” sidebar explains.
Linux File Systems Versus Windows-Based File Systems
A
lthough similar in many ways, the Linux file system has some striking differences from file systems used in MS-DOS and Windows operating systems. Here are a few:
n In MS-DOS and Windows file systems, drive letters represent different storage devices (for
example, A: is a floppy drive and C: is a hard disk). In Linux, all storage devices are fit
into the file system hierarchy. So, the fact that all of /usr may be on a separate hard disk
or that /mnt/rem1 is a file system from another computer is invisible to the user.
n Slashes, rather than backslashes, are used to separate directory names in Linux. So,
C:\home\chris in an MS system is /home/chris in a Linux system.
n Filenames almost always have suffixes in DOS (such as .txt for text files or .doc for wordprocessing files). Although at times you can use that convention in Linux, three-character
suffixes have no required meaning in Linux. They can be useful for identifying a file type.
Many Linux applications and desktop environments use file suffixes to determine the contents of a file. In Linux, however, DOS command extensions such as .com, .exe, and .bat
don’t necessarily signify an executable (permission flags make Linux file executable).
n Every file and directory in a Linux system has permissions and ownership associated with
it. Security varies among Microsoft systems. Because DOS and MS Windows began as
single-user systems, file ownership was not built into those systems when they were
designed. Later releases added features such as file and folder attributes to address this
problem.
64
Running Commands from the Shell
Creating Files and Directories
As a Linux user, most of the files you save and work with will probably be in your home directory.
Table 2-8 shows commands to create and use files and directories.
TABLE 2-8
Commands to Create and Use Files
Command
Result
cd
Change to another current working directory.
pwd
Print the name of the current working directory.
mkdir
Create a directory.
chmod
Change the permission on a file or directory.
ls
List the contents of a directory.
The following steps lead you through creating directories within your home directory and moving
among your directories, with a mention of setting appropriate file permissions:
1. Go to your home directory. To do this, simply type cd. (For other ways of referring to
your home directory, see the “Identifying Directories” sidebar.)
2. To make sure that you’re in your home directory, type pwd. When I do this, I get the
following response (yours will reflect your home directory):
$ pwd
/home/chris
3. Create a new directory called test in your home directory, as follows:
$ mkdir test
4. Check the permissions of the directory:
$ ls -ld test
drwxr-xr-x 2 chris
sales
1024
Jan 24 12:17 test
This listing shows that test is a directory (d). The d is followed by the permissions
(rwxr-xr-x), which are explained later in the “Understanding File Permissions” section.
The rest of the information indicates the owner (chris), the group (sales), and the
date that the files in the directory were most recently modified (Jan. 24 at 12:17 P.M.).
In some Linux systems, such as Fedora Core, when you add a new user, the user is
assigned to a group of the same name by default. For example, in the preceding text, the
user chris would be assigned to the group chris. This approach to assigning groups is referred to
as the user private group scheme.
NOTE
65
2
Part I
Linux First Steps
For now, type the following:
$ chmod 700 test
This step changes the permissions of the directory to give you complete access and everyone else no access at all. (The new permissions should read as follows: rwx------.)
5. Make the test directory your current directory as follows:
$ cd test
Using Metacharacters and Operators
To make efficient use of your shell, the bash shell lets you use certain special characters, referred to
as metacharacters and operators. Metacharacters can help you match one or more files without typing each file completely. Operators enable you to direct information from one command or file to
another command or file.
Using File-Matching Metacharacters
To save you some keystrokes and to be able to refer easily to a group of files, the bash shell lets you
use metacharacters. Anytime you need to refer to a file or directory, such as to list it, open it, or
remove it, you can use metacharacters to match the files you want. Here are some useful metacharacters for matching filenames:
n * — Matches any number of characters.
n ? — Matches any one character.
n [...] — Matches any one of the characters between the brackets, which can include a
dash-separated range of letters or numbers.
Identifying Directories
W
hen you need to identify your home directory on a shell command line, you can use the
following:
n $HOME — This environment variable stores your home directory name.
n ~ — The tilde (~) represents your home directory on the command line.
You can also use the tilde to identify someone else’s home directory. For example, ~chris would be
expanded to the chris home directory (probably /home/chris).
Other special ways of identifying directories in the shell include the following:
n . — A single dot (.) refers to the current directory.
n .. — Two dots (..) refer to a directory directly above the current directory.
n $PWD — This environment variable refers to the current working directory.
n $OLDPWD — This environment variable refers to the previous working directory before you
changed to the current one.
66
Running Commands from the Shell
Try out some of these file-matching metacharacters by first going to an empty directory (such as
the test directory described in the previous section) and creating some empty files:
$ touch apple banana grape grapefruit watermelon
The touch command creates empty files. The next few commands show you how to use shell
metacharacters with the ls command to match filenames. Try the following commands to see if
you get the same responses:
$ ls a*
apple
$ ls g*
grape
grapefruit
$ ls g*t
grapefruit
$ ls *e*
apple grape grapefruit watermelon
$ ls *n*
banana watermelon
The first example matches any file that begins with an a (apple). The next example matches any files
that begin with g (grape, grapefruit). Next, files beginning with g and ending in t are matched
(grapefruit). Next, any file that contains an e in the name is matched (apple, grape, grapefruit, watermelon). Finally, any file that contains an n is matched (banana, watermelon).
Here are a few examples of pattern matching with the question mark (?):
$ ls ????e
apple grape
$ ls g???e*
grape grapefruit
The first example matches any five-character file that ends in e (apple, grape). The second
matches any file that begins with g and has e as its fifth character (grape, grapefruit).
Here are a couple of examples using braces to do pattern matching:
$ ls [abw]*
apple banana watermelon
$ ls [agw]*[ne]
apple grape watermelon
In the first example, any file beginning with a, b, or w is matched. In the second, any file that
begins with a, g, or w and also ends with either n or e is matched. You can also include ranges
within brackets. For example:
$ ls [a-g]*
apple banana grape grapefruit
Here, any filenames beginning with a letter from a through g are matched.
67
2
Part I
Linux First Steps
Using File-Redirection Metacharacters
Commands receive data from standard input and send it to standard output. Using pipes (described
earlier), you can direct standard output from one command to the standard input of another. With
files, you can use less than (<) and greater than (>) signs to direct data to and from files. Here are
the file-redirection characters:
n < — Directs the contents of a file to the command.
n > — Directs the output of a command to a file, deleting the existing file.
n >> — Directs the output of a command to a file, adding the output to the end of the
existing file.
Here are some examples of command lines where information is directed to and from files:
$ mail root < ~/.bashrc
$ man chmod | col -b > /tmp/chmod
$ echo “I finished the project on $(date)” >> ~/projects
In the first example, the contents of the .bashrc file in the home directory are sent in a mail
message to the computer’s root user. The second command line formats the chmod man page
(using the man command), removes extra back spaces (col -b), and sends the output to the file
/tmp/chmod (erasing the previous /tmp/chmod file, if it exists). The final command results in
the following text being added to the user’s project file:
I finished the project on Sat Jan 27 13:46:49 PST 2007
Understanding File Permissions
After you’ve worked with Linux for a while, you are almost sure to get a Permission denied
message. Permissions associated with files and directories in Linux were designed to keep users
from accessing other users’ private files and to protect important system files.
The nine bits assigned to each file for permissions define the access that you and others have to
your file. Permission bits for a regular file appear as -rwxrwxrwx.
For a regular file, a dash appears in front of the nine-bit permissions indicator. Instead
of a dash, you might see a d (for a directory), l (for a link), b (for a character device), or
c (for a character device).
NOTE
Of the nine-bit permissions, the first three bits apply to the owner’s permission, the next three
apply to the group assigned to the file, and the last three apply to all others. The r stands for read,
the w stands for write, and the x stands for execute permissions. If a dash appears instead of the
letter, it means that permission is turned off for that associated read, write, or execute.
Because files and directories are different types of elements, read, write, and execute permissions on
files and directories mean different things. Table 2-9 explains what you can do with each of them.
68
Running Commands from the Shell
TABLE 2-9
Setting Read, Write, and Execute Permissions
Permission
File
Directory
Read
View what’s in the file.
See what files and subdirectories it contains.
Write
Change the file’s content,
rename it, or delete it.
Add files or subdirectories to the directory.
Execute
Run the file as a program.
Change to that directory as the current directory,
search through the directory, or execute a program
from the directory.
You can see the permission for any file or directory by typing the ls -ld command. The named
file or directory appears as those shown in this example:
$ ls -ld ch3 test
-rw-rw-r-- 1 chris
drwxr-xr-x 2 chris
sales
sales
4983
1024
Jan 18 22:13 ch3
Jan 24 13:47 test
The first line shows that the ch3 file has read and write permission for the owner and the group.
All other users have read permission, which means they can view the file but cannot change its
contents or remove it. The second line shows the test directory (indicated by the letter d before
the permission bits). The owner has read, write, and execute permission, while the group and
other users have only read and execute permissions. As a result, the owner can add, change, or
delete files in that directory, and everyone else can only read the contents, change to that directory,
and list the contents of the directory.
If you own a file, you can use the chmod command to change the permission on it as you please.
In one method of doing this, each permission (read, write, and execute), is assigned a number —
r=4, w=2, and x=1 — and you use each set’s total number to establish the permission. For example,
to make permissions wide open for yourself as owner, you’d set the first number to 7 (4+2+1), and
then you’d give the group and others read-only permission by setting both the second and third
numbers to 4 (4+0+0), so that the final number is 744. Any combination of permissions can result
from 0 (no permission) through 7 (full permission).
Here are some examples of how to change permission on a file (named file) and what the resulting
permission would be:
#
#
#
#
chmod
chmod
chmod
chmod
777
755
644
000
file
file
file
file
rwxrwxrwx
rwxr-xr-x
rw-r--r---------
69
2
Part I
Linux First Steps
You can also turn file permissions on and off using plus (+) and minus (–) signs, respectively. This
can be done for the owner user (u), owner group (g), others (o), and all users (a). For example,
start with a file that has all permissions open (rwxrwxrwx). Run the following chmod commands
using minus sign options. The resulting permissions are shown to the right of each command:
chmod a-w file
chmod o-x file
chmod go-rwx file
r-xr-xr-x
rwsrwsrwrwx------
Likewise, here are some examples, starting with all permissions closed (---------) where the
plus sign is used with chmod to turn permissions on:
chmod u+rw files
chmod a+x files
chmod ug+rx files
rw--------x--x--x
r-xr-x---
When you create a file, it’s given the permission rw-r--r-- by default. A directory is given the
permission rwxr-xr-x. These default values are determined by the value of umask. Type umask
to see what your umask value is. For example:
$ umask
022
The umask value masks the permissions value of 666 for a file and 777 for a directory. The
umask value of 022 results in permission for a directory of 755 (rwxr-xr-x). That same umask
results in a file permission of 644 (rw-r--r--). (Execute permissions are off by default for
regular files.)
Time saver: use the -R options of chmod, to change the permission for all of the files
and directories within a directory structure at once. For example, if you wanted to open
permissions completely to all files and directories in the /tmp/test directory, you could type the
following:
TIP
$ chmod -R 777 /tmp/test
This command line runs chmod recursively (-R) for the /tmp/test directory, as well as any files or
directories that exist below that point in the file system (for example, /tmp/test/hat,
/tmp/test/hat/caps, and so on). All would be set to 777 (full read/write/execute permissions).
This is not something you would do on an important directory on a read/write file system. However,
you might do this before you create a directory structure on a CD-ROM that you want to be fully
readable and executable to someone using the CD-ROM later.
The -R option of chmod works best if you are opening permissions completely or
adding execute permission (as well as the appropriate read/write permission). The reason is that if you turn off execute permission recursively, you close off your capability to change to
any directory in that structure. For example, chmod -R 644 /tmp/test turns off execute permission for the /tmp/test directory, and then fails to change any files or directories below that point.
Execute permissions must be on for a directory to be able to change to that directory.
CAUTION
70
Running Commands from the Shell
Moving, Copying, and Deleting Files
Commands for moving, copying, and deleting files are fairly straightforward. To change the
location of a file, use the mv command. To copy a file from one location to another, use the cp
command. To remove a file, use the rm command. Here are some examples:
$
$
$
$
$
$
mv
mv
cp
cp
rm
rm
abc
abc
abc
abc
abc
*
def
~
def
~
Of the two move (mv) commands, the first moves the file abc to the file def in the same directory
(essentially renaming it), whereas the second moves the file abc to your home directory (~). The
first copy command (cp) copies abc to the file def, whereas the second copies abc to your home
directory (~). The first remove command (rm) deletes the abc file; the second removes all the files
in the current directory (except those that start with a dot).
For the root user, the mv, cp, and rm commands are aliased to each be run with the
-i option. This causes a prompt to appear asking you to confirm each move, copy, and
removal, one file at a time, and is done to prevent the root user from messing up a large group of files
by mistake.
NOTE
Another alternative with mv is to use the -b option. With -b, if a file of the same name exists at the
destination, a backup copy of the old file is made before the new file is moved there.
Using the vi Text Editor
It’s almost impossible to use Linux for any period of time and not need to use a text editor. This is
because most Linux configuration files are plain text files that you will almost certainly need to
change manually at some point.
If you are using a GUI, you can run gedit, which is fairly intuitive for editing text. There’s also a
simple text editor you can run from the shell called nano. However, most Linux shell users will use
either the vi or emacs command to edit text files. The advantage of vi or emacs over a graphical
editor is that you can use it from any shell, a character terminal, or a character-based connection
over a network (using telnet or ssh, for example) — no GUI is required. They also each contain
tons of features, so you can continue to grow with them.
This section provides a brief tutorial on the vi text editor, which you can use to manually edit a
configuration file from any shell. (If vi doesn’t suit you, see the “Exploring Other Text Editors”
sidebar for other options.)
The vi editor is difficult to learn at first, but once you know it, you never have to use a mouse or a
function key — you can edit and move around quickly and efficiently within files just by using the
keyboard.
71
2
Part I
Linux First Steps
Exploring Other Text Editors
D
ozens of text editors are available for use with Linux. Here are a few that might be in your Linux
distribution, which you can try out if you find vi to be too taxing.
Text Editor
Description
nano
A popular, streamlined text editor that is used with many bootable Linuxes and
other limited-space Linux environments. For example, nano is often available to
edit text files during a Linux install process.
gedit
The GNOME text editor that runs in the GUI.
jed
This screen-oriented editor was made for programmers. Using colors, jed can
highlight code you create so you can easily read the code and spot syntax
errors. Use the Alt key to select menus to manipulate your text.
joe
The joe editor is similar to many PC text editors. Use control and arrow keys to
move around. Press Ctrl+C to exit with no save or Ctrl+X to save and exit.
kate
A nice-looking editor that comes in the kdebase package. It has lots of bells
and whistles, such as highlighting for different types of programming languages
and controls for managing word wrap.
kedit
A GUI-based text editor that comes with the KDE desktop.
mcedit
With mcedit, function keys help you get around, save, copy, move, and delete
text. Like jed and joe, mcedit is screen-oriented.
nedit
An excellent programmer’s editor. You need to install the optional nedit
package to get this editor.
If you use ssh to log in to other Linux computers on your network, you can use any editor to edit
files. A GUI-based editor will pop up on your screen. When no GUI is available, you will need a text
editor that runs in the shell, such as vi, jed, or joe.
Starting with vi
Most often, you start vi to open a particular file. For example, to open a file called /tmp/test,
type the following command:
$ vi /tmp/test
If this is a new file, you should see something similar to the following:
~
~
~
~
72
Running Commands from the Shell
~
“/tmp/test” [New File]
The box at the top represents where your cursor is. The bottom line keeps you informed about
what is going on with your editing (here you just opened a new file). In between, there are tildes
(~) as filler because there is no text in the file yet. Now here’s the intimidating part: There are no
hints, menus, or icons to tell you what to do. On top of that, you can’t just start typing. If you do,
the computer is likely to beep at you. And some people complain that Linux isn’t friendly.
The first things you need to know are the different operating modes: command and input. The vi
editor always starts in command mode. Before you can add or change text in the file, you have to
type a command (one or two letters and an optional number) to tell vi what you want to do. Case
is important, so use uppercase and lowercase exactly as shown in the examples! To get into input
mode, type an input command. To start out, type either of the following:
n a — The add command. After it, you can input text that starts to the right of the cursor.
n i — The insert command. After it, you can input text that starts to the left of the cursor.
Type a few words and then press Enter. Repeat that a few times until you have a few lines of text.
When you’re finished typing, press Esc to return to command mode. Now that you have a file with
some text in it, try moving around in your text with the following keys or letters:
TIP
Remember the Esc key! It always places you back into command mode.
n Arrow keys — Move the cursor up, down, left, or right in the file one character at a time.
To move left and right you can also use Backspace and the space bar, respectively. If you
prefer to keep your fingers on the keyboard, move the cursor with h (left), l (right), j
(down), or k (up).
n w — Moves the cursor to the beginning of the next word.
n b — Moves the cursor to the beginning of the previous word.
n 0 (zero) — Moves the cursor to the beginning of the current line.
n $ — Moves the cursor to the end of the current line.
n H — Moves the cursor to the upper-left corner of the screen (first line on the screen).
n M — Moves the cursor to the first character of the middle line on the screen.
n L — Moves the cursor to the lower-left corner of the screen (last line on the screen).
The only other editing you need to know is how to delete text. Here are a few vi commands for
deleting text:
n x — Deletes the character under the cursor.
n X — Deletes the character directly before the cursor.
n dw — Deletes from the current character to the end of the current word.
73
2
Part I
Linux First Steps
n d$ — Deletes from the current character to the end of the current line.
n d0 — Deletes from the previous character to the beginning of the current line.
To wrap things up, use the following keystrokes for saving and quitting the file:
n ZZ — Save the current changes to the file and exit from vi.
n :w — Save the current file but continue editing.
n :wq — Same as ZZ.
n :q — Quit the current file. This works only if you don’t have any unsaved changes.
n :q! — Quit the current file and don’t save the changes you just made to the file.
If you’ve really trashed the file by mistake, the :q! command is the best way to exit and
abandon your changes. The file reverts to the most recently changed version. So, if you
just did a :w, you are stuck with the changes up to that point. If you just want to undo a few bad
edits, press u to back out of changes.
TIP
You have learned a few vi editing commands. I describe more commands in the following sections.
First, however, here are a few tips to smooth out your first trials with vi:
n Esc — Remember that Esc gets you back to command mode. (I’ve watched people press
every key on the keyboard trying to get out of a file.) Esc followed by ZZ gets you out of
command mode, saves the file, and exits.
n u — Press u to undo the previous change you made. Continue to press u to undo the
change before that, and the one before that.
n Ctrl+R — If you decide you didn’t want to undo the previous command, use Ctrl+R for
Redo. Essentially, this command undoes your undo.
n Caps Lock — Beware of hitting Caps Lock by mistake. Everything you type in vi has a
different meaning when the letters are capitalized. You don’t get a warning that you are
typing capitals — things just start acting weird.
n :! command — You can run a command while you are in vi using :! followed by a command name. For example, type :!date to see the current date and time, type :!pwd to see
what your current directory is, or type :!jobs to see if you have any jobs running in the
background. When the command completes, press Enter and you are back to editing the
file. You could even use this technique to launch a shell (:!bash) from vi, run a few
commands from that shell, and then type exit to return to vi. (I recommend doing a save
before escaping to the shell, just in case you forget to go back to vi.)
n -- INSERT — When you are in insert mode, the word INSERT appears at the bottom of
the screen.
n Ctrl+G — If you forget what you are editing, pressing these keys displays the name of the
file that you are editing and the current line that you are on at the bottom of the screen. It
also displays the total number of lines in the file, the percentage of how far you are
through the file, and the column number the cursor is on. This just helps you get your
bearings after you’ve stopped for a cup of coffee at 3 A.M.
74
Running Commands from the Shell
Moving Around the File
Besides the few movement commands described earlier, there are other ways of moving around a vi
file. To try these out, open a large file that you can’t do much damage to. (Try copying /var/log/
messages to /tmp and opening it in vi.) Here are some movement commands you can use:
n Ctrl+F — Page ahead, one page at a time.
n Ctrl+B — Page back, one page at a time.
n Ctrl+D — Page ahead one-half page at a time.
n Ctrl+U — Page back one-half page at a time.
n G — Go to the last line of the file.
n 1G — Go to the first line of the file. (Use any number to go to that line in the file.)
Searching for Text
To search for the next occurrence of text in the file, use either the slash (/) or the question mark (?)
character. Follow the slash or question mark with a pattern (string of text) to search forward or
backward, respectively, for that pattern. Within the search, you can also use metacharacters. Here
are some examples:
n /hello — Searches forward for the word hello.
n ?goodbye — Searches backward for the word goodbye.
n /The.*foot — Searches forward for a line that has the word The in it and also, after
that at some point, the word foot.
n ?[pP]rint — Searches backward for either print or Print. Remember that case
matters in Linux, so make use of brackets to search for words that could have different
capitalization.
The vi editor was originally based on the ex editor, which didn’t let you work in full-screen mode.
However, it did enable you to run commands that let you find and change text on one or more
lines at a time. When you type a colon and the cursor goes to the bottom of the screen, you are
essentially in ex mode. Here is an example of some of those ex commands for searching for and
changing text. (I chose the words Local and Remote to search for, but you can use any
appropriate words.)
n :g/Local — Searches for the word Local and prints every occurrence of that line from
the file. (If there is more than a screenful, the output is piped to the more command.)
n :s/Local/Remote — Substitutes Remote for the word Local on the current line.
n :g/Local/s//Remote — Substitutes the first occurrence of the word Local on every
line of the file with the word Remote.
n :g/Local/s//Remote/g — Substitutes every occurrence of the word Local with the
word Remote in the entire file.
75
2
Part I
Linux First Steps
n :g/Local/s//Remote/gp — Substitutes every occurrence of the word Local with
the word Remote in the entire file, and then prints each line so that you can see the
changes (piping it through more if output fills more than one page).
Using Numbers with Commands
You can precede most vi commands with numbers to have the command repeated that number of
times. This is a handy way to deal with several lines, words, or characters at a time. Here are some
examples:
n 3dw — Deletes the next three words.
n 5cl — Changes the next five letters (that is, removes the letters and enters input mode).
n 12j — Moves down 12 lines.
Putting a number in front of most commands just repeats those commands. At this point, you
should be fairly proficient at using the vi command. Once you get used to using vi, you will
probably find other text editors less efficient to use.
When you invoke vi in many Linux systems, you’re actually invoking the vim text editor,
which runs in vi compatibility mode. Those who do a lot of programming might prefer
vim because it shows different levels of code in different colors. vim has other useful features, such as
the capability to open a document with the cursor at the same place as it was when you last exited
that file.
NOTE
Summary
Working from a shell command line within Linux may not be as simple as using a GUI, but it
offers many powerful and flexible features. This chapter explains how to find your way around the
shell in Linux and provides examples of running commands, including recalling commands from a
history list, completing commands, and joining commands.
The chapter describes how shell environment variables can be used to store and recall important
pieces of information. It also teaches you how to modify shell configuration files to tailor the shell
to suit your needs. Finally, this chapter shows you how to use the Linux file system to create files
and directories, use permissions, and work with files (moving, copying, and removing them), and
how to edit text files from the shell using the vi command.
76
Getting into the Desktop
I
n the past few years, graphical user interfaces (GUIs) available for Linux
have become as easy to use as those on the Apple Mac or Microsoft
Windows systems. With these improvements, even a novice computer
user can start using Linux without needing to have an expert standing by.
You don’t need to understand the underlying framework of the X Window
System, window managers, widgets, and whatnots to get going with a Linux
desktop system. That’s why I start by explaining how to use the two most
popular desktop environments: KDE (K desktop environment) and GNOME.
After that, if you want to dig deeper, I tell you how you can put together
your own desktop by discussing how to choose your own X-based window
manager to run in Linux.
Understanding Your Desktop
When you install Linux distributions such as Fedora Core, SUSE, Mandriva,
and Ubuntu, you have the option to choose a desktop environment.
Distributions such as Gentoo and Debian GNU/Linux give you the option to
go out and get whatever desktop environment you want (without particularly
prompting you for it). When you are given the opportunity to select a desktop
during installation, your choices usually include one or more of the following:
n K desktop environment (www.kde.org) — In addition to all the
features you would expect to find in a complete desktop environment (window managers, toolbars, panels, menus, keybindings,
icons, and so on), KDE has many bells and whistles available.
Applications for graphics, multimedia, office productivity, games,
system administration, and many other uses have been integrated
77
IN THIS CHAPTER
Understanding your desktop
Using the K desktop
environment
Using the GNOME desktop
environment
Configuring your own desktop
Playing with desktop eye candy
using AIGLX
Part I
Linux First Steps
to work smoothly with KDE, which is the default desktop environment for SUSE, KNOPPIX, and various other Linux distributions.
n GNOME desktop environment (www.gnome.org) — GNOME is a more streamlined
desktop environment. It includes a smaller feature set than KDE and runs faster in many
lower-memory systems. Some think of GNOME as a more business-oriented desktop. It’s
the default desktop for Red Hat-sponsored systems such as Fedora and RHEL, Ubuntu,
and others.
The KDE Desktop is based on the Qt 3 graphical toolkit. GNOME is based on GTK+ 2.
Although graphical applications are usually written to either QT 3 or GTK+ 2, by
installing both desktops you will have the libraries needed to run applications written for both
toolkits from either environment.
NOTE
n X and a window manager (X.org or XFree86.org + WM) — You don’t need a fullblown desktop environment to operate Linux from a GUI. The most basic, reasonable
way of using Linux is to simply start the X Window System server and a window manager
of your choice (there are dozens to choose from). Many advanced users go this route
because it can offer more flexibility in how they set up their desktops.
The truth is that most X applications run in any of the desktop environments just described
(provided that proper libraries are included with your Linux distribution as noted earlier). So you
can choose a Linux desktop based on the performance, customization tools, and controls that best
suit you. Each of those three types of desktop environments is described in this chapter.
Starting the Desktop
Because the way that you start a desktop in Linux is completely configurable, different distributions offer different ways of starting up the desktop. Once your Linux distribution is installed, it
may just boot to the desktop, offer a graphical login, or offer a text-based login. Bootable Linux
systems (which don’t have to be installed at all) typically just boot to the desktop.
Boot to the Desktop
Some bootable Linux systems boot right to a desktop without requiring you to log in so you can
immediately start working with Linux. KNOPPIX is an example of a distribution that boots straight
to a Linux desktop from a CD. That desktop system usually runs as a particular username (such as
knoppix, in the case of the KNOPPIX distribution). To perform system administration, you have to
switch to the administrator’s account temporarily (using the su or sudo command).
Boot to Graphical Login
Most desktop Linux systems that are installed on your hard disk boot up to a graphical login
screen. Although the X display manager (xdm) is the basic display manager that comes with the X
Window System, KDE and GNOME each have their own graphical display managers that are used
78
Getting into the Desktop
as login screens (kdm and gdm, respectively). So chances are that you will see the login screen
associated with KDE or GNOME (depending on which is the default on your Linux system).
When Linux starts up, it enters into what is referred to as a run level or system state.
Typically, a system set to start at run level 5 boots to a graphical login prompt. A system
set to run level 3 boots to a text prompt. The run level is set by the initdefault line in the
/etc/inittab file. Change the number on the initdefault line as you please between 3 and 5.
Don’t use any other number unless you know what you are doing. Never use 0 or 6, since those numbers are used to shutdown and reboot the system, respectively.
NOTE
Because graphical login screens are designed to be configurable, you often find that the distribution
has its own logo or other graphical elements on the login screen. For example, Figure 3.1 shows a
basic graphical login panel displayed by the kdm graphical display manager.
FIGURE 3.1
A simple KDE display manager (kdm) login screen includes a clock, login name list, and a few menu
selections.
With Fedora Linux, the default login screen is based on the GNOME display manager (gdm).
Figure 3.2 shows the Fedora Core graphical login screen.
You can just enter your login (username) and password to start up your personal desktop environment. Your selected desktop environment — KDE or GNOME — comes up ready for you to use.
Although the system defines a desktop environment by default, you can typically change desktop
environments on those Linux systems, such as Fedora, that offer both KDE and GNOME.
79
3
Part I
Linux First Steps
FIGURE 3.2
The Fedora Project login screen is based on gdm.
X display managers can enable you to do a lot more than just get to your desktop. Although different graphical login screens offer different options, here are some you may encounter:
n Session — Look for a Session button on the login screen (such as the one that comes
with Fedora). From there, you can choose to start your login session with a GNOME,
KDE, or Failsafe Terminal environment. (Failsafe Terminal simply opens a Terminal window so, presumably, you can make a quick fix to the system without starting up a whole
desktop environment.)
n Language — Linux systems that are configured to start multiple languages may give you
the opportunity to choose a language (other than the default language) to boot into. For
this to work, however, you must have installed support for the language you choose.
n Reboot or Shutdown — There’s no need to log in if all you want to do is turn off or
restart your computer. Most graphical login screens offer you the option of rebooting or
shutting down the machine from that screen.
80
Getting into the Desktop
If you don’t like the way the graphical login screen looks, or just want to assert greater control over
how it works, there are many ways to configure and secure X graphical login screens. Later, after
you are logged in, you can use the following tools (as root user) to configure the login screen:
n KDE login manager — From the KDE control center, you can modify your KDE display
manager using the Login Manager screen (from KDE control center, select System
Administration ➪ Login Manager). You can change logos, backgrounds, color schemes,
and other features related to the look-and-feel of the login screen.
n GNOME login manager — The GNOME display manager (gdm) comes with a Login
Window Preferences utility (from the desktop run the gdmsetup command as root
user). From the Login Window Preferences window, you can select the Local tab and
choose a whole different theme for the login manager. On the Security tab, you may
notice that all TCP connections to the X server are disallowed. Don’t change this selection
because no processes other than those handled directly by your display manager should
be allowed to connect to the login screen.
After your login and password have been accepted, the desktop environment configured for your
user account starts up. Users can modify their desktop environments to suit their tastes (even to
the point of changing the entire desktop environment used).
Boot to a Text Prompt
Instead of a nice graphical screen with pictures and colors, you might see a login prompt that looks
like this:
Welcome to XYZ Linux
yourcomputer login:
This is the way all UNIX and older Linux systems used to appear on the screen when they booted
up. Now this is the login prompt that is typical for a system that is installed as a server or, for some
reason, was configured not to start an X display manager for you to log in. Run level 3 boots to a
plain-text login prompt in multiuser mode.
Just because you have a text prompt doesn’t necessarily mean you can start a desktop environment.
Many Linux experts boot to a text prompt because they want to bypass the graphical login screen
or use the GUI only occasionally. However, if X and the necessary other desktop components are
installed on your computer, you can typically start the desktop after you log in by typing the following command:
$ startx
The default desktop environment starts up, and you should be ready to go. What you do next
depends on whether you have a KDE, GNOME, or some sort of homespun desktop environment.
81
3
Part I
Linux First Steps
In most cases, the GUI configuration you set up during installation for your video card
and monitor gets you to a working desktop environment. If, for some reason, the screen
is unusable when you start the desktop, you need to do some additional configuration. The
“Configuring Your Own Desktop” section later in this chapter describes some tools you can use to get
your desktop working.
NOTE
K Desktop Environment
The KDE was created to bring a high-quality desktop environment to UNIX (and now Linux)
workstations. Integrated within KDE are tools for managing files, windows, multiple desktops, and
applications. If you can work a mouse, you can learn to navigate the KDE desktop.
The lack of an integrated, standardized desktop environment once held back Linux and other
UNIX systems from acceptance on the desktop. While individual applications ran well, you mostly
could not drag-and-drop files or other items between applications. Likewise, you couldn’t open a
file and expect the machine to launch the correct application to deal with it or save your windows
from one login session to the next. With KDE, you can do all those things and much more. For
example, you can:
n Drag-and-drop a document from a folder window (Konqueror) to the Trash icon (to get
rid of it) or on an OpenOffice.org Writer icon (to open it for editing).
n Right-click an image file (JPEG, PNG, and so on), and the OpenWith menu lets you
choose to open the file using an image viewer (KView), editor (The GIMP), slide show
viewer (KuickShow), or other application.
To make more applications available to you in the future, KDE provides a platform for developers
to create programs that easily share information and detect how to deal with different data types.
The things you can do with KDE increase in number every day.
KDE is the default desktop environment for Mandriva, KNOPPIX, and several other Linux systems.
SUSE, openSUSE and related distributions moved from KDE to GNOME as the default desktop,
but still make KDE available. KDE is also available with Red Hat Enterprise Linux and Fedora Core
but is not installed by default when they are installed as desktop systems (you need to specifically
request KDE during installation).
The following section describes how to get started with KDE. This includes using the KDE Setup
Wizard, maneuvering around the desktop, managing files, and adding application launchers.
In this chapter, KNOPPIX is the reference model for the KDE descriptions. Because KDE
is very configurable, there may be some differences in these descriptions for KDE in
other Linux systems.
NOTE
82
Getting into the Desktop
Using the KDE Desktop
KDE, as it’s delivered with KNOPPIX, uses a lot of the design elements that come from the KDE
project, so it’s pretty easy to distinguish from other desktop environments. The look-and-feel has
similarities to both Windows and Macintosh systems. Figure 3.3 shows an example of the KDE
desktop in KNOPPIX.
FIGURE 3.3
The KDE desktop includes a panel, desktop icons, and menus.
Some of the key elements of the KDE desktop include:
n Panel — The KDE panel (shown along the bottom of the screen) includes items that
enable you to launch applications and to see minimized representations of active windows, applets, and virtual desktops. A “K” icon on the left side of the panel is used to
represent the main menu on a KDE desktop.
In KNOPPIX, that icon is followed by a KNOPPIX-specific menu (it looks like a squished
penguin) and other icons to launch common applications (the window list, desktop
access, file manager, Terminal window, Konqueror and Firefox Web browsers, and office
applications). Four virtual desktops (shown in little boxes numbered 1, 2, 3, and 4) are
available by clicking on the number of the virtual desktop you want to display. Applets
83
3
Part I
Linux First Steps
(on the right side of the panel) in KNOPPIX let you change your keyboard, set screen
resolution, adjust audio controls, and view the time.
n Desktop icons — The icons on the desktop are usually, by default, those that enable you
to access removable media (CD, floppy disk, and so on), and throw out files (Trash icon).
In KNOPPIX, the KDE desktop also has a nice feature that lets you access your hard disk
partitions directly from icons on the desktop.
n Konqueror file manager — Konqueror is the file manager window used with KDE desktops. It can be used not only to manage files but also to display Web pages. Konqueror is
described in detail later in this chapter.
n Desktop menu — Right-click the desktop to see a menu of common tasks. The menu
provides a quick way to access your bookmarks; create new folders, files, or devices (with
devices, you’re actually choosing to mount a device on a particular part of the file system); straighten up your windows or icons; configure the desktop; and log out of your
KDE session.
To navigate the KDE desktop, you can use the mouse or key combinations. The responses from the
desktop to your mouse depend on which button you click and where the mouse pointer is located.
Table 3-1 shows the results of clicking each mouse button with the mouse pointer placed in different locations. (You can change any of these behaviors from the Windows Behavior panel on the
KDE Control Center. From the KDE menu, select Control Center, and then choose the Window
Behavior selection under the Desktop heading.)
TABLE 3-1
Single-Click Mouse Actions
Pointer Position
Mouse Button
Result
Window title bar or frame
(current window active)
Left
Raises current window
Window title bar or frame
(current window active)
Middle
Lowers current window
Window title bar or frame
(current window active)
Right
Opens operations menu
Window title bar or frame
(current window not active)
Left
Activates current window and raises it
to the top
Window title bar or frame
(current window not active)
Middle
Activates current window and lowers it
Window title bar or frame
(current window not active)
Right
Opens operations menu without
changing position
Inner window (current
window not active)
Left
Activates current window, raises it to
the top, and passes the click to the
window
84
Getting into the Desktop
Pointer Position
Mouse Button
Result
Inner window (current
window not active)
Middle or Right
Activates current window and passes
the click to the window
Any part of a window
Middle (plus hold Alt key)
Toggles between raising and lowering
the window
Any part of a window
Right (plus hold Alt key)
Resizes the window
On the desktop area
Left (hold and drag)
Selects a group of icons
On the desktop area
Right
Opens system pop-up menu
Click a desktop icon to open it. Double-clicking a window title bar results in a window-shade
action, where the window scrolls up and down into the title bar.
If you don’t happen to have a mouse or you just like to keep your hands on the keyboard, there are
several keystroke sequences you can use to navigate the desktop. Table 3-2 shows some examples.
TABLE 3-2
Keystrokes
Key Combination
Result
Directions
Ctrl+Tab
Step through the virtual
desktops
To go from one virtual desktop to the next,
hold down the Ctrl key and press the Tab
key until you see the desktop that you
want to make current. Then release the
Ctrl key to select that desktop.
Alt+Tab
Step through windows
To step through each of the windows that
are running on the current desktop, hold
down the Alt key and press the Tab key
until you see the one you want. Then
release the Alt key to select it.
Alt+F2
Open Run Command box
To open a box on the desktop that lets you
type in a command and run it, hold the Alt
key and press F2. Next, type the command
in the box and press Enter to run it. You
can also type a URL into this box to view a
Web page.
Alt+F4
Close current window
To close the current window, press Alt+F4.
continued
85
3
Part I
Linux First Steps
TABLE 3-2
(continued)
Key Combination
Result
Directions
Ctrl+Alt+Esc
Close another window
To close an open window on the desktop,
press Ctrl+Alt+Esc. When a skull and
crossbones appear as the pointer, move
the pointer over the window you want to
close and click the left mouse button. (This
is a good technique for killing a window
that has no borders or menu.)
Ctrl+F1, F2, F3, or F4 key
Switch virtual desktops
Go directly to a particular virtual desktop
by pressing and holding the Ctrl key and
pressing one of the following: F1, F2, F3,
or F4. These actions take you directly to
desktops one, two, three, and four,
respectively. You could do this for up to
eight desktops, if you have that many
configured.
Alt+F3
Open window operation
menu
To open the operations menu for the active
window, press Alt+F3. When the menu
appears, move the arrow keys to select an
action (Move, Size, Minimize, Maximize,
and so on), and then press Enter to select it.
Managing Files with the Konqueror File Manager
The Konqueror file manager helps elevate the KDE environment from just another X window manager to an integrated desktop that competes with GUIs from Apple Computing or Microsoft. The
features in Konqueror rival those offered by those user-friendly desktop systems. Figure 3.4 shows
an example of the Konqueror file manager window in KNOPPIX.
FIGURE 3.4
Konqueror provides a network-ready tool for managing files.
86
Getting into the Desktop
Konqueror’s greatest strengths over earlier file managers include the following:
n Network desktop — If your computer is connected to the Internet or a LAN, features
built into Konqueror enable you to create links to files (using FTP) and Web pages (using
HTTP) on the network and open them in the Konqueror window. Those links can appear
as file icons in a Konqueror window or on the desktop. Konqueror also supports
WebDAV, which can be configured to allow local read and write access to remote folders
(which is a great tool if you are maintaining a Web server).
n Web browser interface — The Konqueror interface works like Firefox, Internet
Explorer, or other Web browsers in the way you select files, directories, and Web content. Because Konqueror is based on a browser model, a single click opens a file, a link
to a network resource, or an application program. You can also open content by typing
Web-style addresses in the Location box. The rendering engine used by Konqueror,
called KHTML, is also used by Safari (the popular Web browser for Apple Mac OS X
systems).
Web pages that contain Java and JavaScript content run by default in Konqueror. To
check that Java and JavaScript support are turned on, choose Settings ➪ Configure
Konqueror. From the Settings window, click Java & JavaScript and select the Java tab. To enable Java,
click the Enable Java Globally box and click Apply. Repeat for the JavaScript tab.
TIP
n File types and MIME types — If you want a particular type of file to always be launched
by a particular application, you can configure that file yourself. KDE already has dozens
of MIME types defined so that particular file and data types can be automatically detected
and opened in the correct application. There are MIME types defined for audio, image,
text, video, and a variety of other content.
Of course, you can also perform many standard file manager functions with Konqueror. For example, you can manipulate files by using features such as select, move, cut, paste, and delete; search
directories for files; create new items (files, folders, and links, to name a few); view histories of the
files and Web sites you have opened; and create bookmarks.
Working with Files
Because most of the ways of working with files in Konqueror are quite intuitive (by intention),
Table 3-3 provides a quick rundown of how to do basic file manipulation.
87
3
Part I
Linux First Steps
TABLE 3-3
Working with Files in Konqueror
Task
Action
Open a file
Left-click the file. It will open right in the Konqueror window, if possible, or in the
default application set for the file type. You also can open directories, applications,
and links by left-clicking them.
Open a file with a
specific application
Right-click a data file, choose Open With from the pop-up menu, and then select one
of the available applications to open the file. The applications listed are those that are
set up to open the file. Select Other to choose a different application.
Delete a file
Right-click the file and select Delete. You are asked if you really want to delete the
file. Click Yes to permanently delete it. (As an alternative, you can select Move to
Trash, which results in the file being moved to the trash can you can access from the
desktop.)
Copy a file
Right-click the file and select Copy. This copies the file to your clipboard. After that,
you can paste it to another folder. Click the Klipper (clipboard) icon in the panel to
see a list of copied files.
Klipper holds the seven most recently copied files, by default. Click the Klipper
icon and select Configure Klipper to change the number of copied files Klipper will
remember.
Paste a file
Right-click (an open area of a folder) and select Paste. A copy of the file you copied
previously is pasted in the current folder.
Link a file
Drag-and-drop a file from one folder to another. When the menu appears, click
Link Here. (A linked file lets you access a file from a new location without having
to make a copy of the original file. When you open the link, a pointer to the
original file causes it to open.)
Move a file
Copy a file
Create a link to a file
With the original folder and target folder both open on the desktop, click and hold the
left mouse button on the file you want to move, drag the file to an open area of the
new folder, and release the mouse button. From the menu that appears, click Move.
(You also can use this menu to copy or create a link to the file.)
There are also several features for viewing information about the files and folders in your
Konqueror windows:
n View quick file information — Positioning the mouse pointer over the file displays
information such as its filename, size, and type in the window footer.
n View hidden files — Selecting View ➪ Show Hidden Files enables you to see files that
begin with a dot (.). Dot files tend to be used for configuration and don’t generally need
to be viewed in your daily work.
88
Getting into the Desktop
n View file system tree — Selecting View ➪ View Mode ➪ Tree View provides a tree view
of your folder, displaying folders above the current folder in the file system. You can click
a folder in the tree view to jump directly to that folder. Multicolumn, Detailed List, and
Text views are also available.
n Change icon view — Select View ➪ Icon Size, and then choose Large, Medium, or Small
to set the size of the icons that are displayed in the window. You can also choose Default
Size to return to the default icon size (which is medium, unless you have changed the
default through the Configure Konqueror window).
To act on a group of files at the same time, there are a couple of actions you can take. Choose Edit
➪ Selection ➪ Select. A pop-up window lets you match all (*) or any group of documents indicated by typing letters, numbers, and wildcard characters. Or, you can select a group of files by
clicking in an open area of the folder and dragging the pointer across the files you want to select.
All files within the box will be highlighted. When files are highlighted, you can move, copy, or
delete the files as described earlier.
Searching for Files
If you are looking for a particular file or folder, you can use the Konqueror Find feature. To open a
Find window to search for a file, open a local folder (such as /home/chris) and choose Tools ➪
Find File; the Find box appears in your Konqueror window. You can also start the kfind window
by typing kfind from a Terminal window.
Figure 3.5 shows the kfind window in Konqueror.
FIGURE 3.5
Search for files and folders from the kfind window.
89
3
Part I
Linux First Steps
Simply type the name of the file you want to search for (in the Named text box) and the folder,
including all subfolders, you want to search in (in the Look in text box). Then click the Find button. Use metacharacters, if you like, with your search. For example, search for *.rpm to find all
files that end in .rpm or z*.doc to find all files that begin with z and end with .doc. You can
also select to have the search be case-sensitive or click the Help button to get more information
on searching.
To further limit your search, you can click the Date Range tab and then enter a date range
(between), a number of months before today (during the previous x months), or the number of
days before today (during the previous x days). Select the Advanced tab to choose to limit the
search to files of a particular type (of Type), files that include text that you enter (Containing Text),
or that are of a certain size (Size is) in kilobytes.
Creating New Files and Folders
You can create a variety of file types when using the Konqueror window. Choose Edit ➪ Create
New, and select Folder (to create a new folder) or one of several different types under the File or
Device submenu. Depending on which version of Konqueror you are using, you might be able to
create some or all of the file types that follow:
n HTML File — Opens a dialog box that lets you type the name of an HTML file to create.
n Link to Application — Opens a window that lets you type the name of an application.
Click the Permissions tab to set file permissions (Exec must be on if you want to run the file
as an application). Click the Execute tab and type the name of the program to run (in the
field Execute on click) and a title to appear in the title bar of the application (in the field
Window Title). If it is a text-based command, select the Run in terminal check box. Select
the check box to Run as a different user and add the username. Click the Application tab to
assign the application to handle files of particular MIME types. Click OK.
n Link to Location (URL) — Selecting this menu item opens a dialog box that lets you
create a link to a Web address. Type a name to represent the address and type the name
of the URL (Web address) for the site. (Be sure to add the http://, ftp://, or other
prefix.)
n Text File — Opens a dialog box that lets you create a document in text format and place
it in the Konqueror window. Type the name of the text document to create and click OK.
Under the Device submenu, you can make the following selections:
n CD-ROM Device — Opens a dialog box that lets you type a new CD-ROM device name.
Click the Device tab and type the device name (/dev/cdrom), the mount point (such as
/mnt/cdrom), and the file system type (you can use iso9660 for the standard CD-ROM
file system, ext2 for Linux, or msdos for DOS). When the icon appears, you can open it
to mount the CD-ROM and display its contents.
n CDWRITER Device — From the window that opens, enter the device name of your
CD writer.
90
Getting into the Desktop
n DVD-ROM Device — Opens a dialog box that lets you type a new CD-ROM or DVD-ROM
device name. Click the Device tab and type the device name (such as /dev/cdrom), the
mount point (such as /mnt/cdrom), and the file system type (you can use iso9660 for the
standard CD-ROM file system, ext2 for Linux, or msdos for DOS). When the icon appears,
you can open it to mount the CD-ROM or DVD-ROM and display its contents.
n Camera Device — In the dialog box that opens, identify the device name for the camera
devices that provides access to your digital camera.
n Floppy Device — Opens a dialog box in which you type a new floppy name. Click the
Device tab and type the device name (/dev/fd0), the mount point (such as
/mnt/floppy), and the file system type (you can use auto to autodetect the contents,
ext2 for Linux, or msdos for DOS). When the icon appears, open it to mount the floppy
and display its contents.
n ZIP Device — Opens a dialog box in which you type a new ZIP device name. Click the
Device tab and type the device name (/dev/sdb1), the mount point (such as
/mnt/zip1), and the file system type (you can use auto to autodetect the contents,
ext2 for Linux, or msdos for DOS). When the icon appears, open it to mount the Zip
drive and display its contents.
n Hard Disc Device — Opens a dialog box that lets you type the name of a new hard disk
or hard-disk partition. Click the Device tab and type the device (/dev/hda1), the
mount point (such as /mnt/win), and the file system type (you can use auto to autodetect the contents, ext2 or ext3 for Linux, or vfat for a Windows file system). When the
icon appears, you can open it to mount the file system and display its contents.
n MO Device — Opens a dialog box that lets you create a link to a magneto optical (MO)
device.
n NFS — Opens a dialog box to create a link to an NFS network shared directory.
Creating MIME types and applications is described later in this chapter.
Using Other Browser Features
Because Konqueror performs like a Web browser as well as a file manager, it includes several other
browser features. For example, the bookmarks feature enables you to keep a bookmark list of Web
sites you have visited. Click Bookmarks, and a drop-down menu of the sites you have bookmarked
appears. Select from that list to return to a site. There are several ways to add and change your
bookmarks list:
n Add Bookmark — To add the address of the page currently being displayed to your
bookmark list, choose Bookmarks ➪ Add Bookmark. The next time you click
Bookmarks, you will see the bookmark you just added on the Bookmarks menu. In addition to Web addresses, you can also bookmark any file or folder.
n Edit Bookmarks — Select Bookmarks ➪ Edit Bookmarks to open a tree view of your
bookmarks. From the Bookmark Editor window that appears, you can change the URLs,
the icon, or other features of the bookmark. There is also a nice feature that lets you
check the status of the bookmark (that is, the address available).
91
3
Part I
Linux First Steps
n New Bookmark Folder — You can add a new folder of bookmarks to your Konqueror
bookmarks list. To create a bookmarks folder, choose Bookmarks ➪ New Folder. Then
type a name for the new Bookmarks folder, and click OK. The new bookmark folder
appears on your bookmarks menu. You can add the current location to that folder by
clicking on the folder name and selecting Add Bookmark.
Configuring Konqueror Options
You can change many of the visual attributes of the Konqueror window, including which menu
bars and toolbars appear. You can have any of the following bars appear on the Konqueror window: Menubar, Toolbar, Extra Toolbar, Location Toolbar, and Bookmark Toolbar. Select Settings,
and then click the bar you want to have appear (or not appear). The bar appears when a check
mark is shown next to it.
You can modify a variety of options for Konqueror by choosing Settings ➪ Configure Konqueror.
The Konqueror Settings window appears, offering the following options:
n Behavior — Change file manager behavior.
n Appearance — Change file manager fonts and colors.
n Previews & Meta-Data — An icon in a Konqueror folder can be made to resemble the
contents of the file it represents. For example, if the file is a JPEG image, the icon representing the file could be a small version of that image. Using the Previews features, you
can limit the size of the file used (1MB is the default) because many massive files could
take too long to refresh on the screen. You can also choose to have any thumbnail embedded in a file to be used as the icon or have the size of the icon reflect the shape of the
image used.
n File Associations — Describes which programs to launch for each file type.
n Web Behavior — Click the Behavior (Browser) button to open a window to configure the
Web browser features of Konqueror. By enabling Form Completion, Konqueror can save
form data you type and, at a later time, fill that information into other forms. If your
computer has limited resources, you can speed up page display by clearing the
Automatically Load Images check box or by disabling animations.
n Java and JavaScript — Enable or disable Java and JavaScript content contained in Web
pages in your Konqueror window.
n AdBlock Filters — Click here to create a list of URLs that are filtered as you browse the
Web. Filtering is based on frame and image names. Filtered URLs can be either thrown
away or replaced with an image. You can also import and export lists of filters here.
n Fonts — Choose which fonts to use, by default, for various fonts needed on Web pages
(standard font, fixed font, serif font, sans serif font, cursive font, and fantasy font). The
serif fonts are typically used in body text, while sans serif fonts are often used in headlines. You can also set the Minimum and Medium font sizes.
92
Getting into the Desktop
n Web Shortcuts — Display a list of keyword shortcuts you can use to go to different
Internet sites. For example, follow the word “ask” with a search string to search the Ask
Jeeves (www.ask.com) Web site.
n History Sidebar — Modify the behavior of the list of sites you have visited (the history).
By default, the most recent 500 URLs are stored, and after 500 days (KNOPPIX) or 90
days (Fedora), a URL is dropped from the list. There’s also a button to clear your history.
(To view your history list in Konqueror, open the left side panel, and then click the tiny
scroll icon.)
n Cookies — Choose whether cookies are enabled in Konqueror. By default, you are asked
to confirm that it is okay each time a Web site tries to create or modify a cookie. You can
change that to either accept or reject all cookies. You can also set policies for acceptance
or rejection of cookies based on host and domain names.
n Cache — Indicate how much space on your hard disk can be used to store the sites you
have visited (based on the value in the Disk Cache Size field).
n Proxy — Click Proxy to configure Konqueror to access the Internet through a proxy server
(by default, Konqueror tries to connect there directly). You need to enter the address and
port number of the computer providing HTTP and/or FTP proxy services. Alternatively,
you can have Konqueror try to automatically detect the proxy configuration.
n Stylesheets — Choose whether to use the default stylesheet, a user-defined stylesheet, or
a custom stylesheet. The stylesheet sets the font family, font sizes, and colors that are
applied to Web pages. (This won’t change particular font requests made by the Web
page.) If you select a custom stylesheet, click the Customize tab to customize your own
fonts and colors.
n Crypto — Display a list of secure certificates that can be accepted by the Konqueror
browser. By default, Secure Socket Layer (SSL) versions 2 and 3 certificates are accepted,
as is TLS support (if supported by the server). You can also choose to be notified when
you are entering or leaving a secure Web site.
n Browser Identification — Set how Konqueror identifies itself when it accesses a Web
site. By default, Konqueror tells the Web site that it is the Mozilla Web browser. You can
select Konqueror to appear as different Web browsers to specific sites. You must sometimes do this when a site denies you access because you do not have a specific type of
browser (even though Konqueror may be fully capable of displaying the content).
n Plugins — Display a list of directories that Konqueror will search to find plug-ins.
Konqueror can also scan your computer to find plug-ins that are installed for other
browsers in other locations.
n Performance — Display configuration settings that can be used to improve Konqueror
performance. You can preload an instance after KDE startup or minimize memory usage.
93
3
Part I
Linux First Steps
Creating an Image Gallery with Konqueror
T
here’s a neat feature in Konqueror that lets you create a quick image gallery. The feature takes a
directory of images, creates thumbnails for each one, and generates an HTML (Web) page. The
HTML page includes a title you choose, all image thumbnails arranged on a page, and links to the
larger images. Here’s how you do it:
1. Add images you want in your gallery to any folder (for example, /home/knoppix/images).
Make sure they are sized, rotated, and cropped the way you like before beginning. (Try The
GIMP for manipulating your images by typing gimp& from a Terminal.)
2. Open the folder in Konqueror (for example, type /home/knoppix/images in the
Location box).
3. Click Tools ➪ Create Image Gallery. The Create Image Gallery window appears.
4. Type a title for the image gallery into the Page Title box. You can also select other attributes of the gallery, such as the number of rows, information about the image to appear on
the page (name, size, and dimension), the fonts, and the colors to use.
5. Click OK.
Konqueror generates the thumbnails and adds them to the thumbs directory. The image gallery page
itself opens and is saved to the images.html file. (Select the Folders button to save the gallery
under a different name. You can also have Konqueror create galleries in recursive subfolders to a
depth you choose.) You can now copy the entire contents of this directory to a Web server and publish your pictures on the Internet. Here’s an example of a Konqueror image gallery.
94
Getting into the Desktop
Managing Windows
If you have a lot of icons on the desktop and windows open at the same time, organizing those
items can make it much easier to manage your desktop. KDE helps you out by maintaining window lists you can work with and shortcuts for keeping the windows and icons in order.
Using the Taskbar
When you open a window, a button representing the window appears in the taskbar at the bottom
of the screen. Here is how you can manage windows from the taskbar:
n Toggle windows — Left-click any running task in the taskbar to toggle between opening
the window and minimizing it.
n Move windows — Move a window from the current desktop to any other virtual desktop. Right-click any task in the taskbar, select To Desktop, and then select any desktop
number. The window moves to that desktop.
All the windows that are running, regardless of which virtual desktop you are on, appear in the
taskbar. If there are multiple windows of the same type shown as a single task, you can right-click
that task; then, select All to Desktop to move all related windows to the desktop you pick.
Uncluttering the Desktop
If your windows are scattered willy-nilly all over the desktop, here are a couple of ways you can
make your desktop’s appearance a little neater:
n Unclutter windows — Right-click the desktop, and then click Windows ➪ Unclutter
Windows on the menu. All windows that are currently displayed on the desktop are lined
up along the left side of the screen (or aligned with other windows), from the top down.
n Cascade windows — Right-click the desktop, and then click Windows ➪ Cascade windows on the menu. The windows are aligned as they are with the Unclutter selection,
except that the windows are each indented starting from the upper-left corner.
If you find yourself with icons all over the desktop, you also can organize them from the desktop
menu. Right-click the desktop, then select Icons ➪ Sort Icon. From the menu that appears, select
to sort icons by name, size, type, or date. You can also choose to simply line up all icons vertically
or horizontally.
Moving Windows
The easiest way to move a window from one location to another is to place the cursor on the window’s title bar, hold down the mouse button and drag the window to a new location, and release
the mouse button to drop the window. Another way to do it is to click the window menu button
(top-left corner of the title bar), select Move, move the mouse to relocate the window, and then
click again to place it.
95
3
Part I
Linux First Steps
If somehow the window gets stuck in a location where the title bar is off the screen, you
can move it back to where you want it by holding down the Alt key and clicking the left
mouse button in the inner window. Then move the window where you want it and release.
TIP
Resizing Windows
To resize a window, grab anywhere on the outer edge of the window border, and then move the
mouse until the window is the size you want. Grab a corner to resize vertically and horizontally at
the same time. Grab a side to resize in only one direction.
You can also resize a window by clicking the window menu button (top-left corner of the title bar)
and selecting Resize. Move the mouse until the window is resized and click to leave it there.
Pinning Windows on Top or Bottom
You can set a window to always stay on top of all other windows or always stay under them.
Keeping a window on top can be useful for a small window that you want to always refer to (such
as a clock or a small TV viewing window). To pin a window on top of the desktop, click in the
window title bar. From the menu that appears, select Advanced ➪ Keep Above Others. Likewise,
to keep the window on the bottom, select Advanced ➪ Keep Below Others.
Using Virtual Desktops
To give you more space to run applications than will fit on your physical screen, KDE gives you
access to several virtual desktops at the same time. Using the 1, 2, 3, and 4 buttons on the panel,
you can easily move between the different desktops. Just click the one you want.
If you want to move an application from one desktop to another, you can do so from the window
menu. Click the window menu button for the window you want to move, click To Desktop, and
then select Desktop 1, 2, 3, or 4. The window will disappear from the current desktop and move
to the one you selected.
Configuring the Desktop
If you want to change the look, feel, or behavior of your KDE desktop, the best place to start is the
KDE Control Center. The Control Center window (see Figure 3.6) lets you configure dozens of
attributes associated with colors, fonts, backgrounds, and screen savers. You can also change attributes relating to how you work with windows and files.
To open the KDE Control Center from the desktop, select Control Center from the K menu or open
a Terminal window and type sudo kcontrol.
Click the plus (+) sign next to the topic you want to configure, and then select the particular item
you want to configure. The following sections describe some of the features you can configure from
the Control Center.
96
Getting into the Desktop
FIGURE 3.6
Manage your KDE desktop from the KDE Control Center.
Changing the Display
You can change a lot of the look-and-feel of your desktop display. Under the Appearance &
Themes topic (click the plus sign), you can change Background, Colors, Fonts, Icons, Launch
Feedback, Panel, Screen Saver, Style, Theme Manager, and Window Decoration.
Here are a few of the desktop features you may want to change:
n Background — Under the Appearance & Themes heading in the KDE Control Center,
select Background. By default, all of your virtual desktops use the same background. To
have different backgrounds for each virtual desktop, select the box next to the Setting for
Desktop heading, choose any of the four desktops, and then choose the background you
want for the current desktop.
For each desktop, select Picture, Slideshow, or No Picture. For a Picture, there are several
backgrounds you can choose from the pull-down menu, or you can browse your file system for a picture. To do a slide show, click Slideshow and select Setup (to choose your
pictures and define how often they change).
Click Apply to apply your selections.
n Screen Saver — Under the Appearance & Themes heading, select Screen Saver. From the
window that appears, select from a list of screen savers. KNOPPIX includes only a blank
screen saver. However, Fedora Core comes with about 160 different screen savers. My
favorite is Slideshow, where you can have a slide show of images for your screen saver.
Click Setup to identify an image directory or otherwise modify the behavior of the screen
saver. Under settings, select how many minutes of inactivity before the screen saver turns
on. You can also choose Require Password to require that a password be entered before
you can access your display after the screen saver has come on.
97
3
Part I
Linux First Steps
If you are working in a place where you want your desktop to be secure, be sure to turn
on the Require Password feature. This prevents others from gaining access to your computer when you forget to lock it or shut it off. If you have any virtual terminals open, switch to them
and type vlock to lock each of them as well. (You need to install the vlock package if the vlock command isn’t available.)
TIP
n Fonts — You can assign different fonts to different places in which fonts appear on the
desktop. Under the Appearance & Themes heading, select Fonts. Select one of the categories of fonts (General, Fixed width, Toolbar, Menu, Window title, Taskbar, and Desktop
fonts). Then click the Choose check box to select a font from the Select Font list box that
you want to assign to that category. If the font is available, an example of the text appears
in the Sample text box.
To use 100 dpi fonts, you need to add an entry for 100 dpi fonts to /etc/X11/
xorg.conf file. After you make that change, you need to restart the X server for it to
TIP
take effect.
Other attributes you can change for the selected fonts are size (in points) and character
set (to select an ISO standard character set). Select Apply to apply the changes.
n Colors — Under the Appearance & Themes heading, select Colors. The window that
appears lets you change the color of selected items on the desktop. Select a whole color
scheme from the Color Scheme list box. Or select an item from the Widget color box to
change a particular item. Items you can change include text, backgrounds, links, buttons,
and title bars.
Changing Panel Attributes
For most people, the panel is the place where they select which desktop is active and which applications are run. You can change panel behavior from the Configure Panel window. Right-click any
empty space on your panel, and then select Configure Panel. You can change these features from
the Settings window that appears:
n Arrangement — Change the location of the panel by clicking Top, Left, Bottom, or Right
in the Panel Location list box. The Panel Style selection lets you change the size of the
Panel from Medium to Tiny, Small, or Large.
n Hiding — Certain selections enable you to autohide the panel or use hide buttons. Under
the Hide Mode heading, choose whether to hide only when a panel hiding button is
clicked or to hide automatically after a set number of seconds when the cursor is not in
the panel area. You can also show or not show hiding buttons. Sliders let you select the
delay and speed at which panels and buttons are hidden.
n Menus — Unlike with the GNOME main menu, with KDE you have the capability to
manipulate the main menu from the GUI. Click the Edit K Menu button. The KDE Menu
editor that appears lets you cut, copy, paste, remove, and modify submenus and applications from your main menu.
n Appearance — You can change the panel background (transparency or background
image) or button backgrounds (using colors or patterns.). You can also change whether
or not tooltips appear when you move your mouse over a desktop item.
98
Getting into the Desktop
n Taskbar — Change how the taskbar looks and behaves. From the Actions box, choose
what action occurs from clicking each mouse button on the taskbar. You can also choose
how windows are sorted and displayed on the taskbar.
Adding Application Launchers and MIME Types
You want to be able to quickly access the applications that you use most often. One of the best
ways to make that possible is to add icons to the panel or the desktop that can launch the applications you need with a single click. Procedures for adding applications to the panel and desktop are
described in the following sections.
Adding Applications to the Panel
You can add any KDE application to the KDE panel quite easily. Here’s how:
1. Right-click an open space on the panel.
2. Choose Add Application to Panel.
3. Select one of the categories of applications.
4. Select any application from that category (or select Add This Menu to add the whole
menu of applications).
An icon representing the application immediately appears on the panel. (If the panel seems a bit
crowded, you might want to remove some applications you don’t use.)
If you decide later that you no longer want this application to be available on the panel, right-click
the edge of the icon and click the Remove button. To move it to a different location on the panel,
right-click it, click Move, move it to where you want it on the panel, and click again.
Adding Applications to the Desktop
To add an application to the desktop, use the desktop menu. Here’s how:
1. Right-click an open area of the desktop.
2. Select Create New ➪ Link to Application from the menu.
3. On the Properties window that appears, click the General tab and replace Link to
Application with the name you want to appear for the application on the desktop.
On that same tab, click the gear icon and select one icon from the list to represent your
application.
4. Click the Application tab and add a description of the application and a comment. Then
in the Command box, type the command you want to run or browse your file system
(click the Browse button) to find the command to run.
5. Click OK, and the icon for the new application launcher appears on the desktop.
If you decide later that you no longer want this application to be available on the desktop, rightclick the icon and click Delete or Move to Trash.
99
3
Part I
Linux First Steps
The GNOME Desktop
GNOME (pronounced guh-nome) provides the desktop environment that you get by default when
you install Fedora, Ubuntu, and other Linux systems. This desktop environment provides the software that is between your X Window System framework and the look-and-feel provided by the
window manager. GNOME is a stable and reliable desktop environment, with a few cool features.
The GNOME 2.16 desktop comes with the most recent version of Fedora. For GNOME 2.16,
enhancements include advancements in 3D effects (see “3D Effects with AIGLX” later in this chapter), improved usability features, and applications for power management and note taking.
To use your GNOME desktop, you should become familiar with the following components:
n Metacity (window manager) — The default window manager for GNOME in Fedora
and RHEL is Metacity. Metacity configuration options let you control such things as
themes, and window borders and controls used on your desktop.
n Nautilus (file manager/graphical shell) — When you open a folder (by double-clicking
the Home icon on your desktop, for example), the Nautilus window opens and displays
the contents of the selected folder. Nautilus can also display other types of content, such
as shared folders from Windows computers on the network (using SMB).
n GNOME panels (application/task launcher) — These panels, which line the top and
bottom of your screen, are designed to make it convenient for you to launch the applications you use, manage running applications, and work with multiple virtual desktops. By
default, the top panel contains menu buttons (Applications, Places and Desktop), desktop
application launchers (Evolution e-mail and a set of OpenOffice.org applications), a
workspace switcher (for managing four virtual desktops), and a clock. It also has an icon
to alert you when you need software updates. The bottom panel contains window lists
and the workspace switcher.
n Desktop area — The windows and icons you use are arranged on the desktop area,
which supports drag-and-drop between applications, a desktop menu (right-click to see
it), and icons for launching applications. There is a Computer icon that consolidates CD
drives, floppy drives, the file system, and shared network resources in one place.
If you have used an earlier version of GNOME, here are some additions you will find as you use
features from the current version of GNOME:
n XSPF playlists in Totem — The Totem video/audio player now includes support for
open standard XSPF playlists (www.xspf.org). Other improvements to Totem allow it to
interact with content from Web sites.
n Screensaver previews — Previewing screen savers in full-screen mode is now supported.
n Direct DVD burning — Use the Nautilus CD burner feature to burn DVDs directly, without needing first to create an ISO image.
100
Getting into the Desktop
n Drag from taskbar — Drag an application from the taskbar to workspaces represented in
the panel Workspace Switcher to move the application to a new workspace.
n Nautilus text or button browsing — When saving or opening files or folders in
Nautilus, a new toggle button enables you to choose between browsing by clicking on
buttons or by typing full pathnames.
GNOME also includes a set of Preferences windows that enable you to configure different aspects
of your desktop. You can change backgrounds, colors, fonts, keyboard shortcuts, and other features related to the look and behavior of the desktop. Figure 3.7 shows how the GNOME desktop
environment appears the first time you log in, with a few windows added to the screen.
FIGURE 3.7
In the GNOME desktop environment, you can manage applications from the panel.
Volume control
Clock
Desktop icons
Tomboy sticky notes
Windows list
Show Desktop button
Nautilus File Manager
Workspace Switcher
101
3
Part I
Linux First Steps
The desktop shown in Figure 3.7 is for Fedora 6. The background is named GNOME Curves. The
theme is Clearlooks with the Echo icons set. The following sections provide details on using the
GNOME desktop.
Using the Metacity Window Manager
The Metacity window manager seems to have been chosen as the default window manager for
GNOME in Red Hat Linux because of its simplicity. The creator of Metacity refers to it as a “boring
window manager for the adult in you” — and then goes on to compare other window managers to
colorful, sugary cereal, while Metacity is characterized as Cheerios.
Although features for supporting 3D effects are being added to Metacity, those features
were not considered quite ready for production for Linux systems, such as Fedora, that
were using GNOME 2.16. As a result, to use 3D effects in Fedora, you need to use the Compiz window manager, as described later in this chapter.
NOTE
There really isn’t much you can do with Metacity (except get your work done efficiently). Assigning
new themes to Metacity and changing colors and window decorations is done through the GNOME
preferences (and is described later). A few Metacity themes exist, but expect the number to grow.
Basic Metacity functions that might interest you are keyboard shortcuts and the workspace
switcher. Table 3-4 shows keyboard shortcuts to get around the Metacity window manager.
TABLE 3-4
Metacity Keyboard Shortcuts
Actions
Window focus
Keystrokes
Cycle forward, with pop-up icons
Alt+Tab
Cycle backward, with pop-up icons
Alt+Shift+Tab
Cycle forward, without pop-up icons
Alt+Esc
Cycle backward, without pop-up icons
Alt+Shift+Esc
Panel focus
Cycle forward among panels
Alt+Ctrl+Tab
Cycle backward among panels
Alt+Ctrl+Shift+Tab
Workspace focus
Move to workspace to the right
Ctrl+Alt+right arrow
Move to workspace to the left
Ctrl+Alt+left arrow
Move to upper workspace
Ctrl+Alt+up arrow
Move to lower workspace
Ctrl+Alt+down arrow
Minimize/maximize all windows
Ctrl+Alt+D
Show window menu
Alt+Space bar
Close menu
Esc
102
Getting into the Desktop
Another Metacity feature of interest is the workspace switcher. Four virtual workspaces appear in
the workspace switcher on the GNOME panel. You can do the following with the Workspace
Switcher:
n Choose current workspace — Four virtual workspaces appear in the Workspace
Switcher. Click any of the four virtual workspaces to make it your current workspace.
n Move windows to other workspaces — Click any window, each represented by a tiny
rectangle in a workspace, to drag-and-drop it to another workspace. Likewise, you can
drag an application from the Window List to move that application to another workspace.
n Add more workspaces — Right-click the Workspace Switcher, and select Preferences.
You can add workspaces (up to 32).
n Name workspaces — Right-click the Workspace Switcher and select Preferences. Click in
the Workspaces pane to change names of workspaces to any names you choose.
You can view and change information about Metacity controls and settings using the gconf-editor window (type gconf-editor from a Terminal window). As the window says, it is not the recommended way
of changing preferences, so when possible, you should change the desktop through GNOME preferences. However, gconf-editor is a good way to see descriptions of each Metacity feature.
From the gconf-editor window, select apps ➪ metacity, and then choose from general, global_keybindings, keybindings_commands, window_keybindings, and workspace_names. Click each key
to see its value, along with short and long descriptions of the key.
Using the GNOME panels
The GNOME panels are placed on the top and bottom of the GNOME desktop. From those panels
you can start applications (from buttons or menus), see what programs are active, and monitor how
your system is running. There are also many ways to change the top and bottom panels — by adding
applications or monitors or by changing the placement or behavior of the panel, for example.
Right-click any open space on either panel to see the Panel menu. Figure 3.8 shows the Panel
menu on the top.
FIGURE 3.8
The GNOME panel menu
103
3
Part I
Linux First Steps
From GNOME’s Panel menu, you can choose from a variety of functions, including:
n Use the menus — The Applications menu displays most of the applications and system
tools you will use from the desktop. The Places menu lets you select places to go, such as
the Desktop folder, home folder, removable media, or network locations. The System
menu lets you change preferences and system settings, as well as get other information
about GNOME.
n Add to Panel — Add an applet, menu, launcher, drawer, or button.
n Properties — Change the panel’s position, size, and background properties.
n Delete This Panel — Delete the current panel.
n New Panel — Add panels to your desktop in different styles and locations.
You can also work with items on a panel. For example, you can:
n Move items — To move an item on a panel, right-click it, select move, and then drag and
drop it to a new position.
n Resize items — Some elements, such as the Window List, can be resized by clicking an
edge and dragging it to the new size.
n Use the Window List — Tasks running on the desktop appear in the Window List area.
Click a task to minimize or maximize it.
The following sections describe some things you can do with the GNOME panel.
Using the Applications and System Menu
Click Applications on the panel, and you see categories of applications and system tools that you
can select. Click the application you want to launch. To add an item from a menu so that it can
launch from the panel, drag-and-drop the item you want to the panel. You can manually add items
to your GNOME menus.
To add to the main menu, create a .desktop file in the /usr/share/applications directory. The easiest way to do that is to copy an existing .desktop file that is on the menu you want
and modify it. For example, to add a video player to the Sound & Video menu, you can do the following (as root user):
# cd /usr/share/applications
# cp gnome-cd.desktop vidplay.desktop
Next, use any text editor to change the contents of the vidplay.desktop file you created by
adding a comment, a file to execute, an icon to display, and an application name. After you save
the changes, the new item immediately appears on the menu (no need to restart anything). The following is an example of what the vidplay.desktop entry just created might look like:
[Desktop Entry]
Encoding=UTF-8
Name=My Video Player
104
Getting into the Desktop
Comment=Play Videos
Exec=myplayer
Icon=redhat-sound_video.png
StartupNotify=true
Terminal=false
Type=Application
Categories=GNOME;GTK;AudioVideo;Audio;Player;
OnlyShowIn=GNOME;
From the previous example, My Video Player appears on the Sound and Video menu along with an
icon (redhat-sound_video.png from the /usr/share/pixmaps directory). The words
Play Videos appear when the mouse pointer hovers over the menu entry. When launched from the
menu, the myplayer command is run.
Adding an Applet
There are several small applications, called applets, that you can run directly on the GNOME panel.
These applications can show information you may want to see on an ongoing basis or may just
provide some amusement. To see what applets are available and to add applets that you want to
your panel, perform the following steps:
1. Right-click an open space in the panel so that the panel menu appears.
2. Select Add to Panel. An Add to Panel window appears.
3. Select from among several dozen applets, including a clock, dictionary lookup, stock ticker,
and weather report. The applet you select appears on the panel, ready for you to use.
Figure 3.9 shows (from left to right) eyes, system monitor, CD player, stock ticker, e-mail Inbox
monitor, and dictionary lookup applets.
FIGURE 3.9
Placing applets on the Panel makes it easy to access them.
After an applet is installed, right-click it on the panel to see what options are available. For example, select Preferences for the stock ticker, and you can add or delete stocks whose prices you want
to monitor. If you don’t like the applet’s location, right-click it, click Move, slide the mouse until
the applet is where you want it (even to another panel), and click to set its location.
If you no longer want an applet to appear on the panel, right-click it, and then click Remove From
Panel. The icon representing the applet disappears. If you find that you have run out of room on
your panel, you can add a new panel to another part of the screen, as described in the next section.
105
3
Part I
Linux First Steps
Adding Another Panel
You can have several panels on your GNOME desktop. You can add panels that run along the
entire bottom, top, or side of the screen. To add a panel, do the following:
1. Right-click an open space in the panel so that the Panel menu appears.
2. Select New Panel. A new panel appears on the side of the screen.
3. Right-click an open space in the new panel and select Properties.
4. From the Panel Properties, select where you want the panel from the Orientation box
(Top, Bottom, Left or Right).
After you’ve added a panel, you can add applets or application launchers to it as you did to the
default panel. To remove a panel, right-click it and select Delete This Panel.
Adding an Application Launcher
Icons on your panel represent a Web browser and several office productivity applications. You can
add your own icons to launch applications from the panel as well. To add a new application
launcher to the panel, do the following:
1. Right-click in an open space on the panel.
2. Select Add to Panel ➪ Application Launcher from the menu. All application categories
from your Applications and System menus appear.
3. Select the arrow next to the category of application you want, and then select Add. An
icon representing the application appears on the panel.
To launch the application you just added, simply click the icon on the panel.
If the application you want to launch is not on one of your menus, you can build a launcher
yourself as follows:
1. Right-click in an open space on the panel.
2. Select Add to Panel ➪ Custom Application Launcher ➪ Add. The Create Launcher
window appears.
3. Provide the following information for the application that you want to add:
n Type — Select Application (to launch a regular GUI application) or Application in
Terminal. Use Application in Terminal if the application is a character-based or
ncurses application. (Applications written using the ncurses library run in a Terminal
window but offer screen-oriented mouse and keyboard controls.)
n Name — A name to identify the application (this appears in the tooltip when your
mouse is over the icon).
n Command — The command line that is run when the application is launched. Use
the full path name, plus any required options.
n Comment — A comment describing the application. It also appears when you later
move your mouse over the launcher.
106
Getting into the Desktop
4. Click the Icon box (it might say No Icon). Select one of the icons shown and click OK.
Alternatively, you can browse the Linux file system to choose an icon.
Icons available to represent your application are contained in the
/usr/share/pixmaps directory. These icons are either in .png or .xpm formats. If
there isn’t an icon in the directory you want to use, create your own (in one of those two formats)
and assign it to the application.
NOTE
5. Click OK.
The application should now appear in the panel. Click it to start the application.
Adding a Drawer
A drawer is an icon that you can click to display other icons representing menus, applets, and
launchers; it behaves just like a panel. Essentially, any item you can add to a panel you can add to a
drawer. By adding a drawer to your GNOME panel, you can include several applets and launchers
that together take up the space of only one icon. Click on the drawer to show the applets and
launchers as though they were being pulled out of a drawer icon on the panel.
To add a drawer to your panel, right-click the panel and select Add to Panel ➪ Drawer. A drawer
appears on the panel. Right-click it, and add applets or launchers to it as you would to a panel.
Click the icon again to retract the drawer.
Figure 3.10 shows a portion of the panel with an open drawer that includes xeyes (an applet that
features eyes that follow your mouse pointer around the desktop), an icon for running GIMP and
an icon to launching a Terminal window.
FIGURE 3.10
Add launchers or applets to a drawer on your GNOME panel.
Changing Panel Properties
Those panel properties you can change are limited to the orientation, size, hiding policy, and background. To open the Panel Properties window that applies to a specific panel, right-click on an
open space on the panel and choose Properties. The Panel Properties window that appears includes
the following values:
n Orientation — Move the panel to different locations on the screen by clicking on a new
position.
n Size — Select the size of your panel by choosing its height in pixels (48 pixels by default).
107
3
Part I
Linux First Steps
n Expand — Select this check box to have the panel expand to fill the entire side, or clear
the check box to make the panel only as wide as the applets it contains.
n AutoHide — Select whether a panel is automatically hidden (appearing only when the
mouse pointer is in the area).
n Show Hide buttons — Choose whether the Hide/Unhide buttons (with pixmap arrows
on them) appear on the edges of the panel.
n Arrows on hide buttons — If you select Show Hide Buttons, you can choose to have
arrows on those buttons.
n Background — From the Background tab, you can assign a color to the background of
the panel, assign a pixmap image, or just leave the default (which is based on the current
system theme). Click the Background Image check box if you want to select an Image
for the background, and then select an image, such as a tile from /usr/share/
backgrounds/tiles or other directory.
I usually turn on the AutoHide feature and turn off the Hide buttons. Using AutoHide
gives you more desktop space to work with. When you move your mouse to the edge
where the panel is, the panel pops up — so you don’t need Hide buttons.
TIP
Using the Nautilus File Manager
At one time, file managers did little more than let you run applications, create data files, and open
folders. These days, as the information a user needs expands beyond the local system, file managers
are expected to also display Web pages, access FTP sites, and play multimedia content. The Nautilus
file manager, which is the default GNOME file manager, is an example of just such a file manager.
When you open the Nautilus file manager window (for example, by opening the Home icon or
other folder on your desktop), you see the name of the location you are viewing (such as the folder
name) and what that location contains (files, folders, and applications). Figure 3.11 is an example
of the file manager window displaying the home directory of a user named joe (/home/joe).
In GNOME 2.16, the default Nautilus window has been greatly simplified to show fewer controls and
provide more space for file and directory icons. Double-click a folder to open that folder in a new
window. Select your folder name in the lower-left corner of the window to see the file system hierarchy above the current folder. GNOME remembers whatever size, location, and other setting you had
for the folder the last time you closed it and returns it to that state the next time you open it.
To see more controls, right-click a folder and select Browse Folder to open it. Icons on the toolbar
of the Nautilus window let you move forward and back among the directories and Web sites you
visit. To move up the directory structure, click the up arrow. If you prefer to type the path to the
folder you want, instead of clicking icons, a new feature in GNOME 2.16 enables you to toggle
between button and text-based location bars (click the paper and pencil icon next to the location
buttons to change the view).
108
Getting into the Desktop
FIGURE 3.11
The Nautilus file manager enables you to move around the file system, open directories, launch
applications, and open Samba folders.
To refresh the view of the folder, click the Reload button. The Home button takes you to your
home page, and the Computer button lets you see the same type of information you would see
from a My Computer icon on a Windows system (CD drive, floppy drive, hard disk file systems,
and network folders).
Icons in Nautilus often indicate the type of data that a particular file contains. The contents or file
extension of each file can determine which application is used to work with the file, or you can
right-click an icon to open the file it represents with a particular application or viewer.
Here are some of the more interesting features of Nautilus:
n Sidebar — From the Browse Folder view described previously, select View ➪ Side Pane to
have a sidebar appear in the left column of the screen. From the sidebar, you can click a
pull-down menu that represents different types of information you can select one at a time.
The Tree tab, for example, shows a tree view of the directory structure, so you can easily
traverse your directories. The Notes tab lets you add notes that become associated with
the current Directory or Web page, and the History tab displays a history of directories
you have visited, enabling you to click those items to return to the sites they represent.
There is also an Emblems tab that lets you drag-and-drop emblems on files or folders to
indicate something about the file or folder (emblems include icons representing drafts,
urgent, bug, and multimedia).
n Windows file and printer sharing — If your computer is connected to a LAN on which
Windows computers are sharing files and printers, you can view those resources from
Nautilus. Type smb: in the Open Location box (select File ➪ Open Location to get there)
to see available workgroups. Click a workgroup to see computers from that workgroup
that are sharing files and printers. Figure 3.12 shows an example of Nautilus displaying
icons representing Windows computers in a workgroup called estreet (smb://estreet).
109
3
Part I
Linux First Steps
FIGURE 3.12
Display shared Windows file and printer servers (SMB) in Nautilus.
n MIME types and file types — To handle different types of content that may be encountered in the Nautilus window, you can set applications to respond based on MIME type
and file type. With a folder displayed, right-click a file for which you want to assign an
application. Click either Open With an Application or Open With a Viewer. If no application or viewer has been assigned for the file type, click Associate Application to be able to
select an application. From the Add File Types window, you can add an application based
on the file extension and MIME type representing the file.
n Drag-and-drop — You can use drag-and-drop within the Nautilus window, between the
Nautilus and the desktop, or among multiple Nautilus windows. As other GNOMEcompliant applications become available, they are expected to also support the dragand-drop feature.
If you would like more information on the Nautilus file manager, visit the GNOME Web site
(www.gnome.org/nautilus).
3D Effects with AIGLX
Several different initiatives have made strides in the past year to bring 3D desktop effects to Linux.
openSUSE has the Xgl project (http://en.opensuse.org/Xgl), while Fedora has AIGLX
(http://fedoraproject.org/wiki/RenderingProject/aiglx). This section describes
the AIGLX features that were incorporated into Fedora 6.
110
Getting into the Desktop
The goal of the Accelerated Indirect GLX project (AIGLX) is to add 3D effects to everyday desktop
systems. It does this by implementing OpenGL (http://opengl.org) accelerated effects using
the Mesa (www.mesa3d.org) open source OpenGL implementation.
Currently, AIGLX supports a limited set of video cards and implements only a few 3D effects.
However, if you have one of those cards, AIGLX features in the current version of Fedora can give you
some insights into the eye candy that is to come in later Fedora, RHEL, and other Linux distributions.
To use AIGLX, you must have one of the following supported video cards:
n ATI video cards — The ATI Radeon 7000 through X850 video cards are supported.
Generations r100 through r400 are included.
n Intel video cards — The Intel i810 and i830 through i945 Intel video cards are
supported.
n 3DFX video cards — 3DFX Voodoo3 through Voodoo5 video cards should work, but
have not been tested yet. (3DFX was bought out by NVidia a few years ago.)
Because direct rendering infrastructure (DRI) is required for AIGLX, cards that don’t support that
feature cannot be used. For example, NVidia cards are not currently supported and so cannot be
used, although you can expect NVidia support to be added soon. Those cards that are known to
not work with AIGLX also include ATI Rage 128 and Mach 64, Matrox G200 through G550, and
3DFX Voodoo 1 and 2.
If you have a supported video card, the next trick in getting AIGLX to work in Fedora is to have
the right software packages installed. If you have installed the GNOME desktop, you should
already have all the packages you need. Those packages include compiz (for the Compiz window
manager), glx-utils, gtk2-engines, mesa-libGL, mesa-libGLU, and xorg-x11-drv-ati or xorg-x11drv-i810 (depending on which driver your video card needs).
If your video card was properly detected and configured, you may be able to simply turn on the
Desktop Effects feature to see the effects that have been implemented so far. To turn on Desktop
Effects, select System ➪ Preferences ➪ Desktop Effects. When the Desktop Effects pop-up window
appears, select Enable Desktop Effects. Enabling this does the following:
n Stops the current window manager (Metacity, by default) and starts the Compiz window
manager.
n Enables the Windows Wobble When Moved effect. With this effect on, when you grab
the title bar of the window to move it, the window will wobble as it moves. Menus and
other items that open on the desktop also wobble.
n Enables the Workspaces on a Cube effect. Drag a window from the desktop to the right or
the left and the desktop will rotate like a cube, with each of your desktop workspaces
appearing as a side of that cube. Drop the window on the workspace where you want it
to go. You can also click on the Workspace Switcher applet in the bottom panel to rotate
the cube to display different workspaces.
111
3
Part I
Linux First Steps
Other nice desktop effects result from using the Alt+Tab keys to tab among different running windows. As you press Alt+Tab, a thumbnail of each window scrolls across the screen as the window it
represents is highlighted.
Figure 3.13 shows an example of a Compiz desktop with AIGLX enabled. With Alt+Tab pressed,
thumbnails of several GIMP windows (containing house pictures) scroll from right to left. The
middle, highlighted thumbnail represents the window that is currently selected.
FIGURE 3.13
Alt+Tab through thumbnails of active windows with AIGLX desktop effects enabled.
If you get tired of wobbling windows and spinning cubes, you can easily turn off the AIGLX 3D
effects and return Metacity as the window manager. Just select System ➪ Preferences ➪ Desktop
Effects again and toggle off the Enable Desktop Effects button to turn off the feature.
If you have a supported video card, but find that you are not able to turn on the Desktop Effects,
check that your X server started properly. In particular, make sure that your /etc/X11/xorg.conf
file is properly configured. Make sure that dri and glx are loaded in the Module section. Also, add an
extensions section anywhere in the file (typically at the end of the file) that appears as follows:
Section “extensions”
Option “Composite”
EndSection
112
Getting into the Desktop
Another option is to add the following line to the /etc/X11/xorg.conf file in the Device section:
Option “XAANoOffscreenPixmaps”
The XAANoOffscreenPixmaps option will improve performance. Check your /var/log/
Xorg.log file to make sure that DRI and AIGLX features were started correctly. The messages in
that file can help you debug other problems as well.
Changing GNOME Preferences
There are many ways to change the behavior, look, and feel of your GNOME desktop. Most
GNOME preferences can be modified from selections on the Preferences menu (select System ➪
Preferences).
Unlike earlier versions of GNOME for Fedora, boundaries between preferences related to the window manager (Metacity), file manager (Nautilus), and the GNOME desktop itself have been blurred.
Preferences for all of these features are available from the Preferences menu (shown in Figure 3.14).
FIGURE 3.14
Change the look-and-feel of your desktop from the Preferences window.
113
3
Part I
Linux First Steps
The following items highlight some of the preferences you might want to change:
n Accessibility — If you have difficulty operating a mouse or keyboard, the Keyboard
Accessibility Preferences (AccessX) window lets you adapt mouse and keyboard settings
to make it easier for you to operate your computer. From the Preferences window, open
Accessibility.
n Desktop Background — From Desktop Background Preferences, you can choose a solid
color or an image to use as wallpaper. If you choose to use a solid color (by selecting No
Wallpaper), click the Color box, select a color from the palette, and click OK.
To use wallpaper for your background, open the folder containing the image you want
to use, and then drag the image into the Desktop Wallpaper pane on the Desktop
Preferences window. You can choose from a variety of images in the /usr/share/
nautilus/patterns and /usr/share/backgrounds/tiles directories. Then
choose to have the wallpaper image tiled (repeated pattern), centered, scaled (in proportion), or stretched (using any proportion to fill the screen).
n Screensaver — Choose from dozens of screen savers from the Screensaver window. Select
Random to have your screensaver chosen randomly from those you mark with a check,
or select one that you like from the list to use all the time. Next, choose how long your
screen must be idle before the screen saver starts (default is 10 minutes). You can also
choose to lock the screen when the screen saver is active, so a password is required to
return to the desktop.
n Theme — Choose an entire theme of elements to be used on your desktop, if you like. A
desktop theme affects not only the background but also the way that many buttons and
menu selections appear. Only a few themes are available for the window manager
(Metacity) in the Fedora distribution, but you can get a bunch of other themes from
themes.freshmeat.net (click Metacity).
Click Theme Details, and then click the Controls tab to choose the type of controls to use
on your desktop. Click the Window Border tab to select from different themes that
change the title bar and other borders of your windows. Click the Icons tab to choose
different icons to represent items on your desktop. Themes change immediately as you
click or when you drag a theme name on the desktop.
Exiting GNOME
When you are done with your work, you can either log out from your current session or shut
down your computer completely. To exit from GNOME, do the following:
1. Click the Desktop menu button.
2. Select Log Out from the menu. A pop-up window appears, asking if you want to Log
Out. Some versions will also ask if you want to Shut Down or Restart the computer.
114
Getting into the Desktop
3. Select OK from the pop-up menu. This logs you out and returns you to either the graphical login screen or to your shell login prompt. (If you select Shut Down, the system shuts
down, and if you select Reboot, the system restarts.)
4. Select OK to finish exiting from GNOME.
If you are unable to get to the Log Out button (if, for example, your Panel crashed), there are two
other exit methods. Try one of these ways, depending on how you started the desktop:
n If you started the desktop by typing startx from your login shell, press Ctrl+Backspace to
end your GNOME session. Or you could press Ctrl+Alt+F1 to return to your login shell.
Then press Ctrl+C to kill the desktop.
n If you started the desktop from a graphical login screen, first open a Terminal window
(right-click the desktop and select New Terminal). In the Terminal window, type ps x |
grep gnome-session to determine the process number (PID) shown in the left column.
Then type kill -9 PID, where PID is replaced by the PID number. You should see the
graphical login screen.
Although these are not the most graceful ways to exit the desktop, they work. You should be able
to log in again and restart the desktop.
Configuring Your Own Desktop
Today’s modern desktop computer systems are made to spoon-feed you your operating system. In
the name of ease of use, some desktop environments spend a lot of resources on fancy panels,
complex control centers, and busy applets. In short, they can become bloated.
Many technically inclined people want a more streamlined desktop — or at least want to choose
their own bells and whistles. They don’t want to have to wait for windows to redraw or menus to
come up. Linux enables those people to forget the complete desktop environments and configure:
n X — The X Window System provides the framework of choice for Linux and most UNIX
systems. When you configure X yourself, you can choose the video driver, monitor settings, mouse configuration, and other basic features needed to get your display working
properly.
n Window manager — Dozens of window managers are available to use with X on a Linux
system. Window managers add borders and buttons to otherwise bare X windows. They
add colors and graphics to backgrounds, menus, and windows. Window managers also
define how you can use keyboard and mouse combinations to operate your desktop.
You need to configure X directly only if your desktop isn’t working (the desktop may appear
scrambled or may just plain crash). You may choose to configure X if you want to tune it to give
you higher resolutions or more colors than you get by default.
115
3
Part I
Linux First Steps
Still to come in this chapter: examining tools for tuning X and, in particular, working with the
xorg.conf file. You’ll also explore a few popular window managers that you might want to try
out. Slackware Linux is used to illustrate how to choose and configure a window manager because
Slackware users tend to like simple, direct ways of working with the desktop (when they need a
desktop at all).
Configuring X
Before 2004, most Linux distributions used the X server from the XFree86 project (www.
xfree86.org). Because of licensing issues, many of the major Linux vendors (including Red Hat,
SUSE, and Slackware) changed to the X server from X.org (www.X.org). The descriptions of how
to get X going on your machine assume you are using the X.Org X server.
To determine which X server is installed on your system, from a Terminal window type
man Xorg and man XFree86. If you have only one X server installed on your computer
(which you probably do) only the one installed will show a man page. While you are there, press the
spacebar to page through the features of your X server.
NOTE
It’s possible that you already did some configuration when you installed Linux. If you are able to
start a desktop successfully and your mouse, keyboard, and screen all seem to be behaving, you
may not have to do anything more to configure X.
However, if you can’t start the desktop or you want to adjust some basic features (such as screen
resolution or number of colors supported), the following sections offer some ideas on how to go
about doing those things.
Creating a Working X Configuration File
If your desktop crashes immediately or shows only garbled text, try to create a new X configuration
file. With the X.Org X server, that file is /etc/X11/xorg.conf.
NOTE
In XFree86, the configuration file, which has basically the same format, is
/etc/X11/XF86Config.
To have X try to create a working xorg.conf file for you to use, do the following from a Terminal
window as root user:
1. If Linux booted to a command prompt, go to the next step. However, if it tried to start X
automatically, you might have an illegible screen. In that case, press these keys together:
Ctrl+Alt+Backspace. It should kill your X server and get you back to a command prompt.
If X tries to restart (and is still messed up), press Ctrl+Alt+F2. When you see the command prompt, log in as root and type init 3. This will temporarily bring you down to a
nongraphical state.
2. To have X probe your video hardware and create a new configuration file, type:
# Xorg -configure
116
Getting into the Desktop
3. The file x.org.conf.new should appear in your home directory. To test if this new
configuration file works, type the following to start the X server:
# X -xf86config /root/xorg.conf.new
A gray background with an X in the middle should appear. Move the mouse to move the
X pointer. If that succeeds, you have a working xorg.conf file to use.
4. Press Ctrl+Alt+Backspace to exit the X server.
5. Copy the new configuration file to where it is picked up the next time X starts.
# cp /root/xorg.conf.new /etc/X11/xorg.conf
Chances are that you have a very basic X configuration that you may want to tune further.
Getting New X Drivers
Working video drivers in Linux are available with most video cards you can purchase today.
However, to get some advanced features from your video cards (such as 3D acceleration) you may
need to get proprietary drivers directly from the video manufacturers. In particular, you may want
to get drivers from NVidia and ATI.
To get new drivers for video cards or chipsets from NVidia, go to the NVidia site (www.nvidia.com)
and select the Download Drivers button. Follow the link to Linux and FreeBSD drivers. Links from the
page that appears will take you to a Web page from which you can download the new driver and get
instructions for installing it.
For ATI video cards and chipsets, go to www.ati.com and select Drivers & Software. Follow the
links to Linux drivers and related installation instructions.
There are NVidia and ATI drivers that have been packaged for the particular kernel you are running for many of the popular Linux distributions. Because these drivers are not open source, however, you typically have to enable third-party software repositories to get them to work.
Tuning Up Your X Configuration File
The xorg.conf file might look a bit complicated when you first start working with it. However,
chances are that you will need to change only a few key elements in it. As root user, open the
/etc/X11/xorg.conf file in any text editor. Here are some things you can look for:
n Mouse — Look for an InputDevice section with a Mouse0 or Mouse1 identifier. That
section for a simple two-button, PS2 mouse might look as follows:
Section “InputDevice”
Identifier
“Mouse0”
Driver
“mouse”
Option
“Protocol” “PS/2”
Option
“Device” “/dev/psaux”
EndSection
117
3
Part I
Linux First Steps
If you are unable to use some feature of the mouse, such as a middle wheel, you might be
able to get it working with an entry that looks more like the following:
Section “InputDevice”
Identifier
“Mouse0”
Driver
“mouse”
Option
“Protocol” “IMPS/2”
Option
“Device” “/dev/psaux”
Option
“ZAxisMapping” “4 5”
EndSection
Don’t change the mouse identifier, but you can change the protocol and add the
ZAxisMapping line to enable your wheel mouse. Try restarting X and trying your
mouse wheel on something like a Web page to see if you can scroll up and down with it.
Your mouse might be connected in a different way (such as a bus or serial mouse) or may
have different buttons to enable. Tools for configuring your mouse are distributionspecific. Try mouseconfig, mouseadmin, or system-config-mouse to reconfigure
your mouse from the command line.
n Monitor — The monitor section defines attributes of your monitor. There are generic settings you can use if you don’t exactly know the model of your monitor. Changing the
Horizontal Sync and Vertical Refresh rates without checking your monitor’s technical
specifications is not recommended; you could damage the monitor. Here’s an example of
an entry that will work on many LCD panels:
Section “Monitor”
Identifier
“Monitor0”
VendorName
“Monitor Vendor”
ModelName
“LCD Panel 1024x768”
HorizSync
31.5 - 48.5
VertRefresh 40.0 - 70.0
EndSection
Here’s an entry for a generic CRT monitor that will work on many CRTs:
Section “Monitor”
Identifier
“Monitor0”
VendorName
“Monitor Vendor”
ModelName
“Generic Monitor, 1280x1024 @ 74 Hz”
HorizSync
31.5 - 79.0
VertRefresh 50.0 - 90.0
EndSection
If a tool is available to select your monitor model directly, that would be the best way to
go. For example, in Red Hat systems, you would run system-config-xfree86 to
change monitor settings.
n Video device — The Device section is where you identify the driver to use with your
video driver and any options to use with it. It’s important to get this section right. The
Xorg command described earlier usually does a good job detecting the driver. If you
want to change to a different one, this is where to do so. Here’s an example of the
118
Getting into the Desktop
Device section after I added a video driver from NVIDIA to my system (the driver
name is nv):
Section “Device”
Identifier
Driver
VendorName
BoardName
BusID
EndSection
“Card0”
“nv”
“nVidia Corporation”
“Unknown Board”
“PCI:1:0:0”
n Screen resolution — The last major piece of information you may want to add is the
screen resolution and color depth. There will be a screen resolution associated with each
video card installed on your computer. The Screen section defines default color depths
(such as 8, 16, or 24) and modes (such as 1024 × 768, 800 × 600, or 640 × 480). Set the
DefaultDepth to the number of bits representing color depth for your system, and
then add a Modes line to set the screen resolution.
To read more about how to set options in your xorg.conf file, type man xorg.conf. If your X
server is XFree86, type man XF86Config.
Choosing a Window Manager
Fully integrated desktop environments have become somewhat unfriendly to changing out window
managers. However, you can completely bypass KDE or GNOME, if you like, and start your desktop simply with X and a window manager of your choice.
Although I’m using Slackware as the reference distribution for describing how to change window
managers, the concept is the same on other Linux systems. In general, if no desktop environment
is running in Linux, you can start it by typing the following:
$ startx
This command starts up your desktop environment or window manager, depending on how your
system is configured. Although a variety of configuration files are read and commands are run,
essentially which desktop you get depends on the contents of two files:
n /etc/X11/xinit/xinitrc — If a user doesn’t specifically request a particular desktop environment or window manager, the default desktop settings will come from the
contents of this file. The xinitrc file is the system-wide X configuration file. Different
Linux systems use different xinitrc files.
n $HOME/.xinitrc — The .xinitrc file is used to let individual users set up their own
desktop startup information. Any user can add a .xinitrc file to his or her own home
directory. The result is that the contents of that file will override any system-wide settings.
If you do create your own .xinitrc file, it should have as its last line exec windowmanager, where windowmanager is the name of your window manager; for example:
exec /usr/X1R6/bin/blackbox
119
3
Part I
Linux First Steps
Slackware has at least seven different window managers from which you can choose, making it a
good place to try out a few. It also includes a tool called xwmconfig, which lets you change the
window manager system-wide (in the /etc/X11/xinit/xinitrc file). To use that tool, as the
root user simply type xwmconfig from any shell on a Slackware system. Figure 3.15 shows an
example of that screen.
FIGURE 3.15
In Slackware, you can change window managers using the xwmconfig command.
Select the window manager you want to try from that screen and select OK. That window manager
will start the next time you run startx (provided you don’t override it by creating your own
.xinitrc file). Here are your choices:
n Xfce (www.xfce.org) — The xfce window manager is designed to be lightweight
and fast.
n Blackbox (www.blackboxwm.sourceforge.net) — Another lightweight window
manager that strives to require few library dependencies so it can run in many environments. Offers many features for setting colors and styles.
n FluxBox (http://fluxbox.sourceforge.net) — Based on Blackbox (0.61.1),
FluxBox adds nice features such as window tabs (where you can join together multiple
windows so they appear as multiple tabs on a single window). It also includes an icon
bar and adds some useful mouse features (such as using your mouse wheel to change
workspaces).
n Window Maker (www.windowmaker.org) — Window Maker is a clone of the
NEXTSTEP graphical interface, a popular UNIX workstation of the 1980s and 1990s. It is
a particularly attractive window manager, with support for themes, various window decorations, and features for changing backgrounds and animations, and adding applets
(called docapps).
120
Getting into the Desktop
n FVWM (www.fvwm.org) — This window manager supports full internationalization,
window manager hints, and improved font features. Interesting features include window
shading in all directions (even diagonal) and side titles (including text displayed vertically).
n FVWM-95 (http://fvwm95.sourceforge.net) — A version of FVWM that was
created to look and feel like Windows 95.
n Twm (Tabbed Window Manager) — Although no longer actively maintained, some
people still use twm when they want a truly bare-bones desktop. Until you click the left
mouse button in twm, there’s nothing on the screen. Use the menu that pops up to open
and close windows.
There are many other window managers available for Linux as well. To check out some more, visit
the Xwinman Web site (www.plig.org/xwinman).
Once the system default is set for your window manager, users can set their own window manager
to override that decision. The following section describes how to do that.
Choosing Your Personal Window Manager
Simply adding an exec line with the name of the window manager you want to use to your own
.xinitrc file in your home directory causes startx to start that window manager for you. Here
is an example of the contents of a .xinitrc to start the Window Maker window manager:
exec /usr/bin/wmaker
Make sure that the file is executable (chmod 755 $HOME/.xinitrc). The Window Maker window manager should start the next time you start your desktop. Other window managers you can
choose include Blackbox (/usr/X11R6/bin/blackbox), FluxBox
(/usr/X11R6/bin/fluxbox), FVWM (/usr/X11R6/bin/fluxbox), FVWM-95
(/usr/X11R6/bin/fvwm95), and twm (/usr/X11R6/bin/twm).
Getting More Information
If you tried configuring X and you still have a server that crashes or has a garbled display, your
video card may either be unsupported or may require special configuration. Here are a couple of
locations you can check for further information:
n X.Org (www.x.org) — The latest information about the X servers that come with
Fedora Core is available from the X.Org Web site. X.Org is the freeware version of X
recently used by many major Linux distributions to replace the XFree86 X server.
n X documentation — README files specific to different types of video cards are delivered
with the X.Org X server. Visit the X doc directory (/usr/X11R6/lib/X11/doc) for a
README file specific to the type of video card (or more specifically, the video chipset)
you are using. A lot of good information can also be found on the xorg.conf man page
(type man xorg.conf).
121
3
Part I
Linux First Steps
Summary
Complete desktop environments that run in Linux can rival desktop systems from any operating
system. KDE and GNOME are the most popular desktop environments available today for Linux.
For people who want a sleeker, more lightweight desktop environment, a variety of simple window
managers (Blackbox, FVWM, twm, FluxBox, and many others) are available to use in Linux as well.
The KDE desktop is well known for its large set of integrated applications (office productivity
tools, games, multimedia, and other applications). GNOME has the reputation of being a more
basic, business-oriented desktop. Most Linux distributions such as Slackware and Gentoo offer
GNOME and KDE desktops that aren’t changed much from how they are delivered from those
desktop projects. Other Linux systems (such as Fedora) put their own look-and-feel over
GNOME and KDE desktops.
While the latest Windows systems won’t run on many older 486 and Pentium machines, you can
use an efficient Linux system such as Slackware, add a lightweight window manager, and get reasonably good performance with your desktop system on those machines.
122
Running the Show
IN THIS PART
Chapter 4
Learning Basic Administration
Chapter 5
Getting on the Internet
Chapter 6
Securing Linux
Learning Basic
Administration
L
inux, like other UNIX systems, was intended for use by more than one
person at a time. Multiuser features enable many people to have
accounts on a single Linux system, with their data kept secure from
others. Multitasking enables many people to run programs on the computer
at the same time. Sophisticated networking protocols and applications make
it possible for a Linux system to extend its capabilities to network users and
computers around the world. The person assigned to manage all of this stuff
is called the system administrator.
Even if you are the only person using a Linux system, system administration
is still set up to be separate from other computer use. To do most administrative tasks, you need to be logged in as the root user (also called the
superuser) or temporarily get root permission. Users other than root cannot
change, or in some cases even see, some of the configuration information for
a Linux system. In particular, security features such as stored passwords are
protected from general view.
Because Linux system administration is such a huge topic, this chapter
focuses on the general principles of Linux system administration. In particular, it examines some of the basic tools you need to administer a Linux system for a personal desktop or on a small LAN. Beyond the basics, this
chapter also teaches you how to work with file systems and monitor the
setup and performance of your Linux system.
125
IN THIS CHAPTER
Doing graphical administration
Using the root login
Understanding administrative
commands, config files, and log
files
Creating user accounts
Configuring hardware
Managing file systems and disk
space
Monitoring system performance
Part II
Running the Show
Graphical Administration Tools
Many Linux systems come with simplified graphical tools for administering Linux. If you are a
casual user, these tools often let you do everything you need to administer your system without
editing configuration files or running shell commands.
Let’s examine some of the Web-based administration tools available to use with most Linux systems.
Using Web-Based Administration
Web-based administration tools are available with many open source projects to make those projects more accessible to casual users. Often all you need to use those tools is a Web browser (such
as Firefox), the port number of the service, and the root password. Projects such as Samba and
CUPS come with their own Web administration tools. Webmin is a general-purpose tool for
administering a variety of Linux system services from your Web browser.
The advantages of Web-based administration tools are that you can operate them from a familiar
interface (your Web browser) and you can access them remotely.
Some Linux distributions come with their own set of graphical administration tools
(such as SUSE’s YaST or Red Hat’s system-config tools). You should generally use those
instead of any Web-based interface that comes with a project because a distribution’s own tools are
usually better integrated with its tools for starting and stopping services.
NOTE
Open Source Projects Offering Web Administration
Several major open source projects come with Web-based interfaces for configuring those projects.
Regardless of which Linux you are using, you can use your Web browser to configure the following
projects:
n Samba — To set up Samba for doing file and printer sharing with Microsoft Windows
systems on your LAN, use the Samba SWAT Web-based administration tools from any
Web browser. With SWAT installed and running, you can access your Samba server configuration from your Web browser by typing the following URL in the location box:
http://localhost:901
The Samba project also offers other graphical tools for administering Samba. You can
check them out at http://samba.org/samba/GUI. For descriptions of these tools,
see Chapters 26 and 27.
n CUPS — The Common UNIX Printing Service (CUPS) has its own Web administration
tool. With CUPS installed and configured, you can typically use CUPS Web administration by typing the following URL in your Web browser’s location box:
http://localhost:631
You use the CUPS administration tool to manage printers and classes and do a variety of
administration tasks. CUPS is described in Chapter 26.
126
Learning Basic Administration
Samba and CUPS are included with many Linux distributions. Other projects that offer Web-based
administration that may or may not be in your Linux distribution include SquirrelMail (a Webmail
interface) and Mailman (a mailing list facility).
Because many Web browser administrative interfaces send data in clear text, they are most appropriate to be used on the local system. However, because they are Web-based, you can also use these
interfaces from your LAN or other network. If you plan to expose these administrative interfaces to
an untrusted network, however, you should consider encrypting your communications.
The Webmin Administration Tool
The Webmin facility (www.webmin.com) offers more complete Web-based Linux and UNIX
administration features. Although Webmin isn’t delivered with some Linux systems that offer their
own graphical administration tools (such as Fedora and RHEL), the Webmin project has ported
Webmin to run on more than 70 different operating systems. Supported Linux distributions
include SUSE, Red Hat (Fedora and RHEL), Debian, Ubuntu, Gentoo, Slackware, Mandriva, Yellow
Dog, and others (see www.webmin.com/support.html for a complete list).
Once you get Webmin from Webmin.com and install it, you can use Webmin from your Web
browser. To start the Webmin interface, type the following in the Web browser’s location box:
http://localhost:10000
After you log in as root user, the main Webmin page displays, as shown in Figure 4.1.
FIGURE 4.1
Webmin offers a Web browser interface for administering Linux.
127
4
Part II
Running the Show
Graphical Administration
with Different Distributions
Some people fear that once they’ve left the familiar confines of their Microsoft Windows system for
Linux, they’ll be stuck doing everything from a command line. To gain a wider audience, commercial Linux distributions such as Red Hat Linux and SUSE created their own sets of graphical tools
to provide an easy entry point for new Linux users. The following sections describe Red Hat’s system-config and SUSE’s YaST graphical administration tools.
Red Hat Config Tools
A set of graphical tools that comes with Fedora and Red Hat Enterprise Linux systems can be
launched from the Administration submenu of the System menu or from the command line. Most
of the Fedora and RHEL tools that launch from the command line begin with the systemconfig string (such as system-config-network).
In Fedora Core 1 and previous versions of Red Hat Linux, the GUI administrations tools
all began with redhat-, such as redhat-config-network and redhatlogviewer. Starting with Fedora Core 2, those names have all changed to system-, resulting in
names like system-config-network and system-config-display.
NOTE
These administrative tasks require root permission; if you are logged in as a regular user, you must
enter the root password before the GUI application’s window opens. After you’ve entered that password, most of the system configuration tools will open without requiring you to retype the password during this login session. Look for a yellow badge icon in the upper-right corner of the panel,
indicating that you have root authorization. Click the badge to open a pop-up window that enables
you to remove authorization. Otherwise, authorization goes away when you close the GUI window.
The following list describes many of the graphical tools you can use to administer your Fedora or
Red Hat Enterprise Linux system. Start these windows from the Administration submenu on the
System menu.
NOTE
The availability of the selections described below depends on which features you have
installed.
n Server Settings — Access the following server configuration windows from this
submenu:
n Domain Name System — Create and configure zones if your computer is acting as a
DNS server.
n HTTP — Configure your computer as an Apache Web server.
n NFS — Set up directories from your system to be shared with other computers on
your network using the NFS service.
n Samba — Configure Windows (SMB) file sharing. (To configure other Samba features,
you can use the SWAT window.)
n Services — Display and change which services are running on your Fedora system at
different run levels from the Service Configuration window (see Figure 4.2).
128
Learning Basic Administration
FIGURE 4.2
See services that start from each run level in the Service Configuration window.
n Authentication — Change how users are authenticated on your system. Usually, Shadow
Passwords and MD5 Passwords are selected. However, if your network supports LDAP,
Kerberos, SMB, NIS, or Hesiod authentication, you can select to use any of those authentication types.
n Bootloader — If you have multiple operating systems on your computer, or multiple
Linux kernels available to boot in Linux, you can use the Boot Configuration screen to
choose which to boot by default. For example, you might have Fedora Linux, SUSE, and
Windows XP all on the same hard disk. You could choose which would start automatically (after a set number of seconds), if one wasn’t selected explicitly.
n Date & Time — Set the date and time or choose to have an NTP server keep system time
in sync.
n Display — Change the settings for your X desktop, including color depth and resolution
for your display. You can also choose settings for your video card and monitor.
n Hardware Browser — View information about your computer’s hardware.
n Keyboard — Choose the type of keyboard you are using, based on language.
n Language — Select the default language used for the system.
n Logical Volume Management — Manage your LVM partitions.
n Login Screen — Control how your login screen appears and behaves.
n Network — Manage your current network interfaces; add interfaces as well.
129
4
Part II
Running the Show
n Printing — Configure local and network printers.
n Root Password — Change the root password.
n Security Level and Firewall — Configure your firewall to allow or deny services to computers from the network. On a second tab, enable or disable SELinux and, if enabled, set
the level of security for different services.
n Server Settings — Configure options for services you may have installed.
n Smart Card Manager — Adds an applet to the desktop top panel that allows you to
examine and manage the contents of smart cards connected to your system.
n Soundcard Detection — Try to detect and configure your sound card.
n System Log — View system log files, and search them for keywords.
n System Monitor — View information about running processes and resource usage.
n Users & Groups — Add, display, and change user and group accounts for your Fedora
system.
Other administrative utilities are available from the Applications menu on the top panel. The
Add/Remove Software selection lets you select software from any yum-enabled software repository
available on the network. For other administrative tools, select the System Tools submenu to see
some of the following options:
n Bluetooth Manager — Display Bluetooth devices and related properties.
n Configuration Editor — Directly edit the GNOME configuration database.
n Disk Usage Analyzer — Display detailed information about your hard disks and removable storage devices.
n Kickstart — Create a kickstart configuration file that can be used to install multiple
Fedora systems without user interaction.
n Software Updater — Run the Package Updater utility (pup) to get updates for all system
packages.
Other applications that you add to Fedora or RHEL may also include administrative utilities that
will appear in the System Tools submenu.
SUSE YaST Tools
The YaST administrative interface is one of the strongest features of SUSE Linux. From a SUSE
desktop, open the YaST Control Center by selecting System ➪ YaST from the main menu. Figure
4.3 shows an example of the YaST Control Center that appears.
YaST has some useful tools in its Hardware section that enables you to probe your computer hardware. Selecting Hardware Info on my system, for example, enabled me to see that the CD-ROM
drive that YaST detected was available through device /dev/hdc and that it supported CD-R,
CD-RW, and DVD media. I could also see detailed information about my CPU, network card, PCI
devices, sound card, and various storage media.
130
Learning Basic Administration
FIGURE 4.3
Use the YaST Control Center to administer SUSE systems.
YaST also offers interfaces for configuring and starting network devices, as well as a variety of services to run on those devices. In addition, you can use YaST to configure your computer as a client
for file sharing (Samba and NFS), e-mail (sendmail), and a variety of network services.
SUSE Linux Enterprise Server comes with a wider range of configuration tools that are specifically
geared toward server setup, including tools for configuring a mail server, VPN tunnels, and full
Samba 3.
Using the root Login
Every Linux system starts out with at least one administrative user account (the root user) and possibly one or more regular user accounts (given a name that you choose, or a name assigned by
Linux). In most cases, you log in as a regular user and become the root user to do an administrative task.
The root user has complete control of the operation of your Linux system. That user can open any
file or run any program. The root user also installs software packages and adds accounts for other
people who use the system.
When you first install most Linux systems, you add a password for the root user. You must remember and protect this password — you will need it to log in as root or to obtain root permission
while you are logged in as some other user. Other Linux systems (such as KNOPPIX) start you
without an available root password, so you may want to add one when you first start up by typing
the following from a Terminal window or other shell:
# passwd root
Changing password for user root.
New UNIX password: ********
Retype new UNIX password: ********
131
4
Part II
Running the Show
Some bootable Linux distributions give you (as a regular user) the power to run commands as root. You simply have to ask for the privilege using the sudo command. For
example, from a Terminal window, to open a shell as root, type the following:
NOTE
$ sudo su #
You’ll find out more about the sudo command later in this chapter.
The home directory for the root user is typically /root. The home directory and other information associated with the root user account are located in the /etc/passwd file. Here’s what the
root entry looks like in the /etc/passwd file:
root:x:0:0:root:/root:/bin/bash
This shows that for the user named root the user ID is set to 0 (root user), the group ID is set to 0
(root group), the home directory is /root, and the shell for that user is /bin/bash. (We’re using
a shadow password file to store encrypted password data, so the password field here contains an
x.) You can change the home directory or the shell used by editing the values in this file. A better
way to change these values, however, is to use the usermod command (described later in this
chapter).
Becoming Root from the Shell (su Command)
Although you can become the superuser by logging in as root, sometimes that is not convenient.
For example, you may be logged in to a regular user account and just want to make a quick
administrative change to your system without having to log out and log back in. Or, you may need
to log in over the network to make a change to a Linux system but find that the system doesn’t
allow root users in from over the network (a common practice in the days before secure shells were
available).
The solution is to use the su command. From any Terminal window or shell, you can simply type
the following:
$ su
Password: ******
#
When you are prompted, type in the root user’s password. The prompt for the regular user ($)
changes to the superuser prompt (#). At this point, you have full permission to run any command
and use any file on the system. However, one thing that the su command doesn’t do when used
this way is read in the root user’s environment. As a result, you may type a command that you
know is available and get the message “Command Not Found.” To fix this problem, use the su
command with the dash (-) option instead, like this:
$ su Password: ******
#
132
Learning Basic Administration
You still need to type the password, but after that, everything that normally happens at login for
the root user happens after the su command is completed. Your current directory will be root’s
home directory (probably /root), and things such as the root user’s PATH variable will be used. If
you become the root user by just typing su, rather than su -, you won’t change directories or the
environment of the current login session.
You can also use the su command to become a user other than root. This is useful for troubleshooting a problem that is being experienced by a particular user, but not by others on the computer (such as an inability to print or send e-mail). For example, to have the permissions of a user
named jsmith, you’d type the following:
$ su - jsmith
Even if you were root user before you typed this command, afterward you would have only the
permissions to open files and run programs that are available to jsmith. As root user, however, after
you type the su command to become another user, you don’t need a password to continue. If you
type that command as a regular user, you must type the new user’s password.
When you are finished using superuser permissions, return to the previous shell by exiting the current shell. Do this by pressing Ctrl+D or by typing exit. If you are the administrator for a computer
that is accessible to multiple users, don’t leave a root shell open on someone else’s screen (unless
you want to let that person do anything he wants to the computer)!
Allowing Limited Administrative Access
As mentioned earlier, when you run GUI tools as a regular user (from Fedora Core, SUSE, or some
other Linux systems), you are prompted for the root password before you are able to access the
tool. By entering the root password, you are given root privilege for that task. In the case of Fedora,
after you enter the password a badge icon appears in the top panel, indicating that root authorization is still available for other GUI tools to run from that desktop session.
A particular user can also be given administrative permissions for particular tasks without being
given the root password. For example, a system administrator can add a user to particular groups,
such as modem, disk, users, cdrom, ftp, mail, or www, and then open group permission to use
those services. Or, an administrator can add a user to the wheel group and add entries to the
/etc/sudoers file to allow that user to use the sudo command to run individual commands as
root. (See the description of sudo later in this chapter.)
A fairly new feature being added to some Linux distributions used in highly secure environments is
Security Enhanced Linux (SELinux). With SELinux, instead of one all-powerful root user account,
multiple roles can be defined to protect selected files and services. In that way, for example, if
someone cracks your Web server, he does not automatically have access to your mail server, user
passwords, or other services running on the computer.
133
4
Part II
Running the Show
Exploring Administrative Commands,
Configuration Files, and Log Files
You can expect to find many commands, configuration files, and log files in the same places in the
file system, regardless of which Linux distribution you are using. The following sections give you
some pointers on where to look for these important elements.
If GUI administrative tools for Linux have become so good, why do you need to know
about administrative files? For one thing, while GUI tools differ among Linux versions,
many underlying configuration files are the same. So, if you learn to work with them, you can work
with almost any Linux system. Also, if a feature is broken or if you need to do something that’s not
supported by the GUI, when you ask for help, Linux experts almost always tell you how to change the
configuration file directly.
COMING FROM
WINDOWS
Administrative Commands
Only the root user is intended to use many administrative commands. When you log in as root (or
use su - from the shell to become root), your $PATH variable is set to include some directories
that contain commands for the root user. These include the following:
n /sbin — Contains commands for modifying your disk partitions (such as fdisk),
checking file systems (fsck), and changing system states (init).
n /usr/sbin — Contains commands for managing user accounts (such as useradd) and
adding mount points for automounting file systems (automount). Commands that run
as daemon processes are also contained in this directory. (Look for commands that end in
d, such as sshd, pppd, and cupsd.)
Some administrative commands are contained in regular user directories (such as /bin and
/usr/bin). This is especially true of commands that have some options available to everyone. An
example is the /bin/mount command, which anyone can use to list mounted file systems, but
only root can use to mount file systems. (Some desktops, however, are configured to let regular
users use mount to mount CDs, DVDs, or other removable media by adding keywords to the
/etc/fstab file.)
NOTE
See the section “Mounting File Systems” later in this chapter for instructions on how to
mount a file system.
To find commands intended primarily for the system administrator, check out the section 8 manual pages (usually in /usr/share/man/man8). They contain descriptions and options for most
Linux administrative commands.
Some third-party applications add administrative commands to directories that are not in your
PATH. For example, an application may put commands in /usr/local/bin, /opt/bin, or
/usr/local/sbin. Some Linux distributions automatically add those directories to your PATH,
134
Learning Basic Administration
usually before your standard bin and sbin directories. In that way, commands installed to those
directories are not only accessible, but can also override commands of the same name in other
directories.
Administrative Configuration Files
Configuration files are another mainstay of Linux administration. Almost everything you set up for
your particular computer — user accounts, network addresses, or GUI preferences — is stored in
plain-text files. This has some advantages and some disadvantages.
The advantage of plain-text files is that it’s easy to read and change them. Any text editor will do.
The downside, however, is that as you edit configuration files, no error checking is going on. You
have to run the program that reads these files (such as a network daemon or the X desktop) to find
out whether you set up the files correctly. There are no standards for the structure of configuration
files, so you need to learn the format of each file individually. A comma or a quote in the wrong
place can sometimes cause a whole interface to fail.
Some software packages offer a command to test the sanity of the configuration file tied
to a package before you start a service. For example, the testparm command is used
with Samba to check the sanity of your smb.conf file. Other times, the daemon process providing a
service offers an option for checking your config file. For example, run httpd -t to check your
Apache Web server configuration before starting your Web server.
NOTE
Throughout this book you’ll find descriptions of the configuration files you need to set up the different features that make up Linux systems. The two major locations of configuration files are your
home directory (where your personal configuration files are kept) and the /etc directory (which
holds system-wide configuration files).
Following are descriptions of directories (and subdirectories) that contain useful configuration
files. (Refer to Table 4-1 for some individual configuration files in /etc that are of particular interest.) Viewing the contents of Linux configuration files can teach you a lot about administering
Linux systems.
n $HOME — All users store information in their home directories that directs how their
login accounts behave. Most configuration files in $HOME begin with a dot (.), so they
don’t appear in a user’s directory when you use a standard ls command (you need to
type ls -a to see them). There are dot files that define how each user’s shell behaves, the
desktop look-and-feel, and options used with your text editor. There are even files such
as .ssh/* and .rhosts that configure network permissions for each user. (To see the
name of your home directory, type echo $HOME from a shell.)
n /etc — This directory contains most of the basic Linux system-configuration files. Table
4-1 shows some /etc configuration files of interest.
n /etc/cron* — Directories in this set contain files that define how the crond utility runs
applications on a daily (cron.daily), hourly (cron.hourly), monthly
(cron.monthly), or weekly (cron.weekly) schedule.
135
4
Part II
Running the Show
n /etc/cups — Contains files used to configure the CUPS printing service.
n /etc/default — Contains files that set default values for various utilities. For example, the file for the useradd command defines the default group number, home directory, password expiration date, shell, and skeleton directory (/etc/skel) that are used
when creating a new user account.
n /etc/httpd — Contains a variety of files used to configure the behavior of your Apache
Web server (specifically, the httpd daemon process). (On some Linux systems,
/etc/apache is used instead.)
n /etc/init.d — Contains the permanent copies of System V–style run-level scripts.
These scripts are often linked from the /etc/rc?.d directories to have each service
associated with a script started or stopped for the particular run level. The ? is replaced
by the run-level number (0 through 6). (Slackware puts its run-level scripts in the
/etc/rc.d directory.)
n /etc/mail — Contains files used to configure your sendmail mail service.
n /etc/pcmcia — Contains configuration files that allow you to have a variety of PCMCIA cards configured for your computer. (PCMCIA slots are those openings on your laptop that enable you to have credit card–sized cards attached to your computer. You can
attach devices such as modems and external CD-ROMs.)
n /etc/postfix — Contains configuration files for the postfix mail transport agent.
n /etc/ppp — Contains several configuration files used to set up Point-to-Point Protocol
(PPP) so that you can have your computer dial out to the Internet.
n /etc/rc?.d — There is a separate rc?.d directory for each valid system state: rc0.d
(shutdown state), rc1.d (single-user state), rc2.d (multiuser state), rc3.d (multiuser
plus networking state), rc4.d (user-defined state), rc5.d (multiuser, networking, plus
GUI login state), and rc6.d (reboot state). Some Linux distros, such as Slackware, put
most of the start-up scripts directly in /etc/rc.d, without the runlevel notation.
n /etc/security — Contains files that set a variety of default security conditions for
your computer. These files are part of the pam (pluggable authentication modules)
package.
n /etc/skel — Any files contained in this directory are automatically copied to a user’s
home directory when that user is added to the system. By default, most of these files are
dot (.) files, such as .kde (a directory for setting KDE desktop defaults) and .bashrc
(for setting default values used with the bash shell).
n /etc/sysconfig — Contains important system configuration files that are created and
maintained by various services (including iptables, samba, and most networking
services). These files are critical for Linux distributions that use GUI administration tools
but are not used on other Linux systems at all.
n /etc/xinetd.d — Contains a set of files, each of which defines a network service that
the xinetd daemon listens for on a particular port. When the xinetd daemon process
receives a request for a service, it uses the information in these files to determine which
daemon processes to start to handle the request.
136
Learning Basic Administration
TABLE 4-1
/etc Configuration Files of Interest
File
Description
aliases
Can contain distribution lists used by the Linux mail service. (This file may be
located in /etc/mail.)
bashrc
Sets system-wide defaults for bash shell users. (This may be called
bash.bashrc on some Linux distributions.)
crontab
Sets cron environment and times for running automated tasks.
csh.cshrc (or cshrc)
Sets system-wide defaults for csh (C shell) users.
exports
Contains a list of local directories that are available to be shared by remote
computers using the Network File System (NFS).
fstab
Identifies the devices for common storage media (hard disk, floppy, CD-ROM,
and so on) and locations where they are mounted in the Linux system. This is
used by the mount command to choose which file systems to mount when the
system first boots.
group
Identifies group names and group IDs (GIDs) that are defined on the systems.
Group permissions in Linux are defined by the second of three sets of rwx
(read, write, execute) bits associated with each file and directory.
gshadow
Contains shadow passwords for groups.
host.conf
Sets the locations in which domain names (for example, redhat.com) are
searched for on TCP/IP networks (such as the Internet). By default, the local
hosts file is searched and then any name server entries in resolv.conf.
hosts
Contains IP addresses and host names that you can reach from your computer.
(Usually this file is used just to store names of computers on your LAN or small
private network.)
hosts.allow
Lists host computers that are allowed to use certain TCP/IP services from the
local computer.
hosts.deny
Lists host computers that are not allowed to use certain TCP/IP services from
the local computer (although this file will be used if you create it, it doesn’t
exist by default).
inittab
Contains information that defines which programs start and stop when Linux
boots, shuts down, or goes into different states in between. This is the most
basic configuration file for starting Linux.
lilo.conf
Sets Linux boot loader (lilo) parameters to boot the computer. In particular, it
lists information about bootable partitions on your computer. (If your
distribution uses the GRUB boot loader, you may not see this file.)
modules.conf
Contains aliases and options related to loadable kernel modules used by your
computer.
mtab
Contains a list of file systems that are currently mounted.
continued
137
4
Part II
Running the Show
TABLE 4-1
(continued)
File
Description
mtools.conf
Contains settings used by DOS tools in Linux.
named.conf
Contains DNS settings if you are running your own DNS server.
ntp.conf
Includes information needed to run the Network Time Protocol (NTP).
passwd
Stores account information for all valid users for the system. Also includes
other information, such as the home directory and default shell. (Rarely
includes the user passwords themselves, which are typically stored in the
/etc/shadow file.)
printcap
Contains definitions for the printers configured for your computer. (If the
printcap file doesn’t exist, look for printer information in the /etc/cups
directory.)
profile
Sets system-wide environment and startup programs for all users. This file is
read when the user logs in.
protocols
Sets protocol numbers and names for a variety of Internet services.
resolv.conf
Identifies the locations of DNS name server computers that are used by TCP/IP
to translate Internet host.domain names into IP addresses. (When a Web
browser or mail client looks for an Internet site, it checks servers listed in this
file to locate the site.)
rpc
Defines remote procedure call names and numbers.
services
Defines TCP/IP and UDP services and their port assignments.
shadow
Contains encrypted passwords for users who are defined in the passwd file.
(This is viewed as a more secure way to store passwords than the original
encrypted password in the passwd file. The passwd file needs to be publicly
readable, whereas the shadow file can be unreadable by all but the root user.)
shells
Lists the shell command-line interpreters (bash, sh, csh, and so on) that are
available on the system, as well as their locations.
sudoers
Sets commands that can be run by users, who may not otherwise have
permission to run the command, using the sudo command. In particular, this
file is used to provide selected users with root permission.
syslog.conf
Defines what logging messages are gathered by the syslogd daemon and what
files they are stored in. (Typically, log messages are stored in files contained in
the /var/log directory.)
termcap
Lists definitions for character terminals, so that character-based applications
know what features are supported by a given terminal. Graphical terminals
and applications have made this file obsolete to most people. (Termcap was
the BSD UNIX way of storing terminal information; UNIX System V used
definitions in /usr/share/terminfo files.)
xinetd.conf
Contains simple configuration information used by the xinetd daemon process.
This file mostly points to the /etc/xinetd.d directory for information
about individual services. (Some systems use the inetd.conf file and the
inetd daemon instead.)
138
Learning Basic Administration
Another directory, /etc/X11, includes subdirectories that each contain system-wide configuration
files used by X and different X window managers available for Linux. The xorg.conf file (which
makes your computer and monitor usable with X) and configuration directories containing files
used by xdm and xinit to start X are in here.
Directories relating to window managers contain files that include the default values that a user
will get if that user starts one of these window managers on your system. Window managers that
may have system-wide configuration files in these directories include Twm (twm).
NOTE
Some files and directories in /etc/X11 are linked to locations in the /usr/X11R6
directory.
Administrative Log Files
One of the things that Linux does well is keep track of itself. This is a good thing, when you consider how much is going on in a complex operating system. Sometimes you are trying to get a new
facility to work and it fails without giving you the foggiest reason why. Other times you want to
monitor your system to see if people are trying to access your computer illegally. In any of those
cases, you can use log files to help track down the problem.
The main utilities for logging error and debugging messages for Linux are the syslogd and klogd
daemons. General system logging is done by syslogd. Logging that is specific to kernel activity is
done by klogd. Logging is done according to information in the /etc/syslog.conf file.
Messages are typically directed to log files that are usually in the /var/log directory. Here are a
few common log files:
n boot.log — Contains boot messages about services as they start up.
n messages — Contains many general informational messages about the system.
n secure — Contains security-related messages, such as login activity.
n XFree86.0.log or Xorg.0.log — Depending on which X server you are using, contains messages about your video card, mouse, and monitor configuration.
If you are using a Fedora Linux system, the System Log Viewer utility is a good way to step
through your system’s log files. From the System menu, select Administration ➪ System Log. You
not only can view boot, kernel, mail, security, and other system logs, but you can also use the
viewing pane to select log messages from a particular date.
Using sudo and Other
Administrative Logins
You don’t hear much about other administrative logins (besides root) being used with Linux. It was
a fairly common practice in UNIX systems to have several different administrative logins that
allowed administrative tasks to be split among several users. For example, a person sitting near a
139
4
Part II
Running the Show
printer could have lp permissions to move print jobs to another printer if he knew a printer wasn’t
working.
In any case, administrative logins are available with Linux, so you may want to look into using
them. Here are some examples:
n lp — User can control some printing features. Having a separate lp administrator allows
someone other than the superuser to do such things as move or remove lp logs and print
spool files. The home directory for lp is /var/spool/lpd.
n mail — User can work with administrative e-mail features. The mail group, for many
Linux systems, has group permissions to use mail files in /var/spool/mail (which is
also often the mail user’s home directory).
n uucp — User owns various uucp commands (once used as the primary method for dialup serial communications) as well as log files in /var/log/uucp, spool files in
/var/spool, administrative commands (such as uuchk, uucico, uuconv, and
uuxqt) in /usr/sbin, and user commands (uucp, cu, uuname, uustat, and uux) in
/usr/bin. The home directory for uucp is /var/spool/uucp.
n bin — User owns many commands in /bin in traditional UNIX systems. This is not the
case in some Linux systems (such as Red Hat and Gentoo) because root owns most executable files. The home directory of bin is /bin.
n news — User could do administration of Internet news services, depending on how you
set permission for /var/spool/news and other news-related resources. The home
directory for news is /etc/news.
By default, the administrative logins in the preceding list are disabled. You would need to change
the default shell from its current setting (usually /sbin/nologin or /bin/false) to a real
shell (typically /bin/bash) to use these.
One way to give full or limited root privileges to any nonroot user is to set up the sudo facility,
which simply entails adding the user to /etc/sudoers and defining what privilege you want
that user to have. Then the user can run any command he or she is privileged to use by preceding
that command with the sudo command.
Here’s an example of how to use the sudo facility to cause any users that are added to the wheel
group to have full root privileges:
1. As the root user, edit the /etc/sudoers file by running the visudo command:
# /usr/sbin/visudo
By default, the file opens in vi, unless your EDITOR variable happens to be set to some
other editor acceptable to visudo (for example, export EDITOR=gedit). The reason
for using visudo is that the command locks the /etc/sudoers file and does some
basic sanity checking of the file to ensure it has been edited correctly.
140
Learning Basic Administration
NOTE
If you are stuck here, refer to the vi tutorial in Chapter 2 for information on using the vi
editor.
2. Uncomment the following line to allow users in the wheel group to have full root privileges on the computer:
%wheel
ALL=(ALL)
ALL
This line causes users in the wheel group to provide a password (their own password,
not the root password) in order to use administrative commands. To allow users in the
wheel group to have that privilege without using a password, uncomment the following
line instead:
%wheel
ALL=(ALL)
NOPASSWD: ALL
3. Save the changes to the /etc/sudoers file (in vi, type Esc, and then ZZ).
4. Still as root user, open the /etc/group file in any text editor and add to the wheel line
any users you want to have root privilege. For example, if you were to add the users mary
and jake to the wheel group, the line would appear as follows:
wheel:x:10:root,mary,jake
Now users mary and jake can run the sudo command to run commands, or parts of commands,
that are normally restricted to the root user. The following is an example of a session by the user
jake after he has been assigned sudo privileges:
[jake]$ sudo umount /mnt/win
We trust you have received the usual lecture
from the local System Administrator. It usually
boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password: *********
[jake]$ umount /mnt/win
mount: only root can mount /dev/hda1 on /mnt/win
[jake]$ sudo umount /mnt/win
[jake]$
In this session, the user jake runs the sudo command to unmount the /mnt/win file system
(using the umount command). He is given a warning and asked to provide his password (this is
jake’s password, not the root password).
Even after jake has given the password, he must still use the sudo command to run subsequent
administrative commands as root (the umount fails, but the sudo umount succeeds). Notice that
he is not prompted for a password for the second sudo. That’s because after entering his password
successfully, he can enter as many sudo commands as he wants for the next 5 minutes without
having to enter it again. (You can change the timeout value from 5 minutes to however long you
want by setting the passwd_timeout value in the /etc/sudoers file.)
141
4
Part II
Running the Show
The preceding example grants a simple all-or-nothing administrative privilege to everyone you put
in the wheel group. However, the /etc/sudoers file gives you an incredible amount of flexibility in permitting individual users and groups to use individual applications or groups of applications. Refer to the sudoers and sudo man pages for information about how to tune your sudo
facility. Refer to the pam_wheel man page to see how the PAM facility affects members of the
wheel group.
Administering Your Linux System
Your system administrator duties don’t end after you have installed Linux. If multiple people are
using your Linux system, you, as administrator, must give each person his own login account.
You’ll use useradd and related commands to add, modify, and delete user accounts.
Configuring hardware is also on your duty list. When you add hardware to your Linux computer,
that hardware is often detected and configured automatically. In some cases, though, the hardware
may not have been set up properly, and you will use commands such as lsmod, modprobe,
insmod, and rmmod to configure the right modules to get the hardware working.
A device driver is the code permanently built into the kernel to allow application programs to talk to a particular piece of hardware. A module is like a driver, but it is loaded
on demand. The “Configuring Hardware” section later in this chapter includes information about
using these commands to configure modules.
NOTE
Managing file systems and disk space is your responsibility, too. You must keep track of the disk
space being consumed, especially if your Linux system is shared by multiple users. At some point,
you may need to add a hard disk or track down what is eating up your disk space (you use commands such as find to do this).
Your duties also include monitoring system performance. You may have a runaway process on your
system or you may just be experiencing slow performance. Tools that come with Linux can help
you determine how much of your CPU and memory are being consumed.
These tasks are explored in the rest of this chapter.
Creating User Accounts
Every person who uses your Linux system should have a separate user account. Having a user
account provides each person with an area in which to securely store files, as well as a means of
tailoring his or her user interface (GUI, path, environment variables, and so on) to suit the way that
he or she uses the computer.
You can add user accounts to most Linux systems in several ways — Fedora and Red Hat
Enterprise Linux systems use the system-config-users utility, for example, and SUSE offers a user
142
Learning Basic Administration
setup module in YaST. This chapter describes how to add user accounts from the command line
with useradd because most Linux systems include that command.
Adding Users with useradd
The most straightforward method for creating a new user from the shell is with the useradd command. After opening a Terminal window with root permission, you simply invoke useradd at the
command prompt, with details of the new account as parameters.
The only required parameter is the login name of the user, but you probably want to include some
additional information ahead of it. Each item of account information is preceded by a single letter
option code with a dash in front of it. Table 4-2 lists the options available with useradd.
TABLE 4-2
useradd Command Options
Option
Description
-c comment
-c “comment here”
Provide a description of the new user account. Often the person’s full name.
Replace comment with the name of the user account (-c jake). Use quotes to
enter multiple words (-c “jake jackson”).
-d home_dir
Set the home directory to use for the account. The default is to name it the same
as the login name and to place it in /home. Replace home_dir with the directory
name to use (for example, -d /mnt/homes/jake).
-D
Rather than create a new account, save the supplied information as the new
default settings for any new accounts that are created.
-e expire_date
Assign the expiration date for the account in MM/DD/YYYY format. Replace
expire_date with a date you want to use (-e 05/06/2005).
-f -1
Set the number of days after a password expires until the account is permanently
disabled. The default, -1, disables the option. Setting this to 0 disables the account
immediately after the password has expired. Replace -1 with the number to use.
-g group
Set the primary group (as listed in the /etc/group file) the new user will be in.
Replace group with the group name (-g wheel).
-G grouplist
Add the new user to the supplied comma-separated list of groups (-G
wheel,sales,tech,lunch).
-k skel_dir
Set the skeleton directory containing initial configuration files and login scripts
that should be copied to a new user’s home directory. This parameter can be used
only in conjunction with the -m option. Replace skel_dir with the directory name
to use. (Without this option, the /etc/skel directory is used.)
-m
Automatically create the user’s home directory and copy the files in the skeleton
directory (/etc/skel) to it.
continued
143
4
Part II
Running the Show
TABLE 4-2
Option
Description
-M
Do not create the new user’s home directory, even if the default behavior is set to
create it.
-n
Turn off the default behavior of creating a new group that matches the name and
user ID of the new user. This option is available with Red Hat Linux systems.
Other Linux systems often assign a new user to the group named users instead.
-o
Use with -u uid to create a user account that has the same UID as another
username. (This effectively lets you have two different usernames with authority
over the same set of files and directories.)
-p passwd
Enter a password for the account you are adding. This must be an encrypted
password. Instead of adding an encrypted password here, you can simply use the
passwd user command later to add a password for user.
-s shell
Specify the command shell to use for this account. Replace shell with the
command shell (-s bash).
-u user_id
Specify the user ID number for the account (-u 474). Without the -u option, the
default behavior is to automatically assign the next available number. Replace
user_id with the ID number (-u).
For example, let’s create an account for a new user named Mary Smith with a login name of mary.
First, log in as root, and then type the following command:
# useradd -c “Mary Smith” mary
When you choose a username, don’t begin with a number (for example, 06jsmith). Also,
it’s best to use all lowercase letters, no control characters or spaces, and a maximum of
8 characters. The useradd command allows up to 32 characters, but some applications can’t deal
with usernames that long. Tools such as ps display UIDs instead of names if names are too long.
Having users named Jsmith and jsmith can cause confusion with programs (such as sendmail) that
don’t distinguish case.
TIP
Next, set Mary’s initial password using the passwd command. You’re prompted to type the password twice:
# passwd mary
Changing password for user mary.
New password: *******
Retype new password: *******
(Asterisks in this example represent the password you type. Nothing is actually displayed when
you type the password. Also keep in mind that running passwd as root user lets you add short or
blank passwords that regular users cannot add themselves.)
144
Learning Basic Administration
In creating the account for Mary, the useradd command performs several actions:
n Reads the /etc/login.defs file to get default values to use when creating accounts.
n Checks command-line parameters to find out which default values to override.
n Creates a new user entry in the /etc/passwd and /etc/shadow files based on the
default values and command-line parameters.
n Creates any new group entries in the /etc/group file. (Fedora creates a group using the
new user’s name; Gentoo adds the user to the users group; and SUSE adds it to every
group you set for new users, such as dialout, audio, video, and other services.)
n Creates a home directory, based on the user’s name, in the /home directory.
n Copies any files located within the /etc/skel directory to the new home directory.
This usually includes login and application startup scripts.
The preceding example uses only a few of the available useradd options. Most account settings
are assigned using default values. You can set more values explicitly, if you want to; here’s an example that uses a few more options to do so:
# useradd -g users -G wheel,apache -s /bin/tcsh -c “Mary Smith” mary
In this case, useradd is told to make users the primary group mary belongs to (-g), add her to
the wheel and apache groups, and assign tcsh as her primary command shell (-s). A home directory in /home under the user’s name (/home/mary) is created by default. This command line
results in a line similar to the following being added to the /etc/passwd file:
mary:x:502:100:Mary Smith:/home/mary:/bin/tcsh
Each line in the /etc/passwd file represents a single user account record. Each field is separated
from the next by a colon (:) character. The field’s position in the sequence determines what it is.
As you can see, the login name is first. Again, the password field contains an x because we are
using a shadow password file to store encrypted password data. The user ID selected by useradd
is 502. The primary group ID is 100, which corresponds to the users group in the /etc/group
file. The comment field was correctly set to Mary Smith, the home directory was automatically
assigned as /home/mary, and the command shell was assigned as /bin/tcsh, exactly as specified with the useradd options.
By leaving out many of the options (as I did in the first useradd example), defaults are assigned
in most cases. For example, by not using -g users or -G wheel,apache, in Fedora a group
named mary would have been created and assigned to the new user. Other Linux systems assign
users as the group name by default. Likewise, excluding -s /bin/tcsh causes /bin/bash to
be assigned as the default shell.
The /etc/group file holds information about the different groups on your Linux system and the
users who belong to them. Groups are useful for enabling multiple users to share access to the
same files while denying access to others. Peek at the /etc/group file, and you find something
similar to this:
145
4
Part II
Running the Show
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root,joe,mary
apache:x:48:mary
.
.
.
nobody:x:99:
users:x:100:
chris:x:500
sheree:x:501
Each line in the group file contains the name of a group, the group ID number associated with it,
and a list of users in that group. By default, each user is added to his or her own group, beginning
with GID 500. Note that mary was added to the wheel and apache groups instead of having her
own group.
It is actually rather significant that mary was added to the wheel group. By doing this, you grant
her the capability to use the sudo command to run commands as the root user (provided that
sudo is configured as described earlier in this chapter).
Setting User Defaults
The useradd command determines the default values for new accounts by reading the
/etc/login.defs file. You can modify those defaults by either editing that file manually with a
standard text editor or by running the useradd command with the -D option. Although
login.defs is different on different Linux systems, here is an example containing many of the
settings you might find in a login.defs file:
PASS_MAX_DAYS
PASS_MIN_DAYS
PASS_MIN_LEN
PASS_WARN_AGE
UID_MIN
UID_MAX
GID_MIN
GID_MAX
CREATE_HOME yes
146
99999
0
5
7
500
60000
500
60000
Learning Basic Administration
All uncommented lines contain keyword/value pairs. For example, the keyword PASS_MIN_LEN
is followed by some white space and the value 5. This tells useradd that the user password must
be at least five characters. Other lines let you customize the valid range of automatically assigned
user ID numbers or group ID numbers. (Fedora starts at UID 500; other Linuxes start with UID
100.) A comment section that explains that keyword’s purpose precedes each keyword (which I
edited out here to save space). Altering a default value is as simple as editing the value associated
with a keyword and then saving the file.
If you want to view the defaults, type the useradd command with the -D option, as follows:
# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
You can also use the -D option to change defaults. When run with this flag, useradd refrains
from actually creating a new user account; instead, it saves any additionally supplied options as the
new default values in /etc/login.defs. Not all useradd options can be used in conjunction
with the -D option. You can use only the five options listed in Table 4-3.
TABLE 4-3
useradd Options for Changing User Defaults
Options
Description
-b default_home
Set the default directory in which user home directories are created. Replace
default_home with the directory name to use (-b garage). Usually this is
/home.
-e default_expire_date
Set the default expiration date on which the user account is disabled. The
default_expire_date value should be replaced with a date in the form
MM/DD/YYYY (-e 10/15/2007).
-f default_inactive
Set the number of days after a password has expired before the account is
disabled. Replace default_inactive with a number representing the number of
days (-f 7).
-g default_group
Set the default group that new users will be placed in. Normally useradd
creates a new group with the same name and ID number as the user. Replace
default_group with the group name to use (-g bears).
-s default_shell
Set the default shell for new users. Normally this is /bin/bash. Replace
default_shell with the full path to the shell that you want as the default for new
users (-s /bin/ash).
147
4
Part II
Running the Show
To set any of the defaults, give the -D option first, and then add the defaults you want to set. For
example, to set the default home directory location to /home/everyone and the default shell to
/bin/tcsh, type the following:
# useradd -D -b /home/everyone -s /bin/tcsh
Besides setting up user defaults, an administrator can create default files that are copied to each
user’s home directory for use. These files can include login scripts and shell configuration files
(such as .bashrc).
Other commands exist that are useful for working with user accounts, including usermod (to
modify settings for an existing account) and userdel (to delete an existing user account).
Configuring Hardware
In a perfect world, after installing and booting Linux, all of your hardware is detected and available
for access. Although many Linux systems are rapidly moving closer to that world, there are times
when you must take special steps to get your computer hardware working. Also, the growing use
of removable USB and FireWire devices (CDs, DVDs, flash drives, digital cameras, and removable
hard drives) has made it important for Linux to:
n Efficiently manage hardware that comes and goes.
n Look at the same piece of hardware in different ways (for example, be able to see a printer
as a fax machine, scanner, and storage device, as well as a printer).
If you are using a Linux system that includes the 2.6 kernel (as the latest versions of most major
Linux systems do), new kernel features have made it possible to change drastically the way hardware devices are detected and managed. Features in, or closely related to, the kernel include Udev
(to dynamically name and create devices as hardware comes and goes) and hotplug and hal (to pass
information about hardware changes to user space). Then features such as fstab-sync and gnomevolume-manager are used to react to hardware changes (for example, to mount a device or launch
an application to read the device).
If all this sounds a bit confusing, don’t worry. It’s actually designed to make your life as a Linux
user much easier. The end result of features built on the 2.6 kernel is that device handling in Linux
has become:
n More automatic — For most common hardware, when a hardware device is connected
or disconnected, it is automatically detected and identified. Interfaces to access the hardware are added, so it is accessible to Linux. Then the fact that the hardware is present (or
removed) is passed to the user level, where applications listening for hardware changes
are ready to mount the hardware and/or launch an application (such as an image viewer
or music player).
148
Learning Basic Administration
n More flexible — If you don’t like what happens automatically when a hardware item is
connected or disconnected, you can change it. For example, features built into GNOME
and KDE desktops let you choose what happens when a music CD or movie DVD is
inserted, or when a digital camera is connected. If you prefer a different program be
launched to handle it, you can easily make that change.
This section covers several issues relating to getting your hardware working properly in Linux.
First, it described how to configure Linux to deal with removable media. Then it tells how to use
tools for manually loading and working with drivers for hardware that is not detected and loaded
properly.
Managing Removable Hardware
Linux systems such as SUSE, RHEL, Fedora and others that support full KDE and GNOME desktop environments include simple graphical tools for configuring what happens when you attach
popular removable devices to the computer. So, with a KDE or GNOME desktop running, you
simply plug in a USB device or insert a CD or DVD and a window may pop up to deal with that
device.
Although different desktop environments share many of the same underlying mechanisms (Udev
and Hotplug) to detect and name removable hardware, they offer different tools for configuring
how they are mounted or used. Udev (using the udevd daemon) creates and removes devices
(/dev directory) as hardware is added and removed from the computer. The Hardware
Abstraction layer (HAL) provides the overall platform for discovering and configuring hardware.
Settings that are of interest to someone using a desktop Linux system, however, can be configured
with easy-to-use desktop tools.
The following sections describe how removable hardware and media are configured, using a
GNOME desktop in Fedora and a KDE desktop in SUSE.
Removable Media on a Fedora GNOME Desktop
The GNOME desktop offered in Fedora Core 6 offers the Removable Drives and Media Preferences
window to define happens when you attach removable devices or insert removable media into the
computer. The descriptions in this section are based on GNOME 2.16.
From a Fedora Core GNOME desktop, select System ➪ Preferences ➪ Removable Drives and
Media to see how your system is configured to handle removable hardware and media. Figure 4.4
shows an example of that window.
149
4
Part II
Running the Show
FIGURE 4.4
Change removable hardware and media settings in GNOME.
The following settings are available from the Removable Drives and Media Preferences window on
the Storage tab. These settings relate to how removable media are handled when they are inserted
or plugged in:
n Mount removable drives when hot-plugged — When a removable drive (such as a USB
hard drive) is plugged into a running system that drive is automatically mounted in a
subdirectory of /media.
n Mount removable media when inserted — When a removable medium (such as a CD
or DVD) is inserted into a drive, the medium is automatically mounted to a subdirectory
of /media that is based on the medium’s volume ID.
n Browse removable media when inserted — After a removable medium is inserted and
mounted, a Nautilus window opens to display the contents of that medium.
n Autorun programs on new drives and media — After a removable medium is inserted
and mounted, autorun any program in the top-level directory of the medium that is
named .autorun, autorun, or autorun.sh.
n Auto-open files on new drives and media — After a removable medium is inserted and
mounted, open any file in the top-level directory of the medium that is named
.autoopen or autoopen.
n Burn a CD or DVD when a blank disc is inserted — When a blank CD or DVD is
inserted, you are asked if you want to make an audio CD or data CD. Either selection
opens a CD/DVD Creator Nautilus window for you to drag-and-drop files on. Click Write
to Disc when you are done, and the files are burned to that medium.
150
Learning Basic Administration
Note that the settings described here are only in effect for the user that is currently logged in. So if
multiple users have login accounts, each can have his or her own way of handling removable
media.
The following settings are available from the Removable Drives and Media Preferences window on
the Multimedia tab:
n Audio CD — When an audio CD is inserted, the Totem player opens and starts playing
the music found on the disk. You can change to a different audio player by changing the
command, or unselect the check box next to “Play audio CD discs when inserted” to not
have audio play automatically. Some people prefer to use GNOME-CD as their CD player.
n Video DVD Discs — The Totem player is started, by default, when you insert a commercial video DVD disk into the DVD drive.
The Totem movie player will not play movie DVDs unless you add extra software to
decrypt the DVD. There are legal issues and other movie player options you should look
into if you want to play commercial DVD movies from Linux. See Chapter 20 for more information
about video players in Linux.
NOTE
n Portable Music Players — A music player is started in Linux to play files from your
portable iPod or other music player, if this is selected and you enter a player to use. The
banshee project (http://banshee-project.org) includes software for playing
music from iPods in Linux. (From Fedora, type yum install banshee to install the software from Fedora Extras. Then add ipod %d to this field to use the player.)
From the Cameras tab, the following settings are available:
n Digital Camera — Connect a digital camera and the gThumb Image Viewer (gthumbimport command) will open, ready to import digital images from your camera. You can
have other commands open the folder of digital images from your camera by replacing
the gthumb-import command with an image viewer or import application you prefer.
n Digital Video Camera — When a digital video camera is detected, you can select to have
a command you choose open the contents of that camera in a video editor. Kino is an
example of a digital video editor (www.kinodv.org).
Although there are no other commands set to launch automatically for other types of devices, there
are several types of devices you can configure. From the PDAs tab, you can select what commands
to run if a Palm or PocketPC is connected to your computer. From the other tabs, you can indicate
what to do when USB printers, scanners, mice, keyboards, or tablets are connected.
Removable Media on a SUSE KDE Desktop
When you insert a removable medium (CD or DVD) or plug in a removable device (digital camera
or USB flash drive) from a KDE desktop in SUSE, a window opens to let you choose the type of
action to take on it. If you want to add a different action, or change an existing action, click the
Configure button.
151
4
Part II
Running the Show
Figure 4.5 shows an example of the window that appears when a 32MB USB flash drive is inserted,
as well as the KDE Control Module that appears when Configure is selected:
FIGURE 4.5
Use the KDE Control Module to set how to respond to inserted media.
From the KDE Control Module, select the media type you want to change (in this case, Mounted
Removable Medium). Click Add, and then select the type of action you would like to add as an
option when that type of media is detected.
Working with Loadable Modules
If you have hardware to your computer that isn’t properly detected, you might need to manually
load a module for that hardware. Linux comes with a set of commands for loading, unloading and
getting information about hardware modules.
If you have installed the Linux kernel source code, source code files for available drivers are stored
in subdirectories of the /usr/src/linux*/drivers directory. You can find information about
these drivers in a couple of ways:
152
Learning Basic Administration
n make xconfig — With /usr/src/linux* as your current directory, type make
xconfig from a Terminal window on the desktop. Select the category of module you want
and then click Help next to the driver that interests you. The help information that
appears includes a description of the driver. (If your system is missing graphical libraries
needed to run make xconfig, try make menuconfig instead.)
n Documentation — The /usr/src/linux*/Documentation directory contains lots
of plain-text files describing different aspects of the kernel and related drivers.
After modules have been built, they are installed in the /lib/modules/ subdirectories. The
name of the directory is based on the release number of the kernel that the modules were compiled
for. Modules that are in that directory can then be loaded and unloaded as they are needed. Before
building modules for a new kernel, or more important, a current kernel, it may be wise to add
your initials to the kernel Makefile under the variable EXTRAVERSION at the top of the Makefile.
This installs your new modules under /lib/modules/kernel-version with the EXTRA
VERSION suffixed to the directory. If you completely wreck the module build, you haven’t overwritten the current modules you may be running. It also makes it easier to identify custom kernel
modules when debugging.
Listing Loaded Modules
To see which modules are currently loaded into the running kernel on your computer, use the
lsmod command. Here’s an example:
If you don’t have a Linux system installed yet, try booting KNOPPIX and using lsmod to
list your loaded modules. If all your hardware is working properly, write down this list
of modules. Later, when you permanently install Fedora or some other Linux system, if your CD drive,
modem, video card, or other hardware doesn’t work properly, you can use your list of modules to
determine which module should have been used and load it, as described in the next section.
NOTE
# lsmod
Module
Size Used by
snd_seq_oss
38912 0
snd_seq_midi_event
9344 1 snd_seq_oss
snd_seq
67728 4
snd_seq_oss,snd_seq_midi_event
snd_seq_device
8328 2 snd_seq_oss,snd_seq
.
.
.
autofs
16512 0
ne2k_pci
9056 0
8390
13568 1 ne2k_pci
ohci1394
41860 0
ieee1394
284464 1 ohci1394
floppy
65712 0
sg
36120 0
scsi_mod
124600 1 sg
153
4
Part II
Running the Show
parport_pc
parport
ext3
jbd
39724
47336
128424
86040
0
1 parport_pc
2
1 ext3
This output shows a variety of modules that have been loaded on a Linux system, including several
to support the ALSA sound system, some of which provide OSS compatibility (snd_seq_oss).
To find information about any of the loaded modules, use the modinfo command. For example,
you could type the following:
# /sbin/modinfo -d snd-seq-oss
“OSS-compatible sequencer module”
Not all modules have descriptions available. In this case, however, the snd-seq-oss module is
described as an OSS-compatible sequencer module. You can also use the -a option to see the
author of the module, or -n to see the object file representing the module. The author information
often has the e-mail address of the driver’s creator, so you can contact the author if you have problems or questions about it.
Loading Modules
You can load any module that has been compiled and installed (to the /lib/modules directory)
into your running kernel using the modprobe command. A common reason for loading a module
is to use a feature temporarily (such as loading a module to support a special file system on a
floppy you want to access). Another reason is to identify a module that will be used by a particular
piece of hardware that could not be autodetected.
Here is an example of the modprobe command being used to load the parport module, which
provides the core functions to share parallel ports with multiple devices:
# modprobe parport
After parport is loaded, you can load the parport_pc module to define the PC-style ports available
through the interface. The parport_pc module lets you optionally define the addresses and IRQ
numbers associated with each device sharing the parallel port. For example:
# modprobe parport_pc io=0x3bc irq=auto
In this example, a device is identified as having an address of 0x3bc, and the IRQ for the device is
autodetected.
The modprobe command loads modules temporarily — they disappear at the next reboot. To permanently add the module to your system, add the modprobe command line to one of the startup
scripts run at boot time. You can also add modules to the /etc/modules file to have them
loaded at startup.
154
Learning Basic Administration
An alternative to modprobe is the insmod command. The advantage of using
modprobe, however, is that insmod loads only the module you request, whereas
modprobe tries to load other modules that the one you requested is dependent on.
NOTE
Removing Modules
Use the rmmod command to remove a module from a running kernel. For example, to remove the
module parport_pc from the current kernel, type the following:
# rmmod parport_pc
If it is not currently busy, the parport_pc module is removed from the running kernel. If it is busy,
try killing any process that might be using the device. Then run rmmod again. Sometimes, the
module you are trying to remove depends on other modules that may be loaded. For instance, the
usbcore module cannot be unloaded while the USB printer module (usblp) is loaded, as
shown here:
# rmmod usbcore
ERROR: Module usbcore is in use by wacom,usblp,ehci_hcd,ohci_hcd
Managing File Systems and Disk Space
File systems in Linux are organized in a hierarchy, beginning from root (/) and continuing downward in a structure of directories and subdirectories. As an administrator of a Linux system, it’s
your duty to make sure that all the disk drives that represent your file system are available to the
users of the computer. It is also your job to make sure there is enough disk space in the right
places in the file system for users to store what they need.
File systems are organized differently in Linux than they are in Microsoft Windows operating systems. Instead of drive letters (for example, A:, B:, C:) for each local disk, network file system, CD-ROM, or other type of storage medium, everything fits neatly into the directory
structure.
COMING FROM
WINDOWS
Some drives are connected (mounted) automatically into the file system. For example, a CD might be
mounted on /media/cdrom. If the drive isn’t mounted automatically, it is up to an administrator to
create a mount point in the file system and then connect the disk to that point.
The organization of your file system begins when you install Linux. Part of the installation process
is to divide your hard disk (or disks) into partitions. Those partitions can then be assigned to:
n A part of the Linux file system
n Swap space for Linux
n Other file system types (perhaps containing other bootable operating systems)
n Free space (you can leave space unassigned so you can format it later as you need it).
155
4
Part II
Running the Show
This chapter focuses on partitions that are used for the Linux file system. To see what partitions are
currently set up on partitions that the Linux kernel has detected, use the fdisk command:
# /sbin/fdisk –l
Disk /dev/hda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4825 cylinders
Units = cylinders of 16065 * 512 bytes = 8225280 bytes
Device Boot
/dev/hda1
*
/dev/hda2
/dev/hda3
/dev/hda4
/dev/hda5
Start
1
84
90
523
523
End
13
89
522
554
554
Blocks
104
48195
3478072+
257040
257008+
Id
b
83
83
5
82
System
Win95 FAT32
Linux
Linux
Extended
Linux swap
This output shows the disk partitioning for a computer capable of running both Linux and
Microsoft Windows. You can see that the Linux partition on /dev/hda3 has most of the space
available for data. There is a Windows partition (/dev/hda1) and a Linux swap partition
(/dev/hda5). There is also a small /boot partition (46MB) on /dev/hda2. In this case, the
root partition for Linux has 3.3GB of disk space and resides on /dev/hda3. Fdisk –l uses partition information found in /proc/partitions unless explicitly given on the command line.
Next use the mount command (with no options) to see what partitions are actually being used for
your Linux system (which available disk partitions are actually mounted and where they are
mounted):
# mount
/dev/hda3 on / type ext3 (rw)
/dev/hda2 on /boot type ext3 (rw)
/dev/hda1 on /mnt/win type vfat (rw)
/dev/proc on /proc type proc (rw)
/dev/sys on /sys type sysfs (rw)
/dev/devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/hdc on /media/cdrecorder type iso9660 (ro,nosuid,nodev)
Although some of the file systems shown as mounted are for special purposes (/sys, /proc, and
others), our concern here is with disk partition (/dev/hd*, /dev/sd*, and so on). The mounted
Linux partitions in this case are /dev/hda2, which provides space for the /boot directory (contains data for booting Linux), and /dev/hda3, which provides space for the rest of the Linux file
system beginning from the root directory (/).
This particular system also contains a Windows partition that was mounted in the /mnt/win
directory and a CD that was mounted in /media/cdrecorder. (With most GUI interfaces, the
CD is typically mounted automatically when you insert it. For 2.6 kernels, look in the /media
directory; for 2.4 kernels the /mnt directory is often used.)
156
Learning Basic Administration
After the word type, you can see the type of file system contained on the device. (See the description of different file system types later in this chapter.) Particularly on larger Linux systems, you
may have multiple partitions for several reasons:
n Multiple hard disks — You may have several hard disks available to your users. In that
case you would have to mount each disk (and possibly several partitions from each disk)
in different locations in your file system.
n Protecting different parts of the file system — If the users on a system consume all of
the file system space, the entire system can fail. For example, there may be no place for
temporary files to be copied (so the programs writing to temporary files fail), and incoming mail may fail to be written to mail boxes. With multiple mounted partitions, if one
partition runs out of space, the others can continue to work.
n Multiple operating systems — You can configure your disk to contain multiple partitions that can each be used to hold a different operating system type. For example, if you
started with a computer that had Windows on the hard disk, you could put Linux on a
separate partition, and then set up the computer to boot either operating system.
n Backups — Some fast ways exist to back up data from your computer that involve copying the entire image of a disk or partition. If you want to restore that partition later, you
can simply copy it back (bit by bit) to a hard disk. With smaller partitions, this approach
can be done fairly efficiently.
n Protecting from disk failure — If one disk (or part of one disk) fails, having multiple
partitions mounted on your file system may let you continue working and just fix the one
disk that fails. Ghost for Linux (http://freshmeat.net/projects/g4l) is an
example of a tool for backing up a hard disk partition in Linux.
When a disk partition is mounted on the Linux file system, all directories and subdirectories below
that mount point are stored on that partition. So, for example, if you were to mount one partition
on / and one on /usr, everything below the /usr mount point would be stored on the second
partition while everything else would be stored on the first partition. If you then mounted another
partition on /usr/local, everything below that mount point would be on the third partition,
while everything else below /usr would be on the second partition.
What happens if a remote file system is unmounted from your computer, and you go to
save a file in that mount point directory? You will write the file to that directory and it
will be stored on your local hard disk. When the remote file system is remounted, however, the file
you saved will seem to disappear. To get the file back, you’ll have to unmount the remote file system
(causing the file to reappear), move the file to another location, remount the file system, and copy
the file back there.
TIP
Mount points often mentioned as being candidates for separate partitions include /, /boot, /home,
/usr, and /var. The root file system (/) is the catchall for directories that aren’t in other mount
points. The root file system’s mount point (/) is the only one that is required. The /boot directory
holds the images needed to boot the operating system. The /home file system is where all the user
accounts are typically stored. Applications and documentation are stored in /usr. Below the /var
mount point is where log files, temporary files, server files (Web, FTP, and so on), and lock files are
stored (that is, items that need disk space for your computer’s applications to keep running).
157
4
Part II
Running the Show
The fact that multiple partitions are mounted on your file system is invisible to people using your
Linux system. It is an issue only when a partition runs out of space or if users need to save or use
information from a particular device (such as a floppy disk or remote file system) that isn’t
mounted. Of course, any user can check this by typing the mount command.
Mounting File Systems
Most of your hard disks are mounted automatically for you. When you install Fedora, Ubuntu,
SUSE, and some other Linux systems, you are asked to create partitions and indicate the mount
points for those partitions. (Other Linux installation procedures will expect you to know that you
have to partition before beginning.) When you boot Linux, all Linux partitions residing on hard
disk that are listed in your /etc/fstab file are typically mounted. For that reason, this section
focuses mostly on how to mount other types of devices so that they become part of your Linux file
system.
The mount command is used not only to mount devices but also to mount other kinds of file systems on your Linux system. This means that you can store files from other operating systems or
use file systems that are appropriate for certain kinds of activities (such as writing large block
sizes). The most common use of this feature for the average Linux user, however, is to enable that
user to obtain and work with files from floppy disks, CD-ROMs, or other removable media.
With the addition of automatic mounting features and changes in how removable media
are identified with the Linux 2.6 kernel (see descriptions of Udev and HAL earlier in this
chapter), you no longer need to manually mount removable media for many Linux desktop systems.
Understanding how to manually mount and unmount file systems on a Linux server, however, can be
a very useful skill.
NOTE
Supported File Systems
To see file system types that are currently available to be used on your system, type cat
/proc/filesystems. Table 4-4 shows the file system types that are supported in Linux, although
they may not be in use at the moment or they may not be built into your current kernel (so they
may need to be loaded as modules).
TABLE 4-4
Supported File System Types
Type
Description
adfs
Acorn disk file system, which is the standard file system used on RiscOS operating systems.
befs
File system used by the BeOS operating system.
cifs
Common Internet File System (CIFS), the virtual file system used to access servers that comply
with the SNIA CIFS specification. CIFS is an attempt to refine and standardize the SMB
protocol used by Samba and Windows file sharing.
158
Learning Basic Administration
Type
Description
ext3
Ext file systems are the most common in Red Hat and many other Linux systems. The ext3 file
system, also called the Third Extended file system, includes journaling features that, compared
to ext2, improve a file system’s capability to recover from crashes.
ext2
The default file system type for earlier Linux systems. Features are the same as ext3, except that
ext2 doesn’t include journaling features.
ext
This is the first version of ext3. It is not used very often anymore.
iso9660
Evolved from the High Sierra file system (the original standard for CD-ROMs). Extensions to the
High Sierra standard (called Rock Ridge extensions) allow iso9660 file systems to support long
filenames and UNIX-style information (such as file permissions, ownership, and links). Data
CD-ROMs typically use this file system type.
kafs
AFS client file system. Used in distributed computing environments to share files with Linux,
Windows, and Macintosh clients.
minix
Minix file system type, used originally with the Minix version of UNIX. It supports filenames of
up to only 30 characters.
msdos
An MS-DOS file system. You can use this type to mount floppy disks that come from Microsoft
operating systems.
vfat
Microsoft extended FAT (VFAT) file system.
umsdos
An MS-DOS file system with extensions to allow features that are similar to UNIX (including
long filenames).
proc
Not a real file system, but rather a file system interface to the Linux kernel. You probably won’t
do anything special to set up a proc file system. However, the /proc mount point should be a
proc file system. Many utilities rely on /proc to gain access to Linux kernel information.
reiserfs
ReiserFS journaled file system. ReiserFS and ext3 are the most common file system types used
with Linux today.
swap
Used for swap partitions. Swap areas are used to hold data temporarily when RAM is currently
used up. Data is swapped to the swap area and then returned to RAM when it is needed again.
squashfs
Compressed, read-only file system type. Squashfs is popular on live CDs, where there is limited
space and a read-only medium (such as a CD or DVD).
nfs
Network File System (NFS) type of file system. NFS is used to mount file systems on other Linux
or UNIX computers.
hpfs
File system is used to do read-only mounts of an OS/2 HPFS file system.
ncpfs
This relates to Novell NetWare file systems. NetWare file systems can be mounted over a
network.
ntfs
Windows NT file system. It is supported as a read-only file system (so that you can mount and
copy files from it). Read-write support is available but considered unreliable (some say
dangerous).
affs
File system is used with Amiga computers.
ufs
File system popular on Sun Microsystems operating systems (that is, Solaris and SunOS).
159
4
Part II
Running the Show
If you want to use a file system type that is not currently shown as available on your system (when
you type cat /proc/filesystems), try using modprobe to load the module for that file systems. For example, modprobe ufs adds the UFS file system type to the running kernel. Type man
fs to see descriptions of Linux file systems.
Using the fstab File to Define Mountable File Systems
The hard disk partitions on your local computer and the remote file systems you use every day are
probably set up to automatically mount when you boot Linux. The /etc/fstab file contains definitions for each partition, along with options describing how the partition is mounted. Here’s an
example of an /etc/fstab file:
LABEL=/
LABEL=/boot
/dev/devpts
/dev/shm
/dev/proc
/dev/sys
/dev/hda5
/dev/hdc
/dev/hda1
/dev/fd0
/
/boot
/dev/pts
/dev/shm
/proc
/sys
swap
/media/cdrecorder
/mnt/win
/mnt/floppy
ext3
ext3
devpts
tmpfs
proc
sysfs
swap
udf,iso9660
vfat
auto
defaults
defaults
gid=5,mode=620
defaults
defaults
defaults
defaults
exec,noauto,managed
noauto
noauto,owner
1
1
0
0
0
0
0
0
0
0
1
2
0
0
0
0
0
0
0
0
All partitions listed in this file are mounted at boot time, except for those set to noauto in the
fourth field. In this example, the root (/) and boot (/boot) hard disk partitions are mounted at
boot time, along with the /dev/pts, /dev/shm, /dev/sys, /dev/shm, and /proc file systems (which are not associated with particular storage devices). The CD drive (/dev/hdc) and
floppy disk (/dev/fd0) drives are not mounted at boot time. Definitions are put in the fstab
file for floppy and CD drives so that they can be mounted in the future (as described later).
I also added one line for /dev/hda1, which enables me to mount the Windows (vfat) partition on
my computer so I don’t have to always boot Windows to get at the files on my Windows partition.
Most Windows systems today use the NTFS file system. Support for this system, however, is not delivered with every Linux system. NTFS support is available from the LinuxNTFS project (www.linux-ntfs.sourceforge.org).
COMING FROM
WINDOWS
If your computer is configured to dual boot Linux and Windows, you can mount your Windows file
system to make it available in Linux. To access your Windows partition, you must first create the
mount point (in this example, by typing mkdir /mnt/win). Then you can mount it when you choose by
typing (as root) mount /mnt/win.
Different Linux distributions will set up their fstab file differently. Some don’t use labels and
many others don’t use a separate /boot partition by default. They will just have a swap partition
and have all user data under the root partition (/).
Here is what’s in each field of the fstab file:
160
Learning Basic Administration
n Field 1 — The name of the device representing the file system. This field can include the
LABEL option, with which you can indicate a universally unique identifier (UUID) or
volume label instead of a device name. The advantage to this approach is that because the
partition is identified by volume name, you can move a volume to a different device name
and not have to change the fstab file.
n Field 2 — The mount point in the file system. The file system contains all data from the
mount point down the directory tree structure unless another file system is mounted at
some point beneath it.
n Field 3 — The file system type. Valid file system types are described in the “Supported
File Systems” section earlier in this chapter.
n Field 4 — Options to the mount command. In the preceding example, the noauto
option prevents the indicated file system from being mounted at boot time, and ro says
to mount the file system read-only (which is reasonable for a CD drive). Commas must
separate options. See the mount command manual page (under the -o option) for information on other supported options.
Normally, only the root user is allowed to mount a file system using the mount command. However, to allow any user to mount a file system (such as a file system on a
floppy disk), you could add the user option to Field 4 of /etc/fstab. In SUSE, read/write permissions are given to specific devices (such as disk or audio devices) by specific groups (such as the disk
or audio group) so that users assigned to those groups can mount or otherwise access those devices.
In the YaST Control Center, choose the Security and Users ➪ User Management ➪ Expert Options ➪
Defaults for New Users. The Secondary Groups box indicates which of these additional groups each
user is assigned to.
TIP
n Field 5 — The number in this field indicates whether the indicated file system needs to
be dumped (that is, have its data backed up). A 1 means that the file system needs to be
dumped, and a 2 means that it doesn’t. (I don’t think this field is useful anymore because
many Linux systems no longer include the dump command. Most often, a 0 is used.)
n Field 6 — The number in this field indicates whether the indicated file system needs to
be checked with fsck: 1 means it needs to be checked, and 2 means it doesn’t.
If you want to add an additional local disk or partition, you can create an entry for it in the
/etc/fstab file. See Chapter 27 for information on mounting Samba, NFS, and other remount
file systems from /etc/fstab.
Using the mount Command to Mount File Systems
Linux systems automatically run mount -a (mount all file systems) each time you boot. For that
reason, you generally use the mount command only for special situations. In particular, the average user or administrator uses mount in two ways:
n To display the disks, partitions, and remote file systems currently mounted.
n To temporarily mount a file system.
161
4
Part II
Running the Show
Any user can type mount (with no options) to see what file systems are currently mounted on the
local Linux system. The following is an example of the mount command. It shows a single hard
disk partition (/dev/hda1) containing the root (/) file system, and proc and devpts file system
types mounted on /proc and /dev, respectively. The last entry shows a floppy disk, formatted
with a standard Linux file system (ext3) mounted on the /mnt/floppy directory.
$ mount
/dev/hda3 on / type ext3 (rw)
/dev/hda2 on /boot type ext3 (rw)
/dev/proc on /proc type proc (rw)
/dev/sys on /sys type sysfs (rw)
/dev/devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/hdc on /media/cdrecorder type iso9660 (ro,nosuid,nodev)
/dev/fd0 on /mnt/floppy type ext3 (rw)
Traditionally, the most common devices to mount by hand are your floppy disk and your CD drive.
However, depending on the type of desktop you are using, CDs and floppy disks may be mounted
for you automatically when you insert them. (In some cases, the autorun program may also run
automatically. For example, autorun may start a CD music player or software package installer to
handle the data on the medium.)
Mounting Removable Media
If you want to mount a file system manually, the /etc/fstab file helps make it simple to mount
a floppy disk or a CD. In some cases, you can use the mount command with a single option to
indicate what you want to mount, and information is taken from the /etc/fstab file to fill in the
other options. There are probably already entries in your /etc/fstab file to let you do these
quick mounts in the following two cases:
n CD — If you are mounting a CD that is in the standard ISO 9960 format (as most software CD-ROMs are), you can mount that CD by placing it in your CD-ROM drive and
typing one of the following:
# mount /media/cd*
# mount /mnt/cdrom
By default, a CD is usually mounted on the /mnt/cdrom directory (Linux 2.4 kernels)
or a subdirectory of /media (Linux 2.6 kernels). (The file system type, device name, and
other options are filled in automatically.) To see the contents, type cd /mnt/cdrom or cd
/media/cd*, and then type ls. Files from the CD’s root directory will be displayed.
n Floppy disk — If you want to mount a floppy in the Linux ext3 file system format (ext3),
or in some cases a format that can be autodetected, mount that floppy disk by inserting it
in your floppy drive and typing one of the following:
# mount /media/floppy*
# mount /mnt/floppy
162
Learning Basic Administration
The file system type (ext3), device (/dev/fd0), and mount options are filled in from the
/etc/fstab file. You should be able to change to the floppy disk directory (cd
/mnt/floppy or cd /media/floppy*) and list the contents of the floppy’s top directory (ls).
In both of the these cases, you could give the device name (which is something like
/dev/hdc, /dev/cdrom or /dev/fd0) instead of the mount point directory to get
the same results.
NOTE
Of course, it is possible that you may get floppy disks you want to use that are in different formats.
Someone may give you a floppy containing files from an older Microsoft operating system (in MSDOS format). Or you may get a file from another UNIX system. In those cases, you can fill in your
own options instead of relying on options from the /etc/fstab file. In some cases, Linux
autodetects that the floppy disk contains an MS-DOS (or Windows vfat) file system and mounts
it properly without additional arguments. If it doesn’t, here’s an example of how to mount a floppy
containing MS-DOS files:
# mkdir /mnt/floppy
# mount -t msdos /dev/fd0 /mnt/floppy
This shows the basic format of the mount command you would use to mount a floppy disk. You
can change msdos to any other supported file system type (described earlier in this chapter) to
mount a floppy of that type. Instead of using floppy drive A: (/dev/fd0), you could use drive B:
(/dev/fd1) or any other accessible drive. Instead of mounting on /mnt/floppy, you could create any other directory and mount the floppy there.
Here are some other useful options you could add to the mount command:
n -t auto — If you aren’t sure exactly what type of file system is contained on the floppy
disk (or other medium you are mounting), use this option to indicate the file system type.
The mount command will query the disk to try to ascertain what type of file system it
contains.
n -r — If you don’t want to make changes to the mounted file system (or can’t because it is
a read-only medium), use this option to mount it read-only.
n -w — This mounts the file system with read/write permission.
Mounting a Disk Image in Loopback
Another valuable way to use the mount command has to do with disk images. If you download a
CD or floppy disk image from the Internet and you want to see what it contains, you can do so
without burning it to CD or floppy. With the image on your hard disk, create a mount point and
use the -o loop option to mount it locally. Here’s an example:
# mkdir /mnt/mycdimage
# mount -o loop whatever-i386-disc1.iso /mnt/mycdimage
163
4
Part II
Running the Show
In this example, the /mnt/mycdimage directory is created, and then the disk image file
(whatever-i386-disc1.iso) residing in the current directory is mounted on it. I can now
cd to that directory, view the contents of it, and copy or use any of its contents. This is useful for
downloaded CD images from which you want to install software without having to burn the image
to CD. You could also share that mountpoint over NFS, so you could install the software from
another computer. When you are done, just type umount /mnt/cdimage to unmount it.
Other options to mount are available only for specific file system types. See the mount manual
page for those and other useful options.
Using the umount Command
When you are done using a temporary file system, or you want to unmount a permanent file system temporarily, use the umount command. This command detaches the file system from its
mount point in your Linux file system. To use umount, you can give it either a directory name or a
device name. For example:
# umount /mnt/floppy
This unmounts the device (probably /dev/fd0) from the mount point /mnt/floppy. You can
also unmount using the form
# umount /dev/fd0
In general, it’s better to use the directory name (/mnt/floppy) because the umount command
will fail if the device is mounted in more than one location. (Device names all begin with /dev.)
If you get the message device is busy, the umount request has failed because either a process
has a file open on the device or you have a shell open with a directory on the device as a current
directory. Stop the processes or change to a directory outside the device you are trying to unmount
for the umount request to succeed.
An alternative for unmounting a busy device is the -l option. With umount -l (a lazy unmount),
the unmount happens as soon as the device is no longer busy. To unmount a remote NFS file system that’s no longer available (for example, the server went down), you can use the umount -f
option to forcibly unmount the NFS file system.
A really useful tool for discovering what’s holding open a device you want to unmount is
the lsof command. Type lsof with the name of the partition you want to unmount
(such as lsof /mnt/floppy). The output shows you what commands are holding open files on that
partition.
TIP
Using the mkfs Command to Create a File System
You can create a file system for any supported file system type on a disk or partition that you
choose. You do so with the mkfs command. While this is most useful for creating file systems on
hard-disk partitions, you can create file systems on floppy disks or rewritable CDs as well.
164
Learning Basic Administration
Here is an example of using mkfs to create a file system on a floppy disk:
# mkfs -t ext3 /dev/fd0
mke2fs 1.39, (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
184 inodes, 1440 blocks
72 blocks (5.00%) reserved for the super user
First data block=1
1 block group
8192 blocks per group, 8192 fragments per group
184 inodes per group
Writing inode tables: done
Filesystem too small for a journal
Writing superblocks and filesystem accounting information:
done
The filesystem will be automatically checked every 32 mounts
or
180 days, whichever comes first. Use tune2fs -c or -i to
override.
You can see the statistics that are output with the formatting done by the mkfs command. The
number of inodes and blocks created are output, as are the number of blocks per group and fragments per group. You could now mount this file system (mount /mnt/floppy), change to it as
your current directory (cd /mnt/floppy), and create files on it as you please.
Adding a Hard Disk
Adding a new hard disk to your computer so that it can be used by Linux requires a combination
of steps described in previous sections. Here’s the general procedure:
1. Install the new hard disk hardware.
2. Identify the partitions on the new disk.
3. Create the file systems on the new disk.
4. Mount the file systems.
The easiest way to add a hard disk to Linux is to have the entire disk devoted to a single Linux partition. You can have multiple partitions, however, and assign them each to different types of file
systems and different mount points, if you like. The following process takes you through adding a
hard disk containing a single Linux partition. Along the way, it also notes which steps you need to
repeat to have multiple file systems with multiple mount points.
165
4
Part II
Running the Show
This procedure assumes that Linux is already installed and working on the computer. If
this is not the case, follow the instructions for adding a hard disk on your current operating system. Later, when you install Linux, you can identify this disk when you are asked to partition
your hard disk(s).
NOTE
1. Follow the manufacturer’s instructions for physically installing and connecting the new
hard disk in your computer. If, presumably, this is a second hard disk, you may need to
change jumpers on the hard disk unit itself to have it operate as a slave hard disk (if it’s
on the same cable as your first hard disk). You may also need to change the BIOS settings.
2. Boot your computer to Linux.
3. Determine the device name for the hard disk. As root user from a shell, type:
# dmesg | less
4. From the output, look for an indication that the new disk was found. For example, if it’s a
second IDE hard disk, you should see hdb: in the output. For a second SCSI drive, you
should see sdb: instead. (The hd? and sd? drive letters are incremented as they are
found by the kernel.) Be sure you identify the correct disk, or you will erase all the data
from disks you probably want to keep!
5. Use the fdisk command to create partitions on the new disk. For example, if you are
formatting the second IDE disk (hdb), you can type the following:
# fdisk /dev/hdb
Now you are in fdisk command mode, where you can use the fdisk single-letter command set to work with your partitions. If the disk had existing partitions on it, you can
change or delete those partitions now. Or, you can simply reformat the whole disk to
blow everything away. Use p to view all partitions and d to delete a partition.
6. To create a new partition, type the following:
n
7. Choose an extended (e) or primary partition (p). To choose a primary partition, type the
following:
p
8. Type in the partition number. If you are creating the first partition (or for only one partition), type the number one:
1
Enter the first cylinder number (1 is the default). A range of cylinder numbers is displayed (for example, 1-4865 is the number of cylinders that appears for my 40GB hard
drive).
9. To assign the new partition to begin at the first cylinder on the new hard disk, type the
number 1.
10. Enter the last cylinder number. If you are using the entire hard disk, use the last cylinder
number shown. Otherwise, choose the ending cylinder number or indicate how many
megabytes the partition should have.
166
Learning Basic Administration
11. To create more partitions on the hard disk, repeat Steps 6 through 10 for each partition
(possibly changing the file system types as needed).
12. Type w to write changes to the hard disk and exit from the fdisk command. At this
point, you should be back at the shell.
13. To create a file system on the new disk partition, use the mkfs command. By default, this
command creates an ext2 file system, which is usable by Linux. However, in most cases
you will want to use a journaling file system (such as ext3 or reiserfs). To create an ext3
file system on the first partition of the second hard disk, type the following:
# mkfs -t ext3 /dev/hdb1
If you created multiple partitions, repeat this step for each partition (such as
/dev/hdb2, /dev/hdb3, and so on).
If you don’t use -t ext3, an ext2 file system is created by default. Use other commands, or options to this command, to create other file system types. For example, use
mkfs.vfat to create a VFAT file system, mkfs.msdos for DOS, or mkfs.reiserfs for Reiser file
system type. The tune2fs command, described later in this section, can be used to change an ext2
file system to an ext3 file system.
TIP
14. After the file system is created, you can have the partition permanently mounted by editing the /etc/fstab and adding the new partition. Here is an example of a line you
might add to that file:
/dev/hdb1
/abc
ext3
defaults
1 1
In this example, the partition (/dev/hdb1) is mounted on the /abc directory as an ext3
file system. The defaults keyword causes the partition to be mounted at boot time.
The numbers 1 1 cause the disk to be checked for errors. Add one line like this example
for each partition you created.
15. Create the mount point. For example, to mount the partition on /abc (as shown in the
previous step), type the following:
# mkdir /abc
16. Create your other mount points if you created multiple partitions. The next time you
boot Linux, the new partition(s) will be automatically mounted on the /abc directory.
After you have created the file systems on your partitions, a nice tool for adjusting those file systems is the tune2fs command. You can use it to change volume labels, how often the file system
is checked, and error behavior. You can also use it to change an ext2 file system to an ext3 file system so the file system can use journaling. For example:
# tune2fs -j /dev/hdb1
tune2fs 1.39 (29-May-2006)
Creating journal inode: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
167
4
Part II
Running the Show
By adding the -j option to tune2fs, you can change either the journal size or attach the file system to an external journal block device (essentially turning a nonjournaling ext2 file system into a
journaling ext3 file system). After you use tune2fs to change your file system type, you probably
need to correct your /etc/fstab file to include the file type change (from ext2 to ext3).
Checking System Space
Running out of disk space on your computer is not a happy situation. You can use tools that come
with Linux to keep track of how much disk space has been used on your computer, and you can
keep an eye on users who consume a lot of disk space.
Displaying System Space with df
You can display the space available in your file systems using the df command. To see the amount
of space available on all the mounted file systems on your Linux computer, type df with no
options:
$ df
Filesystem
/dev/hda3
/dev/hda2
/dev/fd0
1k-blocks
30645460
46668
1412
Used
2958356
8340
13
Available
26130408
35919
1327
Use%
11%
19%
1%
Mounted on
/
/boot
/mnt/floppy
This example output shows the space available on the hard disk partition mounted on the / (root)
partition (/dev/hda1) and /boot partition (/dev/hda2), and the floppy disk mounted on the
/mnt/floppy directory (/dev/fd0). Disk space is shown in 1K blocks. To produce output in a
more human-readable form, use the -h option:
$ df -h
Filesystem
/dev/hda3
/dev/hda2
/dev/fd0
Size
29G
46M
1.4M
Used
2.9G
8.2M
13k
Avail
24G
25M
1.2M
Use%
11%
19%
1%
Mounted on
/
/boot
/mnt/floppy
With the df -h option, output appears in a friendlier megabyte or gigabyte listing. Other options
with df enable you to do the following:
n Print only file systems of a particular type (-t type)
n Exclude file systems of a particular type (-x type)
n Include file systems that have no space, such as /proc and /dev/pts (-a)
n List only available and used inodes (-i)
n Display disk space in certain block sizes (--block-size=#)
168
Learning Basic Administration
Checking Disk Usage with du
To find out how much space is being consumed by a particular directory (and its subdirectories),
use the du command. With no options, du lists all directories below the current directory, along
with the space consumed by each directory. At the end, du produces total disk space used within
that directory structure.
The du command is a good way to check how much space is being used by a particular user (du
/home/user1) or in a particular file system partition (du /var). By default, disk space is displayed in 1K block sizes. To make the output friendlier (in kilobytes, megabytes, and gigabytes),
use the -h option as follows:
$ du -h /home/jake
114k
/home/jake/httpd/stuff
234k
/home/jake/httpd
137k
/home/jake/uucp/data
701k
/home/jake/uucp
1.0M
/home/jake
The output shows the disk space used in each directory under the home directory of the user
named jake (/home/jake). Disk space consumed is shown in kilobytes (k) and megabytes (M).
The total space consumed by /home/jake is shown on the last line.
Finding Disk Consumption with find
The find command is a great way to find file consumption of your hard disk using a variety of
criteria. You can get a good idea of where disk space can be recovered by finding files that are over
a certain size or were created by a particular person.
You must be root user to run this command effectively, unless you are just checking
your personal files. If you are not root user, there will be many places in the file system
that you will not have permission to check. Regular users can usually check their own home directories but not those of others.
NOTE
In the following example, the find command searches the root file system (/) for any files owned
by the user named jake (-user jake) and prints the filenames. The output of the find command is organized in a long listing in size order (ls -ldS). Finally, that output is sent to the file
/tmp/jake. When you view the file /tmp/jake (for example, less /tmp/jake), you will find
all of the files that are owned by the user jake listed in size order. Here is the command line:
# find / -xdev -user jake -print | xargs ls -ldS > /tmp/jake
The -xdev option prevents file systems other than the selected file system from being
searched. This is a good way to cut out a lot of junk that may be output from the /proc
file system. It can also keep large remotely mounted file systems from being searched.
TIP
Here’s another example, except that instead of looking for a user’s files, we’re looking for files larger
than 100 kilobytes (-size +100k):
# find / -xdev -size +100k -print | xargs ls -ldS > /tmp/size
169
4
Part II
Running the Show
You can save yourself a lot of disk space by just removing some of the largest files that are no
longer needed. In this example, you can see large files are sorted by size in the /tmp/size file.
Monitoring System Performance
If your Linux system is a multiuser computer, sharing the processing power of that computer can
be a major issue. Likewise, any time you can stop a runaway process or reduce the overhead of an
unnecessary program running, your Linux server can do a better job serving files, Web pages, or
e-mail to the people who rely on it.
Linux includes utilities that can help you monitor the performance of your Linux system. The
kinds of features you want to monitor in Linux include CPU usage, memory usage (RAM and swap
space), and overall load on the system. A popular tool for monitoring that information in Linux is
the top command.
To start the top utility in a Terminal window, type top. The top command determines the largest
CPU-consuming processes on your computer, displays them in descending order on your screen,
and updates the list every 5 seconds.
By adding the -S option to top, the display shows you the cumulative CPU time for each process,
as well as any child processes that may already have exited. If you want to change how often the
screen is updated, you can add the -d secs option, where secs is replaced by the number of seconds
between updates.
By default, processes are sorted by CPU usage. You can sort processes numerically by PID (press
N), by age (press A), by resident memory usage (press M), or by time (press T). To return to CPU
usage, press P. To terminate a process, type k and enter the PID of the process you want to kill
(listed in the left column). Be careful to kill only processes you are sure you don’t need or want.
Summary
Although you may be using Linux as a single-user system, many of the tasks you must perform to
keep your computer running are defined as administrator tasks. A special user account called the
root user is needed to do many of the things necessary to keep Linux working as you would like it
to. If you are administering a Linux system used by lots of people, the task of administration
becomes even larger. You must be able to add and support users, maintain the file systems, and
ensure that system performance serves your users well.
To help the administrator, Linux comes with a variety of command-line utilities and graphical windows for configuring and maintaining your system. Commands such as mkfs and mount let you
create and mount file systems, respectively. Tools such as top let you monitor system performance.
170
Getting on the Internet
Y
ou won’t tap into the real power of Linux until you have connected it
to a network — in particular, the Internet. Your computer probably
has an Ethernet interface built in, so you can just plug a LAN (local
area network) cable into it to connect to a LAN (hub or switch), DSL bridge
or router, or cable modem. Some computers, particularly laptops, may have
wireless Ethernet hardware built in.
Your computer also may have a dial-up modem. If you have an older computer that has no Ethernet card or you are in a situation in which you need
to dial out over regular phone lines to reach your Internet service provider
(ISP), you use this modem to get on the Internet.
This chapter describes how to connect your Linux system to the Internet.
With broadband and wireless networks becoming more prevalent, Ethernet
connections are becoming the most common means of connecting to the
Internet. For dial-up connections, you’ll see how to use kppp (a dialer GUI
that is often packaged with KDE desktops).
Sharing Internet connections with multiple desktop systems or even your
own mail or Web server is not that difficult to do from a hardware perspective. However, there are some security and configuration issues to consider
when you set out to expand how you use your Internet connection. A Linux
system includes software that lets you configure it as a firewall, router, and a
variety of server types to help you get this done.
171
IN THIS CHAPTER
Connecting to the Internet
Connecting to the Internet
with Ethernet
Connecting to the Internet
with dial-up
Connecting to the Internet
with wireless
Part II
Running the Show
Connecting to the Network
Linux supports a wide range of wired and wireless network devices, as well as a dizzying array of
network protocols to communicate over that media. As a home or small office Linux user, you can
start evaluating how to configure your connection to the Internet from Linux by considering:
n The type of Internet account you have with your ISP (dial-up or broadband)
n Whether or not you are connecting a single computer, a bunch of desktops, and/or one
or more server machines to the Internet
Connecting via Dial-Up Service
Until a few years ago, dial-up was the most common method for an individual to get on to the
Internet. Many computers had dial-up modems built into the motherboard or had serial ports
where a modem could easily be connected. Many computers today do not include modems, but
serial or USB modems can be purchased for just a few dollars if you need to use dial-up.
Once you have a modem (56 Kbps speed is the standard today), the only other equipment you
need is a regular telephone line. Essentially, you can use a dial-up modem anywhere you can
connect to a phone line. Linux contains the tools you need to configure and complete a dial-up
connection. Figure 5.1 shows the setup for the connection.
FIGURE 5.1
Connect a modem to a serial or USB port and dial out over regular phone lines.
Serial port
Telephone jack
Modem
ISP
PPP connection to Internet
Linux workstation
One difficulty with using modems in Linux is that many computers with built-in modems (especially laptops) come with what are referred to as Winmodems. With Winmodems, some of the processing normally done on the modem is actually implemented within the Windows system.
Winmodems don’t always look like real modems to Linux systems because, without the code that’s
inside Windows, they don’t behave like real modems when they are connected to Linux systems.
Some Winmodems are supported in Linux, and those are sometimes referred to as Linmodems. If
you find that Linux fails to detect your modem, check out the Linmodems Support Page
172
Getting on the Internet
(http://linmodems.technion.ac.il) or the LinModems.org page (http://www.
linmodems.org). It can help you determine if you have a Winmodem and, if so, help you find
the right Linmodem driver (if one is available).
If you find that you have a Winmodem, you are usually better off getting a real modem
instead. An inexpensive external serial modem can save you the trouble of getting and
loading a Linmodem driver that may or may not work. Most external modems or internal PCI
modems described as being “controller-based” work well in Linux.
TIP
Connecting a Single Computer to Broadband
Increasingly, individuals have the option of signing up for broadband Internet service with cable
television providers or local telephone companies. These connections typically provide transmission speeds rated at least five times greater than you can get with a dial-up connection.
The equipment you need to make broadband connections from your home or small office is typically a cable modem or Digital Subscriber Line (DSL) modem. Cable modems share the bandwidth
of the cable television line coming into your location. DSL uses existing house or office phone
wires to connect to the Internet, sharing the wires with your phone service.
Because there are many ways that your ISP may be providing your Internet service, you should
check with it to get the right hardware you need to connect. In particular, you should know that
there are several incompatible DSL standards (ADSL, CDSL, HDSL, SDSL, and so on), so you can’t
just go out and buy DSL equipment without some guidance.
If you are using an external DSL or cable modem, chances are that a single connection from your
Linux machine to that equipment requires only:
n An Ethernet port on your computer
n A LAN cable (often provided with the ISP equipment)
n The DSL router/bridge or cable modem (often provided by ISP)
Figure 5.2 illustrates a Linux computer connected to a broadband cable modem.
Broadband equipment often supplies a service called Dynamic Host Configuration Protocol
(DHCP). DHCP provides the Internet addresses and other information that a client computer
needs to connect to the network. With the cable/DSL modem acting as a DHCP server, you can literally start using the Internet without doing any special configuration in Linux. Just plug in, boot
Linux, and start browsing the Web.
The DSL or cable modem often acts as a router between the ISP and your computer.
Usually that device will also include a firewall configured to do network address
translation. Alternatively, some broadband equipment operates in a “bridging mode,” in which it
doesn’t do routing, but simply passes data through as though your computer were on the same LAN
as that of the ISP. In this setup, the public IP address is assigned to your computer instead of the DSL
or cable modem.
NOTE
173
5
Part II
Running the Show
FIGURE 5.2
Connect an Ethernet card to broadband and start surfing.
Firewall
(iptables)
Linux
DHCP
DSL router
or cable modem
ISP
Linux Workstation
Broadband
Connection
Route to Internet
Connecting Multiple Computers to Broadband
Instead of connecting your Linux computer directly to the cable modem or DSL equipment, you
can join your machines together on a LAN, and then connect the LAN to your ISP equipment so
that everyone in the house or office can share the broadband connection. It’s fairly simple; you just
connect your cable/DSL modem to your LAN instead of directly to your Linux box. In this configuration, however, you should consider adding a firewall/router as a buffer between your LAN and
the outside world. That machine would perform such duties as:
n Blocking access — A well-configured firewall blocks access to all ports except those that
you need to access the Internet the way you want, thereby minimizing the risks of intruders getting into your LAN.
n NAT or IP Masquerading — For the most part, you want the computers behind your
firewall that are simply desktop systems to not be accessible to others from the Internet.
By configuring your firewall to do NAT or IP Masquerading, your computers can be
assigned private IP addresses. Your firewall then handles forwarding of messages between
your LAN and the Internet. This is a good arrangement for several reasons. For one thing,
the IP addresses of your private computers are not exposed to the outside world. Also,
you can save the cost of paying your ISP for permanent IP addresses.
n DHCP service — Many firewall systems can act as a DHCP server. Those private IP
addresses you can use with a NAT firewall can be assigned from the DHCP service running
on your firewall system. When the client computer on your LAN starts up, besides its IP
address, your DHCP service can tell the client the location of its DNS server, gateway to
the Internet, or other information.
174
Getting on the Internet
n Routing — In the home and small-office LAN environment illustrated in Figure 5.3, the
firewall computer often has two Ethernet interfaces: one connected to the LAN and the
other to the DSL or cable modem that leads to the ISP. Because the Ethernet interfaces are
viewed as being on separate subnetworks, the firewall/router must be configured to forward packets across the two interfaces. It’s not a big deal, but it does require a separate
step to tell the firewall system that you want it to forward packets between the two
subnetworks.
CROSS-REF
Chapter 18 discusses setting up a firewall/router, using a Linux distribution designed
specifically for the task.
FIGURE 5.3
A firewall provides a safeguard between your LAN and the Internet.
Linux
Linux
NAT
Hub or switch
Linux
firewall/router
Broadband
connection
Mac
ISP
DHCP
Linux
Windows
In this example, the equipment you need includes:
n An Ethernet port on each computer plus an extra port for the firewall/router
n A LAN cable for each computer
n A hub or a switch
n A low-end PC (a PC with as little power as a 486 might do) running as a Linux
firewall/router
n The DSL or cable modem
An alternative to this wired configuration is to replace the hub or switch with a wireless access point.
Then each computer equipped with a wireless LAN card can get on the network without wires.
175
5
Part II
Running the Show
Connecting Servers
So far you’ve seen configurations that let one or more computers from your home or small business
browse the Web. Allowing someone from the Internet request services (Web pages, file transfers,
and so forth) from your computers requires some extra thought.
After you have TCP/IP (the primary set of protocols used on the Internet) configured to connect to
your ISP, requests for data can pass in either direction between your computers and the Internet
unless you use a firewall to restrict traffic. So the same connection you use for Internet browsing
can be used to offer services to the Internet, with a few caveats:
n Permanent IP address — Each time you reboot your computer, your ISP’s DHCP server
dynamically assigns your DSL/cable modem’s IP address. For that reason, your IP address
could change at each reboot. If you want your servers to be reachable on a permanent
basis, you usually need at least one permanent IP address at which people can reach your
servers. You will have to ask your ISP about a permanent IP address, and it might cost
you extra money to have one.
A service called Dynamic DNS can be used in place of paying for a permanent IP
address. With Dynamic DNS, you hire a service to constantly check whether your IP
address has changed and assign your DNS host name to the new address if it does. You can search the
Web for “Dynamic DNS” to find companies that offer that service.
NOTE
n ISP acceptable use policy — Check that you are allowed to have incoming connections.
Some ISPs, especially for inexpensive, home-use broadband service, will block incoming
connections to Web servers or mail servers.
n DNS host name — Although typing an IP address into a browser location box works just
fine, most people prefer to use names (such as www.linuxtoys.net) to reach a server.
That requires you to purchase a DNS domain name and have an entry set up in a DNS
server to resolve the name to the IP address of your server.
Although there is nothing magical about setting up an Internet server, given the few issues just
mentioned, creating a public server can be a lot like opening up the doors of your house so that
strangers can wander in. You want some policies in place to restrict where the strangers can go and
what they can do.
For home or small-office locations that have a single Internet connection (represented by one public IP address), servers can be more exposed to the Internet than desktop systems by keeping them
in one area that’s referred to as the DMZ (demilitarized zone). In this configuration (illustrated in
Figure 5.4), servers are directly behind the outside firewall. Desktop systems (that aren’t to be
accessible by people from the Internet) are behind a second, more restrictive firewall.
Whether you use Linux or dedicated firewall devices to provide firewall service, the outside firewall allows requests in for Web services (port 80), FTP services (ports 20 and 21), simple mail
transfer protocol (port 25), and possibly other services. The internal firewall blocks any requests
for services from the outside and allows only Internet communications that were initiated from
computers behind the inside firewall.
176
Getting on the Internet
FIGURE 5.4
Add servers to a DMZ where they can be more publicly accessible than your desktop systems.
Servers
Linux internal
firewall/router
Hub/switch
NAT
Switch
Linux external
firewall/router
DHCP
Mail
Broadband
connection
ISP
Web
FTP
Internal
Network
DM2
External
Network
Chapters 24 though 27 explain how to configure different server types, and Chapter 18
describes how to set up Linux as a router/firewall. Chapter 18 includes details on how
to configure features such as IP Masquerading, NAT, and packet forwarding.
CROSS-REF
Connecting Other Equipment
Although I’ve focused on basic Ethernet equipment and dial-up modems for configuring network
connections, Linux supports many, many other types of network equipment as well as different
protocols for communicating over that equipment. Here are a few examples:
n ISDN — Integrated Services Digital Network (ISDN) lines were the preferred method of
high-speed data lines to small businesses in the United States before DSL became
widespread. It is still popular in Europe, but is being supplanted by more affordable
DSL equipment. ISDN4LINUX drivers and tools are available in many Linux systems for
connecting to ISDN networks.
n USB cable modem — Most cable modems offer an Ethernet port that you can connect to
directly from your computer’s own Ethernet port. However, if you don’t have an Ethernet
port, often you can connect to the cable modem through one of your USB ports. (You
may need to manually load usbnet and cdc_ether drivers to get this to work.)
n Token ring — Although rarely used now, token ring network cards are still supported.
Support for token ring network cards is included in most Linux systems, although token
rings are rarely used now. They were once popular at locations that had many IBM systems.
n PLIP — It’s possible to connect two computers together from their parallel ports so that
they can communicate using TCP/IP protocols. Parallel Line Internet Protocol (PLIP)
requires only a special type of null modem cable (refer here for the specs for that cable:
http://tldp.org/HOWTO/NET3-4-HOWTO-9.html). Most Linux systems have
built-in software that enables you to log in, transfer files, and perform other activities
over that connection.
177
5
Part II
Running the Show
If your system has Linux source code installed, you can read about supported hardware devices in
the documentation that comes with that source code. On Fedora and some other Linux systems,
the location of kernel documentation for various networking hardware is /usr/src/linux*/
Documentation/networking.
Using Ethernet Connections to the Internet
Most Linux systems today will either automatically detect or allow you to set up your Internet connection when you install Linux. Here’s the general (default) way that a network connection on a
desktop system, with Linux installed, is started up:
1. Check whether you have an Ethernet port on your computer (most recent computers have
one). If so, connect your Ethernet card to the equipment that gets you to the Internet
(cable modem, DSL router/bridge, or network hub/switch). If not, you can purchase an
Ethernet card at any retailer that sells computer hardware.
2. Ensure that appropriate drivers are available for the card and bring up the interface
(typically, the first wired Ethernet card is assigned to the eth0 interface). Usually, simply
starting the computer causes the card to be detected and the appropriate driver loaded.
3. Get an IP address using DHCP if there is a DHCP server available through the interface.
Most ISPs and businesses expect you to connect to their networks using DHCP, so they
will have provided a DHCP server to the equipment where you connect your computer to
the network.
As long as your desktop system is connected to a network that has a DHCP server willing to give it
an IP address, you can be up and browsing the Web in no time.
If you find that the automatic method (DHCP) of connecting to your network doesn’t work, it gets
a bit trickier to connect to the Internet. Different Linux distributions offer different tools for manually configuring your Internet connection. The following sections describe a few graphical tools
and some command-line and configuration-file approaches to configuring wired and wireless
network connections.
Configuring Ethernet During Installation
Many Linux install processes ask you if you want to configure your network connection for your
Ethernet cards. This is typically just for your Ethernet cards and not for dial-up modems or other
networking equipment. Information you’ll need for that process (IP address, gateway, DNS server,
and so on) is explained in Chapter 7.
When you boot Linux, you can check whether you have access to the Internet by opening a Web
browser (such as Firefox or Konqueror) and typing in a Web address. If the Web site doesn’t
appear in your browser, you’ll need to do some troubleshooting. The “Understanding your Internet
Connection” section later in this chapter provides information on how to track down problems
with your Internet connection.
178
Getting on the Internet
Configuring Ethernet from the Desktop
Most major Linux distributions offer graphical tools for configuring network interfaces. These tools
step you through the information you need to enter, and then start up the network interface (if you
choose) to begin browsing the Web.
Here is a list of tools for configuring network interfaces in a few different Linux distributions. Some
of these are graphical tools, and some are menu-based:
n Red Hat Enterprise/Fedora Linux — The Network Configuration window lets you configure network connection using Ethernet, ISDN, modem, Token Ring, Wireless, and
xDSL hardware. Start the Network Configuration window from the System menu by
selecting Administration ➪ Network or by typing system-config-network and entering
the root password when prompted. (On older Red Hat Linux systems, the command was
redhat-config-network.)
n SUSE Linux — The YaST Control Center that comes with SUSE contains features for
configuring your network. From the SUSE menu on the panel, select Administrator
Settings (YaST), and then choose Network Devices. The YaST Control Center lets you
configure a DSL, ISDN, Modem, or Network Card interface to the network. Select
Network Card to configure your wired Ethernet Interface to the Internet.
n Gentoo Linux — From a shell (as root user), type net-setup eth0 to start a menu-driven
interface to configure the network connection from your first Ethernet card (eth0). The
tool lets you have the interface try to start using DHCP or use static address information
that you provide yourself.
n Ubuntu Linux — Select System ➪ Administration ➪ Networking from the desktop.
From the Network settings window that appears, choose the interface you want to
configure and select Properties.
n KNOPPIX — Select the squished penguin icon in the panel on the KNOPPIX desktop,
and choose Networking/Internet from the menu. Select the Network card configuration
menu entry to configure your network card. Or select from several other network equipment types instead (ADSL, GPRS, ISDN, Modem, or Wavelan).
Using Network Configuration GUI in Fedora
An example of a graphical tool for configuring your Ethernet interface is the Network Configuration
GUI that comes with Fedora and Red Hat Enterprise Linux systems. If you did not configure your
LAN connection during installation of Fedora or RHEL, you can do so at any time using the
Network Configuration window. The IP address and host names can be assigned statically to an
Ethernet interface or retrieved dynamically at boot time from a DHCP server.
A computer can have more than one IP address because it can have multiple network
interfaces. Each network interface must have an IP address to connect to a network
(even if the address is assigned temporarily). So, if you have two Ethernet cards (eth0 and eth1), each
needs its own IP address. Also, the address 127.0.0.1 represents the local host so that users on the
local computer can access services in loopback.
NOTE
179
5
Part II
Running the Show
Here’s how to define the IP address for your Ethernet interface in Fedora or RHEL:
1. From the red hat menu, choose Desktop ➪ System Settings ➪ Network or, as root user
from a Terminal window, type system-config-network. (If prompted, type the root password.) The Network Configuration window appears.
2. Click the Devices tab. A listing of your existing network interfaces appears.
3. Double-click the eth0 interface (representing your first Ethernet card). A pop-up window
titled Ethernet Device appears (see Figure 5.5), enabling you to configure your eth0
interface.
FIGURE 5.5
Configure and activate Ethernet devices in Fedora.
4. Select your preferences:
n Activate device when computer starts — Check here to have eth0 start at boot time.
n Allow all users to enable and disable the device — Check to let non-root users
enable and disable the network interface.
n Enable IPv6 configuration for this interface — Check here if you are connected to
an IPV6 network. (Most networks are still IPV4.)
180
Getting on the Internet
5. You also must choose whether to get your IP addresses from another computer at boot
time or enter the addresses yourself:
n Automatically obtain IP address settings with — Select this box if you have a
DHCP or BOOTP server on the network from which you can obtain your computer’s
IP address, netmask, and gateway. DHCP is recommended if you have more than just
a couple of computers on your LAN. Optionally, you can set your own host name,
which can be just a name (such as jukebox) or a fully qualified domain name (such
as jukebox.linuxtoys.net).
n Statically set IP addresses — If there is no DHCP or other boot server on your LAN,
add necessary IP address information statically by selecting this option and following
these steps:
a. Type the IP address of the computer into the Address box. This number must be
unique on your network. For your private LAN, you can use private IP addresses.
b. Enter the netmask in the Subnet Mask box. The netmask indicates the part of the IP
address that represents the network.
c. Type the IP address of the computer into the Default Gateway Address box if a computer or router connected to your LAN provides routing functions to the Internet or
other network. (Chapter 18 describes how to use NAT or IP Masquerading and how to
use Linux as a router.)
6. Click OK in the Ethernet Device window to save the configuration and close the window.
7. Click File ➪ Save to save the information you entered.
8. Click Activate in the Network Configuration window to start your connection to the
LAN.
Identifying Other Computers (Hosts and DNS)
Each time you use a name to identify a computer, such as when browsing the Web or using an
e-mail address, the computer name must be translated into an IP address. To resolve names to IP
addresses, Linux goes through a search order (usually based on the contents of three files in /etc:
resolv.conf, nsswitch.conf, and host.conf). By default, it checks host names you add
yourself (which end up in the /etc/hosts file), hosts available via NIS, and host names available
via DNS.
Again, for RHEL and Fedora systems, you can use the Network Configuration window to add:
n Host names — You might do this to identify hosts on your LAN that are not configured
on a DNS server.
n DNS search path — By adding domain names to a search path (such as
linuxtoys.net), you can browse to a site by its host name (such as jukebox), and
have Linux search the domains you added to the search path to find the host you are
looking for (such as jukebox.linuxtoys.net).
181
5
Part II
Running the Show
n DNS name servers — A DNS server can resolve addresses for the domains it serves and
contact other DNS servers to get addresses for all other DNS domains.
If you are configuring a DNS server, you can use that server to centrally store names
and IP addresses for your LAN. This saves you the trouble of updating every computer’s
/etc/hosts file every time you add or change a computer on your LAN.
NOTE
To add host names, IP addresses, search paths, and DNS servers in Fedora, do the following:
1. Start the Network Configuration. As root user from a Terminal window, type systemconfig-network or from the top panel, click System ➪ Administration ➪ Network. The
Network Configuration window appears.
2. Click the Hosts tab. A list of IP addresses, host names, and aliases appears.
3. Click New. An Add/Edit Hosts Entry pop-up window appears.
4. Type in the IP address number, host name, and, optionally, the host alias.
5. Click OK.
6. Repeat this process until you have added every computer on your LAN that cannot be
reached by DNS.
7. Click the DNS tab.
8. Type the IP address of the computers that serve as your Primary and Secondary DNS
servers. (You get these IP addresses from your ISP or, if you created your own DNS server,
you can enter that server’s IP address.)
9. Type the name of the domain (probably the name of your local domain) to be searched
for host names into the DNS Search Path box.
10. Click File ➪ Save to save the changes.
11. Click File ➪ Quit to exit.
Now, when you use programs such as ftp, ssh, or other TCP/IP utilities, you can use any host name
that is identified on your local computer, exists in your search path domain, or can be resolved
from the public Internet DNS servers. (Strictly speaking, you don’t have to set up your
/etc/hosts file. You could use IP addresses as arguments to TCP/IP commands. But names are
easier to work with.)
Using Network Settings GUI in Ubuntu
In Ubuntu Linux, the Network Settings window lets you configure your network connections.
Assuming your computer has an Ethernet card install, you can follow the procedure below to create a network connection to the Internet or other TCP/IP network.
1. Start Network Settings. Click System ➪ Administration ➪ Networking. The Network
Settings window appears.
182
Getting on the Internet
2. Select the Ethernet connection entry on the screen for the interface you want to configure
and click Properties. The first Ethernet card should be identified as eth0 (if other
Ethernet cards are present, they will be identified as eth1, eth2, etc.). The Interface properties window appears, as shown in Figure 5.6.
FIGURE 5.6
Use DHCP or static IP addresses for Ethernet connections in Ubuntu.
Figure 5.6 contains an example of an Ethernet connection configured to use DHCP to get
the information it needs to start up (IP address, Subnet mask, etc.) from a DHCP server
on your network. The Enable this connection check box indicates that the eth0 connection is started up automatically at boot time.
If your cable modem, DSL equipment or other network server offers a DHCP service, the
example shown in Figure 5.6 may be all you need to do. However, if no DHCP service is
available or you simply want to set your connection information manually, continue to
the next step.
3. If you want to manually configure your Ethernet connection, select the following from
the Interface Properties pop-up window:
n Configuration — Select Static IP address to be able to set your address information
manually, instead of getting it automatically from a DHCP service.
n IP address — Type the IP address you want to use for this computer into the IP
address box. This number must be unique on your network. For your private LAN,
you can use private IP addresses.
183
5
Part II
Running the Show
n Subnet mask — Enter the netmask in the Subnet mask box. The netmask indicates
the part of the IP address that represents the network. For example, a netmask of
255.255.255.0 for the IP address 10.0.0.5 indicates that the network address is 10.0.0
and the host address is 5. Other computers on the network could use the same netmask with IP addresses such as 10.0.0.1, 10.0.0.2, and so on up to 254.
n Gateway address — Type the IP address of the device that is acting as router between
your computer and the Internet or other network. (See Chapter 18 for information on
using NAT or IP Masquerading if you are using Linux as a router.)
Select OK when you have filled in all the necessary information.
There are other features you can set as well that relate to your network connections in Ubuntu.
From the General tab, you can add the host name and domain name assigned to your computer.
The Hosts tab lets you enter the IP address and host name for individual hosts that you want to
enter manually.
From the DNS tab, you can indicate the IP addresses of the servers your computer will use to
resolve names of the computers you communicate with (using e-mail, Web browsers, and so on)
into IP addresses. You can also indicate the Search Domains value, so those times that you try to
connect to a computer by host name, but no domain name, your system knows which domains to
search first for that host.
Understanding Your Internet Connection
If your Ethernet interface to the Internet is not working, there are ways to check what’s happening
that will work on many Linux distributions. Use the following procedure to find out how your network interfaces are working:
1. Open a shell (if you are using a graphical interface, open a Terminal window).
2. Type the following right after you boot your computer to verify whether Linux found
your card and installed the Ethernet interface properly:
dmesg | grep eth | less
The dmesg command lists all the messages that were output by Linux at boot time. The
grep eth command causes only those lines that contain the word eth to be printed.
Here are a couple of examples:
eth0: VIA Rhine II at 0xee001000, 00:0d:61:25:d4:17, IRQ 185.
eth0: MII PHY found at address 1, status 0x786d advertising
01e1 Link 45e1.
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
eth0: no IPv6 routers present
The first message appeared on my desktop computer with a VIA Rhine Ethernet controller. It shows that a card was found at software IRQ 185 with a port address of
0xee001000 and an Ethernet hardware address (MAC address) of
00:0d:61:25:d4:17. The other lines indicate that the link is up on the eth0 interface
and running at 100 Mbps in full-duplex. In this case IPv6 routing is not enabled.
184
Getting on the Internet
If the eth0 interface is not found, but you know that you have a supported Ethernet
card, type lspci -vv | grep -i eth to see if the Ethernet card is detected on the PCI bus. If
it doesn’t appear, check that your Ethernet card is properly seated in its slot. Here’s what appeared
for the preceding example:
NOTE
00:12.0 Ethernet controller: VIA Technologies, Inc.
VT6102 [Rhine-II] (rev 74)
3. To view which network interfaces are up and running, type the following:
$ /sbin/ifconfig -a
eth0
Link encap:Ethernet HWaddr 00:0D:61:25:D4:17
inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:326100 errors:0 dropped:0 overruns:0 frame:0
TX packets:215931 errors:0 dropped:0 overruns:0 carrier:0
collisions:5919 txqueuelen: 1000
RX bytes:168378315 (160.5 Mb) TX bytes:40853243 (38.9 Mb)
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:37435 errors:0 dropped:0 overruns:0 frame:0
TX packets:37435 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen: 0
RX bytes:2353172 (2.2 Mb) TX bytes:2353172 (2.2 Mb)
The output shows a loopback interface (lo) and one Ethernet card (eth0). The Ethernet
interface (eth0), is assigned the IP address of 10.0.0.5. In this example, the eth0 has an IP
address of 10.0.0.5. Again, notice that the MAC address, which is a unique address
related to the Ethernet card hardware, is noted after the HWaddr indicator
(00:0D:61:25:D4:17).
4. Communicate with another computer on the LAN. The ping command can be used to
send a packet to another computer and to ask for a packet in return. You can give ping
either a host name (butch) or an IP address (10.0.0.10). For example, to ping a computer on the network called butch, type the following command:
# ping butch
If the computer can be reached, the output will look similar to the following:
PING butch (10.0.0.10): 56(84) data bytes
64 bytes from butch (10.0.0.10): icmp_seq=1
64 bytes from butch (10.0.0.10): icmp_seq=2
64 bytes from butch (10.0.0.10): icmp_seq=3
64 bytes from butch (10.0.0.10): icmp_seq=4
64 bytes from butch (10.0.0.10): icmp_seq=5
64 bytes from butch (10.0.0.10): icmp_seq=6
64 bytes from butch (10.0.0.10): icmp_seq=7
64 bytes from butch (10.0.0.10): icmp_seq=8
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
time=0.351
time=0.445
time=0.409
time=0.457
time=0.401
time=0.405
time=0.443
time=0.384
ms
ms
ms
ms
ms
ms
ms
ms
185
5
Part II
Running the Show
64 bytes from butch (10.0.0.10): icmp_seq=9 ttl=255 time=0.365 ms
64 bytes from butch (10.0.0.10): icmp_seq=10 ttl=255 time=0.367 ms
--- butch statistics --10 packets transmitted, 10 packets received, 0% packet loss, time 9011ms
rtt min/avg/max/mdev = 0.351/0.402/0.457/0.042 ms
A line of output is printed each time a packet is sent and received in return. It shows how
much data was sent and how long it took for each package to be received. Watch this for
a while, and then press Ctrl+C to stop ping; you’ll see statistics on how many packets
were transmitted, received, and lost.
If the output doesn’t show that packets have been received, there’s no contact with the
other computer. Verify that the names and addresses of the computers that you want to
reach are in your /etc/hosts file or that your DNS server is accessible. Next, confirm
that the names and IP addresses you have for the other computers you are trying to reach
are correct (the IP addresses are the most critical).
5. If you are able to reach an IP address on your LAN with ping, but are unable to ping a
host computer by name, you may not be communicating with your DNS server. Repeat
the ping command with the IP address of your DNS server to see if it is up and that you
are able to communicate with it.
Using Dial-Up Connections to the Internet
Many individuals and even some small businesses that need to connect to the Internet still do so
using modems and telephone lines. The modem connects to a serial port (COM1, COM2, and so
on) on your computer and then into a telephone jack. Your computer dials a modem at your
Internet service provider or business that has a connection to the Internet.
The most common protocol for making dial-up connections to the Internet (or other TCP/IP network) is Point-to-Point Protocol (PPP). Let’s look at how to use PPP to connect to the Internet.
CROSS-REF
See Chapter 9 for information on configuring a dial-up connection that is specific to
Debian.
Getting Information
To establish a PPP connection, you need to get some information from the administrator of the network to which you are connecting. This is either your Internet service provider (ISP) when you
sign up for Internet service, or the person in your workplace who walks around carrying cables,
two or more cellular phones, and a couple of beepers (when a network goes down, these people
are in demand!). Here is the kind of information you need to set up your PPP connection:
n Telephone number — Gives you access to the modem (or pool of modems) at the ISP. If
it is a national ISP, make sure that you get a local or toll-free telephone number (otherwise, you’ll rack up long-distance fees on top of your ISP fees).
186
Getting on the Internet
n Account name and password — Used to verify that you have an Internet account with
the ISP. This is an account name when you connect to Linux or other UNIX system, but
may be referred to as a system name when you connect to an NT server.
n An IP number — Most ISPs use Dynamic IP numbers, which means that you are
assigned an IP number temporarily when you are connected. Your ISP assigns a permanent IP number if it uses Static IP addresses. If your computer or all the computers on
your LAN need to have a more permanent presence on the network, you may be given
one Static IP number or a set of Static IP addresses to use.
n DNS Server IP addresses — Your computer translates Internet host names to IP
addresses by querying a domain name system (DNS) server. Your ISP should give you at
least one IP address for a preferred (and possibly alternate) DNS server.
n PAP or CHAP secrets — You may need a PAP (Password Authentication Protocol) ID or
CHAP (Challenge Handshake Authentication Protocol) ID and a secret, instead of a username and password when connecting to a Windows NT system. These features are used
with authentication on Microsoft and some other operating systems. Linux and other
UNIX servers don’t typically use this type of authentication, although they support PAP
and CHAP on the client side. Your ISP will tell you if you are using PAP or CHAP.
Your ISP typically provides services such as news and mail servers for use with your Internet connection. To configure these useful services, you need the following information:
n Mail server — If your ISP is providing you with an e-mail account, you must know the
address of the mail server, the type of mail service (such as POP3 — Post Office Protocol;
or IMAP — Internet Message Access Protocol), and the authentication password for the
mail server so you can get your e-mail.
n News server — If your ISP provides the name of a news server so that you can participate in newsgroups, the server may require you to log on, so you need a password. The
ISP provides that password, if required.
After you’ve gathered this information, you’re ready to set up your connection to the Internet. To
configure Linux to connect to your ISP, read on.
Setting Up Dial-Up PPP
PPP is used to create IP connections over serial lines. Most often, the serial connection is established over a modem; however, it also works over serial cables (null modem cables) or digital lines
(including ISDN and DSL).
Although one side must dial out and the other side must receive the call to create the PPP connection over a modem, after the connection is established, information can flow in both directions. For
the sake of clarity, however, I refer to the computer placing the call as the client and the computer
receiving the call as the server.
187
5
Part II
Running the Show
To simplify the process of configuring PPP (and other network interfaces), most Linux systems
include graphical tools to configure dial-up. Two such tools, available with Fedora and RHEL, are:
n Network Configuration Window — The same utility used to configure Ethernet cards
can be used to configure modems. From the GNOME top panel in Fedora and RHEL systems, choose System ➪ Administration ➪ Network. When that window appears, select
New. The Select Device Type pop-up that appears enables you to configure and test your
modem for a dial-up PPP connection.
n KDE PPP (KPPP) Window — From the KDE desktop, select Internet ➪ KPPP, or from a
Terminal window run the kppp command. From the KPPP window, you can set up and
launch a PPP dial-up connection.
Before you begin either of these procedures, physically connect your modem to your computer,
plug it in, and connect it to your telephone line. If you have an internal modem, you will probably
see a telephone port on the back of your computer to which you need to connect. If your modem
isn’t detected, you can reboot your computer or run wvdialconf create (as described later in
this chapter) to have it detected.
Creating a Dial-Up Connection with the
Internet Configuration Wizard
If you are using a Fedora or RHEL system, you could use the Internet Configuration Wizard to set
up dial-up networking. Here’s how:
1. Choose System ➪ Administration ➪ Network. When the window appears, select New.
(Type the root password, if prompted.) An Add New Device Type window appears
(see Figure 5.7).
FIGURE 5.7
The Internet Configuration Wizard helps you set up a PPP Internet connection.
188
Getting on the Internet
2. Select Modem connection and click Forward. The wizard searches for a modem and then
the Select Modem window appears.
3. Select the following modem properties:
n Modem Device — If the modem is connected to your first serial port (COM1) you can
select /dev/ttyS0; for the second serial port (COM2) choose /dev/ttyS1. (By
convention, the device is often linked to /dev/modem. Type ls –l /dev/modem to see
if it is linked to /dev/ttyS0, /dev/ttyS1 or another tty device.)
n Baud Rate — The rate at which the computer talks to the modem (which is typically
considerably faster than the modem can talk over the phone lines). The default is
115200 bits per second, which is probably fine for dial-up connections.
n Flow Control — Check the modem documentation to see if the modem supports
hardware flow control (CRTSCTS). If it doesn’t, select software flow control
(XON/XOFF). Flow control prevents more data than the modem can handle from
being sent to it.
n Modem Volume — This is off by default because the noise can be annoying, but if you
select medium while you’re setting up the modem, the sound can give you a sense of
where things are stopping if you can’t get a connection. You can turn it off after everything’s working.
n Use Touch Tone Dialing — Leave this check box selected in most cases. If for some
reason your phone system doesn’t support touch-tone dialing, you can turn it off.
4. Click Forward. The Select Provider window appears. Enter the following provider
information:
n Internet Provider — If you are using Internet service in any of the countries shown in
the Internet Provider window, select the plus sign next to that country name. If your
Internet service provider appears in the National list, select it. Information is automatically filled in for that provider. Otherwise, you need to fill in the rest of the dialog
window.
n Phone Number — The telephone number of the ISP you want to dial in to. (An
optional prefix is available in case you need to dial 9 or some other number to get an
outside dial tone.)
n Provider Name — The name of the Internet service provider. If there is only one ISP, I
recommend you use it as the ppp0 provider name.
n Login Name — The login name assigned to you by the ISP. The ISP may have called
the login name a login ID or something similar.
n Password — The password associated with the login name.
5. Click Forward, and the IP Settings window appears. With a dial-up connection, you
would typically select Automatically Obtain IP Address Settings. However, if the ISP has
assigned a static IP address that you can use, select the Statically Set IP Addresses check
box, and then enter your IP address, subnet mask, and default gateway address in the
appropriate fields. Click Forward to continue.
189
5
Part II
Running the Show
6. The Create Dialup Connection window appears, displaying the information you just
entered. If all the information looks correct, click Apply (otherwise, click the Back button, correct your information, and click Forward again to return to this window).
7. After you click Apply, the Network Configuration window appears, ideally with a new
PPP connection of modem type appearing in the window. (If it doesn’t appear, select
System Settings ➪ Network.)
8. Select the new dial-up entry (so it is highlighted), and choose File ➪ Save to save its
dial-up new configuration.
Now select the PPP device name and click the Activate button. The Internet dialer starts up and
dials your ISP. (If you have sound turned on, you should hear your modem dialing out.) If everything is working properly, your login and password are accepted and the PPP connection completed.
Try opening Firefox or another Web browser to see if you can access a Web site on the Internet. If
this doesn’t work the first time, don’t be discouraged. There are things to check to get your dial-up
PPP connection working. Skip ahead to the “Checking Your PPP Connection” section.
Launching Your PPP Connection
Your dial-up connection is now configured, but it is not set to connect automatically. One way to
start the connection is to set it up to launch manually from the desktop panel. Here’s how:
From the GNOME desktop:
1. Right-click the panel, and choose Add to Panel ➪ Modem Lights, and then select Add. A
Modem Lights icon appears on the panel.
2. Select the new icon from the panel. You are asked if you want to start a connection with
your modem.
3. Select Connect to start the connection.
From the KDE desktop:
1. Right-click the panel and then choose Add Application to Panel ➪ Internet ➪ KPPP.
2. Select the new icon from the panel (type the root password, if prompted). A KPPP window appears.
3. Select the dial-up interface you added (probably ppp0) and click Connect to connect.
From this point forward, icons appear on your desktop that you can select to immediately connect
to your ISP over the dial-up connection you configured.
190
Getting on the Internet
Launching Your PPP Connection on Demand
Instead of starting a dial-up PPP connection manually each time you want to contact the Internet,
you can set your dial-up connection to start automatically when an application (such as a Web
browser or e-mail program) tries to use the connection. On-demand dialing is particularly useful if:
n The dial-up connection on your Linux system is acting as the gateway for other computers in your home or office. You don’t have to run over to your Linux box to start the
connection when another computer needs the dial-up connection.
n Programs that you run during off hours, such as remote backups, require an Internet
connection.
n You don’t want to be bothered clicking an extra icon when you just want to browse the
Web a bit.
The risk of on-demand dialing is that because it gets going automatically, the dial-up connection
can start up when you don’t want it to. (Some people get worried when their computers start
dialing by themselves in the middle of the night.)
For RHEL and Fedora systems, here is an example of settings you can add to your dial-up configuration file (probably /etc/sysconfig/network-scripts/ifcfg-ppp0) to configure ondemand dialing:
ONBOOT=yes
DEMAND=yes
IDLETIMEOUT=600
RETRYTIMEOUT=30
The ONBOOT=yes starts the pppd daemon (but doesn’t immediately begin dialing because
DEMAND is set to yes). Also, because of the setting DEMAND=yes, a dial-up connection attempt is
made any time traffic tries to use your dial-up connection. With IDLETIMEOUT set to 600, the
connection is dropped after 600 seconds (10 minutes) with no traffic on the connection. With
RETRYTIMEOUT set to 30, a dropped connection is retried after 30 seconds (unless the connection
was dropped by an idle timeout, in which case there is no retry). You can change the timeout values as it suits you.
Because it can take a bit of time for dial-up connections to be established, operations
may fail while dialing occurs. In particular, DNS requests can time out in 30 seconds,
which may not be long enough to establish a dial-up connection. If you have three DNS servers configured for each client, you have a 90-second timeout period. As a result, the modem connection may
be running before the request fails.
NOTE
Checking Your PPP Connection
To debug your PPP connection or simply to better understand how it works, you can run through
the steps below. They will help you understand where information is being stored and how tools
can be used to track this information.
191
5
Part II
Running the Show
Checking That Your Modem Was Detected
It is possible that your modem is not supported under Linux. If that is the case, your PPP connection might be failing because the modem was not detected at all. To scan your serial ports to see
where your modem might be, type the following (as root user):
$ wvdialconf /etc/wvdial.conf.new
The wvdialconf command builds a configuration file (in this example, the /etc/wvdial.
conf.new file) that is used by the dialer command (wvdial). (You need this file only if you use
wvdial to do your dial-up.) Its first action, however, is to scan the serial ports on your computer
and report where it finds modems. If it tells you that no modem was detected, it’s likely that
either your modem isn’t connected properly or no driver is available to support the modem.
If the modem wasn’t detected, you should determine whether it is a modem supported in Linux.
You can do this by finding out what type of chip set is used in the modem. This is even more
important than finding out the manufacturer of the modem because the same manufacturer can
use chips from different companies. (This applies primarily to internal modems because most
external serial modems and many USB modems are supported in Linux.)
After you have determined the chip set being used, check the Linmodems.org’s Web site
(www.linmodems.org), which contains information on so-called Winmodems that have only
recently begun to be supported in Linux. Search for the chip set on your modem from this site. In
many cases, the site can tell you if there is a driver available for your modem.
If you are a new Linux user with a Winmodem and you are still baffled after referring to
the linmodems.org site, you might consider getting a serial or USB modem. To get
your Winmodem working, you might need to download, compile, and load a modem driver.
Especially with some older Winmodems, drivers have not all been updated to work with the latest
kernels. Picking up a cheap serial modem (under $20) from a used computer store can save hours of
frustration that may still result in failure.
NOTE
Connecting to the Internet with Wireless
Setting up a wireless network connection can be one of the more challenging features to get working in Linux. Despite improvements to open source drivers for many wireless devices, you can’t
assume that any wireless card connected to a computer running Linux will just work.
Wireless card manufacturers have, for the most part, not released specifications for their equipment
that would allow open source developers to create Linux drivers. Most vendors simply produce
binary-only drivers for Microsoft Windows systems. As a result of this state of the wireless world,
the following wireless projects have emerged to help Linux users:
n ndiswrappers (http://ndiswrapper.sourceforge.net) — This project lets
you use wireless drivers in Linux that were created to run in Windows. Refer to the
192
Getting on the Internet
ndiswrapper site’s Installation wiki for information on using ndiswrappers: http://
ndiswrapper.sourceforge.net/mediawiki/index.php/Installation.
n madwifi (http://madwifi.org) — Supports drivers for wireless chipsets from
Altheros (www.altheros.com).
n Intel PRO/Wireless for Linux (http://ipw2100.sourceforge.net) — There are
several wireless driver projects to support drivers for Intel PRO/Wireless hardware.
In many cases, you will simply want to get the wireless interface built into your laptop to work.
To check the list of supported Linux wireless card, refer to this list: http://rfswitch.
sourceforge.net/?page=laptop_matrix.
Because wireless card firmware is required in order to get many wireless networking cards to work,
the software you need for installing the drivers for those cards are not included in many major
Linux releases. For example, if you are using Fedora, you can get ndiswrapper and madwifi RPM
packages from the third-party rpm.livna.org site. Then, in the case of ndiswrapper, you need
to install the firmware for your network card from the card manufacturer.
Once the proper driver for your wireless card is installed and activated, there are different tools
available for configuring your wireless cards in different Linux releases. Here are examples:
n Wireless in Fedora — In Fedora, use the Network Manager to configure your wireless
network cards (as root, type service NetworkManager on). Then configure your
wireless connection from a network icon that appears in the panel.
n Wireless in KNOPPIX — In KNOPPIX, try KWiFiManager. From the KDE menu, select
KNOPPIX ➪ Network/Internet ➪ KWiFiManager.
For further information on configuring wireless devices in Linux, refer to the Wireless LAN
resources for Linux page:
http://hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html
If you find that you are unable to get the driver for your particular wireless card working at all,
determine the type of card you have, using some of the following commands:
# dmesg |grep -i wireless
# lspci -vv |grep -i wireless
Then use some search tool, such as Google, to search for the name and model of your wireless
card, along with the word Linux or the particular distribution of Linux you are using. Chances are,
if your wireless device is at all popular, someone else has tried to get it working in Linux and has
probably shared their experiences somewhere online.
193
5
Part II
Running the Show
Summary
There are many different tools for configuring network connections in the various Linux distributions. Fedora and other Red Hat Enterprise Linux systems use a graphical Network Configuration.
SUSE Linux uses its YaST administrative interface to configure network equipment. For dial-up
networks, the KDE desktop includes the kppp GUI tool for configuring modems. If your network
connection doesn’t start up automatically (as it does in many cases), this chapter explains how to
use some of these network configuration tools to configure it manually.
By adding your computer to a public network, such as the Internet, you open it to possible intruders. The next chapter describes ways in which you can secure your computer from unwanted access.
194
Securing Linux
S
ince the dawn of interconnected networks, some users have been trying to break into other users’ systems. As the Internet has grown and
broadband Internet access has spread, the problem has only become
more severe. A home computer running an insecure configuration can be
used as a powerful mail relay, provide storage for traffic in pirated data, allow
the user’s personal information to become compromised, or any number of
other such horrors.
Once upon a time network attacks required some effort and skill on the part
of the attacker. Today, automated tools can get even the most novice user up
and running trying to compromise network-attached systems in an alarmingly
short time. Additionally, worms have the capability to turn large numbers of
insecure systems into an army of “zombies” usable for massive, coordinated,
distributed Denial of Service (DDOS) attacks.
Why should you care about security? According to the Internet Storm Center
(http://isc.sans.org), a computer connected to the Internet has an
average of 16 minutes before it falls under some form of attack. Securing any
computer system is not hugely difficult; it simply requires some common
sense and careful application of good security practices.
In many cases, good practices for setting and protecting passwords, monitoring
log files, and creating good firewalls will keep out many would-be intruders.
Sometimes, more proactive approaches are needed to respond to break-ins.
Many tasks associated with securing your Linux system are common to desktop and server systems. However, because servers allow some level of access
by outside clients, there are special considerations for protecting servers.
195
IN THIS CHAPTER
Linux security checklist
Using password protection
Monitoring log files
Communicating with secure
shell tools
Understanding attack techniques
Protecting servers with
certificates
Using special Linux security
tools distributions
Part II
Running the Show
This chapter describes general tasks for securing Linux systems and techniques for securing desktop and server systems. It then describes some tools you can try out from a bootable Linux system
to troubleshoot your computer and network.
Linux Security Checklist
While most Linux systems offer all the tools you need to secure your computer, if you are reckless,
someone can (and probably will) harm your system, take it over, or try to steal your data. Keep in
mind that no security measures are 100 percent reliable and that, given physical access to a computer or an unlimited amount of time to try to break in, a skilled and determined cracker can
break into any computer.
That said, however, there are many safeguards you can take to improve your chances of keeping
your Linux system safe. The following checklist covers a range of security features to protect your
Linux desktop or server.
n Control physical access. Keeping your computer behind locked doors is a good idea,
especially if it contains critical data. You can limit what a person can do to your computer
with physical access by enabling passwords in the BIOS (to prevent the computer from
booting at all) and in the GRUB or LILO boot loader. You can also limit which devices
can be booted in the BIOS.
n Add users and passwords. Creating separate user accounts (each with a good password)
is your first line of defense in keeping your data secure. Users are protected from each
other, as well as from an outsider who takes over one user account. Setting up group
accounts can extend the concept of ownership to multiple users. See Chapter 4 for more
on setting up user accounts and also see “Using Password Protection” later in this chapter.
n Set read, write, and execute permissions. Every item in a Linux system (including files,
directories, applications, and devices) can be restricted by read, write, and execute permissions for that item’s owner and group, as well as by all others. In this way, for example, you
can let other users run a command or open a file, without allowing them to change it. See
Chapter 2 for information on setting file and directory permissions.
n Protect the root user. In standard Linux systems, the root user (as well as other administrative user accounts such as apache) has special abilities to use and change your Linux
system. Protect the root account’s password and don’t use the root account when you
don’t need to. An open shell or desktop owned by the root user can be a target for attack.
Running graphical administration windows as a regular user (then entering the root
password as prompted) and running administrative commands using sudo can reduce
exposure to attacks on your root account. See Chapter 4 for information on handling the
root user account.
n Use trusted software. While there are no guarantees with open source software, you
have a better chance of avoiding compromised software by using an established Linux
distribution (such as Fedora, Debian, or SUSE). Software repositories where you get
196
Securing Linux
add-on packages or updates should likewise be scrutinized. Using valid GPG public keys
can help ensure that the software you install comes from a valid vendor. And, of course,
always be sure of the source of data files you receive before opening them in a Linux
application. If you download full ISO images of a distribution, check their integrity using
MD5 or SHA1 checksums provided from their creator.
n Get software updates. As vulnerabilities and bugs are discovered in software packages,
every major Linux distribution (including Debian, SUSE, Gentoo, and Red Hat distributions) offers tools for getting and installing those updates. Be sure to get those updates,
especially if you are using Linux as a server. These tools include apt, yum, and emerge.
n Use secure applications. Even with software that is valid and working, some applications offer better protection from attack or invasion than others. For example, if you want
to log in to a computer over the Internet, the secure shell service (ssh) is considered more
secure than rlogin or telnet services (which pass clear-text passwords). Also, some services that are thought to be insecure if you expose them on the Internet (such as Samba
and NFS) can be used more securely over the Internet through VPN tunnels (such as
IPSec or CIPE).
n Use restrictive firewalls. A primary job of a firewall is to accept requests for services
from a network that you want to allow and turn away requests that you don’t (based primarily on port numbers requested). A desktop system should refuse requests that come
in on most ports. A server system should allow requests for a controlled set of ports. See
Chapter 18 for information on how to set up a firewall using iptables.
n Enable only services you need. To offer services in Linux (such as Web, file or mail
services), a daemon process will listen on a particular port number. Don’t enable services
you don’t need.
A program that runs quietly in the background handling service requests (such as sendmail) is called a daemon. Usually, daemons are started automatically when your system
boots up, and they keep running until your system is shut down. Daemons may also be started on an
as-needed basis by xinetd, a special daemon that listens on a large number of port numbers and then
launches the requested process.
NOTE
n Limit access to services. You can restrict access to a service you want to have on by
allowing access only from a particular host computer, domain or network interface. For
example, a computer with interfaces to both the Internet and a local LAN might limit
access to a service such as NFS to computers on the LAN, but not offer those same services to the Internet. Services may limit access in their own configuration files or using
TCP/IP wrappers (described later in this chapter).
n Check your system. Linux has tons of tools available for checking the security of your
system. After you install Linux, you can check access to its ports using nmap or watch
network traffic using Ethereal. You can also add popular security tools such as Nessus, to
get a more complete view of your system security. Security tools included on the CD and
DVD with this book are described in this chapter.
197
6
Part II
Running the Show
n Monitor your system. You can log almost every type of activity on your Linux system.
System log files, using the syslogd and klogd facilities, can be configured to track as
much or as little of your system activity as you choose. Utilities such as logwatch provide
easy ways to have the potential problem messages forwarded to your administrative
e-mail account. Linux logging features are described later in this chapter.
n Use SELinux. SELinux is an extraordinarily rich (and complex) facility for managing the
access of nearly every aspect of a Linux system. It addresses the if-I-get-root-access-I-ownyour-box shortcomings of Linux and UNIX systems for highly secure environments. Red
Hat systems offer a useful, limited set of SELinux policies that are turned on by default in
Fedora. Other Linux distributions are working on SELinux implementations as well.
Finding Distribution-Specific Security Resources
Most major Linux distributions have resources devoted to helping you secure Linux and keep up
with security information that is specific to the that version of Linux. Here are a few online
resources that focus on security for several Linux distributions:
n Red Hat Enterprise Linux and Fedora Core security — Check the Red Hat Security
site (www.redhat.com/security) for RHEL security issues (that typically relate to
Fedora Core systems as well). From here you can look for and read about available
updates. You can also get information on security training and consulting from Red Hat,
Inc. For Fedora security issues, see the Fedora Wiki (http://fedoraproject.org/
wiki/Security/Features).
Refer to the Red Hat Enterprise Linux 4 Security Guide for an in-depth look at Linux
security for Red Hat systems. You can access this guide online from the following address:
www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/
n Debian security — The Debian Security Information page (www.debian.org/
security) provides a central point for finding security advisories, answers to common
Debian security questions, and links to security documents. You can find the Securing
Debian online manual here:
www.debian.org/doc/manuals/securing-debian-howto
n Ubuntu security — Find security guides and tools for Ubuntu on the Ubuntu security
page (https://help.ubuntu.com/community/Security).
n Gentoo security — Included on the Gentoo Linux Security page
(www.gentoo.org/security) are tools, announcements, and links to security policy
and project documents associated with securing Gentoo systems. Find the Gentoo security handbook here:
www.gentoo.org/doc/en/security
n Slackware security — To keep up with Slackware security issues, refer to the Slackware
Security Advisories (www.slackware.com/security). You can also join the security
mailing list (www.slackware.com/lists) for Slackware.
198
Securing Linux
n SUSE security — Online security support for SUSE is provided by SUSE’s parent company, Novell. Find links to a variety of SUSE security topics from this site:
www.novell.com/linux/security/securitysupport.html
Finding General Security Resources
There are many computer security Web resources that now offer information that is particularly
useful to Linux system administrators. Here are a few sites you can check out:
n CERT (www.cert.org) — The CERT Coordination center follows computer security
issues. Check its home page for the latest vulnerability issues. The site has articles on
security practices (www.cert.org/nav/articles_reports.html). It also has recommendations on what you should do if your computer has been compromised
(www.cert.org/tech_tips/win-UNIX-system_compromise.html).
n SecurityFocus (www.securityfocus.com) — In addition to offering news and information on general computer security topics, SecurityFocus also offers several Linuxspecific resources. In particular, you can subscribe to receive a weekly Linux Security
News newsletter.
n LinuxSecurity (www.linuxsecurity.com) — This site contains many news articles
and features related to Linux security. It also tracks security advisories for more than a
dozen Linux distributions.
Using Linux Securely
Getting and keeping your Linux systems secure means not only making good decisions about how
you initially set up your system but also how you use it going forward. Whether you are using your
Linux system as a desktop or server system, good security practices related to passwords, using
secure applications, and monitoring log files are always important.
Setting up a secure firewall (as described in Chapter 18) is critical to having a secure Linux system.
There are also other security measures you should apply to Linux. This section describes some
good practices for using passwords, keeping track of system activity by watching log files, and
communicating with other systems using secure shell (ssh) applications.
Using Password Protection
Passwords are the most fundamental security tool of any modern operating system and consequently, the most commonly attacked security feature. It is natural to want to choose a password
that is easy to remember, but very often this means choosing a password that is also easy to guess.
Crackers know that on any system with more than a few users, at least one person is likely to have
an easily guessed password.
199
6
Part II
Running the Show
By using the “brute force” method of attempting to log in to every account on the system and trying the most common passwords on each of these accounts, a persistent cracker has a good shot of
finding a way in. Remember that a cracker will automate this attack, so thousands of login
attempts are not out of the question. Obviously, choosing good passwords is the first and most
important step to having a secure system.
Here are some things to avoid when choosing a password:
n Do not use any variation of your login name or your full name. Even if you use varied
case, append or prepend numbers or punctuation, or type it backwards, this will still be
an easily guessed password.
n Do not use a dictionary word, even if you add numbers or punctuation to it.
n Do not use proper names of any kind.
n Do not use any contiguous line of letters or numbers on the keyboard (such as “qwerty”
or “asdfg”).
Choosing Good Passwords
A good way to choose a strong password is to take the first letter from each word of an easily
remembered sentence. The password can be made even better by adding numbers, punctuation,
and varied case. The sentence you choose should have meaning only to you, and should not be
publicly available (choosing a sentence on your personal Web page is a bad idea). Table 6-1 lists
examples of strong passwords and the tricks used to remember them.
TABLE 6-1
Ideas for Good Passwords
Password
How to Remember It
Mrci7yo!
My rusty car is 7 years old!
2emBp1ib
2 elephants make BAD pets, 1 is better
ItMc?Gib
Is that MY coat? Give it back
The passwords look like gibberish but are actually rather easy to remember. As you can see, I can
place emphasis on words that stand for capital letters in the password. You set your password
using the passwd command. Type the passwd command within a command shell, and it will
enable you to change your password. First, it prompts you to enter your old password. To protect
against someone “shoulder surfing” and learning your password, the password will not be displayed as you type.
200
Securing Linux
Assuming you type your old password correctly, the passwd command will prompt you for the
new password. When you type in your new password, the passwd command checks the password
against cracklib to determine if it is a good or bad password. Non-root users will be required to
try a different password if the one they have chosen is not a good password.
The root user is the only user who is permitted to assign bad passwords. Once the password has
been accepted by cracklib, the passwd command asks you to enter the new password a second
time to make sure there are no typos (which are hard to detect when you can’t see what you are
typing). When running as root, it is possible to change a user’s password by supplying that user’s
login name as a parameter to the passwd command. For example:
# passwd joe
Changing password for user joe.
New UNIX password: ********
Retype new UNIX password: ********
passwd: all authentication tokens updated successfully.
Here the passwd command prompts you twice to enter a new password for joe. It does not
prompt you for his old password in this case. This allows root to reset a user’s password when that
user has forgotten it (an event that happens all too often).
Using a Shadow Password File
In early versions of UNIX, all user account and password information was stored in a file that all
users could read (although only root could write to it). This was generally not a problem because
the password information was encrypted. The password was encrypted using a trapdoor algorithm,
meaning the unencoded password could be encoded into a scrambled string of characters, but the
string could not be translated back to the non-encoded password. In other words, the trapdoor
implies that encryption only goes in one direction, so the encrypted password can’t be used to go
back to the unencoded password.
How does the system check your password in this case? When you log in, the system encodes the
password you entered, compares the resulting scrambled string with the scrambled string that is
stored in the password file, and grants you access only if the two match. Have you ever asked a
system administrator what the password on your account is only to hear, “I don’t know” in
response? If so, this is why: The administrator really doesn’t have the password, only the encrypted
version. The unencoded password exists only at the moment you type it.
Breaking Encrypted Passwords
There is a problem with people being able to see encrypted passwords, however. Although it may
be difficult (or even impossible) to reverse the encryption of a trapdoor algorithm, it is very easy to
encode a large number of password guesses and compare them to the encoded passwords in the
password file. This is, in order of magnitude, more efficient than trying actual login attempts for
each user name and password. If a cracker can get a copy of your password file, the cracker has a
much better chance of breaking into your system.
201
6
Part II
Running the Show
Fortunately, Linux and all modern UNIX systems support a shadow password file by default. The
shadow file is a special version of the passwd file that only root can read. It contains the
encrypted password information, so passwords can be left out of the passwd file, which any user
on the system can read. Linux supports the older, single password file method as well as the newer
shadow password file. You should always use the shadow password file (it is used by default).
Checking for the Shadow Password File
The password file is named passwd and can be found in the /etc directory. The shadow password file is named shadow and is also located in /etc. If your /etc/shadow file is missing, it
is likely that your Linux system is storing the password information in the /etc/passwd file
instead. Verify this by displaying the file with the less command.
# less /etc/passwd
Something similar to the following should be displayed:
root:DkkS6Uke799fQ:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:/bin/sh
.
.
.
mary:KpRUp2ozmY5TA:500:100:Mary Smith:/home/mary:/bin/bash
joe:0sXrzvKnQaksI:501:100:Joe Johnson:/home/joe:/bin/bash
jane:ptNoiueYEjwX.:502:100:Jane Anderson:/home/jane:/bin/bash
bob:Ju2vY7A0X6Kzw:503:100:Bob Reynolds:/home/bob:/bin/bash
Each line in this listing corresponds to a single user account on the Linux system. Each line is
made up of seven fields separated by colon (:) characters. From left to right the fields are the login
name, the encrypted password, the user ID, the group ID, the description, the home directory, and
the default shell. Looking at the first line, you see that it is for the root account and has an
encrypted password of DkkS6Uke799fQ. You can also see that root has a user ID of zero, a group
ID of zero, and a home directory of /root, and root’s default shell is /bin/bash.
All of these values are quite normal for a root account, but seeing that encrypted password should
set off alarm bells in your head. It confirms that your system is not using the shadow password file.
At this point, you should immediately convert your password file so that it uses /etc/shadow to
store the password information. You do this by using the pwconv command. Simply log in as root
(or use the su command to become root) and enter the pwconv command at a prompt. It will
print no messages, but when your shell prompt returns, you should have a /etc/shadow file and
your /etc/passwd file should now look like this:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
202
Securing Linux
daemon:x:2:2:daemon:/sbin:
.
.
.
mary:x:500:100:Mary Smith:/home/mary:/bin/bash
joe:x:501:100:Joe Johnson:/home/joe:/bin/bash
jane:x:502:100:Jane Anderson:/home/jane:/bin/bash
bob:x:503:100:Bob Reynolds:/home/bob:/bin/bash
Encrypted password data is replaced with an x. Password data has been moved to /etc/shadow.
There is also an Authentication Configuration utility (available with Fedora and RHEL systems)
that you can use to manage shadow passwords and other system authentication information. This
tool has features that let you work with MD5 passwords, LDAP authentication, or Kerberos 5
authentication as well. Select System ➪ Administration ➪ Authentication, and step through the
screens to use it.
To work with passwords for groups, you can use the grpconv command to convert passwords in
/etc/groups to shadowed group passwords in /etc/gshadow. If you change passwd or
group passwords and something breaks (you are unable to log in to the accounts), you can use the
pwunconv and grpunconv commands, respectively, to reverse password conversion.
So, now you are using the shadow password file and picking good passwords. You have made a
great start toward securing your system. You may also have noticed by now that security is not
just a one-time job. It is an ongoing process, as much about policies as programs. Keep reading to
learn more.
Using Log Files
If you make use of good firewalling practices as described in Chapter 18, you will be well prepared
to mitigate and prevent most cracker attacks. If your firewall should fail to stop an intrusion, you
must be able to recognize the attack when it is occurring. Understanding the various (and numerous) log files in which Linux records important events is critical to this goal. The log files for your
Linux system can be found in the /var/log directory.
Most Linux systems make use of log-viewing tools, either provided with the desktop environment
(such as GNOME) or as a command you can execute from a Terminal window. GNOME-based
desktops often include a System Log Viewer window (gnome-system-log command) that you
can use to view and search critical system log files from the GUI. To open the System Log Viewer
window from the top panel in Fedora, select System ➪ Administration ➪ System Logs. Figure 6.1
shows an example of the System Log Viewer window.
203
6
Part II
Running the Show
FIGURE 6.1
Display system log files in the System Log Viewer window.
To view a particular log file, click the log name in the left column. Choose a date from the calendar
in the lower-left corner to view log messages for a particular date.
Table 6-2 contains a listing of log files displayed in the System Log Viewer window, along with
other files in the /var/log directory that may interest you. (Select File ➪ Open to open a log file
that doesn’t appear in the left column.) Many of these files are included with most Linux systems
and are viewable only by root. Also, some Linux systems may use different file or directory names
(for example, /etc/httpd is /etc/apache on some Linux systems).
Because these logs are stored in plain-text files, you can view them using any text editor (such as vi
or gedit) or paging command (such as the less command).
TABLE 6-2
Log Files in the /var/log Directory
System Logs Name
Filename
Description
Boot Log
boot.log
Contains messages indicating which systems
services have started and shut down successfully
and which (if any) have failed to start or stop. The
most recent bootup messages are listed near the end
of the file.
Cron Log
cron
Contains status messages from the crond, a daemon
that periodically runs scheduled jobs, such as
backups and log file rotation.
204
Securing Linux
System Logs Name
Filename
Description
Kernel Startup Log
dmesg
A recording of messages printed by the kernel when
the system boots.
FTP Log
xferlog
Contains information about files transferred using
the FTP service.
Apache Access Log
httpd/access_log
Logs requests for information from your Apache
Web server.
Apache Error Log
httpd/error_log
Logs errors encountered from clients trying to access
data on your Apache Web server.
Mail Log
maillog
Contains information about addresses to which and
from which e-mail was sent. Useful for detecting
spamming.
MySQL Server Log
mysqld.log
Includes information related to activities of the
MySQL database server (mysqld).
News Log
spooler
Directory containing logs of messages from the
Usenet News server if you are running one.
RPM Packages
rpmpkgs
Contains a listing of RPM packages that are installed
on your system. (For systems that are not based on
RPM packaging, look for a debian-installer or
packages directory to find lists of installed packages.)
Security Log
secure
Records the date, time, and duration of login
attempts and sessions.
System Log
messages
A general-purpose log file to which many programs
record messages.
Update Agent Log
up2date
Contains messages resulting from actions by the Red
Hat Update Agent.
X.Org X11 Log
Xorg.0.log
Includes messages output by the X.Org X server.
a
gdm/:0.log
Holds messages related to the login screen
(GNOME display manager).
a
samba/log.smbd
Shows messages from the Samba SMB file service
daemon.
a
squid/access.log
Contains messages related to the squid
proxy/caching server.
a
vsftpd.log
Contains messages relating to transfers made using
the vsFTPd daemon (FTP server).
a
sendmail
Shows error messages recorded by the sendmail
daemon.
a
uucp
Shows status messages from the UNIX to UNIX
Copy Protocol daemon.
a
Indicates a log file that is not contained in the System Log Viewer window. Access these files directly from /var/log.
205
6
Part II
Running the Show
The Role of Syslogd
Most of the files in the /var/log directory are maintained by the syslogd service. The syslogd
daemon is the System Logging Daemon. It accepts log messages from a variety of other programs
and writes them to the appropriate log files. This is better than having every program write directly
to its own log file because it enables you to centrally manage how log files are handled. It is possible to configure syslogd to record varying levels of detail in the log files. It can be told to ignore all
but the most critical messages, or it can record every detail.
The syslogd daemon can even accept messages from other computers on your network. This is particularly handy because it enables you to centralize the management and reviewing of the log files
from many systems on your network. There is also a major security benefit to this practice.
If a system on your network is broken into, the cracker cannot delete or modify the log files
because those files are stored on a separate computer. It is important to remember, however, that
those log messages are not, by default, encrypted. Anyone tapping into your local network can
eavesdrop on those messages as they pass from one machine to another. Also, although the cracker
may not be able to change old log entries, he can affect the system such that any new log messages
should not be trusted.
It is not uncommon to run a dedicated loghost, a computer that serves no other purpose than to
record log messages from other computers on the network. Because this system runs no other services, it is unlikely that it will be broken into. This makes it nearly impossible for a cracker to erase
his or her tracks, but it does not mean that all of the log entries are accurate after a cracker has broken into a machine on your network.
Redirecting Logs to a Loghost with syslogd
To redirect your computer’s log files to another computer’s syslogd, you must make some changes
to your local syslogd’s configuration file, /etc/syslog.conf. Become root using the su - command and then load the /etc/syslog.conf file in a text editor (such as vi). You should see
something similar to this:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*
/dev/console
# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.*
/var/log/secure
# Log all the mail messages in one place.
mail.*
/var/log/maillog
# Log cron stuff
cron.*
206
/var/log/cron
Securing Linux
# Everybody gets emergency messages
*.emerg
*
# Save news errors of level crit and higher in a special file.
uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot.log
#
# INN
#
news.=crit
news.=err
news.notice
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
The lines beginning with a # character are comments. Other lines contain two columns of information. The left field is a semicolon-separated list (spaces won’t work) of message types and message
priorities. The right field is the log file to which those messages should be written.
To send the messages to another computer (the loghost) instead of a file, start by replacing the log
filename with the @ character followed by the name of the loghost. For example, to redirect the
output normally sent to the messages, secure, and maillog log files, make these changes to
the preceding file:
# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none @loghost
# The authpriv file has restricted access.
authpriv.*
@loghost
# Log all the mail messages in one place.
mail.*
@loghost
The messages will now be sent to the syslogd running on the computer named loghost. The
name loghost was not an arbitrary choice. It is customary to create such a host name and make it
an alias to the actual system acting as the loghost. That way, if you ever need to switch the loghost
duties to a different machine, you need to change only the loghost alias; you do not need to re-edit
the syslog.conf file on every computer.
On the loghost side, that machine must run syslogd with the -r option, so it will listen on the
network for log messages from other machines. In Fedora systems, that means adding a -r option
to the SYSLOGD_OPTIONS variable in the /etc/sysconfig/syslog file and restarting the
syslog service (service syslog restart). The loghost must also have UDP port 514 accessible
to be used by syslogd (check the /etc/services file), so you might need to add a firewall
rule to allow that.
207
6
Part II
Running the Show
Understanding the messages Log File
Because of the many programs and services that record information to the messages log file, it is
important that you understand the format of this file. You can get a good early warning of problems developing on your system by examining this file. Each line in the file is a single message
recorded by some program or service. Here is a snippet of an actual messages log file:
Feb 25 11:04:32 toys network: Bringing up loopback interface: succeeded
Feb 25 11:04:35 toys network: Bringing up interface eth0: succeeded
Feb 25 13:01:14 toys vsftpd(pam_unix)[10565]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=10.0.0.5 user=chris
Feb 25 14:44:24 toys su(pam_unix)[11439]: session opened for
user root by chris(uid=500)
This is really very simple when you know what to look for. Each message is divided into five main
parts. From left to right, they are:
n The date and time that the message was logged
n The name of the computer from which the message came
n The program or service name to which the message pertains
n The process number (enclosed in square brackets) of the program sending the message
n The actual text message
Take another look at the preceding file snippet. In the first two lines, you can see that the network
was restarted. The next line shows that the user named chris tried and failed to get to the FTP
server on this system from a computer at address 10.0.0.5 (he typed the wrong password and
authentication failed). The last line shows chris using the su command to become root user.
By occasionally reviewing the messages and secure files, it’s possible to catch a cracking
attempt before it is successful. If you see an excessive number of connection attempts for a particular service, especially if they are coming from systems on the Internet, you may be under attack.
Using Secure Shell Tools
The Secure Shell (ssh) tools are a set of client and server applications that allow you to do basic
communications (remote login, remote copy, remote execution, and so on) between remote computers and your Linux system. Because communication is encrypted between the server (typically
the sshd daemon process) and clients (such as ssh, scp, and sftp), these tools are inherently
more secure than similar, older UNIX tools such as rsh, rcp, and rlogin.
Most Linux systems include secure shell clients, while many include the sshd server as well. If you
are using the Fedora or Red Hat Enterprise Linux distributions, for example, the following client
and server software packages include the ssh software: openssh, openssh-clients, and opensshserver packages.
208
Securing Linux
Starting the ssh Service
Linux systems that come with the ssh service already installed often are configured for it to start
automatically. In Fedora and RHEL systems, the sshd daemon is started from the /etc/init.d/
sshd startup script. To make sure the service is set up to start automatically in Fedora, RHEL, and
other RPM-based Linux systems, type the following (as root user):
# chkconfig --list sshd
sshd
0:off
1:off
2:on
3:on
4:on
5:on
6:off
This shows that the sshd service is set to run in system states 2, 3, 4, and 5 (normal bootup
states) and set to be off in all other states. You can turn on the SSH service, if it is off, for your
default run state, by typing the following as root user:
# chkconfig sshd on
This line turns on the ssh service when you enter run levels 2, 3, 4, or 5. To start the service
immediately, type the following:
# service sshd start
Other Linux distributions may simply start the sshd daemon from and entry in the /etc/rc.d
directory from a file named something like rc.sshd. In any case, you can find out if the sshd
daemon is currently running on your system by typing the following:
$ ps ax | grep sshd
1996 ?
Ss 0:00 /usr/sbin/sshd
The preceding example shows that the sshd daemon is running. If that is the case, and your firewall allows secure shell service (with TCP port 22 open), you should be able to use ssh client commands to access your system. (Any further configuration you want to do to restrict what the sshd
daemon will allow is typically done in the /etc/ssh/sshd_config file.)
Using the ssh, sftp, and scp Commands
Three commands you can use with the SSH service are ssh, sftp, and scp. Remote users use the
ssh command to log in to your system securely or remotely execute a command on your system.
The scp command lets remote users copy files to and from a system. The sftp command provides a safe way to access FTP sites through the SSH service (for sites that offer SSH access to their
FTP content).
Like the normal remote shell services, secure shell looks in the /etc/hosts.equiv file and in a
user’s .rhost file to determine whether it should allow a connection. It also looks in the sshspecific files /etc/shosts.equiv and .shosts. Using the shosts.equiv and the .shosts
files is preferable because it avoids granting access to the unencrypted remote shell services. The
/etc/shosts.equiv and .shosts files are functionally equivalent to the traditional
hosts.equiv and .rhosts files, so the same instructions and rules apply.
209
6
Part II
Running the Show
Now you are ready to test the SSH service. From another computer on which SSH has been installed
(or even from the same computer if another is not available), type the ssh command followed by a
space and the name of the system you are connecting to. For example, to connect to the system
ratbert.glaci.com, type:
# ssh ratbert.glaci.com
If this is the first time ever you have logged in to that system using the ssh command, the system
will ask you to confirm that you really want to connect. Type yes and press Enter when it asks this:
The authenticity of host ‘ratbert.glaci.com (199.170.177.18)’ can’t be
established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
It should then prompt you for a username and password in the normal way. The connection will
then function like a normal remote login connection (in other words, you can begin typing shell
commands). The only difference is that the information is encrypted as it travels over the network.
You should now also be able to use the ssh command to run remote commands from a shell on
the remote system.
The scp command is similar to the rcp command for copying files to and from Linux systems.
Here is an example of using the scp command to copy a file called memo from the home directory
of the user named jake to the /tmp directory on a computer called maple:
$ scp /home/jake/memo maple:/tmp
[email protected]’s password: ********
memo
100%|****************|
153
0:00
Enter the password for your username (if a password is requested). If the password is accepted, the
remote system indicates that the file has been copied successfully.
Similarly, the sftp command starts an interactive FTP session with an FTP server that supports
SSH connections. Many security-conscious people prefer sftp to other ftp clients because it provides a secure connection between you and the remote host. Here’s an example:
$ sftp ftp.handsonhistory.com
Connecting to ftp.handsonhistory.com
[email protected]’s password: ********
sftp>
At this point you can begin an interactive FTP session. You can use get and put commands on
files as you would using any FTP client, but with the comfort of knowing that you are working on
a secure connection.
TIP
available.
210
The sftp command, as with ssh and scp, requires that the SSH service be running on
the server. If you can’t connect to a FTP server using sftp, the SSH service may not be
Securing Linux
Using ssh, scp, and sftp Without Passwords
For machines that you use a great deal (particularly machines behind a firewall on your LAN), it is
often helpful to set them up so that you do not have to use a password to log in. The following
procedure shows you how to do that.
These steps take you through setting up password-less authentication from one machine to
another. In this example, the local user is named chester on a computer named host1. The remote
user is also chester on a computer named host2.
1. Log in to the local computer (in this example, I log in as chester to host1).
NOTE
Run Step 2 only once as local user on your local workstation. Do not run it again unless
you lose your ssh keys. When configuring subsequent remote servers, skip right to Step 3.
2. Type the following to generate the ssh key:
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key
(/home/chester/.ssh/id_dsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in
/home/chester/.ssh/id_dsa.
Your public key has been saved in
/home/chester/.ssh/id_dsa.pub.
The key fingerprint is:
3b:c0:2f:63:a5:65:70:b7:4b:f0:2a:c4:18:24:47:69 [email protected]
As shown in the example, press Enter to accept the filename where the key is stored.
Then press Enter twice to accept a blank passphrase. (If you enter a passphrase, you will
be prompted for that passphrase and won’t be able to login without it.)
3. You must secure the permissions of your authentication keys by closing permissions to
your home directory, .ssh directory and authentication files as follows:
$ chmod go-w $HOME
$ chmod 700 $HOME/.ssh
$ chmod go-rwx $HOME/.ssh/*
4. Type the following to copy the key to the remote server (replace chester with the
remote username and host2 with the remote host name):
$ cd ~/.ssh
$ scp id_dsa.pub [email protected]:/tmp
[email protected]’s password: *******
5. Type the following to add the ssh key to the remote user’s authorization keys (the code
should be on one line, not wrapped):
$ ssh [email protected] ‘cat /tmp/id_dsa.pub >>
/home/chester/.ssh/authorized_keys2’
211
6
Part II
Running the Show
NOTE
In the previous two steps you are asked for passwords. This is okay.
For the sshd daemon to accept the authorized_keys2 file you created, your home
directories and that file itself must have secure permissions. To secure that file and those
directories, type the following:
$ ssh [email protected] chmod go-w $HOME $HOME/.ssh
$ ssh [email protected] chmod 600 $HOME/.ssh/authorized_keys2
6. Type the following to remove the key from the temporary directory:
$ ssh [email protected] rm /tmp/id_dsa.pub
NOTE
You should not be asked for a password or passphrase in the previous step.
It is important to note that once you have this working, it will work regardless of how many times
the IP address changes on your local computer. The IP address has nothing to do with this form of
authentication.
Securing Linux Servers
Opening up your Linux system as a server on a public network creates a whole new set of challenges when it comes to security. Instead of just turning away nearly all incoming requests, your
computer will be expected to respond to requests for supported services (such as Web, FTP, or mail
service) by supplying information or possibly running scripts that take in data.
Entire books have been filled with information on how to go about securing your servers. Many
businesses that rely on Internet servers assign full-time administrators to watch over the security of
their servers. So, think of this section as an overview of some of the kinds of attacks to look out for
and some tools available to secure your Linux server.
Controlling Access to Services with TCP Wrappers
Completely disabling an unused service is fine, but what about the services that you really need?
How can you selectively grant and deny access to these services? For Linux systems that incorporate TCP wrapper support, the /etc/hosts.allow and /etc/hosts.deny files determine
when a particular connection should be granted or refused for services such as rlogin, rsh, telnet,
finger, and talk.
Most Linux systems that implement TCP wrappers do so for a set of services that are monitored by
a single listening process called the Internet super server. For Fedora and RHEL systems, that
server is the xinetd daemon, while in other systems (such as Debian) the inetd daemon is used.
When a service that relies on TCP wrappers is requested from the server process, the
212
Securing Linux
hosts.allow and hosts.deny files are scanned and checked for an entry that matches the IP
address of the connecting machine. These checks are made when connection attempts occur:
n If the address is listed in the hosts.allow file, the connection is allowed and
hosts.deny is not checked.
n If the address is in hosts.deny, the connection is denied.
n If the address is in neither file, the connection is allowed.
Keep in mind that the order in which hosts are evaluated is important. For example, you cannot
deny access to a host in the hosts.deny file that has already been given access in the
hosts.allow file.
It is not necessary (or even possible) to list every single address that may try to connect to your computer. The hosts.allow and hosts.deny files enable you to specify entire subnets and groups of
addresses. You can even use the keyword ALL to specify all possible addresses. You can also restrict
specific entries in these files so they apply only to specific network services. Look at an example of a
typical pair of hosts.allow and hosts.deny files. Here’s the /etc/hosts.allow file:
#
# hosts.allow This file describes the names of the hosts are
#
allowed to use the local INET services, as decided
#
by the ‘/usr/sbin/tcpd’ server.
#
cups-lpd: 199.170.177.
in.telnetd: 199.170.177., .linuxtoys.net
vsftpd: ALL
Here’s the /etc/hosts.deny file:
#
# hosts.deny This file describes names of the hosts which are
#
*not* allowed to use the local INET services, as
#
decided by the ‘/usr/sbin/tcpd’ server.
#
ALL: ALL
The preceding example is a rather restrictive configuration. It allows connections to the cups-lpd
and telnet services from certain hosts, but then denies all other connections. It also allows connections to the FTP service (vsftp) to all hosts. Let’s examine the files in detail.
As usual, lines beginning with a # character are comments and are ignored by xinetd or inetd
when it parses the file. Each noncomment line consists of a comma-separated list of daemons followed by a colon (:) character and then a comma-separated list of client addresses to check. In
this context, a client is any computer that attempts to access a network service on your system.
213
6
Part II
Running the Show
A client entry can be a numeric IP address (such as 199.170.177.25) or a host name (such as
jukebox.linuxtoys.net), but is more often a wildcard variation that specifies an entire range
of addresses. A client entry can take four different forms. The online manual page for the
hosts.allow file describes them as follows:
n A string that begins with a dot (.) character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern .tue.nl
matches the host name wzv.win.tue.nl.
n A string that ends with a dot (.) character. A host address is matched if its first numeric
fields match the given string. For example, the pattern 131.155. matches the address of
(almost) every host on the Eindhoven University network (131.155.x.x).
n A string that begins with an at (@) sign is treated as an NIS netgroup name. A host name
is matched if it is a host member of the specified netgroup. Netgroup matches are not
supported for daemon process names or for client user names.
n An expression of the form n.n.n.n/m.m.m.m is interpreted as a net/mask pair. A host
address is matched if net is equal to the bitwise and of the address and the mask. For
example, the net/mask pattern 131.155.72.0/255.255.254.0 matches every
address in the range 131.155.72.0 through 131.155.73.255.
The example host.allow contains the first two types of client specification. The entry
199.170.177. will match any IP address that begins with that string, such as 199.170.177.25.
The client entry .linuxtoys.net will match host names such as jukebox.linuxtoys.net or
picframe.linuxtoys.net.
Let’s examine what happens when a host named jukebox.linuxtoys.net (with IP address
199.170.179.18) connects to your Linux system using the Telnet protocol. In this case, the
Linux system is Fedora, which uses the xinetd daemon to listen for service requests associated with
TCP wrappers:
1. xinetd receives the connection request.
2. xinetd begins comparing the address and name of jukebox.linuxtoys.net to the
rules listed in /etc/hosts.allow. It starts at the top of the file and works its way
down the file until finding a match. Both the daemon (the program handling the network
service on your Fedora box) and the connecting client’s IP address or name must match
the information in the hosts.allow file. In this case, the second rule that is encountered matches the request:
in.telnetd: 199.170.177., .linuxtoys.net
3. The jukebox host is not in the 199.170.177 subnet, but it is in the linuxtoys.net
domain. xinetd stops searching the file as soon as it finds this match.
How about if jukebox connects to your box using the CUPS-lpd protocol? In this case, it matches
none of the rules in hosts.allow; the only line that refers to the lpd daemon does not refer to
the 199.170.179 subnet or to the linuxtoys.net domain. xinetd continues on to the
hosts.deny file. The entry ALL: ALL matches anything, so tcpd denies the connection.
214
Securing Linux
The ALL wildcard was also used in the hosts.allow file. In this case, we are telling xinetd to
permit absolutely any host to connect to the FTP service on the Linux box. This is appropriate for
running an anonymous FTP server that anyone on the Internet can access. If you are not running
an anonymous FTP site, you probably should not use the ALL flag.
A good rule of thumb is to make your hosts.allow and hosts.deny files as restrictive as possible and then explicitly enable only those services that you really need. Also, grant access only to
those systems that really need access. Using the ALL flag to grant universal access to a particular
service may be easier than typing a long list of subnets or domains, but better a few minutes spent
on proper security measures than many hours recovering from a break-in.
For Linux systems that use the xinetd service, you can further restrict access to services
using various options within the /etc/xinetd.conf file, even to the point of limiting
access to certain services to specific times of the day. Read the manual page for xinetd (by typing
man xinetd at a command prompt) to learn more about these options.
TIP
Understanding Attack Techniques
Attacks on computing systems take on different forms, depending on the goal and resources of the
attacker. Some attackers want to be disruptive, while others want to infiltrate your machines and
utilize the resources for their own nefarious purposes. Still others are targeting your data for financial gain or blackmail. Here are three major categories of attacks:
n Denial of Service (DOS) — The easiest attacks to perpetrate are Denial of Service
attacks. The primary purpose of these attacks is to disrupt the activities of a remote site
by overloading it with irrelevant data. DOS attacks can be as simple as sending thousands
of page requests per second at a Web site. These types of attacks are easy to perpetrate
and easy to protect against. Once you have a handle on where the attack is coming from,
a simple phone call to the perpetrator’s ISP will get the problem solved.
n Distributed Denial of Service (DDOS) — More advanced DOS attacks are called distributed denial of service attacks. DDOS attacks are much harder to perpetrate and nearly
impossible to stop. In this form of attack, an attacker takes control of hundreds or even
thousands of weakly secured Internet connected computers. The attacker then directs
them in unison to send a stream of irrelevant data to a single Internet host. The result is
that the power of one attacker is magnified thousands of times. Instead of an attack coming from one direction, as is the case in a normal DOS, it comes from thousands of directions at once. The best defense against a DDOS attack is to contact your ISP to see if it
can filter traffic at its border routers.
Many people use the excuse, “I have nothing on my machine anyone would want” to avoid
having to consider security. The problem with this argument is that attackers have a lot of
reasons to use your machine. The attacker can turn your machine into an agent for later
use in a DDOS attack. More than once, authorities have shown up at the door of a dumbfounded computer user asking questions about threats originating from their computer. By
ignoring security, the owners have opened themselves up to a great deal of liability.
215
6
Part II
Running the Show
n Intrusion attacks — To remotely use the resources of a target machine, attackers must
first look for an opening to exploit. In the absence of inside information such as passwords or encryption keys, they must scan the target machine to see what services are
offered. Perhaps one of the services is weakly secured and the attacker can use some
known exploit to finagle his or her way in.
A tool called nmap is generally considered the best way to scan a host for services (note
that nmap is a tool that can be used for good and evil). Once the attacker has a list of
the available services running on his target, he needs to find a way to trick one of those
services into letting him have privileged access to the system. Usually, this is done with a
program called an exploit.
While DOS attacks are disruptive, intrusion attacks are the most damaging. The reasons are varied,
but the result is always the same. An uninvited guest is now taking up residence on your machine
and is using it in a way you have no control over.
Protecting Against Denial of Service Attacks
As explained earlier, a denial of service attack attempts to crash your computer or at least degrade
its performance to an unusable level. There are a variety of denial of service exploits. Most try to
overload some system resource, such as your available disk space or your Internet connection.
Some common attacks and defenses are discussed in the following sections.
Mailbombing
Mailbombing is the practice of sending so much e-mail to a particular user or system that the computer’s hard drive becomes full. There are several ways to protect yourself from mailbombing. You
can use the Procmail e-mail-filtering tool or, if you are using sendmail as your mail transport agent,
configure your sendmail daemon.
Blocking Mail with Procmail
The Procmail e-mail-filtering tool, installed by default with Fedora, RHEL, and many other Linux
systems, is tightly integrated with the sendmail e-mail daemon; thus, it can be used to selectively
block or filter out specific types of e-mail. You can learn more about Procmail at the Procmail Web
site: www.procmail.org.
To enable Procmail for your user account, create a .procmailrc file in your home directory. The
file should be mode 0600 (readable by you but nobody else). Type the following, replacing evilmailer with the actual e-mail address that is mailbombing you.
# Delete mail from evilmailer
:0
* ^From.*evilmailer
/dev/null
The Procmail recipe looks for the From line at the start of each e-mail to see if it includes the string
evilmailer. If it does, the message is sent to /dev/null (effectively throwing it away).
216
Securing Linux
Blocking Mail with sendmail
The Procmail e-mail tool works quite well when only one user is being mailbombed. If, however,
the mailbombing affects many users, you should probably configure your sendmail daemon to
block all e-mail from the mailbomber. Do this by adding the mailbomber’s e-mail address or system
name to the access file located in the /etc/mail directory.
Each line of the access file contains an e-mail address, host name, domain, or IP address followed by a tab and then a keyword specifying what action to take when that entity sends you a
message. Valid keywords are OK, RELAY, REJECT, DISCARD, and ERROR. Using the REJECT
keyword will cause a sender’s e-mail to be bounced back with an error message. The keyword
DISCARD will cause the message to be silently dropped without sending an error back. You can
even return a custom error message by using the ERROR keyword.
Thus, an example /etc/mail/access file may look similar to this:
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain
RELAY
localhost
RELAY
127.0.0.1
RELAY
#
# Senders we want to Block
#
[email protected]
REJECT
stimpy.glaci.com
REJECT
cyberpromo.com
DISCARD
199.170.176.99
ERROR:”550 Die Spammer Scum!”
199.170.177
ERROR:”550 Email Refused”
As with most Linux configuration files, lines that begin with a pound (#) sign are comments. The
list of blocked spammers is at the end of this example file. Note that the address to block can be a
complete e-mail address, a full host name, a domain only, an IP address, or a subnet.
To block a particular e-mail address or host from mailbombing you, log in to your system as root,
edit the /etc/mail/access file, and add a line to DISCARD mail from the offending sender.
After saving the file and exiting the editor, you must convert the access file into a hash-indexed
database called access.db. The database is updated automatically the next time sendmail starts. On
Fedora and other Red Hat systems, you can convert the database immediately, as follows:
# cd /etc/mail
# make
Sendmail should now discard e-mail from the addresses you added.
217
6
Part II
Running the Show
Spam Relaying
Your e-mail services can also be abused by having your system used as a spam relay. Spam refers to
the unsolicited junk e-mail that has become a common occurrence on the Internet. Relay refers to
the mail server feature that causes it to send mail it receives to another server. (Normally, only
users with valid e-mail accounts on the server are allowed to use a mail server to relay messages in
their behalf. A mail server configured as an open relay will allow anyone to forward e-mail messages through it and is, therefore, considered to be a very bad practice.)
Spammers often deliver their annoying messages from a normal dial-up Internet account. They
need some kind of high-capacity e-mail server to accept and buffer the payload of messages. They
deliver the spam to the server all in one huge batch and then log off, letting the server do the work
of delivering the messages to the many victims.
Naturally, no self-respecting Internet service provider will cooperate with this action, so spammers
resort to hijacking servers at another ISP to do the dirty work. Having your mailserver hijacked to
act as a spam relay can have a devastating effect on your system and your reputation. Fortunately,
open mail relaying is deactivated by default on Fedora and Red Hat Enterprise Linux installations.
Open mail relaying is one security issue that you will not have to worry about.
You can allow specific hosts or domains to relay mail through your system by adding those senders
to your /etc/mail/access file with keyword RELAY. By default, relaying is allowed from the
local host only.
One package you might consider using to filter out spam on your mail server is
SpamAssassin. SpamAssassin examines the text of incoming mail messages and attempts
to filter out messages that are determined to be spam. SpamAssassin is described in Chapter 25.
TIP
Smurf Amplification Attack
Smurfing refers to a particular type of denial of service attack aimed at flooding your Internet connection. It can be a difficult attack to defend against because it is not easy to trace the attack to the
attacker. Here is how smurfing works.
The attack makes use of the ICMP protocol, a service intended for checking the speed and availability of network connections. Using the ping command, you can send a network packet from
your computer to another computer on the Internet. The remote computer will recognize the
packet as an ICMP request and echo a reply packet to your computer. Your computer can then
print a message revealing that the remote system is up and telling you how long it took to reply to
the ping.
A smurfing attack uses a malformed ICMP request to bury your computer in network traffic. The
attacker does this by bouncing a ping request off an unwitting third party in such a way that the
reply is duplicated dozens or even hundreds of times. An organization with a fast Internet connection and a large number of computers is used as the relay. The destination address of the ping is set
to an entire subnet instead of a single host. The return address is forged to be your machine’s
218
Securing Linux
address instead of the actual sender. When the ICMP packet arrives at the unwitting relay’s network, every host on that subnet replies to the ping! Furthermore, they reply to your computer
instead of to the actual sender. If the relay’s network has hundreds of computers, your Internet
connection can be quickly flooded.
The best fix is to contact the organization being used as a relay and inform it of the abuse. Usually,
they need only to reconfigure their Internet router to stop any future attacks. If the organization is
uncooperative, you can minimize the effect of the attack by blocking the ICMP protocol on your
router. This will at least keep the traffic off your internal network. If you can convince your ISP to
block ICMP packets aimed at your network, it will help even more. (Note that there is some debate
about whether or not blocking ICMP packets is a good idea, since ICMP services can be useful for
various administrative purposes.)
Protecting Against Distributed DOS Attacks
DDOS attacks are much harder to initiate and extremely difficult to stop. A DDOS attack begins
with the penetration of hundreds or even thousands of weakly secured machines. These machines
can then be directed to attack a single host based on the whims of the attacker.
With the advent of DSL and cable modem, millions of people are enjoying Internet access with virtually no speed restrictions. In their rush to get online, many of those people neglect even the most
basic security. Since the vast majority of these people run Microsoft operating systems, they tend to
get hit with worms and viruses rather quickly. After the machine has been infiltrated, quite often
the worm or virus installs a program on the victim’s machine that instructs it to quietly call home
and announce that it is now ready to do the master’s bidding.
At the whim of the master, the infected machines can now be used to focus a concentrated stream
of garbage data at a selected host. In concert with thousands of other infected machines, a script
kiddie now has the power to take down nearly any site on the Internet.
Detecting a DDOS is similar to detecting a DOS attack. One or more of the following signs are
likely to be present:
n Sustained saturated data link
n No reduction in link saturation during off-peak hours
n Hundreds or even thousands of simultaneous network connections
n Extremely slow system performance
To determine if your data link is saturated, the act of pinging an outside host can tell much of the
story. Much higher than usual latency is a dead giveaway. Normal ping latency (that is, the time it
takes for a ping response to come back from a remote host) looks like the following:
# ping www.example.com
PING www.example.com (192.0.34.166) from 10.0.0.11: 56(84) bytes of data
64 bytes from 192.0.34.166: icmp_seq=1 ttl=49 time=40.1 ms
64 bytes from 192.0.34.166: icmp_seq=2 ttl=49 time=42.5 ms
219
6
Part II
Running the Show
64 bytes from 192.0.34.166: icmp_seq=3 ttl=49 time=39.5 ms
64 bytes from 192.0.34.166: icmp_seq=4 ttl=49 time=38.4 ms
64 bytes from 192.0.34.166: icmp_seq=5 ttl=49 time=39.0 ms
--- www.example.com ping statistics --5 packets transmitted, 5 received, 0% loss, time 4035ms
rtt min/avg/max/mdev = 38.472/39.971/42.584/1.432 ms
In the preceding example, the average time for a ping packet to make the roundtrip was about 39
thousandths of a second.
A ping to a nearly saturated link looks like the following:
# ping www.example.com
PING www.example.com (192.0.34.166): from 10.0.0.11: 56(84)bytes of data
64 bytes from 192.0.34.166: icmp_seq=1 ttl=62 time=1252 ms
64 bytes from 192.0.34.166: icmp_seq=2 ttl=62 time=1218 ms
64 bytes from 192.0.34.166: icmp_seq=3 ttl=62 time=1290 ms
64 bytes from 192.0.34.166: icmp_seq=4 ttl=62 time=1288 ms
64 bytes from 192.0.34.166: icmp_seq=5 ttl=62 time=1241 ms
--- www.example.com ping statistics --5 packets transmitted, 5 received, 0% loss, time 5032ms
rtt min/avg/max/mdev = 1218.059/1258.384/1290.861/28.000 ms
In this example, a ping packet took, on average, 1.3 seconds to make the roundtrip. From the first
example to the second example, latency increased by a factor of 31! A data link that goes from
working normally to slowing down by a factor of 31 is a clear sign that link utilization should be
investigated.
For a more accurate measure of data throughput, you can use a tool such as ttcp. To test your connection with ttcp you must have installed the ttcp package on machines inside and outside of your
network. (The ttcp package is available with Fedora Core and other Linux systems.) If you are not
sure whether the package is installed, simply type ttcp at a command prompt. You should see
something like the following:
# ttcp
Usage: ttcp -t [-options] host [ < in ]
ttcp -r [-options > out]
Common options:
-l ##
length of bufs read from or written to network (default 8192)
-u
use UDP instead of TCP
-p ##
port number to send to or listen at (default 5001)
-s
-t: source a pattern to network
-r: sink (discard) all data from network
-A
align the start of buffers to this modulus (default 16384)
-O
start buffers at this offset from the modulus (default 0)
-v
verbose: print more statistics
-d
set SO_DEBUG socket option
220
Securing Linux
-b ##
set socket buffer size (if supported)
-f X
format for rate: k,K = kilo{bit,byte}; m,M = mega; g,G = giga
Options specific to -t:
-n##
number of source bufs written to network (default 2048)
-D
don’t buffer TCP writes (sets TCP_NODELAY socket option)
-w ## number of microseconds to wait between each write
Options specific to -r:
-B
for -s, only output full blocks as specified by -l (for TAR)
-T
“touch”: access each byte as it’s read
-I if Specify the network interface (e.g. eth0) to use
The first step is to start up a receiver process on the server machine:
# ttcp -rs
ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001
ttcp-r: socket
tcp
The –r flag denotes that the server machine will be the receiver. The –s flag, in conjunction with
the –r flag, tells ttcp that we want to ignore any received data.
The next step is to have someone outside of your data link, with a network link close to the same
speed as yours, set up a ttcp sending process:
# ttcp -ts server.example.com
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001
-> server.example.com
ttcp-t: socket
ttcp-t: connect
tcp
Let the process run for a few minutes and then press Ctrl+C on the transmitting side to stop the
testing. The receiving side then takes a moment to calculate and present the results:
# ttcp -rs
ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp
ttcp-r: socket
ttcp-r: accept from 64.223.17.21
ttcp-r: 2102496 bytes in 70.02 real seconds = 29.32 KB/sec +++
ttcp-r: 1226 I/O calls, msec/call = 58.49, calls/sec = 17.51
ttcp-r: 0.0user 0.0sys 1:10real 0% 0i+0d 0maxrss 0+2pf 0+0csw
In this example, the average bandwidth between the two hosts was 29.32 kilobytes per second. On
a link suffering from a DDOS, this number would be a mere fraction of the actual bandwidth the
data link is rated for.
If the data link is indeed saturated, the next step is to determine where the connections are coming
from. A very effective way of doing this is with the netstat command, which is included as part
of the base Fedora installation. Type the following to see connection information:
# netstat –tupn
221
6
Part II
Running the Show
Table 6-3 describes each of the netstat parameters used here.
TABLE 6-3
netstat Parameters
Parameter
Description
-t, --tcp
Show TCP socket connections.
-u, --udp
Show UDP socket connections.
-p, --program
Show the PID and name of the program to which each socket belongs.
-n, --numeric
Show numerical address instead of trying to determine symbolic host, port, or
usernames.
The following is an example of what the output might look like:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
tcp
0
0 65.213.7.96:22
13.29.132.19:12545
tcp
0 224 65.213.7.96:22
13.29.210.13:29250
tcp
0
0 65.213.7.96:6667 13.29.194.190:33452
tcp
0
0 65.213.7.96:6667 216.39.144.152:42709
tcp
0
0 65.213.7.96:42352 67.113.1.99:53
tcp
0
0 65.213.7.96:42354 83.152.6.9:113
tcp
0
0 65.213.7.96:42351 83.152.6.9:113
tcp
0
0 127.0.0.1:42355
127.0.0.1:783
tcp
0
0 127.0.0.1:783
127.0.0.1:42353
tcp
0
0 65.213.7.96:42348 19.15.11.1:25
State
PID/Program name
ESTABLISHED 32376/sshd
ESTABLISHED 13858/sshd
ESTABLISHED 1870/ircd
ESTABLISHED 1870/ircd
TIME_WAIT
TIME_WAIT
TIME_WAIT
TIME_WAIT
TIME_WAIT
TIME_WAIT
-
The output is organized into columns defined as follows:
n Proto — Protocol used by the socket.
n Recv-Q — The number of bytes not yet copied by the user program attached to this
socket.
n Send-Q — The number of bytes not acknowledged by the host.
n Local Address — Address and port number of the local end of the socket.
n Foreign Address — Address and port number of the remote end of the socket.
n State — Current state of the socket. Table 6-4 provides a list of socket states.
n PID/Program name — Process ID and program name of the process that owns the socket.
222
Securing Linux
TABLE 6-4
Socket States
State
Description
ESTABLISHED
Socket has an established connection.
SYN_SENT
Socket actively trying to establish a connection.
SYN_RECV
Connection request received from the network.
FIN_WAIT1
Socket closed and shutting down.
FIN_WAIT2
Socket is waiting for remote end to shut down.
TIME_WAIT
Socket is waiting after closing to handle packets still in the network.
CLOSED
Socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed, waiting for
acknowledgement.
LISTEN
Socket is waiting for an incoming connection.
CLOSING
Both sides of the connection are shut down, but not all of your data has been sent.
UNKNOWN
The state of the socket is unknown.
During a DOS attack, the foreign address is usually the same for each connection. In this case, it is
a simple matter of typing the foreign IP address into the search form at www.arin.net/whois/
so you can alert your ISP.
During a DDOS attack, the foreign address will likely be different for each connection. In this case,
it is impossible to track down all of the offenders because there will likely be thousands of them.
The best way to defend yourself is to contact your ISP and see if it can filter the traffic at its
border routers.
Protecting Against Intrusion Attacks
Crackers have a wide variety of tools and techniques to assist them in breaking into your computer. Intrusion attacks focus on exploiting weaknesses in your security, so the crackers can take
more control of your system (and potentially do more damage) than they could from the outside.
Fortunately, there are many tools and techniques for combating intrusion attacks. This section discusses the most common break-in methods and the tools available to protect your system.
Although the examples shown are specific to Fedora and other Red Hat Linux systems, the tools
and techniques are generally applicable to any Linux or UNIX-like operating system.
223
6
Part II
Running the Show
Evaluating Access to Network Services
Linux systems and their UNIX kin provide many network services, and with them many avenues
for cracker attacks. You should know these services and how to limit access to them.
What do I mean by a network service? Basically, I am referring to any task that the computer performs that requires it to send and receive information over the network using some predefined set
of rules. Routing e-mail is a network service. So is serving Web pages. Your Linux box has the
potential to provide thousands of services. Many of them are listed in the /etc/services file.
Look at a snippet of that file:
# /etc/services:
# service-name port/protocol [aliases ...]
[# comment]
chargen
19/tcp
ttytst source
chargen
19/udp
ttytst source
ftp-data
20/tcp
ftp-data
20/udp
# 21 is registered to ftp, but also used by fsp
ftp
21/tcp
ftp
21/udp
fsp fspd
ssh
22/tcp
# SSH Remote Login Protocol
ssh
22/udp
# SSH Remote Login Protocol
telnet
23/tcp
telnet
23/udp
# 24 - private mail system
smtp
25/tcp
mail
After the comment lines, you will notice three columns of information. The left column contains
the name of each service. The middle column defines the port number and protocol type used for
that service. The rightmost field contains an optional alias or list of aliases for the service.
As an example, examine the last entry in the file snippet. It describes the SMTP (Simple Mail
Transfer Protocol) service, which is the service used for delivering e-mail over the Internet. The
middle column contains the text 25/tcp, which tells you that the SMTP protocol uses port 25 and
uses the Transmission Control Protocol (TCP) as its protocol type.
What exactly is a port number? It is a unique number that has been set aside for a particular network service. It allows network connections to be properly routed to the software that handles that
service. For example, when an e-mail message is delivered from some other computer to your
Linux box, the remote system must first establish a network connection with your system. Your
computer receives the connection request, examines it, sees it labeled for port 25, and thus knows
that the connection should be handed to the program that handles e-mail (which happens to be
sendmail).
224
Securing Linux
I mentioned that SMTP uses the TCP protocol. Some services use UDP, the User Datagram
Protocol. All you really need to know about TCP and UDP (for the purposes of this security
discussion) is that they provide different ways of packaging the information sent over a network
connection. A TCP connection provides error detection and retransmission of lost data. UDP doesn’t
check to ensure that the data arrived complete and intact; it is meant as a fast way to send noncritical information.
Disabling Network Services
Although there are hundreds of services (with official port numbers listed in /etc/services)
that potentially could be available and subject to attack on your Linux system, in reality only a few
dozen services are installed and only a handful of those are on by default. In Fedora and RHEL systems, most network services are started by either the xinetd process or by a start-up script in the
/etc/init.d directory. Other Linux systems use the inetd process instead of xinetd.
xinetd and inetd are daemons that listen on a great number of network port numbers. When a
connection is made to a particular port number, xinetd or inetd automatically starts the appropriate program for that service and hands the connection to it.
For xinetd, the configuration file /etc/xinetd.conf is used to provide default settings for the
xinetd server. The directory /etc/xinetd.d contains files telling xinetd what ports to listen on
and what programs to start (the inetd daemon, alternatively, uses only the /etc/inetd.conf
file). Each file in /etc/xinetd.d contains configuration information for a single service, and the
file is usually named after the service it configures. For example, to enable the rsync service, edit
the rsync file in the /etc/xinetd.d directory and look for a section similar to the following:
service rsync
{
disable = yes
socket_type
wait
user
server
server_args
log_on_failure
}
= stream
= no
= root
= /usr/bin/rsync
= --daemon
+= USERID
Note that the first line of this example identifies the service as rsync. This exactly matches the
service name listed in the /etc/services file, causing the service to listen on port 873 for TCP
and UDP protocols. You can see that the service is off by default (disable = yes). To enable the
rsync services, change the line to read disable = no instead. Thus, the disable line from the preceding example would look like this:
disable = no
225
6
Part II
Running the Show
The rsync service is a nice one to turn on if your machine is an FTP server. It allows people to use an rsync client (which includes a checksum-search algorithm) to download
files from your server. With that feature, users can restart a disrupted download without having to
start from the beginning.
TIP
Because most services are disabled by default, your computer is only as insecure as you make it.
You can double-check that insecure services, such as rlogin and rsh (which are included in the rshserver package in Fedora and RHEL systems), are also disabled by making sure that disabled =
yes is set in the /etc/xinetd.d/rlogin and rsh files.
You can make the remote login service active but disable the use of the /etc/host.
equiv and .rhosts files, requiring rlogin to always prompt for a password. Rather
than disabling the service, locate the server line in the rsh file (server = /usr/sbin/in.rshd)
and add a space followed by -L at the end.
TIP
You now need to send a signal to the xinetd process to tell it to reload its configuration file. The
quickest way to do that in Fedora and RHEL systems is to reload the xinetd service. As the root
user, type the following from a shell:
# service xinetd reload
Reloading configuration:
[ OK ]
You can also tell the xinetd process directly to reread the configuration file by sending it a SIGHUP
signal. That works if you are using the inetd daemon instead (on systems such as Debian or
Slackware) to reread the /etc/inetd.conf file. For example, type this (as root user) to have the
inetd daemon reread the configuration file:
# killall -s SIGHUP inetd
That’s it — you have enabled the rsync service. Provided that you have properly configured your
FTP server, clients should now be able to download files from your computer via the rsync protocol.
Securing Servers with SELinux
Red Hat, Inc. did a clever thing when it took its first swipe at implementing SELinux in Red Hat
systems. Instead of creating policies to control every aspect of your Linux system, it created a “targeted” policy type that focused on securing those services that are most vulnerable to attacks. The
company then set about securing those services in such a way that, if they were compromised, a
cracker couldn’t compromise the rest of the system as well.
Once you have opened a port in your firewall so others can request a service, then started that
service to handle requests, SELinux can be used to set up walls around that service. As a result, its
daemon process, configuration files, and data can’t access resources they are not specifically
allowed to access. The rest of your computer, then, is safer.
226
Securing Linux
As Red Hat continues to work out the kinks in SELinux, there has been a tendency for users to see
SELinux failures and just disable the entire SELinux service. However, a better course is to find out
if SELinux is really stopping you from doing something that is unsafe. If it turns out to be a bug
with SELinux, file a bug report and help make the service better.
If you are enabling FTP, Web (HTTPD), DNS, NFS, NIS, or Samba services on your Fedora or
RHEL system, you should consider leaving SELinux enabled and working with the settings from
the Security Level Configuration window to configure those services. For information on SELinux
that is specific Fedora, refer to this site:
http://fedora.redhat.com/docs/selinux-faq-fc5
Protecting Web Servers with
Certificates and Encryption
Previous sections told you how to lock the doors to your Linux system to deny access to crackers.
The best dead bolt lock, however, is useless if you are mugged in your own driveway and have
your keys stolen. Likewise, the best computer security can be for naught if you are sending passwords and other critical data unprotected across the Internet.
Exporting Encryption Technology
B
efore describing how to use the various encryption tools, I need to warn you about an unusual
policy of the United States government. For many years, the United States government treated
encryption technology like munitions. As a result, anyone wanting to export encryption technology
had to get an export license from the Commerce Department. This applied not only to encryption
software developed within the United States, but also to software obtained from other countries and
then re-exported to another country (or even to the same country you got it from).
Thus, if you installed encryption technology on your Linux system and then transported it out of the
country, you were violating federal law! Furthermore, if you e-mailed encryption software to a friend
in another country or let him or her download it from your server, you violated the law.
In January 2000, U.S. export laws relating to encryption software were relaxed considerably.
However, often the U.S. Commerce Department’s Bureau of Export Administration requires a review
of encryption products before they can be exported. U.S. companies are also still not allowed to
export encryption technology to countries classified as supporting terrorism.
227
6
Part II
Running the Show
A savvy cracker can use a tool called a protocol analyzer or a network sniffer to peek at the data flowing across a network and pick out passwords, credit card data, and other juicy bits of information.
The cracker does this by breaking into a poorly protected system on the same network and running software, or by gaining physical access to the same network and plugging in his or her own
equipment.
You can combat this sort of theft by using encryption. The two main types of encryption in use
today are symmetric cryptography and public-key cryptography.
Symmetric Cryptography
Symmetric cryptography, also called private-key cryptography, uses a single key to both encrypt and
decrypt a message. This method is generally inappropriate for securing data that will be used by a
third party because of the complexity of secure key exchange. Symmetric cryptography is
generally useful for encrypting data for one’s own purposes.
A classic use of symmetric cryptography is for a personal password vault. Anyone who has been
using the Internet for any amount of time has accumulated a quantity of usernames and passwords
for accessing various sites and resources. A personal password vault lets you store this access information in an encrypted form. The end result is that you have to remember only one password to
unlock all of your access information.
Until recently, the United States government was standardized on a symmetric encryption algorithm called DES (Data Encryption Standard) to secure important information. Because there is no
direct way to crack DES encrypted data, to decrypt DES encrypted data without a password you
would have to use an unimaginable amount of computing power to try to guess the password. This
is also known as the brute force method of decryption.
As personal computing power has increased nearly exponentially, the DES algorithm has had to be
retired. In its place, after a very long and interesting search, the United States government has
accepted the Rijndael algorithm as what it calls the AES (Advanced Encryption Standard).
Although the AES algorithm is also subject to brute force attacks, it requires significantly more
computing power to crack than the DES algorithm does.
For more information on AES, including a command-line implementation of the algorithm, you
can visit http://aescrypt.sourceforge.net/.
Asymmetric Cryptography
Public-key cryptography does not suffer from key distribution problems, and that is why it is the
preferred encryption method for secure Internet communication. This method uses two keys, one
to encrypt the message and another to decrypt the message. The key used to encrypt the message
is called the public key because it is made available for all to see. The key used to decrypt the message is the private key and is kept hidden.
228
Securing Linux
Imagine that you want to send me a secure message using public-key encryption. Here is what
we need:
1. I must have a public and private key pair. Depending on the circumstances, I may generate the keys myself (using special software) or obtain the keys from a key authority.
2. You want to send me a message, so you first look up my public key (or more accurately,
the software you are using looks it up).
3. You encrypt the message with the public key. At this point, the message can be decrypted
only with the private key (the public key cannot be used to decrypt the message).
4. I receive the message and use my private key to decrypt it.
Secure Socket Layer
A classic implementation of public-key cryptography is with secure sockets layer (SSL) communication. This is the technology that enables you to securely submit your credit card information to
an online merchant. The elements of an SSL encrypted session are as follows:
n SSL-enabled Web browser (Mozilla, Internet Explorer, Opera, Konquerer, and so on)
n SSL-enabled Web server (Apache)
n SSL certificate
To initiate an SSL session, a Web browser first makes contact with a Web server on port 443, also
known as the HTTPS port (Hypertext Transport Protocol Secure). After a socket connection has
been established between the two machines, the following occurs:
1. The server sends its SSL certificate to the browser.
2. The browser verifies the identity of the server through the SSL certificate.
3. The browser generates a symmetric encryption key.
4. The browser uses the SSL certificate to encrypt the symmetric encryption key.
5. The browser sends the encrypted key to the server.
6. The server decrypts the symmetric key with its private key counterpart of the public SSL
certificate.
The browser and server can now encrypt and decrypt traffic based on a common knowledge of the
symmetric key. Secure data interchange can now occur.
Creating SSL Certificates
To create your own SSL certificate for secure HTTP data interchange, you must first have an
SSL-capable Web server. The Apache Web server (httpd package), which comes with Fedora and
other Linux systems is SSL-capable. The following procedure for creating SSL certificates is done
on a Fedora system that includes Apache from the httpd-2.2.3-5 package. This procedure may be
different for Apache on other Linux systems.
229
6
Part II
Running the Show
Once you have a server ready to go, you should familiarize yourself with the important server-side
components of an SSL certificate:
# ls -l /etc/httpd/conf
-rw-r--r-- 1 root
root
lrwxrwxrwx 1 root
root
drwx-----drwx-----drwx-----drwx-----drwx------
2
2
2
2
2
root
root
root
root
root
root
root
root
root
root
36010 Jul 14 15:45 httpd.conf
37 Aug 12 23:45 Makefile ->
../../../usr/share/ssl/certs/Makefile
4096 Aug 12 23:45 ssl.crl
4096 Aug 12 23:45 ssl.crt
4096 Jul 14 15:45 ssl.csr
4096 Aug 12 23:45 ssl.key
4096 Jul 14 15:45 ssl.prm
# ls -l /etc/httpd/conf.d/ssl.conf
-rw-r--r-- 1 root
root
11140 Jul 14 15:45 ssl.conf
The /etc/httpd/conf and /etc/httpd/conf.d directories contain all of the components
necessary to create your SSL certificate. Each component is defined as follows:
n httpd.conf — Web server configuration file.
n Makefile — Certificate building script.
n ssl.crl — Certificate revocation list directory.
n ssl.crt — SSL certificate directory.
n ssl.csr — Certificate service request directory.
n ssl.key — SSL certificate private key directory.
n ssl.prm — SSL certificate parameters.
n ssl.conf — Primary Web server SSL configuration file.
Now that you’re familiar with the basic components, take a look at the tools used to create
SSL certificates:
# cd /etc/httpd/conf
# make
This makefile allows you to create:
o public/private key pairs
o SSL certificate signing requests (CSRs)
o self-signed SSL test certificates
To
To
To
To
create
create
create
create
a
a
a
a
key pair, run “make SOMETHING.key”.
CSR, run “make SOMETHING.csr”.
test certificate, run “make SOMETHING.crt”.
key and a test certificate in one file, run “make SOMETHING.pem”.
To create a key for use with Apache, run “make genkey”.
To create a CSR for use with Apache, run “make certreq”.
230
Securing Linux
To create a test certificate for use with Apache, run “make testcert”.
Examples:
make server.key
make server.csr
make server.crt
make stunnel.pem
make genkey
make certreq
make testcert
The make command utilizes the makefile to create SSL certificates. Without any arguments the
make command simply prints the information listed in the preceding example. The following
defines each argument you can give to make:
n make server.key — Creates generic public/private key pairs.
n make server.csr — Generates a generic SSL certificate service request.
n make server.crt — Generates a generic SSL test certificate.
n make stunnel.pem — Generates a generic SSL test certificate, but puts the private key
in the same file as the SSL test certificate.
n make genkey — Same as make server.key except it places the key in the ssl.key
directory.
n make certreq — Same as make server.csr except it places the certificate service
request in the ssl.csr directory.
n make testcert — Same as make server.crt except it places the test certificate in
the ssl.crt directory.
Using Third-Party Certificate Signers
In the real world, I know who you are because I recognize your face, your voice, and your mannerisms. On the Internet, I cannot see these things and must rely on a trusted third party to vouch for
your identity. To ensure that a certificate is immutable, it has to be signed by a trusted third party
when the certificate is issued and validated every time an end user taking advantage of your secure
site loads it. The following is a list of the trusted third-party certificate signers:
n GlobalSign — https://www.globalsign.net/
n GeoTrust — https://www.geotrust.com/
n VeriSign — https://www.verisign.com/
n RapidSSL — http://www.freessl.com/
n Thawte — http://www.thawte.com/
n EnTrust — http://www.entrust.com/
n ipsCA — http://www.ipsca.com/
n COMODO Group — http://www.comodogroup.com/
231
6
Part II
Running the Show
Because of the fluid nature of the certificate business, some of these companies may not
be in business when you read this, while others may have come into existence. To get a
more current list of certificate authorities, from your Mozilla Firefox browser select Edit ➪
Preferences. From the Preferences window that appears, select Advanced ➪ Manage Certificates.
From the Certificate Manager window that appears, refer to the Authorities tab to see Certificate
Authorities from which you have received certificates.
NOTE
Each of these certificate authorities has gotten a chunk of cryptographic code embedded into
nearly every Web browser in the world. This chunk of cryptographic code allows a Web browser to
determine whether or not an SSL certificate is authentic. Without this validation, it would be easy
for crackers to generate their own certificates and dupe people into thinking they are giving sensitive information to a reputable source.
Certificates that are not validated are called self-signed certificates. If you come across a site that has
not had its identity authenticated by a trusted third party, your Web browser will display a message
similar to the one shown in Figure 6.2.
FIGURE 6.2
A pop-up window alerts you when a site is not authenticated.
This does not necessarily mean that you are encountering anything illegal, immoral, or fattening.
Many sites opt to go with self-signed certificates, not because they are trying to pull a fast one on
you, but because there may not be any reason to validate the true owner of the certificate and they
do not want to pay the cost of getting a certificate validated. Some reasons for using a self-signed
certificate include:
n The Web site accepts no input. In this case, you as the end user, have nothing to worry
about. There is no one trying to steal your information because you aren’t giving out any
information. Most of the time, this is done simply to secure the Web transmission from
the server to you. The data in and of itself may not be sensitive, but, being a good netizen, the site has enabled you to secure the transmission to keep third parties from sniffing
the traffic.
232
Securing Linux
n The Web site caters to a small clientele. If you run a Web site that has a very limited
set of customers, such as an Application Service Provider, you can simply inform your
users that you have no certificate signer. They can browse the certificate information and
validate it with you over the phone or in person.
n Testing. It makes no sense to pay for an SSL certificate if you are testing only a new Web
site or Web-based application. Use a self-signed certificate until you are ready to go live.
Creating a Certificate Service Request
To create a third-party validated SSL certificate from a Fedora Linux system, you must first start
with a Certificate Service Request (CSR). To create a CSR, do the following on your Web server:
# cd /etc/httpd/conf
# make certreq
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key
.
.
.
You will now be asked to enter a password to secure your private key. This password should be at
least eight characters long, and should not be a dictionary word or contain numbers or punctuation. The characters you type will not appear on the screen, to prevent someone from shoulder
surfing your password.
Enter pass phrase:
Enter the password again to verify.
Verifying - Enter pass phrase:
The certificate generation process now begins.
At this point, it is time to start adding some identifying information to the certificate that the thirdparty source will later validate. Before you can do this, you must unlock the private key you just created. Do so by typing the password you typed for your pass phrase. Then enter information as you
are prompted. An example of a session for adding information for your certificate is shown here:
Enter pass phrase for /etc/httpd/conf/ssl.key/server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called
a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
----Country Name (2 letter code) [GB]:US
233
6
Part II
Running the Show
State or Province Name (full name) [Berkshire]: Connecticut
Locality Name (eg, city) [Newbury]: Mystic
Organization Name (eg, company) [My Company Ltd]:Acme Marina, Inc.
Organizational Unit Name (eg, section) []:InfoTech
Common Name (eg, your name or your server’s hostname) []:www.acmemarina.com
Email Address []: [email protected]
To complete the process, you will be asked if you want to add any extra attributes to your certificate. Unless you have a reason to provide more information, you should simply press Enter at each
of the following prompts to leave them blank.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Signing CSR Signed
Once your CSR has been created, you need to send it to a signing authority for validation. The first
step in this process is to select a signing authority. Each signing authority has different deals,
prices, and products. Check out each of the signing authorities listed in the “Using Third-Party
Certificate Signers” section earlier in this chapter to determine which works best for you. The
following are areas where signing authorities differ:
n Credibility and stability
n Pricing
n Browser recognition
n Warranties
n Support
n Certificate strength
After you have selected your certificate signer, you have to go through some validation steps. Each
signer has a different method of validating identity and certificate information. Some require that
you fax articles of incorporation, while others require a company officer be made available to talk
to a validation operator. At some point in the process you will be asked to copy and paste the
contents of the CSR you created into the signer’s Web form.
# cd /etc/httpd/conf/ssl.csr
# cat server.csr
-----BEGIN CERTIFICATE REQUEST----MIIB6jCCAVMCAQAwgakxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtDb25uZWN0aWN1
dDEPMA0GA1UEBxMGTXlzdGljMRowGAYDVQQKExFBY21lIE1hcmluYSwgSW5jLjER
MA8GA1UECxMISW5mb1RlY2gxGzAZBgNVBAMTEnd3dy5hY21lbWFyaW5hLmNvbTEn
MCUGCSqGSIb3DQEJARYYd2VibWFzdGVyQGFjbWVtYXJpbmEuY29tMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDcYH4pjMxKMldyXRmcoz8uBVOvwlNZHyRWw8ZG
u2eCbvgi6w4wXuHwaDuxbuDBmw//Y9DMI2MXg4wDq4xmPi35EsO1Ofw4ytZJn1yW
234
Securing Linux
aU6cJVQro46OnXyaqXZOPiRCxUSnGRU+0nsqKGjf7LPpXv29S3QvMIBTYWzCkNnc
gWBwwwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEANv6eJOaJZGzopNR5h2YkR9Wg
l8oBl3mgoPH60Sccw3pWsoW4qbOWq7on8dS/++QOCZWZI1gefgaSQMInKZ1II7Fs
YIwYBgpoPTMC4bp0ZZtURCyQWrKIDXQBXw7BlU/3A25nvkRY7vgNL9Nq+7681EJ8
W9AJ3PX4vb2+ynttcBI=
-----END CERTIFICATE REQUEST-----
You can use your mouse to copy and paste the CSR into the signer’s Web form.
After you have completed the information validation, paid for the signing, and answered all of the
questions, you have completed most of the process. Within 48 to 72 hours you should receive an
e-mail with your shiny new SSL certificate in it. The certificate will look similar to the following:
-----BEGIN CERTIFICATE----MIIEFjCCA3+gAwIBAgIQMI262Zd6njZgN97tJAVFODANBgkqhkiG9w0BAQQFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluXy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gZ2xhc3MgMzFJMEcG10rY2g0Dd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ51FJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
MzAxMTUwMDAwMDBaFw0wNDAxMTUyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKV2FzaG1uZ3RvHiThErE371UEBxQLRmVkZXJhbCBXYXkxGzAZBgNVBAoU
EklETSBTZXJ2aWMlcywgSW5jLjEMMAoGA1UECxQDd3d3MTMwMQYDVQQLFCpUZXJt
cyBvZiB1c2UgYXQgd3d3LnZlcmlzawduLmNvbS9ycGEgKGMpMDAxFDASBgNVBAMU
C2lkbXNlcnYuY29tMIGfMA0GCSqGS1b3DQEBAQUAA4GNADCBiQKBgQDaHSk+uzOf
7jjDFEnqT8UBa1L3yFILXFjhj3XpMXLGWzLmkDmdJjXsa4x7AhEpr1ubuVNhJVI0
FnLDopsx4pyr4n+P8FyS4M5grbcQzy2YnkM2jyqVF/7yOW2pDl30t4eacYYaz4Qg
q9pTxhUzjEG4twvKCAFWfuhEoGu1CMV2qQ1DAQABo4IBJTCCASEwCQYDVR0TBAIw
ADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCOwKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVRRPBAQDAgWgMCgGA1UdJQQhMB8G
CWCGSAGG+EIEM00c0wIYBQUHAwEGCCsGAQUFBwmCMDQGCCsGAQUFBwEBBCgwJjAk
BggrBgEFBQcwAYYYaHR0cDovL29jc2AudmVyaXNpZ24uY29tMEYGA1UdHwQ/MD0w
O6A5oDeGNWh0dHA6Ly9jcmwudmVyaxNpZ24uY29tL0NsYXNzM0ludGVybmF0aW9u
YWxTZXJ2ZXIuY3JsMBkGCmCGSAgG+E+f4Nfc3zYJODA5NzMwMTEyMA0GCSqGSIb3
DQEBBAUAA4GBAJ/PsVttmlDkQai5nLeudLceb1F4isXP17B68wXLkIeRu4Novu13
8lLZXnaR+acHeStR01b3rQPjgv2y1mwjkPmC1WjoeYfdxH7+Mbg/6fomnK9auWAT
WF0iFW/+a8OWRYQJLMA2VQOVhX4znjpGcVNY9AQSHm1UiESJy7vtd1iX
-----END CERTIFICATE-----
Copy and paste this certificate into an empty file called server.crt, which must reside in the
/etc/httpd/conf/ssl.crt directory, and restart your Web server:
# service httpd restart
Assuming your Web site was previously working fine, you can now view it in a secure fashion by
placing an “s” after the http in the Web address. So if you previously viewed your Web site at
http://www.acmemarina.com, you can now view it in a secure fashion by going to
https://www.acmemarina.com.
235
6
Part II
Running the Show
Creating Self-Signed Certificates
Generating and running a self-signed SSL certificate is much easier than having a signed certificate.
To generate a self-signed SSL certificate on a Fedora system, do the following:
1. Remove the key and certificate that currently exist:
# cd /etc/httpd/conf
# rm ssl.key/server.key ssl.crt/server.crt
2. Create your own server key:
# make genkey
3. Create the self-signed certificate by typing the following:
# make testcert
umask 77 ; \
/usr/bin/openssl req -new -key
/etc/httpd/conf/ssl.key/server.key
-x509 -days 365 -out
/etc/httpd/conf/ssl.key/server.crt
.
.
.
At this point, it is time to start adding some identifying information to the certificate. Before you
can do this, you must unlock the private key you just created. Do so by typing the password you
typed earlier. Then follow this sample procedure:
You are about to be asked to enter information that will be
incorporated into your certificate request.
What you are about to enter is what is called
a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
----Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]: Ohio
Locality Name (eg, city) [Newbury]: Cincinnati
Organization Name (eg, company) [My Company Ltd]:Industrial Press, Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname)
[]:www.industrialpressinc.com
Email Address []: [email protected]
The generation process in this example places all files in the proper place. All you need to do is
restart your Web server and add https instead of http in front of your URL. Don’t forget that
you’ll get a certificate validation message from your Web browser, which you can safely ignore.
236
Securing Linux
Restarting Your Web Server
By now you’ve probably noticed that your Web server requires you to enter your certificate
password every time it is started. This is to prevent someone from breaking into your server and
stealing your private key. Should this happen, you are safe in the knowledge that the private key
is a jumbled mess. The cracker will not be able to make use of it. Without such protection, a
cracker could get your private key and easily masquerade as you, appearing to be legitimate in
all cases.
If you just cannot stand having to enter a password every time your Web server starts, and are
willing to accept the increased risk, you can remove the password encryption on your private key.
Simply do the following:
# cd /etc/httpd/conf/ssl.key
# /usr/bin/openssl rsa -in server.key -out
server.key
Troubleshooting Your Certificates
The following tips should help if you are having problems with your SSL certificate:
n Only one SSL certificate per IP address is allowed. If you want to add more than one
SSL-enabled Web site to your server, you must bind another IP address to the network
interface.
n Make sure the permission mask on the /etc/httpd/conf/ssl.* directories and
their contents is 700 (rwx------).
n Make sure you aren’t blocking port 443 on your Web server. All https requests come in
on port 443. If you are blocking it, you will not be able to get secure pages.
n The certificate lasts for one year only. When that year is up, you have to renew your certificate with your certificate authority. Each certificate authority has a different procedure
for doing this; check the authority’s Web site for more details.
n Make sure you have the mod_ssl package installed. If it is not installed, you will not be
able to serve any SSL-enabled traffic.
Using Security Tools Linux Live CDs
If you suspect your computers or networks have been exploited, a wide range of security tools is
available for Linux that you can use to scan for viruses, do forensics, or monitor activities of
intruders. The best way to learn about and use many of these tools is by using dedicated, bootable
Linux distributions built specifically for security.
237
6
Part II
Running the Show
Advantages of Security Live CDs
One great advantage of using live CDs or DVDs to check the security of a system is that it separates
the tools you use to check a system from the system itself. In other words, because the tools for finding problems on an installed system may themselves be compromised, a live CD of trusted software
can be a good way to insure that you are testing a potentially infected system with clean tools.
If despite your best efforts (good passwords, firewalls, checking log files, etc.) you believe an
intruder may have gained control of your system, you can use a live CD to check it out. Security
live CDs such as System Rescue CD, INSERT, and BackTrack (all included on this book’s CD or
DVD) are great tools for checking and fixing your system.
Using INSERT to check for rootkits
If an intruder gains access to your Linux system, to try to take over control of that system (and use
it for more than just a hit-and-run), the intruder might install what is called a rootkit. A rootkit is a
set of software that the intruder will use to:
n Carry out his intent (such as hosting false Web content from your server)
n Hide his activities from your view
Rootkits can employ different methods for hiding what they do. Often a rootkit will replace
common system commands with its own version of those commands. So, for example, replacing
ls and ps could be modified to not list the content added to your machine or not show certain
processes running on your system, respectively.
The chkrootkit command is a good tool for checking for well-known rootkits, as well as for
generally checking system files to see if they have been infected. This tool will check for infections
in disk checking tools (such as du, find, and ls), process table tools (ps and pstree),
login-related commands (login, rlogin, slogin) and many other tools. Here’s how to run
chkrootkit from INSERT:
1. Insert the CD that comes with this book into the CD drive and reboot.
2. From the boot prompt, type insert and press Enter. INSERT should boot to a desktop.
3. To be able to check the Linux system installed on your hard disk, you need to mount the
partition representing your installed Linux system. Using the mount.app applet (displayed in the lower-right corner of the screen), click the arrows on that applet to click
through the available storage media. If Linux was installed on the first partition of the
first hard disk, select hda1. Then click the mount button to mount that partition.
4. Open a Terminal window by right-clicking the desktop and selecting Terminal Session ➪
Aterm - super user. A Terminal window opens.
5. Run the chkrootkit command and save the output to a file. For example, run the following command to check the file system mounted on /mnt/hda1 and send the output to
a file name chkroot-output.txt:
# chkrootkit -r /mnt/hda1 > /tmp/chkroot-output.txt
238
Securing Linux
6. When the command completes, page through the output. For example:
# less /tmp/chkroot-output.txt
ROOTDIR is ‘/mnt/hda1/’
Checking ‘amd’ ... not found
Checking ‘basename’ ... not infected
.
.
.
7. Press the space bar to page through the output. The output should reveal the following:
n If a rootkit has been planted on your system, some commands will likely come up as
infected.
n If any files or directories implanted by commonly-known rootkits are detected, those
will be noted. The command checks for more than 60 known rootkits.
n If any suspicious-looking files appear, they will be listed so you can check them
(although they might not represent the presence of a rootkit).
If the search turns up a rootkit, chances are that someone else has control of your machine. Often
the best course of action is to reinstall the system. You may be able to just replace those commands
that have been infected, but it you do you first want to make sure that make sure that multiple
backdoors have not already been placed on your system.
Summary
Securing your Linux system is something you need to do from the very beginning and continue as
you use your Linux system. By implementing good security practices (such as practices described
in the security checklist at the beginning of this chapter), you stand a better chance of keeping out
intruders over the long haul.
Going forward, you can help keep your Linux system secure by using encrypted network applications (such as ssh), monitoring log files, and adhering to good password techniques. If your Linux
system is being used as a server, you need to take particular care in narrowing the access to the
server and protecting data. To that end, you can use such tools as TCP wrappers (to limit who can
use your server) and certificates (to ensure that both ends of communications with your Web
server are authenticated).
239
6
Choosing and
Installing a Linux
Distribution
IN THIS PART
Chapter 7
Installing Linux
Chapter 8
Running Fedora Core and Red Hat
Enterprise Linux
Chapter 9
Running Debian GNU/Linux
Chapter 10
Running SUSE Linux
Chapter 11
Running KNOPPIX
Chapter 12
Running Yellow Dog Linux
Chapter 13
Running Gentoo Linux
Chapter 14
Running Slackware Linux
Chapter 15
Running Linspire and Freespire
Chapter 16
Running Mandriva
Chapter 17
Running Ubuntu Linux
Chapter 18
Running a Linux Firewall/Router
Chapter 19
Running Bootable Linux
Distributions
Installing Linux
I
f someone hasn’t already installed and configured a Linux system for
you, this chapter is going to help you get started so you can try out the
Linux features described in the rest of the book. With recent improvements to Linux live CDs and installers, getting your hands on a working
Linux system is quicker and more solid than ever before.
Choosing a Linux distribution
If you are a first-time Linux user, I recommend that you:
Understanding installation issues
n Try a bootable Linux — This book’s CD and DVD include several
bootable Linux systems. The advantage of a bootable Linux is that
you can try out Linux without touching the contents of your computer’s hard drive. In particular, KNOPPIX is a full-featured Linux
system that can give you a good feel for how Linux works. Using
the DVD or CD, you can try out several different live CDs, as
described in Appendix A. Some of these live CDs also include features for installing Linux to your hard disk. Although live CDs tend
to run slower than installed systems and don’t keep your changes
once you reboot, they are good tools for starting out with Linux.
n Install a desktop Linux system — Choose one of the Linux distributions and install it on your computer’s hard disk. Permanently
installing Linux to your hard disk gives you more flexibility for
adding and removing software, accessing and saving data to hard
disk, and more permanently customizing your system. Installing
Linux as a desktop system lets you try out some useful applications
and get the feel for Linux before dealing with more complex server
issues.
This chapter provides you with an overview of how to choose a Linux distribution, and then describes issues and topics that are common to installing
243
IN THIS CHAPTER
Getting a Linux distribution
Part III
Choosing and Installing a Linux Distribution
most Linux distributions. Appendix A describes which Linux distributions are included on this
book’s DVD and CD and how to run them live or use them to install Linux permanently. Each of
the other chapters in this part of the book is dedicated to understanding and installing a particular
Linux distribution.
After you’ve installed Linux, you’ll want to understand how to get and manage software for your
Linux system. These are important topics that are covered throughout the book, but this chapter
describes the major packaging formats and tools to get you going.
Choosing a Linux Distribution
Dozens of popular Linux distributions are available today. Some are generalized distributions that
you can use as a desktop, server, or workstation system; others are specialized for business or computer enthusiasts. One intention of this book is to help you choose which one (or ones) will suit
you best.
Using the DVD that comes with this book, you can boot directly to KNOPPIX (or several other live
CDs to try out Linux) or run an installer (to install Fedora Core, Ubuntu, Gentoo, or Slackware on
your computer’s hard disk). Because the Fedora Core 6 distribution included with the book is the
complete FC6 distribution, you can install a full range of desktop interfaces and applications, programming tools, and server features. So after you’ve tried out KNOPPIX and are ready to install
Linux on your hard disk, I recommend you try Fedora.
Using the CD that comes with this book, you can boot directly to Damn Small Linux (or several
other smaller bootable Linux distros), Debian or SUSE (to do a network install of those distributions to your hard disk). Debian and Damn Small Linux are two distributions that can be set up to
work well on computers that are older and less powerful, or have a CD drive but no DVD drive.
For Debian, this book also provides descriptions for setting up Debian as a mail and Web server
(see Chapters 24 and 25).
Linux at Work
Because I know a lot of people who use Linux, both informally and at work, I want to share my
general impressions of how different Linux distributions are being used in the United States. Most
consultants I know who set up small office servers used to use Red Hat Linux, but now have
mostly moved to Fedora Core, CentOS (built from Red Hat Enterprise Linux software), Ubuntu, or
Debian GNU/Linux. Mandriva Linux (formerly Mandrakelinux) has been popular with people
wanting a friendly Linux desktop, but Fedora is also well-liked. The more technically inclined like
to play with Gentoo (highly tunable) or Slackware (Linux in a more basic form).
The agreement between Novell and Microsoft at the end of 2006 has prompted some open source
proponents to abandon SUSE. Whether this will result in a migration from SUSE in the enterprise
space, however, has yet to play out. However, right now, Red Hat Enterprise Linux offers the best
choice in the enterprise for those who object to the alliance.
244
Installing Linux
For people transitioning to Linux with Macintosh hardware, Yellow Dog Linux lets you install on a
PowerPC and learn skills that are useful to expand later to Red Hat systems (Yellow Dog was originally based on Red Hat Linux). As for the bootable Linuxes, everyone I know thinks they are great
fun to try out and a good way to learn about Linux. For a bootable Linux containing desktop software that fits on a full CD (or DVD), KNOPPIX is a good choice; for a bootable mini-CD size
Linux, Damn Small Linux works well. However, you can also try out these live CDs from the
media that comes with this book: INSERT, Puppy Linux, SLAX Popcorn, System Rescue CD, or
BackTrack.
This book exposes you to several different Linux distributions. It gives you the advantage of being
able to see the strengths and weaknesses of each distribution by actually putting your hands on it.
You can also try to connect in to the growing Linux user communities because strong community
support results in a more solid software distribution and help when you need it (from such things
as forums and online chats).
Other Distributions
There seems to be a new Linux distribution every five minutes and I really have to stop writing this
book at some point. To keep the descriptions of Linux distributions to a reasonable size (and actually have the space to describe how to use Linux), several interesting Linux distributions aren’t
explored in this book.
Notable Linux distributions not included in this book are TurboLinux, Lycoris, Xandros, and
CentOS. TurboLinux (www.turbolinux.com) is a popular distribution in Asia Pacific countries.
Lycoris (originally based on OpenLinux) and Xandros (designed to operate well in Microsoft
Windows environments) are both well-regarded desktop Linux systems (see www.lycoris.com
and www.xandros.com, respectively). Two years ago, Lycoris was acquired by Mandriva and that
company has recently stopped offering it as a separate product.
CentOS has become very popular among consultants who used to use Red Hat Linux. CentOS is a
rebuild of the Red Hat Enterprise Linux source code. So, people use it for servers that require
longer update cycles than you would get with Fedora. However, because CentOS and Red Hat
Enterprise Linux are built from technology developed for Fedora Core, you can learn a lot about
how to use those two distributions by using Fedora Core. The following sections explain how to
look beyond the confines of this book for those and other Linux distributions.
Getting Your Own Linux Distribution
By packaging a handful of Linux distributions with this book, I hoped to save you the trouble of
getting Linux yourself. If you have a DVD drive, perhaps you can use this opportunity to at least
try KNOPPIX, so you’ll better understand what’s being discussed. If you have a CD drive only, at
least boot directly to Damn Small Linux from the CD that comes with this book.
245
7
Part III
Choosing and Installing a Linux Distribution
If for some reason you can’t use the software on the CD or DVD, you may want to get your own
Linux distributions to use with the descriptions in this book. Reasons you might want to get your
own Linux distributions include:
n No DVD drive — You need a bootable DVD drive on your computer to use the Linux
distributions on the DVD that comes with this book.
n Later distributions — You may want a more recent version of a particular distribution
than comes with this book.
n Complete distributions — Because there’s limited space on the CD and DVD and
because some distributions require subscriptions or other fees, you may want to obtain
your own, more complete distribution with which to work.
Today, there is no shortage of ways to get Linux.
Finding Another Linux Distribution
You can go to the Web site of each distribution (such as http://fedoraproject.org or
http://slackware.com/getslack) to get Linux software. Those sites often let you download a complete copy of their distributions and give you the opportunity to purchase a boxed set.
However, one way to get a more complete view of available Linux distributions is to go to a Web
site dedicated to spreading information about Linux distributions. Use these sites to connect to
forums and download documentation about many Linux distributions. Here are some examples:
n DistroWatch (www.distrowatch.com) — The first place I go to find Linux distributions is DistroWatch.com. Go to the Major Distributions link to read about the top Linux
distributions (most of which are included with this book). Links will take you to download sites, forums, home pages, and other sites related to each distribution.
n Linux Help (www.linuxhelp.net) — Select the ISO images link from this site’s home
page and you can find download links to ISO images for many of the most popular Linux
distributions.
If you don’t want to download and burn the CDs yourself, there are plenty of links on those sites
from places willing to sell you Linux CDs or DVDs. Distribution prices are often only a little bit
higher than the cost of the media and shipping. If you really like a particular Linux distribution, it’s
a good idea to purchase it directly from the organization that makes it. That can ensure the health
of the distribution into the future.
Books such as Fedora and Red Hat Enterprise Linux Bible from Wiley Publishing can also be a good
way to get a Linux distribution. Finding up-to-date documentation can be difficult when you have
nothing but a CD to start out with. Standard Linux documentation (such as HOWTOs and man
pages) is often out of date with the software. So, I would particularly recommend a book and distribution (such as this one or Fedora and Red Hat Enterprise Linux Bible) for first-time Linux users.
246
Installing Linux
Understanding What You Need
By far, the most common way of getting Linux is on CDs, with DVD being an alternative that’s
increasing in popularity. Another way is to start with a floppy or CD that includes an installation
boot image and get the parts of Linux you need live from the network as you install Linux.
The images that are burned onto the CDs are typically stored on the Internet in what are called
software repositories. You can download the images and burn them to CDs yourself. Alternatively,
the software packages are usually also included separately in directories. Those separate software
directories enable you to start an install process with a minimal boot disc that can grab packages
over the network during the installation process. (Some of the installations I recommend with this
book are done that way.)
When you follow links to Linux software repositories, here’s what you look for:
n Download directory — You often have to step down a few directories from the download link that gets you to a repository. Look for subdirectories that describe the distribution, architecture, release, and medium format. For example, mirrors for the Fedora Core
6 Linux distribution might be named fedora/linux/core/6/i386/iso. Other
Linux distributions, such as Gentoo and Debian, have tools that will search out online
repositories for you, so you don’t have to find a mirror directory on your own.
n ISO images — The software images you are going to burn to CD are typically stored in
ISO format. Some repositories include a README file to tell you what images you need
(others just assume you know). To install a distribution, you want the set of ISOs containing the Linux distribution’s binary files. For example, the set of five Fedora Core 6
installation images for i386 platforms starts with FC-6-i386-disc1.iso (with the others
named disc2, disc3, and disc4).
Although an ISO image appears as one file, it’s actually like a snapshot of a file system.
You can mount that image to see all the files the image contains by using the loop feature of the mount command. For example, with an image called abc.iso in the current directory,
create an empty directory (mkdir myiso) and, as root, run the mount command: mount -o loop
abc.iso myiso. Change to the myiso directory and you can view the files and directories the ISO
image contains. When you are done viewing the contents, leave the directory and unmount the ISO
image (cd .. ; umount myiso).
NOTE
n MD5SUM — To verify that you got the right CDs completely intact, after you download
them look for a file named MD5SUM or ending in .md5 in the ISO directory. The file
contains one or more MD5 (128-bit) checksums, representing the ISO files you want to
check. Other distributions publish SHA1 checksums, which does 160-bit checksums.
You can use that file to verify the content of each CD (as described later).
Downloading the Distribution
You can download each ISO image by simply clicking the link and downloading it to a directory in
your computer when prompted. You can do this on a Windows or Linux system.
247
7
Part III
Choosing and Installing a Linux Distribution
If you know the location of the image you want, with a running Linux system, the wget command
is a better way to download than just clicking a link in your browser. The advantage of using wget
is that you can restart a download that stops in the middle for some reason. A wget command to
download a KNOPPIX CD image (starting from the directory you want to download to) might look
like this:
$ wget -c kernel.org/pub/dist/knoppix/KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
If the download stops before it is completed, run the command again. The -c option tells wget to
begin where the download left off, so that if you are 690MB into a 696MB download when it
stopped, it just adds in the last 6MB.
A more “good citizen” approach to downloading your ISO images is to use a facility called
BitTorrent (http://bittorrent.com). BitTorrent enables you to download a file to your computer by grabbing bits of that file from multiple computers on the network that are downloading
the file at the same time. For the privilege, you also use your upload capacity to share the same file
with others as you are downloading.
During times of heavy demand with a new Linux distribution, BitTorrent can be the best way to go.
Recent news articles have portrayed BitTorrent as a tool for illegal activities, such as downloading
copyrighted materials (movies, music, and so on). Because most Linux distributions contain only
software covered under various open source licenses, there is no legal problem with using
BitTorrent to distribute Linux distributions. Check out www.linuxtracker.org for a list of
Linux distributions that can be downloaded with BitTorrent.
If you are on a dial-up modem, you should strongly consider purchasing Linux CDs (or getting
them from a friend) if you don’t find what you want on the CD or DVD with this book. You might
be able to download an entire 700MB CD in a couple hours on a fast DSL or cable modem connection. On a dial-up line, you might be talking a whole day or more per CD. For a large, multi-CD
distribution, available disk space can also become a problem (although, with today’s large hard
disks, it’s not as much of a problem as it used to be).
Burning the Distribution to CD
With the CD images copied to your computer, you can proceed to verify their contents and burn
them to CD. All you really need is a CD burner on your computer.
With Linux running, you can use the md5sum or sha1sum commands to verify each CD.
NOTE
248
If you are using Windows to validate the contents of the Linux CD, you can get the
MD5Summer utility (www.md5summer.org) to verify each CD image.
Installing Linux
Assuming you downloaded the MD5 file associated with each CD image and have it in the same
directory as your CD images, run the md5sum command to verify the image. For example, to verify the KNOPPIX CD shown previously in the wget example, you can type the following:
$ md5sum KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
653acc801d4059598bd388de8171a20d KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
The MD5SUM file I downloaded previously from the download directory was called
KNOPPIX_V5.0.1CD-2006-06-01-EN.iso.md5. It contained this content:
653acc801d4059598bd388de8171a20d
*KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
As you can see, the checksum (first string of characters shown) that is output from the ISO image
matches the checksum in the MD5 file, so you know that the image you downloaded is the image
they put on the server. If the project uses sha1sum to verify its ISO images, you can test your
downloaded images with the sha1sum command, as follows:
$ sha1sum FC-6-i386-DVD.iso
6722f95b97e5118fa26bafa5b9f622cc7d49530c FC-6-i386-DVD.iso
Once you have verified the sha1sum or md5sum of the CD or DVD, as long as you got the image
from a reliable site, you should be ready to burn the CD or DVD.
With your Linux distribution in hand (either the book’s DVD or CD, or the set of CDs you got elsewhere), use commands such as cdrecord or k3b to burn your CD or DVD images to disk.
Instructions for installing the distributions from the CD or DVD can be found in individual chapters devoted to each distribution (Chapters 8–19). Before you proceed, however, some information
is useful for nearly every Linux system you are installing.
Exploring Common Installation Topics
Before you begin installing your Linux distribution of choice, there is some general Linux information you should understand. Reading over this information might help you avoid problems or keep
you from getting stuck when you install Linux.
Knowing Your Computer Hardware
Every Linux will not run on every computer. When installing Linux, most people use a Pentiumclass PC. There are Linux systems that are compiled to run on other hardware, such as Mac
PowerPCs or AMD 64-bit computers. However, the distributions provided with this book run only
on 32-bit Pentium-class PCs. Note that because new Mac computers are built from standard Intel
components, it’s possible to install Linux on those computers as well (see the “Installing on Intel
Macs” sidebar).
249
7
Part III
Choosing and Installing a Linux Distribution
Installing Linux on Intel Macs
B
ecause of the popularity of MacBook and Mac mini computers, which are based on Intel
architecture, several Linux projects have produced procedures for installing their systems to
dual-boot with Mac OSX. Most of these procedures involve using the Apple BootCamp software
(www.apple.com/macosx/bootcamp).
To install the Fedora Linux that comes with this book, refer to the Fedora on Mactel page
(http://fedoraproject.org/wiki/FedoraOnMactel). For Ubuntu, refer to the Ubuntu
MacBook page (https://htlp.ubuntu.com/community/MacBook).
Minimum hardware requirements from the Fedora Project are pretty good guidelines for most
Linux systems:
n Processor — The latest version of Fedora Core recommends that you at least have a
Pentium-class processor. For a text-only installation, a 200 MHz Pentium is the minimum, while a 400 MHz Pentium II is the minimum for a GUI installation.
If you have a 486 machine (at least 100 MHz), consider trying Damn Small Linux
or Slackware. The problem is that many machines that old have only floppy disks,
so you can’t use the CD or DVD that comes with this book. In that case, you can try ZipSlack
(www.slackware.com/zipslack), which is a Slackware version that comes on about 30+ floppy
disk images or a 100MB zip disk and can run on a 486 with at least 100MB of disk space.
NOTE
n RAM — You should have at least 64MB of RAM to install most Linux distributions and
run it in text mode. Slackware might run on 8MB of RAM, but 16MB is considered the
minimum. If you are running in graphical mode, you will probably need at least 192MB.
The recommended RAM for graphical mode in Fedora is 256MB. A GNOME environment generally requires a bit less memory to run than a KDE environment. If you are
using a more streamlined graphical system (that runs X with a small window manager,
such as Blackbox), you might get by with as little as 32MB. In that case, you might try
Damn Small Linux or Slackware.
n DVD or CD drive — You need to be able to boot up the installation process from a DVD or
CD. If you can’t boot from a DVD or CD, there are ways to start the installation from a hard
disk or using a PXE install. Some distributions, such as Slackware or SUSE let you use
floppy disks to boot installation. Once the install is booted, the software can sometimes be
retrieved from different locations (over the network or from hard disk, for example).
n Network card — If you are doing an install of one of the distributions for which we provide a scaled-down boot disk, you might need to have an Ethernet card installed to get
the software you need over the network. A dial-up connection won’t work for network
installs. You don’t have to be connected to the Internet necessarily to do a network install.
Some people will download the necessary software packages to a computer on their LAN,
and then use that as an install server.
250
Installing Linux
If you’re not sure about your computer hardware, there are a few ways to check what you have. If
you are running Windows, the System Properties window can show you the processor you have, as
well as the amount of RAM that’s installed. As an alternative, you can boot KNOPPIX and let it
detect and report to you the hardware you have. (Run lspci, lsmod, and dmseg commands in
Linux to view information about your computer hardware.)
Upgrading or Installing from Scratch
If you already have a version of the Linux you are installing on your computer, many Linux distributions offer an upgrade option. This lets you upgrade all packages, for example, from version 1 of
the distribution to version 2. Here are a few general rules before performing an upgrade:
n Back up data — There is a possibility that after you finish your upgrade, the operating
system won’t boot. It’s always a good idea to back up any critical data and configuration
files (in /etc) before doing any major changes to your operating system.
n Remove extra packages — If there are software packages you don’t need, remove them
before you do an upgrade. Upgrade processes typically upgrade only those packages that
are on your system. Upgrades generally do more checking and comparing than clean
installs do, so any package you can remove saves time during the upgrade process.
n Check configuration files — A Linux upgrade procedure often leaves copies of old configuration files. You should check that the new configuration files still work for you.
Installing Linux from scratch goes faster than an upgrade. It also results in a cleaner
Linux system. So if you have the choice of backing up your data or just erasing it if you
don’t need it, a fresh install is usually best.
TIP
Some Linux distributions, most notably Gentoo, have taken the approach of ongoing updates.
Instead of taking a new release every few months, you simply continuously grab updated packages
as they become available and install them on your system.
Dual Booting with Windows or Just Linux?
It is possible to have multiple, bootable operating systems on the same computer (using multiple
partitions on a hard disk and/or multiple hard disks). Setting up to boot more than one operating
system, however, requires some thought. It also assumes some risks.
While tools for resizing Windows partitions and setting up multi-boot systems have
improved in recent years, there is still considerable risk of losing data on
Windows/Linux dual-boot systems. Different operating systems often have different views of partition
tables and master boot records that can cause your machine to become unbootable (at least temporarily) or lose data permanently. Always back up your data before you try to resize a Windows
(NTFS or FAT) file system to make space for Linux. If you have a choice, install Linux on a machine of
its own or at least on a separate hard disk.
CAUTION
251
7
Part III
Choosing and Installing a Linux Distribution
If the computer you are using already has a Windows system on it, it’s quite possible that that the
entire hard disk is devoted to Windows. While you can run a bootable Linux, such as KNOPPIX or
Damn Small Linux, without touching the hard disk, to do a more permanent installation you’ll
want to find disk space outside of the Windows installation. There are a few ways to do this:
n Add a hard disk — Instead of messing with your Windows partition, you can simply add
a hard disk and devote it to Linux.
n Resize your Windows partition — If you have available space on your Windows partition, you can shrink that partition so there is available free space on the disk to devote
to Linux. Commercial tools such as Partition Magic (www.powerquest.com/
partitionmagic) or Acronis Disk Director (www.acronis.com) are available to
resize your disk partitions and set up a workable boot manager. Some Linux distributions
(particularly bootable Linuxes used as rescue CDs) include a tool called QTParted that is
an open source clone of Partition Magic (which includes software from the Linux-NTFS
project for resizing Windows NTFS partitions).
Before you try to resize your Windows partition, you might need to defragment it. To defragment
your disk on some Windows systems, so that all of your used space is put in order on the disk,
open My Computer, right-click your hard disk icon (typically C:), select Properties, click Tools,
and select Defragment Now.
Defragmenting your disk can be a fairly long process. The result of defragmentation is that all the
data on your disk are contiguous, creating a lot of contiguous free space at the end of the partition.
There are cases where you will have to do the following special tasks to make this true:
n If the Windows swap file is not moved during defragmentation, you must remove it.
Then, after you defragment your disk again and resize it, you will need to restore the
swap file. To remove the swap file, open the Control Panel, open the System icon, and
then click the Performance tab and select Virtual Memory. To disable the swap file, click
Disable Virtual Memory.
n If your DOS partition has hidden files that are on the space you are trying to free up, you
need to find them. In some cases, you won’t be able to delete them. In other cases, such
as swap files created by a program, you can safely delete those files. This is a bit tricky
because some files should not be deleted, such as DOS system files. You can use the
attrib -s -h command from the root directory to deal with hidden files.
Once your disk is defragmented, you can use commercial tools described earlier (Partition Magic
or Acronis Disk Director) to repartition your hard disk to make space for Linux. An open source
alternative to those tools is QTParted.
Boot KNOPPIX or any of several other bootable Linux distributions (particularly rescue CDs) and
run QTParted by selecting System Tools ➪ QTParted from the desktop main menu. From the
QTParted window, select the hard disk you want to resize. Then choose Options ➪ Configuration
to open a window where you can select the ntfsresize tool to resize your NTFS partition.
252
Installing Linux
After you have cleared enough disk space to install Linux (see the disk space requirements in the
chapter covering the Linux distribution you’re installing), you can choose your Linux distribution
and install it. As you set up your boot loader during installation, you will be able to identify the
Windows, Linux, and any other bootable partitions so that you can select which one to boot when
your start your computer.
Using Installation Boot Options
Sometimes a Linux installation will fail because the computer has some non-functioning or nonsupported hardware. Sometimes you can get around those issues by passing options to the install
process when it boots up. Those options can do such things as disable selected hardware (nousb,
noscsi, noide, and so on) or not probe hardware when you need to select your own driver
(noprobe).
Although some of these options are distribution-specific, others are simply options that can be
passed to an installer environment that works from a Linux kernel. Chapter 11 includes a list of
many boot options that can be used with KNOPPIX and other Linux systems.
Partitioning Hard Drives
The hard disk (or disks) on your computer provides the permanent storage area for your data files,
applications programs, and the operating system itself. Partitioning is the act of dividing a disk into
logical areas that can be worked with separately. In Windows, you typically have one partition that
consumes the whole hard disk. However, with Linux there are several reasons you may want to
have multiple partitions:
n Multiple operating systems — If you install Linux on a PC that already has a Windows
operating system, you may want to keep both operating systems on the computer. For all
practical purposes, each operating system must exist on a completely separate partition.
When your computer boots, you can choose which system to run.
n Multiple partitions within an operating system — To protect from having your entire
operating system run out of disk space, people often assign separate partitions to different
areas of the Linux file system. For example, if /home and /var were assigned to separate
partitions, then a gluttonous user who fills up the /home partition wouldn’t prevent logging daemons from continuing to write to log files in the /var/log directory.
Multiple partitions also make it easier to do certain kinds of backups (such as an image
backup). For example, an image backup of /home would be much faster (and probably
more useful) than an image backup of the root file system (/).
n Different file system types — Different kinds of file systems have different structures.
File systems of different types must be on their own partitions. In most Linux systems,
you need at least one file system type for / (typically ext3 or reiserfs) and one for your
swap area. File systems on CD-ROM use the iso9660 file system type.
253
7
Part III
Choosing and Installing a Linux Distribution
When you create partitions for Linux, you will usually assign the file system type as
Linux native (using the ext2 or ext3 type on some Linux systems, and reiserfs on others).
Reasons to use other types include needing a file system that allows particularly long filenames, large
file sizes, or many inodes (each file consumes an inode).
TIP
For example, if you set up a news server, it can use many inodes to store news articles. Another reason for using a different file system type is to copy an image backup tape from another operating system to your local disk (such as one from an OS/2 or Minix operating system).
If you have used only Windows operating systems before, you probably had your whole
hard disk assigned to C: and never thought about partitions. With many Linux systems,
you have the opportunity to view and change the default partitioning based on how you want to use
the system.
COMING FROM
WINDOWS
During installation, systems such as SUSE and Fedora let you partition your hard disk using graphical partitioning tools (Yast and Disk Druid, respectively). The following sections describe how to
use Disk Druid (during installation) or fdisk. See the section “Tips for Creating Partitions” for some
ideas for creating disk partitions.
Partitioning with Disk Druid During Installation
During installation, Fedora gives you the opportunity to change how your hard disk is partitioned
using a tool called Disk Druid. The Disk Druid screen is divided into two sections. The top shows
general information about each hard disk. The bottom shows details of each partition. Figure 7.1
shows an example of the Disk Druid window.
FIGURE 7.1
Partition your disk during Fedora installation from the disk setup window.
254
Installing Linux
For each of the hard disk partitions, you can see the following:
n Device — The device name is the name representing the hard disk partition in the /dev
directory. Each disk partition device begins with two letters: hd for IDE disks, sd for SCSI
disks, ed for ESDI disks, or xd for XT disks. After that is a single letter representing the
number of the disk (disk 1 is a, disk 2 is b, disk 3 is c, and so on). So, for example, to
refer to the entire first hard disk, use the device name /dev/hda. To refer to a particular
partition on that disk, add the partition number (1, 2, 3, and so on). For example,
/dev/hda1 represents the first partition on the first IDE hard drive on the computer.
n Mount Point/Raid/Volume — The directory where the partition is connected into the
Linux file system (if it is). You must assign the root partition (/) to a native Linux partition before you can proceed. If you are using RAID or LVM, the name of the RAID device
or LVM volume appears here.
n Type — The type of file system that is installed on the disk partition. In many cases, the
file system will be Linux (ext3), Win VFAT (vfat), or Linux swap. However, you can also
use the previous Linux file system (ext2), physical volume (LVM), or software RAID. The
NTFS partition shown in Figure 7-1 for device /dev/hda1 implies that Windows is
installed on this computer and this can, therefore, be used as a dual-boot computer with
Windows and Linux.
n Format — Indicates whether the installation process should format the hard disk partition. Partitions marked with a check are erased! So, on a multi-boot system, be sure your
Windows partitions, as well as other partitions containing data you don’t want to lose are
not checked!
n Size (MB) — The amount of disk space allocated for the partition (in megabytes). If you
selected to let the partition grow to fill the existing space, this number may be much
larger than the requested amount.
n Start/End — Represents the partition’s starting and ending cylinders on the hard disk.
In the top section, you can see each of the hard disks connected to your computer. The drive name
is shown first. The Geometry section (Geom) shows the numbers of cylinders, heads, and sectors,
respectively, on the disk. That’s followed by the model name of the disk. The total amount of disk
space, the amount used, and the amount free are shown in megabytes. In the previous example,
there is a single hard drive (/dev/hda) and also a small USB pen drive (/dev/sda) attached to
the system.
Reasons for Partitioning
There are different opinions when dividing up a hard disk. Here are some issues:
n Do you want to install another operating system? If you want Windows on your computer along with Linux, you will need at least one Windows (Win95 FAT16, VFAT, or
NTFS type), one Linux (Linux ext3), and one Linux swap partition.
n Is it a multiuser system? If you are using the system yourself, you probably don’t need
many partitions. One reason for partitioning an operating system is to keep the entire
255
7
Part III
Choosing and Installing a Linux Distribution
system from running out of disk space at once. That also serves to put boundaries on
what an individual can use up in his or her home directory (although disk quotas are
good for that as well).
n Do you have multiple hard disks? You need at least one partition per hard disk. If your
system has two hard disks, you may assign one to / and one to /home (if you have lots
of users) or /var (if the computer is a server sharing lots of data).
Deleting, Adding, and Editing Partitions
Before you can add a partition, there needs to be some free space available on your hard disk. If all
space on your hard disk is currently assigned to one partition (as it often is in DOS or Windows),
you must delete or resize that partition before you can claim space on another partition. The section “Dual Booting with Windows or Just Linux?” discusses how to add a partition without losing
information in your existing single-partition system.
CAUTION
Make sure that any data that you want to keep is backed up before you delete the partition. When you delete a partition, all its data is gone.
Disk Druid is less flexible but more intuitive than the fdisk utility. Disk Druid lets you delete, add,
and edit partitions.
If you create multiple partitions, make sure that there is enough room in the right places
to complete the installation. For example, most of the Linux software is installed in the
/usr directory (and subdirectories), whereas most user data files are eventually added to the /home
or /var directories.
TIP
To delete a partition in Disk Druid, do the following:
1. Select a partition from the list of Current Disk Partitions on the main Disk Druid window
(click it or use the arrow keys).
2. To delete the partition, click Delete.
3. When asked to confirm the deletion, click Delete.
4. If you made a mistake, click Reset to return to the partitioning as it was when you started
Disk Druid.
To add a partition in Disk Druid, follow these steps from the main Disk Druid window:
1. Select New. A window appears, enabling you to create a new partition.
2. Type the name of the Mount Point (the directory where this partition will connect to the
Linux file system). You need at least a root (/) partition and a swap partition.
3. Select the type of file system to be used on the partition. You can select from Linux native
(ext2 or preferably ext3), software RAID, Linux swap (swap), physical volume (LVM), or
Windows FAT (vfat).
256
Installing Linux
To create a file system type different from those shown, leave the space you want to use
free for now. After installation is complete, use fdisk to create a partition of the type
TIP
you want.
4. Type the number of megabytes to be used for the partition (in the Size field). If you want
this partition to grow to fill the rest of the hard disk, you can put any number in this field
(1 will do fine).
5. If you have more than one hard disk, select the disk on which you want to put the partition from the Allowable Drives box.
6. Type the size of the partition (in megabytes) into the Size (MB) box.
7. Select one of the following Additional Size Options:
n Fixed size — Click here to use only the number of megabytes you entered into the
Size text box when you create the partition.
n Fill all space up to (MB) — If you want to use all remaining space up to a certain
number of megabytes, click here and fill in the number. (You may want to do this if
you are creating a VFAT partition up to the 2048MB limit that Disk Druid can create.)
n Fill to maximum allowable size — If you want this partition to grow to fill the rest of
the disk, click here.
8. Optionally, select Force to Be a Primary Partition if you want to be sure to be able to boot
the partition or Check for Bad Blocks if you want to have the partition checked for errors.
9. Select OK if everything is correct. (The changes don’t take effect until several steps later
when you are asked to begin installing the packages.)
To edit a partition in Disk Druid from the main Disk Druid window, follow these steps:
1. Click the partition you want to edit.
2. Click the Edit button. A window appears, ready to let you edit the partition definition.
3. Change any of the attributes (as described in the add partition procedure). For a new
install, you may need to add the mount point (/) for your primary Linux partition.
4. Select OK. (The changes don’t take effect until several steps later, when you are asked to
begin installing the packages.)
Partitioning with fdisk
The fdisk utility is available with most every Linux system for creating and working with disk partitions in Linux. It does the same job as graphical partitioning tools such as Disk Druid, although
it’s no longer offered as an option during Fedora installation. However, during Fedora installation,
and other Linux installations that have virtual terminals running, you can switch to a shell (press
Ctrl+Alt+F2) and use fdisk manually to partition your hard disk.
The following procedures are performed from the command line as root user.
257
7
Part III
Choosing and Installing a Linux Distribution
Remember that any partition commands can easily erase your disk or make it inaccessible. Back up critical data before using any tool to change partitions! Then be very careful about the changes you do make. Keeping an emergency boot disk handy is a good idea, too.
CAUTION
The fdisk command is one that is available on many different operating systems (although it
looks and behaves differently on each). In Linux, fdisk is a menu-based command. To use
fdisk to list all your partitions, type the following (as root user):
# fdisk –l
Disk /dev/hda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot
/dev/hda1
*
/dev/hda2
/dev/hda3
Start
1
14
4834
End
13
4833
4865
Blocks
104391
38716650
257040
Id
83
83
82
System
Linux
Linux
Linux swap
To see how each partition is being used on your current system, type the following:
# df –h
Filesystem
/dev/hda2
/dev/hda1
none
Size
37G
99M
61M
Used Avail Use% Mounted on
5.4G
30G 16% /
8.6M
86M 10% /boot
0
61M
0% /dev/shm
From the output of df, you can see that the root of your Linux system (/) is on the /dev/hda2
partition and that the /dev/hda1 partition is used for /boot.
NOTE
If this had been a dual-boot system (with Windows 98), you might have seen a Windows
partition from fdisk that looked like the following:
/dev/hda1
*
1
83
666666+
b
Win95 FAT32
You could mount that partition in Linux (to get to your Windows files when Linux is booted) by typing:
# mkdir /mnt/win
# mount -t vfat /dev/hda1 /mnt/win
Before using fdisk to change your partitions, I strongly recommend running the df –h
command to see how your partitions are currently being defined. This will help reduce
the risk of changing or deleting the wrong partition.
CAUTION
To use fdisk to change your partitions, you need to identify the hard disk you are partitioning.
For example, the first IDE hard disk is identified as /dev/hda. So, to partition your first IDE hard
drive, you can begin (as root user) by typing:
# fdisk /dev/hda
258
Installing Linux
For different hard drive types or numbers, /dev/hda is replaced by the name of the device you
want to work with. Table 7-1 shows some of your choices.
TABLE 7-1
Disk Device Names
Device
Description
/dev/had
For the first IDE hard disk; hdb, hdc, and so on for other IDE disks.
/dev/sda
For the first SCSI hard disk; sdb, sdc, and so on for other SCSI disks.
/dev/rd/c0d0
For a RAID device.
/dev/ida/c0d0
Also for a RAID device.
After you have started fdisk, type m to see the options. Here is what you can do with fdisk:
n Delete a partition — Type d and a partition number, and then press Enter. For example,
/dev/sda2 would be partition number 2. (The deletion won’t take effect until you write
the change — you can back out up to that point.)
n Create a partition — If you have free space, you can add a new partition. Type n; l for a
logical partition (5 or over) or p for a primary partition (1–4); and a partition number
from the available range. Then choose the first cylinder number from those available.
(The output from fdisk –l shown earlier will show you cylinders being used under the
Start and End columns.)
Next, enter the cylinder number the partition will end with (or type the specific number
of megabytes or kilobytes you want: for example, +50M or +1024K). You just created an
ext3 Linux partition. Again, this change isn’t permanent until you write the changes.
n Change the partition type — Press T to choose the type of file system. Enter the partition number of the partition number you want to change. Type the number representing
the file system type you want to use in hexadecimal code. (Type L at this point to see a
list of file system types and codes.) For a Linux file system, use the number 83; for a
Linux swap partition, use 82; and for a windows FAT32 file system, use the letter b.
n Display the partition table — Throughout this process, feel free to type p to display
(print on the screen) the partition table as it now stands.
n Quit or save — Before you write your changes, display the partition table again and make
sure that it is what you want it to be. If you don’t like a change you make to your partitions, press Q to exit without saving. Nothing changes on your partition table.
If your changes are correct, write them to the partition table by pressing W. You are
warned about how dangerous it is to change partitions, and you must confirm the
change.
259
7
Part III
Choosing and Installing a Linux Distribution
An alternative to the menu-driven fdisk command is sfdisk, which is a command-line–
oriented partitioning tool. With sfdisk, you type the full command line to list or change partitions, instead of being taken through a set of prompts (as with fdisk). See the sfdisk man page
for details. Linux experts often prefer sfdisk because it can be used in combination with other
commands to take and output partitioning information.
Tips for Creating Partitions
Changing your disk partitions to handle multiple operating systems can be very tricky, in part
because each operating system has its own ideas about how partitioning information should be
handled, as well as different tools for doing it. Here are some tips to help you get it right:
n If you are creating a dual-boot system, particularly for Windows XP, try to install the
Windows operating system first. Otherwise, the Windows installation may make the
Linux partitions inaccessible. Choosing a VFAT instead of NTFS file system for Windows
will also make sharing files between your Windows and Linux systems easier and more
reliable.
n The fdisk man page recommends that you use partitioning tools that come with an
operating system to create partitions for that operating system. For example, the DOS
fdisk knows how to create partitions that DOS will like, and the Linux fdisk will happily
make your Linux partitions. Once your hard disk is set up for dual boot, however, you
should probably not go back to Windows-only partitioning tools. Use Linux fdisk or a
product made for multi-boot systems (such as Partition Magic).
n You can have up to 63 partitions on an IDE hard disk. A SCSI hard disk can have up to
15 partitions. You won’t need nearly that many partitions.
If you are using Linux as a desktop system, you probably don’t need a lot of different partitions.
There are, however, some very good reasons for having multiple partitions for Linux systems that
are shared by a lot of users or are public Web servers or file servers. Multiple partitions within
Fedora Linux, for example, offer the following advantages:
n Protection from attacks — Denial of Service attacks sometimes take actions that try to
fill up your hard disk. If public areas, such as /var, are on separate partitions, a successful attack can fill up a partition without shutting down the whole computer. Because
/var is the default location for Web and FTP servers, and expected to hold a lot of data,
entire hard disks often are assigned to the /var file system alone.
n Protection from corrupted file systems — If you have only one file system (/), its corruption can cause the whole Linux system to be damaged. Corruption of a smaller partition can be easier to fix and often allows the computer to stay in service while the
correction is made.
Table 7-2 lists some directories that you may want to consider making into separate file system
partitions.
260
Installing Linux
TABLE 7-2
Assigning Partitions to Particular Directories
Directory
Explanation
/boot
Sometimes the BIOS in older PCs can access only the first 1,024 cylinders of your hard
disk. To make sure that the information in your /boot directory is accessible to the BIOS,
create a separate disk partition (of about 100MB) for /boot and make sure that it exists
below cylinder 1,024. The rest of your Linux system can exist outside of that 1,024-cylinder
boundary if you like. Even with several boot images, there is rarely a reason for /boot to
be larger than 100MB. (For newer hard disks, you can select the Linear Mode check box
during installation. Then the boot partition can be anywhere on the disk.)
/usr
This directory structure contains most of the applications and utilities available to Linux
users. Having /usr on a separate partition lets you mount that file system as read-only
after the operating system has been installed. This prevents attackers from replacing or
removing important system applications with their own versions that may cause security
problems. A separate /usr partition is also useful if you have diskless workstations on your
local network. Using NFS, you can share /usr over the network with those workstations.
/var
Your FTP (/var/ftp) and Web-server (/var/www) directories are, by default in many
Linux systems, stored under /var. Having a separate /var partition can prevent an attack
on those facilities from corrupting or filling up your entire hard disk.
/home
Because your user account directories are located in this directory, having a separate
/home account can prevent a reckless user from filling up the entire hard disk.
/tmp
Protecting /tmp from the rest of the hard disk by placing it on a separate partition can
ensure that applications that need to write to temporary files in /tmp are able to complete
their processing, even if the rest of the disk fills up.
Although people who use Linux systems casually rarely see a need for lots of partitions, those who
maintain and occasionally have to recover large systems are thankful when the system they need
to fix has several partitions. Multiple partitions can localize deliberate damage (such as denial-ofservice attacks), problems from errant users, and accidental file system corruption.
Using LILO or GRUB Boot Loaders
A boot loader lets you choose when and how to boot the bootable operating systems installed on
your computer’s hard disks. Most Linux systems give you the opportunity to use GRUB or LILO
boot loaders. The following sections describe both GRUB and LILO boot loaders.
Booting Your Computer with GRUB
With multiple operating systems installed and several partitions set up, how does your computer
know which operating system to start? To select and manage which partition is booted and how it
is booted, you need a boot loader. The boot loader that is installed by default with Fedora and
other Linux systems is the GRand Unified Boot loader (GRUB).
261
7
Part III
Choosing and Installing a Linux Distribution
GRUB is a GNU bootloader (www.gnu.org/software/grub) that replaced the LILO as the
default boot loader in many Linux systems (including Fedora). GRUB offers the following features:
n Support for multiple executable formats.
n Support for multi-boot operating systems (such as Fedora, FreeBSD, NetBSD, OpenBSD,
and other Linux systems).
n Support for non–multi-boot operating systems (such as Windows 95, Windows 98,
Windows NT, Windows ME, Windows XP, and OS/2) via a chain-loading function.
Chain-loading is the act of loading another boot loader (presumably one that is specific to
the proprietary operating system) from GRUB to start the selected operating system.
n Support for multiple file system types.
n Support for automatic decompression of boot images.
n Support for downloading boot images from a network.
For more information on how GRUB works, type man grub or info grub. The info command
contains more details about GRUB.
Booting with GRUB
When you install Linux, you are typically given the option to configure the information needed to
boot your computer (with one or more operating systems) into the default boot loader. With GRUB
configured, when you boot your computer, the first thing you see after the BIOS loads is the GRUB
boot screen (it says GRUB at the top and lists bootable partitions below it), do one of the following:
n Default — If you do nothing, the default operating system will boot automatically after a
few seconds. (The timeout is set by the timeout value, in seconds, in the grub.conf
file.)
n Select an operating system — Use the up and down arrow keys to select any of the
titles, representing operating systems you can boot, that are shown on the screen. Then
press Enter to boot that operating system.
n Edit the boot process — If you want to change any of the options used during the boot
process, use the arrow keys to highlight the operating system you want and type e to
select it. Follow the next procedure to change your boot options temporarily.
If you want to change your boot options so that they take effect every time you boot your computer, see the section on permanently changing boot options. Changing those options involves
editing the /boot/grub/grub.conf file.
Temporarily Changing Boot Options
From the GRUB boot screen, you can select to change or add boot options for the current boot session. First, select the operating system you want (using the arrow keys) and type e (as described
earlier). You will see a graphical screen that looks like the one shown in Figure 7.2.
262
Installing Linux
FIGURE 7.2
From the GRUB boot screen, you can select to change boot options.
There are three lines in the example of the GRUB editing screen that identify the boot process for
the operating system you chose. The first line (beginning with root) shows that the entry for the
GRUB boot loader is on the fifth partition of the first hard disk (hd0,4). GRUB represents the hard
disk as hd, regardless of whether it is a SCSI, IDE, or other type of disk. You just count the drive
number and partition number, starting from zero (0).
The second line of the example (beginning with kernel) identifies the boot image
(/boot/vmlinuz-2.6.18-1.2798.fc6) and several options. The options identify the partition as initially being loaded ro (read-only) and the location of the root file system on a partition
with the label root=LABEL=/1. The third line (starting with initrd) identifies the location of
the initial RAM disk, which contains the minimum files and directories needed during the boot
process.
If you are going to change any of the lines related to the boot process, you would probably change
only the second line to add or remove boot options. Here is how you do that:
1. Position the cursor on the kernel line and type e.
2. Either add or remove options after the name of the boot image. You can use a minimal set
of bash shell command-line editing features to edit the line. You can even use command
completion (type part of a filename and press Tab to complete it). Here are a few options
you may want to add or delete:
263
7
Part III
Choosing and Installing a Linux Distribution
n Boot to a shell — If you forgot your root password or if your boot process hangs, you
can boot directly to a shell by adding init=/bin/sh to the boot line. (The file system is mounted read-only, so you can copy files out. You need to remount the file system with read/write permission to be able to change files.)
n Select a run level — If you want to boot to a particular run level, you can add the
word linux, followed by the number of the run level you want. For example, to have
Fedora Linux boot to run level 3 (multiuser plus networking mode), add linux 3 to
the end of the boot line. You can also boot to single-user mode (1), multiuser mode
(2), or X GUI mode (5). Level 3 is a good choice if your GUI is temporarily broken.
3. Press Enter to return to the editing screen.
4. Type b to boot the computer with the new options. The next time you boot your computer, the new options will not be saved. To add options so they are saved permanently,
see the next section.
Permanently Changing Boot Options
You can change the options that take effect each time you boot your computer by changing the
GRUB configuration file. In Fedora and other Linux systems, GRUB configuration centers on the
/boot/grub/grub.conf file.
The /boot/grub/grub.conf file is created when you install Linux. Here’s an example of that
file for Fedora Core:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making
# changes to this file
# NOTICE: You have a /boot partition. This means that
#
all kernel and initrd paths are relative to /boot/, eg.
#
root (hd0,0)
#
kernel /vmlinuz-version ro root=/dev/hda6
#
initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,4)/grub/splash.xpm.gz
title Fedora Core 6 Final (2.6.18-1.2798.fc6)
root (hd0,4)
kernel /boot/vmlinuz-2.6.18-1.2798.fc6 ro root=LABEL=/1 rhgb quiet
initrd /initrd-2.6.18-1.2798.fc6
title Windows XP
rootnoverify (hd0,0)
chainloader +1
The default=0 line indicates that the first partition in this list (in this case Fedora Linux) will be
the one that is booted by default. The line timeout=10 causes GRUB to pause for 10 seconds
before booting the default partition. (That’s how much time you have to press e if you want to edit
the boot line, or to press arrow keys to select a different operating system to boot.)
264
Installing Linux
The splashimage line looks in the fifth partition on the first disk (hd0,4) for the boot partition
(in this case /dev/hda5, which is the /boot partition). GRUB loads splash.xpm.gz as the
image on the splash screen (/boot/grub/splash.xpm.gz). The splash screen appears as the
background of the boot screen.
GRUB indicates disk partitions using the following notation: (hd0,0). The first number
represents the disk, and the second is the partition on that disk. So, (hd0,1) is the second partition (1) on the first disk (0).
NOTE
The two bootable partitions in this example are Fedora and Windows XP. The title lines for each of
those partitions are followed by the name that appears on the boot screen to represent each partition.
For the Fedora Linux system, the root line indicates the location of the boot partition as the second
partition on the first disk. So, to find the bootable kernel (vmlinuz-2.6.18-1.2798.fc6) and
the initrd initial RAM disk boot image that is loaded (initrd-2.6.18-1.2798.fc6.img),
GRUB looks in the root of hd0,4 (which is represented by /dev/hda5 and is eventually
mounted as /boot). Other options on the kernel line set the partition as read-only initially (ro)
and set the root file system to /dev/hda6.
For the Windows XP partition, the rootnoverify line indicates that GRUB should not try to
mount the partition. In this case, Windows XP is on the first partition of the first hard disk
(hd0,0) or /dev/hda1. Instead of mounting the partition and passing options to the new operating system, the chainloader +1 indicates to hand control the booting of the operating system
to another boot loader. The +1 indicates that the first sector of the partition is used as the boot
loader.
NOTE
Microsoft operating systems require that you use the chainloader to boot them from
GRUB because GRUB doesn’t offer native support for Windows operating systems.
If you make any changes to the /boot/grub/grub.conf file, you do not need to load those
changes. GRUB automatically picks up those changes when you reboot your computer. If you are
accustomed to using the LILO boot loader, this may confuse you at first, as LILO requires you to
rerun the lilo command for the changes to take effect.
Adding a New GRUB Boot Image
You may have different boot images for kernels that include different features. Here is the procedure for modifying the grub.conf file:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/2.6.18-1.2798.fc6/arch/i386/boot/) to the /boot directory. Name
the file something that reflects its contents, such as bz-2.6.18-1.2798.fc6. For
example:
# cd /usr/src/kernels/18-1.2798.fc6/arch/i386/boot/
# cp bzImage /boot/bz-18-1.2798.fc6
265
7
Part III
Choosing and Installing a Linux Distribution
2. Add several lines to the /boot/grub/grub.conf file so that the image can be started
at boot time if it is selected. For example:
title Fedora Core 6 rebuild
root (hd0,4)
kernel /boot/bz-18-1.2798.fc6 ro root=/dev/hda6
initrd /initrd-18-1.2798.fc6.img
3. Reboot your computer.
When the GRUB boot screen appears, move your cursor to the title representing the new
kernel and press Enter.
The advantage to this approach, as opposed to copying the new boot image over the old one, is
that if the kernel fails to boot, you can always go back and restart the old kernel. When you feel
confident that the new kernel is working properly, you can use it to replace the old kernel or perhaps just make the new kernel the default boot definition.
Booting Your Computer with LILO
LILO stands for LInux LOader. Like other boot loaders, LILO is a program that can stand outside
the operating systems installed on the computer so you can choose which system to boot. It also
lets you give special options that modify how the operating system is booted. On Slackware and
other Linux systems, LILO is used instead of GRUB as the default boot loader.
If LILO is being used on your computer, it is installed in either the master boot record or the first
sector of the root partition. The master boot record is read directly by the computer’s BIOS. In general, if LILO is the only loader on your computer, install it in the master boot record. If there is
another boot loader already in the master boot record, put LILO in the root partition.
Using LILO
When your computer boots with the Fedora version of LILO installed in the master boot record, a
graphical Fedora screen appears, displaying the bootable partitions on the computer. Use the up
and down arrow keys on your keyboard to select the one you want and press Enter. Otherwise, the
default partition that you set at installation will boot after a few seconds.
If you want to add any special options when you boot, press Ctrl+X. You will see a text-based boot
prompt that appears as follows:
boot:
LILO pauses for a few seconds and then automatically boots the first image from the default
bootable partition. To see the bootable partitions again, quickly press Tab. You may see something
similar to the following:
LILO boot:
linux linux-up dos
boot:
266
Installing Linux
This example shows that three bootable partitions are on your computer, called linux, linuxup, and dos. The first two refer to two different boot images that can boot the Linux partition. The
third refers to a bootable DOS partition (presumably containing a Windows operating system). The
first bootable partition is loaded if you don’t type anything after a few seconds. Or you can use the
name of the other partition to have that boot instead.
If you have multiple boot images, press Shift, and LILO asks you which image you want to boot.
Available boot images and other options are defined in the /etc/lilo.conf file.
Setting Up the /etc/lilo.conf File
The /etc/lilo.conf file is where LILO gets the information it needs to find and start bootable
partitions and images. By adding options to the /etc/lilo.conf file, you can change the
behavior of the boot process. The following is an example of some of the contents of the
/etc/lilo.conf file:
prompt
timeout=50
default=linux
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-18-1.2798.fc6
label=linux
initrd=/boot/initrd-2.6.18-1.2798.fc6.img
read-only
root=/dev/hda6
append=”root=LABEL=/”
other=/dev/hda1
optional
label=dos
With prompt on, the boot prompt appears when the system is booted without requiring that any
keys are pressed. The timeout value, in this case 50 tenths of a second (5 seconds), defines how
long to wait for keyboard input before booting the default boot image. The boot line indicates that
the bootable partition is on the hard disk represented by /dev/hda (the first IDE hard disk).
The map line indicates the location of the map file (/boot/map, by default). The map file contains
the name and locations of bootable kernel images. The install line indicates that the
/boot/boot.b file is used as the new boot sector. The message line tells LILO to display the
contents of the /boot/message file when booting (which contains the graphical Fedora boot
screen). The linear line causes linear sector addresses to be generated (instead of sector/head/
cylinder addresses).
267
7
Part III
Choosing and Installing a Linux Distribution
In the sample file, there are two bootable partitions. The first (image=/boot/vmlinuz2.6.18-1.2798.fc6) shows an image labeled linux. The root file system (/) for that image is
on partition /dev/hda6. Read-only indicates that the file system is first mounted read-only,
although it is probably mounted as read/write after a file system check. The inidrd line indicates
the location of the initial RAM disk image used to start the system.
The second bootable partition, which is indicated by the word other in this example, is on the
/dev/hda1 partition. Because it is a Windows XP system, it is labeled a DOS file system. The
table line indicates the device that contains the partition.
Other bootable images are listed in this file, and you can add another boot image yourself (like one
you create from reconfiguring your kernel as discussed in the next section) by installing the new
image and changing lilo.conf.
After you change lilo.conf, you then must run the lilo command for the changes to take
effect. You may have different boot images for kernels that include different features. Here is the
procedure for modifying the lilo.conf file:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/2.6.18-1.2798.fc6/arch/i386/boot) to the /boot directory. Name
the file something that reflects its contents, such as zImage-2.6.18-1.2798.fc6.
2. Add several lines to the /etc/lilo.conf file so that the image can be started at boot
time if it is selected. For example:
image=/boot/zImage-2.6.18-1.2798.fc6
label=new
3. Type the lilo -t command (as root user) to test that the changes were okay.
4. Type the lilo command (with no options) for the changes to be installed.
To boot from this new image, either select new from the graphical boot screen or type new and
press Enter at the LILO boot prompt. If five seconds is too quick, increase the timeout value (such
as 100 for 10 seconds).
Options that you can use in the /etc/lilo.conf file are divided into global options, per-image
options, and kernel options. A lot of documentation is available for LILO. For more details on any
of the options described here or for other options, you can see the lilo.conf manual page (type
man lilo.conf) or any of the documents in /usr/share/doc/lilo*/doc.
A few examples follow of global options that you can add to /etc/lilo.conf. Global options
apply to LILO as a whole, instead of just to a particular boot image.
You can use the default=label option, where label is replaced by an image’s label name, to
indicate that a particular image be used as the default boot image. If that option is excluded, the
first image listed in the /etc/lilo.conf file is used as the default. For example, to start the
image labeled new by default, add the following line to lilo.conf:
default=new
268
Installing Linux
Change the delay from 5 seconds to something greater if you want LILO to wait longer before starting the default image. This gives you more time to boot a different image. To change the value from
5 seconds (50) to 15 seconds (150), add the following line:
delay=150
You can change the message that appears before the LILO prompt by adding that message to a file
and changing the message line. For example, you could create a /boot/boot.message file and
add the following words to that file: Choose linux, new, or dos. To have that message appear
before the boot prompt, add the following line to /etc/lilo.conf:
message=/boot/boot.message
All per-image options begin with either an image= line (indicating a Linux kernel) or other=
(indicating some other kind of operating system, such as Windows XP). The per-image options
apply to particular boot images rather than to all images (as global options do). Along with the
image or other line is a label= line, which gives a name to that image. The name is what you
select at boot time to boot that image. Here are some of the options that you can add to each of
those image definitions:
n lock — This enables automatic recording of boot command lines as the defaults for different boot options.
n alias=name — You can replace name with any name. That name becomes an alias for
the image name defined in the label option.
n password=password — You can password-protect all images by adding a password
option line and replacing password with your own password. The password would
have to be entered to boot any of the images.
n restricted — This option is used with the password option. It indicates that a password should be used only if command-line options are given when trying to boot the
image.
For Linux kernel images, there are specific options that you can use. These options let you deal
with hardware issues that can’t be autodetected, or provide information such as how the root file
system is mounted. Here are some of the kernel image-specific options:
n append — Add a string of letters and numbers to this option that need to be passed to
the kernel. In particular, these can be parameters that need to be passed to better define
the hard disk when some aspect of that disk can’t be autodetected. For example:
append=”hd=64,32,202”
n ramdisk — Add the size of the RAM disk that you want to use in order to override the
size of the RAM disk built into the kernel.
n read-only — Mount the root file system read-only. It is typically remounted read-write
after the disk is checked.
n read-write — Mount the root file system read/write.
269
7
Part III
Choosing and Installing a Linux Distribution
Changing Your Boot Loader
If you don’t want to use the GRUB boot loader, or if you tried out LILO and want to switch back to
GRUB, it’s not hard to change to a different boot loader on Linux distributions that support both
boot loaders. To switch your boot loader from GRUB to LILO, do the following:
1. Configure the /etc/lilo.conf file as described in the “Booting Your Computer with
LILO” section.
2. As root user from a Terminal window, type the following:
# lilo
3. The new Master Boot Record is written, including the entries in /etc/lilo.conf.
4. Reboot your computer. You should see the LILO boot screen.
To change your boot loader from LILO to GRUB, do the following:
1. Configure the /boot/grub/grub.conf file as described in the “Booting Your
Computer with GRUB” section.
2. You need to know the device on which you want to install GRUB. For example, to install
GRUB on the master boot record of the first disk, type the following as root user from a
Terminal window:
# grub-install /dev/hda
The new Master Boot Record is written to boot with the GRUB boot loader.
3. Reboot your computer. You should see the GRUB boot screen.
If for some reason you don’t see the GRUB boot screen when you reboot, you can use a rescue CD
to reboot your computer and fix the problem. When the rescue CD boots up, mount the file system containing the /boot/grub/grub.conf file. Then use the chroot command to change to
the root of that file system. Correct the grub.conf file and run grub-install again.
Configuring Networking
If you are connecting your computer to an Ethernet LAN that has a DHCP server available, you
probably don’t need to do anything to start up automatically on your LAN and even be connected
to the Internet. However, if there is no DHCP server on your LAN and you have to configure your
TCP/IP connection manually, here is the information you will probably be prompted for during
Linux installation:
n IP address — If you set your own IP address, this is the four-part, dot-separated number
that represents your computer to the network. It would take more than a few sentences to
explain how IP addresses are formed and how you choose them (see Chapter 5 for a more
complete description). An example of a private IP address is 192.168.0.1.
n Netmask — The netmask is used to determine what part of an IP address represents the
network and what part represents a particular host computer. An example of a netmask
270
Installing Linux
for a Class C network is 255.255.255.0. If you apply this netmask to an IP address of
192.168.0.1, for example, the network address would be 192.168.0 and the host address
1. Because 0 and 255 can’t be assigned to a particular host, that leaves valid host numbers
between 1 and 254 available for this local network.
n Activate on boot — Some Linux install procedures ask you to indicate if you want the
network to start at boot time (you probably do if you have a LAN).
n Set the host name — This is the name identifying your computer within your domain.
For example, if your computer were named “baskets” in the handsonhistory.com
domain, your full host name may be baskets.handsonhistory.com. You can either
set the domain name yourself (manually) or have it assigned automatically, if that information is being assigned by a DHCP server (automatically via DHCP).
n Gateway — This is the IP number of the computer that acts as a gateway to networks
outside your LAN. This typically represents a host computer or router that routes packets
between your LAN and the Internet.
n Primary DNS — This is the IP address of the host that translates computer names you
request into IP addresses. It is referred to as a Domain Name System (DNS) server. You
may also have Secondary and Tertiary name servers in case the first one can’t be reached.
(Most ISPs will give you two DNS server addresses.)
Configuring Other Administrative Features
Depending on which Linux install you are using, there are other types of information you will be
asked to enter. These might involve the following:
n Firewall — Most Linux distributions these days use iptables to configure firewalls. Older
Linux systems use ipchains. When you configure a default firewall, you typically choose
which ports will be open to outside connections on your system (although there are
many other things a firewall can be configured to do as well). The iptables firewall facility
is described in Chapter 18 when you configure a router/firewall.
n Languages — While Linux itself doesn’t include support for lots of different languages,
some Linux distributions (such as Fedora) and desktop environments (such as KDE) offer
support for many different languages. Nearly all Linux distributions will let you configure
language-specific keyboards.
n Root password and additional user — Every Linux system that uses passwords will
have you add at least the root user’s password when you install Linux. Some distributions
will require that you add at least one additional non-root user as well.
Besides the features just mentioned, every distribution needs to have some initial configuration
done before you have a fully functional Linux system. See Chapter 4 for information on basic
administrative tasks for Linux.
271
7
Part III
Choosing and Installing a Linux Distribution
Installing from the Linux Bible CD or DVD
With the knowledge you’ve gained in this chapter, you’re ready to select a Linux distribution to
install. Read the descriptions of Linux distributions in the other chapters in Part II of this book.
Each chapter includes an On the DVD or On the CD icon box that tells you if the distribution
described there is on the CD or DVD or, if it isn’t, where you can get it.
If you need more information about the CD or DVD, Appendix A describes the contents of those
discs. It also tells you which Linux distributions can be run live or used to install Linux permanently to your hard disk from those two discs.
Summary
While every Linux distribution includes a different installation method, there are many common
activities you need to do, regardless of which Linux system you install. For every Linux system,
you need to deal with issues of disk partitioning, network configuration, and boot loaders.
Linux Bible 2007 Edition includes a DVD and a CD with several different Linux systems you can
install. If you prefer, you can instead download and burn your own CDs or DVDs to install Linux.
If you go the route of burning your own CDs, this chapter helps you find Linux distributions you
can download and describes tools you can use to verify their contents.
272
Running Fedora Core and
Red Hat Enterprise Linux
I
n September 2003, the world’s leading Linux distribution, Red Hat
Linux, disappeared.
IN THIS CHAPTER
Digging into Fedora Core
Red Hat, Inc., the company that created Red Hat Linux, divided its development efforts in two directions: the Fedora Project, which produces the
Fedora Core operating system, and Red Hat Enterprise Linux. The split came
from trying to better serve two diverse groups with one operating system.
Fedora focused on encouraging the open source development community
interested in helping develop and test software that would one day go into
Red Hat products. Red Hat Enterprise Linux focused on the needs of paying
customers who needed enterprise computing solutions.
Fedora Core 6 is included on the DVD that comes with this
book. You can install the entire distribution from this DVD,
using descriptions in Appendix A and the “Installing Fedora Core” section later
in this chapter. If you don’t have a DVD drive, you can obtain the same software on five CDs by downloading them from the Internet (http://
fedoraproject.org/wiki/Distribution/Download) and burning
them to CD, as described in Appendix A.
ON the DVD-ROM
Fedora Core and Red Hat Enterprise Linux both come from a base of code
that stems from the Red Hat Linux legacy. The two distributions have different goals and audiences and may drift farther apart over time. For the time
being, however, Fedora Core includes features being developed for future
Red Hat Enterprise Linux releases.
Fedora Core is intended to include the latest Linux technology and be a
proving ground for features slated to go into Red Hat Enterprise Linux products. It is a freely distributed operating system for the Linux community.
273
Going forward with Fedora Core
Installing Fedora Core
Part III
Choosing and Installing a Linux Distribution
Although it is sponsored and directed by Red Hat, Inc., the Fedora Project encourages community
involvement. The latest Fedora Core includes many more features than Red Hat Enterprise Linux,
but those features have less guarantee of stability and no guarantee of support. However, important
decisions about the direction of Fedora Core are still very much under the control of Red Hat, Inc.
Likewise, Red Hat owns Fedora trademarks and makes legal decisions for Fedora based on its own
legal counsel. For the time being, software contributions from the Fedora Community at large go
into the Fedora Extras repository.
Fedora Core follows the legacy of Red Hat Linux. The final version of Red Hat Linux was
version 9. Fedora Core 1 and Red Hat Enterprise Linux 3 followed Red Hat Linux 9. At
the time of this writing, Fedora Core 6 and Red Hat Enterprise Linux 4 are the latest versions of those
two operating systems. Red Hat Enterprise Linux 5 will probably be released by the time you read
this.
NOTE
Red Hat Enterprise Linux (RHEL), which is actually represented by multiple products for desktop,
server, and workstation computer systems, is licensed commercially. Red Hat puts all its documentation, training, and support effort behind RHEL, which it sells to customers in the form of subscriptions. The intent is to have RHEL be a rock-solid Linux system that can be deployed across
entire enterprises.
Despite the confusion it unleashed by dumping its flagship Red Hat Linux line and fears by some
that Red Hat might become another Microsoft, Red Hat is still the dominant player when it comes
to commercial Linux products. Many people have been happy to upgrade their critical Linux systems to Red Hat Enterprise Linux products.
In fact, when Microsoft announced its patent agreement with Novell, Red Hat was reported to have
turned down a similar offer of cooperation with Microsoft, calling such an arrangement an “innovation tax” (www.redhat.com/promo/believe). So, Red Hat, which was once viewed by some
in the free software community as a threat to the free software movement, is now being viewed
more often as a great defender of free and open source software rights.
To its credit, Red Hat has managed to become a profitable venture while making some remarkable
contributions to the open source effort. Releasing its installer (Anaconda) and software packaging
tools (RPM Package Management) under the GNU Public License (GPL) has enabled other Linux
distributions to use and enhance those features. Within Red Hat Linux and now Fedora Core, Red
Hat, Inc. has worked hard to include only software that could be freely distributed (removing most
software with patent and copyright issues).
Despite continued emphasis from Red Hat, Inc. that Fedora comes with no guarantees, Fedora is
an excellent Linux distribution. I know of universities that have deployed hundreds of Fedora
desktop systems in their computer labs and small companies that run their businesses exclusively
with Fedora. Even if you prefer to bet your business on Red Hat Enterprise Linux, Fedora Core is a
great way to evaluate and use technology that is in all Linux distributions from Red Hat. Features
in the current Fedora Core 6 are those that are being prepared for RHEL 5. Both Fedora and RHEL
are discussed in this chapter, so you can determine which distribution is right for you.
274
Running Fedora Core and Red Hat Enterprise Linux
Digging into Features
There are many opinions on why Red Hat Linux and other distributions from Red Hat Inc. have
been so popular. The following sections describe some features of Red Hat Linux distributions
commonly believed to have led to its success and that now add to the popularity of Fedora Core
and Red Hat Enterprise Linux distributions.
Red Hat Installer (Anaconda)
When many Linux distributions still had you struggling from the command line to get the distribution installed, Red Hat created its own installer called Anaconda. Anaconda includes both graphical
and text-based procedures for installing Linux. When you’re done installing Fedora or Red Hat
Enterprise Linux, you have the following:
n A set of software packages installed that suits how you want to use your computer (as a
desktop, workstation, server, or some custom configuration).
n Standard information, such as date, time, time zone, and language set.
n A configured mouse, keyboard, video card, and monitor.
n An appropriately partitioned hard disk.
n A configured network card and firewall, to immediately connect to a LAN.
n A configured boot loader, to define how Linux starts up.
Besides being easy to use, Anaconda is loaded with features to make it easy to manage the installation of multiple RHEL or Fedora systems. For example, these power features are built into the
Anaconda installer:
n Network installs — After booting the install process, the actual Fedora or RHEL distribution can be on a network server that is accessible via a Web server (http), FTP server
(ftp), or UNIX file server (NFS).
n Kickstart installs — It’s not so bad to sit there and click through the answers to run the
installation of one Fedora Core system, but if you’re doing dozens or hundreds of installs
(especially on similar computers), automating that task can be a major time-saver.
Anaconda supports kickstart installs, for which you use a preconfigured kickstart file to
answer the questions that come up during a Fedora or RHEL installation. If you answer
all the questions in the file, you can launch the installation and have it run from start to
finish without you in attendance.
n Upgrades — With an existing Fedora system installed, Anaconda enables you to easily
upgrade to a newer Fedora system. A lot of nice features for saving backups of configuration files and logging the upgrade activities are built into that process. During an
upgrade, Anaconda takes into consideration any dependency issues, so the upgraded
software packages will have all the libraries and commands that the features in those
packages need.
275
8
Part III
Choosing and Installing a Linux Distribution
Recent major enhancements to Anaconda have come in the past two releases of Fedora Core. In
particular, anaconda now incorporates the yum facility for gathering, downloading, and installing
packages. During initial installation, you can add multiple yum-enabled Fedora software repositories to install software from those repositories.
With the expansion of Fedora Extras (described later in this chapter) and the availability of highquality, third-party repositories (such as rpm.livna.org), you can choose from literally thousands of software packages. Because many of the third-party repositories are set up to be
compatible with Fedora Core and Extras, dependency failures are much rarer than they used to be
from those repositories.
You’ll find a detailed description of installing Fedora using the Anaconda installer at the end of this
chapter.
RPM Package Management
All Red Hat and Fedora Core distributions use the RPM Package Management (RPM) software
packaging format to store and maintain software. Fedora Core and RHEL contain a set of tools for
installing, upgrading, maintaining, and querying software packages in RPM format. Essentially, the
RPM software packages that are installed are maintained in a database, so you can list the contents
of packages, view descriptions, and even check for tampering of the files in those packages.
Using RPM, add-on software can also be easily included in and maintained for Fedora systems. So
users who once had to know how to deal with tarballs and makefiles to compile their own software
can now simply install an RPM package to get the features they want. With other Linux distributions (such as SUSE and Mandrake) also using RPM packaging, your RPM tool skills can help you
manage software on those distributions as well.
Because of the popularity of Red Hat Linux systems, lots of software repositories and third-party
software management tools have been created to further automate and simplify handling software
in Red Hat systems. Tools such as yum (www.linux.duke.edu/projects/yum) and apt4rpm
(http://apt4rpm.sourceforge.net) are available for updating selected software. AutoRPM
(www.autorpm.org) was created to automatically get RPM updates from Red Hat and install
them on a single system or a cluster of machines.
As noted earlier, the yum facility forms the foundation for installing RPM packages in Fedora and
the upcoming RHEL5 release. For several reasons, yum is usually preferred over the rpm command. First, it can be used to install from network repositories. Second, it can find and install
dependent packages needed by the packages you request. And last, it is preferred because there are
related tools for searching and managing repositories. Yum can also be used to install software from
local media and, unlike rpm, resolve dependencies automatically.
Kudzu Hardware Detection
Early Linux systems required that someone installing Linux know a lot about their hardware and
the Linux drivers needed for that hardware to work. The kudzu feature was created by Red Hat to
276
Running Fedora Core and Red Hat Enterprise Linux
detect and configure a lot of computer hardware automatically. This feature is a great boost to those
who don’t want to worry about finding and selecting the drivers needed for their computer hardware.
Kudzu runs during your initial Red Hat installation to detect your system’s hardware. It also runs
each time you start your Fedora or RHEL system so that if you add or remove hardware and restart
the system, it can try to determine what the hardware is and offer you the opportunity to configure
it or remove the driver, as appropriate.
The highly touted hardware detection done by the KNOPPIX bootable Linux distribution
is based on the kudzu libraries from Red Hat, Inc. While the kudzu hardware detection
is quite good in Fedora Core and RHEL, if you don’t need hardware detection from kudzu, you can
save significant time in rebooting if you disable kudzu.
NOTE
Red Hat Desktop Look-and-Feel
To add a level of consistency to the desktops on its Linux systems, Red Hat created a look-and-feel
that is pretty much the same for both GNOME and KDE. In particular, consistent themes (backgrounds, icons, logos, and other elements) are set up by default for KDE and GNOME desktops.
System Configuration Tools
Red Hat created a set of simplified, graphical tools for configuring and administering many basic
administrative features in Red Hat systems. Using these tools, you can add printers, configure your
network, add users, set up your sound card, and tune up your video card, to name a few of the features they cover.
Red Hat’s graphical configuration tools (which are described in Chapter 4) can be launched from
the System or Applications menu or from the command line. Several releases ago, the beginnings
of these configuration tools’ command names changed from redhat-config to system-config.
For example, the tool to configure your network in Fedora is now called system-config-network
(instead of redhat-config-network).
Going Forward with Fedora Core
With the original Red Hat Linux, you could have the exact same Linux system for free (to run in
your home or small business) that was being used in large-scale enterprise deployments. For just a
few dollars, you could add official Red Hat support for that system, which included official security
patches and upgrade paths for the future.
Today, with the different free (Fedora Core) and subscription-based (RHEL) Linuxes from Red Hat,
some of the same basic advantages hold true — if you are a bit more adventurous. Because Red Hat
Linux is such a successful operating system, many who have developed skills in using and deploying Red Hat Linux have rallied to support Fedora in areas where Red Hat, Inc. has bowed out. The
following sections explore some of those support efforts.
277
8
Part III
Choosing and Installing a Linux Distribution
Growing Community Support for Fedora
Despite some confusion about the future and direction of the Fedora Project, new initiatives and
Web sites have popped up to support Fedora. Two of the best new official assets of the Fedora
Project are FedoraProject.org (which is transitioning to become the official Fedora Project site) and
FedoraForum.org (which has been recognized as the official end-user forum of choice.
FedoraProject.org is the site for official information about schedules, goals, and initiatives that
make up the Fedora Project. If you want to become involved in Fedora-related projects, such as
Fedora Extras, Ambassadors, Marketing, Live CD, or Documentation, FedoraProject.org is the focal
point for pursuing those initiatives.
FedoraForum.org features news, galleries, and (as you might guess) forums for sharing questions
and information about Fedora. As of this writing, there were about 970,000 posts to these forums
and more than 79,000 members. The forum for installation help has more than 100,000 posts
itself.
The Unofficial Fedora FAQ (www.fedorafaq.org) has become an excellent resource for getting
answers to the most constant, nagging questions about Fedora. This FAQ is a good place to start
for learning how to get all those things you need (MP3 players, instant messaging, video players,
access to your Windows XP NTFS file system, and so on).
On the whole, the total amount of software available and greater stability among software repositories (I discuss them next) has meant that it’s possible to get a much better total experience with
Fedora Core than was possible even with Red Hat Linux.
Fedora Extras
One concern with Fedora Core is that, as Red Hat adds more enterprise-class features to test for
upcoming RHEL releases, more features for home, small office, and educational users will be
pushed out. With Red Hat’s current commitment to keeping Fedora Core to the size of five CDs,
packages that have been cut from Fedora Core are finding their way into Fedora Extras.
With the past few Fedora releases, however, Fedora Extras has become much more than a place for
cast-off Fedora Core packages. Many fun and useful packages that don’t happen to meet Red Hat’s
goals for Fedora Core are now in Fedora Extras. These include media players, content management
systems, scientific tools, and many other software packages. The repository has grown from just a
few hundred megabytes of packages to more than 4GB.
Unlike Fedora Legacy repositories, which consist of updates to software already in the Fedora
distribution, the Fedora Extras Project encourages people to build their software into RPM
packages that can easily be installed in Fedora Core and Red Hat Enterprise Linux systems.
Guidelines for becoming a Fedora Extras developer are available from the Fedora Extras wiki
(http://fedoraproject.org/wiki/extras).
278
Running Fedora Core and Red Hat Enterprise Linux
When someone builds an RPM and submits it to Fedora Extras, it is reviewed and, if approved,
added to the Fedora Extras repository. This process offers several advantages to the Fedora
community:
n Packages that people relied on from previous Fedora releases don’t just disappear.
n While Fedora Extras packages are not necessarily tested as thoroughly as those in Fedora
Core, being in Extras adds a level of security and stability to a package that can’t be guaranteed if you grab software randomly from the Internet.
n The Fedora Extras repository is automatically added to your available yum repositories.
So, for example, if you know that you want to install the abiword package, you can do so
by simply typing yum install abiword as root user. Then yum grabs it and installs it
from a Fedora Extras repository. With Fedora 6, the Fedora Extras repository can even be
accessed to install packages during initial installation of Fedora Core.
Packages in Fedora Extras are still expected to meet Red Hat’s stringent guidelines. This means that
you won’t find proprietary software drivers (such as those used with NVidia video cards or wireless
cards intended for Windows systems) or software with questionable patent issues (such as MP3 or
most video player codecs).
Another effect of the Fedora Core/Fedora Extras approach, however, is that third-party, RPM-based
software repositories have a wider base of common software libraries and utilities to rely upon. For
example, the rpm.livna.org repository (which includes many useful software packages that
Red Hat will not distribute), depends on the Fedora Core and Fedora Extras repositories. This
cooperation among repositories helps insure that dependency problems among software packages
are kept to a minimum.
Fedora Legacy Project
In April 2004, Red Hat, Inc. officially ended support for Red Hat Linux 9, the last release of Red
Hat Linux systems. That meant that Red Hat would no longer provide errata packages or gather
bug reports for any Red Hat Linux systems. From Red Hat’s perspective, you either had to upgrade
to RHEL or upgrade to a recent Fedora release. The Fedora Legacy Project (www.fedoralegacy
.org) came up with a third possibility: Extend the lives of select Red Hat Linux and Fedora systems.
Fedora Legacy Project’s charter is to offer software patches for select Red Hat Linux and Fedora
Core systems beyond the end of life set by Red Hat, Inc. These critical fixes and security patches
are necessary for an operating system to remain stable for at least two to three years. Without this
support, companies and consultants who want to use Fedora Core to sell with their hardware or
software products can’t expect to have a stable OS to rely on for more than a few months.
As of this writing, Red Hat Linux 7.3 and 9 releases both have Fedora Legacy Project software
repositories from which you can download available critical software updates and are continuing to
be maintained. Fedora Legacy support for Red Hat Linux 7.2 and 8 has been suspended because of
lack of community support. Those who are using 7.2 and 8 are urged to upgrade to 7.3 or 9,
279
8
Part III
Choosing and Installing a Linux Distribution
respectively. (Of course, upgrades to later Fedora releases may actually be the better way to go.)
Fedora Legacy has also suspended support of Fedora Core 1 and 2, while picking up support for
Fedora Core 3 and 4.
By following a few simple steps from the Fedora Legacy download page (www.fedoralegacy
.org/download), you can use yum or apt tools to configure your system to automatically download and install selected packages. Fedora Legacy Project’s Web site provides a lot of information,
from a mailing list and IRC channel you can join to overview material you can read about the project.
Recently, the Fedora Legacy Project has received less attention than it did at first. It seems that
many people who have considered using Fedora as a mission-critical server have gone to CentOS
(www.centos.org), which is a free operating system that’s built entirely from Red Hat Enterprise
Linux source code. Those using Fedora as a server tend to use it more in situations where they
don’t mind taking down the server to upgrade as new Fedora releases become available.
Forums and Mailing Lists
Since Fedora came into existence, many individuals and organizations have rallied to support
Fedora going forward. If you want to get into the flow of the Fedora community, I recommend
starting with the Fedora Project’s own mailing lists. You can choose the Fedora mailing list that
interests you from the Red Hat Mailing Lists page (http://redhat.com/mailman/
listinfo). Start with the Fedora-list or Fedora-announce-list mailing list.
Many other Fedora resources are also available on the Web, and Appendix B includes a list of many
of them.
Fedora Comes of Age
Most people who follow Linux would agree that with Fedora Core 6, Fedora has become a strong,
viable Linux system in its own right, and not just a test release for Red Hat Enterprise Linux. While
still laying the foundation for the upcoming Red Hat Enterprise Linux 5 release, Fedora has also
added some fun and powerful features to distinguish itself from other Linux systems. Here are
some examples:
n Anaconda — As noted earlier, the Anaconda installer used with Fedora and RHEL has
received a major overhaul in the past two versions of Fedora. For some time, Anaconda
has been able to install Fedora from local media (CD/DVD) or network media (using
HTTP, NFS, or FTP), but it used to be able to install packages only from the Fedora Core
repository.
Now you can add Fedora Extras (to get great open source software that isn’t in Core) and
repositories such as rpm.livna.org (to get multimedia players, wireless drivers, and
video card drivers that don’t meet Red Hat’s licensing requirements). As a result, after
your initial install is done, all of the best Linux software, or any combination, is ready
to run.
280
Running Fedora Core and Red Hat Enterprise Linux
Anaconda is also being used as the heart of the Kadischi project. Using Kadischi, you can
run a typical Anaconda install that results in a live CD or DVD ISO image that can be
used to run Fedora live from that medium.
n Xen Virtualization — The ability to run multiple operating systems instances on one
computer is just the beginning of the promise that virtualization brings to Linux. In
today’s server computing model, often an entire server is devoted to running a particular
application that may be tied to a particular operating system. As a result, the entire computer may be underutilized if it is not a high-demand application.
With virtualization, you have the opportunity to run multiple instances, including an
entire operating system, an application, and a data combination. Those instances (called
guests) can be Linux, Windows, or any other operating system that runs on the computer
hardware. Guests operate separately from each other, and so remain secure from each
other. As demand slows or increases for a guest, it can be moved to different hardware to
make the best use of available hardware.
Red Hat, Inc. has thrown some strong development support into the Xen virtualization
software (www.xensource.com) that is included in Fedora Core 6. Tools for starting,
stopping, and otherwise managing multiple guest operating systems are all included in
the Xen version that comes with Fedora Core 6.
n AIGLX desktop eye candy — The Accelerated Indirect GLX (AIGLX) project is a cooperative effort between the Fedora community and the X.Org X Window server project. With
a video card that supports DRI and GLX (see http://fedoraproject.org/wiki/
RenderingProject/aiglx for information on supported cards), you can see some
eye-popping desktop effects.
For Fedora Core 6, the first version of Fedora to include AIGLX support, you need to use
the Compiz window manager and enable Desktop Effects (see Chapter 3 for a description).
Then you will be able to use cool desktop effects, such as workspaces on a rotating cube,
wobbling windows as they move, and tabbing through icons of running applications.
Another reason for using Fedora 6 is that it is the last Fedora produced before a new release of Red
Hat Enterprise Linux (RHEL 5). In preparing for that release, Red Hat software engineers have
made a number of improvements to Fedora relating to desktop performance and overall stability.
If Fedora is such a great product, you may wonder why someone would want to pay for Red Hat
Enterprise Linux. The major reason for using RHEL over Fedora is the promise of support behind
your critical systems. You may also need a longer period of promised support for critical fixes and
security patches than is available with Fedora.
Many people I know, especially those who like to have the latest cool bits available, use Fedora for
their personal desktop and server systems. They don’t mind upgrading every six months or so and
can accept a certain level of instability. If you have a similar aesthetic, Fedora could be an excellent
Linux distribution for you.
281
8
Part III
Choosing and Installing a Linux Distribution
Looking Forward with Fedora
After finishing Fedora Core 6 near the end of 2006, the Fedora Project began considering some big
changes in the way it does business. The biggest change under consideration is a merging of
Fedora Core and Fedora Extras repositories. That concept has prompted some of the following discussion points:
n Because the combined repositories represent a volume of software that would be too large
to effectively distribute on CDs or even a single DVD, the idea of Fedora Core might go
away completely.
n Instead of distributing Fedora Core, software would be gathered into individual software
groups for distribution. As a result, there might be separate Fedora Linux Desktop,
Fedora Linux Server, and Fedora Linux Workstation distributions.
n The software representing the combined repositories will probably have a new name.
That name might be Fedora Linux or simply Fedora.
Whether or not Fedora may end up as a bunch of focused distributions, it’s clear that the project
will create tools to make putting together Fedora in different ways much easier to do. You can also
expect the software contributions from the extended Linux community to continue to grow as well.
Installing Fedora Core
The Linux operating system Fedora Core, sponsored by Red Hat, is included on this book’s DVD.
The rest of this chapter leads you through its installation.
Before you install Fedora on your computer, ensure that your computer hardware supports it. You
should also choose a method of installing Fedora Core. Those topics are discussed in the following
sections.
Choosing Computer Hardware
Choosing your computer hardware may not really be a choice. You may just have an old PC lying
around on which you want to try Fedora. Or you may have a killer workstation with some extra
disk space and want to try Fedora out on a separate partition or whole disk. To install the PC version of Fedora (the version on the accompanying DVD) successfully, the computer must have the
following:
n Processor — The Pentium-class PC needs to be at least 200 MHz for text mode and 400
MHz Pentium II for GUI.
n RAM — You need at least 64MB of RAM to install Fedora. If you are running in graphical
mode, you need at least 192MB. The recommended RAM for graphical mode is 256MB.
282
Running Fedora Core and Red Hat Enterprise Linux
n DVD or CD drive — You need to be able to boot up the installation process from a DVD
or CD (the latter requires that you get Fedora Core installation CDs as described at
http://fedoraproject.org/wiki/Distribution/Download). If you can’t
boot from a DVD or CD, there are ways to start the installation from a hard disk or using
a PXE install, as the following section, “Choosing an Installation Method,” explains.
n Hard disk — With no preset install types in Fedora Core 6, essentially every installation
is a custom installation. Therefore, depending on which packages you choose to install,
the disk space you need can range from about 600MB (for a minimal server with no GUI
installed) to 7GB (to install all packages).
I recommend at least 2GB to 3GB if you are installing a desktop system. (The Fedora
Project recommends at least five percent of additional free space, plus any disk space you
require for user data.)
n Keyboard and monitor — You need a keyboard and monitor at least during installation.
(You can operate Fedora quite well over a LAN using either a shell interface from a network login or an X terminal.)
Although not included with this book, Fedora Core versions are available for the AMD64 architecture. Red Hat Enterprise Linux versions (which you have to purchase from Red Hat, Inc.) are available for other hardware, such as Intel Itanium, IBM PowerPC, and IBM mainframe. The Fedora
distribution that comes with this book and the installation procedures presented here are specific
to x86 architecture PCs.
Most of the software described in this book will work the same in any of those hardware environments. (Check out Fedoraproject.org for sites that offer Fedora for different computer hardware
architectures.)
NOTE
The list of hardware supported by Fedora is available from the Fedora Hardware
Compatibility list at http://fedoraproject.org/wiki/HCL.
To begin installing Fedora Core, you also need to have installed media, such as the Linux Bible 2007
Edition DVD that comes with this book (or a set of installation CDs that you obtain yourself). Also
you must either be dedicating your entire hard disk (or an added hard disk) to Linux, have a preconfigured Linux partition, or have sufficient free space on your hard disk outside any existing
Windows partition.
If you are not dedicating your whole hard disk to Fedora Core and you don’t understand
partitioning, refer to Chapter 7, which describes how to set up partitioning to allow
multiple computer operating systems to coexist on the same hard drive.
NOTE
Choosing an Installation Method
You can also install Fedora from any of several different types of media. You can still start the install
process by booting the installation DVD. After booting the install process, however, you can type
linux askmethod at the boot prompt, which offers you the choice of installing Fedora from the
following locations:
283
8
Part III
Choosing and Installing a Linux Distribution
n Local CDROM — This is the most common method of installing Fedora Core and the
one you get by typing linux and pressing Enter from the Fedora installation boot
prompt. Use this section for both DVD and CD installs. (You may need to change the
BIOS if the DVD or CD doesn’t boot.) All packages needed to complete the installation
are on the DVD that comes with this book.
n HTTP — Lets you install from a Web page address (http://).
n FTP — Lets you install from an FTP site (ftp://).
n NFS image — Allows you to install from any shared directory on another computer on
your network using the Network File System (NFS) facility.
n Hard drive — If you can place a copy of the Fedora distribution on your hard drive, you
can install it from there. (The distribution should be on a hard drive partition to which
you are not installing.)
Installing Without a Bootable CD Drive
Unlike some earlier Fedora and Red Hat Linux versions, Fedora Core 6 doesn’t support floppy disk
boot images because the Linux 2.6 kernel is too large to fit on a floppy disk. So if you don’t have a
bootable CD or DVD drive, you will need to start the install process from some other medium such
as a USB key, a PXE server, or hard drive.
Installing on Multiple Computers
If you’re installing Fedora on many computers with similar configurations, you can save yourself
some time by using the kickstart installation, which enables you to create a set of answers to the
questions Fedora Core asks you during installation.
Installation Guides
Fedora Core 6 installation guides are available in several different languages. To download a tarball
of an installation guide or simply read it online, refer to this site:
http://fedora.redhat.com/docs/install-guide/fc6/
Choosing to Install or Upgrade
Are you doing a new install or an upgrade? If you are upgrading a Fedora system to the latest version, the installation process will try to leave your data files and configuration files intact as much
as possible. This type of installation takes longer than a new install. A new install simply erases all
data on the Linux partitions (or whole hard disk) that you choose.
If you are upgrading an existing Fedora system to this release, you should consider first removing
any unwanted packages from your old Fedora system. The fewer packages to be checked during an
upgrade, the faster the upgrade installation (and the less space used).
284
Running Fedora Core and Red Hat Enterprise Linux
You can upgrade to Fedora Core 6 from previous Fedora systems. The further you are
from the current release, however, the greater the chance of something going wrong.
You cannot upgrade to Fedora Core from a Red Hat Enterprise Linux system or vice versa.
NOTE
To upgrade, you must have at least a Linux 2.0 kernel installed. With an upgrade, all of your configuration files, modified by the installer, are saved as filename.rpmsave (for example, the
hosts file is saved as hosts.rpmsave). The locations of those files, as well as other upgrade
information, is written to /tmp/upgrade.log. The upgrade installs the new kernel, any
changed software packages, and any packages that the installed packages depend on being there.
Your data files and configuration information should remain intact. By clicking the Customize box,
you can choose which packages to upgrade.
If you are installing a dual-boot system that includes a Windows operating system,
install the Windows system first and the Fedora Core system afterward. Some Windows
systems blow away the Master Boot Record (MBR), making the Fedora Core partition inaccessible.
COMING FROM
WINDOWS
If, when installing Windows or Fedora, you find that the other operating system is no longer available
on your boot screen, don’t panic and don’t immediately reinstall. You can usually recover from the
problem by booting with the Fedora emergency boot disk and then using either the grub-install
or lilo command to reinsert the proper MBR. If you are uncomfortable working in emergency
mode, seek out an expert to help you.
Red Hat provides a description of how to configure a dual-boot system at www.redhat.com/
docs/manuals/linux/RHL-9-Manual/install-guide/ch-x86-dualboot.html.
Beginning the Installation
Once you have selected the right type of installation for your needs, you can begin the installation
procedure. Throughout most of the procedure, you can click Back to make changes to earlier
screens. However, once you are warned that packages are about to be written to hard disk, there’s
no turning back. Most items that you configure can be changed after Fedora is installed.
It is quite possible that your entire hard disk is devoted to a Windows 95, 98, 2000, ME,
NT, or XP operating system, and you may want to keep much of that information after
Fedora Core is installed. While there are installation choices that let you retain existing partitions,
they don’t let you take space from existing DOS partitions without destroying them. If you like, you
can try resizing your Windows partition using the qtparted utility. You can run qtparted by booting
the KNOPPIX distribution that comes on the DVD included with this book. Just be aware that, if used
improperly, qtparted (or any disk partitioning tool) can damage or erase important data from your
hard disk.
COMING FROM
WINDOWS
Ready to install? (Have you backed up any data you want to keep safe?) Okay, then here’s what to do:
1. Insert the DVD into the DVD drive. If you are not able to boot from the DVD, obtain
an installation CD set as described earlier in this chapter and continue with this procedure by inserting the first CD into the drive.
2. Reboot your computer. If you see the Fedora installation screen, continue to the next
step.
285
8
Part III
Choosing and Installing a Linux Distribution
If you don’t see the installation screen, your DVD or CD-ROM drive may not be
bootable. You may be able to make the drive bootable, though. Here’s how: Restart the
computer. Immediately, you should see a message telling you how to go into setup, such as by pressing the F1, F2, or Del key. Enter setup and look for an option such as Boot Options or Boot From. If
the value is A: First, Then C:, change it to CD-ROM First, Then C: or something similar. Save
the changes and try to install again.
TIP
3. Boot the install procedure. At the boot prompt, press Enter to start the install in graphical mode. If your computer won’t let you install in graphical mode (16-bit color, 800 ×
600 resolution, framebuffer), refer to the “Choosing Different Install Modes” sidebar.
4. Media check. If you’re asked to check your installation media, press Enter. If the DVD is
damaged, this step saves you the trouble of getting deep into the install and then failing.
Once the DVD is checked, select Skip to continue.
5. Continue. When the welcome screen appears, click Release Notes to see information
about this version of Fedora. Click Next when you’re ready to continue.
6. Choose an installation language. Move the arrow keys to the language you want and
then select Next. (Later, you will be able to add additional languages.)
7. Choose a keyboard. Some layouts enable dead keys (on by default). Dead keys enable
you to use characters with special markings (such as circumflexes and umlauts).
8. Choose install type. Select either Install Fedora Core for a new install or Upgrade an
Existing Installation to upgrade an existing version of Fedora.
Choosing Different Install Modes
A
lthough most computers enable you to install Fedora in the default mode (graphical), there may
be times when your video card does not support that mode. Also, although the install process
detects most computer hardware, there may be times when your hard disk, Ethernet card, or other
critical piece of hardware cannot be detected and will require you to enter special information at
boot time.
The following is a list of commands that you can type at the installation boot prompt to change
installation modes to start the Fedora Core install process. You typically try these modes only if the
default mode fails (that is, if the screen is garbled or installation fails at some point). For a list of other
supported modes, refer to the /usr/share/doc/anaconda*/command-line.txt file or press
F2 to see short descriptions of some of these types.
286
Command
Description
linux text
Runs installation in a text-based mode. Do this if installation doesn’t seem
to recognize your graphics card.
linux lowres
Runs installation in 640 × 480 screen resolution for graphics cards that
can’t support the higher resolution.
Running Fedora Core and Red Hat Enterprise Linux
Command
Description
linux nofb
Turns off frame buffer.
linux noprobe
Installation won’t probe to determine your hardware; you must load any
special drivers that might be needed to install it. Normally, installation
auto-probes to determine what hardware you have on your computer.
linux mediacheck
Check your DVD or CDs before installing. Because media checking is done
next in the normal installation process, do this only to test the media on a
computer you are not installing on.
linux rescue
Boots from CD, mounts your hard disk, and lets you access useful utilities
to correct problems that are preventing your Linux system from operating
properly. (Not really an installation mode.)
linux expert
Bypasses probing so you can choose your mouse, video memory, and other
values that would otherwise be chosen for you. Use if you believe that the
installation process is not properly auto-probing your hardware.
linux askmethod
Has the installation process ask where to install from (local CD, NFS image,
FTP, HTTP, or hard disk).
linux updates
To install from an update disk.
You can add other options to the linux boot command to identify particular hardware that is not
being detected properly. For example, to specify the number of cylinders, heads, and sectors for your
hard disk (if you believe the boot process is not detecting these values properly), you can pass the
information to the kernel as follows: linux hd=720,32,64. In this example, the kernel is told that
the hard disk has 720 cylinders, 32 heads, and 64 sectors. You can find this information in the documentation that comes with your hard disk (or stamped on the hard disk itself on a sticker near the
serial number).
There are also other boot options you can add to the installation prompt to instruct the installation
boot prompt how to start the installation. Many of these options are described in Chapter 11.
9. Choose your partitioning strategy. You have the following choices related to how your
disk is partitioned for a Fedora installation:
n Remove all partitions on selected drives and create default layout — This erases
the entire contents of the hard disks you select.
n Remove Linux partitions on selected drives and create default layout — This
erases all Linux partitions, but leaves Windows partitions intact.
n Use free space on selected drives and create default layout — This works only if
you have enough free space on your hard disk that is not currently assigned to any
partition.
n Create custom layout — Select this if you want to create your own custom partitioning.
287
8
Part III
Choosing and Installing a Linux Distribution
Instead of installing to a local hard disk, you can identify an ISCSI initiator as the storage device by selecting the Advanced Storage Configuration button and entering the IP
address and ISCSI Initiator Name of the SCSI device. Once that is identified, you can use that device
for installing Fedora.
NOTE
If you have multiple hard disks, you can select which of those disks should be used for
your Fedora Core installation. If you want to configure an ISCSI device to use for the
install, select Advanced Storage Configuration. Check the Review and Modify Partitioning
Layout check box to see how Linux is choosing to partition your hard disk. Click Next to
continue.
10. Review and modify partitioning layout. If you choose to review or customize your partitioning, you will see the Disk Druid tool with your current partitioning layout displayed. You can change any of the partitions you choose provided you have at least one
root (/) partition that can hold the entire installation and one swap partition. A small
/boot partition (about 100MB) is also recommended.
The swap partition is often set to twice the size of the amount of RAM on your computer
(for example, for 128MB RAM you can use 256MB of swap). Linux uses swap space when
active processes have filled up your system’s RAM. At that point, an inactive process is
moved to swap space. You get a performance hit when the inactive process is moved to
swap and another hit when that process restarts (moves back to RAM). For example, you
might notice a delay on a busy system when you reopen a window that has been minimized for a long time.
The reason you need to have enough swap space is that when RAM and swap fill up, no
other processes can start until something closes. Bottom line: Add RAM to get better performance; add swap space if processes are failing to start. Red Hat suggests a minimum of
32MB and maximum of 2GB of swap space.
Click the Next button (and select OK to accept any changes) to continue.
11. Configure boot loader. If you had selected a custom install, you get the opportunity to
configure the boot loader. All bootable partitions and default boot loader options are displayed. By default, the install process uses the GRUB boot loader, installs the boot loader
in the master boot record of the computer, and chooses Fedora as your default operating
system to boot.
If you keep the GRUB boot loader (described in Chapter 7), you have the option of
adding a GRUB password. The password protects your system from having potentially
dangerous options sent to the kernel by someone without that password. This does not have to be the
same password you use to log in later.
NOTE
The names shown for each bootable partition will appear on the boot loader screen when
the system starts. Change a partition name by clicking it and selecting Edit. To change the
location of the boot loader, click Configure Advanced Boot Loader Options, and continue
to the next step. If you do not want to install a boot loader (because you don’t want to
change the current boot loader), click Change Boot Loader and select Do Not Install a
Boot Loader. If the defaults are okay, skip the next step.
288
Running Fedora Core and Red Hat Enterprise Linux
12. Configure advanced boot loader. If you selected to configure advanced boot loader
options, you can now choose where to store the boot loader. Select one of the following:
n Master Boot Record (MBR) — This is the preferred place for GRUB. It causes GRUB
to control the boot process for all operating systems installed on the hard disk.
n First Sector of Boot Partition — If another boot loader is being used on your computer, you can have GRUB installed on your Linux partition (first sector). This lets you
have the other boot loader refer to your GRUB boot loader to boot Fedora.
If you have multiple, bootable partitions, the Change Drive Order button is a useful feature. Select this button if you want to change the order in which hard drives are booted
from. If you have a combination of SCSI and IDE drives, this enables you to indicate that
the master boot record should go on a SCSI drive.
You can choose to add kernel parameters (which may be needed if your computer can’t
detect certain hardware). If a piece of hardware is improperly detected and preventing
your computer from booting, you can add a kernel parameter to disable it (for example,
add nousb, noscsi, nopcmcia, or noagp). You can select to use linear mode (which
was once required to boot from a partition on the disk that is above cylinder 1024, but is
now rarely needed).
13. Configure networking. This applies only to a local area network. If you will use only
dial-up networking, skip this section by clicking Next. If your computer is not yet connected to a LAN, you also should skip this section.
Network address information is assigned to your computer in two basic ways: statically
(you type it) or dynamically (a DHCP server provides that information from the network
at boot time). One Network Device appears for each network card you have installed on
your computer. The first Ethernet interface is eth0, the second is eth1, and so on. Repeat
the setup for each card by selecting each card and clicking Edit.
CROSS-REF
Chapter 5 discusses IP addresses, netmasks, and other information you need to set up
your LAN.
With the Edit Interface eth0 dialog box displayed, add the following:
n Use dynamic IP configuration (DHCP) — If your IP address is assigned automatically from a DHCP server, a check mark should appear here. With DHCP checked,
you don’t have to set IPv4 or IPv6 addresses on this page. Remove the check mark to
set your own IP address.
n Enable IPv4 support — This is the most common TCP/IP protocol version in use
today. It should be enabled in most cases.
n Enable IPv6 support — This is the upcoming TCP/IP standard, which features much
longer addresses and some built-in security features. You can enable this without conflicting with IPv4 support.
n IPv4 and IPv6 Addresses — If you are not using DHCP to get IP addresses for your
Fedora system, you can enter an IPv4 or IPv6 address here. In most cases, an IPv4
address is all that you need. If you set your own IP address, this is the four-part,
289
8
Part III
Choosing and Installing a Linux Distribution
dot-separated number that represents your computer to the network. An example of a
private IP address is 192.168.0.1. (See Chapter 5 for a more complete description of
how IP addresses are formed and how you choose them.)
In the second part of each IP address, you enter the netmask. The netmask is used to
determine which part of an IP address represents the network and which part represents a particular host computer. An example of a netmask for a Class C network is
255.255.255.0.
Click OK. Then add the following information on the main screen:
n Activate on boot — Indicate whether you want the network to start at boot time (you
probably do if you have a LAN).
n Set the hostname — The name identifying your computer within your domain. For
example, if your computer were named “baskets” in the handsonhistory.com
domain, your full hostname may be baskets.handsonhistory.com. You can
either set the domain name yourself (manually) or have it assigned automatically, if
that information is being assigned by a DHCP server (automatically via DHCP).
n Gateway — The IP number of the computer that acts as a gateway to networks outside your LAN. This typically represents a host computer or router that routes packets
between your LAN and the Internet.
n Primary DNS — The IP address of the host that translates requested computer names
into IP addresses. It is referred to as a Domain Name System (DNS) server. If the first
name server can’t be reached, you may also have a Secondary name server. (Most ISPs
will give you two DNS server addresses.)
Click Next to continue.
14. Choose a time zone. Select the time zone. Either click a spot on the map or choose from
the drop-down box. Before you click your exact location on the map, click on the area of
the map that includes your continent. Then select the specific city. You can click “System
clock uses UTC” to have your computer use Coordinated Universal Time (also known as
Greenwich Mean Time). With multiple operating systems installed, you might want to
uncheck this box because some operating systems expect the BIOS to be set to local time.
15. Set root password. The root password provides complete control of your Fedora system.
Without it, and before you add other users, you will have no access to your own system.
Enter the password, and then type it again in the Confirm box. (Remember the root user’s
password and keep it confidential! Don’t lose it!) Click Next to continue.
If you are enabling Security Enhanced Linux (SELinux) on your computer, the security
structure of your computer changes. The root user may no longer have complete control
of the computer. Instead, there may be policies set that prevent any one user from having complete
control.
NOTE
16. Install Classes. For a new install, the installer automatically selects a set of basic software
to install. In addition to that set, you can choose one or more of the following groups of
software, referred to as tasks. For each of these installation tasks, you have the opportunity to install a set of preset packages or customize that set.
290
Running Fedora Core and Red Hat Enterprise Linux
n Office and Productivity — Installs software appropriate for a home or office personal
computer or laptop computer. This includes the GNOME desktop (no KDE) and various desktop-related tools (word processors, Internet tools, and so on). Server tools,
software development tools, and many system administration tools are not installed.
n Software Development — Similar to an Office and Productivity installation but adds
tools for system administration and software development. (Server software is not
installed.)
n Web Server — Installs the software packages that you would typically need for a
Linux Web server (in particular, Apache Web server and print server). It does not
include many other server types by default (FTP, DHCP, mail, DNS, FTP, SQL, or news
servers). The default server install also includes a GUI (GNOME only).
Unlike previous versions of Fedora Core, this version does not offer an Everything install
type or a Minimal install type. Select the install classes you want, and then you can
choose Customize Now (see Step 19) to see the packages to be installed (based on install
categories and package groups). Unselecting the major categories can get you a pretty
good minimal install, if you like to build from a bare-bones install.
17. Add software repositories. A new feature in Fedora Core 6 lets you select software
repositories outside of Fedora Core from which you can select packages to install during
the initial Fedora installation. To use this feature, you need an active Internet connection.
Select the “Add additional software repositories” button to establish an Internet connection and to see the Add Repository pop-up shown in Figure 8.1.
FIGURE 8.1
Add remote software repositories to install more software packages during Fedora
installation.
291
8
Part III
Choosing and Installing a Linux Distribution
For example, to use the RPM.livna.org repository to install many multimedia applications
and video drivers, you could enter livna as the repository name and http://
rpm.livna.org/fedora/6/i386 as the repository URL. Then select the Add repository button to be able to add packages from that repository to your installation.
18. Customize Now. Select the Customize Now button after selecting the task (or tasks) you
want to install. This lets you see which categories from each task and which packages
within those categories are selected to be installed. It also lets you add or remove package
selections. Note that packages from multiple repositories can appear in the same category
(for example, you would see games from both Fedora Core and Fedora Extras packages
appearing in the Games category).
You are presented with categories of software on the left side of the screen and package
groups on the right side.
19. Choose optional packages. Select a category to see which groups it contains. Select a
group and click the Optional packages to see which optional packages are available in
that group and which are selected to be installed. Categories include:
n Desktop Environments — The GNOME desktop environment is selected by default.
KDE and XFCE are the other available desktop environment. (GNOME and KDE are
described in Chapter 3.)
n Applications — This category includes packages of office applications, games, sound
and video players, Internet tools, and other applications.
n Development — General and specialized software development tools are included in
packages in this category.
n Servers — Packages in this category are for Web, mail, FTP, database, and a variety of
other network server types.
n Base System — Contains basic system administration tools, many common utilities,
and support for basic system features (such as X Window System, Java, and Legacy
software support).
n Languages — Packages containing support for multiple languages are contained in
this category.
After you have chosen the packages you want to install, select Next to continue. The
installer will take some time to check for dependencies among the packages you selected.
20. Decide to Install. You can still back out now, and the disk will not have changed. Click
Next to proceed. (To quit without changes, eject the DVD and restart the computer.) Now
the file systems are created and the packages are installed. This typically takes from 20 to
60 minutes to complete, although it can take much longer on older computers.
If you are using the DVD, you do not need to change media. If you are installing from the
five-CD set, you are prompted to insert additional installation CDs as they are needed.
21. Finish installing. When you see the Congratulations screen, you are done. Note the
links to Fedora Core information, eject the CD, and click Exit.
292
Running Fedora Core and Red Hat Enterprise Linux
22. Your computer restarts. If you installed GRUB, you will see a graphical boot screen that
displays the bootable partitions. Press the up or down arrow key to choose the partition
you want to boot, and press Enter. If Linux is the default partition, you can simply wait a
few moments and it boots automatically.
The first time your system boots after installation, the Fedora Setup Agent runs to do some initial
configuration of your system. The next section explains how Fedora Setup Agent works.
Running the Fedora Setup Agent
The first time you boot Fedora Core after it is installed, the Fedora Setup Agent runs to configure
some initial settings for your computer.
The Fedora Setup Agent runs automatically only if you have configured Fedora to boot
to a graphical login prompt. To start it from a text login, log in as root and switch to init
state 5 temporarily (type init 5). Log in to the graphical prompt. From a Terminal window, as root
user, type
NOTE
# rm /etc/sysconfig/firstboot
# /usr/sbin/firstboot
The Welcome screen displays. From it, step through screens to read (and agree to) the license, configure a firewall, configure SELinux, set the date and time, create a regular user, and configure your
sound card. Click the Finish button and you are ready to login to Fedora.
Summary
Since leaving its well-known Red Hat Linux name behind, Red Hat, Inc. focused its development
efforts into the free Fedora Project and commercial Red Hat Enterprise Linux. In the past few
releases, Fedora is emerging as an exceptional distribution in its own right, with new features such
as Xen virtualization, AIGLX video hardware acceleration, and powerful extensions to its Anaconda
installer.
Fedora and Red Hat Enterprise Linux distributions distinguish themselves from other Linux distributions with their simplified installer (called Anaconda), graphical configuration tools, and RPM
Package Management tools. Fedora Core is freely available, whereas Red Hat Enterprise Linux is
available on a paid subscription basis.
Fedora Core is included on the DVD that comes with this book. You can install the complete
Fedora distribution by following the detailed instructions included in this chapter.
293
8
Running Debian GNU/Linux
D
ebian GNU/Linux is a creation of the Debian Project. Founded in
1993 by Ian Murdock, the Debian Project is an association of individuals who have made a common cause to create a free, coherent,
and complete operating system.
IN THIS CHAPTER
Inside Debian
Installing Debian
A single Debian GNU/Linux network install CD image is
ON the CD-ROM contained on the CD that comes with this book. You can
install Debian directly from that CD as described in this chapter. This installation is suitable for setting up a Web server (LAMP server) and a mail server (see
Chapters 24 and 25, respectively).
The principles of the Debian Project are defined in the Debian Social
Contract. This contract is a commitment to the free software community that
basically states:
n All software within the Debian system will remain free, as defined
in the Debian Free Software Guidelines (DFSG).
n The Debian Project will contribute to the free software community
by licensing any software developed for the Debian system in
accordance with the DFSG, developing the best system it can, and
by sharing improvements and fixes with the original developers of
any programs incorporated into Debian GNU/Linux.
n Problems will not be hidden from users, and any bug reports filed
against Debian components will be made promptly available to the
public through the Debian Bug Tracking System (BTS).
n The Debian Project will focus on the needs of its users and on the
principles of free software.
295
Managing your Debian system
Part III
Choosing and Installing a Linux Distribution
n Provisions will be made for the support of programs that do not meet the standards in the
DFSG because some users may depend on these programs to make effective use of the
system. The bug tracking and support systems will always include mechanisms for handling these programs when they are provided with the Debian system.
Debian’s commitment to free software distribution and openness has earned it a huge following in
the technical community. More than any other Linux system, Debian has been used as the basis for
other Linux distributions, including KNOPPIX, Ubuntu, Damn Small Linux and many others.
The success of Debian has come despite the lack of large corporate sponsors, formal enterprise initiatives, or official certification and training programs. Debian enthusiasts will tell you that it is the
most stable and reliable Linux system. It is thoroughly tested, and new versions aren’t released
until the Debian leadership believes that software is extraordinarily stable.
Inside Debian GNU/Linux
As with most modern operating systems, software programs in Debian GNU/Linux are bundled
into packages for easy distribution and management. The package format and management tools
used in Debian GNU/Linux were created by the Debian Project and are arguably the most sophisticated of their type. Additionally, careful adherence to packaging policies and quality-control measures ensure compatibility and help make upgrades go smoothly. Debian is one of the operating
system distributions in which all components (except the kernel) can be upgraded without rebooting the system.
Debian Packages
Debian packages come in two forms: binary and source. Binary packages contain files that can be
extracted directly onto the system by the package management tools. Source packages contain
source code and build instructions that the Debian build tools use to create binary packages.
In addition to programs and their associated data files, Debian packages contain control data that
enable the package management tools to support advanced features:
n A main control file contains version and package interrelationship data. The version
can be compared to an installed version of the same package to determine whether an
upgrade is needed. The interrelationship data tell the package management tools which
packages must or cannot be installed at the same time as the package.
Package interrelationship fields include Depends, Conflicts, Replaces, Provides,
Recommends, Suggests, and Enhances. For a complete list of control file fields, see
http://debian.org/doc/debian-policy/ch-controlfields.html.
NOTE
n Optional preinst, postinst, prerm, and postrm files can instruct the package
management tools to perform functions before or after package installation or removal.
296
Running Debian GNU/Linux
For example, most packages containing daemons (such as Apache HTTPD) include a
postinst script that starts the daemon automatically after installation.
n A conffiles file can designate specific files in the package as configuration files, which
are not automatically overwritten during upgrades. By default, all files under the /etc/
directory are configuration files.
Two special package types, meta and virtual, also exist. Meta packages are standard binary packages that do not contain any files, but depend on a number of other packages. Installation of a
meta package results in the automatic installation of all packages that they depend on. These can
be used as a convenient method for installing a set of related packages.
Virtual packages do not actually exist as files but can be referenced in the package interrelationship
fields. They are most commonly used in cases where more than one package fulfills a specific
requirement. Packages with this requirement can reference the virtual package in their Depends
field, and packages that satisfy this dependency reference it in their Provides field.
Because most programs providing a virtual package are mutually exclusive, they also include the
virtual package in their Conflicts field to prevent the installation of conflicting packages. An
example of this is the mail-transport-agent virtual package, which is required by most system programs in order to send mail.
NOTE
An easy way to browse the list of available packages is through the Debian Web site at
www.debian.org/distrib/packages.
Debian Package Management Tools
Perhaps the most interesting and well-known part of the Debian package management system is
APT, the Advanced Package Tool. APT, through the apt-get utility, maintains a database of packages available in the repositories that it is configured to check and can handle automatically downloading new or upgraded packages.
When installing or upgrading packages, APT downloads the necessary files to a local cache directory and then instructs the dpkg tool to take the appropriate actions. Among other things, this
allows the user to select programs for addition or removal without having to manually instruct the
system to handle any package dependencies.
Most basic package management functions are performed by dpkg, although not always at the
direct request of the user. This tool handles medium-level package installation and removal and
also manages the package status database. That database contains information about every package
known to dpkg, including the package meta information and two other important fields: the package state and selection state.
NOTE
More information about how to determine the state of a package can be found in the
“Querying the Package Database” section of this chapter.
297
9
Part III
Choosing and Installing a Linux Distribution
As its name suggests, the package state indicates the present state of the package, which is one of
the following:
n not-installed — The package is known but is not installed on the system.
n half-installed — An attempt was made to install the package, but an error prevented it
from finishing.
n unpacked — The files have been extracted from the package, but any post-extract configuration steps have not yet been performed.
n half-configured — The post-extract configuration was started, but an error prevented it
from finishing.
n installed — The package is fully installed and configured.
n config-files — The package was removed, but the configuration files still exist on the
system.
If you have manually removed a configuration file and want to get it back by reinstalling
the package, you can do so by passing the --force-confmiss option to dpkg.
Doing so will not overwrite the other configuration files for that package. If you want to start over
with all of the original configuration files, you can also pass the --force-confnew option.
NOTE
The package selection state indicates what state you want the package to be in. Changes to package
status through dpkg happen immediately when using the --install, --remove, and --purge
options on a package, but other uses and tools will instead set this flag and then process any pending changes in a batch. The package selection state is one of the following:
n install — The package should be installed.
n deinstall — The package files should be removed, with the exception of configuration
files.
n purge — All package files and configuration files should be removed.
n hold — dpkg should not do anything with the package unless explicitly told to do so
with the --force-hold argument.
Some packages are designed to enable you to select configuration options as they are being
installed. This configuration is managed through the debconf utility. Debconf supports a number of
different interfaces, including a command prompt and a menu-based interface. A database of configuration options is also maintained by debconf, allowing it to automatically answer repeated
questions, such as those you might encounter while upgrading or reinstalling a package.
Examples of how to use these utilities are included in the “Managing Your Debian System” section
later in this chapter.
298
Running Debian GNU/Linux
Debian Releases
In Debian terms, a distribution is a collection of specific package versions. From time to time, a
distribution is declared ready for release and becomes a release. In practice, these two terms are
often used interchangeably when referring to Debian distributions that have reached the “stable”
milestone.
Debian distributions are given code names (recent ones include potato, woody, and sarge, named
for characters in the movie Toy Story) to identify their archive directory on the Debian servers.
While a particular distribution release is active, it will be referenced by one of three release tags,
each one pointing to one of the three active releases. The tags — unstable, testing, and stable —
identify the state of the release within the release cycle. At the time of this writing, the current stable release is Sarge, and the testing release is Etch. The unstable release is special in that it is always
named Sid (after the kid who broke all the toys).
New packages, and new versions of packages, are uploaded to the Debian archive and are imported
into the unstable distribution. This distribution always contains the newest version of every package, which means that changes have not yet been thoroughly tested to verify that installing them
will not cause unexpected behavior.
Once a package has been assigned to the unstable area for a few days and testing shows that it has
not had any significant bugs filed against it, it is imported into the testing distribution. The testing
distribution remains open to changes (just as the unstable area was) until it is frozen in preparation
for release as the next stable distribution. When testing is in the frozen state, only changes necessary to fix significant bugs are imported.
After all release-critical bugs have been fixed in the frozen testing distribution, the release manager
declares the release ready and it replaces the stable distribution. The previous stable version
becomes obsolete (but remains on the Debian archive for a reasonable period of time), a new testing distribution is created from the changes that went into packages in the unstable area while testing was frozen, and the process begins again.
Getting Help with Debian
The Debian project has a mature set of resources to support those who use, administer, and
develop software for Debian systems. A place to begin learning more about Debian is from the
Debian Support page (www.debian.org/support). Here are some of the resources you can
connect to from that page:
n Documentation (www.debian.org/doc) — From this page, you can find links to
both Debian-specific and general Linux documentation. For specific Debian information,
refer to the Release Notes, Installation Guide Debian GNU/Linux FAQ, and various user,
administrator, and programming manuals. General Linux information includes manuals
HOWTOs and FAQs.
299
9
Part III
Choosing and Installing a Linux Distribution
n Mailing lists (www.debian.org/MailingLists) — Ways of accessing (and behaving on) Debian mailing list are described on this page. A complete listing of the more
than 200 Debian mailing lists is available from http://lists.debian.org/
completeindex.html.
n Bug tracking (www.debian.org/Bugs) — If you are interested in following the bug
tracking system for Debian, links from the support page can take you to the Bug Tracking
System site. If you are having problems with any Debian software, you can search that
site for bug reports and file a bug report, if your bug was not yet reported.
n Help (www.debianhelp.org) — This site offers connections to a range of information
about Debian. In particular, you can find Debian forums from this site, containing literally thousands of posts. The Debian User Forums site (http://forums.debian.net)
is another place you can go to post questions about Debian.
If you are interested in becoming a Debian developer, start at the Debian Developers’ Corner
(www.debian.org/devel). That site acts as a guide to ways in which you can enter the Debian
development community. There are Debian developers all over the world. The largest concentrations of Debian developers are in Europe and the United States, as you can see from the Debian
Developer Location map (www.debian.org/devel/developers.loc).
Installing Debian GNU/Linux
The Debian CD image included with this book contains the most commonly used packages in the
Debian system. Additional packages can be downloaded and installed from the Internet after the
base system has been installed and an Internet connection established. For information about how
to obtain additional Debian packages on CD or DVD, see www.debian.org/distrib/.
Hardware Requirements and Installation Planning
To run Debian, you need at least a 386 processor and 32MB of RAM. For a server or a graphical
workstation (running the X Window System), you should plan on having at least 128MB of memory and a Pentium-class processor.
A minimal set of packages requires 250MB of disk space, and a normal installation of desktop
applications can require a few gigabytes. Additional space will be needed to store any data files that
you want to keep on the system.
Most ISA and PCI network cards are supported under Linux, although ISA models are not usually
detected automatically by the installer. Inexpensive cards based on RealTek 8139 chipsets can be
found at most PC dealers and will work fine for low-demand applications. Intel PRO/100 and
PRO/1000 adapters are supported in Linux and will work well in high-demand applications, as
will cards based on the “tulip” chipsets and most 3com network cards.
300
Running Debian GNU/Linux
Many newer systems include software-based modems that are not supported by the manufacturer
under Linux. If you require a dial-up connection for Internet access, see Chapter 5 and check out
http://tldp.org/HOWTO/Modem-HOWTO-2.html before you start the installation process.
Many other devices, such as sound and video capture cards, can also be used under Linux. For
more information about hardware compatibility, see the Hardware Compatibility HOWTO at
http://tldp.org/HOWTO/Hardware-HOWTO/.
Workstations
In most cases, workstation users will want to run the X Window System (X11). The ability to run
X11 depends on compatibility with the video chipset on your video card or mainboard. Debian 3.1
includes version 4.3.0 of the XFree86 X11 System. You can find a list of video chipsets supported
in this release at http://xfree86.org/4.3.0/.
Servers
A Linux server installation generally consists of only the minimum set of packages required to provide the service for which it was designed. In particular, this means that servers do not usually
have a graphical interface installed.
Server hardware is generally more expensive than workstation hardware, although you can still run
smaller servers on less-expensive desktop hardware. If you are planning to store important data on
your server, you will want to look into a RAID array for storage. A number of inexpensive ATA
RAID controllers work well under Linux.
More information about ATA RAID compatibility is available at the following
sites: http://linuxmafia.com/faq/Hardware/sata.html and
http://ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/
Hardware-HOWTO.html#IDERAID.
NOTE
Higher-end servers will, of course, require more expensive hardware. In applications such as mail
servers where you will have a lot of disk activity, plan on splitting the disk-intensive tasks across
multiple arrays. When it comes to CPU and RAM, more of both is good, but most applications
benefit more from extra RAM than they do from multiple CPUs.
Running the Installer
The Debian installation process consists of two stages. The first stage is used to establish the base
Debian installation on your hard drive. The second stage boots the newly installed Debian system
and performs additional installation and configuration tasks.
Before you begin installing Debian to your hard disk, be sure to back up any data that is
important to you. A simple mistake during partitioning can result in losing some or all of
your data. Refer to Chapter 7 for information on disk partitioning. It can help you decide how to
divide up your hard disk or even resize existing disk partitions to make room for the new Debian
installation.
CAUTION
301
9
Part III
Choosing and Installing a Linux Distribution
Stage 1
The first stage boots from the installation medium (generally a CD); configures hardware drivers,
disk partitions, and file systems; and then copies a set of essential packages known as the base system. Here’s the procedure if you’re using a CD created from the CD image included with this book:
1. Boot the CD that comes with this book and type linux from the boot prompt to begin the
Debian installer.
Some systems may require special parameters in order to boot. Other options are also
available, such as the option to use a Linux kernel from the 2.6 series. Press F1 at the
boot: prompt for more information.
NOTE
2. After the installer has finished booting, you are presented with the series of menus that
make up the installation process. Use the arrow keys to navigate through the menus and
select your language, region, and keyboard mapping.
3. Configure the network connection. This step is skipped automatically if no network card
is detected in your system.
If a network card is detected in your system, the installer will attempt to automatically
detect the network using the DHCP protocol. This involves the computer sending out
requests on the network for configuration details from a DHCP server. Most networks
and broadband routers support this service.
If the DHCP configuration fails, you will be presented with four options:
n retry — Select this option if you suspect that there was a temporary problem that prevented your computer from communicating with the DHCP server.
n retry with hostname — Select this option if your network provider requires you to
enter a DHCP hostname. This used to be common on cable modem networks, but is
rarely seen anymore.
n manual configuration — Select this option if you have static IP address information
that must be entered for your Internet connection.
CROSS-REF
See Chapter 5 for information about IP addresses, network masks, and other material
related to setting up a network card connection.
n do not configure at this time — Select this option if you do not have an Internet connection, are using a dial-up connection, or have a broadband connection that requires
the use of PPPoE. In the latter two cases, you’ll want to establish the connection at the
point that it is noted during stage 2 of the installation.
4. Provide a host name (a single-word name that you give to your system, such as debian,
littlebeigebox, or yoda) and a domain name. If you do not have your own domain
name, you can make one up, such as myhouse.local.
5. You will next be asked to configure your disk partitions for Debian. If you haven’t already
done so, read Chapter 7 for more information about partitioning.
302
Running Debian GNU/Linux
If you already have partitions on your drive and have room for more, you are given the
option to use this space for your Debian system. Another option is to erase the entire disk
and use the whole thing for Debian. Either of these two options takes you through the
guided partitioning, which is covered in this section.
A third option, manually editing the partition, enables you to be more exacting about
your partition setup, but you should not try this without help or at least without reading
Chapter 7.
The guided partitioning section presents three partitioning schemes. Each of the options
includes a suitable amount of swap space but has different benefits based on your situation. You must select one from the list before you proceed. See the “Selecting a Partition
Scheme” sidebar for more information.
When installing to small disk drives (those under a few gigabytes in size), you should use
ext2 file systems instead of ext3. The journaling feature in ext3 requires that a portion of
the disk be set aside for the journal, but the feature is of limited usefulness on small file systems. You
can change file system types by going into the partition properties. To do this, highlight the partition
using the arrow keys and press Enter.
NOTE
CAUTION
The next step will modify the contents of your hard disk. Check your partition settings
carefully before proceeding.
6. With your partition configuration chosen, select Finish Partitioning and Write Changes to
Disk. This is your last chance to cancel changes that could cause damage to any other
operating systems you may have on the disk, so check the screen carefully before
proceeding!
The installer writes the partitions to disk and creates the necessary file systems. After they
have been prepared and mounted, the Debian base system is extracted from the CD and
installed to the target partitions.
7. The final step is to install GRUB, the boot loader. The default setting is to install to the
master boot record (MBR), which is generally the best option. Accept the defaults and
continue. The installer ejects the CD and prompts you to proceed with stage 2.
8. Remove the CD and press Enter to continue.
Stage 2
The second stage boots from the newly installed packages and completes the configuration.
1. Your computer should reset on its own, and boot to the GRUB menu. GRUB should have
already highlighted the default entry for Debian, so press Enter (or wait for the timeout)
and give the system a few moments to boot. Then press Enter when the Debian
Configuration screen appears.
2. You are asked whether your system clock is set to GMT. Select Yes only if your computer
will not be running any other operating systems. Then select your time zone from a list.
303
9
Part III
Choosing and Installing a Linux Distribution
Selecting a Partition Scheme
T
he guided partitioning feature allows you to select one of three templates to use to create your
partitions. Use these guidelines to select the template that is correct for you.
n All files in one partition — Makes a single Linux partition for files. This is the easiest
option to manage because you don’t have to worry about balancing the sizes of your partitions. This can also be dangerous because users have the capability to fill up the entire
disk, which can cause problems for the operating system. Do not use this option unless
you are prepared to monitor disk space carefully.
n Desktop machine — Gives the operating system its own space and gives home directories
their own space. This option is a good trade-off between the convenience of a single partition and the increased safety of the multiuser scheme. However, the /tmp/ directory is
still part of the operating system partition, meaning that it is still fairly easy for people
who habitually use that directory to fill up the operating system partition.
n Multi-user system — Creates separate partitions for the root file system, /usr/, /var/,
/tmp/, and /home/. You can choose this option when you are using this system as a
server. It may also be a good choice for systems that will be used by more than just you,
your relatives, and your close friends. The trade-off is that you may run out of room on a
given partition even though the others have plenty of space, which means that you will
need to plan carefully.
In some situations, you may need to adjust the partition sizes selected by the multiuser partitioning
scheme to put more room where you are likely to need it:
n If you are planning to compile a lot of large software packages, you’ll need to have plenty
of space in the /usr/ partition.
n Active servers (especially Web and mail servers) may need extra room in /var/ for log
files. Mail servers also use this space for the mail queue, and the default mail system also
stores incoming mail here (you may also want to consider making /var/mail/ a separate partition in these cases).
n Web browsers such as Mozilla use /tmp/ for storing files while they are downloaded.
This file system must be big enough to hold any large files that you want to download
through there, plus any other files that may be there at the same time.
Note that with the multiuser partitioning scheme, the /home/ partition generally ends up receiving
most of the space on larger disks. This usually makes it a good place to “borrow” space from when
you want to make other partitions larger. However, because partman (the partitioning tool used by
the Debian installer) has already mapped out the partitions, you actually need to delete /home/ and
then re-add it after you increase the size of the other partition. If there are other partitions between
/home/ and the one that you are increasing in size, you also need to delete them, and then add
them back in an appropriate order.
304
Running Debian GNU/Linux
3. The base system includes an empty password for the root (superuser) account, which
means that you want to set one here. Select a password that you will remember but that
others will not be able to guess easily.
4. Add a non-administrative account that you can use for your day-to-day tasks on the
server. Enter your name, your desired username (this should not contain any spaces or
punctuation other than dashes, must not start with a number, and is generally all in lowercase), and a password for this account. If you have more users to add, you can do so
later, as described in Chapter 4.
5. If a network connection was not configured during stage 1, you will be given the chance
to configure a dial-up PPP connection to an Internet service provider. This is performed
using the pppconfig program, which is explained in further detail in the “Dial-Up PPP
Connections” section later in this chapter. Keep in mind that the system will try to dialup once this step has completed.
If you’re using a broadband connection that requires PPPoE, press Alt+F2, log in as root,
and run the pppoeconf program.
You can still finish the system installation if you are unable to connect to the Internet at
this time. However, you may later need to manually edit your APT sources list (as
described in the “Package Management Using APT” section in this chapter) before all of
the packages that you want are available for easy installation.
6. Select the installation medium that you want to use to install the remainder of the system.
Insert your installation CD in the drive, select cdrom from the list, and press Enter. It
takes a few moments to retrieve the list of packages available on the CD.
7. You will be given the opportunity to have the installer check for packages on additional
CDs. If you have any other Debian CDs for this release, you can use them here.
Because the Debian CD image included with this book is the network install image, the
CD itself will provide software for installing only a minimal Debian system. You will
need a network connection or other Debian software CDs to install, for example, a full desktop system or the LAMP and mail servers described in Chapters 24 and 25.
NOTE
8. You have the option of adding another APT source. If you have an Internet connection
and want to have the installer check for updated packages, choose either the HTTP or
FTP methods (HTTP is recommended), and then select a country and a mirror server
from the list. You are prompted for any HTTP proxy configuration, which may be necessary on some corporate or school networks. If you aren’t sure, check with your support
desk. If it does not apply, just leave it empty. APT retrieves a list of packages from the site
that you selected.
9. The installer attempts to retrieve a list of security updates from the Debian security
archive. This step will fail if you do not have an Internet connection, but you can still finish the rest of the installation.
10. You are presented with a list of predefined package sets (known as tasks) that you can
select for installation. Package installation is covered in greater detail later, so I recommend that you do not select any tasks from this list now. Use the tab key to get to the
OK button.
305
9
Part III
Choosing and Installing a Linux Distribution
11. APT downloads any updated packages (this could take quite a while, depending on available updates and your connection speed), and debconf prompts you to configure any
packages that are in the half-installed state. If at any time you are uncertain about which
option to select, you can probably stick with the default.
12. Assuming that you did not select any tasks, the only package needing configuration is the
Exim mail transfer agent. The configuration questions that are asked during this stage
may vary. When in doubt, use the default settings.
When the Configuring Exim screen appears, you choose from a list of default configurations; here are the most likely options:
n internet site; mail is sent and received directly using SMTP — This option configures your server to accept incoming mail and to deliver outgoing mail directly to the
servers for the recipient domain. This configuration is useful if you are running a simple mail server or if you are using mutt or pine to check your mail locally.
n mail sent by smarthost; received via SMTP or fetchmail — This option is almost
identical to the previous option, except you will be prompted to enter a server that all
outgoing mail will be sent through. This option may be necessary if the ability to connect directly to outside mail servers is prohibited on your network.
n local delivery only; not on a network — Select this option if you do not need locally
generated messages to be sent to a central mail host for processing. Your system will
not be configured with the capability to send messages, but this configuration still
enables you to send and receive mail using programs such as Mozilla Mail and News,
Mozilla Thunderbird, Evolution, and Sylpheed that include built-in support for sending messages using the SMTP protocol. This is also the option you want if you will
soon be setting up this system to act as a mail server based on the instructions in
Chapter 25.
Enter the mail name for this system (the default is generally what you want), and choose
the user to whom you want system messages to go. In most cases, you want to select the
user account that was added earlier.
You now have a fully functional Debian GNU/Linux system. The server does not yet have any extra
packages installed but is ready to be used for the LAMP and mail server examples in this book
(which you can find in Chapters 24 and 25, respectively). There’s no graphical interface installed
yet, which means that all interaction will be through the command line. Take some time, as
needed, to browse through Chapter 2 and familiarize yourself with the command line before continuing with the next section.
NOTE
306
You can find a complete desktop in the desktop task. See the “Installing Package Sets
(Tasks) with Tasksel” section later in the chapter for more information.
Running Debian GNU/Linux
Managing Your Debian System
Some of the basic tasks that you may encounter while running Debian GNU/Linux include package
installation, configuration, and removal, as well as handling some special situations that you may
come across.
All these steps require that you be logged in as the superuser (root). If you have just finished
installing the system, you can log in as root from the login prompt.
Configuring Network Connections
Debian includes a set of tools for managing most types of network interfaces, including Ethernet,
PPP, wireless, and even ATM. You may find that you need to add or change network settings after
the system has been installed.
IP Networks: Ethernet and Wireless
On Debian systems, standard network connections are configured in the
/etc/network/interfaces file. If you have a network card configured to obtain an IP address
automatically, this file will look like this:
# This file describes the network interfaces available on
# your system and how to activate them. For more information,
# see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
CAUTION
Do not modify the loopback entry unless you are absolutely certain that you know
what you are doing.
In some cases, such as when the system will be acting as a server, you want to configure your network interface with a fixed IP address. To do so, edit /etc/network/interfaces and replace
the iface eth0 inet dhcp line. Use the following block as a template, replacing the parameters
with the correct settings for your network:
iface eth0 inet static
address 192.168.1.220
netmask 255.255.255.0
gateway 192.168.1.1
NOTE
You can obtain IP network settings from your ISP or network administrator.
307
9
Part III
Choosing and Installing a Linux Distribution
Wireless interfaces can also be configured using the interfaces file but require that the wirelesstools package be installed. Use dpkg or apt-get to install the wireless-tools package. Then add
the necessary parameters to the entry for your wireless network interface. This example shows the
settings for a wireless network with an access point (managed mode) set to the ESSID Home, and
operating on channel 11:
iface eth0 inet dhcp
wireless_essid Home
wireless_mode Managed
wireless_channel 11
If your wireless network is using encryption, you will need to specify a wireless_key
parameter. You can find a complete list of wireless options in the iwconfig man page
and /usr/share/doc/wireless-tools/README.Debian.
NOTE
Dial-Up PPP Connections
Dial-up connections can be managed using the pppconfig utility. Simply run pppconfig, and
you are provided with a menu from which you can create, modify, and delete dial-up connections.
If you have not created a connection yet, you will want to select that option from the menu.
Otherwise, you can edit your existing connections instead.
The pppconfig utility will ask a number of questions during the connection creation process. Start
by selecting “Create a connection,” and then enter the following information as prompted:
1. Provider name — Enter any name you like to identify this connection. For the dial-up
entry to your primary ISP, you can simply leave the name provider as the Provider name.
2. DNS server configuration method — Here you can configure the connection to static
DNS servers if needed. This is probably not necessary unless your service provider
included the DNS server information in the information that it provided about the connection. If you aren’t certain, select Dynamic DNS and change it later if needed.
3. Authentication method — This is the method that your computer will use to identify
itself to the dial-up server. PAP is the most commonly used protocol, and some systems
also support CHAP. The CHAP option should be used if the dial-up servers use text
prompts to ask for the username and password. If in doubt, select PAP.
4. User name and password — Enter the username and password that will be recognized
by the dial-up server.
5. Speed — This is the speed that your computer and your modem will communicate with
one another. In most cases, this should be set to 115200.
6. Dialing method — If your telephone system requires pulse dialing, you can configure
that here.
7. Phone number — Enter the number that you need to dial in order to reach the dial-up
server, including any area codes and other codes that may be needed. For instance, if you
have to dial 9 in order to reach an outside line, use 9,<number to dial>. The comma tells
your modem to pause before continuing the dialing process. You may also enter the appropriate numbers for disabling features such as call waiting through your telephone service.
308
Running Debian GNU/Linux
8. Modem configuration method — Here, you can have pppconfig attempt to automatically find the port that your modem is on. If a modem is not found, you will then be
given the chance to enter the path to the modem device. More information about what to
enter here can be found in the “Identifying and Configuring Your Modem” sidebar later in
this chapter.
Save your settings by selecting Finished from the menu, and then exit the pppconfig
utility.
Dial a connection by using the pon command, by replacing peer with the name you assigned to
your connection, or by leaving it out if your connection is named provider:
# pon peer
You can disconnect using the poff command and can view logs (for diagnosing problems or
determining status) using the plog command. The user that was created during the base system
configuration will automatically have access to run these commands. Any other users who need to
run them will need to be added to the dialout group through the use of the gpasswd utility:
# gpasswd -a <username> dialout
Identifying and Configuring Your Modem
I
f your modem is not automatically on COM1, 2, 3, or 4, you may need to perform some additional
configuration steps before it can be used for PPP connections. Plug-and-play and PCI modems are
often found on higher ports such as ttyS4 (“COM5”). This information can often be found in the output from the dmesg utility. If you reached this point from stage 2 of the install, you can get to a
prompt by pressing Alt+F2 and logging in as root.
# dmesg | grep tty
ttyS00 at 0x03f8 (irq = 4) is a 16550A
ttyS04 at port 0xa800 (irq = 5) is a 16550A
In this case, ttyS00 is the on-board serial port (most PC motherboards have at least one of these) and
ttyS04 is probably the modem. If you have several serial ports showing up, you can create devices
for all of them (as shown following) and try them until you find your modem.
The system includes only ttyS0 through ttyS3 by default, so this device will need to be created using
the MAKEDEV command. When running MAKEDEV, you will need to leave out any leading zeros in
the device number. In this example, ttyS04 becomes ttyS4:
# (cd /dev && sh MAKEDEV ttyS4)
If you reached this point while performing stage 2 of the install, you can get back to the install menu
by pressing Alt+F1.
See Chapter 5 for more information on using modems to get on the Internet.
309
9
Part III
Choosing and Installing a Linux Distribution
PPPoE Connections
Some DSL and cable modem providers require that you use PPPoE (PPP over Ethernet) to connect
to their systems. PPPoE connections are managed using the pppoeconf program. As long as your
computer is connected to the broadband connection, it should be able to detect most of the settings automatically.
Package Management Using APT
For most users, APT will be the primary tool for installing, removing, and upgrading packages.
This section shows how to use the apt-get and apt-cache utilities.
Managing the List of Package Repositories
The configuration file /etc/apt/sources.list contains a list of Debian package repositories
that APT will use. Like most configuration files on a Linux system, this file is a plain-text file that
can be viewed using any text editor or pager. To view its contents, run the following:
# pager /etc/apt/sources.list
deb cdrom:[Debian GNU/Linux _Sarge_ NetInst]/ stable main
deb http://ftp.us.debian.org/debian/ stable main
deb-src http://ftp.us.debian.org/debian/ stable main
deb http://security.debian.org/ stable/updates main
NOTE
Depending on which pager is configured as your default, you may need to press the q
key in order to return to a prompt.
Your output will differ from this example’s, of course, but the kind of information remains the
same. The first part of each line indicates whether the repository is to be used for binary packages
(indicated by the deb prefix) or source packages (deb-src). The rest of the line defines the
method (in this case, cdrom or http), the location, the distribution (stable), and the sections
(main). If you want to use software from the contrib and non-free sections, you can use a
text editor to add them after main.
NOTE
Run man sources.list on any Debian system for more information.
If you aren’t going to have your Debian CD available all the time, you may want to remove the
cdrom: entry from the file. Use a text editor (as root user) to edit the file:
# editor /etc/apt/sources.list
Make any changes you need to the file, exit the editor, and then update the package database as
described in the following section.
310
Running Debian GNU/Linux
Astute readers may notice that the pager and editor commands used in this section
are not common UNIX commands. Both are pointers to programs and are managed
using Debian’s alternatives system, which is discussed later in this chapter.
NOTE
Updating the APT Package Database
Because the lists of packages available in the Debian package repositories may change from time to
time, you need to instruct APT to download these lists and update its database occasionally. To perform this process, run the following command:
# apt-get update
You generally want to run this command before installing new packages so that you do not download an older version. Run it before checking for upgrades as well.
Finding and Installing Packages
When looking for new packages to install, you may not always know what package you want. The
package database maintained by APT includes package descriptions and other fields that can be
searched using the apt-cache utility:
# apt-cache search tetris
bsdgames — a collection of classic textual unix games
pytris — two-player networked console tetris clone
stax — collection of puzzle games similar to Tetris Attack.
Specifying multiple keywords in a search prevents apt-cache from listing packages
that do not contain all of the keywords you specify. This enables you to do very specific
searches such as word processor.
TIP
You can also use this utility to find out more information about a specific package in the
repositories:
# apt-cache show pytris
Package: pytris
Priority: optional
Section: games
Installed-Size: 101
Maintainer: Radovan Garabik
Architecture: i386
Version: 0.96
Depends: python (>=2.1), libc6 (>= 2.2.4-4)
Filename: pool/main/p/pytris/pytris_0.96_i386.deb
Size: 16304
MD5sum: 70eb8ad6f5a8a901a95eb37f7336fc57
Description: two-player networked console tetris clone
two-player networked console based tetris clone, written
in python, similar to xtet42.
311
9
Part III
Choosing and Installing a Linux Distribution
NOTE
To view information about a specific package that is already installed on your system,
use dpkg, as discussed later in this chapter.
Once you know the name of the package you want to install, use the install method to download it and any packages on which it depends. For example, the ssh package is very useful for
remotely accessing systems and is probably one of the first programs that you will want to install:
# apt-get install ssh
On this command, APT retrieves and installs the ssh package. If additional packages are required, a
list of those packages is displayed by APT. If you choose to continue, APT will download and
install those packages along with the package you requested.
When installing packages that support automatic configuration through debconf,
you’re prompted to answer the appropriate configuration questions. While the Debian
package developers have gone to great lengths to ensure that the default options for these questions
will work in most situations, it’s best to read the questions thoroughly to be sure that the defaults
work for you.
NOTE
Removing Packages
APT can also be used to remove packages from your system. Unlike dpkg, which removes only the
package you tell it to remove, apt-get also removes any packages that depend on the package
you are removing. This is best used in conjunction with the -s option to simulate what would
happen if the removal were actually performed:
# apt-get -s remove python2.3
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
bittornado python python2.3 python2.3-dev
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
Remv pytris (0.96 Debian:testing)
Remv python (2.3.4-1 Debian:testing)
Remv python2.3-dev (2.3.4-5 Debian:testing)
Remv python2.3 (2.3.4-5 Debian:testing)
In this example, several other packages depend on the python2.3 package and also need to be
removed. To proceed with removing python2.3 and all packages that depend on it, run the command again without the -s flag.
Upgrading Your System
As new versions of packages become available, you can instruct APT to download and install them,
automatically replacing the older versions. This is as simple as updating your package list, followed
by a simple command:
# apt-get upgrade
312
Running Debian GNU/Linux
APT will begin by downloading the necessary packages, and will then move on to installing and
configuring them. If necessary, you can abort the upgrade during the download process by pressing
Control+C. APT may also be able to recover if you have to abort during the installation or configuration steps, but it is still best to let the process run without interruption once it has begun
installing packages.
When upgrading to a newer distribution, use dist-upgrade instead of upgrade. This
changes the rules that APT uses when deciding which actions to take, making it expect
major changes in dependencies and handle them appropriately.
NOTE
Package Management Using dpkg
As mentioned earlier, the dpkg utility is the core package management tool in Debian. Most other
package management tools within the system, including APT, use dpkg to perform the midlevel
work, and dpkg in turn uses dpkg-deb and dpkg-query to handle a number of the low-level
functions. In most cases, you will want to use APT or Aptitude for package management, and use
dpkg in only a few situations.
Far too many commands associated with dpkg exist to list in this chapter, but the most common
ones are explained in the following sections. In most cases, there are both short and long commands to perform the same function. Use whichever is easier for you to remember.
Installing and Removing Packages
Packages can be installed with dpkg using the -i or --install flags and the path to the .deb
file containing the package. The path must be accessible as a file system path (HTTP, FTP, and
other methods are not supported), and more than one package can be specified:
# dpkg --install /home/wayne/lsof_4.71-1_i386.deb
Package removal through dpkg is also straightforward and is done with the -r or --remove commands. When configuration files are to be removed, the -P or --purge command can be used
instead. Both commands can also be used to specify multiple packages to remove:
# dpkg --remove lsof
or...
# dpkg --purge lsof
Querying the Package Database
You will often need to obtain more information about packages that are already installed on your
system. Because these operations do not modify the package database, they can be done as a nonroot user.
To list all packages known to dpkg, use the -l or --list commands:
$ dpkg --list
313
9
Part III
Choosing and Installing a Linux Distribution
You can restrict the list by specifying a glob pattern:
$ dpkg --list “*lsof*”
The quotes are used to prevent the shell from replacing the wildcard with a list of
matching files in the current directory. For more information about wildcards, see
Chapter 2 or type man 7 glob to see a list of wildcards.
NOTE
To view detailed information about a specific package, use the -s or --status command:
$ dpkg --status lsof
Package: lsof
Status: install ok installed
Priority: standard
Section: utils
...
The origin package for a file can be determined using the -S or --search command:
$ dpkg --search /bin/ls
coreutils: /bin/ls
The list of files in an installed package can be viewed using the -L or --listfiles command:
$ dpkg --listfiles lsof
/.
/usr
/usr/sbin
/usr/bin
/usr/bin/lsof
...
Examining a Package File
Package files can be examined before installing them using either the --info (-I) or the
--contents (-c) command. These options can be used on packages in a local directory, as
opposed to using them to examine packages on a remote server.
The following --info option shows the lsof package name, version information, and sizes of different parts of the package. Beyond that (although shortened here for space considerations) you
would be able to see a list of packages lsof depends on and descriptive information about the
package.
$ dpkg --info lsof_4.71-1_i386.deb
new debian package, version 2.0.
size 319058 bytes: control archive= 1534 bytes.
557 bytes,
16 lines
control
2246 bytes,
32 lines
md5sums
Package: lsof
Version: 4.71-1
...
314
Running Debian GNU/Linux
The following --contents option lets you see the full contents of the package you choose as if
you were listing the contents with an ls -l command. You can see the name and path to each file,
its permission settings and file/group ownership:
$ dpkg --contents lsof_4.71-1_i386.deb
drwxr-xr-x root/root
0 2004-04-03 07:34:41 ./
drwxr-xr-x root/root
0 2004-04-03 07:34:36 ./usr/
drwxr-xr-x root/root
0 2004-04-03 07:34:39 ./usr/bin/
...
Installing Package Sets (Tasks) with Tasksel
Some package sets are too large to be managed practically through meta packages, so tasks have
been created as an alternative. Tasks are installed and removed using the tasksel utility. When run
without any arguments, tasksel presents a menu from which you can select tasks to install or
remove.
CAUTION
Do not install any tasks if you plan to use this system in conjunction with the server
examples in Chapters 24 and 25.
Additional options are available from the command line:
n To see a list of known tasks, run tasksel --list-tasks.
n To list the packages that are installed by a task, run tasksel --task-packages
<task name>.
CAUTION
When a task is removed, all programs associated with that task, whether installed manually or as part of that task, are removed!
An example of a popular task to install is the desktop task. The desktop task installs three complete desktop environments based on the X Window System: GNOME, KDE, and XFCE environments. Note that this task will take a long time to download and install and requires several
gigabytes of disk space to complete. To start the desktop task, run the following:
# tasksel install desktop
Alternatives, Diversions, and Stat Overrides
In cases where there is more than one installed program that provides a specific function, package
maintainers have the option of utilizing Debian’s alternatives system. The alternatives system manages which program is executed when you run a specific command. For instance, the ed, nano,
and nvi packages each provide a text editor. An alternative maintained in the system guarantees
that a text editor is accessible through the generic editor command, regardless of which combination of these packages is installed.
The system administrator can designate which program is referenced in the alternatives database
through the use of the update-alternatives command:
315
9
Part III
Choosing and Installing a Linux Distribution
# update-alternatives --config editor
These are alternatives that provide ‘editor’.
Selection
Alternative
----------------------------------------------1
/bin/ed
*+
2
/bin/nano
3
/usr/bin/nvi
Press enter to keep the default[*],
or type selection number: 2
You can also use the --all command with update-alternatives to configure every entry in
the alternatives database, one at a time. You can find more details by typing the following: man
update-alternatives
By default, all alternatives are in automatic mode, meaning that the system automatically selects a suitable program from the available candidates. Installing a new candidate program generally results in the automatic updating of the appropriate alternatives. Manually
configuring an alternative disables automatic mode, preventing the system from changing these settings without prior knowledge of the system administrator.
NOTE
The Debian package management tools also provide a mechanism for renaming specific files in a
package and for overriding the ownership and permission settings on files. Unlike when these
changes are made manually, using mv, chmod, or chown, changes made through the Debian tools
remain in place across package upgrades and re-installations.
For example, if you want to replace /usr/bin/users without modifying the coreutils package,
you can divert it to /usr/bin/users.distrib:
# dpkg-divert --local --rename --add /usr/bin/users
Adding `local diversion of /usr/bin/users to /usr/bin/users.distrib’
Removing the diversion returns the original filename:
# dpkg-divert --remove /usr/bin/users
Removing `local diversion of /usr/bin/users to /usr/bin/users.distrib’
Stat overrides are useful when you want to disable access to a program, or when you want to make
it set-UID. For instance, to disable access to the wall program, type the following:
# dpkg-statoverride --update --add root root 0000 /usr/bin/wall
This sets the owner and group of /usr/bin/wall to root and root and disables all permissions
on the file.
316
Running Debian GNU/Linux
NOTE
You can find more information about file permissions in the “Understanding File
Permissions” section of Chapter 2.
Unlike dpkg-divert, dpkg-statoverride does not keep track of the original file permissions. As a result, removing an override does not restore the old permissions. After removing the
override, you need to either set the permissions manually or reinstall the package that contained
the file:
# dpkg-statoverride --remove /usr/bin/wall
# apt-get --reinstall install bsdutils
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0B/62.5kB of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue? [Y/n]Y
(Reading database ... 16542 files and directories currently installed.)
Preparing to replace bsdutils 1:2.12-10 (using .../bsdutils_1%3a2.1210_i386.deb) ...
Unpacking replacement bsdutils ...
Setting up bsdutils (2.12-10) ...
Managing Package Configuration with debconf
All packages that include support for configuration management through debconf are configured
as they are being installed. If you want to change a configuration option later, you can do so using
the dpkg-reconfigure command. For instance, you can change the configuration options for
ssh using the following command:
# dpkg-reconfigure ssh
Every configuration parameter is assigned a priority by the package maintainer. This allows
debconf to select the default values for settings below a specific priority. By default, you will be
prompted to answer questions of only medium, high, or critical priority; low-priority questions
are answered automatically. You can change this by reconfiguring the debconf package:
# dpkg-reconfigure debconf
Advanced users maintaining multiple systems may want to create a database of configuration settings that can be distributed to every computer (or to sets of computers) to
reduce the number of repeated steps. This process is documented in the debconf and
debconf.conf man pages.
NOTE
317
9
Part III
Choosing and Installing a Linux Distribution
Summary
The reliability of Debian GNU/Linux, combined with the large number of high-quality packages
available for it, make Debian a great choice for both workstations and servers. The carefully executed releases and the capability to upgrade most software without rebooting serve to further
increase its suitability as a server operating system.
APT is a primary tool for installing, removing, and upgrading packages. This chapter explored how
to use the apt-get and apt-cache utilities for package management. The chapter also covered the
installation of package sets (tasks) using the tasksel utility and managing package configuration
with the dpkg-reconfigure utility.
318
Running SUSE Linux
F
or the past few years, SUSE has been the most popular Linux distribution in Europe. Since the U.S. networking company Novell, Inc. purchased SUSE in November 2003, SUSE has been positioning itself to
challenge Red Hat to become the dominant Linux distribution for large
enterprise computing environments worldwide.
The DVD that comes with this book contains a CD image of
the mini/network install disk for openSUSE Linux 10.1. You
can burn this image to CD as described in Appendix A and install OpenSUSE
10.1 as described later in this chapter.
ON the DVD-ROM
Like Fedora and Red Hat Enterprise Linux, SUSE is an excellent first Linux
for people who prefer to work from a graphical desktop rather than from the
command line. Likewise, Novell’s Linux product line is geared toward enterprise computing, so the skills you gain using SUSE on your home Linux system will be useful in a business environment as well.
SUSE has a slick graphical installer that leads you through installation and
intuitive administrative tools, consolidated under a facility called YaST. SUSE
and its parent company, Novell, offer a range of Linux products and support
plans that scale from free versions of openSUSE with community support, to
supported SUSE distributions for the home and enterprise desktop (SUSE
and SUSE Enterprise Linux Desktop), all the way up to SUSE’s Enterprise
Linux Server product.
In 2005, Novell refocused its development efforts to do as Red Hat does with
its Red Hat Enterprise Linux product and Fedora project: Novell formed the
openSUSE project that, like the Fedora project, produces a free communitydriven Linux system that feeds into Novell’s for-profit Linux systems. Unlike
Fedora and RHEL, however, openSUSE and SUSE are, so far, following the
319
IN THIS CHAPTER
Understanding SUSE
What’s in SUSE
Getting support for SUSE
Installing SUSE
Part III
Choosing and Installing a Linux Distribution
same release numbers. They are differentiated by the fact that openSUSE offers no official Novell
support and SUSE may contain some non–open source software.
This chapter describes the features and approach to Linux that sets SUSE apart from other Linux
distributions. It also explains how to install the openSUSE Linux 10.1 distribution that is included
with this book.
The current versions of openSUSE and SUSE Linux (10.1) feature the YaST installer, KDE 3.5.1
desktop environment (default), GNOME 2.12.2, Firefox 1.5.0.3, GIMP 2.2.10, Apache 2.2.0,
MySQL 5.0.18, and OpenOffice.org 2.0.2. All SUSE Linux packages for the current release are
listed at this URL:
www.novell.com/products/linuxpackages/professional/index_all.html
At the time this book was written, openSUSE and SUSE 10.2 were in beta, but may be available by
the time that you read this. OpenSUSE and SUSE 10.2 feature KDE 3.5.5, GNOME 2.16, Firefox
2.0, Apache 2.2.3, and provide many other updates to deliver the latest and greatest open source
software from the GNU/Linux community.
With the split between SUSE and openSUSE, Linux product names from Novell have
changed significantly in the past year. Most significantly, what was previously called
SUSE Professional Linux is now simply called SUSE Linux. The openSUSE version of SUSE Linux 10.1
is sometimes called SUSE 10.1 OSS.
NOTE
Running with the Devil: The SUSE/Microsoft Deal
I
n November, 2006, Novell announced that it has struck a deal with Microsoft to further collaboration and interoperability with Microsoft products. This deal includes indemnification against
patent-related lawsuits, and has raised a fair amount of concern and controversy in the open source
community. In reality, Novell hasn’t admitted and doesn’t see any evidence of the use of Microsoft’s
intellectual property (IP) in Linux, but indemnification against patent liabilities has become an
important part of the Linux scene ever since SCO launched its series of questionable IP lawsuits
against Linux. Red Hat and Oracle already offer indemnification against this sort of thing, so this is
simply an even broader level of protection.
Paranoia aside, this deal is important if for no other reason than that it is a statement by Microsoft
that Linux is important to their customers and a viable enterprise operating system. As always, the
long-term effects of this deal remain to be seen, but it should be a good thing for all concerned.
Many members of the open source community are concerned that Microsoft will sneak its IP into the
GNU/Linux code base, setting the stage for future lawsuits against non-partners (anyone other than
Novell at this point). I think that the SUSE team’s traditional vigilance and long-term commitment to
GNU/Linux will prevent this from happening, but my crystal ball is in the shop now for a memory
upgrade.
320
Running SUSE Linux
Understanding SUSE
If you are looking for a Linux system with the stability and support on which you can bet your
business, SUSE offers impressive, stable Linux products backed by a company (Novell, Inc.) that
has been selling enterprise solutions for a long time. SUSE’s product offerings range from personal
desktop systems to enterprise-quality servers.
SUSE began as a German version of Slackware in 1992, on 40 floppy disks, and was first officially
released on CD (SUSE Linux 1.0) in 1994. Founded by Hubert Mantel, Burchard Steinbild, Roland
Dyroff, and Thomas Fehr, SUSE set out as a separate distribution from Slackware to enhance the
software in the areas of installation and administration.
Although SUSE had success and respect with its Linux distribution, it was not profitable, and
Novell’s $210 million offer for SUSE was seen as a good thing both for SUSE and for Linux in general. SUSE was running short on cash, and Novell was looking for a way to regain its stature as a
growth company in the enterprise and network-computing arena.
In the 1980s and early 1990s, Novell was the world’s number-one computer networking company.
Before the Internet took hold, Novell’s NetWare servers and IPX/SPX protocols were the most popular ways to connect PCs together on LANs. International training, support, and sales teams
brought Novell products to businesses and organizations around the world.
Despite Novell’s huge lead in the network computing market, file and printer sharing features in
Microsoft Windows and late entry into the TCP/IP (Internet) arena caused Novell to lose its market
dominance in the 1990s. Although its NetWare products contained excellent features for directory
services and managing network resources, Novell didn’t have end-to-end computing solutions.
NetWare relied on Windows for client computers and lacked high-end server products.
Novell’s association with the UNIX operating system in the early 1990s makes an interesting footnote in the history of Linux. Novell purchased UNIX System V source code from AT&T and set out
to make its resulting UNIXWare product (a UNIX desktop product for x86 processors) a competitor
to Microsoft’s growing dominance on the desktop. The effort was half-hearted, and in the mid-1990s
Novell gave the UNIX trademark to the Open Group and sold the UNIX source code to SCO.
Novell’s purchase of SUSE marks its second major attempt to fill in its product line with a UNIXlike desktop and server product. From the early returns, it appears that Novell is doing a better job
with Linux than it did with UNIX.
What’s in SUSE
Unlike distributions geared toward more technical users, such as Gentoo and Slackware, you can
configure and launch most major features of SUSE Linux by selecting menus on the desktop. New
Linux users should find SUSE to be very comfortable for daily use and basic administration.
321
10
Part III
Choosing and Installing a Linux Distribution
Like Red Hat Enterprise Linux, SUSE is made to have a more cohesive look-and-feel than most
Linux distributions that are geared toward Linux enthusiasts. In other words, you aren’t required to
put together a lot of SUSE by hand just to get it working. Although SUSE is ultimately aimed more
toward enterprise computing, it also works well as a home desktop system.
Let’s explore what openSUSE and SUSE Linux offers you.
Installation and Configuration with YaST
A set of modules that can be used to configure your SUSE system is gathered together under the
YaST facility. Because many of the features needed in a Linux installer are also needed to configure
a running system (network, security, software, and other setup features), YaST does double duty as
an installer and an administrative tool.
YaST (which stands for Yet Another Setup Tool) was, until recently, proprietary code that was not
available as open source. However, to gain wider acceptance for YaST among major computing
clients as a framework for managing a range of computing services, Novell released YaST under the
GNU Public License in March 2004.
YaST makes obvious what you need to do to install Linux. Hardware detection is done before your
eyes. You can set up your disk partitions graphically (no need to remember options to the fdisk
command). Setting up the GRUB boot loader is done for you, with the option to modify it yourself.
One of the nice features of YaST installation is that you can scan the configuration process without
stepping through every feature. If you scan through the mouse, keyboard, installation mode, partitioning, and other information and they look okay, you can click Accept and just keep going. Or
you can change any of those settings you choose. (The “Installing openSUSE” section later in this
chapter details the installation process with YaST.)
Because YaST offers both graphical (QT) and text-based (ncurses) interfaces, you can use YaST as a
configuration tool from the desktop or the shell. To start YaST from the desktop, click the SUSE
button on the desktop panel and select System ➪ YaST. Figure 10.1 shows what the graphical version of the YaST utility looks like.
322
Running SUSE Linux
FIGURE 10.1
Configure common Linux features using the YaST utility.
Launching the YaST utility actually involves running the /sbin/yast2 command. When you run
/sbin/yast2, YaST starts in graphical mode by default. (An alternative is to run kdesu
/sbin/yast from a Terminal window, which starts YaST in text mode.) Figure 10.2 shows what
YaST looks like when started in text mode from a Terminal window.
323
10
Part III
Choosing and Installing a Linux Distribution
FIGURE 10.2
Use the arrow and Tab keys to navigate YaST in text mode.
YaST offers you some intuitive tools for configuring your system and comes preconfigured so you
start with a nice set of defaults. YaST also does a good job detecting your hardware, finding partitions, and the like, so a new user can often just accept the settings YaST chooses. Here are some
examples of what YaST does for you:
n Detects hardware — You don’t have to check through /etc configuration files or run
lsmod, lspci, or hwinfo to see the drivers for your hardware or how your hardware
has been configured in SUSE. From the Hardware section, you can select icons representing your CD drives, graphics cards, printers, joysticks, scanners, sound cards, and mice.
Click the Hardware information icon to see your full list of detected hardware.
n Manages system configuration — Like Red Hat Enterprise Linux, SUSE stores much of
the information it uses to configure services at boot time in files in the /etc/
sysconfig directory. The information in those files is in the form VARIABLE=”VALUE”.
Under the YaST System icon, you can select the sysconfig Editor, which lets you select
each file and then view and possibly change each variable so that you don’t have to guess
what variables are available for each configuration. For more advanced system administrators, this is a great way to fine-tune the startup services for your system.
324
Running SUSE Linux
SUSE also includes a System Configuration Profile Management (SCPM) applet, which
lets you store and manage a collection of system settings so it can be used again later.
n Configures network devices — YaST detects your dial-up modem, Ethernet card, DSL
modem, or ISDN hardware, and gives you the opportunity to configure each piece of
hardware. SUSE also does a much better job than most distributions at getting
Winmodems working in Linux, which is particularly useful for using dial-up features on
laptops that have cheap, built-in modems.
n Defines network services — With a connection to your LAN or WAN, YaST provides
some helpful graphical tools for configuring some services that can be unintuitive to configure from the command line.
n Changes security settings — Security settings in Linux are often among the most unintuitive features to configure, while at the same time being among the most important.
Although features such as iptables work great for most Linux gurus for setting up a firewall, people who are accustomed to graphical interfaces may find them challenging.
From the YaST Security and Users selection, the Firewall icon enables you to step through
your network interfaces and add access to those services you want by name (such as Web
Server, Mail Server, and Other Services) or by port number. It even enables you to do initial setup of more complex firewall features, such as packet forwarding, IP Masquerading,
and logging.
To make your way around the graphical YaST interface, you need only to click the mouse and use
the Tab key to move between fields. For the text-based YaST interface, you can use the Tab and
arrow keys to move among the selections and the Enter key to select the currently highlighted
item.
RPM Package Management
Like Red Hat Enterprise Linux and Fedora, SUSE packages its software using the RPM package
management file format and related tools. RPM contains a lot of features for adding, removing, and
managing software in SUSE. Although software packages in the Red Hat and SUSE distributions
are different, the tools you use for managing packages in those two distributions are the same.
You use the rpm utility to work with RPM software packages. Here’s a list of some of its features:
n Installing local or remote packages — You can use the rpm command to add a software
package to SUSE, and rpm doesn’t care if the package is in the local directory, CD, or
remote computer (providing you have network access to that computer). A remote package can be available on a Web server (http://) or FTP server (ftp://). Here’s an
example of using an rpm command to install a software package from an FTP server:
# rpm -iv ftp://ftp.linuxtoys.net/pub/suse/10.2/abc.i586.rpm
In this example, the -i option says to install the package, and the -v option says to give
verbose output as the package is installed. The fictitious package (abc.i586.rpm) is
installed from an FTP repository. If there are dependency or access issues, rpm informs
325
10
Part III
Choosing and Installing a Linux Distribution
you and fails. Otherwise, the package is installed. (The -U option is often used instead of
the -i option to install RPMs because -U succeeds even if the package is already
installed. The -U says to upgrade the package.)
n Querying the RPM database — One of the best features of the RPM facility is that you
can find out a lot of information about the software packages that are installed. The query
option (-q) lets you list package names, descriptions, and contents in various ways. Here
are a few examples:
# rpm -qa xmms
# rpm -ql xmms | less
# rpm -qi xmms | less
The first example (-qa) searches for the xmms package and reports the current version of
the package that is installed. In the second, -ql lists all files in the xmms package and
then pipes that output to the less command to page through it. And finally, -qi displays a description and other information about the xmms package.
n Verifying installed packages — Use rpm to verify the contents of an RPM package. The
-V option enables you to check whether any of the files in a package have been tampered
with. Here is an example:
# rpm -V aaa_base
..5....T c /etc/inittab
S.5....T
/etc/profile.d/alias.ash
-V checks whether any of the contents of the aaa_base package (which contains some
basic system configuration files) have been modified. The output shows that the inittab
and alias.ash files have been modified from the originals. The 5 indicates that the
md5sum of the files differ, while the T indicates that the time stamp on the file differs. On
the alias.ash file, the S shows that the size of the file is different.
The rpm command has many other options as well. To find out more about them, type man rpm
or rpm --help from any shell.
Automated Software Updates
As of version 7.1, SUSE Linux includes an automatic update agent. The YaST Online Update
(YOU) utility is built right into the YaST facility and offers an easy way to get updates, security
patches, and bug fixes for SUSE by downloading and installing them from software repositories
over the network. You can also execute YOU from the command line, using the kdesu you command.
From within YaST, select Online Update. YaST uses software installation sources that have been
defined in YaST’s Installation Source module to enable you to begin retrieving software updates
with a single click. It presents you with a list of patches from which you can choose. Security
patches are in red, all recommended patches are selected, and optional patches are shown (unselected). It’s easy to see all available patches and read their descriptions to determine if you want
them.
326
Running SUSE Linux
After you have selected the updates you want and clicked OK, you can watch the progress as each
patch and updated package is downloaded and installed. Having security-related patches and other
fixes separated and having the ability to read all about each software update and patch right on the
YaST window before you start downloading are features that make YaST Online Update a powerful
and easy-to-use software update mechanism.
Getting Support for SUSE
SUSE has an excellent support database and full-time support staff. You can search many of the
articles on the site for free and check out the FAQs. Paid support options are available as well.
The SUSE Linux Portal (http://portal.suse.com) is the place to search for answers about
using SUSE. To try the free search engine at the site, just select Search. You don’t need a user
account to search articles related to SUSE Linux, although you do need one to search articles
related to Linux business products from SUSE. To get an account, select the Sign Up Here link
from the SUSE Linux Portal page. If you have purchased your SUSE distribution, you can use that
account to register your SUSE product. Having a registered SUSE product lets you use your
account to get free installation information and other support services.
With the split of openSUSE and SUSE Linux, many of SUSE’s online resources have been divided
as well. For example, many general SUSE resources are directed to either Novell.com or
openSUSE.org sites. If you are learning or trying out openSUSE as your entry into SUSE Linux
products, you should start at the openSUSE.org site for information on downloads, documentation, and communications opportunities (mailing lists, forums, IRC, and so on).
At the time of this writing, SUSE is offering a free 30-day evaluation for SUSE Linux
Enterprise Server if you want to download it. That evaluation includes installation support and upgrade protection. Check the Novell (www.novell.com) and SUSE
(www.opensuse.org) Web sites to see if any evaluation specials are currently available.
NOTE
Installing openSUSE
The installation procedure described here is for openSUSE Linux 10.1. This edition is available free
of charge. Functionally, it is almost exactly the same as the SUSE Linux 10.1 boxed set version that
Novell sells. The primary differences between the two are product support (only with SUSE Linux)
and inclusion of some non-open source software (also only with SUSE Linux). So, essentially, these
instructions should work equally well for both SUSE and openSUSE 10.1.
The DVD that comes with this book includes the openSUSE 10.1 network install CD, also known
as the mini install CD. If you want to download the complete openSUSE set or a trial version of
openSUSE Linux, go to the openSUSE site (www.opensuse.org), select your language, and click
the Download link. In either case, you have to burn the CD image(s) to a CD yourself. (See
Appendix A for information on how to do that.)
327
10
Part III
Choosing and Installing a Linux Distribution
If you like SUSE and want a commercial version, select the How to Buy link at the SUSE Linux site
(www.novell.com/products/suselinux). You can purchase a boxed set of SUSE Linux,
which includes installation support, some non-open source software (such as multimedia plug-ins
and java support) and hardcopy documentation. Or you can choose one of the other editions, such
as the SUSE Linux Enterprise Server edition, which also include support and documentation.
The installation description in this chapter covers installs on Intel x86 PCs. If you have
AMD 64-bit or Intel Extended Memory 64 Technology systems, you need to purchase
the SUSE Linux boxed set, which includes installation media for both of those types of hardware, or
download the version of OpenSUSE for the x86_64 platform. If you are using an Itanium-based system, an ia64 version of openSUSE is also available.
NOTE
Before You Begin
To install SUSE, you need at least 96MB of main memory, though more is always better and future
release may require greater amounts of memory for installation and usability. The entire SUSE
default installation requires about 3.25GB of disk space, although you can get by with less by deselecting packages during installation. Installation should work on any Pentium-class x86 PC.
The description here tells how to install by booting the installation CD and installing the software
from that medium. If you don’t have a bootable CD drive, you can create boot floppies from the
image on the CD. To see available boot images and descriptions of how to create boot floppies,
refer to the README file in the /boot/i386 directory on the SUSE installation CD.
Although you need a boot CD or floppy disk to begin the installation, the actual software you are
installing can reside in other locations. In fact, because I’m providing the SUSE network install
CD image, you need a network card installed on your computer and a connection to the Internet
to complete the installation. Then, SUSE software can be gathered from the following types of
locations:
n FTP — From the installation boot prompt, identify the location of the directory on an
FTP server that contains the contents of the SUSE packages. For example, to install from
the /install directory from the FTP server at 10.2.0.1, type the following at the boot
prompt:
install=ftp://10.2.0.1/install
n HTTP — To use a Web (http) server instead of an FTP server, type the following:
install=http://10.2.0.1/install
n NFS — To use an NFS server instead of an FTP server, type the following:
install=nfs://10.2.0.1/install
Other installation media that are supported include hard disk (with the SUSE software installed on
a different hard disk or partition on the local computer), USB stick, and Samba (where the software
is on an SMB share from a Windows or other Linux system). See
328
Running SUSE Linux
http://en.opensuse.org/index.php?title=Installation_without_CD for more
detailed information about all supported installation methods.
Starting Installation
Here are the steps for installing SUSE Linux on your hard disk, using the network install CD:
1. Insert the installation CD in your CD drive. Reboot the computer. The SUSE installation boot screen appears.
2. Installation type. Use your arrow keys to highlight Installation and then press F3 to
display additional boot options.
3. Press F4 to display the list of network installation sources. Use the arrow keys on your
keyboard to select the protocol that you want to use for network installation. This section
uses HTTP as an example, but you can use any of the available protocols as long as you
know the IP address, host name, and directory path to a set of openSUSE 10.1 installation files. This section uses the following install location:
Host IP: 204.152.191.39
Directory: /openSUSE/distribution/SL-10.1/inst-source/
Enter these values and press Enter to close this dialog. Press enter again to proceed with
the installation. The YaST screen appears to begin installation.
Sometimes installation can fail because the computer hardware doesn’t support certain
features, such as power management (ACPI or APM) or DMA on hard drives or removable media. For those cases, you can try starting installation by selecting ACPI Disabled (which turns
off ACPI) or Safe Settings (which turns off ACPI and APM as well as turning off DMA for any IDE CD,
DVD, or hard drives).
NOTE
The remaining steps in the installation process are divided into three sections:
Preparation, Installation Settings, and Configuration.
Preparation
4. Language. Select the Language you want to use for your SUSE Linux system and click
Next. The installer offers you the option to verify the install CD before proceeding. Select
Check Media to verify your install CD; otherwise, click Next to proceed with the installation. The License Agreement appears.
5. License. Read the Novell Software License Agreement. If you agree, select Yes and click
Next. (If you select No, it ends the install process.) You are prompted to select an install
mode.
6. Installation Mode. Here you can choose whether to run a new installation or upgrade
from an older version. Choosing to upgrade an existing SUSE Linux installation will take
more time than a clean (new) installation. You can also select the Include Add-On
Products From Separate Media option if you have downloaded and burned a copy of the
Add-On CD for openSUSE 10.1.
329
10
Part III
Choosing and Installing a Linux Distribution
CAUTION
For either an upgrade or new installation, you should back up all your data before you
start.
7. Clock and time zone. Select the geographic region and time zone in which you’re
located. If the time is wrong, click Change, and type your new date and/or time and click
Apply. Note that other operating systems may not expect the Hardware Clock (in the
BIOS) to be set to UTC (Coordinated Universal Time). If you dual-boot you may want to
consider setting this to Local time so it does not conflicts with other operating systems.
Linux will work with either mode. Select Next to continue. You are asked to choose a
Desktop.
8. Desktop selection. Choose KDE, GNOME, or Other to set your desktop environment.
KDE is most commonly used with SUSE. With Other, you can have a minimal graphical
interface or a completely text-based system (no GUI).
Installation Settings
The installation settings that appear allow you to select either the Overview or Expert tab. Review
the settings on these tabs. The following steps describe the options on the Expert tab, which provides more detailed information than the Overview tab:
9. System. Select System to probe your computer hardware. The result is details about the
type and model of each hardware item on your computer. You can save this information
to your hard disk (if there is an available partition) or to a floppy disk. Click Details to
see further information about any selected item. You might find this information useful if,
for some reason, the hardware is not properly configured after the install is complete. It
will give you information you need to search the Web or ask a question to a Linux forum
about your hardware problem.
10. Keyboard layout. Make sure the language/country associated with the keyboard you are
using is properly identified.
11. Partitioning. Partitioning is very important, especially if you want to protect any data
currently on your hard disk. Select Partitioning. SUSE recommends a partitioning
scheme. (If your disk is already partitioned, SUSE tries to use that scheme.) You can simply accept that scheme (choose Accept Proposal As-Is and click Next) or elect to create a
custom partition setup.
The Expert partitioning selection enables you to use a partitioning interface that is very
similar to Disk Druid. See the description of partitioning in Chapter 7 for information on
partitioning your hard disk. If you ever plan to move your partitions around with a tool
such as Partition Magic, you should assign your Linux partition to the ext3 file system
type. (If you are an expert and want to use the fdisk command described there, press
Ctrl+Alt+F2 to get to a shell, run fdisk, and then press Ctrl+Alt+F7 to return to the
graphical installer.)
12. Software. Select Software to see a list of packages available to install on your hard disk.
The SUSE install CD offers various groups of software, including graphical software, word
processing and document production software, applications for software development,
and much more.
330
Running SUSE Linux
Choose a group to see the specific packages in each group. Figure 10.3 shows the preselected packages associated with the openSUSE Base System group. Checkmarks indicate which packages will be installed. If you want to customize the standard installation,
it’s a good idea to look through this list to see what you are getting. If you change any of
the selections, click the Check button to make sure that all packages that other packages
depend on are being installed.
FIGURE 10.3
Install additional software using the YaST software module.
The YaST software packages module used for adding, removing, and finding out about
software packages during installation is the same one used on a running SUSE system. In
either case, you can find out a lot of information about packages that interest you. With a
package selected, click tabs in the box at the bottom-right corner of the screen to see its
description, technical data (its size, packager, and so on), dependencies, and version
numbers.
13. Booting. Select Booting to see the information that is added to your boot loader (GRUB,
by default, but you can use the LILO boot loader as well). The boot loader includes the
information needed to boot Linux: the location of the boot loader, default operating system to boot, and other information.
14. Time Zone. Select Time Zone to change your system’s default idea of the time zone in
which you are located.
15. Language. Select the default language to use. (You can add support for other languages
later, if you like.)
16. Default Runlevel. Normally you’d use the default (5) to boot to a full multiuser, networked desktop system with a graphical login screen. The other common default is 3,
which provides a text-based login screen but is otherwise the same. (If you choose 3, you
can start the GUI after login by typing the startx command.)
331
10
Part III
Choosing and Installing a Linux Distribution
17. Start the install. If the Installation settings all look okay, click Accept to begin the install
process. Remember that this is your last chance to back out! When the confirmation dialog box appears, click Back to return to the installer so that you can modify or abort the
install process, or select Install to start the installation.
If you click Yes, SUSE formats your hard disk and installs the selected packages. After
installation finishes, SUSE prompts for some final configuration information to complete
the installation process.
Configuration Settings
After the basic software installation completes, the YaST installer prompts you for some additional
information:
18. Host Name and Domain Name. Enter the name that you want to use for this host on
your network. Enter the name of the Internet domain that this machine is a member of.
19. Root Password. Enter the root password (twice). Enter up to eight characters. DES is the
default encryption type used to protect your password. (You can select Expert Options to
choose MD5 or Blowfish instead.) Refer to Chapter 6 for suggestions on choosing a good
password.
20. Network Configuration. YaST probes to find any network cards, DSL connections, ISDN
adapters, or modems connected to your computer, and proposes a default configuration.
Select any of the items that appear on the screen, as appropriate, to examine and, optionally, re-configure it. For example, select Network Interfaces to view any installed network
cards. You can configure any card found to use DHCP (if available) or your own network
settings to connect to the LAN and/or the Internet. (See Chapter 5 for information on
configuring Internet connections.)
The automatic network configuration enables a firewall and disables remote access to
your machine via SSH. You can change either of these by clicking their default settings so
that, for example, you can allow ssh requests through your firewall, so you can login and
transfer files to and from the machine using OpenSSH tools (ssh, sftp, and so on).
After you are done, click Next. SUSE sets up and lets you test your network connections.
21. Online Update. YaST tests network connectivity through the network interface that you
defined in the previous step, and downloads the latest release notes as a test. This step
also enables you to upload configuration information about your system to Novell and
identify any new updates that are available. To skip this step, you can select the Configure
Later radio button and click Next. If you leave the Configure Now radio button selected,
you can click Next to upload information about your system and retrieve information
about any available updates. This does not actually install any updates, but only registers
the network locations where updates are available so that you can subsequently use them
to update your system. You can skip this step by selecting the Configure later radio button. Click Next to proceed.
22. User Authentication Method. Typically, you will use your home computer in standalone
mode, as it relates to user accounts. However, in a business setting, you may use NIS,
LDAP, or Samba to get user account lists that allow access to yours and other computers
332
Running SUSE Linux
on your LAN. If the latter is the case, select Network Client and choose either NIS (a
common facility used by UNIX systems to share configuration files) or LDAP (a standard
directory service, used to share address books and other kinds of information on a network), depending on what your company supports. Choosing Samba lets you use
Windows SMB file and print sharing features for authentication. Then click Next.
23. New Local User. You will want to add at least one user account, as prompted, for your
computer. Right now, you have only the root user account set up for use on a standalone
machine. Using that account for e-mail, Web browsing, or other common tasks is considered bad security practice. So you should add at least one user account for non-administrative use of your computer. Add your full name, a short, one-word login name, and a
password to protect that account.
If you want to have this user automatically logged in on the system whenever you restart,
leave the Automatic Login check box selected. Otherwise, de-select it to see a standard
login prompt whenever you boot your system. You can also check the Receive System
Mail check box to ensure that the user account that you have just created automatically
receives a copy of any mail sent to the root user on your system, which is often sent by
administrative applications. To proceed, click Next.
When you are done, YaST writes the system configuration information to your computer. It
then displays the Release Notes for your current version of SUSE. Click Next to continue.
24. Hardware Configuration. The SUSE Installer displays a screen listing all of the hardware
that was detected in your system. You can use this screen to configure other hardware
devices to use with your system, or to verify the configuration of your existing hardware.
You can select the headers on this screen to configure your graphics card, printer, sound
card, or TV card.
If you reconfigure your graphics hardware, you should test your display as prompted. If
the settings you choose don’t work, select Ctrl+Alt+Backspace to exit and try to config-
NOTE
ure it again.
When you are done testing or updating your system hardware, or if you just want to use
SUSE’s default hardware configuration settings, click Next. The settings are written to
hard disk. An Installation Completed screen appears.
25. Finish. On this screen, you can optionally click Clone system for Autoyast to save a
record of your system’s configuration if you are planning to install other SUSE 10.1 systems. Click Finish when you are ready to proceed. The system starts the graphical user
interface that you selected during installation and is ready for you to log in.
Starting with SUSE
If you created a user account during the preceding installation and left Automatic Login selected
when you created that account, SUSE should automatically log you in as that user and present you
with the KDE desktop. (If you are presented with a graphical login screen instead, log in as that
user now.) Here are a few things to help you get started using SUSE:
333
10
Part III
Choosing and Installing a Linux Distribution
n Desktop applications — The default SUSE 10.2 install is configured as a desktop system
that includes a set of easily accessible desktop applications. On the desktop, try the Office
icon to open OpenOffice.org to work with documents, spreadsheets, presentations, drawings, Web pages, or a variety of other content types. From the SUSE icon on the panel,
select from among dozens of applications to try them out.
n My Computer — A My Computer icon on the desktop enables you to see removable
media and mounted partitions, and also gives you access to your Desktop, Documents,
and public_html folders in a Konqueror window.
n Network Browsing — The Network Browsing icon on the desktop enables you to
explore your local network, mounting any shared file systems that are exported by other
systems and locating other remote devices such as printers.
n Reconfigure your computer — Get to the YaST administration tool by selecting All
Programs ➪ System ➪ Administrator Settings (YaST) from the SUSE menu. You can
reconfigure your system hardware and software from the YaST Control Center.
If you want to configure your desktop (change backgrounds, screen savers, or themes), use the KDE
control center as you would with any modern KDE desktop. You can launch the control center from
the SUSE menu (select My Favorites ➪ Configure Desktop). Figure 10.4 shows a sample KDE desktop with the Control Center, OpenOffice.org Writer, and a Terminal window (konsole) running.
FIGURE 10.4
A sample SUSE 10.2 desktop
334
Running SUSE Linux
Summary
SUSE is generally considered to be the best choice for enterprise-quality Linux systems, along with
Red Hat Enterprise Linux. Its graphical installation and administrative tools (implemented in a
facility called YaST) set it apart from other Linux distributions geared more toward technical users.
Since SUSE was acquired by Novell in 2003, SUSE Linux has become part of a larger, enterpriseready product line. Boxed sets of SUSE Linux are available. Support offerings are available at many
different levels. With Novell’s worldwide sales and training organization, SUSE Linux has the backing it needs to compete to become the world’s most popular commercial Linux system. The release
of SUSE to the open source community as the openSUSE project ensures that the latest and greatest features are available or are in the SUSE development pipeline.
Because so much work has gone into the YaST installer and administrative interface, even an inexperienced user can be up and running on a newly installed SUSE system within an hour. It’s then
easy to begin using a variety of desktop and personal productivity applications from the SUSE
desktop.
335
10
Running KNOPPIX
A
computer’s operating system usually resides on the hard disk — but
it doesn’t have to. When a computer boots up, it typically checks
first if there is a CD, floppy disk, or DVD in a drive and tries to boot
from there (depending on BIOS settings). So, with up to 700MB (CD) or
8.4GB (dual-layer DVD) of space on those media, why not use them to boot
whole operating systems?
Well, that’s exactly what bootable Linux distributions (also called live CDs)
such as KNOPPIX do. In the case of KNOPPIX, one CD holds up to 2GB of
compressed software for you to run that uncompresses on-the-fly. Start it up
and you can try out all the features of a well-stocked Linux system, without
touching the contents of your hard disk.
KNOPPIX is included on the DVD that comes with this
book. In fact, it is the default option. Insert the DVD into
your PC’s DVD drive, and when you see the boot screen, press Enter. KNOPPIX
should just start up, and you can begin using it as described in this chapter.
ON the DVD-ROM
If you have never used Linux before, KNOPPIX gives you the chance to do
so in a very safe way. If you are experienced with Linux, KNOPPIX can be
used as a tool to take Linux with you everywhere, troubleshoot a computer,
or check whether a computer will run Linux. In any case, you can use this
chapter to take a little tour of some great Linux features that you can try out
with KNOPPIX.
337
IN THIS CHAPTER
Understanding KNOPPIX
Starting KNOPPIX
Using KNOPPIX
Part III
Choosing and Installing a Linux Distribution
KNOPPIX Features
KNOPPIX has so many features it’s hard to find a place to start. The latest official version of KNOPPIX
at the time of this writing (KNOPPIX 5.0.1), features X.Org 7.0.18, OpenOffice.org 2.0.2, KDE 3.5.2,
GIMP 2.2.11, Linux kernel 2.6.17, as well as many multimedia applications. More information can
be found on the KNOPPIX homepage (www.knoppix.com).
One of the most useful features of the most recent versions of KNOPPIX is the ease with which you
can create your own, personalized KNOPPIX disk. The available options are so vast that there is
not enough room to cover them in this book. For more information on how to create your own
version of KNOPPIX, see http://www.knopper.net.
KNOPPIX includes support for NTFS file systems, so you can use KNOPPIX on a computer with Windows XP installed and access your files from your hard disk. This is a
good way to try out your documents, music, movies, or other content from Windows using Linux
applications (before you permanently switch). NTFS transparent write access, which is newly supported in KNOPPIX 5.0, is said to make writing to NTFS partitions safer than it was in previous versions.
COMING FROM
WINDOWS
Understanding KNOPPIX
If you are impatient to get started, you don’t have to read any further. In most cases, you can just
insert your DVD into your PC, reboot the computer, and start using KNOPPIX. If you have the
time, however, read on a bit more.
KNOPPIX is a bootable Linux that includes a nice selection of open source software. Originally,
there was a CD version of KNOPPIX (about 700MB image). Now, there is also a DVD version
(about 4GB image). It is the KNOPPIX CD image that is included on the DVD that comes with this
book.
KNOPPIX is considered to be the best bootable Linux available. In fact, KNOPPIX is used as the
basis for many specialized Linux live CDs, including Gnoppix (featuring GNOME instead of KDE),
KNOPPIX STD (security), KnoppMyth (MythTV media player), and KnoppiXMAME (console game
player), to name a few. To try out the latest features, however, you should start with the most
recent version of KNOPPIX, as described in the rest of this chapter.
KNOPPIX News
When KNOPPIX 5.0.1 was released in June, 2006, it was distributed first as a live DVD (about
4GB) and was touted more as a complete operating system on disk than a convenient desktop live
CD. Although the KNOPPIX 5.0.1 CD was released just a few days later, the growing emphasis on
DVDs reflects the tendency of live Linux media to offer everything someone would need for a desktop or server system.
338
Running KNOPPIX
With release 5.0.1, KNOPPIX became more like a complete operating system. Extensions were
added to make it easier to install KNOPPIX to hard disk. The ability to update certain critical packages was added in the Live Update feature. Packaging, in general, is now more focused on staying
closer to the Debian packages on which KNOPPIX is based.
You can expect more hardware to be detected and automatically configured in KNOPPIX 5.0.1
because of improvements to hardware autoconfiguration and detection features. Improvements
have also been made to how KNOPPIX uses UnionFS file systems. As a result, you can now write
to many more areas of the live CD file system than before.
Along with KNOPPIX-specific features in 5.0.1, improvements are often made, along with normal
updates, to the major software projects included in KNOPPIX. This release includes major updates
to X.org (version 7) and OpenOffice.org (version 2.0.2) among others.
Looking Inside KNOPPIX
After automatically detecting and configuring your computer hardware, KNOPPIX boots right up
to a full-featured desktop system complete with hundreds of ready-to-use desktop applications (no
login required). It includes some powerful server and power user features. In fact, there are so
many features, I won’t even try to mention them all here, but take a look at the following list of
some of KNOPPIX’s major components:
n KDE — A full-featured KDE desktop (which runs on the X Window System) that
includes tools for configuring the desktop and a bunch of applications tailored for the
KDE environment. (See Chapter 3 for descriptions of KDE.)
If you prefer the GNOME desktop environment, there are several customized versions
of KNOPPIX that include GNOME. Most notable is the Gnoppix
(http://en.wikipedia.org/wiki/Gnoppix) distribution, which uses GNOME as its default
desktop.
NOTE
n OpenOffice.org — The OpenOffice.org suite of office productivity tools so that you can
create documents, graphics, presentations, spreadsheets, and most anything you expect
to be able to do with office applications. With KNOPPIX, you can give a presentation created in OpenOffice.org software anywhere that you have access to a PC. (See Chapter 21
for descriptions of OpenOffice.org productivity applications.)
n Internet tools — Web browsers (Firefox, Konqueror, and Lynx), e-mail clients
(Thunderbird, Kmail, Thunderbird, and mutt), a chat client (XChat IRC), a newsreader
(KNode), an instant messaging client (Gaim), and many more applications for using the
Internet. (See Chapter 22 for descriptions of popular Web browsers and mail clients.)
n Multimedia software — Applications for playing music (xmms), editing music
(Audacity), watching TV (xawtv), playing movies (Kaffeine), working with graphics
(GIMP and ImageMagick), using Webcams (gqcam), and displaying images (KView and
Kuickshow). (Chapter 20 covers music and video players.)
339
11
Part III
Choosing and Installing a Linux Distribution
n Games — A few dozen diverting board games, card games, strategy games, and puzzles
to play. Try Potato Guy to keep the young ones busy, and Kasteroids for the older kids.
(Chapter 23 talks about KDE games and other games that you can run with KNOPPIX.)
n Administrative tools — A nice set of system and network administration tools that
enables you to do some pretty advanced setup, monitoring, and debugging of your computer and network. (The Knoppix-STD distribution is configured specifically as a rescue
CD to do almost anything you can imagine to check and fix your computer and network.)
n Servers — A few of the powerful server projects available for Linux, many of which don’t
require a lot of disk space: a Web server (Apache), file server (NFS), Window file/print
server (Samba), proxy server (Squid), DNS server (bind9), login server (sshd), and DHCP
server (dhcpd).
Using KNOPPIX (or any of the other bootable server Linux systems described in Chapter
19) as a server opens some amazing possibilities for serving the data from a Windows or
other operating system to a network, while completely bypassing that operating system on the computer’s hard disk.
COMING FROM
WINDOWS
n Programming tools — A good set of tools for developing software across a variety of programming environments.
KNOPPIX is based on Debian Linux, so a Debian user will be particularly comfortable with the
selection and organization of features. KNOPPIX software packages are also done in deb package
format, so you can use apt, dpkg, and related tools to list and otherwise manage the packages. A
graphical tool for working with software packages that comes with KNOPPIX is KPackage.
Refer to Chapter 9 for information on using apt and dpkg tools for managing software in
Debian. Even if you don’t install any new software, those tools provide an excellent way
to search, list, or even upgrade software packages that are running in KNOPPIX.
NOTE
What’s Cool About KNOPPIX
The features just described are ones that come with many different Linux distributions. What
makes them special with KNOPPIX is that you can often be up and using those features within a
few minutes — without having to repartition your disk, install software, or do any configuration.
For just trying out Linux or using it for some special, quick task such as playing or displaying
music, documents, or spreadsheets from a computer’s hard disk, KNOPPIX is quite awesome.
Some features, however, are specific to KNOPPIX (as compared to a Linux system you would run
from a hard disk). Many of those special features are there to help you through issues that relate to
the fact that you are not working in a permanent setup. In particular, KNOPPIX includes the following:
n Extraordinary hardware detection — The capability to properly detect and configure
hardware is one of the best features. During the boot-up procedure, KNOPPIX finds most
common PC hardware components and loads the proper modules so it can use them. Its
340
Running KNOPPIX
hwsetup tool relies on the Red Hat libkudzu facility to identify hardware, load appropriate modules, and create necessary device files.
For hardware that can’t be detected, there are many boot options you can add to properly
identify (or skip over) selected hardware devices. Some of them deal with particularly
sticky issues related to video cards and running on laptop computers. (See Tables 11-1
through 11-3.)
n Automatic desktop startup — Instead of just dropping you to a command line, KNOPPIX
does its best to start up a complete KDE desktop environment. Along the way, it adds
some nice features, such as desktop icons giving you access to your computer’s hard disk
partitions.
n Configuration tools — Some hardware either can’t be perfectly detected or requires
some extra setup. You can access KNOPPIX-specific configuration tools for configuring
your printer, TV card, sound card, network connections, and other features by clicking
the desktop icon that looks like a squished penguin.
n Save setup — You don’t have to lose the configuration you have done for KNOPPIX
every time you reboot. Click the configuration menu to save your configuration —
including your personal desktop configuration, files on the desktop, network settings,
and graphics setup (X) — to floppy disk, hard disk, or USB memory stick.
n Persistent desktop — You also can use the configuration icon to create a persistent
KNOPPIX home directory on your hard disk or other medium so that you can store and
reuse your desktop setup information and any data you save from session to session. (See
the “Creating a Persistent Home Directory” section later in this chapter for details on setting up a persistent desktop.)
n Add swap — If you are using KNOPPIX from a computer with Linux installed, it automatically uses a swap partition that is set up there. On DOS and Windows systems,
KNOPPIX enables you to create an extra swap area if you have space on an available DOS
partition. (The mkdosswapfile command is used for this purpose.)
n Work with Windows files — KNOPPIX includes drivers for using Microsoft Windows
NTFS file systems. The drivers enable you to read and write files from your hard disk if
you are booting KNOPPIX from a PC with Windows installed. (Writing to NTFS partitions from KNOPPIX is still considered experimental, so consider using an NTFS partition in read-only mode if the partition contains critical data.)
For example, say that you have your entire music collection, images downloaded from
your digital camera, and personal Web pages on your hard disk on a computer that was
set up to be booted by Microsoft Windows XP. You boot KNOPPIX instead (notice that
Microsoft Windows is not running at all). Suddenly your hard disk is just a place that
holds a lot of files. You can now use applications that come with KNOPPIX to open the
files on your hard disk to play the music, view or manipulate images, and display or
change Web pages.
A testament to how well KNOPPIX is respected is how many other bootable Linux distributions are
based on it. The KNOPPIX project even provides a KNOPPIX-customize package that lets anyone
341
11
Part III
Choosing and Installing a Linux Distribution
make his own customized KNOPPIX. There are specialized KNOPPIX derivatives that can be used
to rescue a broken computer, play a range of multimedia content, or run a specific application.
CROSS-REF
See Chapter 18 for information on using a bootable Linux as a firewall/router and
Chapter 19 for descriptions of many other bootable Linux distributions.
Examining Challenges with KNOPPIX
For most people, KNOPPIX is a special-use Linux system. It’s a great way to try Linux or to access
a computer that isn’t set up the way you like. However, there are a few challenges with using
KNOPPIX that you should keep in mind:
n Reboot clears out KNOPPIX — Unless you save your data to some other media (which
you can do, as I describe later in this chapter), the entire KNOPPIX system goes away
when you reboot. That means files on the desktop, installed software, system configuration, and anything else you do during your KNOPPIX session will be gone unless you
explicitly save that information to a hard disk or some removable medium (floppy, CD,
and so on).
n Memory limitations — KNOPPIX is made to be able to run without touching your hard
disk, so when you save files to KNOPPIX, they are (by default) stored in your computer’s
memory (RAM). As a result, precious memory is devoted to holding files that might otherwise be used for running demanding applications.
n Performance hits — Even with today’s faster CD and DVD drives, it’s still slower getting
data from CDs and DVDs than it is getting them from a local hard disk. Almost every
component needed to run KNOPPIX (commands, libraries, and so on) is grabbed from
the CD or DVD and decompressed on-the-fly. So it can take a bit longer to run commands with KNOPPIX than it would to run them from hard disk. Watch the blinking
light on your CD or DVD drive to see how often KNOPPIX goes there to get data.
n Uses your CD/DVD drive — Because KNOPPIX relies so heavily on data from the CD or
DVD, you can’t remove it while you are using the system. So, if you have only one drive
for removable media, you can’t use it to access a music CD, install from another software
disk, or burn data while you are using KNOPPIX.
If you have more than 1GB of RAM on your computer, you can use the toram boot
option to KNOPPIX. This will not only allow you to remove the KNOPPIX disk, because
everything is running from RAM, but will also cause KNOPPIX to run faster than a Linux system
installed on a hard disk.
NOTE
I must admit that the challenges described here are more of an explanation of how KNOPPIX
works than they are problems with KNOPPIX itself. The idea that you can run a full-blown desktop and server operating system from a single CD (with nearly 2GB of available applications) is an
awesome concept for someone who still remembers DOS and character terminals.
342
Running KNOPPIX
Seeing Where KNOPPIX Comes From
KNOPPIX was created by Klaus Knopper in Germany. Knopper follows in the great tradition of
naming a distribution using a part of the creator’s own name with “ix” or “ux” stuck on the end.
While a groundswell of interest and support has appeared for KNOPPIX in the past few years,
Knopper himself admits that KNOPPIX started out more as a collection of tools he needed than as
a full Linux distribution. Knopper works to provide only software that can be distributed freely, for
both noncommercial and commercial use. He doesn’t even include some free software (such as
browser plug-ins) that might restrict free redistribution, although he doesn’t object to including
non–open source software that can still be freely distributed.
There is no big company behind KNOPPIX, and development efforts continue to be headed up by
Knopper himself. There are, however, many people who contribute bug reports and enhancement
requests (see www.knoppix.net/wiki/bugs), and there are other developers who have helped
create software specifically for KNOPPIX (in particular, Fabian Franz who, among other things, has
contributed significant work to KNOPPIX installer-related features).
The only official KNOPPIX Web site is Knopper’s own personal site: www.knopper.net/
knoppix/index-en.html. If you are looking for a way to get information and become involved
with others who use and develop the system, the Knoppix.net site offers a very active forum and
links to information about other KNOPPIX resources. It’s a great place not only to get your questions answered, but also to find a wealth of links to FAQs, HOWTOs, and related projects. There is
also an IRC channel (#knoppix on irc.freenode.net) and a wiki used primarily to gather
documentation (www.knoppix.net/wiki/Main_Page).
If you are considering creating your own customized distribution, tools for that purpose are currently under development and may be included with versions of KNOPPIX by the time you read
this text. In the meantime, you can check out some remaster tools at http://debian.tu-bs
.de/knoppix/remaster/. You can find out about versions that have already been created from
the KNOPPIX Customizations page at www.knoppix.net/wiki/MainPage.
Exploring Uses for KNOPPIX
Because there is so much you can do with KNOPPIX, it’s hard to choose just a few uses to highlight. Consider the following possibilities:
n Your own, portable operating system — You don’t have to carry around a laptop or
whole PC to make sure you have the software you need. Instead, you can use any PC that
is available (with the exception of some unsupported hardware) and boot your whole
computing environment with a single CD. By customizing your own KNOPPIX, you can
add your own data and pick and choose applications as well.
n A tool for managing data on any PC — You can bypass the operating system and other
software on any computer and use the applications on your KNOPPIX disk to manage the
data on that computer.
343
11
Part III
Choosing and Installing a Linux Distribution
Of course, these concepts are not exclusive to KNOPPIX because you could conceptually do the
same thing with any boot floppy since the days of DOS (as well as any other bootable Linux). The
difference is that KNOPPIX does those things so well. It lets you take over a computer, not just
with a tiny rescue disk capable of running a few obtuse commands, but with at full-scale desktop,
server, and administrative tool kit operating system. With that in mind, here are some ways people
are using KNOPPIX:
n Showing off Linux — A demo can lack some punch when you have to spend an hour
installing before you can make your point. With KNOPPIX, it can take about 5 minutes
from the time you tell your friend about Linux to the time you have a complete desktop
system running on his PC. And in the process, you don’t have to worry about harming
anything on his computer because you don’t even need to touch his hard disk.
n Testing a computer for Linux — Instead of getting halfway through an install to see if
your PC is capable of running Linux, you can boot KNOPPIX. If it works, you can check
to see what drivers were loaded to deal with your hardware (type lsmod from a shell) and
then go ahead and install any Linux you like to the hard disk.
n Rescuing a computer or network — Many tools for tracking down and fixing problems
on both Linux and Windows systems are included in KNOPPIX. There is also a KnoppixSTD edition that includes dozens more tools for rescuing broken systems and tracing network problems (see www.knoppix-std.org).
n Taking over a broken server — If a Web server, file server, or firewall has been cracked
or otherwise broken, you might be able to use KNOPPIX to safely serve the data from a
KNOPPIX boot disk while you fix the problem.
n Doing anything you want — For those of us who have gotten used to using Linux, it’s a
pain to go somewhere and have to do work or make a presentation on a computer that
doesn’t have the tools you need. By bringing the whole operating system, all your software
tools, and sometimes even your data (with a customized CD, separate floppy, pen drive, or
downloaded files), your computing environment can be the same wherever you go.
Now that you have some idea of what to do with KNOPPIX, let’s get started.
Starting KNOPPIX
In most cases, it’s very easy to start KNOPPIX. With KNOPPIX in hand, all you really need is a PC
that meets the minimum specifications.
Getting a Computer
If you are ready to start KNOPPIX, I recommend the following:
n A PC — You need a PC that meets the minimal processor and memory requirements
described a bit later. There are no hard disk space requirements because you don’t need
to touch the hard disk. To get better performance on low-RAM systems, however, you
344
Running KNOPPIX
might want to create a swap partition, or swap file, on hard disk to enable you to run
more processes (as described later).
n Permission to reboot — KNOPPIX is going to take over operation of the PC, so you
need to be sure that it’s okay to reboot it. Make sure that nobody else is currently using
the computer or relying on it to be accessible over a network. (It is possible to run
KNOPPIX on a running Windows or Linux system, using virtualization tools such as
Qemu or VMWare. To run KNOPPIX, however, you will need a computer that has a lot of
available RAM. Otherwise, you will get poor performance.)
n Internet connection (optional) — It isn’t necessary, but if your computer has an Ethernet
card and a connection to the Internet, you can immediately start using KNOPPIX to
browse the Web and otherwise take advantage of its communications tools. KNOPPIX will
try to detect a DHCP server (to get an IP address and other information) and automatically
configure itself to use the Internet or other network that is available. If you need a dial-up
connection instead, KNOPPIX includes Kppp for configuring a dial-up modem.
The system requirements for running KNOPPIX are much lower than you need for most of the latest Linux systems. According to Klaus Knopper, you need:
n CPU — Intel-compatible i486 or better.
n RAM — 20MB (for text mode), 82MB (for graphics mode with KDE), or 128MB (to also
run most office applications).
n Bootable drive (DVD drive to use the DVD or CD to use a CD) — KNOPPIX is able to
boot from drives that are IDE/ATAPI, Firewire, USB, or SCSI (provided that your computer can boot from those devices). Otherwise, you can create a boot floppy to start the
process of booting KNOPPIX (described later). If you have a DVD drive, you can boot
KNOPPIX directly from the DVD that comes with this book.
n Graphics card — Must be SVGA-compatible.
n Mouse — Supports any standard serial mouse, PS/2 mouse, or IMPS/2-compatible USB
mouse.
Booting KNOPPIX
If you have a PC in front of you that meets the requirements, you can get started by following these
steps:
1. Insert your KNOPPIX DVD or CD into the appropriate drive.
2. Reboot the computer. After a few moments, you will see the boot screen.
NOTE
Although the boot screens look different for the Linux Bible 2007 Edition DVD and a
regular KNOPPIX CD, you can proceed with the boot process the same way.
3. Press Enter. If all goes well, you should see the KNOPPIX desktop, and you can proceed
to the “Using KNOPPIX” section. If KNOPPIX doesn’t boot up properly or if you want to
tune it further before it boots, continue on to the next section. In particular, you might
want to use some of the boot options shown in Table 11-1.
345
11
Part III
Choosing and Installing a Linux Distribution
Correcting Boot Problems
By understanding a bit about the boot process you will, in most cases, be able to overcome any
problems you might have installing KNOPPIX. Here are some things you should know:
n Check boot order — Your computer’s BIOS has a particular order in which it looks for
bootable operating systems. A typical order would be floppy, CD or DVD, and hard disk.
If your computer skips over the KNOPPIX boot disk and boots right from hard disk,
make sure that the boot order in the BIOS is set to boot from CD or DVD. To change the
BIOS, restart the computer and as it first boots the hardware enter Setup (quickly) as
instructed (usually by pressing F1, F2, or DEL). Look for a selection to change the boot
order so that your CD or DVD boots before the hard disk.
n Add boot options — Instead of just letting the boot process autodetect and configure
everything about your hardware, you can add options to the boot prompt that will override what KNOPPIX autoconfiguration might do. Press F2 from the boot prompt to see
additional boot options.
Some boot options are available with which you can try to overcome different issues at boot time.
KNOPPIX refers to these options as cheat codes. For a more complete list, refer to the file knoppixcheatcodes.txt, which you’ll find in the KNOPPIX directory when you mount the CD or the
DVD that comes with this book on any operating system.
Many boot options can be used with different Linux systems. So if you are having trouble installing or booting a different Linux distribution, you can try any of these options
to see if they work. Instead of the word “knoppix,” you will probably use a different word to launch
the install or boot process for other distributions (such as “linux” for Fedora systems or “morphix” for
Morphix Live-CD, depending on the distribution).
NOTE
When KNOPPIX first begins the boot process, you see the boot screen, with the boot: prompt at
the bottom. The following tables provide boot prompt options that can help you get KNOPPIX
running the way you like. Table 11-1 shows options to use when you want specific features turned
on that may not be turned on by default when you boot.
TABLE 11-1
Boot Options to Select Features
Option
Feature
knoppix lang=??
Choose a specific language/keyboard. Replace ?? with one of
the following: cn, de, da, es, fr, it, nl, pl, ru, sk, tr,
tw, uk, or us.
knoppix desktop=??
Instead of using the KDE desktop (kde), replace ?? with one of
the following window managers: fluxbox, icewm, larswm,
twm, wmaker, or xfce.
knoppix blind
Start BrailleTerminal (running without X).
346
Running KNOPPIX
Option
Feature
knoppix brltty=type,port,table
Add parameters to use for the Braille device.
knoppix wheelmouse
For a wheel mouse, enable IMPS/2 protocol.
knoppix nowheelmouse
For a regular PS/2 mouse, force PS/2 protocol.
knoppix keyboard=us xkeyboard=us
Assign different keyboard drivers to use with text (shell) and
graphical (X).
knoppix dma
Turn on DMA acceleration for all IDE drives.
knoppix gmt
Use time that is based on Greenwich Mean Time. You can use
utc instead of gmt to get the same result.
knoppix tz=country/city
Specify a particular time zone, based on country and city.
knoppix noeject
Don’t eject the CD after KNOPPIX has stopped.
knoppix noprompt
Don’t prompt to remove CD after KNOPPIX stops.
If there is hardware being improperly detected or configured, you can have KNOPPIX skip over
that hardware. Table 11-2 contains options for skipping or turning off various hardware features.
TABLE 11-2
Boot Options to Turn Off Hardware
Option
Result
knoppix atapicd
No SCSI-Emulation for IDE CD-ROMs.
knoppix noagp
No detection of AGP graphics card.
knoppix noapic
Disable Advanced Programmable Interrupt Controller (can overcome some
problems on SMP computers).
knoppix acpi=off
Disable Advanced Configuration and Power Interface (ACPI).
knoppix noapm
No Advanced Power Management support. (With a working acpi, apm will
be off by default. Only one can be active at a time.)
knoppix noaudio
No sound support.
knoppix nodhcp
Don’t try to start your network connection automatically via DHCP.
knoppix fstab
Don’t read the fstab file to find file systems to mount or check.
knoppix firewire
No detection of Firewire devices.
knoppix nopcmcia
No detection of PCMCIA card slots.
knoppix noscsi
No detection of SCSI devices.
continued
347
11
Part III
Choosing and Installing a Linux Distribution
TABLE 11-2
(continued)
Option
Result
knoppix noswap
No detection of swap partitions.
knoppix nousb
No detection of USB devices.
knoppix nousb2
Disable extensions for USB 2.0.
knoppix pnpbios=off
Don’t initialize plug-and-play (PnP) in the BIOS.
knoppix failsafe
Do almost no hardware detection.
Table 11-3 lists options that may help if you are having trouble with your video card. Several of
these options are particularly useful if you are having trouble with X on a laptop.
TABLE 11-3
Boot Options to Fix Video Problems
Option
Result
knoppix screen=??
Pick X screen resolution. Replace ?? with 640 × 480, 800 × 600, 1024 × 768,
1280 × 1024, or any other resolution supported by your video card.
knoppix xvrefresh=60
Set vertical refresh rate to 60 Hz for X (or other value as specified by monitor’s
manual).
knoppix xhrefresh=80
Set horizontal refresh rate to 80 Hz for X (or other value as specified by
monitor’s manual).
knoppix xserver=??
Replace ?? with XFree86 or XF86_SVGA.
knoppix xmodule=??
Select the specific driver to use for your video card. Replace ?? with one of the
following: ati, fbdev, i810, mga, nv, radeon, savage, s3radeon,
svga, or i810.
knoppix 2
Runlevel 2, Text mode only.
knoppix vga=normal
No-framebuffer mode, but X.
knoppix fb1280x1024
Use fixed framebuffer graphics (1).
knoppix fb1024x768
Use fixed framebuffer graphics (2).
knoppix fb800x600
Use fixed framebuffer graphics (3).
Customizing KNOPPIX
Several boot options exist that tell KNOPPIX to look for a customized home directory or configuration information on hard disk or floppy. See the “Keeping Your KNOPPIX Configuration” section
later in this chapter for information on how to both save a customized KNOPPIX configuration
348
Running KNOPPIX
and tell KNOPPIX where to look for that customized information at boot time. (Unless they were
created from KNOPPIX, most other Linux distributions will not use these boot options.)
Table 11-4 lists options you can use to identify the location of your customized data or tell KNOPPIX
to run in ways that will make it perform better. Some of these options are described in detail in
sections that follow.
TABLE 11-4
Boot Options to Find Data or Boot Faster
Option
Result
knoppix myconf=/dev/????
Tells KNOPPIX to run the knoppix.sh script
from a particular partition. For example, replace
???? with hda1 (first partition on first IDE drive)
or sda1 (first partition on USB flash drive or
SCSI drive).
knoppix myconf=scan
Search available drives for knoppix.sh script.
knoppix home=/mnt/????/filename.img
Identify the location of an image file that should
be mounted and used as the /home directory
during your KNOPPIX session. For example,
using the file /mnt/hda1/knoppix.img gets
an image file (knoppix.img) from the top-level
directory of the first partition of the first IDE
drive.
knoppix home-scan
Search available drives for a home directory
image.
knoppix mem=???M
Make the specified amount of memory available
to KNOPPIX (for example, 128M).
knoppix toram
Copy the contents of the CD to RAM and run it
from there. (For a live CD, you should have at
least 1GB of RAM available to use toram.)
knoppix tohd=/dev/????
Copy the contents of the CD to a hard disk
partition and run it from there. Replace ???? with
the device name, such as hda1 or sda1. The
partition must be ext2 or VFAT to use this feature.
knoppix fromhd
Look for KNOPPIX to run on hard disk, instead
of the CD.
knoppix fromhd=/dev/????
Look for KNOPPIX to run from a particular
partition on hard disk, instead of the CD.
Replace ???? with the device name, such as hda1
or sda1.
continued
349
11
Part III
Choosing and Installing a Linux Distribution
TABLE 11-4
(continued)
Option
Result
knoppix bootfrom=/dev/????
If the KNOPPIX image is on an NTFS or ReiserFS
file system, use this option to boot the image
from there.
knoppix bootfrom=/dev/????/KNX.iso
Select a particular image name to boot from,
when the image exists on an NTFS or ReiserFS
file system on the selected hard disk. The kernel
versions on the CD and hard disk image must
match.
Special Features and Workarounds
Other boot options are described in the knoppix-cheatcodes.txt file that comes on the
KNOPPIX CD (open the KNOPPIX folder from the KNOPPIX icon on the desktop to find the file).
Things you can do with boot options include changing the splash screen when KNOPPIX boots,
running in expert mode so you can load your own drivers, testing your computer’s RAM, and trying to overcome special problems with laptop computers.
n Testing the CD — If you suspect that you have a bad KNOPPIX CD, I recommend running this from the boot prompt:
knoppix testcd
If you are still not able to boot KNOPPIX at this point, it might be that your hardware is
either not supported or is broken in some way. To further pursue the problem, check out
an appropriate forum at www.knoppix.net.
n Running KNOPPIX from RAM — To improve performance, KNOPPIX offers a way to
run the entire KNOPPIX distribution from RAM (provided you have enough available) or
install it on hard disk and run it from there. Provided that you have more than 1GB of
RAM, you can run KNOPPIX entirely from RAM (so you can remove the KNOPPIX DVD
or CD and use that drive while you run KNOPPIX) by typing the following from the boot
prompt:
knoppix toram
n Installing KNOPPIX to Hard Disk — You can run KNOPPIX entirely from hard disk if
your hard disk is either a FAT or EXT2 file system type and contains at least 800MB of
space. To do this, you must know the name of the hard disk partition you are installing
on. For example, to use the first partition on the first IDE drive you would use
/dev/hda1. In that case, to copy KNOPPIX to that disk partition, you would type this
at the boot prompt:
knoppix tohd=/dev/hda1
350
Running KNOPPIX
You can watch as KNOPPIX is copied to your hard disk partition and then boots automatically from there. The next time you want to boot KNOPPIX, you can boot it from
hard disk again by inserting the KNOPPIX medium and typing the following:
knoppix fromhd=/dev/hda1
With KNOPPIX running from your hard disk, you can safely eject your CD or DVD and use the
drive for other things (type eject /dev/cdrom). Refer to the knoppix-cheatcodes.txt file for
information on other things you can do from the KNOPPIX boot prompt.
Using KNOPPIX
Rather than go over how to use the features in KNOPPIX that are common to many Linux systems
(KDE, Internet tools, word processors, and so on), I’ll give you a quick tour of the special features
in KNOPPIX. If your computer booted KNOPPIX properly, you should see a screen that is similar
to the one shown in Figure 11.1.
FIGURE 11.1
KNOPPIX boots to a full KDE desktop that is ready to run.
351
11
Part III
Choosing and Installing a Linux Distribution
I’ve opened a couple of applications to illustrate some things, and the following sections explore
what you typically get when KNOPPIX comes up.
Using the KDE Desktop in KNOPPIX
KDE is the default desktop environment that comes with KNOPPIX. You can change that at the boot
prompt to use one of several window managers instead, or get a Gnoppix disk instead to use the
GNOME environments. But, as delivered, the desktop looks similar to what you see in Figure 11-1.
The KNOPPIX version of KDE matches pretty closely the descriptions in Chapter 3, although there
are a few items related to the KNOPPIX KDE desktop that are worth noting:
n Desktop icons — To get information about KNOPPIX, click the KNOPPIX icon (choose a
language, and then find links to FAQs, Knopper.Net, and general KNOPPIX information)
or the LinuxTag icon (to read the licenses). There is also the requisite Trash icon.
n Disk icons — Any CD, DVD, floppy, or other removable medium drive is displayed as an
icon on the desktop. Of course, this includes the drive holding the KNOPPIX disk, which
you can get to directly to do such things as find boot images or KNOPPIX documentation.
Hard disk partitions are also represented by icons on your KNOPPIX desktop. Click one
of those icons and you can access (read-only) the files on that hard disk partition. This is
a great feature for getting the information you need without, by default, letting you
change or otherwise damage the data on the computer. To make a disk writable, rightclick on the disk icon and select Actions ➪ Change read/write mode. If you are not able
to write to the disk, refer to the section on making disks writable later in this chapter.
n KDE Panel — KNOPPIX loads the KDE Panel with applets and launchers for a few useful
applications. Click the K button to display the menu containing most KDE applications
for you to select. The Web Browser icon launches the Konqueror browser, which is the
KDE file manager as well.
n KNOPPIX configuration — Click the squished penguin icon in the KDE Panel to see a
menu of configuration tools specific to KNOPPIX. This is where you can tune up your TV
card, configure printers, get your network connection going, and even start a few servers.
I describe some of these subjects — in particular, how to save data and configuration
information across sessions with this otherwise ethereal operating system — later in this
chapter.
n Launching games, players, and other stuff — From the KDE menu, you can launch
applications as you would from any desktop operating system. Just to illustrate that, I
launched a simple game (Frozen Bubble), Konqueror Web browser, and a music player
(Kaffeine) for Figure 11.1.
Running KNOPPIX, at this point, is just like running any other Linux system with a KDE desktop,
with one major exception. By default, you can’t save any data permanently. There are a few ways
around this issue, especially if you expect to use KNOPPIX on a regular basis. Refer to sections on
creating persistent desktops and opening disks for writing later in this chapter.
352
Running KNOPPIX
Getting on the Network
If you have an Ethernet card and a connection to a network that has a DHCP server, your
KNOPPIX system should just start up and offer immediate access to that network (and possibly
the Internet if it offers such a connection). If not, KNOPPIX offers several tools for configuring
your network connection, including:
n Dial-up modem — From the squished penguin, select Network/Internet ➪
/dev/modem connection setup. The menus that appear help you create a dial-up connection to the Internet, or other TCP/IP network, using a serial modem, USB modem,
IRDA cell phone/PDA, or Bluetooth cell phone/PDA.
n ADSL router — From the squished penguin, select Network/Internet ➪ ADSL/PPPOE
configuration. It will help you connect your broadband ADSL router to connect to the
Internet.
n GPRS connection — From the squished penguin, select Network/Internet ➪
GPRS/UMTS connection to set up a connection via your cellphone provider.
n Network card — From the squished penguin, select Network/Internet ➪ Network card
configuration to configure your Ethernet card (assuming you don’t just want to use
DHCP to get your network address).
n ISDN — From the squished penguin, select Network/Internet ➪ ISDN to use ISDN to
connect to the network.
n Wireless Card — From the squished penguin, select Network/Internet ➪ Wavelan to use
a wireless Ethernet card to connect to the network. You can instead select ndiswrapper
configuration if there is no Linux driver for your card, but you have a Windows driver
you can try.
In addition to the interfaces available here, you can use the wvdialconf command to create your
dial-out connection as described in Chapter 5.
Installing Software in KNOPPIX
Despite the fact that KNOPPIX includes a wide range of software applications, there may be some
software package you want to use with it that isn’t included. For installing software while you are
running KNOPPIX from the DVD, you can use Synaptic.
To start Synaptic, click the squished penguin on the KNOPPIX panel and select Utilities ➪ Manage
Software in KNOPPIX. The Synaptic window opens, displaying lists of installed packages. Here’s
what you do to install a package:
1. Reload package list. To see which packages are available for you to install, select the
Reload button. Synaptic searches online repositories configured for KNOPPIX for available packages and loads them into the Synaptic window. New package categories and
packages appear.
353
11
Part III
Choosing and Installing a Linux Distribution
2. Select package. Choose a category on the left and any package you want from that category on the right. A description of the package appears in the lower pane. Figure 11.2
shows an example of Synaptic with the bzflag package selected.
FIGURE 11.2
Choose packages to install in KNOPPIX using Synaptic Package Manager.
3. Mark for install. With the package that you want to install highlighted, select Package ➪
Mark for Installation. If any changes to existing packages or additional packages are
needed, a pop-up window alerts you. Click Mark to continue.
4. Apply changes. After you have selected all the new packages you want, select Apply. If
the changes noted in a pop-up window are okay, select Apply again. Synaptic begins
downloading and installing the selected packages.
Remember that the software is being installed in the version of KNOPPIX that is running in RAM.
So, the software will disappear the next time you reboot, unless you do something to preserve your
data (such as creating a persistent desktop before you install the software you want to keep).
Saving Files in KNOPPIX
When you reboot your computer with KNOPPIX, you not only lose KNOPPIX itself but any data
and configuration information you may have created along the way. That’s because, by default,
KNOPPIX runs from your system’s RAM and a nonwritable CD or DVD. Using tools and procedures that come with KNOPPIX, there are ways in which you can keep that information going
forward.
KNOPPIX happily gives you a login name (knoppix) and a home directory (/home/knoppix),
each time you boot from KNOPPIX. You can save files to that directory, as well as change your
desktop and system configuration information (which is stored in that directory and in /etc files).
The problem is that those directories are in RAM, so they disappear when you reboot.
354
Running KNOPPIX
The following sections give you some ideas about how to save what you do in your KNOPPIX session to use in future sessions.
Writing to Hard Disk
Although hard disk partitions are mounted read-only by default, you can make them read/write if
you like. Then you can store any data you want to save on those partitions. (You can simply drag
and drop files to those partitions when they are displayed in a Konqueror window or save files
there from an application.)
Up to this point, there’s not much risk of damaging any data on your hard disk. Once
you make your disks writable, you have the potential for deleting or changing that data.
Keep that in mind if the computer doesn’t belong to you or if you are not used to using Linux.
Regardless of which user you are logged in as, KNOPPIX does not prevent you from changing any file
in a writable hard disk partition.
CAUTION
Mounting Linux Partitions for Writing
KNOPPIX usually identifies all hard disk partitions and adds entries for each one in your
/etc/fstab file. If you click the icon representing that partition, the partition is automatically
mounted and a folder opens to the root of that directory.
The name of each partition (hda1, hda2, and so forth for IDE partitions; sda1, sda2, and so on for
SCSI disk partitions, including USB flash drives) is shown on the desktop icon representing each
partition. Hover the mouse pointer over the icon to see information about the partition’s mount
point and device name. With that information, you can make any of those partitions writable by
following these steps:
1. Right-click the icon representing the hard disk partition you want to write to on the
KNOPPIX desktop. A menu opens, displaying functions available for that partition.
2. Choose Change read/write mode. You are asked if you really want that partition to be
writable. Select Yes.
At this point you can open the folder to the partition (hda2 in our example) or open a shell and
write to that directory (/mnt/hda2 and any subdirectories). To make that change permanent (in
the KNOPPIX sense), you need to change the /etc/fstab to add rw to the entry for the partition so it is mounted read/write by default. Again, with the example of /dev/hda2, an entry in
/etc/fstab to mount that partition read/write could look as follows:
/dev/hda2 /mnt/hda2 ext3 noauto,users,exec,rw 0 0
With that change, simply typing sudo mount /dev/hda2 mounts the directory with read/write permissions. You can save that change permanently, as described in the “Keeping Your KNOPPIX
Configuration” section later in this chapter.
355
11
Part III
Choosing and Installing a Linux Distribution
Mounting Windows Partitions for Writing
Provided your partitions are properly detected, mounting Windows partitions is no different than
mounting Linux partitions. For Windows file system types FAT and VFAT, there should be no
problem mounting and writing to those file systems. For NTFS file systems, there are a few things
you should consider before writing to them.
Earlier versions of KNOPPIX allowed you to download a feature called Captive NTFS. With
Captive NTFS, you could use native Windows drivers to access NTFS partitions from KNOPPIX.
This was considered to be reliable enough that you could write to NTFS partitions without much
fear of corruption.
The current version of KNOPPIX uses drivers from the Linux-NTFS Project (http://
www.linux-ntfs.org/) to provide support for accessing NTFS file systems from Linux. The
advantage of using Linux-NTFS is that NTFS partitions can be mounted and used just like any
other Linux file system. In other words, you don’t need Windows drivers. The down side is that
writing to NTFS partitions using Linux-NTFS is considered unreliable and could cause corruption to
your NTFS partition. So, I recommend you not try to write to an NTFS file system from KNOPPIX
if it contains critical data, but feel free to read from NTFS during a KNOPPIX session.
Creating a Persistent Home Directory
If you are going to use the computer more than once with KNOPPIX (or if you just want more
storage space for files than your computer has available in RAM) you can assign your KNOPPIX
home directory (/home/knoppix) to use some of the available space on your hard drive. That
can be done one of two ways:
n Assigning an entire partition to be used for your home directory.
n Assigning a part of that partition for your home directory, in the form of an image file.
You can also put your persistent home directory on rewritable, removable media, such as a memory stick. Once you create that area to use as your home directory, you can tell KNOPPIX to use it
every time you restart KNOPPIX. Here’s what you do:
1. Click the squished penguin in the panel, and then select Configure ➪ Create a Persistent
KNOPPIX disk image. A window appears, asking if you are ready to create a persistent
home directory.
2. Click Yes to continue. You are asked which partition you want to use for your persistent
home directory.
3. Select the partition you want to use to store your persistent desktop and click OK. You
are asked if you want to save the home directory in an encrypted format.
4. Select No, to not have the directory selected as encrypted (if you choose Yes, you’ll have
to specify a long password that you will need to access the persistent home directory at
boot time). You are asked to enter the size of your home directory.
356
Running KNOPPIX
5. Type the number of megabytes to assign to your home directory and click OK. Be sure
that that much space is available on the partition. (When the partition is mounted later,
you can type df -h to see how much space is available on it.) The partition or image file
should be created now.
When I ran this procedure to create a 100MB image on the hda5 partition, it created the file
/mnt/hda5/knoppix.img, which had 97MB of available space. To see how to use that directory, see the “Restarting KNOPPIX” section later in this chapter.
Keeping Your KNOPPIX Configuration
After you have gone through all the work to configure your desktop, printer, network, disks, and
other preferences for your KNOPPIX setup, it’s a shame to lose all that on your next reboot. Well,
KNOPPIX offers a way that you can save your configuration information and reuse it for your next
session. That saved information can be stored on a floppy disk or any other medium that is accessible (such as your hard disk) the next time you reboot KNOPPIX. Here’s how:
1. From the squished penguin icon on the panel, click Configure ➪ Save KNOPPIX
configuration.
2. Choose the configuration files to save. You can choose to save your personal configuration (from /home/knoppix .kde and .mozilla directories), files on the desktop,
your network configuration, X configuration, and other system configuration files (from
/etc).
3. Choose to save your configuration files to your floppy disk or to any available disk partition that is writable. Choosing floppy can make the configuration portable, whereas using
the hard disk makes the configuration easily reusable on the same machine.
4. If you are saving to floppy, insert the floppy and click OK. The data is saved to floppy
disk.
The results from this action are that the knoppix.sh and configs.tbz files are created on
floppy disk. The configs.tbz file contains all the saved configuration files from your /home
and /etc directories. The knoppix.sh file is a script that tells KNOPPIX how to install those
files when KNOPPIX boots up. The next time you start KNOPPIX, you can use the configuration
files, as described in the next section.
Those who create their own customized KNOPPIX boot disks can simply add their
knoppix.sh and config.tbz files to the top-level directory of the CD, so KNOPPIX
will just boot to their personalized configuration without worrying about an extra floppy or other
medium.
NOTE
Restarting KNOPPIX
You can start KNOPPIX anytime by just inserting your KNOPPIX CD or DVD and restarting your
computer. However, if you want to take advantage of the persistent desktop you set up or the
357
11
Part III
Choosing and Installing a Linux Distribution
saved configuration information, you need to add some options to the KNOPPIX boot prompt.
Here’s how:
1. Insert your KNOPPIX CD or DVD into the computer and reboot. You should see the
KNOPPIX boot prompt.
2. Press F3 (before KNOPPIX boots) to see if any additional boot options are required.
3. If you have a configuration floppy boot disk (or other removable media created in an earlier procedure), insert that disk now.
4. At the boot prompt, type one of the following command lines, which are different ways to
load your configuration files:
boot:
boot:
boot:
boot:
knoppix
knoppix
knoppix
knoppix
floppyconfig
myconfig=/dev/hda1
myconfig=/dev/sda1
myconfig=scan
These KNOPPIX boot commands, respectively, get configuration information from the
floppy disk, look for that information on the first IDE drive partition (/dev/hda1), look
for it on the first SCSI drive partition (/dev/sda1), or scan all available drives to find
the information. To boot to a persistent desktop (assuming you set one up earlier), you
can instead type:
boot: knoppix home=/dev/hda1/knoppix.img
boot: knoppix home=/dev/sda1/knoppix.img
boot: knoppix home=scan
The previous boot commands, respectively, assign the KNOPPIX home directory (/home/
knoppix) to the /dev/hda1/knoppix.img file, to the /dev/sda1/knoppix.img
file, or to the image file found by scanning all available directories for that file. You can also
combine one from each of the two preceding command sets to both read your configuration
files and assign a persistent desktop, as follows:
boot: knoppix floppyconfig home=/dev/hda1/knoppix.img
Now you are ready to continue your KNOPPIX session where you left off last time, with the same
configuration and data files available.
Summary
KNOPPIX offers what many feel is the best bootable Linux today. It gives you a fully configured
Linux desktop system available virtually anywhere you can find a bootable PC.
Besides its desktop features, KNOPPIX contains software needed to use many server, programming, and troubleshooting features of Linux as well. Despite the fact that KNOPPIX runs as a
bootable system in RAM, by default, there are ways to configure it to save data and configuration
information across multiple boot sessions.
358
Running KNOPPIX
The fact that KNOPPIX can be used to come up to a consistent state every time you boot it is
another advantage to using KNOPPIX. If you believe that your saved customizations have become
corrupted, you can always reboot KNOPPIX without them to start with a clean KNOPPIX system
again.
KNOPPIX is particularly valuable as a tool for accessing a damaged computer so that you can troubleshoot it. With a KNOPPIX disk booted on a computer that was installed to use Microsoft
Windows or other operating system, you can use KNOPPIX to access and work with data on that
computer’s hard disk.
359
11
Running Yellow Dog Linux
Y
ellow Dog Linux is one of the premier Linux distributions for the
PowerPC (PPC) platform. Offered by Terra Soft Solutions (www
.terrasoftsolutions.com), Yellow Dog Linux provides
unparalleled concentration on the needs of the PowerPC users.
IN THIS CHAPTER
Digging into Yellow Dog Linux
Installing Yellow Dog Linux
Because most Linux distributions focus on the Intel/AMD (x86) platform, it’s
sometimes startling to realize that there’s a major Linux distribution, with a
passionate community of its own, providing a strong presence in the world
of PowerPCs. Distributions such as Ubuntu provide PowerPC versions of
their releases and have dedicated PowerPC developers. Yellow Dog, however,
is solely dedicated to PowerPC and similar processors. To go after PowerPC
enthusiasts, Terra Soft Solutions tailors its Yellow Dog Linux to include the
multimedia and ease-of-use features that Apple users expect.
This chapter aims at introducing you to Yellow Dog Linux and how it is
moving forward to cater to those who love Apple’s PowerPC hardware but
are drawn to Linux.
Yellow Dog Linux is not included on the CD or DVD that come with this
book. You can purchase Yellow Dog Linux from Terra Soft Solutions
(www.terrasoftsolutions.com/store) or download the fourCD installation set from a Yellow Dog Linux mirror site (for a list of
mirror sites, see http://yellowdoglinux.com/resources/
ftp_mirrors.shtml). See Appendix A for information on burning CDs.
361
Running Mac-on-Linux
Part III
Choosing and Installing a Linux Distribution
Understanding Yellow Dog Linux
Terra Soft Solutions has focused its efforts on making Yellow Dog Linux work for a wide range of
Apple products, which has resulted in less chance of hardware incompatibilities. This is one of the
distribution’s strengths. Another heartening note is that Terra Soft Solutions is an Apple Authorized
OEM Value Added Reseller with permission from Apple to install Linux on Apple hardware, retaining any hardware warranties provided by Apple.
The latest Apple hardware uses x86 chips in the form of Intel’s Cure Duo processors.
Yellow Dog Linux will not work on these systems because that’s not Terra Soft’s mission.
See the section entitled “Going Forward with Yellow Dog” for more information.
NOTE
Mac OS X, in the form of Aqua, is considered one of the most advanced graphical user interfaces
on the market today. With a sophisticated interface available on the Apple platform, a user might
question putting Linux on Apple hardware, but there are many valid reasons to install Linux on the
PowerPC architecture, including:
n Cost of applications — Commercial applications usually have a higher price of ownership than their open source counterparts for similar functionality. For instance, the latest
word processor on the Mac OS X platform can cost hundreds of dollars, whereas the
open source alternatives are generally free. The free software available for Linux far
exceeds that available for the Mac OS X platform.
While some of the more popular open source programs are available for Mac OS X, they
may require a port of the software, as opposed to a recompile. Porting applications is a
more complicated process and usually requires expertise in operating system programming. Porting is
outside the sphere of this book.
NOTE
n Extended hardware life — Linux is well known for its low operation requirements. You
can use Yellow Dog Linux on machines that aren’t necessarily supported by the latest Mac
OS X version and still run the latest Linux applications.
n Uniformity — Linux is widely deployed, especially for back-office functions. By using
Yellow Dog Linux (often referred to as YDL), you can mix PowerPC hardware with Intel
hardware in the same production environment, with application and operating system
uniformity, thus reducing costs associated with the support of two different operating systems. Because Linux is open source and widely available, you also reduce your dependence on one entity for your operating systems.
n Security — Yellow Dog Linux has the support of thousands of programmers who constantly develop patches and updates for software, as opposed to depending on a commercial entity to release patches (or doing them yourself).
n Ease of administration/use — Linux (and particularly Fedora Core, on which Yellow
Dog Linux is based) is so widely deployed, with more installations occurring every day,
that it’s understood and managed by a large user/administrator group. It’s often easier for
system administrators and users to complete tasks on a familiar system with a standard
interface.
362
Running Yellow Dog Linux
n Mac-on-Linux — Mac-on-Linux software enables you to run Mac OS X (10.1 through
10.3.3), Mac OS 7.5.2 through 9.2.2, or another instance of Linux within your active
Yellow Dog Linux session on a PowerPC system, so you get the best of both worlds.
A few different versions of Yellow Dog Linux are available that cover a wide spectrum of current
and legacy PowerPC hardware:
n Yellow Dog Linux 5.0 — Not yet freely available when this book was written, this version provides support for Power Architecture Cell processors, cell-based systems such as
the PlayStation 3, and systems from Mercury Computer, and IBM and Apple systems
using the G5, IBM 970, G4, and G3 PowerPC processors.
n Yellow Dog Linux 4.1 — An updated and enhanced release of Yellow Dog Linux that
provides full support for all of the specialized hardware found in the latest PowerPC Mac
Minis and G5 systems, as well as continued support for G3 and G4 systems.
n Yellow Dog Linux 3.0.1 — The last version of Yellow Dog Linux (October 1, 2004) to
support the beige G3 hardware (66 MHz) and previous Old World ROM Macs. This version also supports most of the same hardware that Yellow Dog Linux 4.0 supports.
n Y-HPC — A variation of Yellow Dog based on the 64-bit Fedora Core 5.0 version of
Linux. This version is for high-performance computing and focuses on offering highperformance support for Xserve G5s or cluster nodes.
Going Forward with Yellow Dog
Despite the fact that Apple has moved its product line from the PowerPC to the x86 (standard PC)
architecture, Terra Soft Solutions continues developing Yellow Dog Linux for the Power architecture. While Terra Soft remains a top-tier value-added partner of Apple’s, it has also begun selling
pre-installed Linux systems on hardware from other manufacturers.
Simply put, Yellow Dog’s mission is to support the latest Power architecture systems, such as the
Sony PlayStation 3, cell-based and high-end PowerPC systems from vendors such as IBM and
Mercury Computer, and to continue to deliver PowerPC-focused Linux for the 10 or 20 million
people like myself who have PowerPC-based Macs but want to take advantage of the power of
Linux on those systems.
For high-end server systems, Terra Soft Solutions offers its Y-HPC operating system on IBM 970
BladeCenter 42U rack servers and Mercury Computer XR9 64-bit extended ATX 1U and 4U rack
servers. Along with Y-HPC on these machines comes the Y-Imager cluster management software
suite, so you can centrally manage multiple Power-based Y-HPC servers.
On the workstation end, Terra Soft is the Linux vendor of choice for the Sony PlayStation 3. After
having worked closely with Sony to ensure complete support and interoperability, Terra Soft delivered Yellow Dog Linux 5.0 for the PS3 at the end of November 2006. Similarly, Terra Soft has also
partnered with Genesi USA (www.genesippc.com) to sell the Open Desktop Workstation with
363
12
Part III
Choosing and Installing a Linux Distribution
Yellow Dog Linux pre-installed. The Open Desktop Workstation has a micro-ATX form factor, both
Gigabit and 10/100 Ethernet ports, an AGP slot, three low-profile PCI slots, and multiple FireWire
and USB ports.
The bottom line here is that you can expect Yellow Dog Linux to continue with its support for
Power architecture both on server and desktop systems. So, Apple users who love their PowerPCs
can find a way to continue using that hardware by moving over to a Yellow Dog Linux system.
Also, because of the Power architecture’s support for multimedia hardware and Yellow Dog’s inclusion of software for playing a variety of audio and video content, the combination adds a bit of
sparkle to the standard Linux desktop systems that are around today.
Digging into Yellow Dog
Yellow Dog Linux offers a Fedora Core, RPM-based distribution that is highly compatible with
most available open source software. By basing the Yellow Dog distribution on a widely deployed
and used x86 distribution such as Red Hat’s Fedora Core, Terra Soft Solutions has been able to
quickly deploy a very uniform, user-friendly experience for its user base. This section takes a look
at some of the highlights of the Yellow Dog distribution.
This chapter focuses on Yellow Dog 4.1, which was released in March of 2006 and is the
latest version of Yellow Dog Linux that was freely available at the time that this book
was written. Yellow Dog Linux 5.0 may be freely available at the time that you read this — see the
Terra Soft Solutions Web site for information.
NOTE
Yellow Dog Linux 4.1 offers four full CDs of software with some of the following applications:
n 2.6.15 Linux Kernel
n X Window System server (X.Org 6.8.2)
n KDE 3.4.2 desktop (unified with GNOME to provide easy access to programs from either
desktop environment)
n GNOME 2.12.1 desktop (again, unified with KDE to provide easy access to programs
from either desktop environment)
n OpenOffice 1.1.2 (suite of productivity tools including a spreadsheet program, drawing
program, presentation software, and a full-featured, Microsoft Word–compatible word
processor)
n More than 1,300 other application packages from programming tools to Web browsers
The wide range of applications included on the Yellow Dog CDs is enough to keep even the most
computer-savvy person happy, but many more choices are available on the Internet, so you should
be able to find an application that fits your needs.
364
Running Yellow Dog Linux
Fedora Core is the community-supported version of what was previously the ubiquitous Red Hat
Linux distribution. As a derivative of Fedora Core, Yellow Dog Linux can offer the advantages of
Fedora features on a Mac platform, including:
n Red Hat Package Manager (RPM) software — Starting with software packages from the
Fedora project helps Yellow Dog Linux avoid compatibility problems suffered by some
Linux distributions. Users can also rely on well-known RPM packaging tools for adding,
removing, and managing software.
n Anaconda installer — Yellow Dog takes advantage of the well-tested Anaconda installer
for easy installation.
n Kudzu hardware detection — By starting with the Fedora Core kudzu facility for detecting and configuring hardware, Yellow Dog has a stable foundation for probing equipment
that has been extended to work with Mac hardware.
CROSS-REF
Refer to Chapter 8 for more information on the Fedora Core project and some of the
specifics regarding its implementation.
Installing Yellow Dog Linux
Before you can install Yellow Dog Linux, you need to get a copy of it from some of the many
resources available. The first and most recommended avenue is to purchase it from the vendor.
This has the dual effect of your acquiring the distribution from the source as well as supporting the
company that creates Yellow Dog Linux so it can continue development for the PowerPC platform.
Yellow Dog Linux always makes the previous version of its distribution freely available
and downloadable from its web site. By the time that this book is published, version 5.0
will be commercially available, meaning that YDL 4.1 will be available as downloadable CD images.
Packaging details for YDL 5.0 may differ slightly when it is officially released. See
http://www.terrasoftsolutions.com/resources/downloads.shtml for information
about downloading the latest version that is available.
NOTE
To purchase Yellow Dog Linux from Terra Soft Solutions, visit the Terra Soft Solutions Web store at
http://terrasoftsolutions.com/store/. When purchasing from Terra Soft Solutions,
you receive the following in a box set:
n Install and source DVDs.
n Getting Started with Yellow Dog Linux, a book that covers all the information a beginning
Linux user would need to know to get a fully operational Yellow Dog Linux system
running.
n Optional 60 days of installation support (you can purchase the box set with or without
support, depending on your needs and skill level with Linux).
n Other goodies (sticker, flexible flier depending on package purchased).
n The knowledge that you are supporting the company that created the product, allowing
further development.
365
12
Part III
Choosing and Installing a Linux Distribution
Alternatives to purchasing the Yellow Dog Linux box set include:
n Purchasing a subscription to YDL.net — This is Terra Soft Solutions’ online resource for
Yellow Dog Linux users. You can get e-mail accounts and Web space as well as prerelease
access to the latest version of Yellow Dog Linux before it is available for general release.
The costs vary depending on which version you choose. More information is available at
www.ydl.net.
n Downloading and creating your own ISO — You can download the distribution from
one of the many Linux mirrors as identified at http://yellowdoglinux.com/
resources/ftp_mirrors.shtml and burn your own ISO.
n Purchasing online — If you have a slow Internet connection and want to try Yellow Dog,
you can purchase burned CDs or DVDs (depending on the release of Yellow Dog that you
want to run) from various Linux stores on the Internet. Use your favorite search engine to
locate one near you.
Hardware Support
Hardware support with the Linux operating system was a major issue in the past, but as Linux’s
popularity has grown, many device makers have provided access to their hardware drivers or in
some cases have created hardware drivers for Linux. While this is still an issue with hardware that
is brand new in the x86 community, the effects are lessened with the PowerPC platform because all
hardware is generally created to Apple’s exacting standards. Terra Soft Solutions’ focus on Apple
hardware and generally fewer variations in hardware add up to support being much faster for the
PowerPC platform.
One of the great things about Yellow Dog Linux is that as you dig into it, you discover that some of
the hardware compatibility issues faced by the x86 Linux crowd (such as with Winmodems, the
plethora of hardware configuration options, and so forth) are minimized or eliminated. With Terra
Soft Solutions, a fully authorized Apple Value Added Reseller, you are assured that the hardware
you are using will be supported. There are some notable hardware support differences with the
release of YDL 5.0 and 4.1, and the fully capable 3.0.1 version covers any older hardware that is
not supported in the 4.x product.
In addition to being able to install Yellow Dog Linux on your own Apple hardware, you can purchase Apple hardware from Terra Soft Solutions with Yellow Dog Linux preinstalled.
Terra Soft Solutions has developed official lists of hardware configurations that have been specifically tested with Yellow Dog Linux (http://yellowdoglinux.com/support/hardware/
breakdown/index.php). The Yellow Dog 4.1 list includes:
n Power Mac G3 (Yosemite Blue and White 300–450 MHz G3)
n Power Mac G4 (Power Mac G4 PCI 350–400 MHz G4 and above)
366
Running Yellow Dog Linux
n Power Mac G5 (1.6 GHz G5 and above)
n Mac Mini
n iMac (Rev A,B 233 MHz G3), eMac G4, and iMac G5
n PowerBook (Lombard 333–400 MHz G3, Pismo 400–500 MHz FW G3, Titanium 400
MHz–1 GHz G4, Powerbook 12" 867 MHz–1.33 GHz, and Powerbook 15–17" 1.0–1.5
GHz G4)
n iBook (300–366 MHz G3 — 800 MHz 1.2 GHz G4)
n HPC (Xserver Cluster Node 1.33 MHz G4, Single/Dual 1.33 GHz G4, Cluster Node 2.0
GHz G5, and Single/Dual 2.0 GHz G5)
In general, Yellow Dog 4.1 should run on any PPC-based Mac system released before January,
2006, with the exception of Old World ROM or beige G3 and earlier hardware such as 8500s,
7200s, and Performa PowerPCs. YDL 3.0.1 supports this older hardware and much of the hardware currently supported by Yellow Dog Linux 4.1 (certainly anything that was manufactured by
Apple before September, 2003, which is when 3.0.1 was released). The hardware supported and
tested for Yellow Dog Linux 3.0.1 includes:
n Power Mac 4400–9600
n Power Mac beige G3 models and blue-and-white G3 models
n Most hardware supported by Yellow Dog Linux 4.0 and 4.0.1
If you have older PPC hardware that isn’t officially supported, you should still be able to use Yellow
Dog Linux 4.1, but you’ll be running in an unsupported configuration, so caveat emptor. Terra Soft
Solutions dropped support for many older hardware configurations so that it could focus on the
most likely configurations. Also, trying to support outdated computer architectures, which on the
Old World ROM systems were particularly troublesome, doesn’t offer much return for a commercial Linux venture.
Planning Your Installation
Installing Linux on PowerPC and cell-based systems is slightly more complex than installation on
x86 systems due to differences in the bootloader and associated requirements for specific partitions
on certain systems. Specifically, repartitioning existing systems on which some version of the Mac
OS is already installed can be very difficult due to the types of file systems used on modern
Macintosh computers. This section does not discuss repartitioning.
Before starting installation, back up any data you want to retain on external media (CD,
hard drive, and so on). If you are installing Yellow Dog on a separate disk, this is a precautionary measure in case your system overwrites data that is important to you (or you accidentally
select the wrong disk). In all other cases, the standard mechanisms (described in this section) for partitioning a disk require that you format your disk, erasing all of your existing data. If you want to
repartition an existing disk without losing data, I suggest using software such as ProSoft’s Drive
Genius, which is as good as its name suggests.
CAUTION
367
12
Part III
Choosing and Installing a Linux Distribution
After backing up your important data, the next step is to determine whether you are going to
multi-boot Mac OS with Yellow Dog Linux or install Yellow Dog Linux as a standalone product. If
you choose to multi-boot, you must decide whether you will use two hard drives or partition (that
is, logically divide) a single hard drive to house both Linux and Mac OS.
If you choose to multi-boot, the Yellow Dog 4.1 installer gives you the option to resize
an existing volume to make room for Yellow Dog. Because this is still experimental and
has some complex technical caveats, such as first disabling journaling on the volume that you are
resizing, it is therefore not discussed in this chapter. The 5.0 installer may simplify this process and
make it bulletproof, but you should always do backups before attempting something like this. See the
Yellow Dog documentation for more information.
NOTE
Installing Mac OS X and Yellow Dog Linux on One Hard Drive
If you choose to use one hard drive to house both Mac OS and Yellow Dog Linux, you need to load
Mac OS (X or 9) first and then create a partition for Yellow Dog Linux as the first partition. In Mac
OS X do the following:
1. Boot off the Mac OS X CD by holding down the C key with the Mac OS X CD-ROM
inserted.
2. From the Install menu, select Open Disk Utility.
3. Select your hard drive and then click the partition tab on the right side.
4. Choose how many partitions you want. (Two partitions is a good selection if you are
installing Mac OS X and Yellow Dog Linux, or if you want to install Mac OS 9 or earlier
and Mac OS X, you can choose the number of partitions needed.)
5. Choose the first gray partition that is untitled (it should be the top one).
6. In the Format menu, select Free Space for your Yellow Dog Linux partition. Note that you
can change the size of the partition if you don’t want to use the defaults by entering the
size you want or by using the slider. You can also name the partition if you like.
NOTE
Be sure to create a partition large enough for your Linux installation. The default sizes
for some of the types of installations (discussed later in this chapter) are:
Personal Desktop — 2GB
Workstation — 2.5GB
Server — 1GB
Everything — 6GB
These are size estimations, and you will need more room for any other applications you want as well
as for personal files, and so on.
7. Choose the second gray partition and leave it as the default (Mac OS Extended) for your
Mac OS X partition. You can name this as well if you like and adjust the size according to
your needs.
8. Click the Partition button and then quit the partition tool.
368
Running Yellow Dog Linux
Resume your installation of Mac OS X as normal.
Installing Mac OS 9 or Earlier and Yellow Dog Linux on One Hard Drive
If you want to install Mac OS 9 or earlier in addition to Yellow Dog Linux on one hard drive, you
can perform the following for a dual-booted machine:
1. Boot off the Mac OS CD by holding down the C key with the Mac OS CD-ROM inserted.
2. Double-click the Utilities or Disk Tools folder. Double-click the Drive Setup application.
3. Select your hard drive in the List of Drives in the Drive Setup window.
4. Click the Initialize button, and then click the Custom Setup button.
5. Choose how many partitions you want in the Custom Setup pop-up window (3 partitions
is a good selection for both Mac OS and Yellow Dog Linux, or 4 partitions for Mac OS,
Mac OS X, and Yellow Dog Linux). You can use the slider bar to change the size of the
partitions here.
6. Choose the top partition and select Unallocated in the menu that by default displays Mac
OS Extended. The second partition should be Mac OS Standard for Mac OS, and if you
are loading Mac OS X as well, the third partition should be Mac OS Extended (available
only if you chose 3 partitions). Make sure to label the partitions appropriately.
7. Select OK and then Initialize.
Resume your installation of Mac OS as normal.
Installing Mac OS 9 or Earlier, Mac OS X, and Yellow Dog Linux
on Multiple Hard Drives
Because of the way the system boots, you should have the drive to which you plan to install Yellow
Dog Linux as the first hard drive in the IDE chain, set as Master. Mac OS or Mac OS X should be
placed as the second drive in the chain and have the jumper set to Slave.
Then install the other versions of Mac OS (9 or earlier or X) onto the other hard drives. You need
only to select a drive other than the first one during the install procedure. You must install Yellow
Dog Linux as the last operating system on the first drive.
Yellow Dog Linux 3.0.1 Special Considerations
All the planning noted previously applies to Yellow Dog Linux 3.0.1, but there is one special consideration to take into account. Yellow Dog Linux 4.0.1 supports only New World ROM systems,
which are the blue-and-white G3 and above systems.
NOTE
There are two versions of the G3, one that has a beige case and another that has the
blue-and-white case.
If you are installing Yellow Dog on a New World ROM system, go right to the next section,
“Beginning the Installation.”
369
12
Part III
Choosing and Installing a Linux Distribution
If you are using an Old World ROM system, which are beige G3 systems and earlier hardware,
refer to the Yellow Dog Linux Web site (http://www.yellowdoglinux.com) for more information.
Beginning the Installation
After you have determined how you will boot your system (multi-boot or single Yellow Dog Linux
boot) and have loaded Mac OS X or Mac OS 9 or earlier as appropriate, you can begin installing
Yellow Dog Linux. This procedure focuses on Yellow Dog Linux 4.1, but special notes on aspects of
the 3.0.1 install are included where appropriate.
An Apple wireless/keyboard combination will not work during the graphical Yellow Dog
installation. If you are currently using these with your Mac, dig out your old USB keyboard and mouse for this installation.
NOTE
1. Insert Yellow Dog Linux CD 1 into your CD-ROM drive, reboot your system, and press C
to boot off the CD-ROM.
2. If you downloaded Yellow Dog or have a burned CD-R, you may want to check your
media by appending mediacheck to the end of any of the install types (see Step 3 for
install types). For example:
install-safe mediacheck
This goes through all your media to determine if it is suitable for loading the operating
system. This can save you a lot of time by determining that all of your CDs are good
before you invest your time in the installation procedure.
NOTE
Although it doesn’t show up in the Yellow Dog 3.0.1 text menu, you can still type
mediacheck after install or install-text to check your CD-ROMs.
3. After some cursory probing messages, you are prompted with a menu asking how you
want to boot the CD-ROM. If you are using a New World ROM G3 or G4 system (blueand-white G3 and above machine), type install at the prompt to use the graphical user
interface method of installation. If you are using a G5 machine, type install-g5 at the
prompt to install using the graphical user interface.
If you can’t get either of these methods to work, type install-safe for G3 or G4 machines
or install-g5-safe for G5 machines to use a generic video mode for installation. If neither
of these methods works, you can type install text for G3 or G4 machines or install-g5
text for G5 machines to install with the text installation method if you find that the
graphical version doesn’t work for you.
NOTE
Yellow Dog Linux 3.0.1 has only install and install-text options available.
Choose install first, and if that doesn’t work, choose install-text after rebooting.
4. The system will have been probed prior to this point to determine the hardware configuration. After the text messages, you are presented with a welcome screen. (You can choose
to review the release notes by clicking the Release Notes button at the bottom-left side.)
When you’re ready to move on, click the Next button on the bottom-right side.
370
Running Yellow Dog Linux
5. Select the language with which you are most comfortable. All future information presented by the installer will be in the language you select.
6. Choose the keyboard type that matches your current configuration.
7. Choose the type of installation you want. The options are:
n Personal Desktop — Most home users will want this installation because it contains
the most appropriate software set for home or office users (including laptops). Games,
word processors, Internet tools, and other useful packages are included.
n Workstation — Similar to the personal desktop type but includes tools for system
administration and software development.
n Server — Installs software needed for providing external services, including file and
print, Web, and mail services. This is an advanced installation type and should be
used only if you need it because you could misconfigure your system and create a
security vulnerability. You can choose to install a graphical user interface as well, so if
you don’t want the extra overhead of a GUI, you can go without one on this type.
n Custom — Provides the most flexibility because you can configure the partitions and
software packages you want (everything!). This is your choice if you want to have
more control over the installation. If you want to experience a large set of applications,
you can choose this instead of installing applications one by one. You can also choose
a more specific set of packages if this is to be a server used for external services, providing a higher level of security.
For this chapter, the Custom installation type is used.
8. Decide how you want to partition your hard drive. You have two choices:
Option 1: Automatically partition — If you choose this method, click Next and you are
presented with three options:
n Remove all Linux partitions on this system — Deletes all previous Linux partitions
and replaces only previously identified Linux partitions.
n Remove all partitions on this system — Use this only on New World ROM systems
or on a single-drive Yellow Dog installation. If you use this option on a multi-boot system, it removes all previous installations, including any Mac OS or MAC OS X installation. If you use this on an Old World ROM system, regardless of the installation
type, it destroys the installation and requires a reformat and reload of Mac OS.
CAUTION
Be extremely careful using the Remove All Partitions option. Avoid using it at all if possible because you can accidentally destroy your Mac OS installation!
n Keep all partitions and use existing free space — The one you want to use in most
cases because it won’t alter your Mac OS or Mac OS X installations and uses only the
identified free space (as created previously). This is the option you should select if you
are using Automatically partition. You can also select the Review (and modify if
needed) the partitions created option, which will enable you to double-check the partitions that the installer creates for you and change them if need be.
371
12
Part III
Choosing and Installing a Linux Distribution
Option 2: Manually Partition with Disk Druid — This is the more advanced option
that allows you to create your partitions to your preference. Here is the sequence for creating new Linux partitions:
a. Choose the drive on which you want to install Yellow Dog Linux.
b. Choose New to create a new partition. You must create three partitions. First, choose
Filesystem Type ➪ Apple BootStrap. No mount point is needed. It should be 1MB and
fixed size. This partition is for booting and should be the very first partition. Second,
choose Filesystem Type ➪ Swap. No mount point required. It should be a minimum
256MB (256MB is generally enough, although some say this should be set to twice the
size of your physical RAM. More won’t degrade system performance, though, and it
doesn’t hurt to be safe) and fixed size. This partition is the swap space that Linux uses
for processes when the RAM is full. Third, create your root partition by selecting / as
the mount point. This is where the file system is mounted. The root partition is
absolutely critical because your other file systems will mount from this. You generally
want to have your root partition consume the rest of the hard drive unless you are creating more partitions. Additional partitions are optional.
On most multi-boot systems, you will want to select Automatically partition. Then select
the “Keep all partitions and use existing free space” option and the “Review (and modify
if needed) the partitions created” check box to make sure that you are using the right portion of your
hard drive.
TIP
9. Identify your network settings, including DHCP. You use your network configuration for
LAN (local area network) connections, such as when you are using a router between your
cable or DSL connection and the local, internal network. Because you need to know these
settings ahead of time, be sure to check them out before you start.
CROSS-REF
Refer to Chapter 5 for descriptions of IP addresses, netmasks, and other information
you need to set up your LAN.
If you are not prompted for network configuration information at this point, the
installer could not identify your network card. This is extremely rare, but it can happen
with older Macs. If this occurs, contact Yellow Dog support for help in resolving this problem.
NOTE
Select eth0 (your first network interface card) and click Edit. You have the following
options:
n Configure using DHCP — Enables you to automatically obtain a DHCP address from
your LAN if there is a DHCP server (such as Linksys or D-Link Routers). If you check
here, you do not need to fill out anything else in this section.
n Activate on boot — Enables you to turn on your network connection during boot.
Under most circumstances you will want to do so if you are using a LAN.
n IP Address — A four-octet number that uniquely identifies your computer address.
Your system will have a unique IP on your LAN or WAN (wide area network) connection.
372
Running Yellow Dog Linux
n Netmask — Identifies the Host and network portions of the IP address. A class A network is 255.0.0.0, a class B is 255.255.0.0, and a class C is 255.255.255.0 by default
(if no subnet masking is in place).
Click OK and, if you aren’t using DHCP, set your host name by selecting Hostname ➪
Manually. This can be any name you want to represent your computer. If this is a server,
follow your company’s naming convention. If you prefer to have DHCP set your hostname, select the Automatically via DHCP radio button.
The last options are grayed out if you have selected DHCP. If you chose to manually configure your network options, enter the following:
n Gateway IP address — The IP address of the machine that is the gateway or router
between your network and the outside networks. For instance, 192.168.1.1 might be
your gateway if you have a Linksys or D-Link router between your computer and your
cable or DSL connection.
n Primary, secondary, and tertiary DNS — The server that your system uses for
address name translation (converting a hostname into an IP address). Your ISP usually
gives you this information.
10. Configure the firewall. A firewall acts as a conduit between your computer and other
computers that request access to the services it is providing. If you are connected to the
Internet or other networks, enable your firewall. Even if you are not connected to an
untrusted network, you should enable the firewall in case you connect at a later date. Two
choices are available in this section:
n No firewall — Don’t choose this option, because it does not check against requests for
services. Even if your system is not currently providing services, it’s best to not select
this option (things can change as the system grows).
n Enable firewall — The preferred selection. It provides a modicum of security against
malicious entities that may want to attack your systems. Only the default services are
allowed at this level, and you can configure access for more services as needed. Some
of the defaults are:
Remote login (SSH) — An encrypted protocol that replaces the vulnerable telnet protocol. With SSH you can log in to the system with an interactive shell, as well as securely
transfer files interactively (SFTP) or noninteractively (SCP). For more information on
this, type man ssh at the command line after installation.
When SSH is unchecked, you can still use these utilities on outgoing connections. This
controls only incoming requests from outside your computer. If you need to access your
system remotely, you can choose this, but it is best to leave it unchecked for security reasons. The
same applies to the other options presented.
NOTE
Web Server (HTTP, HTTPS) — Allows your system to serve regular (HTTP) Web pages
or encrypted (HTTPS) Web pages. Unless you need to run a Web server, it is recommended that you do not check this.
373
12
Part III
Choosing and Installing a Linux Distribution
File Transfer (FTP) — Allows users to interactively log in to your system and transfer
files. This protocol is unencrypted and not needed by most users. If you must allow
file transfers, SFTP (provided with SSH) is the preferred method because the password
and username are sent encrypted.
Mail Server (SMTP) — Allows your system to accept mail requests or mail relay
requests. You can still send and receive mail if you do not check this; it just allows
your machine to act as a mail server. If you install and improperly configure SMTP,
your system can become a spam relay, so only more experienced users should check
this.
These settings can be reconfigured later using iptables. See the man page for
iptables for more information.
NOTE
On this screen, you also specify whether you want SELinux (Security-Enhanced Linux)
policies activated on your system. These access control policies provide a much richer
and more powerful environment for defining the access that users and applications can
have to various system resources.
11. If you need additional language support, select it here. Your default language (chosen
during install language selection) should already be selected. Click Next to continue.
12. Select the time zone in which you reside or the time zone you want to use for your server.
If your hardware uses UTC (Coordinated Universal Time) or GMT (Greenwich Mean
Time), select the check box at the bottom. Click Next to continue.
13. Set your root password. This password provides the keys to the kingdom; with the root
account, a user can do anything, including destroy the entire file system. You must set a
strong password (not any personally identifiable information such as identification number, phone number, pet’s name, family member’s birthday, and so on). Enter your password twice (to ensure you’ve entered it correctly), and then press Enter.
The importance of a good root or any other account password should not be minimized.
This is crucially important to the security of your system. See Chapter 6 and the Guide
to Better Password Practices (http://securityfocus.com/infocus/1537) for more information on choosing good passwords.
CAUTION
14. Select the different packages you want to install on the system. Choose Everything (for all
software packages) or Minimal (only the basics to run the system). Selecting the package
groups enables you to see the individual packages included in each group (you can select
or deselect from that list for more granularity). Note that KDE is chosen by default; if you
prefer to use GNOME or want to use both, check GNOME. When you’re finished, click
Next.
15. You’ve reached the About to Install phase. You’re warned that the system will begin writing to the disk. You can back out of anything at this point with no damage to the system,
so if you made a mistake or are not sure about installing, you can simply reboot.
374
Running Yellow Dog Linux
If you are ready to commit your configuration to the system, click Next. Your system
begins writing the software to the hard drive. This can take from ten minutes to an hour
or more depending on the speed of your system and the amount of software you decided
to load. You are shown a list of the CDs that your system needs to load the software. Be
sure to have those CDs ready to load into the system. After each CD is completed, you are
prompted to insert another CD until the installation is complete.
16. After the installation finishes, the Congratulations! screen appears. Click Reboot when
you are ready.
17. The system reboots and goes through system initialization. Afterward, a welcome screen
appears.
18. The initial setup begins here. Click Next to move forward.
19. The license agreement appears in a text box. Read it and then click No if you do not agree
to the terms, and the process stops. Click Yes if you agree to the terms.
20. Set the date and time for the system. If you want to use Network Time Protocol (NTP) to
synchronize your system date and time with a remote network system for maximum
assurance of correct date and time, check the Enable Network Time Protocol box, and
then select one of the two NTP servers provided.
21. Set the display resolution and color depth to your preference. (You can change this in the
system after installation.)
22. Create your non-root daily user account. Enter a username (the name you use to log in
with) and the full name of the user (for administrative purposes), and then enter the
password twice. If you need to use network login, you can configure that here as well
(your system administrator can provide this information if needed).
Do not log in with the root account for normal day-to-day activities. That can be very
dangerous in that you could accidentally damage the system with an errant command,
but it also means that you might surf the Web using root or install software with root without thinking
twice about it, possibly introducing malicious software. Use the non-root account for all non-administrative purposes and regular interaction with the system.
CAUTION
23. Configure your sound card. If everything seems to be configured properly, try to play a
test sound. A pop-up window asks if you heard the sound. Answer appropriately. If you
have multiple sound devices (such as a USB audio device), you may need to select multiple device tabs and test each associated device. When you are done, click Next when
you’re ready to move on.
24. If you have any additional CDs from which to install software, insert them into the
CD-ROM and select them here (the CD you insert will show on the list). Click Next to
continue.
25. At this point you are done installing and configuring your system, and you are booted up
into the graphical user interface with a prompt for the username and password.
375
12
Part III
Choosing and Installing a Linux Distribution
Rebooting Your Linux Mac
If you’ve followed the instructions in this chapter to create a system that can boot either Mac OS X
or Yellow Dog Linux, you will see a new step in your system’s boot process. When you reboot your
system, you will see a small text menu in the upper-right corner of the screen that enables you to
specify the system that you want to boot. Your choices are:
l
Boot Yellow Dog Linux
x Boot Mac OS X
c Boot from the CD-ROM drive
If you do not specify one of these three options, your system will automatically boot into Yellow
Dog Linux in 10 seconds.
Updating Yellow Dog Linux
Yellow Dog Updated, Modified (yum) is included with Yellow Dog and ships with Fedora,
Mandriva, and other Linux distributions as well. It’s a utility that enables you to update your system packages to the latest available version. Because new security vulnerabilities are released on all
operating systems frequently, updating your system packages regularly is essential.
Updating your packages also gives you the newest features available for the applications you are
using. Table 12-1 shows some of the most widely used options available with yum (replace package
with the name of your package).
TABLE 12-1
Using Yum to Work with Software Packages
Option
Description
yum list
Shows all the packages available to be installed (but not installed).
yum list installed
Shows installed packages.
yum list updates
Shows all installed packages that have updates (patches) available.
yum install package
Installs the package you identify in package.
yum update package
Updates the package you identify in package. The great thing about this is it
installs all package dependencies, which used to be a major headache when
administering patches.
yum update
Updates all packages on the system. (Same as preceding option but does not
specify package name.)
yum remove package
Removes the package identified in package.
yum info package
Provides detailed information on the package identified in package.
376
Running Yellow Dog Linux
Using this information, assume that you want to run gimp — GNU Image Manipulation Project
(GIMP) is a very popular graphics editing program — and you haven’t installed it previously. If you
want to get more information on it, run:
yum info gimp
If you decide you want to install it, run:
yum install gimp
If an update becomes available a week later and you want to patch it, run:
yum update gimp
If it has been a