Exploring Linux distributions

www.allitebooks.com
www.allitebooks.com
Linux Bible
®
2010 Edition
Boot Up to Ubuntu , Fedora ,
KNOPPIX, Debian , openSUSE ,
and 13 Other Distributions
®
®
Christopher Negus
www.allitebooks.com
®
®
Disclaimer: This eBook does not include ancillary media that was packaged with the
printed version of the book.
Linux® Bible 2010 Edition
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2010 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-48505-7
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108
of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization
through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers,
MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the
Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201)
748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with
respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work
is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional
services. If professional assistance is required, the services of a competent professional person should be sought. Neither
the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is
referred to in this work as a citation and/or a potential source of further information does not mean that the author or
the publisher endorses the information the organization or Web site may provide or recommendations it may make.
Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between
when this work was written and when it is read.
For general information on our other products and services please contact our Customer Care Department within the
United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available
in electronic books.
Library of Congress Control Number: 2009937839
Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its
affiliates, in the United States and other countries, and may not be used without written permission. Linux is a registered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. Wiley Publishing,
Inc. is not associated with any product or vendor mentioned in this book.
www.allitebooks.com
As always, I dedicate this book to my wife, Sheree.
www.allitebooks.com
www.allitebooks.com
About the Author
Chris Negus has written or co-written dozens of books on Linux and UNIX, including Red
Hat Linux Bible (all editions), CentOS Bible, Fedora and Red Hat Enterprise Linux Bible, Linux
Troubleshooting Bible, Linux Toys and Linux Toys II. Recently, Chris co-authored several books
for the new Toolbox series for power users: Fedora Linux Toolbox, SUSE Linux Toolbox, Ubuntu
Linux Toolbox, Mac OS X, and BSD UNIX Toolbox.
For eight years Chris worked with the organization at AT&T that developed UNIX before moving to Utah to help contribute to Novell’s UnixWare project in the early 1990s. When not writing
about Linux, Chris enjoys playing soccer and just hanging out with his family.
Currently, Chris is employed by Red Hat, Inc. as a Linux instructor. He teaches classes and gives
exams to those seeking Red Hat Certified Engineer (RHCE) and Red Hat Certified Technician
(RHCT) certifications.
www.allitebooks.com
Credits
Executive Editor
Carol Long
Vice President and Executive Group Publisher
Richard Swadley
Project Editor
Sara Shlaer
Vice President and Executive Publisher
Barry Pruett
Technical Editor
Warren Wyrostek
Associate Publisher
Jim Minatel
Production Editor
Kathleen Wisor
Project Coordinator, Cover
Lynsey Stanford
Copy Editor
Paula Lowell
Compositor
Maureen Forys, Happenstance Type-O-Rama
Editorial Director
Robyn B. Siesky
Proofreaders
Josh Chase, Word One
Kristy Eldridge, Word One
Editorial Manager
Mary Beth Wakefield
Marketing Manager
David Mayhew
Production Manager
Tim Tate
Indexer
Robert Swanson
Cover Image
Joyce Haughey
Cover Designer
Michael E. Trent
www.allitebooks.com
I
consider anyone who has contributed to the free and open source software community to be
a contributor to the book you are holding. The backbone of any Linux distribution is formed
by the organizations that produce the distributions, the major projects included in Linux, and
the thousands of people who give their time and code to support Linux. So, thanks to you all!
I’d like to acknowledge several contributors for their participation in previous editions. Wayne
Tucker originally wrote the chapters on Debian, LAMP servers, and mail servers. Bill von Hagen has
contributed updates to the SUSE, Yellow Dog, and Ubuntu chapters. Warren Wyrostek served as
technical editor to this edition. Thanks to the folks at Wiley for helping me press through the project. Sara Shlaer did an excellent job helping me stay on track as I balanced my work on this book
with my new full-time job with Red Hat. Katie Wisor shepherded the book through the production
process. Thanks to Margot Maley Hutchison and Maureen Maloney from Waterside Productions for
contracting the book for me with Wiley.
And finally, special thanks to my wife, Sheree. There’s no way I could do the work I do without
the solid support I get on the home front. I love you, and thanks for taking such good care of
Seth, Caleb, and me.
vii
www.allitebooks.com
www.allitebooks.com
Introduction ............................................................................................................................... xxv
Part I: Getting off the Ground with Linux . . . . . . . . . . . . . . . . . . 1
Chapter 1: Starting with Linux ......................................................................................................3
Chapter 2: Linux Projects, Activities, and Careers .......................................................................15
Part II: Running a Linux Desktop . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 3: Getting into the Desktop ............................................................................................ 35
Chapter 4: Playing Music and Video ............................................................................................83
Chapter 5: Working with Words and Images ............................................................................. 121
Chapter 6: E-Mailing and Web Browsing ................................................................................... 151
Chapter 7: Gaming with Linux .................................................................................................. 185
Part III: Learning System Administration Skills . . . . . . . . . . . . . .211
Chapter 8: Installing Linux ........................................................................................................ 213
Chapter 9: Running Commands from the Shell ......................................................................... 245
Chapter 10: Learning Basic Administration ...............................................................................295
Chapter 11: Getting on the Internet ...........................................................................................349
Chapter 12: Securing Linux ....................................................................................................... 373
Part IV: Setting Up Linux Servers . . . . . . . . . . . . . . . . . . . . . . . 421
Chapter 13: Running a Linux, Apache, MySQL, and PHP (LAMP) Server .................................423
Chapter 14: Running a Mail Server ............................................................................................445
Chapter 15: Running a Print Server ...........................................................................................463
Chapter 16: Running a File Server .............................................................................................487
Part V: Choosing and Installing Different Linux Distributions . . 523
Chapter 17: Running Ubuntu Linux...........................................................................................525
Chapter 18: Running Fedora and Red Hat Enterprise Linux ......................................................545
Chapter 19: Running Debian GNU/Linux ..................................................................................569
Chapter 20: Running SUSE and openSUSE Linux .....................................................................593
Chapter 21: Running KNOPPIX .................................................................................................607
Chapter 22: Running Yellow Dog Linux ..................................................................................... 627
Chapter 23: Running Gentoo Linux ...........................................................................................639
Chapter 24: Running Slackware Linux.......................................................................................661
Chapter 25: Running PCLinuxOS .............................................................................................. 679
ix
Contents at a Glance
Chapter 26: Running Mandriva..................................................................................................689
Chapter 27: Running a Linux Firewall Router ............................................................................ 703
Chapter 28: Running Bootable Linux Distributions ................................................................... 731
Part VI: Programming in Linux . . . . . . . . . . . . . . . . . . . . . . . . . 751
Chapter 29: Programming Environments and Interfaces ........................................................... 753
Chapter 30: Programming Tools and Utilities ............................................................................ 785
Appendix A: Media .................................................................................................................... 817
Appendix B: Linux History and Background.............................................................................. 827
GNU General Public License (Version 2)....................................................................................849
Index .......................................................................................................................................... 855
x
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
Part I: Getting off the Ground with Linux
1
Chapter 1: Starting with Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Taking Your First Step ..........................................................................................................4
What comes in Linux systems? ...................................................................................4
What do you need to get started? ................................................................................5
Starting right now.......................................................................................................6
Understanding Linux ......................................................................................................... 10
What’s So Great About Linux? ............................................................................................13
Summary ............................................................................................................................ 14
Chapter 2: Linux Projects, Activities, and Careers . . . . . . . . . . . . . . . . . . 15
Making Things with Linux ................................................................................................. 16
Linux in outer space ................................................................................................. 16
Linux in gadgets ....................................................................................................... 17
Linux in projects.......................................................................................................19
Getting Involved with Linux .............................................................................................. 21
Joining a Linux User Group ......................................................................................22
Joining Linux communities ......................................................................................22
Companies and groups supporting Linux ................................................................22
Keeping Up with Linux ......................................................................................................23
Major Linux projects ................................................................................................. 24
Exploring Linux distributions ..................................................................................26
Linux in the Real World ..................................................................................................... 27
Linux in schools ....................................................................................................... 27
Linux in small business ............................................................................................28
Linux in the enterprise .............................................................................................30
Becoming a Linux Professional ...........................................................................................30
Summary ............................................................................................................................ 31
Part II: Running a Linux Desktop
33
Chapter 3: Getting into the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Understanding Your Desktop ............................................................................................. 35
Starting the Desktop...........................................................................................................36
xi
Contents
Boot to the desktop ...................................................................................................36
Boot to graphical login..............................................................................................37
Boot to a text prompt ................................................................................................39
K Desktop Environment .....................................................................................................40
Using the KDE desktop............................................................................................. 41
Managing files with Dolphin and Konqueror............................................................45
Using the Dolphin file manager ................................................................................45
Using the Konqueror Web browser/file manager ......................................................50
Managing the KDE desktop ......................................................................................53
Configuring the desktop ........................................................................................... 55
The GNOME Desktop ........................................................................................................57
Using the Metacity window manager ........................................................................60
Using the GNOME panels......................................................................................... 61
Using the Nautilus file manager ................................................................................66
3D effects with AIGLX ..............................................................................................68
Changing GNOME preferences ................................................................................71
Exiting GNOME .......................................................................................................72
Configuring Your Own Desktop.........................................................................................72
Configuring X ...........................................................................................................73
Choosing a window manager....................................................................................77
Choosing your personal window manager ...............................................................80
Getting More Information ..................................................................................................80
Summary ............................................................................................................................ 81
Chapter 4: Playing Music and Video . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Playing Digital Media and Obeying the Law ......................................................................84
Copyright protection issues ......................................................................................84
Exploring codecs ......................................................................................................86
Playing Music .....................................................................................................................88
Using sound systems in Linux ..................................................................................88
Adjusting sound with PulseAudio ............................................................................89
Setting up audio cards ..............................................................................................90
Choosing an audio CD player ...................................................................................92
Using MIDI audio players .........................................................................................99
Performing audio file conversion and compression...................................................99
Recording and Ripping Music .......................................................................................... 102
Creating an audio CD with cdrecord ...................................................................... 103
Ripping CDs with Grip ...........................................................................................104
Creating CD labels with cdlabelgen ........................................................................106
Working with TV, Video, and Digital Imaging ................................................................. 107
Watching TV with tvtime .......................................................................................108
Video conferencing with Ekiga ...............................................................................109
Watching Movies and Video ............................................................................................. 111
Watching video with xine ....................................................................................... 112
Using Totem movie player ...................................................................................... 116
xii
Contents
Using a Digital Camera .................................................................................................... 117
Displaying images in gThumb ................................................................................ 117
Using your camera as a storage device .................................................................... 118
Summary .......................................................................................................................... 119
Chapter 5: Working with Words and Images . . . . . . . . . . . . . . . . . . . . . 121
Desktop Publishing in Linux ............................................................................................122
Using text editors and notepads..............................................................................122
Using word processors ............................................................................................122
Transitioning documents from Windows ...............................................................129
Building structured documents ..............................................................................132
Doing page layout with Scribus ..............................................................................136
Working with Graphics ....................................................................................................138
Manipulating images with The GIMP .....................................................................138
Creating vector graphic images with Inkscape ....................................................... 141
Acquiring screen captures ...................................................................................... 143
Viewing images.......................................................................................................144
Displaying PDF and PostScript Documents...................................................................... 145
Using the ghostscript and gv commands ................................................................ 146
Using Adobe Reader ............................................................................................... 146
Using Scanners with SANE .............................................................................................. 148
Web Publishing ................................................................................................................ 148
Summary ..........................................................................................................................150
Chapter 6: E-Mailing and Web Browsing . . . . . . . . . . . . . . . . . . . . . . . . 151
Using E-Mail..................................................................................................................... 151
Choosing an e-mail client ....................................................................................... 151
Getting here from Windows ...................................................................................153
Getting started with e-mail .....................................................................................154
Tuning up e-mail ....................................................................................................156
Reading e-mail with Thunderbird ..........................................................................156
Managing e-mail in Evolution................................................................................. 163
Reading e-mail with SeaMonkey Mail .................................................................... 166
Working with text-based e-mail readers ................................................................. 167
Choosing a Web Browser .................................................................................................. 169
Exploring the SeaMonkey Suite ........................................................................................ 170
Using Firefox .................................................................................................................... 171
Setting up Firefox ................................................................................................... 173
Securing Firefox...................................................................................................... 177
Tips for using Firefox .............................................................................................. 179
Using Firefox controls............................................................................................. 179
Improving Firefox browsing ...................................................................................180
Doing cool things with Firefox ............................................................................... 181
Using Text-Based Web Browsers....................................................................................... 182
Summary ..........................................................................................................................184
xiii
Contents
Chapter 7: Gaming with Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Jumping into Linux Gaming............................................................................................. 185
Overview of Linux Gaming .............................................................................................. 187
Basic Linux Gaming Information .....................................................................................188
Choosing Gaming Hardware for Linux ............................................................................190
Running Open Source Linux Games ................................................................................ 191
GNOME games ....................................................................................................... 192
KDE games ............................................................................................................. 193
Games in Fedora .....................................................................................................194
Commercial Linux Games ................................................................................................ 201
Getting started with commercial games in Linux ...................................................202
Playing commercial Linux games ..........................................................................203
id Software games ...................................................................................................203
Playing TransGaming and Cedega games ...............................................................205
Loki Software game demos .....................................................................................207
Summary .......................................................................................................................... 210
Part III: Learning System Administration Skills
211
Chapter 8: Installing Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Choosing a Linux Distribution ......................................................................................... 214
Linux at work ......................................................................................................... 214
Other distributions ................................................................................................. 215
Getting Your Own Linux Distribution.............................................................................. 215
Finding another Linux distribution ........................................................................ 216
Understanding what you need ................................................................................ 216
Downloading the distribution ................................................................................ 217
Burning the distribution to CD............................................................................... 218
Exploring Common Installation Topics ............................................................................ 219
Knowing your computer hardware ......................................................................... 219
Upgrading or installing from scratch ......................................................................221
Dual booting and virtualization .............................................................................221
Using installation boot options ...............................................................................223
Partitioning hard drives .......................................................................................... 224
Using LILO or GRUB boot loaders ..........................................................................232
Configuring networking ......................................................................................... 242
Configuring other administrative features .............................................................. 243
Installing from the Linux Bible CD or DVD ....................................................................... 243
Summary ..........................................................................................................................244
Chapter 9: Running Commands from the Shell . . . . . . . . . . . . . . . . . . . 245
Starting a Shell .................................................................................................................246
Using the shell prompt ...........................................................................................246
Using a terminal window ....................................................................................... 247
xiv
Contents
Using virtual terminals ...........................................................................................248
Choosing Your Shell .........................................................................................................248
Using bash (and earlier sh) shells............................................................................249
Using tcsh (and earlier csh) shells ...........................................................................250
Using ash ................................................................................................................250
Using ksh ................................................................................................................250
Using zsh ................................................................................................................250
Exploring the Shell ........................................................................................................... 251
Checking your login session ................................................................................... 251
Checking directories and permissions ....................................................................252
Checking system activity ........................................................................................254
Exiting the shell ...................................................................................................... 255
Using the Shell in Linux ................................................................................................... 255
Locating commands ...............................................................................................256
Rerunning commands ............................................................................................259
Connecting and expanding commands ..................................................................265
Creating Your Shell Environment .....................................................................................268
Configuring your shell ............................................................................................268
Using shell environment variables .......................................................................... 272
Managing background and foreground processes................................................... 275
Working with the Linux File System ................................................................................277
Creating files and directories ..................................................................................280
Moving, copying, and deleting files ........................................................................287
Using the vi Text Editor....................................................................................................287
Starting with vi .......................................................................................................288
Moving around the file ........................................................................................... 291
Searching for text.................................................................................................... 291
Using numbers with commands .............................................................................292
Summary ..........................................................................................................................293
Chapter 10: Learning Basic Administration . . . . . . . . . . . . . . . . . . . . . . 295
Graphical Administration Tools .......................................................................................296
Using Web-based administration ...........................................................................296
Graphical administration with different distributions ............................................298
Using the root Login.........................................................................................................302
Becoming root from the shell (su command) ..........................................................303
Allowing limited administrative access ..................................................................304
Exploring Administrative Commands, Configuration Files, and Log Files ......................304
Administrative commands......................................................................................305
Administrative configuration files ..........................................................................306
Administrative log files ........................................................................................... 310
Using sudo and Other Administrative Logins ................................................................. 310
Administering Your Linux System .................................................................................... 313
Creating User Accounts .................................................................................................... 314
Adding users with useradd ..................................................................................... 314
Setting user defaults ............................................................................................... 317
xv
Contents
Modifying users with usermod ............................................................................... 319
Deleting users with userdel ....................................................................................320
Configuring Hardware ..................................................................................................... 321
Managing removable hardware ...............................................................................322
Working with loadable modules .............................................................................325
Managing File Systems and Disk Space ............................................................................ 327
Mounting file systems .............................................................................................330
Using the mkfs command to create a file system ....................................................338
Adding a hard disk .................................................................................................339
Checking system space ...........................................................................................342
Monitoring System Performance.......................................................................................344
Doing Remote System Administration ..............................................................................345
Summary ..........................................................................................................................347
Chapter 11: Getting on the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Connecting to the Network ..............................................................................................350
Connecting via dial-up service ...............................................................................350
Connecting a single wired Ethernet card ................................................................ 351
Sharing a network connection with other computers ............................................. 352
Connecting servers .................................................................................................354
Connecting other equipment .................................................................................. 355
Using Ethernet Connections to the Internet .....................................................................356
Configuring Ethernet during installation ............................................................... 357
Configuring Ethernet from the desktop .................................................................. 357
Using Network Configuration GUI in Fedora .........................................................358
Identifying other computers (hosts and DNS) ........................................................360
Understanding your Internet connection ................................................................362
Using Dial-Up Connections to the Internet ......................................................................364
Getting information ................................................................................................364
Setting up dial-up PPP ............................................................................................365
Creating a dial-up connection with the Internet Configuration Wizard .................366
Launching your PPP connection .............................................................................368
Launching your PPP connection on demand ..........................................................369
Checking your PPP connection ............................................................................... 370
Checking that your modem was detected ............................................................... 370
Connecting to the Internet with Wireless......................................................................... 371
Summary ..........................................................................................................................372
Chapter 12: Securing Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Linux Security Checklist .................................................................................................. 374
Finding distribution-specific security resources .....................................................377
Finding general security resources ......................................................................... 378
Using Linux Securely ....................................................................................................... 379
Using password protection ..................................................................................... 379
Choosing good passwords ...................................................................................... 379
Using a shadow password file ................................................................................. 381
xvi
Contents
Using Log Files .................................................................................................................383
The role of syslogd ..................................................................................................386
Redirecting logs to a loghost with syslogd ..............................................................386
Understanding the messages log file .......................................................................388
Using Secure Shell Tools...................................................................................................389
Starting the ssh service ...........................................................................................389
Using the ssh, sftp, and scp commands ..................................................................390
Using ssh, scp, and sftp without passwords............................................................ 391
Securing Linux Servers.....................................................................................................392
Controlling access to services with TCP wrappers .................................................392
Understanding attack techniques ...........................................................................395
Protecting against denial-of-service attacks ............................................................396
Protecting against distributed DoS attacks .............................................................399
Protecting against intrusion attacks ........................................................................404
Securing servers with SELinux ...............................................................................407
Protecting Web servers with certificates and encryption .......................................407
Using Security Tools from Linux Live CDs ....................................................................... 417
Advantages of security live CDs .............................................................................. 418
Using INSERT to check for rootkits ........................................................................ 418
Summary .......................................................................................................................... 419
Part IV: Setting Up Linux Servers
421
Chapter 13: Running a Linux, Apache, MySQL,
and PHP (LAMP) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Components of a LAMP Server......................................................................................... 424
Apache .................................................................................................................... 424
MySQL.................................................................................................................... 424
PHP......................................................................................................................... 425
Setting Up Your LAMP Server .......................................................................................... 426
Installing Apache .................................................................................................... 426
Installing PHP......................................................................................................... 426
Installing MySQL....................................................................................................428
Operating Your LAMP Server ...........................................................................................428
Editing your apache configuration files .................................................................. 429
Adding a virtual host to Apache ............................................................................. 431
User content and the UserDir setting ...................................................................... 433
Installing a Web application: Coppermine Photo Gallery ....................................... 433
Troubleshooting ............................................................................................................... 437
Configuration errors ............................................................................................... 437
Access forbidden and server internal errors ............................................................ 439
Securing Your Web Traffic with SSL/TLS .........................................................................440
Generating your keys ..............................................................................................442
Configuring Apache to support SSL/TLS................................................................443
Summary ..........................................................................................................................444
xvii
Contents
Chapter 14: Running a Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Internet E-Mail’s Inner Workings .....................................................................................445
About the System and the Software Used .........................................................................447
Preparing Your System .....................................................................................................447
Configuring DNS for direct delivery .......................................................................448
Configuring for retrieval from a mail host ..............................................................449
Installing and Configuring the Mail Server Software .......................................................450
Installing Exim and Courier ...................................................................................450
Installing ClamAV and SpamAssassin ....................................................................452
Testing and Troubleshooting ............................................................................................454
Checking logs .........................................................................................................454
Common errors (and how to fi x them) ................................................................... 455
Configuring Mail Clients ..................................................................................................458
Configuring Fetchmail ...........................................................................................459
Configuring web-based mail ..................................................................................460
Securing Communications with SSL/TLS ........................................................................460
Summary ..........................................................................................................................462
Chapter 15: Running a Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Common UNIX Printing Service .....................................................................................464
Setting Up Printers ...........................................................................................................465
Using Web-based CUPS administration .................................................................466
Using the Printer Configuration window................................................................468
Working with CUPS Printing ........................................................................................... 476
Configuring the CUPS server (cupsd.conf)............................................................. 476
Starting the CUPS server ........................................................................................ 477
Configuring CUPS printer options manually.......................................................... 478
Using Printing Commands ............................................................................................... 479
Printing with lpr .....................................................................................................480
Listing status with lpc ............................................................................................480
Removing print jobs with lprm............................................................................... 481
Configuring Print Servers................................................................................................. 481
Configuring a shared CUPS printer ........................................................................482
Configuring a shared Samba printer .......................................................................483
Summary ..........................................................................................................................485
Chapter 16: Running a File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Setting Up an NFS File Server ..........................................................................................488
Getting NFS ............................................................................................................490
Sharing NFS file systems ........................................................................................490
Using NFS file systems ...........................................................................................495
Unmounting NFS file systems ................................................................................ 501
Other cool things to do with NFS ...........................................................................502
Setting Up a Samba File Server .........................................................................................502
Getting and installing Samba..................................................................................504
Configuring Samba with SWAT..............................................................................505
xviii
www.allitebooks.com
Contents
Working with Samba files and commands ............................................................. 515
Using Samba shared directories .............................................................................. 518
Troubleshooting your Samba server........................................................................ 519
Summary ..........................................................................................................................522
Part V: Choosing and Installing Different
Linux Distributions
523
Chapter 17: Running Ubuntu Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Overview of Ubuntu .........................................................................................................526
Ubuntu releases ......................................................................................................526
Ubuntu installer ..................................................................................................... 527
Ubuntu as a desktop ...............................................................................................528
Ubuntu as a server ..................................................................................................528
Ubuntu spin-offs.....................................................................................................530
Challenges facing Ubuntu....................................................................................... 531
Installing Ubuntu ............................................................................................................. 532
Getting Started with Ubuntu ............................................................................................ 537
Trying out the desktop ...........................................................................................538
Adding more software.............................................................................................539
Getting More Information about Ubuntu .........................................................................542
Summary ..........................................................................................................................543
Chapter 18: Running Fedora and Red Hat Enterprise Linux . . . . . . . . . . 545
Digging into Features .......................................................................................................547
Red Hat installer (Anaconda) ..................................................................................547
Custom spins, install sets, and Live CDs ................................................................548
RPM Package Management .....................................................................................549
Latest desktop technology ......................................................................................549
System configuration tools ...................................................................................... 551
Going Forward with Fedora ............................................................................................. 551
Growing community support for Fedora ................................................................ 552
Joining Fedora special interest groups .................................................................... 552
Forums and mailing lists ........................................................................................ 553
Fedora Comes of Age ........................................................................................................ 553
Installing Fedora .............................................................................................................. 556
Choosing computer hardware................................................................................. 556
Choosing an installation method ............................................................................ 557
Choosing to install or upgrade................................................................................558
Beginning the installation....................................................................................... 559
Running the Fedora Firstboot .................................................................................567
Adding cool stuff to your Fedora desktop ...............................................................567
Summary ..........................................................................................................................567
xix
Contents
Chapter 19: Running Debian GNU/Linux . . . . . . . . . . . . . . . . . . . . . . . . 569
Inside Debian GNU/Linux ............................................................................................... 570
Debian packages ..................................................................................................... 570
Debian package management tools .........................................................................571
Debian releases .......................................................................................................573
Getting Help with Debian ................................................................................................573
Installing Debian GNU/Linux .......................................................................................... 574
Hardware requirements and installation planning ................................................. 574
Running the installer .............................................................................................. 575
Managing Your Debian System .........................................................................................580
Configuring network connections ..........................................................................580
Package management using APT ............................................................................583
Package management using dpkg ...........................................................................587
Installing package sets (tasks) with tasksel .............................................................589
Alternatives, diversions, and stat overrides.............................................................590
Managing package configuration with debconf ......................................................592
Summary ..........................................................................................................................592
Chapter 20: Running SUSE and openSUSE Linux . . . . . . . . . . . . . . . . . . 593
Understanding SUSE Linux Enterprise and openSUSE ....................................................595
What’s in SUSE Distributions?..........................................................................................595
Installation and configuration with YaST ...............................................................596
RPM package management .....................................................................................599
Automated software updates ...................................................................................600
Managing software with zypper ............................................................................600
Getting Support for SUSE Linux Enterprise and openSUSE ............................................. 601
Installing openSUSE ......................................................................................................... 601
Before you begin .....................................................................................................602
Starting installation ................................................................................................603
Starting with openSUSE ...................................................................................................605
Summary ..........................................................................................................................605
Chapter 21: Running KNOPPIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
KNOPPIX Features ...........................................................................................................608
Understanding KNOPPIX .................................................................................................608
Looking inside KNOPPIX .......................................................................................608
What’s cool about KNOPPIX .................................................................................. 610
Examining challenges with KNOPPIX.................................................................... 611
Seeing where KNOPPIX comes from ...................................................................... 612
Exploring uses for KNOPPIX .................................................................................. 613
Starting KNOPPIX ............................................................................................................ 614
Getting a computer ................................................................................................. 614
Booting KNOPPIX .................................................................................................. 615
Correcting boot problems ....................................................................................... 615
xx
Contents
Using KNOPPIX ...............................................................................................................620
Getting on the network ........................................................................................... 624
Installing software in KNOPPIX .............................................................................625
Summary ..........................................................................................................................626
Chapter 22: Running Yellow Dog Linux . . . . . . . . . . . . . . . . . . . . . . . . . 627
Understanding Yellow Dog Linux .....................................................................................628
Going Forward with Yellow Dog ...................................................................................... 629
Digging into Yellow Dog ................................................................................................... 629
Installing Yellow Dog Linux ............................................................................................. 631
Hardware support...................................................................................................632
Installing Yellow Dog Linux on a PowerStation ......................................................633
Updating Yellow Dog Linux ............................................................................................. 635
Support Options ............................................................................................................... 637
Summary .......................................................................................................................... 637
Chapter 23: Running Gentoo Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
Understanding Gentoo .....................................................................................................640
Gentoo’s open source spirit.....................................................................................640
The Gentoo community .......................................................................................... 641
Building, tuning, and tweaking Linux .................................................................... 641
Where Gentoo is used ............................................................................................643
What’s in Gentoo ..............................................................................................................643
Managing software with Portage.............................................................................644
Finding software packages......................................................................................644
Gentoo features ......................................................................................................645
Installing Gentoo..............................................................................................................646
Getting Gentoo .......................................................................................................646
Starting Gentoo installation from a live CD ............................................................647
Starting Gentoo installation from a minimal CD ....................................................650
Getting software with emerge .................................................................................658
Summary ..........................................................................................................................659
Chapter 24: Running Slackware Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 661
Getting into Slackware .....................................................................................................661
Characterizing the Slackware Community .......................................................................663
The Slackware creator .............................................................................................663
Slackware users ......................................................................................................665
Slackware Internet sites ..........................................................................................665
Challenges of Using Slackware .........................................................................................666
Using Slackware as a Development Platform ....................................................................667
Installing Slackware .........................................................................................................667
Getting Slackware ...................................................................................................667
New features in Slackware 13 .................................................................................668
xxi
Contents
Hardware requirements ..........................................................................................668
Starting installation ................................................................................................669
Starting with Slackware.................................................................................................... 675
Summary ..........................................................................................................................677
Chapter 25: Running PCLinuxOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
Starting with PCLinuxOS .................................................................................................680
Checking what you can do .....................................................................................680
Adding more applications .......................................................................................681
Installing PCLinuxOS ......................................................................................................683
Starting the install ..................................................................................................683
Configuring after installation .................................................................................685
Remastering PCLinuxOS ..................................................................................................685
Summary ..........................................................................................................................688
Chapter 26: Running Mandriva . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689
Mandriva Features ............................................................................................................689
Exploring Mandriva ......................................................................................................... 691
Mandriva installer (DrakX).....................................................................................692
RPM package management with RPMDrake ...........................................................693
Mandriva Linux Control Center .............................................................................694
The Mandriva Community ...............................................................................................695
Installing Mandriva Limited Edition ...............................................................................696
The right hardware for Mandriva............................................................................696
Installing Mandriva with the DrakX installer .........................................................697
Summary .......................................................................................................................... 701
Chapter 27: Running a Linux Firewall Router . . . . . . . . . . . . . . . . . . . . . 703
Understanding Firewalls ..................................................................................................704
Protecting Desktops with Firewalls .................................................................................. 705
Starting your firewall in Fedora .............................................................................. 705
Configuring a firewall in Mandriva ........................................................................ 707
Using Firewalls with iptables............................................................................................709
Starting with iptables..............................................................................................709
Using iptables to do SNAT or IP Masquerading ......................................................715
Adding modules with iptables ................................................................................ 716
Using iptables as a transparent proxy ..................................................................... 716
Using iptables for port forwarding .......................................................................... 717
Making a Coyote Linux Bootable Floppy Firewall ............................................................ 718
Creating a Coyote Linux firewall ............................................................................ 718
Building the Coyote Linux floppy ........................................................................... 719
Running the Coyote Linux floppy firewall ..............................................................725
Managing the Coyote Linux floppy firewall ............................................................726
Using Other Firewall Distributions ..................................................................................728
Summary ..........................................................................................................................729
xxii
Contents
Chapter 28: Running Bootable Linux Distributions . . . . . . . . . . . . . . . . 731
Overview of Bootable Linux Distributions .......................................................................732
Trying a Bootable Linux ...................................................................................................733
Showcasing Linux from a live CD ...........................................................................734
Security and rescue bootables ................................................................................ 735
Demonstration bootables ........................................................................................ 740
Multimedia bootables ............................................................................................. 740
Tiny desktops ......................................................................................................... 743
Special-Purpose Bootables................................................................................................ 747
Customizing a Bootable Linux.......................................................................................... 747
Building a live CD with Fedora ............................................................................... 749
Summary ..........................................................................................................................750
Part VI: Programming in Linux
751
Chapter 29: Programming Environments and Interfaces . . . . . . . . . . . . 753
Understanding Programming Environments ....................................................................754
Using Linux Programming Environments ........................................................................754
The Linux development environment ..................................................................... 755
Graphical programming environments................................................................... 763
The command-line programming environment...................................................... 769
Linux Programming Interfaces .........................................................................................770
Creating command-line interfaces ..........................................................................770
Creating graphical interfaces ..................................................................................777
Application programming interfaces.......................................................................779
Summary ..........................................................................................................................783
Chapter 30: Programming Tools and Utilities . . . . . . . . . . . . . . . . . . . . 785
The Well-Stocked Toolkit ................................................................................................. 785
Using the GCC Compiler .................................................................................................. 787
Compiling multiple source code files ......................................................................789
GCC command-line options ................................................................................... 791
Automating Builds with make ..........................................................................................792
Library Utilities ................................................................................................................795
The nm command ..................................................................................................796
The ar command..................................................................................................... 797
The ldd command...................................................................................................798
The ldconfig command ...........................................................................................799
Environment variables and configuration files .......................................................799
Source Code Control ........................................................................................................800
Source code control using RCS ...............................................................................800
Source code control with CVS ................................................................................804
xxiii
Contents
Debugging with GNU Debugger ......................................................................................808
Starting GDB...........................................................................................................808
Inspecting code in the Debugger ............................................................................ 811
Examining data ...................................................................................................... 812
Setting breakpoints................................................................................................. 814
Working with source code ...................................................................................... 815
Summary .......................................................................................................................... 815
Appendix A: Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
Appendix B: Linux History and Background . . . . . . . . . . . . . . . . . . . . . . 827
GNU General Public License (Version 2) . . . . . . . . . . . . . . . . . . . . . . . . 849
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855
xxiv
I
nsert the DVD or CD that comes with this book into a PC. Within five minutes, you’ll be
able to try out Linux with a full range of desktop applications. Within an hour, you can have
a full-blown Linux desktop or server system installed on your computer. If you are like most
of us who have been bitten by the Linux bug, you won’t ever look back.
Linux Bible 2010 Edition is here to open your eyes to what Linux is, where it came from, and
where it’s going. But, most of all, the book is here to hand you Linux and help you get started.
Because Linux is the operating system of free speech and free choice, Linux Bible gives you
choices in selecting the Linux that is right for you.
On the DVD and CD that come with this book are 18 different Linux distributions that you are
free to install, try out, and keep. You learn how those distributions are alike or different, and the
book leads you through the basics of installing and setting up your Linux system as:
A desktop computer user —You have a full range of office, music, gaming, graphics,
and other applications to use.
A Linux system administrator —Learn how to install software, use shell commands,
configure system services, and secure your computers and networks.
A Linux server administrator —Using some of the world’s best server software, you
can set up your computer to be a Web server, file server, mail server, or print server.
A software developer —You can draw on thousands of open source programming tools
to develop your own software applications.
The Linux systems you have in your hand don’t contain trialware or otherwise-hobbled software.
On the contrary, they feature software created by world-class development projects, the same
teams that build the software that powers many professional businesses, schools, home desktops,
and Internet service providers. In other words, this truly first-rate software is from developers who have made a commitment to producing software that can be used in the ways that you
choose to use it.
Most of the Linux distributions offered on the DVD and CD that come with this book are live
CDs that let you try a Linux distribution without installing. Almost all of those live CDs include
features that let you install the contents of those live CDs to your hard disk. For example, you can
try out Fedora, Gentoo, Ubuntu, openSUSE, PCLinuxOS, and Mandriva as live CDs, and then
install those distributions permanently to your hard drive from icons on the desktops of those
live CDs.
xxv
Introduction
Unlike some other books on Linux, this book doesn’t tie you to one Linux distribution. The book
teaches you the essentials of Linux graphical desktop interfaces, shell commands, and basic system administration. Separate chapters break down many of the major Linux distributions available today. Then descriptions of the major software projects in most Linux distributions (KDE
and GNOME desktops, Apache Web servers, Samba file and printer sharing, and so on) guide
you in setting up and using those features, regardless of which Linux you choose.
Understanding the Linux Mystique
This book is designed to spark your imagination about what is possible with Linux, then give you
the software and instruction to jump right into Linux. From there, the approach is to help you
learn by using it.
In the first two chapters, you’ll learn a lot of exciting ways Linux is being used today and see who
many of the major players are in the free and open source software (FOSS) world. You will see
how people are adapting Linux to run on handhelds, mini laptops, 32- and 64-bit PCs, Macs,
mainframes, and super computers. Linux is truly everywhere!
However, if you are concerned that somehow “free” software is too good to be true, skip ahead for
the moment to the brief history of Linux in Appendix B. That appendix guides you through the
strange and circuitous path of free and open source software development that led to the Linux
phenomenon.
If you are intrigued by what you learn here, I’ll tell you how you can become part of the open
source and free software communities, whose stars are known by a single name (such as Linus)
or a few initials (such as rms). You’ll find a staggering number of open source projects, forums,
and mailing lists that are thriving today (and always looking for more people to get involved).
How This Book Is Organized
Learn the basics of what goes into Linux and you will be able to use all sorts of devices and
computers in the future. The book is organized in a way that enables you to start off at the very
beginning with Linux, but still grow to the point where you can get going with some powerful
server and programming features, if you care to.
Part I includes two short chapters designed to open your eyes to what you can do with Linux,
then get your hands on it quickly. Those two chapters describe
xxvi
How others use Linux, how to transition to Linux from Windows, and how to start with
Linux using the CD and DVD inside this book (Chapter 1)
What you can do, what you can make, and what you can become with Linux (Chapter 2)
Introduction
In Part II, you start in with details on how to use Linux desktops and associated applications.
Chapters 3–7 describe
The KDE, GNOME, and other desktop interfaces (Chapter 3)
Tools for playing music and video (Chapter 4)
Desktop publishing and Web publishing using word processing, layout, drawing, and
image manipulation tools, plus tools such as wikis, blogs, and content management systems for managing content online (Chapter 5)
Applications for e-mail and Web browsing (Chapter 6)
Desktop gaming applications (Chapter 7)
In Part III, you learn how to administer Linux systems, including
Installing Linux systems (Chapter 8)
Using the shell (Chapter 9)
Doing basic administration (Chapter 10)
Connecting to the Internet (Chapter 11)
Securing your Linux system (Chapter 12)
Linux creates powerful servers, and in Part IV you learn to
Set up a Web server using Apache, MySQL, and PHP in Linux (Chapter 13)
Run a mail server (Chapter 14)
Share printers with a CUPS print server (Chapter 15)
Share files with a Samba or NFS file server (Chapter 16)
If you don’t have Linux installed yet, this book helps you understand differences in Linux distribution, then install the systems you want from the DVD and CD included in this book. Part
V (Chapters 17 through 28) describes each of those distributions and how to run them live or
install them.
If you are coming to Linux for its programming environment, Part VI provides chapters that
describe
Programming environments and interfaces (Chapter 29)
Programming tools and utilities (Chapter 30)
In addition, Appendix A tells you what’s on the DVD and CD, how to install from the DVD or
CD, and how to burn additional installation CDs from the software that comes with this book.
Appendix B provides history and background information about Linux.
xxvii
Introduction
What You Will Get from This Book
By the time you finish this book, you’ll have a good basic understanding of many of the major
features in Linux and how you can use them. If you decide then that you want to go a bit deeper,
try the Fedora 12 Bible or the Red Hat Enterprise Linux Bible (both from Wiley, 2010), with content
that includes how to set up many different types of Linux servers. You can find similar books for
other distributions.
If you are more technically oriented, Linux Troubleshooting Bible (Wiley, 2004) can be a good
way to learn more advanced skills for securing and troubleshooting Linux systems. Or a Linux
Toolbox book for Fedora, Ubuntu, BSD, or SUSE (Wiley, 2007 and 2008) can provide you with
more than 1,000 Linux command lines to help you become a Linux power user.
If you are looking for some fun, try out some projects with an old PC and free software from
Linux Toys II (Wiley, 2006).
Conventions Used in This Book
Throughout the book, special typography indicates code and commands. Commands and code
are shown in a monospaced font:
This is how code looks.
In the event that an example includes both input and output, the monospaced font is still used,
but input is presented in bold type to distinguish the two. Here’s an example:
$ ftp ftp.handsonhistory.com
Name (home:jake): jake
Password: ******
As for styles in the text:
New terms and important words appear in italics when introduced.
Keyboard strokes appear like this: Ctrl+A.
Filenames, URLs, and code within the text appear like so: persistence.properties.
The following items call your attention to points that are particularly important.
Note
A Note box provides extra information to which you need to pay special attention. Tip
A Tip box shows a special way of performing a particular task. xxviii
www.allitebooks.com
Introduction
Caution
A Caution box alerts you to take special care when executing a procedure, or damage to your computer hardware or software could result. Cross-Reference
A Cross-Reference box refers you to further information on a subject that you can find outside the current
chapter. Coming from Windows
A Coming from Windows box provides tips to help you transfer your knowledge of Windows systems to the
Linux world. The On the CD and On the DVD icons point out features related to the media that accompany
the book.
xxix
Part I
Getting off the
Ground with Linux
IN THIS PART
Chapter 1
Starting with Linux
Chapter 2
Linux Projects, Activities, and
Careers
CH APTER
Starting with Linux
W
ith Linux, you are free to erase your computer’s entire hard disk
and run nothing but free (as in freedom) software on it. As an
alternative, you could run Linux from a live CD (ignoring your
computer’s contents without changing them) or install Linux to dual boot
with your Windows or Mac OS X system as you choose. The bottom line is
that with Linux you are free to do as YOU choose with your computer.
In only a few years, Linux has advanced from being considered a specialty operating system into the mainstream. Precompiled and configured Linux systems can be installed with no technical expertise.
Versions of Linux run on all kinds of devices, from PCs to handhelds (see
www.linuxdevices.com) to game consoles (such as PlayStation 3) to
supercomputers to Mars rovers. In short, Linux has become a system that
almost anyone can run almost anywhere.
On both desktop and server computers Linux has become a formidable
operating system across a variety of business applications. Today, large
enterprises can deploy thousands of systems using Linux distributions from
companies such as Red Hat, Inc. and Novell, Inc. Small businesses can put
together the mixture of office and Internet services they need to keep their
costs down.
The free and open source software (FOSS) development model that
espoused sharing, freedom, and openness is now on a trajectory to surpass the quality of other operating systems outside of the traditional Linux
servers and technical workstations. What were once weak components of
Linux, such as easy-to-use desktops, multimedia codecs and limited driver
availability, have improved at a rapid pace. In areas of security, usability,
connectivity, and network services, Linux has continued to improve and
outshine the competition.
3
IN THIS CHAPTER
Getting started with Linux
Understanding Linux
Linux features and advantages
Part I: Getting off the Ground with Linux
Computer industry heavy-hitters such as Microsoft and Oracle have taken notice of Linux.
Microsoft has struck agreements with Linux companies including Novell and Xandros to form
partnerships that primarily protect those companies against threatened Microsoft lawsuits.
Oracle began producing its own enterprise-targeted Linux system to try to stem the flow of customers to Red Hat Enterprise Linux.
What does this all add up to? A growing swirl of excitement around the operating system that the
big guys can’t seem to get rid of. For people like yourself, who want the freedom to use your computer software as you like, it means great prospects for the future.
Let this book help you grab your first look at the distributions, applications, services, and community that make up the phenomenon that has become Linux.
Taking Your First Step
In your hands, you have 18 different Linux distributions (on CD and DVD), thousands of applications, and descriptions for getting it all running on your own computer. For you right now, the
worldwide Linux phenomenon is just a reboot away.
Linux Bible 2010 Edition brings you into the world of free and open source software that, through
some strange twists and turns, has fallen most publicly under the “Linux” banner. Through
descriptions and procedures, this book helps you
Understand what people do with Linux and how you can use Linux for all your computing tasks.
Sort through the various distributions of Linux to choose one (or more) that is right
for you. You get several Linux systems on this book’s CD and DVD. (Linux is all about
choice, too!)
Try out Linux as a desktop computer, server computer, or programmer’s workstation.
Become connected to the open source software movement, as well as many separate
high-quality software projects that are included with Linux.
What comes in Linux systems?
Whether you are using Linux for the first time or just want to try out a new Linux distribution, Linux Bible 2010 Edition is your guide to using Linux and the latest open source technology. Although different Linux distributions vary in the exact software they include, this book
describes the most popular software available for Linux to
4
Manage your desktop (menus, icons, windows, and so on)
Listen to music, watch video, and store and arrange digital photos
Create, lay out, manipulate, and publish documents and images on paper or on the Web
Chapter 1: Starting with Linux
Browse the Web and send e-mail
Play games
Find thousands of other open source software packages you can get for free
Because most Linux distributions also include features that let them act as servers (in fact, that’s
one of the things Linux has always been best at), you’ll also learn about software available for
Linux that lets you do the following:
Connect to the Internet or other network
Use Linux as a firewall and router to protect and manage your private network
Run a Web server (using Apache, MySQL, and PHP)
Run a mail server (using Exim, Sendmail or other mail transfer agent)
Run a print server (using Samba or CUPS)
Run a file server (using vsFTPd or Samba)
Use the exact same enterprise-quality software used by major corporations (such as
Google and Amazon.com), universities, and businesses of all sizes
This book guides you through the basics of getting started with these Linux features, plus many
more. After you’ve been through the book, you should be proficient enough in the basics to
track down answers to your more advanced questions through the volumes of man pages, FAQs,
HOWTOs, and forums that cover different aspects of the Linux operating system.
To get started with Linux right now, all you need is a standard PC with a bootable CD or DVD drive.
What do you need to get started?
Although Linux runs great on many low-end computers (even some old 486s and early
Pentiums), if you are completely new to Linux, I recommend that you start with a PC that has a
little more muscle. Here’s why:
Full-blown Linux operating systems with complete GNOME or KDE desktop environments (see Chapter 3) perform poorly on slow CPUs and less than the recommended
amount of RAM. The bells and whistles come at the price of processing power. Lighterweight options (such as the Xfce or LXDE desktop environments) often run well on
computers that have limited resources, but they may offer fewer features.
You can use streamlined graphical Linux installations that fit on small hard disks (as
small as 100MB) and run fairly well on slow processors. Also, small live CD Linux distributions, such as Damn Small Linux (DSL), can be copied to hard disk and run from
there (read about some of these small “bootables” in Chapter 28). The 50MB DSL desktop
system can run fine on old Pentium machines with little RAM. But if you want to add
some of the more demanding applications to these small systems, such as OpenOffice.org
office applications, you will find you need more than minimal computer hardware.
5
Part I: Getting off the Ground with Linux
If you are starting with a Pentium II, 400 MHz, your desktop will run slowly in default KDE or
GNOME configurations with less than 128MB of RAM. A simpler desktop system, with just X
and a window manager, will work, but won’t give you the full flavor of a Linux desktop. (See
Chapter 3 for information about different desktop choices and features.)
The good news is that cheap desktop PCs or netbooks that you can buy from big box retailers
start at less than $200. Those systems will perform better than most PCs you have laying around
that are more than a few years old, and some even come with Linux pre-installed. The bottom
line is that the less you know about Linux, the more you should try to have computer hardware
that is up to spec to have a pleasant experience.
Starting right now
If you are anxious to get started, insert either the DVD or CD accompanying this book into the
appropriate drive on your PC and reboot. When you see the boot screen, press Enter. When the
DVD or CD boots, the following happens, respectively:
KNOPPIX starts up. A fully functional KNOPPIX desktop Linux system will boot
directly from the DVD. From that Linux system, you can do everything you would
expect to do from a modern desktop computing system: write documents, play music,
communicate over the Internet, work with images, and so on. If you have a wired
Ethernet connection that connects to the Internet when you started up Windows, most
likely it will also connect automatically when KNOPPIX starts.
Damn Small Linux starts up. This small, amazing desktop-oriented Linux system
starts up directly from the CD that comes with this book. Besides being expandable and
adaptable, DSL runs on everything from low-end PCs to powerful workstation hardware
while being small enough to fit on a mini CD (it’s only about 50MB in size).
What you have in front of you is a functioning desktop system that you can install to your hard
disk to use permanently, if you like. You can choose to add software from among thousands of
software packages available for Linux. Depending on your Linux system, installing extra software
might just take a few clicks.
The next sections step you through a few things you can do with KNOPPIX and Damn Small Linux.
Trying KNOPPIX
When KNOPPIX starts up, you bypass a login screen and go directly to a Lightweight X11
Desktop Environment (LXDE) that is loaded with free software for you to try. Figure 1-1 shows
an example of the KNOPPIX LXDE desktop with desktop effects enabled. The image shows a
window exploding as it is closed.
Note
If you have any trouble starting KNOPPIX, see Chapter 21 for descriptions of boot options to help you overcome certain problems (such as a garbled screen or hanging when certain hardware is encountered). That
chapter also describes other KNOPPIX features. 6
Chapter 1: Starting with Linux
FIGURE 1-1
The KNOPPIX live Linux CD contains the KDE desktop and hundreds of applications.
Here is a quick tour of the KNOPPIX desktop:
Browsing—Select the Web Browser icon from the bottom panel to open the IceWeasel
browser. The IceWeasel browser is a version of the Firefox Web browser that was
rebranded by the Debian project (http://geticeweasel.org).
Managing files —Select the My Documents icon from the desktop. A PCMan File
Manager window opens to show your home folder (/home/knoppix). You will typically
save files and folders to your home folder. Because you are running KNOPPIX as a live
CD, any files you create will be lost when you reboot if you don’t explicitly save them.
Chapter 21 describes how to make a persistent desktop, so you can save the files you
create in KNOPPIX permanently.
7
Part I: Getting off the Ground with Linux
Accessing disks —A live CD, such as KNOPPIX, is designed to run without touching
the contents of your hard disk. However, if you have something on your hard disk you
want to use with KNOPPIX (such as a music file or document), KNOPPIX makes doing
it easy.
Entries appear in the left column of the file manager, representing every partition on
your hard disk, as well as detected removable media (such as a USB flash drive). In
Figure 1-1, Volume entries represent several partitions on your hard disk. Select an icon
to display the contents of the partition in that file manager window. To add content to
that disk partition, simply drag and drop files from the desktop, or copy, move, or otherwise create files from the shell.
Special Knoppix features —Because of the temporary nature of a live CD, you have to
configure settings each time you boot, unless you take steps to save those settings. From
the LXDE icon on the left side of the bottom panel, you can see a menu of selections to
do special things to make KNOPPIX run from your hard disk. Select System Tools ➪
KNOPPIX HD Install to install KNOPPIX so you can run it from your hard disk.
Other KNOPPIX features are also available from that menu. You can select Install
Components to add non-free software, such as Flash plug-ins or Windows fonts.
Chapter 21 describes other KNOPPIX features.
Running Applications —Select the LXDE icon from the lower-left corner of the panel
to see a menu of available applications. Choose Office to select from several OpenOffice.
org office applications for writing documents, using spreadsheets, drawing pictures,
and building presentations. Try out some communications applications, such as Icedove
mail reader and Pidgin Internet Messenger, from the Network menu.
When you are done trying KNOPPIX, select Log Out from the LXDE menu and choose Shut
Down. After KNOPPIX shuts down, it ejects the disc. After you remove the disc, you can use
your computer again with whatever operating system you have installed there.
Trying Damn Small Linux
Because Damn Small Linux (DSL) is based on KNOPPIX, you may notice some similarities. DSL
is smaller and faster, however, so you should get to the DSL desktop screen quicker. Instead of
LXDE, the DSL desktop features a simple window manager. Figure 1-2 shows an example of a
Damn Small Linux desktop with several applications open.
Note
Many of the same boot options that come with KNOPPIX will work with DSL, so check Chapter 21 if you have
trouble booting DSL. For other descriptions of DSL, see Chapter 28. 8
www.allitebooks.com
Chapter 1: Starting with Linux
FIGURE 1-2
Damn Small Linux provides an efficient desktop Linux.
Here are some things to try on your DSL desktop:
Web browsing—With an active wired Internet connection, you should be able to connect to the Internet automatically when DSL boots up. The Dillo Web browser opens to
a page of basic DSL information. Continue to browse the Web from Dillo, or open the
Firefox icon from the desktop to browse with Firefox instead.
Install applications —Open the MyDSL icon from the desktop and then, when
prompted, download the applications database. After that, select categories from the left
column to look through listings of hundreds of applications you can add to DSL. When
you find one you like, choose Install Selected to download and install it.
9
Part I: Getting off the Ground with Linux
Check out the desktop —On the desktop itself, view information about your computer
(CPU Usage, RAM, Swap, file systems, and so on) in the upper-right corner. Select DSL
in the lower-left corner of the bottom panel to see a menu of available applications. Then
try a few applications. You can view the same menu by right-clicking on the desktop.
Change settings —Select Setup from the main menu to adjust the date and time,
change your desktop theme, configure your X display server, or set up a wireless or dialup Internet connection.
Control the system—Select System from the menu and choose Control Panel. From the
Control Panel that appears, you can configure your printer, back up your fi les (remember that files disappear at reboot with live CDs if you don’t save them to disk or removable media), or start login (SSH) or FTP services. Return to the main menu and select
Apps ➪ Tools to do some cool, specialized DSL features, such as install to hard disk or
portable USB flash drive (pendrive). You can also remaster a MyDSL CD or make a boot
floppy.
Trying applications —Figure 1-2 shows a couple of applications open on the DSL desktop. Open the MyDSL folder to see application packages you can install (shown upper
left). Select Apps ➪ Net to see applications you could use to access the Internet (such as
email clients, web browsers and instant messaging clients).
Select the Exit icon from the desktop and choose Shutdown or Reboot to exit from DSL. Notice
that the Backup box is selected. With that box selected, DSL gives you the option to save your
files and settings (provided you set up a location to back up your files earlier from the Control
Panel). With that information saved, the next time you boot DSL from that computer, you have
those files and settings available.
Trying other Linux distributions
Of course you can try many other Linux distributions from the CD and DVD that come with
this book besides KNOPPIX and Damn Small Linux. Ubuntu has a large, active following and
can be run live from the DVD. Try Fedora or openSUSE if you want to try a Linux system that
is being prepared for enterprise distros (Red Hat Enterprise Linux and SUSE Linux Enterprise,
respectively).
Gentoo and Slackware often appeal to technically oriented users. On small machines, distros
such as Puppy Linux or BackTrack may interest you. See Appendix A for information on these
and other Linux systems included with this book.
Understanding Linux
People who don’t know what Linux is sometimes ask me whether it’s a program that runs on
Microsoft Windows. When I tell them that Linux is, itself, an operating system like Windows and
that they can remove (or never purchase) Windows, I sometimes get a surprised reaction, “A PC
can run with nothing from Microsoft on it?” The answer is yes!
10
Chapter 1: Starting with Linux
The next question about Linux is often, “How can Linux be free?” Although the full answer to
that is a bit longer (and covered later), the short answer is, “Because the people who write the
code license it to be freely distributed.” Keep in mind, however, that the critical issue relating to
the word “free” is “freedom,” meaning that you are free to rebuild, reuse, reconfigure, and otherwise do what you like with the code. The only major responsibility is that if you change the software, you pass it forward so that others may benefit from your work as well.
Linux is a full-blown operating system that is a free clone of the powerful and stable UNIX operating system. Start your computer with Linux, and Linux takes care of the operation of your PC
and manages the following aspects of your computer:
Processor —Because Linux can run many processes from many different users at the
same time (even with multiple CPUs on the same machine), Linux needs to be able to
manage those processes. The Linux scheduler sets the priorities for running tasks and
manages which processes run on which CPUs (if multiple processors are present). You
can tune the scheduler differently for different types of Linux systems. If the scheduler
is tuned properly, the most important processes get the quickest responses from the
processor. For example, a Linux scheduler on a desktop system gives higher priority
to things such as moving a window on the desktop than it does to a background file
transfer.
Memory—Linux tries to keep processes with the most immediate need in RAM, while
managing how processes that exceed the available memory are moved to swap space.
Swap space is a defined area on your hard disk that’s used to handle the overflow of running processes and data. When RAM is full, processes are placed in swap space. When
swap space is full (something that you don’t want to happen), new processes can’t start up.
Devices —Linux supports thousands of hardware devices, yet keeps the kernel a manageable size by including only a small set of drivers in the active kernel. Using loadable modules, the kernel can add support for other hardware as needed. Modules can
be loaded and unloaded on demand, as you add and remove hardware. (The kernel,
described in detail a bit later on, is the heart of a Linux operating system.)
File systems— File systems provide the structure in which files are stored on hard disk,
CD, DVD, floppy disks, or other media. Linux knows about different file system types
(such as Linux ext3 and reiserfs file systems, or VFAT and NTFS from Windows systems) and how to manage them.
Security—Like UNIX, Linux was built from the ground up to enable multiple users to
access the system simultaneously. To protect each user’s resources, every fi le, directory,
and application is assigned sets of read, write, and execute permissions that define who
can access them. In a standard Linux system, the root user has access to the entire system, some special logins have access to control particular services (such as Apache for
Web services), and users can be assigned permission individually or in groups. Recent
features such as Security Enhanced Linux and AppArmor enable more refined tuning
and protection in highly secure computing environments.
11
Part I: Getting off the Ground with Linux
What I have just described are components that are primarily managed by what is referred to as
the Linux kernel. In fact, the Linux kernel (which is still maintained by Linus Torvalds, who created the Linux kernel as a graduate student in Finland) is what gives Linux its name. The kernel
is the software that starts up when you boot your computer and interfaces with the programs you
use so they can communicate effectively and simply with your computer hardware.
Note
See Appendix B for historic details on how the kernel and other free software came together to create the
Linux phenomenon. Components such as administrative commands and applications from other free and open source
software projects work with the kernel to make Linux a complete operating system. The GNU project (www.gnu.org), in particular, contributed many implementations of standard UNIX components that are now in Linux. Apache, KDE, GNOME, and other major open source projects in Linux
have also contributed to the success of Linux. (See Chapter 2 for an explanation of how open source
projects work and how you can get involved in them.) Those other projects added such things as
Graphical user interfaces (GUIs) —Consisting of a graphical framework (typically the
X Window System), window managers, panels, icons, and menus. GUIs enable you to
use Linux with a keyboard and mouse combination, instead of just typing commands
(as was done in the old days).
Administrative utilities —Including hundreds (perhaps thousands) of commands and
graphical windows to do such things as add users, manage disks, monitor the network,
install software, and generally secure and manage your computer.
Applications —Although no Linux distribution includes all of them, literally thousands
of games, office productivity tools, Web browsers, chat windows, multimedia players,
and other applications are available for Linux.
Programming tools —Including programming utilities for creating applications and
libraries for implementing specialty interfaces.
Server features —Enabling you to offer services from your Linux computer to another
computer on the network. In other words, while Linux includes Web browsers to view
Web pages, it can also be the computer that serves up Web pages to others. Popular
server features include Web, mail, database, printer, file, DNS, and DHCP servers.
After Linus Torvalds and friends had a working Linux kernel, pulling together a complete open
source operating system was possible because so much of the available “free” software was
12
Covered by the GNU Public License (GPL) or similar license —That allowed the
entire operating system to be freely distributed, provided guidelines were followed
relating to how the source code for that software was made available going forward (see
http://www.gnu.org/licenses/gpl.html).
Based on UNIX-like systems —Clones of virtually all the other user-level components
of a UNIX system had been created. Those and other utilities and applications were
built to run on UNIX or other UNIX-like systems.
Chapter 1: Starting with Linux
Linux has become one of the most popular culminations of the open source software movement.
But the traditions of sharing code and building communities that made Linux possible started
years before Linux was born. You could argue that it began in a comfortable think tank known as
Bell Laboratories. Read Appendix B to learn more about the history of Linux.
Leveraging work done on UNIX and GNU projects helped to get Linux up and running quickly.
The culture of sharing in the open source community and adoption of a wide array of tools for
communicating on the Internet have helped Linux to move quickly through infancy and adolescence to become a mature operating system.
The simple commitment to share code is probably the single most powerful contributor to the
growth of the open source software movement in general, and Linux in particular. That commitment has also encouraged involvement from the kind of people who are willing to contribute
back to that community in all kinds of ways. The willingness of Linus Torvalds to incorporate
code from others in the Linux kernel has also been critical to the success of Linux.
What’s So Great About Linux?
If you have not used Linux before, you should expect a few things to be different from using
other operating systems. Here is a brief list of some Linux features that you might fi nd cool:
No constant rebooting—Uptime is valued as a matter of pride (remember, Linux and
other UNIX systems are most often used as servers, which are expected to, and do, stay
up 24/7/365). After the original installation, you can install or remove most software
without having to reboot your computer for almost any software besides the kernel itself.
Start/stop services without interrupting others —You can start and stop individual
services (such as Web, file, and e-mail services) without rebooting or even interrupting
the work of any other users or features of the computer. In other words, you should not
have to reboot your computer every time someone sneezes. (Installing a new kernel is
just about the only reason you need to reboot.)
Portable software —You can usually change to another Linux, UNIX, or BSD system
and still use the exact same software! Most open source software projects were created
to run on any UNIX-like system and many also run on Windows systems, if you need
them to. If it won’t run where you want it to, chances are that you, or someone you hire,
can port it to the computer you want. (Porting refers to modifying an application or
driver so it works in a different computer architecture or operating system.)
Downloadable applications —If the applications you want are not delivered with your
version of Linux, you can often download and install them with a single command,
using tools such as apt, urpmi, and yum.
No settings hidden in code or registries —After you learn your way around Linux,
you’ll find that (given the right permissions on your computer) most configuration
is done in plain text files that are easy to find and change. In recent years, simplified
graphical interfaces have been added to make working with configuration files even
13
Part I: Getting off the Ground with Linux
easier. Because Linux is based on openness, nothing is hidden from you. Even the
source code, for GPL-covered software, is available for your review.
Mature desktop —The X Window System (providing the framework for your Linux
desktop) has been around longer than Microsoft Windows. The KDE and GNOME
desktop environments provide graphical interfaces (windows, menus, icons, and so
forth) that rival those on Microsoft systems. You have the freedom to choose lightweight
window managers instead as well. Ease-of-use problems with Linux systems are rapidly
evaporating.
Freedom —Linux, in its most basic form, has no corporate agenda or bottom line to
meet. You are free to choose the Linux distribution that suits you, look at the code that
runs the system, add and remove any software you like, and make your computer do
what you want it to do. Linux runs on everything from supercomputers, to cell phones,
and everything in between. Many countries are rediscovering their freedom of choice
and making the switch at government and educational levels. France, Germany, Korea,
and India are just a few that have taken notice of Linux. The list continues to grow.
Some aspects of Linux make it hard for some new users to get started. One is that Linux is typically set up to be secure by default, so you must adjust to using an administrative login (root) to
make most changes that affect the whole computer system. Although this can be a bit inconvenient, trust me, it makes your computer safer than just letting anyone do anything. This model
was built around a true multi-user system. You can set up logins for everyone who uses your
Linux computer, and you (and others) can customize your environment however you see fit without affecting anyone else’s settings.
For the same reason, many services are off by default, so you need to turn them on and do at
least minimal configuration to get them going. For someone who is used to Windows, Linux can
be difficult just because it is different from Windows. But because you’re reading this book, I
assume you want to learn about those differences.
Summary
Getting started with Linux can be as easy as inserting the CD or DVD accompanying this book
into your PC and rebooting. Using that media, you can try out 18 different Linux systems, either
live or by installing them to hard disk.
You can use Linux as a desktop system (like Microsoft Windows); as a Web, file, or print server;
or as a programmer’s workstation. You have a lot of flexibility when it comes to how Linux is configured and what software you install and run on it.
Because you are free to use open source software as you please, many Linux enthusiasts have
come up with interesting and innovative ways to use Linux and benefit from it. Chapter 2
describes what you can do with Linux, what you can make with Linux, and what you can
become with Linux.
14
CH APTER
Linux Projects,
Activities, and Careers
T
he primary objective of this book is to lead you through the most
popular ways of using Linux as a desktop, server, or programmer’s
workstation. After you become comfortable using Linux, however,
you’ll begin to see that these uses are just the tip of the iceberg.
Remember that you can modify, rebuild, and reuse free and open source
software as you please. This means that you can piece together the projects
you like to build the Linux system you want. You could even modify it to
run on different types of hardware. To those ends, you can join together
with others of like mind to produce software that might be too ambitious to
build by yourself.
So, before we head full-speed into the how-to portions of the book, this
chapter sets out to spark your imagination and open your eyes to
What you can make with Linux—With free software and a spare
PC you can make stand-alone gadgets, such as a music jukebox,
game console, telephone answering machine, or home network
server. NASA straps Linux on its moon rovers to guide their movements. Some schools use the Linux Terminal Server Project to
drive hundreds of old or cheap PCs from a single server. What sort
of projects can you come up with?
How you can get involved with Linux—For many Linux enthusiasts, Linux is more than just their computer system. It is what
they believe in. It is what they fight for. It is what consumes them.
If Linux stirs you up, you have many ways to contribute to open
source software projects and advocate the use of free software.
What you can become with Linux—Just because Linux is “free”
doesn’t mean that you can’t make any money from it. Some small
15
IN THIS CHAPTER
What you can do with Linux
What you can make with Linux
How you can become involved
with Linux
Part I: Getting Off the Ground with Linux
businesses use Linux for all their office and Web software needs. Linux enterprise
software is used to drive thousands of workstations and servers in many major corporations. If you are interested in using Linux as a profession, you can get training and certification to become a skilled participant in the open source revolution.
Making Things with Linux
To start thinking about the kinds of things you can make or do with Linux, all you have to do is
look around you. Linux may already be in your handheld device, in your personal video recorder,
and (almost certainly) running your search engine or favorite Web site.
Many people, schools, and companies have adapted Linux in all kinds of fun, educational, and
profitable ways. Some have stripped Linux down to its bare essentials (an embedded Linux kernel, a shell, and a few drivers) and added their own software to use Linux in communications
devices and robots. Others have put together their own set of software to accomplish a specific
goal, such as a kid-safe computer or a portable Web server.
This section describes some fun and interesting ways that people have adapted Linux to suit their
needs.
Linux in outer space
When NASA’s Mars Exploration Rovers named Spirit and Opportunity are tooling around Mars
and sending back images and data, Linux is driving the rovers in everything from high-level
planning to low-level simulation and visualization. NASA chose Linux because of graphics and
processor speed, as well its stability and the myriad of software tools available for it.
NASA developed the Roving Sequencing and Visualization Program (RSVP) application suite in
Linux to command the Mars rovers, and then tested and deployed that system on Linux as well.
In that suite, the Rover Sequence Editor (RoSE) lets NASA send spacecraft commands to the rovers while HyperDrive offers three-dimensional graphics for controlling the rover (such as moving
the arms, driving the vehicles and controlling imaging).
Figure 2-1 shows a computer-generated image produced by NASA of how the Mars Exploration
Rover appears on Mars.
The Linux system running on each rover is an embedded Linux real-time operating system from
TimeSys (www.timesys.com). The RoSE application (for passing messages) was written in Java,
whereas HyperDrive elements (image viewer and sequence flow browser) are written in C++ and
C languages. An article in Linux Journal by NASA scientists Frank Hartman and Scott Maxwell
describes in depth how Linux was used on the Mars Rover project (www.linuxjournal.com/
article/7570).
16
Chapter 2: Linux Projects, Activities, and Careers
FIGURE 2-1
Mars Exploration Rovers (MER) gather data, send images, and move around Mars from onboard Linux
systems.
(Photo by NASA)
Spirit landed on Mars on January 4, 2004 and Opportunity landed on January 25. Both were still
in operation after more than five years, at the time of this writing. If you are interested in following the progress of the Mars Exploration Rover Mission, refer to the project’s Web site at the
NASA Jet Propulsion Laboratory (http://marsrovers.jpl.nasa.gov).
Linux in gadgets
Lots of commercial communications, entertainment, and other kinds of gadgets have Linux running on the inside. Linux makes an excellent operating system for these specialty devices, not
only because of its cost, but also because of its stability and adaptability.
Linux enthusiasts love these devices, referred to as embedded Linux systems, because they can
often adapt, add, or run different Linux software on these devices (whether the manufacturer
intended that or not). More and more, however, manufacturers are embracing the Linux enthusiast and hardware hacker and selling open devices for them to use. Here are some examples:
Mobile Phones —OpenMoko (www.openmoko.com) produces mass-market mobile
phones, such as the Neo FreeRunner, that are based on Linux. Like the software, the
FreeRunner’s hardware also follows an open design. Although the phone is intended
for general consumer use, the phone’s software is currently most appropriate for people
who want to develop their own software for the phones. Figure 2-2 shows an example of
the Neo FreeRunner.
17
Part I: Getting Off the Ground with Linux
FIGURE 2-2
Modify software to use the Linux Neo FreeRunner as a phone, GPS device, clock, game player, and media
player.
Motorola, OpenMoko, and Tranzda Technologies each offer multiple Linux-based
mobile phones. Phone models running Linux on the inside include the Motorola Rokr
EM30 (emphasizing music playing), Tranzda Technologies NewPlus phones (with WiFi,
GPS, and a camera), Purple Labs Purple Magic phones (sub-$100 phone), and Grunig
B700 (with keyboard and e-mail support).
Sony PlayStation—Not only can you install and run Linux on PlayStation, but Sony
encourages you to do it. In 2002, Sony released Linux Kit for PlayStation 2. Included
in that kit is a derivative of the Japanese Kondara MNU/Linux (which is based on Red
Hat Linux). For PlayStation 3, several Linux distributions have been modified (ported)
to run on that hardware, including Fedora, OpenSUSE, Ubuntu, Gentoo, Debian, and a
commercial Yellow Dog Linux product for PlayStation 3. (See Chapter 22 for a description of Yellow Dog Linux.)
Personal Video Recorders (PVR) —If you have a TiVo PVR or a set-top for streaming
video from Netflix, you are already running Linux in your home. The Netflix PVR is
from Roku, Inc. (www.roku.com), which produces a range of Linux-based media players. TiVo has produced Linux-based PVRs for years. The availability of the TiVo Linux
source code (www.tivo.com/linux) has made TiVo one of the most popular devices
for Linux enthusiasts to hack.
Netbooks —Shrinking laptops with shrinking prices have led to Netbooks. These
mini laptop computers have proven to be excellent devices for running Linux. With
low-powered processors and small screens, Netbooks provide a good partnership with
Linux systems that are tuned for these compact, efficient devices.
18
www.allitebooks.com
Chapter 2: Linux Projects, Activities, and Careers
The Asus Eee PC is one of the most popular Netbooks available today. Many Asus Eee
PCs have been sold with Xandros Linux preinstalled. However, industrious Linux
enthusiasts have created ports of Fedora, Ubuntu, and other Linux distributions to run
on the Eee PC. The Acer Aspire One is another popular netbook. Figure 2-3 shows an
Eee PC with Fedora Linux running on it.
FIGURE 2-3
An Asus Eee PC can run specially tuned Fedora or other Linux systems.
Personal handheld devices —A whole range of personal digital assistants (PDAs), portable navigation devices (PNAs), and portable media players (PMPs) are available today
with Linux inside. The Garmin Nuvi (models 860, 880, and 5000) GPS navigation
devices feature GNOME Mobile Linux and GeoClue location technology. The Samsung
i70 combines a digital camera with a personal media player built on MontaVista Linux.
Inside the Sony mylo Internet Device is the Qtopia Linux system, which lets you connect to WiFi networks, play Adobe Flash video and games, and even record video.
A good place to learn about these and other devices that run Linux is the LinuxDevices site
(www.linuxdevices.com).
Linux in projects
Whole open source projects have been devoted to special-use Linux systems. These projects may
be focused on doing one type of activity very well (like building a multimedia center) or solving a
problem (like dwindling school computer budgets). Here are some examples of ways people have
brought together open source software that you might find interesting:
19
Part I: Getting Off the Ground with Linux
MythTV (www.mythtv.org)—When it comes to open source personal video recorder
(PVR) projects, MythTV leads the way. Like most PVRs, MythTV lets you gather TV
channel listings for your area, select shows you want to view or record, and play back
recorded shows when you are ready. Beyond that, MythTV lets you pause, fast forward, and rewind live TV, skip commercials, and choose from different types of video
compression.
By integrating other open source software into the MythTV interface, you can do a lot
of things you wouldn’t expect to do with a PVR. You can rip and play MP3, FLAC, Ogg,
and CD audio files and group them into playlists. You can use MAME and other gaming console applications to play games. MythTV also includes an image viewer, weather
module, and RSS newsfeeder.
Mythbuntu (www.mythbuntu.org) and MythDora (www.mythdora.com) projects
are available to configure MythTV on a particular Linux distribution. KnoppMyth
(www.knoppmyth.net) provides an easy-to-install Knoppix-based MythTV version.
Figure 2-4 shows an example of the main MythTV screen.
FIGURE 2-4
Manage your TV viewing, recording, and playback with MythTV.
20
Chapter 2: Linux Projects, Activities, and Careers
Linux Terminal Server Project (www.ltsp.org)—Using a central server and possibly hundreds of low-end PCs or thin clients, you can create a cost-effective way to fill
a school or small business with Linux workstations. Client computers don’t need much
power because they essentially just run the display, keyboard, and mouse. The server
actually stores data, runs applications, and provides access to network devices and other
hardware. (The K12 LTSP project is described later in this chapter.)
Asterisk Telephony Project (www.asterisk.org)—Asterisk is an open source telephony project that includes a PBX telephony engine and related applications and tools.
With Asterisk, you can create an IP or hybrid PBX that can communicate to callers over
the Internet (or other IP networks), analog telephone service, or digital T1 lines. A huge
range of features lets you set up call centers, create conference bridges, and manage
voicemail.
Linux Toys and Make (www.linuxtoys.net and http://makezine.com)—If you
like to tinker, there are places you can go to find instructions for putting together your
own free software and random hardware projects. The books Linux Toys and Linux
Toys II (Wiley Publishing) contain instructions to build your own gaming console,
weather monitor, home network server, and so on from free software and an old PC.
Make Magazine and its Web site describe many projects that include open source software, such as building a supercomputer from dozens of old PCs and ParallelKnoppix or
turning an old PC into an Internet-enabled DVD burner, CD player, and MP3 Jukebox
that’s based on KNOPPIX.
As you can see, a lot of people have already gone to the trouble of putting together fun and interesting projects that you can replicate on your own. And, of course, you can always be creative
and come up with your own projects, while drawing on the massive amounts of open source software available.
Getting Involved with Linux
Using and playing with Linux is great fun. Connecting up with others who share your joy in
Linux can make the whole Linux experience that much better. So if you want to go beyond just
using Linux and become someone who improves it and spreads the word, here are some things
you can do:
Join a Linux User Group (LUG) or Linux community
Contribute to an open source project
Ask or answer questions at online Linux forums
Connect to a Linux IRC chat room
Activity in the Linux and the open source communities has grown so dramatically in recent
years that many diverse outlets exist for learning and getting to know other Linux enthusiasts.
21
Part I: Getting Off the Ground with Linux
Likewise, if you find that Linux is something you enjoy and want to help to flourish in the future,
you can become a Linux advocate in a variety of ways.
Joining a Linux User Group
Linux User Groups (LUGs) have sprung up all over the world. Many LUGs sponsor Linux installfests (where members help you install the Linux of your choice on your computer) or help nonprofit groups and schools use Linux on older computers that will no longer support the latest
Microsoft Windows software. Here are some places to help you track down a local LUG:
Google (www.google.com/linux)—I found both of the LUGs I’ve been associated
with by using Google to search for the word “Linux” and the city closest to where I was
living.
Linux Meetup Groups (linux.meetup.com)—Enter your ZIP code to search for the
nearest LUG in your area.
Linux Online (www.linux.org/groups)—Offers a large, international list of Linux
User Groups. Select your country to see a list of available groups.
If no Linux User Group is in your area, you might consider starting one. To get information on
what LUGs are all about and some suggestions about starting one, refer to the Linux User Group
HOWTO (www.tldp.org/HOWTO/User-Group-HOWTO.html).
Joining Linux communities
Communities of professionals and enthusiasts have grown around Linux and its related open
source projects. Many have shown themselves willing to devote their time, knowledge, and skills
on public mailing lists, forums, Wikis, and other Internet venues (provided you ask politely and
aren’t too annoying).
Free online forums have sprung up to get information on specific Linux topics. Popular general Linux forums are available from www.LinuxQuestions.org, www.LinuxForums.org,
and www.LinuxHelp.net. Most major Linux distributions have associated mailing lists and
forums. You can go directly to the Web sites for the Red Hat–sponsored Fedora Linux (http://
fedoraproject.org/), Debian (www.debian.com), Ubuntu (http://ubuntuforums.org),
Gentoo (www.gentoo.org), and others to learn how to participate in forums and contribute to
those projects.
Companies and groups supporting Linux
Some companies and organizations make important contributions to Linux and open source software. Here are some of the most prominent ones:
22
SourceForge (web.sourceforge.com)—This organization maintains the open
source development site Freshmeat (freshmeat.net) as well as SourceForge
Chapter 2: Linux Projects, Activities, and Careers
(www.sourceforge.net). It also maintains information technology sites, such as
Slashdot (slashdot.org), NewsForge (www.newsforge.com), and Linux.com
(www.linux.com).
IBM (www.ibm.com/linux)—Because IBM has been the recipient of the lion’s share
of lawsuits against Linux and done a lot to further Linux, especially in the enterprise
area, it deserves a mention here. Many good resources for Linux exist at IBM’s Web site,
including some excellent white papers covering Linux in business.
Ibiblio (www.ibiblio.org)—Contains a massive archive of Linux software and documentation (www.ibiblio.org/pub/linux).
Software Freedom Law Center (www.softwarefreedom.org)—This organization provides legal representation for most of the major free and open source software
(FOSS) projects in existence today. It is the organization that defends the proper use of
software covered under the GNU public license.
One Laptop Per Child Project (www.laptop.org)—The OLPC project is an organization that is dedicated to helping educate disadvantaged children all over the world by
putting laptop computers in their hands. As of this writing, more than 300,000 OLPC
XO laptop computers have been shipped worldwide, making it the single largest distributor of Fedora Linux systems.
Keeping Up with Linux
Although Slashdot.org is probably the news site that most Linux enthusiasts keep track of and
participate in, there are many other places to look for Linux and open source news as well:
Slashdot (slashdot.org)—Probably the top news site for open source devotees.
People submit links to news articles, book reviews, and interviews related to technology, science, politics, or other “news for nerds.” Then everyone piles on with their own
commentaries. Having your book or project “slashdotted” means you have made the big
time—although you are as likely to get crushed as you are to get praised.
Digg (http://digg.com/linux_unix)—Some say that Digg.com has become more
popular than Slashdot for providing articles relating to Linux. You can vote on which
articles are most interesting to you to gain more exposure for an article.
Groklaw (www.groklaw.net)—The place to look for information regarding legal
issues surrounding open source software.
Linux Today (www.linuxtoday.com)—This site gathers news that is of particular
interest to software developers and IT managers.
LWN.net (www.lwn.net)—Produces a weekly newsletter covering a range of Linux
topics.
23
Part I: Getting Off the Ground with Linux
Newsforge (www.newsforge.com)—Bills itself as the “Online Newspaper for Linux
and Open Source.” Contains many original articles, as well as links to up-to-the-minute
open source stories from other locations on the Web.
LinuxInsider (www.linuxinsider.com)—Covers news articles related to Linux
issues around the world.
Linux at Wikipedia (http://en.wikipedia.org/wiki/Linux)—Contains an
excellent write-up of what Linux is, and includes other Wikipedia links to related topics, companies, and issues. Also, provides a good understanding of Linux history and
relationships.
Linux.com (www.linux.com)—Provides Linux information, news, tips, articles, and
reference material.
CertCities.com (http://certcities.com/certs/linux_unix/columns/)—
Regularly publishes articles on Linux and UNIX.
If you need help or have questions about Linux, here are a few sites to try:
Linux Questions (www.linuxquestions.org)—In addition to offering forums on
different Linux distributions, this is a great place to ask questions related to hardware
compatibility, security, and networking. The site also has some good tutorials, as well as
reviews of books and Linux distributions.
Google Linux (www.google.com/linux)—Search for Linux-specific information from
this part of the Google search site.
Linux Forums (www.linuxforums.org)—Contains active forums on your favorite
distributions and has active IRC channels as well.
The Linux Documentation Project (www.tldp.org)—Offers a wide range of
HOWTOs, guides, FAQs, man pages, and other documentation related to Linux.
Linux Help (www.linuxhelp.net)—Offers forums, news, and current information
about the Linux kernel. Also contains information about finding Linux mailing lists,
newsgroups, and user groups.
Linux Online (www.linux.org)—Provides a central source of information related to
Linux distributions, documentation, books, and people.
Linux Kernel Archives (www.kernel.org)—The primary site for Linux kernel development. You can get the latest stable or testing versions of the Linux kernel. Not the first
place to start with Linux, but I thought you would want to know it’s there.
Major Linux projects
As you may know, the name Linux comes from the Linux kernel created by Linus Torvalds. The
desktop, application, server, and other software needed to create a full Linux system are added
24
Chapter 2: Linux Projects, Activities, and Careers
from other open source projects. The following is a list of some of the major open source software
organizations that usually have software included with Linux:
Free Software Foundation (www.fsf.org)—Supports the GNU project, which produces much of the software outside the kernel that is associated with Linux. In particular, open source versions of nearly every early UNIX command have been implemented
by the GNU project.
Apache Software Foundation (www.apache.org)—Produces the Apache (HTTP) Web
server. It also manages related projects, such as SpamAssassin (spam filtering software)
and a variety of modules for serving special Web content (Perl, SSL, PHP, and so on).
K Desktop Environment (www.kde.org)—Develops KDE, one of the two leading
desktop environments used with Linux.
GNOME (www.gnome.org)—Develops the other leading Linux desktop environment
(used as the default desktop for Red Hat Linux systems).
X.Org (www.x.org) and XFree86 (www.xfree86.org)—These two organizations provide different implementations of the X Window System graphical desktop framework
software.
Internet Systems Consortium (www.isc.org)—Develops several major open source
software projects related to the Internet. These include Bind (domain name system
server), INN (InterNetNews news server), and DHCP (dynamic host configuration
protocol).
The Mozilla Project (www.mozilla.org)—The first major Web browser product was
Mozilla Navigator, which was originally based on code released to the open source
community from Netscape Communicator. Other open source browsers incorporate
Mozilla’s engine. The Mozilla project also offered a suite of related Internet clients that
included e-mail, composer, IRC Chat, and address book software. New software development from the Mozilla project focuses on the Thunderbird e-mail and news client and
Firefox Web browser, which have seen enormous success on Linux, Windows, and Mac
OS X platforms in the past few years. The old Mozilla suite is offered today under the
name SeaMonkey (www.mozilla.org/projects/seamonkey).
The Samba Project (www.samba.org)—This provides software for sharing files and
printers using CIFS and SMB clients. These protocols are the most common means of
sharing files and printers with Microsoft Windows operating systems.
The Sendmail Consortium (www.sendmail.org)—This maintains the sendmail mail
transport agent, which is the world’s most popular software for transporting mail across
the Internet.
There are, of course, many more open source projects and organizations that provide software
included in various Linux distributions, but the ones discussed here will give you a good feel for
the kind of organizations that produce open source software.
25
Part I: Getting Off the Ground with Linux
Exploring Linux distributions
Despite the fact that hundreds of Linux distributions exist, you can safely focus on a handful of
Linux systems to get a good flavor of what is available. That’s because most Linux distributions
are derived from a few major ones. For example, Ubuntu, KNOPPIX, Damn Small, and other
Linux systems are based on Debian GNU/Linux. CentOS, Red Hat Enterprise Linux, and others
are based on Fedora.
Refer to Chapters 17 through 28 for descriptions on most of the major Linux distributions available today, along with procedures for getting and installing them. If you haven’t chosen a distribution yet, here are some sites that can help you evaluate, find, and get a Linux distribution that
interests you:
Distrowatch (distrowatch.com)—Contains information about a few hundred different Linux distributions. The site provides an easy way to find out about different
distributions, and then simply connect to the distribution’s home page, download site,
or related forums.
LWN.net Linux Distributions (lwn.net/Distributions)—For succinct descriptions of more than 400 Linux distributions on one page, this is the place to go.
Here are key sites associated with Linux distributions covered in this book:
26
Fedora (http://fedoraproject.org)—Community-driven Linux, supported by
Red Hat. Look to Livna.org (rpm.livna.org) for downloads of add-on software for
Fedora. FedoraForum.org is a popular Forum site for Fedora.
Red Hat Enterprise Linux (www.redhat.com)—Check the main Red Hat Web site for
information on commercial Linux products.
Debian GNU/Linux (www.debian.org)—Get news, documentation, support, and
download information about Debian. Try the Debian news site (www.us.debian.org/
News/) for the latest news articles on Debian.
Ubuntu Linux (www.ubuntu.com)—Learn about the Ubuntu Linux distribution, community, and related products from this official Ubuntu site. From the Ubuntu Wiki
(https://wiki.ubuntu.com) find links to documentation, HOWTOs, community
sites, events, and releases.
SUSE (www.novell.com/linux/)—Get product and support information from this
project’s site. The Novell site also provides information about Novell’s own Linux offerings and details of its recent alliance with Microsoft.
openSUSE (www.opensuse.org)—Get information and downloads, connect to mailing lists and forums, and participate in the community-supported version of SUSE.
KNOPPIX (www.knopper.net/knoppix/index-en.html)—The official KNOPPIX
page on its creator’s (Klaus Knopper’s) Web site. An active KNOPPIX forum is available
from www.knoppix.net/forum/.
Chapter 2: Linux Projects, Activities, and Careers
Yellow Dog (www.terrasoftsolutions.com/products/ydl)—From this site,
sponsored by Terra Soft Solutions, you can purchase Yellow Dog Linux on CDs or get it
pre-installed on Mac hardware. The YDL.net site offers some extra services for Yellow
Dog Linux users, such as personal e-mail accounts and Web space.
Gentoo (www.gentoo.org)—The center for the very active Gentoo community. The
site contains a wealth of information about Gentoo and plenty of forums and IRC channels in which to participate. You’ll fi nd a solid and growing documentation set to back
up the distribution and tons of software packages to try (in the thousands).
Slackware (www.slackware.org)—Check the changelogs at this site to get a feel for
the latest Slackware developments. Try LinuxPackages (www.linuxpackages.net) for
a broader range of information about Slackware.
Freespire (www.freespire.org)—Contains information about what was once the
community-supported arm of the Linspire Linux system. With the Xandros purchase of
Linspire, Freespire now is under the control of Xandros.
Mandriva (www.mandrivalinux.com)—Formed from the merger of Mandrake Linux
and Connectiva Linux, the Mandriva Linux Web site gives visitors a variety of Linux
products, services, and support.
Linux in the Real World
To see how Linux and related free and open source software is being used today in the real world,
I’ve provided some short examples that relate to Linux use in schools, small business, and enterprise venues.
Linux in schools
Cost savings, flexibility, and a huge pool of applications have made Linux a wonderful alternative
to proprietary systems for many schools. One project has been particularly successful in schools:
the K12 Linux Terminal Server Project (www.k12ltsp.org).
K12LTSP is based on the Linux Terminal Service Project (www.ltsp.org) and Fedora (www.
fedoraproject.org), but is tuned to work particularly in schools. With K12LTSP, you centralize all your school’s applications on one or more server machines. Then you can use low-end PCs
(old Pentiums or thin clients) as workstations. With thin clients starting under $200 or old PCs
already hanging around your school, you can service a whole class or even a whole school for little
more than the cost of the servers and some networking hardware. Figure 2-5 illustrates the general
steps you would go through to configure a Linux LTSP sever to manage multiple workstations.
By centralizing all the school’s software on a limited number of servers, K12LTSP can offer both
security (only a few servers to watch over) and convenience (no need to reinstall hundreds of
Windows machines to upgrade or enhance the software). Each client machine controls the display, mouse, and keyboard, whereas all the user’s applications and files are stored on and run
from the server.
27
Part I: Getting Off the Ground with Linux
FIGURE 2-5
Configure LTSP on the server, and then boot up workstations to work from that server.
Workstation
Linux server
Install LTSP
server and client
software
1
Prepare
workstation
configuration
2
Start services:
DHCP, TFTP, NFS,
Portmapper, XDMCP
3
Workstation
Workstation
4
LAN switch
Boot
workstations
The K12LTSP distribution contains many battle-tested open source applications, including full
GNOME and KDE desktops, Evolution e-mail, Firefox browser, OpenOffice.org office suite, and
GIMP image application. They also add DansGuardian (open source Web content filtering) and
educational software (such as Gcompris). If the Windows application you are looking for is not
available in Linux, you can almost surely find a similar Linux application.
Many schools in Oregon have adopted K12LTSP, including those attended by Linus Torvalds’
children in Portland, Oregon. Adoption of K12LTSP has also begun in Atlanta, Georgia and many
other cities across the United States.
Linux in small business
Often a small business can consolidate the Web services it needs into one or two Linux servers. It can meet its basic office computing needs with mature open source applications such as
OpenOffice.org, The GIMP, and a Firefox browser. But can a small business run entirely on open
source software alone?
When Jim Nanney started his Coast Grocery business, where residents of the Mississippi Gulf
Coast can order groceries online for delivery, he set out to do just that. In part, he just wanted
to see whether he could rely solely on open source software. But he also figured that a cost sav-
28
www.allitebooks.com
Chapter 2: Linux Projects, Activities, and Careers
ings of at least $10,000 by not buying commercial software could help make his small business
profitable a lot faster.
To enable customers to order groceries online, Jim selected the open source e-commerce software
called osCommerce (www.oscommerce.com). The osCommerce software is built with the PHP
Web scripting language and uses a MySQL database. Jim runs the software from a Linux system
with an Apache Web server.
On the office side of the business, Jim relies entirely on Fedora Linux systems. He uses
OpenOffice.org Writer for documents, GIMP and Inkscape for logos and other artwork, and
GnuCash for accounting. For Web browsing, Firefox is used. So far, Jim hasn’t had a need to purchase any commercial software.
Here are some of the advantages that Jim has found from his all–open source business:
Community support—The communities surrounding osCommerce and Fedora have
been very helpful. With active forums and 24-hour IRC channels, getting help with
those projects has been easier than with any proprietary software. Also unlike proprietary software, participants are generally quite knowledgeable and often include the
developers of the software themselves.
Long-term security—Jim disputes conventional wisdom that betting your business on
proprietary software is safer than relying on open source. If a software company goes
out of business, the small business could go down, too. But with open source you have
the code, so you could always pay someone to update the code when necessary or fi x it
yourself.
Easier improvements —By doing some of his own PHP programming, Jim had a lot
of flexibility related to adding features. In some cases, he could take existing code and
modify it to suit his needs. In the case of creating a special shopping list feature, he
found it easiest to write code from scratch. In the process of using the software, when
he found exploitable bugs, he submitted the code fi xes back to the project.
No compatibility problems —On those occasions where he needed to provide information to others, compatibility has not been a problem. When he makes business cards,
door hangers or other printed material, he saves his artwork to PDF or SVG formats to
send to a commercial printer. Regular documents can be exported to Word, Excel, or
other common formats.
For businesses starting on a shoestring, in many cases open source software can offer both the
cost savings and flexibility needed to help the business survive during the difficult start-up
period. Later, it can help those same businesses thrive, as open source solutions can often be easily scaled up as the business grows.
29
Part I: Getting Off the Ground with Linux
Linux in the enterprise
Building a company’s computer infrastructure on open source software represents a huge amount
of confidence that it will provide the level of reliability, security, and features that a company
needs. That’s why most large companies converting to open source infrastructures have gone
with products from enterprise Linux providers, such as Red Hat, Inc. (Red Hat Enterprise Linux)
and Novell, Inc. (SUSE Linux Enterprise).
Built into Red Hat’s open source enterprise products are features such as Red Hat Directory
Server, Global File System (GFS), and Cluster Suite. Directory Server can scale up to handle millions of identities, representing settings for applications’ user profiles, access control, and policies
across thousands of machines and users. Using GFS and Cluster Suite, an enterprise can treat its
entire storage infrastructure as a common pool, to minimize data duplication and simplify backups, system recovery, and adding storage and servers.
Companies moving their infrastructures to Linux include Apoteket (Sweden’s government-run
pharmacy), which is moving more than 900 pharmacies to Red Hat Enterprise Linux (RHEL)
on Intel servers. Governments that are migrating to RHEL include cities such as Chicago and
Bloomington, Illinois. You can read about other organizations migrating to RHEL on Red Hat’s
Success Stories page (www.redhat.com/solutions/info/casestudies).
Becoming a Linux Professional
Pursuing a career based on something that people give away for free may not seem like a brilliant
idea. But the truth is that thousands of jobs exist for Linux professionals if you have the skills to
get the job done.
Contributing to open source projects has long been one of the best ways to gain the skills you
need to gain entry to a Linux career. When the Ubuntu project started up, it hired many of the
best contributors to the Debian GNU/Linux project. When Red Hat, Inc. looks to hire a Linux
professional, it often looks to the ranks of Fedora contributors.
Formal Linux training and certification opportunities have grown considerably in the past few
years. If you want to work for companies that use Red Hat Enterprise Linux, you can get training
and certification directly from Red Hat (www.redhat.com/training). Red Hat offers classes in
everything from Red Hat Linux Essentials to Red Hat Enterprise Deployment, Virtualization, and
Systems Management. You can train for certifications such as
30
Red Hat Certified Technician (RHCT) —Those who have never used Linux or other
UNIX-like systems can transition their skills to Linux with an RHCT certification.
Red Hat Certified Engineer (RHCE) —More advanced Linux professionals in the area
of systems administration usually take the RHCE certification.
Red Hat Certified Datacenter Specialist (RHCDS) —The RHCDS certification demonstrates skills to build mission-critical data center environments. Emphasis is put on
Chapter 2: Linux Projects, Activities, and Careers
using Red Hat technologies to create data centers that are scalable, reliable, available,
and manageable.
Red Hat Certified Security Specialist (RHCSS) —Skills emphasized in the RHCSS
program focus on SELinux, Red Hat Enterprise Linux, and Red Hat Directory Server.
Red Hat Certified Architect (RHCA) —This credential is for technical professionals
that have skills deploying large-scale enterprise environments.
Although Red Hat offers one of the most popular programs for Linux certifications, it is by no
means the only place to get Linux certification. Sun Microsystems offers training for Linux system administrators (www.sun.com/training/). CompTIA offers Linux+ certification that is not
tied to a particular Linux distribution. Likewise, Novell and Linux Professional Institute both
offer Linux certifications. Ubuntu offers Ubuntu Certified Professional training and certification
(www.ubuntu.com/training/certificationcourses).
Summary
Although most people use Linux as a desktop, server, or programmer’s workstation, many have
also found that the freedom open source software provides can be used in many creative ways.
This chapter describes ways that projects ranging from NASA’s Mars Rover to the MythTV personal video recorder have adapted Linux systems and software to meet their needs.
If you get excited about the prospects of open source software as you read this book, you may
find you want to pursue ways of getting more involved. Some ways of getting involved include
joining a Linux User Group, contributing to open source projects, or participating in mailing lists
or forums.
As you increase your skills with open source software, you may find the idea of a career in Linux
interesting. Many companies offer training and certification in Linux. This includes enterpriseoriented companies such as Red Hat and Novell, as well as specialized Linux training companies
such as CompTIA and Linux Professional Institute.
31
Part II
Running a
Linux Desktop
IN THIS PART
Chapter 3
Getting into the Desktop
Chapter 4
Playing Music and Video
Chapter 5
Working with Words and Images
Chapter 6
E-Mailing and Web Browsing
Chapter 7
Gaming with Linux
CH APTER
Getting into
the Desktop
I
n the past few years, graphical user interfaces (GUIs) available for
Linux have become as easy to use as those on the Apple Mac or
Microsoft Windows systems. With these improvements, even a novice
computer user can start using Linux without needing to have an expert
standing by.
You don’t need to understand the underlying framework of the X Window
System, window managers, widgets, and whatnots to get going with a
Linux desktop system. That’s why I start by explaining how to use the two
most popular desktop environments: KDE (K desktop environment) and
GNOME. After that, if you want to dig deeper, I tell you how you can put
together your own desktop by discussing how to choose your own X-based
window manager to run in Linux.
Understanding Your Desktop
When you install Linux distributions such as Fedora, SUSE, Mandriva,
or Ubuntu, you have the option to choose a desktop environment.
Distributions such as Gentoo and Debian GNU/Linux give you the option
to go out and get whatever desktop environment you want (without an
installer particularly prompting you for it). When you are given the opportunity to select a desktop during installation, your choices usually include
one or more of the following:
K desktop environment (www.kde.org)—In addition to all the
features you would expect to find in a complete desktop environment (window managers, toolbars, panels, menus, keybindings,
icons, and so on), KDE has many bells and whistles available.
35
IN THIS CHAPTER
Understanding your desktop
Using the K desktop
environment
Using the GNOME desktop
environment
Configuring your own desktop
Playing with desktop eye candy
using AIGLX
Part II: Running a Linux Desktop
Applications for graphics, multimedia, office productivity, games, system administration, and many other uses have been integrated to work smoothly with KDE, which is
the default desktop environment for SUSE and various other Linux distributions.
GNOME desktop environment (www.gnome.org)—GNOME is a more streamlined
desktop environment. It includes a smaller feature set than KDE and runs faster in
many lower-memory systems. Some think of GNOME as a more business-oriented
desktop. It’s the default desktop for Red Hat–sponsored systems such as Fedora and
RHEL, as well as Ubuntu, and others.
Note
The KDE 4 Desktop is based on the Qt 4.5 graphical toolkit. GNOME is based on GTK+ 2.12. Although graphical applications are usually written to either QT or GTK+, by installing both desktops you will have the libraries needed to run applications written for both toolkits from either environment. Lightweight desktop environments —Xfce (www.xfce.org) and LXDE (www.lxde.
org) are examples of desktop environments that are built to run well with low-powered
processors and less RAM. LXDE is currently the desktop environment used with
KNOPPIX.
X and a window manager (X.org or XFree86.org + WM)—You don’t need a fullblown desktop environment to operate Linux from a GUI. The most basic, reasonable
way of using Linux is to simply start the X Window System server and a window manager of your choice (you have dozens to choose from). Many advanced users go this
route because it can offer more flexibility in how they set up their desktops. Window
managers such as Xfce and fluxbox are particularly good on low-end, low-resource
machines.
The truth is that most X applications run in any of the desktop environments just described (provided that proper libraries are included with your Linux distribution, as noted earlier). So you
can choose a Linux desktop based on the performance, customization tools, and controls that
best suit you. Each of these three types of desktop environments is described in this chapter.
Starting the Desktop
Because the way that you start a desktop in Linux is completely configurable, different distributions offer different ways of starting up the desktop. After your Linux distribution is installed, it
may just boot to the desktop, offer a graphical login, or offer a text-based login. Bootable Linux
systems (which don’t have to be installed at all) typically just boot to the desktop.
Boot to the desktop
Some bootable Linux systems boot right to a desktop without requiring you to log in so you
can immediately start working with Linux. KNOPPIX is an example of a distribution that boots
36
Chapter 3: Getting into the Desktop
straight to a Linux desktop from a CD. That desktop system usually runs as a particular username (such as knoppix, in the case of the KNOPPIX distribution). To perform system administration, you have to switch to the administrator’s account temporarily (using the su or sudo
command).
Caution
Using any computer operating system without password protection violates all basic security rules. Use a system without password protection only on a temporary basis on computers that have no access to critical data.
To be more secure, you can assign a password to a live CD’s primary user account, and certainly assign one if
you install that live CD to hard disk. Boot to graphical login
Most desktop Linux systems that are installed on your hard disk boot up to a graphical login
screen. Although the X display manager (xdm) is the basic display manager that comes with the
X Window System, KDE and GNOME each have their own graphical display managers that are
used as login screens (kdm and gdm, respectively).
So chances are that you will see the login screen associated with KDE or GNOME (depending on
which is the default on your Linux system). Display managers such as gdm offer you the opportunity to log in to different types of desktops, depending on what is installed on your system
(GNOME, KDE, Xfce, or others).
Note
When Linux starts up, it enters into what is referred to as a run level or system state. Typically, a system set to
start at run level 5 boots to a graphical login prompt. A system set to run level 3 boots to a text prompt. The
run level is set by the initdefault line in the /etc/inittab file. Change the number on the initdefault line as you please between 3 and 5. Don’t use any other number unless you know what you are doing.
Never use 0 or 6. Those numbers are used to shut down and reboot the system, respectively. Because graphical login screens are designed to be configurable, you often find that the distribution has its own logo or other graphical elements on the login screen. With Fedora Linux, the
default login screen is based on the GNOME display manager (gdm). To begin a session, you can
just enter your login (username) and password to start up your personal desktop environment.
Your selected desktop environment—KDE, GNOME, Xfce, or other—comes up ready for you to
use. Although the system defines a desktop environment by default, you can typically change
desktop environments on those Linux systems, such as Fedora, that offer multiple desktop
environments.
Figure 3-1 shows a basic graphical login panel displayed by the gdm graphical display manager
in Fedora.
To end a session, you can choose to log out. Figure 3-2 shows the graphical menu from a Fedora
GNOME desktop for ending a session or changing the computer state (System ➪ Shut Down).
37
Part II: Running a Linux Desktop
FIGURE 3-1
A simple GNOME display manager (gdm) login screen
FIGURE 3-2
The Session menu in Fedora
X display managers can enable you to do a lot more than just get to your desktop. Although different graphical login screens offer different options, here are some you may encounter:
Session/Options —Look for a Session or Options button on the login screen. From
there, you can choose to start your login session with a GNOME, KDE, or other desktop
environment.
38
www.allitebooks.com
Chapter 3: Getting into the Desktop
Language —Linux systems that are configured to start in multiple languages may give
you the opportunity to choose a language (other than the default language) to boot into.
For this to work, however, you must have installed support for the language you choose.
Accessibility—Some display managers let you choose accessibility preferences. These
selections let you hear text read aloud, magnify parts of the screen, use an onscreen
keyboard, or do other things to overcome difficulty hearing, seeing, or using a
keyboard.
If you don’t like the way the graphical login screen looks, or just want to assert greater control
over how it works, you can configure and secure X graphical login screens in many ways. Later,
after you are logged in, you can use the following tools (as root user) to configure the login
screen:
KDE login manager —From the KDE Control Center, you can modify your KDE display manager using the Login Manager screen (from KDE Control Center, select System
Administration ➪ Login Manager). You can change logos, backgrounds, color schemes,
and other features related to the look-and-feel of the login screen.
GNOME login manager —The GNOME display manager (gdm) comes with a Login
Window Preferences utility (from the desktop, run the gdmsetup command as root
user). From the Login Window Preferences window, you can select the Local tab and
choose a whole different theme for the login manager. On the Security tab, you may
notice that all TCP connections to the X server are disallowed. Don’t change this selection because no processes other than those handled directly by your display manager
should be allowed to connect to the login screen. (The gdmsetup utility is not available
in the current release of Fedora.)
After your login and password have been accepted, the desktop environment configured for your
user account starts up. Users can modify their desktop environments to suit their tastes (even to
the point of changing the entire desktop environment used).
Boot to a text prompt
Instead of a nice graphical screen with pictures and colors, you might see a login prompt that
looks like this:
Welcome to XYZ Linux
yourcomputer login:
This is the way all UNIX and older Linux systems used to appear on the screen when they booted
up. Now this is the login prompt that is typical for a system that is installed as a server or, for
some reason, was configured not to start an X display manager for you to log in. Run level 3
boots to a plain-text login prompt in multiuser mode.
39
Part II: Running a Linux Desktop
Just because you have a text prompt doesn’t necessarily mean you can start a desktop environment. Many Linux experts boot to a text prompt because they want to bypass the graphical
login screen or use the GUI only occasionally. Some Linux servers may not even have a desktop
environment installed. However, if X and the necessary other desktop components are installed
on your computer, you can typically start the desktop after you log in by typing the following
command:
$ startx
The default desktop environment starts up, and you should be ready to go. What you do next
depends on whether you have a KDE, GNOME, or some sort of homespun desktop environment.
Note
In most cases, the GUI configuration you set up during installation for your video card and monitor gets you
to a working desktop environment. If, for some reason, the screen is unusable when you start the desktop,
you need to do some additional configuration. The “Configuring Your Own Desktop” section later in this
chapter describes some tools you can use to get your desktop working. K Desktop Environment
KDE was created to bring a high-quality desktop environment to UNIX (and now Linux) workstations. Integrated within KDE are tools for managing fi les, windows, multiple desktops, and
applications. If you can work a mouse, you can learn to navigate the KDE desktop.
The lack of an integrated, standardized desktop environment once held back Linux and other
UNIX systems from acceptance on the desktop. While individual applications ran well, you
mostly could not drag-and-drop files or other items between applications. Likewise, you couldn’t
open a file and expect the machine to launch the correct application to deal with it or save your
windows from one login session to the next. With KDE, you can do all those things and much
more. For example, you can
Drag-and-drop a document from one folder window to another (to move it) or on an
OpenOffice.org Writer icon (to open it for editing).
Right-click an image file (JPEG, PNG, and so on), and the OpenWith menu lets you
choose to open the file using an image viewer (KView), editor (The GIMP), slideshow
viewer (KuickShow), or other application.
To make more applications available to you in the future, KDE provides a platform for developers
to create programs that easily share information and detect how to deal with different data types.
The things you can do with KDE increase in number every day.
KDE is the default desktop environment for Mandriva and several other Linux systems. SUSE,
openSUSE, and related distributions moved from KDE to GNOME as the default desktop, but still
40
Chapter 3: Getting into the Desktop
make KDE available. Red Hat Enterprise Linux and Fedora, which used to place less emphasis on
KDE, now have much improved support for KDE desktops, even offering a custom KDE desktop
live CD/installer disk.
The past year has seen several point releases to improve the KDE 4 desktop. Despite many bold
new features for managing the desktop, KDE 4 suffered from some instability. The latest version
of KDE is much improved. The following section describes how to get started with KDE.
Using the KDE desktop
The KDE 4 desktop, now available with Fedora, Ubuntu, and other major Linux distributions,
offers the Plasma desktop and a relatively new framework for developing KDE applications. Some
Linux distributions still use the more stable KDE 3.5, so you may have a choice of which KDE
you use.
KDE 4 marked some major innovations for the KDE desktop. New libraries were added to support multimedia applications and improve handling of removable devices. There are new applications for viewing documents (such as Okular) and managing files (such as Dolphin). The most
important new feature, however, was the Plasma desktop shell.
The Plasma desktop shell gives the KDE 4 desktop a whole new look-and-feel from the KDE 3.5
desktop. It featured improved ways of finding and presenting information, such as KRunner and
KickOff. The Plasma Panel incorporates lots of applets, as well as clocks, pagers, and other useful
applications.
Elements in the Plasma desktop shell are referred to as plasmoids. What makes plasmoids different from components on many of today’s desktop systems is that they can be combined in various ways to interact with each other and can be placed in different locations. For example, if a
particular widget (such as a clock or a news ticker) is important to you, instead of having it represented by a tiny icon on the panel, you can put a big version of the applet on your desktop.
Figure 3-3 shows an example of a KDE desktop in Fedora.
Some of the key elements of the KDE desktop include
Plasmoids —Applets that you can add to the desktop as well as the panel are referred
to as plasmoids in KDE 4. In Figure 3-3 you can see the clock, picture frame, and news
ticker all added to the desktop. You can drag plasmoids around, group them together,
and arrange them as you like on your desktop.
Konqueror—The default Web browser for KDE, which can also be used as a file
manager.
Dolphin—A new file manager for KDE.
Panel—The panel provides some quick tools for launching applications and managing the desktop. You can adapt the panel to your needs by resizing it, adding tools, and
changing its location. By default, you start with an application launcher, taskbar, desktop pager, some mini applets, new device modifier, and a clock.
41
Part II: Running a Linux Desktop
FIGURE 3-3
The KDE desktop includes a panel, desktop icons, and much more.
42
Application Launcher/Menu—This panel button is the new KickOff Application
menu, which helps you search for applications installed on your system and launch
them. Choose between Favorites (applications you use often), Applications (application
menus), Computer (places and storage devices), or Recently Used applications. Rightclick the button and select Switch to Classic Menu Style to return to a classic view of
application categories and menus.
Taskbar —This button shows the tasks that are currently running on the desktop. The
button for the window that is currently active appears pressed in. Click a task to toggle
between opening and minimizing the window.
Desktop Pager—This box on the panel consists of your virtual desktops, which contain
small views of each desktop. Four virtual desktops are available to you by default. These
are labeled 1, 2, 3, and 4. You begin your KDE session on virtual desktop 1. If windows
Chapter 3: Getting into the Desktop
are on the desktop, small icons representing them may cover the desktop number. You
can change to any of the four desktops by clicking it.
Mini applets— Some applications, such as media players, clipboards, and battery power
managers, will keep running after you have closed the related window. Some of those
applications maintain a tiny applet in the panel. Clicking on these applets often restores
the windows they represent. This feature is convenient for music players if you don’t
want to take up desktop space while you play music, but you want to be able to open
the player quickly to change songs.
Clock—The current time appears on the far-right side of the panel. Click it to see a calendar for the current month. Click the arrow keys on the calendar to move forward and
back to other months.
To navigate the KDE desktop, you can use the mouse or key combinations. The responses from
the desktop to your mouse depend on which button you click and where the mouse pointer is
located.
Table 3-1 shows the results of clicking each mouse button with the mouse pointer placed in different locations. (You can change these and other behaviors from the KDE menu by selecting
System Settings, and then choosing Keyboard & Mouse.)
TABLE 3-1
Single-Click Mouse Actions
Pointer Position
Mouse Button
Result
Window title bar or frame
(current window active)
Left
Raises current window
Window title bar or frame
(current window active)
Middle
Lowers current window
Window title bar or frame
(current window active)
Right
Opens operations menu
Window title bar or frame
(current window not active)
Left
Activates current window and raises it
to the top
Window title bar or frame
(current window not active)
Middle
Activates current window and lowers it
Window title bar or frame
(current window not active)
Right
Opens operations menu without
changing position
Inner window (current
window not active)
Left
Activates current window, raises it to
the top, and passes the click to the
window
continued
43
Part II: Running a Linux Desktop
TABLE 3-1
(continued)
Pointer Position
Mouse Button
Result
Inner window (current
window not active)
Middle or Right
Activates current window and passes
the click to the window
Any part of a window
Middle (plus hold Alt key)
Toggles between raising and lowering
the window
Any part of a window
Right (plus hold Alt key)
Resizes the window
On the desktop area
Left (hold and drag)
Selects a group of icons
On the desktop area
Right
Opens system pop-up menu
Click a desktop icon to open it. Double-clicking a window title bar results in a window-shade
action, where the window scrolls up and down into the title bar.
If you don’t happen to have a mouse or you just like to keep your hands on the keyboard, you can
use several keystroke sequences to navigate the desktop. Table 3-2 shows some examples.
TABLE 3-2
Keystrokes
Key Combination
Result
Directions
Alt+Tab
Step through
windows
To step through each of the windows that are running on
the current desktop, hold down the Alt key and press the
Tab key until you see the one you want. Then release the
Alt key to select it.
Alt+F2
Open Run
Command box
To open a box on the desktop that lets you type in a
command and run it, hold the Alt key and press F2. Next,
type the command in the box and press Enter to run it.
You can also type a URL into this box to view a Web
page.
Alt+F4
Close current
window
To close the current window, press Alt+F4.
Ctrl+Alt+Esc
Close another
window
To close an open window on the desktop, press
Ctrl+Alt+Esc. When a skull and crossbones appear as the
pointer, move the pointer over the window you want to
close and click the left mouse button. (This technique is
good for killing a window that has no borders or menu.)
44
Chapter 3: Getting into the Desktop
Key Combination
Result
Directions
Ctrl+F1, F2, F3, or
F4 key
Switch virtual
desktops
Go directly to a particular virtual desktop by pressing and
holding the Ctrl key and pressing one of the following:
F1, F2, F3, or F4. These actions take you directly to
desktops one, two, three, and four, respectively. You
could do this for up to eight desktops, if you have that
many configured.
Alt+F3
Open window
operation
menu
To open the operations menu for the active window,
press Alt+F3. When the menu appears, move the
arrow keys to select an action (Move, Size, Minimize,
Maximize, and so on), and then press Enter to select it.
Press Esc to close the menu.
Managing files with Dolphin and Konqueror
With KDE 4, the KDE desktop offers two file managers: the newer Dolphin File Manager and the
existing Konqueror File Manager/Browser. Dolphin is a streamlined file manager that is now used
by default when you open a folder in KDE. Konqueror can handle a wide range of content from
local files and folders to remote Web content. The two applications are described in the sections
that follow.
Note
For further information on Dolphin, refer to the Dolphin File Manager home page (http://enzosworld
.gmxhome.de). Using the Dolphin file manager
By adding Dolphin to KDE, the KDE project now offers an efficient way to manage your files and
folders, without the overhead of a full-blown Web browser (such as Konqueror). With Dolphin,
you have a lot of flexibility and features for getting around your file system and working with the
files and folders you encounter. Features in Dolphin include
Navigation—The navigation bar lets you see the current folder in relation to your home
directory or to the root of the file system. Select View ➪ Navigation Bar ➪ Show Full
Location to see (and change) the full path to your current folder. Select folders from the
left column to go straight to that folder.
Listing Files and Folders —Select icons in the toolbar to display files and folders as
icons, with filename, size, and date, or with small icons in columns.
Properties —Right-click on a file or folder and select Properties. Properties displayed
include file type (such as folder or Ogg Vorbis audio), location (such as /home/joe),
file/folder size, date/time modified, date/time accessed, and permissions. For folders,
there are also some nice features that let you refresh the amount of disk space used by
45
Part II: Running a Linux Desktop
the folder or configure file sharing to share the folder with other computers on the network. Both Samba and NFS file sharing are supported.
Filter and Search—Select Tools ➪ Show Filter Bar from the Dolphin toolbar. In the
Filter box that appears, type a string of text to display any file or folder name containing that text string (for example, usi would match Music). Select Tools ➪ Find Files to
open the kfind window to search for files (described later).
Preview—Typically, files are represented by generic icons (text file, image file, and so
on) in the Dolphin window. Click the Preview button on the toolbar and you can see
small representations of the text or image contained in the file, instead of a generic icon.
To open the Dolphin file manager, select File Manager from the main KDE menu. Figure 3-4
shows an example of the Dolphin file manager.
Working with files
Because most of the ways of working with files in Dolphin are quite intuitive (by intention),
Table 3-3 provides a quick rundown of how to do basic file manipulation.
FIGURE 3-4
Dolphin is an efficient file manager for KDE.
46
Chapter 3: Getting into the Desktop
TABLE 3-3
Working with Files in Dolphin
Task
Action
Open a file
Left-click the file. The contents of that file will open in the application window
defined for that content. For example, images open in Gwenview and text files open
in KWrite. You also can open directories, applications, and links by left-clicking them.
Open a file
with a specific
application
Right-click a data file, choose Open With from the pop-up menu, and then select one
of the available applications to open the file. The applications listed are those that are
set up to open the file. Select Other to choose a different application.
Delete a file
Right-click the file and select Move to Trash. You are asked whether you really want to
move the file to trash. Click Yes to move the file to the trash.
Copy a file
Right-click the file and select Copy. This copies the file to your clipboard. After that,
you can paste it to another folder. Click the Klipper (clipboard) icon in the panel to
see a list of copied files.
Klipper holds the seven most recently copied files, by default. Click the Klipper
icon and select Configure Klipper to change the number of copied files Klipper will
remember.
Paste a file
Right-click (an open area of a folder) and select Paste. A copy of the file you copied
previously is pasted in the current folder.
Link a file
Drag-and-drop a file from one folder to another. When the menu appears, click Link
Here. (A linked file lets you access a file from a new location without having to make
a copy of the original file. When you open the link, a pointer to the original file causes
it to open.)
Move a file
Copy a file
Create a link
to a file
With the original folder and target folder both open on the desktop, click and hold the
left mouse button on the file you want to move, drag the file to an open area of the
new folder, and release the mouse button. From the menu that appears, click Move.
(You also can use this menu to copy or create a link to the file.)
There are also several features for viewing information about the files and folders in your Dolphin
windows:
View quick file information —Positioning the mouse pointer over the file displays
information such as its filename, size, and type in the window footer.
View hidden files —Selecting View ➪ Show Hidden Files enables you to see files that
begin with a dot (.). Dot files tend to be used for configuration and don’t generally need
to be viewed in your daily work.
View file details —Selecting View ➪ View Mode ➪ Details provides a list of details
regarding the contents of the current folder. You can click a folder in the details view to
jump directly to that folder. Select View ➪ Additional Information to add more information about each file to the view, such as permissions, owner, group, and type. Columns
and Icon views are also available.
47
Part II: Running a Linux Desktop
To act on a group of files at the same time, you can take a couple of actions. Choose Edit ➪ Select
All to highlight all files and folders in the current folder so they are ready for you to act on. Or,
you can select a group of files by clicking in an open area of the folder and dragging the pointer
across the files you want to select. All files within the box will be highlighted. When files are
highlighted, you can move, copy, or delete the files as described earlier.
Searching for files
If you are looking for a particular file or folder, use the Dolphin Find feature. To open a Find window to search for a file, open a local folder (such as /home/chris) and choose Tools ➪ Find File.
The Find Files/Folders (kfind) window appears. You can also open this window by typing kfind
from a Terminal window.
Figure 3-5 shows the Find Files/Folders window.
FIGURE 3-5
Search for files and folders from the kfind window.
Simply type the name of the file you want to search for (in the Named text box) and the folder,
including all subfolders, you want to search in (in the Look in text box). Then click the Find button. Use metacharacters, if you like, with your search. For example, search for *.rpm to find all
files that end in .rpm or z*.doc to find all files that begin with z and end with .doc. You can
48
Chapter 3: Getting into the Desktop
also select to have the search be case-sensitive or click the Help button to get more information
on searching. The example in Figure 3-5 shows a search for Ogg music files (ending in .ogg).
To further limit your search, you can click the Properties tab and then enter a date range
(between), a number of months before today (during the previous x months), or the number of
days before today (during the previous x days). You can also search for files that are of a certain size (File size is) in kilobytes, megabytes, or gigabytes. Select the Contents tab to choose to
limit the search to files of a particular type (File Type) or files that include text that you enter
(Containing Text).
Creating new files and folders
You can create a variety of file types when using the Dolphin window. Choose File ➪ Create New,
and select Folder (to create a new folder) or one of several different types under the File or Device
submenu. Depending on which version of Dolphin you are using, you might be able to create
some or all of the file types that follow:
Text File —Opens a dialog box that lets you create a document in text format and place
it in the Dolphin window. Type the name of the text document to create and click OK.
HTML File —Opens a dialog box that lets you type the name of an HTML file to create.
Link to Location (URL) —Selecting this menu item opens a dialog box that lets you
create a link to a Web address. Type a name to represent the address and type the name
of the URL (Web address) for the site. (Be sure to add the http://, ftp://, or other
prefi x.)
Link to Application—Opens a window that lets you type the name of an application.
Click the Permissions tab to set file permissions (Exec must be on if you want to run
the file as an application). Click the Execute tab and type the name of the program to
run (in the field Execute on click) and a title to appear in the title bar of the application
(in the field Window Title). If it is a text-based command, select the Run in terminal
check box. Select the check box to Run as a different user and add the username. Click
the Application tab to assign the application to handle files of particular MIME types.
Click OK.
Under the Link to Device submenu, you can make the following selections:
CD-ROM Device —Opens a dialog box that lets you type a new CD-ROM device name.
Click the Device tab and type the device name (/dev/cdrom), the mount point (such as
/mnt/cdrom), and the file system type (you can use iso9660 for the standard CD-ROM
file system, ext2 for Linux, or msdos for DOS). When the icon appears, you can open it
to mount the CD-ROM and display its contents.
CDWRITER Device —From the window that opens, enter the device name of your CD
writer.
Camera Device —In the dialog box that opens, identify the device name for the camera
devices that provide access to your digital camera.
49
Part II: Running a Linux Desktop
DVD-ROM Device —Opens a dialog box that lets you type a new CD-ROM or DVDROM device name. Click the Device tab and type the device name (such as /dev/
cdrom), the mount point (such as /mnt/cdrom), and the file system type (you can
use iso9660 for the standard CD-ROM file system, ext2 for Linux, or msdos for DOS).
When the icon appears, you can open it to mount the CD-ROM or DVD-ROM and display its contents.
Floppy Device —Opens a dialog box in which you type a new floppy name. Click the
Device tab and type the device name (/dev/fd0), the mount point (such as /mnt/
floppy), and the file system type (you can use auto to autodetect the contents, ext2 for
Linux, or msdos for DOS). When the icon appears, open it to mount the floppy and display its contents.
Hard Disc Device —Opens a dialog box that lets you type the name of a new hard disk
or hard-disk partition. Click the Device tab and type the device name (/dev/hda1), the
mount point (such as /mnt/win), and the file system type (you can use auto to autodetect the contents, ext2 or ext3 for Linux, or vfat for a Windows fi le system). When the
icon appears, you can open it to mount the file system and display its contents.
Creating MIME types and applications is described later in this chapter.
Using the Konqueror Web browser/file manager
Although Dolphin is now intended for pure file manager features, Konqueror is an excellent tool
if you want to move between local and Web content. Konqueror’s greatest strengths over earlier
file managers include the following:
Network desktop —If your computer is connected to the Internet or a LAN, features
built into Konqueror enable you to create links to files (using FTP) and Web pages
(using HTTP) on the network and open them in the Konqueror window. Those links
can appear as file icons in a Konqueror window or on the desktop. Konqueror also supports WebDAV, which you can configure to allow local read and write access to remote
folders (which is a great tool if you are maintaining a Web server).
Web browser interface —The Konqueror interface works like Firefox, Internet Explorer,
or other Web browsers in the way you select files, directories, and Web content. Because
Konqueror is based on a browser model, a single click opens a file, a link to a network resource, or an application program. You can also open content by typing Webstyle addresses in the Location box. The rendering engine used by Konqueror, called
KHTML, is also used by Safari (the popular Web browser for Apple Mac OS X systems)
and supports advanced features, such as Cascading Style Sheets (CSS) 3.
Tip
Web pages that contain Java and JavaScript content run by default in Konqueror. To check that Java and
JavaScript support is turned on, choose Settings ➪ Configure Konqueror. From the Settings window, click
Java & JavaScript and select the Java tab. To enable Java, click the Enable Java Globally box and click Apply.
Repeat for the JavaScript tab. 50
Chapter 3: Getting into the Desktop
File types and MIME types —If you want a particular type of file to always be
launched by a particular application, you can configure that file yourself. KDE already
has dozens of MIME types defined so that particular file and data types can be automatically detected and opened in the correct application. There are MIME types defined
for audio, image, text, video, and a variety of other content.
Of course, you can also perform many standard file manager functions with Konqueror. For
example, you can manipulate files by using features such as select, move, cut, paste, and delete;
search directories for files; create new items (files, folders, and links, to name a few); view histories of the files and Web sites you have opened; and create bookmarks. Most of these features
work the same way as they do in Dolphin (as described earlier).
Using bookmarking features in Konqueror
Because Konqueror performs like a Web browser as well as a file manager, it includes several browser
features. For example, the bookmarks feature enables you to keep a bookmark list of Web sites you
have visited. Click Bookmarks, and a drop-down menu of the sites you have bookmarked appears.
Select from that list to return to a site. There are several ways to add and change your bookmarks list:
Add Bookmark—To add the address of the page currently being displayed to your
bookmark list, choose Bookmarks ➪ Add Bookmark. The next time you click
Bookmarks, you will see the bookmark you just added on the Bookmarks menu. In
addition to Web addresses, you can also bookmark any file or folder.
Edit Bookmarks —Select Bookmarks ➪ Edit Bookmarks to open a tree view of your
bookmarks. From the Bookmark Editor window that appears, you can change the
URLs, the icon, or other features of the bookmark. Another nice feature lets you check
the status of the bookmark (that is, the address available).
New Bookmark Folder —You can add a new folder of bookmarks to your Konqueror
bookmarks list. To create a bookmarks folder, choose Bookmarks ➪ New Folder. Then
type a name for the new Bookmarks folder, and click OK. The new bookmark folder
appears on your bookmarks menu. You can add the current location to that folder by
clicking on the folder name and selecting Add Bookmark.
Configuring Konqueror options
You can change many of the visual attributes of the Konqueror window, including which menu
bars and toolbars appear. You can have any of the following bars appear on the Konqueror window: Menubar, Toolbar, Extra Toolbar, Location Toolbar, and Bookmark Toolbar. Select Settings,
and then click the bar you want to have appear (or not appear). The bar appears when a check
mark is shown next to it.
You can modify a variety of options for Konqueror by choosing Settings ➪ Configure Konqueror.
The Konqueror Settings window appears, offering the following options:
Performance—Display configuration settings that can be used to improve Konqueror
performance. You can preload an instance after KDE startup or minimize memory usage.
51
Part II: Running a Linux Desktop
52
File Management—Configure features such as file tips, previews, and how trash is
handled.
Previews & Meta-Data—An icon in a Konqueror folder can be made to resemble the
contents of the file it represents. For example, if the file is a JPEG image, the icon representing the file could be a small version of that image. Using the Previews features,
you can limit the size of the file used (1MB is the default) because many massive files
could take too long to refresh on the screen. You can also choose to have any thumbnail
embedded in a file to be used as the icon or have the size of the icon reflect the shape of
the image used.
File Associations —Describes which programs to launch for each file type. If you prefer a certain image viewer, text editor, or other application for handling your data, you
should configure those applications to launch for those data types.
Web Browsing—Click the Browsing selection to open a window to configure the
Web browser features of Konqueror. By enabling Form Completion, Konqueror can
save form data you type and, at a later time, fill that information into other forms. If
your computer has limited resources, you can speed up page display by clearing the
Automatically Load Images check box or by disabling animations.
AdBlock Filters —Click here to create a list of URLs that are filtered as you browse the
Web. Filtering is based on frame and image names. Filtered URLs can be either thrown
away or replaced with an image. You can also import and export lists of filters here.
Web Shortcuts —Display a list of keyword shortcuts you can use to go to different
Internet sites. For example, follow the word “ask” with a search string to search the Ask
(www.ask.com) Web site.
Cache —Indicate how much space on your hard disk can be used to store the sites you
have visited (based on the value in the Disk Cache Size field).
Proxy—Click Proxy to configure Konqueror to access the Internet through a proxy
server (by default, Konqueror tries to connect there directly). You need to enter the
address and port number of the computer providing HTTP and/or FTP proxy services. Alternatively, you can have Konqueror try to automatically detect the proxy
configuration.
Fonts —Choose which fonts to use, by default, for various fonts needed on Web pages
(standard font, fi xed font, serif font, sans serif font, cursive font, and fantasy font). The
serif fonts are typically used in body text, whereas sans serif fonts are often used in
headlines. You can also set the Minimum and Medium font sizes.
Stylesheets —Choose whether to use the default stylesheet, a user-defi ned stylesheet,
or a custom stylesheet. The stylesheet sets the font family, font sizes, and colors that
are applied to Web pages. (This won’t change particular font requests made by the Web
page.) If you select a custom stylesheet, click the Customize tab to customize your own
fonts and colors.
History Sidebar —Modify the behavior of the list of sites you have visited (the history).
By default, the most recent 500 URLs are stored, and after 500 days (KNOPPIX) or 90
Chapter 3: Getting into the Desktop
days (Fedora), a URL is dropped from the list. There’s also a button to clear your history. (To view your history list in Konqueror, open the left panel, and then click the tiny
scroll icon.)
Cookies —Choose whether cookies are enabled in Konqueror. By default, you are asked
to confirm that it is okay each time a Web site tries to create or modify a cookie. You
can change that to either accept or reject all cookies. You can also set policies for acceptance or rejection of cookies based on host and domain names.
Crypto —Display a list of secure certificates that the Konqueror browser can accept. By
default, Secure Socket Layer (SSL) versions 2 and 3 certificates are accepted, as is TLS
support (if supported by the server). You can also choose to be notified when you are
entering or leaving a secure Web site.
Browser Identification—Set how Konqueror identifies itself when it accesses a Web
site. By default, Konqueror tells the Web site that it is the Mozilla Web browser. You can
select Konqueror to appear as different Web browsers to specific sites. You must sometimes do this when a site denies you access because you do not have a specific type of
browser (even though Konqueror may be fully capable of displaying the content).
Java and JavaScript—Enable or disable Java and JavaScript content contained in Web
pages in your Konqueror window.
Plugins —Display a list of directories that Konqueror will search to find plug-ins.
Konqueror can also scan your computer to find plug-ins that are installed for other
browsers in other locations.
Managing the KDE desktop
If you have a lot stuff open at the same time, organizing those items can make managing your
desktop much easier. The KDE 4 Plasma desktop offers many of the traditional ways of managing
desktop elements (windows, workspaces, panels, icons, menus, and so on). However, it also offers
new ways of grouping and managing your desktop elements.
Managing windows in the taskbar
When you open a window, a button representing the window appears in the panel at the bottom
of the screen. Here is how you can manage windows from the taskbar appearing on that panel:
Toggle windows —Left-click any running task in the taskbar to toggle between opening
the window and minimizing it.
Position windows —You can choose to have the selected window be above or below
other windows or displayed in full screen. Right-click the running task in the taskbar and select Advanced. Then choose Keep Above Others, Keep Below Others, or
Fullscreen.
Move windows —Move a window from the current desktop to any other virtual desktop. Right-click any task in the taskbar, select To Desktop, and then select any desktop
number. The window moves to that desktop.
53
Part II: Running a Linux Desktop
All the windows that are running, regardless of which virtual desktop you are on, appear in the
taskbar.
Uncluttering the desktop
If you find yourself with icons all over the desktop, you also can organize them from the desktop
menu. Right-click the desktop, and then select Align Horizontally or Align Vertically. You can
also choose to simply line up all icons vertically or horizontally.
Moving windows
The easiest way to move a window from one location to another is to place the cursor on the window’s title bar, hold down the mouse button and drag the window to a new location, and release
the mouse button to drop the window. Another way to do it is to click the window menu button
(top-left corner of the title bar), select Move, move the mouse to relocate the window, and then
click again to place it.
Tip
If somehow the window gets stuck in a location where the title bar is off the screen, you can move it back to
where you want it by holding down the Alt key and clicking the left mouse button in the inner window. Then
move the window where you want it and release. Resizing windows
To resize a window, grab anywhere on the outer edge of the window border, and then move the
mouse until the window is the size you want. Grab a corner to resize vertically and horizontally
at the same time. Grab a side to resize in only one direction.
You can also resize a window by clicking the window menu button (top-left corner of the title
bar) and selecting Resize. Move the mouse until the window is resized and click to leave it there.
Pinning windows on top or bottom
You can set a window to always stay on top of all other windows or always stay under them.
Keeping a window on top can be useful for a small window that you want to always refer to (such
as a clock or a small TV viewing window). To pin a window on top of the desktop, click in the
window title bar. From the menu that appears, select Advanced ➪ Keep Above Others. Likewise,
to keep the window on the bottom, select Advanced ➪ Keep Below Others.
Using virtual desktops
To give you more space to run applications than will fit on your physical screen, KDE gives you
access to several virtual desktops at the same time. Using the 1, 2, 3, and 4 buttons on the panel,
you can easily move between the different desktops. Just click the one you want.
If you want to move an application from one desktop to another, you can do so from the window
menu. Click the window menu button for the window you want to move, click To Desktop, and
54
Chapter 3: Getting into the Desktop
then select Desktop 1, 2, 3, or 4. The window will disappear from the current desktop and move
to the one you selected.
Adding widgets
You want to be able to quickly access the applications that you use most often. One of the best
ways to make that possible is to add widgets to the panel or the desktop that can either run continuously (such as a clock or news ticker) or launch the applications you need with a single click.
To add a KDE widget to the panel:
1. Right-click anywhere on the panel.
2. Click Add Widgets.
3. Select the widget you want to add and click Add Widget.
An icon representing the widget should immediately appear on the panel. (If the panel seems a
bit crowded, you might want to remove some widgets you don’t use or add a widget directly to
the desktop.) At this point, you can change any properties associated with the widget by rightclicking the widget in the panel and then selecting to change its settings.
If you decide later that you no longer want this widget to be available on the panel, right-click it
and click Remove.
To add a widget to the desktop:
1. Right-click an open area of the desktop.
2. Select Add Widgets from the menu.
3. Select the widget you want from the list that appears and click Add Widget.
If you decide later that you no longer want this widget to be available on the desktop, hover the
mouse over it and click the red X to delete it.
Configuring the desktop
If you want to change the look, feel, or behavior of your KDE desktop, the best place to start is
the System Settings window. The System Settings window lets you configure dozens of attributes
associated with colors, fonts, and screensavers used by KDE. Selections from that window also let
you do basic computer administration, such as changing date/time settings and modifying your
display.
To open the System Settings window, select the KickOff menu button (represented by a Fedora
logo icon in Fedora) at the lower-left corner of the panel and choose System Settings. The System
Settings window appears, as shown in Figure 3-6.
55
Part II: Running a Linux Desktop
FIGURE 3-6
Configure your system in KDE from the System Settings window.
Click any item you want to configure, or type into the Search box to find a selection that matches
what you type.
There are several ways you can change the look-and-feel of your desktop display from the System
Settings window. Under the Look & Feel topic, you can select to change the appearance, desktop,
notifications, or window behavior.
Here are a few of the individual desktop features you may want to change:
56
Change the screensaver —Under the Look & Feel heading, select Desktop ➪ Screen
Saver. From the window that appears, only a few screensavers are available by default.
However, by installing the kdeartwork-extras package, you can get a lot more screensavers to choose from. Under the Start Automatically box, select how many minutes
of inactivity before the screensaver turns on. You can also click Require Password to
require that a password be entered before you can access your display after the screensaver has come on.
Chapter 3: Getting into the Desktop
Tip
If you are working in a place where you want your desktop to be secure, be sure to turn on the Require
Password feature. This prevents others from gaining access to your computer when you forget to lock it or
shut it off. If you have any virtual terminals open, switch to them and type vlock to lock each of them as well.
(You need to install the vlock package if the vlock command isn’t available.) Change fonts —You can assign different fonts to different places in which fonts appear
on the desktop. Under the Look & Feel heading, select Appearance ➪ Fonts. Select one
of the categories of fonts (General, Fixed width, Small, Toolbar, Menu, Window title,
Taskbar, and Desktop fonts). Then click the Choose box to select a font from the Select
Font list box that you want to assign to that category. If the font is available, you will see
an example of the text in the Sample text box.
Change the colors —Under the Look & Feel heading in the System Settings window,
select Appearance ➪ Colors. The window that appears lets you change the color of
selected items on the desktop. Select a whole color scheme from the Color Scheme list
box. Or select an item from the Colors tab to change a particular item. Items you can
change include text, backgrounds, links, buttons, and title bars.
Fonts —You can assign different fonts to different places in which fonts appear on the
desktop. Under the Appearance & Themes heading, select Fonts. Select one of the
categories of fonts (General, Fixed width, Toolbar, Menu, Window title, Taskbar, and
Desktop fonts). Then click the Choose check box to select a font from the Select Font list
box that you want to assign to that category. If the font is available, an example of the
text appears in the Sample text box.
Tip
To use 100 dpi fonts, you must add an entry for 100 dpi fonts to /etc/X11/xorg.conf file. After you make
that change, you must restart the X server for it to take effect. Changing panel attributes
For most people, the panel is the place where they select which desktop is active and which applications are run. You can change panel behavior from the Configure Panel window. Right-click
any empty space on your panel, and then select Panel Settings. You can change these features
from the Settings window that appears:
Size —The Size selection lets you change the size of the Panel from Normal to Tiny,
Small, Large, or Custom. With Custom, select the exact point size (48 is the default).
Location—Change the location of the panel from Bottom to Top, Right, or Left.
The GNOME Desktop
GNOME (pronounced guh-nome) provides the desktop environment that you get by default when
you install Fedora, Ubuntu, and other Linux systems. This desktop environment provides the
57
Part II: Running a Linux Desktop
software that is between your X Window System framework and the look-and-feel provided by
the window manager. GNOME is a stable and reliable desktop environment, with a few cool
features.
As of this writing, GNOME 2.26 is the most recent version available, although the distribution you are using may or may not include this latest version. Recent GNOME releases include
advancements in 3D effects (see “3D effects with AIGLX” later in this chapter), improved usability
features, and an application for using your Webcam.
To use your GNOME desktop, you should become familiar with the following components:
Metacity (window manager) —The default window manager for GNOME in Ubuntu,
Fedora, RHEL, and others is Metacity. Metacity configuration options let you control
such things as themes, window borders, and controls used on your desktop.
Compiz (window manager) —You can enable this window manager in GNOME to provide 3D desktop effects.
Nautilus (file manager/graphical shell) —When you open a folder (by double-clicking
the Home icon on your desktop, for example), the Nautilus window opens and displays
the contents of the selected folder. Nautilus can also display other types of content, such
as shared folders from Windows computers on the network (using SMB).
GNOME panels (application/task launcher) —These panels, which line the top and
bottom of your screen, are designed to make it convenient for you to launch the applications you use, manage running applications, and work with multiple virtual desktops.
By default, the top panel contains menu buttons (Applications, Places, and System),
desktop application launchers (Evolution e-mail and Firefox Web browser), a workspace
switcher (for managing four virtual desktops), and a clock. Icons appear in the panel
when you need software updates or SELinux detects a problem. The bottom panel has a
Show Desktop button, window lists, a trashcan and workspace switcher.
Desktop area—The windows and icons you use are arranged on the desktop area,
which supports drag-and-drop between applications, a desktop menu (right-click to
see it), and icons for launching applications. A Computer icon consolidates CD drives,
floppy drives, the file system, and shared network resources in one place.
Here are some feature additions you will find useful in the most recent versions of GNOME:
58
XSPF playlists in Totem —The Totem video/audio player now includes support for
open standard XSPF playlists (www.xspf.org). Other improvements to Totem allow it
to interact with content from Web sites.
Screensaver previews —Previewing screen savers in full-screen mode is now
supported.
Direct DVD burning—Use the Nautilus CD burner feature to burn DVDs directly,
without needing first to create an ISO image.
Chapter 3: Getting into the Desktop
Drag from taskbar —Drag an application from the taskbar to workspaces represented
in the panel Workspace Switcher to move the application to a new workspace.
Nautilus text or button browsing—When saving or opening files or folders in
Nautilus, a new toggle button enables you to choose between browsing by clicking on
buttons or by typing full pathnames.
GNOME also includes a set of Preferences windows that enable you to configure different aspects
of your desktop. You can change backgrounds, colors, fonts, keyboard shortcuts, and other features related to the look and behavior of the desktop. Figure 3-7 shows how the GNOME desktop
environment appears the first time you log in, with a few windows added to the screen.
FIGURE 3-7
The GNOME desktop environment
59
Part II: Running a Linux Desktop
The desktop shown in Figure 3-7 is for Ubuntu. The following sections provide details on using
the GNOME desktop.
Using the Metacity window manager
The Metacity window manager seems to have been chosen as the default window manager for
GNOME because of its simplicity. The creator of Metacity refers to it as a “boring window manager for the adult in you”—and then goes on to compare other window managers to colorful, sugary cereal, whereas Metacity is characterized as Cheerios.
Note
To use 3D effects, your best solution is to use the Compiz window manager, described later in this chapter. There really isn’t much you can do with Metacity (except get your work done efficiently). You
assign new themes to Metacity and change colors and window decorations through the GNOME
preferences (described later). A few Metacity themes exist, but expect the number to grow.
Basic Metacity functions that might interest you are keyboard shortcuts and the workspace
switcher. Table 3-4 shows keyboard shortcuts to get around the Metacity window manager.
TABLE 3-4
Metacity Keyboard Shortcuts
Actions
Keystrokes
Window focus
Cycle forward, with pop-up icons
Alt+Tab
Cycle backward, with pop-up icons
Alt+Shift+Tab
Cycle forward, without pop-up icons
Alt+Esc
Cycle backward, without pop-up icons
Alt+Shift+Esc
Cycle forward among panels
Alt+Ctrl+Tab
Cycle backward among panels
Alt+Ctrl+Shift+Tab
Move to workspace to the right
Ctrl+Alt+right arrow
Move to workspace to the left
Ctrl+Alt+left arrow
Move to upper workspace
Ctrl+Alt+up arrow
Move to lower workspace
Ctrl+Alt+down arrow
Minimize/maximize all windows
Ctrl+Alt+D
Show window menu
Alt+Spacebar
Close menu
Esc
Panel focus
Workspace focus
60
Chapter 3: Getting into the Desktop
Another Metacity feature of interest is the workspace switcher. Four virtual workspaces appear in the
workspace switcher on the GNOME panel. You can do the following with the Workspace Switcher:
Choose current workspace —Four virtual workspaces appear in the Workspace
Switcher. Click any of the four virtual workspaces to make it your current workspace.
Move windows to other workspaces —Click any window, each represented by a tiny
rectangle in a workspace, to drag-and-drop it to another workspace. Likewise, you
can drag an application from the Window List to move that application to another
workspace.
Add more workspaces —Right-click the Workspace Switcher, and select Preferences.
You can add workspaces (up to 32).
Name workspaces —Right-click the Workspace Switcher and select Preferences. Click
in the Workspaces pane to change names of workspaces to any names you choose.
You can view and change information about Metacity controls and settings using the gconf-editor
window (type gconf-editor from a Terminal window). As the window says, it is not the recommended way of changing preferences, so when possible, you should change the desktop through
GNOME preferences. However, gconf-editor is a good way to see descriptions of each Metacity
feature.
From the gconf-editor window, select apps ➪ metacity, and then choose from general, global_
keybindings, keybindings_commands, window_keybindings, and workspace_names. Click each
key to see its value, along with short and long descriptions of the key.
Using the GNOME panels
The GNOME panels are placed on the top and bottom of the GNOME desktop. From those panels
you can start applications (from buttons or menus), see what programs are active, and monitor how
your system is running. There are also many ways to change the top and bottom panels—by adding
applications or monitors or by changing the placement or behavior of the panel, for example.
Right-click any open space on either panel to see the Panel menu. Figure 3-8 shows the Panel
menu on the top.
FIGURE 3-8
The GNOME Panel menu
61
Part II: Running a Linux Desktop
From GNOME’s Panel menu, you can choose from a variety of functions, including:
Use the menus —The Applications menu displays most of the applications and system
tools you will use from the desktop. The Places menu lets you select places to go, such
as the Desktop folder, home folder, removable media, or network locations. The System
menu lets you change preferences and system settings, as well as get other information
about GNOME.
Add to Panel—Add an applet, menu, launcher, drawer, or button.
Properties —Change the panel’s position, size, and background properties.
Delete This Panel—Delete the current panel.
New Panel—Add panels to your desktop in different styles and locations.
You can also work with items on a panel. For example, you can
Move items —To move an item on a panel, right-click it, select Move, and then dragand-drop it to a new position.
Resize items —You can resize some elements, such as the Window List, by clicking an
edge and dragging it to the new size.
Use the Window List—Tasks running on the desktop appear in the Window List area.
Click a task to minimize or maximize it.
The following sections describe some things you can do with the GNOME panel.
Using the Applications and System menus
Click Applications on the panel, and you see categories of applications and system tools that you
can select. Click the application you want to launch. To add an item from a menu so that it can
launch from the panel, drag-and-drop the item you want to the panel.
You can add items to your GNOME menus. To do that, right-click on any of the menu names,
and then select Edit Menus. The window that appears lets you add or delete menus associated
with the Applications and System menus. You can also add items to launch from those menus by
selecting New Item and typing the Name, Command, and comment for the item.
Adding an applet
You can run several small applications, called applets, directly on the GNOME panel. These applications can show information you may want to see on an ongoing basis or may just provide some
amusement. To see what applets are available and to add applets that you want to your panel,
perform the following steps:
1. Right-click an open space in the panel so that the Panel menu appears.
2. Select Add to Panel. An Add to Panel window appears.
62
Chapter 3: Getting into the Desktop
3. Select from among several dozen applets, including a clock, dictionary lookup, stock ticker,
and weather report. The applet you select appears on the panel, ready for you to use.
Figure 3-9 shows (from left to right) eyes, system monitor, weather report, network monitor, and
wanda the fish.
FIGURE 3-9
Placing applets on the panel makes accessing them easy.
After an applet is installed, right-click it on the panel to see what options are available. For example, select Preferences for the stock ticker, and you can add or delete stocks whose prices you
want to monitor. If you don’t like the applet’s location, right-click it, click Move, slide the mouse
until the applet is where you want it (even to another panel), and click to set its location.
If you no longer want an applet to appear on the panel, right-click it, and then click Remove
From Panel. The icon representing the applet disappears. If you fi nd that you have run out of
room on your panel, you can add a new panel to another part of the screen, as described in the
next section.
Adding another panel
You can have several panels on your GNOME desktop. You can add panels that run along the
entire bottom, top, or side of the screen. To add a panel, do the following:
1. Right-click an open space in the panel so that the Panel menu appears.
2. Select New Panel. A new panel appears on the side of the screen.
3. Right-click an open space in the new panel and select Properties.
4. From the Panel Properties, select where you want the panel from the Orientation box
(Top, Bottom, Left, or Right).
After you’ve added a panel, you can add applets or application launchers to it as you did to the
default panel. To remove a panel, right-click it and select Delete This Panel.
Adding an application launcher
Icons on your panel represent a Web browser and several office productivity applications. You
can add your own icons to launch applications from the panel as well. To add a new application
launcher to the panel, do the following:
1. Right-click in an open space on the panel.
63
Part II: Running a Linux Desktop
2. Select Add to Panel ➪ Application Launcher from the menu. All application categories
from your Applications and System menus appear.
3. Select the arrow next to the category of application you want, and then select Add. An
icon representing the application appears on the panel.
To launch the application you just added, simply click the icon on the panel.
If the application you want to launch is not on one of your menus, you can build a launcher yourself as follows:
1. Right-click in an open space on the panel.
2. Select Add to Panel ➪ Custom Application Launcher ➪ Add. The Create Launcher window appears.
3. Provide the following information for the application that you want to add:
Type —Select Application (to launch a regular GUI application) or Application
in Terminal. Use Application in Terminal if the application is a character-based
or ncurses application. (Applications written using the ncurses library run in a
Terminal window but offer screen-oriented mouse and keyboard controls.)
Name —A name to identify the application (this appears in the tooltip when your
mouse is over the icon).
Command—The command line that is run when the application is launched. Use
the full path name, plus any required options.
Comment—A comment describing the application. It also appears when you later
move your mouse over the launcher.
4. Click the Icon box (it might say No Icon). Select one of the icons shown and click OK.
Alternatively, you can browse your file system to choose an icon.
5. Click OK.
The application icon should now appear in the panel. Click it to start the application.
Note
Icons available to represent your application are contained in the /usr/share/pixmaps directory. These
icons are either in .png or .xpm formats. If there isn’t an icon in the directory you want to use, create your
own (in one of those two formats) and assign it to the application. Adding a drawer
A drawer is an icon that you can click to display other icons representing menus, applets, and
launchers; it behaves just like a panel. Essentially, any item you can add to a panel you can add to
a drawer. By adding a drawer to your GNOME panel, you can include several applets and launchers that together take up the space of only one icon. Click on the drawer to show the applets and
launchers as if they were being pulled out of a drawer icon on the panel.
64
Chapter 3: Getting into the Desktop
To add a drawer to your panel, right-click the panel and select Add to Panel ➪ Drawer. A drawer
appears on the panel. Right-click it, and add applets or launchers to it as you would to a panel.
Click the icon again to retract the drawer.
Figure 3-10 shows a portion of the panel with an open drawer that includes an icon for launching
a volume monitor, a weather report, and Tomboy sticky notes.
FIGURE 3-10
Add launchers or applets to a drawer on your GNOME panel.
Changing panel properties
Those panel properties you can change are limited to the orientation, size, hiding policy, and
background. To open the Panel Properties window that applies to a specific panel, right-click on
an open space on the panel and choose Properties. The Panel Properties window that appears
includes the following values:
Orientation—Move the panel to different locations on the screen by clicking on a new
position.
Size —Select the size of your panel by choosing its height in pixels (48 pixels by
default).
Expand—Select this check box to have the panel expand to fill the entire side, or clear
the check box to make the panel only as wide as the applets it contains.
AutoHide —Select whether a panel is automatically hidden (appearing only when the
mouse pointer is in the area).
Show Hide buttons —Choose whether the Hide/Unhide buttons (with pixmap arrows
on them) appear on the edges of the panel.
Arrows on hide buttons —If you select Show Hide Buttons, you can choose to have
arrows on those buttons.
Background—From the Background tab, you can assign a color to the background of
the panel, assign a pixmap image, or just leave the default (which is based on the current system theme). Click the Background Image check box if you want to select an
image for the background, and then select an image, such as a tile from /usr/share/
backgrounds/tiles or other directory.
65
Part II: Running a Linux Desktop
Tip
I usually turn on the AutoHide feature and turn off the Hide buttons. Using AutoHide gives you more desktop
space to work with. When you move your mouse to the edge where the panel is, the panel pops up—so you
don’t need Hide buttons. Using the Nautilus file manager
At one time, file managers did little more than let you run applications, create data files, and open
folders. These days, as the information a user needs expands beyond the local system, file managers
are expected to also display Web pages, access FTP sites, and play multimedia content. The Nautilus
file manager, which is the default GNOME file manager, is an example of just such a file manager.
When you open the Nautilus file manager window (for example, by opening the Home icon or
other folder on your desktop), you see the name of the location you are viewing (such as the
folder name) and what that location contains (files, folders, and applications). Double-click a
folder to open that folder in a new window.
Select your folder name in the lower-left corner of the window to see the file system hierarchy
above the current folder. GNOME remembers whatever size, location, and other setting you had
for the folder the last time you closed it and returns it to that state the next time you open it.
To see more controls, right-click a folder and select Browse Folder to open it. Icons on the toolbar of
the Nautilus window let you move forward and back among the directories and Web sites you visit.
To move up the directory structure, click the up arrow. If you prefer to type the path to the folder you
want, instead of clicking icons, you can toggle between button and text-based location bars (click the
paper and pencil icon next to the location buttons to change the view). Figure 3-11 is an example of
the file manager window displaying the home directory of a user named chris in browse mode.
FIGURE 3-11
The Nautilus file manager enables you to move around the file system, open directories, launch applications, and open Samba folders.
66
Chapter 3: Getting into the Desktop
To refresh the view of the folder, click the Reload button. The Home button takes you to your
home page, and the Computer button lets you see the same type of information you would see
from a My Computer icon on a Windows system (CD drive, floppy drive, hard disk file systems,
and network folders).
Icons in Nautilus often indicate the type of data that a particular file contains. The contents or
file extension of each file can determine which application is used to work with the file, or you
can right-click an icon to open the file it represents with a particular application or viewer.
Here are some of the more interesting features of Nautilus:
Sidebar —From the Browse Folder view described previously, select View ➪ Side Pane
to have a sidebar appear in the left column of the screen. From the sidebar, you can
click a pull-down menu that represents different types of information you can select one
at a time.
The Tree tab, for example, shows a tree view of the directory structure, so you can easily
traverse your directories. The Notes tab lets you add notes that become associated with
the current Directory or Web page, and the History tab displays a history of directories
you have visited, enabling you to click those items to return to the sites they represent.
There is also an Emblems tab that lets you drag-and-drop emblems on files or folders to
indicate something about the file or folder (emblems include icons representing drafts,
urgent, bug, and multimedia).
Windows file and printer sharing—If your computer is connected to a LAN on
which Windows computers are sharing files and printers, you can view those resources
from Nautilus. Type smb: in the Open Location box (select File ➪ Open Location to
get there) to see available workgroups. Click a workgroup to see computers from that
workgroup that are sharing files and printers. Figure 3-12 shows an example of a local
Nautilus window displaying icons representing folders shared from a Window computer
named bluestreak that is accessible on the local LAN. The shared folder from that computer is named My Doc Blue.
FIGURE 3-12
Display shared Windows file and printer servers (SMB) in Nautilus.
67
Part II: Running a Linux Desktop
MIME types and file types —To handle different types of content that may be encountered in the Nautilus window, you can set applications to respond based on MIME type
and file type. With a folder displayed, right-click a file for which you want to assign an
application. Click either Open With an Application or Open With a Viewer. If no application or viewer has been assigned for the file type, click Associate Application to be
able to select an application. From the Add File Types window, you can add an application based on the file extension and MIME type representing the file.
Drag-and-drop —You can use drag-and-drop within the Nautilus window, between
the Nautilus and the desktop, or among multiple Nautilus windows. As other GNOMEcompliant applications become available, they are expected to also support the dragand-drop feature.
If you would like more information on the Nautilus file manager, visit the GNOME Web site
(www.gnome.org/nautilus).
3D effects with AIGLX
Several different initiatives have made strides in recent years to bring 3D desktop effects to Linux.
Ubuntu and Fedora used AIGLX (http://fedoraproject.org/wiki/RenderingProject/
aiglx). The openSUSE project originally backed the Xgl approach (http://en.opensuse.org/
Xgl), but has recently also moved to supporting AIGLX.
The goal of the Accelerated Indirect GLX project (AIGLX) is to add 3D effects to everyday desktop
systems. It does this by implementing OpenGL (http://opengl.org) accelerated effects using
the Mesa (www.mesa3d.org) open source OpenGL implementation.
Currently, AIGLX supports a limited set of video cards and implements only a few 3D effects, but
it does offer some insight into the eye candy that is in the works.
Direct rendering infrastructure (DRI) is required for most video cards supporting AIGLX.
However, some NVidia cards that don’t support DRI can be used, but they require that you get
the closed source binary drivers made available from NVidia. Cards that are known to not work
with AIGLX include ATI Rage 128 and Mach 64, Matrox G200 through G550, and 3DFX Voodoo
1 and 2.
If your video card was properly detected and configured, you may be able to simply turn on the
Desktop Effects feature to see the effects that have been implemented so far. To turn on Desktop
Effects, select System ➪ Preferences ➪ Look and Feel ➪ Desktop Effects. When the Desktop
Effects window appears, select Enable Desktop Effects. Enabling this does the following:
68
Stops the current window manager and starts the Compiz window manager.
Enables the Windows Wobble When Moved effect. With this effect on, when you grab
the title bar of the window to move it, the window will wobble as it moves. Menus and
other items that open on the desktop also wobble.
Chapter 3: Getting into the Desktop
Enables the Workspaces on a Cube effect. Drag a window from the desktop to the right
or the left and the desktop will rotate like a cube, with each of your desktop workspaces
appearing as a side of that cube. Drop the window on the workspace where you want it
to go. You can also click on the Workspace Switcher applet in the bottom panel to rotate
the cube to display different workspaces.
Other nice desktop effects result from using the Alt+Tab keys to tab among different running
windows. As you press Alt+Tab, a thumbnail of each window scrolls across the screen as the window it represents is highlighted.
Figure 3-13 shows an example of a Compiz desktop with AIGLX enabled. The figure illustrates a
Web browser window being moved from one workspace to another as those workspaces rotate on
a cube.
FIGURE 3-13
Rotate workspaces on a cube with AIGLX desktop effects enabled.
69
Part II: Running a Linux Desktop
The following are some interesting effects you can get with your 3D AIGLX desktop:
Spin cube —Hold Ctrl+Alt keys and press the right and left arrow keys. The desktop
cube spins to each successive workspace (forward or back).
Slowly rotate cube —Hold the Ctrl+Alt keys, press and hold the left mouse button,
and move the mouse around on the screen. The cube will move slowly with the mouse
among the workspaces.
Tab through windows —Hold the Alt key and press the Tab key. You will see reduced
versions of all your windows in a strip in the middle of your screen, with the current
window highlighted in the middle. Still holding the Alt key, press Tab or Shift+Tab to
move forward or backwards through the windows. Release the keys when the one you
want is highlighted.
Scale and separate windows —If your desktop is cluttered, hold Ctrl+Alt and press the
up arrow key. Windows will shrink down and separate on the desktop. Still holding
Ctrl+Alt, use your arrow keys to highlight the window you want and release the keys to
have that window come to the surface.
Scale and separate workspaces —Hold Ctrl+Alt and press the down arrow key to see
reduced images of the workspace shown on a strip. Still holding Ctrl+Alt, use right and
left arrow keys to move among the different workspaces. Release the keys when the
workspace you want is highlighted.
Send current window to next workspace —Hold Ctrl+Alt+Shift keys together and
press the left and right arrow keys. The current window will move to the next workspace to the left or right, respectively.
Slide windows around—Press and hold the left mouse button, and then press the left,
right, up, or down arrow keys to slide the current window around on the screen.
If you get tired of wobbling windows and spinning cubes, you can easily turn off the AIGLX 3D
effects and return Metacity as the window manager. Select System ➪ Preferences ➪ Desktop
Effects again and toggle off the Enable Desktop Effects button to turn off the feature.
If you have a supported video card, but find that you are not able to turn on the Desktop Effects,
check that your X server started properly. In particular, make sure that your /etc/X11/xorg.
conf file is properly configured. Make sure that dri and glx are loaded in the Module section.
Also, add an extensions section anywhere in the file (typically at the end of the file) that appears
as follows:
Section “”extensions””
Option “”Composite””
EndSection
Another option is to add the following line to the /etc/X11/xorg.conf file in the Device
section:
Option “”XAANoOffscreenPixmaps””
70
Chapter 3: Getting into the Desktop
The XAANoOffscreenPixmaps option will improve performance. Check your /var/log/
Xorg.log file to make sure that DRI and AIGLX features were started correctly. The messages in
that file can help you debug other problems as well.
Changing GNOME preferences
There are many ways to change the behavior, look, and feel of your GNOME desktop. You can
modify most GNOME preferences from submenus on the Preferences menu (select System ➪
Preferences).
Unlike earlier versions of GNOME, boundaries between preferences related to the window
manager (Metacity), file manager (Nautilus), and the GNOME desktop itself have been blurred.
Preferences for all of these features are available from the Preferences menu.
The following items highlight some of the preferences you might want to change:
Accessibility—If you have difficulty operating a mouse or keyboard or seeing the
screen, the Assistive Technologies window lets you adapt mouse and keyboard settings
to make operating your computer easier for you. It also lets you magnify selected applications. (Select System ➪ Preferences ➪ Personal ➪ Assistive Technologies.)
Desktop Background—You can choose a solid color or an image to use as wallpaper.
Select System ➪ Preferences ➪ Look and Feel ➪ Appearance and then the Background
tab. If you choose to use a solid color (by selecting No Wallpaper), click the Color box,
select a color from the palette, and click OK.
To use wallpaper for your background, open the folder containing the image you want
to use, and then drag the image into the Desktop Wallpaper pane on the Desktop
Preferences window. You can choose from a variety of images in the /usr/share/nautilus/patterns and /usr/share/backgrounds/tiles directories. Then choose
to have the wallpaper image tiled (repeated pattern), centered, scaled (in proportion), or
stretched (using any proportion to fill the screen).
Screensaver —Choose from dozens of screen savers from the Screensaver window.
Select System ➪ Preferences ➪ Look and Feel ➪ Screensaver. Choose Random to have
your screen saver chosen randomly from available screen savers, or select one that
you like from the list to use all the time. Next, choose how long your screen must be
idle before the screen saver starts (default is 10 minutes). You can also choose to lock
the screen when the screen saver is active, so a password is required to return to the
desktop. If you only see a few screen savers, you might want to install the xscreensaverextras and xscreensaver-gl-extras packages to get a bunch more.
Theme —Choose an entire theme of elements to be used on your desktop, if you like.
From the Appearance window, select the Theme tab. A desktop theme affects not only
the background but also the way that many buttons and menu selections appear. Only
a few themes are available for the window manager (Metacity) in the Fedora distribution, but you can get a bunch of other themes from themes.freshmeat.net (click
Metacity).
71
Part II: Running a Linux Desktop
To modify a theme, select the Customize button and then click the Controls tab to
choose the type of controls to use on your desktop. Click the Window Border tab to
select from different themes that change the title bar and other borders of your windows. Click the Icons tab to choose different icons to represent items on your desktop. Themes change immediately as you click or when you drag a theme name on the
desktop.
Exiting GNOME
When you are done with your work, you can either log out from your current session or shut
down your computer completely. To exit from GNOME, do the following:
1. Click the System button from the panel (in Fedora) or the red button icon in the upperright corner (in Ubuntu).
2. Select Log Out from the menu. A pop-up window appears, asking whether you want
to Log Out. Some versions will also ask whether you want to Shut Down or Restart the
computer.
3. Select Log Out from the pop-up menu. This logs you out and returns you to either the
graphical login screen or to your shell login prompt. (If you select Shut Down, the system shuts down, and if you select Reboot, the system restarts.)
4. Select OK to finish exiting from GNOME.
If you are unable to get to the Log Out button (if, for example, your panel crashed), two other exit
methods are available. Try one of these ways, depending on how you started the desktop:
If you started the desktop from the graphical display manager or by typing startx from
your login shell, press Ctrl+Backspace to end your GNOME session.
If your screen is completely unresponsive (mouse and keyboard aren’t working), you
might just have to reboot your computer. If possible, log in to the computer over the
network and type init 6 (as root user) to reboot.
Although these ways are not the most graceful for exiting the desktop, they work. You should be
able to log in again and restart the desktop.
Configuring Your Own Desktop
Today’s modern desktop computer systems are made to spoon-feed you your operating system.
In the name of ease of use, some desktop environments spend a lot of resources on fancy panels,
complex control centers, and busy applets. In short, they can become bloated.
72
Chapter 3: Getting into the Desktop
Many technically inclined people want a more streamlined desktop—or at least want to choose
their own bells and whistles. They don’t want to have to wait for windows to redraw or menus to
come up. Linux enables those people to forget the complete desktop environments and configure
the main elements:
X—The X Window System provides the framework of choice for Linux and most UNIX
systems. When you configure X yourself, you can choose the video driver, monitor settings, mouse configuration, and other basic features needed to get your display working
properly.
Window manager —Dozens of window managers are available to use with X on a Linux
system. Window managers add borders and buttons to otherwise bare X windows. They
add colors and graphics to backgrounds, menus, and windows. Window managers also
define how you can use keyboard and mouse combinations to operate your desktop.
You need to configure X directly only if your desktop isn’t working (the desktop may appear
scrambled or may just plain crash). You may choose to configure X if you want to tune it to give
you higher resolutions or more colors than you get by default.
Still to come in this chapter: examining tools for tuning X and, in particular, working with the
xorg.conf file. You’ll also explore a few popular window managers that you might want to
try out. Slackware Linux is used to illustrate how to choose and configure a window manager
because Slackware users tend to like simple, direct ways of working with the desktop (when they
need a desktop at all).
Configuring X
Before 2004, most Linux distributions used the X server from the XFree86 project (www.
xfree86.org). Because of licensing issues, many of the major Linux vendors (including Red
Hat, SUSE, and Slackware) changed to the X server from X.Org (www.X.org). The descriptions of
how to get X going on your machine assume you are using the X.Org X server.
Note
To determine which X server is installed on your system, from a Terminal window type man Xorg and man
XFree86. If you have only one X server installed on your computer (which you probably do) only the one
installed will show a man page. While you are there, press the spacebar to page through the features of your
X server. If you are able to start a desktop successfully, and your mouse, keyboard, and screen all seem to
be behaving, you may not have to do anything more to configure X. However, if you can’t start
the desktop or you want to adjust some basic features (such as screen resolution or number of
colors supported), the following sections offer some ideas on how to go about doing those things.
73
Part II: Running a Linux Desktop
Creating a working X configuration file
If your desktop crashes immediately or shows only garbled text, try to create a new X configuration file. With the X.Org X server, that file is /etc/X11/xorg.conf.
Note
In XFree86, the configuration file, which has basically the same format, is /etc/X11/XF86Config. Before you try to reconfigure X, be sure that you are not in run level 5. That run level will continuously try to restart X. I recommend you change to run level 3 before reconfiguring X. Press
Ctrl+Alt+F1 and log in as root. Then type the following:
# init 3
To have X try to create a working xorg.conf file for you to use, do the following from a
Terminal window as root user:
1. If Linux booted to a command prompt, go to the next step. However, if it tried to start X
automatically, you might have an illegible screen. In that case, press these keys together:
Ctrl+Alt+Backspace. It should kill your X server and get you back to a command
prompt. If X tries to restart (and is still messed up), press Ctrl+Alt+F2. When you see
the command prompt, log in as root and type init 3. This temporarily brings you down
to a nongraphical state.
2. To have X probe your video hardware and create a new configuration file, type
# Xorg -configure
3. The file x.org.conf.new should appear in your home directory. To test whether this
new configuration file works, type the following to start the X server:
# X -xf86config /root/xorg.conf.new
A gray background with an X in the middle should appear. Move the mouse to move the
X pointer. If that succeeds, you have a working xorg.conf file to use.
4. Press Ctrl+Alt+Backspace to exit the X server.
5. Copy the new configuration file to where it is picked up the next time X starts.
# cp /root/xorg.conf.new /etc/X11/xorg.conf
Chances are that you have a very basic X configuration that you may want to tune further. After
X is working you can return to run level 5 by typing the following as root user:
# init 5
74
Chapter 3: Getting into the Desktop
Getting new X drivers
Working video drivers in Linux are available with most video cards you can purchase today.
However, to get some advanced features from your video cards (such as 3D acceleration) you may
need to get proprietary drivers directly from the video manufacturers. In particular, you may
want to get drivers from NVidia and ATI.
For Ubuntu, Fedora, and many other major Linux distributions, NVidia and ATI drivers have
been packaged for the particular kernel you are running. Because these drivers are not open
source, however, you typically have to enable third-party or non-free software repositories to get
them to work.
If your Linux system doesn’t have such repositories available, to get new drivers for video cards or
chipsets from NVidia, go to the NVidia site (www.nvidia.com) and select the Download Drivers
button. Follow the link to Linux and FreeBSD drivers. Links from the page that appears will take
you to a Web page from which you can download the new driver and get instructions for installing it.
For ATI video cards and chipsets, go to www.ati.com and select Drivers & Software. Follow the
links to Linux drivers and related installation instructions.
Tuning up your X configuration file
The xorg.conf file might look a bit complicated when you first start working with it. However,
chances are that you will need to change only a few key elements in it. As root user, open the /
etc/X11/xorg.conf file in any text editor. Here are some things you can look for:
Mouse —Look for an InputDevice section with a Mouse0 or Mouse1 identifier. That
section for a simple two-button, PS2 mouse might look as follows:
Section “”InputDevice””
Identifier
“”Mouse0””
Driver
“”mouse””
Option
“”Protocol”” “”PS/2””
Option
“”Device”” “”/dev/psaux””
EndSection
If you are unable to use some feature of the mouse, such as a middle wheel, you might
be able to get it working with an entry that looks more like the following:
Section “”InputDevice””
Identifier
“”Mouse0””
Driver
“”mouse””
Option
“”Protocol”” “”IMPS/2””
Option
“”Device”” “”/dev/psaux””
Option
“”ZAxisMapping”” “”4 5””
EndSection
75
Part II: Running a Linux Desktop
Don’t change the mouse identifier, but you can change the protocol and add the
ZAxisMapping line to enable your wheel mouse. Try restarting X and trying your
mouse wheel on something like a Web page to see whether you can scroll up and down
with it.
Your mouse might be connected in a different way (such as a bus or serial mouse) or
may have different buttons to enable. Tools for configuring your mouse are distributionspecific. Try mouseconfig, mouseadmin, or system-config-mouse to reconfigure
your mouse from the command line.
Monitor —The monitor section defines attributes of your monitor. You can use some
generic settings if you don’t know the exact model of your monitor. Changing the
Horizontal Sync and Vertical Refresh rates without checking your monitor’s technical
specifications is not recommended; you could damage the monitor. Here’s an example of
an entry that will work on many LCD panels:
Section “”Monitor””
Identifier
“”Monitor0””
VendorName
“”Monitor Vendor””
ModelName
“”LCD Panel 1024x768””
HorizSync
31.5--48.5
VertRefresh 40.0--70.0
EndSection
Here’s an entry for a generic CRT monitor that will work on many CRTs:
Section “”Monitor””
Identifier
“”Monitor0””
VendorName
“”Monitor Vendor””
ModelName
“”Generic Monitor, 1280x1024 @ 74 Hz””
HorizSync
31.5--79.0
VertRefresh 50.0--90.0
EndSection
If a tool is available to select your monitor model directly, that would be the best way
to go. For example, in Red Hat systems, you would run system-config-xfree86 to
change monitor settings.
Video device—The Device section is where you identify the driver to use with your
video driver and any options to use with it. It is important to get this section right.
The Xorg command described earlier usually does a good job detecting the driver. If
you want to change to a different one, this is where to do so. Here’s an example of the
Device section after I added a video driver from NVIDIA to my system (the driver
name is nv):
Section “”Device””
76
Chapter 3: Getting into the Desktop
Identifier
Driver
VendorName
BoardName
BusID
EndSection
“”Card0””
“”nv””
“”nVidia Corporation””
“”Unknown Board””
“”PCI:1:0:0””
Screen resolution —The last major piece of information you may want to add is the
screen resolution and color depth. There will be a screen resolution associated with
each video card installed on your computer. The Screen section defines default color
depths (such as 8, 16, or 24) and modes (such as 1024 × 768, 800 × 600, or 640 × 480).
Set the DefaultDepth to the number of bits representing color depth for your system,
and then add a Modes line to set the screen resolution.
To read more about how to set options in your xorg.conf file, type man xorg.conf. If your X
server is XFree86, type man XF86Config.
Choosing a window manager
Fully integrated desktop environments have become somewhat unfriendly to changing out window managers. However, you can completely bypass KDE or GNOME, if you like, and start your
desktop simply with X and a window manager of your choice.
Although I’m using Slackware as the reference distribution for describing how to change window
managers, the concept is the same on other Linux systems. In general, if no desktop environment
is running in Linux, you can start it by typing the following:
$ startx
This command starts up your desktop environment or window manager, depending on how your
system is configured. Although a variety of configuration files are read and commands are run,
essentially which desktop you get depends on the contents of two files:
/etc/X11/xinit/xinitrc—If a user doesn’t specifically request a particular desk-
top environment or window manager, the default desktop settings will come from the
contents of this file. The xinitrc file is the system-wide X configuration file. Different
Linux systems use different xinitrc files.
$HOME/.xinitrc—The .xinitrc file is used to let individual users set up their own
desktop startup information. Any user can add a .xinitrc file to his or her own home
directory. The result is that the contents of that fi le will override any systemwide settings. If you do create your own .xinitrc file, it should have as its last line exec
windowmanager, where windowmanager is the name of your window manager; for
example:
exec /usr/bin/blackbox
77
Part II: Running a Linux Desktop
Slackware has at least seven different window managers from which you can choose, making it a
good place to try out a few. It also includes a tool called xwmconfig, which lets you change the
window manager systemwide (in the /etc/X11/xinit/xinitrc file). To use that tool, as the
root user simply type xwmconfig from any shell on a Slackware system.
Select the window manager you want to try from that screen and select OK. That window manager will start the next time you run startx (provided you don’t override it by creating your
own .xinitrc file). Here are your choices:
LXDE (www.lxde.org)—The Lightweight X11 Desktop Environment was created to
perform quickly and elegantly, even in less powerful machines. These qualities make it
particularly suitable for mobile devices, netbooks, and other hardware directed toward
cloud computing. KNOPPIX now uses LXDE as its desktop environment (see Chapter
12 for some neat ways of using LXDE with Compiz for 3D desktop effects). Figure 3-14
shows an example of an LXDE desktop running in KNOPPIX:
FIGURE 3-14
Get special effects on low-powered machines with the Lightweight X11 Desktop Environment.
78
Chapter 3: Getting into the Desktop
Xfce (www.xfce.org)—The Xfce window manager is designed to be lightweight and
fast. Xfce is very popular for running Linux on inexpensive PCs, such as the ASUS
EeePC. Figure 3-15 shows an example of an Xfce desktop in Fedora.
FIGURE 3-15
Xfce offers many powerful features in an efficient desktop.
Blackbox (http://blackboxwm.sourceforge.net)—Another lightweight window
manager that strives to require few library dependencies so it can run in many environments. Offers many features for setting colors and styles.
FluxBox (http://fluxbox.sourceforge.net)—Based on Blackbox (0.61.1),
FluxBox adds nice features such as window tabs (where you can join together multiple
windows so they appear as multiple tabs on a single window). It also includes an icon
bar and adds some useful mouse features (such as using your mouse wheel to change
workspaces).
79
Part II: Running a Linux Desktop
Window Maker (www.windowmaker.info)—Window Maker is a clone of the
NEXTSTEP graphical interface, a popular UNIX workstation of the 1980s and 1990s. It
is a particularly attractive window manager, with support for themes, various window
decorations, and features for changing backgrounds and animations, and adding applets
(called docapps).
FVWM (www.fvwm.org)—This window manager supports full internationalization, window manager hints, and improved font features. Interesting features include window shading in all directions (even diagonal) and side titles (including text displayed vertically).
FVWM-95 (http://fvwm95.sourceforge.net)—A version of FVWM that was created to look and feel like Windows 95.
Twm (Tabbed Window Manager) —Although no longer actively maintained, some
people still use twm when they want a truly bare-bones desktop. Until you click the left
mouse button in twm, there’s nothing on the screen. Use the menu that pops up to open
and close windows.
Many other window managers are available for Linux as well. To check out some more, visit the
Xwinman Web site (http://xwinman.org).
After the system default is set for your window manager, users can set their own window manager to override that decision. The following section describes how to do that.
Choosing your personal window manager
Simply adding an exec line with the name of the window manager you want to use to your own
.xinitrc file in your home directory causes startx to start that window manager for you. Here
is an example of the contents of a .xinitrc to start the Window Maker window manager:
exec /usr/bin/wmaker
Make sure that the file is executable (chmod 755 $HOME/.xinitrc). The Window Maker window manager should start the next time you start your desktop. Other window managers you can
choose include Blackbox (/usr/X11R6/bin/blackbox), FluxBox (/usr/X11R6/bin/fluxbox),
FVWM (/usr/X11R6/bin/fluxbox), FVWM-95 (/usr/X11R6/bin/fvwm95), and twm (/usr/
X11R6/bin/twm).
Getting More Information
If you tried configuring X and you still have a server that crashes or has a garbled display, your
video card may either be unsupported or may require special configuration. Here are a couple of
locations you can check for further information:
80
X.Org (www.x.org)—The latest information about the X servers that come with Fedora
is available from the X.Org Web site. X.Org is the freeware version of X recently used by
many major Linux distributions to replace the XFree86 X server.
Chapter 3: Getting into the Desktop
X documentation—README files specific to different types of video cards are delivered with the X.Org X server. Visit the X doc directory (/usr/X11R6/lib/X11/doc)
for a README file specific to the type of video card (or more specifically, the video
chipset) you are using. You can also find a lot of good information on the xorg.conf
man page (type man xorg.conf).
Summary
Complete desktop environments that run in Linux can rival desktop systems from any operating
system. KDE and GNOME are the most popular desktop environments available today for Linux.
For people who want a sleeker, more lightweight desktop environment, Xfce and LXDE desktops
and a variety of simple window managers (Blackbox, Xfce, FVWM, twm, FluxBox, and many
others) are available to use in Linux as well.
The KDE desktop is well known for its large set of integrated applications (office productivity
tools, games, multimedia, and other applications). The latest KDE offers a more efficient file manager called Dolphin and desktop applets called plasmoids.
GNOME has the reputation of being a more basic, business-oriented desktop. Most Linux distributions such as Slackware and Gentoo offer GNOME and KDE desktops that aren’t changed
much from how they are delivered from those desktop projects. Other Linux systems (such as
Fedora) put their own look-and-feel over GNOME and KDE desktops.
Although the latest Windows systems won’t run on many older 486 and Pentium machines, you
can use an efficient Linux system such as Slackware, add a lightweight window manager, and get
reasonably good performance with your desktop system on those machines.
81
CH APTER
Playing Music
and Video
O
ne of the most popular and enjoyable activities on a computer is
playing audio and video. With improved multimedia players and
tools for storing and managing content, Linux has become a great
platform for storing, playing, and managing your music and video files.
In this chapter, you learn to use the sound, video, digital imaging, and
other multimedia tools available for Linux. You explore the process of configuring audio and select video devices and examine the kinds of media
formats available for the Linux platform, how they work, and how to make
the most of them by using the right applications.
Linux is an excellent platform for taking advantage of widely used formats
such as MPEG, AVI, Ogg Vorbis, and QuickTime. A wide variety of players
are available for the various formats, and this chapter discusses several of
them to help you determine which might be the right one (or combination)
for your interests and/or needs.
IN THIS CHAPTER
Legal issues with digital media
Using commercial content on
Linux
Playing, recording, and ripping
music
Setting up TV and audio cards
Recording and ripping music
Watching TV
Videoconferencing
Watching movies and videos
Note
Because many devices holding multimedia content are removable (CDs, DVDs, digital cameras, Webcams, and so on), recent features in Linux to automatically handle
removable hardware and media have greatly improved the Linux desktop experience.
See the section on managing hardware in Chapter 3 for descriptions of how features
such as Udev and HAL are used to manage removable media. Some Linux distributions are more multimedia-friendly right after the install
than others. An example of this is Ubuntu, which gives you the opportunity
to enable “non-free” repositories from which you can get software that cannot be freely distributed or, in some cases, allow you to purchase “non-free”
software from the Ubuntu store (http://shop.canonical.com). This
can save you a great deal of time trying to track down licensing issues and
resolve problems.
83
Storing and displaying images
from digital cameras
Part II: Running a Linux Desktop
Playing Digital Media and Obeying the Law
Debate about just what an end user can legally do with digital media continues to be a hot topic.
What exactly can you do as far as making copies of your CDs, DVDs, and other media? What
proprietary media (MP3s, commercial DVD movies, and so on) is even legal to play back in
Linux? Unfortunately, there is no really good answer. This issue affects just about every computer
user, either directly or indirectly.
How you are allowed to use the audio, video, and other media you keep on your computer is
increasingly dictated by national and international law. There was a time when you could essentially disregard this issue for personal use, but in the era where individual computer users have
been successfully sued by corporations and industry groups, a little more caution is required.
Copyright protection issues
The biggest factor in the world of digital media policy is the 1998 Digital Millennium Copyright
Act (DMCA). This law ostensibly establishes a framework for implementing several international
treaties concerning copyright protection.
The DMCA has been widely criticized because it seems to intrude on the free-speech provisions of the U.S. Constitution. Many people view computer code as a protected form of speech.
A conflict arises because the DMCA forbids the development of applications that are designed
to intentionally circumvent content security. For example, Dmitry Sklyarov, a Russian cryptographer employed by a Russian software company, ElcomSoft, was arrested by the FBI while
attending a conference in Las Vegas because he demonstrated an application that could decrypt
Adobe eBooks. A jury found Sklyarov and ElcomSoft not guilty in December 2002, but the point
is that companies will use the DMCA to litigate against those who publicize methods to decrypt
encrypted content.
If nothing else, this event demonstrated that the DMCA had teeth. Unfortunately, these teeth
have been used not only to protect legitimate commerce, but to pursue computer scientists at
academic institutions researching content protection schemes, encryption, and a range of other
technologies. Because the DMCA makes it a crime to manufacture and transport technology used
to circumvent copyright protection schemes, many researchers have abandoned valuable research
that could yield better (stronger and more useful) protection schemes or reveal critical fl aws in
existing ones.
Although DCMA has provided some clout for content providers to legitimately protect their material, such as persuading search engines to drop information about links to illegally posted and
copyrighted information, there are times when that clout has been abused. Some copyright holders, it seems, are more than willing to use the DMCA to curtail three “rights” allowed under preDMCA copyright law. Copyright law stipulates the following:
84
Users can make a copy of any copyrighted work for academic purposes, reporting, or
critique. This includes a wide range of uses, from students or instructors copying materials for research to someone creating a parody of published materials. But what about
Chapter 4: Playing Music and Video
a student making a copy of some DVD materials for a multimedia presentation? The
student has fair-use access to the material on the DVD, but the DMCA makes it illegal
for the student to break the DVD encryption that would allow the student to copy the
material.
Note
The fair-use rule is a privilege that permits someone other than the owner of the copyright to use the copyrighted material in a reasonable and limited manner without his consent. Users can sell copyrighted works that they own. You can sell your books, DVDs, audio
CDs, and other materials as long as you are not retaining a copy for yourself, or (of
course) selling copies of the work without permission from the copyright holder. Some
people arguing in favor of file trading with copyrighted materials claim that the DMCA
infringes on their ability to “share” content they “own.” In fact, under existing copyright
law they do not “own” the copyrighted material and certainly do not possess the rights
to redistribute the content unless they are reselling it in an allowed manner.
All copyrights expire at some time in the future and fall into the public domain.
Basically, this point raises the same issue as with the first item: Your DVD movie falls
into the public domain (eventually), but to freely copy the content you must again
circumvent the protection inherent on the DVD and by doing so, you run afoul of the
DMCA.
It is important to realize the DMCA is very vague about how it defines many of the acts that are
illegal. What is a “protection scheme?” Some argue that it could be nearly anything. Many pundits fear that the DMCA can be used to curtail the use of nondigital copyrighted works such as
books because the law is so vague in defining its own borders.
Although the courts are trying to clarify where the legal line is in any particular situation, the
problem is that, often, the company suing to protect its copyrights is a large corporation or group
and the defendant is either a new small company or even an individual user. Court battles are
expensive, and the broad scope of the DMCA essentially prevents “the little guy” from ever making his case, because he cannot afford to fight.
Note
In 1998 a law known as the Sonny Bono Copyright Term Extension Act, or CTEA, was passed. This act took
the already lengthy copyright protection period (generally 70 years) and extended it by another 20 years, preventing several valuable properties, including film and images of Steamboat Willie (the first Mickey Mouse),
from entering the public domain. From a practical standpoint, what does all this mean to you as a Linux user? Well, it means that if
you have to use any trickery to copy MP3s off your CD collection, you could be breaking the law.
Several CD protection schemes used by record companies are designed to prevent digital piracy,
but they are very easy to circumvent in many cases. But should you get caught making MP3s off
a protected CD, you can be sued and/or arrested (hypothetically speaking). The possibility exists
85
Part II: Running a Linux Desktop
that some of the security on CDs is intentionally weak. It saves development costs and allows
the copyright holder to pursue anyone who has ripped the CD because there is no legal means of
doing so. But that is just speculation.
Relatively few audio CDs come with protection of any kind, particularly those CDs already
owned by the world’s audiophiles. If you make fair-use copies of materials you own for your own
use, you’re not likely to have to worry about anything. If you should decide to transport copyrighted works in a public forum (peer-to-peer networks for example), you are rolling the dice.
The RIAA (Recording Industry Association of America) and MPAA (Motion Picture Association of
America) have both successfully located and sued users—including children—distributing content illegally online.
Note
One attempt to allow sharing, remixing, and reusing legally is the Creative Commons Project. As of this
writing, the project is nine years old and thousands of items are posted. You can find more information at
http://creativecommons.org/.
Two sites worth exploring are Jamendo (www.jamendo.com/en/) and Magnatune (www.magnatune.com).
Both are libraries offering free access to music. Jamendo focuses on free distribution of music to help musicians grow their audiences. Magnatune helps musicians by licensing their music to those who would like to
use it in commercial ventures (such as films, commercials, Web sites, and so on), while still allowing the musicians to maintain rights to their music. Exploring codecs
If you want to play a video or audio file, you need the appropriate codec installed and ready for
use by your media player. A codec is a software-based encoder-decoder used to take existing digital audio/video data and decode the content. Often, codecs use compression technology to reduce
the size of the data files while retaining the quality of the output.
If you encounter a media file that you know is a working, playable file and you cannot play the
file, you might need to identify and install the proper codec. This often involves installing the
proper playback application, such as DivX 5.0.5 for Linux, which installs the MPEG4 codec for
video and audio playback.
Many codecs are available, so finding the ones you need is usually not difficult. Advances in
codec technology have continued to increase the quality of the encoded content, while reducing
file size. Fortunately most widely distributed videos and audio files (from news sites, for example)
are created using a few commonly used codecs.
Although some commonly used encoding standards exist, a slew of proprietary codecs are also
in use today. This situation is really a battleground of sorts with each vendor/developer trying to
produce the superior standard and obtain the spoils of market share that can follow. For the end
user, this means you might have to spend time chasing a variety of playback utilities to handle
multiple video and audio formats.
86
Chapter 4: Playing Music and Video
Another debate: Can digital media match the quality of analog formats? This hardly seems much
of a question anymore because DVD has shown the potential for high-quality digital video, and
MPEG codecs have made huge strides in digital audio fidelity. The quality of digital media files is
very high and getting better all the time. Some of the key technologies that reflect improvements
in how audio and video codecs have improved include
Ogg Vorbis —This audio codec has been developed as a freely available tool—no patents restricting its use. Ogg is the “data container” portion of the codec, and Vorbis is
the audio compression scheme. Other compression schemes can be used with Ogg such
as Ogg FLAC, which is used for archiving audio in a lossless format, and Ogg Speex,
which is used specifically to handle encoding speech.
WMA—Windows Media Audio is used to create high-quality digital audio. WMA is
considered a lossless codec, which means the audio doesn’t lose quality or data as a
result of repeated compression-decompression cycles. Among its other benefits is that
it’s one of the first widely used codecs to support digital surround sound.
WMV—Windows Media Video is used, not surprisingly, to encode and decode video. It
is also a very high-quality encoder and is billed to produce a video that is half the size
of an MPEG-4 encoded video at a comparable quality level.
DivX—This video codec revolutionized digital video. Extremely high-quality video can
be stored with amazingly small file sizes when using this codec. DivX (Digital Video
Express) is based on the MPEG-4 video standard and can produce 640 × 480 video
about 15 percent of the size of the source DVD material.
Some of these codecs are integral parts of Digital Rights Management (DRM) scenarios. For
example, WMA, WMV, and DivX have elements that support DRM. DRM is basically proprietary
copy protection.
The term DRM applies to a wide range of technologies that use server-based activation, encryption, and other elements to control who can access content and what they can then do with the
content after it has been accessed. Although it is very attractive to distributors of audio and video,
who are trying to prevent unchecked digital piracy of their content, it can be a real stumbling
block for the consumer.
Many DRM solutions require proprietary software and even hardware to work with the protected
content. A prime example is the production of some DRM-protected audio CDs, particularly in
Europe. Some of these discs will not play in older standalone CD players, some will play only on
a computer that supports the DRM application on the CD itself, and (especially frustrating) some
will not play on a computer at all. In almost all cases, such DRM solutions do not support Linux.
Most support only Windows and a few support Windows and Mac OS X.
Just to make things clear, although the codecs just discussed do not include built-in DRM features, some codecs are specifically designed to integrate with DRM solutions. In other words, all
of these codecs can theoretically be used to play encoded content on a Linux system. If the content is protected by a DRM solution, the likelihood that the content is playable on a Linux system
is fairly remote. Despite this fact, or perhaps because of it, Linus Torvalds has not excluded the
87
Part II: Running a Linux Desktop
possibility of including support for DRM in Linux. Likewise, several open source projects are
working on Linux DRM solutions.
Playing Music
With an understanding of the challenges and advances in digital media under your belt, let’s
move on to actually putting digital media to use. This section shows you how to set up your
Linux installation for audio playback. It examines the process for getting the hardware up and
running and then explores available software options for audio playback.
Using sound systems in Linux
Several different sound systems have been used to bring audio to your Linux desktop in the past
few years. Although sound systems mostly work in the background, the sound system running
in Linux can impact the sound mixers and applications you can use. Here is some information
related to sound support you might run into when you use Linux:
88
Open Sound System (www.opensound.com)—Open Sound System (OSS) was the
first sound system for Linux and other UNIX systems to unify the sound drivers and
sound application interfaces under one framework. OSS was originally available in open
source, then was proprietary for several years, but has recently become available in
open source again (www.opensound.com/download.cgi). OSS is owned by 4Front
Technologies: www.4front-tech.com. Audio applications written for OSS work with
both ALSA and PulseAudio sound systems. Because ALSA and PulseAudio are packaged
with most desktop Linux systems, OSS is not as commonly used as it once was.
Advanced Linux Sound System (www.alsa-project.org)—Most Linux systems
replaced OSS with the Advanced Linux Sound Architecture (ALSA) system for their
sound driver and sound interface needs. ALSA also does a good job configuring sound
drivers and handling multiple sound devices. ALSA works with both KDE and GNOME
desktop systems. Several major Linux distributions have switched to PulseAudio as
their default sound system, while still supporting ALSA applications.
PulseAudio (www.pulseaudio.org)—Ubuntu, Fedora, Mandriva, and other Linux
distributions have replaced their ALSA sound systems with PulseAudio. Besides adding some features for controlling volume for multiple sound applications and directing
audio to PulseAudio servers on other systems, the PulseAudio server will work with
many ALSA, aRts, and ESD applications using plug-ins.
KDE sound systems —With KDE 4, the default KDE sound system changed from the
analog Real time synthesizer (aRts) to Phonon (http://phonon.kde.org). Although
Phonon does consolidate end-user tools for controlling audio, its primary goal is to
provide software developers with a multimedia application programming interface that
encompasses both audio and video features.
Chapter 4: Playing Music and Video
GNOME sound systems —GNOME supports the Enlightened Sound Daemon (ESD)
as its sound server. ESD relies on the GStreamer (www.gstreamer.net) framework to
handle the actual encoding and decoding of multimedia content. You can purchase legal
audio and video codecs from a company called Fluendo (www.fluendo.com) that work
with the GStreamer framework.
Because at least three of the major Linux distributions (Fedora, Ubuntu, and Mandriva) have
moved to PulseAudio as their default sound server, the next section focuses on how to use
PulseAudio sound tools from your Linux desktop.
Adjusting sound with PulseAudio
If your Linux desktop has integrated PulseAudio properly, you should be able to use it to work
with most sound applications written for Linux. That means that you can not only play lots of
audio applications from your desktop, but you can also separately control the volume for each one
using the PulseAudio Volume Control.
For example, from the Fedora GNOME desktop, select Applications ➪ Sound & Video ➪
PulseAudio Volume Control. (If you don’t see that selection, install the pavucontrol package.) A
window similar to the one shown in Figure 4-1 appears.
FIGURE 4-1
Control volume levels for multiple audio players with PulseAudio.
89
Part II: Running a Linux Desktop
As audio applications are started, they appear in the Playback tab on the PulseAudio Volume
Control window. In Figure 4-1, I opened the ogg123 player to play some music in the background (I moved the sliders to lower the volume). I also opened a YouTube video from my Web
browser, which also showed up on the volume control. There’s already a slider that lets me adjust
system sounds.
If you have multiple audio input and output devices, you can configure volume levels from those
devices individually, using the Input Devices and Output Devices tabs. By clicking your mouse
on the Input or Output Devices tab, you can change your default audio devices.
Most of the work to configure the plug-ins and devices needed to get your Linux audio applications working should have been set up automatically when you installed your Linux system.
However, if you are not able to play some audio applications, refer to the PulseAudio Perfect
Setup page (www.pulseaudio.org/wiki/PerfectSetup). It describes how to configure dozens of GNOME, KDE, OSS, ESOUND, GStreamer, Flash, and other sound applications to work
with PulseAudio.
Note
If you are using a Linux system that doesn’t have PulseAudio installed, there are other commands you can use
to adjust audio levels. The aumix command has a simple way to adjust audio, using command options or a
screen-oriented menu. The alsamixer command lets you adjust audio levels for ALSA audio devices. Setting up audio cards
To start your “quadraphonic wall of sound,” you need to have a sound card in your PC. A sound
card can be an add-in PCI (or even ISA) card, or it can be integrated on your motherboard. Your
card will have a ton of uses—from gaming to audio/video playback. Having a multimedia system
just isn’t the same without sound.
Fortunately, most modern PCs include a sound card, often of the integrated variety. In the rare
case that one isn’t included (or the slightly more common case where it isn’t supported in Linux),
you can add a supported sound card starting for only a few dollars. If you’re really pinched, check
out eBay, where you probably can get a decent SoundBlaster-compatible card (still the standard)
for next to nothing.
Note
If you try the procedures in this book but still don’t have a working sound card, visit www.alsa-project.org,
home of the Advanced Linux Sound Architecture (ALSA). Another good resource is the ALSA Wiki (http://
alsa.opensrc.org). The following list summarizes the basic features that are included in the popular SoundBlaster
family of sound cards:
90
Sound recording and playback—The card can convert analog sound into 8-bit or
16-bit digital numbers. To convert the sound, the board samples the sound in waves
Chapter 4: Playing Music and Video
from 5 KHz to 48 KHz, or 5,000 to 48,100 times per second. The higher the sampling
rate, the better the sound and larger the output files.
Full-duplex support—Full-duplex means that recording and playback occur at the
same time. This is particularly useful for bidirectional Internet communication, such as
Voice-Over-IP (VOIP) telephony or simultaneous recording and playback.
Input/output ports —Several different ports on the board enable you to connect other
input/output devices. These ports include
Line-In (blue) —Connects an external CD player, cassette deck, synthesizer,
MiniDisc, or other device for recording or playback. If you have a television card,
you might also patch that card’s line out to your sound card’s line in.
Microphone (red) —Connects a microphone for audio recording or communications.
Headphone/Line-Out/Speaker Out (green) —Connects speakers, headphones, or a
stereo amplifier. (On sound cards I’ve tested, this is marked as Headphone in mixer
utilities.)
Joystick/MIDI (15-pin connector) —Connects a joystick for gaming or MIDI
devices. (Some sound cards no longer have these ports because they are now available from most motherboards.)
Digital out (orange) —A digital out connector can be used to connect a digital audio
tape (DAT) device or CD recordable (CD-R) device.
Rear out (black) —Can be used to deliver audio output to powered speakers or an
external amplifier.
Internal CD Audio —This internal port connects the sound card to your computer’s
internal CD-ROM drive (this port isn’t exposed when the board is installed).
Sound drivers provided in Linux come from many sources. Advanced Linux Sound Architecture
(ALSA) sound drivers are integrated into the 2.6 kernel. You may fi nd older Open Sound System
(OSS) drivers are useful if ALSA does not support your sound card. You can get OSS drivers
for free (recently released as open source) from 4Front Technologies (www.opensound.com/
download.cgi), which is the company that still maintains OSS.
Caution
Before you install a separate sound driver distribution, check to see if your current distribution already has
a recent driver. Using the driver that came with the kernel is always a safe bet if you are not experiencing a
specific driver-related issue. At times, a sound application will ask you to identify the device from which to access sound on
your system. With the introduction of the Udev feature in the 2.6 kernel, some of the device
names are different from those used with the 2.4 kernel. The following are audio device nodes
that may be of interest to you as you use sound in Linux:
91
Part II: Running a Linux Desktop
/dev/audio, /dev/audio1—Compatible with Sun workstation audio implementa-
tions (audio files with the .au extension). These devices are not recommended for new
sound applications.
/dev/cdrom—Represents your first CD-ROM drive. /dev/cdrom is usually a symbolic
link to the device node, such as /dev/hdc, that corresponds to your CD-ROM drive.
Additional CD-ROM drives are located at /dev/cdrom1, /dev/cdrom2, and so on.
/dev/dsp, /dev/dsp1—Digital sampling devices, which many audio applications
identify to access your sound card.
/dev/mixer, /dev/mixer1—Sound-mixing devices.
/dev/sequencer—Provides a low-level interface to MIDI, FM, and GUS.
/dev/midi00—Provides raw access to MIDI ports, if they are available.
For general information about sound in Linux, see the Sound-HOWTO (for tips about sound
cards and general sound issues) and the Sound-Playing-HOWTO (for tips on software for playing
different types of audio files). You can find Linux HOWTOs at www.tldp.org.
Choosing an audio CD player
Rhythmbox is the default CD player for many GNOME desktop systems. However, a variety of
CD players are available for Linux distributions or may be downloaded and installed. Here is a
cross-section of choices for playing CDs with Linux:
92
Rhythmbox (rhythmbox)—Import and manage your CD collection with Rhythmbox
music management and playback software for GNOME. It uses GStreamer on the audio
backend and can rip and compress music using Ogg Vorbis or other audio formats. In
addition to enabling you to create playlists of your music library, Rhythmbox also has
features for playing Internet radio stations. Free music stores were added to Rhythmbox
in recent releases, allowing you to play free music from Jamendo (www.jamendo.com/
en/) and Magnatune (www.magnatune.com), and possibly purchase CDs or license use
of that music for commercial projects.
KsCD player (kscd)—The KsCD player comes with the KDE desktop. To use it, the
kdemultimedia package must be installed. From the main menu on the KDE desktop,
select Multimedia ➪ KsCD (or type kscd in a Terminal window). This player lets you
get title, track, and artist information from the CD database. KsCD, however, also lets
you submit information to a CD database (if your CD isn’t found there).
Grip (grip)—Although Grip is primarily used as a CD ripper, it can also play CDs.
Select Multimedia ➪ Grip (or type grip in a Terminal window). It includes tools for
gathering data from and submitting data to CD databases. It also includes tools for
copying (ripping) CD tracks and converting them to different formats (encoding).
Naturally, the grip package must be installed to use this command.
Amarok (amarok)—With Amarok, you get a nice graphical interface where you can
manage music by moving elements around with your mouse. Amarok uses SQLite (or
Chapter 4: Playing Music and Video
other databases) to store your music. It also supports playlists and streaming audio playback from online radio stations.
X Multimedia System (xmms)—The XMMS player plays a variety of audio formats but
can also play directly from a CD.
Playing music with Rhythmbox Audio Player
Rhythmbox provides the GNOME music player that lets you play music from CD, local fi le system, or network location. Rhythmbox is built on the GStreamer framework for developing media
players, video editors, and streaming media. You can play music files, import music from CDs,
and play Internet radio stations, all from one interface. Other features let you play podcasts and
custom radio stations from Last.fm music service. Plug-ins for Rhythmbox let you display album
covers, view lyrics, or show visual effects with the music.
The first time you run Rhythmbox, consider setting some Rhythmbox Preferences by selecting
Edit Preferences. On the Music tab (see Figure 4-2), you can tell Rhythmbox where you store
your music files, and how Rhythmbox should organize and store your music (including how folders are named, songs are titled, and the format in which music is stored).
After you’ve set up your preferences, you’ll see the main music library interface (see Figure 4-3).
Rhythmbox makes organizing even large collections of music files easy.
FIGURE 4-2
Defining where you store your music
93
Part II: Running a Linux Desktop
FIGURE 4-3
Viewing a music library with Rhythmbox
Note
If your distribution does not include support for MP3 playback with Rhythmbox, fear not—there is hope!
In Fedora, you can use the ffmpeg-plugin package available from the rpmfusion.org repository. For
Ubuntu, Freespire, and legacy Linspire Linux distributions, check out support in the Click-N-Run service
(www.cnr.com). In addition to playing music files, Rhythmbox can easily rip CDs. Just insert the CD you
want to rip, right-click the CD when it appears under the Devices heading in the left column, and click the
Extract icon on the toolbar. The CD will be ripped and stored with your Rhythmbox music collection folder. Rhythmbox can also play Internet radio stations and podcasts. Without adding more codecs,
you can play Ogg Vorbis Internet radio audio streams. Many more streams are available in MP3
format, however. To add an Internet radio station to Rhythmbox, select Radio in the left column
and click the New icon. Fill in the Title and Genre of the station. Then choose the Details tab and
type in the location of the stream (such as http://wknc.org:8000/wkncmq.ogg.m3u).
94
Chapter 4: Playing Music and Video
Adding podcasts can be done the same way. Select Podcasts in the left column and select New.
Type the URL for the podcast feed (for example, www.geeknewscentral.com/podcast.xml)
into the pop-up that appears. To add an image to your podcast, just download an appropriate
image to your computer and drag-and-drop it onto the lower-left corner of the Rhythmbox window while your Podcast is selected. Figure 4-4 shows Rhythmbox playing the Geek News Central
podcast.
FIGURE 4-4
Rhythmbox playing a podcast feed
Tip
The site www.di.fm lists a number of free Internet radio channels. Playing music with the XMMS multimedia player
The XMMS (X Multimedia System) multimedia player provides a compact, graphical interface
for playing music files in MP3, Ogg Vorbis, WAV, and other audio formats. XMMS has some nice
extras too, including an equalizer, a playlist editor, and the capability to add more audio plug-ins.
One of its greatest attributes is that XMMS is easy to use. If the player looks familiar to you, that’s
because it is styled after the Windows Winamp program.
To add XMMS to your Fedora system, type yum install xmms* as root user. This command gets
you the player and some nice skins to use with it as well. To play MP3 audio with XMMS, you
95
Part II: Running a Linux Desktop
need to add the MPEG Layer 1/2/3 Player plug-in. In Fedora, you can get the xmms-mp3 package
from the http://rpmfusion.org free repository.
Start the XMMS audio player by selecting Sound & Video ➪ Audio Player or by typing xmms
from a Terminal window. Figure 4-5 shows the XMMS audio player. The skin I selected (rightclick XMMS and select Options ➪ Skin Browser) is called ColderXMMS.
FIGURE 4-5
Play Ogg Vorbis and other audio files from the XMMS player.
As noted earlier, you can play several audio file formats. Supported formats include
MP3 (with added plug-in)
Ogg Vorbis
WAV
AU
CD Audio
CIN Movies
Note
If XMMS is not able to find a configured sound card, it redirects its output to the Disk Writer plug-in. This
causes the files you play to be written to hard disk as WAV files. You can get many more audio plug-ins from www.xmms.org. The XMMS audio player can be
used in the following way:
1. Obtain music files by ripping songs from a CD or copying them from the Web so that
they are in an accessible directory, or by inserting a music CD in your CD-ROM drive.
(XMMS expects the CD to be accessible from /dev/cdrom.)
2. From the Applications menu, select Sound & Video ➪ Audio Player. The X Multimedia
System player appears.
3. Click the Eject button. The Load Files window appears.
4. If you have inserted a CD, the contents of /mnt/cdrom appear in the Files pane. Select
the files you want to add to your Playlist and click the Add Selected Files or the Add All
96
Chapter 4: Playing Music and Video
Files in Directory button to add all songs from the current directory. To add audio files
from your file system, browse your files and directories and click the same buttons to
add the audio files you want. Select Close.
5. Click the Play List button (the tiny button marked PL) on the console. A Playlist Editor
window appears.
6. Double-click the music file, and it starts to play.
7. With a file selected and playing, here are a few actions you can take:
Control play—Buttons for controlling play are what you would expect to see on a
standalone CD player. From left to right, the buttons let you go to a previous track,
play, pause, stop, go to the next track, and eject the CD. The eject button opens a
window, enabling you to load the next file.
Adjust sound—Use the left slider bar to adjust the volume. Use the right slider bar
to change the right-to-left balance.
Display time —Click in the elapsed time area to toggle between elapsed time and
time remaining.
View file information—Click the button in the upper-left corner of the screen to
see the XMMS menu. Then select View File Info. You can often find out a lot of information about the file: title, artist, album, comments, and genre. For an Ogg Vorbis
file, you can see specific information about the file itself, such as the format, bit rate,
sample rate, frames, file size, and more. You can change or add to the tag information
and click Save to keep it.
8. When you are done playing music, click the Stop button to stop the current song. Then
click the X in the lower-right corner of the display to close the window.
Special features of the XMMS audio player let you adjust frequencies using a graphic equalizer
and gather and play songs using a Playlist Editor. Click the button marked EQ next to the balance
bar on the player to open the Equalizer.
Using the Equalizer
The Equalizer lets you use slider bars to set different levels to different frequencies played. Bars
on the left adjust lower frequencies, and those on the right adjust higher frequencies. Click the
EQ button to open the Equalizer window. Here are tasks you can perform with the Equalizer:
If you like the settings you have for a particular song, you can save them as a Preset. Set
each frequency as you like it and click the Preset button. Then choose Save ➪ Preset.
Type a name for the preset and click OK.
To reload a preset you created earlier, click the Preset button and select Load ➪ Preset.
Select the preset you want and click OK.
The small window in the center/top of the Equalizer shows the sound wave formed by your settings. You can adjust the Preamp bar on the left to boost different levels in the set range.
97
Part II: Running a Linux Desktop
Using the Playlist Editor
The Playlist Editor lets you put together a list of audio files that you want to play. You can add
and delete files from this list, save them to a file, and use them again later. Click the PL button in
the XMMS window to open the Playlist Editor.
The Playlist Editor enables you to
Add files to the playlist—Click the Add button. The Load Files window appears.
Select the directory containing your audio files (it’s useful to keep them all in one
place) from the left column. Then either select a file from the right column and click
Add Selected Files or click Add All Files in the Directory. Click OK. The selected file or
files appear(s) in the playlist. You can also add music files by dragging them from the
Nautilus file manager onto the playlist window.
Select files to play—To select from the files in the playlist, use the previous track and
next track buttons in the main XMMS window. The selected file is highlighted. Click
the Play button to play that file. Alternatively, you can double-click any file in the playlist to start it playing.
Delete files from the playlist—To remove files from the playlist, select the file or files
you want to remove (use the next track and previous track buttons), right-click the playlist window, and click Remove ➪ Selected. The selected files are removed.
Save the playlist—To save the current playlist, hold the right mouse button down on
the List button and then select Playlist ➪ Save List from the pop-up menu. Browse to the
directory you want, and then type the name you want to assign to the playlist and click
OK. The filename should end with a .m3u extension, such as monkees_hits.m3u.
Load the playlist—To reload a saved playlist, click the List button. Select a playlist
from the directory in which you saved it and click OK.
There is also a tiny set of buttons on the bottom of the Playlist Editor screen. These are the same
buttons as those on the main screen used for selecting different tracks or playing, pausing, stopping, or ejecting the current track.
One of the most fun aspects to XMMS is that you can change the skin, or the look, of the user
interface. XMMS skins allow you to see wildly different interfaces, even though the application
remains the same. Not only can you control the looks of XMMS, you can also use skins to adjust
for any issues in the XMMS interface. For example, the current song in the playlist window may
not be highlighted enough, especially if you have a high-resolution monitor. You can select a skin
that provides better highlighting. You can also choose skins that make XMMS look like Winamp
on Windows, or like the Mac OS X interface.
XMMS supports Windows .wsz Winamp skins, so you can download those skins and see your
favorite musician or animated characters for your music player. Just download and copy the skin
to your /usr/share/xmms/Skins directory to add it to your skins list.
98
Chapter 4: Playing Music and Video
Using MIDI audio players
MIDI (Musical Instrument Digital Interface) files are created from synthesizers and other electronic music devices. They tend to be smaller than other kinds of audio files because instead of
storing the complete sounds, they contain information about the notes played, tempo, and articulation. You can think of a MIDI file as electronic sheet music. The MIDI player reproduces the
notes to sound like a huge variety of MIDI instruments.
There are lots of sites on the Internet for downloading MIDI files. Try the Ifni MIDI Music site
(www.ifnimidi.com), for example, which contains songs by the Beatles, Led Zeppelin, Nirvana,
and others organized by album. Most of the MIDI music is pretty simple, but you can have some
fun playing with it.
Linux distributions that include the KDE desktop (such as Fedora) often come with the kmid
MIDI player. Kmid provides a GUI interface for MIDI music, including the capability to display
karaoke lyrics in real time. To start kmid in Fedora, select Sound & Video ➪ KMid (or type kmid
& from a Terminal window).
Performing audio file conversion and compression
Many different formats exist for storing and compressing speech and music files. Because music
files can be large, they are usually stored in a compressed format. Although MP3 has been the
compression format of choice, Ogg Vorbis is quickly becoming the favorite for compressing music
in the open source community. Ogg Vorbis has the added benefit of not being encumbered by
patents as MP3 is.
Linux tools for converting and compressing audio files include
sox (SoX)—A general-purpose tool for converting audio files among a variety of formats
oggenc —A tool for specifically converting music files to Ogg Vorbis format
Converting audio files with SoX
If you have a sound file in one format, but you want it to be in another format, Linux offers some
conversion tools. The SoX utility can translate to and from any of the audio formats listed in
Table 4-1.
Tip
Type sox -h to see the supported audio types, as well as supported options and effects. 99
Part II: Running a Linux Desktop
TABLE 4-1
Sound Formats Supported by the SoX Utility
File Extension
or Pseudonym
Description
File Extension
or Pseudonym
Description
.8svx
8SVX Amiga musical
instrument description
format.
.aiff
Apple IIc/IIgs and SGI AIFF
files. May require a separate
archiver to work with these
files.
.au, .snd
Sun Microsystems AU audio
files. This was once a popular
format. (The .snd extension
is ambiguous because it’s
also been used on NeXT
format and headerless Mac/
PC format.)
.avr
Audio Visual Research
format, used on the Mac.
.cdr
CD-R files used to master
compact discs.
.cvs
Continuously variable slope
delta modulation, which is
used for voice mail and other
speech compression.
.dat
Text data files, which contain
a text representation of
sound data.
.gsm
Lossy Speech Compression
(GSM 06.10), used to shrink
audio data in voice mail and
similar applications.
.hcom
Macintosh HCOM files.
.maud
Amiga format used to
produce sound that is 8-bit
linear, 16-bit linear, a-law,
and u-law in mono or stereo.
.ogg
Ogg Vorbis compressed
audio, which is best used
for compressing music and
streaming audio.
.ossdsp
Pseudo file, used to open
the OSS /dev/dsp file and
configure it to use the data
type passed to SoX. Used to
either play or record.
.prc
Psion record.app format,
newer than the WVE format.
Note that the .prc extension
is also used for programs for
the Palm handheld devices.
.sf
IRCAM sound files, used
by CSound package and
MixView sample editor.
.sph
Speech audio SPHERE
(Speech Header Resources)
format from NIST (National
Institute of Standards and
Technology).
.smp
SampleVision files from
Turtle Beach, used to
communicate with different
MIDI samplers.
100
Chapter 4: Playing Music and Video
File Extension
or Pseudonym
Description
File Extension
or Pseudonym
Description
.sunau
Pseudo file, used to open a
/dev/audio file and set it
to use the data type being
passed to SoX.
.txw
Yamaha TX-16W from a
Yamaha sampling keyboard.
.vms
Used to compress speech
audio for voice mail and
similar applications.
.voc
Sound Blaster VOC file.
.wav
Microsoft WAV RIFF files.
This is the native Microsoft
Windows sound format.
.wve
8-bit, a-law, 8 KHz sound
files used with Psion Palmtop
computers.
.raw
Raw files (contain no header
information, so sample
rate, size, and style must be
given).
.ub, .sb,
.uw, .sw, .ul,
.al, .lu,
.la, .sl
Raw files with set
characteristics. ub is
unsigned byte; sb is signed
byte; uw is unsigned word;
sw is signed word; and ul is
ulaw.
If you are not sure about the format of an audio file, you can add the .auto extension to the filename. This triggers SoX to guess what kind of audio format is contained in the file. The .auto
extension can be used only for the input file. If SoX can figure out the content of the input file, it
translates the contents to the sound type for the output file you request.
In its most basic form, you can convert one file format (such as a WAV file) to another format
(such as an AU file) as follows:
$ sox file1.wav file1.au
To see what SoX is doing, use the -V option. For example:
$ sox -V file1.wav file1.voc
sox: Reading Wave file: Microsoft PCM format, 2 channel, 44100 samp/sec
sox: 176400 byte/sec, 4 block align, 16 bits/samp, 50266944 data bytes
sox: Input file: using sample rate 11025
size bytes, style unsigned, 1 channel
sox: Input file1.wav: comment “file1.wav”
sox: Output file1.voc: using sample rate 44100
size shorts, encoding signed (2’s complement), 2 channels
sox: Output file: comment “file1.wav”
101
Part II: Running a Linux Desktop
You can apply sound effects during the SoX conversion process. The following example shows
how to change the sample rate (using the -r option) from 10,000 KHz to 5,000 KHz:
$ sox -r 10000 file1.wav -r 5000 file1.voc
To reduce the noise, you can send the file through a low-pass filter. Here’s an example:
$ sox file1.voc file2.voc lowp 2200
For more information on SoX and to get the latest download, go to the SoX—Sound eXchange—
home page (http://sourceforge.net/projects/sox/).
Compressing music files with oggenc
The oggenc command takes music or other audio data and converts it from uncompressed formats (such as WAV, RAW, or AIFF) to the compressed Ogg Vorbis format. Using Ogg Vorbis,
audio files can be significantly reduced in size without a noticeable loss of sound quality. (I used
the default settings in oggenc and reduced a 48MB WAV music file to 4MB.)
In its most basic form, you can use oggenc with one or more WAV or AIFF files following it. For
example:
$ oggenc *.wav
This command would result in all files ending with .wav in the current directory to be converted
to Ogg Vorbis format. An OGG file is produced for each WAV file, with oggenc substituting
.ogg for .wav as the file suffi x for the compressed file. Ogg Vorbis files can be played in many
different audio players in Linux, including the XMMS player (described earlier).
In addition, a number of hand-held music players support Ogg Vorbis formats. These include
a number of iRiver, Jens of Sweden, MobiBLU, Neuros, and Samsung models. Verify with your
product’s manual, however, as models and player firmware change often.
Tip
If you want to rip music files from a CD and compress them, you can use the Grip window (described later in
this chapter). Grip enables you to select oggenc as the tool to do the file compression. If you are interested in making a CD jukebox that rips, records, and compresses music CDs using
oggenc and other open source software, check out Linux Toys by Christopher Negus and Chuck
Wolber from Wiley Publishing (2003).
Recording and Ripping Music
Writable CD-ROM drives are a standard device on computers. Where once you had to settle for
a floppy disk (1.44MB) or a Zip disk (100MB) to store personal data, a CD-ROM burner lets you
102
Chapter 4: Playing Music and Video
store more than 600MB of data in a format that can be exchanged with most computers. On top
of that, you can create CD music discs!
Both graphical and command-line tools exist for creating audio and data CDs on Linux. The
cdrecord command enables you to create audio and data CDs from the command line, writing
to CD-recordable (CD-R) and CD-rewritable (CD-RW) drives. This command is discussed in the
following section.
Creating an audio CD with cdrecord
You can use the cdrecord command to create either data or music CDs. You can create a data
CD by setting up a separate file system and copying the whole image of that file system to CD.
Creating an audio CD consists of selecting the audio tracks you want to copy and copying them
all at once to the CD.
This section focuses on using cdrecord to create audio CDs. cdrecord can use audio files in
.au, .wav, and .cdr formats, automatically translating them when necessary. If you have audio
files in other formats, you can convert them to one of the supported formats by using the sox
command (described previously in this chapter).
One way to create an audio CD is to use cdda2wav to extract (copy) the music tracks to a directory and then use cdrecord to write them from the directory to the CD. Here’s an example:
Note
If you prefer a graphical tool for copying and burning CDs and DVDs, refer to Appendix A, which describes
how to use the K3B CD/DVD Burning Facility for burning CD images. You can also use that tool for copying
audio CDs. 1. Create a directory to hold the audio files, and change to that directory. (Make sure
the directory can hold up to 660MB of data—less if you are burning fewer songs.) For
example:
# mkdir /tmp/cd
# cd /tmp/cd
2. Insert the music CD into your CD-ROM drive. (If a CD player opens on the desktop,
close it.)
3. Extract the music tracks you want by using the cdda2wav command. For example:
# cdda2wav -D /dev/cdrom -B
This reads all the music tracks from the CD-ROM drive. The -B option says to output
each track to a separate file. By default, the cdda2wav command outputs the files to the
WAV audio format.
103
Part II: Running a Linux Desktop
Instead of extracting all songs, you can choose a single track or a range of tracks to
extract. For example, to extract tracks 3 through 5, add the -t3+5 option. To extract
just track 9, add -t9+9. To extract track 7 through the end of the CD, add -t7.
Note
If you have a low-quality CD drive or an imperfect CD, cdda2wav might not be the best ripping tool. You
might try cdparanoia -B to extract songs from the CD to hard disk instead. 4. When cdda2wav is done, remove the music CD and insert a blank CD into your writable CD drive.
5. Use the cdrecord command to write the music tracks to the CD. For example:
# cdrecord -v dev=/dev/cdrom -audio *.wav
The options to cdrecord tell the command to create an audio CD (-audio) on the
writable CD device located at /dev/cdrom. The cdrecord command writes all .wav
files from the current directory. The -v option causes verbose output.
6. If you want to change the order of the tracks, you can type their names in the order you
want them written (instead of using *.wav). If your CD writer supports higher speeds,
you can use the speed option to double (speed=2) or to quadruple (speed=4) the writing speed.
After you have created the music CD, indicate the contents of the CD on its label side. It’s now
ready to play on any standard music CD player.
Ripping CDs with Grip
The Grip application (grip package) provides a more graphical method of copying music from
CDs to your hard disk so that you can play the songs directly from your hard disk or burn them
back onto a blank CD. Besides just ripping music, you can also compress each song as you
extract it from the CD.
You can open Grip from the GNOME desktop Applications menu in Ubuntu, Fedora, and other
Linux systems by selecting Sound & Video ➪ Grip (or by typing grip from a Terminal window).
Figure 4-6 shows an example of the Grip window.
To rip audio tracks from a CD with grip, do the following:
1. With the Grip window open, insert a music CD into your CD drive. If you have an
active connection to the Internet and the CD is known to the CD database, the title, artist, and track information appear in the window.
2. Click each track that you want to rip (that is, copy to your hard disk). A check mark
appears in that track’s Rip column.
104
Chapter 4: Playing Music and Video
FIGURE 4-6
Rip and play songs from the Grip window.
3. Click the Config tab at the top of the page, and then select Encode.
4. You can choose the type of encoder used to compress the music by clicking the Encoder
box and selecting an encoder (by default, oggenc compresses files in Ogg Vorbis,
assuming that Ogg Vorbis was installed on your Linux distribution). If you have the
lame package installed (available from non-free repositories for some Linux distributions), you can encode your music to MP3 format.
5. Click the Rip tab at the top of the page. From the Ripper subtab, indicate the location
and format of the ripped files (I use ~/Music/%x/%A/%d/%n.wav to hold the ripped
WAV files in subdirectories of my Music folder.)
6. Click one of the following:
Rip+Encode —This rips the selected songs and (if you left in the default oggenc compression in Step 4) compresses them in Ogg Vorbis format. You need an Ogg Vorbis
player to play the songs after they have been ripped in this format (many Ogg Vorbis
players are available for Linux).
Rip only—This rips the selected songs in WAV format. You can use a standard CD
player to play these songs. (When I tried this, the same song ripped in WAV was 12
times larger than the Ogg Vorbis file.)
Songs are copied to the hard disk in the format you selected. By default, the files are
copied into a subdirectory of $HOME/ogg (such as /home/jake/ogg). The subdirectory is named for the artist and CD. For example, if the user jake were ripping the
105
Part II: Running a Linux Desktop
song called “High Life” by the artist Mumbo, the directory containing the ripped songs
would be /home/jake/ogg/mumbo/high_life. Each song file is named for the song
(for example, fly_fly_fly.wav). Following the earlier example, I would use /home/
jake/Music to hold the ripped music, instead of the default ogg directory.
7. Now you can play any of the files using a player that can play WAV or Ogg fi les, such as
XMMS. Or you can copy the files to a CD using cdrecord. Because the filenames are
the song names, they don’t appear in the same order as they appear on the CD, so if you
want to copy them back to a writable CD in their original order, you may have to type
each filename on the cdrecord command line. For example:
# cdrecord -v dev=/dev/cdrom -audio fly_fly.wav
big_news.wav about_time.wav
The Grip window can also be used to play CDs. Use the buttons on the bottom of the display to
play or pause, skip ahead or back, stop, and eject the CD. The toggle track display button lets you
shrink the size of the display so it takes up less space on the desktop. Click toggle disc editor to
see and change title, artist, and track information.
Creating CD labels with cdlabelgen
You can use the cdlabelgen command to create tray cards and front cards to fit in CD jewel
cases. You gather information about the CD and cdlabelgen produces a PostScript output file
that you can send to the printer. The cdlabelgen package also comes with graphics (in /usr/
share/cdlabelgen) that you can incorporate into your labels.
Here’s an example of a cdlabelgen command line that generates a CD label file in PostScript
format (type it all on one line or use backslashes, as shown, to put it on multiple lines):
$ cdlabelgen -c cdlabelgen -c “20th Century Collection” \
-s “Jon Negus” \
-i “Heart of Mine%20th Century Man%Swing, Swing, Swing%I \
write the songs%Oh Mistress Mine%Turns%Winter Solstice” \
-o cover.ps
In this example, -c “20th Century Collection” identifies the title of the CD and the
-s “Jon Negus” indicates the artist. The tracks are entered after the -i option, with each line
separated by a % sign. The output file is sent to the file cover.ps with the -o option. To view
and print the results, use the evince command like this:
$ evince cover.ps
The result of this example is shown in Figure 4-7.
You’ll want to edit the cdlabelgen command line to include the title and song names for the CD
label and rerun the program a few times to get the label correct. When you are ready to print the
label, click Print All to print the label.
106
Chapter 4: Playing Music and Video
FIGURE 4-7
Generate CD jewel case labels with cdlabelgen and print them with evince.
Working with TV, Video, and
Digital Imaging
Getting TV cards, Webcams, and other video devices to play in Linux is still a bit of an adventure. Most manufacturers of TV cards and Webcams are not losing sleep to produce Linux
drivers. As a result, most of the drivers that bring video to your Linux desktop have been reverseengineered (that is, they were created by software engineers who watched what the video device
sent and received, rather than seeing the actual code that runs the device).
The first and probably biggest trick is to get a TV card or Webcam that is supported in Linux.
After you are getting video output from that device (typically available from /dev/video0), you
can try out a couple of applications to begin using it.
This section explores the tvtime program for watching television and the Ekiga program for video
conferencing.
107
Part II: Running a Linux Desktop
Watching TV with tvtime
The tvtime program (tvtime command) enables you to display video output—television channels, in particular—on your desktop. You can change the channels, adjust volume, and fi ne-tune
your picture. In addition, tvtime sports a slick onscreen display and support for a widescreen
display.
The following sections describe how to choose a TV capture card and use tvtime to watch television on your desktop.
Getting a supported TV card
Video4Linux (V4l/V4I2) is the video interface available for Linux. It supports a variety of TV
capture cards and cameras, and is included in some distributions. If your distribution does
not include V4l or s/b V4l2, you can install it on your own, although it is not the easiest task to
accomplish. For more information about obtaining and installing V4l and the appropriate driver,
visit http://linuxtv.org/v4lwiki. The MythTV project offers insight into TV cards for
Linux (www.mythtv.org/wiki/Video_capture_card).
Video4Linux is designed to autodetect your TV capture card and load the proper modules to activate it. Install the TV-card hardware (with the appropriate connection to your TV reception), boot
Linux, and run the tvtime command as described in the next section. You should see video displayed on your tvtime window.
If your card doesn’t appear to be working, here are a few things you can try:
Check that your TV card was properly seated in its slot and detected by Linux by
typing:
$ /sbin/lspci | grep -i video
00:09.0 Multimedia video controller: Brooktree Corporation Bt878
Video Capture (rev 11)
This shows you a list of all valid PCI cards on your computer and displays any containing the word video. If your card doesn’t show up, you probably have a hardware problem. You can investigate more about which driver and settings are being used by paging
through kernel output (type dmesg | less).
Possibly, the card is there but the right card type is not being detected. Improper detection is most likely if you have a card for which there are several revisions, with each
requiring a different driver. If you think your card is not being properly detected, fi nd
your card in the CARDLIST files. Then add the appropriate line to the /etc/modprobe.
conf file. For example, to add a Prolink PV-BT878P, revision 9B card, add the following
line to the file:
options
108
bttv
card=72
Chapter 4: Playing Music and Video
One possible reason that you don’t see any video when you try to run tvtime or other video
applications is that some other person or video application already has the video driver open.
Only one application can use the video driver at a time. Another quirk of Video4Linux is that the
first person to open the device on your system becomes the owner. So you might need to open
the permissions of the driver to allow people other than the first person to use it to access the
Video4Linux driver.
Running tvtime
To start up the tvtime viewer, simply select TVtime Television Viewer from the Sound & Video or
Multimedia menu (depending on your Linux distribution), or type the following from a Terminal
window on your desktop:
$ tvtime &
A video screen should appear in a window on the desktop. Click on the window to see a list of
stations. Right-click to see the onscreen Setup menu.
Here are a few things you can now do with your tvtime onscreen display:
Configure input—Change the video source, choose the television standard (which
defaults to NTSC for the U.S.), and change the resolution of the input.
Set up the picture —Adjust the brightness, contrast, color, and hue.
Adjust the video processing—Control the attempted frame rate, configure the deinterlacer, or add an input filter.
Adjust output—Control the aspect ratio (for 16:9 output, for example), apply a matte,
or set the overscan mode.
Video conferencing with Ekiga
The Ekiga window lets you communicate with other people over a network through video, audio,
and typed messages. Because Ekiga supports the H323 protocol (a standard for multimedia communications), you can use it to communicate with people using other popular videoconferencing
clients, such as Microsoft NetMeeting (not including the whiteboard features), Cu-SeeMe, and
Intel VideoPhone.
To be able to send video, you need a Webcam supported in Linux—you’ll find a few dozen models from which to choose. The following sections show you how to set up your Webcam and use
Ekiga for videoconferencing.
Note
Ekiga was previously known as GnomeMeeting. Both names may be in use on any given Linux platform. 109
Part II: Running a Linux Desktop
Getting a supported Webcam
As with support for TV capture cards, Webcam support is provided through the Video4Linux
interface. To see whether your Webcam is supported, check the /usr/src/linux*/
Documentation directory. A few parallel-port video cameras are described in the video4linux
subdirectory; however, the bulk of the supported cameras are listed in the usb directory.
Tip
After doing some research, I purchased a Logitech QuickCam Pro 3000. The driver for this Webcam was
made for a Philips USB Webcam, but it also works for Webcams from Logitech, Samsung, Creative Labs, and
Askey. The pwc driver needed to use these cameras is available with most popular Linux distributions. Supported USB cameras should be autodetected, so that when you plug them in, the necessary
modules are loaded automatically. Just start up Ekiga (ekiga command), and you should see
video from your Webcam on your Linux desktop.
You can check to see that your Webcam is working properly by typing the following:
# lsmod
pwc
videodev
compat_ioctl32
79588
30208
59072
0
3
2
pwc,tuner,bttv
pwc,bttv
The output from lsmod shows that the pwc driver is loaded and associated with the videodev
module and compat_ioctl32 module.
Opening your firewall for Ekiga
You need to open a variety of ports in your firewall to use Ekiga. In particular, you need to open
TCP port 1720 and TCP port range 30000 to 30010. For UDP ports, you must open ports 5000
through 5007 and ports 5010 through 5013. Examples of exact iptables settings you can use to
open these ports are contained in the Ekiga FAQ (www.ekiga.org/faq).
Running Ekiga
To start Ekiga in most distributions, select Applications ➪ Internet ➪ Ekiga Softphone. To start
Ekiga from a Terminal window, type ekiga &. If it is not installed, you can get the package for
your Linux distribution when you install the GNOME desktop. The first time you run Ekiga, the
Ekiga Configuration Assistant starts, enabling you to enter the following information:
Personal Data —Your first name, last name, e-mail address, comment, and location. You
can also choose whether you want to be listed in the Ekiga ILS directory.
Connection Type —Indicate the speed of your Internet connection (56K modem, ISDN,
DSL/Cable, T1/LAN, or Custom).
After you have entered the data, the Ekiga window opens.
110
Chapter 4: Playing Music and Video
Figure 4-8 shows the Ekiga window with the address book to the right. Select Tools ➪ Address
Book to open your GNOME address book. This is the same address book you use for e-mail and
other address and telephone information in GNOME. Add ILS servers and friends to that window, and then select the user or server you want to contact and click Contact ➪ Call Contact.
FIGURE 4-8
Connect to ILS servers to videoconference with Ekiga.
Use the tabs beneath the video window to adjust your audio levels and video appearance. The
History tab shows a log of your activities.
Watching Movies and Video
Although several fairly high-quality video players are available for Linux, seeing the players
included in formal distributions is rare because of legal complications. The issues surrounding
the playing of encoded DVD movies in Linux might be responsible for keeping players such as
the MPlayer (www.mplayerhq.hu), Ogle (www.dtek.chalmers.se/groups/dvd), and xine
(http://www.xine-project.org/) video players out of the main software repositories for
common Linux distributions.
111
Part II: Running a Linux Desktop
By most accounts, however, you can get and use these video players to play a variety of video
content for personal use as long as you don’t download and use the DeCCS (software for decrypting DVD movies). The following sections provide descriptions of some commonly used video
players.
Watching video with xine
The xine player is an excellent application for playing a variety of video and audio formats. You
can get xine from xine.sourceforge.net or from software repositories associated with your
Linux distribution.
For Fedora, xine-ui is in the main Fedora repository ( yum install xine-ui). However, you
also need to install xine-lib-extras-freeworld from the rpmfusion.org site. To play
commercial DVDs, you also need to get the libdvdcss package (possibly available from the rpm.
livna.org site). For Ubuntu, you can get xine from non-free repositories (sudo apt-get
install xine-ui libxine1-ffmpeg phonon-backend-xine).
You can start the xine player by typing xine& from a Terminal window. Figure 4-9 shows an
example of the xine video player window and controls.
FIGURE 4-9
Play DVDs, video CDs, MP3s, QuickTime, and other video formats with xine.
112
Chapter 4: Playing Music and Video
Note
When you try to install xine, it tells you if you need any additional packages. If your xine player fails to start,
see the “xine tips” section later in this chapter. Xine supports a bunch of video and audio formats, including
MPEG (1, 2, and 4)
QuickTime (see “Xine Tips” if your QuickTime content won’t play)
WMV
DVDs, CDs, and VCDs
Motion JPEG
MPEG audio (MP3)
AC3 and Dolby Digital audio
DTS audio
Commercial movies (libdvdcss package is required)
Ogg Vorbis audio
Xine understands different file formats that represent a combination of audio and video, including .mpg (MPEG program streams), .ts (MPEG transport streams), .mpv (raw MPEG audio/
video streams), .avi (MS AVI format), and .asf (Advanced Streaming format). Although xine
can play Video CDs and DVDs, it can’t play encrypted DVDs or the Video-on-CD hybrid format
(because of legal issues mentioned earlier related to decrypting DVDs).
Using xine
With xine started, right-click in the xine window to see the controls. The quickest way to play
video is to click one of the following buttons, and then click the Play button (right arrow or Play,
depending on the skin you are using):
VCD (for a video CD)
DVD (for a DVD in /dev/dvd)
CDA (for a music CD in /dev/cdaudio)
Next, you can use the Pause/Resume, Stop, Play, Fast Motion, Slow Motion, or Eject buttons to
work with video. You can also use the Previous and Next buttons to step to different tracks. The
controls are very similar to what you would expect on a physical CD or DVD player.
To select individual files, or to put together your own list of content to play, use the Playlist
feature.
113
Part II: Running a Linux Desktop
Creating playlists with xine
Click the Playlist button on the left side of the xine control window. A Playlist Editor appears,
showing the files on your current playlist. You can add and delete content and then save the list
to call on later.
xine content is identified as media resource locators (MRLs). Each MRL is identified as a file,
DVD, or VCD. Files are in the regular file path (/path/file) or preceded by file:/, fifo:/, or
stdin:/. DVDs and VCDs are preceded by dvd and vcd, respectively (for example, vcd://01).
Table 4-2 shows what the xine Playlist Editor buttons do.
TABLE 4-2
Using the xine Playlist Editor
Button
Description
CDA, DVD, or VCD
All content from that CD or DVD is added to the playlist.
Add
See the MRL Browser window. From that window, click File to choose
a file from your Linux file system, and then click Select to add that file
to the Playlist Editor. (MRL stands for Media Resource Locator, which
defines the form in which remote and local content are identified.)
Move Up Selected MRL
Move Down Selected MRL
Move up and down the playlist.
Play
Play the contents of the playlist.
Delete Selected MRL
Remove the current selection.
Delete All Entries
Clear the whole playlist.
Save
Save the playlist to your home directory ($HOME/.xine/playlist).
Load
Read in your (saved) playlist.
xine tips
Getting video and audio to work properly can sometimes be a tricky business. Here are a few
quick tips if you are having trouble getting xine to work correctly (or at all):
xine won’t start. To work best, xine needs an X driver that supports xvid. If no xvid
support exists for your video card in X, xine shuts down immediately when it tries to
open the default Xv driver. If this happens to you, try starting xine with the X11 video
driver (which is slower, but should work) as follows:
$ xine -VXSHM
114
Chapter 4: Playing Music and Video
xine playback is choppy. If playback of files from your hard disk is choppy, you can
check a couple of settings: 32-bit I/O and DMA, features that, if supported by your hard
disk, generally improve hard disk performance. Here’s how to check:
Caution
Improper disk settings can result in destroyed data on your hard disk. Perform this procedure at your own
risk. This procedure is for IDE hard drives only (no SCSI)! Also, be sure to have a current backup and no activity on your hard disk if you change DMA or I/O settings as described in this section. 1. Test the speed of hard disk reads. To test the first IDE drive (/dev/hda), type
# hdparm -t /dev/hda
Timing buffered disk reads: 64 MB in
19.31 seconds = 3.31 MB/sec
2. To see your current DMA and I/O settings, as root user type
# hdparm -c -d /dev/hda
/dev/hda:
I/O support = 0 (default 16-bit)
using_dma
= 0 (off)
3. This result shows that both 32-bit I/O and DMA are off. To turn them on, type
# hdparm -c 1 -d 1 /dev/hda
/dev/hda:
I/O support = 1 (32-bit)
using_dma
= 1 (on)
4. With both settings on, test the disk again:
# hdparm -t /dev/hda
Timing buffered disk reads: 64 MB in
2.2 seconds = 28.83 MB/sec
In this example, buffered disk reads of 64MB went from 19.31 seconds to 2.2 seconds
after changing the parameters described. Playback would be much better now.
xine won’t play particular media. Messages such as no input plug-in mean that
either the file format you are trying to play is not supported or it requires an additional
plug-in (as is the case with playing DVDs). If the message is that xyx may be a broken
file, the file may be a proprietary version of an otherwise supported format. For example, I had a QuickTime video fail that required an SVQ3 codec (which is currently not
supported under Linux), although other QuickTime files played fine.
115
Part II: Running a Linux Desktop
Using Totem movie player
The Totem movie player (www.gnome.org/projects/totem) comes with the GNOME desktop
environment. In most GNOME desktops, Totem can play video in Theora format with Ogg audio.
Totem uses the GStreamer framework (http://gstreamer.freedesktop.org) so it can take
advantage of any video codes that work with GStreamer. In particular, free and fee-based codecs
that you can purchase from www.fluendo.com for playing a variety of commercial audio/video
formats work with Totem.
Totem also supports a xine backend that allows it to play a wide range of video content (in
other words, anything xine supports). To play commercial DVD movies, you need to install the
totem-xine package available (for Fedora, it’s in the rpmfusion.org repository). From that same
repository, you can add the libdvdcss, libdvdnav, and xine-lib-extras-nonfree packages (provided
the software is legal where you live). Run the totem-xine command instead of totem to play
movies.
Besides common controls you would expect with a movie player (play, pause, skip forward, skip
backwards, and so on), Totem lets you create playlists, take a snapshot of the current frame, and
adjust the volume. You can change preferences, which let you add proprietary plug-ins, select
your DVD device, and balance color. Figure 4-10 shows an example of the Totem window.
FIGURE 4-10
Play movies on the GNOME desktop with Totem.
116
Chapter 4: Playing Music and Video
Using a Digital Camera
With the GNOME Volume Manager, featured in most Linux systems with GNOME desktops,
getting images from a digital camera can be as easy in Linux as it is in any desktop operating
system. With most digital cameras that can be connected to a USB port on your computer, simply plugging the camera into a USB port (with the camera set to send and receive) causes the
GNOME Volume Manager to
Immediately ask you if you want to download images from your camera.
Run the gThumb image viewer and browser program so you can look at, manipulate,
and download the contents of your digital camera.
Although GNOME Volume Manager opens your camera’s contents in an image viewer, you can
treat the storage area in your camera much as you would the storage area on a hard disk or a pen
drive. I describe how to use your camera to store other data as well.
Displaying images in gThumb
The GNOME Volume Manager mounts the contents of your USB camera, treating the memory of
your camera as it would any fi le storage device. When I tried it with an Olympus digital camera,
my images were available from the /media/usbdisk/dcim/100olymp directory. Figure 4-11
shows an example of the gthumb-import window displaying the images from a digital camera.
FIGURE 4-11
Download images from digital cameras with the gThumb image viewer.
117
Part II: Running a Linux Desktop
With your camera connected and the gThumb window open, here are some things you can do
with the images on your camera:
Download images —Click a single image or select Edit ➪ Select All to highlight all
images from your digital camera. Then select File ➪ Import Photos. From the Import
Photos window you can select the destination where you want the images to be downloaded. As an alternative, you can download selected images to a folder on the GNOME
desktop.
View Slideshow—Select View ➪ Slide Show. A full-screen slideshow appears on your
display, with the images changing every few seconds. The toolbar that appears at the
top lets you display information about the photo name, date, and size (click Image Info),
go forward and back through the images, and zoom in or out.
Manipulate images —Double-click an image to open it, and select the Image menu.
That menu offers a set of tools for enhancing, resizing, cropping, or otherwise transforming the image. You can also adjust the color balance, hue/saturation, and brightness
contrast.
Assign categories —With an image selected, click the Categories button. The Categories
pop-up window lets you assign the image to a category to help you organize your photos. Assign available categories (such as birthday, family, holidays, or games) or click
New and add your own categories.
After images are downloaded to your computer’s hard disk, you can continue to work with them
using gThumb or use any of a number of tools available for manipulating digital images (GIMP,
KView, and Kuickshow, to name a few).
Note
If your camera saves images to SD or CF cards, you can purchase a USB card reader and view these files from
Linux. Some PCs today come with card readers built in. Using your camera as a storage device
As I noted with my example of an Olympus camera with a USB connector, the GNOME Volume
Manager is capable of detecting that camera after it is connected, and mounting its contents as a
storage device. With the contents of a digital camera mounted, you can use your camera as a USB
mass storage device by
Opening the mounted directory in a folder window and using any file manager features
to work with the images
Changing to the mounted directory from the shell and using commands to copy, move,
rename, or delete digital images
Of course, with your camera mounted as a file system, you are not limited to using it only for
digital images. You can use it to store any kind of files you like, essentially using the camera as
118
Chapter 4: Playing Music and Video
a storage device. The following list is a partial summary of digital cameras that can be used as a
USB storage device:
Casio —Supported models: QV-2400UX, QV-2x00, QV-3x00, QV-4000, and QV-8000
Fuji—FinePix 1300, 1400Zoom, 2300Zoom, 2400Zoom, 2800Zoom, 4200Z, 4500,
4700 Zoom, 4900 Zoom, 6800 Zoom, A101, A201, and S1 Pro
HP—PhotoSmart 315, 318xi, 618, and C912
Konica —KD200Z, KD400Z, and Revio KD300Z
Kyocera—Finecam s3
Leica—Digilux 4.3
Minolta —Dimage 5, Dimage 7, and Dimage X
Nikon—CoolPix 2500, 885, 5000, 775, and 995
Olympus —Brio Zoom D-15, C-100, C-200Z, C-2040, C-220Z, C-2Z, C-3020Z,
C-3040Z, C-4040Zoom, C-700, C-700UZ, C-860L, D-510, D-520Z, E-10, and E-20
Pentax—EI2000, Optio 330, and Optio 430
Sony—DSC-F505, DSC-F505V, DSC-F707, DSC-P1, DSC-P20, DSC-P5, DSC-P71, DSCS30, DSC-S70, DSC-S75, DSC-S85, MVC-CD300, and MVC-FD92
Vivitar —Vivicam 3550
Yashica—Finecam s3
Summary
Getting up and running with digital media can take some doing, but once it’s set up, you can play
most audio and video content available today. This chapter takes you through the steps of setting
up and troubleshooting your sound card and explains how to find software to play music through
that card.
Every desktop Linux distribution comes with one or more ways of playing music from files or
CDs. Popular music players include XMMS and Rhythmbox. Tools for ripping and recording CDs
include grip and command-line utilities such as cdda2wav and cdrecord.
The chapter also covered playing live video from TV cards and Webcams in the sections on
tvtime and Ekiga, respectively. Finally, you saw how to use the xine player to play a variety of
video formats and explored the gThumb application for downloading images from a digital camera. If your computer has a CD burner, use the descriptions in this chapter to create your own
music CDs and CD labels.
119
CH APTER
Working with Words
and Images
W
riting documents has always been a mainstay of desktop computers. Linux systems have steadily made up ground on Mac
and Windows systems when it comes to desktop publishing
applications. Now, nearly every feature you would expect for document
writing, layout, and publishing (in hard copy and on the Web) is available
with Linux systems.
IN THIS CHAPTER
Desktop publishing in Linux
Using word processors
Doing page layout with Scribus
This chapter describes popular Linux office suites (such as OpenOffice.
org and KOffice) for creating documents, presentations, and spreadsheets.
Scribus is an excellent application for doing page layouts. For working with
images, I cover the GNU Image Manipulation Program (The GIMP) and a
few image viewers (such as Gwenview and Eye of GNOME). For working
with vector graphics, I describe the Inkscape vector graphics editor.
Taking documents from
Windows to Linux
For displaying the content you create, several different viewers are available for displaying output in PDF and PostScript formats. Evince viewer
and Adobe Reader are available for PDF. To display PostScript files, there’s
Ghostview.
Using scanners
To publish on the Web, tools exist for everything from writing basic HTML
documents to making Web photo sites to implementing full-blown content
management systems. Software that is packaged for Linux to manage your
own Web sites include MediaWiki (wiki), WordPress (blogging), Drupal
(content management), and Gallery (photo Web site).
121
Working with images
Making Inkscape vector
graphics
Publishing on the Web
Part II: Running a Linux Desktop
Desktop Publishing in Linux
Whether you are writing a letter, a memo, or a book, you usually begin with a word processor. If your computer doesn’t have much power, you might start with a simple text editor or
a less demanding word processor such as AbiWord. Most Linux users, however, begin with
OpenOffice.org Writer.
Using text editors and notepads
Before jumping into more complex word processors, here are a few applications you might want
to try out if you just want to write some text quickly:
GNOME Text Editor (gedit) —From the GNOME desktop, select Applications ➪
Accessories ➪ Text Editor. With the gedit window that opens, you can just type, cut,
and paste, and use arrow keys to move around. In addition to creating text documents,
gedit has spell check and search tools. Highlight mode (select View ➪ Highlight Mode),
causes different parts of the text you are writing like computer code (such as C or Java)
or markup (such as HTML or XML) to be displayed in different colors.
KDE Text Editor (kwrite) —From the KDE desktop, the KWrite application is the
default text editor. KWrite includes many of the same text-editing features in gedit, but
also has bookmark features and support for multiple language input.
Sticky Notes (tomboy) —Different note-taking applications include KNotes (for KDE)
and Tomboy (for GNOME). Tomboy puts a notepad icon in your top panel, from which
you can create and manage notes. Create a new note that includes URLs (click to open
in a browser) and links to other notes. Spelling is checked as you type. Organize notes
in notebooks or do keyword searches to find the note you want. From the desktop,
press Alt+F12 to open the Tomboy menu; press Alt+F11 to open the “Start Here” note.
Figure 5-1 shows the Tomboy search window and an example of a note.
If you want to move text from your plain text files or sticky notes to a more formal document,
you can copy or cut, and then paste the text into one of the word processors described in the
next section.
Using word processors
OpenOffice.org is a powerful open source office suite, available as a download and as part of
many Linux distributions. Based on Sun Microsystem’s StarOffice productivity suite, OpenOffice.
org includes a word processor, spreadsheet program, presentation manager, and other personal
productivity tools. In most cases, OpenOffice.org can be used as a drop-in replacement for
Microsoft Office.
Coming from Windows
If you’ve been using Microsoft Office applications such as Microsoft Word, Excel, and PowerPoint, most files
produced in those applications’ native formats will work in OpenOffice.org. You can find descriptions of supported office formats later in this chapter. 122
Chapter 5: Working with Words and Images
FIGURE 5-1
Create, search, and manage notes with Tomboy.
Using OpenOffice.org Office Suite
Some have called OpenOffice.org the most significant threat to Microsoft’s dominance of the
desktop market. Thousands in business, education, and government have already migrated their
documents, spreadsheets, and presentations from Microsoft Office to OpenOffice.org. Although
cost savings are a big reason for using OpenOffice.org, the freedom of not being locked into proprietary formats and forced upgrades may be even more important in the long run.
Many distributions of Linux include the entire OpenOffice.org suite of desktop applications.
Some include the StarOffice suite in addition to or in lieu of OpenOffice.org.
Because of its size, the entire OpenOffice.org is usually not included on live CD versions of
Linux. However, with an Internet connection, you can usually download and install prepackaged
versions of the OpenOffice.org suite. For example, in Fedora, you can install the openoffice.orgcalc, openoffice.org-draw, openoffice.org-impress, openoffice.org-writer, and openoffice.org-math
packages to get most of the suite.
123
Part II: Running a Linux Desktop
Note
At the time of this writing, the latest version of OpenOffice is 3.1. OpenOffice.org, which shares its source code with StarOffice, consists of the following officeproductivity applications:
Writer —A word-processing application that can work with documents in file formats
from Microsoft Word, StarOffice, and several others. Writer also has a full set of features
for using templates, working with fonts, navigating your documents (including images
and effects), and generating tables of contents.
Calc —A spreadsheet application that lets you incorporate data from Microsoft Excel,
StarOffice, dBase, and several other spreadsheet formats. Some nice features in Calc
enable you to create charts, set up database ranges (to easily sort data in an area of a
spreadsheet), and use the data pilot tool to arrange data in different points of view.
Draw—A drawing application that enables you to create, edit, and align objects; include
textures and colors; and work with layers of objects. It lets you incorporate images, vector graphics, AutoCAD, and a variety of other file formats into your drawings. Then, you
can save your drawing in the OpenOffice.org Drawing or StarDraw formats.
Math—A calculation program that lets you create mathematical formulas.
Impress —A presentation application that includes a variety of slide effects. You can use
Impress to create and save presentations in the Microsoft PowerPoint, StarDraw, and
StarImpress formats.
Unlike other applications that were created to work with Microsoft document and data formats,
OpenOffice.org (although not perfect) does a very good job of opening and saving those files
with few problems. Very basic styles and formatting that open in OpenOffice.org often don’t
look noticeably different from the way they appear in Microsoft Office. In other cases, such
things as bullets, alignment, and indentation can appear quite different in Writer than they do in
Word. Also, some Word features, such as macros and scripting features, may not work at all in
Writer. For the most part, however, the recent versions of the OpenOffice.org suite handle most
Microsoft Office files.
In addition, the OpenOffice.org suite supports the ODF, or Open Document Format, a recently
standardized file format for office documents. ODF is becoming more and more important with
government and scientific organizations that need to be able to access the documents they create
for many years in the future. Using the Microsoft Office formats, for example, locks an organization into paying Microsoft’s fee in order to access the organization’s data. In the future, that fee
could become too high for the organization, or worse yet, Microsoft may choose not to support
files created by older versions of the software. Even today, for example, OpenOffice.org supports
older versions of Microsoft Word than Word does.
Another nice feature of the OpenOffice.org suite is document signing, so that you can provide
better security to shared documents.
124
Chapter 5: Working with Words and Images
To open OpenOffice.org applications, select the Applications menu. In most distributions, there’s
a folder called Office (or something very similar) located on the Applications menu. Figure 5-2
shows a Microsoft Word document open for editing in OpenOffice.org Writer.
FIGURE 5-2
Work with Microsoft Word documents or open document formats in OpenOffice.org Writer.
The controls in Writer are similar to the ones you fi nd in Word. Toolbars include boxes for
changing styles, font types, and font sizes. Buttons let you save and print the file, change the text
alignment, and cut, copy, and paste text. In other words, Writer includes almost everything you
expect in an advanced word processor. In addition, Writer includes a handy PDF button to output a file directly to the PDF format, which is very useful for exchanging documents or placing
data on the Internet.
Other word processors
If your distribution does not include the OpenOffice.org suite, or you just want to try something
else, you have some other choices:
StarOffice —The StarOffice productivity suite contains applications for word processing, spreadsheets, presentation graphics, e-mail, news, charting, and graphics.
125
Part II: Running a Linux Desktop
It was created to run on Linux systems, but it runs in other environments as well. It
can import and export a variety of Microsoft file formats. StarOffice is owned by Sun
Microsystems, which sells it as a commercial product.
AbiWord—The AbiWord word processor (abiword command) is noncommercial
software produced by the AbiSource project (www.abisource.com). In addition to
working with files in its own format (.abw and .zabw), AbiWord can import files in
Microsoft Word and several other formats. Because of its relatively small disk space
needs, AbiWord is included on many live CDs that don’t include OpenOffice.org.
KOffice—The KOffice package contains a set of office productivity applications
designed for the KDE desktop (you must have the KDE desktop environment). The
noncommercial software includes a word processor (KWord), spreadsheet (KSpread),
presentation creator (KPresenter), and diagram-drawing program (KChart). These applications can be run separately or within a KOffice Workspace.
Using StarOffice
The StarOffice suite from Sun Microsystems, Inc. (www.sun.com/software/staroffice) is a
product that runs on Linux, UNIX, and Windows systems. Like its related open source project
OpenOffice.org, StarOffice contains many features that make it compatible with Microsoft Office
applications. In particular, it includes the capability to import Microsoft Word and Excel files.
StarOffice is probably the most complete integrated office suite for Linux. It includes
Writer —StarOffice’s word-processing application. It can import documents from a variety of formats, with special emphasis on Word documents.
Calc —The StarOffice spreadsheet program. You can import spreadsheets from
Microsoft Excel and other popular programs.
Impress —Create presentations with this application.
Draw—A vector-oriented drawing program that includes the capability to create 3D
objects and to use texturing.
Base —Manage your data sources. You can access a variety of database interfaces.
Other tools in StarOffice enable you to create business graphics, edit raster images, and edit
mathematical formulas.
You can download StarOffice for Linux or purchase a boxed set from the StarOffice Web site at
www.sun.com/software/staroffice. Although StarOffice was once available free for down-
load, the current price to download the software is $34.95. (You can also get a volume discount.)
A trial version is available that you can enable (using a license key) if you decide that you like it
enough to purchase the product.
One reason to pay for StarOffice when you can get OpenOffice.org software for free is that you
get a bunch of extras with StarOffice. The extras include a spell-checker, clip art, many more file
126
Chapter 5: Working with Words and Images
converters (although the best ones are for converting Microsoft formats), a database module, and
technical support.
Note
OpenOffice.org is an open source project sponsored by Sun Microsystems. Sun takes the shared source code
used to create OpenOffice.org and combines it with other modules to produce the StarOffice suite. This is
very similar to the model used by Red Hat, Inc. where it sponsors the community-driven Fedora project to
distribute freely, whereas the Red Hat Enterprise Linux product (based on Fedora) is sold through subscriptions. Although OpenOffice.org is free, you can purchase support programs for OpenOffice.org from Sun
Microsystems. Using AbiWord
The AbiWord word processor is a very nice, free word processor from the AbiSource project
(www.abisource.com). If you are starting documents from scratch, AbiWord includes many of
the basic functions you need to create good-quality documents.
With AbiWord, you can select the type of document the file contains, and select to read the file in
the following formats:
AbiWord (.abw)
GZipped AbiWord (.zabw)
Rich Text Format (.rtf)
Microsoft Word (.doc)
UTF8 (.utf8)
Text (.txt)
In addition, AbiWord can import and export ODF, DocBook, and OpenOffice.org files.
AbiWord doesn’t yet import all these file types cleanly. Although the recent version supports
Word styles, sometimes tables, graphics, and other features don’t translate perfectly. If you want
to work with a Word document in AbiWord, open it as AbiWord, correct any font problems, and
save the document in AbiWord format. AbiWord has vastly improved in the past few releases, but
you may still experience problems if you need to exchange files with others who are using Word.
(If you want to keep files in the Word format, you’ll find that OpenOffice.org and StarOffice work
much better, but not perfectly.)
Features recently added to AbiWord such as styles and bullets continue to make it a more useful word-processing tool. It’s not yet competitive with comparable commercial products, but its
developers continue to improve it.
If you do not have a lot of formatting needs, or if you do not care about Microsoft file formats,
AbiWord provides a realistic alternative to larger application suites such as OpenOffice.org. The
127
Part II: Running a Linux Desktop
AbiWord program is small and executes fast, requiring less system resources such as RAM than
OpenOffice.org. The speed and size make it a joy to use.
Using KOffice
The K Desktop Environment, KDE, provides an office suite along with hundreds of other
programs. The KOffice package has the basic applications you would expect in an integrated
office suite: a word processor (KWord), spreadsheet program (KSpread), a presentation creator
(KPresenter), and a diagram-drawing program (KChart). In Fedora and other Linux systems,
installing the koffice-suite package will pull in most of the software you need to use KOffice.
Start by opening the KOffice Workspace (usually from the Office menu or KDE panel menu).
In the workspace window that opens, you can select from the different office applications presented in the left column. Open multiple documents in any of the applications, and then click
Documents in the left column to choose which one to display at the moment.
Figure 5-3 shows the KOffice Workspace displaying a KWord document.
FIGURE 5-3
The KOffice Workspace enables you to work with multiple KDE office applications at once.
128
Chapter 5: Working with Words and Images
You can work with a variety of document, spreadsheet, and image types. Not many commercial
document types are supported yet, so you may need to import documents using other tools
before you can read them into KWord. KSpread, however, can open several different spreadsheet
styles, including Microsoft Excel and GNUmeric spreadsheets.
Transitioning documents from Windows
For casual home users, small-office workers, and large corporation personnel alike, moving from
Microsoft Office to another Office suite is an experience that can range from simple to harrowing.
In general, it is useful to examine this migration in terms of “home use” versus “work use”:
Home users typically have to concern themselves with maintaining access to their own
documents. In a personal context, it might be rare for friends and relatives to send Excel
spreadsheets, Word documents, and PowerPoint presentations. But over the years you
may have accumulated term papers, recipes, letters to the editor, account spreadsheets,
and other such documents that you would like to be able to read and print. In most
cases, OpenOffice.org applications can handle files in Microsoft formats just fine.
At work, in addition to the accumulation of documents over time, there is a more pressing issue: Other people will be sharing Microsoft Office documents with you. So while
home users need to concern themselves most with access to historical documents, in
the workplace you probably need to accommodate new documents as well as your historical information.
Because you can convert your documents, no real challenges exist for migrating simple documents. However, if your Microsoft Office documents include extensive macro, scripting, or
embedded object usage, you may find the conversion is not a very clean one. Make sure you
attempt conversions using the following options before moving on to the last resort of using multiple applications or re-creating documents.
Using Microsoft Office to convert documents enables you to save your files in an alternative format. For example, Word enables you to save your document files (the Word versions anyway) to a
variety of formats, including
HTML (.htm/.html)—HTML is a great format for your information if it is basically text
and you need only a few formatting options and some embedded images and links. The
resulting HTML document will be smaller than the corresponding .doc file.
Rich Text Format (.rtf)—Another wonderful minimalist format (owned by Microsoft
but an open standard nonetheless) that preserves some formatting and graphics, but any
scripting or macro usage is lost.
Plain Text (.txt)—Works if all you need to save is the text of the file. Everything else
is lost.
Word Document (.doc or .docx)—An alternative format that may save some of the
elements you want yet make it more accessible to OpenOffice.org. Using this format may
not resolve all the issues you have with converting those hard-to-change documents, but
it just might do the trick.
129
Part II: Running a Linux Desktop
Note
The default format for Word 2007 files is .docx—Open XML. Other Microsoft Office applications offer similar functionality. PowerPoint can convert presentations to HTML and general image formats such as JPEG and TIFF. Excel can save tab- and
comma-delimited files that are easily importable into a large number of applications.
If you are likely to continue to receive Microsoft Office files and you are concerned about interoperability, here are some options to consider:
Run Word in WINE —Keep a copy of Microsoft Office installed using WINE and the
CodeWeavers CrossOver Office plug-in. CrossOver Office lets you run Microsoft Word
on a Linux desktop. For more information about CrossOver Office, visit CodeWeavers’
Web site at www.codeweavers.com.
Use PDF for sharing—Ask individuals sending you documentation to use a less
vendor-specific format, such as Adobe PDF. Document formatting can be exquisitely
preserved and will be viewable by anyone capable of installing a PDF viewer, which
supports virtually every operating system in widespread use today. Documents posted
on Web sites, for example, should be in PDF and not Microsoft Word format for security
reasons.
Use HTML for forms —For forms that have user-editable fields, scripting, or complex
embedded information, use HTML documents instead. Anyone with a compliant Web
browser will be able to interact with the document, and Microsoft Office applications
universally support saving files into this format.
Use ODF for archiving—If you will want to access your documents a long time from
now, say a few years, consider storing your documents in the Open Document Format,
or ODF. ODF, being open and not encumbered by patents, will make it easier for you
to access your documents in the future. Remember, Microsoft does not support old versions of Word documents today. Furthermore, Word’s latest document format is encumbered by patents, so you may lose the right to access your documents in the future, or
you may need to pay any fee required by the vendor. Use ODF.
Use SQL to save data—If you make use of Access to save data, you may want to move
data stored in Access’s .mdb format into a SQL database. SQL is more scalable, powerful, and virtually platform-independent. Migrating to SQL does preserve your data, but
if your .mdb file will not open in OpenOffice.org, you need to re-create any forms for
accessing the data that you want to continue using.
Caution
Before making any wholesale conversion away from Microsoft Office, make sure the files you need to use will
work as expected with the new office suite you have selected or that you can construct suitable replacements
if needed. Testing things ahead of time enables you to make necessary adjustments without later having to
endure the frustration of finding some important document inaccessible or unusable.
Many organizations start their transition away from Microsoft Office by switching to OpenOffice.org on
Windows. This way you can have both Office and OpenOffice.org running on the same systems as you
130
Chapter 5: Working with Words and Images
gradually work out any conversion issues. After the issues have been resolved, you can migrate to Linux. In
any migration effort, follow good practices such as starting with smaller groups to ensure any glitches or
problems are properly handled. Converting documents
Documents can come to you in many different formats. Search just some of the Linux FTP sites
on the Internet and you will find files in PostScript, DVI, man, PDF, HTML, and TeX. A variety of
graphics formats are also available. Table 5-1 provides a list of common document and graphics
conversion utilities.
TABLE 5-1
Document and Graphics Conversion Utilities
Utility
Converts
To
dos2unix
DOS text file
UNIX (Linux) text file
fax2ps
TIFF facsimile image
files
Compressed PostScript format (The PostScript output is
optimized to send to a printer on a low-speed line. This
format is less efficient for images with a lot of black
or continuous tones, for which tiff2ps might be more
effective.)
fax2tiff
Fax data (Group 3 or
Group 4)
TIFF format (The output is either low-resolution or
medium-resolution TIFF format.)
g32pbm
Group 3 fax file
(either digifax or raw)
Portable bitmap
gif2tiff
GIF (87) file
TIFF format
man2html
Man page
HTML format
pal2rgb
TIFF image (palette
color)
Full-color RGB image
pbm2g3
Portable bitmap
image
Fax file (Group 3)
pdf2dsc
PDF file
PostScript document dsc file (The PostScript file
conforms to Adobe Document Structuring Conventions.
The output enables PostScript readers such as
Ghostview to read the PDF file one page at a time.)
pdf2ps
PDF file
PostScript file (level 2)
pfb2pfa
Type 1 PostScript font
(binary MS-DOS )
ASCII-readable
continued
131
Part II: Running a Linux Desktop
TABLE 5-1
(continued)
Utility
Converts
To
pk2bm
TeX pkfont font file
Bitmap (ASCII file)
ppm2tiff
PPM image file
TIFF format
ps2ascii
PostScript or PDF file
ASCII text
ps2epsi
PostScript file
Encapsulated PostScript (EPSI) (Some word-processing
and graphics programs can read EPSI. Output is often
low quality.)
ps2pdf
PostScript file
Portable Document Format (PDF)
ps2pk
Type 1 PostScript font
TeX pkfont
pstotext
PostScript file
ASCII text (pstotext is similar to ps2ascii but handles
font encoding and kerning better. It doesn’t convert
PDFs.)
ras2tiff
Sun raster file
TIFF format
texi2html
Texinfo file
HTML
tiff2bw
RGB or Palette color
TIFF image
Grayscale TIFF image
tiff2ps
TIFF image
PostScript
unix2dos
UNIX (Linux) text file
DOS text file
Many graphical applications, such as The GIMP, also enable you to save images into several different formats (BMP, JPEG, PNG, TIFF, and so on) through the use of the Save As feature.
Building structured documents
Documentation projects often need to produce documents that are output in a variety of formats. For example, the same text that describes how to use a software program may need to be
output as a printed manual, an HTML page, and a PostScript file. The standards that have been
embraced most recently by the Linux community for creating what are referred to as structured
documents are SGML and XML. The specific document type defi nition (DTD) used to produce
Linux documentation is called DocBook.
Understanding SGML and XML
Standard Generalized Markup Language (SGML) was created to provide a standard way of marking text so that it could be output later in a variety of formats. Because SGML markup is done
with text tags, you can create SGML documents using any plain-text editor. Documents consist of
the text of your document and tags that identify each type of information in the text.
132
Chapter 5: Working with Words and Images
Unlike markup languages such as Groff and TeX, SGML markup is not intended to enforce a particular look when you are creating the document. So, for example, instead of marking a piece of
text as being bold or italic, you would identify it as an address, a paragraph, or a name. Later, a
style sheet would be applied to the document to assign a look and presentation to the tagged text.
HTML is an example of SGML markup.
Because SGML consists of many tags, other projects have cropped up to simplify the production
of documents based on SGML and to better focus the ways in which SGML is used. In particular,
the Extensible Markup Language (XML) was created to offer a manageable subset of SGML that
would be specifically tailored to work well with Web-based publishing.
So far in this description of SGML and XML, I’ve discussed only the frameworks that are used
to produce structured documents. Specific documentation projects need to create and, to some
extent, enforce specific markup definitions for the type of documents they need to produce.
These definitions are referred to as document type definitions (DTDs). For documentation of
Linux itself and other open source projects, DocBook has become the DTD of choice.
Understanding DocBook
DocBook is a DTD that is well suited for producing computer software documents in a variety of
formats. It was originally created by the OASIS Consortium (www.oasis-open.org) and is now
supported by many different commercial and open source tools.
DocBook’s focus is on marking content, instead of indicating a particular look (that is, font type,
size, position, and so on). It includes markup that lets you automate the process of creating indices, figure lists, and tables of contents, to name a few.
DocBook is important to the Linux and open source community because many open source projects use it to produce documentation. The following is a list of organizations that use DocBook to
create the documents that describe their software:
Linux Documentation Project
www.tldp.org/LDP/LDP-Author-Guide
GNOME Documentation
http://developer.gnome.org/projects/gdp/handbook/gdp-handbook
KDE Documentation Project
www.kde.org/documentation
FreeBSD Documentation Project
www.freebsd.org/docproj/
If you want to contribute to any of these documentation projects, refer to the Web sites for each
organization. In all cases, they publish writers’ guides or style guides that describe the DocBook
tags that they support.
133
Part II: Running a Linux Desktop
Creating DocBook documents
You can create the documents in any text editor, using tags that are similar in appearance to
HTML tags (with beginning and end tags appearing between less-than and greater-than signs).
Certain word-processing programs also enable you to create DocBook markup.
The following steps show an example of a simple DocBook XML document produced with a
plain-text editor and output into HTML using tools that are available in many Linux systems.
Install the docbook-utils package (in Fedora and other Linux systems) to get the Docbook utilities you need.
Note
The DocBook DTD is available in both SGML and XML forms. Of the two, the XML form is actively maintained. 1. Create a directory in your home directory to work in and go to that directory. For example, you can type the following from a Terminal window:
$ mkdir $HOME/doctest
$ cd $HOME/doctest
2. Open a text editor to hold your DocBook document. For example, you can type:
$ gedit cardoc.xml
3. Enter the tags and text that you want to appear in your document. Most DocBook documents are either <book> type (large, multichapter documents) or <article> type
(single-chapter documents). To try out a DocBook document, type the following:
<?xml version=””1.0”” ?>
<article>
<title>Choosing a new car</title>
<artheader>
<abstract>
In this article, you will learn how to price,
negotiate for, and purchase an automobile.
</abstract>
</artheader>
<section>
<title>Getting Started</title>
<para>
The first thing you will learn is how to figure out
what you can afford.
</para>
</section>
<section>
<title>The Next Step</title>
134
Chapter 5: Working with Words and Images
<para>
After you know what you can afford, you can begin
your search.
</para>
</section>
</article>
You should notice a few things about this document. The entire document is wrapped
in article tags (<article> </article>). The article title is in title tags (<title> </
title>). The section tags (<section> </section>) indicate sections of text that each
have a title and paragraph. These sections can later be treated separately in the TOC.
4. Save the file and exit from the text editor.
5. Next, you can try translating the document you just created into several different formats. For example, to create HTML output, you can type the following:
$ db2html cardoc.xml
The result is a new directory called cardoc. The result from db2html in the cardoc directory is the creation of a stylesheet-images directory, a t1.html file, and an
x8.html file. (You will also see a lot of scary-looking error messages when you run the
db2html program. For now, you can ignore them. Ideally, the cardoc.xml document
should have a reference to the DocBook DTD.)
To view the HTML file just created, I typed the following:
$ firefox $HOME/doctest/cardoc/t1.html
Figure 5-4 shows an example of the output created from the db2html command. The screen
on the left shows the first page. Click the Next link at the top of the page. The second page that
you see is shown on the right. During conversion to HTML, the db2html command adds Next/
Previous buttons to each page. It also puts the title of each section in a Table of Contents on page
1 and in the browser’s title bar.
From this point, you can continue to add content and different types of tags. If you are writing
documents for a particular project (such as the Linux projects mentioned earlier), you should get
information on the particular tags and other style issues they require.
Converting DocBook documents
The previous example shows how to create a simple DocBook document and convert it to HTML
output. The following utilities convert DocBook to other formats:
docbook2dvi—Device Independent file format
docbook2html—HTML format
docbook2man—Man page format
135
Part II: Running a Linux Desktop
docbook2pdf—Portable Document Format (PDF)
docbook2ps —PostScript format
docbook2rtf—Rich Text Format (RTF)
docbook2texi—GNU TeXinfo format
docbook2txt—Bare text format
If some of the commands just described are not installed on your system from the docbook-utils
package, try installing the docbook-utils-pdf package.
FIGURE 5-4
The DocBook file is output in HTML with the db2html command.
Doing page layout with Scribus
For brochures, magazines, newsletters, catalogs, and other materials that need more sophisticated
layouts than you can do with a word processor, you need a page layout application. The most
popular open source page layout application is called Scribus (www.scribus.net).
Although Scribus is intended primarily to produce print publications, you can also use Scribus
to produce what are referred to as intelligent PDFs. With PDFs you create with Scribus, you can
include JavaScript and other features to let others interact with your text (such as by fi lling in
forms).
136
Chapter 5: Working with Words and Images
Scribus is packaged with several different Linux distributions. In Fedora and other distributions,
install the scribus package. The package comes with templates and samples you can use to start
your own projects with (usually in /usr/share/scribus/).
With the scribus package installed, you can start Scribus from the GNOME desktop by selecting
Applications ➪ Office ➪ Scribus. Figure 5-5 shows an example of a brochure layout in Scribus.
FIGURE 5-5
Produce professional-quality layouts with Scribus.
After Scribus is running on your desktop, you can start by selecting a template (select File ➪ New
from Template). Choose a brochure, newsletter, presentation, or text-based layout to begin with.
Here are some steps you can take on the sample layout to get used to using Scribus:
Edit text—Right-click in a text box and select Edit text. In the Story Editor window
that appears, change the text, point size, scaling width/height of the text, font, text
alignment, color, and other attributes. In that window, select File ➪ Update Text Frame
and Exit to save the changes.
Add images —Right-click an image box and select Get Image. Browse your folders for
the image you want. If the image doesn’t fit, right-click the image and select Edit Image
to open the image in The GIMP to resize or otherwise modify it. Right-click the image
and select Adjust Frame to Image to resize the frame to fit your image.
137
Part II: Running a Linux Desktop
Change existing frames —Right-click in any frame, and then select Is Locked so the
check box disappears. After the frame is unlocked, you can do a lot to change it. Grab
a corner or side of the frame to resize it. Right-click it and select Sample Text (to fill it
with text), or Cut, Copy, or Delete. Grab the frame with your mouse to drag and drop it
somewhere else. If you are done changing the frame, select Is Locked to lock the frame
in place again.
Change document attributes —Select File ➪ Document Setup. From the Document
Setup window that appears, you can change the size and orientation of the page, as well
as the type of page (single, double-sided, three-fold, or four-fold). Likewise, you can
change all margins. Select topics from the left to add information such as author, title,
and keywords. You can also change fonts and hyphenation or add a table of contents.
Drawing—You can do freehand drawing anywhere on your Scribus layout. Select the
Insert Freehand Line button (pencil icon) or Insert Bezier Curve button (ink pen icon),
and then use the mouse to draw lines on the page. You can also draw boxes, polygons, or lines using buttons on the toolbar. Right-click the drawn element and select
Properties. From the Properties window you can adjust the shape, line, and colors of the
drawing.
When you are done creating your layout, you can print it by selecting File ➪ Print. The Preflight
Verifier window appears within information about the printed document. At the top-right corner
of the page, you can select to change PostScript to one of several PDF versions. You can choose
now to direct the output to the printer or have it go to a PDF or PostScript file.
Working with Graphics
Tools for creating and manipulating graphics are becoming both more plentiful and more powerful in Linux systems as a whole. Leading the list is the GNU Image Manipulation Program
(GIMP). GIMP enables you to compose and author images as well as retouch photographs. To
work with vector graphics (where geometric shapes represent images, instead of just dots),
Inkscape is a popular open source application. Other tools for creating graphics include ksnapshot (a program for taking screen captures) and kpaint (for working with bitmap images).
Manipulating images with The GIMP
The GIMP is a free software program for manipulating photographs and graphical images. To
create images with GIMP, you can either import a drawing, photograph, or 3D image, or you
can create one from scratch. You can start GIMP from the system menu by selecting Graphics ➪
GIMP Image Editor or by typing gimp& from a Terminal window.
Figure 5-6 shows an example of The GIMP.
138
Chapter 5: Working with Words and Images
FIGURE 5-6
The GIMP is a powerful tool for graphic manipulation.
In many ways, GIMP is similar to Adobe Photoshop. Some people feel that GIMP’s scripting
features are comparable to or even better than Actions in Adobe Photoshop. One capability that
GIMP lacks, however, is native support for CMYK (cyan-magenta-yellow-black) separations. If
CMYK is not critical for your graphics needs, you will probably find GIMP to be just as powerful
and flexible as Photoshop in many ways.
Tip
See www.blackfiveservices.co.uk/separate.shtml for a CMYK plug-in for GIMP. This plug-in provides only rudimentary support for CMYK, according to its documentation. Even so, that may be enough for
your needs. With an image open, you can select tools from the GIMP window to work on the image. When
you select a tool, notice that options for that tool appear in tabs below. Figure 5-7 shows the
GIMP tools, along with callouts indicating what the tools do.
139
Part II: Running a Linux Desktop
FIGURE 5-7
Use the GIMP window to choose tools for changing images.
The following list describes the tools shown in Figure 5-7:
140
Path tool—Use the path tool to create special types of rectangle, elliptical, or free-form
shapes. Try creating a rectangle, with the final point ending on the first. Hold the Ctrl
key and click on the first point to close the box. With the shape complete, select Stroke
Path to define the shape with a solid or pattern line.
Color picker —Use the color picker to select any color from your image as your foreground or background color.
Magnify—Select this tool, and then click and drag to choose an area of your image.
That area of your image will fill the screen. Or just click to zoom in or Ctrl+click to
zoom out on the image.
Measure —With measure selected, click and drag your mouse from one point to
another. The status bar shows the distance (in pixels), angle, width, and height you just
measured.
Select tools —Use the select tools to select different areas of your image. You can select
a rectangle, ellipse, hand-drawn area, a region based on color, an edge of an element,
or an area based on foreground objects. Once an area is selected, you can cut, copy, fill,
paste, or do other things with it.
Text tool—Select the text tool, click in the image, and begin typing to add text to that
point in the image. From the options discussed next, you can change the font, size,
color, justification, and other options relating to the text.
Paint tools —Use these tools to add lines and colors to your image. The bucket tool fills
a selected area or similar color with the current foreground color, background color,
or pattern. The gradient tool lets you shade an area from one color to another. Use the
pencil, brush, ink, or airbrush tools to draw lines. Paint over one part of an image from
Chapter 5: Working with Words and Images
a sample taken from another part of an image or from a selected pattern using the clone
tool. Use blur, smudge, and dodge/burn tools to blur and soften selected areas of the
image. Erase (to transparency or to the layer below) using the erase tool.
Foreground & Background Colors —The two color boxes show the foreground (upper
right) and background (lower left) colors. Click to open a dialog to change either of
those colors. Click the swap arrows to switch the two colors.
You can also access the tools just described from the Tools menu. Select the Dialogs menu to see
a list of dialog boxes you can display to work with layers, channels, paths, patterns, fonts, and
other elements you might need to work on your image.
GIMP also supports a variety of plug-ins. For example, the cartoon plug-in gives an image a cartoon effect, red-eye-removal lets you correct red eye, and cubism lets you convert an image to
randomly floating square blobs. Many of these plug-ins are available from the Filters menu
in GIMP.
Tip
If you make a mistake, select Edit ➪ Undo from the GIMP menu, or press the Ctrl+Z key combination to undo
the most recent change. You can do multiple undos in this way as well. Creating vector graphic images with Inkscape
When you need to have maximum flexibility working with graphics and text, a vector graphic
editor can let you deal with geometric elements (such as lines, curves, and boxes) instead of dots
(as you do with image editors). As a result, you usually get cleaner edges on your fonts and graphics and the ability to bend and shape those elements as you like. Inkscape (www.inkscape.org)
is a popular vector graphics editor that is available with most Linux systems.
With Inkscape, you have an application with features similar to those you would find in commercial products such as Adobe Illustrator and CorelDraw. Inkscape creates images in Scalable
Vector Graphics (SVG) format—an open standard from the W3C (www.w3.org/Graphics/SVG).
Thousands of SVG graphics and clipart elements are available in the public domain or under
Creative Commons licenses.
If you are using a Linux distribution such as Fedora, install the inkscape package to get Inkscape.
I recommend you also install the openclipart package, which gives you access to hundreds of
clipart items to use in your Inkscape creations. With the inkscape and openclipart packages
installed, select Applications ➪ Graphics ➪ Inkscape Vector Graphics Editor to open an Inkscape
window. Figure 5-8 shows an example of the Inkscape window.
141
Part II: Running a Linux Desktop
FIGURE 5-8
Inkscape enables you to manipulate graphics and text.
You can start by opening one of the dozens of templates available with Inkscape (select File ➪
New and choose from web banner, business card, DVD cover, or other templates). With the new
window open, here are some ways to get started with Inkscape:
142
Add text—Select the text icon from the toolbar on the left, click on the page, and begin
typing. After typing some text, choose the Select icon and click on the text. Use the side
or corner arrows to resize the text. Click the text again and use the arrows around the
text to slant or rotate the text. Grab the text box with the mouse and drag it where you
want it to go. With the text still selected, select Text ➪ Text and Font to see a window
where you can choose the font family, font style, layout, and line spacing.
Add graphical elements —From the toolbar on the left, select the rectangle, 3D box,
circles, start, or swirls button. Move the mouse cursor to the place where you want the
new element, click and hold the mouse on that place, and move the mouse so the new
Chapter 5: Working with Words and Images
element grows to the size you want. Click the color palette on the bottom of the screen
to change the element’s color.
Add clipart—If you added the openclipart package, you can import clipart from there.
Select File ➪ Import and browse the /usr/share/clipart/openclipart folder.
Choose from hundreds of SVG clipart images in categories such as food, geography,
office, recreation, tools, and transportation. After the image imports, use your mouse to
select and shape it as you did with the text.
Group objects —Select a text or clipart object, and then hold the Shift key and select
other objects. When all the objects you want in the group are selected, choose Object ➪
Group. You can now move all the grouped objects around together as one unit.
Use layers —Click the Layer button to add, delete, raise, or lower layers.
When you are done creating your vector graphic, you can print that graphic by selecting File ➪
Print. From the Print window, you can select to have the image in vector or bitmap form from the
Rendering tab.
Acquiring screen captures
Several screen capture tools are available with Linux systems. Using The GIMP program just
described, you can take a screen shot by selecting File ➪ Acquire ➪ Screenshot. On GNOME
desktops, select Applications ➪ Accessories ➪ Take Screenshot. From most KDE desktops, select
Graphics ➪ KSnapshot.
Using the example of the GNOME Take Screenshot tool, a dialog box appears that lets you choose
to grab the whole desktop or grab the current window. You can set a delay of several seconds, if
you need to set up something, such as opening a menu, before you take the shot. Then click Take
Screenshot. Figure 5-9 shows an example of the Take Screenshot window after it has captured an
image of the current desktop.
FIGURE 5-9
Grab a picture of your desktop or selected window with the Take Screenshot utility.
143
Part II: Running a Linux Desktop
Select a folder to hold the screen shot and type a name for the image. Then click Save to save it.
Viewing images
If you want to browse through a folder of images and possibly make some simple changes, both
KDE and GNOME desktops offer some easy-to-use image viewers. When you open an image from
a KDE folder, the Gwenview image viewer opens that image. In GNOME, Eye of GNOME is the
default image viewer.
Gwenview does a good job with the basics for managing images if, for example, you are working
with a folder of images downloaded from a digital camera. Select the Preview button to preview
thumbnails of images in the folder. Zoom in or zoom out to get a better look at each image. If the
image is on its side, you can rotate left or right. From the Edit menu, you can also flip, resize,
crop, or create a mirror image of the current image. Figure 5-10 shows the Gwenview window.
FIGURE 5-10
Go through your images in KDE with Gwenview.
144
Chapter 5: Working with Words and Images
Double-click an image file in a folder window (or right-click on the image and select Open with
Image Viewer) to open that image in Eye of GNOME. The Eye of GNOME image viewer doesn’t
offer as many features for cutting and resizing as does Gwenview. However, you can still rotate
and save those changes, if necessary. Select Edit ➪ Properties to view information about the
height, width, size, type, and folder for each image. Under the View menu, you can also view Eye
of GNOME in Full Screen mode or as a Slideshow.
With Image Collection selected from the View menu (or by pressing the F9 function key), you can
step through thumbnails of each image in the current folder. Figure 5-11 shows an example of
Eye of GNOME with the Image Collection view selected (notice that the name in the window title
bar changes to that of the selected image).
FIGURE 5-11
Step through a folder of images and do simple modifications with Eye of GNOME.
Displaying PDF and PostScript Documents
Document publishing can be very paper-intensive if you send a word-processing document to the
printer each time you want to make a change to the document’s content or formatting. To save
paper and time spent running around, use a print preview program to display your document on
145
Part II: Running a Linux Desktop
the screen as it will appear on the printed page. Likewise, these viewers can be useful to display
documents you want to read that are in a read-only format (such as many PDF or PostScript files).
The following sections describe the ghostscript command for displaying PostScript fi les and
the Adobe Reader for displaying Portable Document Format (PDF) files.
Using the ghostscript and gv commands
To display PostScript or PDF documents in Linux, you can use the ghostscript command. It is
a fairly crude interface, intended to let you step through documents and interpret them one line
at a time.
You can display any PS or PDF file you happen to have on your computer. For example, if the
samba package is installed, you can type the following to display a PDF file (otherwise, you can
find your own PDF file to try it):
$ ghostscript -sDEVICE=x11 /usr/share/doc/samba-doc*/Samba-HOWTO.pdf
>>showpage, press <return> to continue<<
At the prompt, press Enter (or Return) to go through the file one page at a time. When you have
reached the end of the document, you can type the name of another PostScript or PDF fi le and
page through that file. When you are done, type quit.
You may also see warning or error messages if ghostscript detects problems in the PostScript or
PDF file. In most cases, if you can see the document’s contents, you can ignore the messages.
The evince command can also be used to display PostScript or PDF files. Simply start the
evince command with the ps or pdf file as an argument:
$ evince /usr/share/doc/gutenprint-doc/gutenprint-users-manual.pdf
Using Adobe Reader
The Portable Document Format (PDF) provides a way to store documents as they would appear in
print. With Adobe Reader, you can view PDF files in a very friendly way. Adobe Reader makes it easy
to move around within a PDF file. A PDF file may include hyperlinks, a table of contents, graphics,
and a variety of type fonts. Recent versions even enable you to fill in forms or mark up content.
You can get Adobe Reader for Linux from the Adobe Web site (www.adobe.com/products/
acrobat/readstep2.html). If you have need for any special forms or editing functions on PDF
documents, you should get this reader, as opposed to using an open source PDF viewer such as
Evince.
After you install Adobe Reader, select Applications ➪ Office ➪ Adobe Reader to start it. Or you
can type the following command to start the program:
$ acroread
146
Chapter 5: Working with Words and Images
Choose File ➪ Open, and then select the name of a PDF file you want to display. Figure 5-12
shows an example of a PDF file viewed in Adobe Reader.
FIGURE 5-12
Display PDF files in the Adobe Reader.
Adobe Acrobat has a lot of nice features. For example, you can display a list of bookmarks alongside the document and click a bookmark to take you to a particular page. You can also display
thumbnails of the pages to quickly scroll through and select a page.
Using the menu bar or buttons, you can page through the PDF document, zoom in and out, go
to the beginning or end of the document, and display different views of the document (as well as
display bookmarks and page thumbnails). To print a copy, choose File ➪ Print.
Other document-viewing programs include Evince and KghostView, a KDE version of the gv, or
GhostView, program.
147
Part II: Running a Linux Desktop
Using Scanners with SANE
Software for using a scanner with Linux is being driven by an effort called Scanner Access Now
Easy (SANE). This effort hopes to standardize how device drivers for equipment such as scanners, digital still cameras, and digital video cameras are created, as well as help simplify the
interfaces for applications that use those devices. SANE is now included with a variety of Linux
distributions.
Someone wanting to use Linux as a publishing platform is generally interested in two issues
about scanners: which scanners are supported and which applications are available to use the
scanners. For older scanners, SCSI scanners are generally better supported than parallel scanners.
These days, USB scanners are the most popular and best supported scanners.
Because of the ongoing development effort, new scanners are being supported all the time. You
can find a current list of supported scanners at www.sane-project.org/sane-supporteddevices.html, with USB scanners listed at www.buzzard.me.uk/jonathan/scanners-usb.
html. Epson scanners are often recommended for Linux.
As for scanning applications, some of the more widely used tools available today include
xsane —An X-based graphical front end for SANE scanners, xsane can work as a
GIMP plug-in or as a separate application (from most KDE desktops, select Graphics ➪
Scanning). It supports 8-bit output in JPG, TIFF, PNG, PostScript, and PNM formats.
Experimental 16-bit support exists for PNM (ASCII), PNG, and raw formats.
scanimage —Use this command-line interface to obtain scanned images. The command
acquires the scanned image, and then directs the data to standard output (so you can
send it to a file or pipe it to another program). It supports the same formats as xsane.
In addition to these applications, the OpenOffice.org suite supports SANE.
Because of the architecture of SANE scanner drivers, it is possible to separate scanner drivers
from scanner applications. This makes it possible to share scanners across a network.
Web Publishing
The final destination for your documents and images doesn’t have to be paper. Publishing on the
Web has become commonplace in the past few years. If you want to control your own Web site
for publishing your thoughts and pictures to the world, Linux systems include many software
packages to help you do that.
If you are creating simple HTML Web pages, you can build basic HTML documents using word
processors such as OpenOffice.org Writer or SeaMonkey composer. If you are really brave, you
might even try a plain text editor and add the HTML markup manually. For more complex Web
sites, however, there are lots of options.
148
Chapter 5: Working with Words and Images
The following list describes open source software packages that can be used for publishing on the
Web. All the software packages described here are packaged for Fedora and Ubuntu, as well as
other Linux distributions.
Caution
Web servers are constant targets for bad guys on the Internet. If you decide to try some of the software
described next, be sure to check with the project site to make sure you get the latest security patches and
updates. Image galleries —The Gallery project (http://gallery.menalto.com) lets you create online photo albums. Gallery makes it easy for you to organize photos into albums,
edit your images, tag them, and present them using a variety of themes and colors. In
Fedora, install the gallery2 package.
Blogging software —The popular WordPress site (http://wordpress.com) uses its
own open source WordPress software (http://wordpress.org) to offer blogging
accounts to others. If you want your own blogging site, you can either sign up for a
free account on WordPress.com or you can use that software to set up your own blogging site. Install the wordpress package in Fedora or Ubuntu to get started. Figure 5-13
shows an example of a blog that relies on WordPress software running from WordPress.
com.
FIGURE 5-13
With WordPress, you create your own blogging site.
149
Part II: Running a Linux Desktop
Wiki software —Wikis let you gather and organize large amounts of information
online. Instead of having to write everything on a subject by yourself, by creating a wiki you can allow people to sign up for accounts and add and correct articles on your site. Wiki software available to the open source community includes
MediaWiki (install the mediawiki package in Fedora or Ubuntu) and MoinMoin
(install moin in Fedora or python-moinmoin in Ubuntu). See the MediaWiki.org
and MoinMoin.wikiwikiweb.de sites, respectively, for further information.
Content management system (CMS) software —For some Web sites, you might want
to offer a range of information. For an active online community you may want to offer
articles, forums, online polls, downloads, and other diverse activities. Content management systems (CMS) such as Drupal (install the drupal package) offer a platform for
creating and managing those types of activities online. Other open source CMS systems
include Plone (http://plone.org) and Zope (www.zope.org). Both Plone and Zope
also are packaged for Fedora, Ubuntu, and other Linux systems (plone, zope, or zope3
packages, respectively).
Before installing and making any of these types of Web sites available on the Internet, you should
keep in mind that it will take some commitment to stay current with software updates and keep
the site maintained. But if you are willing to make that commitment, the open source projects
just mentioned can help you produce high-quality sites for publishing on the Internet.
Summary
Tools available in Linux for publishing words and images on paper and the Web can compete
with similar software available commercially. For producing hardcopy documents, you have
word processors such as OpenOffice.org Writer, AbiWord and StarOffice. To lay out pages, there
is Scribus. To work with photos you have The GIMP, or for vector graphics you can use Inkscape.
Software for publishing content on the Internet is also available now in almost any category you
can think of. For blogging, you can create a WordPress site. For image galleries, there is Gallery
software. Content management systems include Drupal, Plone, and Zope. To create wikis, there
are MediaWiki and Moin Moin.
150
CH APTER
E-Mailing and
Web Browsing
W
eb browsers and e-mail clients available with Linux have seen
incredible improvements over the past few years. Their features
rival those you can get on the most popular Windows clients.
Security issues with Outlook mail clients and Internet Explorer browsers
have many people taking a fresh look at Linux and open source software for
accessing the Internet.
This chapter describes some of the best Web, e-mail, chat, and related tools
for accessing the Internet that you can get with the Linux distributions
described with this book. If you have never worked with the Internet from
Linux, or haven’t for a few years, you might be blown away by what’s available today.
Using E-Mail
Any Linux desktop system worth the name desktop system will have at least
one or two applications for sending, receiving, and working with your personal e-mail. Many users believe that superior tools for managing spam and
generally better security mechanisms make Linux a great desktop platform
for managing your e-mail.
Choosing an e-mail client
Choices of e-mail clients range from those that look like clones of popular
Windows e-mail programs to those that run in plain text from the shell.
151
IN THIS CHAPTER
Reading e-mail with
Thunderbird Mail
Managing e-mail in Evolution
Using text-based e-mail clients
Browsing the Web with Firefox
Browsing with SeaMonkey
Using text-based Web browsers
Part II: Running a Linux Desktop
Interfaces vary widely with the e-mail clients that are available with Linux. Here are some different ways in which e-mail clients are integrated into Linux:
Standalone —These days, most e-mail clients are standalone applications in their
own right. The primary standalone e-mail application is Mozilla Thunderbird 2 (www.
mozilla.com/en-US/thunderbird/), although you can find 50 or more choices on
Linux such as Sylpheed (sylpheed.sraoss.jp/en/).
With a Web browser —Many popular Web browsers include an integrated e-mail client. By configuring the e-mail client that comes with your browser, you are ready to
launch a new e-mail message by clicking on a mailto link from a browser window. You
can also easily open the e-mail client from your Web browser’s toolbar.
Feature-rich Mozilla SeaMonkey Mail (www.seamonkey-project.org) is a popular e-mail client for Linux to come with a Web browser. (At the time of this writing, Seamonkey 2.0 was in beta test, incorporating many new features from Firefox.)
Netscape Communicator (http://netscape.aol.com) is another Web browser that
has its own mail client (although it has been dropped from many Linux distributions
because of licensing issues). Most users, however, use the separated clients Thunderbird
for e-mail and Firefox for Web browsing.
The Opera Web browser (www.opera.com) also includes an integrated e-mail client. It
is perhaps the most elegant of the e-mail clients that comes with a Web browser. Opera
is available for personal use without cost.
With groupware —Some e-mail clients have been bundled with other personal productivity applications to form integrated groupware applications. The most popular of these
in Linux is Evolution, which is bundled as the default e-mail client with several different Linux distributions. Besides e-mail, Evolution includes a calendar, task list, and
contacts directory. Today the GNOME project manages Evolution (http://projects.
gnome.org/evolution/).
From the shell—Many old school UNIX and Linux power users prefer to use an e-mail
client that runs without a graphical desktop. Although not always intuitive to use,
text-based e-mail readers run much faster than their graphical counterparts. The mail
command dates back to the earliest UNIX systems (where there was no GUI). The mutt
e-mail client is popular among power users because of its capability to manage large
mailboxes, message threads, and attachments efficiently.
Features inside each e-mail client can help you distinguish between them. While most e-mail
clients let you get, compose, send, and manage e-mail messages, here are a few extra features you
might look for:
152
Filters and spam catchers —Thunderbird, Evolution, and other mail clients offer message filters and junk mail detectors. You use filters to set up rules to sort incoming mail
into different folders, delete certain messages, or otherwise respond to incoming mail.
Some e-mail clients also have features that try to automatically detect when junk mail
has arrived. If you get a lot of e-mail, these can be invaluable tools for managing your
Chapter 6: E-Mailing and Web Browsing
e-mail. (Select the Tools or Message menu from your e-mail client, and then look for a
Filters or Junk Mail selection.)
Security features —E-mail clients such as Thunderbird (www.mozilla.com/en-US/
thunderbird/) enable you to use message encryption, digital signatures, and other
security features to keep your e-mail private.
Sorting, searching, marking, and displaying—Again, if you are managing lots of
e-mail messages at once (some people manage thousands of messages), the capability to
refer back to the one you want can be critical. Some clients let you sort by date, sender,
priority, subject, and other items. You might be able to search message contents for text
or choose how to display the messages (such as without showing attachments or with
source code shown).
Mail composition tools —Most recent mail composers let you include HTML in your
messages, which enables you to add images, links, tables, colors, font changes, and
other visual enhancements to your messages. One warning: Some mailing lists don’t
like you to send messages in HTML because some people still use plain-text readers that
aren’t HTML-aware.
Multiple accounts —Many e-mail clients enable you to configure multiple e-mail
accounts to be served by your e-mail reader. Early plain-text e-mail clients pointed to
only one mailbox at a time.
Performance —Some lightweight graphical e-mail clients give you much better performance than others. In particular, the Sylpheed e-mail client (which comes with Damn
Small Linux) was created to use a minimal amount of memory and processing power,
yet still provide a graphical interface. E-mail clients that run from the keyboard, in particular the mutt e-mail client, will run much faster than, say, most full-blown graphical
e-mail clients such as Evolution.
Coming from Windows
For most home and small business users, Evolution and the standalone Thunderbird are often available from
a Linux desktop and will give you much the same experience you would expect from Microsoft Windows mail
clients, such as Outlook Express. If you are using the KDE desktop, you can use the KDE groupware client
Kontact, which includes KMail (the e-mail client), along with a contact manager, calendar, to-do list application, and more. Even though the Linux distribution you are using may have only one or two of the e-mail clients
described in this section, you can always add a client that interests you.
Getting here from Windows
To understand how to transition your e-mail client from Windows to Linux, you need to know
a bit about your current e-mail setup. Whether you are using Outlook, Outlook Express, or any
other e-mail client running in Windows, here are some things you should know:
Server type —Is your e-mail server a POP3 or IMAP server? If it is an IMAP server, all
your messages are being stored on the server. Transitioning to a different e-mail server
might simply mean pointing the new e-mail client at your server and continuing to use
153
Part II: Running a Linux Desktop
e-mail as you always have. If it is a POP3 server, your messages have probably been
downloaded to your local client. To keep your old messages, you need to somehow
bring your current mail folders over to your new client, which is a potentially tricky
undertaking. (When you sign up for your e-mail account or Internet service, the people
providing the service should tell you whether the service is POP3 or IMAP.)
Address book—You need to export your current address book to a format that can be
read by your new e-mail client, and import it to your new e-mail client. For example,
from the Contacts section of the Evolution e-mail client, you can import address books
and/or mailboxes in Berkeley mbox, Evolution, Outlook, Mozilla CVS or tab formats,
vCard format, LDAP ldif format, or vCalendar (vcf) or iCalendar (ics) formats.
To transition to Linux, you may want to add a cross-platform e-mail client such as Thunderbird
to your Windows systems so that you can get at your resources (addresses, stored mail messages,
and so on) during the transition to your new mail client. When you eventually move off Windows
altogether, Thunderbird for Linux will work almost exactly as it does in Windows.
If your current e-mail server is a Microsoft Exchange server (2000, 2003, or 2007), you need to
get the Evolution Plug-in for Microsoft Exchange to allow Evolution to access information from
that server. For Fedora, you need to install the evolution-exchange package then identify your
mail server as Microsoft Exchange when you create a new e-mail account.
Getting started with e-mail
Most Linux systems include an e-mail client that you can select on a panel or by left-clicking
on the desktop to bring up a menu. Look for an envelope icon on a panel or a submenu labeled
something like Internet. If you want a graphical e-mail reader, you can start by looking for one of
these clients: Evolution, Mozilla SeaMonkey Mail, Thunderbird, and KMail.
After you have launched your chosen e-mail client, you need some information to use it. When
you first start most graphical e-mail clients, a configuration screen of some sort asks you to set up
an account. Here’s how to begin setting up a mail account for the e-mail clients described in this
chapter:
154
Evolution—The Evolution Setup Assistant starts the first time each user opens
Evolution. After that, select Edit ➪ Preferences from the main Evolution window. Then
choose Mail Accounts and double-click the mail account you want to modify or select
Add to add a new account.
Mozilla SeaMonkey Mail—An account wizard starts the first time you open
SeaMonkey Mail. After that, you can set up or modify accounts from the SeaMonkey
Mail window by clicking Edit ➪ Preferences ➪ Mail & Newsgroups.
Thunderbird—This is the next-generation mail client from the people who bring you
Firefox and Mozilla (mozilla.org). Now at version 2.0, and with more advanced security features, you might consider Thunderbird. Not only is it faster than SeaMonkey
Mail and Evolution, Thunderbird is an ideal complement to Mozilla Firefox Web
Chapter 6: E-Mailing and Web Browsing
browser. Firefox and Thunderbird run on a number of operating systems, including
Linux, Solaris, Microsoft Windows, and Mac OS X.
Sylpheed—The Sylpheed e-mail client (http://sylpheed.sraoss.jp/en/) is used
on some mini-desktop distributions, such as Damn Small Linux. Sylpheed is particularly fast and efficient, but still has support for powerful features such as filtering,
search, junk mail control, and digital signing and encryption (using GnuPG).
KMail—From the KMail window, select Settings ➪ Configure KMail. From the
Configure KMail window that appears, select the Network icon. From there, you can
click Sending or Receiving tabs to configure your outgoing and incoming e-mail settings. KMail is developed by the KDE project (www.kde.org).
Initial configuration for text-based e-mail clients is described later in this chapter.
Information you will need to configure your e-mail accounts is much the same for the different
graphical e-mail clients covered in this chapter:
Name —Enter your name as you want it to appear on outgoing messages.
Email Address —Enter the e-mail address from which you are sending. You may also
be offered the opportunity to supply a different reply-to address, if you want replies to
go to an address other than the one you sent from.
Mail server type —Most mail servers are POP3- or IMAP-type servers. (Configuring
those types of servers is discussed in Chapter 14.)
Server names —Enter the names of the servers you will use to send outgoing e-mail
and receive incoming e-mail. The names can be fully qualified domain names (such as
mail.linuxtoys.net) or IP addresses. In many cases, the incoming and outgoing
mail servers are the same.
Username —Enter the name by which the mail server knows you. For example, if your
e-mail address is chris@linuxtoys.net, your username to the mail.linuxtoys.net
server might simply be chris. However, it’s possible that your username on the mail
server might be different, so you should find that out from the administrator of your
mail server.
Account title —Enter the name that you want to call this mail account so you can refer
to it later in your list of mail and newsgroup accounts.
Authentication type —Indicate the type of authentication to use when you get your
mail (sometimes authentication is needed to send your mail as well). Password authentication is normal. Usually you can have your e-mail client remember your password if
you want. Typically, you are prompted for the password the first time you connect to get
your mail.
That is most of the basic information you need to start getting and sending e-mail. However, you
may want to further tune how your e-mail client interacts when it gets and sends e-mail.
155
Part II: Running a Linux Desktop
Tuning up e-mail
With your basic settings done, you should be ready to start sending and receiving your e-mail.
Before you do, however, you should consider some of the other settings that can affect how you
use mail:
Automatically check messages —You can set your e-mail client to automatically check
and download your messages from the mail server every few minutes.
Leave messages on server —If you turn this feature on for a POP3 server, your e-mail
messages remain on the server after you have downloaded them to your e-mail client.
People sometimes turn this feature on if they want to check their mail messages while
they are on the road yet want to download their messages from their permanent desktop
computer later.
Certificates —Your e-mail client may provide a way of using certificates to sign your
outgoing messages. For example, Evolution, Thunderbird, and SeaMonkey Mail all have
Security tabs for your mail settings that let you enter information about your certificates
and indicate that your e-mail be signed. You can also choose to use the certificates for
encryption.
Step through your mail account settings because they are slightly different for each e-mail client.
Reading e-mail with Thunderbird
The Thunderbird e-mail client program is a full-featured mail and newsgroup reader that usually
comes with most Linux systems.
Note
In the past, you may have run the integrated Mozilla suite of applications, now called Mozilla SeaMonkey. The
more recent versions of Linux, however, have replaced SeaMonkey with separate e-mail and Web-browsing
applications, Thunderbird and Firefox, respectively. If you are used to the older Mozilla suite, you should consider upgrading to Thunderbird. Thunderbird includes features for
Sending, receiving, reading, and managing e-mail
Managing multiple mail and newsgroup accounts
Composing HTML e-mail messages
Controlling junk e-mail
Message encryption and signing
Coming from Windows
Thunderbird runs on Windows as well as Linux, so you can convert your organization to Thunderbird now,
and then later migrate to Linux. 156
Chapter 6: E-Mailing and Web Browsing
On most Linux systems, either Thunderbird or Evolution (covered following) will be the primary
e-mail client for your Linux distribution. You can launch the e-mail application from the desktop
from a menu such as Internet. For example, in Fedora and Ubuntu, you run an e-mail client from
the Applications ➪ Internet menu. Fedora defaults to Evolution as the primary e-mail client, so
Evolution is listed simply as Email on the Application ➪ Internet menu. Thunderbird is listed as
Thunderbird Email (if you install the thunderbird package).
Setting up an e-mail account
When you launch Thunderbird for the first time, the application presents the New Account Setup
dialog, which leads you through setting up an e-mail account (you can create more than one).
Figure 6-1 shows this window. Follow these steps to create your e-mail account:
FIGURE 6-1
The Thunderbird New Account Setup wizard
1. Create e-mail account. To begin setting up an e-mail account, select Email Account
and click Next. The Identity screen appears.
2. Identify yourself. Type in your name and the e-mail address that you want others to
use to send e-mail to you and click Next. The Server Information screen appears.
3. Enter server settings. For your incoming mail, indicate whether the mail server is a
POP3 or IMAP server. Then type the server name (such as mail.example.com). If you
want to keep the e-mail from different e-mail accounts separate (as opposed to having
all messages stored in a Global Inbox), uncheck this box. Finally, type the name of the
157
Part II: Running a Linux Desktop
server where your outgoing mail is sent (such as mail.example.com) and then select
Next. The User Names screen appears.
4. Enter usernames. When you get (incoming) and send (outgoing) e-mail through your
mail server, Thunderbird identifies you as a particular username to the server. Usually,
that name is the same name used in your e-mail address. For example, if your complete e-mail address were chris@example.com, the incoming and outgoing username
would probably be chris. Type in your incoming and outgoing username and click
Next. The Account Name screen appears.
5. Enter account name. Type a name by which you want to identify the account. This
name is only used to help you remember which account it is and doesn’t have any effect
on what is sent to the server. Thunderbird recommends names such as “Home Account”
or “News Account.” Click Next to continue.
6. Finish account setup. The Congratulations screen appears, which allows you to
review your settings and complete the account. Figure 6-2 shows an example of the
Congratulations screen. The check box lets you immediately download messages from
the server, if you are ready to do that. Click Next to continue.
FIGURE 6-2
Before creating your e-mail account, you can confirm all the settings.
Thunderbird is now ready to begin getting and sending mail messages. If you need to change any
settings to the account you just set up (change defaults you have not had a chance to change or
create another account), Select Edit ➪ Account Settings from the Thunderbird window.
158
Chapter 6: E-Mailing and Web Browsing
Tip
With the Junk Mail feature, Thunderbird automatically tags any message it believes to be junk mail with a
blue recycle-bin icon. Using the Junk toolbar, you train the Junk Mail feature by telling it when a message is
or isn’t junk mail. After you have identified which messages are junk mail, you can automatically move incoming junk mail to the Junk folder. Connecting to the mail server
After you have set up your mail accounts in Thunderbird, you can explicitly ask to download
any available mail messages from the server (for POP3 accounts). To do that, click the Get Mail
button.
You are prompted for the password for your account on the mail server. Using that password,
Thunderbird downloads all your messages from the mail server. It downloads messages again
every 10 minutes, or you can click the Get Mail button at any time.
If you want to change how often mail is downloaded, or other features of your account, choose
Edit ➪ Account Settings. Under the e-mail account you added are categories to change the setup
and behavior of the account. (Click Server Settings to change how often, if at all, new messages
are automatically downloaded from the mail server.)
Managing incoming mail
Select the Inbox title in the left column. It shows how many messages are in your Inbox that
have not been read. Your incoming messages appear to the right, with the headers on top and the
currently selected message text below it. Figure 6-3 shows Thunderbird displaying some e-mail
headers and the current message.
FIGURE 6-3
Manage incoming mail from the Thunderbird window.
159
Part II: Running a Linux Desktop
Thunderbird offers various ways to store and manage these e-mail messages. Here’s a quick rundown of how to manage incoming mail:
Mail folders —Mail messages are stored in folders in the left column. There could be
a separate heading for each mail account you have or you might have specified that
Thunderbird use a global Inbox where messages from all accounts get placed in the same
Inbox folder. For each mail account, incoming messages are stored (by default) in your
Inbox folder. You can create additional folders to better keep track of your mail (rightclick on Inbox, and select New Folder to add a folder). Other folders contain drafts of
messages set aside for a time (Drafts), templates for creating messages (Templates), messages you have sent (Sent), and messages that you have discarded (Trash).
Sort messages —Messages are sorted by date for the folder you select, in the upper-right
corner of the display. Click the headings over the messages to sort by subject, sender,
date, or priority. The icon on the far right of the Subject header lets you choose what
information columns to display for the message headers (such as recipient, size, status,
and so on). You can then sort on any of those columns.
Read messages —When you select a message, it appears in the lower-right corner of the
display. Click the e-mail address from the sender and a menu enables you to add that
address to your address book, compose mail to that address, copy mail to that address,
or create a filter from that message.
Filter mail—When Thunderbird grabs your e-mail from the mail server, it drops it into
the global Inbox or one associated with your mail account, by default. Thunderbird
provides some nice features for checking each message for information you choose, and
then acting on that message to move it to another folder, label it, or change its priority.
See the “Filtering Mail and Catching Spam” section later in this chapter for details.
Search messages —You can use the search feature to retrieve messages that are in one
of your mail folders. With the folder you want to search being the current folder, type a
word to search on into the Subject or Sender Contains box. Messages with sender names
or subject lines that don’t contain that string will disappear from the list of messages. To
do more detailed searches, choose Edit ➪ Find ➪ Search Messages.
Composing and sending mail
To compose e-mail messages, you can either start from scratch or respond to an existing e-mail
message. The following are some quick descriptions of how to create outgoing mail:
160
New messages —To create a new message, choose Message ➪ New Message (or click
Write on the toolbar).
Reply to messages—To reply to a mail message, click the message on the right side of
your screen and then choose Message ➪ Reply (to reply only to the author of the message) or Message ➪ Reply to All (to reply to everyone listed as a recipient of the message).
Forward messages —To forward a mail message, click the message on the right side
of your screen and then choose Message ➪ Forward. You can also forward a message
Chapter 6: E-Mailing and Web Browsing
and have it appear in the text (Message ➪ Forward As ➪ Inline) or as an attachment
(Message ➪ Forward As ➪ Attachment).
In each case, a mail Compose window appears, in which you compose your e-mail message. As
you compose your message in the Compose window, you can use the following:
Address book—Add e-mail addresses from your personal address book (or from one
of several different directory servers) by selecting Tools ➪ Address Book. Click the
Contacts button to select recipients for your missive.
Attachments —Add attachments such as a word processing file, image, or executable
program by clicking the Attach button (or choosing File ➪ Attach ➪ File) and then
selecting a file from your file system to attach. (You can also choose File ➪ Attach ➪
Web Page to choose the URL of a Web page that you want to attach.)
Certificates —Add certificates or view security information about your mail message by
selecting View ➪ Message Security Info.
When you are finished composing the message, click Send to send the message. If you prefer,
queue the message to be sent later by choosing File ➪ Send Later. (Send Later is useful if you are
not currently online.)
Tip
If you want to quit and finish the e-mail message later, choose File ➪ Save As ➪ Draft, and then click the X
in the upper-right corner to close the window. When you are ready to resume work on the message, open the
Draft folder in the Thunderbird window and double-click the message. Filtering mail and catching spam
Thunderbird can do more with incoming messages than just place them in your Inbox. You can
set up filters to check each message first and then have Thunderbird take an action you define
when a message matches the rules you set up.
For example, your filter can contain a rule that checks the subject, sender, text body, date, priority, status, recipients, or age in days of the message for a particular word, name, or date, as
appropriate. If there is a match, you can have Thunderbird put that message in a particular folder,
label it with a selected phrase, change its priority, or set its junk mail status. You can add as many
rules as you like. For example, you can
Have all messages sent from a particular address sorted into a separate mail folder. For
example, I direct some mailing lists to a separate folder so that important mail doesn’t
get lost when there’s a lot of activity on the mailing lists to which I subscribe.
Mark incoming messages from important clients as having highest priority.
Have messages from particular people or places that are being mistakenly marked as
spam change their junk status to Not Junk.
161
Part II: Running a Linux Desktop
To set up filter rules in Thunderbird, select Tools ➪ Message Filters. The Message Filters pop-up
appears. If you have multiple mail accounts, select the account you want to filter. Then click New.
From the Filter Rules pop-up window, choose the following:
For incoming messages that—There are different ways to check parts of a message. For
example, you can check whether the Sender is in the address book. You can check what
the Priority is: low, medium, or high. You can create multiple rules for a filter (click
More to add another rule), and then choose whether you want to match all or any of the
rules to continue to the action.
Perform these actions —The information in this section describes what to do with
a message that matches the rules you’ve set. You can have the message moved to any
existing folder, or label the message. With labels, the message appears in a different
color depending on the label: important (red), work (orange), personal (green), to do
(blue), or later (purple). You can also change the message priority.
Figure 6-4 shows a rule I created to have a star attached to mail from my friend, Tweeks, when it
comes in.
A nice feature of Thunderbird’s filtering rules is that you can apply the rules after the fact as well.
If you decide you want to move all messages in your Inbox from a particular person to a different
folder, for example, you can open the Message Filters window, create a rule to move the selected
messages, select Inbox, and click Run Now.
FIGURE 6-4
Create filter rules to sort or highlight your e-mail messages.
162
Chapter 6: E-Mailing and Web Browsing
For junk mail, with a mail message selected, click the Junk button in the toolbar. The message
is marked as junk. Your selection helps teach Thunderbird what you think is junk mail. Click
Tools ➪ Run Junk Mail Controls on Folder and Thunderbird looks for other messages that look
like junk mail. (You can take the junk marker off of any message you think is not junk.) Then
select Tools ➪ Delete Mail Marked as Junk in Folder, and the junk mail is deleted. To open a
window to configure how you handle junk mail, select Tools ➪ Junk Mail Controls.
Managing e-mail in Evolution
If you are using Fedora, Ubuntu, or Debian, Evolution is the e-mail client that you can start right
from the GNOME desktop (look for the envelope icon on the panel). Evolution is a groupware
application, combining several types of applications that help groups of people communicate and
work together. The features of Evolution include
Mail—A complete set of features for getting, reading, managing, composing, and sending e-mail on one or more e-mail accounts.
Contacts —Create contact information such as names, addresses, and telephone numbers for friends and associates. A Categories feature helps you remember who gets birthday and anniversary gifts.
Calendar —Create and manage appointments on your personal calendar. You can
e-mail appointment information to others and do keyword searches of your calendar.
Memos —Write public, private, or confidential memos.
Tasks —Organize ongoing tasks into folders.
Coming from Windows
Evolution provides a default interface that looks a lot like that of Microsoft Outlook, making it easy for new
users to make a smooth transition to a Linux system. Additional features recently added to Evolution include improved junk mail handling and Search
Folders (for managing multiple physical folders as one folder).
Receiving, composing, and sending e-mail
Evolution offers a full set of features for sending, receiving, and managing your e-mail. Figure 6-5
shows an example of an Evolution window with the Inbox selected and ready to manage, compose, send, and receive e-mail.
163
Part II: Running a Linux Desktop
FIGURE 6-5
Manage your e-mail from the Evolution Inbox.
Here’s a quick rundown of common e-mail tasks:
164
Read e-mail—Click Inbox in the left column. Your messages appear to the right.
Message headers are in the upper right; the current message is displayed in the lower
pane. Double-click a message header to display it in a separate window
Delete e-mail—After you have read a message, select it and press the Delete key. Click
View ➪ Hide Deleted Messages to toggle whether you can see deleted messages. Click
Folder ➪ Expunge to permanently remove all messages marked for deletion in the current folder.
Send and receive —Click the Send/Receive button to send any e-mail queued to be sent
and receive any e-mail waiting for you at your mail server. (You may not need to do this
if Evolution is configured to download your messages every few minutes. Select Edit ➪
Preferences, and then double-click on your mail account. The Receiving Options tab
indicates whether automatic mail checking is being done.)
Compose e-mail—Click New ➪ Mail Message. A Compose a Message window appears.
Type your recipient’s e-mail address, enter a subject line, and fill in the body of the message. Click Send when you are finished. Buttons on the Compose window enable you to
Chapter 6: E-Mailing and Web Browsing
add attachments, cut and paste text, choose a format (HTML or plain text), and sign the
message (if you have set up appropriate keys).
Use address books —Click the Contacts button (or View ➪ Window ➪ Contacts menu
choice) to see a list of names, addresses, and other contact information for the people in
your address book. When you compose a message, click the To or CC buttons to select
addresses from the book to add as recipients for your message.
Create folders —If you like to keep old messages, you may want to save them outside
your Inbox (so it won’t get too junked up). To create a folder in which to keep them,
right-click on the Inbox and select New Folder. You can choose to store the new folder
as a subfolder to any existing folder. Type a folder name and click OK.
Move messages —With new folders created, you can easily move messages from your
Inbox to another folder. The easiest way is to simply drag-and-drop each message (or a
set of selected messages) from the message pane to the new folder.
Search messages —Type a keyword in the search box over your e-mail message pane
and select whether to search your message subject lines, sender, recipient, or message
body. Click Find Now to search for the keyword. After viewing the messages, click
Clear to have the other messages reappear.
Managing e-mail with Search Folders
Managing large amounts of e-mail can become difficult when the messages you want to refer to
span several folders, dates, or senders. With Search Folders (also called virtual folders or vFolders), you can identify criteria to group together messages from all your mail folders so you can
deal with them in one Search Folder.
Note
Where have vFolders gone? Search Folders used to be called vFolders. If you are familiar with older versions
of Evolution, note that the name changed to Search Folders. Here’s a procedure for creating a Search Folder:
1. With Evolution open to read mail (click Inbox to get there), select Search ➪ Create
Search Folder from Search. A New Search Folder pop-up appears.
2. Type a rule name.
3. Click Add and select criteria for including a message in your Search Folder. At first you
should see an entry that says “Message Body contains,” after which you can type a term
to search on. Otherwise, you can change Message Body to sender, recipient, subject,
expression, date sent, or other criteria to search on. Click Add Filter Criteria if you want
to add more criteria.
4. If you want to search only specific folders, click Add in the Search Folder Sources box
and select the folder you want to search. You can repeat the Add to choose more than
165
Part II: Running a Linux Desktop
one. Otherwise, you can select to search all local folders, all active remote folders, or all
local and active remote folders. Then click OK.
5. Make sure the folder bar is visible (select View ➪ Layout ➪ Show Side Bar). The folder
you just created is listed under the Search Folders heading. Click that folder to see the
messages you gathered with this action.
At this point, you can work with the messages you gathered in the Search Folder. Although it
appears that there are multiple versions of each message across your mail folders, there is really
only one copy of each. So deleting or moving the message from a Search Folder actually causes it
to be deleted or moved from the original folder in which the real message resides.
Tip
You can also create a Search Folder by performing a search, a sort of query by example. Select the Search ➪
Create Search Folder from Search menu choice and enter your search criteria. Filtering e-mail messages
You can take action on an e-mail message before it even lands in your Inbox. Click Message
➪ Create Rule, and then select the type of filter to create. Evolution shows a Filters window to
enable you to add filters to deal with incoming or outgoing messages. Click Add to create criteria
and set actions.
For example, you can have all messages from a particular sender, subject, date, status, or size
sorted to a selected folder. Or you can have messages matching your criteria deleted or assigned a
color, or play a sound clip.
Evolution also supports many common features, such as printing, saving, and viewing e-mail
messages in various ways. The help system that comes with Evolution (click the Help button)
includes a good manual, FAQ, and service for reporting bugs.
Reading e-mail with SeaMonkey Mail
The SeaMonkey Mail client program is a full-featured mail and newsgroup reader that comes
with the SeaMonkey suite on many Linux systems. In general, the SeaMonkey suite is based on
the older Mozilla suite, which was replaced by Thunderbird e-mail and Firefox Web browser
clients. Thunderbird and Firefox were split from the large Mozilla suite and each now runs as a
separate application. If you are used to the older Mozilla suite, now called SeaMonkey, you should
consider upgrading to Thunderbird.
In most respects, SeaMonkey Mail works like Thunderbird, described previously. The major
difference is that SeaMonkey Mail, because it is an older application, won’t have all the features
of the latest Thunderbird. This is a big change. In the last year or so, Thunderbird has all but
replaced SeaMonkey Mail.
166
Chapter 6: E-Mailing and Web Browsing
In many Linux distributions you can simply install the seamonkey package to get the entire
SeaMonkey Suite (Web browser, Mail client, Composer, Address Book, and IRC Chat client).
If SeaMonkey is not available with your Linux distribution, you can download the Mozilla
SeaMonkey suite from www.mozilla.org/projects/seamonkey/. Figure 6-6 shows an example of the SeaMonkey mail window.
FIGURE 6-6
Manage mail and newsgroups with SeaMonkey.
Working with text-based e-mail readers
The first text-based mail clients could be configured quite simply. Mail clients such as mutt,
mail, or pine were often run with the user logged in to the computer that was acting as the
mail server. So instead of downloading the messages, using POP3 or IMAP, the mail client would
simply open the mailbox (often under the user’s name in /var/spool/mail) and begin working
with mail.
Today, some of these text-based e-mail clients have been enhanced to support more modern features. For example, you can point the mutt e-mail client at a remote mail server and access mail
from both insecure (imap and pop3) and secure (imaps and pop3s) mail access services.
Many text-based mail programs are available for reading, sending, and working with your mail.
Many of these programs have been around for a long time, so they are full of features and have
been well debugged. As a group, however, they are not very intuitive.
167
Part II: Running a Linux Desktop
Tip
Most of these programs use the value of your $MAIL environment variable as your local mailbox, by default.
Usually, that location is /var/spool/mail/user, where user is your username. If you use Thunderbird
but want to try out one of the text-based e-mail clients, you can set your $MAIL so that it points to your
Thunderbird mailbox. Doing so enables you to use either Thunderbird or a text-based mail program. Add the
following line to one of your startup files:
export MAIL=$HOME/.thunderbird/*.default/*/Mail/accountname/Inbox
Replace accountname in the command with the name of an e-mail account you set up. If you usually use
Thunderbird for mail, set this variable temporarily to try out some of these mail programs. Mail readers described in the following sections are text-based and use the entire Terminal
window (or other shell display). Although some features are different, menu bars show available
options right on the screen.
Mutt mail reader
The mutt command is a text-based, full-screen mail user agent for reading and sending e-mail.
The interface is quick and efficient. Type mutt to start the program. Move arrow keys up and
down to select from your listed messages. Press Enter to see a mail message and type i to return
to the Main menu.
The menu bar indicates how to mark messages for deletion, undelete them, save messages to a
directory, and reply to a message. Type m to compose a new message and it opens your default
editor (vi, for example) to create the message. Type y to send the message. If you want to read
mail without having your fingers leave your keyboard, mutt is a nice choice. (It even handles
attachments!)
Pine mail reader
The pine mail reader is another full-screen mail reader, but it offers many more features than
does mutt. With pine, you can manage multiple mail folders and newsgroup messages as well
as mail messages. As text-based applications go, pine is quite easy to use. It was developed by a
group at the University of Washington for use by students on campus, but has become widely
used in UNIX and Linux environments.
Start this mail program by typing pine. After a brief startup message that invites you to count
yourself as a pine user, you should see the following menu, from which you can select items by
typing the associated letter or using up and down arrows and pressing Enter:
?
C
I
L
A
S
Q
168
HELP
COMPOSE MESSAGE
MESSAGE INDEX
FOLDER LIST
ADDRESS BOOK
SETUP
QUIT
-
Get help using Pine
Compose and send a message
View messages in current folder
Select a folder to view
Update address book
Configure Pine Options
Leave the Pine program
Chapter 6: E-Mailing and Web Browsing
To read your e-mail, select either I or L. Commands are listed along the bottom of the screen
and change to suit the content you are viewing. Use the left (←) and right (→) arrow keys to step
backward and forward among the pine screens.
Mail reader
The mail command was the first mail reader for UNIX. It is text-based, but not screen-oriented.
Type mail to see the messages in your mailbox. You get a prompt after message headings are displayed—you are expected to know what to do next. (You can use the Enter key to step through
messages.) Type ? to see which commands are available.
While in mail, type h to see mail headings again. Simply type a message number to see the message. Type d# (replacing # with a message number) to delete a message. To create a new message,
type m. To respond to a message, type r# (replacing # with the message number).
Choosing a Web Browser
Many Web browsers available in Linux are based on the Mozilla Web browser engine, called
Gecko. Web browsers that might come with your Linux distribution include
Firefox—This is the leading Web browser for Linux and other open source software
systems. There are versions of Firefox available for Linux, Mac OS X, and Windows.
Firefox has made inroads into the Mac and Windows worlds as well. This next generation browser from the Mozilla project is designed to be fast, efficient, and safe for Web
browsing.
SeaMonkey Web Browser —Offered as part of the SeaMonkey suite, this Web browser
is based on Mozilla Navigator, which was once the most popular open source Web
browser. Although no longer actively developed by the Mozilla project, the SeaMonkey
suite remains available with many Linux systems. Some people still install SeaMonkey
for its easy-to-use HTML composer window.
Konqueror —Comes as the default browser with many KDE desktop environments.
Konqueror is a file manager as well as a Web browser and helps bring together many
features of the KDE desktop. In recent KDE releases, some of Konqueror’s fi le manager
features have been moved to the Dolphin file manager, helping to make Konqueror run
more efficiently as a Web browser.
Opera—A commercial application that runs on many small devices such as mobile
phones or the Nokia Linux–based Internet Tablet, this browser is available for free on
Mac OS X, Microsoft Windows, and Linux. Because it is not open source, however, it is
not redistributed with most major Linux systems.
links, lynx, and w3m—If you are in a text-based environment (operating from the
shell), these are among several text-based Web browsers you can try out.
169
Part II: Running a Linux Desktop
Note
Some streamlined Linux versions, such as Damn Small Linux, include a very lightweight Web browser called
dillo (www.dillo.org). Although its small size (only about 350KB binary) comes with some limitations
(such as limited font and internationalization support), dillo is a good choice for displaying basic HTML on
hand-held devices and mini Linux distributions. Another small-footprint browser is minimo (www.mozilla.
org/projects/minimo/), short for mini-Mozilla. The following sections describe SeaMonkey, Firefox, and some text-based Web browsers that are
available with many Linux systems.
Exploring the SeaMonkey Suite
During the early 1990s, Netscape Navigator was the most popular Web browser. When it became
apparent that Netscape was losing its lead to Microsoft Internet Explorer, its source code was
released to the world as open source code.
Mozilla.org (www.mozilla.org) was formed to coordinate the development of a new browser
from that code. The result was the Mozilla browser that was included with most Linux distributions. The availability on multiple platforms was great, especially if you must switch between
Linux and Windows, for example, using Windows at work and Linux at home. Mozilla looked
and acted the same on many platforms.
With the focus of Mozilla project development turning to Firefox and Thunderbird, as mentioned
earlier, the suite changed its name to SeaMonkey. In addition to viewing Web pages, you can
also manage e-mail, newsgroups, IRC, address books, and even create your own Web pages with
SeaMonkey Composer.
Note
Slackware kept SeaMonkey so that the project could offer the SeaMonkey Composer. The Slackware project
noted that SeaMonkey Composer is a WYSIWYG HTML editor that is still used by many open source enthusiasts as an alternative to Microsoft FrontPage for ease-of-use Web page development. In addition to the SeaMonkey browser, the SeaMonkey suite also includes the following features:
170
Mail and Newsgroups —A full-featured program for sending, receiving, and managing
e-mail, as well as for using newsgroups. (The seamonkey RPM or deb package must be
installed.) SeaMonkey Mail has mostly been replaced by the Thunderbird application,
covered previously.
IRC Chat—An Internet Relay Chat (IRC) window, called ChatZilla, for participating in
online, typed conversations. (The mozilla-chat package must be installed.)
Composer —A Web page (HTML) composer application.
Address Book—A feature to manage names, addresses, telephone numbers, and other
contact information. This is also part of Thunderbird.
Chapter 6: E-Mailing and Web Browsing
Figure 6-7 shows examples of the Browser and Composer windows available with the SeaMonkey
suite.
FIGURE 6-7
SeaMonkey includes a browser, composer, and other Internet clients from the old Mozilla suite.
Using Firefox
Most Linux distributions ship Firefox as the default browser. In many desktop Linux distributions, you start the Firefox Web browser from an icon on the top panel or on an Applications
menu. For example, in Debian, select Applications ➪ Internet ➪ Firefox Web Browser. If you
don’t see it on a menu, you can start Firefox by simply typing firefox from a Terminal window.
The current version of Firefox (Firefox 3.5) includes some extraordinary features for ease-of-use,
security, and performance. Many of those features are described in the following section. The
Firefox project page (www.mozilla.com/en-US/firefox/) is shown in a Firefox browser in
Figure 6-8.
171
Part II: Running a Linux Desktop
FIGURE 6-8
Firefox is the leading open source Web browser, with thousands of improvements over earlier versions.
If you have been using Firefox for a while, but are new since Firefox 3, it has many new features
you may find interesting. Inside Firefox is the Gecko 1.9 Web rendering platform, with thousands of features to improve performance, rendering, and stability. You should notice improvements in color management and fonts.
One improvement that connects you to several new features in Firefox 3 is the location box.
Figure 6-9 shows several location box examples that illustrate new ways of dealing with the Web
sites you request.
In Figure 6-9, the left-side example shows what happens when you click on the icon on the
left side of the location box when visiting a secured site. You can see that VeriSign verifies the
authenticity of the site and that communications are encrypted. In the right-side example, by
selecting the star on the right side of the location box, you can work with bookmark information
for a page and modify that information. Other icons that might appear in the location box include
a variety of security warnings, such as warnings for possible forged or dangerous content.
Firefox has all the basic features you need in a Web browser plus a few special features. The following sections describe how to get the most out of your Firefox Web browser.
Coming from Windows
For help transitioning from Internet Explorer to Firefox, see the Firefox site at www.mozilla.org/
products/firefox/switch.html. 172
Chapter 6: E-Mailing and Web Browsing
FIGURE 6-9
Do site verification and bookmarks from the location box.
Setting up Firefox
You can do many things to configure Firefox to run like a champ. The following sections describe
some ways to customize your browsing experience in Firefox.
Setting Firefox preferences
You can set your Firefox preferences in the Preferences window (see Figure 6-10). To open Firefox
preferences, select Edit ➪ Preferences.
FIGURE 6-10
Change settings for navigating the Web from Firefox’s Preferences window.
173
Part II: Running a Linux Desktop
Tip
If you are upgrading from the Mozilla suite or an earlier Firefox release, you will notice the Preferences window looks completely different. Don’t despair, however; the browser preferences have not changed much.
The latest Firefox just has a simpler window layout. The following are some Firefox preferences that you might want to change:
174
Main—Lets you choose which pages to display when you start Firefox. It also lets you
choose how to handle downloads and change add-on preferences.
Tabs —Use these selections to control how Firefox uses tabs, one of the most useful features of this browser.
Content—Set Content preferences to control how Firefox should deal with requests for
different types of Web content. These options include
Pop-up windows —Choose whether or not to block pop-up windows.
Java and JavaScript—You can control whether these languages are enabled.
Images —Choose whether or not to load images automatically. (Useful for small
screens or low-bandwidth network connections.)
Fonts & Colors —Select the default font type and size, as well as the colors used for
text, background, visited links, and unvisited links.
Language —For Web pages that can appear in multiple languages, this sets the order
in which you would prefer languages to be displayed. For example, you might choose
English/United States, English, French, and German. Then Firefox tries to display
a Web page you open in each of those languages successively, until one is matched.
You can set other advanced features on this tab.
Applications —View, search, and change which applications are used to display different types of content that might be encountered during browsing.
Privacy—Choose how long to store a history of addresses of the sites you have typed in
your location bar. (These addresses appear in the History tab on the Firefox sidebar.) Set
Privacy preferences to control how Firefox caches private data and allows Web sites to
find out information about you in cookies. These preferences include
Cookies —The Web content you choose can try to open, move, resize, raise, and
lower windows. It can request to change your images, status bar text, or bits of information stored in what are called cookies. These preferences let you restrict what the
content you request can do.
Private Data—Storing your history of browsing and downloading, forms and
searches, visited pages, cookies, passwords, and authenticated sessions can simplify
your browsing experience. However, if you are working on someone else’s machine
or otherwise don’t want to leave a record of your browsing behind, you can clear that
information with the Clear Now button. You can also select the Settings button to
indicate what information you want to clear when Clear Now is selected.
Chapter 6: E-Mailing and Web Browsing
Security—Firefox 3 has a great new feature from the Security preferences tab that lets
you select to be warned if a site you are visiting is a suspected attack site or forgery. You
can also select to be warned when a site tries to install add-ons. Other settings on this
tab let you choose to remember passwords you enter for sites (so you don’t have to type
them every time you visit) or choose to keep a master password.
Advanced—Several tabs within the Advanced tab include many features that you probably won’t use every day. General features let you set accessibility features and browsing features. The Network tab lets you set up special network connections to use with
Firefox (such as proxy settings) or configure offline storage cache. From the Update
tab you can automatically check for Firefox updates. On the Encryption tab, you can
choose the security protocols (SSL and TLS) and personal certificates to use when a site
requests that information.
Adding add-ons and plug-ins
Add-ons extend the features in Firefox to personalize how you use your browser. Dozens of add-ons
are available to help you manage and search your Web content more efficiently, handle downloads,
work with news feeds, and interact with social networks. Plug-ins are special applications you can
add to handle data that Firefox can’t work with by default (such as special image or audio files).
To find out about available add-ons and plug-ins, select Tools ➪ Add-ons from the Firefox window to see the Add-ons pop-up window. Figure 6-11 shows an example of that window.
FIGURE 6-11
Select add-ons to Firefox to manage content in different ways.
175
Part II: Running a Linux Desktop
Select the link to see recommended add-ons from the Firefox Add-ons page. You can see reviews
of each add-on, ratings, how often they are downloaded, and screenshots of how the add-on
appears. Here are a few examples of popular Firefox add-ons:
FoxyTunes —With FoxyTunes (www.foxytunes.com) installed, you can use any of
more than a dozen music players to play music as you browse the Web. It also helps you
find covers, videos, lyrics, biographies, and other information about the artists you play.
FireGestures —With FireGestures, you can map different mouse gestures to launch
scripts or perform actions that you set.
ColorfulTabs —The ColorfulTabs add-on lets you set your Firefox browser tabs to different colors. Colors can be set in a variety of ways (such as at random or by domain
name). Change settings from the Extensions tab on the Add-on window.
After you have installed an add-on, you need to restart Firefox for it to take effect. In some cases,
a change to an extension’s option will also require you to restart Firefox. If you want to uninstall
an add-on or change an add-on’s options, select Tools ➪ Extensions from Firefox. Select the
Extensions tab. This displays the add-ons you have installed and offers buttons to disable, uninstall, or change preferences.
Plug-ins are applications you add to your browser to play particular types of content. Usually you
do this because either Firefox doesn’t include the feature you want or you want to use a different
application to play the content (such as your own music player).
Many plug-ins are already packaged by their creators or by third-party repositories for popular
Linux distributions. For example, some multimedia plug-ins for Fedora are available from the
rpmfusion.org repository, while Ubuntu and Debian might have the same plug-ins packaged in
repositories labeled as non-free. The Firefox Plug-ins sidebar describes some popular plug-ins for
Firefox.
Firefox Plug-ins
Many plug-ins are available for use in most Linux versions of Firefox. To see a list of plug-ins that are already
installed in your browser, enter about:plugins in the address box where you normally type URLs.
Go to https://addons.mozilla.org/ and select Plugins to view and download the most popular
plug-ins, and look at plugindoc.mozdev.org/linux.html for links to other plug-ins. Some of the
most popular plug-ins are
176
Adobe Reader Plug-in (www.adobe.com/support/downloads )—Displays files in Adobe
Systems’ PDF (Portable Document Format) format.
DjVuLibre Plug-in (djvu.sourceforge.net)—Displays images in DjVu image compression
technology. This plug-in is from AT&T.
Chapter 6: E-Mailing and Web Browsing
Real Player (www.real.com/linux)—Plays RealAudio and Video content. Real Networks and
its open source Helix project have recently made RealVideo codecs available to the Linux
community.
Adobe Flash Plug-in (www.adobe.com/downloads)—Flash is the most popular player for playing video on the Web. Some Linux systems come with an open source Flash player installed, but
most agree that the Adobe version works better so far.
CrossOver Plugin (www.codeweavers.com)—Linux plug-ins are not yet available for some of
the more interesting and popular plug-ins. QuickTime movies, Shockwave Director multimedia
content, and various Microsoft movie, file, and data formats simply will not play natively in
Firefox. Using software built on WINE for Linux on x86-based processors, CodeWeavers created
the CrossOver Plugin. Although no longer offered as a separate product (you must buy the entire
Crossover Linux product for $39.95 US), the CrossOver Plugin lets you play some content that
you could not otherwise use in Linux. (Download a demo from www.codeweavers.com/site/
products/download_trial and choose CrossOver Linux.)
After you install the CrossOver Plugin, you see a nice Plugin Setup window that lets you
selectively install plug-ins for QuickTime, Windows Media Player, Shockwave, Flash, iTunes,
and Lotus Notes, as well as Microsoft Word, Excel, and PowerPoint viewers. (Support for
later versions of these content formats may be available by the time you read this.) You can
also install other multimedia plug-ins, as well as a variety of fonts to use with those plug-ins.
Changing Firefox themes
Several themes are available for changing the look and feel of your Firefox window. From the
Firefox Add-ons site (http://addons.mozilla.org), select Themes. When you download a
theme for Firefox, it knows that it is a Firefox theme and, on the download window, it gives you
the option to install the theme by clicking the Use Theme button.
To change a theme later or get more Themes, select Tools ➪ Add-ons and select the Themes tab.
After you have installed a new theme, you need to restart Firefox for the new theme to take effect.
Securing Firefox
Security has been one of the strongest reasons for people to switch to Firefox. By prohibiting the
most unsafe types of content from playing in Firefox, and by warning you of potentially dangerous or annoying content before displaying it, Firefox has become the Web browser of choice for
many security-conscious people. Here are some ways that Firefox helps make your Web browsing
more secure:
ActiveX—Because of major security flaws found in ActiveX, Firefox will simply not play
ActiveX content. Although there have been projects to try to provide ActiveX support in
Mozilla, none of those projects are being actively developed.
177
Part II: Running a Linux Desktop
Pop-ups —When pop-up windows are encountered as you browse with Firefox, a message (by default) tells you that “Firefox prevented this site from opening a popup window.” By clicking on that message, you have an opportunity to allow all pop-ups from
that site, just allow the requested pop-up, or edit your pop-up settings.
Privacy preferences —From the Privacy window in Firefox (select Edit ➪ Preferences,
and then click the Privacy button), you can clear stored private information from your
browser in a single click. This is a particularly good feature if you have just used a
computer that is not yours to browse the Web. You can select to individually clear your
History, information saved in forms you might have filled in, any passwords saved by
the browser, history of what you have downloaded, cookies, and cached files. As an
alternative, you can click Clear Now and clear all that information from Firefox in one
click.
Web Forgeries —The latest Firefox release helps you block forged Web sites by displaying a “Suspected Web Forgery” pop-up message when it encounters a page that has been
reported as forged. You can choose to not display the page or ignore the warning. If
you suspect a forged page that doesn’t display that message, select Help ➪ Report Web
Forgery to try to add the page to the Google Web Forgery list.
Certificates —In Firefox, you can install and manage certificates that can be used for
validating a Web site and safely performing encryption of communications to that site.
Using the Preferences window (select Edit ➪ Preferences and then click the Advanced
button), you can manage certificates under the Encryption tab, Certificates heading. Select View Certificates to display a window that lets you import new certificates
or view certificates that are already installed. Firefox will check that certificates you
encounter are valid (and warn you if they are not).
Along with all the excellent security features built into Firefox, it’s important that you incorporate
good security practices in your Web browsing. Here are some general tips for safe Web browsing:
Download and install software only from sites that are secure and known to you to be
safe.
For any online transactions, make sure you are communicating with a secure site (look
for the https protocol in the location box and closed lock icon in the lower-right corner
of the screen).
Be careful about being redirected to another Web site when doing a financial transaction. An IP address in the site’s address or misspellings on a screen where you enter
credit card information are warning signs that you have been directed to an untrustworthy site.
Because new exploits are being discovered all the time, it’s important that you keep your Web
browser up-to-date. That means that, at the least, you need to get updates of Firefox from the
Linux distribution you are using or directly from Mozilla.org. To keep up on the latest security
news and information about Firefox and other Mozilla products, refer to the Mozilla Security
Center (www.mozilla.org/security/).
178
Chapter 6: E-Mailing and Web Browsing
Tips for using Firefox
There are so many nice features in Firefox, it’s hard to cover all of them. Just to point you toward
a few more fun and useful features, here are some tips for using Firefox:
Add smart keywords —Many Web sites include their own search boxes to enable you
to look for information on their sites. With Firefox, you can assign a smart keyword
to any search box on the Web, and then use that keyword from the location bar in the
Firefox browser to search that site.
For example, go to the Linux Documentation Project site (http://tldp.org). Rightclick in the Search/Resources search box. Select Add a Keyword for this Search from the
menu that appears. Add a name (Linux Documentation) and a keyword (tldp) and select
Add to add the keyword to your Bookmarks.
After you have added the keyword, you can use it by simply entering the keyword and
one or more search terms to the Firefox location box (on the navigation toolbar). For
example, I entered tldp Lego Mindstorms and came up with a list of HOWTOs for
using Lego Mindstorms in Linux.
Check config—Firefox has hundreds of configuration preferences available to set as you
please. You can see those options by typing about:config into the location box. Casual
users should look at these settings, but not change them (because you can do irreparable harm to Firefox if you make a wrong selection).
If you feel secure about making changes, for true/false options, you can click on the
preference name to toggle it between the two values. For other preferences, click the
preference to enter a value into a pop-up box. Although many of these values can be
changed through the Preferences menu (Edit ➪ Preferences), some technical people prefer to look at settings in a list like the one shown on the about:config page.
Multiple home pages —Instead of just having one home page, you can have a whole set
of home pages. When you start Firefox, a separate tab opens in the Firefox window for
each address you identify in your home page list. To do this, create multiple tabs (File ➪
New Tab) and enter the address for each page you want in your list of home pages. Then
select Edit ➪ Preferences ➪ Main and click the Use Current Pages button. The next time
you open Firefox, it will start with the selected tabs open to the home pages you chose.
(Clicking the Home icon opens new tabs for all the home pages.) You can also manually
enter multiple URLs into the text box. Separate each URL with a pipe character (|).
Using Firefox controls
If you have used a Web browser before, the Firefox controls are probably as you might expect:
location box, forward and back buttons, file and edit menus, and so on. There are a few controls
with Firefox, however, that you might not be used to seeing:
Display Sidebar —Select View ➪ Sidebar to toggle the bookmarks or history sidebars
on and off. The sidebar is a left column on your Firefox screen for allowing quick access
179
Part II: Running a Linux Desktop
to Bookmarks and History. Use the Bookmarks tab to add your own bookmarks and the
History tab to return to pages on your history list.
Send Web Content—You can send an e-mail containing the URL of the current Web
page (File ➪ Send Link) to selected recipients. Firefox will load your default e-mail client such as Thunderbird or Evolution to send the e-mail message.
Search the Internet—You can search the Internet for a keyword phrase in many different ways. Choose Tools ➪ Web Search to start a search. Selecting this menu choice
moves the mouse cursor to the search box, where you can enter search terms. Click the
icon on the left side of this box to choose search engines such as Google, Yahoo!, and
others. Select Manage Search Engines to select other search sites to use. Press the Enter
key to search.
View Web Page Info —You can view information about the location of a Web page, the
location of each of its components, the dates the page was modified, and other information by clicking the right mouse button over a Web page and then choosing View Page
Info. In the Page Info window, click the Links tab to see links on that page to other
content on the Web. Click the Security tab to see information about verification and
encryption used on the page.
Improving Firefox browsing
Not every Web site you visit with Firefox is going to play well. Some sites don’t follow standards:
They use unreadable fonts, choose colors that make it hard to see, or demand that you use a
particular type of browser to view their content. To improve your browsing experience, there are
several things you can add to Firefox.
Note
If you encounter a problem with Firefox that you can’t overcome, I recommend that you refer to the Mozilla
Bugzilla database (www.mozilla.org/bugs/). This site is an excellent place to search for bugs others have
found (many times you can get workarounds to your problems) or enter a bug report yourself. Adding a preferences toolbar
Did you ever run into a Web page that required you to use a particular type or version of a browser
or had fonts or colors that made a page unreadable? The Firefox preferences toolbar called PrefBar4
enables you to try to spoof Web sites into thinking you are running a different browser. It also lets
you choose settings that might improve colors, fonts, and other attributes on difficult-to-read pages.
You can install the neat little toolbar from the Mozdev.org site (http://prefbar.mozdev.org).
Click the Install link, and after it is installed, restart Firefox.
The default set of buttons lets you do the following:
180
Colors —Change between default colors and those set on the Web page.
Images —Toggle between having images loaded or not loaded on pages you display.
Chapter 6: E-Mailing and Web Browsing
JavaScript—Allow or disallow JavaScript content to play in Firefox.
Flash—Allow or refuse all embedded Flash content on the current page.
Clear Cache —Delete all cached content from memory and disk.
Save Page —Save the current page and, optionally, its supporting images and other content, to your hard disk.
Real UA—Choose to have your browser identified as itself (current version of Firefox)
or any of the following: Mozilla 1.0 (in Windows 98), Netscape Navigator 4.7 (in
Macintosh), Netscape 6.2 (in Linux), Internet Explorer 5.0 (in Macintosh), Internet
Explorer 6.0 (in Windows XP), or Lynx (a text-based Web browser).
The user agent (UA) setting is very useful when dealing with Web sites that require Internet
Explorer (IE) (and usually IE on Windows, not Mac OS). The IE 6.0 WinXP setting is good
enough to allow Firefox to log on to the Microsoft Exchange webmail service, which is usually
set up to require IE. If you want to run Linux in a mostly Windows organization, install the
Preferences toolbar.
Click the Customize button to add other buttons to the toolbar. You can add buttons to clear your
History or Location bar entries. You can even add a Popups button to prevent a page from opening a pop-up window from Firefox.
Many of the preferences take effect immediately. Others may require you to restart Firefox.
Doing cool things with Firefox
Some neat bells and whistles are built into Firefox that can make your browsing more pleasant.
The following sections explore a few of those features.
Blocking pop-ups
You can block annoying pop-up windows using the Firefox Preferences window. Here’s how:
1. Click Edit ➪ Preferences. The Preferences window appears.
2. Click Block Pop-up Windows under the Content category.
By blocking all pop-ups you might keep some Web sites from working properly. Click the
Exceptions button to allow pop-ups on certain sites that you choose.
Using tabbed browsing
If you switch back and forth among several Web pages, you can use the tabbed browsing feature
to hold multiple pages in your browser window at once. You can open a new tab for browsing by
simply selecting File ➪ New Tab or by pressing Ctrl+T. You can open any link into a new tab by
right-clicking over the link and then selecting Open Link in New Tab.
181
Part II: Running a Linux Desktop
You can also tailor how tabbed browsing works from a Web page or from the Location box.
Here’s how:
1. Click Edit ➪ Preferences. The Preferences window appears.
2. Click the Tabs tab.
3. Click the tab-related options you desire.
A tab for each tabbed page appears at the top of the Firefox pane. To close a tab, create a new tab,
bookmark a group of tabs, or reload tabs, right-click one of the tabs and choose the function you
want from the drop-down menu.
One of the easiest ways to open a link in a tab is to right-click over a link on an HTML page.
Select the Open Link in New Tab choice.
Resizing Web page text
There is a nice keyboard shortcut that lets you quickly resize the text on most Web pages in
Firefox. Hold the Ctrl key and press the plus (+) or minus (–) keys. In most cases, the text on the
Web page gets larger or smaller, respectively. That page with the insanely small type font is suddenly readable.
There are many more things you can do with Firefox than I have covered in this chapter. If you
have questions about Firefox features or you just want to dig up some more cool stuff about
Firefox, I recommend checking out the MozillaZine forum for Firefox support:
http://forums.mozillazine.org/viewforum.php?f=38
This page has a sticky link to Miscellaneous Firefox Tips and a good FAQ post.
Using Text-Based Web Browsers
If you become a Linux administrator or power user, over time you will inevitably fi nd yourself
working on a computer from a remote login or where there is no desktop GUI available. At some
point while you are in that state, you will want to check an HTML fi le or a Web page. To solve the
problem, many Linux distributions include several text-based Web browsers.
With text-based Web browsers, any HTML file available from the Web, your local file system, or a
computer where you’re remotely logged in can be accessed from your shell. There’s no need to fire
up your GUI or read pages of HTML markup if you just want to take a peek at the contents of a
Web page. In addition to enabling you to call up Web pages, move around with those pages, and
follow links to other pages, some browsers even display graphics right in a Terminal window!
182
Chapter 6: E-Mailing and Web Browsing
Which browser you use is a matter of which you are more comfortable with. Browsers that are
available include
links —You can open a file or a URL, and then traverse links from the pages you open.
Use search forward (/string) and back (?string) features to find text strings in
pages. Use up and down arrows to go forward and back among links. Press Enter to
go to the current link. Use the right and left arrow keys to go forward and back among
pages you have visited. Press Esc to see a menu bar of features from which to select.
lynx—The lynx browser has a good set of help fi les (press the ? key). Step through
pages using the spacebar. Although lynx can display pages containing frames, it cannot display them in the intended positioning. Use the arrow keys to display the selected
link (right arrow), go back to the previous document (left arrow), select the previous
link (up arrow), and select the next link (down arrow).
w3m—This browser can display HTML pages containing text, links, frames, and tables.
It even tries to display images (although it is a bit shaky). Both English and Japanese
help files are available (press H with w3m running). You can also use w3m to page
through an HTML document in plain text (for example, cat index.html | w3m -T
text/html). Use the Page Up and Page Down keys to page through a document. Press
Enter on a link to go to that link. Press B to go back to the previous link. Search forward
and back for text using the / (slash) and ? (question mark) keys, respectively.
The w3m seems the most sophisticated of these browsers. It features a nice default font selection
and seems to handle frames neatly; its use of colors also makes it easy to use. The links browser
lets you use the mouse to cut and paste text.
You can start any of these text-based Web browsers by entering a fi lename, or if you have an
active connection to the network, a Web address as an option to the command name. For example, to read the w3m documentation (which is in HTML format) with a w3m browser, type the
following from a Terminal window or other shell interface:
$ w3m /usr/share/doc/w3m*/MANUAL.html
An HTML version of the W3M Manual is displayed. Or you can give w3m a URL to a Web page,
such as the following:
$ w3m www.handsonhistory.com
After a page is open, you can begin viewing the page and moving around to links included in it.
Start by using the arrow keys to move around and select links. Use the Page Up and Page Down
keys to page through text.
183
Part II: Running a Linux Desktop
Summary
A number of high-quality applications are available to fulfill your needs for a Web browser and
e-mail client in Linux. Most Web browsers are based on the Mozilla Gecko engine (which came
originally from Netscape Navigator). Firefox has become the main Linux Web browser. The combination of security, ease-of-use features, and extensions has made Firefox an extremely popular
Web browser for both Linux and Windows users.
Graphical and text-based e-mail clients include Evolution, SeaMonkey Mail, and KMail.
Thunderbird has become the next generation e-mail client to replace SeaMonkey Mail. Textbased mail clients include mail, mutt, and pine.
184
CH APTER
Gaming with Linux
E
very type of PC gaming is available now with Linux. Whether you
are looking for a solitaire game to fill time or a full-blown online 3D
gaming experience, you will have dozens (or hundreds) of choices
on the Linux desktop.
Although some companies, such as ID Software (Quake) and Epic Games
(Unreal Tournament) have done work to port their games to Linux, others
have used third-party developers (such as RuneSoft) to port commercial games to Linux. Independent games developers, such as Frictional
Games (http://frictionalgames.com) and Introversion Software
(www.introversion.co.uk) are now producing high-quality gaming
experiences in Linux. Linux clients for commercial online gaming, such as
EVE Online (www.eve-online.com), are also available.
This chapter provides an overview of the state of Linux gaming today. It
describes games that were created specifically to run in Linux, and explains
how to find commercial games that run in Linux (either with a Linux version or running a Windows version along with Windows compatibility software, such as Cedega).
Jumping into Linux Gaming
If you have a Linux system running and want to get started playing a game
right now, here are some suggestions:
Check the Games menu—Most Linux desktop systems come
with a bunch of games already installed. If you are running either
a GNOME or KDE desktop in Linux, select Applications ➪ Games
185
IN THIS CHAPTER
Gaming in Linux
Playing open source games
Running commercial Linux
games
Playing Windows games in
Linux
Part II: Running a Linux Desktop
from the panel. You should be able to select a variety of arcade, card, board, tactics, and
other games to keep you busy for a while. (KDE and GNOME games are described later
in this chapter.)
Games packaged for your Linux distribution —Many of the most popular open
source games are packaged to run on your Linux distribution. In Fedora, open the Add/
Remove Software (PackageKit) window and select Games to see a list of more than 200
games you can download and play. In Ubuntu, the Add/Remove Applications window
shows more than 300 games on the Games menu to download and play.
Other open source games —If the open source game you want is not packaged for
your distribution, try going to the game’s project site to get the game. There are Internet
sites that contain lists of games, and links to each game’s site. The Wikipedia Linux
Gaming page (en.wikipedia.org/wiki/Linux_gaming) and the Linux Game Tome
(http://happypenguin.org) are good places to start.
Commercial Windows games —The latest commercial computer games are not all
ported to run in Linux. Boxed commercial games for Linux include Unreal Tournament
2003 and 2004, as well as about 50 first-rate commercial games that have been ported
to run in Linux. Using Cedega software from Transgaming.com, you can get hundreds
more commercial Windows games to run. Commercial Linux games are described in
more depth later in this chapter.
Before you can play some of the more demanding 3D games, you need to check that your hardware can handle the games. Some games requiring support for 3D hardware acceleration need
more RAM, faster processors, and particular video cards to run in Linux. Issues for setting up a
gaming machine in Linux are described later in this chapter.
Here is a quick list of games that are available on Fedora and many other Linux distributions
that you can try out. I’ve listed them in the order of simple-and-addicting to more-complex-andaddicting:
186
Frozen Bubble (www.frozen-bubble.org)—The Frozen Bubble game is often mentioned as the most addictive Linux game. Shoot frozen bubbles and colored groups of
bubbles as they slowly descend on you. Clear bubbles in sets of three or more until they
are all gone (or come down and freeze you). The game can be played with multiple players. (Install the frozen-bubble package and select it from the Games menu.)
Gweled (http://sebdelestaing.free.fr/gweled)—In this clone of the popular
Bejeweled game, exchange two jewels on the board to match three or more jewels (vertically or horizontally). (Install the gweled package and select Gweled from the Games
menu.)
WarZone 2100 (www.warzone2100.strategyplanet.gamespy.com)—This 1999
real-time strategy game was released in open source in 2004. Build a base from which
you design and build vehicles and weapons, set up structures, and research new technologies to fight a global war. (Install the warzone2100 package and select Warzone
2100 from the Games menu.)
Chapter 7: Gaming with Linux
Quake 3 Arena (ftp.idsoftware.com/idstuff/)—Several first-person shooter
games in the Quake series are available for download from id Software. In Fedora, install
the quake3 package and select Quake 3 Arena. The application that starts up lets you
download a demo version of the Quake3 datafiles, which can be freely downloaded.
Read and accept the licensing terms to download the data files and begin playing the
Quake 3 Arena demo.
Vega Strike (http://vegastrike.sourceforge.net)—Explore the universe in the
3D action, space simulation game. Accept missions to transport cargo, become a bounty
hunter, or patrol space. In this 3D environment you can chat with bartenders or watch
news broadcasts to keep up with events in the universe. (To play this game in Fedora,
install the vegastrike package and select Vega Strike from the Games menu.)
Figure 7-1 shows small screen shots of the games just described.
FIGURE 7-1
Games to install from the Fedora Repository include Frozen Bubble, Gweled, Warzone 2100, Quake 3
Arena, and Vega Strike.
Note
Despite gains in gaming support in Linux, a lot of popular Windows games still don’t run in Linux. For that
reason, some PC gamers maintain a separate Windows partition on their computers so they can boot to
Windows to play particular games. Overview of Linux Gaming
Linux is a wonderful platform for both running and, perhaps more especially, developing computer games. Casual gamers have no shortage of fun games to try. Hardcore gamers face a few
more challenges with Linux. Here are some of the opportunities and challenges as you approach
Linux gaming:
3D acceleration—If you are a more serious gamer, you will almost certainly want a
video card that provides hardware acceleration. Open source drivers for some video
cards are available from the DRI project. Video cards from NVIDIA and ATI often have
187
Part II: Running a Linux Desktop
binary-only drivers available. Fun open source games, such as PenguinPlanet Racer,
BZFlag, and others that recommend hardware acceleration, will run much better if you
get one of these supported cards and drivers. Some commercial games will not run at all
without 3D acceleration support.
Gaming servers —Many commercial computer games that don’t have Linux clients
available do have Linux game servers associated with them. So Linux is a great operating system for hosting a LAN party or setting up an Internet gaming server.
Linux gaming development—Some of the most advanced tools and application programming interfaces (APIs) for developing computer games run on Linux systems.
If you are interested in developing your own games to run in Linux, check out the
OpenGL (http://opengl.org) and Simple Directmedia Layer (www.libsdl.org)
projects. Blender (www.blender.org) is an open source project for doing animations,
3D models, post-production, and rendering that is being used today in commercial
games and movie animations.
Although the development tools available for developing open source games are awesome, a
primary goal of this book is to get you up and using Linux as quickly as possible. To that end,
I want to give you details on how to get hold of games that already run well in Linux and then
show you how to get games working in Linux that are intended for other platforms (particularly
Windows and some classic gaming consoles).
Basic Linux Gaming Information
Many Web sites provide information about the latest games available for Linux, as well as links to
download sites. Here are several to get you started:
188
TransGaming Technologies (www.transgaming.com)—This company’s mission is
to bring games from other platforms to Linux. It is the provider of Cedega, formerly
known as WineX, a powerful tool that enables you to play hundreds of PC games on
your Linux system.
The Linux Game Tome (http://happypenguin.org)—Features a database of
descriptions and reviews of tons of games that run in Linux. You can do keyword
searches for games listed at this site. It also has links to sites where you can get the different games and to other gaming sites.
Linuxgames.com (http://linuxgames.com)—This site can give you some very good
insight into the state of Linux gaming. There are links to HOWTOs and Frequently
Asked Questions (FAQs), as well as forums for discussing Linux games. There are also
links to Web sites that have information about specific games.
id Software (www.idsoftware.com)—Go to the id Software site for information on
Linux versions for Quake and Return to Castle Wolfenstein.
Linuxgamepublishing.com (www.linuxgamepublishing.com)—Linuxgamepublishing.com aims to be a one-stop shopping portal for native Linux games, as well as for
Chapter 7: Gaming with Linux
ports of games from other platforms. At the time of this writing, it offers about a dozen
games. To purchase games from this site, you must create a user account.
Loki Entertainment Software (www.lokigames.com)—Loki provided ports of best-selling games to Linux but went out of business in 2001. Its products included Linux versions
of Civilization: Call to Power, Myth II: Soulblighter, SimCity 3000, Railroad Tycoon II, and Quake
III Arena. The Loki Demo Launcher is still available to see demo versions of these games,
and some boxed sets are available for very little money. The Loki site also offers a list of
commercial resellers for its games, which may or may not still carry those games.
Tux Games (www.tuxgames.com)—The Tux Games Web site is dedicated to the sale of
Linux games. In addition to offering Linux gaming news and products, the site lists its
top-selling games and includes notices of games that are soon to be released.
Wikipedia (http://en.wikipedia.org)—In the past few years, Wikipedia
has become a wonderful resource for information on both commercial and open
source games available for Linux. From the Wikipedia Linux games list (http://
en.wikipedia.org/wiki/Linux_games) you can find links to free Linux games,
Commercial Linux Games, and Professionally Developed Linux Games.
Linux Gamers’ FAQ (http://icculus.org/lgfaq)—Contains a wealth of information about free and commercial Linux games. It lists gaming companies that have
ported their games to Linux, tells where to get Linux games, and answers queries
related to common Linux gaming problems. For a list of Linux games without additional
information, see http://icculus.org/lgfaq/gamelist.php.
Although the sites just mentioned provide excellent information on Linux gaming, not all open
source games have been packaged specifically for every version of Linux. Even though you can
always nudge a game into working on your particular Linux distribution, it’s probably easiest to
start with games that are ready to run. The following list provides information about where to
find out about games packaged for different Linux distributions:
Fedora—Much of the recent increase in Fedora games has come from the Fedora Games
SIG (Special Interest Group). You can check out that SIG’s activities for information on
other games of interest that have not made it into Fedora at http://fedoraproject
.org/wiki/SIGs/Games.
Debian—Debian games resources are listed at the Debian wiki. Visit the games section
at http://wiki.debian.org/Game.
Ubuntu—The Games Community Ubuntu Documentation page offers some good information about available games and gaming initiatives related to Ubuntu (http://help
.ubuntu.com/community/Games).
Slackware —Though GNOME and KDE games run fine in Slackware, not a lot of gaming resources are particular to Slackware. However, because Slackware contains a solid
set of libraries and development tools, many open source games will compile and run
in Slackware if you are willing to get the source code for the game you want and build it
yourself.
189
Part II: Running a Linux Desktop
Choosing Gaming Hardware for Linux
In general, you need more RAM, a stronger processor, and a bit more disk space for gaming than
you need for most Linux applications. Some of the most demanding commercial PC games will
run best with at least 1GB of RAM and a 1 GHz processor. However, the video card is usually the
most important piece of hardware.
Because 3D games place extraordinary demands on your video hardware, choosing a good video
card and configuring it properly is one of the keys to ensuring a good gaming experience. For
advanced gaming, you need to go beyond what an old 64-bit card can do for you.
Binary-only video card drivers
Most serious Linux gamers have either an NVIDIA or ATI card, so that’s the short answer to
starting out with serious Linux gaming. Although open source drivers are available from most
NVIDIA and ATI cards, those drivers do not support 3D hardware acceleration. Though that’s
fine for most desktop applications, for gaming you want to get the binary-only drivers for those
cards from the following locations:
NVIDIA—To get NVIDIA drivers that run in Linux, go to the Unix Drivers Portal Page
(www.nvidia.com/object/unix.html).
ATI—To find Linux drivers for ATI video cards, visit the ATI support Knowledge
Base page that describes Linux drivers at http://ati.amd.com/ and click on the
Knowledgebase tab.
Note
The rpm.livna.org site has greatly simplified the process of installing ATI and NVIDIA drivers for Fedora. Refer
to the Livna Switcher page (http://rpm.livna.org/) to learn how to install RPM packages containing the
ATI or NVIDIA drivers you need. (Livna is going to a new site, RPMfusion.org. Try RPMfusion.org if the
drivers you need are no longer at the Livna site.) When you go to get a binary-only video driver, be sure that you know not only the video card
model you are using, but also the name and version of your X server. Type X –version to see
the version. (XFree86 used to be the most popular, but most Linux distributions now use X.Org.)
Resulting video driver modules may be specific to the Linux kernel you are running. So, know
that if you upgrade your kernel, you might need to reinstall your video driver as well.
Caution
If you load a binary-only driver, it does what is referred to as “tainting the kernel.” As a result, you won’t be
able to get support if you run into problems (at least from kernel.org) because, lacking the source code,
it is hard to debug driver-related problems. Also, binary-only drivers are known to cause obscure problems
because they get out of sync with kernel code changes. Similarly, binary-only drivers for some Linux systems
aren’t updated as frequently as the kernel. Although many people, including myself, use binary-only drivers in
special cases, they do have shortcomings that you should be aware of. 190
Chapter 7: Gaming with Linux
Open source video drivers
If you want to use open source drivers for 3D accelerated gaming, whether you are running the
games using Cedega or natively in Linux, look for cards that have drivers that support OpenGL.
The DRI project is one initiative that is creating OpenGL driver implementations. Information
about the DRI project can be found on its site (http://dri.freedesktop.org/wiki/).
ATI Technologies —You don’t have to use binary-only drivers to get 3D acceleration for
some ATI video cards with open source drivers. Chip sets from ATI Technologies that
support DRI include the Mach64 (Rage Pro), Radeon SDR/DDR, Radeon 7000-9800,
Radeon X300-X1250, Radeon X1200-X1950 and Rage 128 (Standard, Pro, Mobility).
Cards based on these chip sets include All-in-Wonder 128, Rage Fury, Rage Magnum,
Xpert 99, Xpert 128, and Xpert 2000. (ATI is now a subsidiary of AMD.)
3dfx—If you can find a used unit on eBay (3dfx is no longer in business), several 3dfx
cards support DRI. In particular, the Voodoo (3, 4, and 5) and Banshee chip sets have
drivers that support DRI. Voodoo 5 cards support 16 and 24 bpp. Scan Line Interleaving
(SLI), where two or more 3D processors work in parallel (to result in higher frame rates),
is not supported for 3dfx cards.
3Dlabs —Graphics cards containing the MX/Gamma chip set from 3Dlabs have drivers
available that support DRI in Linux.
Intel—Supported video chip sets from Intel include the i810 (e, e2, and -dc100), i815,
i815e, i830G, i845G, i852/855, i865G, i915, i945, i965, G3x, and G4x.
Matrox—The Matrox chip sets that have drivers that support DRI include the G200,
G400, G450, and G550. Cards that use these chips include the Millennium G450,
Millennium G400, Millennium G200, and Mystique G200.
To find out whether DRI is working on your current video card, type the following:
$ glxinfo | grep rendering
direct rendering: Yes
This example shows that direct rendering is enabled. If it were not supported, the output would
say No instead of Yes. Although DRI can be important, many games implement OpenGL rendering, which is a feature supported by both NVIDIA and ATI video cards. To enable rendering for
cards that support it, add the following line to your /etc/X11/xorg.conf file:
Load
“render”
Running Open Source Linux Games
A handful of games are delivered with most desktop-oriented Linux distributions. The GNOME
and KDE environments, which are available with most desktop Linux distributions (described in
Chapter 3), each has a set of games associated with it.
191
Part II: Running a Linux Desktop
GNOME games
More than a dozen basic games are delivered with the GNOME desktop. If you are just looking
for a game to pass a bit of time, one of the GNOME games will probably work fine for you.
Coming from Windows
GNOME games consist of some old card games and a bunch of games that look suspiciously like those you
would find on Windows systems. If you are afraid of losing your favorite desktop diversion (such as Solitaire,
FreeCell, and Minesweeper) when you leave Windows, have no fear. You can find many of them under
GNOME games. Default installations of Ubuntu, Fedora, and other Linux systems include the gnome-games package. Table 7-1 lists the games included in the gnome-games package. See the GNOME Games site
(http://live.gnome.org/GnomeGames/) for further details.
TABLE 7-1
GNOME Games
Game
Description
AisleRiot Solitaire
You can select from among 28 different solitaire card games.
Blackjack
Card game where you try to get closer to 21 (without going over) than the dealer.
Chess
Chess game that can be played in 2D or 3D against the computer.
Five or More
Clone of the color lines game (glines).
Four-In-A-Row
Drop balls to beat the game at making four in a row.
FreeCell Solitaire
A popular solitaire card game.
GnomeFallingBlocks /
Gnometris
GNOME Tetris-like game.
Iagno
Disk flipping game, similar to reversi.
Klotski
Move pieces around to allow one piece to escape.
Mahjongg
Classic Asian tile game.
Mines
Minesweeper clone. Click on safe spaces and avoid the bombs.
Nibbles
Steer a worm around the screen while avoiding walls.
Robots
Later version of Gnobots, which includes movable junk heaps.
Same GNOME
Eliminate clusters of balls for high score.
Sodoku
A Japanese logic puzzle where you fill in numbers instead of words.
192
Chapter 7: Gaming with Linux
Game
Description
Tali
Yahtzee clone. Roll dice to fill in categories.
Tetravex
A clone of Tetravex from the GNOME project. Move blocks so that numbers
on each side align.
KDE games
A bunch of games are available for the KDE desktop environment. (In Fedora, Ubuntu, and other
versions of Linux that include KDE, these games come in the kdegames package.) Table 7-2 contains a list of KDE games. A different set of games may be included with your Linux distribution.
TABLE 7-2
Games for the KDE Desktop
Game
Description
Arcade Games
KAsteroids
Destroy asteroids in the classic arcade game.
KBounce
Add walls to block in bouncing balls.
KFoul Eggs
Squish eggs in this Tetris-like game.
Klickety
Click color groups to erase blocks in this adaptation of Clickomania.
Kolf
Play a round of virtual golf.
KSirtet
Tetris clone. Try to fill in lines of blocks as they drop down.
KSmileTris
Tetris with smiley faces.
KSnakeRace
Race your snake around a maze.
KSpaceDuel
Fire at another spaceship as you spin around a planet.
Board Games
Atlantik
Play this Monopoly-like game against other players on the network.
KBackgammon
Online version of backgammon.
KBlackBox
Find hidden balls by shooting rays.
Kenolaba
Move game pieces to push opponents’ pieces off the board.
KMahjongg
Classic oriental tile game.
continued
193
Part II: Running a Linux Desktop
TABLE 7-2
(continued)
Game
Description
KReversi
Flip game pieces to outmaneuver the opponent.
Shisen-Sho
Tile game similar to Mahjongg.
Kwin4
Drop colored pieces to get four pieces in a row.
Card Games
KPoker
Video poker clone. Play five-card draw, choosing which cards to hold and
which to throw.
Lieutenant Skat
Play the card game Skat.
Patience
Choose from nine different solitaire card games.
Tactics and Strategy
KAtomic
Move pieces to create different chemical compounds.
KGoldrunner
Strategy puzzle game.
KJumping Cube
Click squares to increase numbers and take over adjacent squares.
KMines
Minesweeper clone. Click safe spaces and avoid the bombs.
Kolor Lines
Move marbles to form five-in-a-row and score points.
Konquest
Expand your interstellar empire in this multiplayer game.
Potato Guy
Build your own potatohead face.
SameGame
Erase game pieces to score points.
The games on the KDE menu range from amusing to quite challenging. If you are used to playing
games in Windows, KMines and Patience will seem like old favorites. KAsteroids and KPoker are
good for the mindless game category.
Games in Fedora
Fedora offers an extensive set of games, resulting from a very active Games special interest group
(http://fedoraproject.org/wiki/SIGs/Games). Table 7-3 lists some of the games that are
included in the Fedora software repository.
194
Chapter 7: Gaming with Linux
TABLE 7-3
Games from Fedora
Game
Description
Beneath a Steel Sky
(beneath-a-steel-sky)
A popular commercial science fiction adventure game from the early 1990s,
set in a repulsive, futuristic city.
BSD Games (bsdgames)
Text-based card games and adventure games dating back to early UNIX
systems of the 1970s and run from the shell.
BZFlag (bzflag)
3D multiplayer tank battle game.
Celestia (celestia)
OpenGL real-time visual space simulation. (Available under the Other menu.)
Flight Gear (FlightGear)
Flight simulator game.
FooBilliard (foobilliard)
OpenGL billiard game.
Freeciv (freeciv)
The Freeciv multiplayer strategy game.
Freedoom (freedoom)
Data files for Doom game engines (use with prboom package, which
provides an open source port of the Doom engine).
Freedroid (freedroid)
Clone of the C64 game Paradroid.
Freedroid RPG
(freedroidrpg)
Freedroid theme for role-playing game with Tux as hero.
GL-117 (gl-117)
Action flight simulator.
Chess (gnuchess)
The GNU chess program. Used with the xboard package to provide a
graphical chess game.
Lacewing (lacewing)
Asteroid game sporting different types of ships.
Lincity (lincity-ng)
Build simulated cities.
LMarbles (lmarbles)
Atomix clone where you create figures out of marbles.
Maelstrom (Maelstrom)
A space combat game.
Nexuiz (nexuiz)
Death match–oriented first-person shooter (multiplayer).
Overgod (overgod)
Another Asteroid-like game.
Powermanga
(powermanga)
Arcade 2D shoot-them-up game.
PPRacer (ppracer)
3D racing game featuring Tux.
Rogue (rogue)
Graphical version of classic adventure game.
continued
195
Part II: Running a Linux Desktop
TABLE 7-3
(continued)
Game
Description
Scorched Earth
(scorched3d)
Game based loosely on the classic DOS game Scorched Earth.
Sirius (sirius)
Othello for GNOME.
Starfighter (starfighter)
A space arcade game. (Available by typing the /usr/games/starfighter
command.)
SuperTux (supertux)
Jump ‘n run like game similar to Mario Bros.
TORCS (torcs)
The Open Racing Car Simulator.
The Ur-Quan Masters
(uqm)
A port of the classic game Star Control II.
Vega Strike (vegastrike)
Spaceflight simulator (3D OpenGL).
Virus Killer (viruskiller)
Frantic shooting game where viruses invade your computer.
Worminator
(worminator)
Multilevel shoot-’em-up game.
Chess (xboard)
An X Window System graphical chessboard.
X Pilot (xpilot-ng)
Multiplayer space arcade game. (The xpilot-ng-server is also available.)
xplanet (xplanet)
Render a planetary image into an X window. (Available by typing the
xplanet command.)
The following sections describe two of the more interesting games that you can download
directly from the Fedora repository: Freeciv and Extreme Tux Racer.
Freeciv
Freeciv is a free clone of the popular Civilization game series from Atari. With Freeciv, you create a
civilization that challenges competing civilizations for world dominance.
Note
A commercial port of Civilization for Linux (Civilization: Call to Power) was created a few years ago by Loki
Games (described later in this chapter). The commonly distributed version of Freeciv contains both client software (to play the game) and
server software (to connect players together). You can connect to your server and try the game yourself or (with a network connection) play against up to 14 other players on the Internet. To install
Freeciv if your Linux distribution doesn’t offer it, check out the download page on the http://
freeciv.wikia.com Web site. Choose your language, start downloading, install, and have fun.
196
Chapter 7: Gaming with Linux
You can start Freeciv from a Terminal window by typing
$ civclient &
Note
If Freeciv won’t start, you may be logged in as root. You must be logged in as a regular user to run the civ
command. You can play a few games by yourself, if you like, to get to know the game before you play against
others on the network. Follow these steps to start your first practice Freeciv game:
1. Select Start New Game. (In addition to starting the client, this action also starts
civserver, which allows others to connect to your game, if you like.) You are asked to
choose the number of players, skill level, and other game options.
2. Select 2 to play against the computer or more if you want others to join in; then
click Start. A What Nation Will You Be? window appears on the client, as shown in
Figure 7-2.
FIGURE 7-2
Choose a nation to begin Freeciv.
3. Choose a nation, name a leader, select your gender, choose the style of the city, and then
click OK. At this point, you should be ready to begin playing Freeciv.
Getting started with Freeciv
Check out the Freeciv window before you start playing the game:
Click the Help button for topical information on many different subjects that will be
useful to you as you play. (You can find more help at the Freeciv site.)
197
Part II: Running a Linux Desktop
The world (by default) is 80 × 50 squares, with 11 × 8 squares visible at a time.
The active square contains an icon of the active unit (fl ashing alternatively with the
square’s terrain).
Some squares contain special resources. Press and hold the middle mouse button for
information on what special resources a square contains. (With a two-button mouse,
hold the Ctrl key and click the right mouse button.) Try this a few times to get a feel for
the land around you. This action also identifies any units on the terrain, as well as statistics for the unit.
To see the world outside your 11 × 8 viewing area, click the scroll bars outside the map. At
first, the part of the world you haven’t explored yet will be black. As units are added, areas
closer to those units will be visible. (Press C to return to the active part of your map.)
An overview map is in the upper-left corner of the Freeciv window. As the world
becomes more civilized, this provides a good way to get an overview of what is going
on. Right-click a spot on the overview map to have your viewport centered there.
198
The menu bar contains buttons you can use to play the game:
The Game menu enables you to change settings and options, view player data, view
messages, and clear your log.
The Kingdom menu enables you to change tax rates, find cities, and start revolutions.
The View menu enables you to place a grid on the map or center the view.
The Orders menu enables you to choose the items you build and the actions you take.
The Reports menu enables you to display reports related to cities, military, trade, and
science, as well as other special reports.
A summary of the economy of your civilization appears under the overview map.
Information includes number of people, current year, and money in the treasury.
Ten icons below the overview information represent how money is divided among luxuries (an entertainer), science (a researcher), and taxes (a tax collector). Essentially, these
icons represent how much of your resources are placed into improving each of those
attributes of your community.
When you have made all your moves for a turn, click Turn Done. Next to that, a light
bulb indicates the progress of your research (increasing at each turn). A sun icon starts
clear, but becomes brighter from pollution to warn of possible global warming. A government symbol indicates that you begin with a despotic government. The last icon tells
you how much time is left in a turn.
The Unit box shows information about your current unit. You begin with two Settlers
units (covered wagon icons) and one Explorer (a man icon) unit. Click on a Settler,
Explorer, city, or other unit to use it or learn about it.
Chapter 7: Gaming with Linux
Building your civilization
Start building your civilization. The Freeciv manual makes these suggestions:
To change the distribution of money, choose Government ➪ Tax Rates. Move the slider
bars to redistribute the percentage of assets assigned to luxury, science, and taxes. Try
increasing science and reducing taxes to start off.
Change the current unit to be a settler as follows: Click the stack of units on the map
and click one of the Settlers from the menu that appears.
Begin building a city by clicking Orders ➪ Build City. When prompted, type a name
for the city and click OK. The window that appears shows information about the city. It
starts with one happy citizen, represented by a single icon (more citizens will appear as
the game progresses).
The Food, Prod, and Trade lines reflect the raw productivity statistics for the city. The
first number shows how much is being produced; the second (in parentheses) shows the
surplus above what is needed to support the units. The Gold, Luxury, and Science lines
indicate the city’s trade output. Granary numbers show how much food is stored and
the size of the food store. The pollution level begins at zero.
Close the city window by clicking Close.
Exploring your world
To begin exploring, move the Settlers and the Explorer:
1. Using the numeric keypad, press the 9 key three times to begin exploring. You can
move the Explorer up to three times per turn. You begin to see more of the world.
2. When the next unit (a Settler) begins blinking, move it one square in another
direction. When you have made all the moves you want to make (or all that the game
allows), the Turn Done button is highlighted. Click Turn Done to start your next turn.
Information for the city is updated. (The city changes and grows, simply through the
passage of time reflected in the turns.)
3. Click the City to see the city window. Notice that information about the city has been
updated. In particular, you should see food storage increase. Close the city window.
4. Continue exploring and build a road. With the Explorer fl ashing, use the numeric
keypad to move it another three sections. When the Settler begins blinking, press R
to build a road. A small R appears on the square to remind you that the Settler is busy
building a road. Click Turn Done.
199
Part II: Running a Linux Desktop
Using more controls and actions
Now that you have some understanding of the controls and actions, the game can go in a lot of
different directions. Here are a few things that might happen next and things you can do:
After you take a turn, the computer gets a chance to play. As it plays, its actions are
reported to you. You can make decisions on what to do about those actions. Choose
Game ➪ Message Options. The Message Options window appears, containing a listing
of different kinds of messages that can come from the server and how they will be presented to you.
As you explore, you will run into other explorers and eventually other civilizations.
Continue exploring by selecting different directions on your numeric keypad.
Continue to move the Settler one square at a time after it has finished creating the road.
The Settler will blink again when it is available. Click Turn Done to continue.
At this point, you should see a message that your city has fi nished building Warriors.
When buildings and units are complete, you should usually check out what has happened. Click the message associated with the city, and then click Popup City. The city
window appears, showing you that it has additional population. The food storage may
appear empty, but the new citizens are working to increase the food and trade. You may
see an additional Warrior unit.
A science advisory may also appear to let you choose your city’s research goals. Click
Change and select Writing as your new research goal. You can then select a different
long-term goal as well. Click Close when you are done.
If your new Warrior is now blinking, press the S key to assign sentry mode to the
Warrior.
Select Reports from time to time to keep track of statistics about your Cities, Units,
Economy, Science, and other attributes of your world.
These moves provide familiarity with some of the actions of Freeciv. To learn some basic strategies
for playing the game, choose Help ➪ Help Playing.
Extreme Tux Racer
With Extreme Tux Racer, you guide Tux the penguin (the Linux mascot) down a snow-covered
hill as fast as you can. Extreme Tux Racer is an open source (GPL) version of TuxRacer, which was
once freeware, but was later made into a commercial game by Sunspire Studios.
To advance in Extreme Tux Racer, you need to complete courses in the allotted time while
overcoming whatever obstacle is presented (gathering herring or negotiating fl ags). You move
up to try different courses and achieve higher-level cups. Figure 7-3 shows a screenshot of
PlanetPenguin Racer.
200
Chapter 7: Gaming with Linux
FIGURE 7-3
Race Tux the penguin down a mountain.
Commercial Linux Games
When Loki Software, Inc. closed its doors a few years ago, the landscape of commercial gaming in Linux changed. Loki produced Linux ports of popular games, including Myth II and
Civilization: Call to Power, to name a couple, and many hoped it would help Linux become the premier gaming platform. Since then, no single company has stepped up to port that wide a range
of best-selling games to Linux. However, smaller Linux game publishers and companies porting popular Windows games to Linux have begun to pop up. Also, commercial games that run
natively are led by several popular games from id Software (described in the next section) and a
few gaming companies that have ported individual titles to Linux.
Some Loki games are still available for purchase on the Web. They sell for a fraction of their original price, but you are on your own if they don’t work because Loki Software is no longer there to
support them. The Loki Games Demo is still around, if you want to get a feel for a particular Loki
game before it disappears completely. (I describe how to find demo and packaged Loki Games
later in this chapter.)
201
Part II: Running a Linux Desktop
Although the state of Linux gaming has improved a great deal in the last few years, Linux is still
emerging as a gaming platform. Linux has some of the technology needed to support advanced
games, but the technology and developer support have not yet really come together. Most serious
gamers still maintain a Windows partition to support their gaming habits.
According to top game developers, significant hurdles—both technological and economic—
hinder development of games for Linux. In particular, the relatively small size of the Linux gaming market means that incentives to overcome some technical issues are not particularly strong.
However, these limitations are not overwhelming and small Linux gaming developers are beginning to make inroads. As you’ll see later in this chapter, even the hardcore game nut can successfully use Linux.
Getting started with commercial games in Linux
How you get started with Linux gaming depends on how serious you are about it. If all you want
to do is play a few games to pass the time, I’ve already described plenty of diverting X Window
games that come with Linux. If you want to play more powerful commercial games, you can
choose from the following:
Games for Microsoft Windows (Cedega 6.0) —Many of the most popular commercial games created to run on Microsoft operating systems will run in Linux using
Cedega. To get RPM versions of Cedega, you must sign up for a Cedega subscription
at www.transgaming.com. Make sure to check in with www.linuxgames.com to
see if there is a relevant HOWTO for working with the particular game you have in
mind. Many games are covered there including Half-Life and Unreal Tournament. To
see whether your favorite Windows game will run in Linux and Cedega, refer to the
TransGaming.Org Games Database at www.cedega.com/gamesdb.
Games for Linux (id Software and others) —Certain popular games have Linux
versions available. Most notably, id Software offers its DOOM and Return to Castle
Wolfenstein in Linux versions. Other popular games that run natively in Linux include
Unreal Tournament 2004 and 2005 from Atari (www.unrealtournament.com).
Commercial games that run in Linux without WINE, Cedega, or some sort of Windows
emulation typically come in a boxed version for Windows with some sort of Linux
installer included.
Independent Linux Game Developers —Several small companies are currently producing games for Linux. Notable Linux game developers include Introversion Software
(introversion.co.uk) and Frictional Games (www.frictionalgames.com).
Introversion’s games include Uplink, Darwinia, and Defcon. By the time you read this,
Multiwinia should also be available. Frictional games include Penumbra: Overture and
Penumbra: Black Plague, both of which portray 3D horror stories.
Linux games that were ported directly to Linux from the now defunct company Loki Software,
Inc. are still available. Although you cannot purchase the titles directly from Loki, you can go
202
Chapter 7: Gaming with Linux
online to one of Loki’s resellers at www.lokigames.com/orders/resellers.php3. For example, Amazon.com (one of the listed resellers) shows titles, including Quake III, Myth II: Soulblighter,
and Heretic II for Linux.
Playing commercial Linux games
To get your commercial games running in Linux, you should start from a site such as the Linux
Game Tome (www.happypenguin.org) or Linux Gamers’ FAQ (http://icculus.org/
lgfaq), which provide information on commercial games that run in Linux and help in getting
them to run. In most cases, you need to do the following:
Purchase a legal copy of the game.
Go to a Web site that describes how to install, get patches for, and work around any
issues related to playing the game in Linux.
Here are examples of a few commercial games that run well in Linux:
Duke 3D Atomic Edition for Linux (3D Realms) —Duke Nukem returns to earth to
face aliens and clean up Los Angeles in this third chapter in the Duke Nukem series.
Visit 3D Realms for official information about Duke 3D Atomic Edition (www.3drealms.
com/duke3d). See the Icculus.org site (http://icculus.org/duke3d/) for tips on
getting it running.
Unreal Tournament 2003 (Epic Games) —Multiplayer death match set in the future,
where warriors face each other with awesome weapons and stuff. Includes a Linux
installer. Go to Epic Games (www.epicgames.com) or the Unreal Tournament site
(www.unrealtournament.com) for the official information. Visit the Icculus.org site
for tips on installing in Linux (www.icculus.org/lgfaq#ut2k3_install).
Unreal Tournament 2004 (Epic Games) —Adds new maps, characters, vehicles, weapons, and modes of play to the 2003 edition.
The following sections describe Linux games from id Software, information about running
Windows games using Cedega in Linux, and games from the now-defunct Loki Games still available from other sources today.
id Software games
Among the most popular games running natively in Linux are Quake II, Quake III Arena, and
Return to Castle Wolfenstein from id Software, Inc. You can purchase Linux versions of these games
or download demos of each game before you buy. As noted earlier, Quake III Arena demos are
available in Fedora and other Linux software repositories.
Note
If you have trouble getting any id Software games running in Linux, refer to the Linux FAQs available from id
Software at http://zerowing.idsoftware.com/linux. 203
Part II: Running a Linux Desktop
Quake III Arena
Quake III Arena is a first-person, shooter-type game where you can choose from lots of weapons
(lightning guns, shotguns, grenade launchers, and so on) and pass through scenes with highly
detailed 3D surfaces. You can play alone or against your friends. There are multiplayer deathmatch and capture-the-flag competitions. Standalone play allows you to advance through a
tournament structure of skilled AI opponents. This version of the game has a selectable difficulty
level, from fairly easy to beat to downright impossible.
If your Linux distribution doesn’t already include it, a demo version of Quake III Arena for Linux
is available from the id Software Web site (click the demo link at www.idsoftware.com/
games/quake/quake3-gold/ and then look for the Linux demo). Because the demo is in the
form of a large shell script, to save it you can right-click the link and select Save Link As from
your Web browser. Figure 7-4 shows a screenshot from Quake III Arena.
FIGURE 7-4
Quake III Arena is a popular first-person shooter game that runs in Linux.
Return to Castle Wolfenstein
You battle with the Allies to destroy the Third Reich in Return to Castle Wolfenstein, which mixes
World War II action with creatures conjured up by Nazi scientists. It is based on the Quake III
Arena engine and offers single-player mode as well as team-based multiplayer mode.
If you purchase Return to Castle Wolfenstein for Linux, you actually get the Windows version with
an extra Linux installer. If you already have the Windows version, you can download the Linux
204
Chapter 7: Gaming with Linux
installer and follow some instructions to get it going. I downloaded the installer called
wolf-linux-1.31.x86.run from www.idsoftware.com/games/wolfenstein/rtcw/
index.php?game_section=updates. The INSTALL file (in /usr/local/games/
wolfenstein) describes which files you need to copy from the Windows CD.
To get a demo of Return to Castle Wolfenstein, go to www.idsoftware.com/games/
wolfenstein/rtcw/index.php?game_section=overview. Both single-player and
multiplayer demos are available.
Caution
You need an NVIDIA card to run Return to Castle Wolfenstein. Figure 7-5 is a screenshot from Return to Castle Wolfenstein running in Linux.
FIGURE 7-5
Return to Castle Wolfenstein combines strange creatures and World War II battles.
Playing TransGaming and Cedega games
TransGaming Technologies brings to Linux some of the most popular games that currently run
on the Windows platforms. Working with WINE developers, TransGaming is developing Cedega,
which enables you to run many different games on Linux that were originally developed for
Windows. Although TransGaming is producing a few games that are packaged separately and
tuned for Linux, in most cases it sells you a subscription service to Cedega instead of the games.
That subscription service lets you stay up-to-date on the continuing development of Cedega so
you can run more and more Windows games.
Coming from Windows
To get Windows games to run in Linux, Cedega particularly focuses its development on Microsoft DirectX
features that are required by many of today’s games. Issues related to CD keys and hooks into the Windows
operating system also must be overcome (such as requiring Microsoft Active Desktop). A Cedega subscription
has value, in part, because it lets you vote on which games you want to see TransGaming work on next. 205
Part II: Running a Linux Desktop
A full list of games supported by TransGaming, as well as indications of how popular they are
and how well they work, is available from the TransGaming site (www.cedega.com/gamesdb/).
Browse games by category or alphabetically. An asterisk marks games that are officially supported
by TransGaming. On each game description page is a link to a related Wiki Node, when one
exists, that gives you details about how well the game works under Cedega and tips for getting it
to work better.
Note
Depending on your distribution, you may need to get the vanilla kernel from kernel.org and boot that on your
system before running games with Cedega. TransGaming has added several new features to the Cedega GUI
(formerly called Point2Play). The Cedega GUI provides a graphical window for installing, configuring, and
testing Cedega on your computer. This application also lets you install and organize your games so you can
launch them graphically. Figure 7-6 shows an example of the TransGaming Cedega window. FIGURE 7-6
Use the Cedega window to launch Windows games in Linux.
Features in the new Cedega GUI window include a new look-and-feel and tools for individually
configuring how each game runs under Cedega. (If a game won’t run from the GUI, try launching
it from a Terminal window.) Here are some games that are known to run well in Cedega:
206
Day of Defeat: Source
World of Warcraft
Planescape
Silkroad Online
Half-Life 2
Call of Duty 2
Chapter 7: Gaming with Linux
To get binary copies (ones that are already compiled to run) of Cedega, you need to subscribe to
TransGaming. For details on how to become a “TransGamer,” click the Sign Up Today link on the
TransGaming home page (www.transgaming.com). Benefits currently include
Downloads of the latest version of Cedega
Access to Cedega support forums
Ability to vote on which games you want TransGaming to support next
Subscription to the Cedega newsletter
Cedega used to be known as WineX. The source code for WineX may become available in the
near future if you want to build your own WineX/Cedega package. To check availability, try the
SourceForge.net project site for WineX (sourceforge.net/projects/winex).
Loki Software game demos
To encourage people to get to know its games, Loki Software, Inc. offered a demo program that
let you choose from among more than a dozen of its games to download and try. You can still fi nd
some of its games for sale.
Caution
If you try to download any of the demos described in the following sections, make sure you have enough disk
space available. It is common for one of these demos to require several hundred megabytes of disk space. The Loki Demo Launcher page (www.lokigames.com/products/demos.php3) still offers
links to FTP sites from which you can download the Demo Launcher. The file that you want to
save is loki_demos-full-1.0e-x86.run. Save it to a directory (such as /tmp/loki) and do
the following:
1. Change to the directory to which you downloaded the demo. For example:
# cd /tmp/loki
Note
You may not need to be root user to install these games. However, the paths where the Demo Launcher tries
to write by default are accessible only to the root user. 2. As root user, run the following command (the program may have a different name if it
has been updated):
# sh loki_demos-full-1.0e.x86.run
3. If you have not used the Demo Launcher before, a screen appears asking you to identify
the paths used to place the Install Tool. If the default locations shown are okay with
you, click Begin Install.
207
Part II: Running a Linux Desktop
4. Assuming that no problem occurred writing to the install directories, you should see an
Install Complete message. Click Exit.
5. The Uninstall Tool window displays. If the paths for holding the Uninstall Tool are
okay, click Begin Install. The Install Complete message appears. Click Exit.
6. The next window enables you to set the locations for installing the Demo Pack. If the
paths are okay, click Begin Install.
7. A box shows the different demo games available. As you move the cursor over each
game, the disk space needed for the game is displayed. Click the games you want to
install and then click Continue.
8. A window displays the progress of each download. You may need to click an Update
button to complete the update and then click Finish to finish it.
9. The demo should now be ready to start. Either click Play or type loki_demos from a
Terminal window to start the program.
10. Select to start the game, and you’re ready to go.
The following sections describe a few games that may still be available. Again, these games may
not be available for long.
Civilization: Call to Power
You can build online civilizations with Civilization: Call to Power (CCP). Like earlier versions and
public spinoffs (such as the Freeciv described earlier in this chapter), Civilization: Call to Power for
Linux lets you explore the world, build cities, and manage your empire. The last version offered
by Loki Games includes multiplayer network competition and extensions that let you extend cities into outer space and under the sea.
If you like Freeciv, you will love CCP. Engaging game play is improved with enhanced graphics,
sound, and animation. English, French, German, Italian, and Spanish versions are available.
Note
Freeciv is dependent on the Open Sound System for audio support. The Open Sound home page (www
.opensound.com/osshw.html) has a list of supported sound cards, mostly older devices. If you do not
have a card that’s on the list, you may be unable to enjoy the audio. The CCP demo comes with an excellent tutorial to start you out. If you have never played a civilization game before, the tutorial is a great way to start. Figure 7-7 shows an example scene from
the Civilization: Call to Power for Linux demo.
Myth II: Soulblighter
If you like knights and dwarves and storming castles, Myth II: Soulblighter for Linux might be for
you. In Myth II, you are given a mission and some troops with various skills. From there, you
need strategy and the desire to shed lots of virtual blood to meet your goal.
208
Chapter 7: Gaming with Linux
FIGURE 7-7
Civilization: Call to Power features excellent graphics and network play.
Myth II was created by Bungie Software (the gaming company known more recently for the Halo
series) and ported to Linux by Loki Entertainment Software (www.lokigames.com). The Loki port
of the popular Myth game includes improved graphics and new scenarios. A demo version is available that runs well in most distributions (particularly Fedora/Red Hat). You can get it via the Demo
Launcher described earlier. You need at least a modest Pentium 133 MHz, 32MB RAM, 80MB swap
space, and 100MB of free disk space. You also need network hardware for multiuser network play
(network card or dial-up), and a sound card if you want audio. Figure 7-8 shows a screen in Myth II.
FIGURE 7-8
Use warriors, archers, and dwarves to battle in Myth II.
209
Part II: Running a Linux Desktop
Heretic II
Based on the Quake engine, Heretic II sets you on a path to rid the world of a deadly, magical
plague. As the main character, Corvus, you explore dungeons, swamps, and cities to uncover and
stop the plague. The graphics are rich, and the game play is quite engaging.
You will experience some crashing problems with Heretic II out of the box. Be sure to check
for the update to Heretic II at www.updates.lokigames.com, which should fi x most of the
problems.
Neverwinter Nights
BioWare (www.bioware.com) dipped its foot into Linux gaming waters with a Linux client for
its wildly popular Neverwinter Nights game. Neverwinter Nights is a classic role-playing game
in the swords-and-sorcery mold. You can develop your character and go adventuring or play
online with others via a LAN or over the Internet. You can even build your own worlds and host
adventures as the Dungeon Master. Neverwinter Nights is licensed by Wizards of the Coast to use
Dungeons & Dragons rules and material.
Of course, to use the Neverwinter Nights Linux client, you must purchase the game from BioWare.
You must also have access to certain files from a Windows installation of the game. Keep in mind
that getting Neverwinter Nights running is not a simple process. Important installation instructions and downloadable files are located at http://nwn.bioware.com/downloads/linuxclient.html. This site includes additional information about expansion packs and updates. If
you want the Neverwinter Nights experience on your Linux system to be pleasant, I highly recommend reading the instructions thoroughly. And you will need patience in addition to a highbandwidth Internet connection. Depending on the version of Neverwinter Nights to which you
have access, you may need to download up to 1.2GB of files.
Summary
With Linux ports of games such as Unreal Tournament 2004, Linux continues to grow as a gaming platform. You can spend plenty of late nights gaming on Linux. Old UNIX games that have
made their way to Linux include a variety of basic X Window–based games. Card games, strategy
games, and some action games are available for those less inclined to spend 36 hours playing
DOOM 3.
On the commercial front, Civilization: Call to Power for Linux and Myth II are available to use on
your Linux system. Unfortunately, these will probably disappear because Loki Software (which
ported those applications to Linux) went out of business. Fortunately, the future of high-end
Linux gaming seems to be in the hands of TransGaming Technologies, which has created Cedega
from previous WINE technology to allow Windows games to run in Linux.
Commercial games that run natively in Linux are also available. These include games from id
Software, such as Quake III Arena and Return to Castle Wolfenstein. Smaller Linux game developers
have also appeared, including Introversion Software and Frictional Games.
210
Part III
Learning System
Administration Skills
IN THIS PART
Chapter 8
Installing Linux
Chapter 9
Running Commands from the
Shell
Chapter 10
Learning Basic Administration
Chapter 11
Getting on the Internet
Chapter 12
Securing Linux
CH APTER
Installing Linux
I
f someone hasn’t already installed and configured a Linux system for
you, this chapter is going to help you get started so you can try out the
Linux features described in the rest of the book. Using live CDs and
improved installers, several of which are included with this book, getting
your hands on a working Linux system is quicker and more solid than ever
before.
If you are a first-time Linux user, I recommend that you
Try a bootable Linux—This book’s CD and DVD include several
bootable Linux systems. The advantage of a bootable Linux is
that you can try out Linux without touching the contents of your
computer’s hard drive. In particular, KNOPPIX is a full-featured
Linux system that can give you a good feel for how Linux works.
Using the DVD or CD, you can try out several different live CDs,
as described in Appendix A. Some of these live CDs also include
features for installing Linux to your hard disk. Although live CDs
tend to run slower than installed systems and often aren’t set up to
keep your changes after you reboot, they are good tools for starting out with Linux.
Install a desktop Linux system —Choose one of the Linux distributions and install it on your computer’s hard disk. Permanently
installing Linux to your hard disk gives you more flexibility for
adding and removing software, accessing and saving data to hard
disk, and more permanently customizing your system. Installing
Linux as a desktop system lets you try out some useful applications and get the feel for Linux before dealing with more complex
server issues.
213
IN THIS CHAPTER
Choosing a Linux distribution
Getting a Linux distribution
Understanding installation
issues
Part III: Learning System Administration Skills
This chapter provides you with an overview of how to choose a Linux distribution, and then
describes issues and topics that are common to installing most Linux distributions. Appendix A
describes which Linux distributions are included on this book’s DVD and CD and how to run
them live or use them to install Linux permanently. Each of the other chapters in this part of the
book is dedicated to understanding and installing a particular Linux distribution.
After you’ve installed Linux, you’ll want to understand how to get and manage software for
your Linux system. These important topics are covered throughout the book, but this chapter
describes the major packaging formats and tools to get you going.
Choosing a Linux Distribution
Dozens of popular Linux distributions are available today. Some are generalized distributions
that you can use as a desktop, server, or workstation system; others are specialized for business
or computer enthusiasts. One intention of this book is to help you choose which one (or ones)
will suit you best.
Using the DVD that comes with this book, you can boot directly to KNOPPIX (or several other
live CDs to try out Linux) or run an installer (to install one of several Linux distributions to your
computer’s hard disk). After you’ve tried out KNOPPIX and are ready to install Linux on your
hard disk, I recommend you try Fedora or Ubuntu.
Using the CD that comes with this book, you can boot directly to Damn Small Linux (or several
other smaller bootable Linux distros), Debian, or Gentoo (to do a network install of those distributions to your hard disk). Debian and Damn Small Linux are two distributions that can be set
up to work well on computers that are older and less powerful, or have a CD drive but no DVD
drive. For Debian and Ubuntu, this book also provides descriptions for setting up Debian as a
mail and Web server (see Chapters 13 and 14).
Linux at work
Because I know a lot of people who use Linux, both informally and at work, I want to share my
general impressions of how different Linux distributions are being used in the United States.
Many consultants I know who set up small office servers used to use Red Hat Linux. Some
have continued to use Red Hat Enterprise Linux (RHEL) whereas others have moved to Fedora,
CentOS (built from RHEL source code), Ubuntu, or Debian GNU/Linux. Mandriva Linux (formerly Mandrakelinux) has been popular with people wanting a friendly Linux desktop, but
Ubuntu and Fedora are also well-liked. The more technically inclined like to play with Gentoo
(highly tunable) or Slackware (Linux in a more basic form).
The agreement between Novell and Microsoft prompted some open source proponents to abandon SUSE. Whether this will result in a migration from SUSE in the enterprise space, however,
has yet to play out. However, right now, Red Hat Enterprise Linux offers the best choice in the
enterprise realm for those who object to the alliance.
214
Chapter 8: Installing Linux
As for the bootable Linuxes, everyone I know thinks they are great fun to try out and a good way
to learn about Linux. For a bootable Linux containing desktop software that fits on a full CD (or
DVD), KNOPPIX is a good choice, as is Ubuntu; for a bootable mini-CD size Linux, Damn Small
Linux works well. However, you can also try out these live CDs from the media that comes with
this book: INSERT, Puppy Linux, System Rescue CD, or BackTrack.
This book exposes you to several different Linux distributions. It gives you the advantage of
being able to see the strengths and weaknesses of each distribution by actually putting your
hands on it. You can also try to connect in to the growing Linux user communities because
strong community support results in a more solid software distribution and help when you need
it (from such things as forums and online chats).
Other distributions
There seems to be a new Linux distribution every five minutes and I really have to stop writing
this book at some point. To keep the descriptions of Linux distributions to a reasonable size (and
actually have the space to describe how to use Linux), several interesting Linux distributions
aren’t explored in this book.
Notable Linux distributions not included in this book are TurboLinux, Xandros, and CentOS.
TurboLinux (www.turbolinux.com) is a popular distribution in Asia Pacific countries. Xandros
(www.xandros.com), designed to operate well in Microsoft Windows environments, has recently
entered a patent agreement with Microsoft and seems to be moving from its desktop focus.
CentOS has become very popular among consultants who used to use Red Hat Linux. CentOS is
a rebuild of the Red Hat Enterprise Linux source code. So, people use it for servers that require
longer update cycles than you would get with Fedora. However, because CentOS and Red Hat
Enterprise Linux are built from technology developed for Fedora, you can learn a lot about how
to use those two distributions by using Fedora. The following sections explain how to look
beyond the confines of this book for those and other Linux distributions.
Getting Your Own Linux Distribution
By packaging a handful of Linux distributions with this book, I hoped to save you the trouble of
getting Linux yourself. If you have a DVD drive, perhaps you can use this opportunity to at least
try KNOPPIX, so you’ll better understand what’s being discussed. If you have a CD drive only, at
least boot directly to Damn Small Linux from the CD that comes with this book.
If for some reason you can’t use the software on the CD or DVD, you may want to get your own
Linux distributions to use with the descriptions in this book. Reasons you might want to get your
own Linux distributions include
No DVD drive —You need a bootable DVD drive on your computer to use the Linux
distributions on the DVD that comes with this book.
215
Part III: Learning System Administration Skills
Later distributions —You may want a more recent version of a particular distribution
than comes with this book.
Complete distributions —Because there’s limited space on the CD and DVD and
because some distributions require subscriptions or other fees, you may want to obtain
your own, more complete distribution with which to work.
Today, there is no shortage of ways to get Linux.
Finding another Linux distribution
You can go to the Web site of each distribution (such as http://fedoraproject.org/getfedora or http://slackware.com/getslack) to get Linux software. Those sites often let
you download a complete copy of their distributions and give you the opportunity to purchase a
boxed set.
However, one way to get a more complete view of available Linux distributions is to go to a Web
site dedicated to spreading information about Linux distributions. Use these sites to connect to
forums and download documentation about many Linux distributions. Here are some examples:
DistroWatch (www.distrowatch.com)—The first place I go to find Linux distributions is DistroWatch.com. Go to the Major Distributions link to read about the top
Linux distributions (most of which are included with this book). Links will take you to
download sites, forums, home pages, and other sites related to each distribution.
Linux.com Download Directory (www.linux.com/directory/Distributions)—
Select Linux distributions from among several categories (desktop, enterprise, live CD,
and so on). Descriptions, documentation, and download links are available for each
distribution listed.
If you don’t want to download and burn the CDs yourself, there are plenty of links on those sites
from places willing to sell you Linux CDs or DVDs. Distribution prices are often only a little bit
higher than the cost of the media and shipping. If you really like a particular Linux distribution, then purchasing it directly from the organization that makes it is a good idea. Doing so can
ensure the health of the distribution into the future.
Books that come with software included can also be a good way to get a Linux distribution.
Finding up-to-date documentation can be difficult when you have nothing but a CD to start out
with. Standard Linux documentation (such as HOWTOs and man pages) is often out of date with
the software. So, I would particularly recommend a book and distribution (such as this one or
Fedora and Red Hat Enterprise Linux Bible from Wiley Publishing) for first-time Linux users.
Understanding what you need
The most common media used to install Linux are CDs and DVDs that contain everything you
need to complete the install. Another way to start a Linux installation is with a CD that includes
216
Chapter 8: Installing Linux
an installation boot image and then get the parts of Linux you need live from the network as you
install Linux.
The images that are burned onto the CDs are typically stored on the Internet in software repositories. You can download the images and burn them to CDs yourself. Alternatively, the software
packages are usually also included separately in directories. Those separate software directories
enable you to start an install process with a minimal boot disc that can grab packages over the
network during the installation process. (Some of the installations I recommend with this book
are done that way.)
When you follow links to Linux software repositories, here’s what you look for:
Download directory—You often have to step down a few directories from the download link that gets you to a repository. Look for subdirectories that describe the distribution, architecture, release, and medium format. For example, mirrors for the Fedora
12 Linux distribution might be named fedora/releases/12/Fedora/i386/iso.
Other Linux distributions, such as Gentoo and Debian, have tools that will search out
online repositories for you, so you don’t have to find a mirror directory on your own.
(As an alternative, you can grab the Linux live CD or install images via BitTorrent, as
described later.)
ISO images —The software images you are going to burn to CD are typically stored in
ISO format. Some repositories include a README file to tell you what images you need
(others just assume you know). To install a distribution, you want the set of ISOs containing the Linux distribution’s binary files or a single live CD ISO.
Note
Although an ISO image appears as one file, it’s actually like a snapshot of a file system. You can mount that
image to see all the files the image contains by using the loop feature of the mount command. For example,
with an image called abc.iso in the current directory, create an empty directory (mkdir myiso) and, as
root, run the mount command: mount -o loop abc.iso myiso. Change to the myiso directory and you
can view the files and directories the ISO image contains. When you are done viewing the contents, leave the
directory and unmount the ISO image (cd .. ; umount myiso). MD5SUM —To verify that you got the right CDs completely intact, after you download
them look for a file named MD5SUM or ending in .md5 in the ISO directory. The file
contains one or more MD5 (128-bit) checksums, representing the ISO files you want to
check. Other distributions publish SHA1 checksums, which does 160-bit checksums.
You can use that file to verify the content of each CD (as described later).
Downloading the distribution
You can download each ISO image by simply clicking the link and downloading it to a directory
in your computer when prompted. You can do this on a Windows or Linux system.
217
Part III: Learning System Administration Skills
If you know the location of the image you want, with a running Linux system, the wget command is a better way to download than just clicking a link in your browser. The advantage of
using wget is that you can restart a download that stops in the middle for some reason. A wget
command to download a KNOPPIX CD image (starting from the directory you want to download
to) might look like this:
$ wget -c kernel.org/pub/dist/knoppix/KNOPPIX_V6.0.1CD-2009-02-08-EN.iso
If the download stops before it is completed, run the command again. The -c option tells wget
to begin where the download left off, so that if you are 690MB into a 696MB download when it
stopped, it just adds in the last 6MB.
A more “good citizen” approach to downloading your ISO images is to use a facility called
BitTorrent (http://bittorrent.com). BitTorrent enables you to download a file to your computer by grabbing bits of that file from multiple computers on the network that are downloading
the file at the same time. For the privilege, you also use your upload capacity to share the same
file with others as you are downloading.
During times of heavy demand with a new Linux distribution, BitTorrent can be the best way
to go. Some have portrayed BitTorrent as a tool for illegal activities, such as downloading copyrighted materials (movies, music, and so on). Because most Linux distributions contain only software covered under various open source licenses, there is no legal problem with using BitTorrent
to distribute Linux distributions. Check out http://linuxtracker.org for a list of Linux
distributions that you can download with BitTorrent.
If you are on a dial-up modem, you should strongly consider purchasing Linux CDs (or getting
them from a friend) if you don’t find what you want on the CD or DVD with this book. You might
be able to download an entire 700MB CD in a couple of hours on a fast DSL or cable modem connection. On a dial-up line, you might need an entire day or more per CD. For a large, multi-CD
distribution, available disk space can also become a problem (although, with today’s large hard
disks, it’s not as much of a problem as it used to be).
Burning the distribution to CD
With the CD images copied to your computer, you can proceed to verify their contents and burn
them to CD. All you really need is a CD burner on your computer.
With Linux running, you can use the md5sum or sha1sum commands to verify each CD.
Note
If you are using Windows to validate the contents of the Linux CD, you can get the MD5Summer utility
(www.md5summer.org) to verify each CD image. 218
Chapter 8: Installing Linux
Assuming you downloaded the MD5 file associated with each CD image, and have it in the same
directory as your CD images, run the md5sum command to verify the image. For example, to
verify the KNOPPIX CD shown previously in the wget example, you can type the following:
$ md5sum KNOPPIX_V6.0.1CD-2009-02-08-EN.iso
d642d524dd2187834a418710001bbf82 KNOPPIX_V5.1.1CD-2007-01-04-EN.iso
The MD5SUM file I downloaded previously from the download directory was called KNOPPIX_
V6.0.1CD-2009-02-08-EN.iso. It contained this content:
d642d524dd2187834a418710001bbf82
*KNOPPIX_V6.0.1CD-2009-02-08-EN.iso
As you can see, the checksum (first string of characters shown) that is output from the ISO image
matches the checksum in the MD5 file, so you know that the image you downloaded is the image
they put on the server. If the project uses sha1sum to verify its ISO images, you can test your
downloaded images with the sha1sum command, as follows:
$ sha1sum FC-6-i386-DVD.iso
6722f95b97e5118fa26bafa5b9f622cc7d49530c FC-6-i386-DVD.iso
After you have verified the sha1sum or md5sum of the CD or DVD, as long as you got the image
from a reliable site, you should be ready to burn the CD or DVD.
With your Linux distribution in hand (either the book’s DVD or CD, or the set of CDs you got
elsewhere), use commands such as cdrecord or k3b to burn your CD or DVD images to disk.
You can find instructions for installing the distributions from the CD or DVD in individual chapters devoted to each distribution (Chapters 17–28). Before you proceed, however, some information is useful for nearly every Linux system you are installing.
Exploring Common Installation Topics
Before you begin installing your Linux distribution of choice, you should understand some general Linux information. Reading over this information might help you avoid problems or keep
you from getting stuck when you install Linux.
Knowing your computer hardware
Every Linux distribution will not run on every computer. When installing Linux, most people
use a Pentium-class PC. Linux systems exist that are compiled to run on other hardware, such
as PowerPCs or x86_64-bit computers. However, the distributions provided with this book run
on 32-bit Pentium-class PCs. Note that because new Mac computers are built from standard Intel
components, installing Linux on those computers is possible as well (see the “Installing Linux on
Intel Macs” sidebar).
219
Part III: Learning System Administration Skills
Installing Linux on Intel Macs
Because of the popularity of MacBook and Mac mini-computers, which are based on Intel architecture,
several Linux projects have produced procedures for installing their systems to dual-boot with Mac OS
X. Most of these procedures involve using the Apple BootCamp software (www.apple.com/support/
bootcamp).
To install the Fedora Linux that comes with this book, refer to the Fedora on Mactel page (http://fedoraproject.org/wiki/FedoraOnMactel). For Ubuntu, refer to the Ubuntu MacBook page (https://
help.ubuntu.com/community/MacBook).
Minimum hardware requirements from the Fedora Project are pretty good guidelines for most
Linux systems:
Processor —The latest version of Fedora recommends that you have at least a Pentiumclass processor. For a text-only installation, a 200 MHz Pentium is the minimum,
whereas a 400 MHz Pentium II is the minimum for a GUI installation.
Note
If you have a 486 machine (at least 100 MHz), consider trying Damn Small Linux or Slackware. The problem
is that many machines that old have only floppy disks, so you can’t use the CD or DVD that comes with this
book. In that case, you can try ZipSlack (www.slackware.com/zipslack), which is a Slackware version
that comes on about 30+ floppy disk images or a 100MB Zip disk and can run on a 486 with at least 100MB
of disk space. 220
RAM—You should have at least 64MB of RAM to install most Linux distributions and
run it in text mode. Slackware might run on 8MB of RAM, but 16MB is considered
the minimum. If you are running in graphical mode, you will probably need at least
192MB. The recommended RAM for graphical mode in Fedora is 512MB. A GNOME
environment generally requires a bit less memory to run than a KDE environment. If
you are using a more streamlined graphical system (that runs X with a small window
manager, such as Blackbox), you might get by with as little as 32MB. In that case, you
might try Damn Small Linux or Slackware.
DVD or CD drive—You need to be able to boot up the installation process from a
DVD or CD. If you can’t boot from a DVD or CD, there are ways to start the installation from a hard disk or USB drive or by using a PXE install. Some distributions such
as Slackware let you use floppy disks to boot installation. After the install is booted, the
software can sometimes be retrieved from different locations (over the network or from
hard disk, for example).
Network card—If you are doing an install of one of the distributions for which we
provide a scaled-down boot disk, you might need to have an Ethernet card installed to
get the software you need over the network. A dial-up connection won’t work for network installs. You don’t have to be connected to the Internet necessarily to do a network
Chapter 8: Installing Linux
install. Some people download the necessary software packages to a computer on their
LAN, and then use that as an install server.
Disk space—You should have at least 3GB of disk space for an average desktop installation, although installations can range (depending on which packages you choose
to install) from 600MB (for a minimal server with no GUI install) to 7GB (to install
all packages). You can install the Damn Small Linux live CD to disk with only about
200MB of disk space.
If you’re not sure about your computer hardware, there are a few ways to check what you have. If
you are running Windows, the System Properties window can show you the processor you have,
as well as the amount of RAM that’s installed. As an alternative, you can boot KNOPPIX and let it
detect and report to you the hardware you have. (See Chapter 11 for instructions on running the
lspci and dmseg commands in Linux to view information about your computer hardware.)
Upgrading or installing from scratch
If you already have a version of the Linux you are installing on your computer, many Linux distributions offer an upgrade option. This lets you upgrade all packages, for example, from version
1 of the distribution to version 2. Here are a few general rules before performing an upgrade:
Back up data—The possibility exists that after you finish your upgrade, the operating
system won’t boot. Backing up any critical data and configuration files (in /etc) before
doing any major changes to your operating system is always a good idea.
Remove extra packages —If you have software packages you don’t need, remove them
before you do an upgrade. Upgrade processes typically upgrade only those packages
that are on your system. Upgrades generally do more checking and comparing than
clean installs do, so any package you can remove saves time during the upgrade process.
Check configuration files —A Linux upgrade procedure often leaves copies of old configuration files. You should check that the new configuration files still work for you.
Tip
Installing Linux from scratch goes faster than an upgrade. It also results in a cleaner Linux system. So if you
have the choice of backing up your data, or just erasing it if you don’t need it, a fresh install is usually best. Some Linux distributions, most notably Gentoo, have taken the approach of ongoing updates.
Instead of taking a new release every few months, you simply continuously grab updated packages as they become available and install them on your system.
Dual booting and virtualization
Having multiple, bootable operating systems on the same computer is possible. You can do this
using multiple partitions on a hard disk and/or multiple hard disks, then setting up to boot more
than one operating system. You could also create virtual guest operating systems that you can use
to run a Linux or other system within your current Linux or Windows system.
221
Part III: Learning System Administration Skills
Caution
Although tools for resizing Windows partitions and setting up multiboot systems have improved in recent
years, there is still some risk of losing data on Windows/Linux dual-boot systems. Different operating systems
often have different views of partition tables and master boot records that can cause your machine to become
unbootable (at least temporarily) or lose data permanently. Always back up your data before you try to resize
a Windows (NTFS or FAT) file system to make space for Linux. If you have a choice, install Linux on a machine
of its own or at least on a separate hard disk. Setting up for dual booting
If the computer you are using already has a Windows system on it, quite possibly the entire hard
disk is devoted to Windows. Although you can run a bootable Linux, such as KNOPPIX or Damn
Small Linux, without touching the hard disk, to do a more permanent installation you’ll want to
find disk space outside of the Windows installation. There are a few ways to do this:
Add a hard disk—Instead of messing with your Windows partition, you can simply
add a hard disk and devote it to Linux.
Resize your Windows partition —If you have available space on your Windows partition, you can shrink that partition so free space is available on the disk to devote to
Linux. Commercial tools such as Partition Magic from Symantec (www.symantec.
com) or Acronis Disk Director (www.acronis.com) are available to resize your disk
partitions and set up a workable boot manager. Some Linux distributions (particularly
bootable Linuxes used as rescue CDs) include a tool called QTParted that is an open
source clone of Partition Magic (which includes software from the Linux-NTFS project
for resizing Windows NTFS partitions).
Note
GParted is an alternative to QTParted. Type yum install gparted (in Fedora) or apt-get install
gparted (in Ubuntu) to install GParted. Run gparted as root to start it. Before you try to resize your Windows partition, you might need to defragment it. To defragment
your disk on some Windows systems, so that all of your used space is put in order on the disk,
open My Computer, right-click your hard disk icon (typically C:), select Properties, click Tools,
and select Defragment Now.
Defragmenting your disk can be a fairly long process. The result of defragmentation is that all the
data on your disk are contiguous, creating a lot of contiguous free space at the end of the partition. There are cases where you will have to do the following special tasks to make this true:
222
If the Windows swap file is not moved during defragmentation, you must remove it.
Then, after you defragment your disk again and resize it, you will need to restore the
swap file. To remove the swap file, open the Control Panel, open the System icon, and
then click the Performance tab and select Virtual Memory. To disable the swap fi le, click
Disable Virtual Memory.
Chapter 8: Installing Linux
If your DOS partition has hidden files that are on the space you are trying to free up,
you need to find them. In some cases, you won’t be able to delete them. In other cases,
such as swap files created by a program, you can safely delete those files. This is a bit
tricky because some files should not be deleted, such as DOS system files. You can use
the attrib -s -h command from the root directory to deal with hidden files.
After your disk is defragmented, you can use commercial tools described earlier (Partition Magic
or Acronis Disk Director) to repartition your hard disk to make space for Linux. Or use the open
source alternatives QTParted or GParted.
After you have cleared enough disk space to install Linux (see the disk space requirements in the
chapter covering the Linux distribution you’re installing), you can choose your Linux distribution and install it. As you set up your boot loader during installation, you will be able to identify
the Windows, Linux, and any other bootable partitions so that you can select which one to boot
when you start your computer.
Installing Linux to run virtually
Using virtualization technology such as VMWare, VirtualBox, Xen, or KVM, you can configure
your computer to run multiple operating systems simultaneously. Typically, you have a host operating system running (such as your Linux or Windows desktop), and then configure guest operating systems to run within that environment.
If you have a Windows system, you can use commercial VMWare products to run Linux on your
Windows desktop. Get a trial of VMWare Workstation (www.vmware.com/tryvmware) to see
if you like it. Then run your installed virtual guests with the free VMWare Player. With a fullblown version of VMWare Workstation you can run multiple distributions at the same time.
Open source virtualization products that are available with Linux systems include VirtualBox
(www.virtualbox.org), Xen (www.xen.org), and KVM (www.linux-kvm.org). VirtualBox
was developed originally by Sun Microsystems. Xen has been popular with Red Hat systems, but
Red Hat has begun moving recently toward KVM technology instead.
Using installation boot options
Sometimes a Linux installation fails because the computer has some non-functioning or nonsupported hardware. Sometimes you can get around those issues by passing options to the install
process when it boots up. Those options can do such things as disable selected hardware (nousb,
noscsi, noide, and so on) or not probe hardware when you need to select your own driver
(noprobe).
Although some of these options are distribution-specific, others are simply options that can be
passed to an installer environment that works from a Linux kernel. Chapter 21 includes a list of
many boot options that you can use with KNOPPIX and other Linux systems.
223
Part III: Learning System Administration Skills
Partitioning hard drives
The hard disk (or disks) on your computer provides the permanent storage area for your data
files, applications programs, and the operating system itself. Partitioning is the act of dividing a
disk into logical areas that can be worked with separately. In Windows, you typically have one
partition that consumes the whole hard disk. However, with Linux there are several reasons why
you may want to have multiple partitions:
Multiple operating systems —If you install Linux on a PC that already has a Windows
operating system, you may want to keep both operating systems on the computer. For
all practical purposes, each operating system must exist on a completely separate partition. When your computer boots, you can choose which system to run.
Multiple partitions within an operating system —To protect from having your entire
operating system run out of disk space, people often assign separate partitions to different areas of the Linux file system. For example, if /home and /var were assigned to
separate partitions, then a gluttonous user who fills up the /home partition wouldn’t
prevent logging daemons from continuing to write to log files in the /var/log
directory.
Multiple partitions also make doing certain kinds of backups (such as an image backup)
easier. For example, an image backup of /home would be much faster (and probably
more useful) than an image backup of the root file system (/).
Different file system types —Different kinds of file systems have different structures.
File systems of different types must be on their own partitions. In most Linux systems,
you need at least one file system type for / (typically ext3 or reiserfs) and one for your
swap area. File systems on CD-ROM use the iso9660 file system type.
Tip
When you create partitions for Linux, you will usually assign the file system type as Linux native (using the
ext2 or ext3 type on some Linux systems, and reiserfs on others). Reasons to use other types include needing
a file system that allows particularly long filenames, large file sizes, or many inodes (each file consumes an
inode).
For example, if you set up a news server, it can use many inodes to store news articles. Another reason for
using a different file system type is to copy an image backup tape from another operating system to your local
disk (such as one from an OS/2 or Minix operating system). Coming from Windows
If you have used only Windows operating systems before, you probably had your whole hard disk assigned
to C: and never thought about partitions. With many Linux systems, you have the opportunity to view and
change the default partitioning based on how you want to use the system. During installation, systems such as openSUSE and Fedora let you partition your hard disk using
graphical partitioning tools. The following sections describe how to partition your disk during a Fedora installation or use fdisk to partition your disk. See the section “Tips for Creating
Partitions” for some ideas for creating disk partitions.
224
Chapter 8: Installing Linux
Partitioning during Fedora installation
During installation, Fedora gives you the opportunity to change how your hard disk is partitioned. The Disk Setup screen is divided into two sections. The top shows general information
about each hard disk. The bottom shows details of each partition. Figure 8-1 shows an example
of the Disk Setup window.
FIGURE 8-1
Partition your disk during Fedora installation from the disk setup window.
For each of the hard disk partitions, you can see the following:
Device —The device name is the name representing the hard disk partition in the /
dev directory. Each disk partition device begins with two letters: sd for SATA or SCSI
disks, hd for IDE, ed for ESDI disks, or xd for XT disks. After that is a single letter representing the number of the disk (disk 1 is a, disk 2 is b, disk 3 is c, and so on). So, for
example, to refer to the entire first hard disk, use the device name /dev/sda. To refer
to a particular partition on that disk, add the partition number (1, 2, 3, and so on). For
example, /dev/sda1 represents the first partition on the first SATA hard drive on the
computer.
225
Part III: Learning System Administration Skills
Mount Point/Raid/Volume —The directory where the partition is connected into the
Linux file system (if it is). You must assign the root partition (/) to a native Linux partition before you can proceed. If you are using RAID or LVM, the name of the RAID
device or LVM volume appears here.
Type —The type of file system that is installed on the disk partition. In many cases,
the file system will be Linux (ext3), Win VFAT (vfat), or Linux swap. However, you can
also use the previous Linux file system (ext2), logical volume manager physical volume
(LVM), or software RAID. If an NTFS partition were shown in Figure 8-1 it would imply
that Windows is installed on this computer and this can, therefore, be used as a dualboot computer with Windows and Linux.
Format—Indicates whether the installation process should format the hard disk partition. Partitions marked with a check are erased! So, on a multi-boot system, be sure
your Windows partitions, as well as other partitions containing data you don’t want to
lose, are not checked!
Size (MB) —The amount of disk space allocated for the partition (in megabytes). If you
selected to let the partition grow to fill the existing space, this number may be much
larger than the requested amount.
In the top section, you can see each hard disk connected to your computer. The drive name is
shown first, followed by the amount of disk space and the model name of the disk.
Before you create any LVM logical volumes, you must create at least one physical LVM partition
and assign it to a volume group. To create a RAID array, you must create at least two physical
RAID partitions to assign to an array.
Reasons for partitioning
Different opinions exist as to how to divide up a hard disk. Here are some issues:
226
Do you want to install another operating system? If you want Windows on your computer along with Linux, you need at least one Windows (Win95 FAT16, VFAT, or NTFS
type), one Linux (Linux ext3), and one Linux swap partition.
Is it a multiuser system? If you are using the system yourself, you probably don’t need
many partitions. One reason for partitioning an operating system is to keep the entire
system from running out of disk space at once. That also serves to put boundaries on
what an individual can use up in his or her home directory (although disk quotas are
good for that as well).
Do you have multiple hard disks? You need at least one partition per hard disk. If your
system has two hard disks, you may assign one to / and one to /home (if you have lots
of users) or /var (if the computer is a server sharing lots of data). With a separate /
home partition, you can install another Linux system in the future without disturbing
your home directories (and presumably all or most of your user data).
Chapter 8: Installing Linux
Deleting, adding, and editing partitions
Before you can add a partition, some free space must be available on your hard disk. If all space
on your hard disk is currently assigned to one partition (as it often is in DOS or Windows), you
must delete or resize that partition before you can claim space on another partition. The section
“Dual Booting with Windows or Just Linux?” discusses how to add a partition without losing
information in your existing single-partition system.
Caution
Make sure to back up any data that you want to keep before you delete the partition. When you delete a partition, all of its data is inaccessible.
Disk Setup is less flexible but more intuitive than the fdisk utility. Disk Setup enables you to
delete, add, and edit partitions.
Tip
If you create multiple partitions, make sure that you have enough room in the right places to complete the
installation. For example, most of the Linux software is installed in the /usr directory (and subdirectories),
whereas most user data files are eventually added to the /home or /var directories. To delete a partition in Disk Setup, do the following:
1. Select a partition from the list of Current Disk Partitions on the main Disk Setup window (click it or use the arrow keys).
2. To delete the partition, click Delete.
3. When asked to confirm the deletion, click Delete.
4. If you made a mistake, click Reset to return to the partitioning as it was when you
started Disk Setup.
To add a partition in Disk Setup, follow these steps from the main Disk Setup window:
1. Select New. A window appears, enabling you to create a new partition.
2. Type the name of the Mount Point (the directory where this partition will connect to the
Linux file system). You need at least a root (/) partition and a swap partition.
3. Select the type of file system to be used on the partition. You can select from Linux
native (ext2 or preferably ext3), software RAID, Linux swap (swap), physical volume
(LVM), or Windows FAT (vfat).
Tip
To create a file system type different from those shown, leave the space you want to use free for now. After
installation is complete, use fdisk to create a partition of the type you want. 227
Part III: Learning System Administration Skills
4. Type the number of megabytes to be used for the partition (in the Size field). If you want
this partition to grow to fill the rest of the hard disk, you can put any number in this
field (1 will do fine).
5. If you have more than one hard disk, select the disk on which you want to put the partition from the Allowable Drives box.
6. Type the size of the partition (in megabytes) into the Size (MB) box.
7. Select one of the following Additional Size options:
Fixed size —Click here to use only the number of megabytes you entered into the
Size text box when you create the partition.
Fill all space up to (MB) —If you want to use all remaining space up to a certain
number of megabytes, click here and fill in the number. (You may want to do this
if you are creating a VFAT partition up to the 2048MB limit that Disk Setup can
create.)
Fill to maximum allowable size—If you want this partition to grow to fill the rest
of the disk, click here.
8. Optionally, select Force to Be a Primary Partition if you want to be sure to be able to
boot the partition or Check for Bad Blocks if you want to have the partition checked for
errors.
9. Click OK if everything is correct. (The changes don’t take effect until several steps later
when you are asked to begin installing the packages.)
To edit a partition in Disk Setup from the main Disk Setup window, follow these steps:
1. Click the partition you want to edit.
2. Click the Edit button. A window appears, ready to let you edit the partition definition.
3. Change any of the attributes (as described in the add partition procedure). For a new
install, you may need to add the mount point (/) for your primary Linux partition.
4. Select OK. (The changes don’t take effect until several steps later, when you are asked to
begin installing the packages.)
Partitioning with fdisk
The fdisk utility is available with almost every Linux system for creating and working with disk
partitions in Linux. It does the same job as graphical partitioning tools such as Disk Setup, but
runs in the shell.
Tip
During Fedora and other Linux installations that have virtual terminals running, you can switch to a shell
(press Ctrl+Alt+F2) and use fdisk manually to partition your hard disk. 228
Chapter 8: Installing Linux
The following procedures are performed from the command line as root user.
Caution
Remember that any partition commands can easily make your disk inaccessible. Back up critical data before
using any tool to change partitions! Then be very careful about the changes you do make. Keeping an emergency boot disk handy is a good idea, too. The fdisk command is available on many different operating systems (although it looks and
behaves differently on each). In Linux, fdisk is a menu-based command. To use fdisk to list all
your partitions, type the following (as root user):
# fdisk –l
Disk /dev/sda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot
/dev/sda1
*
/dev/sda2
/dev/sda3
Start
1
14
4834
End
13
4833
4865
Blocks
104391
38716650
257040
Id
83
83
82
System
Linux
Linux
Linux swap
To see how each partition is being used on your current system, type the following:
# df –h
Filesystem
/dev/sda2
/dev/sda1
Size
37G
99M
Used Avail Use% Mounted on
5.4G
30G 16% /
8.6M
86M 10% /boot
From the output of df, you can see that the root of your Linux system (/) is on the /dev/sda2
partition and that the /dev/sda1 partition is used for /boot.
Caution
Before using fdisk to change your partitions, I strongly recommend running the df –h command to see
how your partitions are currently being defined. This helps reduce the risk of changing or deleting the wrong
partition. To use fdisk to change your partitions, you need to identify the hard disk you are partitioning.
For example, the first SATA or SCSI hard disk is identified as /dev/sda. So, to partition your
first hard drive, you can begin (as root user) by typing:
# fdisk /dev/sda
For different hard drive types or numbers, /dev/sda is replaced by the name of the device you
want to work with. Table 8-1 shows some of your choices.
229
Part III: Learning System Administration Skills
TABLE 8-1
Disk Device Names
Device
Description
/dev/sda
For the first SATA or SCSI hard disk; sdb, sdc, and so on for other disks.
/dev/hda
For the first IDE drive.
After you have started fdisk, type m to see the options. Here is what you can do with fdisk:
Delete a partition—Type d and a partition number, and then press Enter. For example,
/dev/sda2 would be partition number 2. (The deletion won’t take effect until you write
the change—you can back out up to that point.)
Create a partition—If you have free space, you can add a new partition. Type n; then
choose e for an extended partition or p for a primary partition; then select a partition
number from the available range. You can have only four primary partitions. However,
after you have three primary partitions, make the fourth an extended partition (consuming all the remaining disk space). Then you can create many more logical partitions
from the space in your extended partition.
Next choose the first cylinder number from those available. (The output from fdisk –l
shown earlier will show you cylinders being used under the Start and End columns.)
After that, enter the cylinder number the partition will end with (or type the specific
number of megabytes or kilobytes you want; for example, +50M or +1024K). You just
created an ext3 Linux partition. Again, this change isn’t permanent until you write the
changes.
Change the partition type —Press t to choose the type of file system. Enter the partition number of the partition number you want to change. Type the number representing
the file system type you want to use in hexadecimal code. (Type L at this point to see
a list of file system types and codes.) For a Linux file system, use the number 83; for a
Linux swap partition, use 82; and for a windows FAT32 file system, use the letter b.
Display the partition table —Throughout this process, feel free to type p to display
(print on the screen) the partition table as it now stands.
Quit or save —Before you write your changes, display the partition table again and
make sure that it is what you want it to be. If you don’t like a change you made to your
partitions, press q to exit without saving. Nothing changes on your partition table.
If your changes are correct, write them to the partition table by pressing w. You are
warned about how dangerous changing partitions can be, and you must confirm the
change.
230
Chapter 8: Installing Linux
After you have changed your partition table, you must alert the kernel of the change. To do that,
run the partprobe command as root, as follows:
# partprobe
An alternative to the menu-driven fdisk command is sfdisk, which is a command line–
oriented partitioning tool. With sfdisk, you type the full command line to list or change partitions, instead of being taken through a set of prompts (as with fdisk). See the sfdisk man page
for details. Linux experts often prefer sfdisk because it can be used in combination with other
commands to take and output partitioning information.
Tips for creating partitions
Changing your disk partitions to handle multiple operating systems can be very tricky, in part
because each operating system has its own ideas about how partitioning information should be
handled, as well as different tools for doing it. Here are some tips to help you get it right:
If you are creating a dual-boot system, particularly for Windows XP, try to install the
Windows operating system first. Otherwise, the Windows installation may make
the Linux partitions inaccessible. Choosing a VFAT instead of NTFS file system for
Windows will also make sharing files between your Windows and Linux systems easier
and more reliable.
The fdisk man page recommends that you use partitioning tools that come with an
operating system to create partitions for that operating system. For example, the DOS
fdisk knows how to create partitions that DOS will like, and the Linux fdisk will happily make your Linux partitions. After your hard disk is set up for dual boot, however,
you should probably not go back to Windows-only partitioning tools. Use Linux fdisk
or a product made for multi-boot systems (such as Partition Magic).
You can have up to 63 partitions on an IDE hard disk. A SCSI hard disk can have up to
15 partitions. You typically won’t need nearly that many partitions.
If you are using Linux as a desktop system, you probably don’t need a lot of different partitions.
However, some very good reasons exist for having multiple partitions for Linux systems that
are shared by a lot of users or are public Web servers or file servers. Having multiple partitions
within Fedora Linux, for example, offers the following advantages:
Protection from attacks —Denial-of-service attacks sometimes take actions that try to
fill up your hard disk. If public areas, such as /var, are on separate partitions, a successful attack can fill up a partition without shutting down the whole computer. Because
/var is the default location for Web and FTP servers, and expected to hold a lot of data,
entire hard disks often are assigned to the /var file system alone.
Protection from corrupted file systems —If you have only one file system (/), its corruption can cause the whole Linux system to be damaged. Corruption of a smaller
partition can be easier to fi x and often allows the computer to stay in service while the
correction is made.
231
Part III: Learning System Administration Skills
Table 8-2 lists some directories that you may want to consider making into separate file system
partitions.
TABLE 8-2
Assigning Partitions to Particular Directories
Directory
Explanation
/boot
Sometimes the BIOS in older PCs can access only the first 1,024 cylinders of your hard
disk. To make sure that the information in your /boot directory is accessible to the
BIOS, create a separate disk partition (of about 100MB) for /boot and make sure that
it exists below cylinder 1,024. The rest of your Linux system can exist outside of that
1,024-cylinder boundary if you like. Even with several boot images, there is rarely a
reason for /boot to be larger than 100MB. (For newer hard disks, you can select the
Linear Mode check box during installation. Then the boot partition can be anywhere on
the disk.)
/usr
This directory structure contains most of the applications and utilities available to Linux
users. Having /usr on a separate partition lets you mount that file system as read-only
after the operating system has been installed. This prevents attackers from replacing or
removing important system applications with their own versions that may cause security
problems. A separate /usr partition is also useful if you have diskless workstations
on your local network. Using NFS, you can share /usr over the network with those
workstations.
/var
Your FTP (/var/ftp) and Web server (/var/www) directories are, by default in many
Linux systems, stored under /var. Having a separate /var partition can prevent an attack
on those facilities from corrupting or filling up your entire hard disk.
/home
Because your user account directories are located in this directory, having a separate /home
account can prevent a reckless user from filling up the entire hard disk. It also conveniently
separates user data from your operating system (for easy backups or new installs).
/tmp
Protecting /tmp from the rest of the hard disk by placing it on a separate partition
can ensure that applications that need to write to temporary files in /tmp are able to
complete their processing, even if the rest of the disk fills up.
Although people who use Linux systems casually rarely see a need for lots of partitions, those
who maintain and occasionally have to recover large systems are thankful when the system they
need to fi x has several partitions. Multiple partitions can localize deliberate damage (such as
denial-of-service attacks), problems from errant users, and accidental file system corruption.
Using LILO or GRUB boot loaders
A boot loader lets you choose when and how to boot the bootable operating systems installed on
your computer’s hard disks. Most Linux systems give you the opportunity to use GRUB or LILO
boot loaders. The following sections describe both GRUB and LILO boot loaders.
232
Chapter 8: Installing Linux
Note
SYSLINUX is another boot loader you will encounter with Linux systems. The SYSLINUX boot loaders are not
typically used for installed Linux systems. However, SYSLINUX is commonly used as the boot loader for Linux
CDs and DVDs. SYSLINUX is particularly good for booting ISO9660 CD images and for working on older
hardware. Booting your computer with GRUB
With multiple operating systems installed and several partitions set up, how does your computer
know which operating system to start? To select and manage which partition is booted and how
it is booted, you need a boot loader. The boot loader that is installed by default with Fedora and
other Linux systems is the GRand Unified Boot loader (GRUB).
GRUB is a GNU bootloader (www.gnu.org/software/grub) that replaced LILO as the default
boot loader in many Linux systems, including Fedora and Ubuntu. GRUB offers the following
features:
Support for multiple executable formats.
Support for multi-boot operating systems (such as Fedora, FreeBSD, NetBSD, OpenBSD,
and other Linux systems).
Support for non–multi-boot operating systems (such as Windows 95, Windows 98,
Windows NT, Windows ME, Windows XP, and OS/2) via a chain-loading function.
Chain-loading is the act of loading another boot loader (presumably one that is specific
to the proprietary operating system) from GRUB to start the selected operating system.
Support for multiple file system types.
Support for automatic decompression of boot images.
Support for downloading boot images from a network.
For more information on how GRUB works, type man grub or info grub. The info command
contains more details about GRUB.
Booting with GRUB
When you install Linux, you are typically given the option to configure the information needed
to boot your computer (with one or more operating systems) into the default boot loader. With
GRUB configured, when you boot your computer, the first thing you see after the BIOS loads
is the GRUB boot screen (it says GRUB at the top and lists bootable partitions below it); do one
of the following:
Default—If you do nothing, the default operating system will boot automatically after a
few seconds. (The timeout is set by the timeout value, in seconds, in the grub.conf file.)
Select an operating system— Use the up and down arrow keys to select any of the
titles, representing operating systems you can boot, that are shown on the screen. Then
press Enter to boot that operating system.
233
Part III: Learning System Administration Skills
Edit the boot process —If you want to change any of the options used during the boot
process, use the arrow keys to highlight the operating system you want and type e to
select it. Follow the next procedure to change your boot options temporarily.
If you want to change your boot options so that they take effect every time you boot your computer, see the section on permanently changing boot options. Changing those options involves
editing the /boot/grub/grub.conf file.
Temporarily changing boot options
From the GRUB boot screen, you can select to change or add boot options for the current boot
session. On some Linux systems, the menu is hidden, so you have to press a key (before a few
seconds of timeout is exceeded) to see the menu. Then, select the operating system you want
(using the arrow keys) and type e (as described earlier). A graphical screen appears that looks like
the one shown in Figure 8-2.
FIGURE 8-2
From the GRUB boot screen, you can select to change boot options.
Three lines in the example of the GRUB editing screen identify the boot process for the operating
system you chose. The first line (beginning with root) shows that the entry for the GRUB boot
loader is on the fifth partition of the first hard disk (hd0,4). GRUB represents the hard disk as
hd, regardless of whether it is a SCSI, IDE, or other type of disk. You just count the drive number
and partition number, starting from zero (0).
The second line of the example (beginning with kernel) identifies the boot image (/boot/
vmlinuz-2.6.27.24-78.2.53.fc9.i686) and several options. The options identify the partition as initially being loaded ro (read-only) and the location of the root file system on a partition
with the label that begins root=UUID. The third line (starting with initrd) identifies the loca-
234
Chapter 8: Installing Linux
tion of the initial RAM disk, which contains the minimum files and directories needed during the
boot process.
If you are going to change any of the lines related to the boot process, you would probably change
only the second line to add or remove boot options. Here is how you do that:
1. Position the cursor on the kernel line and type e.
2. Either add or remove options after the name of the boot image. You can use a minimal
set of bash shell command-line editing features to edit the line. You can even use command completion (type part of a filename and press Tab to complete it). Here are a few
options you may want to add or delete:
Boot to a shell—If you forgot your root password or if your boot process hangs, you
can boot directly to a shell by adding init=/bin/sh to the boot line. (The root file
system is mounted read-only, so you can copy files out. You need to remount the
root file system with read/write permission to be able to change files: mount –o
remount,rw /)
Select a run level—If you want to boot to a particular run level, you can add the
run level you want to the end of the kernel line. For example, to have Fedora Linux
boot to run level 3 (multiuser plus networking mode), add 3 to the end of the kernel
line. You can also boot to single-user mode (1), multiuser mode (2), or X GUI mode
(5). Level 3 is a good choice if your GUI is temporarily broken. Level 1 is good if you
have forgotten your root password.
3. Press Enter to return to the editing screen.
4. Type b to boot the computer with the new options. The next time you boot your computer, the new options will not be saved. To add options so they are saved permanently,
see the next section.
Permanently changing boot options
You can change the options that take effect each time you boot your computer by changing the
GRUB configuration file. In Fedora and other Linux systems, GRUB configuration centers on the
/boot/grub/grub.conf file.
The /boot/grub/grub.conf file is created when you install Linux. Here’s an example of that
file for Fedora:
# grub.conf generated by anaconda
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,4)/boot/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.27.24-78.2.53.fc9.i686)
root (hd0,4)
kernel /boot/vmlinuz-2.6.27.24-78.2.53.fc9.i686 ro \
235
Part III: Learning System Administration Skills
root=UUID=eb3834a2-ba78-43c0-908f-d627117696e7 rhgb quiet
initrd /boot/initrd-2.6.27.24-78.2.53.fc9.i686.img
title Windows XP
rootnoverify (hd0,0)
chainloader +1
The default=0 line indicates that the first partition in this list (in this case Fedora) will be the
one that is booted by default. The line timeout=10 causes GRUB to pause for 10 seconds before
booting the default partition. (That’s how much time you have to press e if you want to edit the
boot line, or to press arrow keys to select a different operating system to boot.)
The splashimage line looks in the seventh partition on the first disk (hd0,4) for the boot partition (in this case /dev/sda5, which is the / partition). GRUB loads splash.xpm.gz as the
image on the splash screen (/boot/grub/splash.xpm.gz). The splash screen appears as the
background of the boot screen.
Note
GRUB indicates disk partitions using the following notation: (hd0,0). The first number represents the disk,
and the second is the partition on that disk. So, (hd0,1) is the second partition (1) on the first disk (0). The two bootable partitions in this example are Fedora and Windows XP. The title lines for each
of those partitions are followed by the name that appears on the boot screen to represent each
partition.
For the Fedora Linux system, the root line indicates the location of the boot partition as the second partition on the first disk. So, to find the bootable kernel (vmlinuz-2.6.27.24-78.2.53.fc9.i686) and the initrd initial RAM disk boot image that is
loaded (initrd-2.6.27.24-78.2.53.fc9.i686.img), GRUB looks in the root of hd0,4
(which is represented by /dev/sda5 and is mounted as /). Other options on the kernel line set
the partition as read-only initially (ro) and set the root file system to the particular UUID set for
the root partition.
For the Windows XP partition, the rootnoverify line indicates that GRUB should not try
to mount the partition. In this case, Windows XP is on the first partition of the first hard disk
(hd0,0) or /dev/sda1. Instead of mounting the partition and passing options to the new operating system, the chainloader +1 indicates to hand control the booting of the operating system
to another boot loader. The +1 indicates that the first sector of the partition is used as the boot
loader. (You could similarly set up to boot a Windows Vista or Windows 7 operating system.)
Note
Microsoft operating systems require that you use the chainloader to boot them from GRUB because GRUB
doesn’t offer native support for Windows operating systems. If you make any changes to the /boot/grub/grub.conf file, you do not need to load those
changes. GRUB automatically picks up those changes when you reboot your computer. If you are
236
Chapter 8: Installing Linux
accustomed to using the LILO boot loader, this may confuse you at first, as LILO requires you to
rerun the lilo command for the changes to take effect.
Adding a new GRUB boot image
You may have different boot images for kernels that include different features. In most cases,
installing a new kernel package will automatically configure grub.conf to use that new kernel.
However, if you want to manually add a kernel, here is the procedure for modifying the grub.
conf file to be able to boot that kernel:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/linux-2.6.25-11/arch/i386/boot) to the /boot directory. Name the
file something that reflects its contents, such as bz-2.6.25-11. For example:
# cp /usr/src/linux-2.6.25-11/arch/i386/boot/bzImage/boot/bz-2.6.25-11
2. Add several lines to the /boot/grub/grub.conf file so that the image can be started
at boot time if it is selected. For example:
title Fedora (My own IPV6 build)
root (hd0,4)
kernel /bz-2.6.25-11 ro root=/dev/sda5
initrd /initrd-2.6.25-11.img
3. Reboot your computer.
4. When the GRUB boot screen appears, move your cursor to the title representing the
new kernel and press Enter.
The advantage to this approach, as opposed to copying the new boot image over the old one, is
that if the kernel fails to boot, you can always go back and restart the old kernel. When you feel
confident that the new kernel is working properly, you can use it to replace the old kernel or perhaps just make the new kernel the default boot defi nition.
Booting your computer with LILO
LILO stands for LInux LOader. Like other boot loaders, LILO is a program that can stand outside
the operating systems installed on the computer so you can choose which system to boot. It also
lets you give special options that modify how the operating system is booted. On Slackware and
some other Linux systems, LILO is used instead of GRUB as the default boot loader.
If LILO is being used on your computer, it is installed in either the master boot record or the
first sector of the root partition. The master boot record is read directly by the computer’s BIOS.
In general, if LILO is the only loader on your computer, install it in the master boot record. If
another boot loader is already in the master boot record, put LILO in the root partition.
237
Part III: Learning System Administration Skills
Note
If you are new to Linux and not familiar with boot loaders, it is highly recommended you learn and use GRUB
instead of LILO. Support for LILO—and inclusion in distributions—has been reduced in favor of GRUB. Using LILO
When your computer boots with the Fedora version of LILO installed in the master boot record, a
graphical Fedora screen appears, displaying the bootable partitions on the computer. Use the up
and down arrow keys on your keyboard to select the one you want and press Enter. Otherwise,
the default partition that you set at installation will boot after a few seconds.
If you want to add any special options when you boot, press Ctrl+X. You will see a text-based
boot prompt that appears as follows:
boot:
LILO pauses for a few seconds and then automatically boots the first image from the default bootable partition. To see the bootable partitions again, quickly press Tab. You may see something
similar to the following:
LILO boot:
linux linux-up dos
boot:
This example shows that three bootable partitions are on your computer, called linux, linuxup, and dos. The first two refer to two different boot images that can boot the Linux partition.
The third refers to a bootable DOS partition (presumably containing a Windows operating system). The first bootable partition is loaded if you don’t type anything after a few seconds. Or you
can use the name of the other partition to have that boot instead.
If you have multiple boot images, press Shift, and LILO asks you which image you want to boot.
Available boot images and other options are defined in the /etc/lilo.conf file.
Setting up the /etc/lilo.conf file
The /etc/lilo.conf file is where LILO gets the information it needs to find and start bootable partitions and images. By adding options to the /etc/lilo.conf file, you can change the
behavior of the boot process. The following is an example of some of the contents of the /etc/
lilo.conf file:
prompt
timeout=50
default=linux
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
238
Chapter 8: Installing Linux
image=/boot/vmlinuz-2.6.27.24-78.2.53.fc9.i686
label=linux
initrd=/boot/initrd-2.6.27.24-78.2.53.fc9.i686.img
read-only
root=/dev/hda5
append=”root=LABEL=/”
other=/dev/hda1
optional
label=dos
With prompt on, the boot prompt appears when the system is booted without requiring that any
keys are pressed. The timeout value, in this case 50 tenths of a second (5 seconds), defines how
long to wait for keyboard input before booting the default boot image. The boot line indicates
that the bootable partition is on the hard disk represented by /dev/hda (the first IDE hard disk).
Note
Depending upon the distribution, “hda” may be “sda”. If you are using LILO, the odds are good that you are
using an older Linux implementation and thus hda is shown in the example and used in this discussion. The map line indicates the location of the map file (/boot/map, by default). The map file contains
the name and locations of bootable kernel images. The install line indicates that the /boot/
boot.b file is used as the new boot sector. The message line tells LILO to display the contents of
the /boot/message file when booting (which contains the graphical Fedora boot screen). The linear line causes linear sector addresses to be generated (instead of sector/head/cylinder addresses).
The sample file has two bootable partitions. The first (image=/boot/vmlinuz-2.6.27.2478.2.53.fc9.i686) shows an image labeled linux. The root file system (/) for that image is on
partition /dev/hda5. Read-only indicates that the file system is first mounted read-only, although
it is probably mounted as read/write after a file system check. The initrd line indicates the location of the initial RAM disk image used to start the system.
The second bootable partition, which is indicated by the word other in this example, is on the
/dev/hda1 partition. Because it is a Windows system, it is labeled a DOS file system. The table
line indicates the device that contains the partition.
Other bootable images are listed in this file, and you can add another boot image yourself (like
one you create from reconfiguring your kernel as discussed in the next section) by installing the
new image and changing lilo.conf.
After you change lilo.conf, you then must run the lilo command for the changes to take
effect. You may have different boot images for kernels that include different features. The following is the procedure for modifying the lilo.conf file:
1. Copy the new image from the directory in which it was created (such as /usr/src/
kernels/2.6.27.24-78.2.53.fc9/arch/i386/boot) to the /boot directory.
Name the file something that reflects its contents, such as zImage-2.6.27.24-78.2
.53.fc9.img.
239
Part III: Learning System Administration Skills
2. Add several lines to the /etc/lilo.conf file so that the image can be started at boot
time if it is selected. For example:
image=/boot/zImage-2.6.27.24-78.2.53.fc9.img
label=new
3. Type the lilo -t command (as root user) to test that the changes were okay.
4. Type the lilo command (with no options) for the changes to be installed.
To boot from this new image, either select new from the graphical boot screen or type new and
press Enter at the LILO boot prompt. If five seconds is too quick, increase the timeout value
(such as 100 for 10 seconds).
Options that you can use in the /etc/lilo.conf file are divided into global options, per-image
options, and kernel options. A lot of documentation is available for LILO. For more details on any
of the options described here or for other options, you can see the lilo.conf manual page (type
man lilo.conf) or any of the documents in /usr/share/doc/lilo*/doc.
A few examples follow of global options that you can add to /etc/lilo.conf. Global options
apply to LILO as a whole, instead of just to a particular boot image.
You can use the default=label option, where label is replaced by an image’s label name, to
indicate that a particular image be used as the default boot image. If that option is excluded, the
first image listed in the /etc/lilo.conf file is used as the default. For example, to start the
image labeled new by default, add the following line to lilo.conf:
default=new
Change the delay from 5 seconds to something greater if you want LILO to wait longer before
starting the default image. This gives you more time to boot a different image. To change the
value from 5 seconds (50) to 15 seconds (150), add the following line:
delay=150
You can change the message that appears before the LILO prompt by adding that message to a file
and changing the message line. For example, you could create a /boot/boot.message file and
add the following words to that file: Choose linux, new, or dos. To have that message appear
before the boot prompt, add the following line to /etc/lilo.conf:
message=/boot/boot.message
All per-image options begin with either an image= line (indicating a Linux kernel) or other=
(indicating some other kind of operating system, such as a Windows system). The per-image
options apply to particular boot images rather than to all images (as global options do). Along
with the image or other line is a label= line, which gives a name to that image. The name is
240
Chapter 8: Installing Linux
what you select at boot time to boot that image. Here are some of the options that you can add to
each of those image definitions:
lock—This enables automatic recording of boot command lines as the defaults for different boot options.
alias=name—You can replace name with any name. That name becomes an alias for
the image name defined in the label option.
password=password—You can password-protect all images by adding a password
option line and replacing password with your own password. The password would
restricted—This option is used with the password option. It indicates that a pass-
have to be entered to boot any of the images.
word should be used only if command-line options are given when trying to boot the
image.
For Linux kernel images, there are specific options that you can use. These options let you deal
with hardware issues that can’t be autodetected, or provide information such as how the root file
system is mounted. Here are some of the kernel image-specific options:
append—Add a string of letters and numbers to this option that need to be passed
to the kernel. In particular, these can be parameters that need to be passed to better
define the hard disk when some aspect of that disk can’t be autodetected (for example,
append=”hd=64,32,202”).
ramdisk—Add the size of the RAM disk that you want to use in order to override the
size of the RAM disk built into the kernel.
read-only—Mount the root fi le system read-only. It is typically remounted read-write
after the disk is checked.
read-write—Mount the root fi le system read/write.
Changing your boot loader
If you don’t want to use the GRUB boot loader, or if you tried out LILO and want to switch back
to GRUB, then changing to a different boot loader on Linux distributions that support both boot
loaders is not hard. To switch your boot loader from GRUB to LILO, do the following:
1. Configure the /etc/lilo.conf file as described in the “Booting Your Computer with
LILO” section.
2. As root user from a Terminal window, type the following:
# lilo
3. The new Master Boot Record is written, including the entries in /etc/lilo.conf.
4. Reboot your computer. You should see the LILO boot screen.
241
Part III: Learning System Administration Skills
To change your boot loader from LILO to GRUB, do the following:
1. Configure the /boot/grub/grub.conf file as described in the “Booting Your
Computer with GRUB” section.
2. You need to know the device on which you want to install GRUB. For example, to
install GRUB on the master boot record of the first disk, type the following as root user
from a Terminal window:
# grub-install /dev/hda
The new Master Boot Record is written to boot with the GRUB boot loader.
3. Reboot your computer. You should see the GRUB boot screen.
If for some reason you don’t see the GRUB boot screen when you reboot, you can use a rescue CD
to reboot your computer and fi x the problem. When the rescue CD boots up, mount the file system containing the /boot/grub/grub.conf file. Then use the chroot command to change to
the root of that file system. Correct the grub.conf file and run grub-install again.
Configuring networking
If you are connecting your computer to an Ethernet LAN that has a DHCP server available, you
probably don’t need to do anything to start up automatically on your LAN and even be connected
to the Internet. However, if no DHCP server is on your LAN and you have to configure your TCP/
IP connection manually, here is the information you will probably be prompted for during Linux
installation:
242
IP address —If you set your own IP address, this is the four-part, dot-separated number
that represents your computer to the network. Explaining how IP addresses are formed
and how you choose them would take more than a few sentences (see Chapter 11 for a
more complete description). An example of a private IP address is 192.168.0.1.
Netmask—The netmask is used to determine what part of an IP address represents the
network and what part represents a particular host computer. An example of a netmask
for a Class C network is 255.255.255.0. If you apply this netmask to an IP address of
192.168.0.1, for example, the network address would be 192.168.0 and the host address
1. Because 0 and 255 can’t be assigned to a particular host, that leaves valid host numbers between 1 and 254 available for this local network.
Activate on boot—Some Linux install procedures ask you to indicate whether you want
the network to start at boot time (you probably do if you have a LAN).
Set the host name —This is the name identifying your computer within your domain.
For example, if your computer were named “baskets” in the handsonhistory.com
domain, your full host name may be baskets.handsonhistory.com. You can either
set the domain name yourself (manually) or have it assigned automatically, if that information is being assigned by a DHCP server (automatically via DHCP).
Chapter 8: Installing Linux
Gateway—This is the IP number of the computer that acts as a gateway to networks
outside your LAN. This typically represents a host computer or router that routes packets between your LAN and the Internet.
Primary DNS —This is the IP address of the host that translates computer names you
request into IP addresses. It is referred to as a Domain Name System (DNS) server.
You may also have Secondary and Tertiary name servers in case the first one can’t be
reached. (Most ISPs will give you two DNS server addresses.)
Configuring other administrative features
Depending on which Linux install you are using, you will be asked to enter other types of information. These might involve the following:
Firewall—Most Linux distributions these days use iptables to configure firewalls. Older
Linux systems used ipchains. When you configure a default firewall, you typically
choose which ports will be open to outside connections on your system (although a firewall can be configured to do many other things as well). The iptables firewall facility is
described in Chapter 27.
Languages —Although Linux itself doesn’t include support for lots of different languages, some Linux distributions (such as Fedora) and desktop environments (such as
KDE) offer support for many different languages. Nearly all Linux distributions will let
you configure language-specific keyboards.
Root password and additional user —Every Linux system that uses passwords will
have you add at least the root user’s password when you install Linux. Some distributions will require that you add at least one additional non-root user as well.
Besides the features just mentioned, every distribution needs to have some initial configuration
done before you have a fully functional Linux system. See Chapter 10 for information on basic
administrative tasks for Linux.
Installing from the Linux Bible CD or DVD
With the knowledge you’ve gained in this chapter, you’re ready to select a Linux distribution to
install. Read the descriptions of Linux distributions in the other chapters in Part V of this book.
Each chapter tells you whether the distribution described there is on the CD or DVD included
with this book, or if it isn’t, where you can get it.
If you need more information about the CD or DVD, Appendix A describes the contents of those
discs. It also tells you which Linux distributions you can run live or use to install Linux permanently to your hard disk from those two discs.
243
Part III: Learning System Administration Skills
Summary
Although every Linux distribution includes a different installation method, you need to do many
common activities, regardless of which Linux system you install. For every Linux system, you
need to deal with issues of disk partitioning, network configuration, and boot loaders.
Linux Bible includes a DVD and a CD with several different Linux systems you can install. If you
prefer, you can instead download and burn your own CDs or DVDs to install Linux. If you go the
route of burning your own CDs, this chapter helps you fi nd Linux distributions you can download and describes tools you can use to verify their contents.
244
CH APTER
Running Commands
from the Shell
B
efore icons and windows took over computer screens, you typed
commands to interact with most computers. On UNIX systems,
from which Linux was derived, the program used to interpret and
manage commands was referred to as the shell.
No matter which Linux distribution you are using, you can always count
on one thing being available to you: the shell. It provides a way to create
executable script files, run programs, work with file systems, compile computer code, operate a system, and manage the computer. Although the shell
is less intuitive than common graphic user interfaces (GUIs), most Linux
experts consider the shell to be much more powerful than GUIs. Shells
have been around a long time, and many advanced features have been built
into them.
The Linux shell illustrated in this chapter is called the bash shell, which
stands for Bourne Again Shell. The name is derived from the fact that
bash is compatible with the one of the earliest UNIX shells: the Bourne
shell (named after its creator Stephen Bourne, and represented by the sh
command).
Although bash is included with most distributions, and considered a standard, other shells are available. Other popular shells include the C shell
(csh), which is popular among BSD UNIX users, and the Korn shell (ksh),
which is popular among UNIX System V users. Linux also has a tcsh shell
(a C shell look-alike) and an ash shell (another Bourne shell look-alike).
Several different shells are introduced in this chapter.
245
IN THIS CHAPTER
Understanding the Linux shell
Using the Linux shell
Working with the Linux file
system
Using the vi text editor in Linux
Part III: Learning System Administration Skills
Tip
The odds are strong that the Linux distribution you are using has more than one shell installed by default and
available for your use. Several major reasons for learning how to use the shell are
You will know how to get around any Linux or other UNIX-like system. For example,
I can log in to my Red Hat Enterprise Linux MySQL server, my bootable floppy router/
firewall, or my wife’s iMac and explore and use any of those computer systems from a
shell.
Special shell features enable you to gather data input and direct data output between
commands and the Linux file system. To save on typing, you can find, edit, and repeat
commands from your shell history. Many power users hardly touch a graphical interface, doing most of their work from a shell.
You can gather commands into a file using programming constructs such as conditional
checks, loops, and case statements to quickly do complex operations that would be difficult to retype over and over. Programs consisting of commands that are stored and run
from a file are referred to as shell scripts. Most Linux system administrators use shell
scripts to automate tasks such as backing up data, monitoring log files, or checking system health.
The shell is a command language interpreter. If you have used Microsoft operating systems, you’ll
see that using a shell in Linux is similar to — but generally much more powerful than — the
interpreter used to run commands in DOS or in the CMD command interface. You can happily
use Linux from a graphical desktop interface, but as you grow into Linux you will surely need to
use the shell at some point to track down a problem or administer some features.
How to use the shell isn’t obvious at first, but with the right help you can quickly learn many of
the most important shell features. This chapter is your guide to working with the Linux system
commands, processes, and file system from the shell. It describes the shell environment and
helps you tailor it to your needs. It also explains how to use and move around the file system.
Starting a Shell
There are several ways to get to a shell interface in Linux. Three of the most common are the shell
prompt, Terminal window, and virtual terminal. They’re discussed in the following sections.
Using the shell prompt
If your Linux system has no graphical user interface (or one that isn’t working at the moment),
you will most likely see a shell prompt after you log in. Typing commands from the shell will
probably be your primary means of using the Linux system.
246
Chapter 9: Running Commands from the Shell
The default prompt for a regular user is simply a dollar sign:
$
The default prompt for the root user is a pound sign (also called a hash mark):
#
In most Linux systems, the $ and # prompts are preceded by your username, system name, and
current directory name. For example, a login prompt for the user named jake on a computer
named pine with /tmp as the current directory would appear as
[jake@pine tmp]$
You can change the prompt to display any characters you like — you can use the current directory, the date, the local computer name, or any string of characters as your prompt, for example.
To configure your prompt, see the “Setting your prompt” section later in this chapter.
Although a tremendous number of features are available with the shell, it’s easy to begin by just
typing a few commands. Try some of the commands shown in the remainder of this section to
become familiar with your current shell environment.
In the examples that follow, the dollar ($) and pound (#) symbols indicate a prompt. While a
$ indicates that the command can be run by any user, a # typically means you should run the
command as the root user — many administrative tools require root permission to be able to run
them. The prompt is followed by the command that you type (and then you press Enter or Return,
depending on your keyboard). The lines that follow show the output resulting from the command.
Using a terminal window
With the desktop GUI running, you can open a terminal emulator program (sometimes referred
to as a Terminal window) to start a shell. Most Linux distributions make it easy for you to get to
a shell from the GUI. Here are two common ways to launch a Terminal window from a Linux
desktop:
Right-click the desktop. In the context menu that appears, look for Shells, New
Terminal, Terminal Window, Xterm, or some similar item and select it.
Click on the panel menu. Many Linux desktops include a panel at the top or bottom of
the screen from which you can launch applications. For example, in some systems that
use the GNOME desktop, you can select Applications ➪ System Tools ➪ Terminal to
open a Terminal window. For Mandriva, select System ➪ Terminals.
In all cases, you should just be able to type a command as you would from a shell with no GUI.
Different terminal emulators are available with Linux. One of the following is likely to be the
default used with your Linux system:
247
Part III: Learning System Administration Skills
xterm — A common terminal emulator for the X Window System. (In fact, I’ve never
seen an X Window System for a major Linux distribution that didn’t include xterm.)
Although it doesn’t provide menus or many special features, it is available with most
Linux distributions that support a GUI.
gnome-terminal — The default Terminal emulator window that comes with GNOME.
It consumes more system resources than xterm does, and it has useful menus for cutting and pasting, opening new Terminal tabs or windows, and setting terminal profiles.
konsole — The konsole terminal emulator that comes with the KDE desktop environment. With konsole, you can display multilanguage text encoding and text in different
colors.
The differences in running commands within a Terminal window have more to do with the
shell you are running than the type of Terminal window you are using. Differences in Terminal
windows have more to do with the features each supports — for example, how much output is
saved that can be scrolled back to; whether you can change font types and sizes, and whether the
Terminal window supports features such as transparency or cut and paste.
Using virtual terminals
Most Linux systems that include a desktop interface start multiple virtual terminals running on
the computer. Virtual terminals are a way to have multiple shell sessions open at once outside of
the graphical interface you are using.
You can switch between virtual terminals much the same way that you would switch between
workspaces on a GUI. Press Ctrl+Alt+F1 (or F2, F3, F4, and so on up to F6 on Fedora and other
Linux systems) to display one of six virtual terminals. The next virtual workspace after the virtual terminals is where the GUI is, so if there are six virtual terminals, you can return to the
GUI (if one is running) by pressing Ctrl+Alt+F7. (For a system with four virtual terminals, you’d
return to the GUI by pressing Ctrl+Alt+F5.)
Choosing Your Shell
In most Linux systems, your default shell is the bash shell. To fi nd out what your default login
shell is, type the following command:
$ echo $SHELL
/bin/bash
In this example, it’s the bash shell. There are many other shells, and you can activate a different
one by simply typing the new shell’s command (ksh, tcsh, csh, sh, bash, and so forth) from the
current shell. For example, to change temporarily to the C shell, type the following command:
$ csh
248
Chapter 9: Running Commands from the Shell
Note
Most full Linux systems include all the shells described in this section. However, some smaller Linux distributions may include only one or two shells. The best way to find out whether a particular shell is available is to
type the command and see whether the shell starts. You might want to choose a different shell to use because
You are used to using UNIX System V systems (often ksh by default) or Sun
Microsystems and other Berkeley UNIX–based distributions (frequently csh by default),
and you are more comfortable using default shells from those environments.
You want to run shell scripts that were created for a particular shell environment, and
you need to run the shell for which they were made so you can test or use those scripts
from your current shell.
You might simply prefer features in one shell over those in another. For example, a
member of my Linux Users Group prefers ksh over bash because he doesn’t like the way
aliases are used with bash.
Although most Linux users have a preference for one shell or another, when you know how to
use one shell, you can quickly learn any of the others by occasionally referring to the shell’s man
page (for example, type man bash). Most people use bash just because they don’t have a particular reason for using a different shell.
In Chapter 10, you learn how to assign a different default shell for a user. The following sections
introduce several of the most common shells available with Linux.
Using bash (and earlier sh) shells
As mentioned earlier, the name bash is an acronym for Bourne Again Shell, acknowledging the
roots of bash coming from the Bourne shell (sh command) created by Steve Bourne at AT&T Bell
Labs. Brian Fox of the Free Software foundation created bash, under the auspices of the GNU project. Development was later taken over by Chet Ramey at Case Western Reserve University.
Bash includes features originally developed for sh and ksh shells in early UNIX systems, as well
as some csh features. Expect bash to be the default shell in whatever Linux system you are using,
with the exception of some specialized Linux systems (such as those run on embedded devices or
run from a floppy disk) that may require a smaller shell that needs less memory and entails fewer
features. Most of the examples in this chapter are based on the bash shell.
Tip
The bash shell is worth knowing not only because it is the default in most installations, but because it is the
one you will use with most Linux certification exams. Bash can be run in various compatibility modes so that it behaves like different shells. It can be
run to behave as a Bourne shell (bash +B) or as a POSIX-compliant shell (type bash --posix),
249
Part III: Learning System Administration Skills
for example, enabling it to read configuration files that are specific to those shells and run initialization shell scripts written directly for those shells, with a greater chance of success.
All the Linux distributions included with this book use bash as the default shell, with the exception of some bootable Linux distributions, which use the ash shell instead.
Using tcsh (and earlier csh) shells
The tcsh shell is the open source version of the C shell (csh). The csh shell was created by Bill Joy
and used with most Berkeley UNIX systems (such as those produced by Sun Microsystems) as the
default shell. Features from the TENEX and TOPS-20 operating systems (used on PDP-11s in the
1970s) that are included in this shell are responsible for the T in tcsh.
Many features of the original csh shell, such as command-line editing and its history mechanism,
are included in tcsh as well as in other shells. Although you can run both csh and tcsh on most
Linux systems, both commands actually point to the same executable file. In other words, starting csh actually runs the tcsh shell in csh compatibility mode.
Using ash
The ash shell is a lightweight version of the Berkeley UNIX sh shell. It doesn’t include many of the
sh shell’s basic features, and is missing such features as command histories. Kenneth Almquist
created the ash shell used with NetBSD. A port of ash called dash is available in Debian systems.
The ash shell is a good shell for embedded systems that have fewer system resources available. The
ash shell is about one-seventh the size of bash (about 92K versus 724K for bash). Because of cheaper
memory prices these days, however, many embedded and small bootable Linux systems have
enough space to include the full bash shell.
Using ksh
The ksh shell was created by David Korn at AT&T Bell Labs and is the successor to the sh shell.
It became the default and most commonly used shell with UNIX System V systems. The open
source version of ksh was originally available in many rpm-based systems (such as Fedora and
Red Hat Enterprise Linux) as part of the pdksh package. Now, however, David Korn has released
the original ksh shell as open source, so you can look for it as part of a ksh software package in
most Linux systems (see www.kornshell.com).
Using zsh
The zsh shell is another clone of the sh shell. It is POSIX-compliant (as is bash), but includes
some different features, such as spell-checking and a different approach to command editing. The
first Mac OS X systems used zsh as the default shell, although now bash is used by default.
250
Chapter 9: Running Commands from the Shell
Exploring the Shell
After you have access to a shell in Linux, you can begin by typing some simple commands. The
“Using the Shell in Linux” section later in this chapter provides more details about options, arguments, and environment variables. For the time being, the following sections can help you poke
around the shell a bit.
Note
If you don’t like your default shell, simply type the name of the shell you want to try out temporarily. To
change your shell permanently, use the usermod command. For example, to change to the csh shell for the
user named chris, type the following as root user from a shell:
# usermod -s /bin/csh chris Checking your login session
When you log in to a Linux system, Linux views you as having a particular identity, which includes
your username, group name, user ID, and group ID. Linux also keeps track of your login session: It
knows when you logged in, how long you have been idle, and where you logged in from.
To find out information about your identity, use the id command as follows:
$ id
uid=501(chris) gid=105(sales) groups=105(sales),4(adm),7(lp)
In this example, the username is chris, which is represented by the numeric user ID (uid) 501.
The primary group for chris is called sales, which has a group ID (gid) of 105. The user chris
also belongs to other groups called adm (gid 4) and lp (gid 7). These names and numbers represent the permissions that chris has to access computer resources. (Permissions are described in
the “Understanding file permissions” section later in this chapter.)
Note
Based on the distribution you are using, the uid numbering may be in the thousands. You can see information about your current login session by using the who command. In the following example, the -u option says to add information about idle time and the process ID and -H
asks that a header be printed:
$ who -uH
NAME
LINE
chris
tty1
TIME
Jan 13 20:57
IDLE
.
PID
2013
COMMENT
The output from this who command shows that the user chris is logged in on tty1 (which is the
monitor connected to the computer), and his login session began at 20:57 on January 13. The
IDLE time shows how long the shell has been open without any command being typed (the dot
indicates that it is currently active). PID shows the process ID of the user’s login shell. COMMENT
251
Part III: Learning System Administration Skills
would show the name of the remote computer the user had logged in from, if that user had logged
in from another computer on the network, or the name of the local X display if you were using a
Terminal window (such as :0.0).
Checking directories and permissions
Associated with each shell is a location in the Linux fi le system known as the current or working
directory. Each user has a directory that is identified as the user’s home directory. When you first
log in to Linux, you begin with your home directory as the current directory.
When you request to open or save a file, your shell uses the current directory as the point of reference. Simply provide a filename when you save a file, and it is placed in the current directory.
Alternatively, you can identify a file by its relation to the current directory (relative path), or you
can ignore the current directory and identify a file by the full directory hierarchy that locates it
(absolute path). The structure and use of the file system is described in detail later in this chapter.
To find out what your current directory (the present working directory) is, type the pwd
command:
$ pwd
/usr/bin
In this example, the current/working directory is /usr/bin. To find out the name of your home
directory, type the echo command, followed by the $HOME variable:
$ echo $HOME
/home/chris
Here the home directory is /home/chris. To get back to your home directory, just type the
change directory (cd) command. (Although cd followed by a directory name changes the current
directory to the directory that you choose, simply typing cd with no directory name takes you to
your home directory):
$ cd
Note
Instead of typing $HOME, you can use the tilde (~) to refer to your home directory. So, to see your home directory, you could simply type echo ~. To list the contents of your home directory with the ls command, either type the full path to
your home directory, or use the ls command without a directory name. Using the -a option to ls
enables you to view the hidden files (known as dot files because they start with the dot character)
as well as all other files. With the -l option, you can see a long, detailed list of information on
each file. (You can put multiple single-letter options together after a single dash; for example, -la.)
$ ls -la /home/chris
total 158
drwxrwxrwx
2
chris
252
sales
4096
May 12 13:55 .
Chapter 9: Running Commands from the Shell
drwxr-xr-x
-rw-------rw-r--r--rw-r--r--rw-r--r-drw-r--r--rw-rw-r-^
col 1
3
1
1
1
1
1
1
^
col 2
root
chris
chris
chris
chris
chris
chris
^
col 3
root
sales
sales
sales
sales
sales
sales
^
col 4
4096
2204
24
230
124
4096
149872
May
May
May
May
May
May
May
^
col 5
10
18
10
10
10
10
11
01:49
21:30
01:50
01:50
01:50
01:50
22:49
^
col 6
..
.bash_history
.bash_logout
.bash_profile
.bashrc
.kde
letter
^
col 7
Displaying a long list (-l option) of the contents of your home directory shows you more about
file sizes and directories. The total line shows the total amount of disk space used by the files in
the list (158 kilobytes in this example). Directories such as the current directory (.) and the parent
directory (..) — the directory above the current directory — are noted as directories by the letter
d at the beginning of each entry (each directory begins with a d and each file begins with a -).
The file and directory names are shown in column 7. In this example, a dot (.) represents /home/
chris and two dots (..) represents /home — the parent directory of /chris. Most of the files in
this example are dot (.) files that are used to store GUI properties (.kde directory) or shell properties (.bash files). The only non-dot file in this list is the one named letter. Column 3 shows
the directory or file owner. The /home directory is owned by root, and everything else is owned by
the user chris, who belongs to the sales group (groups are listed in column 4).
In addition to the d or -, column 1 on each line contains the permissions set for that file or directory. (Permissions and configuring shell property files are described later in this chapter.) Other
information in the listing includes the number of hard links to the item (column 2) the size of each
file in bytes (column 5) and the date and time each file was most recently modified (column 6).
Here are a few other items related to file and directory listings:
The number of characters shown for a directory (4096 bytes in these examples) reflects
the size of the file containing information about the directory. Although this number
can grow above 4096 bytes for a directory that contains a lot of files, this number
doesn’t reflect the size of files contained in that directory.
The format of the time and date column can vary. Instead of displaying “May 12,” the
display can be “2009-05-12” depending upon the distribution.
On occasion, instead of seeing the execute bit (x) set on an executable file, you may see
an s in that spot instead. With an s appearing within either the owner (-rwsr-xr-x) or
group (-rwxr-sr-x) permissions, or both (-rwsr-sr-x), the application can be run by
any user, but ownership of the running process is assigned to the application’s user/group
instead of that of the user launching the command. This is referred to as a set UID or set
GID program, respectively. For example, the mount command has permissions set as
-rwsr-xr-x. This allows any user to run mount to list mounted file systems (although
you still have to be root to use mount to actually mount file systems, in most cases).
If a t appears at the end of a directory, it indicates that the sticky bit is set for that directory (for example, drwxrwxr-t). By setting the sticky bit on a directory, the directory’s
253
Part III: Learning System Administration Skills
owner can allow other users and groups to add files to the directory, but prevents users
from deleting each other’s files in that directory. With a set GID assigned to a directory,
any files created in that directory are assigned the same group as the directory’s group.
Checking system activity
In addition to being a multiuser operating system, Linux is also a multitasking system.
Multitasking means that many programs can be running at the same time. An instance of a running program is referred to as a process. Linux provides tools for listing running processes, monitoring system usage, and stopping (or killing) processes when necessary.
The most common utility for checking running processes is the ps command. Use it to see which
programs are running, the resources they are using, and who is running them. Here’s an example
of the ps command:
$ ps u
USER
PID %CPU %MEM VSZ
jake
2147 0.0 0.7 1836
jake
2310 0.0 0.7 2592
RSS
1020
912
TTY
tty1
tty1
STAT START
S+
14:50
R+
18:22
TIME COMMAND
0:00 -bash
0:00 ps u
In this example, the u option asks that usernames be shown, as well as other information such as
the time the process started and memory and CPU usage for processes associated with the current
user. The processes shown are associated with the current terminal (tty1). The concept of a terminal comes from the old days, when people worked exclusively from character terminals, so a terminal typically represented a single person at a single screen. Now you can have many “terminals” on
one screen by opening multiple virtual terminals or Terminal windows on the desktop.
On this shell session, there isn’t much happening. The first process shows that the user named
jake opened a bash shell after logging in. The next process shows that jake has run the ps u
command. The terminal device tty1 is being used for the login session. The STAT column represents the state of the process, with R indicating a currently running process and S representing a
sleeping process.
Note
Several other values can appear under the STAT column. For example, a plus sign (+) indicates that the process is associated with the foreground operations. The USER column shows the name of the user who started the process. Each process is represented
by a unique ID number referred to as a process ID (PID). (You can use the PID if you ever need to
kill a runaway process or send another kind of signal to a process.) The %CPU and %MEM columns
show the percentages of the processor and random access memory, respectively, that the process
is consuming. VSZ (virtual set size) shows the size of the image process (in kilobytes), and RSS
(resident set size) shows the size of the program in memory. START shows the time the process
began running, and TIME shows the cumulative system time used. (Many commands consume
very little CPU time, as is reflected by 0:00 for processes that haven’t even used a whole second of
CPU time.)
254
Chapter 9: Running Commands from the Shell
Many processes running on a computer are not associated with a terminal. A normal Linux system has many processes running in the background. Background system processes perform such
tasks as logging system activity or listening for data coming in from the network. They are often
started when Linux boots up and run continuously until it shuts down. To page through all the
processes running on your Linux system for the current user, add the pipe (|) and the less command to ps ux, like this:
$ ps ux | less
To page through all processes running for all users on your system, use the ps aux command as
follows:
$ ps aux | less
A pipe (above the backslash character on the keyboard) enables you to direct the output of one
command to be the input of the next command. In this example, the output of the ps command
(a list of processes) is directed to the less command, which lets you page through that information. Use the spacebar to page through and type q to end the list. You can also use the arrow keys
to move one line at a time through the output.
Exiting the shell
To exit the shell when you are done, type exit or press Ctrl+D.
You’ve just seen a few commands that can help you quickly familiarize yourself with your Linux
system. There are hundreds of other commands that you can try. You’ll fi nd many in the /bin
and /usr/bin directories, and you can use ls to see a directory’s command list: ls /bin, for
example, results in a list of commands in the /bin. Then use the man command (for example, man
hostname to see what each command does. Administrative commands are also in /sbin or /
usr/sbin directories.
Using the Shell in Linux
When you type a command in a shell, you can include other characters that change or add to
how the command works. In addition to the command itself, these are some of the other items
that you can type on a shell command line:
Options — Most commands have one or more options you can add to change their
behavior. Options typically consist of a single letter, preceded by a dash. You can also
often combine several options after a single dash. For example, the command ls -la
lists the contents of the current directory. The -l asks for a detailed (long) list of information, and the -a asks that files beginning with a dot (.) also be listed. When a single
option consists of a word, it is usually preceded by a double dash (--). For example, to
use the help option on many commands, you enter --help on the command line.
255
Part III: Learning System Administration Skills
Note
You can use the --help option with most commands to see the options and arguments that they support. For
example, hostname --help. Arguments — Many commands also accept arguments after certain options are entered
or at the end of the entire command line. An argument is an extra piece of information, such as a filename, that can be used by the command. For example, cat /etc/
passwd displays the contents of the /etc/passwd file on your screen. In this case, /
etc/passwd is the argument.
Environment variables — The shell itself stores information that may be useful to the
user’s shell session in what are called environment variables. Examples of environment
variables include $SHELL (which identifies the shell you are using), $PS1 (which defines
your shell prompt), and $MAIL (which identifies the location of your mailbox). See the
“Using shell environment variables” section later in this chapter for more information.
Tip
You can check your environment variables at any time. Type declare to list the current environment variables.
Or you can type echo $VALUE, where VALUE is replaced by the name of a particular environment variable
you want to list. And because there are always multiple ways to do anything in Linux, you can also type env
to get a succinct list of the current environment variables and their values. Metacharacters — These characters have special meaning to the shell. They can be
used to direct the output of a command to a file (>), pipe the output to another command (|), and run a command in the background (&), to name a few. Metacharacters are
discussed later in this chapter.
To save you some typing, there are shell features that let you store commands you want to reuse,
recall previous commands, and edit commands. You can create aliases that enable you to type a
short command to run a longer one. The shell stores previously entered commands in a history
list, which you can display and from which you can recall commands. You’ll see how this works a
little later in the chapter.
Unless you specifically change to another shell, the bash shell is the one you use with most Linux
systems. The bash shell contains most of the powerful features available in other shells. Although
the description in this chapter steps you through many bash shell features, you can learn more
about the bash shell by typing man bash, and the sidebar “Getting Help Using the Shell” shows
you a few other ways to learn about using the shell.
Locating commands
If you know the directory that contains the command you want to run, one way to run it is to
type the full, or absolute, path to that command. For example, you run the date command from
the /bin directory by typing
$ /bin/date
256
Chapter 9: Running Commands from the Shell
Of course, this can be inconvenient, especially if the command resides in a directory with a long
path name. The better way is to have commands stored in well-known directories, and then add
those directories to your shell’s PATH environment variable. The path consists of a list of directories that are checked sequentially for the commands you enter. To see your current path, type the
following:
$ echo $PATH
/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/chris/bin
The results show a common default path for a regular Linux user. Directories in the path list are
separated by colons. Most user commands that come with Linux are stored in the /bin, /usr/
bin, or /usr/local/bin directories. Although many graphical commands (that are used with
GUIs) are contained in /usr/bin, some special X commands are in the /usr/X11R6/bin directory. The last directory shown is the bin directory in the user’s home directory.
Tip
If you want to add your own commands or shell scripts, place them in the bin directory in your home directory (such as /home/chris/bin for the user named chris). This directory is automatically added to your
path in some Linux systems, although you may need to create that directory or add it to your PATH on other
Linux systems. So, as long as you add the command to your bin with execute permission (described in the
“Understanding file permissions” section), you can begin using it by simply typing the command name at
your shell prompt. To make commands available to all users, add them to /usr/local/bin. Unlike some other operating systems, Linux does not, by default, check the current directory
for an executable before searching the path. It immediately begins searching the path, and executables in the current directory are run only if they are in the PATH variable or you give their
absolute address.
Getting Help Using the Shell
When you first start using the shell, it can be intimidating. All you see is a prompt. How do you know
which commands are available, which options they use, or how to use advanced features? Fortunately, lots
of help is available. Here are some places you can look to supplement what you learn in this chapter:
Check the PATH — Type echo $PATH. You see a list of the directories containing commands
that are immediately accessible to you. Listing the contents of those directories displays most
standard Linux commands.
Use the help command — Some commands are built into the shell, so they do not appear in a
directory. The help command lists those commands and shows options available with each of
them. (Type help | less to page through the list.) For help with a particular built-in command,
type help command, replacing command with the name that interests you. The help command
works with the bash shell only.
continued
257
Part III: Learning System Administration Skills
continued
Use --help with the command — Many commands include a --help option that you can use
to get information about how the command is used. For example, type date --help | less. The
output shows not only options, but also time formats you can use with the date command.
Use the man command — To learn more about a particular command, type man command.
(Replace command with the command name you want.) A description of the command and its
options appears on the screen.
Use the info command — The info command is another tool for displaying information about
commands from the shell. The info command can move among a hierarchy of nodes to find
information about commands and other items. Not all commands have information available in
the info database, but sometimes more information can be found there than on a man page.
The path directory order is important. Directories are checked from left to right. So, in this
example, if there is a command called foo located in both the /bin and /usr/bin directories,
the one in /bin is executed. To have the other foo command run, you either type the full path
to the command or change your PATH variable. If you are the root user, directories containing
administrative commands are also in your path. These directories include /sbin and /usr/sbin.
(Changing your PATH and adding directories to it are described later in this chapter.)
Not all the commands that you run are located in directories in your PATH variable. Some commands are built into the shell. Other commands can be overridden by creating aliases that define
any commands and options that you want the command to run. There are also ways of defining a
function that consists of a stored series of commands. Here is the order in which the shell checks
for the commands you type
1. Aliases — Names set by the alias command that represent a particular command
and a set of options. (Type alias to see what aliases are set.) Often, aliases enable you to
define a short name for a long, complicated command.
2. Shell reserved word — Words reserved by the shell for special use. Many of these are
words that you would use in programming-type functions, such as do, while, case,
and else.
3. Function — A set of commands that are executed together within the current shell.
4. Built-in command — A command built into the shell. As a result, there is no representation of the command in the file system. Some of the most common commands you
will use are shell built-in commands, such as cd (to change directories), echo (to echo
text to the screen), exit (to exit from a shell), fg (to bring a command running in the
background to the foreground), history (to see a list of commands that were previously
run), pwd (to list the present working directory), set (to set shell options), and type (to
show the location of a command).
258
Chapter 9: Running Commands from the Shell
5. File system command — This command is stored in and executed from the computer’s
file system. (These are the commands that are indicated by the value of the PATH
variable.)
To find out where a particular command is taken from, you can use the type command. (If you
are using a shell other than bash, use the which command instead.) For example, to find out
where the bash shell command is located, type the following:
$ type bash
bash is /bin/bash
Try these few words with the type command to see other locations of commands: which, case,
and return. If a command resides in several locations, you can add the -a option to have all the
known locations of the command printed.
Tip
Sometimes you run a command and receive an error message that the command was not found or that permission to run the command was denied. In the first case, check that you spelled the command correctly
and that it is located in your PATH variable. In the second case, the command may be in the PATH variable,
but may not be executable. Adding execute permissions to a command is described later in this chapter. Also
remember that case is important, so typing CAT or Cat will not find the cat command. Rerunning commands
After typing a long or complex command line, learning that you mistyped something is annoying. Fortunately, some shell features let you recall previous command lines, edit those lines, or
complete a partially typed command line.
The shell history is a list of the commands that you have entered before. Using the history command in a bash shell, you can view your previous commands. Then, using various shell features,
you can recall individual command lines from that list and change them however you please.
The rest of this section describes how to do command-line editing, how to complete parts of
command lines, and how to recall and work with the history list.
Command-line editing
If you type something wrong on a command line, the bash shell ensures that you don’t have
to delete the entire line and start over. Likewise, you can recall a previous command line and
change the elements to make a new command.
By default, the bash shell uses command-line editing that is based on the emacs text editor. (Type
man emacs to read about it, if you care to.) If you are familiar with emacs, you probably already
know most of the keystrokes described here.
259
Part III: Learning System Administration Skills
Tip
If you prefer the vi command for editing shell command lines, you can easily make that happen. Add the
line:
set -o vi
to the .bashrc file in your home directory. The next time you open a shell, you can use vi commands (as
described in the tutorial later in this chapter) to edit your command lines. To do the editing, you can use a combination of control keys, meta keys, and arrow keys. For
example, Ctrl+F means to hold the Ctrl key and type f. Alt+F means to hold the Alt key and
type f. (Instead of the Alt key, your keyboard may use a Meta key or the Esc key. On a Windows
keyboard, you can use the Windows key.)
To try out a bit of command-line editing, type the following:
$ ls /usr/bin | sort -f | less
This command lists the contents of the /usr/bin directory, sorts the contents in alphabetical
order (regardless of case), and pipes the output to less. The less command displays the first
page of output, after which you can go through the rest of the output a line (press Enter) or a page
(press spacebar) at a time (press q when you are done). Now, suppose you want to change /usr/
bin to /bin. You can use the following steps to change the command:
1. Press the up arrow to recall the line.
2. Press Ctrl+A. This moves the cursor to the beginning of the command line.
3. Press Ctrl+F or the right arrow (→) key. Repeat this command a few times to position
the cursor under the first slash (/).
4. Press Ctrl+D. Type this command four times to delete /usr from the line.
5. Press Enter. This executes the command line.
As you edit a command line, at any point you can type regular characters to add those characters
to the command line. The characters appear at the location of your cursor. You can use right (→)
and left (←) arrows to move the cursor from one end to the other on the command line. You can
also press the up (↑) and down (↓) arrow keys to step through previous commands in the history
list to select a command line for editing. (See the discussion on command recall for details on
how to recall commands from the history list.)
There are many keystrokes you can use to edit your command lines. Table 9-1 lists the keystrokes
that you can use to move around the command line.
260
Chapter 9: Running Commands from the Shell
TABLE 9-1
Keystrokes for Navigating Command Lines
Keystroke
Full Name
Meaning
Ctrl+F
Character forward
Go forward one character.
Ctrl+B
Character backward
Go backward one character.
Alt+F
Word forward
Go forward one word.
Alt+B
Word backward
Go backward one word.
Ctrl+A
Beginning of line
Go to the beginning of the current line.
Ctrl+E
End of line
Go to the end of the line.
Ctrl+L
Clear screen
Clear screen and leave line at the top of the screen.
The keystrokes in Table 9-2 can be used to edit command lines.
TABLE 9-2
Keystrokes for Editing Command Lines
Keystroke
Full Name
Meaning
Ctrl+D
Delete current
Delete the current character.
Backspace
Delete previous
Delete the previous character.
Ctrl+T
Transpose character
Switch positions of current and previous
characters.
Alt+T
Transpose words
Switch positions of current and previous words.
Alt+U
Uppercase word
Change the current word to uppercase.
Alt+L
Lowercase word
Change the current word to lowercase.
Alt+C
Capitalize word
Change the current word to an initial capital.
Ctrl+V
Insert special character
Add a special character. For example, to add a Tab
character, press Ctrl+V+Tab.
261
Part III: Learning System Administration Skills
Use the keystrokes in Table 9-3 to cut and paste text on a command line.
TABLE 9-3
Keystrokes for Cutting and Pasting Text
in Command Lines
Keystroke
Full Name
Meaning
Ctrl+K
Cut end of line
Cut text to the end of the line.
Ctrl+U
Cut beginning of line
Cut text to the beginning of the line.
Ctrl+W
Cut previous word
Cut the word located behind the cursor.
Alt+D
Cut next word
Cut the word following the cursor.
Ctrl+Y
Paste recent text
Paste most recently cut text.
Alt+Y
Paste earlier text
Rotate back to previously cut text and paste it.
Ctrl+C
Delete whole line
Delete the entire line.
Command-line completion
To save you a few keystrokes, the bash shell offers several different ways of completing partially
typed values. To attempt to complete a value, type the first few characters, and then press Tab.
Here are some of the values you can type partially:
Environment variable — If the text you type begins with a dollar sign ($), the shell
completes the text with an environment variable from the current shell.
Username — If the text you type begins with a tilde (~), the shell completes the text
with a username.
Command, alias, or function — If the text you type begins with regular characters,
the shell tries to complete the text with a command, alias, or function name.
Hostname — If the text you type begins with an at (@) sign, the shell completes the text
with a hostname taken from the /etc/hosts file.
Tip
To add hostnames from an additional file, you can set the HOSTFILE variable to the name of that file. The file
must be in the same format as /etc/hosts. Here are a few examples of command completion. (When you see <Tab>, it means to press the
Tab key on your keyboard.) Type the following:
$ echo $OS<Tab>
$ cd ~ro<Tab>
$ fing<Tab>
262
Chapter 9: Running Commands from the Shell
The first example causes $OS to expand to the $OSTYPE variable. In the next example, ~ro
expands to the root user’s home directory (~root/). Next, fing expands to the finger
command.
Pressing Tab twice offers some wonderful possibilities. There are times when several possible
completions for the string of characters you have entered are available. In those cases, you can
check the possible ways text can be expanded by pressing Tab twice at the point where you want
to do completion.
This shows the result you would get if you checked for possible completions on $P.
$ echo $P<Tab><Tab>
$PATH $PPID $PS1 $PS2 $PS4 $PWD
$ echo $P
In this case, there are six possible variables that begin with $P. After possibilities are displayed,
the original command line returns, ready for you to complete it as you choose.
Command-line recall
After you type a command line, that entire command line is saved in your shell’s history list. The
list is stored in a history file, from which any command can be recalled to run again. After it is
recalled, you can modify the command line, as described earlier.
To view your history list, use the history command. Type the command without options or followed by a number to list that many of the most recent commands. For example:
$ history 8
382 date
383 ls /usr/bin | sort -a | more
384 man sort
385 cd /usr/local/bin
386 man more
387 useradd -m /home/chris -u 101 chris
388 passwd chris
389 history 8
A number precedes each command line in the list. You can recall one of those commands using
an exclamation point (!). Keep in mind that when using an exclamation point, the command runs
blind, without presenting an opportunity to confirm the command you’re referencing. There are
several ways to run a command immediately from this list, including the following:
!n — Run command number. Replace the n with the number of the command line, and
that line is run. For example, here’s how to repeat the date command shown as command number 382 in the preceding history listing:
$ !382
date
Thu Oct 29 21:30:06 PDT 2010
263
Part III: Learning System Administration Skills
!! — Run previous command. Runs the previous command line. Here’s how you would
immediately run that same date command:
$ !!
date
Thu Oct 29 21:30:39 PDT 2010
!?string? — Run command containing string. This runs the most recent command
that contains a particular string of characters. For example, you can run the date com-
mand again by just searching for part of that command line as follows:
$ !?dat?
date
Thu Oct 29 21:32:41 PDT 2010
Instead of just running a history command line immediately, you can recall a particular line and
edit it. You can use the following keys or key combinations to do that, as shown in Table 9-4.
TABLE 9-4
Key Strokes for Using Command History
Key(s)
Function Name
Description
Arrow Keys
(↑ and ↓)
Step
Press the up and down arrow keys to step
through each command line in your history list to
arrive at the one you want. (Ctrl+P and Ctrl+N do
the same functions, respectively.)
Ctrl+R
Reverse Incremental Search
After you press these keys, you enter a search string
to do a reverse search. As you type the string, a
matching command line appears that you can run
or edit.
Ctrl+S
Forward Incremental Search
Same as the preceding function but for forward
search.
Alt+P
Reverse Search
After you press these keys, you enter a string to do
a reverse search. Type a string and press Enter to
see the most recent command line that includes that
string.
Alt+N
Forward Search
Same as the preceding function but for forward
search.
264
Chapter 9: Running Commands from the Shell
Another way to work with your history list is to use the fc command. Type fc followed by a history line number, and that command line is opened in a text editor. Make the changes that you
want. When you exit the editor, the command runs. You can also give a range of line numbers (for
example, fc 100 105). All the commands open in your text editor, and then run one after the
other when you exit the editor.
The history list is stored in the .bash_history file in your home directory. Up to 1,000 history
commands are stored for you by default.
Note
Some people disable the history feature for the root user by setting the HISTFILE to /dev/null or simply
leaving HISTSIZE blank. This prevents information about the root user’s activities from potentially being
exploited. If you are an administrative user with root privileges, you may want to consider emptying your file
upon exiting as well for the same reasons. Connecting and expanding commands
A truly powerful feature of the shell is the capability to redirect the input and output of commands to and from other commands and files. To allow commands to be strung together, the
shell uses metacharacters. As noted earlier, a metacharacter is a typed character that has special
meaning to the shell for connecting commands or requesting expansion.
Piping commands
The pipe (|) metacharacter connects the output from one command to the input of another command. This lets you have one command work on some data, and then have the next command
deal with the results. Here is an example of a command line that includes pipes:
$ cat /etc/passwd | sort | less
This command lists the contents of the /etc/passwd file and pipes the output to the sort
command. The sort command takes the usernames that begin each line of the /etc/passwd
file, sorts them alphabetically, and pipes the output to the less command (to page through the
output).
Pipes are an excellent illustration of how UNIX, the predecessor of Linux, was created as an operating system made up of building blocks. A standard practice in UNIX was to connect utilities in
different ways to get different jobs done. For example, before the days of graphical word processors, users created plain-text files that included macros to indicate formatting. To see how the
document really appeared, they would use a command such as the following:
$ gunzip < /usr/share/man/man1/grep.1.gz | nroff -c -man | less
In this example, the contents of the grep man page (grep.1.gz) are directed to the gunzip
command to be unzipped. The output from gunzip is piped to the nroff command to format the
man page using the manual macro (-man). The output is piped to the less command to display
265
Part III: Learning System Administration Skills
the output. Because the file being displayed is in plain text, you could have substituted any number of options to work with the text before displaying it. You could sort the contents, change or
delete some of the content, or bring in text from other documents. The key is that, instead of all
those features being in one program, you get results from piping and redirecting input and output
between multiple commands.
Sequential commands
Sometimes you may want a sequence of commands to run, with one command completing before
the next command begins. You can do this by typing several commands on the same command
line and separating them with semicolons (;):
$ date ; troff -me verylargedocument | lpr ; date
In this example, I was formatting a huge document and wanted to know how long it would take. The
first command (date) showed the date and time before the formatting started. The troff command
formatted the document and then piped the output to the printer. When the formatting was done, the
date and time were printed again (so I knew how long the troff command took to complete).
Another useful command to add to the end of a long command line is the mail command. You
could add
; mail -s “Finished the long command” chris@example.com
to the end of a command line. Then, for example, a mail message is sent to the user you choose
after the command completes.
Background commands
Some commands can take a while to complete. Sometimes you may not want to tie up your shell
waiting for a command to finish. In those cases, you can have the commands run in the background by using the ampersand (&).
Text formatting commands (such as nroff and troff, described earlier) are examples of commands that are often run in the background to format a large document. You also might want to
create your own shell scripts that run in the background to check continuously for certain events
to occur, such as the hard disk filling up or particular users logging in.
Here is an example of a command being run in the background:
$ troff -me verylargedocument | lpr &
Other ways to manage background and foreground processes are described in the “Managing
background and foreground processes” section later in this chapter.
Expanding commands
With command substitution, you can have the output of a command interpreted by the shell
instead of by the command itself. In this way, you can have the standard output of a command
266
Chapter 9: Running Commands from the Shell
become an argument for another command. The two forms of command substitution are
$(command) and `command` (backticks, not single quotes).
The command in this case can include options, metacharacters, and arguments. Here is an example of using command substitution:
$ vi $(find /home | grep xyzzy)
In this example, the command substitution is done before the vi command is run. First, the find
command starts at the /home directory and prints out all files and directories below that point
in the file system. The output is piped to the grep command, which filters out all files except for
those that include the string xyzzy in the filename. Finally, the vi command opens all filenames
for editing (one at a time) that include xyzzy.
This particular example is useful if you want to edit a file for which you know the name but
not the location. As long as the string is uncommon, you can fi nd and open every instance of a
filename existing beneath a point you choose in the fi le system. (In other words, don’t use grep
from the root file system or you’ll match and try to edit several thousand files.)
Expanding arithmetic expressions
There may be times when you want to pass arithmetic results to a command. There are two forms
you can use to expand an arithmetic expression and pass it to the shell: $[expression] or
$(expression). Here is an example:
$ echo “I am $[2010 - 1957] years old.”
I am 53 years old.
The shell interprets the arithmetic expression first (2010 - 1957), and then passes that information to the echo command. The echo command displays the text, with the results of the arithmetic (53) inserted.
Here’s an example of the other form:
$ echo “There are $(ls | wc -w) files in this directory.”
There are 14 files in this directory.
This lists the contents of the current directory (ls) and runs the word count command to count
the number of files found (wc -w). The resulting number (14 in this case) is echoed back with the
rest of the sentence shown.
Expanding environment variables
Environment variables that store information within the shell can be expanded using the dollar
sign ($) metacharacter. When you expand an environment variable on a command line, the value
of the variable is printed instead of the variable name itself, as follows:
$ ls -l $BASH
-rwxr-xr-x 1 root
root
625516 Dec 5 11:13 /bin/bash
267
Part III: Learning System Administration Skills
Using $BASH as an argument to ls -l causes a long listing of the bash command to be printed.
The following section discusses shell environment variables.
Creating Your Shell Environment
You can tune your shell to help you work more efficiently. Your prompt can provide pertinent
information each time you press Enter. You can set aliases to save your keystrokes and permanently set environment variables to suit your needs. To make each change occur when you start a
shell, add this information to your shell configuration files.
Configuring your shell
Several configuration files support how your shell behaves. Some of the files are executed for
every user and every shell, whereas others are specific to the user who creates the configuration
file. Table 9-5 shows the files that are of interest to anyone using the bash shell in Linux.
TABLE 9-5
Bash Configuration Files
File
Description
/etc/profile
Sets up user environment information for every user. It is executed when
you first log in. This file provides values for your path, as well as setting
environment variables for such things as the location of your mailbox and the
size of your history files. Finally, /etc/profile gathers shell settings from
configuration files in the /etc/profile.d directory.
/etc/bashrc
Executes for every user who runs the bash shell, each time a bash shell is
opened. It sets the default prompt and may add one or more aliases. Values in
this file can be overridden by information in each user’s ~/.bashrc file.
~/.bash_profile
Used by each user to enter information that is specific to his or her own use of
the shell. It is executed only once, when the user logs in. By default, it sets a
few environment variables and executes the user’s .bashrc file.
~/.bashrc
Contains the information that is specific to your bash shells. It is read when you
log in and also each time you open a new bash shell. This is the best location
to add environment variables and aliases so that your shell picks them up.
~/.bash_logout
Executes each time you log out (exit the last bash shell). By default, it simply
clears your screen.
To change the /etc/profile or /etc/bashrc files, you must be the root user. Users can change
the information in the $HOME/.bash_profile, $HOME/.bashrc, and $HOME/.bash_logout
files in their own home directories.
268
Chapter 9: Running Commands from the Shell
The following sections provide ideas about items to add to your shell configuration files. In most
cases, you add these values to the .bashrc file in your home directory. However, if you administer
a system, you may want to set some of these values as defaults for all of your Linux system’s users.
Setting your prompt
Your prompt consists of a set of characters that appear each time the shell is ready to accept a
command. The PS1 environment variable sets what the prompt contains and is what you interact
with most of the time. If your shell requires additional input, it uses the values of PS2, PS3, and
PS4.
When your Linux system is installed, often a prompt is set to contain more than just a dollar sign
or pound sign. For example, in Fedora or Red Hat Enterprise Linux, your prompt is set to include
the following information: your username, your hostname, and the base name of your current
working directory. That information is surrounded by brackets and followed by a dollar sign (for
regular users) or a pound sign (for the root user). Here is an example of that prompt:
[chris@myhost bin]$
If you change directories, the bin name would change to the name of the new directory. Likewise,
if you were to log in as a different user or to a different host, that information would change.
You can use several special characters (indicated by adding a backslash to a variety of letters) to
include different information in your prompt. These can include your terminal number, the date,
and the time, as well as other pieces of information. Table 9-6 provides some examples (you can
find more on the bash man page).
TABLE 9-6
Characters to Add Information to bash Prompt
Special Character
Description
\!
Shows the current command history number. This includes all previous
commands stored for your username.
\#
Shows the command number of the current command. This includes only the
commands for the active shell.
\$
Shows the user prompt ($) or root prompt (#), depending on which user you are.
\W
Shows only the current working directory base name. For example, if the current
working directory was /var/spool/mail, this value simply appears as mail.
\[
Precedes a sequence of nonprinting characters. This can be used to add a
terminal control sequence into the prompt for such things as changing colors,
adding blink effects, or making characters bold. (Your terminal determines the
exact sequences available.)
continued
269
Part III: Learning System Administration Skills
TABLE 9-6
(continued)
Special Character
Description
\]
Follows a sequence of nonprinting characters.
\\
Shows a backslash.
\d
Displays the day name, month, and day number of the current date. For
example: Sat Jan 23.
\h
Shows the hostname of the computer running the shell.
\n
Causes a newline to occur.
\nnn
Shows the character that relates to the octal number replacing nnn.
\s
Displays the current shell name. For the bash shell, the value would be bash.
\t
Prints the current time in hours, minutes, and seconds (for example, 10:14:39).
\u
Prints your current username.
\w
Displays the full path to the current working directory.
Tip
If you are setting your prompt temporarily by typing at the shell, you should put the value of PS1 in
quotes. For example, you could type export PS1=”[\t \w]\$ “ to see a prompt that looks like this:
[20:26:32 /var/spool]$. To make a change to your prompt permanent, add the value of PS1 to your .bashrc file in your
home directory (assuming that you are using the bash shell). There may already be a PS1 value in
that file that you can modify. Refer to the Bash Prompt HOWTO (www.tldp.org/HOWTO/BashPrompt-HOWTO) for information on changing colors, commands, and other features of your bash
shell prompt.
Adding environment variables
You may consider adding a few environment variables to your .bashrc file. These can help make
working with the shell more efficient and effective:
TMOUT — Sets how long the shell can be inactive before bash automatically exits. The
value is the number of seconds for which the shell has not received input. This can be a
nice security feature, in case you leave your desk while you are still logged in to Linux.
So as not to be logged off while you are working, you may want to set the value to something like TMOUT=1800 (to allow 30 minutes of idle time). You can use any terminal session to close the current shell after a set number of seconds, for example TMOUT=30.
270
PATH — As described earlier, the PATH variable sets the directories that are searched for
commands you use. If you often use directories of commands that are not in your PATH,
Chapter 9: Running Commands from the Shell
you can permanently add them. To do this, add a PATH variable to your .bashrc file.
For example, to add a directory called /getstuff/bin, add the following:
PATH=$PATH:/getstuff/bin ; export PATH
This example first reads all the current path directories into the new PATH ($PATH),
adds the /getstuff/bin directory, and then exports the new PATH.
Caution
Some people add the current directory to their PATH by adding a directory identified simply as a dot (.), as
follows:
PATH=.:$PATH ; export PATH
This enables you always to run commands in your current directory before evaluating any other command
in the path (which people may be used to if they have used DOS). However, the security risk with this procedure is that you could be in a directory that contains a command that you don’t intend to run from that
directory. For example, a malicious person could put an ls command in a directory that, instead of listing
the content of your directory, does something devious. Because of this, the practice of adding the dot to your
path is highly discouraged. WHATEVER — You can create your own environment variables to provide shortcuts in
your work. Choose any name that is not being used and assign a useful value to it. For
example, if you do a lot of work with files in the /work/time/files/info/memos
directory, you could set the following variable:
M=/work/time/files/info/memos ; export M
You could make that your current directory by typing cd $M. You could run a program
from that directory called hotdog by typing $M/hotdog. You could edit a file from there
called bun by typing vi $M/bun.
Adding aliases
Setting aliases can save you even more typing than setting environment variables. With aliases,
you can have a string of characters execute an entire command line. You can add and list aliases
with the alias command. Here are some examples of using alias from a bash shell:
alias p=’pwd ; ls –CF’
alias rm=’rm -i’
In the first example, the letter p is assigned to run the command pwd, and then to run ls -CF to
print the current working directory and list its contents in column form. The second runs the rm
command with the -i option each time you simply type rm. (This is an alias that is often set automatically for the root user. Instead of just removing files, you are prompted for each individual file
271
Part III: Learning System Administration Skills
removal. This prevents you from automatically removing all the files in a directory by mistakenly
typing something such as rm *.)
While you are in the shell, you can check which aliases are set by typing the alias command. If
you want to remove an alias, type unalias. (Remember that if the alias is set in a configuration
file, it will be set again when you open another shell.)
Using shell environment variables
Every active shell stores pieces of information that it needs to use in what are called environment
variables. An environment variable can store things such as locations of configuration files, mailboxes, and path directories. They can also store values for your shell prompts, the size of your
history list, and type of operating system.
To see the environment variables currently assigned to your shell, type the declare command.
(It will probably fill more than one screen, so type declare | more. The declare command also
shows functions as well as environment variables.) You can refer to the value of any of those
variables by preceding it with a dollar sign ($) and placing it anywhere on a command line. For
example:
$ echo $USER
chris
This command prints the value of the USER variable, which holds your username (chris).
Substitute any other value for USER to print its value instead.
Common shell environment variables
When you start a shell (by logging in or opening a Terminal window), a lot of environment variables are already set. Table 9-7 shows some variables that are either set when you use a bash shell
or that can be set by you to use with different features.
TABLE 9-7
Common Shell Environment Variables
Variable
Description
BASH
Contains the full path name of the bash command. This is usually /bin/
bash.
BASH_VERSION
A number representing the current version of the bash command.
EUID
This is the effective user ID number of the current user. It is assigned when the
shell starts, based on the user’s entry in the /etc/passwd file.
FCEDIT
If set, this variable indicates the text editor used by the fc command to edit
history commands. If this variable isn’t set, the vi command is used.
272
Chapter 9: Running Commands from the Shell
Variable
Description
HISTFILE
The location of your history file. It is typically located at $HOME/.bash_
history.
HISTFILESIZE
The number of history entries that can be stored. After this number is reached,
the oldest commands are discarded. The default value is 1000.
HISTCMD
This returns the number of the current command in the history list.
HOME
This is your home directory. It is your current working directory each time you
log in or type the cd command with any options.
HOSTTYPE
A value that describes the computer architecture on which the Linux system
is running. For Intel-compatible PCs, the value is i386, i486, i586, i686, or
something like i386-linux. For AMD 64-bit machines, the value is x86_64.
MAIL
This is the location of your mailbox file. The file is typically your username in
the /var/spool/mail directory.
OLDPWD
The directory that was the working directory before you changed to the current
working directory.
OSTYPE
A name identifying the current operating system. For Fedora Linux, the OSTYPE
value is either linux or linux-gnu, depending on the type of shell you are
using. (Bash can run on other operating systems as well.)
PATH
The colon-separated list of directories used to find commands that you type.
The default value for regular users varies for different distributions, but typically
includes the following: /bin:/usr/bin:/usr/local/bin:/usr/bin/
X11:/usr/X11R6/bin:~/bin. You need to type the full path or a relative
path to a command you want to run that is not in your PATH.
For the root user, the value also includes /sbin, /usr/sbin, and /usr/
local/sbin.
PPID
The process ID of the command that started the current shell (for example, the
Terminal window containing the shell).
PROMPT_COMMAND
Can be set to a command name that is run each time before your shell prompt
is displayed. Setting PROMPT_COMMAND=date lists the current date/time before
the prompt appears.
PS1
Sets the value of your shell prompt. There are many items that you can read
into your prompt (date, time, username, hostname, and so on). Sometimes a
command requires additional prompts, which you can set with the variables
PS2, PS3, and so on.
PWD
This is the directory that is assigned as your current directory. This value
changes each time you change directories using the cd command.
RANDOM
Accessing this variable causes a random number to be generated. The number
is between 0 and 99999.
continued
273
Part III: Learning System Administration Skills
TABLE 9-7
(continued)
Variable
Description
SECONDS
The number of seconds since the time the shell was started.
SHLVL
The number of shell levels associated with the current shell session. When you
log in to the shell, the SHLVL is 1. Each time you start a new bash command
(by, for example, using su to become a new user, or by simply typing bash),
this number is incremented.
TMOUT
Can be set to a number representing the number of seconds the shell can
be idle without receiving input. After the number of seconds is reached, the
shell exits. This security feature makes it less likely for unattended shells to be
accessed by unauthorized people. (This must be set in the login shell for it to
actually cause the shell to log out the user.)
UID
The user ID number assigned to your username. The user ID number is stored
in the /etc/passwd file.
Set your own environment variables
Environment variables can provide a handy way to store bits of information that you use often
from the shell. You can create any variables that you want (avoiding those that are already in use)
so that you can read in the values of those variables as you use the shell. (The bash man page
lists variables already in use.)
To set an environment variable temporarily, you can simply type a variable name and assign it to
a value. Here’s an example:
$ AB=/usr/dog/contagious/ringbearer/grind ; export AB
This example causes a long directory path to be assigned to the AB variable. The export AB command says to export the value to the shell so that it can be propagated to other shells you may
open. With AB set, you go to the directory by typing the following:
$ cd $AB
The problem with setting environment variables in this way is that as soon as you exit the shell in
which you set the variable, the setting is lost. To set variables permanently, add variable settings
to a bash configuration file, as described later in this section.
Note
Another option to add the settings to the bash configuration file is to create an executable script file that contains these settings. This is useful when you don’t use the settings all the time, but need to use them occasionally. They are there only for the life of the session after the script file has run. If you want to have other text right up against the output from an environment variable, you can
surround the variable in braces. This protects the variable name from being misunderstood. For
274
Chapter 9: Running Commands from the Shell
example, if you want to add a command name to the AB variable shown earlier, you can type the
following:
$ echo ${AB}/adventure
/usr/dog/contagious/ringbearer/grind/adventure
Remember that you must export the variable so that it can be picked up by other shell commands. You must add the export line to a shell configuration file for it to take effect the next time
you log in. The export command is fairly flexible. Instead of running the export command after
you set the variable, you can do it all in one step, as follows:
$ export XYZ=/home/xyz/bin
You can override the value of any environment variable. This can be temporary, by simply typing
the new value, or you can add the new export line to your $HOME/.bashrc file. One useful variable to update is PATH:
$ export PATH=$PATH:/home/xyz/bin
In this example, the /home/xyz/bin directory is added to the PATH, a useful technique if you
want to run a bunch of commands from a directory that is not normally in your PATH, without
typing the full or relative path each time.
If you decide that you no longer want a variable to be set, you can use the unset command to
erase its value. For example, you can type unset XYZ, which causes XYZ to have no value set.
(Remember to remove the export from the $HOME/.bashrc file — if you added it there — or it
will return the next time you open a shell.)
Managing background and foreground processes
If you are using Linux over a network or from a dumb terminal (a monitor that allows only text
input with no GUI support), your shell may be all that you have. You may be used to a graphical environment where you have a lot of programs active at the same time so that you can switch
among them as needed. This shell thing can seem pretty limited.
Although the bash shell doesn’t include a GUI for running many programs, it does let you move
active programs between the background and foreground. In this way, you can have a lot of stuff
running, while selectively choosing the one you want to deal with at the moment.
There are several ways to place an active program in the background. One mentioned earlier is
to add an ampersand (&) to the end of a command line. Another way is to use the at command to
run commands in a way in which they are not connected to the shell.
To stop a running command and put it in the background, press Ctrl+Z. After the command is
stopped, you can either bring it back into the foreground to run (the fg command) or start it
running in the background (the bg command). Keep in mind that any command running in the
background might spew output during commands that you run subsequently from that shell. For
275
Part III: Learning System Administration Skills
example, if output appears from a command running in the background during a vi session, simply press Ctrl+L to redraw the screen to get rid of the output.
Tip
To avoid having the output appear, you should have any process running in the background send its output to
a file or to null. Starting background processes
If you have programs that you want to run while you continue to work in the shell, you can place
the programs in the background. To place a program in the background at the time you run the
program, type an ampersand (&) at the end of the command line, like this:
$ find /usr > /tmp/allusrfiles &
This example command finds all files on your Linux system (starting from /usr), prints those
filenames, and puts those names in the file /tmp/allusrfiles. The ampersand (&) runs that
command line in the background. To check which commands you have running in the background, use the jobs command, as follows:
$ jobs
[1] Stopped (tty output) vi /tmp/myfile
[2] Running
find /usr -print > /tmp/allusrfiles &
[3] Running
nroff -man /usr/man2/* >/tmp/man2 &
[4]- Running
nroff -man /usr/man3/* >/tmp/man3 &
[5]+ Stopped
nroff -man /usr/man4/* >/tmp/man4
The first job shows a text-editing command (vi) that I placed in the background and stopped by
pressing Ctrl+Z while I was editing. Job 2 shows the find command I just ran. Jobs 3 and 4 show
nroff commands currently running in the background. Job 5 had been running in the shell (foreground) until I decided too many processes were running and pressed Ctrl+Z to stop job 5 until a
few processes had completed.
The plus sign (+) next to number 5 shows that it was most recently placed in the background. The
minus sign (-) next to number 4 shows that it was placed in the background just before the most
recent background job. Because job 1 requires terminal input, it cannot run in the background. As
a result, it is Stopped until it is brought to the foreground again.
Tip
To see the process ID for the background job, add a -l (the lowercase letter L) option to the jobs command.
If you type ps, you can use the process ID to figure out which command is for a particular background job. Using foreground and background commands
Continuing with the example, you can bring any of the commands on the jobs list to the foreground. For example, to edit myfile again, type
$ fg %1
276
Chapter 9: Running Commands from the Shell
As a result, the vi command opens again, with all text as it was when you stopped the vi job.
Caution
Before you put a text processor, word processor, or similar program in the background, make sure you save
your file. It’s easy to forget you have a program in the background and you will lose your data if you log out
or the computer reboots later on. To refer to a background job (to cancel or bring it to the foreground), use a percent sign (%) followed by the job number. You can also use the following to refer to a background job:
% — Refers to the most recent command put into the background (indicated by the
plus sign when you type the jobs command). This action brings the command to the
foreground.
%string — Refers to a job where the command begins with a particular string of characters. The string must be unambiguous. (In other words, typing %vi when there are
two vi commands in the background results in an error message.)
%?string — Refers to a job where the command line contains a string at any point.
The string must be unambiguous or the match will fail.
%-- — Refers to the previous job stopped before the one most recently stopped.
If a command is stopped, you can start it running again in the background using the bg command. For example, take job 5 from the jobs list in the previous example:
[5]+ Stopped
nroff -man man4/* >/tmp/man4
Type the following:
$ bg %5
After that, the job runs in the background. Its jobs entry appears as follows:
[5]
Running
nroff -man man4/* >/tmp/man4 &
Working with the Linux File System
The Linux file system is the structure in which all the information on your computer is stored.
Files are organized within a hierarchy of directories. Each directory can contain files, as well as
other directories.
If you were to map out the files and directories in Linux, it would look like an upside-down tree.
At the top is the root directory, which is represented by a single slash (/). Below that is a set of
common directories in the Linux system, such as bin, dev, home, lib, and tmp, to name a few.
Each of those directories, as well as directories added to the root, can contain subdirectories.
Figure 9-1 illustrates how the Linux file system is organized as a hierarchy. To demonstrate
how directories are connected, the figure shows a /home directory that contains subdirectories
277
Part III: Learning System Administration Skills
for three users: chris, mary, and tom. Within the chris directory are subdirectories: briefs,
memos, and personal. To refer to a file called inventory in the chris/memos directory, you
can type the full path of /home/chris/memos/inventory. If your current directory is /home/
chris/memos, you can refer to the file as simply inventory.
FIGURE 9-1
The Linux file system is organized as a hierarchy of directories.
/
bin/
dev/
briefs/
etc/
home/
chris/
mary/
memos/
root/
tmp/ ...
tom/
personal/
Some of the Linux directories that may interest you include the following:
/bin — Contains common Linux user commands, such as ls, sort, date, and chmod.
/boot — Has the bootable Linux kernel and boot loader configuration files (GRUB).
/dev — Contains files representing access points to devices on your systems. These
include terminal devices (tty*), floppy disks (fd*), hard disks (hd*), RAM (ram*), and
CD-ROM (cd*). (Users typically access these devices directly through the device files.)
/etc — Contains administrative configuration files.
/home — Contains directories assigned to each user with a login account (with the
exception of root).
/media — Provides a standard location for mounting and automounting devices, such
as remote file systems and removable media (with directory names of cdrecorder,
floppy, and so on).
/mnt — A common mount point for many devices before it was supplanted by the standard /media directory. Some bootable Linux systems still used this directory to mount
hard disk partitions and remote file systems.
278
Chapter 9: Running Commands from the Shell
/proc — Contains information about system resources.
/root — Represents the root user’s home directory. The home directory for root does
not reside beneath /home for security reasons.
/sbin — Contains administrative commands and daemon processes.
/sys — A /proc-like file system, new in the Linux 2.6 kernel and intended to contain
files for getting hardware status and reflecting the system’s device tree as it is seen by the
kernel. It pulls many of its functions from /proc.
/tmp — Contains temporary files used by applications.
/usr — Contains user documentation, games, graphical files (X11), libraries (lib), and a
variety of other user and administrative commands and files.
/var — Contains directories of data used by various applications. In particular, this is
where you would place files that you share as an FTP server (/var/ftp) or a Web server
(/var/www). It also contains all system log files (/var/log) and spool files in /var/
spool (such as mail, cups, and news).
The file systems in the DOS or Microsoft Windows operating systems differ from Linux’s file
structure, as the “Linux File Systems Versus Windows-Based File Systems” sidebar explains.
Linux File Systems Versus
Windows-Based File Systems
Although similar in many ways, the Linux file system has some striking differences from file systems used
in MS-DOS and Windows operating systems. Here are a few:
In MS-DOS and Windows file systems, drive letters represent different storage devices (for example, A: is a floppy drive and C: is a hard disk). In Linux, all storage devices are fit into the file
system hierarchy. So, the fact that all of /usr may be on a separate hard disk or that /mnt/rem1
is a file system from another computer is invisible to the user.
Slashes, rather than backslashes, are used to separate directory names in Linux. So, C:\home\
chris in an MS system is /home/chris in a Linux system.
Filenames almost always have suffixes in DOS (such as .txt for text files or .doc for word-processing files). Although at times you can use that convention in Linux, three-character suffixes
have no required meaning in Linux. They can be useful for identifying a file type. Many Linux
applications and desktop environments use file suffixes to determine the contents of a file. In
Linux, however, DOS command extensions such as .com, .exe, and .bat don’t necessarily signify
an executable (permission flags make Linux files executable).
Every file and directory in a Linux system has permissions and ownership associated with it.
Security varies among Microsoft systems. Because DOS and MS Windows began as single-user
systems, file ownership was not built into those systems when they were designed. Later releases
added features such as file and folder attributes to address this problem.
279
Part III: Learning System Administration Skills
Creating files and directories
As a Linux user, most of the files you save and work with will probably be in your home directory. Table 9-8 shows commands to create and use files and directories.
TABLE 9-8
Commands to Create and Use Files
Command
Result
cd
Change to another directory.
pwd
Print the name of the current (or present) working directory.
mkdir
Create a directory.
chmod
Change the permission on a file or directory.
ls
List the contents of a directory.
The following steps lead you through creating directories within your home directory and moving among your directories, with a mention of setting appropriate file permissions:
1. Go to your home directory. To do this, simply type cd. (For other ways of referring to
your home directory, see the “Identifying Directories” sidebar.)
2. To make sure that you’re in your home directory, type pwd. When I do this, I get the
following response (yours will reflect your home directory):
$ pwd
/home/chris
3. Create a new directory called test in your home directory, as follows:
$ mkdir test
4. Check the permissions of the directory:
$ ls -ld test
drwxr-xr-x 2 chris
sales
1024
Jan 24 12:17 test
This listing shows that test is a directory (d). The d is followed by the permissions
(rwxr-xr-x), which are explained later in the “Understanding file permissions” section.
The rest of the information indicates the owner (chris), the group (sales), and the date
that the files in the directory were most recently modified (Jan. 24 at 12:17 p.m.).
280
Chapter 9: Running Commands from the Shell
Note
In some Linux systems, such as Fedora, when you add a new user, the user is assigned to a group of the same
name by default. For example, in the preceding text, the user chris would be assigned to the group chris.
This approach to assigning groups is referred to as the user private group scheme. For now, type the following:
$ chmod 700 test
This step changes the permissions of the directory to give you complete access and
everyone else no access at all. (The new permissions should read rwx------.)
5. Make the test directory your current directory as follows:
$ cd test
Identifying Directories
When you need to identify your home directory on a shell command line, you can use the following:
$HOME
— This environment variable stores your home directory name.
~ — The tilde (~) represents your home directory on the command line.
You can also use the tilde to identify someone else’s home directory. For example, ~chris would be
expanded to the chris home directory (probably /home/chris).
Other special ways of identifying directories in the shell include the following:
.
— A single dot (.) refers to the current directory.
..
— Two dots (..) refer to a directory directly above the current directory.
$PWD
— This environment variable refers to the current working directory.
$OLDPWD
— This environment variable refers to the previous working directory before you
changed to the current one.
Using metacharacters and operators
To make efficient use of your shell, the bash shell lets you use certain special characters, referred
to as metacharacters and operators. Metacharacters can help you match one or more fi les without
typing each file completely. Operators enable you to direct information from one command or file
to another command or file.
281
Part III: Learning System Administration Skills
Using file-matching metacharacters
To save you some keystrokes and to be able to refer easily to a group of files, the bash shell lets
you use metacharacters. Anytime you need to refer to a file or directory, such as to list it, open
it, or remove it, you can use metacharacters to match the files you want. Here are some useful
metacharacters for matching filenames:
* — Matches any number of characters.
? — Matches any one character.
[...] — Matches any one of the characters between the brackets, which can include a
dash-separated range of letters or numbers.
Try out some of these file-matching metacharacters by first going to an empty directory (such as
the test directory described in the previous section) and creating some empty files:
$ touch apple banana grape grapefruit watermelon
The touch command creates empty files. The next few commands show you how to use shell
metacharacters with the ls command to match filenames. Try the following commands to see
whether you get the same responses:
$ ls a*
apple
$ ls g*
grape
grapefruit
$ ls g*t
grapefruit
$ ls *e*
apple grape grapefruit watermelon
$ ls *n*
banana watermelon
The first example matches any file that begins with an a (apple). The next example matches
any files that begin with g (grape, grapefruit). Next, files beginning with g and ending in
t are matched (grapefruit). Next, any file that contains an e in the name is matched (apple,
grape, grapefruit, watermelon). Finally, any file that contains an n is matched (banana,
watermelon).
Here are a few examples of pattern matching with the question mark (?):
$ ls ????e
apple grape
$ ls g???e*
grape grapefruit
The first example matches any five-character file that ends in e (apple, grape). The second
matches any file that begins with g and has e as its fifth character (grape, grapefruit).
282
Chapter 9: Running Commands from the Shell
Here are a couple of examples using braces to do pattern matching:
$ ls [abw]*
apple banana watermelon
$ ls [agw]*[ne]
apple grape watermelon
In the first example, any file beginning with a, b, or w is matched. In the second, any file that
begins with a, g, or w and also ends with either n or e is matched. You can also include ranges
within brackets. For example:
$ ls [a-g]*
apple banana grape grapefruit
Here, any filenames beginning with a letter from a through g is matched.
Using file-redirection metacharacters
Commands receive data from standard input and send it to standard output. Using pipes
(described earlier), you can direct standard output from one command to the standard input of
another. With files, you can use less than (<) and greater than (>) signs to direct data to and from
files. Here are the file-redirection characters:
< — Directs the contents of a file to the command. In most cases, this is the default
action expected by the command and the use of the character is optional; using more
bigfile is the same as more < bigfile.
> — Directs the standard output of a command to a file, deleting the existing file.
2> — Directs standard error (error messages) to the file.
&> — Directs both standard output and standard error to the file.
>> — Directs the output of a command to a file, adding the output to the end of the
existing file.
Here are some examples of command lines where information is directed to and from fi les:
$ mail root < ~/.bashrc
$ man chmod | col -b > /tmp/chmod
$ echo “I finished the project on $(date)” >> ~/projects
In the first example, the contents of the .bashrc file in the home directory are sent in a mail message to the computer’s root user. The second command line formats the chmod man page (using
the man command), removes extra back spaces (col -b), and sends the output to the file /tmp/
chmod (erasing the previous /tmp/chmod file, if it exists). The final command results in the following text being added to the user’s project file:
I finished the project on Sat Jan 23 13:46:49 PST 2010
283
Part III: Learning System Administration Skills
Another type of redirection referred to as here documents lets you type text that can be used as
standard input for a command. Here documents involve entering two less-than characters (<<),
after a command, followed by a word. All typing following that word is taken as user input until
the word is repeated. Here is an example:
$
>
>
>
>
>
$
mail root cnegus rjones bdecker <<thetext
I want to tell everyone that there will be a 10 am
meeting in conference room B. Everyone should attend.
-- James
thetext
The example just shown sends a mail message to root, cnegus, rjones, and bdecker usernames. The
text entered between <<thetext and thetext become the contents of the message. A common use
of a here document is to use it with a text editor to create or add to a file from within a script:
/bin/ed /etc/resolv.conf <<resendit
a
nameserver 100.100.100.100
.
w
q
resendit
With these lines added to a script run by the root user, the ed text editor adds the IP address of a
DNS server to the /etc/resolv.conf file.
Understanding file permissions
After you’ve worked with Linux for a while, you are almost sure to get a Permission denied
message. Permissions associated with files and directories in Linux were designed to keep users
from accessing other users’ private files and to protect important system files.
The nine bits assigned to each file for permissions define the access that you and others have to
your file. Permission bits for a regular file appear as -rwxrwxrwx.
Note
For a regular file, a dash appears in front of the nine-bit permissions indicator. Instead of a dash, you might
see a d (for a directory), l (for a link), b (for a block device), or c (for a character device). Of the nine-bit permissions, the first three bits apply to the owner’s permission, the next three
apply to the group assigned to the file, and the last three apply to all others. The r stands for read,
the w stands for write, and the x stands for execute permissions. If a dash appears instead of the
letter, it means that permission is turned off for that associated read, write, or execute.
Because files and directories are different types of elements, read, write, and execute permissions on files and directories mean different things. Table 9-9 explains what you can do with
each of them.
284
Chapter 9: Running Commands from the Shell
TABLE 9-9
Setting Read, Write, and Execute Permissions
Permission
File
Directory
Read
View what’s in the file.
See what files and subdirectories it
contains.
Write
Change the file’s content, rename it, or
delete it.
Add files or subdirectories to the
directory.
Execute
Run the file as a program.
Change to that directory as the current
directory, search through the directory,
or execute a program from the directory.
You can see the permission for any file or directory by typing the ls -ld command. The named
file or directory appears as those shown in this example:
$ ls -ld ch3 test
-rw-rw-r-- 1 chris
drwxr-xr-x 2 chris
sales
sales
4983
1024
Jan 18 22:13 ch3
Jan 24 13:47 test
The first line shows that the ch3 file has read and write permission for the owner and the group.
All other users have read permission, which means they can view the file but cannot change its
contents or remove it. The second line shows the test directory (indicated by the letter d before
the permission bits). The owner has read, write, and execute permissions while the group and
other users have only read and execute permissions. As a result, the owner can add, change, or
delete files in that directory, and everyone else can only read the contents, change to that directory,
and list the contents of the directory.
If you own a file, you can use the chmod command to change the permission on it as you please. In
one method of doing this, each permission (read, write, and execute) is assigned a number — r=4,
w=2, and x=1 — and you use each set’s total number to establish the permission. For example, to
make permissions wide open for yourself as owner, you would set the first number to 7 (4+2+1),
and then you would give the group and others read-only permission by setting both the second and
third numbers to 4 (4+0+0), so that the final number is 744. Any combination of permissions can
result from 0 (no permission) through 7 (full permission).
Here are some examples of how to change permission on a file (named file) and what the resulting permission would be:
#
#
#
#
chmod
chmod
chmod
chmod
777
755
644
000
file
file
file
file
rwxrwxrwx
rwxr-xr-x
rw-r--r---------
285
Part III: Learning System Administration Skills
You can also turn file permissions on and off using plus (+) and minus (–) signs, respectively. This
can be done for the owner user (u), owner group (g), others (o), and all users (a). For example,
start with a file that has all permissions open (rwxrwxrwx). Run the following chmod commands
using minus sign options. The resulting permissions are shown to the right of each command:
chmod a-w file
chmod o-x file
chmod go-rwx file
r-xr-xr-x
rwxrwxrwrwx------
Likewise, here are some examples, starting with all permissions closed (---------) where the
plus sign is used with chmod to turn permissions on:
chmod u+rw files
chmod a+x files
chmod ug+rx files
rw--------x--x--x
r-xr-x---
When you create a file, it’s given the permission rw-r--r-- by default. A directory is given the
permission rwxr-xr-x. These default values are determined by the value of umask. Type umask
to see what your umask value is. For example:
$ umask
022
The umask value masks the permissions value of 666 for a file and 777 for a directory. The umask
value of 022 results in permission for a directory of 755 (rwxr-xr-x). That same umask results in
a file permission of 644 (rw-r--r--). (Execute permissions are off by default for regular files.)
Tip
Time saver: Use the -R options of chmod, to change the permission for all the files and directories within a
directory structure at once. For example, if you wanted to open permissions completely to all files and directories in the /tmp/test directory, you could type the following:
$ chmod -R 777 /tmp/test
This command line runs chmod recursively (-R) for the /tmp/test directory, as well as any files or directories that exist below that point in the file system (for example, /tmp/test/hat, /tmp/test/hat/caps,
and so on). All would be set to 777 (full read/write/execute permissions). This is not something you would
do on an important directory on a read/write file system. However, you might do this before you create a
directory structure on a CD-ROM that you want to be fully readable and executable to someone using the
CD-ROM later. Caution
The -R option of chmod works best if you are opening permissions completely or adding execute permission (as
well as the appropriate read/write permission). The reason is that if you turn off execute permission recursively,
you close off your capability to change to any directory in that structure. For example, chmod -R 644 /tmp/
test turns off execute permission for the /tmp/test directory, and then fails to change any files or directories
below that point. Execute permissions must be on for a directory to be able to change to that directory. 286
Chapter 9: Running Commands from the Shell
Moving, copying, and deleting files
Commands for moving, copying, and deleting files are fairly straightforward. To change the location of a file, use the mv command. To copy a file from one location to another, use the cp command. To remove a file, use the rm command. Here are some examples:
$
$
$
$
$
$
mv
mv
cp
cp
rm
rm
abc
abc
abc
abc
abc
*
def
~
def
~
Of the two move (mv) commands, the first moves the file abc to the file def in the same directory
(essentially renaming it), whereas the second moves the file abc to your home directory (~). The
first copy command (cp) copies abc to the file def in the same directory, whereas the second copies abc to your home directory (~). The first remove command (rm) deletes the abc file; the second removes all the files in the current directory (except those that start with a dot).
Note
For the root user, the mv, cp, and rm commands are aliased to each be run with the -i option. This causes a
prompt to appear asking you to confirm each move, copy, and removal, one file at a time, and is done to prevent the root user from messing up a large group of files by mistake.
Another alternative with mv is to use the -b option. With -b, if a file of the same name exists at the destination, a backup copy of the old file is made before the new file is moved there. Using the vi Text Editor
It’s almost impossible to use Linux for any period of time and not need to use a text editor. This
is because most Linux configuration files are plain text files that you will almost certainly need to
change manually at some point.
If you are using a GUI, you can run gedit, which is fairly intuitive for editing text. There’s also a
simple text editor you can run from the shell called nano. However, most Linux shell users will
use either the vi or emacs command to edit text files. The advantage of vi or emacs over a graphical editor is that you can use it from any shell, a character terminal, or a character-based connection over a network (using telnet or ssh, for example) — no GUI is required. They also each
contain tons of features, so you can continue to grow with them.
This section provides a brief tutorial on the vi text editor, which you can use to manually edit a
configuration file from any shell. (If vi doesn’t suit you, see the “Exploring Other Text Editors”
sidebar for other options.)
287
Part III: Learning System Administration Skills
The vi editor is difficult to learn at first, but once you know it, you never have to use a mouse or
a function key — you can edit and move around quickly and efficiently within files just by using
the keyboard.
Exploring Other Text Editors
Dozens of text editors are available for use with Linux. Here are a few that might be in your Linux distribution, which you can try out if you find vi to be too taxing.
Text Editor
Description
nano
A popular, streamlined text editor that is used with many bootable Linuxes and
other limited-space Linux environments. For example, nano is available to edit
text files during a Gentoo Linux install process.
gedit
The GNOME text editor that runs in the GUI.
jed
This screen-oriented editor was made for programmers. Using colors, jed can
highlight code you create so you can easily read the code and spot syntax
errors. Use the Alt key to select menus to manipulate your text.
joe
The joe editor is similar to many PC text editors. Use control and arrow keys to
move around. Press Ctrl+C to exit with no save or Ctrl+X to save and exit.
kate
A nice-looking editor that comes in the kdebase package. It has lots of bells and
whistles, such as highlighting for different types of programming languages and
controls for managing word wrap.
kedit
A GUI-based text editor that comes with the KDE desktop.
mcedit
With mcedit, function keys help you get around, save, copy, move, and delete
text. Like jed and joe, mcedit is screen-oriented.
nedit
An excellent programmer’s editor. You need to install the optional nedit package
to get this editor.
If you use ssh to log in to other Linux computers on your network, you can use any editor to edit files. A
GUI-based editor will pop up on your screen. When no GUI is available, you will need a text editor that
runs in the shell, such as vi, jed, or joe.
Starting with vi
Most often, you start vi to open a particular file. For example, to open a file called /tmp/test,
type the following command:
$ vi /tmp/test
288
Chapter 9: Running Commands from the Shell
If this is a new file, you should see something similar to the following:
~
~
~
~
~
“/tmp/test” [New File]
The box at the top represents where your cursor is. The bottom line keeps you informed about
what is going on with your editing (here you just opened a new file). In between, there are tildes
(~) as filler because there is no text in the file yet. Now here’s the intimidating part: There are no
hints, menus, or icons to tell you what to do. On top of that, you can’t just start typing. If you do,
the computer is likely to beep at you. And some people complain that Linux isn’t friendly.
The first things you need to know are the different operating modes: command and input. The vi
editor always starts in command mode. Before you can add or change text in the file, you have to
type a command (one or two letters and an optional number) to tell vi what you want to do. Case
is important, so use uppercase and lowercase exactly as shown in the examples! To get into input
mode, type an input command. To start out, type either of the following:
a — The add command. After it, you can input text that starts to the right of the cursor.
i — The insert command. After it, you can input text that starts to the left of the cursor.
Tip
When you are in insert mode, -- INSERT -- will appear at the bottom of the screen. Type a few words and then press Enter. Repeat that a few times until you have a few lines of text.
When you’re finished typing, press Esc to return to command mode. Now that you have a fi le
with some text in it, try moving around in your text with the following keys or letters:
Tip
Remember the Esc key! It always places you back into command mode. Arrow keys — Move the cursor up, down, left, or right in the file one character at a
time. To move left and right, you can also use Backspace and the spacebar, respectively.
If you prefer to keep your fingers on the keyboard, move the cursor with h (left), l
(right), j (down), or k (up).
w — Moves the cursor to the beginning of the next word.
b — Moves the cursor to the beginning of the previous word.
0 (zero) — Moves the cursor to the beginning of the current line.
$ — Moves the cursor to the end of the current line.
H — Moves the cursor to the upper-left corner of the screen (first line on the screen).
M — Moves the cursor to the first character of the middle line on the screen.
L — Moves the cursor to the lower-left corner of the screen (last line on the screen).
289
Part III: Learning System Administration Skills
The only other editing you need to know is how to delete text. Here are a few vi commands for
deleting text:
x — Deletes the character under the cursor.
X — Deletes the character directly before the cursor.
dw — Deletes from the current character to the end of the current word.
d$ — Deletes from the current character to the end of the current line.
d0 — Deletes from the previous character to the beginning of the current line.
To wrap things up, use the following keystrokes for saving and quitting the file:
ZZ — Save the current changes to the file and exit from vi.
:w — Save the current file but continue editing.
:wq — Same as ZZ.
:q — Quit the current file. This works only if you don’t have any unsaved changes.
:q! — Quit the current file and don’t save the changes you just made to the file.
Tip
If you’ve really trashed the file by mistake, the :q! command is the best way to exit and abandon your changes.
The file reverts to the most recently changed version. So, if you just did a :w, you are stuck with the changes up
to that point. If you just want to undo a few bad edits, press u to back out of changes. You have learned a few vi editing commands. I describe more commands in the following sections. First, however, here are a few tips to smooth out your first trials with vi:
290
Esc — Remember that Esc gets you back to command mode. (I’ve watched people press
every key on the keyboard trying to get out of a file.) Esc followed by ZZ gets you out of
command mode, saves the file, and exits.
u — Press u to undo the previous change you made. Continue to press u to undo the
change before that, and the one before that.
Ctrl+R — If you decide you didn’t want to undo the previous command, use Ctrl+R for
Redo. Essentially, this command undoes your undo.
Caps Lock — Beware of hitting Caps Lock by mistake. Everything you type in vi has a
different meaning when the letters are capitalized. You don’t get a warning that you are
typing capitals — things just start acting weird.
:! command — You can run a command while you are in vi using :! followed by a command name. For example, type :!date to see the current date and time, type :!pwd to
see what your current directory is, or type :!jobs to see whether you have any jobs running in the background. When the command completes, press Enter and you are back
to editing the file. You could even use this technique to launch a shell (:!bash) from vi,
Chapter 9: Running Commands from the Shell
run a few commands from that shell, and then type exit to return to vi. (I recommend
doing a save before escaping to the shell, just in case you forget to go back to vi.)
Ctrl+G — If you forget what you are editing, pressing these keys displays the name of
the file that you are editing and the current line that you are on at the bottom of the
screen. It also displays the total number of lines in the file, the percentage of how far
you are through the file, and the column number the cursor is on. This just helps you
get your bearings after you’ve stopped for a cup of coffee at 3 a.m.
Moving around the file
Besides the few movement commands described earlier, there are other ways of moving around a
vi file. To try these out, open a large file that you can’t do much damage to. (Try copying /var/
log/messages to /tmp and opening it in vi.) Here are some movement commands you can use:
Ctrl+F — Page ahead, one page at a time.
Ctrl+B — Page back, one page at a time.
Ctrl+D — Page ahead one-half page at a time.
Ctrl+U — Page back one-half page at a time.
G — Go to the last line of the file.
1G — Go to the first line of the file. (Use any number to go to that line in the file.)
Searching for text
To search for the next occurrence of text in the file, use either the slash (/) or the question mark
(?) character. Follow the slash or question mark with a pattern (string of text) to search forward or
backward, respectively, for that pattern. Within the search, you can also use metacharacters. Here
are some examples:
/hello — Searches forward for the word hello.
?goodbye — Searches backward for the word goodbye.
/The.*foot — Searches forward for a line that has the word The in it and also, after
that at some point, the word foot.
?[pP]rint — Searches backward for either print or Print. Remember that case
matters in Linux, so make use of brackets to search for words that could have different
capitalization.
After you have entered a search term, simply type / or ? to search forward or backward for the
same term again, respectively.
291
Part III: Learning System Administration Skills
The vi editor was originally based on the ex editor, which didn’t let you work in full-screen mode.
However, it did enable you to run commands that let you find and change text on one or more
lines at a time. When you type a colon and the cursor goes to the bottom of the screen, you are
essentially in ex mode. Here is an example of some of those ex commands for searching for and
changing text. (I chose the words Local and Remote to search for, but you can use any appropriate words.)
:g/Local — Searches for the word Local and prints every occurrence of that line from
the file. (If there is more than a screenful, the output is piped to the more command.)
:s/Local/Remote — Substitutes Remote for the word Local on the current line.
:g/Local/s//Remote — Substitutes the first occurrence of the word Local on every
line of the file with the word Remote.
:g/Local/s//Remote/g — Substitutes every occurrence of the word Local with the
word Remote in the entire file.
:g/Local/s//Remote/gp — Substitutes every occurrence of the word Local with the
word Remote in the entire file, and then prints each line so that you can see the changes
(piping it through more if output fills more than one page).
Using numbers with commands
You can precede most vi commands with numbers to have the command repeated that number
of times. This is a handy way to deal with several lines, words, or characters at a time. Here are
some examples:
3dw — Deletes the next three words.
5cl — Changes the next five letters (that is, removes the letters and enters input mode).
12j — Moves down 12 lines.
Putting a number in front of most commands just repeats those commands. At this point, you
should be fairly proficient at using the vi command. After you get used to using vi, you will probably find other text editors less efficient to use.
Note
When you invoke vi in many Linux systems, you’re actually invoking the vim text editor, which runs in vi
compatibility mode. Those who do a lot of programming might prefer vim because it shows different levels
of code in different colors. vim has other useful features, such as the capability to open a document with the
cursor at the same place as it was when you last exited that file. 292
Chapter 9: Running Commands from the Shell
Summary
Working from a shell command line within Linux may not be as simple as using a GUI, but it
offers many powerful and flexible features. This chapter explains how to find your way around
the shell in Linux and provides examples of running commands, including recalling commands
from a history list, completing commands, and joining commands.
The chapter describes how shell environment variables can be used to store and recall important
pieces of information. It also teaches you how to modify shell configuration files to tailor the shell
to suit your needs. Finally, this chapter shows you how to use the Linux file system to create files
and directories, use permissions, and work with files (moving, copying, and removing them), and
how to edit text files from the shell using the vi command.
293
CH APTER
Learning Basic
Administration
L
inux, like other UNIX-based systems, was intended for use by more
than one person at a time. Multiuser features enable many people to
have accounts on a single Linux system, with their data kept secure
from others. Multitasking enables many people to run many programs on
the computer at the same time, with each person able to run more than one
program. Sophisticated networking protocols and applications make it possible for a Linux system to extend its capabilities to network users and computers around the world. The person assigned to manage all of this stuff is
called the system administrator.
Even if you are the only person using a Linux system, system administration is still set up to be separate from other computer use. To do most
administrative tasks, you need to be logged in as the root user (also called
the superuser) or temporarily get root permission. Users other than root
cannot change, or in some cases even see, some of the configuration information for a Linux system. In particular, security features such as stored
passwords are protected from general view.
Because Linux system administration is such a huge topic, this chapter
focuses on the general principles of Linux system administration. In particular, it examines some of the basic tools you need to administer a Linux
system for a personal desktop or on a small LAN. Beyond the basics, this
chapter also teaches you how to work with file systems and monitor the
setup and performance of your Linux system.
295
IN THIS CHAPTER
Doing graphical administration
Using the root login
Understanding administrative
commands, config files, and log
files
Creating user accounts
Configuring hardware
Managing file systems and disk
space
Monitoring system performance
Doing remote system
administration
Part III: Learning System Administration Skills
Graphical Administration Tools
Many Linux systems come with simplified graphical tools for administering Linux. If you are a
casual user, these tools often let you do everything you need to administer your system without
editing configuration files or running shell commands.
Let’s examine some of the Web-based administration tools available to use with most Linux
systems.
Using Web-based administration
Web-based administration tools are available with many open source projects to make those
projects more accessible to casual users. Often all you need to use those tools is a Web browser
(such as Firefox), the port number of the service, and the root password. Projects such as Samba
and CUPS come with their own Web administration tools. Webmin is a general-purpose tool for
administering a variety of Linux system services from your Web browser.
The advantages of Web-based administration tools are that you can operate them from a familiar interface (your Web browser) and you can access them remotely. Webmin includes graphical
interfaces for configuring Apache Web server, Sendmail mail server, and SSH server.
Note
Some Linux distributions come with their own set of graphical administration tools (such as SUSE’s YaST or
Red Hat’s system-config tools). You should generally use those instead of any Web-based interface that comes
with a project because a distribution’s own tools are usually better integrated with its features for starting and
stopping services. Open source projects offering Web administration
Several major open source projects come with Web-based interfaces for configuring those projects. Regardless of which Linux you are using, you can use your Web browser to configure the
following projects:
Samba—To set up Samba for doing file and printer sharing with Microsoft Windows
systems on your LAN, use the Samba SWAT Web-based administration tools from any
Web browser. With SWAT installed and running, you can access your Samba server
configuration from your Web browser by typing the following URL in the location box:
http://localhost:901
Note
If you get an Unable to Connect message, it may be because Samba or SWAT is not running. Or your firewall may be blocking access. 296
Chapter 10: Learning Basic Administration
The Samba project also offers other graphical tools for administering Samba. You can
check them out at http://samba.org/samba/GUI. For descriptions of these tools,
see Chapters 15 and 16.
CUPS —The Common UNIX Printing Service (CUPS) has its own Web administration
tool. With CUPS installed and configured, you can typically use CUPS Web administration by typing the following URL in your Web browser’s location box:
http://localhost:631
You use the CUPS administration tool to manage printers and classes and do a variety
of administration tasks. CUPS is described in Chapter 15.
Samba and CUPS are included with many Linux distributions. Other projects that offer Webbased administration that may or may not be in your Linux distribution include SquirrelMail (a
Webmail interface) and Mailman (a mailing list facility).
Because many Web browser administrative interfaces send data in clear text, they are most
appropriate for use on the local system. However, because they are Web-based, you can also use
these interfaces from your LAN or other network. If you plan to expose these administrative
interfaces to an untrusted network, however, you should consider encrypting your communications (for example, by using Web-based administration tools over an SSH tunnel, as described
later in this chapter).
The Webmin administration tool
The Webmin facility (www.webmin.com) offers more complete Web-based Linux and UNIX
administration features. Although Webmin isn’t delivered with some Linux systems that offer
their own graphical administration tools (such as Fedora and RHEL), the Webmin project has
ported Webmin to run on more than 70 different operating systems. Supported Linux distributions include SUSE, Red Hat (Fedora and RHEL), Debian, Ubuntu, Gentoo, Slackware, Mandriva,
Yellow Dog, and others (see www.webmin.com/support.html for a complete list).
After you get Webmin from Webmin.com and install it, you can use Webmin from your Web
browser. To start the Webmin interface, type the following in the Web browser’s location box:
http://localhost:10000
After you log in as root user, the main Webmin page displays, as shown in Figure 10-1.
297
Part III: Learning System Administration Skills
FIGURE 10-1
Webmin offers a Web browser interface for administering Linux.
Graphical administration with
different distributions
Some people fear that after they’ve left the familiar confi nes of their Microsoft Windows system
for Linux, they’ll be stuck doing everything from a command line. To gain a wider audience,
commercial Linux distributions such as Red Hat Enterprise Linux and SUSE have their own sets
of graphical tools to provide an easy entry point for new Linux users. The following sections
describe the Fedora and Red Hat Enterprise Linux system-config and SUSE’s YaST graphical
administration tools.
Fedora/RHEL config tools
A set of graphical tools that comes with Fedora and Red Hat Enterprise Linux systems can be
launched from the Administration submenu of the System menu or from the command line.
Most of the Fedora and RHEL tools that launch from the command line begin with the system-
298
Chapter 10: Learning Basic Administration
config string (such as system-config-network). These administrative tasks require root permission; if you are logged in as a regular user, you must enter the root password before the GUI
application’s window opens. Once you have typed the password, look for a yellow badge icon in
the upper-right corner of the panel, indicating that you have root authorization. Click the badge
to open a pop-up window that enables you to remove authorization. Otherwise, authorization
goes away after a few minutes. While the badge is displayed, you can open any administrative
GUI application without having to enter the password again.
The following list describes many of the graphical tools you can use to administer a Fedora or
Red Hat Enterprise Linux system. Start these windows from the Administration submenu on
the System menu. The name of the package that must be installed to get the feature is shown in
parentheses:
Note
The availability of the selections described in the following list depends on which features you have installed. Add/Remove Software (PackageKit) —Launch the Add/Remove Software window for
finding, adding, and removing software associated with software repositories configured for your system.
Server Settings —Access the following server configuration windows from this
submenu:
Domain Name System (system-config-bind) —Create and configure zones if your
computer is acting as a DNS server.
HTTP (system-config-httpd) —Configure your computer as an Apache Web server.
NFS (system-config-nfs) —Set up directories from your system to be shared with
other computers on your network using the NFS service.
Samba NFS (system-config-samba) —Configure Windows (SMB) file sharing. (To
configure other Samba features, you can use the SWAT window.)
Services (system-config-services) —Display and change which services are running on your Fedora system at different run levels from the Service Configuration
window.
Authentication (authconfig-gtk) —Change how users are authenticated on your system. Usually, Shadow Passwords and MD5 Passwords are selected. However, if your
network supports LDAP, Kerberos, SMB, NIS, or Hesiod authentication, you can select
to use any of those authentication types.
Bootloader (system-config-boot) —If you have multiple operating systems on your
computer, or multiple Linux kernels available to boot in Linux, you can use the Boot
Configuration screen to choose which to boot by default. For example, you might have
Fedora Linux, SUSE, and Windows XP all on the same hard disk. You could choose
which would start automatically (after a set number of seconds), if one wasn’t selected
explicitly.
299
Part III: Learning System Administration Skills
Date & Time (system-config-date) —Set the date and time or choose to have an NTP
server keep system time in sync.
Display (system-config-display) —Change the settings for your X desktop, including
color depth and resolution for your display. You can also choose settings for your video
card and monitor.
Firewall and SELinux (system-config-firewall) —Configure your firewall to allow or
deny services to computers from the network.
Language (system-config-language) —Select the default language used for the system.
Logical Volume Management (system-config-lvm) —Manage your LVM partitions.
Network (system-config-network)— Manage your current network interfaces and add
interfaces.
Printing (system-config-printer) —Configure local and network printers.
Root Password (system-config-rootpassword) —Change the root password.
SELinux Management (system-config-selinux)—Set SELinux enforcing modes and
default policy.
SELinux Troubleshooter (setroubleshoot-server)—Monitor and diagnose SELinux
AVC denials.
Users & Groups (system-config-users) —Add, display, and change user and group
accounts for your Fedora system.
Other administrative utilities are available from the Applications menu on the top panel. Select
the System Tools submenu to see some of the following options:
Configuration Editor (gconf-editor) —Directly edit the GNOME configuration
database.
Disk Usage Analyzer (gnome-utils) —Display detailed information about your hard
disks and removable storage devices.
Kickstart (system-config-kickstart) —Create a kickstart configuration file that can be
used to install multiple Fedora systems without user interaction.
Other applications that you add to Fedora or RHEL may also include administrative utilities that
will appear in the System Tools submenu.
SUSE YaST tools
The YaST administrative interface is one of the strongest features of SUSE Linux. From a SUSE
desktop, open the YaST Control Center by selecting YaST from the Computer menu. Figure 10-2
shows an example of the YaST Control Center that appears.
300
Chapter 10: Learning Basic Administration
FIGURE 10-2
Use the YaST Control Center to administer SUSE systems.
YaST has some useful tools in its Hardware section that enable you to probe your computer
hardware. Selecting Hardware Information on my system, for example, enabled me to see that
the CD-ROM drive that YaST detected was available through device /dev/cdrom and that it
supported CD-R, CD-RW, and DVD media. I could also see detailed information about my CPU,
network card, PCI devices, sound card, and various storage media.
YaST also offers interfaces for configuring and starting network devices, as well as a variety of
services to run on those devices. In addition, you can use YaST to configure your computer as a
client for file sharing (Samba and NFS), mail transfer agent (sendmail), and a variety of network
services.
SUSE Linux Enterprise Server comes with a wider range of configuration tools that are specifically
geared toward server setup, including tools for configuring a mail server, VPN tunnels, and full
Samba 3. Although other distributions may include proprietary tools, YaST is in a class of its own.
301
Part III: Learning System Administration Skills
Using the root Login
Every Linux system starts out with at least one administrative user account (the root user) and
possibly one or more regular user accounts (given a name that you choose, or a name assigned by
your Linux distribution). In most cases, you log in as a regular user and become the root user to
do an administrative task.
The root user has complete control of the operation of your Linux system. That user can open any
file or run any program. The root user also installs software packages and adds accounts for other
people who use the system.
Tip
Think of the root user in Linux as similar to the Administrator user in Windows. When you first install most Linux systems, you add a password for the root user. You must
remember and protect this password—you will need it to log in as root or to obtain root permission while you are logged in as some other user. Other Linux systems (such as KNOPPIX) start
you without an available root password, so you may want to add one when you first start up by
typing the following from a Terminal window or other shell:
# passwd root
Changing password for user root.
New UNIX password: ********
Retype new UNIX password: ********
Note
Some bootable Linux distributions give you (as a regular user) the power to run commands as root. You simply have to ask for the privilege using the sudo command. For example, from a Terminal window, to open a
shell as root, type the following: $ sudo su #
You’ll find out more about the sudo command later in this chapter.
The home directory for the root user is typically /root. The home directory and other information associated with the root user account are located in the /etc/passwd file. Here’s what the
root entry looks like in the /etc/passwd file:
root:x:0:0:root:/root:/bin/bash
This shows that for the user named root the user ID is set to 0 (root user), the group ID is set to 0
(root group), the home directory is /root, and the shell for that user is /bin/bash. (We’re using
a shadow password file to store encrypted password data, so the password field here contains an
x.) You can change the home directory or the shell used by editing the values in this file. A better
way to change these values, however, is to use the usermod command (see the “Modifying Users
with usermod” section later in this chapter).
302
Chapter 10: Learning Basic Administration
Note
By default, the root account is disabled in Ubuntu. This means that even though the account exists, you cannot log in using it or use su to become the root user. This adds an additional level of security to Ubuntu, and
requires you to use sudo before each command you want to execute as the root user. Becoming root from the shell (su command)
Although you can become the superuser by logging in as root, sometimes that is not convenient.
For example, you may be logged in to a regular user account and just want to make a quick
administrative change to your system without having to log out and log back in. Or, you may
need to log in over the network to make a change to a Linux system but find that the system
doesn’t allow root users in from over the network (a common practice in the days before secure
shells were available).
The solution is to use the su command. From any Terminal window or shell, you can simply type
the following:
$ su
Password: ******
#
When you are prompted, type in the root user’s password. The prompt for the regular user ($)
changes to the superuser prompt (#). At this point, you have full permission to run any command and use any file on the system. However, one thing that the su command doesn’t do when
used this way is read in the root user’s environment. As a result, you may type a command that
you know is available and get the message Command Not Found. To fi x this problem, use the su
command with the dash (-) option instead, like this:
$ su Password: ******
#
You still need to type the password, but after that, everything that normally happens at login for
the root user happens after the su command is completed. Your current directory will be root’s
home directory (probably /root), and things such as the root user’s PATH variable will be used.
If you become the root user by just typing su, rather than su -, you won’t change directories or
the environment of the current login session.
You can also use the su command to become a user other than root. This is useful for troubleshooting a problem that is being experienced by a particular user, but not by others on the computer (such as an inability to print or send e-mail). For example, to have the permissions of a user
named jsmith, you’d type the following:
$ su - jsmith
303
Part III: Learning System Administration Skills
Even if you were root user before you typed this command, afterward you would have only the
permissions to open files and run programs that are available to jsmith. As root user, however,
after you type the su command to become another user, you don’t need a password to continue.
If you type that command as a regular user, you must type the new user’s password.
When you are finished using superuser permissions, return to the previous shell by exiting
the current shell. Do this by pressing Ctrl+D or by typing exit. If you are the administrator for
a computer that is accessible to multiple users, don’t leave a root shell open on someone else’s
screen—unless you want to let that person do anything he wants to the computer!
Allowing limited administrative access
As mentioned earlier, when you run GUI tools as a regular user (from Fedora, SUSE, or some
other Linux systems), you are prompted for the root password before you are able to access the
tool. By entering the root password, you are given root privilege for that task. In the case of
Fedora, after you enter the password a yellow badge icon appears in the top panel, indicating that
root authorization is still available for other GUI tools to run from that desktop session. A particular user can also be given administrative permissions for particular tasks without being given
the root password. For example, a system administrator can add a user to particular groups, such
as modem, disk, users, cdrom, ftp, mail, or www, and then open group permission to use those
services. Or, an administrator can add a user to the wheel group and add entries to the /etc/
sudoers file to allow that user to use the sudo command to run individual commands as root.
(See the description of sudo later in this chapter.)
Note
The wheel group does not exist in all distributions. In Ubuntu, for example, wheel is not created automatically. A feature available in some Linux distributions that adds an additional level of security is
Security Enhanced Linux (SELinux). With SELinux, instead of one all-powerful root user
account, multiple roles can be defined to protect selected files and services. In that way, for
example, if someone cracks your Web server, he does not automatically have access to your mail
server, user passwords, or other services running on the computer.
Exploring Administrative Commands,
Configuration Files, and Log Files
You can expect to find many commands, configuration files, and log files in the same places in
the file system, regardless of which Linux distribution you are using. The following sections give
you some pointers on where to look for these important elements.
304
Chapter 10: Learning Basic Administration
Coming from Windows
If GUI administrative tools for Linux have become so good, why do you need to know about administrative
files? For one thing, while GUI tools differ among Linux versions, many underlying configuration files are
the same. So, if you learn to work with them, you can work with almost any Linux system. Also, if a feature is
broken or if you need to do something that’s not supported by the GUI, when you ask for help, Linux experts
almost always tell you how to change the configuration file directly. Administrative commands
Only the root user is intended to use many administrative commands. When you log in as root
(or use su - from the shell to become root), your $PATH variable is set to include some directories that contain commands for the root user. These include the following:
/sbin—Contains commands for modifying your disk partitions (such as fdisk),
checking file systems (fsck), and changing system states (init).
/usr/sbin—Contains commands for managing user accounts (such as useradd) and
adding mount points for automounting file systems (automount). Commands that run
as daemon processes are also contained in this directory. (Look for commands that end
in d, such as sshd, pppd, and cupsd.)
Some administrative commands are contained in regular user directories (such as /bin and /
usr/bin). This is especially true of commands that have some options available to everyone. An
example is the /bin/mount command, which anyone can use to list mounted file systems, but
only root can use to mount file systems. (Some desktops, however, are configured to let regular
users use mount to mount CDs, DVDs, or other removable media by adding keywords to the /
etc/fstab file.)
Note
See the section “Mounting File Systems” later in this chapter for instructions on how to mount a file system. To find commands intended primarily for the system administrator, check out the section 8 manual pages (usually in /usr/share/man/man8). They contain descriptions and options for most
Linux administrative commands.
Some third-party applications add administrative commands to directories that are not in your
PATH. For example, an application may put commands in /usr/local/bin, /opt/bin, or /
usr/local/sbin. Some Linux distributions automatically add those directories to your PATH,
usually before your standard bin and sbin directories. In that way, commands installed to those
directories are not only accessible, but can also override commands of the same name in other
directories.
305
Part III: Learning System Administration Skills
Administrative configuration files
Configuration files are another mainstay of Linux administration. Almost everything you set up
for your particular computer—user accounts, network addresses, or GUI preferences—is stored
in plain-text files. This has some advantages and some disadvantages.
The advantage of plain-text files is that it’s easy to read and change them. Any text editor will
do. The downside, however, is that as you edit configuration files, no error checking is going on.
You have to run the program that reads these files (such as a network daemon or the X desktop)
to find out whether you set up the files correctly. There are no standards for the structure of configuration files, so you need to learn the format of each file individually. A comma or a quote in
the wrong place can sometimes cause a whole interface to fail.
Note
Some software packages offer a command to test the sanity of the configuration file tied to a package before
you start a service. For example, the testparm command is used with Samba to check the sanity of your
smb.conf file. Other times, the daemon process providing a service offers an option for checking your config file. For example, run httpd -t to check your Apache Web server configuration before starting your
Web server. Throughout this book you’ll find descriptions of the configuration files you need to set up the
different features that make up Linux systems. The two major locations of configuration files are
your home directory (where your personal configuration files are kept) and the /etc directory
(which holds systemwide configuration files).
Following are descriptions of directories (and subdirectories) that contain useful configuration
files. (Refer to Table 10-1 for some individual configuration files in /etc that are of particular
interest.) Viewing the contents of Linux configuration files can teach you a lot about administering Linux systems.
$HOME—All users store information in their home directories that directs how their
login accounts behave. Most configuration files in $HOME begin with a dot (.), so they
don’t appear in a user’s directory when you use a standard ls command (you need to
type ls -a to see them). Likewise, dot files and directories won’t show up in most
file manager windows by default. There are dot files that define how each user’s shell
behaves, the desktop look-and-feel, and options used with your text editor. There are
even files such as .ssh/* and .rhosts that configure network permissions for each
user. (To see the name of your home directory, type echo $HOME from a shell.)
306
/etc—This directory contains most of the basic Linux system-configuration files.
Table 10-1 shows some /etc configuration files of interest.
/etc/cron*—Directories in this set contain files that define how the crond utility
runs applications on a daily (cron.daily), hourly (cron.hourly), monthly (cron.
monthly), or weekly (cron.weekly) schedule.
/etc/cups—Contains files used to configure the CUPS printing service.
Chapter 10: Learning Basic Administration
/etc/default—Contains files that set default values for various utilities. For example,
the file for the useradd command defines the default group number, home directory,
password expiration date, shell, and skeleton directory (/etc/skel) that are used when
creating a new user account.
/etc/httpd—Contains a variety of files used to configure the behavior of your Apache
Web server (specifically, the httpd daemon process). (On some Linux systems, /etc/
apache or /etc/apache2 is used instead.)
/etc/init.d—Contains the permanent copies of System V–style run-level scripts.
These scripts are often linked from the /etc/rc?.d directories to have each service
associated with a script started or stopped for the particular run level. The ? is replaced
by the run-level number (0 through 6). (Slackware puts its run-level scripts in the
/etc/rc.d directory.)
/etc/mail—Contains files used to configure your sendmail mail service.
/etc/pcmcia—Contains configuration files that allow you to have a variety of
PCMCIA cards configured for your computer. (PCMCIA slots are those openings on
your laptop that enable you to have credit card–sized cards attached to your computer.
You can attach devices such as modems and external CD-ROMs.)
/etc/postfix—Contains configuration files for the postfi x mail transport agent.
/etc/ppp—Contains several configuration files used to set up Point-to-Point Protocol
(PPP) so that you can have your computer dial out to the Internet.
/etc/rc?.d—There is a separate rc?.d directory for each valid system state: rc0.d
(shutdown state), rc1.d (single-user state), rc2.d (multiuser state), rc3.d (multiuser
plus networking state), rc4.d (user-defined state), rc5.d (multiuser, networking, plus
GUI login state), and rc6.d (reboot state). Some Linux distros, such as Slackware, put
most of the start-up scripts directly in /etc/rc.d, without the run-level notation.
/etc/security—Contains files that set a variety of default security conditions for
your computer. These files are part of the pam (pluggable authentication modules)
package.
/etc/skel—Any files contained in this directory are automatically copied to a user’s
home directory when that user is added to the system. By default, most of these files are
dot (.) files, such as .kde (a directory for setting KDE desktop defaults) and .bashrc
(for setting default values used with the bash shell).
/etc/sysconfig—Contains important system configuration files that are created and
maintained by various services (including iptables, samba, and most networking services). These files are critical for Linux distributions that use GUI administration tools
but are not used on other Linux systems at all.
/etc/xinetd.d—Contains a set of files, each of which defines a network service that
the xinetd daemon listens for on a particular port. When the xinetd daemon process
receives a request for a service, it uses the information in these files to determine which
daemon processes to start to handle the request.
307
Part III: Learning System Administration Skills
TABLE 10-1
/etc Configuration Files of Interest
File
Description
aliases
Can contain distribution lists used by the Linux mail service. (This file may be
located in /etc/mail.)
bashrc
Sets system-wide defaults for bash shell users. (This may be called bash.bashrc
on some Linux distributions.)
crontab
Sets cron environment and times for running automated tasks.
csh.cshrc
(or cshrc)
Sets system-wide defaults for csh (C shell) users.
exports
Contains a list of local directories that are available to be shared by remote
computers using the Network File System (NFS).
fstab
Identifies the devices for common storage media (hard disk, floppy, CD-ROM, and
so on) and locations where they are mounted in the Linux system. This is used by the
mount command to choose which file systems to mount when the system first boots.
group
Identifies group names and group IDs (GIDs) that are defined on the system. Group
permissions in Linux are defined by the second of three sets of rwx (read, write,
execute) bits associated with each file and directory.
gshadow
Contains shadow passwords for groups.
host.conf
Sets the locations in which domain names (for example, redhat.com) are searched
for on TCP/IP networks (such as the Internet). By default, the local hosts file is
searched and then any name server entries in resolv.conf.
hosts
Contains IP addresses and host names that you can reach from your computer.
(Usually this file is used just to store names of computers on your LAN or small
private network.)
hosts.allow
Lists host computers that are allowed to use certain TCP/IP services from the local
computer.
hosts.deny
Lists host computers that are not allowed to use certain TCP/IP services from the local
computer (although this file will be used if you create it, it doesn’t exist by default).
inittab
Contains information that defines which programs start and stop when Linux
boots, shuts down, or goes into different states in between. This is the most basic
configuration file for starting Linux.
lilo.conf
Sets Linux boot loader (lilo) parameters to boot the computer. In particular, it lists
information about bootable partitions on your computer. (If your distribution uses
the GRUB boot loader, you may not see this file.)
modules.conf
Contains aliases and options related to loadable kernel modules used by your
computer.
308
Chapter 10: Learning Basic Administration
File
Description
mtab
Contains a list of file systems that are currently mounted.
mtools.conf
Contains settings used by DOS tools in Linux.
named.conf
Contains DNS settings if you are running your own DNS server.
ntp.conf
Includes information needed to run the Network Time Protocol (NTP).
passwd
Stores account information for all valid users for the system. Also includes other
information, such as the home directory and default shell. (Rarely includes the user
passwords themselves, which are typically stored in the /etc/shadow file.)
printcap
Contains definitions for the printers configured for your computer. (If the printcap
file doesn’t exist, look for printer information in the /etc/cups directory.)
profile
Sets system-wide environment and startup programs for all users. This file is read
when the user logs in.
protocols
Sets protocol numbers and names for a variety of Internet services.
resolv.conf
Identifies the locations of DNS name server computers that are used by TCP/IP to
translate Internet host.domain names into IP addresses. (When a Web browser or mail
client looks for an Internet site, it checks servers listed in this file to locate the site.)
rpc
Defines remote procedure call names and numbers.
services
Defines TCP/IP and UDP services and their port assignments.
shadow
Contains encrypted passwords for users who are defined in the passwd file. (This
is viewed as a more secure way to store passwords than the original encrypted
password in the passwd file. The passwd file needs to be publicly readable,
whereas the shadow file can be unreadable by all but the root user.)
shells
Lists the shell command-line interpreters (bash, sh, csh, and so on) that are
available on the system, as well as their locations.
sudoers
Sets commands that can be run by users, who may not otherwise have permission
to run the command, using the sudo command. In particular, this file is used to
provide selected users with root permission.
syslog.conf
Defines what logging messages are gathered by the syslogd daemon and what files
they are stored in. (Typically, log messages are stored in files contained in the
/var/log directory.)
termcap
Lists definitions for character terminals, so that character-based applications
know what features are supported by a given terminal. Graphical terminals and
applications have made this file obsolete to most people. (Termcap was the BSD
UNIX way of storing terminal information; UNIX System V used definitions in
/usr/share/terminfo files.)
xinetd.conf
Contains simple configuration information used by the xinetd daemon process. This
file mostly points to the /etc/xinetd.d directory for information about individual
services. (Some systems use the inetd.conf file and the inetd daemon instead.)
309
Part III: Learning System Administration Skills
Another directory, /etc/X11, includes subdirectories that each contain system-wide configuration files used by X and different X window managers available for Linux. The xorg.conf file
(which makes your computer and monitor usable with X) and configuration directories containing files used by xdm and xinit to start X are in here.
Directories relating to window managers contain files that include the default values that a user will
get if that user starts one of these window managers on your system. Window managers that may
have system-wide configuration files in these directories include Twm (twm/) and Xfce (xdg/).
Note
Some files and directories in /etc/X11 are linked to locations in the /usr/X11R6 directory. Administrative log files
One of the things that Linux does well is keep track of itself. This is a good thing, when you
consider how much is going on in a complex operating system. Sometimes you are trying to get a
new facility to work and it fails without giving you the foggiest reason why. Other times you want
to monitor your system to see whether people are trying to access your computer illegally. In any
of those cases, you can use log files to help track down the problem.
The main utilities for logging error and debugging messages for Linux are the syslogd and klogd
daemons. General system logging is done by syslogd. Logging that is specific to kernel activity is done by klogd. Logging is done according to information in the /etc/syslog.conf file.
Messages are typically directed to log files that are usually in the /var/log directory. Here are a
few common log files:
boot.log—Contains boot messages about services as they start up.
messages—Contains many general informational messages about the system.
secure—Contains security-related messages, such as login activity.
XFree86.0.log or Xorg.0.log—Depending on which X server you are using, contains messages about your video card, mouse, and monitor configuration.
If you are using a Fedora or Ubuntu systems, the System Log Viewer utility is a good way to step
through your system’s log files. From the Applications menu, select System ➪ Administration ➪
Log File Viewer. You not only can view boot, kernel, mail, security, and other system logs, but
you can also use the viewing pane to select log messages from a particular date.
Using sudo and Other Administrative Logins
You don’t hear much about other administrative logins (besides root) being used with Linux. It
was a fairly common practice in UNIX systems to have several different administrative logins that
allowed administrative tasks to be split among several users. For example, people sitting near a
310
Chapter 10: Learning Basic Administration
printer could have lp permissions to move print jobs to another printer if they knew a printer
wasn’t working.
In any case, administrative logins are available with Linux; however, logging in directly as those
users is disabled by default. The accounts are maintained primarily to provide ownership for files
and processes associated with particular services. Here are some examples:
lp —This user account owns such things as the /var/log/cups printing log file and
various printing cache and spool files. The home directory for lp is /var/spool/lpd.
uucp —User owns various uucp commands (once used as the primary method for dialup serial communications) as well as log files in /var/log/uucp, spool files in /var/
spool, administrative commands (such as uuchk, uucico, uuconv, and uuxqt) in /
usr/sbin, and user commands (uucp, cu, uuname, uustat, and uux) in /usr/bin.
The home directory for uucp is /var/spool/uucp.
bin—User owns many commands in /bin in traditional UNIX systems. This is not
the case in some Linux systems (such as Fedora and Gentoo) because root owns most
executable files. The home directory of bin is /bin.
news —User could do administration of Internet news services, depending on how you
set permission for /var/spool/news and other news-related resources. The home
directory for news is /etc/news.
By default, the administrative logins in the preceding list are disabled. You would need to change
the default shell from its current setting (usually /sbin/nologin or /bin/false) to a real shell
(typically /bin/bash) to be able to log in as these users.
One way to give full or limited root privileges to any nonroot user is to set up the sudo facility,
which simply entails adding the user to /etc/sudoers and defining what privilege you want
that user to have. Then the user can run any command he or she is privileged to use by preceding
that command with the sudo command.
Here’s an example of how to use the sudo facility to cause any users that are added to the wheel
group to have full root privileges.
1. As the root user, edit the /etc/sudoers file by running the visudo command:
# /usr/sbin/visudo
By default, the file opens in vi, unless your EDITOR variable happens to be set to some
other editor acceptable to visudo (for example, export EDITOR=gedit). The reason
for using visudo is that the command locks the /etc/sudoers file and does some
basic sanity checking of the file to ensure it has been edited correctly.
Note
If you are stuck here, refer to the vi tutorial in Chapter 9 for information on using the vi editor. 311
Part III: Learning System Administration Skills
2. Uncomment the following line to allow users in the wheel group to have full root privileges on the computer:
%wheel
ALL=(ALL)
ALL
Tip
If you look at the sudoers file in Ubuntu, you will see that this privilege exists, by default, for the admin
group members. This line causes users in the wheel group to provide a password (their own password,
not the root password) in order to use administrative commands. To allow users in the
wheel group to have that privilege without using a password, uncomment the following
line instead:
%wheel
ALL=(ALL)
NOPASSWD: ALL
3. Save the changes to the /etc/sudoers file (in vi, type Esc, and then ZZ).
4. Still as root user, open the /etc/group file using the vigr command and add to the
wheel line any users you want to have root privilege. For example, if you were to add
the users mary and jake to the wheel group, the line would appear as follows:
wheel:x:10:root,mary,jake
Now users mary and jake can run the sudo command to run commands, or parts of commands,
that are normally restricted to the root user. The following is an example of a session by the user
jake after he has been assigned sudo privileges:
[jake]$ sudo umount /mnt/win
We trust you have received the usual lecture
from the local System Administrator. It usually
boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password: *********
[jake]$ umount /mnt/win
mount: only root can mount /dev/sda1 on /mnt/win
[jake]$ sudo umount /mnt/win
[jake]$
In this session, the user jake runs the sudo command to unmount the /mnt/win file system
(using the umount command). He is given a warning and asked to provide his password (this is
jake’s password, not the root password).
312
Chapter 10: Learning Basic Administration
Even after jake has given the password, he must still use the sudo command to run subsequent
administrative commands as root (the umount fails, but the sudo umount succeeds). Notice
that he is not prompted for a password for the second sudo. That’s because after entering his
password successfully, he can enter as many sudo commands as he wants for the next 5 minutes
without having to enter it again. (You can change the timeout value from 5 minutes to however
long you want by setting the passwd_timeout value in the /etc/sudoers file.)
The preceding example grants a simple all-or-nothing administrative privilege to everyone you
put in the wheel group. However, the /etc/sudoers file gives you an incredible amount of
flexibility in permitting individual users and groups to use individual applications or groups of
applications. Refer to the sudoers and sudo man pages for information about how to tune your
sudo facility. Refer to the pam_wheel man page to see how the PAM facility affects members of
the wheel group.
Administering Your Linux System
Your system administrator duties don’t end after you have installed Linux. If multiple people are
using your Linux system, you, as administrator, must give each person his own login account.
You’ll use useradd and related commands to add, modify, and delete user accounts.
Configuring hardware is also on your duty list. When you add hardware to your Linux computer,
that hardware is often detected and configured automatically. In some cases, however, the hardware may not have been set up properly, and you will use commands such as lsmod, modprobe,
insmod, and rmmod to configure the right modules to get the hardware working.
Note
A device driver is the code permanently built into the kernel to allow application programs to talk to a particular piece of hardware. A module is like a driver, but it is loaded on demand. The “Configuring Hardware”
section later in this chapter includes information about using these commands to configure modules. Managing file systems and disk space is your responsibility, too. You must keep track of the disk
space being consumed, especially if your Linux system is shared by multiple users. At some
point, you may need to add a hard disk or track down what is eating up your disk space (you use
commands such as find to do this).
Your duties also include monitoring system performance. You may have a runaway process on
your system or you may just be experiencing slow performance. Tools that come with Linux can
help you determine how much of your CPU and memory are being consumed.
These tasks are explored in the rest of this chapter.
313
Part III: Learning System Administration Skills
Creating User Accounts
Every person who uses your Linux system should have a separate user account. Having a user
account provides each person with an area in which to securely store files, as well as a means of
tailoring his or her user interface (GUI, path, environment variables, and so on) to suit the way
that he or she uses the computer.
You can add user accounts to most Linux systems in several ways—Fedora and Red Hat
Enterprise Linux systems use the system-config-users utility, for example, and SUSE offers a user
setup module in YaST. This chapter describes how to add user accounts from the command line
with useradd because most Linux systems include that command. (In some cases a Linux system will have a similar command called adduser.)
Adding users with useradd
The most straightforward method for creating a new user from the shell is with the useradd
command. After opening a Terminal window with root permission, you simply invoke useradd
at the command prompt, with details of the new account as parameters.
The only required parameter is the login name of the user, but you probably want to include
some additional information ahead of it. Each item of account information is preceded by a single
letter option code with a dash in front of it. Table 10-2 lists the options available with useradd.
TABLE 10-2
useradd Command Options
Option
Description
-c comment
-c “comment
here”
Provide a description of the new user account. Often the person’s full name.
Replace comment with the name of the user account (-c jake). Use quotes to
enter multiple words (-c “jake jackson”).
-d home_dir
Set the home directory to use for the account. The default is to name it the
same as the login name and to place it in /home. Replace home_dir with the
directory name to use (for example, -d /mnt/homes/jake).
-D
Rather than create a new account, save the supplied information as the new
default settings for any new accounts that are created.
-e expire_date
Assign the expiration date for the account in MM/DD/YYYY format. Replace
expire_date with a date you want to use (-e 05/06/2010).
-f -1
Set the number of days after a password expires until the account is permanently
disabled. The default, -1, disables the option. Setting this to 0 disables the
account immediately after the password has expired. Replace -1 with the
number to use.
314
Chapter 10: Learning Basic Administration
Option
Description
-g group
Set the primary group (as listed in the /etc/group file) the new user will be in.
Replace group with the group name (-g wheel).
-G grouplist
Add the new user to the supplied comma-separated list of groups
(-G wheel,sales,tech,lunch).
-k skel_dir
Set the skeleton directory containing initial configuration files and login scripts
that should be copied to a new user’s home directory. This parameter can be
used only in conjunction with the -m option. Replace skel_dir with the
directory name to use. (Without this option, the /etc/skel directory is used.)
-m
Automatically create the user’s home directory and copy the files in the skeleton
directory (/etc/skel) to it.
-M
Do not create the new user’s home directory, even if the default behavior is set
to create it.
-n
Turn off the default behavior of creating a new group that matches the name and
user ID of the new user. This option is available with Red Hat Linux systems.
Other Linux systems often assign a new user to the group named users instead.
-o
Use with -u uid to create a user account that has the same UID as another
username. (This effectively lets you have two different usernames with authority
over the same set of files and directories.)
-p passwd
Enter a password for the account you are adding. This must be an encrypted
password. Instead of adding an encrypted password here, you can simply use the
passwd user command later to add a password for user.
-s shell
Specify the command shell to use for this account. Replace shell with the
command shell (-s bash).
-u user_id
Specify the user ID number for the account (-u 474). Without the -u option,
the default behavior is to automatically assign the next available number. Replace
user_id with the ID number (-u).
For example, let’s create an account for a new user named Mary Smith with a login name of mary.
First, log in as root, and then type the following command:
# useradd -c “Mary Smith” mary
Tip
When you choose a username, don’t begin with a number (for example, 26jsmith). Also, it’s best to use all
lowercase letters, no control characters or spaces, and a maximum of 8 characters. The useradd command
allows up to 32 characters, but some applications can’t deal with usernames that long. Tools such as ps display UIDs instead of names if names are too long. Having users named Jsmith and jsmith can cause confusion
with programs (such as sendmail) that don’t distinguish case. 315
Part III: Learning System Administration Skills
Next, set Mary’s initial password using the passwd command. You’re prompted to type the password twice:
# passwd mary
Changing password for user mary.
New password: *******
Retype new password: *******
Note
Asterisks in this example represent the password you type. Nothing is actually displayed when you type the
password. Also keep in mind that running passwd as root user lets you add short or blank passwords that
regular users cannot add themselves. In creating the account for Mary, the useradd command performs several actions:
Reads the /etc/login.defs file to get default values to use when creating accounts.
Checks command-line parameters to find out which default values to override.
Creates a new user entry in the /etc/passwd and /etc/shadow files based on the
default values and command-line parameters.
Creates any new group entries in the /etc/group file. (Fedora creates a group using
the new user’s name; Gentoo adds the user to the users group; and SUSE adds it to every
group you set for new users, such as dialout, audio, video, and other services.)
Creates a home directory, based on the user’s name, in the /home directory.
Copies any files located within the /etc/skel directory to the new home directory.
This usually includes login and application startup scripts.
The preceding example uses only a few of the available useradd options. Most account settings
are assigned using default values. You can set more values explicitly, if you want to; here’s an
example that uses a few more options to do so:
# useradd -g users -G wheel,apache -s /bin/tcsh -c “Mary Smith” mary
In this case, useradd is told to make users the primary group mary belongs to (-g), add her to
the wheel and apache groups, and assign tcsh as her primary command shell (-s). A home directory in /home under the user’s name (/home/mary) is created by default. This command line
results in a line similar to the following being added to the /etc/passwd file:
mary:x:502:100:Mary Smith:/home/mary:/bin/tcsh
Each line in the /etc/passwd file represents a single user account record. Each field is separated
from the next by a colon (:) character. The field’s position in the sequence determines what it is.
As you can see, the login name is first. Again, the password field contains an x because we are
using a shadow password file to store encrypted password data. The user ID selected by useradd
is 502. The primary group ID is 100, which corresponds to the users group in the /etc/group
file. The comment field was correctly set to Mary Smith, the home directory was automatically
316
Chapter 10: Learning Basic Administration
assigned as /home/mary, and the command shell was assigned as /bin/tcsh, exactly as specified with the useradd options.
By leaving out many of the options (as I did in the first useradd example), defaults are assigned
in most cases. For example, by not using -g users or -G wheel,apache, in Fedora a group
named mary would have been created and assigned to the new user. Other Linux systems assign
users as the group name by default. Likewise, excluding -s /bin/tcsh causes /bin/bash to
be assigned as the default shell.
The /etc/group file holds information about the different groups on your Linux system and the
users who belong to them. Groups are useful for enabling multiple users to share access to the
same files while denying access to others. Peek at the /etc/group file, and you find something
similar to this:
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root,joe,mary
apache:x:48:mary
.
.
.
nobody:x:99:
users:x:100:
chris:x:500
sheree:x:501
Each line in the group file contains the name of a group, the group ID number associated with
it, and a list of users in that group. By default, each user is added to his or her own group, beginning with GID 500. Note that mary was added to the wheel and apache groups instead of having
her own group.
It is actually rather significant that mary was added to the wheel group. By doing this, you grant
her the capability to use the sudo command to run commands as the root user (provided that
sudo is configured as described earlier in this chapter).
Setting user defaults
The useradd command determines the default values for new accounts by reading the /etc/
login.defs file. You can modify those defaults by either editing that fi le manually with a standard text editor or by running the useradd command with the -D option. Although login.
317
Part III: Learning System Administration Skills
defs is different on different Linux systems, here is an example containing many of the settings
you might find in a login.defs file:
PASS_MAX_DAYS
PASS_MIN_DAYS
PASS_MIN_LEN
PASS_WARN_AGE
UID_MIN
UID_MAX
GID_MIN
GID_MAX
99999
0
5
7
500
60000
500
60000
CREATE_HOME yes
All uncommented lines contain keyword/value pairs. For example, the keyword PASS_MIN_LEN
is followed by some white space and the value 5. This tells useradd that the user password must
be at least five characters. Other lines let you customize the valid range of automatically assigned
user ID numbers or group ID numbers. (Fedora starts at UID 500; other Linuxes start with UID
100.) A comment section that explains that keyword’s purpose precedes each keyword (which I
edited out here to save space). Altering a default value is as simple as editing the value associated
with a keyword and then saving the file.
If you want to view the defaults, type the useradd command with the -D option, as follows:
# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
You can also use the -D option to change defaults. When run with this flag, useradd refrains
from actually creating a new user account; instead, it saves any additionally supplied options as
the new default values in /etc/login.defs. Not all useradd options can be used in conjunction with the -D option. You can use only the five options listed in Table 10-3.
TABLE 10-3
useradd Options for Changing User Defaults
Options
Description
-b default_home
Set the default directory in which user home directories are
created. Replace default_home with the directory name to
use (-b /garage). Usually this is /home.
318
Chapter 10: Learning Basic Administration
Options
Description
-e default_expire_date
Set the default expiration date on which the user account is
disabled. The default_expire_date value should be replaced
with a date in the form MM/DD/YYYY (-e 10/15/2009).
-f default_inactive
Set the number of days after a password has expired before the
account is disabled. Replace default_inactive with a number
representing the number of days (-f 7).
-g default_group
Set the default group that new users will be placed in. Normally
useradd creates a new group with the same name and ID number
as the user. Replace default_group with the group name to use
(-g bears).
-s default_shell
Set the default shell for new users. Normally this is /bin/bash.
Replace default_shell with the full path to the shell that you
want as the default for new users (-s /bin/ash).
To set any of the defaults, give the -D option first, and then add the defaults you want to set. For
example, to set the default home directory location to /home/everyone and the default shell to
/bin/tcsh, type the following:
# useradd -D -b /home/everyone -s /bin/tcsh
Besides setting up user defaults, an administrator can create default files that are copied to each
user’s home directory for use. These files can include login scripts and shell configuration files
(such as .bashrc).
Other commands that are useful for working with user accounts include usermod (to modify settings for an existing account) and userdel (to delete an existing user account).
Modifying users with usermod
The usermod command provides a simple and straightforward method for changing account
parameters. Many of the options available with it mirror those found in useradd. Table 10-4 lists
the options that can be used with this command.
319
Part III: Learning System Administration Skills
TABLE 10-4
usermod Options
Option
Description
-c username
Change the description associated with the user account. Replace username
with the name of the user account (-c jake). Use quotes to enter multiple
words (-c “jake jackson”).
-d home_dir
Change the home directory to use for the account. The default is to name it
the same as the login name and to place it in /home. Replace home_dir
with the directory name to use (for example, -d /mnt/homes/jake).
-e expire_date
Assign a new expiration date for the account in MM/DD/YYYY format.
Replace expire_date with a date you want to use (-e 05/06/2010).
-f -1
Change the number of days after a password expires until the account is
permanently disabled. The default, -1, disables the option. Setting this to 0
disables the account immediately after the password has expired. Replace -1
with the number to use.
-g group
Change the primary group (as listed in the /etc/group file) the user will be
in. Replace group with the group name (-g wheel).
-G grouplist
Add the user to the supplied comma-separated list of groups
(-G wheel,sales,tech,lunch).
-l login_name
Change the login name of the account.
-m
Available only when –d is used, this causes the contents of the user’s home
directory to be copied to the new directory.
-o
Use only with -u uid to remove the restriction that UIDs must be unique.
-s shell
Specify a different command shell to use for this account. Replace shell
with the command shell (-s bash).
-u user_id
Change the user ID number for the account. Replace user_id with the ID
number (-u 474).
As an example, to change the shell to the csh shell for the user named chris, type the following as
root user from a shell:
# usermod -s /bin/csh chris
Deleting users with userdel
Just as usermod is used to modify user settings and useradd is used to create users, userdel is
used to remove users. The following command will remove the user chris:
# userdel chris
320
Chapter 10: Learning Basic Administration
The only option available with this utility is –r, which is used to remove not only the user, but
also their home directory:
# userdel –r chris
Configuring Hardware
In a perfect world, after installing and booting Linux, all of your hardware is detected and available for access. Although many Linux systems are rapidly moving closer to that world, there are
times when you must take special steps to get your computer hardware working. Also, the growing use of removable USB and FireWire devices (CDs, DVDs, flash drives, digital cameras, and
removable hard drives) has made it important for Linux to
Efficiently manage hardware that comes and goes
Look at the same piece of hardware in different ways (for example, be able to see a
printer as a fax machine, scanner, and storage device, as well as a printer)
If you are using a Linux system that includes the 2.6 kernel (as the latest versions of most major
Linux systems do), new kernel features have made it possible to change drastically the way hardware devices are detected and managed. Features in, or closely related to, the kernel include Udev
(to dynamically name and create devices as hardware comes and goes) and Hotplug and HAL (to
pass information about hardware changes to user space).
If all this sounds a bit confusing, don’t worry. It’s actually designed to make your life as a Linux
user much easier. The end result of features built on the 2.6 kernel is that device handling in
Linux has become
More automatic —For most common hardware, when a hardware device is connected
or disconnected, it is automatically detected and identified. Interfaces to access the
hardware are added, so it is accessible to Linux. Then the fact that the hardware is present (or removed) is passed to the user level, where applications listening for hardware
changes are ready to mount the hardware and/or launch an application (such as an
image viewer or music player).
More flexible —If you don’t like what happens automatically when a hardware item is
connected or disconnected, you can change it. For example, features built into GNOME
and KDE desktops let you choose what happens when a music CD or movie DVD is
inserted, or when a digital camera is connected. If you prefer a different program be
launched to handle it, you can easily make that change.
This section covers several issues relating to getting your hardware working properly in Linux.
First, it describes how to configure Linux to deal with removable media. Then it tells how to use
tools for manually loading and working with drivers for hardware that is not detected and loaded
properly.
321
Part III: Learning System Administration Skills
Managing removable hardware
Linux systems such as SUSE, RHEL, Fedora, and others that support full KDE and GNOME desktop environments include simple graphical tools for configuring what happens when you attach
popular removable devices to the computer. So, with a KDE or GNOME desktop running, you
simply plug in a USB device or insert a CD or DVD and a window may pop up to deal with that
device.
Although different desktop environments share many of the same underlying mechanisms (in
particular, Udev) to detect and name removable hardware, they offer different tools for configuring how they are mounted or used. Udev (using the udevd daemon) creates and removes
devices (/dev directory) as hardware is added and removed from the computer. The Hardware
Abstraction layer (HAL) provides the overall platform for discovering and configuring hardware.
Settings that are of interest to someone using a desktop Linux system, however, can be configured with easy-to-use desktop tools.
The following sections describe how removable hardware and media are configured, using a
GNOME desktop in Fedora and a KDE desktop in SUSE.
Removable media on a GNOME desktop
The Nautilus file manager used with the GNOME desktop lets you define what happens when
you attach removable devices or insert removable media into the computer from the File
Management Preferences window. The descriptions in this section are based on GNOME 2.24.
From a Nautilus file manager window, select Edit ➪ Preferences, and then select the Media tab to
see how your system is configured to handle removable media. Figure 10-3 shows an example of
that window.
The following settings are available from the Media tab on the File Management Preferences
window. These settings relate to how removable media are handled when they are inserted
or plugged in. In most cases, you are prompted how to handle a medium that is inserted or
connected.
322
CD Audio —When an audio CD is inserted, you can choose to be prompted for what
to do (default), do nothing, open the contents in a folder window, or select from various audio CD players to be launched to play the content. Rhythmbox music player and
Sound Juicer CD ripper are among the choices you have for handling an inserted audio
CD.
DVD Video —When a commercial video DVD is inserted, you are prompted for what
to do with that DVD. You can change that default to launch Movie Player (Totem) or
another media player you have installed (such as MPlayer).
Music Player —When inserted media contains audio files, you are asked what to do.
You can select to have Rhythmbox or some other music player begin playing the fi les by
selecting that player from this box.
Chapter 10: Learning Basic Administration
FIGURE 10-3
Change removable media settings in Nautilus.
Photos —When inserted media (such as a memory card from a digital camera) contains
digital images, you are asked what to do with those images. You can select to do nothing. Or you can select to have the images opened in gThumb image viewer or F-Spot
photo manager.
Software —When inserted media contains an autorun application, an autorun prompt
will open. To change that behavior (to do nothing or open the media contents in a
folder), you can select that from this box.
Other Media Type —Select the Type box under the Other Media heading to select how
less commonly used media are handled. For example, you can select what actions are
taken to handle blank Blu-Ray discs, CDs, or DVDs. You can select what applications to
launch for Blu-Ray video, DVD audio, HD DVD videos, picture CDs, super video CDs,
and video CDs.
Note that the settings described here are only in effect for the user who is currently logged in.
If multiple users have login accounts, each can have his or her own way of handling removable
media.
323
Part III: Learning System Administration Skills
Note
The Totem movie player will not play movie DVDs unless you add extra software to decrypt the DVD. There
are legal issues and other movie player options you should look into if you want to play commercial DVD
movies from Linux. See Chapter 4 for more information about video players in Linux. If you have an earlier version of GNOME, you may see a Portable Music Players entry. A music
player is started in Linux to play files from your portable iPod or other music player, if that is
selected and you enter a player to use. The banshee project (http://banshee-project.org)
includes software for playing music from iPods in Linux. (From Fedora, type yum install banshee to install the software from the Fedora repository. Then add ipod %d to this field to use the
player.) Other players with iPod support include gPodder (http://gpodder.berlios.de/)
and gtkpod (http://www.gtkpod.org/).
Removable media on a SUSE KDE desktop
When you insert a removable medium (CD or DVD) or plug in a removable device (digital camera
or USB flash drive) from a KDE desktop in SUSE, a window opens to let you choose the type of
action to take on it. If you want to add a different action, or change an existing action, click the
Configure button.
Figure 10-4 shows an example of the window that appears when a 32MB USB fl ash drive is
inserted, as well as the KDE Control Module that appears when Configure is selected.
FIGURE 10-4
Use the KDE Control Module to set how to respond to inserted media.
324
Chapter 10: Learning Basic Administration
From the KDE Control Module, select the media type you want to change (in this case, Mounted
Removable Medium). Click Add, and then select the type of action you would like to add as an
option when that type of media is detected.
Working with loadable modules
If you have added hardware to your computer that isn’t properly detected, you might need to
manually load a module for that hardware. Linux comes with a set of commands for loading,
unloading, and getting information about hardware modules.
If you have installed the Linux kernel source code, source code files for available drivers are
stored in subdirectories of the /usr/src/linux*/drivers directory. You can find information
about these drivers in a couple of ways:
make xconfig—With /usr/src/linux* as your current directory (and Linux kernel
source code installed), type make xconfig from a Terminal window on the desktop.
Select the category of module you want and then click Help next to the driver that interests you. The help information that appears includes a description of the driver. (If your
system is missing graphical libraries needed to run make xconfig, try make menuconfig instead.)
Documentation—The /usr/src/linux*/Documentation directory contains lots of
plain-text files describing different aspects of the kernel and related drivers.
After modules have been built, they are installed in the /lib/modules/ subdirectories. The
name of the directory is based on the release number of the kernel that the modules were compiled for. Modules that are in that directory can then be loaded and unloaded as they are needed.
Before building modules for a new kernel, or more important, a current kernel, it may be wise
to add your initials to the kernel Makefile under the variable EXTRAVERSION at the top of the
Makefile. This installs your new modules under /lib/modules/kernel-version with the
EXTRAVERSION suffi xed to the directory. If you completely wreck the module build, you haven’t
overwritten the current modules you may be running. It also makes it easier to identify custom
kernel modules when debugging. To see your current kernel version, type
$ uname -r
Listing loaded modules
To see which modules are currently loaded into the running kernel on your computer, use the
lsmod command. Here’s an example:
# lsmod
Module
Size Used by
snd_seq_oss
38912 0
snd_seq_midi_event
9344 1 snd_seq_oss
snd_seq
67728 4
snd_seq_oss,snd_seq_midi_event
325
Part III: Learning System Administration Skills
snd_seq_device
.
.
.
autofs
ne2k_pci
8390
ohci1394
ieee1394
floppy
sg
scsi_mod
parport_pc
parport
ext3
jbd
8328
16512
9056
13568
41860
284464
65712
36120
124600
39724
47336
128424
86040
2 snd_seq_oss,snd_seq
0
0
1
0
1
0
0
1
0
1
2
1
ne2k_pci
ohci1394
sg
parport_pc
ext3
Note
If you don’t have a Linux system installed yet, try booting KNOPPIX and using lsmod to list your loaded modules. If all your hardware is working properly, write down the list of modules. Later, when you permanently
install Fedora or some other Linux system, if your CD drive, modem, video card, or other hardware doesn’t
work properly, you can use your list of modules to determine which module should have been used and load
it, as described in the next section. This output shows a variety of modules that have been loaded on a Linux system, including several to support the ALSA sound system, some of which provide OSS compatibility
(snd_seq_oss).
To find information about any of the loaded modules, use the modinfo command. For example,
you could type the following:
# /sbin/modinfo -d snd-seq-oss
“OSS-compatible sequencer module”
Not all modules have descriptions available and if nothing is available, no data will be returned.
In this case, however, the snd-seq-oss module is described as an OSS-compatible sequencer
module. You can also use the -a option to see the author of the module, or -n to see the object
file representing the module. The author information often has the e-mail address of the driver’s
creator, so you can contact the author if you have problems or questions about it.
Loading modules
You can load any module that has been compiled and installed (to a /lib/modules subdirectory) into your running kernel using the modprobe command. A common reason for loading a
module is to use a feature temporarily (such as loading a module to support a special fi le system
on a floppy you want to access). Another reason is to identify a module that will be used by a particular piece of hardware that could not be autodetected.
326
Chapter 10: Learning Basic Administration
Here is an example of the modprobe command being used to load the parport module, which
provides the core functions to share parallel ports with multiple devices:
# modprobe parport
After parport is loaded, you can load the parport_pc module to define the PC-style ports available through the interface. The parport_pc module lets you optionally defi ne the addresses and
IRQ numbers associated with each device sharing the parallel port. For example:
# modprobe parport_pc io=0x3bc irq=auto
In this example, a device is identified as having an address of 0x3bc, and the IRQ for the device
is autodetected.
The modprobe command loads modules temporarily—they disappear at the next reboot. To permanently add the module to your system, add the modprobe command line to one of the startup
scripts run at boot time. You can also add modules to the /etc/modules file to have them
loaded at startup.
Note
An alternative to modprobe is the insmod command. The advantage of using modprobe, however, is that
insmod loads only the module you request, whereas modprobe tries to load other modules that the one you
requested is dependent on. Removing modules
Use the rmmod command to remove a module from a running kernel. For example, to remove the
module parport_pc from the current kernel, type the following:
# rmmod parport_pc
If it is not currently busy, the parport_pc module is removed from the running kernel. If it is
busy, try killing any process that might be using the device. Then run rmmod again. Sometimes,
the module you are trying to remove depends on other modules that may be loaded. For instance,
the usbcore module cannot be unloaded while the USB printer module (usblp) is loaded, as
shown here:
# rmmod usbcore
ERROR: Module usbcore is in use by wacom,usblp,ehci_hcd,ohci_hcd
Managing File Systems and Disk Space
File systems in Linux are organized in a hierarchy, beginning from root (/) and continuing
downward in a structure of directories and subdirectories. As an administrator of a Linux system,
it’s your duty to make sure that all the disk drives that represent your file system are available to
327
Part III: Learning System Administration Skills
the users of the computer. It is also your job to make sure there is enough disk space in the right
places in the file system for users to store what they need.
Coming from Windows
File systems are organized differently in Linux than they are in Microsoft Windows operating systems. Instead
of drive letters (for example, A:, B:, C:) for each local disk, network file system, CD-ROM, or other type of
storage medium, everything fits neatly into the directory structure.
Some drives are connected (mounted) automatically into the file system. For example, a CD might be
mounted on /media/cdrom. If the drive isn’t mounted automatically, it is up to an administrator to create a
mount point in the file system and then connect the disk to that point. The organization of your file system begins when you install Linux. Part of the installation process is to divide your hard disk (or disks) into partitions. Those partitions can then be assigned to
A part of the Linux file system
Swap space for Linux
Other file system types (perhaps containing other bootable operating systems)
Free space (you can leave space unassigned so you can format it later as you need it)
This chapter focuses on partitions that are used for the Linux file system. To see what partitions
are currently set up on partitions that the Linux kernel has detected, use the fdisk command:
# /sbin/fdisk –l
Disk /dev/sda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4825 cylinders
Units = cylinders of 16065 * 512 bytes = 8225280 bytes
Device Boot
/dev/sda1
*
/dev/sda2
/dev/sda3
/dev/sda4
/dev/sda5
Start
1
84
90
523
523
End
13
89
522
554
554
Blocks
104
48195
3478072+
257040
257008+
Id
b
83
83
5
82
System
Win95 FAT32
Linux
Linux
Extended
Linux swap
This output shows the disk partitioning for a computer capable of running both Linux and
Microsoft Windows. You can see that the Linux partition on /dev/sda3 has most of the space
available for data. There is a Windows partition (/dev/sda1) and a Linux swap partition (/dev/
sda5). There is also a small /boot partition (46MB) on /dev/sda2. In this case, the root partition for Linux has 3.3GB of disk space and resides on /dev/sda3. The fdisk –l command uses
partition information found in /proc/partitions unless explicitly given on the command line.
Next use the mount command (with no options) to see what partitions are actually being used
for your Linux system (which available disk partitions are actually mounted and where they are
mounted):
328
Chapter 10: Learning Basic Administration
# mount
/dev/sda3 on / type ext3 (rw)
/dev/sda2 on /boot type ext3 (rw)
/dev/sda1 on /mnt/win type vfat (rw)
/dev/proc on /proc type proc (rw)
/dev/sys on /sys type sysfs (rw)
/dev/devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/cdrom on /media/cdrecorder type iso9660 (ro,nosuid,nodev)
Although some of the file systems shown as mounted are for special purposes (/sys, /proc, and
others), our concern here is with disk partition (/dev/hd*, /dev/sd*, and so on). The mounted
Linux partitions in this case are /dev/sda2, which provides space for the /boot directory (contains data for booting Linux), and /dev/sda3, which provides space for the rest of the Linux file
system beginning from the root directory (/).
This particular system also contains a Windows partition that was mounted in the /mnt/win
directory and a CD that was mounted in /media/cdrecorder. (With most GUI interfaces, the
CD is typically mounted automatically when you insert it. For 2.6 kernels, look in the /media
directory; for 2.4 kernels the /mnt directory is often used.)
After the word type, you can see the type of file system contained on the device. (See the
description of different file system types in Table 10-5 in the following section.) Particularly on
larger Linux systems, you may have multiple partitions for several reasons:
Multiple hard disks —You may have several hard disks available to your users. In that
case you would have to mount each disk (and possibly several partitions from each
disk) in different locations in your file system.
Protecting different parts of the file system—If the users on a system consume all the
file system space, the entire system can fail. For example, there may be no place for temporary files to be copied (so the programs writing to temporary files fail), and incoming
mail may fail to be written to mail boxes. With multiple mounted partitions, if one partition runs out of space, the others can continue to work.
Multiple operating systems —You can configure your disk to contain multiple partitions that can each be used to hold a different operating system type. For example, if
you started with a computer that had Windows on the hard disk, you could put Linux
on a separate partition, and then set up the computer to boot either operating system.
Backups —Some fast ways exist to back up data from your computer that involve copying the entire image of a disk or partition. If you want to restore that partition later,
you can simply copy it back (bit by bit) to a hard disk. With smaller partitions, this
approach can be done fairly efficiently.
Protecting from disk failure —If one disk (or part of one disk) fails, having multiple
partitions mounted on your file system may let you continue working and just fi x the
329
Part III: Learning System Administration Skills
one disk that fails. Ghost for Linux (http://freshmeat.net/projects/g4l) is an
example of a tool for backing up a hard disk partition in Linux.
When a disk partition is mounted on the Linux file system, all directories and subdirectories
below that mount point are stored on that partition. So, for example, if you were to mount one
partition on / and one on /usr, everything below the /usr mount point would be stored on the
second partition while everything else would be stored on the first partition. If you then mounted
another partition on /usr/local, everything below that mount point would be on the third
partition, while everything else below /usr would be on the second partition.
Tip
What happens if a remote file system is unmounted from your computer, and you go to save a file in that
mount point directory? You will write the file to that directory and it will be stored on your local hard disk.
When the remote file system is remounted, however, the file you saved will seem to disappear. To get the file
back, you’ll have to unmount the remote file system (causing the file to reappear), move the file to another
location, remount the file system, and copy the file back there. Mount points often mentioned as being candidates for separate partitions include /, /boot,
/home, /usr, and /var. The root file system (/) is the catchall for directories that aren’t in other
mount points. The root file system’s mount point (/) is the only one that is required. The /boot
directory holds the images needed to boot the operating system. The /home file system is where
all the user accounts are typically stored. Applications and documentation are stored in /usr.
Below the /var mount point is where log files, temporary files, server files (Web, FTP, and so
on), and lock files are stored (that is, items that need disk space for your computer’s applications
to keep running).
The fact that multiple partitions are mounted on your file system is invisible to people using your
Linux system. It is an issue only when a partition runs out of space or if users need to save or
use information from a particular device (such as a floppy disk or remote file system) that isn’t
mounted. Of course, any user can check this by typing the mount command.
Mounting file systems
Most of your hard disk partitions are mounted automatically for you. When you install Fedora,
Ubuntu, SUSE, and some other Linux systems, you are asked to create partitions and indicate the
mount points for those partitions. (Other Linux installation procedures will expect you to know
that you have to partition before beginning.) When you boot Linux, all Linux partitions residing
on hard disk that are listed in your /etc/fstab file are typically mounted. For that reason, this
section focuses mostly on how to mount other types of devices so that they become part of your
Linux file system.
The mount command is used not only to mount devices but also to mount other kinds of file
systems on your Linux system. This means that you can store files from other operating systems
or use file systems that are appropriate for certain kinds of activities (such as writing large block
330
Chapter 10: Learning Basic Administration
sizes). The most common use of this feature for the average Linux user, however, is to enable that
user to obtain and work with files from floppy disks, CD-ROMs, or other removable media.
Note
With the addition of automatic mounting features and changes in how removable media are identified with
the Linux 2.6 kernel (see descriptions of Udev and HAL earlier in this chapter), you no longer need to manually mount removable media for many Linux desktop systems. Understanding how to manually mount and
unmount file systems on a Linux server, however, can be a very useful skill. Supported file systems
To see file system types that are currently available to be used on your system, type cat /proc/
filesystems. Table 10-5 shows the file system types that are supported in Linux, although they
may not be in use at the moment or they may not be built into your current kernel (so they may
need to be loaded as modules).
TABLE 10-5
Supported File System Types
Type
Description
adfs
Acorn disk file system, which is the standard file system used on RiscOS operating
systems.
befs
File system used by the BeOS operating system.
cifs
Common Internet File System (CIFS), the virtual file system used to access servers that
comply with the SNIA CIFS specification. CIFS is an attempt to refine and standardize the
SMB protocol used by Samba and Windows file sharing.
ext4
Successor to the popular ext3 file system. It includes many improvements over ext3,
such as support for volumes up to 1 exbibyte and file sizes up to 16 tebibytes. (This has
replaced ext3 as the default file system used in Fedora.)
ext3
Ext file systems are the most common in most Linux systems. The ext3 file system, also
called the Third Extended file system, includes journaling features that, compared to ext2,
improve a file system’s capability to recover from crashes.
ext2
The default file system type for earlier Linux systems. Features are the same as ext3,
except that ext2 doesn’t include journaling features.
ext
This is the first version of ext3. It is not used very often anymore.
iso9660
Evolved from the High Sierra file system (the original standard for CD-ROMs). Extensions
to the High Sierra standard (called Rock Ridge extensions) allow iso9660 file systems to
support long filenames and UNIX-style information (such as file permissions, ownership,
and links). Data CD-ROMs typically use this file system type.
continued
331
Part III: Learning System Administration Skills
TABLE 10-5
(continued)
Type
Description
kafs
AFS client file system. Used in distributed computing environments to share files with
Linux, Windows, and Macintosh clients.
minix
Minix file system type, used originally with the Minix version of UNIX. It supports
filenames of up to only 30 characters.
msdos
An MS-DOS file system. You can use this type to mount floppy disks that come from
Microsoft operating systems.
vfat
Microsoft extended FAT (VFAT) file system.
umsdos
An MS-DOS file system with extensions to allow features that are similar to UNIX
(including long filenames).
proc
Not a real file system, but rather a file system interface to the Linux kernel. You probably
won’t do anything special to set up a proc file system. However, the /proc mount point
should be a proc file system. Many utilities rely on /proc to gain access to Linux kernel
information.
reiserfs
ReiserFS journaled file system. ReiserFS was once a common default file system type for
several Linux distributions. However, ext3 is now by far the most common file system
type used with Linux today.
swap
Used for swap partitions. Swap areas are used to hold data temporarily when RAM is
currently used up. Data is swapped to the swap area and then returned to RAM when it
is needed again.
squashfs
Compressed, read-only file system type. Squashfs is popular on live CDs, where there is
limited space and a read-only medium (such as a CD or DVD).
nfs
Network File System (NFS) type of file system. NFS is used to mount file systems on other
Linux or UNIX computers.
hpfs
File system is used to do read-only mounts of an OS/2 HPFS file system.
ncpfs
This relates to Novell NetWare file systems. NetWare file systems can be mounted over a
network.
ntfs
Windows NT file system. Depending upon the distribution you have, it may be supported
as a read-only file system (so that you can mount and copy files from it).
affs
File system is used with Amiga computers.
ufs
File system popular on Sun Microsystems operating systems (that is, Solaris and SunOS).
If you want to use a file system type that is not currently shown as available on your system
(when you type cat /proc/filesystems), try using modprobe to load the module for that file
systems. For example, modprobe ufs adds the UFS file system type to the running kernel. Type
man fs to see descriptions of Linux file systems.
332
Chapter 10: Learning Basic Administration
Using the fstab file to define mountable file systems
The hard disk partitions on your local computer and the remote file systems you use every day
are probably set up to automatically mount when you boot Linux. The /etc/fstab file contains
definitions for each partition, along with options describing how the partition is mounted. Here’s
an example of an /etc/fstab file:
LABEL=/
LABEL=/boot
/dev/devpts
/dev/shm
/dev/proc
/dev/sys
/dev/sda5
/dev/cdrom
/dev/sda1
/dev/fd0
/
/boot
/dev/pts
/dev/shm
/proc
/sys
swap
/media/cdrecorder
/mnt/win
/mnt/floppy
ext3
ext3
devpts
tmpfs
proc
sysfs
swap
udf,iso9660
vfat
auto
defaults
defaults
gid=5,mode=620
defaults
defaults
defaults
defaults
exec,noauto,managed
noauto
noauto,owner
1
1
0
0
0
0
0
0
0
0
1
2
0
0
0
0
0
0
0
0
All partitions listed in this file are mounted at boot time, except for those set to noauto in the
fourth field. In this example, the root (/) and boot (/boot) hard disk partitions are mounted at
boot time, along with the /dev/pts, /dev/shm, /dev/sys, /dev/shm, and /proc file systems
(which are not associated with particular storage devices). The CD drive (/dev/cdrom) and
floppy disk (/dev/fd0) drives are not mounted at boot time. Definitions are put in the fstab
file for floppy and CD drives so that they can be mounted in the future (as described later).
I also added one line for /dev/sda1, which enables me to mount the Windows (vfat) partition on
my computer so I don’t have to always boot Windows to get at the files on my Windows partition.
Coming from Windows
Most Windows systems today use the NTFS file system. Support for this system, however, is not delivered with
every Linux system. NTFS support was added to the Fedora repository in Fedora 7 with the ntfs-3g package.
Other NTFS support is available from the Linux-NTFS project (www.linux-ntfs.org/).
If your computer is configured to dual boot Linux and Windows, you can mount your Windows file system to
make it available in Linux. To access your Windows partition, you must first create the mount point (in this
example, by typing mkdir /mnt/win). Then you can mount it when you choose by typing (as root) mount /
mnt/win. Different Linux distributions will set up their fstab file differently. Some don’t use labels and
many others don’t use a separate /boot partition by default. They will just have a swap partition
and have all user data under the root partition (/).
Here is what’s in each field of the fstab file:
Field 1—The name of the device representing the fi le system. This field can include the
LABEL option, with which you can indicate a universally unique identifier (UUID) or
volume label instead of a device name. The advantage to this approach is that because
333
Part III: Learning System Administration Skills
the partition is identified by volume name, you can move a volume to a different device
name and not have to change the fstab file.
Field 2 —The mount point in the file system. The file system contains all data from the
mount point down the directory tree structure unless another file system is mounted at
some point beneath it.
Field 3 —The file system type. Valid file system types are described in the “Supported
File Systems” section earlier in this chapter.
Field 4 —Options to the mount command. In the preceding example, the noauto
option prevents the indicated file system from being mounted at boot time, and ro says
to mount the file system read-only (which is reasonable for a CD drive). Commas must
separate options. See the mount command manual page (under the -o option) for information on other supported options.
Tip
Normally, only the root user is allowed to mount a file system using the mount command. However, to allow
any user to mount a file system (such as a file system on a floppy disk), you could add the user option to
Field 4 of /etc/fstab. In openSUSE, read/write permissions are given to specific devices (such as disk or
audio devices) by specific groups (such as the disk or audio group) so that users assigned to those groups can
mount or otherwise access those devices. In the YaST Control Center, choose the Security and Users ➪ User
Management ➪ Expert Options ➪ Defaults for New Users. The Secondary Groups box indicates which of
these additional groups each user is assigned to. Field 5 —The number in this field indicates whether the indicated file system needs to
be dumped (that is, have its data backed up). A 1 means that the file system needs to
be dumped, and a 0 means that it doesn’t. (I don’t think this field is useful anymore
because many Linux systems no longer include the dump command. Most often, a 0 is
used.)
Field 6 —The number in this field indicates whether the indicated file system needs to
be checked with fsck: 1 means it needs to be checked first, 2 means to check after all
those indicated by 1 have already been checked and 0 means don’t check it.
If you want to add an additional local disk or partition, you can create an entry for it in the /
etc/fstab file. See Chapter 16 for information on mounting Samba, NFS, and other remount
file systems from /etc/fstab.
Using the mount command to mount file systems
Linux systems automatically run mount -a (mount all file systems) each time you boot. For that
reason, you generally use the mount command only for special situations. In particular, the average user or administrator uses mount in two ways:
334
To display the disks, partitions, and remote file systems currently mounted
To temporarily mount a file system
Chapter 10: Learning Basic Administration
Any user can type mount (with no options) to see what file systems are currently mounted on the
local Linux system. The following is an example of the mount command. It shows a single hard
disk partition (/dev/sda1) containing the root (/) file system, and proc and devpts file system
types mounted on /proc and /dev, respectively. The last entry shows a floppy disk, formatted
with a standard Linux file system (ext3) mounted on the /mnt/floppy directory.
$ mount
/dev/sda3 on / type ext3 (rw)
/dev/sda2 on /boot type ext3 (rw)
/dev/sda1 on /mnt/win type vfat (rw)
/dev/proc on /proc type proc (rw)
/dev/sys on /sys type sysfs (rw)
/dev/devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/shm on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/cdrom on /media/cdrecorder type iso9660 (ro,nosuid,nodev)
/dev/fd0 on /mnt/floppy type ext3 (rw)
Traditionally, the most common devices to mount by hand are your floppy disk and your CD
drive. However, depending on the type of desktop you are using, CDs and floppy disks may be
mounted for you automatically when you insert them. (In some cases, the autorun program may
also run automatically. For example, autorun may start a CD music player or software package
installer to handle the data on the medium.)
Mounting removable media
If you want to mount a file system manually, the /etc/fstab file helps make it simple to mount
a floppy disk or a CD. In some cases, you can use the mount command with a single option to
indicate what you want to mount, and information is taken from the /etc/fstab file to fill in
the other options. Entries might already exist in your /etc/fstab file to let you do these quick
mounts in the following two cases:
CD —If you are mounting a CD that is in the standard ISO 9960 format (as most software CD-ROMs are), assuming there’s an entry in the /etc/fstab file for that CD
drive, you can mount that CD by placing it in your CD-ROM drive and typing one of
the following:
# mount /media/cd*
# mount /mnt/cdrom
By default, a CD is usually mounted on the /mnt/cdrom directory (Linux 2.4 kernels)
or a subdirectory of /media (Linux 2.6 kernels). (The file system type, device name,
and other options are filled in automatically.) To see the contents, type cd /mnt/cdrom
or cd /media/disk, and then type ls. Files from the CD’s root directory will be displayed. (With newer desktop features such as Udev and HAL, often CDs and DVDs are
mounted automatically, so there is no need to manually run the mount command. Also,
335
Part III: Learning System Administration Skills
if the media has a volume name associated with it, that volume name is used as the
directory name in /media on which the CD is mounted.)
Floppy disk—If you want to mount a floppy in the Linux ext3 file system format (ext3),
or in some cases a format that can be autodetected, mount that floppy disk by inserting
it in your floppy drive and typing one of the following:
# mount /media/floppy*
# mount /mnt/floppy
The file system type (ext3), device (/dev/fd0), and mount options are filled in from the
/etc/fstab file. You should be able to change to the floppy disk directory (cd /mnt/
floppy or cd /media/floppy*) and list the contents of the floppy’s top directory
(ls).
Note
In both of these cases, you could give the device name (which is something like /dev/cdrom or /dev/fd0)
instead of the mount point directory to get the same results. Of course, it is possible that you may get floppy disks you want to use that are in different formats. Someone may give you a floppy containing files from an older Microsoft operating system
(in MS-DOS format). Or you may get a file from another UNIX system. In those cases, you can
fill in your own options instead of relying on options from the /etc/fstab file. In some cases,
Linux autodetects that the floppy disk contains an MS-DOS (or Windows vfat) file system and
mounts it properly without additional arguments. If it doesn’t, here’s an example of how to mount
a floppy containing MS-DOS files:
# mkdir /mnt/floppy
# mount -t msdos /dev/fd0 /mnt/floppy
This shows the basic format of the mount command you would use to mount a floppy disk. You
can change msdos to any other supported file system type (described earlier in this chapter) to
mount a floppy of that type. Instead of using floppy drive A: (/dev/fd0), you could use drive B:
(/dev/fd1) or any other accessible drive. Instead of mounting on /mnt/floppy, you could create any other directory and mount the floppy there.
Here are some other useful options you could add to the mount command:
336
-t auto—If you aren’t sure exactly what type of file system is contained on the floppy
disk (or other medium you are mounting), use this option to indicate the file system
type. The mount command will query the disk to try to ascertain what type of file system it contains.
-r—If you don’t want to make changes to the mounted file system (or can’t because it is
a read-only medium), use this option to mount it read-only.
Chapter 10: Learning Basic Administration
-w—This mounts the file system with read/write permission.
-remount—This option remounts the file system while that file system is still in use.
This is a great tool for remounting a read-only file system as read-write. For example:
# mount –o remount,rw /mnt/mydisk
Mounting a disk image in loopback
Another valuable way to use the mount command has to do with disk images. If you download
a CD or floppy disk image from the Internet and you want to see what it contains, you can do so
without burning it to CD or floppy. With the image on your hard disk, create a mount point and
use the -o loop option to mount it locally. Here’s an example:
# mkdir /mnt/mycdimage
# mount -o loop whatever-i386-disc1.iso /mnt/mycdimage
In this example, the /mnt/mycdimage directory is created, and then the disk image file (whatever-i386-disc1.iso) residing in the current directory is mounted on it. You can now cd
to that directory, view the contents of it, and copy or use any of its contents. This is useful for
downloaded CD images from which you want to install software without having to burn the
image to CD. You could also share that mountpoint over NFS, so you could install the software
from another computer. When you are done, just type umount /mnt/mycdimage to unmount it.
Other options to mount are available only for specific file system types. See the mount manual
page for those and other useful options.
Using the umount command
When you are done using a temporary file system, or you want to unmount a permanent file
system temporarily, use the umount command. This command detaches the file system from its
mount point in your Linux file system. To use umount, you can give it either a directory name or
a device name. For example:
# umount /mnt/floppy
This unmounts the device (probably /dev/fd0) from the mount point /mnt/floppy. You can
also unmount using the form
# umount /dev/fd0
In general, it’s better to use the directory name (/mnt/floppy) because the umount command
will fail if the device is mounted in more than one location. (Device names all begin with /dev.)
If you get the message device is busy, the umount request has failed because either a process
has a file open on the device or you have a shell open with a directory on the device as a current directory. Stop the processes or change to a directory outside the device you are trying to
unmount for the umount request to succeed.
337
Part III: Learning System Administration Skills
An alternative for unmounting a busy device is the -l option. With umount -l (a lazy unmount),
the unmount happens as soon as the device is no longer busy. To unmount a remote NFS file
system that’s no longer available (for example, the server went down), you can use the umount -f
option to forcibly unmount the NFS file system.
Tip
A really useful tool for discovering what’s holding open a device you want to unmount is the lsof command.
Type lsof with the name of the partition you want to unmount (such as lsof /mnt/floppy). The output
shows you what commands are holding files open on that partition. The fuser command can be used in the
same way. Using the mkfs command to create a file system
You can create a file system for any supported file system type on a disk or partition that you
choose. You do so with the mkfs command. Although this is most useful for creating file systems
on hard-disk partitions, you can create file systems on USB flash drives, floppy disks, or rewritable CDs as well.
Before you create a new file system, make sure:
You have partitioned the disk as you want (using the fdisk command, as described in
the “Adding a Hard Disk” section that follows).
You get the device name correct, or you may end up overwriting your hard disk by mistake. For example, the first partition on the second SCSI or USB disk on your system
would be /dev/sdb1 and the third would be /dev/sdc1.
To unmount the partition if it’s mounted before creating the file system.
Here is an example of using mkfs to create a file system on the first (and only) partition on a 2GB
USB flash drive located as the third SCSI disk (/dev/sdc1):
# mkfs -t ext3 /dev/sdc1
mke2fs 1.40.8 (13-Mar-2008)
Warning: 256-byte inodes not usable on older systems
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
122160 inodes, 487699 blocks
24384 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=503316480
15 block groups
32768 blocks per group, 32768 fragments per group
8144 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
338
Chapter 10: Learning Basic Administration
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
You can see the statistics that are output with the formatting done by the mkfs command. The
number of inodes and blocks created are output, as are the number of blocks per group and fragments per group. You could now mount this file system (mkdir /mnt/myusb ; mount /mnt/
myusb), change to it as your current directory (cd /mnt/myusb), and create files on it as you
please.
Adding a hard disk
Adding a new hard disk to your computer so that it can be used by Linux requires a combination
of steps described in previous sections. Here’s the general procedure:
1. Install the new hard disk hardware.
2. Identify the partitions on the new disk.
3. Create the file systems on the new disk.
4. Mount the file systems.
The easiest way to add a hard disk to Linux is to have the entire disk devoted to a single Linux
partition. You can have multiple partitions, however, and assign them each to different types of
file systems and different mount points, if you like. The following process takes you through adding a hard disk containing a single Linux partition. Along the way, it also notes which steps you
need to repeat to have multiple file systems with multiple mount points.
Note
This procedure assumes that Linux is already installed and working on the computer. If this is not the case,
follow the instructions for adding a hard disk on your current operating system. Later, when you install Linux,
you can identify this disk when you are asked to partition your hard disk(s). 1. Follow the manufacturer’s instructions for physically installing and connecting the new
hard disk in your computer. If, presumably, this is a second hard disk, you may need
to change jumpers on the hard disk unit itself to have it operate as a slave hard disk (if
it’s on the same cable as your first hard disk). You may also need to change the BIOS
settings.
2. Boot your computer to Linux.
3. Determine the device name for the hard disk. As root user from a shell, type:
# dmesg | less
339
Part III: Learning System Administration Skills
4. From the output, look for an indication that the new disk was found. For example, if it’s
a second IDE hard disk, you should see hdb: in the output. For a second SCSI drive,
you should see sdb: instead. (The hd? and sd? drive letters are incremented as they are
found by the kernel.) Be sure you identify the correct disk, or you will erase all the data
from disks you probably want to keep!
5. Use the fdisk command to create partitions on the new disk. For example, if you are
formatting the second IDE disk (hdb), you can type the following:
# fdisk /dev/hdb
Now you are in fdisk command mode, where you can use the fdisk single-letter command set to work with your partitions. If the disk had existing partitions on it, you can
change or delete those partitions now. Or, you can simply reformat the whole disk to
blow everything away. Use p to view all partitions and d to delete a partition.
6. To create a new partition, type the letter n.
7. Choose an extended (e) or primary partition (p). To choose a primary partition, type the
letter p.
8. Type in the partition number. If you are creating the first partition (or for only one partition), type the number 1.
Enter the first cylinder number (1 is the default). A range of cylinder numbers is displayed (for example, 1–4865 is the number of cylinders that appears for my 40GB hard
drive).
9. To assign the new partition to begin at the first cylinder on the new hard disk, type the
number 1.
10. Enter the last cylinder number. If you are using the entire hard disk, use the last cylinder number shown. Otherwise, choose the ending cylinder number or indicate how
many megabytes the partition should have.
11. To create more partitions on the hard disk, repeat Steps 6 through 10 for each partition
(possibly changing the file system types as needed).
12. Type w to write changes to the hard disk and exit from the fdisk command. At this
point, you should be back at the shell.
13. To create a file system on the new disk partition, use the mkfs command. By default,
this command creates an ext2 file system, which is usable by Linux. However, in most
cases you will want to use a journaling file system (such as ext3 or reiserfs). To create an
ext3 file system on the first partition of the second hard disk, type the following:
# mkfs -t ext3 /dev/hdb1
If you created multiple partitions, repeat this step for each partition (such as /dev/
hdb2, /dev/hdb3, and so on).
340
Chapter 10: Learning Basic Administration
Tip
If you don’t use -t ext3, an ext2 file system is created by default. Use other commands, or options to
this command, to create other file system types. For example, use mkfs.vfat to create a VFAT file system,
mkfs.msdos for DOS, or mkfs.reiserfs for Reiser file system type. The tune2fs command, described
later in this section, can be used to change an ext2 file system to an ext3 file system. 14. After the file system is created, you can have the partition permanently mounted by
editing the /etc/fstab and adding the new partition. Here is an example of a line you
might add to that file:
/dev/hdb1
/abc
ext3
defaults
1 1
In this example, the partition (/dev/hdb1) is mounted on the /abc directory as an
ext3 file system. The defaults keyword causes the partition to be mounted at boot
time. The numbers 1 1 cause the disk to be checked for errors. Add one line like this
example for each partition you created.
15. Create the mount point. For example, to mount the partition on /abc (as shown in the
previous step), type the following:
# mkdir /abc
16. Create your other mount points if you created multiple partitions. The next time you
boot Linux, the new partition(s) will be automatically mounted on the /abc directory.
After you have created the file systems on your partitions, a nice tool for adjusting those file systems is the tune2fs command. You can use it to change volume labels, how often the file system
is checked, and error behavior. You can also use it to change an ext2 file system to an ext3 file
system so the file system can use journaling. For example:
# tune2fs -j /dev/hdb1
tune2fs 1.40.4 (29-May-2008)
Creating journal inode: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
By adding the -j option to tune2fs, you can change either the journal size or attach the file system to an external journal block device (essentially turning a nonjournaling ext2 file system into
a journaling ext3 file system). After you use tune2fs to change your file system type, you probably need to correct your /etc/fstab file to include the file type change (from ext2 to ext3). To
see the current settings for your ext2/ext3 file system, type the following command:
# tune2fs -l /dev/hdb1
341
Part III: Learning System Administration Skills
Checking system space
Running out of disk space on your computer is not a happy situation. You can use tools that come
with Linux to keep track of how much disk space has been used on your computer, and you can
keep an eye on users who consume a lot of disk space.
Displaying system space with df
You can display the space available in your file systems using the df command. To see the
amount of space available on all the mounted file systems on your Linux computer, type df with
no options:
$ df
Filesystem
/dev/sda1
/dev/sda2
/dev/fd0
1k-blocks
30645460
46668
1412
Used
2958356
8340
13
Available
26130408
35919
1327
Use%
11%
19%
1%
Mounted on
/
/boot
/mnt/floppy
This example output shows the space available on the hard disk partition mounted on the /
(root) partition (/dev/sda1) and /boot partition (/dev/sda2), and the floppy disk mounted on
the /mnt/floppy directory (/dev/fd0). Disk space is shown in 1K blocks. To produce output in
a more human-readable form, use the -h option:
$ df -h
Filesystem
/dev/sda1
/dev/sda2
/dev/fd0
Size
29G
46M
1.4M
Used
2.9G
8.2M
13k
Avail
24G
25M
1.2M
Use%
11%
19%
1%
Mounted on
/
/boot
/mnt/floppy
With the df -h option, output appears in a friendlier megabyte or gigabyte listing. Other options
with df enable you to do the following:
Print only file systems of a particular type (-t type)
Exclude file systems of a particular type (-x type)
Include file systems that have no space, such as /proc and /dev/pts (-a)
List only available and used inodes (-i)
Display disk space in certain block sizes (--block-size=#)
Checking disk usage with du
To find out how much space is being consumed by a particular directory (and its subdirectories),
use the du command. With no options, du lists all directories below the current directory, along
with the space consumed by each directory. At the end, du produces total disk space used within
that directory structure.
342
Chapter 10: Learning Basic Administration
The du command is a good way to check how much space is being used by a particular user (du
/home/user1) or in a particular file system partition (du /var). By default, disk space is displayed in 1K block sizes. To make the output friendlier (in kilobytes, megabytes, and gigabytes),
use the -h option as follows:
$ du -h /home/jake
114k
/home/jake/httpd/stuff
234k
/home/jake/httpd
137k
/home/jake/uucp/data
701k
/home/jake/uucp
1.0M
/home/jake
The output shows the disk space used in each directory under the home directory of the user
named jake (/home/jake). Disk space consumed is shown in kilobytes (k) and megabytes (M).
The total space consumed by /home/jake is shown on the last line. Add the –s option to see
total disk space used for a directory and its subdirectories.
Finding disk consumption with find
The find command is a great way to find file consumption of your hard disk using a variety of
criteria. You can get a good idea of where disk space can be recovered by fi nding files that are
over a certain size or were created by a particular person.
Note
You must be root user to run this command effectively, unless you are just checking your personal files. If
you are not root user, there will be many places in the file system that you will not have permission to check.
Regular users can usually check their own home directories but not those of others. In the following example, the find command searches the root file system (/) for any files owned
by the user named jake (-user jake) and prints the filenames. The output of the find command is organized in a long listing in size order (ls -ldS). Finally, that output is sent to the file
/tmp/jake. When you view the file /tmp/jake (for example, less /tmp/jake), you will find
all the files that are owned by the user jake listed in size order. Here is the command line:
# find / -xdev -user jake -print | xargs ls -ldS > /tmp/jake
Tip
The -xdev option prevents file systems other than the selected file system from being searched. This is
a good way to cut out a lot of junk that may be output from the /proc file system. It can also keep large
remotely mounted file systems from being searched. Here’s another example, except that instead of looking for a user’s fi les, we’re looking for files
larger than 100 kilobytes (-size +100k):
# find / -xdev -size +100k -print | xargs ls -ldS > /tmp/size
343
Part III: Learning System Administration Skills
You can save yourself a lot of disk space by just removing some of the largest files that are no longer needed. In this example, you can see large files are sorted by size in the /tmp/size file.
Monitoring System Performance
If your Linux system is a multiuser computer, sharing the processing power of that computer can
be a major issue. Likewise, any time you can stop a runaway process or reduce the overhead of an
unnecessary program running, your Linux server can do a better job serving files, Web pages, or
e-mail to the people who rely on it.
Some distributions of Linux include graphical utilities to simplify administration, such as System
Monitor in Ubuntu (shown in Figure 10-5).
FIGURE 10-5
System Monitor, in Ubuntu, allows you to view processes, resources, and devices.
All Linux distributions include utilities that can help you monitor the performance of your Linux
system. The kinds of features you want to monitor in Linux include CPU usage, memory usage
(RAM and swap space), and overall load on the system. A popular tool for monitoring that information in Linux is the top command.
344
Chapter 10: Learning Basic Administration
To start the top utility in a Terminal window, type top. The top command determines the largest
CPU-consuming processes on your computer, displays them in descending order on your screen,
and updates the list every five seconds.
By adding the -S option to top, the display shows you the cumulative CPU time for each process, as well as any child processes that may already have exited. If you want to change how often
the screen is updated, you can add the -d secs option, where secs is replaced by the number
of seconds between updates.
By default, processes are sorted by CPU usage. You can sort processes numerically by PID (press
N), by age (press A), by resident memory usage (press M), or by time (press T). To return to CPU
usage, press P. To terminate a process, type k and enter the PID of the process you want to kill
(listed in the left column). Be careful to kill only processes you are sure you don’t need or want.
Doing Remote System Administration
Linux offers dozens of tools for administering remote systems. Among the most popular tools
for doing remote system administration are those that come from the OpenSSH project. These
include
ssh—Command for doing remote login and remote execution
scp—Command for copying files and directories to remote systems
sftp—Command that includes an ftp client type of interface for traversing remote fi le
systems and getting and putting files across the network connection
Although login commands such as telnet and rlogin and rsh remote execution command
have been around much longer, the ssh command is the preferred tool for remote logins and
executions. The reason is that ssh provides encrypted communication so you can use it securely
over insecure, public networks between hosts that don’t know each other.
Here is an example of ssh being used to log in to a computer named test.example.com.
Because no user is specified, ssh tries to log in as the current user (which is the root user in this
case).
# ssh test.example.com
root@test’s password:
To log in as a different user, you could use the -l option. For example, to log in to the computer
named test as the user named jake, you could type the following:
# ssh jake@test.example.com
jake@test’s password:
345
Part III: Learning System Administration Skills
The ssh command can also be used to execute a command on the remote computer. For example, if you wanted to monitor the messages file on a remote computer for a minute, you could
type the following command:
# ssh root@test.example.com “tail -f /var/log/messages”
root@test’s password:
After you type the password, the last several lines of the /var/log/messages file on the
remote computer are displayed. As messages are received, they continue to be displayed until you
decide to exit (press Ctrl+C to exit the tail command).
A wonderful way to use remote ssh for remote execution is with the -X option. Using -X, ssh
opens a tunnel to the remote system in which you can launch X Window system clients. So, for
example, to log in to a remote system and launch a GUI tool for editing the remote system’s network configurations, you could type the following:
# ssh –X root@test.example.com
root@test’s password:
# system-config-network
The remote system’s Network Configuration menu tool opens on your local desktop, ready to let
you configure the remote system. In this same way, you can launch any remote X client to your
local desktop.
The scp command is a simple yet secure way of copying files among Linux systems. It uses the
underlying ssh facility, so if ssh is enabled, so is scp. Here is an example of using scp to copy a
file from one computer to another:
# scp myfile toys.linuxtoys.net:/home/chris
root@toys.linuxtoys.net’s password: ******
In this example, the file myfile is copied to the computer named toys.linuxtoys.net in the
/home/chris directory. If you don’t provide a user name, scp assumes you are using the current user name. Instead of myfile, you could indicate a directory name and add the –r option to
recursively copy all files from that directory (and its subdirectories) to the remote system.
Unlike some tools that provide remote login, scp and ssh do allow you to log in as root user over
the network, by default. (Many people turn off this feature for security reasons.)
The sftp command, which also communicates using secure ssh protocols, is a command for
copying files from an FTP server. It is considered a more secure way of getting files from a remote
system that has an sshd server running. The sftp command can be disabled on the server by
commenting out the sftp line in the sshd_config directory.
If the sshd service doesn’t seem to be running on a remote system, you may need to start the
sshd daemon. In systems such as Fedora and RHEL, you could type the following:
# service sshd start
# chkconfig sshd on
346
Chapter 10: Learning Basic Administration
Summary
Although you may be using Linux as a single-user system, many of the tasks you must perform to
keep your computer running are defined as administrator tasks. A special user account called the
root user is needed to do many of the things necessary to keep Linux working as you would like
it to. If you are administering a Linux system used by lots of people, the task of administration
becomes even larger. You must be able to add and support users, maintain the file systems, and
ensure that system performance serves your users well.
To help the administrator, Linux comes with a variety of command-line utilities and graphical
windows for configuring and maintaining your system. Commands such as mkfs and mount let
you create and mount file systems, respectively. Tools such as top let you monitor system performance. Commands such as ssh and scp let you administer your system remotely.
347
CH APTER
Getting on the Internet
Y
ou won’t tap into the real power of Linux until you have connected
it to a network—in particular, the Internet. Your computer probably
has an Ethernet interface built in, so you can just plug a LAN (local
area network) cable into it to connect to a LAN (hub or switch), DSL bridge
or router, or cable modem. Some computers, particularly laptops, may have
wireless Ethernet hardware built in.
Your computer also may have a dial-up modem. Although much more rare
these days, there are still cases where someone may have an older computer
that has no Ethernet card. Or you may be in a situation in which you need
to dial out over regular phone lines to reach your Internet service provider
(ISP), and need to use this modem to get on the Internet.
This chapter describes how to connect your Linux system to the Internet.
With broadband and wireless networks becoming more prevalent, Ethernet
connections are becoming the most common means of connecting to the
Internet. For dial-up connections, you’ll see how to use kppp (a dialer GUI
that is often packaged with KDE desktops).
Sharing Internet connections with multiple desktop systems or even your
own mail or Web server is not that difficult to do from a hardware perspective. However, you need to consider some security and configuration issues
when you set out to expand how you use your Internet connection. Most
Linux systems include software that lets you configure them as firewalls,
routers, and a variety of server types to help you get this done.
349
IN THIS CHAPTER
Connecting to the Internet
Connecting to the Internet with
Ethernet
Connecting to the Internet with
dial-up
Connecting to the Internet with
wireless
Part III: Learning System Administration Skills
Connecting to the Network
Linux supports a wide range of wired and wireless network devices, as well as a dizzying array
of network protocols to communicate over that media. As a home or small office Linux user, you
can start evaluating how to configure your connection to the Internet from Linux by considering
The type of Internet account you have with your ISP (dial-up or broadband)
Whether you are connecting a single computer, a bunch of desktops, and/or one or more
server machines to the Internet
Connecting via dial-up service
A few years ago, dial-up was the most common method for an individual to get on to the Internet.
Many computers had dial-up modems built into the motherboard or had serial ports where a
modem could easily be connected. Many computers today do not include modems, but serial or
USB modems can be purchased for just a few dollars if you need to use dial-up.
After you have a modem (56 Kbps speed is the standard today), the only other equipment you
need is a regular telephone line. Essentially, you can use a dial-up modem anywhere you can
connect to a phone line. Linux contains the tools you need to configure and complete a dial-up
connection. Figure 11-1 shows the setup for the connection.
FIGURE 11-1
Connect a modem to a serial or USB port and dial out over regular phone lines.
Serial port
Telephone jack
Modem
ISP
PPP connection to Internet
Linux workstation
One difficulty with using modems in Linux is that many computers with built-in modems (especially laptops) come with what are referred to as Winmodems. With Winmodems, some of the
processing normally done on the modem is actually implemented within the Windows system.
Winmodems don’t always look like real modems to Linux systems because, without the code
that’s inside Windows, they don’t behave like real modems when they are connected to Linux
systems.
350
Chapter 11: Getting on the Internet
Some Winmodems are supported in Linux, and those are sometimes referred to as Linmodems.
If you find that Linux fails to detect your modem, check out the Linmodems Support Page
(http://linmodems.technion.ac.il) or the LinModems.org page (www.linmodems.org).
These pages can help you determine whether you have a Winmodem and, if so, help you fi nd the
right Linmodem driver (if one is available).
Tip
If you find that you have a Winmodem, you are usually better off getting a real modem instead. An inexpensive external serial modem can save you the trouble of getting and loading a Linmodem driver that may or
may not work. Most external modems or internal PCI modems described as being “controller-based” work
well in Linux. Connecting a single wired Ethernet card
Increasingly, individuals have the option of signing up for broadband Internet service with cable
television providers or local telephone companies. These connections typically provide transmission speeds rated at least five times greater than you can get with a dial-up connection.
To make broadband connections from your home or small office, you typically need a cable
modem or Digital Subscriber Line (DSL) modem. Cable modems share the bandwidth of the
cable television line coming into your location. DSL uses existing house or office phone wires to
connect to the Internet, sharing the wires with your phone service.
Because there are many ways that your ISP may be providing your Internet service, you should
check with it to get the right hardware you need to connect. In particular, you should know that
several incompatible DSL standards exist (ADSL, CDSL, HDSL, SDSL, and so on), so you can’t
just go out and buy DSL equipment without some guidance.
If you are using an external DSL or cable modem, chances are that a single connection from your
Linux machine to that equipment requires only
An Ethernet port on your computer
A LAN cable (often provided with the ISP equipment)
The DSL router/bridge or cable modem (often provided by ISP)
Figure 11-2 illustrates a Linux computer connected to a broadband cable modem.
Broadband equipment often supplies a service called Dynamic Host Configuration Protocol
(DHCP). DHCP provides the Internet addresses and other information that a client computer
needs to connect to the network. With the cable/DSL modem acting as a DHCP server, you can
literally start using the Internet without doing any special configuration in Linux. Just plug in,
boot Linux, and start browsing the Web.
351
Part III: Learning System Administration Skills
FIGURE 11-2
Connect an Ethernet card to broadband and start surfing.
Firewall
(iptables)
Linux
DHCP
DSL router
or cable modem
ISP
Linux Workstation
Broadband
Connection
Route to Internet
Note
The DSL or cable modem often acts as a router between the ISP and your computer. Usually that device
also includes a firewall configured to do network address translation. Alternatively, some broadband equipment operates in a “bridging mode,” in which it doesn’t do routing, but simply passes data through as if your
computer were on the same LAN as that of the ISP. In this setup, the public IP address is assigned to your
computer instead of the DSL or cable modem. Because bridging mode exposes the IP addresses behind your
firewall to the Internet, in most cases you should not set your DSL or cable modem to bridging mode. Sharing a network connection with other
computers
Instead of connecting your Linux computer directly to the cable modem or DSL equipment, you
can join your machines together on a LAN, and then connect the LAN to your ISP equipment so
that everyone in the house or office can share the broadband connection. It’s fairly simple—you
just connect your cable/DSL modem to your LAN instead of directly to your Linux box. In this
configuration, however, you should consider adding a firewall/router as a buffer between your
LAN and the outside world. That machine would perform such duties as
352
Blocking access —A well-configured firewall blocks access to all ports except those
that you need to access the Internet the way you want, thereby minimizing the risks of
intruders getting into your LAN.
NAT or IP Masquerading—For the most part, you want the computers behind your
firewall that are simply desktop systems to not be accessible to others from the Internet.
By configuring your firewall to do NAT or IP Masquerading, your computers can be
assigned private IP addresses. Your firewall then handles forwarding of messages
between your LAN and the Internet. This is a good arrangement for several reasons. For
Chapter 11: Getting on the Internet
one thing, the IP addresses of your private computers are not exposed to the outside
world. Also, you can save the cost of paying your ISP for permanent IP addresses.
DHCP service—Many firewall systems can act as a DHCP server. Those private IP
addresses you can use with a NAT firewall can be assigned from the DHCP service running on your firewall system. When the client computer on your LAN starts up, besides
its IP address, your DHCP service can tell the client the location of its DNS server, gateway to the Internet, or other information.
Routing—In the home and small-office LAN environment illustrated in Figure 11-3, the
firewall computer often has two Ethernet interfaces: one connected to the LAN and the
other to the DSL or cable modem that leads to the ISP. Because the Ethernet interfaces
are viewed as being on separate subnetworks, the firewall/router must be configured to
forward packets across the two interfaces. It’s not a big deal, but it does require a separate step to tell the firewall system that you want it to forward packets between the two
subnetworks.
Cross-Reference
Chapter 27 discusses setting up a firewall/router, using a Linux distribution designed specifically for the
task. FIGURE 11-3
A firewall provides a safeguard between your LAN and the Internet.
Linux
Linux
NAT
Hub or switch
Linux
firewall/router
Broadband
connection
Mac
ISP
DHCP
Linux
Windows
In this example, the equipment you need includes
An Ethernet network interface card (NIC) on each computer and at least two NICs on
the firewall/router
A LAN cable for each computer
A hub or a switch
353
Part III: Learning System Administration Skills
A low-end PC (a PC with as little power as a 486 might do) running as a Linux firewall/
router
The DSL or cable modem
An alternative to this wired configuration is to replace the hub or switch with a wireless access
point. Then each computer equipped with a wireless LAN card can get on the network without
wires.
Connecting servers
So far you’ve seen configurations that let one or more computers from your home or small business browse the Web. Allowing someone from the Internet to request services (Web pages, fi le
transfers, and so forth) from your computers requires some extra thought.
After you have TCP/IP (the primary set of protocols used on the Internet) configured to connect to your ISP, requests for data can pass in either direction between your computers and the
Internet unless you use a firewall to restrict traffic. So the same connection you use for Internet
browsing can be used to offer services to the Internet, with a few caveats:
Permanent IP address —Each time you reboot your computer, your ISP’s DHCP server
dynamically assigns your DSL/cable modem’s IP address. For that reason, your IP
address could change at each reboot. If you want your servers to be reachable on a permanent basis, you usually need at least one permanent IP address at which people can
reach your servers. You will have to ask your ISP about a permanent IP address, and it
might cost you extra money to have one.
Note
A service called Dynamic DNS can be used in place of paying for a permanent IP address. With Dynamic
DNS, you hire a service to constantly check whether your IP address has changed and assign your DNS host
name to the new address if it does. You can search the Web for “Dynamic DNS” to find companies that offer
that service. ISP acceptable use policy—Check that you are allowed to have incoming connections.
Some ISPs, especially for inexpensive, home-use broadband service, will block incoming connections to Web servers or mail servers.
DNS hostname —Although typing an IP address into a browser location box works just
fine, most people prefer to use names (such as www.linuxtoys.net) to reach a server.
That requires you to purchase a DNS domain name and have an entry set up in a DNS
server to resolve the name to the IP address of your server.
Although there is nothing magical about setting up an Internet server, given the few issues just
mentioned, creating a public server can be a lot like opening up the doors of your house so that
strangers can wander in. You want some policies in place to restrict where the strangers can go
and what they can do.
354
Chapter 11: Getting on the Internet
For home or small-office locations that have a single Internet connection (represented by one
public IP address), servers can be more exposed to the Internet than desktop systems by keeping them in one area that’s referred to as the DMZ (demilitarized zone). In this configuration
(illustrated in Figure 11-4), servers are directly behind the outside firewall. Desktop systems (that
aren’t to be accessible by people from the Internet) are behind a second, more restrictive firewall.
FIGURE 11-4
Add servers to a DMZ where they can be more publicly accessible than your desktop systems.
Servers
Linux internal
firewall/router
Hub/switch
NAT
Switch
Linux external
firewall/router
DHCP
Mail
Broadband
connection
ISP
Web
FTP
Internal
Network
DM2
External
Network
Whether you use Linux or dedicated firewall devices to provide firewall service, the outside firewall allows requests in for Web services (port 80), FTP services (ports 20 and 21), simple mail
transfer protocol (port 25), and possibly other services. The internal firewall blocks any requests
for services from the outside and allows only Internet communications that were initiated from
computers behind the inside firewall.
Cross-Reference
Chapters 13 through 16 explain how to configure different server types, and Chapter 27 describes how to set
up Linux as a router/firewall. Chapter 27 includes details on how to configure features such as IP masquerading, NAT, and packet forwarding. Connecting other equipment
Although I’ve focused on basic Ethernet equipment and dial-up modems for configuring network
connections, Linux supports many other types of network equipment as well as different protocols for communicating over that equipment. Here are a few examples:
ISDN —Integrated Services Digital Network (ISDN) lines were the preferred method
of high-speed data lines to small businesses in the United States before DSL became
widespread. It is still popular in Europe, but is being supplanted by more affordable
DSL equipment. ISDN4LINUX drivers and tools (www.isdn4linux.de) are available in
many Linux systems for connecting to ISDN networks.
355
Part III: Learning System Administration Skills
USB cable modem—Most cable modems offer an Ethernet port that you can connect to
directly from your computer’s own Ethernet port. However, if you don’t have an Ethernet
port, often you can connect to the cable modem through one of your USB ports. (You
may need to manually load usbnet and cdc_ether drivers to get this to work.)
Token ring—Although rarely used now, token ring network cards are still supported.
Support for token ring network cards is included in most Linux systems, although token
rings are rarely used now. They were once popular at locations that had many IBM
systems.
PLIP—It’s possible to connect two computers together from their parallel ports so that
they can communicate using TCP/IP protocols. Parallel Line Internet Protocol (PLIP)
requires only a special type of null modem cable (for the specs for that cable, refer to
http://tldp.org/HOWTO/NET3-4-HOWTO-9.html). Most Linux systems have builtin software that enables you to log in, transfer files, and perform other activities over
that connection.
If your system has Linux source code installed, you can read about supported hardware devices
in the documentation that comes with that source code. On Fedora and some other Linux systems, the location of kernel documentation for various networking hardware is /usr/src/
linux*/Documentation/networking.
Using Ethernet Connections to the Internet
Most Linux systems today will either automatically detect or allow you to set up your Internet
connection when you install Linux. Here’s the general (default) way that a network connection on
a desktop system, with Linux installed, is started up:
1. Check whether you have an Ethernet port on your computer (most recent computers have one). If so, connect your Ethernet card to the equipment that gets you to the
Internet (cable modem, DSL router/bridge, or network hub/switch). If not, you can purchase an Ethernet card at any retailer that sells computer hardware.
2. Ensure that appropriate drivers are available for the card and bring up the interface
(typically, the first wired Ethernet card is assigned to the eth0 interface). Usually, simply
starting the computer causes the card to be detected and the appropriate driver loaded.
3. Get an IP address using DHCP if a DHCP server is available through the interface. Most
ISPs and businesses expect you to connect to their networks using DHCP, so they will
have provided a DHCP server to the equipment where you connect your computer to
the network.
As long as your desktop system is connected to a network that has a DHCP server willing to give
it an IP address, you can be up and browsing the Web in no time.
356
Chapter 11: Getting on the Internet
If you find that the automatic method (DHCP) of connecting to your network doesn’t work, then
connecting to the Internet gets a bit trickier. Different Linux distributions offer different tools for
manually configuring your Internet connection. The following sections describe a few graphical
tools and some command-line and configuration-file approaches to configuring wired and wireless network connections.
Configuring Ethernet during installation
Many Linux install processes ask you whether you want to configure your network connection
for your Ethernet cards. This is typically just for your Ethernet cards and not for dial-up modems
or other networking equipment. Information about what you’ll need for that process (IP address,
gateway, DNS server, and so on) is explained in Chapter 8.
When you boot Linux, you can check whether you have access to the Internet by opening a Web
browser (such as Firefox or Konqueror) and typing in a Web address. If the Web site doesn’t
appear in your browser, you’ll need to do some troubleshooting. The “Understanding Your
Internet Connection” section later in this chapter provides information on how to track down
problems with your Internet connection.
Configuring Ethernet from the desktop
Most major Linux distributions offer graphical tools for configuring network interfaces. These
tools step you through the information you need to enter, and then start up the network interface
(if you choose) to begin browsing the Web.
Here is a list of tools for configuring network interfaces in a few different Linux distributions.
Some of these are graphical tools, and some are menu-based:
Red Hat Enterprise Linux/Fedora—The Network Configuration window lets you configure network connection using Ethernet, ISDN, modem, Token Ring, Wireless, and
xDSL hardware. Start the Network Configuration window from the System menu by
selecting Administration ➪ Network or by typing system-config-network and entering
the root password when prompted. (On older Red Hat Linux systems, the command
was redhat-config-network.) The new NetworkManager feature is also available to
let you detect and choose wired and wireless interfaces in Fedora.
SUSE Linux—The YaST Control Center that comes with SUSE contains features for
configuring your network. The YaST Control Center lets you configure a DSL, ISDN,
Modem, or Network Card interface to the network. Select Network Card to configure
your wired Ethernet Interface to the Internet.
Gentoo Linux—From a shell (as root user), type net-setup eth0 to start a menu-driven
interface to configure the network connection from your first Ethernet card (eth0). Use
this tool to set each network interface to use DHCP or a static IP address you provide
yourself.
357
Part III: Learning System Administration Skills
Ubuntu Linux—In Ubuntu, you are encouraged to use the Network Connections window for NetworkManager. Right-click the NetworkManager icon in your top panel and
select Edit Connections. From the dialog box that appears, select the interface you are
interested in and choose Edit, as shown in Figure 11-5.
FIGURE 11-5
Configuring an interface in Ubuntu
KNOPPIX—Select the squished penguin icon in the panel on the KNOPPIX desktop,
and choose Networking/Internet from the menu. Select the Network card configuration
menu entry to configure your network card. Or select from several other network equipment types instead (ADSL, GPRS, ISDN, Modem, or Wavelan).
Using Network Configuration GUI in Fedora
An example of a graphical tool for configuring your Ethernet interface is the Network
Configuration GUI that comes with Fedora and Red Hat Enterprise Linux systems. If you did not
configure your LAN connection during installation of Fedora or RHEL, you can do so at any time
using the Network Configuration window. The IP address and hostnames can be assigned statically to an Ethernet interface or retrieved dynamically at boot time from a DHCP server.
358
Chapter 11: Getting on the Internet
Note
A computer can have more than one IP address because it can have multiple network interfaces. Each network interface must have an IP address to connect to a network (even if the address is assigned temporarily).
So, if you have two Ethernet cards (eth0 and eth1), each needs its own IP address. Also, the address 127.0.0.1
represents the local host so that users on the local computer can access services without those requests going
out on the network. Here’s how to define the IP address for your Ethernet interface in Fedora or RHEL:
1. From the System menu, choose System ➪ Administration ➪ Network or, as root user
from a Terminal window, type system-config-network. (If prompted, type the root
password.) The Network Configuration window appears.
2. Click the Devices tab. A listing of your existing network interfaces appears.
3. Double-click the eth0 interface (representing your first Ethernet card). A pop-up window titled Ethernet Device appears (see Figure 11-6), enabling you to configure your
eth0 interface.
FIGURE 11-6
Configure and activate Ethernet devices in Fedora.
359
Part III: Learning System Administration Skills
4. Select your preferences:
Controlled by NetworkManager —In the most recent versions of Fedora,
NetworkManager controls your network interfaces. Unselect this box to manage your
interfaces directly with the Network Configuration window.
Activate device when computer starts —Check here to have eth0 start at boot time.
Allow all users to enable and disable the device —Check to let non-root users
enable and disable the network interface.
Enable IPv6 configuration for this interface —Check here if you are connected to
an IPV6 network. (Most networks are still IPV4.)
5. You also must choose whether to get your IP addresses from another computer at boot
time or enter the addresses yourself:
Automatically obtain IP address settings with —Select this box if you have a
DHCP or BOOTP server on the network from which you can obtain your computer’s
IP address, netmask, and gateway. DHCP is recommended if you have more than just
a couple of computers on your LAN. Optionally, you can set your own hostname,
which can be just a name (such as jukebox) or a fully qualified domain name (such
as jukebox.linuxtoys.net).
Statically set IP addresses —If no DHCP or other boot server exists on your LAN,
add necessary IP address information statically by selecting this option and following
these steps:
a. Type the IP address of the computer into the Address box. This number must be
unique on your network. For your private LAN, you can use private IP addresses.
b. Enter the netmask in the Subnet Mask box. The netmask indicates the part of the
IP address that represents the network.
c. Type the IP address of the computer into the Default Gateway Address box
if a computer or router connected to your LAN provides routing functions to
the Internet or other network. (Chapter 27 describes how to use NAT or IP
Masquerading and how to use Linux as a router.)
6. Click OK in the Ethernet Device window to save the configuration and close the
window.
7. Click File ➪ Save to save the information you entered.
8. Click Activate in the Network Configuration window to start your connection to
the LAN.
Identifying other computers (hosts and DNS)
Each time you use a name to identify a computer, such as when browsing the Web or using an
e-mail address, the computer name must be translated into an IP address. To resolve names to
IP addresses, Linux goes through a search order (usually based on the contents of three files in
the /etc directory: resolv.conf, nsswitch.conf, and host.conf). By default, it checks
360
Chapter 11: Getting on the Internet
hostnames you add yourself (which end up in the /etc/hosts file), hosts available via NIS, and
host names available via DNS.
Again, for RHEL and Fedora systems, you can use the Network Configuration window to add
Hostnames —You might do this to identify hosts on your LAN that are not configured
on a DNS server.
DNS search path—By adding domain names to a search path (such as linuxtoys.
net), you can browse to a site by its host name (such as jukebox), and have Linux
search the domains you added to the search path to find the host you are looking for
(such as jukebox.linuxtoys.net).
DNS name servers —A DNS server can resolve addresses for the domains it serves and
contact other DNS servers to get addresses for all other DNS domains.
Note
If you are configuring a DNS server, you can use that server to centrally store names and IP addresses for
your LAN. This saves you the trouble of updating every computer’s /etc/hosts file every time you add or
change a computer on your LAN. To add hostnames, IP addresses, search paths, and DNS servers in Fedora, do the following:
1. Start the Network Configuration. As root user from a Terminal window, type systemconfig-network or from the top panel, click System ➪ Administration ➪ Network. The
Network Configuration window appears.
2. Click the Hosts tab. A list of IP addresses, hostnames, and aliases appears.
3. Click New. An Add/Edit Hosts Entry pop-up window appears.
4. Type in the IP address number, hostname, and, optionally, the host alias.
5. Click OK.
6. Repeat this process until you have added every computer on your LAN that cannot be
reached by DNS.
7. Click the DNS tab.
8. Type the IP address of the computers that serve as your Primary and Secondary DNS
servers. (You get these IP addresses from your ISP or, if you created your own DNS
server, you can enter that server’s IP address.)
9. Type the name of the domain (probably the name of your local domain) to be searched
for host names into the DNS Search Path box.
10. Click File ➪ Save to save the changes.
11. Click File ➪ Quit to exit.
Now, when you use programs such as sftp, ssh, or other TCP/IP utilities, you can use any hostname that is identified on your local computer, exists in your search path domain, or can be
resolved from the public Internet DNS servers. (Strictly speaking, you don’t have to set up your
361
Part III: Learning System Administration Skills
/etc/hosts file. You could use IP addresses as arguments to TCP/IP commands. But names are
easier to work with.)
Understanding your Internet connection
If your Ethernet interface to the Internet is not working, there are ways to check what’s happening that will work on many Linux distributions. Use the following procedure to find out how
your network interfaces are working:
1. Open a shell (if you are using a graphical interface, open a Terminal window).
2. Type the following right after you boot your computer to verify whether Linux found
your card and installed the Ethernet interface properly:
dmesg | grep eth | less
The dmesg command lists all the messages that were output by Linux at boot time. The
grep eth command causes only those lines that contain the word eth to be printed.
Here are a couple of examples:
eth0: VIA Rhine II at 0xee001000, 00:0d:61:25:d4:17, IRQ 185.
eth0: MII PHY found at address 1, status 0x786d advertising
01e1 Link 45e1.
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
eth0: no IPv6 routers present
The first message appeared on my desktop computer with a VIA Rhine Ethernet
controller. It shows that a card was found at software IRQ 185 with a port
address of 0xee001000 and an Ethernet hardware address (MAC address) of
00:0d:61:25:d4:17. The other lines indicate that the link is up on the eth0 interface
and running at 100 Mbps in full-duplex. In this case, IPv6 routing is not enabled.
Note
If the eth0 interface is not found, but you know that you have a supported Ethernet card, type lspci -vv |
grep -i eth to see whether the Ethernet card is detected on the PCI bus. If it doesn’t appear, check that your
Ethernet card is properly seated in its slot. Here’s what appeared for the preceding example:
00:12.0 Ethernet controller: VIA Technologies, Inc.
VT6102 [Rhine-II] (rev 74) 3. To view which network interfaces are up and running, type the following:
$ /sbin/ifconfig -a
eth0
Link encap:Ethernet HWaddr 00:0D:61:25:D4:17
inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:326100 errors:0 dropped:0 overruns:0 frame:0
362
Chapter 11: Getting on the Internet
TX packets:215931 errors:0 dropped:0 overruns:0 carrier:0
collisions:5919 txqueuelen: 1000
RX bytes:168378315 (160.5 Mb) TX bytes:40853243 (38.9 Mb)
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:37435 errors:0 dropped:0 overruns:0 frame:0
TX packets:37435 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen: 0
RX bytes:2353172 (2.2 Mb) TX bytes:2353172 (2.2 Mb)
The output shows a loopback interface (lo) and one Ethernet card (eth0). The Ethernet
interface (eth0) is assigned the IP address of 10.0.0.5. Again, notice that the MAC
address, which is a unique address related to the Ethernet card hardware, is noted after
the HWaddr indicator (00:0D:61:25:D4:17).
4. Communicate with another computer on the LAN. The ping command can be used to
send a packet to another computer and to ask for a packet in return. You can give ping
either a hostname (butch) or an IP address (10.0.0.10). For example, to ping a computer on the network called butch, type the following command:
# ping butch
If the computer can be reached, the output will look similar to the following:
PING butch (10.0.0.10): 56(84) data bytes
64 bytes from butch (10.0.0.10): icmp_seq=1 ttl=255 time=0.351 ms
64 bytes from butch (10.0.0.10): icmp_seq=2 ttl=255 time=0.445 ms
64 bytes from butch (10.0.0.10): icmp_seq=3 ttl=255 time=0.409 ms
64 bytes from butch (10.0.0.10): icmp_seq=4 ttl=255 time=0.457 ms
64 bytes from butch (10.0.0.10): icmp_seq=5 ttl=255 time=0.401 ms
64 bytes from butch (10.0.0.10): icmp_seq=6 ttl=255 time=0.405 ms
64 bytes from butch (10.0.0.10): icmp_seq=7 ttl=255 time=0.443 ms
64 bytes from butch (10.0.0.10): icmp_seq=8 ttl=255 time=0.384 ms
64 bytes from butch (10.0.0.10): icmp_seq=9 ttl=255 time=0.365 ms
64 bytes from butch (10.0.0.10): icmp_seq=10 ttl=255 time=0.367 ms
--- butch statistics --10 packets transmitted, 10 packets received, 0% packet loss, time 9011ms
rtt min/avg/max/mdev = 0.351/0.402/0.457/0.042 ms
A line of output is printed each time a packet is sent and received in return. It shows
how much data was sent and how long it took for each package to be received. Watch
this for a while, and then press Ctrl+C to stop ping; you’ll see statistics on how many
packets were transmitted, received, and lost.
363
Part III: Learning System Administration Skills
If the output doesn’t show that packets have been received, there’s no contact with the
other computer. Verify that the names and addresses of the computers that you want to
reach are in your /etc/hosts file or that your DNS server is accessible. Next, confirm
that the names and IP addresses you have for the other computers you are trying to
reach are correct (the IP addresses are the most critical).
5. If you are able to reach an IP address on your LAN with ping, but are unable to ping a
host computer by name, you may not be communicating with your DNS server. Repeat
the ping command with the IP address of your DNS server to see whether it is up and
that you are able to communicate with it.
Using Dial-Up Connections to the Internet
On the rare occasion that broadband is not available, you can still connect to the Internet using
modems and telephone lines. The modem connects to a serial port (COM1, COM2, and so on)
on your computer and then into a telephone jack. Your computer dials a modem at your Internet
service provider or business that has a connection to the Internet.
The most common protocol for making dial-up connections to the Internet (or other TCP/IP network) is Point-to-Point Protocol (PPP). Let’s look at how to use PPP to connect to the Internet.
Cross-Reference
See Chapter 19 for information on configuring a dial-up connection that is specific to Debian. Getting information
To establish a PPP connection, you need to get some information from the administrator of the
network to which you are connecting. This is either your Internet service provider (ISP) when
you sign up for Internet service, or the person in your workplace who walks around carrying
cables, two or more cellular phones, and a couple of beepers (when a network goes down, these
people are in demand!). Here is the kind of information you need to set up your PPP connection:
364
Telephone number —Gives you access to the modem (or pool of modems) at the ISP. If
it is a national ISP, make sure that you get a local or toll-free telephone number (otherwise, you’ll rack up long-distance fees on top of your ISP fees).
Account name and password—Used to verify that you have an Internet account with
the ISP. This is an account name when you connect to Linux or other UNIX system, but
may be referred to as a system name when you connect to an NT server.
An IP address —Most ISPs use Dynamic IP numbers, which means that you are
assigned an IP number temporarily when you are connected. Your ISP assigns a permanent IP number if it uses Static IP addresses. If your computer or all the computers on
Chapter 11: Getting on the Internet
your LAN need to have a more permanent presence on the network, you may be given
one Static IP number or a set of Static IP addresses to use.
DNS Server IP addresses —Your computer translates Internet hostnames to IP
addresses by querying a domain name system (DNS) server. Your ISP should give you at
least one IP address for a preferred (and possibly alternate) DNS server.
PAP or CHAP secrets —You may need a PAP (Password Authentication Protocol) ID
or CHAP (Challenge Handshake Authentication Protocol) ID and a secret, instead of a
username and password when connecting to a Windows NT system. These features are
used with authentication on Microsoft and some other operating systems. Linux and
other UNIX servers don’t typically use this type of authentication, although they support PAP and CHAP on the client side. Your ISP will tell you whether you are using PAP
or CHAP.
Your ISP typically provides services such as news and mail servers for use with your Internet
connection. To configure these useful services, you need the following information:
Mail server —If your ISP is providing you with an e-mail account, you must know the
address of the mail server, the type of mail service (such as POP3—Post Office Protocol;
or IMAP—Internet Message Access Protocol), and the authentication password for the
mail server so you can get your e-mail.
News server —If your ISP provides the name of a news server so that you can participate in newsgroups, the server may require you to log on, so you need a password. The
ISP provides that password, if required.
After you’ve gathered this information, you’re ready to set up your connection to the Internet. To
configure Linux to connect to your ISP, read on.
Setting up dial-up PPP
PPP is used to create IP connections over serial lines. Most often, the serial connection is established over a modem; however, it also works over serial cables (null modem cables) or digital
lines (including ISDN and DSL).
Although one side must dial out and the other side must receive the call to create the PPP connection over a modem, after the connection is established, information can flow in both directions.
For the sake of clarity, however, I refer to the computer placing the call as the client and the computer receiving the call as the server.
To simplify the process of configuring PPP (and other network interfaces), most Linux systems
include graphical tools to configure dial-up. Two such tools, available with Fedora and RHEL, are
Network Configuration Window—The same utility used to configure Ethernet cards
can be used to configure modems. From the GNOME top panel in Fedora and RHEL
systems, choose System ➪ Administration ➪ Network. When that window appears,
365
Part III: Learning System Administration Skills
select New. The Select Device Type pop-up that appears enables you to configure and
test your modem for a dial-up PPP connection.
KDE PPP (KPPP) Window—From the KDE desktop, select Internet ➪ KPPP, or from a
Terminal window run the kppp command. From the KPPP window, you can set up and
launch a PPP dial-up connection.
Before you begin either of these procedures, physically connect your modem to your computer,
plug it in, and connect it to your telephone line. If you have an internal modem, you will probably see a telephone port on the back of your computer to which you need to connect. If your
modem isn’t detected, you can reboot your computer or run wvdialconf create (as described
later in this chapter) to have it detected.
Creating a dial-up connection with the Internet
Configuration Wizard
If you are using a Fedora or RHEL system, you could use the Internet Configuration Wizard to
set up dial-up networking. Here’s how:
1. Choose System ➪ Administration ➪ Network. When the window appears, select
New. (Type the root password, if prompted.) An Add New Device Type window
appears (see Figure 11-7).
FIGURE 11-7
The Internet Configuration Wizard helps you set up a PPP Internet connection.
366
Chapter 11: Getting on the Internet
2. Select Modem connection and click Forward. The wizard searches for a modem and
then the Select Modem window appears.
3. Select the following modem properties:
Modem Device —If the modem is connected to your first serial port (COM1) you
can select /dev/ttyS0; for the second serial port (COM2) choose /dev/ttyS1. (By
convention, the device is often linked to /dev/modem. Type ls –l /dev/modem to see
whether it is linked to /dev/ttyS0, /dev/ttyS1, or another tty device.)
Baud Rate —The rate at which the computer talks to the modem (which is typically
considerably faster than the modem can talk over the phone lines). The default is
115,200 bits per second, which is probably fine for dial-up connections.
Flow Control—Check the modem documentation to see whether the modem supports hardware flow control (CRTSCTS). If it doesn’t, select software flow control
(XON/XOFF). Flow control prevents more data than the modem can handle from
being sent to it.
Modem Volume —This is off by default because the noise can be annoying, but if
you select medium while you’re setting up the modem, the sound can give you a
sense of where things are stopping if you can’t get a connection. You can turn it off
after everything’s working.
Use Touch Tone Dialing—Leave this check box selected in most cases. If for some
reason your phone system doesn’t support touch-tone dialing, you can turn it off.
4. Click Forward. The Select Provider window appears. Enter the following provider
information:
Internet Provider —If you are using Internet service in any of the countries shown
in the Internet Provider window, select the plus sign next to that country name. If
your Internet service provider appears in the National list, select it. Information is
automatically filled in for that provider. Otherwise, you need to fill in the rest of the
dialog window.
Phone Number —The telephone number of the ISP you want to dial in to. (An
optional prefi x is available in case you need to dial 9 or some other number to get an
outside dial tone.)
Provider Name —The name of the Internet service provider. If there is only one ISP,
I recommend you use it as the ppp0 provider name.
Login Name —The login name assigned to you by the ISP. The ISP may have called
the login name a login ID or something similar.
Password—The password associated with the login name.
5. Click Forward. The IP Settings window appears. With a dial-up connection, you
would typically select Automatically Obtain IP Address Settings. However, if the ISP has
assigned a static IP address that you can use, select the Statically Set IP Addresses check
box, and then enter your IP address, subnet mask, and default gateway address in the
367
Part III: Learning System Administration Skills
appropriate fields. Click Forward to continue. The Create Dialup Connection window
appears, displaying the information you just entered.
6. If all the information looks correct, click Apply (otherwise, click the Back button, correct your information, and click Forward again to return to this window). The
Network Configuration window appears, ideally with a new PPP connection of modem
type appearing in the window.
7. If the Network Configuration window doesn’t appear, select System Settings ➪
Network.
8. Select the new dial-up entry (so it is highlighted), and choose File ➪ Save. This
saves its new dial-up configuration.
Now select the PPP device name and click the Activate button. The Internet dialer starts up
and dials your ISP. (If you have sound turned on, you should hear your modem dialing out.) If
everything is working properly, your login and password are accepted and the PPP connection
completed.
Try opening Firefox or another Web browser to see whether you can access a Web site on the
Internet. If this doesn’t work the first time, don’t be discouraged. There are things to check to
get your dial-up PPP connection working. Skip ahead to the “Checking Your PPP Connection”
section.
Launching your PPP connection
Your dial-up connection is now configured, but it is not set to connect automatically. One way
to start the connection is to set it up to launch manually from the desktop panel. The following
steps show you how.
From the GNOME desktop:
1. Right-click the panel, and choose Add to Panel ➪ Modem Lights, and then select Add. A
Modem Lights icon appears on the panel.
2. Select the new icon from the panel. You are asked whether you want to start a connection with your modem.
3. Select Connect to start the connection.
From the KDE desktop:
1. Right-click the panel and then choose Add Application to Panel ➪ Internet ➪ KPPP.
2. Select the new icon from the panel (type the root password, if prompted). A KPPP window appears.
3. Select the dial-up interface you added (probably ppp0) and click Connect to connect.
368
Chapter 11: Getting on the Internet
From this point forward, icons appear on your desktop that you can select to immediately connect to your ISP over the dial-up connection you configured.
Launching your PPP connection on demand
Instead of starting a dial-up PPP connection manually each time you want to contact the Internet,
you can set your dial-up connection to start automatically when an application (such as a Web
browser or e-mail program) tries to use the connection. On-demand dialing is particularly useful if
The dial-up connection on your Linux system is acting as the gateway for other computers in your home or office. You don’t have to run over to your Linux box to start the
connection when another computer needs the dial-up connection.
Programs that you run during off hours, such as remote backups, require an Internet
connection.
You don’t want to be bothered clicking an extra icon when you just want to browse the
Web a bit.
The risk of on-demand dialing is that because it gets going automatically, the dial-up connection
can start up when you don’t want it to. (Some people get worried when their computers start dialing by themselves in the middle of the night.)
For RHEL and Fedora systems, here is an example of settings you can add to your dial-up configuration file (probably /etc/sysconfig/network-scripts/ifcfg-ppp0) to configure ondemand dialing:
ONBOOT=yes
DEMAND=yes
IDLETIMEOUT=600
RETRYTIMEOUT=30
The ONBOOT=yes starts the pppd daemon (but doesn’t immediately begin dialing because
DEMAND is set to yes). Also, because of the setting DEMAND=yes, a dial-up connection attempt is
made any time traffic tries to use your dial-up connection. With IDLETIMEOUT set to 600, the
connection is dropped after 600 seconds (10 minutes) with no traffic on the connection. With
RETRYTIMEOUT set to 30, a dropped connection is retried after 30 seconds (unless the connection was dropped by an idle timeout, in which case there is no retry). You can change the timeout
values as it suits you.
Note
Because establishing dial-up connections can take a bit of time, operations may fail while dialing occurs. In
particular, DNS requests can time out in 30 seconds, which may not be long enough to establish a dial-up
connection. If you have three DNS servers configured for each client, you have a 90-second timeout period.
As a result, the modem connection may be running before the request fails. 369
Part III: Learning System Administration Skills
Checking your PPP connection
To debug your PPP connection or simply to better understand how it works, you can run through
the following steps. They can help you understand where information is being stored and how to
use tools to track this information.
Checking that your modem was detected
It is possible that your modem is not supported under Linux. If that is the case, your PPP connection might be failing because the modem was not detected at all. To scan your serial ports to see
where your modem might be, type the following (as root user):
$ wvdialconf /etc/wvdial.conf.new
The wvdialconf command builds a configuration file (in this example, the /etc/wvdial.
conf.new file) that is used by the dialer command (wvdial). (You need this file only if you use
wvdial to do your dial-up.) Its first action, however, is to scan the serial ports on your computer
and report where it finds modems. If it tells you that no modem was detected, it’s likely that
either your modem isn’t connected properly or no driver is available to support the modem.
If the modem wasn’t detected, you should determine whether it is a modem supported in Linux.
You can do this by finding out what type of chip set is used in the modem. This is even more
important than finding out the manufacturer of the modem because the same manufacturer can
use chips from different companies. (This applies primarily to internal modems because most
external serial modems and many USB modems are supported in Linux.)
After you have determined the chip set being used, check the Linmodems.org Web site (www.
linmodems.org). Search for the chip set on your modem from this site. In many cases, the site
can tell you whether a driver is available for your modem.
A nice tool for determining what type of Winmodem you have and how to get it working is scanModem. If you have access to the Internet from another machine, you can download scanModem
from this address:
http://linmodems.technion.ac.il/packages/scanModem.gz
Because you probably don’t have a working Internet connection yet, fi nd a way to copy scanModem.gz to your Linux system (maybe copy it to a fl ash drive or burn it to a CD). As root user
from a Terminal window, type these commands, with that file in the current directory:
# gunzip scanModem.gz
# chmod 755 scanModem
# ./scanModem
The result is a Modem directory containing text files describing your modem and what you can do
to configure it.
370
Chapter 11: Getting on the Internet
Note
If you are a new Linux user with a Winmodem and you are still baffled after referring to the linmodems.org
site, you might consider getting a serial or USB modem. To get your Winmodem working, you might need to
download, compile, and load a modem driver. Especially with some older Winmodems, drivers have not all
been updated to work with the latest kernels. Picking up a cheap hardware modem (under $20), that you can
connect to a serial port, from a used computer store can save hours of frustration with a Winmodem that may
ultimately not work anyway. Connecting to the Internet with Wireless
Setting up a wireless network connection used to be one of the more challenging features to get
working in Linux. In recent releases of Ubuntu, Fedora, and other major Linux distributions, that
situation has changed for several major reasons:
Wireless drivers —Because most wireless card manufacturers did not make source
code available with their drivers, most Linux distributions resisted including those drivers in their distributions. Recently, most distributions have relented and included those
drivers.
NetworkManager —To use NetworkManager as the default tool for managing network
interfaces in Fedora, Ubuntu, and others, simply click the NetworkManager icon on the
top panel. This shows you a list of all wireless networks detected in your area.
As a result of the issues just described, in most cases Linux laptop or desktop users can simply
log in to their systems and select the NetworkManager icon in the panel. From the menu that
appears, the person can choose the desired wireless network interface from a list that appears
and type any user and password information required to connect to that interface.
However, if your Linux system doesn’t include the wireless drivers you need and isn’t configured
to automatically detect your network interfaces, here are a few open source projects you can look
into to help get wireless working:
ndiswrappers (http://ndiswrapper.sourceforge.net)—This project lets you use
wireless drivers in Linux that were created to run in Windows.
madwifi (http://madwifi.org)—Supports drivers for wireless chip sets from
Atheros (www.atheros.com).
Intel PRO/Wireless for Linux (http://ipw2100.sourceforge.net)— Several
wireless driver projects support drivers for Intel PRO/Wireless hardware.
Note
If you are using Red Hat Enterprise Linux and your wireless card isn’t working, check the Drivers disc that
comes with your RHEL boxed set. Many wireless drivers are included on that disc. 371
Part III: Learning System Administration Skills
After the proper driver for your wireless card is installed and activated, different tools are available for configuring your wireless cards in different Linux releases. Here are examples:
Wireless in Fedora—In Fedora, use the NetworkManager to configure your wireless
network cards. It should be on by default. If it’s not, however, as root you can type the
following: service NetworkManager on. Then configure your wireless connection
from a network icon that appears in the panel.
Wireless in KNOPPIX—In KNOPPIX, try KWiFiManager. From the KDE menu, select
KNOPPIX ➪ Network/Internet ➪ KWiFiManager.
For further information on configuring wireless devices in Linux, refer to the Wireless LAN
resources for Linux page:
http://hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html
If you find that you are unable to get the driver for your particular wireless card working at all,
determine the type of card you have, using one of the following commands:
# dmesg |grep -i wireless
# lspci -vv |grep -i wireless
Then use some search tool, such as Google, to search for the name and model of your wireless
card, along with the word Linux or the particular distribution of Linux you are using. Chances
are, if your wireless device is at all popular, someone else has tried to get it working in Linux and
has probably shared his or her experiences somewhere online.
Summary
Many different tools exist for configuring network connections in the various Linux distributions.
Fedora and other Red Hat Enterprise Linux systems use a graphical Network Configuration.
SUSE Linux uses its YaST administrative interface to configure network equipment. For dial-up
networks, the KDE desktop includes the kppp GUI tool for configuring modems. If your network
connection doesn’t start up automatically (as it does in many cases), this chapter explains how to
use some of these network configuration tools to configure it manually.
By adding your computer to a public network, such as the Internet, you open it to possible
intruders. The next chapter describes ways in which you can secure your computer from
unwanted access.
372
CH APTER
Securing Linux
S
ince the dawn of interconnected networks, some users have been
trying to break into other users’ systems. As the Internet has grown
and broadband Internet access has spread, the problem has only
become more severe. A home computer running an insecure configuration
can be used as a powerful mail relay, provide storage for traffic in pirated
data, allow the user’s personal information to become compromised, or any
number of other such horrors.
Once upon a time network attacks required some effort and skill on the
part of the attacker. Today, automated tools can get even the most novice
user up and running trying to compromise network-attached systems in an
alarmingly short time. Additionally, worms have the capability to turn large
numbers of insecure systems into an army of “zombies” usable for massive,
coordinated, distributed denial-of-service (DDoS) attacks.
Why should you care about security? According to the Internet Storm
Center (http://isc.sans.org), a computer connected to the Internet
has an average of 16 minutes before it falls under some form of attack.
Securing any computer system is not hugely difficult; it simply requires
some common sense and careful application of good security practices.
In many cases, good practices for setting and protecting passwords, monitoring log files, and creating good firewalls will keep out many would-be
intruders. Sometimes, more proactive approaches are needed to respond to
break-ins.
Many tasks associated with securing your Linux system are common to
desktop and server systems. However, because servers allow some level
of access by outside clients, there are special considerations for protecting
servers.
373
IN THIS CHAPTER
Linux security checklist
Using password protection
Monitoring log files
Communicating with secure
shell tools
Understanding attack
techniques
Protecting servers with
certificates
Using special Linux security
tools distributions
Part III: Learning System Administration Skills
This chapter describes general tasks for securing Linux systems and techniques for securing
desktop and server systems. It then describes some tools you can try out from a bootable Linux
system to troubleshoot your computer and network.
Linux Security Checklist
Although most Linux systems offer all the tools you need to secure your computer, if you are
reckless, someone can (and probably will) harm your system, take it over, or try to steal your
data. Keep in mind that no security measures are 100 percent reliable and that, given physical
access to a computer or an unlimited amount of time to try to break in, a skilled and determined
cracker can break into any computer.
That said, however, you can take many safeguards to improve your chances of keeping your Linux
system safe. The following checklist covers a range of security features to protect your Linux desktop or server.
Control physical access —Keeping your computer behind locked doors is a good idea,
especially if it contains critical data. You can limit what a person can do to your computer with physical access by enabling passwords in the BIOS (to prevent the computer
from booting at all) and in the GRUB or LILO boot loader. You can also limit which
devices can be booted in the BIOS.
Add users and passwords —Creating separate user accounts (each with a good password) is your first line of defense in keeping your data secure. Users are protected from
each other, as well as from an outsider who takes over one user account. Setting up
group accounts can extend the concept of ownership to multiple users. See Chapter 10
for more on setting up user accounts and also see “Using password protection” later in
this chapter.
Set read, write, and execute permissions—Every item in a Linux system (including
files, directories, applications, and devices) can be restricted by read, write, and execute
permissions for that item’s owner and group, as well as by all others. In this way, for
example, you can let other users run a command or open a file, without allowing them
to change it. See Chapter 9 for information on setting file and directory permissions.
Protect the root user —In standard Linux systems, the root user (as well as other
administrative user accounts such as apache) has special abilities to use and change
your Linux system. Protect the root account’s password and don’t use the root account
when you don’t need to. An open shell or desktop owned by the root user can be a target for attack. Running graphical administration windows as a regular user (then entering the root password as prompted) and running administrative commands using sudo
can reduce exposure to attacks on your root account. See Chapter 10 for information on
handling the root user account.
Note
Some distributions, such as Ubuntu, simplify the protection of the root account by automatically disabling it. 374
Chapter 12: Securing Linux
Use trusted software —Although no guarantees come with open source software, you
have a better chance of avoiding compromised software by using an established Linux
distribution (such as Fedora, Debian, or SUSE). Software repositories where you get
add-on packages or updates should likewise be scrutinized. Using valid GPG public
keys can help ensure that the software you install comes from a valid vendor. And, of
course, always be sure of the source of data files you receive before opening them in a
Linux application. If you download full ISO images of a distribution, check their integrity using MD5 or SHA1 checksums provided from their creator.
Get software updates —As vulnerabilities and bugs are discovered in software packages, every major Linux distribution (including Debian, SUSE, Gentoo, and Red Hat
distributions) offers tools for getting and installing those updates. Be sure to get those
updates, especially if you are using Linux as a server. These tools include apt, yum, and
emerge.
Use secure applications —Even with software that is valid and working, some applications offer better protection from attack or invasion than others. For example, if you
want to log in to a computer over the Internet, the secure shell service (ssh) is considered more secure than rlogin or telnet services (which pass clear-text passwords). Also,
some services that are thought to be insecure if you expose them on the Internet (such
as Samba and NFS) can be used more securely over the Internet through VPN tunnels
(such as IPSec or CIPE).
Use restrictive firewalls —A primary job of a firewall is to accept requests for services
from a network that you want to allow and turn away requests that you don’t (based primarily on port numbers requested). A desktop system should refuse requests that come
in on most ports. A server system should allow requests for a controlled set of ports. See
Chapter 27 for information on how to set up a firewall using iptables.
Enable only services you need—To offer services in Linux (such as Web, file, or mail
services), a daemon process will listen on a particular port number. Don’t enable services you don’t need.
Note
A program that runs quietly in the background handling service requests (such as sendmail) is called a daemon. Usually, daemons are started automatically when your system boots up and they keep running until your
system is shut down. Daemons may also be started on an as-needed basis by xinetd, a special daemon that
listens on a large number of port numbers and then launches the requested process. Limit access to services —You can restrict access to a service you want to have on by
allowing access only from a particular host computer, domain, or network interface. For
example, a computer with interfaces to both the Internet and a local LAN might limit
access to a service such as NFS to computers on the LAN, but not offer those same services to the Internet. Services may limit access in their own configuration files or using
TCP/IP wrappers (described later in this chapter).
Check your system —Linux has tons of tools available for checking the security of
your system. After you install Linux, you can check access to its ports using nmap or
375
Part III: Learning System Administration Skills
watch network traffic using Wireshark. You can also add popular security tools such as
Nessus, to get a more complete view of your system security. Security tools included on
the CD and DVD with this book are described in this chapter.
Monitor your system—You can log almost every type of activity on your Linux system.
System log files, using the syslogd and klogd facilities, can be configured to track as
much or as little of your system activity as you choose. Utilities such as logwatch provide easy ways to have the potential problem messages forwarded to your administrative
e-mail account. Linux logging features are described later in this chapter.
Note
Remember that monitoring your system does not mean that you simply turn on logging—you must also carefully monitor those logs and react to what they tell you. Use SELinux—Security Enhanced Linux (SELinux) is an extraordinarily rich (and
complex) facility that you can use to manage access to nearly every aspect of a Linux
system. Red Hat systems offer a useful, limited set of SELinux policies that are turned
on by default in Fedora and Red Hat Enterprise Linux systems. Other Linux distributions, such as openSUSE, are working on and including SELinux implementations as
well. Figure 12-1 shows an example of the SELinux Administration tool included with
Fedora (select System ➪ Administration ➪ SELinux Management), and Figure 12-2
shows the SELinux Troubleshooter (select Applications ➪ System Tools ➪ SELinux
Troubleshooter).
FIGURE 12-1
SELinux utilities are included with Fedora.
376
Chapter 12: Securing Linux
FIGURE 12-2
The SELinux Troubleshooter can identify areas of concern.
Finding distribution-specific security resources
Most major Linux distributions have resources devoted to helping you secure Linux and keep up
with security information that is specific to that version of Linux. Here are a few online resources
that focus on security for several Linux distributions:
Red Hat Enterprise Linux and Fedora security—Check the Red Hat Security site
(www.redhat.com/security) for RHEL security issues (that typically relate to Fedora
systems as well). From here you can look for and read about available updates. You
can also get information on security training and consulting from Red Hat, Inc. For
Fedora security issues, see the Fedora Wiki (http://fedoraproject.org/wiki/
Security/Features).
Refer to the Red Hat Enterprise Linux 4 Security Guide for an in-depth look at Linux
security for Red Hat systems. You can access this guide online from the following
address:
www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/
Security_Guide
377
Part III: Learning System Administration Skills
Debian security—The Debian Security Information page (www.debian.org/security) provides a central point for finding security advisories, answers to common
Debian security questions, and links to security documents. You can find the Securing
Debian online manual here:
www.debian.org/doc/manuals/securing-debian-howto
Ubuntu security—Find security guides and tools for Ubuntu on the Ubuntu security
page (https://help.ubuntu.com/community/Security).
Gentoo security—Included on the Gentoo Linux Security page (www.gentoo.org/
security) are tools, announcements, and links to security policy and project documents
associated with securing Gentoo systems. Find the Gentoo security handbook here:
www.gentoo.org/doc/en/security
Slackware security—To keep up with Slackware security issues, refer to the Slackware
Security Advisories (www.slackware.com/security). You can also join the security
mailing list (www.slackware.com/lists) for Slackware.
SUSE security—Online security support for SUSE is provided by SUSE’s parent company, Novell. Find links to a variety of SUSE security topics from this site:
www.novell.com/linux/security/securitysupport.html
For openSUSE visit this site:
www.novell.com/products/opensuse/security.html
Finding general security resources
Many computer security Web resources now offer information that is particularly useful to Linux
system administrators. Here are a few sites you can check out:
378
CERT (www.cert.org)—The CERT Coordination center follows computer security
issues. Check its home page for the latest vulnerability issues. The site has many tips,
including recommendations on what you should do if your computer has been compromised (www.cert.org/tech_tips).
SecurityFocus (www.securityfocus.com)—In addition to offering news and information on general computer security topics, SecurityFocus also offers several Linuxspecific resources. In particular, you can subscribe to receive a weekly Linux Security
News newsletter.
LinuxSecurity (www.linuxsecurity.com)—This site contains many news articles
and features related to Linux security. It also tracks security advisories for more than a
dozen Linux distributions.
Chapter 12: Securing Linux
Using Linux Securely
Getting and keeping your Linux systems secure means not only making good decisions about
how you initially set up your system but also how you use it going forward. Whether you are
using your Linux system as a desktop or server system, good security practices related to passwords, using secure applications, and monitoring log files are always important.
Setting up a secure firewall (as described in Chapter 27) is critical to having a secure Linux system. There are also other security measures you should apply to Linux. This section describes
some good practices for using passwords, keeping track of system activity by watching log files,
and communicating with other systems using secure shell (ssh) applications.
Using password protection
Passwords are the most fundamental security tool of any modern operating system and consequently, the most commonly attacked security feature. It is natural to want to choose a password
that is easy to remember, but very often this means choosing a password that is also easy to
guess. Crackers know that on any system with more than a few users, at least one person is likely
to have an easily guessed password.
By using the “brute force” method of attempting to log in to every account on the system and trying the most common passwords on each of these accounts, a persistent cracker has a good shot
of finding a way in. Remember that a cracker will automate this attack, so thousands of login
attempts are not out of the question. Obviously, choosing good passwords is the first and most
important step to having a secure system.
Here are some things to avoid when choosing a password:
Do not use any variation of your login name or your full name. Even if you use varied
case, append or prepend numbers or punctuation, or type it backwards, this will still be
an easily guessed password.
Do not use a dictionary word, even if you add numbers or punctuation to it.
Do not use proper names of any kind.
Do not use any contiguous line of letters or numbers on the keyboard (such as “qwerty”
or “asdfg”).
Choosing good passwords
A good way to choose a strong password is to take the first letter from each word of an easily
remembered sentence. The password can be made even better by adding numbers, punctuation,
and varied case. The sentence you choose should have meaning only to you, and should not be
publicly available (choosing a sentence on your personal Web page is a bad idea). Table 12-1 lists
examples of strong passwords and the tricks used to remember them.
379
Part III: Learning System Administration Skills
TABLE 12-1
Ideas for Good Passwords
Password
How to Remember It
Mrci7yo!
My rusty car is 7 years old!
2emBp1ib
2 elephants make BAD pets, 1 is better
ItMc?Gib
Is that MY coat? Give it back
The passwords look like gibberish but are actually rather easy to remember. As you can see, I can
place emphasis on words that stand for capital letters in the password. You set your password using
the passwd command. Type the passwd command within a command shell, and it will enable you
to change your password. First, it prompts you to enter your old password. To protect against someone “shoulder surfing” and learning your password, the password will not be displayed as you type.
Note
Several distributions include random password generators that can be used to conjure up secure passwords.
Figure 12-3, for example, shows a password generator in the Users and Groups tool available in Ubuntu. FIGURE 12-3
Generating random passwords
380
Chapter 12: Securing Linux
Assuming you type your old password correctly, the passwd command will prompt you for the
new password. When you type in your new password, the passwd command checks the password against cracklib to determine whether it is a good or bad password. Non-root users will
be required to try a different password if the one they have chosen is not a good password.
The root user is the only user who is permitted to assign bad passwords. After the password has
been accepted by cracklib, the passwd command asks you to enter the new password a second
time to make sure there are no typos (which are hard to detect when you can’t see what you are
typing). When running as root, changing a user’s password is possible by supplying that user’s
login name as a parameter to the passwd command. For example
# passwd joe
Changing password for user joe.
New UNIX password: ********
Retype new UNIX password: ********
passwd: all authentication tokens updated successfully.
Here the passwd command prompts you twice to enter a new password for joe. It does not
prompt you for his old password in this case. This allows root to reset a user’s password when
that user has forgotten it (an event that happens all too often).
Note
Many Linux systems incorporate the pluggable authentication modules (PAM) facility for controlling authentication. By modifying the /etc/pam.d/system-auth file you can change how utilities on your system
authenticate user logins. For example, you can change how many failed password attempts would be permitted and what to do if that number is reached. (Be careful modifying PAM files, however, because a misconfigured PAM facility can lock out all user login attempts.) Using a shadow password file
In early versions of UNIX, all user account and password information was stored in a file that all
users could read (although only root could write to it). This was generally not a problem because
the password information was encrypted. The password was encrypted using a trapdoor algorithm, meaning the unencoded password could be encoded into a scrambled string of characters,
but the string could not be translated back to the non-encoded password. In other words, the
trapdoor implies that encryption only goes in one direction, so the encrypted password can’t be
used to go back to the unencoded password.
How does the system check your password in this case? When you log in, the system encodes
the password you entered, compares the resulting scrambled string with the scrambled string
that is stored in the password file, and grants you access only if the two match. Have you ever
asked a system administrator what the password on your account is only to hear, “I don’t know”
in response? If so, this is why: The administrator really doesn’t have the password, only the
encrypted version. The unencoded password exists only at the moment you type it.
381
Part III: Learning System Administration Skills
Breaking encrypted passwords
There is a problem with people being able to see encrypted passwords, however. Although reversing the encryption of a trapdoor algorithm may be difficult (or even impossible), encoding a large
number of password guesses and comparing them to the encoded passwords in the password file
is very easy. This is, in order of magnitude, more efficient than trying actual login attempts for
each user name and password. If a cracker can get a copy of your password fi le, the cracker has a
much better chance of breaking into your system.
Fortunately, Linux and all modern UNIX systems support a shadow password file by default.
The shadow file is a special version of the passwd file that only root can read. It contains the
encrypted password information, so passwords can be left out of the passwd file, which any user
on the system can read. Linux supports the older, single password file method as well as the newer
shadow password file. You should always use the shadow password file (it is used by default).
Checking for the shadow password file
The password file is named passwd and is found in the /etc directory. The shadow password
file is named shadow and is also located in /etc. If your /etc/shadow file is missing, it is likely
that your Linux system is storing the password information in the /etc/passwd file instead.
Verify this by displaying the file with the less command.
# less /etc/passwd
Something similar to the following should be displayed:
root:DkkS6Uke799fQ:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:/bin/sh
.
.
.
mary:KpRUp2ozmY5TA:500:100:Mary Smith:/home/mary:/bin/bash
joe:0sXrzvKnQaksI:501:100:Joe Johnson:/home/joe:/bin/bash
jane:ptNoiueYEjwX.:502:100:Jane Anderson:/home/jane:/bin/bash
bob:Ju2vY7A0X6Kzw:503:100:Bob Reynolds:/home/bob:/bin/bash
Each line in this listing corresponds to a single user account on the Linux system. Each line is
made up of seven fields separated by colon (:) characters. From left to right the fields are the login
name, the encrypted password, the user ID, the group ID, the description, the home directory,
and the default shell. Looking at the first line, you see that it is for the root account and has an
encrypted password of DkkS6Uke799fQ. You can also see that root has a user ID of zero, a group
ID of zero, and a home directory of /root, and root’s default shell is /bin/bash.
All of these values are quite normal for a root account, but seeing that encrypted password
should set off alarm bells in your head. It confirms that your system is not using the shadow
password file. At this point, you should immediately convert your password file so that it uses
/etc/shadow to store the password information. You do this by using the pwconv command.
Simply log in as root (or use the su command to become root) and enter the pwconv command
382
Chapter 12: Securing Linux
at a prompt. It will print no messages, but when your shell prompt returns, you should have a /
etc/shadow file and your /etc/passwd file should now look like this:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
.
.
.
mary:x:500:100:Mary Smith:/home/mary:/bin/bash
joe:x:501:100:Joe Johnson:/home/joe:/bin/bash
jane:x:502:100:Jane Anderson:/home/jane:/bin/bash
bob:x:503:100:Bob Reynolds:/home/bob:/bin/bash
Encrypted password data is replaced with an x. Password data has been moved to /etc/shadow.
You can also use an Authentication Configuration utility (available with Fedora and RHEL systems) to manage shadow passwords and other system authentication information. By default,
this tool is enabled to work with MD5 passwords. However, you can also configure it to obtain
user and password information from LDAP, NIS, or Kerberos 5 facilities. Select System ➪
Administration ➪ Authentication, and step through the screens to use it.
To work with passwords for groups, you can use the grpconv command to convert passwords in
/etc/groups to shadowed group passwords in /etc/gshadow. If you change passwd or group
passwords and something breaks (you are unable to log in to the accounts), you can use the
pwunconv and grpunconv commands, respectively, to reverse password conversion.
So, now you are using the shadow password file and picking good passwords. You have made a
great start toward securing your system. You may also have noticed by now that security is not
just a one-time job. It is an ongoing process, as much about policies as programs. Keep reading to
learn more.
Using Log Files
If you make use of good firewalling practices as described in Chapter 27, you will be well prepared to mitigate and prevent most cracker attacks. If your firewall should fail to stop an intrusion, you must be able to recognize the attack when it is occurring. Understanding the various
(and numerous) log files in which Linux records important events is critical to this goal. The log
files for your Linux system are in the /var/log directory.
Most Linux systems make use of log-viewing tools, either provided with the desktop environment (such as GNOME) or as a command you can execute from a Terminal window. GNOMEbased desktops often include a System Log Viewer window (gnome-system-log command) that
you can use to view and search critical system log files from the GUI. To open the System Log
Viewer window from the top panel in a Fedora GNOME desktop, select Applications ➪ System
Tools ➪ Log File Viewer. Figure 12-4 shows an example of the System Log Viewer window.
383
Part III: Learning System Administration Skills
FIGURE 12-4
Display system log files in the System Log Viewer window.
To view a particular log file, click the log name in the left column. Then scroll through the contents of that log.
Table 12-2 contains a listing of log files displayed in the System Log Viewer window, along with
other files in the /var/log directory that may interest you. (Select File ➪ Open to open a log
file that doesn’t appear in the left column.) Many of these files are included with most Linux systems and are viewable only by root. Also, some Linux systems may use different file or directory
names (for example, /etc/httpd is /etc/apache on some Linux systems).
Because these logs are stored in plain-text files, you can view them using any text editor (such as
vi or gedit) or paging command (such as the less command).
TABLE 12-2
Log Files in the /var/log Directory
System Log Name
Filename
Description
Boot Log
boot.log
Contains messages indicating which systems services have
started and shut down successfully and which (if any) have
failed to start or stop. The most recent bootup messages are
listed near the end of the file.
Cron Log
cron
Contains status messages from the crond, a daemon that
periodically runs scheduled jobs, such as backups and log file
rotation.
384
Chapter 12: Securing Linux
*
System Log Name
Filename
Description
Kernel Startup Log
dmesg
A recording of messages printed by the kernel when the
system boots.
FTP Log
xferlog
Contains information about files transferred using the FTP
service.
Apache Access
Log
httpd/
access_log
Logs requests for information from your Apache Web server.
Apache Error Log
httpd/
error_log
Logs errors encountered from clients trying to access data on
your Apache Web server.
Mail Log
maillog
Contains information about addresses to which and from
which e-mail was sent. Useful for detecting spamming.
MySQL Server
Log
mysqld.log
Includes information related to activities of the MySQL
database server (mysqld).
News Log
spooler
Directory containing logs of messages from the Usenet News
server if you are running one.
RPM Packages
rpmpkgs
Contains a listing of RPM packages that are installed on your
system. (For systems that are not based on RPM packaging,
look for a debian-installer or packages directory to
find lists of installed packages.)
Security Log
secure
Records the date, time, and duration of login attempts and
sessions.
System Log
messages
A general-purpose log file to which many programs record
messages.
X.Org X11 Log
Xorg.0.log
Includes messages output by the X.Org X server.
*
gdm/:0.log
Holds messages related to the login screen (GNOME display
manager).
*
samba/log.
smbd
Shows messages from the Samba SMB file service daemon.
*
squid/
access.log
Contains messages related to the squid proxy/caching server.
*
vsftpd.log
Contains messages relating to transfers made using the
vsFTPd daemon (FTP server).
*
sendmail
Shows error messages recorded by the sendmail daemon.
*
uucp
Shows status messages from the UNIX to UNIX Copy
Protocol daemon.
Indicates a log file that is not contained in the System Log Viewer window. Access these files directly from /var/log.
385
Part III: Learning System Administration Skills
Note
The GNOME desktop also includes Seahorse—a front-end to GNU Privacy Guard. Seahorse allows you to
digitally sign or authenticate documents and works with OpenPGP and SSH keys. You can find more information at www.gnome.org/projects/seahorse/index.html. The role of syslogd
Most of the files in the /var/log directory are maintained by the syslogd service. The syslogd
daemon is the system logging daemon. It accepts log messages from a variety of other programs
and writes them to the appropriate log files. This is better than having every program write
directly to its own log file because it enables you to centrally manage how log files are handled.
Configuring syslogd to record varying levels of detail in the log files is possible. It can be told to
ignore all but the most critical messages, or it can record every detail.
Note
Fedora now uses a multithreaded version of syslogd called rsyslogd. Although syslogd and rsyslogd are mostly
compatible, the names of the daemon process (rsyslogd), configuration file (/etc/rsyslogd), and sysconfig file (/etc/sysconfig/rsyslog) are different. See www.rsyslog.com for details. The syslogd daemon can even accept messages from other computers on your network. This feature
is particularly handy because it enables you to centralize the management and reviewing of the log
files from many systems on your network. There is also a major security benefit to this practice.
If a system on your network is broken into, the cracker cannot delete or modify the log fi les
because those files are stored on a separate computer. It is important to remember, however,
that those log messages are not, by default, encrypted. Anyone tapping into your local network
can eavesdrop on those messages as they pass from one machine to another. Also, although the
cracker may not be able to change old log entries, he can affect the system such that any new log
messages should not be trusted.
Running a dedicated loghost, a computer that serves no other purpose than to record log messages from other computers on the network, is not uncommon. Because this system runs no other
services, it is unlikely that it will be broken into. This makes it nearly impossible for a cracker to
erase his or her tracks, but it does not mean that all the log entries are accurate after a cracker has
broken into a machine on your network.
Redirecting logs to a loghost with syslogd
To redirect your computer’s log files to another computer’s syslogd, you must make some changes
to your local syslogd’s configuration file, /etc/syslog.conf. Become root using the su - command and then open the /etc/syslog.conf file in a text editor (such as vi). You should see
something similar to this:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
386
Chapter 12: Securing Linux
#kern.*
/dev/console
# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.*
/var/log/secure
# Log all the mail messages in one place.
mail.*
/var/log/maillog
# Log cron stuff
cron.*
/var/log/cron
# Everybody gets emergency messages
*.emerg
*
# Save news errors of level crit and higher in a special file.
uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot.log
#
# INN
#
news.=crit
news.=err
news.notice
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
The lines beginning with a # character are comments. Other lines contain two columns of information. The left field is a semicolon-separated list (spaces won’t work) of message types and message priorities. The right field is the log file to which those messages should be written.
To send the messages to another computer (the loghost) instead of a file, start by replacing the log
filename with the @ character followed by the name of the loghost. For example, to redirect the
output normally sent to the messages, secure, and maillog log files, make these changes to
the preceding file:
# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none @loghost
# The authpriv file has restricted access.
authpriv.*
@loghost
# Log all the mail messages in one place.
mail.*
@loghost
387
Part III: Learning System Administration Skills
The messages will now be sent to the syslogd running on the computer named loghost. The
name loghost was not an arbitrary choice. Creating such a host name and making it an alias to the
actual system acting as the loghost is customary. That way, if you ever need to switch the loghost
duties to a different machine, you need to change only the loghost alias; you do not need to reedit the syslog.conf file on every computer.
On the loghost side, that machine must run syslogd with the -r option, so it will listen on the
network for log messages from other machines. In Fedora systems, that means adding a -r option
to the SYSLOGD_OPTIONS variable in the /etc/sysconfig/syslog file and restarting the syslog service (service syslog restart). The loghost must also have UDP port 514 accessible to
be used by syslogd (check the /etc/services file), so you might need to add a firewall rule
to allow that.
Understanding the messages log file
Because of the many programs and services that record information to the messages log file,
understanding the format of this file is important. You can get a good early warning of problems developing on your system by examining this fi le. Each line in the file is a single message
recorded by some program or service. Here is a snippet of an actual messages log file:
Feb 25 11:04:32 toys network: Bringing up loopback interface: succeeded
Feb 25 11:04:35 toys network: Bringing up interface eth0: succeeded
Feb 25 13:01:14 toys vsftpd(pam_unix)[10565]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=10.0.0.5 user=chris
Feb 25 14:44:24 toys su(pam_unix)[11439]: session opened for
user root by chris(uid=500)
This is really very simple when you know what to look for. Each message is divided into five
main parts. From left to right, they are
The date and time that the message was logged
The name of the computer from which the message came
The program or service name to which the message pertains
The process number (enclosed in square brackets) of the program sending the message
The actual text message
Take another look at the preceding file snippet. In the first two lines, you can see that the network was restarted. The next line shows that the user named chris tried and failed to get to the
FTP server on this system from a computer at address 10.0.0.5 (he typed the wrong password
and authentication failed). The last line shows chris using the su command to become root user.
By occasionally reviewing the messages and secure files, it’s possible to catch a cracking
attempt before it is successful. If you see an excessive number of connection attempts for a particular service, especially if they are coming from systems on the Internet, you may be under attack.
388
Chapter 12: Securing Linux
Using Secure Shell Tools
The Secure Shell (ssh) tools are a set of client and server applications that allow you to do basic
communications (remote login, remote copy, remote execution, and so on) between remote computers and your Linux system. Because communication is encrypted between the server (typically
the sshd daemon process) and clients (such as ssh, scp, and sftp), these tools are inherently
more secure than similar, older UNIX tools such as telnet, rsh, rcp, and rlogin.
Most Linux systems include secure shell clients, while many include the sshd server as well. If
you are using the Fedora or Red Hat Enterprise Linux distributions, for example, the following client and server software packages include the ssh software: openssh, openssh-clients, and
openssh-server packages.
Starting the ssh service
Linux systems that come with the ssh service already installed often are configured for it
to start automatically. In Fedora and RHEL systems, the sshd daemon is started from the
/etc/init.d/sshd startup script. To make sure the service is set up to start automatically in
Fedora, RHEL, and other RPM-based Linux systems, type the following (as root user):
# chkconfig --list sshd
sshd
0:off
1:off
2:on
3:on
4:on
5:on
6:off
This shows that the sshd service is set to run in system states 2, 3, 4, and 5 (normal bootup
states) and set to be off in all other states. You can turn on the SSH service, if it is off, for your
default run state, by typing the following as root user:
# chkconfig sshd on
This line turns on the ssh service when you enter run levels 2, 3, 4, or 5. To start the service
immediately, type the following:
# service sshd start
Other Linux distributions may simply start the sshd daemon from an entry in the /etc/rc.d
directory from a file named something like rc.sshd. In any case, you can find out whether the
sshd daemon is currently running on your system by typing the following:
$ ps ax | grep sshd
1996 ?
Ss 0:00 /usr/sbin/sshd
The preceding example shows that the sshd daemon is running. If that is the case, and your
firewall allows secure shell service (with TCP port 22 open), you should be able to use ssh client
commands to access your system. (Any further configuration you want to do to restrict what the
sshd daemon will allow is typically done in the /etc/ssh/sshd_config file.)
389
Part III: Learning System Administration Skills
Using the ssh, sftp, and scp commands
Three commands you can use with the SSH service are ssh, sftp, and scp. Remote users use
the ssh command to log in to your system securely or remotely execute a command on your system. The scp command lets remote users copy files to and from a system. The sftp command
provides a safe way to access FTP sites through the SSH service (for sites that offer SSH access to
their FTP content).
As with the normal remote shell services, secure shell looks in the /etc/hosts.equiv file
and in a user’s .rhost file to determine whether it should allow a connection. It also looks in
the ssh-specific files /etc/shosts.equiv and .shosts. Using the shosts.equiv and the
.shosts files is preferable because it avoids granting access to the unencrypted remote shell services. The /etc/shosts.equiv and .shosts files are functionally equivalent to the traditional
hosts.equiv and .rhosts files, so the same instructions and rules apply.
Now you are ready to test the SSH service. From another computer on which SSH has been
installed (or even from the same computer if another is not available), type the ssh command
followed by a space and the name of the user and system you are connecting to. For example, to
connect to the system ratbert.glaci.com, type:
# ssh jake@ratbert.glaci.com
If this is the first time ever you have logged in to that system using the ssh command, the system will ask you to confi rm that you really want to connect. Type yes and press Enter when it
asks this:
The authenticity of host ‘ratbert.glaci.com (199.170.177.18)’ can’t be
established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
It should then prompt you for a password in the normal way. (If you don’t type a username, it
will assume you want to log in using your local username.) The connection will then function
like a normal remote login connection (in other words, you can begin typing shell commands).
The only difference is that the information is encrypted as it travels over the network. You should
now also be able to use the ssh command to run remote commands from a shell on the remote
system.
The scp command is similar to the rcp command for copying files to and from Linux systems.
Here is an example of using the scp command to copy a file called memo from the home directory of the user named jake to the /tmp directory on a computer called maple:
$ scp /home/jake/memo jake@maple:/tmp
jake@maple’s password: ********
memo
100%|****************| 153
0:00
Enter the password for your username (if a password is requested). If the password is accepted,
the remote system indicates that the file has been copied successfully.
390
Chapter 12: Securing Linux
Similarly, the sftp command starts an interactive FTP-style session with a server that supports
SSH connections (not an FTP server). Many security-conscious people prefer sftp to other
ftp clients because it provides a secure connection between you and the remote host. Here’s an
example:
$ sftp jake@ftp.handsonhistory.com
Connecting to ftp.handsonhistory.com
jake@ftp.handsonhistory.com’s password: ********
sftp>
At this point you can begin an interactive FTP session. You can use get and put commands on
files as you would using any FTP client, but with the comfort of knowing that you are working
on a secure connection.
Tip
The sftp command, as with ssh and scp, requires that the SSH service be running on the server. If you
can’t connect to a server using sftp, the SSH service may not be available. Using ssh, scp, and sftp without passwords
For machines that you use a great deal (particularly machines behind a firewall on your LAN),
setting them up so that you do not have to use a password to log in is often helpful. The following
procedure shows you how to do that.
These steps take you through setting up password-less authentication from one machine to
another. In this example, the local user is named chester on a computer named host1. The remote
user is also chester on a computer named host2.
1. Log in to the local computer (in this example, I log in as chester to host1).
Note
Run Step 2 only once as local user on your local workstation. Do not run it again unless you lose your ssh
keys. When configuring subsequent remote servers, skip right to Step 3. 2. Type the following to generate the ssh key:
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key
(/home/chester/.ssh/id_dsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/chester/.ssh/id_dsa.
Your public key has been saved in /home/chester/.ssh/id_dsa.pub.
The key fingerprint is:
3b:c0:2f:63:a5:65:70:b7:4b:f0:2a:c4:18:24:47:69 chester@host1
391
Part III: Learning System Administration Skills
As shown in the example, press Enter to accept the filename where the key is stored.
Then press Enter twice to accept a blank passphrase. (If you enter a passphrase, you will
be prompted for that passphrase and won’t be able to log in without it.)
3. You must secure the permissions of your authentication keys by closing permissions to
your home directory, .ssh directory, and authentication files as follows:
$ chmod 700 $HOME $HOME/.ssh
$ chmod go-rwx $HOME/.ssh/*
4. Type the following to copy the key to the remote server (replace chester with the
remote username and host2 with the remote host name):
$ ssh-copy-id -i ~/.ssh/id_dsa.pub chester@host2
chester@host2’s password: *******
5. For the sshd daemon to accept the key you copied to host2, the home directory and
the authorized_keys file itself must have secure permissions. To secure that file and
those directories, type the following:
$ ssh chester@host2 chmod 700 $HOME $HOME/.ssh
$ ssh chester@host2 chmod 600 $HOME/.ssh/authorized_keys2
It is important to note that after you have this working, it will work regardless of how many times
the IP address changes on your local computer. The IP address has nothing to do with this form
of authentication.
Securing Linux Servers
Opening up your Linux system as a server on a public network creates a whole new set of challenges when it comes to security. Instead of just turning away nearly all incoming requests, your
computer will be expected to respond to requests for supported services (such as Web, FTP, or
mail service) by supplying information or possibly running scripts that take in data.
Entire books have been filled with information on how to go about securing your servers. Many
businesses that rely on Internet servers assign full-time administrators to watch over the security
of their servers. So, think of this section as an overview of some of the kinds of attacks to look
out for and some tools available to secure your Linux server.
Controlling access to services with TCP wrappers
Completely disabling an unused service is fi ne, but what about the services that you really need?
How can you selectively grant and deny access to these services? For Linux systems that incorporate TCP wrapper support, the /etc/hosts.allow and /etc/hosts.deny files determine
392
Chapter 12: Securing Linux
when a particular connection should be granted or refused for services such as sshd, vsftpd,
rlogin, rsh, telnet, fi nger, and talk.
Most Linux systems that implement TCP wrappers do so for a set of services that are monitored
by a single listening process called the Internet super server. For Fedora and RHEL systems, that
server is the xinetd daemon, whereas in other systems (such as Debian) the inetd daemon is used.
When a service that relies on TCP wrappers is requested from the server process, the hosts.
allow and hosts.deny files are scanned and checked for an entry that matches the IP address
of the connecting machine. These checks are made when connection attempts occur:
If the address is listed in the hosts.allow file, the connection is allowed and hosts.
deny is not checked.
If the address is not matched in hosts.allow, but is in hosts.deny, the connection is
denied.
If the address is in neither file, the connection is allowed.
The service names you list refer to the daemon names (as opposed to the service name listed
in the /etc/init.d directory, which may be different). To check whether or not a daemon is
enabled to use TCP wrappers, run the strings or ldd command on the daemon and check for
hosts_access or libwrap, respectively:
$ strings /usr/sbin/vsftpd |grep hosts
hosts_access
$ ldd /usr/sbin/sshd |grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x0012f000)
Keep in mind that the order in which hosts are evaluated is important. For example, you cannot
deny access to a host in the hosts.deny file that has already been given access in the hosts.
allow file.
Listing every single address that may try to connect to your computer is not necessary (or even
possible). The hosts.allow and hosts.deny files enable you to specify entire subnets and
groups of addresses. You can even use the keyword ALL to specify all possible addresses. You can
also restrict specific entries in these files so they apply only to specific network services. Look at
an example of a typical pair of hosts.allow and hosts.deny files. Here’s the /etc/hosts.
allow file:
#
# hosts.allow This file describes the names of the hosts that are
#
allowed to use the local INET services, as decided
#
by the ‘/usr/sbin/tcpd’ server.
#
sshd: 199.170.177.
in.telnetd: 199.170.177., .linuxtoys.net
vsftpd: ALL
393
Part III: Learning System Administration Skills
Here’s the /etc/hosts.deny file:
#
# hosts.deny This file describes names of the hosts which are
#
*not* allowed to use the local INET services, as
#
decided by the ‘/usr/sbin/tcpd’ server.
#
ALL: ALL
The preceding example is a rather restrictive configuration. It allows connections to the sshd and
telnet services from certain hosts, but then denies all other connections. It also allows connections to the FTP service (vsftp) to all hosts. Let’s examine the files in detail.
As usual, lines beginning with a # character are comments and are ignored by xinetd or inetd
when it parses the file. Each noncomment line consists of a comma-separated list of daemons
followed by a colon (:) character and then a comma-separated list of client addresses to check. In
this context, a client is any computer that attempts to access a network service on your system.
A client entry can be a numeric IP address (such as 199.170.177.25) or a host name (such as
jukebox.linuxtoys.net), but is more often a wildcard variation that specifies an entire range
of addresses. A client entry can take four different forms. The online manual page for the hosts.
allow file describes them as follows:
A string that begins with a dot (.) character. A host name is matched if the last components of its name match the specified pattern. For example, the pattern .tue.nl
matches the host name wzv.win.tue.nl.
A string that ends with a dot (.) character. A host address is matched if its first numeric
fields match the given string. For example, the pattern 131.155. matches the address
of (almost) every host on the Eindhoven University network (131.155.x.x).
A string that begins with an at (@) sign is treated as an NIS netgroup name. A host name
is matched if it is a host member of the specified netgroup. Netgroup matches are not
supported for daemon process names or for client usernames.
An expression of the form n.n.n.n/m.m.m.m is interpreted as a net/mask pair. A host
address is matched if net is equal to the bitwise and of the address and the mask.
For example, the net/mask pattern 131.155.72.0/255.255.254.0 matches every
address in the range 131.155.72.0 through 131.155.73.255.
The example host.allow contains the first two types of client specification. The entry
199.170.177. will match any IP address that begins with that string, such as 199.170.177.25.
The client entry .linuxtoys.net will match host names such as jukebox.linuxtoys.net or
picframe.linuxtoys.net.
394
Chapter 12: Securing Linux
Let’s examine what happens when a host named jukebox.linuxtoys.net (with IP address
199.170.179.18) connects to your Linux system using the Telnet protocol. In this case, the
Linux system is Fedora, which uses the xinetd daemon to listen for service requests associated
with TCP wrappers:
1. xinetd receives the connection request.
2. xinetd begins comparing the address and name of jukebox.linuxtoys.net to the
rules listed in /etc/hosts.allow. It starts at the top of the file and works its way
down the file until finding a match. Both the daemon (the program handling the network service on your Fedora box) and the connecting client’s IP address or name must
match the information in the hosts.allow file. In this case, the second rule that is
encountered matches the request:
in.telnetd: 199.170.177., .linuxtoys.net
3. The jukebox host is not in the 199.170.177 subnet, but it is in the linuxtoys.net
domain. xinetd stops searching the file as soon as it finds this match.
How about if jukebox connects to your box using the CUPS-lpd protocol? In this case, it
matches none of the rules in hosts.allow; the only line that refers to the lpd daemon does not
refer to the 199.170.179 subnet or to the linuxtoys.net domain. xinetd continues on to the
hosts.deny file. The entry ALL: ALL matches anything, so tcpd denies the connection.
The ALL wildcard was also used in the hosts.allow file. In this case, we are telling xinetd to
permit absolutely any host to connect to the FTP service on the Linux box. This is appropriate for
running an anonymous FTP server that anyone on the Internet can access. If you are not running
an anonymous FTP site, you probably should not use the ALL flag.
A good general rule is to make your hosts.allow and hosts.deny files as restrictive as possible and then explicitly enable only those services that you really need. Also, grant access only
to those systems that really need access. Using the ALL flag to grant universal access to a particular service may be easier than typing a long list of subnets or domains, but better a few minutes
spent on proper security measures than many hours recovering from a break-in.
Tip
For Linux systems that use the xinetd service, you can further restrict access to services using various options
within the /etc/xinetd.conf file, even to the point of limiting access to certain services to specific times
of the day. Read the manual page for xinetd (by typing man xinetd at a command prompt) to learn more
about these options. Understanding attack techniques
Attacks on computing systems take on different forms, depending on the goal and resources
of the attacker. Some attackers want to be disruptive, whereas others want to infi ltrate your
395
Part III: Learning System Administration Skills
machines and utilize the resources for their own nefarious purposes. Still others are targeting
your data for financial gain or blackmail. Here are three major categories of attacks:
Denial-of-Service (DoS) —The easiest attacks to perpetrate are denial-of-service
attacks. The primary purpose of these attacks is to disrupt the activities of a remote
site by overloading it with irrelevant data. DoS attacks can be as simple as sending
thousands of page requests per second at a Web site. These types of attacks are easy to
perpetrate and easy to protect against. After you have a handle on where the attack is
coming from, a simple phone call to the perpetrator’s ISP will get the problem solved.
Distributed Denial-of-Service (DDoS) —More advanced DoS attacks are called distributed denial-of-service attacks. DDoS attacks are much harder to perpetrate and nearly
impossible to stop. In this form of attack, an attacker takes control of hundreds or even
thousands of weakly secured Internet-connected computers. The attacker then directs
them in unison to send a stream of irrelevant data to a single Internet host. The result
is that the power of one attacker is magnified thousands of times. Instead of an attack
coming from one direction, as is the case in a normal DoS, it comes from thousands of
directions at once. The best defense against a DDoS attack is to contact your ISP to see
whether or not it can filter traffic at its border routers.
Many people use the excuse, “I have nothing on my machine anyone would want” to avoid
having to consider security. The problem with this argument is that attackers have a lot of
reasons to use your machine. The attacker can turn your machine into an agent for later
use in a DDoS attack. More than once, authorities have shown up at the door of a dumbfounded computer user asking questions about threats originating from their computer.
By ignoring security, the owners have opened themselves up to a great deal of liability.
Intrusion attacks —To remotely use the resources of a target machine, attackers must
first look for an opening to exploit. In the absence of inside information such as passwords or encryption keys, they must scan the target machine to see what services are
offered. Perhaps one of the services is weakly secured and the attacker can use some
known exploit to finagle his or her way in.
A tool called nmap is generally considered the best way to scan a host for services (note
that nmap is a tool that can be used for good and evil). When the attacker has a list of
the available services running on his target, he needs to find a way to trick one of those
services into letting him have privileged access to the system. Usually, this is done with
a program called an exploit.
Although DoS attacks are disruptive, intrusion attacks are the most damaging. The reasons are
varied, but the result is always the same. An uninvited guest is now taking up residence on your
machine and is using it in a way you have no control over.
Protecting against denial-of-service attacks
As explained earlier, a denial-of-service attack attempts to crash your computer or at least
degrade its performance to an unusable level. A variety of denial-of-service exploits exist.
396
Chapter 12: Securing Linux
Most try to overload some system resource, such as your available disk space or your Internet
connection. Some common attacks and defenses are discussed in the following sections.
Mailbombing
Mailbombing is the practice of sending so much e-mail to a particular user or system that the computer’s hard drive becomes full. You have several ways to protect yourself from mailbombing, as
described in the following sections. You can use the Procmail e-mail-filtering tool or, if you are
using sendmail as your mail transport agent, configure your sendmail daemon.
Blocking mail with Procmail
The Procmail e-mail-filtering tool, installed by default with Fedora, RHEL, and many other Linux
systems, is tightly integrated with the sendmail e-mail daemon; thus, it can be used to selectively
block or filter out specific types of e-mail. You can learn more about Procmail at the Procmail
Web site: www.procmail.org.
To enable Procmail for your user account, create a .procmailrc file in your home directory. The
file should be mode 0600 (readable by you but nobody else). Type the following, replacing evilmailer with the actual e-mail address that is mailbombing you.
# Delete mail from evilmailer
:0
* ^From.*evilmailer
/dev/null
The Procmail recipe looks for the From line at the start of each e-mail to see if it includes the
string evilmailer. If it does, the message is sent to /dev/null (effectively throwing it away).
Blocking mail with sendmail
The Procmail e-mail tool works quite well when only one user is being mailbombed. If, however,
the mailbombing affects many users, you should probably configure your sendmail daemon to
block all e-mail from the mailbomber. Do this by adding the mailbomber’s e-mail address or system name to the access file located in the /etc/mail directory.
Each line of the access file contains an e-mail address, host name, domain, or IP address followed by a tab and then a keyword specifying what action to take when that entity sends you
a message. Valid keywords are OK, RELAY, REJECT, DISCARD, and ERROR. Using the REJECT
keyword will cause a sender’s e-mail to be bounced back with an error message. The keyword
DISCARD will cause the message to be silently dropped without sending an error back. You can
even return a custom error message by using the ERROR keyword.
Thus, an example /etc/mail/access file may look similar to this:
#
#
#
#
Check the /usr/share/doc/sendmail/README.cf file for a description
of the format of this file. (search for access_db in that file)
The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
package.
397
Part III: Learning System Administration Skills
#
# by default we allow relaying from localhost...
localhost.localdomain
RELAY
localhost
RELAY
127.0.0.1
RELAY
#
# Senders we want to Block
#
evilmailer@yahoo.com
REJECT
stimpy.glaci.com
REJECT
cyberpromo.com
DISCARD
199.170.176.99
ERROR:”550 Die Spammer Scum!”
199.170.177
ERROR:”550 Email Refused”
As with most Linux configuration files, lines that begin with a pound (#) sign are comments. The
list of blocked spammers is at the end of this example file. Note that the address to block can be a
complete e-mail address, a full host name, a domain only, an IP address, or a subnet.
To block a particular e-mail address or host from mailbombing you, log in to your system as root,
edit the /etc/mail/access file, and add a line to DISCARD mail from the offending sender.
After saving the file and exiting the editor, you must convert the access file into a hash-indexed
database called access.db. The database is updated automatically the next time sendmail starts.
On Fedora and other Red Hat systems, you can convert the database immediately, as follows:
# cd /etc/mail
# make
Sendmail should now discard e-mail from the addresses you added.
Spam relaying
Your e-mail services can also be abused by having your system used as a spam relay. Spam refers
to the unsolicited junk e-mail that has become a common occurrence on the Internet. Relay refers
to the mail server feature that causes it to send mail it receives to another server. (Normally, only
users with valid e-mail accounts on the server are allowed to use a mail server to relay messages
in their behalf. A mail server configured as an open relay will allow anyone to forward e-mail
messages through it and is, therefore, considered to be a very bad practice.)
Spammers often deliver their annoying messages from a normal dial-up Internet account. They
need some kind of high-capacity e-mail server to accept and buffer the payload of messages. They
deliver the spam to the server all in one huge batch and then log off, letting the server do the
work of delivering the messages to the many victims.
Naturally, no self-respecting Internet service provider will cooperate with this action, so spammers resort to hijacking servers at another ISP to do the dirty work. Having your mailserver
hijacked to act as a spam relay can have a devastating effect on your system and your reputation.
Fortunately, open mail relaying is deactivated by default on Fedora and Red Hat Enterprise Linux
installations. Open mail relaying is one security issue that you will not have to worry about.
398
Chapter 12: Securing Linux
You can allow specific hosts or domains to relay mail through your system by adding those senders to your /etc/mail/access file with keyword RELAY. By default, relaying is allowed from
the local host only.
Tip
One package you might consider using to filter out spam on your mail server is SpamAssassin. SpamAssassin
examines the text of incoming mail messages and attempts to filter out messages that are determined to be
spam. SpamAssassin is described in Chapter 14. Smurf amplification attack
Smurfing refers to a particular type of denial-of-service attack aimed at flooding your Internet
connection. It can be a difficult attack to defend against because tracing the attack to the attacker
is not easy. Here is how smurfing works.
The attack makes use of the ICMP protocol, a service intended for checking the speed and availability of network connections. Using the ping command, you can send a network packet from your
computer to another computer on the Internet. The remote computer will recognize the packet as
an ICMP request and echo a reply packet to your computer. Your computer can then print a message revealing that the remote system is up and telling you how long it took to reply to the ping.
A smurfing attack uses a malformed ICMP request to bury your computer in network traffic. The
attacker does this by bouncing a ping request off an unwitting third party in such a way that
the reply is duplicated dozens or even hundreds of times. An organization with a fast Internet
connection and a large number of computers is used as the relay. The destination address of the
ping is set to an entire subnet instead of a single host. The return address is forged to be your
machine’s address instead of the actual sender. When the ICMP packet arrives at the unwitting
relay’s network, every host on that subnet replies to the ping! Furthermore, they reply to your
computer instead of to the actual sender. If the relay’s network has hundreds of computers, your
Internet connection can be quickly flooded.
The best fi x is to contact the organization being used as a relay and inform it of the abuse.
Usually, they need only to reconfigure their Internet router to stop any future attacks. If the
organization is uncooperative, you can minimize the effect of the attack by blocking the ICMP
protocol on your router. This will at least keep the traffic off your internal network. If you can
convince your ISP to block ICMP packets aimed at your network, it will help even more. (Note
that some debate exists about whether or not blocking ICMP packets is a good idea because ICMP
services can be useful for various administrative purposes.)
Protecting against distributed DoS attacks
DDoS attacks are much harder to initiate and extremely difficult to stop. A DDoS attack begins
with the penetration of hundreds or even thousands of weakly secured machines. These
machines can then be directed to attack a single host based on the whims of the attacker.
With the advent of DSL and cable modem, millions of people are enjoying Internet access with
virtually no speed restrictions. In their rush to get online, many of those people neglect even the
399
Part III: Learning System Administration Skills
most basic security. Because the vast majority of these people run Microsoft operating systems,
they tend to get hit with worms and viruses rather quickly. After the machine has been infiltrated, quite often the worm or virus installs a program on the victim’s machine that instructs it
to quietly call home and announce that it is now ready to do the master’s bidding.
At the whim of the master, the infected machines can now be used to focus a concentrated stream
of garbage data at a selected host. In concert with thousands of other infected machines, a script
kiddie now has the power to take down nearly any site on the Internet.
Detecting a DDoS is similar to detecting a DoS attack. One or more of the following signs are
likely to be present:
Sustained saturated data link
No reduction in link saturation during off-peak hours
Hundreds or even thousands of simultaneous network connections
Extremely slow system performance
To determine if your data link is saturated, the act of pinging an outside host can tell much of the
story. Much higher than usual latency is a dead giveaway. Normal ping latency (that is, the time it
takes for a ping response to come back from a remote host) looks like the following:
# ping www.example.com
PING www.example.com (192.0.34.166) from 10.0.0.11: 56(84) bytes of data
64 bytes from 192.0.34.166: icmp_seq=1 ttl=49 time=40.1 ms
64 bytes from 192.0.34.166: icmp_seq=2 ttl=49 time=42.5 ms
64 bytes from 192.0.34.166: icmp_seq=3 ttl=49 time=39.5 ms
64 bytes from 192.0.34.166: icmp_seq=4 ttl=49 time=38.4 ms
64 bytes from 192.0.34.166: icmp_seq=5 ttl=49 time=39.0 ms
--- www.example.com ping statistics --5 packets transmitted, 5 received, 0% loss, time 4035ms
rtt min/avg/max/mdev = 38.472/39.971/42.584/1.432 ms
In the preceding example, the average time for a ping packet to make the roundtrip was about 39
thousandths of a second.
A ping to a nearly saturated link looks like the following:
# ping www.example.com
PING www.example.com (192.0.34.166): from 10.0.0.11: 56(84)bytes of data
64 bytes from 192.0.34.166: icmp_seq=1 ttl=62 time=1252 ms
64 bytes from 192.0.34.166: icmp_seq=2 ttl=62 time=1218 ms
64 bytes from 192.0.34.166: icmp_seq=3 ttl=62 time=1290 ms
64 bytes from 192.0.34.166: icmp_seq=4 ttl=62 time=1288 ms
64 bytes from 192.0.34.166: icmp_seq=5 ttl=62 time=1241 ms
--- www.example.com ping statistics --5 packets transmitted, 5 received, 0% loss, time 5032ms
rtt min/avg/max/mdev = 1218.059/1258.384/1290.861/28.000 ms
400
Chapter 12: Securing Linux
In this example, a ping packet took, on average, 1.3 seconds to make the roundtrip. From the
first example to the second example, latency increased by a factor of 31! A data link that goes
from working normally to slowing down by a factor of 31 is a clear sign that link utilization
should be investigated.
For a more accurate measure of data throughput, you can use a tool such as ttcp. To test your
connection with ttcp you must have installed the ttcp package on machines inside and outside
of your network. (The ttcp package is available with Fedora and other Linux systems.) If you are
not sure whether the package is installed, simply type ttcp at a command prompt. You should see
something like the following:
# ttcp
Usage: ttcp -t [-options] host [ < in ]
ttcp -r [-options > out]
Common options:
-l ##
length of bufs read from or written to network (default 8192)
-u
use UDP instead of TCP
-p ##
port number to send to or listen at (default 5001)
-s
-t: source a pattern to network
-r: sink (discard) all data from network
-A
align the start of buffers to this modulus (default 16384)
-O
start buffers at this offset from the modulus (default 0)
-v
verbose: print more statistics
-d
set SO_DEBUG socket option
-b ##
set socket buffer size (if supported)
-f X
format for rate: k,K = kilo{bit,byte}; m,M = mega; g,G = giga
Options specific to -t:
-n##
number of source bufs written to network (default 2048)
-D
don’t buffer TCP writes (sets TCP_NODELAY socket option)
-w ## number of microseconds to wait between each write
Options specific to -r:
-B
for -s, only output full blocks as specified by -l (for TAR)
-T
“touch”: access each byte as it’s read
-I if Specify the network interface (e.g. eth0) to use
The first step is to start up a receiver process on the server machine:
# ttcp -rs
ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001
ttcp-r: socket
tcp
The -r flag denotes that the server machine will be the receiver. The –s flag, in conjunction with
the –r flag, tells ttcp that we want to ignore any received data.
The next step is to have someone outside of your data link, with a network link close to the same
speed as yours, set up a ttcp sending process:
# ttcp -ts server.example.com
ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001
-> server.example.com
ttcp-t: socket
ttcp-t: connect
tcp
401
Part III: Learning System Administration Skills
Let the process run for a few minutes and then press Ctrl+C on the transmitting side to stop the
testing. The receiving side then takes a moment to calculate and present the results:
# ttcp -rs
ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp
ttcp-r: socket
ttcp-r: accept from 64.223.17.21
ttcp-r: 2102496 bytes in 70.02 real seconds = 29.32 KB/sec +++
ttcp-r: 1226 I/O calls, msec/call = 58.49, calls/sec = 17.51
ttcp-r: 0.0user 0.0sys 1:10real 0% 0i+0d 0maxrss 0+2pf 0+0csw
In this example, the average bandwidth between the two hosts was 29.32 kilobytes per second.
On a link suffering from a DDoS, this number would be a mere fraction of the actual bandwidth
the data link is rated for.
If the data link is indeed saturated, the next step is to determine where the connections are coming from. A very effective way of doing this is with the netstat command, which is included as
part of the base Fedora installation. Type the following to see connection information:
# netstat –tupn
Table 12-3 describes each of the netstat parameters used here.
TABLE 12-3
netstat Parameters
Parameter
Description
-t, --tcp
Show TCP socket connections.
-u, --udp
Show UDP socket connections.
-p, --program
Show the PID and name of the program to which each socket belongs.
-n, --numeric
Show numerical address instead of trying to determine symbolic host, port, or
usernames.
The following is an example of what the output might look like:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
tcp
0
0 65.213.7.96:22
13.29.132.19:12545
tcp
0 224 65.213.7.96:22
13.29.210.13:29250
tcp
0
0 65.213.7.96:6667 13.29.194.190:33452
tcp
0
0 65.213.7.96:6667 216.39.144.152:42709
tcp
0
0 65.213.7.96:42352 67.113.1.99:53
tcp
0
0 65.213.7.96:42354 83.152.6.9:113
402
State
PID/Program name
ESTABLISHED 32376/sshd
ESTABLISHED 13858/sshd
ESTABLISHED 1870/ircd
ESTABLISHED 1870/ircd
TIME_WAIT
TIME_WAIT
-
Chapter 12: Securing Linux
tcp
tcp
tcp
tcp
0
0
0
0
0
0
0
0
65.213.7.96:42351 83.152.6.9:113
127.0.0.1:42355
127.0.0.1:783
127.0.0.1:783
127.0.0.1:42353
65.213.7.96:850578 19.15.11.1:25
TIME_WAIT
TIME_WAIT
TIME_WAIT
TIME_WAIT
-
The output is organized into columns defined as follows:
Proto —Protocol used by the socket.
Recv-Q —The number of bytes not yet copied by the user program attached to this
socket.
Send-Q —The number of bytes not acknowledged by the host.
Local Address —Address and port number of the local end of the socket.
Foreign Address —Address and port number of the remote end of the socket.
State —Current state of the socket. Table 12-4 provides a list of socket states.
PID/Program name —Process ID and program name of the process that owns the
socket.
TABLE 12-4
Socket States
State
Description
ESTABLISHED
Socket has an established connection.
SYN_SENT
Socket actively trying to establish a connection.
SYN_RECV
Connection request received from the network.
FIN_WAIT1
Socket closed and shutting down.
FIN_WAIT2
Socket is waiting for remote end to shut down.
TIME_WAIT
Socket is waiting after closing to handle packets still in the network.
CLOSED
Socket is not being used.
CLOSE_WAIT
The remote end has shut down, waiting for the socket to close.
LAST_ACK
The remote end has shut down, and the socket is closed, waiting for
acknowledgement.
LISTEN
Socket is waiting for an incoming connection.
CLOSING
Both sides of the connection are shut down, but not all of your data has been
sent.
UNKNOWN
The state of the socket is unknown.
403
Part III: Learning System Administration Skills
During a DoS attack, the foreign address is usually the same for each connection. In this case, it
is a simple matter of typing the foreign IP address into the search form at ws.arin.net/whois/
so you can alert your ISP.
During a DDoS attack, the foreign address will likely be different for each connection. In this
case, tracking down all the offenders is impossible because there will likely be thousands of
them. The best way to defend yourself is to contact your ISP and see whether or not it can fi lter
the traffic at its border routers.
Protecting against intrusion attacks
Crackers have a wide variety of tools and techniques to assist them in breaking into your computer. Intrusion attacks focus on exploiting weaknesses in your security, so the crackers can take
more control of your system (and potentially do more damage) than they could from the outside.
Fortunately, many tools and techniques exist for combating intrusion attacks. This section
discusses the most common break-in methods and the tools available to protect your system.
Although the examples shown are specific to Fedora and other Red Hat Linux systems, the tools
and techniques are generally applicable to any Linux or UNIX-like operating system.
Evaluating access to network services
Linux systems and their UNIX kin provide many network services, and with them many avenues
for cracker attacks. You should know these services and how to limit access to them.
What do I mean by a network service? Basically, I am referring to any task that the computer
performs that requires it to send and receive information over the network using some predefi ned
set of rules. Routing e-mail is a network service. So is serving Web pages. Your Linux box has the
potential to provide thousands of services. Many of them are listed in the /etc/services file.
Look at a snippet of that file:
# /etc/services:
# service-name port/protocol [aliases ...]
[# comment]
chargen
19/tcp
ttytst source
chargen
19/udp
ttytst source
ftp-data
20/tcp
ftp-data
20/udp
# 21 is registered to ftp, but also used by fsp
ftp
21/tcp
ftp
21/udp
fsp fspd
ssh
22/tcp
# SSH Remote Login Protocol
ssh
22/udp
# SSH Remote Login Protocol
telnet
23/tcp
telnet
23/udp
# 24 - private mail system
smtp
25/tcp
mail
404
Chapter 12: Securing Linux
After the comment lines, you will notice three columns of information. The left column contains
the name of each service. The middle column defines the port number and protocol type used for
that service. The rightmost field contains an optional alias or list of aliases for the service.
As an example, examine the last entry in the file snippet. It describes the SMTP (Simple Mail
Transfer Protocol) service, which is the service used for delivering e-mail over the Internet. The
middle column contains the text 25/tcp, which tells you that the SMTP protocol uses port 25 and
uses the Transmission Control Protocol (TCP) as its protocol type.
What exactly is a port number? It is a unique number that has been set aside for a particular network service. It allows network connections to be properly routed to the software that handles
that service. For example, when an e-mail message is delivered from some other computer to
your Linux box, the remote system must first establish a network connection with your system.
Your computer receives the connection request, examines it, sees it labeled for port 25, and thus
knows that the connection should be handed to the program that handles e-mail (which happens
to be sendmail).
I mentioned that SMTP uses the TCP protocol. Some services use UDP, the User Datagram
Protocol. All you really need to know about TCP and UDP (for the purposes of this security discussion) is that they provide different ways of packaging the information sent over a network
connection. A TCP connection provides error detection and retransmission of lost data. UDP
doesn’t check to ensure that the data arrived complete and intact; it is meant as a fast way to send
non-critical information.
Disabling network services
Although hundreds of services (with official port numbers listed in /etc/services) potentially
could be available and subject to attack on your Linux system, in reality only a few dozen services
are installed and only a handful of those are on by default. In Fedora and RHEL systems, most
network services are started by either the xinetd process or by a startup script in the /etc/
init.d directory. Other Linux systems use the inetd process instead of xinetd.
xinetd and inetd are daemons that listen on a great number of network port numbers. When a
connection is made to a particular port number, xinetd or inetd automatically starts the appropriate program for that service and hands the connection to it.
For xinetd, the configuration file /etc/xinetd.conf is used to provide default settings for the
xinetd server. The directory /etc/xinetd.d contains files telling xinetd what ports to listen on
and what programs to start (the inetd daemon, alternatively, uses only the /etc/inetd.conf
file). Each file in /etc/xinetd.d contains configuration information for a single service, and the
file is usually named after the service it configures. For example, to enable the rsync service, edit
the rsync file in the /etc/xinetd.d directory and look for a section similar to the following:
service rsync
{
disable = yes
socket_type
= stream
405
Part III: Learning System Administration Skills
wait
user
server
server_args
log_on_failure
= no
= root
= /usr/bin/rsync
= --daemon
+= USERID
}
Note that the first line of this example identifies the service as rsync. This exactly matches the
service name listed in the /etc/services file, causing the service to listen on port 873 for TCP
and UDP protocols. You can see that the service is off by default (disable = yes). To enable the
rsync services, change the line to read disable = no instead. Thus, the disable line from the preceding example would look like this:
disable = no
Tip
The rsync service is a nice one to turn on if your machine is an FTP server. It allows people to use an rsync
client (which includes a checksum-search algorithm) to download files from your server. With that feature,
users can restart a disrupted download without having to start from the beginning. Because most services are disabled by default, your computer is only as insecure as you make it.
You can double-check that insecure services, such as rlogin and rsh (which are included in the
rsh-server package in Fedora and RHEL systems), are also disabled by making sure that disabled = yes is set in the /etc/xinetd.d/rlogin and rsh files.
Tip
You can make the remote login service active but disable the use of the /etc/host.equiv and .rhosts
files, requiring rlogin to always prompt for a password. Rather than disabling the service, locate the server
line in the rsh file (server = /usr/sbin/in.rshd) and add a space followed by -L at the end. You now need to send a signal to the xinetd process to tell it to reload its configuration file. The
quickest way to do that in Fedora and RHEL systems is to reload the xinetd service. As the root
user, type the following from a shell:
# service xinetd reload
Reloading configuration:
[ OK ]
You can also tell the xinetd process directly to reread the configuration file by sending it a
SIGHUP signal. That works if you are using the inetd daemon instead (on systems such as Debian
or Slackware) to reread the /etc/inetd.conf file. For example, type this (as root user) to have
the inetd daemon reread the configuration file:
# killall -s SIGHUP inetd
406
Chapter 12: Securing Linux
That’s it—you have enabled the rsync service. Provided that you have properly configured your
FTP server, clients should now be able to download files from your computer via the rsync
protocol.
Securing servers with SELinux
Security Enhanced Linux (SELinux) is a project developed primarily by the National Security
Agency to produce highly secure Linux systems. Although SELinux is available as add-on packages to openSUSE, Debian, Ubuntu, Gentoo, and Yellow Dog, SELinux is installed and turned on
by default in Fedora and Red Hat Enterprise Linux systems.
Red Hat, Inc. did a clever thing when it took its first swipe at implementing SELinux in Red Hat
systems. Instead of creating policies to control every aspect of your Linux system, it created a
“targeted” policy type that focused on securing your system from attacks on those services that
are most vulnerable to attacks. The company then set about securing those services in such a way
that, if they were compromised, a cracker couldn’t compromise the rest of the system as well.
After you have opened a port in your firewall so others can request a service, then started that
service to handle requests, SELinux can be used to set up walls around that service. As a result,
its daemon process, configuration files, and data can’t access resources they are not specifically
allowed to access. The rest of your computer, then, is safer.
As Red Hat continues to work out the kinks in SELinux, there has been a tendency for users to
see SELinux failures and just disable the entire SELinux service. However, a better course is to
find out whether SELinux is really stopping you from doing something that is unsafe. If it turns
out to be a bug with SELinux, file a bug report and help make the service better.
If you are enabling FTP, Web (HTTPD), DNS, NFS, NIS, or Samba services on your Fedora or
RHEL system, you should consider leaving SELinux enabled and working with the settings
from the Security Level Configuration window to configure those services. For information on
SELinux that is specific to Fedora, refer to this site:
http://fedoraproject.org/wiki/SELinux
Protecting Web servers with certificates
and encryption
Previous sections told you how to lock the doors to your Linux system to deny access to crackers.
The best deadbolt lock, however, is useless if you are mugged in your own driveway and have
your keys stolen. Likewise, the best computer security can be for naught if you are sending passwords and other critical data unprotected across the Internet.
407
Part III: Learning System Administration Skills
Exporting Encryption Technology
Before describing how to use the various encryption tools, I need to warn you about an unusual policy
of the United States government. For many years, the United States government treated encryption technology like munitions. As a result, anyone wanting to export encryption technology had to get an export
license from the Commerce Department. This applied not only to encryption software developed within
the United States, but also to software obtained from other countries and then re-exported to another
country (or even to the same country you got it from).
Thus, if you installed encryption technology on your Linux system and then transported it out of the
country, you were violating federal law! Furthermore, if you e-mailed encryption software to a friend in
another country or let him or her download it from your server, you violated the law.
In January 2000, U.S. export laws relating to encryption software were relaxed considerably. However,
often the U.S. Commerce Department’s Bureau of Export Administration requires a review of encryption
products before they can be exported. U.S. companies are also still not allowed to export encryption
technology to countries classified as supporting terrorism.
A savvy cracker can use a tool called a protocol analyzer or a network sniffer to peek at the data
flowing across a network and pick out passwords, credit card data, and other juicy bits of information. The cracker does this by breaking into a poorly protected system on the same network
and running software, or by gaining physical access to the same network and plugging in his or
her own equipment.
You can combat this sort of theft by using encryption. The two main types of encryption in use
today are symmetric cryptography and public-key cryptography.
Symmetric cryptography
Symmetric cryptography, also called private-key cryptography, uses a single key to both encrypt
and decrypt a message. This method is generally inappropriate for securing data that will be used
by a third party because of the complexity of secure key exchange. Symmetric cryptography is
generally useful for encrypting data for one’s own purposes.
A classic use of symmetric cryptography is for a personal password vault. Anyone who has been
using the Internet for any amount of time has accumulated a quantity of usernames and passwords for accessing various sites and resources. A personal password vault lets you store this
access information in an encrypted form. The end result is that you have to remember only one
password to unlock all of your access information.
A few years ago, the United States government was standardized on a symmetric encryption algorithm called DES (Data Encryption Standard) to secure important information. Because there is
no direct way to crack DES encrypted data, to decrypt DES encrypted data without a password
you would have to use an unimaginable amount of computing power to try to guess the password. This is also known as the brute force method of decryption.
408
Chapter 12: Securing Linux
As personal computing power has increased nearly exponentially, the DES algorithm has had
to be retired. In its place, after a very long and interesting search, the United States government
has accepted the Rijndael algorithm as what it calls the AES (Advanced Encryption Standard).
Although the AES algorithm is also subject to brute force attacks, it requires significantly more
computing power to crack than the DES algorithm does.
For more information on AES, including a command-line implementation of the algorithm, you
can visit http://aescrypt.sourceforge.net/.
Asymmetric cryptography
Public-key cryptography does not suffer from key distribution problems, and that is why it is the
preferred encryption method for secure Internet communication. This method uses two keys, one
to encrypt the message and another to decrypt the message. The key used to encrypt the message
is called the public key because it is made available for all to see. The key used to decrypt the
message is the private key and is kept hidden.
Imagine that you want to send me a secure message using public-key encryption. Here is what
we need:
1. I must have a public and private key pair. Depending on the circumstances, I may generate the keys myself (using special software) or obtain the keys from a key authority.
2. You want to send me a message, so you first look up my public key (or more accurately,
the software you are using looks it up).
3. You encrypt the message with the public key. At this point, the message can be
decrypted only with the private key (the public key cannot be used to decrypt the
message).
4. I receive the message and use my private key to decrypt it.
Secure socket layer
A classic implementation of public-key cryptography is with secure sockets layer (SSL) communication. This is the technology that enables you to securely submit your credit card information to
an online merchant. The elements of an SSL encrypted session are as follows:
SSL-enabled Web browser (Mozilla, Internet Explorer, Opera, Konquerer, and so on)
SSL-enabled Web server (Apache)
SSL certificate
To initiate an SSL session, a Web browser first makes contact with a Web server on port 443, also
known as the HTTPS port (Hypertext Transport Protocol Secure). After a socket connection has
been established between the two machines, the following occurs:
1. The server sends its SSL certificate to the browser.
409
Part III: Learning System Administration Skills
2. The browser verifies the identity of the server through the SSL certificate.
3. The browser generates a symmetric encryption key.
4. The browser uses the SSL certificate to encrypt the symmetric encryption key.
5. The browser sends the encrypted key to the server.
6. The server decrypts the symmetric key with its private key counterpart of the public
SSL certificate.
The browser and server can now encrypt and decrypt traffic based on a common knowledge of
the symmetric key. Secure data interchange can now occur.
Creating SSL certificates
To create your own SSL certificate for secure HTTP data interchange, you must first have an SSLcapable Web server. The Apache Web server, which comes with Fedora and other Linux systems,
is SSL-capable. The following procedure for creating SSL certificates is done on a Fedora system
that includes Apache from the httpd and mod_ssl packages. This procedure may be different for
Apache on other Linux systems.
First install the necessary packages:
# yum install httpd mod_ssl openssl
Now create SSL certificates:
# cd /etc/pki/tls/certs
# make
This makefile allows you to create:
o public/private key pairs
o SSL certificate signing requests (CSRs)
o self-signed SSL test certificates
To
To
To
To
create
create
create
create
a
a
a
a
key pair, run “make SOMETHING.key”.
CSR, run “make SOMETHING.csr”.
test certificate, run “make SOMETHING.crt”.
key and a test certificate in one file, run “make SOMETHING.pem”.
To create a key for use with Apache, run “make genkey”.
To create a CSR for use with Apache, run “make certreq”.
To create a test certificate for use with Apache, run “make testcert”.
Examples:
make server.key
make server.csr
make server.crt
make stunnel.pem
make genkey
make certreq
make testcert
410
Chapter 12: Securing Linux
The make command utilizes the makefile to create SSL certificates. Without any arguments the
make command simply prints the information listed in the preceding example. The following
defines each argument you can give to make:
make server.key—Creates generic public/private key pairs.
make server.csr—Generates a generic SSL certificate service request.
make server.crt—Generates a generic SSL test certificate.
make stunnel.pem—Generates a generic SSL test certificate, but puts the private key
in the same file as the SSL test certificate.
make genkey—Same as make server.key except it places the key in the ssl.key
directory.
make certreq—Same as make server.csr except it places the certificate service
request in the ssl.csr directory.
make testcert—Same as make server.crt except it places the test certificate in
the ssl.crt directory.
Using third-party certificate signers
In the real world, I know who you are because I recognize your face, your voice, and your mannerisms. On the Internet, I cannot see these things and must rely on a trusted third party to
vouch for your identity. To ensure that a certificate is immutable, it has to be signed by a trusted
third party when the certificate is issued and validated every time an end user taking advantage
of your secure site loads it. The following is a list of the trusted third-party certificate signers:
GlobalSign—www.globalsign.com/
GeoTrust—https://www.geotrust.com/
VeriSign—https://www.verisign.com/
RapidSSL — https://www.rapidssl.com/
Thawte —www.thawte.com/
EnTrust—www.entrust.com/
ipsCA—www.ipsca.com/
COMODO Group —www.comodogroup.com/
Note
Because of the fluid nature of the certificate business, some of these companies may not be in business when
you read this, while others may have come into existence. To get a more current list of certificate authorities, from your Firefox browser select Edit ➪ Preferences. From the Preferences window that appears, select
Advanced ➪ Encryption, then select the View Certificates button. From the Certificate Manager window that
appears, refer to the Authorities tab to see Certificate Authorities from which you have received certificates. Each of these certificate authorities has gotten a chunk of cryptographic code embedded into
nearly every Web browser in the world. This chunk of cryptographic code allows a Web browser
411
Part III: Learning System Administration Skills
to determine whether or not an SSL certificate is authentic. Without this validation, it would be
easy for crackers to generate their own certificates and dupe people into thinking they are giving
sensitive information to a reputable source.
Certificates that are not validated are called self-signed certificates. If you come across a site that
has not had its identity authenticated by a trusted third party, your Web browser will display a
message similar to the one shown in Figure 12-5.
FIGURE 12-5
A pop-up window alerts you when a site is not authenticated.
This does not necessarily mean that you are encountering anything illegal, immoral, or fattening. Many sites opt to go with self-signed certificates, not because they are trying to pull a fast one
on you, but because there may not be any reason to validate the true owner of the certificate and
they do not want to pay the cost of getting a certificate validated. Some reasons for using a selfsigned certificate include:
412
The Web site accepts no input—In this case, you as the end user have nothing to
worry about. There is no one trying to steal your information because you aren’t giving
out any information. Most of the time this is done simply to secure the Web transmission from the server to you. The data in and of itself may not be sensitive, but, being a
good netizen, the site has enabled you to secure the transmission to keep third parties
from sniffing the traffic.
The Web site caters to a small clientele —If you run a Web site that has a very limited
set of customers, such as an Application Service Provider, you can simply inform your
users that you have no certificate signer. They can browse the certificate information
and validate it with you over the phone or in person.
Testing—Paying for an SSL certificate makes no sense if you are only testing a new Web
site or Web-based application. Use a self-signed certificate until you are ready to go live.
Chapter 12: Securing Linux
Creating a certificate service request
To create a third-party validated SSL certificate from a Fedora Linux system, you must first start
with a certificate service request (CSR). To create a CSR, do the following on your Web server:
# cd /etc/pki/tls/certs
# make certreq
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key
-out /etc/pki/tls/certs/localhost.csr
.
.
.
You will now be asked to enter a password to secure your private key. This password should be at
least eight characters long, and should not be a dictionary word or contain numbers or punctuation. The characters you type will not appear on the screen, to prevent someone from shoulder
surfing your password.
Enter pass phrase:
Enter the password again to verify.
Verifying - Enter pass phrase:
The certificate generation process now begins.
At this point, it is time to start adding some identifying information to the certificate that the
third-party source will later validate. Before you can do this, you must unlock the private key you
just created. Do so by typing the password you typed for your pass phrase. Then enter information as you are prompted. An example of a session for adding information for your certificate is
shown here:
Enter pass phrase for /etc/pki/tls/private/localhost.key: *******
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called
a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
----Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]: Connecticut
Locality Name (eg, city) [Newbury]: Mystic
Organization Name (eg, company) [My Company Ltd]:Acme Marina, Inc.
Organizational Unit Name (eg, section) []:InfoTech
Common Name (eg, your name or your server’s hostname) []:www.acmemarina.com
Email Address []: webmaster@acmemarina.com
413
Part III: Learning System Administration Skills
To complete the process, you will be asked whether you want to add any extra attributes to your
certificate. Unless you have a reason to provide more information, you should simply press Enter
at each of the following prompts to leave them blank.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Getting your CSR signed
After your CSR has been created, you need to send it to a signing authority for validation. The
first step in this process is to select a signing authority. Each signing authority has different deals,
prices, and products. Check out each of the signing authorities listed in the “Using Third-Party
Certificate Signers” section earlier in this chapter to determine which works best for you. The following are areas where signing authorities differ:
Credibility and stability
Pricing
Browser recognition
Warranties
Support
Certificate strength
After you have selected your certificate signer, you have to go through some validation steps. Each
signer has a different method of validating identity and certificate information. Some require that
you fax articles of incorporation, whereas others require a company officer be made available to
talk to a validation operator. At some point in the process you will be asked to copy and paste the
contents of the CSR you created into the signer’s Web form.
# cd /etc/pki/tls/certs/
# cat localhost.csr
-----BEGIN CERTIFICATE REQUEST----MIIB6jCCAVMCAQAwgakxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtDb25uZWN0aWN1
dDEPMA0GA1UEBxMGTXlzdGljMRowGAYDVQQKExFBY21lIE1hcmluYSwgSW5jLjER
MA8GA1UECxMISW5mb1RlY2gxGzAZBgNVBAMTEnd3dy5hY21lbWFyaW5hLmNvbTEn
MCUGCSqGSIb3DQEJARYYd2VibWFzdGVyQGFjbWVtYXJpbmEuY29tMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDcYH4pjMxKMldyXRmcoz8uBVOvwlNZHyRWw8ZG
u2eCbvgi6w4wXuHwaDuxbuDBmw//Y9DMI2MXg4wDq4xmPi35EsO1Ofw4ytZJn1yW
aU6cJVQro46OnXyaqXZOPiRCxUSnGRU+0nsqKGjf7LPpXv29S3QvMIBTYWzCkNnc
gWBwwwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEANv6eJOaJZGzopNR5h2YkR9Wg
l8oBl3mgoPH60Sccw3pWsoW4qbOWq7on8dS/++QOCZWZI1gefgaSQMInKZ1II7Fs
YIwYBgpoPTMC4bp0ZZtURCyQWrKIDXQBXw7BlU/3A25nvkRY7vgNL9Nq+7681EJ8
W9AJ3PX4vb2+ynttcBI=
-----END CERTIFICATE REQUEST-----
You can use your mouse to copy and paste the CSR into the signer’s Web form.
414
Chapter 12: Securing Linux
After you have completed the information validation, paid for the signing, and answered all the
questions, you have completed most of the process. Within 48 to 72 hours you should receive an
e-mail with your shiny new SSL certificate in it. The certificate will look similar to the following:
-----BEGIN CERTIFICATE----MIIEFjCCA3+gAwIBAgIQMI262Zd6njZgN97tJAVFODANBgkqhkiG9w0BAQQFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluXy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gZ2xhc3MgMzFJMEcG10rY2g0Dd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ51FJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
MzAxMTUwMDAwMDBaFw0wNDAxMTUyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKV2FzaG1uZ3RvHiThErE371UEBxQLRmVkZXJhbCBXYXkxGzAZBgNVBAoU
EklETSBTZXJ2aWMlcywgSW5jLjEMMAoGA1UECxQDd3d3MTMwMQYDVQQLFCpUZXJt
cyBvZiB1c2UgYXQgd3d3LnZlcmlzawduLmNvbS9ycGEgKGMpMDAxFDASBgNVBAMU
C2lkbXNlcnYuY29tMIGfMA0GCSqGS1b3DQEBAQUAA4GNADCBiQKBgQDaHSk+uzOf
7jjDFEnqT8UBa1L3yFILXFjhj3XpMXLGWzLmkDmdJjXsa4x7AhEpr1ubuVNhJVI0
FnLDopsx4pyr4n+P8FyS4M5grbcQzy2YnkM2jyqVF/7yOW2pDl30t4eacYYaz4Qg
q9pTxhUzjEG4twvKCAFWfuhEoGu1CMV2qQ1DAQABo4IBJTCCASEwCQYDVR0TBAIw
ADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCOwKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVRRPBAQDAgWgMCgGA1UdJQQhMB8G
CWCGSAGG+EIEM00c0wIYBQUHAwEGCCsGAQUFBwmCMDQGCCsGAQUFBwEBBCgwJjAk
BggrBgEFBQcwAYYYaHR0cDovL29jc2AudmVyaXNpZ24uY29tMEYGA1UdHwQ/MD0w
O6A5oDeGNWh0dHA6Ly9jcmwudmVyaxNpZ24uY29tL0NsYXNzM0ludGVybmF0aW9u
YWxTZXJ2ZXIuY3JsMBkGCmCGSAgG+E+f4Nfc3zYJODA5NzMwMTEyMA0GCSqGSIb3
DQEBBAUAA4GBAJ/PsVttmlDkQai5nLeudLceb1F4isXP17B68wXLkIeRu4Novu13
8lLZXnaR+acHeStR01b3rQPjgv2y1mwjkPmC1WjoeYfdxH7+Mbg/6fomnK9auWAT
WF0iFW/+a8OWRYQJLMA2VQOVhX4znjpGcVNY9AQSHm1UiESJy7vtd1iX
-----END CERTIFICATE-----
Copy and paste this certificate into an empty file called server.crt, which should reside in the
/etc/pki/tls/certs directory. Configure the SSLCertificateFile and SSLCertificateKeyFile
values in the SSL file (/etc/httpd/conf.d/ssl.conf) and restart your Web server:
# service httpd restart
Assuming your Web site was previously working fi ne, you can now view it in a secure fashion
by placing an “s” after the http in the Web address. So if you previously viewed your Web site
at www.acmemarina.com, you can now view it in a secure fashion by going to https://www.
acmemarina.com.
Creating self-signed certificates
Generating and running a self-signed SSL certificate is much easier than having a signed certificate. To generate a self-signed SSL certificate on a Fedora system, do the following:
1. Remove the key and certificate that currently exist:
# rm /etc/pki/tls/private/localhost.key
# rm /etc/pki/tls/certs/localhost.crt
415
Part III: Learning System Administration Skills
2. Create your own server key:
# cd /etc/pki/tls/certs
# make genkey
3. Create the self-signed certificate by typing the following:
# make testcert
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 >
/etc/pki/tls/private/localhost.key
Generating RSA private key, 1024 bit long modulus
.............................++++++
............................................................++++++
e is 65537 (0x10001)
Enter pass phrase: *******
Verifying - Enter pass phrase: *******
Enter pass phrase for /etc/pki/tls/private/localhost.key: *******
.
.
.
At this point, it is time to start adding some identifying information to the certificate. Before you
can do this, you must unlock the private key you just created. Do so by typing the password you
typed earlier. Then follow this sample procedure:
You will be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is called a Distinguished Name or DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
----Country Name (2 letter code) [GB]: US
State or Province Name (full name) [Berkshire]: Ohio
Locality Name (eg, city) [Newbury]: Cincinnati
Organization Name (eg, company) [My Company Ltd]:Industrial Press, Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname)
[]:www.industrialpressinc.com
Email Address []: webmaster@industrialpressinc.com
The generation process in this example creates the file named /etc/pki/tls/certs/localhost.crt. Within the virtual host you created in the /etc/httpd/conf.d/ssl.conf file,
identify the certificate file using the following directive:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
416
Chapter 12: Securing Linux
Then all you need to do is restart your Web server and add https instead of http in front of
your URL. Don’t forget that you’ll get a certificate validation message from your Web browser,
which you can safely ignore.
Restarting your Web server
By now you’ve probably noticed that your Web server requires you to enter your certificate password every time it is started. This is to prevent someone from breaking into your server and stealing your private key. Should this happen, you are safe in the knowledge that the private key is a
jumbled mess. The cracker will not be able to make use of it. Without such protection, a cracker
could get your private key and easily masquerade as you, appearing to be legitimate in all cases.
If you just cannot stand having to enter a password every time your Web server starts, and are
willing to accept the increased risk, you can remove the password encryption on your private
key. Simply do the following:
# cd /etc/pki/tls/private
# /usr/bin/openssl rsa -in localhost.key -out
Enter pass phrase for localhost.key: *******
localhost.key
You should now be able to restart the server without entering a pass phrase.
Troubleshooting your certificates
The following tips should help if you are having problems with your SSL certificate:
Only one SSL certificate per IP address is allowed. If you want to add more than one
SSL-enabled Web site to your server, you must bind another IP address to the network
interface.
Make sure you aren’t blocking port 443 on your Web server. All https requests come in
on port 443. If you are blocking it, you will not be able to get secure pages.
The certificate lasts for one year only. When that year is up, you have to renew your
certificate with your certificate authority. Each certificate authority has a different procedure for doing this; check the authority’s Web site for more details.
Make sure you have the mod_ssl package installed. If it is not installed, you will not be
able to serve any SSL-enabled traffic.
Using Security Tools from Linux Live CDs
If you suspect your computers or networks have been exploited, a wide range of security tools
is available for Linux that you can use to scan for viruses, do forensics, or monitor activities of
intruders. The best way to learn about and use many of these tools is by using dedicated, bootable Linux distributions built specifically for security.
417
Part III: Learning System Administration Skills
Advantages of security live CDs
One great advantage of using live CDs or DVDs to check the security of a system is that it separates the tools you use to check a system from the system itself. In other words, because the
tools for finding problems on an installed system may themselves be compromised, a live CD of
trusted software can be a good way to ensure that you are testing a potentially infected system
with clean tools.
If despite your best efforts (good passwords, firewalls, checking log files, and so on) you believe
an intruder may have gained control of your system, you can use a live CD to check it out.
Security live CDs such as SystemRescueCd, INSERT, and BackTrack (all included on this book’s
CD or DVD) are great tools for checking and fi xing your system.
Cross-Reference
See Chapter 28 for more information on bootable security and rescue CDs. Using INSERT to check for rootkits
If an intruder gains access to your Linux system, to try to take over control of that system (and
use it for more than just a hit-and-run), the intruder might install what is called a rootkit. A rootkit is a set of software that the intruder will use to
Carry out his intent (such as hosting false Web content from your server)
Hide his activities from your view
Rootkits can employ different methods for hiding what they do. Often a rootkit will replace common system commands with its own version of those commands. So, for example, replacing ls
and ps could be modified to not list the content added to your machine or not show certain processes running on your system, respectively.
The chkrootkit command is a good tool for checking for well-known rootkits, as well as for
generally checking system files to see whether they have been infected or not. This tool will
check for infections in disk-checking tools (such as du, find, and ls), process table tools (ps
and pstree), login-related commands (login, rlogin, slogin), and many other tools. Here’s
how to run chkrootkit from INSERT:
1. Insert the CD that comes with this book into the CD drive and reboot.
2. From the boot screen, choose Insert. INSERT should boot to a desktop.
3. To be able to check the Linux system installed on your hard disk, you need to mount
the partition representing your installed Linux system. Using the mount.app applet (displayed in the lower-right corner of the screen), click the arrows on that applet to click
thro