You may be contemplating your first Linux installation. Or you may

You may be contemplating your first Linux installation. Or you may
Running Linux, 5th Edition
By Matthias Kalle Dalheimer, Matt Welsh
Publisher: O'Reilly
Pub Date: December 2005
ISBN: 0-596-00760-4
Pages: 972
Table of Contents | Index
You may be contemplating your first Linux installation. Or you may have been using Linux for years
and need to know more about adding a network printer or setting up an FTP server. Running Linux,
now in its fifth edition, is the book you'll want on hand in either case. Widely recognized in the Linux
community as the ultimate getting-started and problem-solving book, it answers the questions and
tackles the configuration issues that frequently plague users, but are seldom addressed in other
This fifth edition of Running Linux is greatly expanded, reflecting the maturity of the operating system
and the teeming wealth of software available for it. Hot consumer topics such
as audio and video playback applications, groupware functionality, and spam filtering are covered,
along with the basics in configuration and management that always have made the book popular.
Running Linux covers basic communications such as mail, web surfing, and instant messaging, but
also delves into the subtleties of network configuration--including dial-up, ADSL, and cable modems-in case you need to set up your network manually. The book can
make you proficient on office suites and personal productivity applications--and also tells you what
programming tools are available if you're interested in contributing to these applications.
Other new topics in the fifth edition include encrypted email and filesystems, advanced shell
techniques, and remote login applications. Classic discussions on booting, package management,
kernel recompilation, and X configuration have also been updated.
The authors of Running Linux have anticipated problem areas, selected stable and popular solutions,
and provided clear instructions to ensure that you'll have a satisfying experience using Linux. The
discussion is direct and complete enough to guide novice users, while still providing the additional
information experienced users will need to progress in their mastery of Linux.
Whether you're using Linux on a home workstation or maintaining a network server, Running Linux
will provide expert advice just when you need it.
Running Linux, 5th Edition
By Matthias Kalle Dalheimer, Matt Welsh
Publisher: O'Reilly
Pub Date: December 2005
ISBN: 0-596-00760-4
Pages: 972
Table of Contents | Index
Organization of This Book
Conventions Used in This Book
Using Code Examples
How to Contact Us
Safari® Enabled
Part I: Enjoying and Being Productive on Linux
Chapter 1. Introduction to Linux
Section 1.1. About This Book
Section 1.2. Who's Using Linux?
Section 1.3. System Features
Section 1.4. About Linux's Copyright
Section 1.5. Open Source and the Philosophy of Linux
Section 1.6. Sources of Linux Information
Section 1.7. Getting Help
Chapter 2. Preinstallation and Installation
Section 2.1. Distributions of Linux
Section 2.2. Preparing to Install Linux
Section 2.3. Post-Installation Procedures
Section 2.4. Running into Trouble
Chapter 3. Desktop Environments
Section 3.1. Why Use a Graphical Desktop?
Section 3.2. The K Desktop Environment
Section 3.3. KDE Applications
Section 3.4. The GNOME Desktop Environment
Section 3.5. GNOME Applications
Chapter 4. Basic Unix Commands and Concepts
Section 4.1. Logging In
Section 4.2. Setting a Password
Section 4.3. Virtual Consoles
Section 4.4. Popular Commands
Section 4.5. Shells
Section 4.6. Useful Keys and How to Get Them to Work
Section 4.7. Typing Shortcuts
Section 4.8. Filename Expansion
Section 4.9. Saving Your Output
Section 4.10. What Is a Command?
Section 4.11. Putting a Command in the Background
Section 4.12. Remote Logins and Command Execution
Section 4.13. Manual Pages
Section 4.14. Startup Files
Section 4.15. Important Directories
Section 4.16. Basic Text Editing
Section 4.17. Advanced Shells and Shell Scripting
Chapter 5. Web Browsers and Instant Messaging
Section 5.1. The World Wide Web
Section 5.2. Instant Messaging
Chapter 6. Electronic Mail Clients
Section 6.1. Using KMail
Section 6.2. Using Mozilla Mail & News
Section 6.3. Getting the Mail to Your Computer with fetchmail
Section 6.4. OpenPGP Encryption with GnuPG
Chapter 7. Games
Section 7.1. Gaming
Section 7.2. Quake III
Section 7.3. Return to Castle Wolfenstein
Section 7.4. Unreal Tournament 2004
Section 7.5. Emulators
Section 7.6. Frozen Bubble
Section 7.7. Tux Racer
Chapter 8. Office Suites and Personal Productivity
Section 8.1. Using OpenOffice
Section 8.2. KOffice
Section 8.3. Other Word Processors
Section 8.4. Synching PDAs
Section 8.5. Groupware
Section 8.6. Managing Your Finances
Chapter 9. Multimedia
Section 9.1. Multimedia Concepts
Section 9.2. Kernel and Driver Issues
Section 9.3. Embedded and Other Multimedia Devices
Section 9.4. Desktop Environments
Section 9.5. Windows Compatibility
Section 9.6. Multimedia Applications
Section 9.7. Multimedia Toolkits and Development Environments
Section 9.8. Solutions to Common Problems
Section 9.9. References
Part II: System Administration
Chapter 10. System Administration Basics
Section 10.1. Maintaining the System
Section 10.2. Managing Filesystems
Section 10.3. Managing Swap Space
Section 10.4. The /proc Filesystem
Section 10.5. Device Files
Section 10.6. Scheduling Recurring Jobs Using cron
Section 10.7. Executing Jobs Once
Section 10.8. Managing System Logs
Section 10.9. Processes
Section 10.10. Programs That Serve You
Chapter 11. Managing Users, Groups, and Permissions
Section 11.1. Managing User Accounts
Section 11.2. File Ownership and Permissions
Section 11.3. Changing the Owner, Group, and Permissions
Chapter 12. Installing, Updating, and Compiling Programs
Section 12.1. Upgrading Software
Section 12.2. General Upgrade Procedure
Section 12.3. Automated and Bulk Upgrades
Section 12.4. Upgrading Software Not Provided in Packages
Section 12.5. Archive and Compression Utilities
Chapter 13. Networking
Section 13.1. Networking with TCP/IP
Section 13.2. Dial-Up PPP
Section 13.3. PPP over ISDN
Section 13.4. ADSL
Section 13.5. Cable Modems
Section 13.6. Network Diagnostics Tools
Chapter 14. Printing
Section 14.1. Printing
Section 14.2. Managing Print Services
Chapter 15. File Sharing
Section 15.1. Sharing Files with Windows Systems (Samba)
Section 15.2. NFS Configuration and NIS
Chapter 16. The X Window System
Section 16.1. A History of X
Section 16.2. X Concepts
Section 16.3. Hardware Requirements
Section 16.4. Installing
Section 16.5. Configuring
Section 16.6. Running X
Section 16.7. Running into Trouble
Section 16.8. X and 3D
Chapter 17. System Start and Shutdown
Section 17.1. Booting the System
Section 17.2. System Startup and Initialization
Section 17.3. Single-User Mode
Section 17.4. Shutting Down the System
Section 17.5. A Graphical Runlevel Editor: KSysV
Chapter 18. Configuring and Building the Kernel
Section 18.1. Building a New Kernel
Section 18.2. Loadable Device Drivers
Section 18.3. Loading Modules Automatically
Chapter 19. Text Editing
Section 19.1. Editing Files Using vi
Section 19.2. The (X)Emacs Editor
Chapter 20. Text Processing
Section 20.1. TeX and LaTeX
Section 20.2. XML and DocBook
Section 20.3. groff
Section 20.4. Texinfo
Part III: Programming
Chapter 21. Programming Tools
Section 21.1. Programming with gcc
Section 21.2. Makefiles
Section 21.3. Debugging with gdb
Section 21.4. Useful Utilities for C Programmers
Section 21.5. Using Perl
Section 21.6. Java
Section 21.7. Python
Section 21.8. Other Languages
Section 21.9. Introduction to OpenGL Programming
Section 21.10. Integrated Development Environments
Chapter 22. Running a Web Server
Section 22.1. Configuring Your Own Web Server
Chapter 23. Transporting and Handling Email Messages
Section 23.1. The Postfix MTA
Section 23.2. Procmail
Section 23.3. Filtering Spam
Chapter 24. Running an FTP Server
Section 24.1. Introduction
Section 24.2. Compiling and Installing
Section 24.3. Running ProFTPD
Section 24.4. Configuration
Part IV: Network Services
Chapter 25. Running Web Applications with MySQL and PHP
Section 25.1. MySQL
Section 25.2. PHP
Section 25.3. The LAMP Server in Action
Chapter 26. Running a Secure System
Section 26.1. A Perspective on System Security
Section 26.2. Initial Steps in Setting Up a Secure System
Section 26.3. TCP Wrapper Configuration
Section 26.4. Firewalls: Filtering IP Packets
Section 26.5. SELinux
Chapter 27. Backup and Recovery
Section 27.1. Making Backups
Section 27.2. What to Do in an Emergency
Chapter 28. Heterogeneous Networking and Running Windows Programs
Section 28.1. Sharing Partitions
Section 28.2. Emulation and Virtual Operating Systems
Section 28.3. Remote Desktop Access to Windows Programs
Section 28.4. FreeNX: Linux as a Remote Desktop Server
Appendix A. Sources of Linux Information
Section A.1. Linux Documentation Project
Section A.2. FTP Sites
Section A.3. World Wide Web Sites
About the Authors
Running Linux, Fifth Edition
by Matthias Kalle Dalheimer and Matt Welsh
Copyright © 2006, 2002, 1999, 1996, 1995 O'Reilly Media, Inc. All rights reserved. Printed in the
United States of America.
Published by O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O'Reilly books may be purchased for educational, business, or sales promotional use. Online editions
are also available for most titles ( For more information, contact our
corporate/institutional sales department: (800) 998-9938 or [email protected]
Andy Oram
Production Editor:
Adam Witwer
Production Services:
Argosy Publishing
Cover Designer:
Edie Freedman
Interior Designer:
David Futato
Printing History:
May 1995:
First Edition.
August 1996:
Second Edition.
August 1999:
Third Edition.
December 2002:
Fourth Edition.
December 2005:
Fifth Edition.
Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of
O'Reilly Media, Inc. The Linux series designations, Running Linux, images of the American West, and
related trade dress are trademarks of O'Reilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
trademarks. Where those designations appear in this book, and O'Reilly Media, Inc. was aware of a
trademark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher and authors
assume no responsibility for errors or omissions, or for damages resulting from the use of the
information contained herein.
ISBN: 0-596-00760-4
Technical knowledge is not enough. One must
transcend techniques so that the art becomes an artless
art, growing out of the unconscious.
Daisetsu Suzuki (1870-1966)
This is a book about Linux, a free, open source operating system that's changing the world of
computing. In this book, we show how you can completely change the way you work with computers by
exploring a powerful and free operating system. Linux goes against the traditional computing
mainstream, being developed by a loosely organized group of thousands of volunteers across the
Internet. Linux started as a real underground movement guerrilla hacking, if you will and brings a lot of
excitement, discovery, and self-empowerment back into today's corporate-dominated computing
culture. We invite you to dive in, enjoy yourself, and join the throng of people who know what it means
to tweak your dot clocks and rdev your kernel image.
The Zen quote at the beginning of this preface summarizes our philosophy in this book. We're targeting
readers who are inquisitive and creative enough to delve full-tilt into the world of Linux, and who want
to get at the heart of the system. Linux represents a rebellion against commercial and proprietary
operating systems, and many of its users like living on the edge of the latest technological trends. Of
course, the casual reader can set up and run a Linux system (or hundreds of them!) without much
trouble, but the purpose of this book is to dig more deeply into the system to bring you completely into
the Linux mentality, to reach Linux "enlightenment." Rather than gloss over messy details, we explain
the concepts by which the system actually works so that you can troubleshoot problems on your own.
By sharing the accumulated expertise of several Linux experts, we hope to give you enough confidence
to call yourself a true Linux Guru. (Your first koan: what is the sound of one user hacking?)
You have in your hands the fifth edition of Running Linux, and by most accounts this book is considered
the classic text on installing, maintaining, and learning to use a Linux system. The first edition was
published way back in 1996, and had its roots in a free book called Linux Installation and Getting
Started, which was written by Matt Welsh and is still floating around the Internet. Since Matt conceived
and wrote Running Linux, the book has gone through a lot of expansion and improvement to keep upto-date with the latest developments in the Linux world.
Kalle Dalheimer, a developer and consultant bringing a great deal of experience with both Linux
development and desktop applications, has become the lead author on the past three editions. Other
contributors over time have included Lar Kaufman (material on printing and other first-edition
material), Tom Adelstein (updates to the introductory chapter and substantial material on VMWare,
rdesktop, VNC, and FreeNX), Aaron Weber (GNOME, Evolution, Red Carpet, and ZENworks), Sam Hiser
(OpenOffice), Jay Ts (Samba), John H. Terpstra (updates to Samba and NFS), Jeff Tranter (multimedia,
sources of Linux information), Kyle Rankin (games), Breckin Loggins (GnuCash), Rod Smith (substantial
printing material, including CUPS), Kyle Dent (Postfix), Terry Dawson (material on security), Brian
Vincent (Wine and CodeWeaver), Chris Lawrence (Debian packaging), Vatafu Valerica (LAMP chapter),
Marc Mutz (material on public-key encryption and encypted filesystems), Steffen Hansen (material on
the GIMP, OpenGL, Postfix, and ProFTPd), Till Adam (material on groupware solutions for Linux), Jesper
Pedersen (material on kimdaba and Procmail, updates to the Python section), Michel Boyer de la
Giroday (PHP), Ivan Ristic (updates to Apache and LAMP chapters), and Jeffrey Dunitz (updates to the
backup chapter).
As Linux attracts more and more development, becoming increasingly appealing in new areas of use,
the challenge for a book like this is to continue its mission with an ever-increasing scope. This edition is
much bigger than any of the previous ones, and covers topics such as desktop tools that made only
cursory appearances earlier. No book can adequately capture everything there is to know about Linux,
so we've tried to ask at each turn what information is most valuable for a person exploring the system
and trying to get a firm basis for further self-education. Our approach has worked remarkably well over
the many editions, and we think this book will be of use to you for a long time to come.
In the preface to the first edition, we said that "Linux has the potential to completely change the face of
the PC operating system world." Looking back, it's clear that our prediction was right! Linux has erupted
into the computing mainstream with an amazing force: it has been covered by every major media
channel, has helped usher in the so-called Open Source Revolution, and is widely claimed as the most
viable competitor to Microsoft's dominance in the operating systems market. Today, most estimates
place the number of Linux users worldwide at well over 300 million. Linux has matured to the point
where many people can dive in and start using Linux without knowing most of the hairy details behind
device drivers, XFree86 configuration files, and bootloaders. Actually, a good Linux distribution these
days is just as easy to install as its commercial competitors such as Microsoft Windows. Still, we think
it's best to give you some of the behind-the-scenes views, so you have an understanding of the
workings of the system, even if it's not strictly necessary for casual Linux use.
Organization of This Book
Each chapter of this book contains a big chunk of information. It takes you into a world of material that
could easily take up several books. But we move quickly through the topics you need to know.
Part I of the book, "Enjoying and Being Productive on Linux," introduces Linux and brings you to the
point where you can do all the standard activities people do on other systems: emailing, web surfing,
playing games, watching videos, and so on.
Chapter 1, Introduction to Linux
Tries to draw together many different threads. It explains why Linux came to be and what it offers
that continues to attract new users and developers.
Chapter 2, Preinstallation and Installation
Describes preliminary tasks that you may have to do before installation, such as partitioning your
disk, and guidance for initial Linux installation and configuration.
Chapter 3, Desktop Environments
Helps you get comfortable navigating the desktop and the most important tools, including the
Evolution utility for mail, calendar, and managing contacts.
Chapter 4, Basic Unix Commands and Concepts
Offers a system administrator's introduction to Unix. It is intended to give you enough tools to
perform the basic tasks you'll need to do throughout the book. Basic commands are covered,
along with some tips for administrators and some concepts you should know.
Chapter 5, Web Browsers and Instant Messaging
Shows neat tricks and advanced uses for some of the popular and basic computer activities: web
browsing and instant messaging.
Chapter 6, Electronic Mail Clients
Introduces other mail clients, for people who want to try something besides Evolution, and shows
ways to secure email.
Chapter 7, Games
Explains the impressive array of games supported on Linux, both standalone and client/server.
Chapter 8, Office Suites and Personal Productivity
Explains how you can be just as productive in your office work on Linux as on the proprietary
alternatives. The main topics are the OpenOffice office suite, KOffice office suite, and the GnuCash
financial application, along with an introduction to groupware.
Chapter 9, Multimedia
Discusses audio and video, covering concepts you'll find useful, configuration for systems where
the tools don't work automatically, and a few common applications. The GIMP is also introduced
for image manipulation.
Part II of the book, "System Administration," shows you how to set up your Linux system and its
environment for such tasks as printing and sharing files with other systems; it also shows you how to
take care of your system in other ways.
Chapter 10, System Administration Basics
Covers system administration topics such as filesystems and swap space that are normally
handled automatically during installation, but sometimes need user intervention.
Chapter 11, Managing Users, Groups, and Permissions
Shows you the fundamental building blocks of security on Linux: managing users and access
rights (permissions).
Chapter 12, Installing, Updating, and Compiling Programs
Covers system updates, which are important both to get new features and applications and to fix
security flaws.
Chapter 13, Networking
Is a basic introduction to networking, which is usually set up during installation but is worth
understanding at a deeper level. The chapter shows you how to configure your system so that it
can work on a local area network or communicate with an Internet service provider using Pointto-Point Protocol (PPP). ISDN and ADSL are also covered.
Chapter 14, Printing
Shows you how to get Linux to recognize printers and to manage document printing.
Chapter 15, File Sharing
Covers file sharing, with a particular focus on Samba, which allows both file and printer sharing
with Windows systems.
Chapter 16, The X Window System
Shows you how to configure the X Window System, which underlies the desktops introduced in
Chapter 3. We show you how to overcome problems you might encounter when your distribution
installs the software and how to configure it for the best performance on your video hardware.
Chapter 17, System Start and Shutdown
Covers system startup and shutdown. Topics include the GRUB bootloader, which lets you choose
between operating systems at startup time, and how to get the right services going.
Chapter 18, Configuring and Building the Kernel
Explains how to update the kernel and its modules, which may be necessary to run new Linux
features or get drivers installed for your hardware.
Part III of the book, "Programming," starts exploring interesting advanced topics that make Linux a
powerful asset, such as programming.
Chapter 19, Text Editing
Offers in-depth tutorials on vi and Emacs, valuable text editors. Covers text processing, an
alternative to using word processors to format text documents.
Chapter 20, Text Processing
Describes tools for producing formatted documents from markup languages, including XML and
the older languages TEX, troff, and Texinfo.
Chapter 21, Programming Tools
Is a wide-ranging introduction to programming on Linux, introducing a number of languages, as
well as tools that you may find it useful to understand even if you are not a programmer.
Part IV of the book, "Network Services," introduces several services and other advanced networking
Chapter 22, Running a Web Server
Shows you how to set up and configure Apache, the most popular web server in the world.
Chapter 23, Transporting and Handling Email Messages
Covers the easy-to-use Postfix mail server and some other useful mail tools, such as
Chapter 24, Running an FTP Server
Shows a secure way to offer files for download.
Chapter 25, Running Web Applications with MySQL and PHP
Covers the M and P in the well-known acronym LAMP, introducing the basic configuration and use
of MySQL and PHP for use with Apache.
Chapter 26, Running a Secure System
Covers the ProFTPD web server, which is convenient for serving documents to colleagues or the
general public.
Chapter 27, Backup and Recovery
Basic techniques for the critical task of safeguarding your data.
Chapter 28, Heterogeneous Networking and Running Windows Programs
A wealth of ways to get the best out of two diffferent environments.
Appendix, Sources of Linux Information
Tells you about useful online documentation for Linux and other sources of help.
Conventions Used in This Book
The following is a list of the typographical conventions used in this book:
Is used for file and directory names, command names, command-line options, email addresses
and pathnames, usernames, hostnames, site names, and all new terms.
Constant Width
Is used in examples to show the contents of files or the output from commands, to indicate
environment variables and keywords that appear in code, and for Emacs commands.
Constant Width Bold
Is used in examples to show commands or other text that should be typed literally by the user.
Constant Width Italic
Is used to indicate variable options, keywords, or text that the user is to replace with an actual
This icon designates a note, which is an important aside to the nearby text.
This icon designates a warning relating to the nearby text.
Using Code Examples
This book is here to help you get your job done. In general, you may use the code in this book in your
programs and documentation. You do not need to contact us for permission unless you're reproducing a
significant portion of the code. For example, writing a program that uses several chunks of code from
this book does not require permission. Selling or distributing a CD-ROM of examples from O'Reilly books
does require permission. Answering a question by citing this book and quoting example code does not
require permission. Incorporating a significant amount of example code from this book into your
product's documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the title, author,
publisher, and ISBN. For example: "Running Linux, Fifth Edition by Matthias Kalle Dalheimer and Matt
Welsh. Copyright 2006 O'Reilly Media, Inc., 0-596-00760-4."
If you feel your use of code examples falls outside fair use or the permission given above, feel free to
contact us at [email protected]
How to Contact Us
We have tested and verified the information in this book to the best of our ability, but you may find that
features have changed (or even that we have made mistakes!). Please let us know about any errors you
find, as well as your suggestions for future editions, by writing to:
O'Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
800-998-9938 (in the U.S. or Canada)
707-829-0515 (international or local)
707-829-0104 (fax)
You can send us messages electronically. To be put on the mailing list or to request a catalog, send
email to:
[email protected]
To ask technical questions or to comment on the book, send email to:
[email protected]
We have a web site for the book, where we'll list examples, errata, and any plans for future editions.
You can access this page at:
For more information about this book and others, see the O'Reilly web site:
Safari® Enabled
When you see a Safari® Enabled icon on the cover of your favorite technology book, that
means the book is available online through the O'Reilly Network Safari Bookshelf.
Safari offers a solution that's better than e-books. It's a virtual library that lets you easily search
thousands of top tech books, cut and paste code samples, download chapters, and find quick answers
when you need the most accurate, current information. Try it for free at
This book is the result of many people's efforts, and as expected, it would be impossible to list them all
here. First of all, we would like to thank Andy Oram, who did an excellent job of editing, writing, and
whip-cracking to get this book into shape. Apart from being the overall editor, Andy contributed the
Unix tutorial chapter and the Gaim section as well as material for the X and Perl sections. It was Andy
who approached us about writing for O'Reilly in the first place, and he has demonstrated the patience of
a saint when waiting for our updates to trickle in.
Because this book has grown so much in size and scope, its topics have become too diverse for one
person, or even a small set of coauthors. Therefore, we have drawn in experts in a number of subject
areas, listed near the beginning of the preface, to write substantial material.
We would also like to thank the following people for their work on the Linux operating system without
all of them, there wouldn't be anything to write a book about: Linus Torvalds, Richard Stallman, Donald
Becker, Alan Cox, Remy Card, Eric Raymond, Ted T'so, H. J. Lu, Miguel de Icaza, Ross Biro, Drew
Eckhardt, Ed Carp, Eric Youngdale, Fred van Kempen, Steven Tweedie, Patrick Volkerding, Dirk
Hohndel, Matthias Ettrich, and all of the other hackers, from the kernel grunts to the lowly docos, too
numerous to mention here.
Special thanks to the following people for their contributions to the Linux Documentation Project,
technical review of this book, or general friendliness and support: Phil Hughes, Melinda McBride, Bill
Hahn, Dan Irving, Michael Johnston, Joel Goldberger, Michael K. Johnson, Adam Richter, Roman
Yanovsky, Jon Magid, Erik Troan, Lars Wirzenius, Olaf Kirch, Greg Hankins, Alan Sondheim, Jon David,
Anna Clark, Adam Goodman, Lee Gomes, Rob Walker, Rob Malda, Jeff Bates, and Volker Lendecke.
For the third edition, we thank Phil Hughes, Robert J. Chassell, Tony Cappellini, Craig Small, Nat
Makarevitch, Chris Davis, Chuck Toporek, Frederic HongFeng, and David Pranata for wide-ranging
comments and corrections. Particularly impressive were the efforts put in by an entire team of Debian
developers and users, organized for us by Ossama Othman and Julian T. J. Midgley. Julian set up a CVS
repository for comments, and the book was examined collectively by him, Chris Lawrence, Robert J.
Chassell, Kirk Hilliard, and Stephen Zander.
For the fourth edition, we thank David Collier-Brown, Oliver Flimm, Phil Hughes, Chris Lawrence, Rich
Payne, Craig Small, Jeff Tranter, and Aaron Weber for their reviews.
For the fifth edition, we thank Ben Hyde, Cheridy Jollie, Chris Lawrence, Ellen Siever, and Jeff Tranter.
Kalle would like to thank Valerica Vatafu from Buzau, Romania, for lots of help with the chapter about
LAMP. He would also like to thank his colleagues in his company Klarälvdalens Datakonsult AB Michel
Boyer de la Giroday, Tanja Dalheimer, Steffen Hansen, Jesper Pedersen, Lutz Rogowski, Karl-Heinz
Zimmer, Tobias Larsson, Romain Pokrzywka, David Faure, Marc Mutz, Tobias Larsson, and Till Adam for
their constructive comments on drafts of the book as well as for being general "Linux thought
Part I: Enjoying and Being Productive on
This part of the book introduces Linux and brings you to the point where you can do all the
standard activities people do on other systems: emailing, web surfing, playing games, watching
videos, and so on.
Chapter 2 is worth reading even if you plan to install Linux from an easy-to-use distribution.
Fundamental considerations, such as how much disk space to devote to different parts of your
system, indicate that some planning lies behind every installation.
The vast majority of Linux installations go well and make the features discussed in this part of the
book available to system users. If you have trouble, though, the more advanced material in other
parts of the book can help you, along with online documentation and more specialized texts.
Chapter 1: Introduction to Linux
Chapter 2: Preinstallation and Installation
Chapter 3: Desktop Environments
Chapter 4: Basic Unix Commands and Concepts
Chapter 5: Web Browsers and Instant Messaging
Chapter 6: Electronic Mail Clients
Chapter 7: Games
Chapter 8: Office Suites and Personal Productivity
Chapter 9: Multimedia
Chapter 1. Introduction to Linux
Welcome to Running Linux, Version 5! When we wrote the first edition of this book, Linux had barely
arrived on the scene. Our task seemed simple: help readers learn the basics of a new operating system
that required a pretty fixed and predictable set of tasks. Few if any observers expected Linux would
become a best-of-breed operating system, supported by the vast majority of hardware and software
manufacturers on the planet. Who would have known that Linux would grow from a small user base of
30,000 people in 1995 to hundreds of millions only 10 years later? People use Linux everywhere on the
planet and in some cases in outer space and under the ocean.
To the casual observer, Linux looks like a fairly simple personal computer desktop built on the same
chassis as any IBM PC. People use Linux to browse the Internet, exchange email, listen to music, watch
videos, and instant message their friends and coworkers. Students and office workers create documents
with word processors, perform numerous tasks with spreadsheet programs, and make slide
The same Linux operating system also drives sonar arrays in nuclear submarines, indexes every
document on the Internet, unifies large corporate data centers, runs nearly 70% of all web sites in the
world, records your television programs, works in your cellular phone, and runs the switches that allow
you to connect with your friends and family anywhere on the globe. Linux runs systems on the
international space station as well as the shuttles that take astronauts there. It protects you from spam
and computer viruses on numerous routers and back-end systems.
You can benefit directly from installing Linux on a system at home, at school, or in the office, and
having all that power at your fingertips. Not only can you carry on everyday surfing and office work, but
you can also learn how to write database queries, administer a web server, filter mail for spam and
viruses, automate your environment through scripting languages, access web services, and participate
in the myriad of other cutting-edge activities provided by modern computing.
How does Linux do all those things? Linux distributions harvest vast amounts of diverse technology,
especially new and innovative developments in hardware. Developers have access to all the code that
makes up the operating system. Although many people consider Linux the largest cooperative software
development project in human history, Linux developers don't need to even know each other. If
someone wants to write a software application, all he has to do is download the Linux code or visit its
documentation site. If you started counting people who have contributed to the development of Linux
and its associated projects, you would see hundreds of thousands of individuals.
Linux and open source software developers come from many walks of life. Major computer vendors such
as IBM, HP, Novell, Red Hat, Sun, Dell, and others pay portions of their staffs to work on Linux.
Universities around the globe sponsor projects and foundations that contribute to Linux. The U.S.
Department of Defense, NASA, and the National Security Agency have paid for numerous pieces of the
Linux operating system. Developing countries such as China, Brazil, Malaysia, South Africa, and Viet
Nam, to mention a few, have added to the Linux base. Industrial giants such as Germany, Australia,
Japan, the United Kingdom, and others have also made their presence felt. But in the very midst of
those giants, many individuals such as you and me have also contributed to Linux.
During the 1990s, Linux generated more excitement in the computer field than any other development
since the advent of microprocessor technology. Linux rejuvenated a dying technology sector following
the fall of the dot-com boom in the spring of 2001. Today, Linux has surpassed the expectations of
informed observers worldwide, including the authors of this book.
Early on, Linux inspired and captured the loyalty of its users. Technologists interested in the server side
of the Internet needed to become familiar with the operating systems that ran web sites, domain name
services, and email and service providers. Traditional software manufacturers priced their systems out
of the range of those wanting to gain webmaster-type skills. Many people viewed Linux as a godsend
because you could download it for free and gain the skills necessary to become a webmaster or system
administrator while working on relatively low-cost hardware.
Originally, people saw Linux as simply an operating system kernel, offering the basic services of process
scheduling, virtual memory, file management, and handling of hardware peripherals such as hard
drives, DVDs, printers, terminals, and so forth. Other Internet operating systems belonged to the Unix
family, which became available for commercial sale only after the breakup of AT&T and the Bell
Operating Systems.
To skirt the legal issues surrounding AT&T's Unix, the Free Software Foundation (FSF) created a
plethora of applications that performed many of the functions of basic Unix while using totally original
FSF code instead of code produced by Bell Labs. This collection of FSF software was called GNU. To
become a complete operating system, however, FSF needed a kernel. Although their own efforts in that
area stalled, an operating system fitting the bill arose unexpectedly from efforts by a student at the
University of Helsinki in Finland: Linus Torvalds.
People now use the term "Linux" to refer to the complete systemthe kernel along with the many
applications that it runs: a complete development and work environment including compilers, editors,
graphical interfaces, text processors, games, and more. FSF proponents ask that this broader collection
of software be known as "GNU/Linux."
1.1. About This Book
This book provides an overview and guide to Linux as a desktop and a back-office system. We present
information on topics to satisfy novices and wizards alike. This book should provide sufficient material
for almost anyone to choose the type of installation they want and get the most out of it. Instead of
covering many of the volatile technical detailsthose things that tend to change with Linux's rapid
developmentwe give you the information that helps you over the bumps as you take your first steps
with popular distributions, as well as background you will need if you plan to go onto more advanced
Linux topics such as web services, federated identity management, high-performance computing, and
so on.
We geared this book for those people who want to understand the power that Linux can provide. Rather
than provide minimal information, we help you see how the different parts of the Linux system work, so
you can customize, configure, and troubleshoot the system on your own. Linux is not difficult to install
and use. Many people consider it easier and faster to set up than Microsoft Windows. However, as with
any commercial operating system, some black magic exists, and you will find this book useful if you
plan to go beyond desktop Linux and use web services or network management services.
In this book, we cover the following topics:
The design and philosophy of the Linux operating system, and what it can do for you.
Information on what you need to run Linux, including suggestions on hardware platforms and how
to configure the operating system depending on its specified role (e.g., desktop, web server,
database and/or application server).
How to obtain and install Linux. We cover the Red Hat, SUSE, and Debian distributions in more
detail than others, but the information is useful in understanding just about any distribution.
An introduction, for new users, to the original Linux/Unix system philosophy, including the most
important commands and concepts still in use.
Personal productivity through slick and powerful office suites, image manipulation, and financial
The care and feeding of the Linux system, including system administration and maintenance,
upgrading the system, and how to fix things when they don't work.
Expanding the basic Linux system and desktop environments with power tools for the technically
The Linux programming environment. The tools of the trade for programming and developing
software on the Linux system.
Using Linux for telecommunications and networking, including the basics of TCP/IP configuration,
PPP for Internet connectivity over a modem, ISDN configuration, ADSL, cable, email, news, and
web accesswe even show how to configure a Linux system as a web and database server.
Linux for fun: audio, video, and games.
Many things exist that we'd love to show you how to do with Linux. Unfortunately, to cover them all,
this book would be the size of the unabridged Oxford English Dictionary and would be impossible for
anyone (let alone the authors) to maintain. Instead we've included the most salient and interesting
aspects of the system and show you how to find out more.
Although much of the discussion in this book is not overly technical, you'll find it easier to navigate if
you have some experience with the command line and the editing of simple text files. For those who
don't have such experience, we have included a short tutorial in Chapter 4. Part 2 of the book is an
exploration of system administration that can help even seasoned technicians run Linux in a server
If you are new to Linux and want more system-oriented information, you'll want to pick up an additional
guide to command-line basics. We don't dwell for long on the fundamentals, preferring instead to skip
to the fun parts of the system. At any rate, although this book should be enough to get you functional
and even seasoned in the use of Linux, you may have requirements that will take you into specialized
areas. See Appendix A for a list of sources of information.
1.2. Who's Using Linux?
Application developers, system administrators, network providers, kernel hackers, students, and
multimedia authors are just a few of the categories of people who find that Linux has a particular
Programmers are increasingly using Linux because of its extensibility and low costthey can pick up a
complete programming environment for free and run it on inexpensive PC hardwareand because Linux
offers a great development platform for portable programs. In addition to the original FSF tools, Linux
can utilize a number of development environments that have surfaced over the last three years, such as
Eclipse ( Eclipse is quite a phenomenon: a tribute to both the creativity of the open
source community and the fertility of a collaboration between an open source community and a major
vendor (Eclipse was originally developed and released by IBM). It is an open source community focused
on providing an extensible development platform and application frameworks for building software.
Eclipse's tools and frameworks span the software development life cycle, including support for
modeling; language development environments for Java?, C/C++, and other languages; testing and
performance; business intelligence; rich client applications; and embedded development. A large,
vibrant ecosystem of major technology vendors, innovative startups, universities, and research
institutions and individuals extend, complement, and support the Eclipse platform.
Networking is one of Linux's strengths. Linux has been adopted by people who run large networks
because of its simplicity of management, performance, and low cost. Many Internet sites make use of
Linux to drive large web servers, e-commerce applications, search engines, and more. Linux is easy to
merge into a corporate or academic network because it supports common networking standards. These
include both old stand-bys, such as the Network File System (NFS) and Network Information Service
(NIS), and more prominent systems used in modern businesses, such as Microsoft file sharing (CIFS
and related protocols) and Lightweight Directory Access Protocol (LDAP). Linux makes it easy to share
files, support remote logins, and run applications on other systems. A software suite called Samba
allows a Linux machine to act as a Windows server in Active Directory environments. The combination
of Linux and Samba for this purpose is faster (and less expensive) than running Windows Server 2003.
In fact, given the ease with which Linux supports common networking activitiesDHCP, the Domain
Name System, Kerberos security, routingit's hard to imagine a corporate networking task for which it's
One of the most popular uses of Linux is in driving large enterprise applications, including web servers,
databases, business-to-business systems, and e-commerce sites. Businesses have learned that Linux
provides an inexpensive, efficient, and robust system capable of driving the most mission-critical
As just one example among the many publicized each month, Cendant Travel Distribution Services put
its Fares application on a Linux Enterprise Server with IBM xSeries and BladeCenter servers as the
hardware platforms. The move reduced expenditures by 90% while achieving 99.999% availability and
handling 300 to 400 transactions per second.
Linux's ease of customizationeven down to the guts of the kernelmakes the system very attractive for
companies that need to exercise control over the inner workings of the system. Linux supports a range
of technologies that ensure timely disk access and resistance to failure, from RAID (a set of mechanisms
that allow an array of disks to be treated as a single logical storage device) to the most sophisticated
storage area networks. These greatly increase reliability and reduce the costs of meeting new regulatory
demands that require the warehousing of data for as long as 30 years.
The combination of Linux, the Apache web server, the MySQL database engine, and the PHP scripting
language is so common that it has its own acronymLAMP. We cover LAMP in more detail in Chapter 25.
Kernel hackers were the first to come to Linuxin fact, the developers who helped Linus Torvalds create
Linux are still a formidable community. The Linux kernel mailing lists see a great deal of activity, and
it's the place to be if you want to stay on the bleeding edge of operating system design. If you're into
tuning page replacement algorithms, twiddling network protocols, or optimizing buffer caches, Linux is
a great choice. Linux is also good for learning about the internals of operating system design, and an
increasing number of universities make use of Linux systems in advanced operating system courses.
Finally, Linux is becoming an exciting forum for multimedia because it's compatible with an enormous
variety of hardware, including the majority of modern sound and video cards. Several programming
environments, including the MESA 3D toolkit (a free OpenGL implementation), have been ported to
Linux; OpenGL is introduced in "Introduction to OpenGL Programming" in Chapter 21. The GIMP (a free
Adobe Photoshop work-alike) was originally developed under Linux, and is becoming the graphics
manipulation and design tool of choice for many artists. Many movie production companies regularly
use Linux as the workhorse for advanced special-effects renderingthe popular movies Titanic and The
Matrix used "render farms" of Linux machines to do much of the heavy lifting.
Linux systems have traveled the high seas of the North Pacific, managing telecommunications and data
analysis for oceanographic research vessels. Linux systems are used at research stations in Antarctica,
and large "clusters" of Linux machines are used at many research facilities for complex scientific
simulations ranging from star formation to earthquakes, and in Department of Energy laboratories
helping to bring new sources of energy to everyone. On a more basic level, hospitals use Linux to
maintain patient records and retrieve archives. The U.S. judiciary uses Linux to manage its entire
infrastructure, from case management to accounting. Financial institutions use Linux for real-time
trading of stocks, bonds, and other financial instruments. Linux has taken over the role that Unix used
to play as the most reliable operating system.
1.3. System Features
Linux has surpassed the features found in implementations of Unix and Windows. With the changes
offered by IBM's Power Architecture, for example, Linux provides functionality for commodity hardware
normally only found on the most expensive mainframes. Additionally, the latest kernels include the
structure of Security Enhanced Linux (SELinux) provided by the National Security Agency
( SELinux provides the most trusted computing environment available
Now add Linux's ability to provide virtualization at the kernel level. Through Xen
(, Linux can securely execute multiple virtual machines, each
running its own operating system, on a single physical system. This allows enterprises to stop server
sprawl and increase CPU utilization.
1.3.1. A Bag of Features
This section provides a nickel tour of Linux features.
Linux is a complete multitasking , multiuser operating system (as are all other versions of Unix). This
means that many users can be logged onto the same machine at once, running multiple programs
simultaneously. Linux also supports multiprocessor systems (such as dual-Pentium motherboards), with
support for up to 32 processors in a system,[*] which is great for high-performance servers and
scientific applications.
On a 32-bit architecture; on a 64-bit architecture, up to 64 CPUs are supported, and patches are available that support up to 256 CPUs.
The Linux system is mostly compatible with a number of Unix standards (inasmuch as Unix has
standards) on the source level, including IEEE POSIX.1, System V, and BSD features. Linux was
developed with source portability in mind: therefore, you will probably find features in the Linux system
that are shared across multiple Unix implementations. A great deal of free Unix software available on
the Internet and elsewhere compiles on Linux out of the box.
If you have some Unix background, you may be interested in some other specific internal features of
Linux, including POSIX job control (used by shells such as the C shell, csh, and bash), pseudoterminals
(pty devices), and support for national or customized keyboards using dynamically loadable keyboard
drivers. Linux also supports virtual consoles , which allow you to switch between multiple login sessions
from the system console in text mode. Users of the screen program will find the Linux virtual console
implementation familiar (although nearly all users make use of a GUI desktop instead).
Linux can quite happily coexist on a system that has other operating systems installed, such as
Windows 95/98, Windows NT/2000/XP, Mac OS, and Unix-like operating systems such as the variants of
BSD. The Linux bootloader (LILO ) and the GRand Unified Bootloader (GRUB ) allow you to select which
operating system to start at boot time, and Linux is compatible with other bootloaders as well (such as
the one found in Windows XP).
Linux can run on a wide range of CPU architectures, including the Intel x86 (the whole Pentium line),
Itanium, SPARC/UltraSPARC, AMD 64 ("Hammer"), ARM, PA-RISC, Alpha, PowerPC, MIPS, m68k, and
IBM 390 and zSeries mainframes. Linux has also been ported to a number of embedded processors, and
stripped-down versions have been built for various PDAs, including the PalmPilot and Compaq iPaq. In
the other direction, Linux is being considered for top-of-the-line computers as well. Hewlett-Packard has
a supercomputer with Linux as the operating system. A large number of scalable
clusterssupercomputers built from arrays of PCsrun Linux as well.
Linux supports various filesystem types for storing data. Some filesystems, such as the Second
Extended Filesystem (ext2fs), have been developed specifically for Linux. Other Unix filesystem types,
such as the Minix-1 and Xenix filesystems, are also supported. The Windows NTFS, VFAT (Windows
95/98), and FAT (MS-DOS) filesystems have been implemented as well, allowing you to access Windows
files directly. Support is included for Macintosh, OS/2, and Amiga filesystems as well. The ISO 9660 CDROM filesystem type, which reads all standard formats of CD-ROMs, is also supported. We talk more
about filesystems in Chapter 2 and Chapter 10.
Networking support is one of the greatest strengths of Linux, in terms of both functionality and
performance. Linux provides a complete implementation of TCP/IP networking. This includes device
drivers for many popular Ethernet cards, PPP and SLIP (allowing you to access a TCP/IP network via a
serial connection or modem), Parallel Line Internet Protocol (PLIP), and ADSL. Linux also supports the
modern IPv6 protocol suite, and many other protocols, including DHCP, Appletalk, IRDA, DECnet, and
even AX.25 for packet radio networks. The complete range of TCP/IP clients and services is supported,
such as FTP, Telnet, NNTP, and Simple Mail Transfer Protocol (SMTP), the Sun RPC protocols allowing
NFS and NIS, and the Microsoft protocols allowing participation in a Microsoft domain. The Linux kernel
includes complete network firewall support, allowing any Linux machine to screen network packets and
prevent unauthorized access to an intranet, for example.
It is widely held that networking performance under Linux is superior to other operating systems. We
talk more about networking in Chapter 13 and Part IV.
1.3.2. Kernel
The kernel is the guts of the operating system itself; it's the code that controls the interface between
user programs and hardware devices, the scheduling of processes to achieve multitasking, and many
other aspects of the system. The kernel is not a separate process running on the system. Instead, you
can think of the kernel as a set of routines, constantly in memory, to which every process has access.
Kernel routines can be called in a number of ways. One direct method to utilize the kernel is for a
process to execute a system call, which is a function that causes the kernel to execute some code on
behalf of the process. For example, the read system call will read data from a file descriptor. To the
programmer, this looks like any other C function, but in actuality the code for read is contained within
the kernel.
The Linux kernel is known as a monolithic kernel, in that all core functions and device drivers are part of
the kernel proper. Some operating systems employ a microkernel architecture whereby device drivers
and other components (such as filesystems and memory management code) are not part of the
kernelrather, they are treated as independent services or regular user applications. There are
advantages and disadvantages to both designs: the monolithic architecture is more common among
Unix implementations and is the design employed by classic kernel designs, such as System V and BSD.
Linux does support loadable device drivers (which can be loaded and unloaded from memory through
user commands); this is covered in Chapter 18.
The Linux kernel on Intel platforms is developed to use the special protected-mode features of the Intel
x86 processors (starting with the 80386 and moving on up to the current Pentium 4). In particular,
Linux makes use of the protected-mode descriptor-based memory management paradigm and many of
the other advanced features of these processors. Anyone familiar with x86 protected-mode
programming knows that this chip was designed for a multitasking system such as Unix (the x86 was
actually inspired by Multics). Linux exploits this functionality.
Like most modern operating systems, Linux is a multiprocessor operating system: it supports systems
with more than one CPU on the motherboard. This feature allows different programs to run on different
CPUs at the same time (or "in parallel"). Linux also supports threads, a common programming
technique that allows a single program to create multiple "threads of control" that share data in
memory. Linux supports several kernel-level and user-level thread packages, and Linux's kernel threads
run on multiple CPUs, taking advantage of true hardware parallelism. The Linux kernel threads package
is compliant with the POSIX 1003.1c standard.
The Linux kernel supports demand-paged loaded executables. That is, only those segments of a
program that are actually used are read into memory from disk. Also, if multiple instances of a program
are running at once, only one copy of the program code will be in memory. Executables use dynamically
linked shared libraries, meaning that executables share common library code in a single library file
found on disk. This allows executable files to occupy much less space on disk. This also means that a
single copy of the library code is held in memory at one time, thus reducing overall memory usage.
There are also statically linked libraries for those who wish to maintain "complete" executables without
the need for shared libraries to be in place. Because Linux shared libraries are dynamically linked at
runtime, programmers can replace modules of the libraries with their own routines.
In order to make the best use of the system's memory, Linux implements so-called virtual memory with
disk paging. That is, a certain amount of swap space [*] can be allocated on disk. When applications
require more physical memory than is actually installed in the machine, it will swap inactive pages of
memory out to disk. (A page is simply the unit of memory allocation used by the operating system; on
most architectures, it's equivalent to 4 KB.) When those pages are accessed again, they will be read
from disk back into main memory. This feature allows the system to run larger applications and support
more users at once. Of course, swap is no substitute for physical RAM; it's much slower to read pages
from disk than from memory.
[*] If you are a real OS geek, you will note that swap space is inappropriately named: entire processes are not swapped, but rather individual
pages of memory are paged out. Although in some cases entire processes will be swapped out, this is not generally the case. The term "swap
space" originates from the early days of Linux and should technically be called "paging space."
The Linux kernel keeps portions of recently accessed files in memory, to avoid accessing the (relatively
slow) disk any more than necessary. The kernel uses all the free memory in the system for caching disk
accesses, so when the system is lightly loaded a large number of files can be accessed rapidly from
memory. When user applications require a greater amount of physical memory, the size of the disk
cache is reduced. In this way physical memory is never left unused.
To facilitate debugging , the Linux kernel generates a core dump of a program that performs an illegal
operation, such as accessing an invalid memory location. The core dump, which appears as a file called
core in the directory that the program was running, allows the programmer to determine the cause of
the crash. We talk about the use of core dumps for debugging in the section "Examining a Core File" in
Chapter 21.
1.3.3. Commands and Shells
The most important utility to many users is the shell. The shell is a program that reads and executes
commands from the user. In addition, many shells provide features such as job control (allowing the
user to manage several running processes at oncenot as Orwellian as it sounds), input and output
redirection, and a command language for writing shell scripts. A shell script is a file containing a
program in the shell command language, analogous to a "batch file" under Windows.
Many types of shells are available for Linux. The most important difference between shells is the
command language. For example, the C shell (csh) uses a command language somewhat like the C
programming language. The classic Bourne shell uses a different command language. One's choice of a
shell is often based on the command language it provides. The shell that you use defines, to some
extent, your working environment under Linux.
No matter what Unix shell you're accustomed to, some version of it has probably been ported to Linux.
The most popular shell is the GNU Bourne Again Shell (bash), a Bourne shell variant. bash includes
many advanced features, such as job control, command history, command and filename completion, an
Emacs-like (or optionally, a vi-like) interface for editing the command line, and powerful extensions to
the standard Bourne shell language. Another popular shell is tcsh, a version of the C shell with
advanced functionality similar to that found in bash. Recently, zsh, with very advanced completion
facilities, has found a lot of followers. Other shells include the Korn shell (ksh), BSD's ash, and rc, the
Plan 9 shell.
What's so important about these basic utilities? Linux gives you the unique opportunity to tailor a
custom system to your needs. For example, if you're the only person who uses your system, and you
prefer to use the vi editor and the bash shell exclusively, there's no reason to install other editors or
shells. The "do it yourself" attitude is prevalent among Linux hackers and users.
1.3.4. Text Processing and Word Processing
Almost every computer user has a need for some kind of document preparation system. (In fact, one of
the authors has almost entirely forgotten how to write with pen and paper.) In the PC world, word
processing is the norm: it involves editing and manipulating text (often in a "what you see is what you
get" [WYSIWYG] environment) and producing printed copies of the text, complete with figures, tables,
and other garnishes.
As you will see in this book, Linux supports attractive and full-featured WYSIWYG tools. In Chapter 8
we'll discuss OpenOffice (a free version of a propriety product, StarOffice, released by Sun Microsystems
when it bought the suite's manufacturer), and KOffice, both of which are tightly integrated suites that
support word processing, spreadsheets, and other common office tasks. These don't support all the
features of Microsoft Office, but by the same token, they have some valuable features that Microsoft
Office lacks. If you want to run Microsoft Office, you can do so through Wine, which we mention later.
There is a role for other ways to create documents, though. The system configuration files you need to
edit on Linux from time to time, as well as programming for application development, require the use of
simple text processing. The most popular tools for creating such documents are vi and Emacs, described
in detail in Chapter 19.
Text processing can also be used with separate formatting tools to create very readable and attractive
documents. With a text processing system, the author enters text using a "typesetting language" that
describes how the text should be formatted. Once the source text (in the typesetting language) is
complete, a user formats the text with a separate program, which converts the source to a format
suitable for printing. This is somewhat analogous to programming in a language such as C, and
"compiling" the document into a printable form.
The most famous text formatting language is HTML, the markup language used by virtually every page
on the World Wide Web. Another popular text processing language is DocBook XML, a kind of industrystandard set of tags for marking up technical documentation, which is also used by the Linux
Documentation Project (to be discussed later in this chapter).
We'll look at several text formatting systems in Chapter 20, Text Processing: TEX (developed by Donald
Knuth of computer science fame) and its dialect LATEX, groff, the GNU version of the classic troff text
formatter originally developed by Bell Labs); Texinfo (an extension to TEX used for software
documentation by the Free Software Foundation); and Docbook.
1.3.5. Commercial Applications
In addition to the more than fifteen hundred Linux applications maintained by Linux distributors such as
Debian, a groundswell of support exists from commercial application developers for Linux. These
products include office productivity suites, word processors, scientific applications, network
administration utilities, ERP packages such as Oracle Financials and SAP, and large-scale database
engines. Linux has become a major force in the commercial software market, so you may be surprised
to find how many popular commercial applications are available for Linux. We can't possibly discuss all
of them here, so we'll only touch on the most popular applications and briefly mention some of the
Oracle, IBM, Informix, Sybase, and Interbase have released commercial database engines for Linux.
Many of the Linux database products have demonstrated better performance than their counterparts
running on Windows servers.
One very popular database for Linux is MySQL , a free and easy-to-use database engine. Because
MySQL is easy to install, configure, and use, it has rapidly become the database engine of choice for
many applications that can forego the complexity of the various proprietary engines. Furthermore, even
though it's free software, MySQL is supported professionally by the company that developed it, MySQL
AB. We describe the basic use of MySQL in Chapter 25.
MySQL does not include some of the more advanced features of the proprietary databases, however.
Some database users prefer the open source database PostgresSQL, and Red Hat features it in some of
its products. On the other hand, MySQL is catching up really quickly; the next version will contain
support for distributed databases, for example.
A wide range of enterprise applications is available for Linux in addition to databases. Linux is one of
the most popular platforms for Internet service hosting, so it is appropriate that high-end platforms for
scalable web sites, including JBoss, BEA WebLogic, and IBM WebSphere, have been released for Linux.
Commercial, high-performance Java Virtual Machines and other software are available from Sun, IBM,
and other vendors. IBM has released the popular Lotus Domino messaging and web application server,
as well as the WebSphere MQ (formerly MQSeries) messaging platform.
Scientists, engineers, and mathematicians will find that a range of popular commercial products are
available for Linux, such as Maple, Mathematica, MATLAB, and Simulink. Other commercial applications
for Linux include high-end CAD systems, network management tools, firewalls, and software
development environments.
1.3.6. Programming Languages and Utilities
Linux provides a complete Unix programming environment, including all the standard libraries,
programming tools, compilers, and debuggers that you would expect to find on other Unix systems. The
most commonly used compiler on Linux is the GNU's Compiler Collection, or gcc. gcc is capable of
compiling C, C++, Objective C (another object-oriented dialect of C), Chill (a programming language
mainly used for telecommunications), FORTRAN, and Java. Within the Unix software development
world, applications and systems programming is usually done in C or C++, and gcc is one of the best
C/C++ compilers around, supporting many advanced features and optimizations.
Java is an object-oriented programming language and runtime environment that supports a diverse
range of applications such as web page applets, Internet-based distributed systems, database
connectivity, and more. Java is fully supported under Linux. Several vendors and independent projects
have released ports of the Java Development Kit for Linux, including Sun, IBM, and the Blackdown
Project (which did one of the first ports of Java for Linux). Programs written for Java can be run on any
system (regardless of CPU architecture or operating system) that supports the Java Virtual Machine. A
number of Java "just in time" (or JIT ) compilers are available, and the IBM and Sun Java Development
Kits (JDKs) for Linux come bundled with high-performance JIT compilers that perform as well as those
found on Windows or other Unix systems.
Some of the most popular and interesting tools associated with Java are open source. These include
Eclipse, an integrated development environment (IDE) that is extendable to almost anything through
plugins; JBoss, an implementation of Java 2 Enterprise Edition (J2EE) that has actually gone through
the expense of becoming certified after a complaint by Sun Microsystems; and Gluecode, another
application platform company bought by IBM in May 2005.
gcc is also capable of compiling Java programs directly to executables, and includes limited support for
the standard JDK libraries.
Besides C, C++, and Java, many other compiled and interpreted programming languages have been
ported to Linux, such as Smalltalk, FORTRAN, Pascal, LISP, Scheme, and Ada. In addition, various
assemblers for writing machine code are available. An important open source project sponsored by
Novell has developed an environment called Mono that provides support for Microsoft's .NET
environment on Unix and Linux systems. Perhaps the most important class of programming languages
for Linux is the many scripting languages, including Perl (the script language to end all script
languages), Python (the first scripting language to be designed as object-oriented from the ground up),
and Ruby (a fiercely object-oriented scripting language that has been heralded as very good for rapid
application development ).
Linux systems make use of the advanced gdb debugger, which allows you to step through a program to
find bugs or examine the cause for a crash using a core dump. gprof, a profiling utility, will give you
performance statistics for your program, letting you know where your program is spending most of its
time. The Emacs and vim text editors provide interactive editing and compilation environments for
various programming languages. Other tools that are available for Linux include the GNU make build
utility, used to manage compilation of large applications , as well as source-code control systems such
as CVS and Subversion.
Linux is an ideal system for developing Unix applications. It provides a modern programming
environment with all the bells and whistles, and many professional Unix programmers claim that Linux
is their favorite operating system for development and debugging. Computer science students can use
Linux to learn Unix programming and to explore other aspects of the system, such as kernel
architecture. With Linux, not only do you have access to the complete set of libraries and programming
utilities, but you also have the complete kernel and library source code at your fingertips. Chapter 20 of
this book is devoted to the programming languages and tools available for Linux.
1.3.7. The X Window System
The X Window System is the standard GUI for Unix systems. It was originally developed at MIT in the
1980s with the goal of allowing applications to run across a range of Unix workstations from different
vendors. X is a powerful graphical environment supporting many applications. Many X-specific
applications have been written, such as games, graphics utilities, programming and documentation
tools, and so on.
Unlike Microsoft Windows, the X Window System has built-in support for networked applications: for
example, you can run an X application on a server machine and have its windows display on your
desktop, over the network. Also, X is extremely customizable: you can easily tailor just about any
aspect of the system to your liking. You can adjust the fonts, colors, window decorations, and icons for
your personal taste. You can go so far as to configure keyboard macros to run new applications at a
keystroke. It's even possible for X to emulate the Windows and Macintosh desktop environments , if you
want to keep a familiar interface.
The X Window System is freely distributable. However, many commercial vendors have distributed
proprietary enhancements to the original X software. The version of X available for Linux is known as , which is a port of X11R6 (X Window System Version 11, Release 6) made freely distributable for
PC-based Unix systems, such as Linux.[*] supports a wide range of video hardware, including
standard VGA and many accelerated video adapters. is a complete distribution of the X software,
containing the X server itself, many applications and utilities, programming libraries, and
documentation. It comes bundled with nearly every Linux distribution.
[*] actually derives from another PC-based version of the X Window System, XFree86. Political quarrels that we do not want to go into
here have led to a split into XFree86 and; most Linux distributions these days ship the version. This is not relevant for you,
though, unless you plan to help with the continued development of the X Window System.
The look and feel of the X interface are controlled to a large extent by the window manager. This
friendly program is in charge of the placement of windows, the user interface for resizing, iconifying,
and moving windows, the appearance of window frames, and so on.
The X distribution and the major Linux distributions also contain programming libraries and include files
for those wily programmers who wish to develop X applications. All the standard fonts, bitmaps, manual
pages, and documentation are included.
Chapter 16 discusses how to install and use the X Window System on your Linux machine.
1.3.8. KDE and GNOME
Although the X Window System provides a flexible windowing system, many users want a complete
desktop environment, with a customizable look and feel for all windows and widgets (such as buttons
and scrollbars), a simplified user interface, and advanced features such as the ability to "drag and drop"
data from one application to another. The KDE and GNOME projects are separate efforts that are
striving to provide such an advanced desktop environment for Linux. By building up a powerful suite of
development tools, libraries, and applications that are integrated into the desktop environment, KDE
and GNOME aim to usher in the next era of Linux desktop computing. In the spirit of the open source
community, these projects work together to provide complete interoperability so that applications
originating in one environment will work on the other. Both systems provide a rich GUI, window
manager, utilities, and applications that rival or exceed the features of systems such as the Windows XP
With KDE and GNOME, even casual users and beginners will feel right at home with Linux. Most
distributions automatically configure one of these desktop environments during installation, making it
unnecessary to ever touch the text-only console interface.
Both KDE and GNOME aim to make the Linux environment more user-friendly, and each has its fans and
partisans. We discuss both in Chapter 3. As with X, both KDE and GNOME provide open source libraries
that let you write programs conforming to their behavior and their look and feel.
1.3.9. Networking
Linux boasts one of the most powerful and robust networking systems in the worldmore and more
people are finding that Linux makes an excellent choice as a network server. Linux supports the TCP/IP
networking protocol suite that drives the entire Internet, as well as many other protocols, including IPv6
(a new version of the IP protocol for the next-generation Internet), and UUCP (used for communication
between Unix machines over serial lines). With Linux, you can communicate with any computer on the
Internet, using Ethernet (including Fast and Gigabit Ethernet), Token Ring, dial-up connection, wireless
network, packet radio, serial line, ADSL, ISDN, ATM, IRDA, AppleTalk, IPX (Novell NetWare), and many
other network technologies. The full range of Internet-based applications is available, including World
Wide Web browsers, web servers, FTP, email, chat, news, ssh, Telnet, and more.
Most Linux users use either a dial-up or a DSL connection through an ISP to connect to the Internet
from home. Linux supports the popular PPP and SLIP protocols, used by most ISPs for dial-in access. If
you have a broadband connection, such as a T1 line, cable modem, DSL, or other service, Linux
supports those technologies as well. You can even configure a Linux machine to act as a router and
firewall for an entire network of computers, all connecting to the Internet through a single dial-up or
broadband connection.
Linux supports a wide range of web browsers, including Mozilla (the open source spin-off of the
Netscape browser), Konquerer (another open source browser packaged with KDE), and the text-based
Lynx browser. The Emacs text editor even includes a small text-based web browser.
Linux also hosts a range of web servers. Linux played an important role in the emergence of the popular
and free Apache web server. In fact, it's estimated that Apache running on Linux systems drives more
web sites than any other platform in the world. Apache is easy to set up and use; we show you how in
Chapter 22.
A full range of mail and news readers is available for Linux, such as MH, Elm, Pine, and mutt, as well as
the mail/news readers included with the Mozilla web browser. Many of these are compatible with
standard mail and news protocols such as IMAP and POP. Whatever your preference, you can configure
your Linux system to send and receive electronic mail and news from all over the world.
A variety of other network services are available for Linux. Samba is a package that allows Linux
machines to act as a Windows file and print server. NFS allows your system to share files seamlessly
with other machines on the network. With NFS, remote files look to you as if they were located on your
own system's drives. FTP allows you to transfer files to and from other machines on the network. Other
networking features include NNTP-based electronic news systems such as C News and INN; the
Sendmail, Postfix, and Exim mail transfer agents; ssh, telnet, and rsh, which allow you to log in and
execute commands on other machines on the network; and finger, which allows you to get information
on other Internet users. There are tons of TCP/IP-based applications and protocols out there.
If you have experience with TCP/IP applications on other systems, Linux will be familiar to you. The
system provides a standard socket programming interface, so virtually any program that uses TCP/IP
can be ported to Linux. The Linux X server also supports TCP/IP, allowing you to display applications
running on other systems on your Linux display. Administration of Linux networking will be familiar to
those coming from other Unix systems, as the configuration and monitoring tools are similar to their
BSD counterparts.
In Chapter 13, we discuss the configuration and setup of TCP/IP, including PPP, for Linux. We also
discuss configuration of web browsers, web servers, and mail software.
1.3.10. Laptop Support
Linux includes a number of laptop-specific features, such as PCMCIA (or "PC Card") support and APM
and the newer ACPI, as well as the wireless networking built into Centrino laptops. The PCMCIA Tools
package for Linux includes drivers for many PCMCIA devices, including modems, Ethernet cards, and
SCSI adapters. APM allows the kernel to keep track of the laptop's battery power and perform certain
actions (such as an automated shutdown) when power is low; it also allows the CPU to go into "lowpower" mode when not in use. This is easy to configure as a kernel option. Various tools interact with
APM, such as apm (which displays information on battery status) and apmd (which logs battery status
and can be used to trigger power events). These should be included with most Linux distributions. ACPI
has a similar purpose, but is newer and more featureful. With ACPI, you can even use the so-called
"suspend to disk" facility with it, where the current state of the computer is written to your hard disk,
and the computer turned off. You can then turn it on later and resume your work exactly where you left
off. GUI tools such as kpowersave let you control this from a friendly graphical environment.
1.3.11. Interfacing with Windows
Various utilities exist to interface with the world of Windows and MS-DOS . The most well-known
application is a project known as Winea platform for Microsoft Windows applications on the X Window
System under Linux. Wine allows Microsoft Windows applications to run directly under Linux and other
Intel-based operating systems. Wine is in a process of continual development, and now runs a wide
variety of Windows software, including many desktop applications and games. We discuss Wine in
Chapter 28.
Linux provides a seamless interface for transferring files between Linux and Windows systems. You can
mount a Windows partition or floppy under Linux, and directly access Windows files as you would any
others. In addition, there is the mtools package, which allows direct access to MS-DOS-formatted
floppies, as well as htools , which does the same for Macintosh floppy disks.
Another legacy application is the Linux MS-DOS Emulator, or DOSEMU, which allows you to run many
MS-DOS applications directly from Linux. Although MS-DOS-based applications are rapidly becoming a
thing of the past, there are still a number of interesting MS-DOS tools and games that you might want
to run under Linux. It's even possible to run the old Microsoft Windows 3.1 under DOSEMU.
Although Linux does not have complete support for emulating Windows and MS-DOS environments, you
can easily run these other operating systems on the same machine with Linux, and choose which
operating system to run when you boot the machine. Many distributions know how to preserve another
operating system that's already installed when you add Linux to the computer, and set up a working
LILO or GRUB bootloader to let you to select between Linux, Windows, and other operating systems at
boot time. In this book we'll show you how to set up the LILO bootloader, in case you need to do it
Another popular option is to run a system-level virtual machine, which literally allows you to run Linux
and Windows at the same time. A virtual machine is a software application that emulates many of the
hardware features of your system, tricking the operating system into believing that it is running on a
physical computer. Using a virtual machine, you can boot Linux and then run Windows at the same
timewith both Linux and Windows applications on your desktop at once. Alternatively, you can boot
Windows and run Linux under the virtual machine. Although there is some performance loss when using
virtual machines, many people are very happy employing them for casual use, such as running a
Windows-based word processor within a Linux desktop. The most popular virtual machines are VMware
(, which is a commercial product, and Bochs (,
which is an open source project. We describe VMware in Chapter 28.
Finally, remote logins allow you to work on another system from your Linux system. Any two computers
running the X Window System (mostly Linux, BSD, and Unix systems) can share work this way, with a
user on one system running a program on another, displaying the graphical output locally, and entering
commands from the local keyboard and mouse. RDP, an acronym that has been expanded to both
Remote Desktop Protocol and Remote Display Protocol, allows a Linux system to run programs on
remote Windows systems in the same way. A Virtual Network Connection (VNC ) client and server
perform the same task with even greater flexibility, letting different operating systems on different
computers work together. In "Remote Desktop Access to Windows Programs" we show you how to set
up these services, and in "FreeNX: Linux as a Remote Desktop Server" we discuss the FreeNX remote
communication system, which allows the same transparent networking as X with a tremendous speed
advantage. Both of these sections are in Chapter 28.
1.3.12. Other Applications
A host of miscellaneous applications are available for Linux, as one would expect from an operating
system with such a diverse set of users. Linux's primary focus is currently for personal Unix computing,
but this is rapidly changing. Business and scientific software are expanding, and commercial software
vendors have contributed a growing pool of applications.
The scientific community has wholly embraced Linux as the platform of choice for inexpensive numerical
computing. A large number of scientific applications have been developed for Linux, including the
popular technical tools MATLAB and Mathematica. A wide range of free packages is also available,
including FELT (a finite-element analysis tool), Spice (a circuit design and analysis tool), and Khoros (an
image/digital signal processing and visualization system). Many popular numerical computing libraries
have been ported to Linux, including the LAPACK linear algebra library. There is also a Linux-optimized
version of the BLAS code upon which LAPACK depends.
Linux is one of the most popular platforms for parallel computing using clusters , which are collections
of inexpensive machines usually connected with a fast (gigabit-per-second or faster) network. The NASA
Beowulf project first popularized the idea of tying a large number of Linux-based PCs into a massive
supercomputer for scientific and numerical computing. Today, Linux-based clusters are the rule, rather
than the exception, for many scientific applications. In fact, Linux clusters are finding their way into
increasingly diverse applicationsfor example, the Google search engine runs on a cluster of Linux
machines (over 250,000 of them in December 2004, according to an MIT paper)!
As with any operating system, Linux has its share of games. A number of popular commercial games
have been released for Linux, including Quake, Quake II, Quake III Arena, Doom, SimCity 3000,
Descent, and more. Most of the popular games support play over the Internet or a local network, and
clones of other commercial games are popping up for Linux. There are also classic text-based dungeon
games such as Nethack and Moria; MUDs (multiuser dungeons, which allow many users to interact in a
text-based adventure) such as DikuMUD and TinyMUD; and a slew of free graphical games, such as
xtetris, netrek, and Xboard (the X11 frontend to gnuchess).
For audiophiles, Linux has support for a wide range of sound hardware and related software, such as
CDplayer (a program that can control a CD-ROM drive as a conventional CD player, surprisingly
enough), MIDI sequencers and editors (allowing you to compose music for playback through a
synthesizer or other MIDI-controlled instrument), and sound editors for digitized sounds. You can play
your MP3 and OGG/Vorbis files on Linux, and with the tools in some distributions you can handle more
proprietary formats as well.
Can't find the application you're looking for? A number of web sites provide comprehensive directories
of Linux applications. The best known is Freshmeat (; a couple others are
listed in Appendix A. Take a look at these sites just to see the enormous amount of code that has been
developed for Linux.
If you absolutely can't find what you need, you can always attempt to port the application from another
platform to Linux. Or, if all else fails, you can write the application yourself. That's the spirit of free
softwareif you want something to be done right, do it yourself! While it's sometimes daunting to start a
major software project on your own, many people find that if they can release an early version of the
software to the public, many helpers pop up in the free software community to carry on the project.
1.4. About Linux's Copyright
Linux is covered by what is known as the GNU GPL. The GPL, which is sometimes referred to as a
"copyleft" license, was developed for the GNU project by the Free Software Foundation. It makes a
number of provisions for the distribution and modification of "free software." "Free," in this sense, refers
to freedom, not just cost. The GPL has always been subject to misinterpretation, and we hope that this
summary will help you to understand the extent and goals of the GPL and its effect on Linux. A complete
copy of the GPL is available at
Originally, Linus Torvalds released Linux under a license more restrictive than the GPL, which allowed
the software to be freely distributed and modified, but prevented any money changing hands for its
distribution and use. The GPL allows people to sell and make profit from free software, but doesn't allow
them to restrict the right for others to distribute the software in any way.
1.4.1. A Summary of Free Software Licensing
First, we should explain that "free software" covered by the GPL is not in the public domain. Public
domain software is software that is not copyrighted and is literally owned by the public. Software
covered by the GPL, on the other hand, is copyrighted to the author or authors. This means that the
software is protected by standard international copyright laws and that the author of the software is
legally defined. Just because the software may be freely distributed doesn't mean it is in the public
GPL-licensed software is also not "shareware ." Generally, shareware software is owned and copyrighted
by the author, but the author requires users to send in money for its use after distribution. On the other
hand, software covered by the GPL may be distributed and used free of charge.
The GPL also allows people to take and modify free software, and distribute their own versions of the
software. However, any derived works from GPL software must also be covered by the GPL. In other
words, a company could not take Linux, modify it, and sell it under a restrictive license. If any software
is derived from Linux, that software must be covered by the GPL as well.
People and organizations can distribute GPL software for a fee and can even make a profit from its sale
and distribution. However, in selling GPL software, the distributor can't take those rights away from the
purchaser; that is, if you purchase GPL software from some source, you may distribute the software for
free or sell it yourself as well.
This might sound like a contradiction at first. Why sell software for profit when the GPL allows anyone to
obtain it for free? When a company bundles a large amount of free software on a CD-ROM and
distributes it, it needs to charge for the overhead of producing and distributing the CD-ROM, and it may
even decide to make profits from the sale of the software. This is allowed by the GPL.
Organizations that sell free software must follow certain restrictions set forth in the GPL. First, they
can't restrict the rights of users who purchase the software. This means that if you buy a CD-ROM of
GPL software, you can copy and distribute that CD-ROM free of charge, or you can resell it yourself.
Second, distributors must make it obvious to users that the software is indeed covered by the GPL.
Third, distributors must provide, free of charge, the complete source code for the software being
distributed, or they must point their customers on demand to where the software can be downloaded.
This will allow anyone who purchases GPL software to make modifications to that software.
Allowing a company to distribute and sell free software is a very good thing. Not everyone has access to
the Internet to download software, such as Linux, for free. The GPL allows companies to sell and
distribute software to those people who do not have free (cost-wise) access to the software. For
example, many organizations sell Linux on floppy, tape, or CD-ROM via mail order, and make a profit
from these sales. The developers of Linux may never see any of this profit; that is the understanding
that is reached between the developer and the distributor when software is licensed by the GPL. In
other words, Linus knew that companies might wish to sell Linux and that he might not see a penny of
the profits from those sales. (If Linus isn't rich, at least he's famous!)
In the free-software world, the important issue is not money. The goal of free software is always to
develop and distribute fantastic software and to allow anyone to obtain and use it. In the next section,
we'll discuss how this applies to the development of Linux.
1.4.2. SCO and Other Challenges
In March 2003, a company called SCOwhich had a tortuous history of mergers and divestitures that
involved purchasing some rights to Unixclaimed that Linux contained some source code to which SCO
had rights, and therefore that SCO had rights to Linux as well. The company started by suing IBM, a
bold choice (to say the least) because few companies in the computer field could be more familiar with
litigation or be better prepared for it. In any case, SCO made it clear that their complaints went far
beyond IBM; indeed, that they were owed something by anyone using Linux. In December 2003,
according to news reports, SCO even sent letters to a large number of Fortune 1000 companies advising
them to send licensing fees to SCO.
Red Hat and other companies joined the fray. Novell, which by then had bought SUSE and become a
solid member of the Linux community, added some zest to the already indigestible controversy by citing
its own rights to Unix. Over time the whole affair became a tangle of lawsuits, countersuits, motions to
dismiss, public relations grand-standing, and general mud-slinging.
As of this writing, the SCO case is unresolved, but the results seem salutory. Few observers believe
Linux is in trouble; rather, it is SCO that is financially threatened. The network of companies,
individuals, and key organizations that support Linux has handled the challenge well. Some major
vendors strengthened their support for Linux by offering their customers indemnification. The next
edition of this book, we hope, will contain little more than a footnote about the whole affair.
Finally, Linus Torvalds and the OSDL have recognized that the old method of accepting code with no
strings attached should be tightened. Starting in May 2004, anyone submitting code to the kernel has
been asked to include their contact information and to declare informally that they have a right to the
code they are submitting. The new system is lightweight and simple, but allows challenges (of which
none have been received yet) to be tracked back to the people responsible for the code in question.
Further copyright challenges to Linux are unlikely; patents, however, could be used against it. But every
programmer and software company has to worry about software patents; Linux and free software are
no more at risk than any other software. Although the workings of free software are entirely open to
inspection, and therefore might be more tempting to target with a patent lawsuit, the only purpose of
such a lawsuit would be to maliciously shut down a project, because free software cannot support
license fees.
1.5. Open Source and the Philosophy of Linux
When new users encounter Linux, they often have a few misconceptions and false expectations of the
system. Linux is a unique operating system, and it's important to understand its philosophy and design
in order to use it effectively. At the center of the Linux philosophy is a concept that we now call open
source software.
Open source is a term that applies to software for which the source codethe inner workings of the
programis freely available for anyone to download, modify, and redistribute. Software covered under
the GNU GPL, described in the previous section, fits into the category of open source. Not surprisingly,
though, so does software that uses copyright licenses that are similar, but not identical, to the GPL. For
example, software that can be freely modified but that does not have the same strict requirements for
redistribution as the GPL is also considered open source. Various licenses fit this category, including the
BSD License and the Apache Software License .
The so-called open source and free software development models started with the Free Software
Foundation and were popularized with Linux. They represent a totally different way of producing
software that opens up every aspect of development, debugging, testing, and study to anyone with
enough interest in doing so. Rather than relying upon a single corporation to develop and maintain a
piece of software, open source allows the code to evolve, openly, in a community of developers and
users who are motivated by a desire to create good software, rather than simply to make a profit.
O'Reilly has published two books, Open Sources 1.0 and Open Sources 2.0, that serve as good
introductions to the open source development model. They're collections of essays about the open
source process by leading developers (including Linus Torvalds and Richard Stallman). Another popular
text on this topicso often cited that it is considered nearly canonicalis The Cathedral and the Bazaar, by
Eric S. Raymond.
Open source has received a lot of media attention, and some are calling the phenomenon the next wave
in software development, which will sweep the old way of doing things under the carpet. It still remains
to be seen whether that will happen, but there have been some encouraging events that make this
outcome seem likely. For example, Netscape Corporation has released the code for its web browser as
an open source project called Mozilla, and companies such as Sun Microsystems, IBM, and Apple have
released certain products as open source in the hopes that they will flourish in a community-driven
software development effort.
Open source has received a lot of media attention, and Linux is at the center of all of it. In order to
understand where the Linux development mentality is coming from, however, it might make sense to
take a look at how commercial software has traditionally been built.
Commercial software houses tend to base development on a rigorous policy of quality assurance ,
source and revision control systems, documentation, and bug reporting and resolution. Developers are
not allowed to add features or to change key sections of code on a whim: they must validate the change
as a response to a bug report and consequently "check in" all changes to the source control system so
that the changes can be backed out if necessary. Each developer is assigned one or more parts of the
system code, and only that developer may alter those sections of the code while it is "checked out."
Internally, the quality assurance department runs rigorous test suites (so-called regression tests) on
each new pass of the operating system and reports any bugs. It's the responsibility of the developers to
fix these bugs as reported. A complicated system of statistical analysis is employed to ensure that a
certain percentage of bugs are fixed before the next release, and that the system as a whole passes
certain release criteria.
In all, the process used by commercial software developers to maintain and support their code is very
complicated, and quite reasonably so. The company must have quantitative proof that the next revision
of the software is ready to be shipped. It's a big job to develop a commercial software system, often
large enough to employ hundreds (if not thousands) of programmers, testers, documenters, and
administrative personnel. Of course, no two commercial software vendors are alike, but you get the
general picture. Smaller software houses, such as startups, tend to employ a scaled-down version of
this style of development.
On the opposite end of the spectrum sits Linux, which is, and more than likely always will be, a hacker's
operating system.[*] Although many open source projects have adopted elements of commercial
software development techniques, such as source control and bug tracking systems, the collaborative
and distributed nature of Linux's development is a radical departure from the traditional approach.
[*] Our definition of "hacker" is a feverishly dedicated programmera person who enjoys exploiting computers and generally doing interesting
things with them. This is in contrast to the common connotation of "hacker" as a computer wrongdoer or an outlaw.
Recently, there has been a lot of talk about so-called agile development practices like XP (extreme
programming) . Linux and open source adepts are often a bit surprised about this, since these
"lightweight" software development methods have always been a central idea of open source
Linux is primarily developed as a group effort by volunteers on the Internet from all over the world. No
single organization is responsible for developing the system. For the most part, the Linux community
communicates via various mailing lists and web sites. A number of conventions have sprung up around
the development effort: for example, programmers wanting to have their code included in the "official"
kernel should mail it to Linus Torvalds. He will test the code and include it in the kernel (as long as it
doesn't break things or go against the overall design of the system, he will more than likely include it).
As Linux has grown, this job has become too large for Linus to do himself (plus, he has kids now), so
other volunteers are responsible for testing and integrating code into certain aspects of the kernel, such
as the network subsystem.
The system itself is designed with a very open-ended, feature-rich approach. A new version of the Linux
kernel will typically be released about every few weeks (sometimes even more frequently than this). Of
course, this is a very rough figure; it depends on several factors, including the number of bugs to be
fixed, the amount of feedback from users testing prerelease versions of the code, and the amount of
sleep that Linus has had that week.
Suffice it to say that not every single bug has been fixed and not every problem ironed out between
releases. (Of course, this is always true of commercial software as well!) As long as the system appears
to be free of critical or oft-manifesting bugs, it's considered "stable" and new revisions are released. The
thrust behind Linux development is not an effort to release perfect, bug-free code; it's to develop a free
implementation of Unix. Linux is for the developers, more than anyone else.
Anyone who has a new feature or software application to add to the system generally makes it available
in an "alpha" stagethat is, a stage for testing by those brave users who want to bash out problems with
the initial code. Because the Linux community is largely based on the Internet, alpha software is usually
uploaded to one or more of the various Linux web sites (see the Appendix), and a message is posted to
one of the Linux mailing lists about how to get and test the code. Users who download and test alpha
software can then mail results, bug fixes, or questions to the author.
After the initial problems in the alpha code have been fixed, the code enters a "beta" stage, in which it's
usually considered stable but not complete (that is, it works, but not all the features may be present).
Otherwise, it may go directly to a "final" stage in which the software is considered complete and usable.
For kernel code, once it's complete, the developer may ask Linus to include it in the standard kernel, or
as an optional add-on feature to the kernel.
Keep in mind these are only conventions , not rules. Some people feel so confident with their software
that they don't need to release an alpha or test version. It's always up to the developer to make these
What happened to regression testing and the rigorous quality process? It's been replaced by the
philosophy of "release early and often." Real users are the best testers because they try out the
software in a variety of environments and in a host of demanding real-life applications that can't be
easily duplicated by any software quality assurance group. One of the best features of this development
and release model is that bugs (and security flaws) are often found, reported, and fixed within hours,
not days or weeks.
You might be amazed that such an unstructured system of volunteers programming and debugging a
complete Unix system could get anything done at all. As it turns out, it's one of the most efficient and
motivated development efforts ever employed. The entire Linux kernel was written from scratch,
without employing any code from proprietary sources. A great deal of work was put forth by volunteers
to port all the free software under the sun to the Linux system. Libraries were written and ported,
filesystems developed, and hardware drivers written for many popular devices.
The Linux software is generally released as a distribution, which is a set of prepackaged software
making up an entire system. It would be quite difficult for most users to build a complete system from
the ground up, starting with the kernel, then adding utilities, and installing all necessary software by
hand. Instead, there are a number of software distributions including everything you need to install and
run a complete system. Again, there is no standard distribution; there are many, each with its own
advantages and disadvantages. In this book, we describe how to install the Red Hat, SUSE, and Debian
distributions, but this book can help you with any distribution you choose.
Despite the completeness of the Linux software, you still need a bit of Unix know-how to install and run
a complete system. No distribution of Linux is completely bug-free, so you may be required to fix small
problems by hand after installation. Although some readers might consider this a pain, a better way to
think about it is as the "joy of Linux"--that of having fun tinkering with, learning about, and fixing up
your own system. It's this very attitude that distinguishes Linux enthusiasts from mere users. Linux can
be either a hobby, an adventure sport, or a lifestyle. (Just like snowboarding and mountain biking,
Linux geeks have their own lingo and style of dressif you don't believe us, hang out at any Linux trade
show!) Many new Linux users report having a great time learning about this new system, and find that
Linux rekindles the fascination they had when first starting to experiment with computers.
1.5.1. Hints for Unix Novices
Installing and using your own Linux system doesn't require a great deal of background in Unix. In fact,
many Unix novices successfully install Linux on their systems. This is a worthwhile learning experience,
but keep in mind that it can be very frustrating to some. If you're lucky, you will be able to install and
start using your Linux system without any Unix background. However, once you are ready to delve into
the more complex tasks of running Linuxinstalling new software, recompiling the kernel, and so
forthhaving background knowledge in Unix is going to be a necessity. (Note, however, that many
distributions of Linux are as easy to install and configure as Windows and certainly easier than Windows
2000 or XP.)
Fortunately, by running your own Linux system, you will be able to learn the essentials of Unix
necessary to perform these tasks. This book contains a good deal of information to help you get started.
Chapter 4 is a tutorial covering Unix basics, and Part II contains information on Linux system
administration. You may wish to read these chapters before you attempt to install Linux at all; the
information contained therein will prove to be invaluable should you run into problems.
Just remember that nobody can expect to go from being a Unix novice to a Unix system administrator
overnight. A powerful and flexible computer system is never maintenance-free, so you will undoubtedly
encounter hang-ups along the way. Treat this as an opportunity to learn more about Linux and Unix,
and try not to get discouraged when things don't always go as expected!
1.5.2. Hints for Unix Gurus
Even those people with years of Unix programming and system administration experience may need
assistance before they are able to pick up and install Linux. There are still aspects of the system Unix
wizards need to be familiar with before diving in. For one thing, Linux is not a commercial Unix system.
It doesn't attempt to uphold the same standards as other Unix systems you may have come across. But
in some sense, Linux is redefining the Unix world by giving all other systems a run for their money. To
be more specific, while stability is an important factor in the development of Linux, it's not the only
More important, perhaps, is functionality. In many cases, new code will make it into the standard kernel
even though it's still buggy and not functionally complete. The assumption is that it's more important to
release code that users can test and use than delay a release until it's "complete." Nearly all open
source software projects have an alpha release before they are completely tested. In this way, the open
source community at large has a chance to work with the code, test it, and develop it further, while
those who find the alpha code "good enough" for their needs can use it. Commercial Unix vendors
rarely, if ever, release software in this manner.
Even if you're a Unix ultra-wizard who can disassemble Solaris kernels in your sleep and recode an AIX
superblock with one hand tied behind your back, Linux might take some getting used to. The system is
very modern and dynamic, with a new kernel release approximately every few months and new utilities
constantly being released. One day your system may be completely up to date with the current trend,
and the next day the same system is considered to be in the Stone Age.
With all of this dynamic activity, how can you expect to keep up with the ever-changing Linux world?
For the most part, it's best to upgrade incrementally; that is, upgrade only those parts of the system
that need upgrading, and then only when you think an upgrade is necessary. For example, if you never
use Emacs, there is little reason to continuously install every new release of Emacs on your system.
Furthermore, even if you are an avid Emacs user, there is usually no reason to upgrade it unless you
find that a missing feature is in the next release. There is little or no reason to always be on top of the
newest version of software.
Keep in mind that Linux was developed by its users. This means, for the most part, that the hardware
supported by Linux is that which users and developers actually have access to. As it turns out, most of
the popular hardware and peripherals for 80x86 systems are supported (in fact, Linux probably
supports more hardware than any commercial implementation of Unix). However, some of the more
obscure and esoteric devices, as well as those with proprietary drivers for which the manufacturers do
not easily make the specifications available, aren't supported yet. As time goes on, a wider range of
hardware will be supported, so if your favorite devices aren't listed here, chances are that support for
them is forthcoming.
Another drawback for hardware support under Linux is that many companies have decided to keep the
hardware interface proprietary. The upshot of this is that volunteer Linux developers simply can't write
drivers for those devices (if they could, those drivers would be owned by the company that owned the
interface, which would violate the GPL). The companies that maintain proprietary interfaces write their
own drivers for operating systems, such as Microsoft Windows; the end user (that's you) never needs to
know about the interface. Unfortunately, this does not allow Linux developers to write drivers for those
Little can be done about the situation. In some cases, programmers have attempted to write hackish
drivers based on assumptions about the interface. In other cases, developers work with the company in
question and attempt to obtain information about the device interface, with varying degrees of success.
1.6. Sources of Linux Information
As you have probably guessed, many sources of information about Linux are available, apart from this
1.6.1. Online Documents
If you have access to the Internet, you can get many Linux documents via web and anonymous FTP
sites all over the world. If you do not have direct Internet access, these documents may still be
available to you; many Linux distributions on CD-ROM contain all the documents mentioned here and
are often available off the retail shelf.
A great number of web and FTP archive sites carry Linux software and related documents. Appendix A
contains a listing of some of the Linux documents available via the Internet.
Examples of available online documents are the Linux FAQ, a collection of frequently asked questions
about Linux; the Linux HOWTO documents, each describing a specific aspect of the systemincluding the
Installation HOWTO, the Printing HOWTO, and the Ethernet HOWTO; and the Linux META-FAQ, a list of
other sources of Linux information on the Internet.
Additional documentation , individually hosted "HOWTOs," blogs, knowledge bases, and forums exist
that provide significant material to help individuals use Linux. Distributors maintain diverse mailing lists
and forums dealing with a variety of subjects from using Linux on a laptop to configuring web servers.
Such web sites and digests of mailing lists have largely taken over for Linux-related Usenet
newsgroups; see "Usenet Newsgroups" later in this chapter.
The central Linux Documentation home page is available to web users at This
page contains many HOWTOs and other documents, as well as pointers to other sites of interest to
Linux users, including the Linux Documentation Project manuals (see the following section).
1.6.2. Books and Other Published Works
There are a number of published works specifically about Linux. In addition, a number of free books are
distributed on the Internet by the Linux Documentation Project (LDP), a project carried out over the
Internet to write and distribute a bona fide set of "manuals" for Linux. These manuals are analogs to the
documentation sets available with commercial versions of Unix: they cover everything from installing
Linux to using and running the system, programming, networking, kernel development, and more.
The LDP manuals are available via the Web, as well as via mail order from several sources. O'Reilly has
published the Linux Network Administrator's Guide from the LDP.
Aside from the growing number of Linux books, books about Unix still exist (though many have ceased
publication). In general, these books are equally applicable to Linux. So far as using and programming
the system is concerned, simpler Linux tasks don't differ greatly from original implementations of Unix
in many respects. Armed with this book and some other Linux or Unix books on specialized topics, you
should be able to tackle a majority of Linux tasks.
There are monthly magazines about Linux, notably Linux Journal and Linux Magazine. These are an
excellent way to keep in touch with the many goings-on in the Linux community. Languages other than
English have their own Linux print publications as well. (European, South American, and Asian
publications have become commonplace in the last few years.)
1.6.3. Usenet Newsgroups
Usenet is a worldwide electronic news and discussion forum with a heavy contingent of so-called
newsgroups , or discussion areas devoted to a particular topic. Much of the development of Linux has
been done over the waves of the Internet and Usenet, and not surprisingly, a number of Usenet
newsgroups are available for discussions about Linux.
There are far too many newsgroups devoted to Linux to list here. The ones dealing directly with Linux
are under the comp.os.linux hierarchy, and you'll find others on related topics such as
1.6.4. Internet Mailing Lists
If you have access to Internet electronic mail, you can participate in a number of mailing lists devoted
to Linux. These run the gamut from kernel hacking to basic user questions. Many of the popular Linux
mailing lists have associated web sites with searchable archives, allowing you to easily find answers to
common questions. We list some of these resources in the Appendix.
1.7. Getting Help
First, we should mention that Linux has a rich community of volunteers and participants who need help
and offer help for free. A good example of such a community is Ubuntu (
Supported by a commercial company, Canonical Ltd., that offers low-cost professional support, Ubuntu
has a large and enthusiastic community ready to provide old-style Linux support. Ubuntu, a derivative
of Debian, employs a number of paid developers who also help maintain the Debian project.
Distributions such as Red Hat, Novell's SUSE, and Mandriva have become quite adept at providing
commercial support for their own distributions of Linux and for other open source projects. Following a
concept originated by Bernard Golden called the Open Source Maturity Model, Linux companies have
done an excellent job in demonstrating their ability to compete using the open source paradigm. They
have demonstated the ability to provide:
Adequate support and maintenance
Continued innovation
Product road maps and commitments to adhere to them
Functionality and ease of use for IT managers, particularly across enterprise-size environments
Stable business models to fund new development and expand into new product areas
Structured and scalable partner ecosystems devoted to enabling customer success
Additionally, these Linux companies have established community projects to keep them from becoming
Mature Linux companies also provide extended business offerings, including training, professional sales
and support (24 x 7 x 365), indemnification, and quality documentation.
In addition to the companies already mentioned, you will find a channel full of their business partners
who have considerable expertise in providing commercial Linux support. Their web sites contain ways to
find a business partner that can assist Linux users in a variety of ways.
As you become more accustomed to running Linux, you will probably discover many facets that may
pleasantly surprise you. Many people not only use Linux but consider the community their home base.
Good luck in the coming days.
Chapter 2. Preinstallation and Installation
This chapter represents your first step in installing Linux. We describe how to obtain the Linux software,
in the form of one of the various prepackaged distributions , and how to prepare your system. We
include ways to partition disks so that Linux can coexist with Windows or another operating system.
As we have mentioned, there is no single "official" distribution of the Linux software; there are, in fact,
many distributions, each serving a particular purpose and set of goals. These distributions are available
via anonymous FTP from the Internet and via mail on CD-ROM and DVD, as well as in retail stores.
2.1. Distributions of Linux
Because Linux is free software, no single organization or entity is responsible for releasing and
distributing the software. Therefore, anyone is free to put together and distribute the Linux software, as
long as the restrictions in the GPL (and other licenses that may be used) are observed. The upshot of
this is that there are many distributions of Linux, available via anonymous FTP or mail order.
You are now faced with the task of deciding on a particular distribution of Linux that suits your needs.
Not all distributions are alike. Many of them come with just about all the software you'd need to run a
complete systemand then some. Other Linux distributions are "small" distributions intended for users
without copious amounts of disk space.
You might also want to consider that distributions have different target groups. Some are meant more
for businesses, others more for the home user. Some put more emphasis on server use, others on
desktop use.
How can you decide among all these distributions? If you have access to Usenet news, or another
computer conferencing system such as web-based discussion boards, you might want to ask there for
opinions from people who have installed Linux. Even better, if you know someone who has installed
Linux, ask him for help and advice. In actuality, most of the popular Linux distributions contain roughly
the same set of software, so the distribution you select is more or less arbitrary.
A particularly interesting type of distribution is the so-called live CD, such as Knoppix
( These distributions boot from CD and do not require any installation at all;
they keep all information in RAM, but can still access your hard drive and other hardware. Besides being
a very convenient way of test-driving Linux without having to wipe out anything else, they are also a
very good way of rescuing a system that has become unbootable. More about salvaging booting
problems will follow later in this book.
2.1.1. Getting Linux via Mail Order or Other Hard Media
If you don't have high-speed Internet access, you can get many Linux distributions via mail order on
CD-ROM or DVD. Many distributors accept credit cards as well as international orders, so no matter
where you live, you should be able to obtain Linux in this way.
Linux is free software, but distributors are allowed by the GPL to charge a fee for it. Therefore, ordering
Linux via mail order might cost you between U.S. $5 and U.S. $150, depending on the distribution.
However, if you know people who have already purchased or downloaded a release of Linux, you are
free to borrow or copy their software for your own use. Linux distributors are not allowed to restrict the
license or redistribution of the software in any way. If you are thinking about installing an entire lab of
machines with Linux, for example, you need to purchase only a single copy of one of the distributions,
which can be used to install all the machines. There is one exception to this rule, though: in order to
add value to their distribution, some vendors include commercial packages that you might not be
allowed to install on several machines. If this is the case, it should be explicitly stated on the package.
Another advantage with buying a distribution is that you often get installation support; that is, you can
contact the distributor by phone or email and get help if you run into trouble during the installation.
Many Linux user groups offer their own distributions; see if there's a user group near you. For special
platforms like Alpha, a user group may be an excellent place to get Linux.
2.1.2. Getting Linux from the Internet
If you have access to the Internet, the easiest way to obtain Linux is via anonymous FTP. One major
FTP site is, and the various Linux distributions can be found there in the directory
/pub/Linux/distributions. In many countries, there are local mirrors of this server from which you should
be able to get the same software faster.
When downloading the Linux software, be sure to use binary mode for all file transfers (with most FTP
clients, the command binary enables this mode).
You might run into a minor problem when trying to download files for one system (such as Linux) with
another system (such as Windows), because the systems are not always prepared to handle each
other's files sensibly. However, with the hints given in this chapter, you should be able to complete the
installation process nevertheless.
Some distributions are released via anonymous FTP as a set of disk images. That is, the distribution
consists of a set of files, and each file contains the binary image of a floppy. In order to copy the
contents of the image file onto the floppy, you can use the RAWRITE.EXE program under Windows. This
program copies, block for block, the contents of a file to a floppy, without regard for disk format.
RAWRITE.EXE is available on the various Linux FTP sites, including in the directory
Be forewarned that this is a labor-intensive way of installing Linux: the distribution can easily come to
more than 50 floppies. Therefore, only few distributions still provide an installation option that uses
floppy disks exclusively. However, combinations of a few floppy disks for the initial booting procedure
plus one or more CD-ROMs for the actual software installation are not uncommon.
To proceed, download the set of floppy images and use RAWRITE.EXE with each image in turn to create
a set of floppies. Boot from the so-called boot floppy, and you're ready to roll. The software is usually
installed directly from the floppies, although some distributions allow you to install from a Windows
partition on your hard drive, while others allow you to install over a TCP/IP network. The documentation
for each distribution should describe these installation methods if they are available.
If you have access to a Unix workstation with a floppy drive, you can also use the dd command to copy
the file image directly to the floppy. A command such as dd of=/dev/rfd0 if=foo bs=18k will "raw
write" the contents of the file foo to the floppy device on a Sun workstation. Consult your local Unix
gurus for more information on your system's floppy devices and the use of dd.
Each distribution of Linux available via anonymous FTP should include a README file describing how to
download and prepare the floppies for installation. Be sure to read all available documentation for the
release you are using.
Today, some of the bigger Linux distributions are also distributed as one or a few ISO images that you
can burn on a CD-ROM or DVD. Downloading these is feasible only for people with big hard disks and a
broadband connection to the Internet, due to the enormous amounts of data involved (but remember
that you only need the disk space for one ISO image at a time; you can delete the image after having
burnt it, and before downloading the next one).
2.2. Preparing to Install Linux
After you have obtained a distribution of Linux, you're ready to prepare your system for installation.
This takes a certain degree of planning, especially if you're already running other operating systems. In
the following sections, we describe how to plan for the Linux installation.
2.2.1. Installation Overview
Although each release of Linux is different, in general the method used to install the software is as
1. Repartition your hard drive(s). If you have other operating systems already installed, you will need
to repartition the drives in order to allocate space for Linux. This is discussed in "Repartitioning
Concepts" later in this chapter. In some distributions (such as SUSE), this step is integrated into
the installation procedure. Check the documentation of your distribution to see whether this is the
case. Still, it won't hurt you to follow the steps given here and repartition your hard drive in
2. Boot the Linux installation medium. Each distribution of Linux has
mediumusually a boot floppy or a bootable CD-ROM--that is used
this medium will either present you with some kind of installation
through the Linux installation, or allow you to install the software
some kind of installation
to install the software. Booting
program, which will step you
by hand.
3. Create Linux partitions. After repartitioning to allocate space for Linux, you create Linux partitions
on that empty space. This is accomplished with the Linux fdisk program, covered in "Editing
/etc/fstab," or with some other distribution-specific program, such as the Disk Druid, which comes
with Red Hat Linux.
4. Create filesystems and swap space. At this point, you will create one or more filesystems, used to
store files, on the newly created partitions. In addition, if you plan to use swap space (which you
should, unless you have really huge amounts of physical memory, or RAM), you will create the
swap space on one of your Linux partitions. This is covered in the sections "Creating Swap Space"
and "Editing /etc/fstab."
5. Install the software on the new filesystems. Finally, you will install the Linux software on your
newly created filesystems. After this, if all goes well, it's smooth sailing. This is covered in
"Installing the Software." Later, in "Running into Trouble," we describe what to do if anything goes
People who want to switch back and forth between different operating systems sometimes wonder
which to install first: Linux or the other system? We can testify that some people have had trouble
installing Windows 95/98/ME after Linux. Windows 95/98/ME tends to wipe out existing boot
information when it's installed, so you're safer installing it first and then installing Linux afterward using
the information in this chapter. Windows NT/2000/XP seems to be more tolerant of existing boot
information, but installing Windows first and then Linux still seems to be the safer alternative.
Many distributions of Linux provide an installation program that will step you through the installation
process and automate one or more of the previous steps for you. Keep in mind throughout this chapter
and the next that any number of the previous steps may be automated for you, depending on the
While preparing to install Linux, the best advice we can give is to take notes
during the entire procedure. Write down everything you do, everything you type,
and everything you see that might be out of the ordinary. The idea here is simple:
if (or when!) you run into trouble, you want to be able to retrace your steps and
find out what went wrong. Installing Linux isn't difficult, but there are many
details to remember. You want to have a record of all these details so that you
can experiment with other methods if something goes wrong. Also, keeping a
notebook of your Linux installation experience is useful when you want to ask
other people for help for example, when posting a message to one of the Linuxrelated Usenet groups or web discussion forums. Your notebook is also something
you'll want to show to your grandchildren someday.[*]
Matt shamefully admits that he kept a notebook of all his tribulations with Linux for the first few months of
working with the system. It is now gathering dust on his bookshelf.
2.2.2. Repartitioning Concepts
In general, hard drives are divided into partitions , with one or more partitions devoted to an operating
system. For example, on one hard drive you may have several separate partitionsone devoted to, say,
Windows, another to FreeBSD, and another two to Linux.
If you already have other software installed on your system, you may need to resize those partitions in
order to free up space for Linux. You will then create one or more Linux partitions on the resulting free
space for storing the Linux software and swap space. We call this process repartitioning .
Many Windows systems utilize a single partition inhabiting the entire drive. To Windows, this partition is
known as C:. If you have more than one partition, Windows names them D:, E:, and so on. In a way,
each partition acts like a separate hard drive.
On the first sector of the disk is a master boot record along with a partition table. The boot record (as
the name implies) is used to boot the system. The partition table contains information about the
locations and sizes of your partitions.
There are three kinds of partitions : primary, extended, and logical. Of these, primary partitions are
used most often. However, because of a limit on the size of the partition table, you can have only four
primary partitions on any given drive. This is due to the poor design of MS-DOS and Windows; even
other operating systems that originated in the same era do not have such limits.
The way around this four-partition limit is to use an extended partition. An extended partition doesn't
hold any data by itself; instead, it acts as a "container" for logical partitions . Therefore, you could
create one extended partition, covering the entire drive, and within it create many logical partitions.
However, you are limited to only one extended partition per drive.
2.2.3. Linux Partition Requirements
Before we explain how to repartition your drives, you need an idea of how much space you will be
allocating for Linux. We discuss how to create these partitions later in this chapter, in "Editing
On Unix systems, files are stored on a filesystem, which is essentially a section of the hard drive (or
other medium, such as CD-ROM, DVD, or floppy) formatted to hold files. Each filesystem is associated
with a specific part of the directory tree; for example, on many systems, there is a filesystem for all the
files in the directory /usr, another for /tmp, and so on. The root filesystem is the primary filesystem,
which corresponds to the topmost directory, /.
Under Linux, each filesystem lives on a separate partition on the hard drive. For instance, if you have a
filesystem for / and another for /usr, you will need two partitions to hold the two filesystems.[*]
[*] Notice that this applies to filesystems only, not to directories. Of course, you can have any number of directory trees off the root directory
in the same filesystem.
Before you install Linux, you will need to prepare filesystems for storing the Linux software. You must
have at least one filesystem (the root filesystem), and therefore one partition, allocated to Linux. Many
Linux users opt to store all their files on the root filesystem, which, in most cases, is easier to manage
than several filesystems and partitions.
However, you may create multiple filesystems for Linux if you wishfor example, you may want to use
separate filesystems for /usr and /home. Those readers with Unix system administration experience will
know how to use multiple filesystems creatively. In "Creating Filesystems" in Chapter 10 we discuss the
use of multiple partitions and filesystems.
Why use more than one filesystem? The most commonly stated reason is safety; if, for some reason,
one of your filesystems is damaged, the others will (usually) be unharmed. On the other hand, if you
store all your files on the root filesystem, and for some reason the filesystem is damaged, you may lose
all your files in one fell swoop. This is, however, rather uncommon; if you back up the system regularly,
you should be quite safe.
On the other hand, using several filesystems has the advantage that you can easily upgrade your
system without endangering your own precious data. You might have a partition for the users' home
directories, and when upgrading the system, you leave this partition alone, wipe out the others, and
reinstall Linux from scratch. Of course, nowadays distributions all have quite elaborate update
procedures, but from time to time, you might want a fresh start.
Another reason to use multiple filesystems is to divvy up storage among multiple hard drives. If you
have, say, 300 MB free on one hard drive, and 2 GB free on another, you might want to create a 300MB root filesystem on the first drive and a 2-GB /usr filesystem on the other. It is possible to have a
single filesystem span multiple drives by using a tool called Logical Volume Manager (LVM), but setting
this up requires considerable knowledge, unless your distribution's installation program automates it for
In summary, Linux requires at least one partition, for the root filesystem. If you wish to create multiple
filesystems, you need a separate partition for each additional filesystem. Some distributions of Linux
automatically create partitions and filesystems for you, so you may not need to worry about these
issues at all.
Another issue to consider when planning your partitions is swap space. Swap space is a portion of the
disk used by an operating system to temporarily store parts of programs that were loaded by the user
but aren't currently in use. You are not required to use swap space with Linux, but if you have less than
256 MB of physical RAM, it is strongly suggested that you do.
You have two options. The first is to use a swap file that exists on one of your Linux filesystems. You will
create the swap file for use as virtual RAM after you install the software. The second option is to create
a swap partition, an individual partition to be used only as swap space. Most people use a swap
partition instead of a swap file.
A single swap file or partition may be up to 2 GB.[*] If you wish to use more than 2 GB of swap (hardly
ever necessary), you can create multiple swap partitions or filesup to 32 in all.
[*] This value applies to machines with Intel processors. On other architectures it can be both higher and lower.
Setting up a swap partition is covered in "Creating Swap Space," later in this chapter, and setting up a
swap file is discussed in "Managing Swap Space" in Chapter 10. For instance, if you want to run fdisk on
the first SCSI disk in your system, use the command:
# fdisk /dev/sda
/dev/hda (the first IDE drive) is the default if you don't specify one.
If you are creating Linux partitions on more than one drive, run fdisk once for each drive:
# fdisk /dev/hda
Command (m for help):
Here fdisk is waiting for a command; you can type m to get a list of options :
Command (m for help): m
Command action
toggle a bootable flag
edit bsd disklabel
toggle the dos compatibility flag
delete a partition
list known partition types
print this menu
add a new partition
create a new empty DOS partition table
print the partition table
quit without saving changes
create a new empty Sun disklabel
change a partition's system id
change display/entry units
verify the partition table
write table to disk and exit
extra functionality (experts only)
Command (m for help):
The n command is used to create a new partition. Most other options you won't need to worry about. To
quit fdisk without saving any changes, use the q command. To quit fdisk and write the changes to the
partition table to disk, use the w command. This is worth repeating: so long as you quit with q without
writing, you can mess around as much as you want with fdisk without risking harm to your data. Only
when you type w can you cause potential disaster to your data if you do something wrong.
The first thing you should do is display your current partition table and write the information down for
later reference. Use the p command to see the information. It is a good idea to copy the information to
your notebook after each change you have made to the partition table. If, for some reason, your
partition table is damaged, you will not access any data on your hard disk any longer, even though the
data itself is still there. But by using your notes, you might be able to restore the partition table and get
your data back in many cases by running fdisk again and deleting and re-creating the partitions with
the parameters you previously wrote down. Don't forget to save the restored partition table when you
are done.
Here is an example of a printed partition table (of a very small hard disk), where blocks, sectors, and
cylinders are units into which a hard disk is organized:
Command (m for help): p
Disk /dev/hda: 16 heads, 38 sectors, 683 cylinders
Units = cylinders of 608 * 512 bytes
Device Boot Begin
End Blocks
DOS 16-bit >=32M
Command (m for help):
In this example, we have a single Windows partition on /dev/hda1, which is 61693 blocks (about 60
MB). [*] This partition starts at cylinder number 1 and ends on cylinder 203. We have a total of 683
cylinders in this disk; so there are 480 cylinders left on which to create Linux partitions.
A block, under Linux, is 1024 bytes.
To create a new partition, use the n command. In this example, we'll create two primary partitions
(/dev/hda2 and /dev/hda3) for Linux:
Command (m for help): n
Command action
primary partition (1-4)
Here, fdisk is asking which type of the partition to create: extended or primary. In our example, we're
creating only primary partitions, so we choose p:
Partition number (1-4):
fdisk will then ask for the number of the partition to create; because partition 1 is already used, our first
Linux partition will be number 2:
Partition number (1-4): 2
First cylinder (204-683):
Now, we'll enter the starting cylinder number of the partition. Because cylinders 204 through 683 are
unused, we use the first available one (numbered 204). There's no reason to leave empty space
between partitions:
First cylinder (204-683): 204
Last cylinder or +size or +sizeM or +sizeK (204-683):
fdisk is asking for the size of the partition we want to create. We can either specify an ending cylinder
number, or a size in bytes, kilobytes, or megabytes. Because we want our partition to be 80 MB in size,
we specify +80M. When specifying a partition size in this way, fdisk will round the actual partition size to
the nearest number of cylinders:
Last cylinder or +size or +sizeM or +sizeK (204-683): +80M
If you see a warning message such as this, it can be ignored. fdisk prints the warning because it's an
older program and dates back before the time that Linux partitions were allowed to be larger than 64
Now we're ready to create our second Linux partition. For sake of demonstration, we'll create it with a
size of 10 MB:
Command (m for help): n
Command action
primary partition (1-4)
Partition number (1-4): 3
First cylinder (474-683): 474
Last cylinder or +size or +sizeM or +sizeK (474-683): +10M
At last, we'll display the partition table. Again, write down all this information-- especially the block
sizes of your new partitions. You'll need to know the sizes of the partitions when creating filesystems.
Also, verify that none of your partitions overlaps:
Command (m for help): p
Disk /dev/hda: 16 heads, 38 sectors, 683 cylinders
Units = cylinders of 608 * 512 bytes
Device Boot Begin
End Blocks
DOS 16-bit >=32M
Linux native
Linux native
As you can see, /dev/hda2 is now a partition of size 82,080 blocks (which corresponds to about 80 MB),
and /dev/hda3 is 10,336 blocks (about 10 MB).
Note that most distributions require you to use the t command in fdisk to change the type of the swap
partition to "Linux swap," which is numbered 82. You can use the l command to print a list of known
partition type codes, and then use the t command to set the type of the swap partition to that which
corresponds to "Linux swap."
This way the installation software will be able to automatically find your swap partitions based on type.
If the installation software doesn't seem to recognize your swap partition, you might want to rerun fdisk
and use the t command on the partition in question.
In the previous example, the remaining cylinders on the disk (numbered 508 to 683) are unused. You
may wish to leave unused space on the disk, in case you want to create additional partitions later.
Finally, we use the w command to write the changes to disk and exit fdisk:
Command (m for help): w
Keep in mind that none of the changes you make while running fdisk takes effect until you give the w
command, so you can toy with different configurations and save them when you're done. Also, if you
want to quit fdisk at any time without saving the changes, use the q command. Remember that you
shouldn't modify partitions for operating systems other than Linux with the Linux fdisk program.
You may not be able to boot Linux from a partition using cylinders numbered over 1023. Therefore, you
should try to create your Linux root partition within the sub-1024 cylinder range, which is almost
always possible (e.g., by creating a small root partition in the sub-1024 cylinder range). If, for some
reason, you cannot or do not want to do this, you can simply boot Linux from floppy, use the rescue
option of the installation CD or DVD, or boot a Linux live CD like Knoppix.
Some Linux distributions require you to reboot the system after running fdisk to allow the changes to
the partition table to take effect before installing the software. Newer versions of fdisk automatically
update the partition information in the kernel, so rebooting isn't necessary. To be on the safe side, after
running fdisk you should reboot from the installation medium before proceeding.
2.2.4. Creating Swap Space
If you are planning to use a swap partition for virtual RAM, you're ready to prepare it.[*] In "Managing
Swap Space" in Chapter 10, we discuss the preparation of a swap file, in case you don't want to use an
individual partition.
[*] Again, some distributions of Linux prepare the swap space for you automatically, or via an installation menu option.
Many distributions require you to create and activate swap space before installing the software. If you
have a small amount of physical RAM, the installation procedure may not be successful unless you have
some amount of swap space enabled.
The command used to prepare a swap partition is mkswap , and it takes the following form:
mkswap -c partition
where partition is the name of the swap partition. For example, if your swap partition is /dev/hda3,
use the command
# mkswap -c /dev/hda3
With older versions of mkswap, you had to specify the size of the partition, which was dangerous, as
one typo could destroy your disk logically.
The -c option tells mkswap to check for bad blocks on the partition when creating the swap space. Bad
blocks are spots on the magnetic medium that do not hold the data correctly. This occurs only rarely
with today's hard disks, but if it does occur, and you do not know about it, it can cause you endless
trouble. Always use the -c option to have mkswap check for bad blocks. It will exclude them from being
used automatically.
If you are using multiple swap partitions , you need to execute the appropriate mkswap command for
each partition.
After formatting the swap space, you need to enable it for use by the system. Usually, the system
automatically enables swap space at boot time. However, because you have not yet installed the Linux
software, you need to enable it by hand.
The command to enable swap space is swapon, and it takes the following form:
swapon partition
After the mkswap command shown, we use the following command to enable the swap space on
# swapon /dev/hda3
2.2.5. Creating the Filesystems
Before you can use your Linux partitions to store files, you must create filesystems on them. Creating a
filesystem is analogous to formatting a partition under Windows or other operating systems. We
discussed filesystems briefly in "Linux Partition Requirements," earlier in this chapter.
Several types of filesystems are available for Linux. Each filesystem type has its own format and set of
characteristics (such as filename length, maximum file size, and so on). Linux also supports several
third-party filesystem types, such as the Windows filesystem.
The most commonly used filesystem types are the Second Extended Filesystem, or ext2fs and the Third
Extended Filesystem, or ext3fs. The ext2fs and ext3fs filesystems are two of the most efficient and
flexible filesystems; they allows filenames of up to 256 characters and filesystem sizes of up to 32
terabytes. In "Filesystem Types" in Chapter 10, we discuss the various filesystem types available for
Linux. Initially, however, we suggest you use the ext3fs filesystem.
To create an ext3fs filesystem, use the command
mke2fs -j -c partition
where partition is the name of the partition. (Notice that the same command, mke2fs is used for
creating both ext2 and ext3 filesystems; it's the -j that makes it a journalled, ext3, filesystem.) For
example, to create a filesystem on /dev/hda2, use the command
# mke2fs -j -c /dev/hda2
If you're using multiple filesystems for Linux, you need to use the appropriate mke2fs command for each
If you have encountered any problems at this point, see "Running into Trouble," later in this chapter.
2.2.6. Installing the Software
Finally, you are ready to install the software on your system. Every distribution has a different
mechanism for doing this. Many distributions have a self-contained program that steps you through the
installation . On other distributions, you have to mount your filesystems in a certain subdirectory (such
as /mnt) and copy the software to them by hand. On CD-ROM distributions, you may be given the
option to install a portion of the software on your hard drive and leave most of the software on the CDROM. This is often called a "live filesystem." Such a live filesystem is convenient for trying out Linux
before you make a commitment to install everything on your disk.
Some distributions offer several different ways to install the software. For example, you may be able to
install the software directly from a Windows partition on your hard drive instead of from floppies. Or
you may be able to install over a TCP/IP network via FTP or NFS. See your distribution's documentation
for details.
For example, the Slackware distribution requires you to do the following:
1. Create partitions with fdisk.
2. Optionally create swap space with mkswap and swapon (if you have 16 MB or less of RAM).
3. Run the setup program to install the software. setup leads you through a self-explanatory menu
The exact method used to install the Linux software differs greatly with each distribution.
You might be overwhelmed by the choice of software to install. Modern Linux distributions can easily
contain a thousand or more packages spread over several CD-ROMs. There are basically three methods
for selecting the software package:
Selection by task
This is the easiest means of selection for beginners. You don't have to think about whether you
need a certain package. You just pick whether your Linux computer should act as a workstation, a
development machine, or a network router, and the installation program will pick the appropriate
packages for you. In all cases, you can then either refine the selection by hand or come back to
the installation program later.
Selection of individual packages by series
With this selection mechanism, all the packages are grouped into series such as "Networking,"
"Development," or "Graphics." You can go through all the series and pick the individual packages
there. This requires more decisions than if you choose selection by task, because you have to
decide whether you need each package; however, you can skip an entire series when you are sure
that you are not interested in the functions it offers.
Selection of individual packages sorted alphabetically
This method is useful only when you already know which packages you want to install; otherwise,
you won't see the forest for the trees.
Choosing one selection method does not exclude the use of the others. Most distributions offer two or
more of the aforementioned selection mechanisms.
It might still be difficult to decide which package to pick. Good distributions show a short description of
each package on screen to make it easier for you to select the correct ones, but if you are still unsure,
our advice is this: when in doubt, leave it out! You can always go back and add packages later.
Modern distributions have a very nifty feature, called dependency tracking . Some packages work only
when some other packages are installed (e.g., a graphics viewer might need special graphics libraries to
import files). With dependency tracking, the installation program can inform you about those
dependencies and will let you automatically select the package you want along with all the ones it
depends on. Unless you are very sure about what you are doing, you should always accept this offer, or
the package might not work afterward.
Installation programs can help you make your selection and avoid mistakes in other ways. For example,
the installation program might refuse to start the installation when you deselect a package that is
absolutely crucial for even the most minimal system to boot (like the basic directory structure). Or, it
might check for mutual exclusions, such as cases in which you can only have one package or the other,
but not both.
Some distributions come with a large book that, among other things, lists all the packages together
with short descriptions. It might be a good idea to at least skim those descriptions to see what's in store
for you, or you might be surprised when you select the packages and are offered the 25th text editor.
2.2.7. Creating the Boot Floppy or Installing GRUB
Every distribution provides some means of booting your new Linux system after you have installed the
software. In many cases, the installation procedure suggests you create a boot floppy, which contains a
Linux kernel configured to use your newly created root filesystem. In order to boot Linux, you could
boot from this floppy; control is transferred to your hard drive after you boot. On other distributions,
this boot floppy is the installation floppy itself. If your system does not contain a floppy drive any more
(like many newer systems), be assured that there are always other ways of booting Linux, such as
booting directly from CD.
Many distributions give you the option of installing GRUB on your hard drive. GRUB is a program that
resides on your drive's master boot record. It boots a number of operating systems, including Windows
and Linux, and allows you to select which one to boot at startup time.
In order for GRUB to be installed successfully, it needs to know a good deal of information about your
drive configuration: for example, which partitions contain which operating systems, how to boot each
operating system, and so on. Many distributions, when installing GRUB, attempt to "guess" at the
appropriate parameters for your configuration. Occasionally, the automated GRUB installation provided
by some distributions can fail and leave your master boot record in shambles (however, it's very
doubtful that any damage to the actual data on your hard drive will take place).
In many cases, it is best to use a boot floppy until you have a chance to configure GRUB yourself, by
hand. If you're exceptionally trusting, though, you can go ahead with the automated GRUB installation
if it is provided with your distribution.
In "Using GRUB" in Chapter 17, we'll cover in detail how to configure and install GRUB for your
particular setup.
There are other boot loaders besides GRUB, including the older Linux Leader
(LILO). The general concepts are the same, though; only the installation and
configuration differ.
If everything goes well, congratulations! You have just installed Linux on your system. Go have a cup of
tea or something; you deserve it.
In case you ran into trouble, "Running into Trouble," later in this chapter, describes the most common
sticking points for Linux installations, and how to get around them.
2.2.8. Additional Installation Procedures
Some distributions of Linux provide a number of additional installation procedures, allowing you to
configure various software packages, such as TCP/IP networking, the X Window System, and so on. If
you are provided with these configuration options during installation, you may wish to read ahead in
this book for more information on how to configure this software. Otherwise, you should put off these
installation procedures until you have a complete understanding of how to configure the software.
It's up to you; if all else fails, just go with the flow and see what happens. It's doubtful that anything
you do incorrectly now cannot be undone in the future (knock on wood).
2.3. Post-Installation Procedures
After you have completed installing the Linux software, you should be able to reboot the system, log in
as root, and begin exploring the system. (Each distribution has a different method for doing this; follow
the instructions given by the distribution.)
Before you strike out on your own, however, there are some tasks you should do now that may save
you a lot of grief later. Some of these tasks are trivial if you have the right hardware and Linux
distribution; others may involve a little research on your part, and you may decide to postpone them.
2.3.1. Creating a User Account
In order to start using your system, you need to create a user account for yourself. Eventually, if you
plan to have other users on your system, you'll create user accounts for them as well. But before you
begin to explore you need at least one account.
Why is this? Every Linux system has several preinstalled accounts, such as root. The root account,
however, is intended exclusively for administrative purposes. As root you have all kinds of privileges
and can access all files on your system.
However, using root can be dangerous, especially if you're new to Linux. Because there are no
restrictions on what root can do, it's all too easy to mistype a command, inadvertently delete files,
damage your filesystem, and so on. You should log in as root only when you need to perform system
administration tasks, such as fixing configuration files, installing new software, and so on. See
"Maintaining the System" in Chapter 10 for details.[*]
A side note: on a Windows 95/98/ME system, the user is always the equivalent of a root user, whether that power is needed or not.
For normal usage, you should create a standard user account. Unix systems have built-in security that
prevents users from deleting other users' files and corrupting important resources, such as system
configuration files. As a regular user, you'll be protecting yourself from your own mistakes. This is
especially true for users who don't have Unix system administration experience.
Many Linux distributions provide tools for creating new accounts. These programs are usually called
useradd or adduser. As root, invoking one of these commands should present you with a usage
summary for the command, and creating a new account should be fairly self-explanatory.
Most modern distributions provide a generic system administration tool for various tasks, one of which
is creating a new user account.
Again, other distributions, such as SUSE Linux, Red Hat Linux, or Mandriva, integrate system
installation and system administration in one tool (e.g., yast or yast2 on SUSE Linux).
If all else fails, you can create an account by hand. Usually, all that is required to create an account is
the following:
1. Edit the file /etc/passwd to add the new user. (Doing this with vipw--instead of editing the file
directly will protect you against concurrent changes of the password file, but vipw is not available
on all distributions.)
2. Optionally edit the file /etc/shadow to specify "shadow password" attributes for the new user.
3. Create the user's home directory.
4. Copy skeleton configuration files (such as .bashrc) to the new user's home directory. These can
sometimes be found in the directory /etc/skel.
We don't want to go into great detail here: the particulars of creating a new user account can be found
in virtually every book on Unix system administration. We also talk about creating users in "Managing
User Accounts" in Chapter 11. You should be able to find a tool that takes care of these details for you.
Keep in mind that to set or change the password on the new account, you use the passwd command. For
example, to change the password for the user duck, issue the following command:
# passwd duck
This will prompt you to set or change the password for duck. If you execute the passwd command as
root, it will not prompt you for the original password. In this way, if you have forgotten your old
password but can still log in as root, you can reset it.
2.3.2. Getting Online Help
Linux provides online help in the form of manual pages. Throughout this book, we'll be directing you to
look at the manual pages for particular commands to get more information. Manual pages describe
programs and applications on the system in detail, and it's important for you to learn how to access this
online documentation in case you get into a bind.
To get online help for a particular command, use the man command. For example, to get information on
the passwd command, type the following command:
$ man passwd
This should present you with the manual page for passwd.
Usually, manual pages are provided as an optional package with most distributions, so they won't be
available unless you have opted to install them. However, we very strongly advise you to install the
manual pages. You will feel lost many times without them.
In addition, certain manual pages may be missing or incomplete on your system. It depends on how
complete your distribution is and how up-to-date the manual pages are.
Linux manual pages also document system calls, library functions, configuration file formats, and kernel
internals. In "Manual Pages" in Chapter 4, we describe their use in more detail.
Besides traditional manual pages, there are also so-called Info pages. These can be read with the text
editor Emacs, the command info, or one of many graphical info readers available.
Many distributions also provide documentation in HTML format that you can read with any web browser,
such as Konqueror, as well as with Emacs.
Finally, there are documentation files that are simply plain text. You can read these with any text editor
or simply with the command more.
If you cannot find documentation for a certain command, you can also try running it with either the -h
or -help option. Most commands then provide a brief summary of their usage.
2.3.3. Editing /etc/fstab
In order to ensure that all your Linux filesystems will be available when you reboot the system, you may
need to edit the file /etc/fstab, which describes your filesystems. Many distributions automatically
generate the /etc/fstab file for you during installation, so all may be well. However, if you have
additional filesystems that were not used during the installation process, you may need to add them to
/etc/fstab in order to make them available. Swap partitions should be included in /etc/fstab as well.
In order to access a filesystem, it must be mounted on your system. Mounting a filesystem associates
that filesystem with a particular directory. For example, the root filesystem is mounted on /, the /usr
filesystem on /usr, and so on. (If you did not create a separate filesystem for /usr, all files under /usr
will be stored on the root filesystem.)
We don't want to smother you with technical details here, but it is important to understand how to
make your filesystems available before exploring the system. For more details on mounting filesystems,
see "Mounting Filesystems" in Chapter 10, or any book on Unix system administration.
The root filesystem is automatically mounted on / when you boot Linux. However, your other
filesystems must be mounted individually. Usually, this is accomplished with the command:
# mount -av
in one of the system startup files in /etc/rc.d or wherever your distribution stores its configuration files.
This tells the mount command to mount any filesystems listed in the file /etc/fstab. Therefore, in order to
have your filesystems mounted automatically at boot time, you need to include them in /etc/fstab. (Of
course, you could always mount the filesystems by hand, using the mount command after booting, but
this is unnecessary work.)
Here is a sample /etc/fstab file, shortened by omitting the last two parameters in each line, which are
optional and not relevant to the discussion here. In this example, the root filesystem is on /dev/hda1,
the /home filesystem is on /dev/hdb2, and the swap partition is on /dev/hdb1:
# /etc/fstab
# device
The lines beginning with the "#" character are comments. Also, you'll notice an additional entry for
/proc. /proc is a "virtual filesystem" used to gather process information by commands such as ps.
As you can see, /etc/fstab consists of a series of lines. The first field of each line is the device name of
the partition, such as /dev/hda1. The second field is the mount point--the directory where the filesystem
is mounted. The third field is the type; Linux ext3fs filesystems should use ext3 for this field. swap
should be used for swap partitions. The fourth field is for mounting options. You should use defaults in
this field for filesystems and sw for swap partitions.
Using this example as a model, you should be able to add entries for any filesystems not already listed
in the /etc/fstab file.
How do we add entries to the file? The easiest way is to edit the file, as root, using an editor such as vi
or Emacs. We won't get into the use of text editors here. vi and Emacs are both covered in Chapter 19.
After editing the file, you'll need to issue the command:
# /bin/mount -a
or reboot for the changes to take effect.
If you're stuck at this point, don't be alarmed. We suggest that Unix novices do some reading on basic
Unix usage and system administration. We offer a lot of introductory material in upcoming chapters,
and most of the remainder of this book is going to assume familiarity with these basics, so don't say we
didn't warn you.
2.3.4. Shutting Down the System
You should never reboot or shut down your Linux system by pressing the reset switch or simply turning
off the power. As with most Unix systems, Linux caches disk writes in memory. Therefore, if you
suddenly reboot the system without shutting down cleanly, you can corrupt the data on your drives.
Note, however, that the "Vulcan nerve pinch" (pressing Ctrl-Alt-Delete in unison) is generally safe: the
kernel traps the key sequence and passes it to the init process, which, in turn, initiates a clean
shutdown of the system (or whatever it is configured to do in this case; see "init, inittab, and rc Files" in
Chapter 17). Your system configuration might reserve the Ctrl-Alt-Delete for the system administrator
so that normal users cannot shut down the network server that the whole department depends upon. To
set permissions for this keystroke combination, create a file called /etc/shutdown.allow that lists the
names of all the users who are allowed to shut down the machine.
The easiest way to shut down the system is with the shutdown command. As an example, to shut down
and reboot the system immediately, use the following command as root:
# shutdown -r now
This will cleanly reboot your system. The manual page for shutdown describes the other available
command-line arguments. Instead of now , you can also specify when the system should be shut down.
Most distributions also provide halt, which calls shutdown now. Some distributions also provide
poweroff, which actually shuts down the computer and turns it off. Whether it works depends on the
hardware and the BIOS (which must support APM or ACPI), not on Linux.
2.4. Running into Trouble
Almost everyone runs into some kind of snag or hang-up when attempting to install Linux the first time.
Most of the time, the problem is caused by a simple misunderstanding. Sometimes, however, it can be
something more serious, such as an oversight by one of the developers or a bug.
This section describes some of the most common installation problems and how to solve them. It also
describes unexpected error messages that can pop up during installations that appear to be successful.
In general, the proper boot sequence is as follows:
1. After booting from the LILO prompt, the system must load the kernel image from floppy. This may
take several seconds; you know things are going well if the floppy drive light is still on.
2. While the kernel boots, SCSI devices must be probed for. If you have no SCSI devices installed,
the system will hang for up to 15 seconds while the SCSI probe continues; this usually occurs after
the line:
lp_init: lp1 exists (0), using polling driver
appears on your screen.
3. After the kernel is finished booting, control is transferred to the system bootup files on the floppy.
Finally, you will be presented with a login prompt (either a graphical or a textual one) or be
dropped into an installation program. If you are presented with a login prompt such as:
Linux login:
you should then log in (usually as root or install--this varies with each distribution). After you
enter the username, the system may pause for 20 seconds or more while the installation program
or shell is being loaded from floppy. Again, the floppy drive light should be on. Don't assume the
system is hung.
2.4.1. Problems with Booting the Installation Medium
When attempting to boot the installation medium for the first time, you may encounter a number of
problems. Note that the following problems are not related to booting your newly installed Linux
system. See "Problems After Installing Linux," later in this chapter, for information on these kinds of
A floppy or medium error occurs when attempting to boot
The most popular cause for this kind of problem is a corrupt boot floppy. Either the floppy is
physically damaged, in which case you should re-create the disk with a brand-new floppy, or the
data on the floppy is bad, in which case you should verify that you downloaded and transferred
the data to the floppy correctly. In many cases, simply re-creating the boot floppy will solve your
problems. Retrace your steps and try again.
If you received your boot floppy from a mail-order vendor or some other distributor, instead of
downloading and creating it yourself, contact the distributor and ask for a new boot floppy but
only after verifying that this is indeed the problem. This can, of course, be difficult, but if you get
funny noises from your floppy drive or messages like cannot read sector , chances are that your
medium is damaged.
The system hangs during boot or after booting
After the installation medium boots, you see a number of messages from the kernel itself,
indicating which devices were detected and configured. After this, you are usually presented with
a login prompt, allowing you to proceed with installation (some distributions instead drop you
right into an installation program of some kind). The system may appear to hang during several
of these steps. Be patient; loading software from floppy is very slow. In many cases, the system
has not hung at all, but is merely taking a long time. Verify that there is no drive or system
activity for at least several minutes before assuming that the system is hung.
Each activity listed at the beginning of this section may cause a delay that makes you think the
system has stopped. However, it is possible that the system actually may hang while booting,
which can be due to several causes. First of all, you may not have enough available RAM to boot
the installation medium. (See the following item for information on disabling the ramdisk to free
up memory.)
Hardware incompatibility causes many system hangs. Even if your hardware is supported, you
may run into problems with incompatible hardware configurations that are causing the system to
hang. See "Hardware Problems," later in this chapter, for a discussion of hardware
incompatibilities. "Hardware Requirements" in Chapter 16 lists the currently supported video
chipsets, which are a major issue in running graphics on Linux.
The system reports out-of-memory errors while attempting to boot or install the software
This problem relates to the amount of RAM you have available. Keep in mind that Linux itself
requires at least 8 MB of RAM to run at all; almost all current distributions of Linux require 32 MB
or more. On systems with 16 MB of RAM or less, you may run into trouble booting the installation
medium or installing the software itself. This is because many distributions use a ramdisk, which
is a filesystem loaded directly into RAM, for operations while using the installation medium. The
entire image of the installation boot floppy, for example, may be loaded into a ramdisk, which
may require more than 1 MB of RAM.
The solution to this problem is to disable the ramdisk option when booting the install medium.
Each distribution has a different procedure for doing this. Please see your distribution
documentation for more information.
You may not see an out-of-memory error when attempting to boot or install the software;
instead, the system may unexpectedly hang or fail to boot. If your system hangs, and none of the
explanations in the previous section seems to be the cause, try disabling the ramdisk.
The system reports an error, such as "Permission denied" or "File not found," while booting
This is an indication that your installation boot medium is corrupt. If you attempt to boot from the
installation medium (and you're sure you're doing everything correctly), you should not see any
such errors. Contact the distributor of your Linux software and find out about the problem, and
perhaps obtain another copy of the boot medium if necessary. If you downloaded the boot disk
yourself, try re-creating the boot disk, and see if this solves your problem.
The system reports the error "VFS: Unable to mount root" when booting
This error message means that the root filesystem (found on the boot medium itself) could not be
found. This means that either your boot medium is corrupt or you are not booting the system
For example, many CD-ROM/DVD distributions require you to have the CD-ROM/DVD in the drive
when booting. Also be sure that the CD-ROM/DVD drive is on, and check for any activity. It's also
possible the system is not locating your CD-ROM/DVD drive at boot time; see "Hardware
Problems" for more information.
If you're sure you are booting the system correctly, your boot medium may indeed be corrupt.
This is an uncommon problem, so try other solutions before attempting to use another boot floppy
or tape. One handy feature here is Red Hat's new mediacheck option on the CD-ROM/DVD. This
will check if the CD is OK.
2.4.2. Hardware Problems
The most common problem encountered when attempting to install or use Linux is an incompatibility
with hardware . Even if all your hardware is supported by Linux, a misconfiguration or hardware conflict
can sometimes cause strange results: your devices may not be detected at boot time, or the system
may hang.
It is important to isolate these hardware problems if you suspect they may be the source of your
trouble. In the following sections, we describe some common hardware problems and how to resolve
them. Isolating hardware problems
If you experience a problem you believe is hardware related, the first thing to do is attempt to isolate
the problem. This means eliminating all possible variables and (usually) taking the system apart, piece
by piece, until the offending piece of hardware is isolated.
This is not as frightening as it may sound. Basically, you should remove all nonessential hardware from
your system (after turning the power off), and then determine which device is actually causing the
trouble possibly by reinserting each device, one at a time. This means you should remove all hardware
other than the floppy and video controllers, and, of course, the keyboard. Even innocent-looking
devices, such as mouse controllers, can wreak unknown havoc on your peace of mind unless you
consider them nonessential. So, to be sure, really remove everything that you don't absolutely need for
booting when experimenting, and add the devices one by one later when reassembling the system.
For example, let's say the system hangs during the Ethernet board detection sequence at boot time. You
might hypothesize that there is a conflict or problem with the Ethernet board in your machine. The
quick and easy way to find out is to pull the Ethernet board and try booting again. If everything goes
well when you reboot, you know that either the Ethernet board is not supported by Linux, or there is an
address or IRQ conflict with the board. In addition, some badly designed network boards (mostly ISAbased NE2000 clones, which are luckily dying out by now) can hang the entire system when they are
auto-probed. If this appears to be the case for you, your best bet is to remove the network board from
the system during the installation and put it back in later, or pass the appropriate kernel parameters
during boot-up so that auto-probing of the network board can be avoided. The most permanent fix is to
dump that card and get a new one from another vendor that designs its hardware more carefully.
What does "address or IRQ conflict" mean, you may ask? All devices in your machine use an interrupt
request line, or IRQ, to tell the system they need something done on their behalf. You can think of the
IRQ as a cord the device tugs when it needs the system to take care of some pending request. If more
than one device is tugging on the same cord, the kernel won't be able to determine which device it
needs to service. Instant mayhem.
Therefore, be sure all your installed non-PCI/AGP devices are using unique IRQ lines. In general, the
IRQ for a device can be set by jumpers on the card; see the documentation for the particular device for
details. Some devices do not require an IRQ at all, but it is suggested you configure them to use one if
possible (the Seagate ST01 and ST02 SCSI controllers are good examples). The PCI bus is more
cleverly designed, and PCI devices can and do quite happily share interrupt lines.
In some cases, the kernel provided on your installation medium is configured to use a certain IRQ for
certain devices. For example, on some distributions of Linux, the kernel is preconfigured to use IRQ 5
for the TMC-950 SCSI controller, the Mitsumi CD-ROM controller, and the bus mouse driver. If you want
to use two or more of these devices, you'll need first to install Linux with only one of these devices
enabled, then recompile the kernel in order to change the default IRQ for one of them. (See "Building a
New Kernel" in Chapter 18 for information on recompiling the kernel.)
Another area where hardware conflicts can arise is with DMA channels, I/O addresses , and shared
memory addresses . All these terms describe mechanisms through which the system interfaces with
hardware devices. Some Ethernet boards, for example, use a shared memory address as well as an IRQ
to interface with the system. If any of these are in conflict with other devices, the system may behave
unexpectedly. You should be able to change the DMA channel, I/O, or shared memory addresses for
your various devices with jumper settings. (Unfortunately, some devices don't allow you to change
these settings.)
The documentation for your various hardware devices should specify the IRQ, DMA channel, I/O
address, or shared memory address the devices use, and how to configure them. Of course, a problem
here is that some of these settings are not known before the system is assembled and may thus be
undocumented. Again, the simple way to get around these problems is to temporarily disable the
conflicting devices until you have time to determine the cause of the problem.
Table 2-1 lists IRQ and DMA channels used by various "standard" devices found on most systems.
Almost all systems have some of these devices, so you should avoid setting the IRQ or DMA of other
devices to these values.
Table 2-1. Common device settings
I/O address
ttyS0 (COM1)
ttyS1 (COM2)
ttyS2 (COM3)
I/O address
ttyS3 (COM4)
lp0 (LPT1)
378 - 37f
lp1 (LPT2)
278 - 27f
fd0, fd1 (floppies 1 and 2)
3f0 - 3f7
fd2, fd3 (floppies 3 and 4)
370 - 377
3 Problems recognizing hard drive or controller
When Linux boots, you see a series of messages on your screen, such as the following:
Console: switching to colour frame buffer device 147x55
Real Time Clock Driver v1.12
Serial: 8250/16550 driver $Revision: 1.1 $ 48 ports, IRQ sharing enabled
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
Using anticipatory io scheduler
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
Here, the kernel is detecting the various hardware devices present on your system. At some point, you
should see a line like the following:
hda: hda1 hda2 hda3 hda4 < hda5 hda6 hda7 >
If, for some reason, your drives or partitions are not recognized, you will not be able to access them in
any way.
Several conditions can cause this to happen:
Hard drive or controller not supported
If you are using a hard drive or controller (IDE, SCSI, or otherwise) not supported by Linux, the
kernel will not recognize your partitions at boot time.
Drive or controller improperly configured
Even if your controller is supported by Linux, it may not be configured correctly. (This is a
problem particularly for SCSI controllers ; most non-SCSI controllers should work fine without
additional configuration.)
Refer to the documentation for your hard drive and controller for information on solving these
kinds of problems. In particular, many hard drives will need to have a jumper set if they are to be
used as a slave drive (e.g., as the second hard drive). The acid test for this kind of condition is to
boot up Windows or some other operating system known to work with your drive and controller. If
you can access the drive and controller from another operating system, the problem is not with
your hardware configuration.
See the previous section, "Isolating hardware problems," for information on resolving possible
device conflicts and the following section, "Problems with SCSI controllers and devices," for
information on configuring SCSI devices.
Controller properly configured, but not detected
Some BIOS-less SCSI controllers require the user to specify information about the controller at
boot time. The following section, "Problems with SCSI controllers and devices," describes how to
force hardware detection for these controllers.
Hard drive geometry not recognized
Some older systems, such as the IBM PS/ValuePoint, do not store hard drive geometry
information in the CMOS memory where Linux expects to find it. Also, certain SCSI controllers
need to be told where to find drive geometry in order for Linux to recognize the layout of your
Most distributions provide a boot option to specify the drive geometry. In general, when booting
the installation medium, you can specify the drive geometry at the LILO boot prompt with a
command such as:
boot: linux hd=cylinders
where cylinders, heads, and sectors correspond to the number of cylinders, heads, and sectors per
track for your hard drive.
After installing the Linux software, you can install LILO, allowing you to boot from the hard drive. At
that time, you can specify the drive geometry to the LILO installation procedure, making it unnecessary
to enter the drive geometry each time you boot. See "Using GRUB" in Chapter 17 for more about LILO. Problems with SCSI controllers and devices
Presented here are some of the most common problems with SCSI controllers and devices, such as CDROMs, hard drives, and tape drives. If you are having problems getting Linux to recognize your drive or
controller, read on. Let us again emphasize that most distributions use a modularized kernel and that
you might have to load a module supporting your hardware during an early phase of the installation
process. This might also be done automatically for you.
The Linux SCSI HOWTO contains much useful information on SCSI devices in addition to that listed
here. SCSIs can be particularly tricky to configure at times.
It might be a false economy, for example, to use cheap cables, especially if you use wide SCSI. Cheap
cables are a major source of problems and can cause all kinds of failures, as well as major headaches. If
you use SCSI, use proper cabling.
Here are common problems and possible solutions:
A SCSI device is detected at all possible IDs
This problem occurs when the system straps the device to the same address as the controller. You
need to change the jumper settings so that the drive uses a different address from the controller
Linux reports sense errors, even if the devices are known to be error-free
This can be caused by bad cables or by bad termination. If your SCSI bus is not terminated at
both ends, you may have errors accessing SCSI devices. When in doubt, always check your
cables. In addition to disconnected cables, bad-quality cables are a common source of troubles.
SCSI devices report timeout errors
This is usually caused by a conflict with IRQ, DMA, or device addresses. Also, check that interrupts
are enabled correctly on your controller.
SCSI controllers using BIOS are not detected
Detection of controllers using BIOS will fail if the BIOS is disabled, or if your controller's
"signature" is not recognized by the kernel. See the Linux SCSI HOWTO for more information
about this.
Controllers using memory-mapped I/O do not work
This happens when the memory-mapped I/O ports are incorrectly cached. Either mark the board's
address space as uncacheable in the XCMOS settings, or disable the cache altogether.
When partitioning, you get a warning "cylinders > 1024," or you are unable to boot from a partition
using cylinders numbered above 1023
BIOS limits the number of cylinders to 1024, and any partition using cylinders numbered above
this won't be accessible from the BIOS. As far as Linux is concerned, this affects only booting;
once the system has booted, you should be able to access the partition. Your options are to either
boot Linux from a boot floppy or to boot from a partition using cylinders numbered below 1024.
See "Creating the Boot Floppy or Installing GRUB," earlier in this chapter.
CD-ROM drive or other removable media devices are not recognized at boot time
Try booting with a CD-ROM (or disk) in the drive. This is necessary for some devices.
If your SCSI controller is not recognized, you may need to force hardware detection at boot time. This is
particularly important for SCSI controllers without BIOS. Most distributions allow you to specify the
controller IRQ and shared memory address when booting the installation medium. For example, if you
are using a TMC-8xx controller, you may be able to enter:
boot: linux tmx8xx=interrupt,memory-address
at the LILO boot prompt, where interrupt is the controller IRQ, and memory-address is the shared
memory address. Whether you can do this depends on the distribution of Linux you are using; consult
your documentation for details.
2.4.3. Problems Installing the Software
Installing the Linux software should be trouble-free if you're lucky. The only problems you might
experience would be related to corrupt installation media or lack of space on your Linux filesystems.
Here is a list of common problems:
System reports "Read error, file not found" or other errors while attempting to install the software
This is indicative of a problem with your installation medium. If you are installing from floppy,
keep in mind that floppies are quite susceptible to media errors of this type. Be sure to use brandnew, newly formatted floppies. If you have a Windows partition on your drive, many Linux
distributions allow you to install the software from the hard drive. This may be faster and more
reliable than using floppies.
If you are using a CD-ROM, be sure to check the disk for scratches, dust, or other problems that
might cause media errors.
The cause of the problem may also be that the medium is in the incorrect format. For example,
many Linux distributions require floppies to be formatted in high-density Windows format. (The
boot floppy is the exception; it is not in Windows format in most cases.) If all else fails, either
obtain a new set of floppies, or re-create the floppies (using new ones) if you downloaded the
software yourself.
System reports errors such as "tar: read error" or "gzip: not in gzip format"
This problem is usually caused by corrupt files on the installation medium itself. In other words,
your floppy may be error-free, but the data on the floppy is in some way corrupted. For example,
if you downloaded the Linux software using text mode, rather than binary mode, your files will be
corrupt and unreadable by the installation software. When using FTP, just issue the binary
command to set that mode before you request a file transfer.
System reports errors such as "device full" while installing
This is a clear-cut sign that you have run out of space when installing the software. If the disk fills
up, not all distributions can clearly recover, so aborting the installation won't give you a working
The solution is usually to re-create your filesystems with the mke2fs command, which will delete
the partially installed software. You can then attempt to reinstall the software, this time selecting
a smaller amount of software to install. If you can't do without that software, you may need to
start completely from scratch and rethink your partition and filesystem sizes.
System reports errors such as "read_intr: 0x10" while accessing the hard drive
This is usually an indication of bad blocks on your drive. However, if you receive these errors
while using mkswap or mke2fs, the system may be having trouble accessing your drive. This can
either be a hardware problem (see "Hardware Problems" earlier in this chapter), or it might be a
case of poorly specified geometry. If you used the option:
at boot time to force detection of your drive geometry and incorrectly specified the geometry, you could
receive this error. This can also happen if your drive geometry is incorrectly specified in the system
System reports errors such as "file not found " or "permission denied "
This problem can occur if the necessary files are not present on the installation medium or if there
is a permissions problem with the installation software. For example, some distributions of Linux
have been known to have bugs in the installation software itself; these are usually fixed rapidly
and are quite infrequent. If you suspect that the distribution software contains bugs, and you're
sure that you have done nothing wrong, contact the maintainer of the distribution to report the
If you have other strange errors when installing Linux (especially if you downloaded the software
yourself), be sure you actually obtained all the necessary files when downloading.
For example, some people use the FTP command:
mget *.*
when downloading the Linux software via FTP. This will download only those files that contain a "." in
their filenames; files without the "." will not be downloaded. The correct command to use in this case is:
mget *
The best advice is to retrace your steps when something goes wrong. You may think that you have done
everything correctly, when in fact you forgot a small but important step somewhere along the way. In
many cases, just attempting to redownload or reinstall the Linux software can solve the problem. Don't
beat your head against the wall any longer than you have to!
Also, if Linux unexpectedly hangs during installation, there may be a hardware problem of some kind.
See "Hardware Problems" for hints.
2.4.4. Problems After Installing Linux
You've spent an entire afternoon installing Linux. In order to make space for it, you wiped your
Windows and OS/2 partitions and tearfully deleted your copies of SimCity 2000 and Railroad Tycoon 2.
You reboot the system and nothing happens. Or, even worse, something happens, but it's not what
should happen. What do you do?
In "Problems with Booting the Installation Medium," earlier in this chapter, we covered the most
common problems that can occur when booting the Linux installation medium; many of those problems
may apply here. In addition, you may be a victim of one of the following maladies. Problems booting Linux from floppy
If you are using a floppy to boot Linux, you may need to specify the location of your Linux root partition
at boot time. This is especially true if you are using the original installation floppy itself and not a
custom boot floppy created during installation.
While booting the floppy, hold down the Shift or Ctrl key. This should present you with a boot menu;
press Tab to see a list of available options. For example, many distributions allow you to boot from a
floppy by entering:
boot: linux root=partition
at the boot menu, where partition is the name of the Linux root partition, such as /dev/hda2. SUSE
Linux offers a menu entry early in the installation program that boots your newly created Linux system
from the installation boot floppy. Consult the documentation for your distribution for details. Problems booting Linux from the hard drive
If you opted to install LILO instead of creating a boot floppy, you should be able to boot Linux from the
hard drive. However, the automated LILO installation procedure used by many distributions is not
always perfect. It may make incorrect assumptions about your partition layout, in which case you need
to reinstall LILO to get everything right. Installing LILO is covered in "Using GRUB" in Chapter 17.
Here are some common problems:
System reports "Drive not bootable Please insert system disk"
You will get this error message if the hard drive's master boot record is corrupt in some way. In
most cases, it's harmless, and everything else on your drive is still intact. There are several ways
around this:
While partitioning your drive using fdisk , you may have deleted the partition that was
marked as "active." Windows and other operating systems attempt to boot the "active"
partition at boot time (Linux, in general, pays no attention to whether the partition is
"active," but the Master Boot Records installed by some distributions like Debian do). You
may be able to boot MS-DOS from floppy and run fdisk to set the active flag on your MS-
DOS partition, and all will be well.
Another command to try (with MS-DOS 5.0 and higher, including Windows 95/98/ME) is:
This command will attempt to rebuild the hard drive master boot record for booting
Windows, overwriting LILO . If you no longer have Windows on your hard drive, you'll need
to boot Linux from floppy and attempt to install LILO later. This command does not exist on
Windows NT/2000/XP; here the procedure is more involved.
If you created a Windows partition using Linux's version of fdisk, or vice versa, you may get
this error. You should create Windows partitions only by using Windows' version of fdisk.
(The same applies to operating systems other than Windows.) The best solution here is
either to start from scratch and repartition the drive correctly, or to merely delete and recreate the offending partitions using the correct version of fdisk.
The LILO installation procedure may have failed. In this case, you should boot either from
your Linux boot floppy (if you have one) or from the original installation medium. Either of
these should provide options for specifying the Linux root partition to use when booting. At
boot time, hold down the Shift or Ctrl key and press Tab from the boot menu for a list of
When you boot the system from the hard drive, Windows (or another operating system) starts instead
of Linux
First of all, be sure you actually installed LILO or GRUB when installing the Linux software. If not,
the system will still boot Windows (or whatever other operating system you may have) when you
attempt to boot from the hard drive. In order to boot Linux from the hard drive, you need to
install LILO or GRUB (see the section "Using GRUB" in Chapter 17).
On the other hand, if you did install LILO, and another operating system boots instead of Linux,
you have LILO configured to boot that other operating system by default. While the system is
booting, hold down the Shift or Ctrl key and press Tab at the boot prompt. This should present
you with a list of possible operating systems to boot; select the appropriate option (usually just
linux) to boot Linux.
If you wish to select Linux as the default operating system to boot, you will need to reinstall LILO.
It also may be possible that you attempted to install LILO, but the installation procedure failed in
some way. See the previous item on installation. Problems logging in
After booting Linux, you should be presented with a login prompt:
Linux login:
At this point, either the distribution's documentation or the system itself will tell you what to do. For
many distributions, you simply log in as root, with no password. Other possible usernames to try are
guest or test.
Most Linux distributions ask you for an initial root password. Hopefully, you have remembered what you
typed in during installation; you will need it again now. If your distribution does not ask you for a root
password during installation, you can try using an empty password.
If you simply can't log in, consult your distribution's documentation; the username and password to use
may be buried in there somewhere. The username and password may have been given to you during
the installation procedure, or they may be printed on the login banner. Another option is to log into
Linux in single-user mode by typing linux simple at the boot prompt.
One possible cause of this password impasse may be a problem with installing the Linux login and
initialization files. If this is the case, you may need to reinstall (at least parts of) the Linux software, or
boot your installation medium and attempt to fix the problem by hand. Problems using the system
If login is successful, you should either be presented with a shell prompt (such as # or $) or be directly
taken to a graphical desktop environment such as KDE or Gnome, and can happily roam around your
system. The next step in this case is to try the procedures in Chapter 4. However, some initial problems
with using the system sometimes creep up.
The most common initial configuration problem is incorrect file or directory permissions. This can cause
the error message:
Shell-init: permission denied
to be printed after logging in. (In fact, anytime you see the message permission denied, you can be
fairly certain it is a problem with file permissions.)
In many cases, it's a simple matter of using the chmod command to fix the permissions of the
appropriate files or directories. For example, some distributions of Linux once used the incorrect file
mode 0644 for the root directory (/). The fix was to issue the command:
# chmod 755 /
as root. (File permissions are covered in the section "File Ownership and Permissions" in Chapter 11.)
However, in order to issue this command, you need to have booted from the installation medium and
mounted your Linux root filesystem by handa hairy task for most newcomers.
As you use the system, you may run into places where file and directory permissions are incorrect or
software does not work as configured. Welcome to the world of Linux! Although most distributions are
quite trouble-free, you can't expect them to be perfect. We don't want to cover all those problems here.
Instead, throughout the book we help you to solve many of these configuration problems by teaching
you how to find them and fix them yourself. In Chapter 1, we discussed this philosophy in some detail.
In Part II, we give hints for fixing many of these common configuration problems.
Chapter 3. Desktop Environments
If you installed one of the popular Linux distributions, it came up with a rather attractive graphical
interface. This chapter tells you how to use this interface to get work done more quickly and pleasantly.
Most Linux systems with graphical interfaces offer a comprehensive graphical environment called a
This chapter covers both of the popular Linux desktops, the K Desktop Environment (KDE) and GNOME.
Readers who have trouble getting their graphical interfaces to work at all, or who want to delve deeper
into the guts of Linux graphics, can find help in Chapter 16.
3.1. Why Use a Graphical Desktop?
If you plan to run your Linux machine as a server, there is no need to install any of the packages
described in this chapter (unless you want to use graphical administration tools). X and the desktop
systems require significant memory, CPU time, and disk space, and if your system never has a monitor
attached to it, installing them is a waste of time and resources. Similarly, if you will just be doing
programming and have no interest in viewing results graphically or using graphical integrated
development environments (IDEs), you could well get by without these conveniences.
But for all other systems, KDE and GNOME make Linux appropriate for mass use. They do the kinds of
things the average user expects his computer to do for him, such as the following:
Display many different kinds of content automatically when their icons are clicked, without the
user having to specify the program used for display
Cut and paste both text and pictures from one window to another, even when these windows run
different applications that store data in different formats
Save and restore sessions, so the user can log back in and pick up as much as possible just where
she left off
Aid the user with hints as to where he is, such as thumbnail images and tool tips
Offer a wealth of beautiful backgrounds, screen savers, and themes
Allow a dizzying extent of customizationbut in a subtle way that allows most users to feel happy
with defaults
To offer all these features, both KDE and GNOME require hefty computing power and memory. Modern
hardware can handle them comfortably (and they're both getting trimmer over time), but some users
prefer to use more lightweight graphical systems that lack some of the power. If you want something
partway between a plain command-line console and the resource-intensive environments of KDE or
GNOME, try the xfce window manager. It comes with many distributions and can be downloaded from, along with its documentation. With a much smaller footprint than KDE or GNOME,
it offers a surprisingly rich range of features.
Because KDE and GNOME were designed to be intuitive and borrowed many ideas from other popular
graphical environments, their basic use is intuitive for most computer users. In this chapter we'll
explore some of the neat things that they and their key applications offer, but which you might not have
found out through everyday experimentation.
3.2. The K Desktop Environment
KDE is an open source software project that aims at providing a consistent, user-friendly, contemporary
desktop for Unix, and hence, Linux systems. Since its inception in October 1996, it has made great
progress. This is partly due to the choice of a very high-quality GUI toolkit, Qt, as well as the
consequent choice of using C++ and its object-oriented features for the implementation.
KDE employs a component technology called KParts that makes it possible to embed one application
into another transparently, such that, for example, the web browser Konqueror can display PDF
documents in its own browser window by means of the PDF display program KPDF , without Konqueror
having to have a PDF display component of its own. The same goes for the KOffice suite (see, discussed in Chapter 8, where, for example, the word processor KWord can
embed tables from the spreadsheet application KSpread seamlessly.
KDE is in ever-continuing development, but every few months the KDE team puts out a so-called official
release that is considered very stable and suitable for end users. The KDE team makes these available
in source form, and most distributions provide easy-to-install binary packages within days of a source
release. If you don't mind fiddling around with KDE and can stand an occasional bug, you can also live
on the bleeding edge and download daily snapshots of KDE, but this is not for the fainthearted. At the
time of this writing, the current stable release was 3.4.2. To stay current with KDE development, visit, the official web site of the KDE project, often.
3.2.1. General Features
One of the goals of the KDE team is to make everything in KDE configurable by GUI dialogs. Underneath
the configuration system lies a set of text files in a fairly simple parameter=value format; you can edit
these if you prefer, but you never need to. Even the most experienced users usually admit that in order
to do simple things, such as change the background color of the desktop, it's faster to click a few
buttons than to read the manual page, find the syntax for specifying the background color, open the
configuration file, edit it, and restart the window manager.
Besides easy configuration, KDE sports a few other features that were previously unheard of on Linux.
For example, it integrates Internet access fully into the desktop. It comes with a file manager that
doubles as a web browser (or the other way around), and browsing files on some FTP sites is just the
same as browsing your local hard disk. You can drag and drop icons that represent Internet locations to
your desktop and thus easily find them again later. KDE integrates search engines and other Internet
resources into your desktop and even lets you define your own favorite search engines and Internet
links with ease. In addition, almost all KDE application are able to open and save files in remote
locations, not just via FTP or HTTP, but also to and from a digital camera, or using SSH encryption, or in
other ways.
Drag-and-drop, commonplace on Windows or the Macintosh, is also widely used in KDE. For example,
to open a file in the text editor, you just grab its icon in the file manager window and drop it onto the
editor window. This works no matter where the file is located; if it is on a remote server, KDE
automatically downloads the file for you before opening it in the text editor or whichever application you
choose to open it with. The same goes for multimedia files. Just by clicking an icon for an MP3 file on a
remote server, you can download it in the background and play it locally.
Although manual pages are designed well to give programmers instant access to terse information
about system libraries, they are not really very well suited for end-user documentation. KDE therefore
uses standard HTML files (which are generated from XML files in the background) and comes with a fast
help viewer, the KDE Help Center. The viewer also knows how to display manual page and Info files so
that you can access all the documentation on your system from one application. In addition, most KDE
applications support context-sensitive help.
For the past few releases, the X Window System has supported a feature called session management .
When you leave your X environment, log off, or reboot, an application that understands session
management will reappear at the same positions and in the same configuration. Unfortunately, this very
user-friendly feature was rarely supported by X applications. KDE uses it extensively. KDE provides a
session manager that handles session management, and all KDE applications are written to behave
properly with that feature. KDE will also support other modern X11 features such as anti-aliasing if your
X server supports them (most X servers do, by means of the so-called RENDER extension).
KDE contains a window manager, kwin, and an excellent one at that, but that is only one part of KDE.
Some of the others are the file manager, the web browser, the panel, a pager, the control center for
configuring your desktop, and many, many more. If you want to, you can even run KDE with another
window manager, but you might lose some of the integration features. Also, KDE comes with tons of
applications, from a full office productivity suite to PostScript and PDF viewers to multimedia software
to games.
You might be thinking, "Well, this all sounds very nice, but I have a couple of normal X applications that
I want to run." In this case, you will be delighted to hear that you can continue to do that. Yes, you can
run all X applications on a KDE desktop, and KDE even provides some means of integrating them as far
as possible into the overall desktop. For example, if you desire, KDE can try to reconfigure your other X
applications to use the same colors as the overall desktop so that you get a nice consistent
environment. Of course, non-KDE applications will not support some of KDE's advanced features such as
drag-and-drop or session management, but you can continue to use the programs you have grown
accustomed to until someone releases KDE applications that address the same needs (or perhaps KDE
versions of your favorite programs themselves).
3.2.2. Installing KDE
Most Linux distributions come with KDE nowadays, but if yours doesn't, or you want to use a newer
version of KDE, you can download it from the Internet. is your one-stop shop for
everything KDE related, including documentation, screenshots, and download locations. is the KDE project's FTP site, but it is often overloaded, so you might be better off
trying a mirror instead. gives you a list of mirrors.
KDE consists of a number of packages. These include the following:
aRts is short for "a real-time sequencer" and forms the base of most of the multimedia capabilities
of KDE.
The KDE libraries. They contain the basic application frame, a number of GUI widgets, the
configuration system, the HTML display system, and many other things. Without this package,
nothing in KDE will run.
In this package, you will find the basic KDE applications that make a desktop a KDE desktop,
including the file manager/web browser, the window manager, and the panel. You definitely need
this package if you want to use KDE.
A number of games, including card games, action games, and strategy games. Everybody will
probably want to install these, but only to get acquainted with the system, of course.
A number of graphics-related programs such as a dvi viewer, a PostScript viewer, and an icon
Some productivity tools, such as text editors, a calculator, printer managers, and so on.
As the name implies, this package contains multimedia programs, including a CD player, a MIDI
player, an MP3 player, andof all thingsa Karaoke player.
Here, you will find programs for use with the Internet, including a news reader, and some
network management tools. The KDE mail program is not contained in this package, but rather in
the package kdepim (see below).
This package contains some programs for the system administrator, including a user manager, a
run-level editor, and a backup program.
Considered by many the centerpiece of KDE these days, kdepim contains software for personal
information management, most notably the Kontact integration package that unites under a
common surface the time planner and task tracker KOrganizer, the KDE email package KMail, an
address book, PDA synchronization software, and many other useful tools.
As the name implies, this package contains a set of educational programs, ranging from
vocabulary trainers to programs teaching you the movements of the planets and stars.
This package contains tools that make it possible, or easier, for people with disabilities to use
computers, such as screen magnifiers. The goal of the KDE project is to fully comply with the
Americans with Disabilities Act.
This package contains graphics artwork for KDE, including different sets of icons, wallpapers, and
so forth.
There are a large number of packages starting with kde-i18n-. Each of these contains translations
for one particular language. (American) English is the default, even in the KDE world, so if that's
the language you want to use, you do not need any of the kde-i18n- packages. But if you are
British and frown at the spelling, there even is a UK English package.
This package contains a number of smaller programs that do not really have a very useful
purpose, but are often funny or interesting to use or to look at. Try, for example, AMOR, the
Amusing Misuse of Resources.
If you are developing web pages, you may want to install this package. It contains tools such as
the Quanta HTML editor.
KOffice is no less than a complete feature-rich office productivity suite. It may have a few rough
edges here and there, but many people use it already for their daily work.
The release cycle of KOffice is today decoupled from KDE's release cycle. At the time of this
writing, the current version was 1.3.5. You can read all about KOffice at
Developer tools
There are a number of packages for developers of KDE applications. kdesdk contains tools,
scripts, and information for developers of KDE programs (if you plan to develop your own KDE
programs, you may also want to see, kdebindings contains bindings for
developing KDE programs in programming languages other than the default C++, and finally,
KDevelop is a complete integrated development environment, not only for developing KDE
applications, but for developing all kinds of applications.
In addition to the packages mentioned here, which are officially provided by the KDE team, literally
hundreds of other KDE programs have been developed. See for a
list of applications that are currently available.
Once you have selected which packages to install, your procedure for the actual installation depends on
which Linux distribution you use and whether you install a binary package or compile KDE yourself from
the source code. If your distribution contains KDE, you will also be able to install KDE during your
system installation.
Once the software is loaded onto your hard disk, there are only a few steps left to take. First, you have
to make sure that the directory containing the KDE applications is in your PATH environment variable.
The default location of the executable KDE programs is /opt/kde3/bin, but if you have chosen to install
KDE to another location, you will have to insert your path here.[*] You can add this directory to your
PATH variable by issuing:
[*] Some distributions might put the KDE programs elsewhere, such as in
export PATH=/opt/kde3/bin:$PATH
To make this permanent, add this line to either the .bashrc configuration file in your home directory, or
the system-wide configuration file, /etc/profile.
Next, do the same with the directory containing the KDE libraries (by default /opt/kde3/lib) and the
environment variable LD_LIBRARY_PATH:
export LD_LIBRARY_PATH=/opt/kde3/lib:$LD_LIBRARY_PATH
Now you are almost done, but you still need to tell X that you want to run the KDE desktop when X
starts. This is done in the file .xinitrc in your home directory. Make a backup copy first. Then remove
everything in this file and insert the following single line:
exec startkde
startkde is a shell script provided with KDE that simply starts up the KDE window manager kwin and a
number of system services. Distributions will usually install a somewhat more complex .xinitrc file that
may even start non-KDE applications and services.
If, for some reason, you plan to install KDE packages in more than one directory tree, you will also need
to set the environment variable KDEDIRS to contain the path to all the trees. Normally, this is not
3.2.3. Using KDE
Using KDE is quite easy. Most things are very intuitive, so you can often simply guess what to do. We
will, however, give you some hints for what you can do with KDE here, to encourage you to explore
your KDE desktop further. The KDE panel and the K menu
When you start KDE for the first time, it looks like Figure 3-1. Along the lower border of the screen, you
see the so-called panel. The panel serves several purposes, including fast access to installed
applications and the currently opened windows. KDE also opens a configuration program that lets you
configure the initial settings when started for the first time.
KDE provides a number of workspaces that are accessible via the buttons in the middle of the panel,
labeled One to Eight by default. Try clicking those buttons. You can see that windows that you have
opened are visible only while you are in workspace One, whereas the panel and the taskbar are always
visible. Now go to workspace Two and start a terminal window by clicking the terminal icon on the
panel. When the panel appears, change workspaces again. You will see that the terminal window is
visible only while you are in workspace Two, but its label is visible on the taskbar that appears in all
workspaces. When you are in any other workspace, click the terminal label in the taskbar. This will
immediately bring you back to the workspace where your terminal is shown.
Figure 3-1. The KDE desktop at startup
To try another nifty feature, push the small button that looks like a pushpin in the titlebar of the
terminal window. Now change workspaces again. You will see that the terminal window is now visible
on every workspaceit has been "pinned down" to the background of the desktop, so to speak.
If you grow tired of seeing the terminal window in every workspace, simply click the pin again. If you
want to get rid of the window as a whole, click the button with the little x on it in the upper-right
KDE can be configured in many different ways, and the window decorations are just one thing. It might
therefore be that you do not have the little pushpin button, because your configuration does not include
it. In that case, you can left-click on the application in the left corner of the title frame and select To
All Desktops instead.
There are lots of things that you can do with windows in KDE, but we'll switch now to a short
exploration of the so-called K menu . You open the K menu by clicking the icon with the gear-and-K
symbol to the far left of the panel. Besides some options for configuring the K menu and the panel itself,
you will find all installed KDE applications here, grouped into submenus. To start one of those
applications, select the menu entry.
We have promised that you can run old X applications on your KDE desktop. You can do that either by
opening a terminal window and typing the application name on the command line or by pressing Alt-F2
and entering the application name in the small command line that appears in the middle of the screen.
But, with a little more work, you can also integrate non-KDE applications into the K menu and the
panel, which then displays icons that you can click to run the associated programs.
Depending on how you have installed KDE, it may well be that there is already a submenu of non-KDE
programs in your K menu that contains a number of non-KDE applications. If you don't have this, run
the application KAppfinder, which you can either find in the System submenu or start from the
command line with kappfinder. This searches your system for a number of applications that it has in its
database and integrates each one into the KDE desktop by generating a so-called .desktop file for it. If
the program that you want to integrate into KDE is not included in the Appfinder's database, you will
have to write such a .desktop file yourself. But as always in KDE, there are dialogs for doing this where
you just have to fill in the required information. See the KDE documentation at
By default, the panel already contains a number of icons to start the most often used programs, but you
can easily add your own. To do this, right-click somewhere on the panel where it does not contain any
items and select Add to Panel
Application from the menu that pops up. A copy of the whole K menu
pops up. Find the application whose icon you want to add to the panel and select it, just as if you
wanted to start it. KDE will then add the icon for this application to the panel. You can even add
submenus to the panel by selecting the first menu entry (Add This Menu) in a submenu in the Add
Button tree. The icon will then have a small black arrow in it, which indicates that clicking the icon
opens a menu instead of starting an application.
There are other things besides application starter buttons that you can add to the panel as well: for
example, panel applets, small programs that are designed to run inside the panel and cannot run as
standalones. Just explore the Add to Panel submenus, and you will find many interesting things.
There is only limited space on the panel, so you might need to remove some icons of programs that you
do not often use. Just click with the right mouse button on the icon and select the Remove menu item
(they will be called different things depending on what you are trying to remove). This does not remove
the program, just its icon. In general, you can get at a lot of functionality in KDE by clicking the right
mouse button! The KDE Control Center
Next, we will show you how to configure your KDE desktop to your tastes. As promised, we will not edit
any configuration files to do this.
Configuration is done in the KDE Control Center, which you can start from the K menu. (On some
distributions, the Control Center is at the top level of the K menu; in others, such as Debian, it is in a
submenu such as Settings.) Configuration options are grouped into different types of operations. When
you start up the Control Center, you will see the top-level groups. By clicking the plus signs, you can
open a group to see the entries in this group.
Configuring the background. As an example, we will now change the background color to something
else. To do this, open the Appearance & Themes group and choose Background. The configuration
window for configuring the background will appear (see Figure 3-2).
Figure 3-2. Configuring the background of the KDE desktop
You can select a single-colored background, a two-colored background with a number of gradients
where one color is slowly morphed into another, a wallpaper (predefined or an image of your own
choice), or a blending effect that combines various choices. To select colors, click on either of the two
color buttons; a color selection dialog pops up where you can select a color to your taste. When you
close the color selection dialog, the new color is displayed in the monitor in the upper-right corner of
the configuration window. When you configure KDE, you often see such monitors that allow you to
preview your choice. However, you also have the option to see what your choice looks like when in full
use. Simply click the Apply button at the lower border of the configuration window, and your change is
automatically applied. There is no need to restart the desktop. If you do not see any changes in the
monitor, check whether the Picture option is checked. If that is the case, the selected picture will
overlay your background color selection in some modes (such as Scaled, which resizes the selected
picture to fill the whole background). But try selecting a picture and then experiment with the blending
effects to get a combination of background colors (possibly with gradients) and your picture.
If all you want is a monocolored background, select "No picture" in the Background group, and Colors:
Single Color in the Options group. You will see that the second color button is grayed out then. Select
the color you want with the first color button.
If you want a background picture, but cannot find a suitable one among either your own or the ones
provided with your distribution, click the Get New Wallpapers button and you will get a huge list of
wallpapers that have been contributed by KDE users; there surely is something for every taste!
You can do more things with the background, but we'll leave it at that for now and look at something
else: configuring the styles and colors of the windows .
Configuring window styles and colors. With normal window managers, you can configure the color
of the window decorations, but not the window contents. KDE is different. Because KDE is an integrated
desktop, color and other settings apply to both the window decorations painted by the window manager
and the window contents painted by the applications. We'll now set off to configure a little bit of the
In the Control Center, open the Appearance & Themes group, and choose Colors. You'll see a preview
window and a selection list where you can pick a color scheme. KDE works not by configuring individual
colors but by defining so-called color schemes. This is because it does not make sense to change only
one color; all colors must fit together to achieve a pleasing and eye-friendly look.
Although KDE lets you create your own color schemes, doing so is a task that requires some knowledge
about color psychology and human vision. We therefore suggest that you pick one of the predefined
color schemes. Check in the preview monitor whether you like what you see. Now comes the fun part:
click the Apply button and watch how all running applications flicker a bit and suddenly change colors
without you having to restart them. Although Windows users tend to take this for granted, it was never
seen on Unix before KDE.
The same feature applies to other settings. For example, open the Appearance & Themes group and
choose Style. Here, you can select among a large number of so-called styles. The styles determine how
the user interface elements are drawnfor example, as in Windows (style MS Windows 9x), as in Motif
(style Motif), as on an SGI workstation (style SGI), or even something original such as the "Light" styles
or the all-time KDE favorites "Plastik" and "Keramik."[*] You can change this setting by clicking Apply
and watch your running applications change their style. The same goes, by the way, for the fonts that
you can select on the Font page.
If by now you are wondering about the strange spelling of many terms in KDE, think about the first letter of the desktop's name.
Internationalization. There are many more things to configure in KDE, but we cannot go through all
the options here. Otherwise there would not be much space left for other topics in this book. But there's
one more thing that we'd like to show you. You will especially like this if English is not your native
language or if you frequently converse in another language.
Go to the Country
Region & Language page in the Regional & Accessibility group (see Figure 3-3).
Here, you can select the country settings and the language in which your KDE desktop and the KDE
applications should be running. Currently, KDE lets you choose from more than 80 country settings and
languages. Note that you need to have a language module installed in order to be able to select a
particular language. You can either download those from the KDE FTP server (as explained earlier) or
install them from your distribution medium.
You might be wondering why you can select more than one language. The reason is that the KDE
programs are translated by volunteers, and not all the applications are translated at the same time.
Thus, a particular application might not be available in the language that you have chosen as your first
language (the topmost one in the Language list). In this case, the next language is chosen
automatically for that application, and if no translation is available for this application in that language
either, the next language is chosen, and so on. If all else fails, KDE uses U.S. English, which always is
While speaking about different languages, it might also be worthwhile to briefly go into keyboard
layouts. Most European languages, even those based on the Latin alphabet, have special characters that
are either not available on other keyboards or are just awkward to type. KDE comes with a nifty little
program that lets you quickly change keyboard layouts. Of course, it cannot change the labeling on your
keys, but quickly changing layouts may already be helpful if you are regularly moving in different
worlds such as some of the authors of this book do. To turn on this feature, go to the Keyboard Layout
page in the Regional & Accessibility group and check the Enable keyboard layouts box. Then select the
Active layouts that you plan to use among the Available layouts. Once you click on Apply, a little flag
button will appear on the right-hand side of the panel (in the so-called system tray); clicking on this
flag lets you change keyboard layouts on the fly.
There is much more to say about using the KDE desktop, but we'll let you explore it yourself. Besides
the obvious and intuitive features, there are also some that are not so obvious but are very useful
nevertheless, so be sure to check the documentation at
Figure 3-3. Configuring the language of the KDE desktop
3.3. KDE Applications
Thousands of programs are available for KDE. They range from basic utilities (such as konsole, the
terminal emulator, and OClock, a rudimentary clock) to editors, programming aids, games, and
multimedia applications . The most we can provide here is a tiny slice of the software available for KDE.
In this section, we'll present those applications that all KDE users should know how to use. These aren't
necessarily the most exciting programs out there, but they should certainly be part of your toolbox.
There are many, many more KDE applications than the few we can list here. You will make the
acquaintance of some of them, such as KWord, the word processor, and Kontact, the personal
information manager and mail user agent (and much else), elsewhere in this book. But others haven't
found space in this book, so you should search through your favorite Linux archive for more exciting
KDE programs; there are thousands of them to discover.
Also remember that if there really is no KDE program for a task you have to solve, you can always
resort to one of the classic X applications, if available. These do not look as nice and integrate as well,
but they still work on a KDE desktop.
3.3.1. konsole: Your Home Base
Let's start our exploration of X applications with the workhorse that you might be spending a lot of your
time with in the terminal. This is simply a window that contains a Unix shell. It displays a prompt,
accepts commands, and scrolls like a terminal.
Traditionally, xterm was the classic Unix terminal emulator. It has been
superseded by konsole in the KDE desktop environment.
Perhaps you are struck by the irony of buying a high-resolution color monitor, installing many
megabytes of graphics software, and then being confronted by an emulation of an old VT100 terminal.
But Linux is much more than a point-and-click operating system. There are plenty of nice graphical
applications, but a lot of the time you'll want to do administrative tasks, and a command-line interface
still offers the most powerful tool for doing that. You'll get a glimpse of these tasks in Chapter 4.
So let's take look at a konsole window. Figure 3-4 shows one containing a few commands.
Figure 3-4. konsole window Starting up konsole
You can start konsole in one of several ways, as with all KDE programs:
Start it from the panel, if you have a konsole icon there. This will be the default setup with most
Select it from the K menu, where konsole can be found in Utilities
Type Alt-F2, and then type konsole in the small command window that opens.
If you already have a konsole open, type konsole there and press Enter in order to get a whole
new window running the program, or pull down the Session
New Shell screen.
When you open a konsole window, a "Tip of the Day" window will open that gives you useful hints about
using konsole. You can turn this off, but we suggest keeping it on for a while, as you will learn many
useful things this way. You can also read through all the tips by clicking the Next button in that window
repeatedly. Many KDE applications have such a Tip of the Day.
konsole allows you to run several sessions in one konsole window. You can simply open a new session
by selecting a session type from the Session menu or by clicking the New tab button. The tab bar or the
View menu lets you then switch between sessions. If you don't see any tab bar, select Settings
Bar (and then either Top or Bottom) from the menu to make it visible. Cutting and pasting selections
Actually, konsole offers a good deal more than a VT100 terminal. One of its features is a powerful cutand-paste capability.
Take another look at Figure 3-4. Let's say we didn't really want the notes directory; we wanted to look
at ~/perl_example/for_web_site instead.
First, we'll choose the part of the cd command that interests us. Put the mouse just to the left of the c in
cd. Press the left mouse button, and drag the mouse until it highlights the slash following example. The
result is shown in Figure 3-5.
When the highlighted area covers just the right number of characters, click the middle button.[*]
konsole pastes in what you've selected on the next command line. See the result in Figure 3-6. Now you
can type in the remainder of the directory name for_website and press the Enter key to execute the
If the middle mouse button does not work for you, or you have a two-button mouse, please see "Configuring" in Chapter 16 for how
to set up your mouse.
You can select anything you want in the windowoutput as well as input. To select whole words instead
of characters, double-click the left mouse button. To select whole lines, triple-click it. You can select
multiple lines too. Selecting multiple lines is not useful when you're entering commands but is
convenient if you're using the vi editor and want to cut and paste a lot of text between windows.
Figure 3-5. Selected text in konsole
Figure 3-6. konsole window after text is pasted
Note that if you are more used to the drag-and-drop style of copying text, konsole supports that as
Copying and pasting of text is even integrated between konsole and the graphical KDE applications. For
example, if you are viewing a directory with the Konqueror file manager/web browser, you can just
drag those icons to a konsole window. konsole will either offer to paste the filenames as they are or
prepend them with a cd, cp, mv, or ln command. More konsole tricks
There are lots of things you can configure in konsole. You can select fonts, color schemes, whether the
scrollbar should be shown to the left, to the right, or not at all, and so on. The most often used settings
are available in the Settings menu, and if you can't find what you are looking for, go to Settings
Configure Konsole. There you can select the line spacing, whether the cursor should blink, and so on.
A particularly useful feature in konsole is the ability to watch for output or silence in one of the sessions.
What is this feature good for? Imagine that you are working on a large program that takes a long time
to compile. Nonprogrammers can imagine that you download a large file in a terminal window with
wget or that you are computing a complex POVRAY image. While the compilation is running, you want
to do something else (why do you have a multitasking operating system, after all?) and start composing
an email message to a friend in your KDE mail client. Normally, you would have to check the console
window every so often to see whether compilation is finished and then continue to work on your
program. With the watcher, you can get a visual or audible notification when compilation completes. In
order to set this up, simply switch to the session you want to watch and select View
Monitor for
Silence. You will get a notification as soon as your compiler doesn't output any more messages for a
while and can divert your attention from your mail client back to your konsole window. Of course, you
can also watch for output instead of silence, which might be useful in long-running network operations
that don't show any progress indicators.
3.3.2. Clocks
How can your screen be complete if it is unadorned by a little clock that tells you how much time you
are wasting on customizing the screen's appearance? You can have a clock just the way you want it,
square or round, analog or digital, big or small. You can even make it chime.
KDE contains a number of clocks , but usually you will want to run the small panel applet, as screen real
estate is always at a premium, regardless of your screen resolution. The clock should appear by default
at the bottom-right corner of your screen, in the confines of the panel (this is called a panel applet, or a
small application that runs within the panel). If your distribution hasn't set up things this way, you can
also right-click anywhere on the panel background and select Add to Panel
Clock from
the menu, which will make the clock appear on the panel. If you'd rather have it somewhere else on the
panel, you can right-click the small striped handle to the left of the clock, select Move from the context
menu that appears, and move the clock with the mouse to the desired position. Other panel objects will
automatically make room for the clock.
The panel clock applet has a number of different modes that you can select by right-clicking the clock
itself and selecting Type as well as the desired mode from the context menu. There is a plain, a digital,
an analog, and, most noteworthy, a fuzzy clock. The fuzzy clock is for everybody who doesn't like being
pushed around by his clock. For example, if you run the fuzzy clock, it will show Middle of the week. If
that is a bit too fuzzy for you, you can select Configure Clock
Appearance from the clock's context
menu and select the degree of fuzziness here. For example, I am typing this at 9:53 A.M. on a
Thursday, and the four degrees of fuzziness are Five to ten, Ten o' clock, Almost noon, and the
aforementioned Middle of the week.
The clock applet also lets you configure the date and time format and the time zone to be used, as well
as set the system clock (you need root permissions to do that; if you are logged in as a normal user, a
dialog will pop up and ask you for the root password). You can even copy the current date and time in a
number of formats into the system clipboard.
3.3.3. KGhostview: Displaying PostScript and PDF
Adobe PostScript, as a standard in its own right, has become one of the most popular formats for
exchanging documents in the computer world. Many academics distribute papers in PostScript format.
The Linux Documentation Project offers its manuals in PostScript form, among others. This format is
useful for people who lack the time to format input, or who have sufficient network bandwidth for
transferring the enormous files. When you create documents of your own using groff or TEX you'll want
to view them on a screen before you use up precious paper resources by printing them.
KGhostview, a KDE application, offers a pleasant environment for viewing PostScript on the X Window
System that, besides PostScript files, can also view files in Adobe's Portable Document Format (PDF).
However, there is another application that is specific for viewing PDF files in KDE as well, kpdf.
KGhostview is really mostly a more convenient frontend to an older application, Ghostview, so you can
also get the functionality described here with Ghostview. The user experience is much better with
KGhostview, however, so that's what we describe here.
Using KGhostview is very simple: invoke it with the name of the file to be displayed for instance:
eggplant$ kghostview
or simply click the icon of any PostScript or PDF file anywhere in KDE.
Since we are interested only with viewing existing files here, we do not need to concern ourselves much
with the benefits of PostScript and PDF. Both can be considered standards to the extent that many
programs write them (and a few can read them), but both have been defined by one company, Adobe
Systems. PDF is a bit more portable and self-contained, as it can even contain the fonts necessary to
display the document. Also, PDF is better known on Microsoft Windows and the Macintosh, so you are
more likely to come across PDF files than PostScript files on the Internet. And finally, whereas
PostScript is really meant for printing, PDF has some features for interactive viewing, such as page
icons, hyperlinks, and the like.
KGhostview is not a perfect PDF viewer, even though it is sufficient for most documents. If you have
problems with a particular document, you may want to try either Adobe's own Acrobat Reader (which is
not free software, but can be downloaded at no cost from, or the KDE program
kpdf, which comes in the same package as KGhostview.
The Ghostview window is huge; it can easily take up most of your screen. The first page of the
document is displayed with scrollbars, if necessary. There is a menu bar and a toolbar, as in most KDE
programs, as well as a page scroller and a page list on the left side of the window.
Like most X applications, KGhostview offers both menu options and keys (accelerators) for common
functions. Thus, to view the next page, you can pull down the View menu and choose the Next Page
option. Or you can just press the PgDn key (or the Space key, if you don't have a PgDn key, such as on
a laptop). [*]
There is a subtle difference between the Space key and the PgDn key: the PgDn key will always take you to the next page, while the
Space key will first take you to the bottom of the current page if the window is too small to display the whole page on the screen at once. A
second press of the Space key will then take you to the next page.
To go back to the previous page, choose Previous Page from the View menu. To go to any page you
want, press the left mouse button on its number in the Page Number column. To exit, choose Quit from
the File menu, or just press Ctrl-Q.
Documents from different countries often use different page sizes. The Ghostview default is the standard
U.S. letter size (but it can be overridden by comments in the PostScript file, and this is often done by
PostScript tools set up on Linux distributions that are configured for European customs). You can select
a different size from the Paper Size submenu in the View menu.
Ghostview lets you enlarge or reduce the size of the page, a useful feature for checking the details of
your formatting work. (But be warned that fonts on the screen are different from the fonts on a printer,
and therefore the exact layout of characters in Ghostview will not be the same as that in the hard copy.)
To zoom in on a small part of the page, press Ctrl-+; to zoom out, use Ctrl- -. You can also use the
toolbar buttons or the Zoom In
Zoom Out menu entries in the View menu.
You can also adjust the window size to exactly fit the document's page width by selecting Fit To Page
Width from the View menu.
To print a page, choose Print from the File menu or press Ctrl-P anywhere in the window. The standard
KDE printer dialog will appear that lets youamong other thingschoose the printer to use.
You can also print only the current page or a range of pages; just specify your selection in the printer
dialog. This can also be combined with the PageMarks feature. The PageMarks menu lets you mark and
unmark individual or groups of pages. Marked pages are displayed with a little red flag in the page list.
If you mark some pages and select the printing functionality, the dialog will pop up with the marked
pages already filled in as the selection of pages to print. Of course, you can override this setting before
finally sending the document to the printer.
3.3.4. Reading Documentation with Konqueror
Konqueror is not only a high-class web browser and file manager but also serves as a documentation
reader, besides the Help Center built into KDE and described previously. KDE's documentation is
displayed using HTML format, but Konqueror is capable of displaying other documentation formats, such
as Info and manpages, that you will learn about later in this book. For example, in order to show the
manpage for the ls command, just open a mini command-line window by pressing Alt-F2 and typing
the following in that window:
KDE will recognize that you want to read the manpage of the ls command, open a Konqueror window,
and display the manpage. The result is also much more nicely formatted than how the original man
command (or its X11 replacement, xman) would do it.
This works similarly for Info pages. For example, the documentation of the GNU C compiler, gcc, comes
in info format. Just type:
either in a mini command line or in the Konqueror URL entry line, and the requested Info page will pop
up (assuming it is installed, of course). If you have cursed at the really user-unfriendly command-line
info program and weren't too happy with programs such as xinfo either, this feature may be a boon for
But Konqueror doesn't stop here when it comes to getting information. Want to use a search engine on
the Internet? To find pages about Tux (the Linux mascot) on, let's say, the AltaVista search engine,
simply type the following in a mini command line or the Konqueror URL entry line:
and a Konqueror window with (at the time of this writing) 3,360,000 search results pops up. This works
with many other search engines as well. See Table 3-1 for some of the most popular search engines
together with their prefixes.
Table 3-1. Popular search engines and their prefixes
Search Engine
Merriam-Webster Dictionary
If your favorite search engine is not configured (which is quite unlikely, actually), you can configure it
yourself by opening a Konqueror window and selecting Settings, Configure Konqueror, and then Web
Shortcuts. The list contains all the preconfigured search engines and even lets you add your own.
3.3.5. Burning CDs with K3b
KDE comes with a very user-friendly and popular application for burning CDs and DVDs, K3b. If you
insert an empty CD-R or DVD-R, KDE will offer to start K3b automatically; otherwise, you can start it
from the command line with k3b; your distribution may even have it preconfigured in the K menu.
K3b usually detects your CD and DVD drives automatically, but if it should not do so in your case, select
Configure K3b
Devices. Here you can see a list of recognized CD and DVD drives,
sorted into readers and writers. If you are missing devices here, try clicking the Refresh button first; if
that does not work, click on Add Device and enter your device manually. K3b expects the device file
here; many distributions use symbolic links with telling names such as /dev/cdrom or /dev/cdrecorder.
If you have specified the correct device file, K3b is usually able to detect all parameters, such as read
and write speeds, automatically.
The K3b screen is separated into two halves. In the upper half, you see a view of your filesystem; in the
lower half, you see project icons for common tasks such as creating a new data DVD or copying a CD.
Other, less common, tasks such as burning a previously created ISO image on CD can be found in the
Tools and File
New Project menu.
As an example, let's look into how you create a data CD with a backup of your digital pictures from your
last holiday. Click on the New Data CD Project icon. You get an empty list of files and can now drag files
from the filesystem view above (or from any Konqueror window) into this list. Just grab the directory
that contains your holiday pictures and drag it into the list that's all you need to do. You will see a green
bar at the bottom of the K3b window that tells you how much space the currently selected files will
occupy on the CD so that you know whether you can add another batch.
Once you are done selecting the files, click on the Burn button that is a bit hidden in the lower-right
corner. A dialog with a lot of settings pops up; you should quickly check these settings, but you can
leave most of them as they are. We usually suggest to select the "Verify written data" box on the
Writing page so that you can be sure that the CD was written correctly (this will double the time for
creating the CD, though). You may also want to change the Volume name (the name of the CD) and
add yourself as the Publisher on the Volume Desc page. If you plan to read the CD on both Windows
and Linux, it is a good idea to check that both the "Generate Rock Ridge extensions" and "Generate
Joliet extensions" are selected on the Filesystem page. Once you are satisfied with all your settings, hit
the Burn button in the upper right, lean back, and watch the progress bar move on until your CD is
3.4. The GNOME Desktop Environment
The GNOME desktop environment, like KDE, is a complete desktop suite, from the desktop background
up to a set of applications. As with KDE, GNOME can run any X application, and both KDE and GNOME
rely on standards set by the group. In fact, the distinction between the two desktops
is, in many ways, of interest more to developers choosing toolkits than to users, who in most cases mix
and match applications without having to worry about the underpinnings.
The primary goals of the GNOME project are simplicity and ease of use. Applications must comply with
extensive human interface guidelines to become part of the official GNOME desktop. Because GNOME
makes an excellent platform for development in C, C++, Python, Java, and C#, unofficial and thirdparty applications are numerous. In some cases (notably the XML system), GNOME libraries appear in
command-line and server-based applications.
Of course, for our purposes, the interesting parts are the core desktop and its associated applications.
In the following sections, we go over the GNOME look and feel, talk a little bit about the customization
options it offers to you, and then give a quick tour of major applications, such as Evolution and
Most Linux distributions include GNOME, but if you haven't installed it yourself, or if you want a newer
version, you can visit or your distribution's web page for downloads.
3.4.1. Core Desktop Interface
The GNOME desktop is designed to be familiar to anyone who has used a computer before. Although
you can change the settings in almost any way, a typical installation will have a desktop with icons on it
and a panel along the top and bottom. The panels are among the most important GNOME tools because
they are so versatile and they allow a wide range of interactions with your system. Panels can exist
along one edge of your screen, like the Windows control panel; along a portion of it, like the Macintosh
Dock, and more. They can contain buttons to launch applications and small applications called applets
such as clocks, system monitors, and even tiny games. Basic GNOME tasks
Here is a quick explanation of how to perform the most common tasks . Once you get the hang of these,
you can probably guess how to do anything else.
Open or activate an item in the panel
Click once with the left button.
Start a program
Buttons known as launchers cause a program to open when left-clicked; GNOME desktops
typically have such buttons both in panels and on the desktop. Furthermore, when you click on a
file, an appropriate program opens that file, as described shortly.
Move items around on the desktop
Click and drag with the left mouse button.
Move items in the panel
Clicking and dragging with the left mouse button works for launchers, but for some applets, the
left mouse button is used to control the applet. In that case, middle-click and drag. This is also
the case for moving windows by their bordersleft-click will expand the window, but middle-click
lets you move it.
Organize items on the desktop
Right-click the desktop background and select Clean Up by Name. Items will be arranged in
alphabetical order, with two exceptions: the first item, in the upper left, is always your home
directory, and the last item in the list is always the Trash folder.
Open or activate an item on the desktop
Double-click it. If you double-click a folder icon, it opens the folder in the Nautilus file
management tool. If you double-click a spreadsheet document, the Gnumeric spreadsheet starts
up and opens the document. If you have a window open and Shift-click or middle-click a folder in
it, the current folder will close as a new one opens in its place.
Get a list of options or set preferences for any object
Click with the right mouse button to get a menu of available options for any object. For example,
you can change the desktop background by right-clicking the background and choosing Change
Desktop Background. More general preferences are available in the GNOME Control Center, which
you can access by choosing System
Personal Settings or Applications
Preferences, or by typing gnome-control-center at the command line. The exact menu
arrangements may vary slightly depending on your distribution and version.
Paste text into any text area
As with other operating systems, Ctrl-C copies, Ctrl-X cuts, and Ctrl-V pastes in every application
except Emacs and XChat. You can also use the more traditional Unix mode pasting by selecting
any text and then middle-clicking. The panel
The preset configuration for many systems has a thin panel along the top and bottom of the screen. The
top panel has a set of menus along the upper left, and a few buttons and a clock at the right. The
bottom panel contains the window list applet, which should feel familiar to Microsoft Windows users; it
displays a list of all open windows so you can switch applications easily.
To create a new panel, click any blank space in an existing panel, and choose Panel
Create New
Panel, then select the type of panel you would like. To change a panel's properties, such as its size and
color, right-click it and choose Properties (the menu panel at the top of the screen has no available
properties; it is preconfigured for one position and size). Experiment with different kinds of panels and
with different sizes to see which ones you like best. If you use a smaller screen, such as a laptop screen,
you will want to choose a smaller panel size than if you have plenty of screen real estate to use.
To add application launcher buttons to your panels, you can drag them from menus, or right-click the
panel and choose Panel
Add to Panel Launcher. Then, enter the name of the application you want to
run, and choose an icon. You may also choose a description of the launcher that will display as a tool tip
when you hover the mouse over the icon in your panel. If you want to launch the application from a
terminal, check the "Run in Terminal" box.
For more information on the panel, right-click any empty spot in the panel and select Panel
Panel applets are small applications that run inside the panel. You can add them to the panel from the
Add to Panel menu or just run them by clicking Applications
Applets. Panel applets come in a
bewildering variety of flavors, from games to utilities. Some of the most common are the following:
Notification Area
The notification area is similar to the Windows system tray and holds a variety of system status
displays. Applications such as the Gaim instant messenger tool (described in "Instant Messaging"
in Chapter 5) and the Rhythmbox music player use it as a control area that allows users to access
them without keeping any windows open. System alerts and print queues will also display in this
area. Both KDE and GNOME make use of the same notification area system, so applets that use
the notification area will work in both desktops.
Netapplet runs in the notification area and allows you to browse and choose available wired and
wireless network connections. This is particularly useful for laptop users who need to use Wi-Fi
(802.11x) connections. To run Netapplet, you must also be running netdaemon.
System Monitor
A graph that displays the load on your system resources for the past few seconds. To get a more
detailed system report, including a list of all running processes and applications, right-click on the
applet and select Open System Monitor.
Workspace Switcher
In most installations, this applet will already be running when you log in, and is typically set to
four workspaces. Each workspace is the equivalent of a new screenful of desktop space, and you
can have as many as you like. The workspace switcher displays all the virtual workspaces you
have created, and displays each window on the desktop as a tiny box. You can use the left mouse
button to drag a window from one workspace to another. Right-click and select the Properties
menu item to change the number or arrangement of workspaces.
Window List
Like the workspace applet, the Window List is included in most default configurations. It displays
the windows that you have open so that you can switch easily among them, even when they are
minimized. If you have multiple windows for a single application, they will be grouped under a
single entry. To turn this feature off, or to set other options for the applet, right-click the Window
List and select Properties.
Battery Charge Monitor
The Battery Charge Monitor displays the remaining battery life for laptop systems. You can also
use the Battery Charge Monitor to put your system into "sleep" or "suspend" mode by rightclicking on the applet and selecting Suspend Computer. Resuming operation from suspend mode
is faster than rebooting, but the mechanism for operation will vary depending on your hardware
and distribution. Older systems with the Advanced Power Management system use the command
apm -s. Newer systems with ACPI support need to be sure that they have ACPI events configured
properly in /etc/acpi/events/default, although your distribution will probably have a convenient
GUI for this task. For both ACPI and APM, SUSE Linux uses powersaved, and the sleep command
is powersave --suspend. Nautilus: your desktop and file manager
Nautilus is the name of the GNOME desktop and file manager. It controls the display of your background
image and the files on your desktop, allows you to interact with files without using a terminal, and
keeps track of your trash for you. In other words, it's the GNOME equivalent of Windows Explorer, the
Macintosh Finder, and KDE's Konqueror. Like those other applications, Nautilus lets you drag items from
one place to another. You can also copy files using Ctrl-C, cut with Ctrl-X, and paste with Ctrl-V.
In most cases, Nautilus will be running when you log in. If you don't want to run
Nautilus at all, you can remove it from your session with the Session Properties
tool in the Control Center. If you change your mind and want to start it, the
command is nautilus.
The quickest way to get started with Nautilus is to double-click the home icon in the upper-left corner of
your desktop, labeled as your home. This will open your home directory. Nautilus varies from other file
management systems in that a window not only displays a folder, but is the folder: if you open a folder,
then double-click it to open it again, it will merely raise the first window. For that reason, the location
bar you may expect at the top of a window is not present. Instead, press Ctrl-L to enter a file location.
Experts and those familiar with other file management systems will appreciate
that Nautilus, although simple at first look, has a variety of conveniences and
shortcuts that make advanced use much quicker. The first is Ctrl-L, which works
not only in Nautilus but in all GNOME-related file selection dialogs to allow you to
type a filename instead of clicking to choose a file. In web browsers, you can also
use Ctrl-L to enter a web page instead of selecting the location bar with the
Opening windows: To avoid opening several windows at once, Shift-click or
middle-click to close the current window when opening a new one.
Shortcuts for places: The combination Alt-Up opens the parent of the current
folder, and Alt-Home opens your home directory.
If you prefer a more complex file display, right-click on any directory and choose Browse Folder .
Browse mode includes the location bar absent from the normal Nautilus display mode, and also includes
the left-side pane. At the top of the left pane is a selector for different information displays:
Displays basic information about the current folder.
Displays a list of available emblems, small badges you can add to any file's icon. Drag them from
the side pane onto any file to mark it. For example, if you have several similar images in a folder,
you might want to drag the "Cool" or "Favorite" emblem to remind you which one you like best.
You can also set emblems by selecting Edit
Background and Emblems.
Shows a list of previous locations you have displayed in Nautilus. Double-click any folder to return
to it.
Allows a note to be kept on a particular folder. Each folder has a different page of notes.
Perhaps the most useful of the side-pane tools, this allows you to navigate a complex folder
hierarchy with convenient spin-down triangles. Each folder in the tree is displayed with a triangle
next to it; click the folder to open it, or click the triangle to display any subfolders without actually
visiting the folder itself.
Some neat Nautilus features include the following:
Instead of a generic image icon for graphics files, Nautilus uses scaled-down thumbnails of the
image itself. This makes it easy to organize directories full of images, such as those pulled from a
digital camera.
If you hover your mouse over a music file, the file will begin to play.
For text files, the plain document icon is decorated by the actual text contents of the file. That
way, you can remember how the file starts without having to open it, even if you didn't give it the
most descriptive name.
You can stretch icons by right-clicking them and choosing Stretch Icon. If you stretch a text icon
enough, you can see the entire contents of the file, and use it as a desktop notepad.
Select Edit
Backgrounds and Emblems to choose different emblems to decorate icons. You can
also drag colors and patterns from this area to set your desktop and panel background. To set an
image as the desktop background, right-click on the desktop and choose Change Desktop
All in all, Nautilus is a versatile tool that you can learn to use just by poking around a little. For
additional help, just choose Help and then Nautilus User Manual from any Nautilus window.
3.4.2. Expert Settings: GConf
GConf is a centralized, XML-based configuration system for desktop applications. It allows applications
to share keyboard shortcuts, themes, and other preferences, and uses a daemon to notify applications
when preferences change, so you don't have to restart the application to see a change take effect.
GConf can also be used to lock down a desktop system with a finer degree of granularity than
traditional Unix file locking. An administrator might wish to lock GConf settings to permit some, but not
all, behavior for a given application, and allow some, but not all, changes in preferences. Administrators
of kiosks, public computer labs, and other security- and support-conscious deployments find system
lockdown to be indispensable. Therefore, most applications provide a lockdown section in their GConf
files. If you have users you want to keep out of trouble, explore these options in greater detail. One
good resource is the GNOME System Administrator's Guide, available at
In this book, we assume that you're not interested in locking preferences down, but in opening things
up and tweaking them to your taste. That's where gconf-editor comes in handy. You can, of course, edit
the XML files in ~/.gconf yourself, but the gconf-editor application makes things a little more
To get started, run the command gconf-editor. On the left side of the window is the GConf hierarchy,
arranged like a file tree starting at /. The tree corresponds to actual settings files stored in the ~/.gconf
directory, so changing something in the /applications tree alters files stored in ~/.gconf/applications. On
the right side of the window is the list of available settings, called keys, and a place for documentation
about the selected key.
We're mostly interested in items under the /apps tree. The /desktop and /GNOME trees hold information
not tied to a specific application, such as session data and desktop-wide lockdown settings. Systemwide
configuration is stored in /system, and information about the way GConf stores settings is kept in
/schemas. Avoid changing anything in the /schemas tree.
For now, let's try adjusting an application setting, to give you a feel for what can be done. Normally, the
files on your desktop come from the ~/Desktop folder. However, you can force Nautilus to display your
home directory on the desktop instead. Select /apps/nautilus/preferences/desktop_is_home_dir and
check the box. Now, Nautilus will display the contents of your home directory on your desktop.
Other applications have similar "hidden" preferences you can change. Try the following:
Metacity window manager: Check the box in /apps/metacity/reduced_resources to make Metacity
use as few system resources as possible. This will make it look less attractive, but may improve
system performance.
Epiphany web browser: Normally, a middle click in the Epiphany web browser turns on the vertical
scroll feature familiar to users of Internet Explorer. However, users of traditional UNIX browsers
may prefer to check the box for /apps/epiphany/general/middle_click_open_url and turn on the
"paste URL" feature. Select a URL in any application, then middle-click in a non-text-entry area of
a web page, and Epiphany will load the text you have selected.
3.5. GNOME Applications
Now that you have a feel for the desktop and how to get around it, let's take a look at some of the
applications that are built to go with it. Note that these applications aren't restricted to the GNOME
desktop, and they aren't the only applications you can run on the GNOME desktopthey're just built from
the same materials and work particularly well together.
3.5.1. Evolution: Mail, Calendar, and Contacts
Evolution is what's known as a groupware suite; it combines email with a calendar and an address book
so that communication and scheduling tasks all fall into one convenient package. We don't have room to
go into depth regarding all three, but a complete manual is included in the Help menu and is available
online at
You can start Evolution by selecting Evolution from your Applications menu, or by typing evolution at
the command line. A screen like the one in Figure 3-7 should come up.
Figure 3-7. Evolution on the GNOME desktop
The first time you run Evolution, you'll be asked to create an email account by entering information
about yourself and your email access. You can copy this information from your existing mail program,
or ask your system administrator or ISP.
Evolution works with standard mail server protocols and can be used in almost any network
environment. It lets you leave your mail on the server (if it's running the IMAP protocol), download mail
to your local system (if it runs either the IMAP or the POP protocol), or use mail spools on your local
system (if you're running your own mail server). In addition, Evolution supports Microsoft Exchange
2000 and later and Novell GroupWise 6.5 and later for mail, calendar, and address functions.
Once you've created an account, you will be presented with the main Evolution window. On the left side
of the Evolution window is a shortcut bar, with a list of available tools at the bottom and a list of
available sources of data at the top. Click the buttons at the bottom to switch among email, calendar,
task list, contacts, and Microsoft Exchange tools.
The following sections describe Evolution's major features. Evolution mail
To start using Evolution mail, click the Inbox button in the shortcut bar. The mail view is divided into
two portions: in the top half, a list of messages, and in the bottom half, the display of your selected
message. You can change the proportions by dragging the gray bar between them, or hide the message
preview area entirely by selecting View
Preview Pane or pressing Ctrl - '.
In general, the mail features are fairly simple: click the Send and Receive button to check for new mail
and send mail you've queued for later delivery, and click the New Message button to compose a new
What distinguishes Evolution from other mail programs are the speed of its searches, the power and
simplicity of its filters, and its unique vFolders, a sort of combination of searches and filters.
The search bar is located at the top of the message list. To search your mail, go to any mail folder,
select a portion of the message to search (just the message body, the sender, the entire message, and
so forth), enter a word into the text box, and press Enter. Evolution pre-indexes your mail, so the
results are returned to you faster than with other tools.
Filters add an action to the end of a search: every time you get mail, Evolution performs a search that
you specify on the new messages, and then takes actions based on those results. The most common
uses of filters are to automatically file messages based on the senders, and to delete messages that are
flagged as spam.
To create a filter, go to any mail view and open your list of filters by selecting Tools
Filters. Then
Click the Add button to add a filter.
In the top half of the dialog, select a set of criteria you'll use to pick messages for the filter. For
example, if you select Sender Contains in the first drop-down item, and enter in the text
box that appears next to it, your filter will act on mail that comes to you from all email
In the bottom half of the window, select one or more actions for your messages. For example, if
you select Move to Folder, you'll be offered a button labeled Click to Select Folder. Click that,
select a destination folder, and your filter will file all mail from addresses in your
GNOME email folder.
Click OK in the filter creation box, and OK in the filter list. You're done.
If you find that you need more flexibility than filters offer you, you can use vFolders. A vFolder, or
virtual folder, is essentially a complex saved search that looks like a folder. That also means that
although an email message can exist only in a single standard folder, you can find it in several vFolders.
When you create a vFolder, you select criteria just as you would for a filter, but instead of choosing
what to do with them, you specify where you want to look for these messages. Once you've created a
vFolder, it appears in a list of vFolders at the bottom of your folder tree. Then, every time you open it, it
searches your mail folders for messages that match the criteria you chose when you created it. So if you
create your filters to file mail depending on its sender, you can create a vFolder that holds mail with a
given subject, no matter who sent it.
Mail on GroupWise and Exchange servers works in a similar way, with only a few exceptions. On
GroupWise servers , event notifications are delivered directly to the Calendar folder rather than to your
inbox or to the calendar itself. Once you have accepted a meeting, it appears in your calendar. For
Exchange servers, your folder tree contains shared or public folders available to you. To subscribe to
shared and public folders, click the Exchange button in the shortcut bar and select Actions
Subscribe to Other User's Folder. Evolution calendar
The Evolution calendar allows you great flexibility in creating and viewing your schedule. To get started,
click the Calendar button in the shortcut bar. You'll be presented with an empty work-week spread out
before you, devoid of appointments. On the left side of the window is a list of available calendars , and
on the right side is your calendar view. You can check the boxes next to the calendar names in the
shortcut bar to show or hide the events for each calendar. Each set of events is color-coded to prevent
confusion, and the overlay helps you reduce clutter when you want to see only one type of event, while
allowing you to compare schedules if you need to coordinate or avoid conflicts.
Calendars are listed in several categories: On this Computer, On the Web, Contacts, and, depending on
your groupware server, Exchange or GroupWise. When you start, you will have at least two calendars.
The first, your default personal calendar, is empty. The second, Birthdays and Anniversaries, shows any
dates you have entered into address cards in the contacts tool.
To add a new calendar, select New
Calendar and choose the type of calendar you'll be creating: On
this Computer or On the Web. The first type of calendar requires only that you pick a name and a color
and click OK. For subscription-only web calendars, you'll need to enter that information, plus the URL of
the calendar file and the frequency with which Evolution will check for changes as well.
The GroupWise and Contacts calendars are created automatically, and you can have only one of each.
To create a new Exchange calendar, use the Exchange tool to subscribe to a calendar folder on the
Exchange server.
To show a different range of time in the calendar display, select a range of days in the small calendar in
the upper-right side of the window or click one of the prebuilt ranges of days in the toolbar: today, one
day, five days, a week, or a month.
Once you have a feel for how to page through your datebook, you'll want to start scheduling events. To
schedule an event, click the New Appointment button. Pick which calendar you want it to go in, enter a
summary of the event, choose a time, and (optionally) enter a longer description. Note that you can't
add events to every calendar: web calendars and your contact calendar, for example, are read-only.
At the lower right, you can select from a list of categories for this event. Events with categories,
recurrences, or reminders are displayed with small icons in the calendar view: an alarm clock for
reminders, arrows moving in a circle for recurrences, a birthday cake for birthdays, and so forth.
You can also schedule reminders and recurrences. For example, if you have an important meeting next
week, you can schedule a reminder to pop up 15 minutes beforehand so that you have time to prepare.
Just click the Reminder tab and choose a time and type of reminder, then click Add to add it to the list.
Recurrences are similar: click the Recurrence tab, and choose how often you'd like to repeat the event.
Is it just this Thursday and next Tuesday? Is it every Wednesday from now until Christmas? Is it a
holiday that happens every year? Choose the recurrence rules, click Save and Close, and you've added
the event to your calendar.
All that's left is to coordinate this event with other people. Select Actions, and then Forward as
iCalendar to create an email message that has the event attached to it. When the recipients receive the
message, they can click a single button to add the event to their calendars and send a note to you
letting you know whether they'll attend. Evolution contacts
The Evolution contact manager, or address book, is perhaps the least glamorous tool in the suite.
However, it is interwoven with the email tools quite thoroughly. You can create contact cards by clicking
the New Contact button in the contacts view, but you can also create a card by right-clicking any email
address in an email someone has sent you.
If you enter birthday and anniversary information for your contacts, the dates will
show up in a special calendar dedicated to your contacts.
If you're looking at your address book for someone's email address, you can right-click his card and
have the option to send him a message, or to send his card to someone else, with just two clicks.
To have a look at the contact manager, click the Contacts button in the shortcut bar, or select any
contact folder from the folder bar. You'll see a simple list of cards. If you prefer to have your contacts
arranged as a phone list, select View, Current View, and then Phone List. You can also choose to display
the list by organization rather than just by name.
3.5.2. GNOME and Office Software
GNOME integrates with the OpenOffice suite to allow users a consistent experience for word processing,
spreadsheets, and presentations. OpenOffice has excellent file compatibility with Microsoft Office and
offers the vast majority of features necessary for day to day use.
Other options are also available, however. The Gnumeric spreadsheet application handles certain files
more capably than OpenOffice does, and has more complex financial calculations, although its graphics
capabilities are not as strong. AbiWord is an excellent word processor for most tasks, and simpler than
OpenOffice. Both take up far less disk space and run faster, and are suitable for low-resource situations.
For more information about office suites, see Chapter 8.
3.5.3. Movies and Music: Totem and Rhythmbox
The discussion of video and music playback inevitably involves the discussion of licensing. Because the
group that defines the MP3 format has patented the encoding and decoding algorithms and requires
that every distributor keep track of, and pay for, each copy of MP3 playing or recording software, there
are no free, legal MP3 playback or recording devices. Similar license restrictions from the DVD Copy
Control Association ( have prevented the development of a free application that will display
the DVD movies you can buy in a store.
Unlicensed MP3 and DVD applications are easy enough to build, as anyone with a search engine can find
out quickly enough, but they also aren't necessary. You can still record and play music CDs with the free
Ogg Vorbis format, and you can still record and play movies stored in MPEG and MOV formatsincluding
unencrypted DVDs such as those made by home DVD recorders.
To play those songs, start up Rhythmbox, a music player modeled after features from Apple's iTunes.
Rhythmbox will require a few moments to index your music collection before you use it. If it doesn't
index your music library immediately, or if it doesn't find all your songs, select Music
Import Folder.
Once your files are indexed by the Rhythmbox library, you'll see a strikingly familiar interface: a list of
music sources on the left, including Library, Radio, and any playlists you have created. To the right of
the music sources is a list of artists and albums you can use to browse your collection, and below that is
a list of individual songs that match the artist and album you've selected. You can also search for items
in the artist, album, and song title categories in the Search bar at the top.
Select a song and press Play. As you listen, right-click on a song and select Properties. The first tab,
Basic, shows you a little information about the track, but the second tab, Details, shows you how often
you've played the song, where it's stored, and the exact length; it also lets you rate the song on a scale
of 0 to 5. If you don't rate the song yourself, Rhythmbox will guess at ratings based on how often you
play a song.
The other major feature in Rhythmbox is its playlists. To create a playlist, select Music
New Playlist. Enter a name for your playlist, and it will appear in your list of available sources. Then,
drag songs from the library to the list, and you've got a playlist.
To import a song into Rhythmbox, you must have an application known as Sound Juicer installed, which
is often included with Rythmbox, but not always. Select File
Import CD to start ripping. Sound
Juicer will check the CD title and track listings online with the MusicBrainz service, and ask you to
confirm them before it proceeds. It will record in the Ogg Vorbis format unless you specify otherwise by
selecting Edit
For movie playback, Totem makes things as easy as hitting Ctrl-O to open a file (or Ctrl-L to open a
video stream on the Web). Totem provides a very clean interface to the extremely complex world of
video encoding algorithms, but it is not always possible to hide from the sometimes bewildering array of
file types. Totem supports several video formats by default, including the formats used by most video
You don't need to mount a DVD or video disc: just press Play. You do, however,
need to be sure that the /dev/dvd or /media/dvd device exists on your system.
Tinkerers will note that Totem uses the Xine backend, which is as configurable as Totem is simple. For
example, not all QuickTime video subformats (there are several) are supported, but users of most
recent x86-based hardware can copy the QuickTime DLLs from a Windows installation into
/usr/lib/win32 and access their system's hardware support. In addition, if you have RealPlayer for Linux
installed, Totem is able to display the RealVideo format using RealPlayer's own binary codecs. For more
information about media playback on Linux, including performance tuning hints, updates to the Xine
libraries, and links to other media playback systems, visit
3.5.4. Additional Applications and Resources
There are dozens, if not hundreds, of other GNOME applications, from software development tools to
games to flowcharting and diagramming tools. The best ways to explore them are to visit the web site and browse the software map or to try installing a few from your update
system, whether it's Red Carpet, up2date, apt-get, or YaST.
If you get stuck, there are several places to turn for help. In addition to the Nautilus help system and
the web site, try looking for help in chat systems. Developers can be found on in #gnome, so if you have software development questions, go there. A web search on the
text of an error message can often turn up the solution to a problem. Searching Google for an error
message you've seen can turn up postings to public forums from people who have seen (and hopefully
solved) the same error.
Chapter 4. Basic Unix Commands and
If you've come to Linux from Windows or another non-Unix operating system, you have a steep learning
curve ahead of you. We might as well be candid on this point. Unix is a world all its own, even though it
has become a lot more user-friendly over the last few years.
In this chapter, we introduce the rudiments of Unix for those readers who have never had exposure to
this operating system. If you are coming from Microsoft Windows or other environments, the
information in this chapter will be absolutely vital to you. Unlike other operating systems, Unix is not at
all intuitive. Many of the commands have seemingly odd names or syntax, the reasons for which usually
date back many years to the early days of this system. And, although many of the commands may
appear to be similar to their counterparts in the Windows command-line interpreter, there are
important differences.
Instead of getting into the dark mesh of text processing, shell syntax, and other issues, in this chapter
we strive to cover the basic commands needed to get you up to speed with the system if you're coming
from a non-Unix environment. This chapter is far from complete; a real beginner's Unix tutorial would
take an entire book. It's our hope that this chapter will give you enough to keep you going in your
adventures with Linux, and that you'll invest in some more advanced books once you have a need to do
so. We'll give you enough background to make your terminal usable, keep track of jobs, and enter
essential commands.
Part 2 of this book contains material on system administration and maintenance. This is by far the most
important part of the book for anyone running his own Linux system. If you are completely new to Unix,
the material found in Part II should be easy to follow once you've completed the tutorial here.
One big job we merely touch on in this chapter is how to edit files. It's one of the first things you need
to learn on any operating system. The two most popular editors for Linux, vi and Emacs, are discussed
in Chapter 19.
4.1. Logging In
Let's assume that your installation went completely smoothly, and you are facing the following prompt
on your screen:
Linux login
Some Linux users are not so lucky; they have to perform some heavy tinkering when the system is still
in a raw state or in single-user mode. But for now, we'll talk about logging into a functioning Linux
Logging in, of course, distinguishes one user from another. It lets several people work on the same
system at once and makes sure that you are the only person to have access to your files.
You may have installed Linux at home and are thinking right now, "Big deal. No one else shares this
system with me, and I'd just as soon not have to log in." But logging in under your personal account
also provides a certain degree of protection: your account won't have the ability to destroy or remove
important system files. The system administration account (covered in the next chapter) is used for
such touchy matters.
If you connect your computer to the Internet, even via a modem, make sure you set nontrivial
passwords on all your accounts. Use punctuation and strings that don't represent real words or names.
Although Unix systems are not as susceptible to random brute-force attacks from the outside world as
Windows systems are (according to some sources, it takes about 20 minutes from connecting a
Windows box to the Internet until that computer is attacked, whereas it takes about 40 minutes to
download the security fixes from Microsoft), you certainly do not want anybody to snoop around in your
Note that some distributions install a so-called graphical login manager right away, so you might not be
greeted by the somewhat arcane login: prompt in white letters on black background, but with a fancy
graphical login screen, possibly even presenting you with the user accounts available on your system
(maybe even with a little picture for each user) as well as different modes to log into. The basic login
procedure is the same as described here, however: you still type your username and password.
You were probably asked to set up a login account for yourself when you installed Linux. If you have
such an account, type the name you chose at the Linux login: prompt. If you don't have an account
yet, type root because that account is certain to exist. Some distributions may also set up an account
called install or some other name for fooling around when you first install the system.
After you choose your account, you see:
and you need to enter the correct password. The terminal turns off the normal echoing of characters
you enter for this operation so that people looking at the screen cannot read your password. If the
prompt does not appear, you should add a password to protect yourself from other people's tampering;
we'll go into this later.
By the way, both the name and the password are case-sensitive. Make sure the Caps Lock key is not set
because typing ROOT instead of root will not work.
When you have successfully logged in, you will see a prompt. If you're root, this may be a simple:
For other users, the prompt is usually a dollar sign ( $). The prompt may also contain the name you
assigned to your system or the directory you're in currently. Whatever appears here, you are now ready
to enter commands. We say that you are at the "shell level" here and that the prompt you see is the
"shell prompt." This is because you are running a program called the shell that handles your commands.
Right now we can ignore the shell, but later in this chapter we'll find that it does a number of useful
things for us.
As we show commands in this chapter, we'll show the prompt simply as $. So if you see:
$ pwd
it means that the shell prints $ and that pwd is what you're supposed to enter.
4.2. Setting a Password
If you don't already have a password, we recommend you set one. Just enter the command passwd.
The command will prompt you for a password and then ask you to enter it a second time to make sure
you enter it without typos.
There are standard guidelines for choosing passwords so that they're hard for other people to guess.
Some systems even check your password and reject any that don't meet the minimal criteria. For
instance, it is often said that you should have at least six characters in the password. Furthermore, you
should mix uppercase and lowercase characters or include characters other than letters and digits.
If you think it is a good idea to pick an ordinary, but rarely used word as your password, think again.
There are password attack programs available that come with an English dictionary and just try all
words in that dictionary in order to find the correct one so that the account can be compromised. Also,
never use the account name for the password. This is sometimes called a "joe," and is likely to be the
first thing a password attacker is going to try.
A good trick for choosing a good password is to take a full phrase that you can remember (maybe a line
from your favorite song), and then just take the first letters. Then blend in a digit and maybe a special
character. For example, if your line is I'd really like to go fishing now, your password could be Irl2gfn!.
But do not use exactly this one; the fact that it has been published in this book makes it a bad
password. There are even programs available (not unlikely integrated into the graphical user
management tools of your distribution) that generate a random password from random characters, but
of course these passwords are difficult to rememberif you have to write the password down in order to
remember it, it is a bad password as well.
To change your password, just enter the passwd command again. It prompts you for your old password
(to make sure you're you) and then lets you change it.
4.3. Virtual Consoles
As a multiprocessing system, Linux gives you a number of interesting ways to do several things at once.
You can start a long software installation and then switch to reading mail or compiling a program
Most Linux users, when they want this asynchronous access, will employ the X Window System (see
Chapter 16). But before you get X running, you can do something similar through virtual consoles. This
feature appears on a few other versions of Unix, but is not universally available.
To try out virtual consoles , hold down the left Alt key and press one of the function keys, F1 through
F8. As you press each function key, you see a totally new screen complete with a login prompt. You can
log in to different virtual consoles just as if you were two different people, and you can switch between
them to carry out different activities. You can even run a complete X session in each console. The X
Window System will use virtual console 7 by default. So if you start X and then switch to one of the
text-based virtual consoles, you can go back again to X by typing Alt-F7. If you discover that the Alt-+
function key combination brings up an X menu or some other function instead of switching virtual
consoles, use Ctrl + Alt + function key. You can even have two X servers running the X Window System;
the second one would then be on virtual console 8.
4.4. Popular Commands
The number of commands on a typical Unix system is enough to fill a few hundred reference pages. And
you can add new commands too. The commands we'll tell you about here are just enough to navigate
and to see what you have on the system.
4.4.1. Directories
As with Windows and virtually every modern computer system, Unix files are organized into a
hierarchical directory structure. Unix imposes no rules about where files have to be, but conventions
have grown up over the years. Thus, on Linux you'll find a directory called /home where each user's
files are placed. Each user has a subdirectory under /home. So if your login name is mdw, your
personal files are located in /home/mdw. This is called your home directory. You can, of course, create
more subdirectories under it.
If you come from a Windows system, the slash (/) as a path separator may look odd to you because you
are used to the backslash (\). There is nothing tricky about the slash. Slashes were actually used as
path separators long before people even started to think about MS-DOS or Windows. The backslash has
a different meaning on Unix (turning off the special meaning of the next character, if any).
As you can see, the components of a directory are separated by slashes. The term pathname is often
used to refer to this slash-separated list.
What directory is /home in? The directory named /, of course. This is called the root directory. We have
already mentioned it when setting up filesystems.
When you log in, the system puts you in your home directory. To verify this, use the "print working
directory," or pwd , command:
$ pwd
The system confirms that you're in /home/mdw.
You certainly won't have much fun if you have to stay in one directory all the time. Now try using
another command, cd , to move to another directory:
$ cd /usr/bin
$ pwd
$ cd
Where are we now? A cd with no arguments returns us to our home directory. By the way, the home
directory is often represented by a tilde (~). So the string ~/programs means that programs is located
right under your home directory.
While we're thinking about it, let's make a directory called ~/programs. From your home directory, you
can enter either:
$ mkdir programs
or the full pathname:
$ mkdir /home/mdw/programs
Now change to that directory:
$ cd programs
$ pwd
The special character sequence .. refers to the directory just above the current one. So you can move
back up to your home directory by typing the following:
$ cd ..
You can also always go back to your home directory by just typing:
$ cd
no matter where in the directory hierarchy you are.
The opposite of mkdir is rmdir, which removes directories :
$ rmdir programs
Similarly, the rm command deletes files . We won't show it here because we haven't yet shown how to
create a file. You generally use the vi or Emacs editor for that (see Chapter 19), but some of the
commands later in this chapter will create files too. With the -r (recursive) option, rm deletes a whole
directory and all its contents. (Use with care!)
At this point, we should note that the graphical desktop environments for Linux, such as KDE and
GNOME, come with their own file managers that can perform most of the operations described in this
chapter, such as listing and deleting files, creating directories, and so forth. Some of them, like
Konqueror (shipped with KDE) and the web browser in that environment, are quite feature-rich.
However, when you want to perform a command on many files, which perhaps follow a certain
specification, the command line is hard to beat in efficiency, even it takes a while to learn. For example,
if you wanted to delete all files in the current directory and all directories beneath that which start with
an r and end in .txt, the so-called Z shell (zsh) would allow you to do that with one line:
$ rm **/r*.txt
More about these techniques later.
4.4.2. Listing Files
Enter ls to see what is in a directory. Issued without an argument, the ls command shows the contents
of the current directory. You can include an argument to see a different directory:
$ ls /home
Some systems have a fancy ls that displays special filessuch as directories and executable filesin bold,
or even in different colors. If you want to change the default colors, edit the file /etc/DIR_COLORS, or
create a copy of it in your home directory named .dir_colors and edit that.
Like most Unix commands, ls can be controlled with options that start with a hyphen (-). Make sure you
type a space before the hyphen. One useful option for ls is -a for "all," which will reveal to you riches
that you never imagined in your home directory:
$ cd
$ ls -a
The single dot refers to the current directory, and the double dot refers to the directory right above it.
But what are those other files beginning with a dot? They are called hidden files. Putting a dot in front of
their names keeps them from being shown during a normal ls command. Many programs employ hidden
files for user optionsthings about their default behavior that you want to change. For instance, you can
put commands in the file .Xdefaults to alter how programs using the X Window System operate. Most of
the time you can forget these files exist, but when you're configuring your system you'll find them very
important. We list some of them later.
Another useful ls option is -l for "long." It shows extra information about the files. Figure 4-1 shows
typical output and what each field means. Adding the -h ("human" option) shows the file sizes rounded
to something more easily readable.
Figure 4-1. Output of ls -l
We discuss the permissions, owner, and group fields in a later chapter, Chapter 11. The ls command
also shows the size of each file and when it was last modified.
4.4.3. Viewing Files, More or Less
One way to look at a file is to invoke an editor, such as:
$ xemacs .bashrc
But if you just want to scan a file quickly, rather than edit it, other commands are quicker. The simplest
is the strangely named cat command (named after the verb concatenate because you can also use it to
concatenate several files into one):
$ cat .bashrc
But a long file will scroll by too fast for you to see it, so most people use the more command instead:
$ more .bashrc
This prints a screenful at a time and waits for you to press the spacebar before printing more. more has
a lot of powerful options. For instance, you can search for a string in the file: press the slash key (/),
type the string, and press Return.
A popular variation on the more command is called less . It has even more powerful features; for
instance, you can mark a particular place in a file and return there later.
4.4.4. Symbolic Links
Sometimes you want to keep a file in one place and pretend it is in another. This is done most often by
a system administrator, not a user. For instance, you might keep several versions of a program around,
called prog.0.9, prog.1.1, and so on, but use the name prog to refer to the version you're currently
using. Or you may have a file installed in one partition because you have disk space for it there, but the
program that uses the file needs it to be in a different partition because the pathname is hard-coded
into the program.
Unix provides links to handle these situations. In this section, we'll examine the symbolic link, which is
the most flexible and popular type. A symbolic link is a kind of dummy file that just points to another
file. If you edit or read or execute the symbolic link, the system is smart enough to give you the real file
instead. Symbolic links work a lot like shortcuts under MS-Windows, but are much more powerful.
Let's take the prog example. You want to create a link named prog that points to the actual file, which is
named prog.1.1. Enter the following command:
$ ln -s prog.1.1 prog
Now you've created a new file named prog that is kind of a dummy file; if you run it, you're really
running prog.1.1. Let's look at what ls -l has to say about the file:
$ ls -l prog
2 mdw
8 Nov 17 14:35 prog -> prog.1.1
The l at the beginning of the output line shows that the file is a link, and the little -> indicates the real
file to which the link points.
Symbolic links are really simple, once you get used to the idea of one file pointing to another. You'll
encounter links all the time when installing software packages.
4.5. Shells
As we said before, logging into the system in console mode puts you into a shell. If your system is
configured with a graphical login, logging in brings you to the graphical interface where you can open
an xterm (or similar) window in order to get a shell. The shell interprets and executes all your
commands. Let's look a bit at different shells before we keep going, because they're going to affect
some of the material coming up.
If it seems confusing that Unix offers many different shells, just accept it as an effect of evolution.
Believe us, you wouldn't want to be stuck using the very first shell developed for Unix, the Bourne shell.
Although it was a very powerful user interface for its day (the mid-1970s), it lacked a lot of useful
features for interactive useincluding the ones shown in this section. So other shells have been developed
over time, and you can now choose the one that best suits your way of working.
Some of the shells available on Linux are as follows:
Bourne Again shell. The most commonly used (and most powerful) shell on Linux. POSIXcompliant, compatible with the Bourne shell, created and distributed by the GNU project (Free
Software Foundation). Offers command-line editing, history substitution, and Bourne shell
C shell. Developed at Berkeley. Mostly compatible with the Bourne shell for interactive use, but
has a very different interface for programming. Does not offer command-line editing, although it
does have a sophisticated alternative called history substitution. On Linux, csh is just another
name for the newer tcsh.
Korn shell. Perhaps the most popular on Unix systems generally, and the first to introduce modern
shell techniques (including some borrowed from the C shell) into the Bourne shell. Compatible
with the Bourne shell. Offers command-line editing.
Bourne shell. The original shell. Does not offer command-line editing.
Enhanced C shell. Offers command-line editing.
Z shell. The newest of the shells. Compatible with the Bourne shell. Offers command-line editing.
Has very powerful completion features. If you do not know any shell yet, and your Linux
distribution carries zsh, go with that choice from the start.
Try the following command to find out what your shell is. It prints out the full pathname where the shell
is located. Don't forget to type the dollar sign:
$ echo
You are probably running bash, the Bourne Again shell, because that is the most popular one on Linux.
If you're running something else, this might be a good time to change to bash or zsh. They are both
powerful, POSIX compliant, well supported, and very popular on Linux. Use the chsh command to
change your shell:
$ chsh
Enter password: Type your password here this is for security's sake
Changing the login shell for mdw
Enter the new value, or press return for the default
Login Shell [/bin/sh]:/bin/bash
(Use /usr/bin/zsh or /bin/zsh , depending on your distribution, for zsh.)
Before a user can choose a particular shell as a login shell, that shell must be installed and the system
administrator must make it available by entering it in /etc/shells.
There are a couple of ways to conceptualize the differences between shells. One is to distinguish
Bourne-compatible shells from csh-compatible shells. This will be of interest to you when you start to
program with the shell, also known as writing shell scripts. The Bourne shell and C shell have different
programming constructs. Most people now agree that Bourne-compatible shells are better, and there
are many Unix utilities that recognize only the Bourne shell.
Another way to categorize shells is to identify those that offer command-line editing (all the newer
ones) versus those that do not. sh and csh lack this useful feature.
When you combine the two criteriabeing compatible with the Bourne shell and offering command-line
editingyour best choice comes down to bash, ksh, or zsh. Try out several shells before you make your
choice; it helps to know more than one, in case someday you find yourself on a system that limits your
choice of shells.
4.6. Useful Keys and How to Get Them to Work
When you type a command, pressing the Backspace key should remove the last character. Ctrl-U should
delete the line from the cursor to the beginning of the line; thus, this key combination will delete the
whole line if the cursor is at the end of the line. When you have finished entering a command, and it is
executing, Ctrl-C should abort it, and Ctrl-Z should suspend it. (When you want to resume the
suspended program, enter fg for "foreground.")
Ctrl-S stops the terminal output until you turn it off again with Ctrl-Q. This is probably less useful today,
as most terminal emulations provide scrolling facilities anyway, but it's important to know if you have
hit Ctrl-S by accident and the terminal all of a sudden "becomes unresponsive." Just hit Ctrl-Q to make
it respond again; it was just waiting for you.
If any of these keys fail to work, your terminal is not configured correctly for some reason. You can fix it
through the stty command. Use the syntax:
stty function key
where function is what you want to do, and key is the key that you press. Specify a control key by
putting a circumflex (^) in front of the key.
Here is a set of sample commands to set up the functions described earlier:
erase ^H
kill ^U
intr ^C
susp ^Z
The first control key shown, ^H, represents the ASCII code generated by the Backspace key.
By the way, you can generate a listing of your current terminal settings by entering stty -a. But that
doesn't mean you can understand the output: stty is a complicated command with many uses, some of
which require a lot of knowledge about terminals.
Here is another use of stty that can prove useful quite often: if your shell gets confused (as can often
happen if you output binary data to it), and does not react as you are used to, try entering:
$ stty sane
That will usually succeed in bringing the shell to reason and making it operate as expected again.
4.7. Typing Shortcuts
If you've been following along with this tutorial at your terminal, you may be tired of typing the same
things over and over. It can be particularly annoying when you make a mistake and have to start again.
Here is where the shell really makes life easier. It doesn't make Unix as simple as a point-and-click
interface, but it can help you work really fast in a command environment.
This section discusses command-line editing. The tips here work if your shell is bash, ksh, tcsh, or zsh.
Command-line editing treats the last 50 or so lines you typed as a buffer in an editor (this is also called
the command history). You can move around within these lines and change them the way you'd edit a
document. Every time you press the Return key, the shell executes the current line.
4.7.1. Word Completion
First, let's try something simple that can save you a lot of time. Type the following, without pressing the
Return key:
$ cd /usr/inc
Now press the Tab key. The shell will add lude to complete the name of the directory /usr/include. Now
you can press the Return key, and the command will execute.
The criterion for specifying a filename is "minimal completion." Type just enough characters to
distinguish a name from all the others in that directory. The shell can find the name and complete itup
to and including a slash, if the name is a directory.
You can use completion on commands too. For instance, if you type:
$ ema
and press the Tab key, the shell will add the cs to make emacs (unless some other command in your
path begins with ema ).
What if multiple files match what you've typed? If they all start with the same characters, the shell
completes the word up to the point where names differ. Beyond that, most shells do nothing. bash has a
neat enhancement: if you press the Tab key twice, it displays all the possible completions. For instance,
if you enter:
$ cd /usr/l
and press the Tab key twice, bash prints something like the following:
zsh even goes a step further: if you press the Tab key yet another time, the first of the possible choices
will be selected; if you press it yet again, the second is selected, and so on. This way, you can keep your
finger on the Tab key and don't have to supply additional characters in order to disambiguate your
4.7.2. Moving Around Among Commands
Press the up arrow, and the command you typed previously appears. The up arrow takes you back
through the command history, and the down arrow takes you forward. If you want to change a
character on the current line, use the left or right arrow keys.
As an example, suppose you tried to execute:
$ mroe .bashrc
bash: mroe: command not found
Of course, you typed mroe instead of more. To correct the command, call it back by pressing the up
arrow. Then press the left arrow until the cursor lies over the o in mroe. You could use the Backspace key
to remove the o and r and retype them correctly. But here's an even neater shortcut: just press Ctrl-T.
It will reverse o and r, and you can then press the Return key to execute the command.
Some shells even go a step further: if you type in a nonexistent command such as mroe, but there is a
similar existing one, such as more, the shell will offer to correct your typing mistake and select this
other option. Of course, before accepting this generous offer, you should first check what you are
getting so that it is not a dangerous command that, for example, deletes your files.
Many other key combinations exist for command-line editing. But the basics shown here will help you
quite a bit. If you learn the Emacs editor, you will find that most keys work the same way in the shell.
And if you're a vi fan, you can set up your shell so that it uses vi key bindings instead of Emacs
bindings. To do this in bash, ksh, or zsh, enter the command:
$ export VISUAL=vi
In tcsh, enter:
$ setenv VISUAL vi
4.8. Filename Expansion
Another way to save time in your commands is to use special characters to abbreviate filenames. You
can specify many files at once by using these characters. This feature of the shell is sometimes called
"globbing ."
The Windows command-line interpreter offers a few crude features of this type. You can use a question
mark to mean "any character" and an asterisk to mean "any string of characters." Unix provides these
wildcards too, but in a more robust and rigorous way.
Let's say you have a directory containing the following C source files:
$ ls
To list the three files containing digits in their names, you could enter:
$ ls inv?jig.c
The shell looks for a single character to replace the question mark. Thus, it displays inv1jig.c, inv2jig.c,
and inv3jig.c, but not invinitjig.c because that name contains too many characters.
If you're not interested in the second file, you can specify the ones you want using brackets:
$ ls inv[13]jig.c
If any single character within the brackets matches a file, that file is displayed. You can also put a range
of characters in the brackets:
$ ls inv[1-3]jig.c
Now we're back to displaying all three files. The hyphen means "match any character from 1 through 3,
inclusive." You could ask for any numeric character by specifying 0-9 , and any alphabetic character by
specifying [a-zA-Z] . In the latter case, two ranges are required because the shell is case-sensitive. The
order used, by the way, is that of the ASCII character set.
Suppose you want to see the init file, too. Now you can use an asterisk because you want to match any
number of characters between the inv and the jig :
$ ls inv*jig.c
The asterisk actually means "zero or more characters," so if a file named invjig.c existed, it would be
shown too.
Unlike the Windows command-line interpreter, the Unix shells let you combine special characters and
normal characters any way you want. Let's say you want to look for any source (.c) or object (.o) file
that contains a digit. The resulting pattern combines all the expansions we've studied in this section:
$ ls *[0-9]*.[co]
Filename expansion is very useful in shell scripts (programs), where you don't always know exactly how
many files exist. For instance, you might want to process multiple log files named log001, log002, and
so on. No matter how many there are, the expression log* will match them all.
Again, zsh goes a bit further than the other shells. With zsh, you can look for certain files in the current
directory and all subdirectories thereof, using ** as the directory specification. If we repeat the previous
example of searching for certain C source files, but this time want to find them in the whole tree, the
command would look like this:
$ ls **/inv?jig.c
Filename expansions are not the same as regular expressions, which are used by
many utilities to specify groups of strings. Regular expressions are beyond the
scope of this book, but are described by many books that explain Unix utilities. A
taste of regular expressions appears in Chapter 19.
4.9. Saving Your Output
System administrators (and other human beings too) see a lot of critical messages fly by on the computer
screen. It's often important to save these messages so that you can scrutinize them later, or (all too
often) send them to a friend who can figure out what went wrong. So, in this section, we'll explain a little
bit about redirection, a powerful feature provided by Unix shells. If you come from Windows, you have
probably seen a similar, but more limited, type of redirection in the command-line interpreter there.
If you put a greater-than sign (>) and a filename after any command, the output of the command will be
sent to that file. For instance, to capture the output of ls, you can enter:
$ ls /usr/bin > ~/Binaries
A listing of /usr/bin will be stored in your home directory in a file named Binaries. If Binaries had already
existed, the > would wipe out what was there and replace it with the output of the ls command.
Overwriting a current file is a common user error. If your shell is csh or tcsh, you can prevent overwriting
with the command:
$ set noclobber
In bash, you can achieve the same effect by entering:
$ noclobber=1
It doesn't have to be 1; any value will have the same effect.
Another (and perhaps more useful) way to prevent overwriting is to append new output. For instance,
having saved a listing of /usr/bin, suppose we now want to add the contents of /bin to that file. We can
append it to the end of the Binaries file by specifying two greater-than signs:
$ ls /bin >> ~/Binaries
You will find the technique of output redirection very useful when you are running a utility many times
and saving the output for troubleshooting.
Most Unix programs have two output streams . One is called the standard output, and the other is the
standard error. If you're a C programmer you'll recognize these: the standard error is the file pointer
named stderr to which you print messages.
The > character does not redirect the standard error. It's useful when you want to save legitimate output
without mucking up a file with error messages . But what if the error messages are what you want to
save? This is quite common during troubleshooting. The solution is to use a greater-than sign followed by
an ampersand. (This construct works in almost every modern Unix shell.) It redirects both the standard
output and the standard error. For instance:
$ gcc invinitjig.c >& error-msg
This command saves all the messages from the gcc compiler in a file named error-msg. On the Bourne
shell and bash you can also say it slightly differently:
$ gcc invinitjig.c &> error-msg
Now let's get really fancy. Suppose you want to save the error messages but not the regular outputthe
standard error but not the standard output. In the Bourne-compatible shells you can do this by entering
the following:
$ gcc invinitjig.c 2> error-msg
The shell arbitrarily assigns the number 1 to the standard output and the number 2 to the standard error.
So the preceding command saves only the standard error.
Finally, suppose you want to throw away the standard outputkeep it from appearing on your screen. The
solution is to redirect it to a special file called /dev/null. (Have you heard people say things like "Send
your criticisms to /dev/null"? Well, this is where the phrase came from.) The /dev directory is where Unix
systems store special files that refer to terminals, tape drives, and other devices. But /dev/null is unique;
it's a place you can send things so that they disappear into a black hole. For example, the following
command saves the standard error and throws away the standard output:
$ gcc invinitjig.c 2>error-msg >/dev/null
So now you should be able to isolate exactly the output you want.
In case you've wondered whether the less-than sign (<) means anything to the shell: yes, it does. It
causes commands to take their input from a file. But most commands allow you to specify input files on
their command lines anyway, so this "input redirection" is rarely necessary.
Sometimes you want one utility to operate on the output of another utility. For instance, you can use the
sort command to put the output of other commands into a more useful order. A crude way to do this
would be to save output from one command in a file and then run sort on it. For instance:
$ du
> du_output
$ sort -nr du_output
Unix provides a much more succinct and efficient way to do this using a pipe. Just place a vertical bar
between the first and second commands:
$ du | sort -nr
The shell sends all the output from the du program to the sort program.
In the previous example, du stands for "disk usage" and shows how many blocks each file occupies under
the current directory. Normally, its output is in a somewhat random order:
$ du
So we have decided to run it through sort with the -n and -r options. The -n option means "sort in
numerical order" instead of the default ASCII sort, and the -r option means "reverse the usual order" so
that the highest number appears first. The result is output that quickly shows you which directories and
files hog the most space:
$ du | sort -rn
Because there are so many files, we had better use a second pipe to send output through the more
command (one of the more common uses of pipes):
$ du | sort -rn | more
An alternative to more could be using the head command here, which only shows the first few lines (10 by
default). Of course, if there is a head command, there also needs to be a tail command, which just shows
the last few lines.
You may have noticed that when using du alone, the output starts appearing fairly quickly and is then
added to as the command finishes more computations, whereas when the output is piped to sort, it will
take quite a while (if your hard disk is large and well filled) until the output appears. That is because the
sort command needs all the data first in order to be able to sort, and not because the piping would delay
4.10. What Is a Command?
We've said that Unix offers a huge number of commands and that you can add new ones. This makes it
radically different from most operating systems, which contain a strictly limited table of commands. So
what are Unix commands, and how are they stored? On Unix, a command is simply a file. For instance,
the ls command is a binary file located in the directory bin. So, instead of ls, you could enter the full
pathname, also known as the absolute pathname:
$ /bin/ls
This makes Unix very flexible and powerful. To provide a new utility, a system administrator can simply
install it in a standard directory where commands are located. There can also be different versions of a
commandfor instance, you can offer a new version of a utility for testing in one place while leaving the
old version in another place, and users can choose the one they want.
Here's a common problem: sometimes you enter a command that you expect to be on the system, but
you receive a message such as "Not found." The problem may be that the command is located in a
directory that your shell is not searching. The list of directories where your shell looks for commands is
called your path. Enter the following to see what your path is (remember the dollar sign; otherwise, you
won't see the contents of the environment variable, but only its name, which you know anyway!):
$ echo $PATH
This takes a little careful eyeballing. First, the word PATH is specially recognized by the shell and is
called an environment variable. It's a short moniker for useful informationin this case, a list of
directories where the shell should search for commands. There are lots of environment variables; we
saw another one called SHELL in the section "Shells." When you specify an environment variable, include
a dollar sign before the name.
The output of our echo command is a series of pathnames separated by colons. The first pathname, for
this particular user, is /usr/local/bin. The second is /usr/bin, and so on. So if two versions of a
command exist, one in /usr/local/bin and the other in /usr/bin, the one in /usr/local/bin will execute.
The last pathname in this example is simply a dot; it refers to the current directory. Unlike the Windows
command-line interpreter, Unix does not look automatically in your current directory. You have to tell it
to explicitly, as shown here. Some people think it's a bad idea to look in the current directory, for
security reasons. (An intruder who gets into your account might copy a malicious program to one of
your working directories.) However, this mostly applies to root, so normal users generally do not need
to worry about this.
If a command is not found, you have to figure out where it is on the system and add that directory to
your path. The manual page should tell you where it is. Let's say you find it in /usr/sbin, where a
number of system administration commands are installed. You realize you need access to these system
administration commands, so you enter the following (note that the first PATH doesn't have a dollar sign,
but the second one does):
$ export PATH=$PATH:/usr/sbin
This command adds /usr/sbin, but makes it the last directory that is searched. The command is saying,
"Make my path equal to the old path plus /usr/sbin."
The previous command works for some shells but not others. It's fine for most Linux users who are
working in a Bourne-compatible shell like bash. But if you use csh or tcsh, you need to issue the
following command instead:
set path = ( $PATH /usr/sbin )
Finally, there are a few commands that are not files; cd is one. Most of these commands affect the shell
itself and therefore have to be understood and executed by the shell. Because they are part of the shell,
they are called built-in commands.
4.11. Putting a Command in the Background
No matter whether you are using the X Window System (described later) or virtual consoles, you may at
times still want to run several commands simultaneously from the same shell, if only in order to avoid
having to switch between windows or consoles all the time. You can take advantage of Unix's
multitasking features and achieve this by simply putting an ampersand at the end of commands, as
shown in this example:
$ gcc invinitjig.c &
[1] 21457
The ampersand puts the command into the background, meaning that the shell prompt comes back and
you can continue to execute other commands while the gcc command is compiling your program. The
[1] is a job number that is assigned to your command. The 21457 is a process ID, which we'll discuss
later. Job numbers are assigned to background commands in order and therefore are easier to
remember and type than process IDs.
Of course, multitasking does not come for free. The more commands you put into the background, the
slower your system runs as it tries to interleave their execution.
You wouldn't want to put a command in the background if it required user input. If you do so, you see
an error message, such as:
Stopped (tty input)
You can solve this problem by bringing the job back into the foreground through the fg command. If you
have many commands in the background, you can choose one of them by its job number or its process
ID. For our long-lived gcc command, the following commands are equivalent:
$ fg %1
$ fg 21457
Don't forget the percent sign on the job number; that's what distinguishes job numbers from process
To get rid of a command in the background, issue a kill command:
$ kill %1
If you have started a program in the foreground, but want to put in the background later, most shells
allow you to type Ctrl-Z. That key combination temporarily suspends the current foreground program.
You can then type either fg as described before, to put it back in the foreground, or bg, to put it in the
4.12. Remote Logins and Command Execution
You are probably connected to a network, either within your own home or office, or through dial-up to
the Internet. Sometimes you want to log in to another system, or copy a file to or from another system.
If you need help setting up networking, check Chapter 13 and the following chapters. In this section we
assume you are on the network already. If you can view a web page in a browser, you're connected and
can carry out the commands in this section. We'll use a package called SSH that's installed on most, if
not all, Linux distributions.
SSH stands for Secure Shell, and denotes the project developers' focus on protecting your
communications from snooping and hijacking. SSH has become an extremely respected and popular
protocol for communicating between systems, and is supported on many different types of systems,
such as the Putty graphical interface for Windows
Linux uses OpenSSH, a free software implementation ( It rarely has bugs
(although one will turn up once in a while, so for security reasons you should keep up with your
distribution's updates), and it supports the latest standard, SSH protocol version 2. If you decide to do
some heavy internetworking with SSH, you can get quite deep into it through SSH, The Secure Shell:
The Definitive Guide (O'Reilly).
This section lays out the four or five commands you'll use most often. Suppose you have an account
named mdw on a remote system called eggplant. You can log in as follows:
$ ssh -l mdw eggplant
The -l specifies the account on the remote system. Another syntax with identical effects is:
$ ssh [email protected]
If your account name is the same on the local and remote systems, you can omit the name and just
$ ssh eggplant
Each time you start an ssh session, it prompts for the password of the account on the remote system.
During the session, if you have to do something on your local machine, you don't have to log out or
switch windows. Suspend the remote login session by entering a tilde character (~) followed by Ctrl-Z.
(Sometimes the tilde is not caught by SSH; if it isn't, try again. You're successful if the tilde is not
displayed.) To pick up the session you suspended, use fg as for local programs you suspend.
You might want to run a single command instead of starting up a shell on the remote system; if so, just
enter the command after the hostname:
$ ssh -l mdw eggplant rm logfiles/temp_junk
Or, if you can omit your name:
$ ssh eggplant rm logfiles/temp_junk
Filenames such as logfiles/temp_junk are interpreted as if you were located in your home directory (the
directory you'd be in if you logged in). Use absolute pathnames (such as
/home/mdw/logfiles/temp_junk) if you want to make sure you're naming the right file in the right
The manpage for ssh can fill in interesting details, such as how to run X Window System graphical
programs over SSH, and how to eliminate the annoyance of having to enter your password at each
invocation of the command. (To be really robust, though, you may have to play around with
configuration files beyond what the manpage tells you.)
You can copy files using another command from the SSH suite, scp. The following copies a file from
your local system to eggplant:
$ scp logfiles/temp_junk [email protected]:
Once again, the username and @ can be omitted if it's the same on both systems. (But the -l syntax
doesn't work on scp; it uses a different -l option for a different purpose.)
Be sure to include the final colon; without it, you simply copy the file to a new file named eggplant on
your local system. On eggplant, the default directory is your home directory (as with ssh). You can
specify that the file be copied to any directory you have access to, with a path relative to the home
directory or with an absolute pathname.
To do the reverse operationcopy a file from the remote system to your ownenter:
$ scp [email protected]:logfiles/temp_junk .
We used a single dot here to denote the local directory where you're executing the command. Any
relative or absolute pathname could be specified instead.
To copy a directory, add the -r option:
$ scp -r [email protected]:logfiles .
4.13. Manual Pages
The most empowering information you can get is how to conduct your own research. Following this
precept, we'll now tell you about the online help system that comes built into Unix systems. It is called
manual pages , or manpages for short.
Actually, manual pages are not quite the boon they ought to be. This is because they are short and take
a lot of Unix background for granted. Each one focuses on a particular command and rarely helps you
decide why you should use that command. Still, they are critical. Commands can vary slightly on
different Unix systems, and the manual pages are the most reliable way to find out what your system
does. (The Linux Documentation Project deserves a lot of credit for the incredible number of hours they
have put into creating manual pages.) To find out about a command, enter a command, such as the
$ man ls
Manual pages are divided into different sections depending on their purpose. User commands are in
section 1, Unix system calls in section 2, and so on. The sections that will interest you most are 1, 5 (file
formats), and 8 (system administration commands). When you view manpages online, the section
numbers are conceptual; you can optionally specify them when searching for a command:
$ man 1 ls
But if you consult a hardcopy manual, you'll find it divided into actual sections according to the
numbering scheme. Sometimes an entry in two different sections can have the same name. (For
instance, chmod is both a command and a system call.) So you will sometimes see the name of a
manual page followed by the section number in parentheses, as in ls(1).
There is one situation in which you will need the section number on the command line: when there are
several manual pages for the same keyword (e.g., one for a command with that name and one for a
system function with the same name). Suppose you want to look up a library call, but the man
command shows you the command because its default search order looks for the command first. In
order to see the manual page for the library call, you need to give its section number.
Look near the top of a manual page. The first heading is NAME. Under it is a brief one-line description of
the item. These descriptions can be valuable if you're not quite sure what you're looking for. Think of a
word related to what you want, and specify it in an apropos command:
$ apropos edit
The previous command shows all the manual pages that have something to do with editing. It's a very
simple algorithm: apropos simply prints out all the NAME lines that contain the string you request.
Many other utilities, particularly those offered by the desktops discussed in Chapter 3, present manual
pages attractively.
Like commands, manual pages are sometimes installed in strange places. For instance, you may install
some site-specific programs in the directory /usr/local, and put their manual pages in /usr/local/man.
The man command will not automatically look in /usr/local/man, so when you ask for a manual page
you may get the message "No manual entry." Fix this by specifying all the top man directories in a
variable called MANPATH. For example (you have to put in the actual directories where the manual pages
are on your system):
$ export
The syntax is like PATH, described earlier in this chapter. Each pair of directories is separated by a colon.
If your shell is csh or tcsh, you need to say:
$ setenv MANPATH /usr/man:/usr/local/man
Another environment variable that you may want to set is MANSECT. It determines the order in which the
sections of the manual pages are searched for an entry. For example:
$ export
searches in section 2 first.
Have you read some manual pages and still found yourself confused? They're not meant to be
introductions to new topics. Get yourself a good beginner's book about Unix, and come back to manual
pages gradually as you become more comfortable on the system; then they'll be irreplaceable.
Manual pages are not the only source of information on Unix systems. Programs from the GNU project
often have Info pages that you read with the program info. For example, to read the Info pages for the
command find, you would enter:
info find
The info program is arcane and has lots of navigation features; to learn it, your best bet is to type CtrlH in the info program and read through the Help screen. Fortunately, there are also programs that let
you read Info pages more easily, notably tkinfo and kdehelp. These commands use the X Window
System to present a graphical interface. You can also read Info pages from Emacs (see "Tutorial and
Online Help" in Chapter 19) or can use the command pinfo, available on some Linux distributions, which
works more like the Lynx web browser.
In recent times, more and more documentation has been provided in the form of HTML pages. You can
read those with any web browser (see Chapter 5). For example, in the Konqueror web browser, you
select Open Location from the Location menu and press the button with the folder symbol, which opens
an ordinary file selection dialog where you can select your documentation file. Some documentation
may also come in PDF files ; these can be read with either the proprietary Acrobat Reader, which comes
with many Linux distributions and can otherwise be downloaded from, or with
xpdf and the KDE program KGhostview.
4.14. Startup Files
Configuration is a strong element of Unix. This probably stems from two traits commonly found in
hackers: they want total control over their environment, and they strive to minimize the number of
keystrokes and other hand movements they have to perform. So all the major utilities on Unixeditors,
mailers, debuggers, X Window System clientsprovide files that let you override their default behaviors
in a bewildering number of ways. Many of these files have names ending in rc, which means resource
Startup files are usually in your home directory. Their names begin with a period, which keeps the ls
command from displaying them under normal circumstances. None of the files is required; all the
affected programs are smart enough to use defaults when the file does not exist. But everyone finds it
useful to have the startup files . Here are some common ones:
For the bash shell. The file is a shell script, which means it can contain commands and other
programming constructs. Here's a very short startup file that might have been placed in your
home directory by the tool that created your account:
# The prompt contains the user's login name.
# Save 50 commands for when the user presses the up arrow.
# All the directories to search for commands.
# To prevent the user from accidentally ending a login session,
# disable Ctrl-D as a way to exit.
stty erase "^H"
# Make sure the backspace key erases.
For the bash shell. Another shell script. The difference between this script and .bashrc is that
.bash_profile runs only when you log in. It was originally designed so that you could separate
interactive shells from those run by background processors such as cron (discussed in Chapter
10). But it is not very useful on modern computers with the X Window System because when you
open a new terminal window, only .bashrc runs. If you start up a window with the command
xterm -ls, it will run .bash_profile too.
Like .bashrc, but for zsh.
Like .bash_profile, but for zsh.
For the C shell or tcsh. The file is a shell script using C shell constructs.
For the C shell or tcsh. The file is a shell script using C shell constructs. Like .bash_profile in the
bash shell, this runs only when you log in. Here are some commands you might find in .cshrc or
set prompt='$ '
# Simple $ for prompt.
set history=50
# Save 50 commands for when the user presses the up arrow.
# All the directories to search for commands.
set path=(/usr/local/bin /usr/bin /bin /usr/bin/X11)
# To prevent the user from accidentally ending a login session,
# disable Ctrl-D as a way to exit.
set ignoreeof
stty erase "^H"
# Make sure the backspace key erases.
For the Emacs editor. Consists of LISP functions. See "Tailoring Emacs" in Chapter 19.
For the vi editor (a visual editor that incorporates the older ex editor). Each line is an editor
command. See "Extending vi" in Chapter 19.
For news readers. Contains a list of all newsgroups offered at the site.
For the X Window System. Consists of shell commands that run whenever you log in to an X
session. See "Running X" in Chapter 16 for details on using this file.
This is actually a whole directory with configuration files for the K Desktop Environment (KDE).
You will find a lot of files here, all starting with the name of the program they configure and
ending in rc. Note that you should normally not need to edit these files manually; the respective
programs all come with their own configuration dialogs. Depending on the KDE version, this path
might start with .kde2 or .kde3.
Like the previous entry, a whole directory of configuration files , this time for the GNOME
graphical desktop.
4.15. Important Directories
You already know about /home, where user files are stored. As a system administrator and
programmer, several other directories will be important to you. Here are a few, along with their
The most essential Unix commands, such as ls.
Other commands. The distinction between /bin and /usr/bin is arbitrary; it was a convenient way
to split up commands on early Unix systems that had small disks.
Very common commands used by the superuser for system administration.
Commands used less often by the superuser for system administration.
Location where the kernel and other files used during booting are sometimes stored.
Files used by subsystems such as networking, NFS, and mail. Typically, these contain tables of
network services, disks to mount, and so on. Many of the files here are used for booting the
system or individual services of it and will be discussed elsewhere in this book.
Administrative files, such as log files, used by various utilities.
Temporary storage for files being printed, sent by UUCP, and so on.
Standard libraries, such as libc.a. When you link a program, the linker always searches here for
the libraries specified in -l options.
The X Window System distribution. Contains the libraries used by X clients, as well as fonts,
sample resources files, and other important parts of the X package. This directory is usually a
symbolic link to /usr/X11R6/lib/X11.
Standard location of include files used in C programs, such as <stdio.h>.
Location of sources to programs built on the system.
Programs and datafiles that have been added locally by the system administrator.
Sample startup files you can place in home directories for new users.
This directory contains the so-called device files, the interface between the filesystem and the
hardware (e.g., /dev/modem represents your modem in the system).
Just as /dev is the interface between the filesystem and the hardware devices, /proc is the
interface between the filesystem and the running processes, the CPU, and memory. The files here
(which are not real files, but rather virtual files generated on the fly when you view them) can
give you information about the environment of a certain process, the state and configuration of
the CPU, how your I/O ports are configured, and so forth.
The /opt directory is often used for larger software packages. For example, it is quite likely that
you will find the KDE Desktop Environment in /opt/kde3 (or /opt/kde4, once version 4 is out), the
office productivity suite OpenOffice in /opt/, and the Firefox web browser in
4.16. Basic Text Editing
Now that you have come across configuration files, we want to give you at least a small head start on
how to edit them. We save the real discussion of various text editors for Chapter 19.
We use the Emacs editor as an example here because it is both widely available and fairly user-friendly.
Other editors, such as vi, are even more widely available, but not very user-friendly for a beginner.
Again, others are more user-friendly, but may not be available on your Linux installation. We talk more
about vi and the other editors later.
Emacs comes in two different incarnations: GNU Emacs and XEmacs . GNU Emacs is started by issuing:
$ emacs
and XEmacs is started with:
$ xemacs
If you are not running from a graphical environment, add the -nw option (for "no windows"):
$ xemacs -nw
It is very likely that either GNU Emacs or XEmacs is available on your installation, and for the simple
things we are going to do now, the differences do not matter. If you have both at your disposal, we
would personally recommend XEmacs.
At this point, there are only very few things you need to know: how to enter and edit text, how to save
your edits, and how to terminate the editor. Of course, Emacs can do many more advanced things, but
we'll save those for later.
When you have started Emacs, you will see the file you specified on the command line loaded into its
buffer. You can freely type away, edit, enter new text, delete existing text using the Backspace key, and
move around with the cursor keys. When you want to save your file, you use the key combination C-x
C-s. This is Emacs jargon for "hold down the Control key, press the X key, release both, hold down the
Control key, press the S key, release both." This may sound arcane to you, but when you have done this
a couple of times, you will have the combination "in your fingers" and will not even think about it. Some
Emacs installations even come with graphical menus like you may be used to from other operating
systems, but these are not universally available, so we stick to what is guaranteed to be there for now.
When you are done with your edits and have saved your file, you will probably want to leave Emacs.
This is done with the key combination C-x C-c. You can probably guess it by now: this means "hold
down the Control key, press the X key, release both, hold down the Control key, press the C key,
release both." This will get you back to the command line.
4.17. Advanced Shells and Shell Scripting
In this section, we will look at some of the more advanced things you can do with your trusty shell, the
Linux command-line interpreters.
4.17.1. Setting Terminal Attributes
setterm is a command that sets various characteristics of your terminal (say, each virtual console), such
as the keyboard repeat rate, tab stops, and text colors.
Most people use this command to change the colors for each virtual console. In this way, you can tell
which virtual console you're currently looking at based on the text color. (Notice that this only applies to
the virtual consoles in text mode. X11 windows with shells in them are configured differently.)
For example, to change the color of the current terminal to white text on a blue background, use the
$ setterm -foreground white -background blue
Some programs and actions cause the terminal attributes to be reset to their default values. In order to
store the current set of attributes as the default, use:
$ setterm -store
setterm provides many options (most of which you will probably never use). See the setterm(1) manual
page or use setterm -help for more information.
If your terminal settings get really messed up (as happens, for example, if you try to look at the
contents of a binary file with cat), you can try typing setterm -reset blindly, which should reset your
terminal to reasonable settings.
4.17.2. Shell Programming
In "Shells," earlier in this chapter, we discussed the various shells available for Linux, but shells can
also be powerful and consummately flexible programming tools. The differences come through most
clearly when it comes to writing shell scripts . The Bourne shell and C shell command languages are
slightly different, but the distinction is not obvious with most normal interactive use. The Z shell
command language is a superset of the Bourne shell. Many of the distinctions arise only when you
attempt to use bizarre, little-known features of either shell, such as word substitution or some of the
more oblique parameter expansion functions.
The most notable difference between Bourne and C shells is the form of the various flow-control
structures, including if ...then and while loops. In the Bourne shell, an if ...then takes the following
if list
elif list
where list is just a sequence of commands to be used as the conditional expression for the if and elif
(short for "else if") commands. The conditional is considered to be true if the exit status of the list is
zero (unlike Boolean expressions in C, in shell terminology an exit status of zero indicates successful
completion). The commands enclosed in the conditionals are simply commands to execute if the
appropriate list is true. The then after each list must be on a new line to distinguish it from the list
itself; alternately, you can terminate the list with a ;. The same holds true for the commands .
An example is:
if [ "$PS1" ]; then
PS1="\h:\w% "
This sequence checks to see whether the shell is a login shell (that is, whether the prompt variable PS1
is set), and if so, it resets the prompt to \h:\w%, which is a prompt expansion standing for the hostname
followed by the current working directory. For example:
The [...] conditional appearing after the if is a bash built-in command, shorthand for test. The test
command and its abbreviated equivalent provide a convenient mechanism for testing values of shell
variables, string equivalence, and so forth. Instead of using [...], you could call any set of commands
after the if, as long as the last command's exit value indicates the value of the conditional.
Under tcsh, an if ...then compound statement looks like the following:
if (expression) then
else if (expression) then
The difference here is that the expression after the if is an arithmetic or logical expression evaluated
internally by tcsh, whereas with bash the conditional expression is a command, and the expression
returns true or false based on the command's exit status. Within bash, using test or [...] is similar to
an arithmetic expression as used in tcsh.
With tcsh, however, if you wish to run external commands within the expression, you must enclose the
command in braces: {command}.
The equivalent of the previous bash sequence in tcsh is:
if ($?prompt) then
set prompt="%m:%/%% "
where tcsh's own prompt special characters have been used. As you can see, tcsh boasts a command
syntax similar to the C language, and expressions are arithmetically and logically oriented. In bash,
however, almost everything is an actual command, and expressions are evaluated in terms of exitstatus values. There are analogous features in either shell, but the approach is slightly different.
A similar change exists with the while loop. In bash, this takes the following form:
while list
You can negate the effect by replacing the word while with until. Again, list is just a command
sequence to be executed, and the exit status determines the result (zero for success and nonzero for
failure). Under tcsh the loop looks like this:
while (expression)
where expression is a logical expression to be evaluated within tcsh.
This example should be enough to get a head start on understanding the overall differences of shell
scripts under bash and tcsh. We encourage you to read the bash(1) and tcsh(1) manual pages
(although they serve more as a reference than a tutorial) and Info pages, if you have them available.
Various books and tutorials on using these two shells are available as well; in fact, any book on shell
programming will do, and you can interpolate the advanced features of bash and tcsh into the standard
Bourne and C shells using the manual pages. Learning the bash Shell by Cameron Newham and Bill
Rosenblatt and Using csh and tcsh by Paul DuBois (both from O'Reilly) are also good investments.
4.17.3. Being More Efficient with the Z Shell
The Z shell (zsh) is particularly appreciated for its many features that make you more efficient on the
command line. To start with, zsh does not have one command prompt, but rather two: one for the
lefthand side, and one for the righthand side. The lefthand one is set as usual by assigning to the
environment variable PROMPT; for the righthand side, the environment variable RPROMPT is used. For
export PROMPT="%[email protected]%m"
export RPROMPT="%~%"
gives you your username and hostname to the left of the entry line, and the current directory to the
right. The smart thing about the right prompt is that it disappears when you "need the space"; that is, it
gets out of the way when your typing comes close.
An interesting thing about zsh is the many, many options that you can set with the setopt command.
The manual page zshoptions will list all of them, but we'd like to mention at least one very useful one
here, the ALL_EXPORT option. By specifying:
any environment variable that you set will automatically be exported. This is very useful if you, like us,
keep setting environment variables for processes other than the shell and then forget to export them,
and wonder why they are not picked up by the processes started from the shell. You can turn this off
with setopt noALL_EXPORT.
You have already seen how to use the cd command. Of course, zsh knows about cd as well, but it does
some other interesting stuff. For example, if you specify -- (a dash) as the argument, you will be
returned to the working directory that was your working directory before the last cd command (for the
following example, we have moved the display of the current directory back to the lefthand side):
~%> cd kdesvn/kdelibs/kdecore
~/kdesvn/kdelibs/kdecore> pwd
~/kdesvn/kdelibs/kdecore> cd /usr/local
/usr/local> cd ~/kdesvn/kdelibs/kdecore
Also, if you type in a command that zsh does not recognize (i.e., it is neither an executable in your PATH
nor a built-in command), but there is a directory with the name of that command, zsh will interpret that
as a request to change the working directory to that directory:
~> Documents
Another neat feature is the autocorrection of commands. If you, like us, keep typing mroe instead of
more, turn on the autocorrection by issuing:
setopt CORRECT
Now zsh will come up with suggestions if it cannot understand your command:
~/Documents> mroe /etc/motd
zsh: correct 'mroe' to 'more' [nyae]? y
Welcome to tigger...
Even when it comes to completion, zsh has a number of features that sets it apart from other shells.
There are few things that it does not attempt completion on. You know already that you can press the
Tab key half way during typing a command or filename, and most shells will attempt to complete what
you have started. But zsh also has the following features:
rpm --erase <TAB> # shows installed packages
rpm -q<TAB> # shows suboptions of the 'q' option
fg % <TAB> # shows the names of background processes that could be
promoted to foreground processes
cvs checkout <TAB> # shows possible modules to check out
make -f Makefile <TAB> # shows the targets in Makefile
cd <TAB> # shows directories only
There are many, many more completions built into zsh, and you can even program your own. The
manual page zshcompctl tells you all about this.
Chapter 5. Web Browsers and Instant
For the everyday communications that millions of people love to useweb browsing and instant
messaging, including Internet Relay ChatLinux provides free software tools that match or exceed most
proprietary offerings.
5.1. The World Wide Web
Everybody who has even the slightest connection with computers and has not heard about, or used, the
World Wide Web, most have spent some serious time under a rock. Like word processors or
spreadsheets some centuries ago, the Web is what gets many people to use computers at all in the first
place. We cover here some of the tools you can use to access the Web on Linux.
Linux was from the beginning intimately connected to the Internet in general and the Web in particular.
For example, the Linux Documentation Project (LDP ) provides various Linux-related documents via the
Web. The LDP home page, located at, contains links to a number of other Linuxrelated pages around the world. The LDP home page is shown in Figure 5-1.
Linux web browsers usually can display information from several types of servers, not just HTTP servers
sending clients HTML pages. For example, when accessing a document via HTTP, you are likely to see a
page such as that displayed in Figure 5-1--with embedded pictures, links to other pages, and so on.
When accessing a document via FTP, you might see a directory listing of the FTP server, as seen in
Figure 5-2. Clicking a link in the FTP document either retrieves the selected file or displays the contents
of another directory.
The way to refer to a document or other resource on the Web, of course, is through its Uniform
Resource Locator, or URL. A URL is simply a pathname uniquely identifying a web document, including
the machine it resides on, the filename of the document, and the protocol used to access it (FTP, HTTP,
etc.). For example, the Font HOWTO, an online document that describes the optimal use of fonts on
Linux, has the following URL:
Figure 5-1. LDP home page on the World Wide Web
Let's break this down. The first part of the URL, http:, identifies the protocol used for the document,
which in this case is HTTP. The second part of the URL, //, identifies the machine where
the document is provided. The final portion of the URL, HOWTO/html_single/Font-HOWTO/index.html, is
the logical pathname to the document on This is similar to a Unix pathname, in that it
identifies the file index.html in the directory HOWTO/html_single/Font-HOWTO. Therefore, to access the
Font HOWTO, you'd fire up a browser, telling it to access What could be easier?
Actually, the conventions of web servers do make it easier. If you specify a directory as the last element
of the path, the server understands that you want the file index.html in that directory. So you can reach
the Font HOWTO with a URL as short as:
Figure 5-2. FTP directory as displayed in the Konqueror web browser
To access a file via anonymous FTP, we can use a URL, such as:
This URL retrieves the Linux FAQ. Using this URL with your browser is identical to using ftp to fetch the
file by hand.
The best way to understand the Web is to explore it. In the following section we'll explain how to get
started with some of the available browsers. Later in the chapter, we'll cover how to configure your own
machine as a web server for providing documents to the rest of the Web.
Of course, in order to access the Web, you'll need a machine with direct Internet access (via either
Ethernet or PPP). In the following sections, we assume that you have already configured TCP/IP on your
system and that you can successfully use clients, such as ssh and ftp.
5.1.1. Using Konqueror
Konqueror is one of the most popular browsers for Linux. It features JavaScript and Java support, can
run Firefox plug-ins (which allow you to add functions such as viewing Flash presentations), and is well
integrated into the KDE desktop described in "The K Desktop Environment" in Chapter 3. Actually, when
you install KDE, Konqueror will be installed as an integral part of the system. In the section on KDE, we
have already described how to use Konqueror to read local information files. Now we are going to use it
to browse the Web.
Most things in Konqueror are quite obvious, but if you want to read more about it, you can use
Konqueror to check out
Here, we assume that you're using a networked Linux machine running X and that you have Konqueror
installed. As stated before, your machine must be configured to use TCP/IP, and you should be able to
use clients, such as ssh and ftp.
Starting Konqueror is simple. Run the command:
eggplant$ konqueror
where url is the complete web address, or URL, for the document you wish to view. If you don't specify
a URL, Konqueror will display a splash screen, as shown in Figure 5-3.
Figure 5-3. The Konqueror splash screen
If you run Konqueror from within KDE, you can simply type Alt-F2 to open the so-called minicli window,
and type the URL. This will start up Konqueror and point it directly to the URL you have specified.
We assume that you have already used a web browser to browse the Web on some computer system,
so we won't go into the very basics here; we'll just point out a few Linux-specific things.
Keep in mind that retrieving documents on the Web can be slow at times. This depends on the speed of
the network connection from your site to the server, as well as the traffic on the network at the time. In
some cases, web sites may be so loaded that they simply refuse connections; if this is the case,
Konqueror displays an appropriate error message. At the bottom edge of the Konqueror window, a
status report is displayed, and while a transfer is taking place, the KDE gear logo in the upper-right
corner of the window animates. Clicking the logo, by the way, will open a new Konqueror window.
As you traverse links within Konqueror, each document is saved in the window history, which can be
recalled using the Go menu. Pressing the Back button (the one that shows an arrow pointing to the left)
in the top toolbar of the Konqueror window moves you back through the window history to previously
visited documents. Similarly, the Forward button moves you forward through the history.
In addition, the sidebar in Konqueror can show you previously visited web sites; that is a very useful
feature if you want to go to a web site that you have visited some time ago too long ago for it to still
appear in the Go menu but you do not remember the name any more. The History pane of the sidebar
has your visited URLs sorted by sites. If you do not have a sidebar in your Konqueror window, it may be
hidden; press F9 in that case, or select Window
Show Navigation Panel from the menu bar. The
sidebar has several panels, of which one at a time is shown; the one you want in this case is the one
depicted by a little clock. Click on the clock icon to see the previously visited sites.
You can also bookmark frequently visited web sites (or URLs) to Konqueror's "bookmarks ." Whenever
you are viewing a document that you might want to return to later, choose Add Bookmark from the
Bookmarks menu, or simply press Ctrl-B. You can display your bookmarks by choosing the Bookmarks
menu. Selecting any item in this menu retrieves the corresponding document from the Web. Finally, you
can also display your bookmarks permanently in another pane of the sidebar by clicking on the yellow
star. And of course, Konqueror comes with ample features for managing your bookmarks. Just select
Edit Bookmarks, and sort away!
You can also use the sidebar for navigating your home directory, your hardware, your session history,
and many other things. Just try it, and you will discover many useful features.
Besides the sidebar, another feature that can increase your browsing experience considerably is the socalled tabbed browsing . First made popular by the open source browser Mozilla (see later in this
chapter), Konqueror has really taken tabbed browsing to its heart and provides a number of useful
features. For example, when you are reading a web page that contains an interesting link that you
might want to follow later, while continuing on the current page now, you can right-click that link and
select Open in New Tab from the context menu. This will create a new tab with the caption of that page
as its header, but leave the current page open. You can finish reading the current page and then go on
to one of those that you had opened while reading. Since all pages are on tabs in the single browser
window, this does not clutter your desktop, and it is very easy to find the page you want. In order to
close a tab, just click on the little icon with the tabs and the red cross.
As mentioned previously, you can access new URLs by running konqueror with the URL as the
argument. However, you can also simply type the URL in the location bar near the top of the Konqueror
window. The location bar has autocompletion: if you start typing an address that you have visited
before, Konqueror will automatically display it for your selection. Once you are done entering the URL
(with or without help from autocompletion), you simply press the Enter key, and the corresponding
document is retrieved.
Konqueror is a powerful application with many options. You can customize Konqueror's behavior in
many ways by selecting Settings
Configure Konqueror. The sections Web Behavior and Web
Shortcuts provide particularly interesting settings. In the section Cookies, you can configure whether
you want to accept cookies domain by domain and even check the cookies already stored on your
computer. Compare this to browsers that hide the cookies deep in some hidden directory and make it
hard for you to view them (or even impossible without the use of extra programs!).
Finally, one particular feature deserves mention. Web browsers register themselves with the server
using the so-called User Agent string, which is a piece of text that can contain anything, but usually
contains the name and version of the web browser, and the name and version of the host operating
system. Some notably stupid webmasters serve different web pages (or none at all!) when the web
browser is not Internet Explorer because they think that Internet Explorer is the only web browser
capable of displaying their web site.[*] But by going to the Browser Identification section, you can fool
the web server into believing that you are using a different browser, one that the web server is not too
snobbish to serve documents to. Simply click New, select the domain name that you want to access,
and either type an Identification string of your own, or select one of the predefined ones.
[*] A web site that can be browsed with only one browser or that calls itself "optimized for browser X" should make you virtually run away,
wringing your hands in wrath over such incompetence on the part of the webmaster.
5.1.2. Other Web Browsers
Konqueror is not the only browser that reads web documents. Another browser available for Linux is
Firefox , a descendant of Mozilla, which in turn started its life as the open source version of Netscape
Navigator , the browser that made the Web popular to many in the first place. If your distribution does
not contain Firefox already, you can get it from Firefox's
features are in many aspects similar to Konqueror's, and most things that you do with one you should
be able to do with the other. Konqueror wins over Firefox in terms of desktop integration if you use the
KDE desktop, of course, and also has more convenience features, whereas Firefox is particularly strong
at integrating nonstandard technologies such as Flash. Firefox also comes with a very convenient popup blocker that will display a little box at the top of your browser window when it has blocked one of
those annoying pop-ups. You can select to always block it (and not be told about it anymore), always
allow pop-ups from that site (they could be important information about your home banking account),
or allow the pop-up once.
Firefox has one particular powerful feature that is often overlooked: its extensions. By selecting Tools
Extensions from the menu bar, a dialog with installed extensions pops up; it is quite likely that you
initially don't have any (unless your distributor or system administrator has preinstalled some for you).
Click on the Get More Extensions link, and a long list with extensions that have been contributed to
Firefox will show up. By default, you will see the list of the most popular and the list of the newest
extensions, but take some time to discover all categories that seem interesting to you, there are a lot of
goodies in here.
We would like to point out two extensions that we have found particularly interesting. Adblock adds a
small overlay that looks like a tab to parts of the rendered web page that it suspects to be banner
advertising. Just click on that little tab, click OK in the dialog that pops up (or edit the URL to be
blocked, maybe to be even more general), and enjoy web pages without banner ads. It can actually
become an addiction to refine the blocking patterns so much that you do not see any banner advertising
anymore while surfing the Web. But just zapping a single one is a source of joy.
The other extension that we found particularly interesting is ForecastFox. It lets you select a number of
locations on the earth and then displays small icons in the status bar (or other locations at your
discretion) that show the current weather at those locations. Hover the mouse over one of those icons,
and you will get a tooltip with more detailed information.
As with Konqueror, you should plan to spend some time with Firefox in order to explore all its
possibilities. In many aspects, such as security, privacy, and browsing convenience, it beats the most
often used browser on the Web these days hands down.
Yet another versatile browser is w3m . It is a text-based browser, so you miss the pictures on a web
site. But this makes it fast, and you may find it convenient. You can also use it without the X Window
System. Furthermore, when you want to save a page as plain text, w3m often provides a better format
than other browsers, because text-based rendering is its main purpose in life. Then there is the adfinanced browser Opera, which has become quite popular lately, and finally, for those who never want
to leave Emacs, there is Emacs/W3, a fully featured web browser you can use within Emacs or XEmacs.
5.2. Instant Messaging
Although various forms of chat have been widespread among computer users for decades, a very rich
and easy-to-use kind of chat called instant messaging (IM ) has become popular with the growth of
Internet use. AOL Instant Messenger (AIM) , Yahoo! Messenger , and MSN Messenger are just a few
versions of this medium. Although each service provides its own client (and prefers that you use their
client, so they can send advertisements your way), you can get access to all the most popular IM
systems through open source programs such as Gaim, Kopete, and a variety of Jabber clients. These are
very full-featured clients that have a number of powerful features that in terms of functionality put them
ahead of the clients that the commercial services foist on you (although the open source clients are
missing some of the eye candy in the commercial clients).
Unfortunately, instant messaging has as many different protocols as there are commercial services.
None of the protocols communicates with the others. This is because each instant messaging provider
wants to force people to use its client and receive its ads. And since the services are offered for free,
one could make a good case for their right to recoup their costs this way. At least one popular service
(Yahoo!) offers a Linux client, and it's quite decent.
But this is an age where digital recorders can zip right through the ads on TV. In the same way, open
source clients can serve up instant messaging plain and simple, without pushing weather updates or
pictures of last month's pop star in your face. Most important, open source clients let you use a single
program to control all your accounts; you don't need to run multiple programs in the background and
enter configuration information in each one. Eventually, commercial providers may give in and
standardize on the Extensible Messaging and Presence Protocol (XMPP ) , which is the stiff-sounding
name Jabber had to adopt to be accepted as a bona fide standard (more specifically, a set of RFCs put
out by an IETF committee). For now, use a multi-protocol client.
All these clients are intuitive to use, but there are some neat tricks you should be aware of. This section
shows how to use Gaim, the most popular messaging program among Linux users. Kopete, a KDE
client, is probably the next most popular.
Most Linux distributions put Gaim right on your desktop, usually somewhere under a menu item for
Internet services. If you see a menu item labeled something such as "instant messaging," it probably
runs Gaim (or Kopete ). Naturally, if Gaim is installed, you can run gaim from the command line. And if
it isn't installed, it's easy to get from and install yourself.
Here we'll cover Version 1.2.1 for Linux. A new version was expected at the time of this writing that
would have different pull-down menus and other interface changes, but would offer the same functions
5.2.1. Initial Configuration
This book doesn't deal with how to set up an instant messaging account; for that you have to go to the
web site provided by the service you want to use and follow its simple procedure. After you get an
account (which involves finding a screen name no one has taken yetnot always so easy), you have to
configure Gaim to know about it. Gaim should show you an Accounts screen the first time it runs (see
Figure 5-4). If Gaim shows you its Buddy List screen instead, press Ctrl-A to show the Accounts screen,
or pull down the Tools menu and select Accounts.
Figure 5-4. Gaim's Accounts screen
Press the Add button, and fill out the information on the Add Account screen that pops up:
Make sure to choose the service you're using. The default is AIM/ICQ, which is the most popular
service, but if you're using a different service you can just choose it from the drop-down menu.
One of the options is IRC, so Gaim can be used to participate in the IRC sites that are so popular
among Linux users and developers.
Screen name
This is the account name you use to log in, such as simplesimonpi or alljazzedtogo .
You chose this when you signed up for the account.
This is the name you see for yourself when you're typing in a chat; it has no effect on what other
people see when they chat with you.
There are also a variety of options in this dialog box. For instance, if you need to connect through a
proxy, you can specify the protocol after pressing the "Show more options" button. You can also get
access to this option (and scads of others) from the Buddy List screen, by pulling down the Tools menu
and choosing Preferences, or simply by pressing Ctrl-P. Note that the Preferences menu sets a default
for all accounts, and that you can override the default for individual accounts.
If you have a desktop or laptop that's usually Internet connected, it's extremely convenient to have
Gaim remember your password and log you in automatically. But if you don't use instant messaging
often, or are afraid of nosy people getting their hands on your system while you're logged in, you may
decide to leave these options unchecked.
We haven't yet done anything special to give you a real personality on the Internet (we do that later
under "Advanced Configuration"), but you have accomplished enough to communicate.
When you're done, save your account. Back in the Accounts screen, click the Online box. If you have
Internet connectivity, it will log you in and you're ready to go. If the login fails, click Modify and check
all the items you entered. Did you choose the right protocol? Try re-entering your password.
5.2.2. Chatting
At this point, using Gaim is straightforward. Most people allow IM only with people they know, and only
after explicitly adding them to a list of accounts called a buddy list. If you have already added buddies
in another client, most services store the information, and they'll show up in Gaim's buddy list.
To add new buddies, pull down the Buddies menu . First add a few groups such as Work, Family, and
Political Debaters. (You'll appreciate having groups after a few weeks, when you realize how many
people you want to chat with. Some authors of this book chat with family members who are in the next
room. Hey, isn't it better than shouting?)
Then add buddies to these groups. How do you find the buddies? Like signing up for an IM account,
that's an "out of band" procedurea computer science term meaning "It's up to you to do it and we don't
care how." Most people exchange account names through email or written slips of paper. But one
convenient search method for AIM/ICQ is through Tools
Account Actions
Search for Buddy by
To start a conversation, double-click on somebody from the buddy list who's logged in. To start a
multiperson chat with two or more buddies who use the same service, pull down the Buddies menu and
choose "Join a chat." Here you can pick the service you're using and any name you like; then invite
other buddies in one at a time by pressing the Invite button, choosing a buddy from the pull-down
menu, and entering a bit of text to let her know what you're inviting her to. You can carry on separate
chats with buddies on different services (for instance, AOL and MSN) but you can't combine buddies
from two different services in a single chat because each service uses its own protocol.
One of the most valuable features of instant messagingmaking it a real business tool, not just a
pastimeis the ability to save the text from chats so you can refer later to your "speech acts" (the
promises you made). During the chat, choose Conversations
Save As and you can save the text in
HTML format. What you save is what has already appeared in the window; if more text you want is
added later, you have to resave it. It may be convenient for you to make all chats or instant messages
logged by default; you can do this through the Logging item on the Preferences menu, but you will
probably end up saving a lot of trash you don't care about.
The HTML in the logs is ugly, but it's sufficiently human-readable for you to extract the text you want
later. If timestamps are just a lot of junk to you, turn off timestamping under the Options drop-down
The little boxes with A in them show different types of formatting (italic, bold, and even color) that you
can apply: use a mouse to highlight the text you want to change, and click the button. Instead of a
button, you can change highlighted text to bold with Ctrl-B or to italic with Ctrl-I, put a strike-through
line through it with Ctrl-S, or underline it with Ctrl-U. If something is highlighted and you want to
remove the formatting, click the button or Ctrl key again to undo the action.
Long before IM, users of text-only programs such as email, Net news, and Internet Relay Chat (IRC)
exercised a great deal of ingenuity making up the famous little strings such as :-) and :-< that are
known as smileys or emoticons. Running in a graphical environment, IM adds another dimension by
providing sets of graphical smileys. And if you're bold or uncivilized enough to use a smiley, you might
as well replace the defaults in Gaim with a bold or uncivilized set downloaded from the Gaim web site.
(Choose the Themes link on the right side of the main page.) Download a tarball that looks
intriguingunfortunately, you get to see only one representative smiley until you install the themeand
unpack the tarball into its constituent .png files in the smileys subdirectory of your Gaim configuration
directory, usually ~/.gaim/smileys.
You can type or paste a URL into a chat, and it will automatically turn into a link. But if you want more
sophisticated formatting, where an arbitrary piece of text such as My Home Page turns into a link, press
the little button with a metal chain link. You can then enter both a URL and the text that appears in your
message to link to the URL. Sending a file from your system to your buddy is as easy as choosing
Send File. However, the transfer does not take place until the buddy accepts your
5.2.3. Advanced Configuration
You wouldn't leave home without your shadow, and you should similarly feel that your IM experience
would be incomplete without a number of personalized items to present to the world:
Buddy information (known in some other clients as a profile)--free-form text that describes you
A small icon
A punchy set of Away messages to tell your buddies your status, a hot topic in communications
research called presence
We'll also discuss some other customizations you'll find useful in this section, including how to find out
what your buddies are doing.
Buddy information can be entered and changed from Tools
Account Actions
Set User Info. Note
that this information (and all the items set in this section) is tied to the Gaim client you're working in. If
you use Gaim on a different system or run a different IM client, you have to re-enter all the information
to make it appear to buddies. Consider typing a small summary of your work and including a URL that
points to a web page with more information.
Like other IM clients, Gaim lets you attach a picture to your account, so it will show up when people
include you in their buddy lists and chat with you. When you configure your account using the Add
Account or Modify Account dialog, click the Open button next to the "Buddy icon" label and drill through
your file hierarchy till you find an image you like. You can also pull up, in the file manager on your
desktop, a folder containing the picture you want to use as your icon, and drag the icon from the
desktop folder to the Modify Accounts window. Gaim supports lots of popular formats, including JPEG,
GIF, and PNG. Depending on the support available in the GTK+ libraries, Gaim converts the file's format
to a format your service accepts if necessary.
AIM imposes quite restrictive size limits on the image you use, and Gaim does not tell you that you
have exceeded the limits. For many services, furthermore, you must be careful to provide a perfect
square, because the image may otherwise be stretched and come out quite unflattering. The GIMP
(described in Chapter 9) is useful for adjusting pictures to fit requirements, once you have determined
what they are.
Now create a series of apt Away messages that you can put up when you leave your terminal. From the
Preferences dialog, choose "Away messages" and press the Add button to bring up a dialog
that lets you add and save a new message. (Or use Tools
New Away Message.) For each
message, assign a title that will appear in your menus, and in the larger box underneath the title type
the actual text that buddies will see.
When you leave your desk, you can choose an appropriate Away message from Tools
Custom, and it's very helpful to your associates to do so. But setting a message can often be too much
trouble to remember, so Gaim sets one automatically when your terminal is idle for a while. We
recommend you replace the boring default (if you don't think it's boring, look at what it says) with a
message of your own choice. Do this from the Preferences dialog, reached by pressing Ctrl-P. The
Away/Idle item in this dialog lets you set the default Away message, as well as how long the terminal
has to be idle before it appears.
If your Away message is set through the idle timer just described, Gaim automatically replaces it with
an Available message when you move the mouse or start typing again. If you have set an Away
message explicitly, you need to explicitly indicate when you've returned by choosing Tools
Back. The Available message shown when you're at your terminal can be set through Tools
Account Actions
Set Available message.
Gaim automatically checks your spelling and underlines misspelled words as you type. Because a
rebellious air of reckless informality has always hung over instant messaging, it strikes us as the tool
where accurate spelling is least important. The feature works quite well and adapts to the user's locale
(that is, the language and nationality you chose when installing your distribution), but it can be turned
off in the Message Text box under Preferences if you like.
A more useful feature for busy and bumbling typists is text replacement. This is provided as one of the
many plug-ins you can enable in the Preferences dialog. Click on Plugins and enable "Text
replacement." Then type in abbreviations you'd like to use for common phrases. For instance, one
author of this book has defined the string newrl to expand to Running Linux, 5th Edition to make it easy
to refer to that book. You must enter the string as a separate word for Gaim to recognize and expand it.
We described earlier how to let buddies know your changes in presence. Gaim can also display their
presence, but by default it does not pop up a message (as some IM clients do) to let you know every
time a buddy has arrived or left. You can add this feature through the guifications plug-in. Download it
from, install it, and enable it in the Preferences dialog box under
Even without the guifications feature, you have fine-grained control over presence notifications: you can
tell Gaim to notify you when a particular buddy has logged in, logged out, gone idle, returned, and so
forth. Thus, you may choose on a particular day to be told when somebody logs in or returns, because
you're in a hurry to reach him to discuss a particular task. The mechanism for doing all this is called a
buddy pounce .
To use this feature, choose Tools
Buddy Pounce
New Buddy Pounce. In the dialog that appears,
you can indicate exactly whom you want to track, what changes in presence you want to be notified
about, and how you want to be notified. The buddy is not informed of any of this snooping unless you
choose "Send a message." You could use that feature to have a box such as "Please call home right
away" appear on the buddy's screen at the moment his or her presence changes.
Chapter 6. Electronic Mail Clients
Modern email readers have graphical interfaces and tend to offer similar features in a similar manner.
In addition to delivering your electronic mail, most allow you to maintain contact lists and many include
calendars. Email readers usually also let you read newsgroups, which are one of the oldest features in
computer networking and still offer valuable communities and quick sources of information (if you can
find groups untainted by scads of unsolicited commercial postings).
One of the most popular email readers and contact managers, Evolution, was described in Chapter 3. In
this chapter, we show you some interesting ways to use other graphical email readers productively, and
give you the background you need to carry out some more advanced tasks, such as delivering mail from
a server to a local system using fetchmail, and protecting your mail with encryption.
Linux supports older, text-based tools for doing these things too. Elm and Pine are fast text-based
readers that have managed to keep up pretty well with changes in modern email conventions, such as
displaying files of different types and following URLs. A few people like the tried-and-true mail program,
but it's generally used more in scripts to send mail automatically. These older tools are not discussed in
this book.
At this point, it may be worthwhile to point out the difference between a Mail User Agent (MUA) and a
Mail Transport Agent (MTA). The program that you interact with when reading or writing email
messages is the Mail User Agent, like the ones described in this chapter. Mail Transport Agents are the
software that then relays the messages across the Internet to the receiving party, which gets the
message delivered into the inbox of his or her Mail User Agent. An example of a Mail Transport Agent is
Postfix, which we describe in "The Postfix MTA" in Chapter 23.
6.1. Using KMail
KMail is a very user-friendly, feature-rich mailer that comes with KDE and integrates mail smoothly with
other utilities. For example, if an email message you receive contains a link to a web page, you can click
this link in the message, and the KDE web browser Konqueror will pop up and display the web page. Or,
if the email contains an MP3 file as an attachment, you can click it to play the file with one of KDE's MP3
players. Figure 6-1 shows a screenshot of KMail at work.
Figure 6-1. KMail mailer
KMail has a lot of features and settings, but we'll just cover some that get you started quickly and leave
it to you to explore KMail further. As you can see in Figure 6-1, the KMail window is divided by default
into three parts. On the left, you see a tree of your folders (at first startup, you will have only the
default folders, of course). The upper part of the right side shows a listing of messages in the currently
selected folder, and the lower part of the right side shows the currently selected message. You can
change how the space is distributed between these parts by dragging the separator lines between them.
The latest KMail versions even have a fourth part that lets you drill further into the structure of an
individual message by displaying the MIME parts the message is composed of. However, this display is
turned off by default, as most people do not need it.
Before you can use KMail, you have to set up some information in it. Select Configure KMail from the
Settings menu and then open the configuration group Identities by clicking its icon. You can create a
number of different identities here; for example, you may want to use different return addresses when
emailing as an employee of your company or as a private person. Click Add to create a new entity; a
subsequent dialog lets you choose between starting from scratch, using the settings from the KDE
Control Center (useful only if you have configured your email settings there), and copying the values
from an existing identity (which of course is possible only if you already have one and only makes sense
if you intend to edit the copy afterwards). If you are setting up KMail, you will want to select creating an
entirely new identity here. Give the identity a name, such as "Work" or "Home," and click OK. For
starters, it is sufficient to fill in the Name and Email Address fields on the General tab (see Figure 6-2)
of the identity editor.
Next, go to the Accounts configuration group. Here, you need to create at least one account for outgoing
mail and one for incoming mail.
Let's start with the outgoing mail, which you will find on the Sending tab of the Configure dialog box
(see Figure 6-3.) Click the Add button. You will be asked whether you want to use SMTP or talk to a
Sendmail installation directly. In almost all cases, if you have an MTA installed locally, you will want to
select SMTP. Then, on the General tab of the SMTP transport configuration, give the transport a name
(which you can choose arbitrarily because it exists only for you to recognize the settings later and will
not be used in any network communication). In any case, you need to enter the hostname of the port.
The port is almost always 25; the hostname should be given to you by your provider. If you have a local
MTA installed and want to use it, simply enter localhost. If your mail server requires authentication
(check with your provider if you are unsure), check the appropriate checkbox and fill in the login name
and password. This is less common than you would think, however; most ISPs protect themselves
against being used as spam relays either by only accepting outgoing mail from IP addresses that they
have provided themselves, or by asking you to fetch your email (which always requires a login) first,
and then sending outgoing email within a certain amount of time.
This should be enough to let you send outgoing email, but we recommend that you take a few
additional steps to make this as secure as possible. KMail makes this easy for you by autodetecting the
security settings of the SMTP server you are using. Go to the Security tab and click the button labeled
"Check what the server supports." KMail will check the connection to the server and use the settings
with the highest supported security and encryption. Alas, many providers run their mail servers without
any encryption at all.
Figure 6-2. KMail identity configuration
Now let's continue by configuring the receiving end. Close all subdialogs until you are back at the
Network configuration group, and select the Receiving tab. Here you can set up a number of accounts to
be queried. This can be useful if you have more than one provider that stores email for you. Click the
Add button and select the type of mail server. If you run your own MTA locally, you need to select Local
Mailbox. Usually, you can then accept the defaults on the next page (but change the name to something
more appropriate than "Default").
If you retrieve your messages directly from your provider's server, you need to select either POP3 or
IMAP, depending on what your provider supports. In the dialog that appears again enter a name of your
own choice, then specify your login name, your password, the name of the host that stores your email,
and the port (usually 110 for POP3 and 143 for IMAP). All this information should be given to you by
your provider or system administrator. You can leave all other options as they are for now, and
experiment later with them.
Figure 6-3. KMail identity for outgoing mail
As an aside, recent KMail versions have a feature for retrieving your messages that make it stand apart
from many other email clients. Traditionally, the IMAP protocol required an online connection to the
IMAP server that is storing your messages because no messages are stored locally. KMail, however, also
sports a mode called disconnected IMAP that caches your messages locally so that you can both use the
benefits of IMAP, such as having the same view on your mailbox from different computers (e.g., your
workstation and your laptop), and still work offline when the need arises. Intelligent synchronization
mechanisms make sure that all computers always have the same view of your mailbox (of course, only
after you have performed synchronizations).
Close all dialogs with the OK button. You should now be ready to retrieve your email. To do so, select
Check Mail from the menu. This will retrieve all messages from all incoming mailboxes that you
have specified. If it does not work or you get any error messages, check all the values you entered on
the various configuration pages again and compare them to the information given to you by your
provider or system administrator. The most typical error is a typo in the hostname, username, or
If you are using disconnected IMAP, the Check Mail menu item does a lot more than checking the server
mailbox for new messages: it ensures that the server and your local mailbox are in the same state,
which may include deleting messages from the server, changing flags, and so forth.
To send a message, press Ctrl-N or select Message
New Message. A composer window opens where
you can type in the recipient's address, the subject, and the actual message body. An intelligent
autocompletion will come up with suggestions as you type; these suggestions are pulled both from your
address book (if you keep one) and from mails you have sent and received recently.
If you have configured more than one identity, you can also select the one to be used for this message.
When you are done composing your message, press Ctrl-N. Depending on how you have configured
your outgoing mail transport, the message will either be put into the output folder and wait there for
further handling (this is the default) or be transmitted directly. If you want to override your setting for a
particular email, just select Message
Queue or Message
Send Now from the menu bar of the
composer window.
Messages put into the output folder are by default not sent automatically. (You can, however, configure
KMail to always send messages in the outbox when it checks for incoming messages.) To send all
messages in your outbox, select File
Send Queued from the menu bar of the main KMail menu. We
have made it a habit never to send any message automatically and always review our outbox before
sending the messages therein, which saves a lot of embarrassment that could result from sending email
to the wrong people. Reviewing complaint mails that you have written in anger after your anger has
cooled down may also keep you a few more friends and business contacts.
If you have problems sending your messages, check the settings you have made for typos. As
mentioned earlier, to prevent the relaying of unsolicited commercial email (so-called spam) via their
servers, some providers require that you check your mailbox on the server (providing your username
and password as you go) in order to identify yourself before you can send any email via that server.
After you have checked your incoming email, you have a certain period of time (often 15 minutes) to
send your outgoing email.
You should now know enough about how to use KMail in order to continue exploring the mailer on your
own. One of the first things you may want to do (especially if you have a large number of messages to
handle everyday) is to create folders by selecting Folder
New Folder and then set up filters by
selecting Settings
Configure Filters. This lets you redirect messages with certain characteristics
(e.g., certain senders or subjects) to predefined folders. For example, you may want to gate all
messages from a mailing list to a folder dedicated to that purpose. If all you want to do is file messages
sent to a certain mailing list, recipient, or with a certain subject, you can also right-click on that
message header and select Create Filter from the context menu that pops up; a submenu lets you select
what to filter on. After selecting this, the filter configuration dialog will pop up with the criteria already
filled in correctly; all you have to do is to specify what should happen to that message, such as moving
it to a folder or deleting it right away.
If you find you are not only using KMail regularly but also the address book and calendaring
components that come with the KDE desktop, KAddressbook and KOrganizer, and if you would like
those applications to be integrated into a common main window, you should take a look at Kontact. It is
a wrapper application that "swallows" the individual application components using the KParts
technology and presents them with a common interface, as shown in Figure 6-4.
Figure 6-4. The Kontact overview window
All the individual components that are available appear on the button bar on the left side of the window,
where you can click on them to bring the respective component to the front. In most of the Kontact
applications, these buttons also act as targets for drag-and-drop operations, which means you can, for
example, drag an email message on to the Todo view button to create a new task based on that email.
Experiment with dragging things onto the different buttons and see what happens.
It should be noted that the components available inside Kontact are exactly the same applications that
are available standalone, such as KMail or KAddressbook. This means that you can start one of them
individually, whenever you do not want to start Kontact for some reason, and keep working with the
same data and settings. All of the functionality available in Kontact is also available with the standalone
applications. Since Kontact uses KParts, it can be extended with other components, not just the ones
that are shipped with it; several third-party components already exist, such as a news feed reader
component. To find out which components are currently installed and available, use Select Components
from the Settings menu.
One of the most prominent integrative features of Kontact is the summary view. Click the Summary
button on the sidebar to activate it. The page that appears is filled with information from each of the
application components. The mail part shows a configurable summary of folders with unread mail.
Clicking one of the listed folders will take you directly into that folder in the mail part. Similarly, the
calendaring component shows any upcoming events, birthdays of people in your address book, and
currently open tasks. To configure the summary view in detail, select Configure Summary View from the
Settings menu. The individual areas of the summary view can be rearranged by dragging them by the
header area in recent versions of Kontact.
6.2. Using Mozilla Mail & News
Mozilla Mail & News is the mail client that comes with the Mozilla web browser if you install more than
the minimal installation (which only contains the browser and the composer itself). Chances are that
your distribution already carries Mozilla, but if it doesn't, or you'd rather have a newer version, you can
download it from A freestanding version of Mozilla Mail & News is Thunderbird
, which you can find at Thunderbird is particularly good
at filtering junk mail and preventing email viruses from entering your system.
The concepts for setting up and using Mozilla Mail are quite similar to those for KMail, so we will cover
only the differences here. To open the mail client, start Mozilla and select Windows
Mail and
Newsgroups from the menu. If you are starting the mailer for the first time, a wizard will pop up that
lets you configure your email. Check "Email account" on the first page, and your identity information on
the second page (Mozilla's account handling is slightly less flexible than KMail's because it ties identities
to accounts, whereas you can change identities at will with KMail).
On the third page, select whether you get your incoming mail via POP or IMAP (it's not possible to
retrieve your email locally with Mozilla Mail & News, a big drawback), and specify the incoming and
outgoing server name (specify localhost both times if you are running your own MTA). Complete the
remaining information on the next pages, and you are ready to run Mozilla Mail & News. The screen
layout is by default the same as that of KMail.
As when using KMail, one of the first things you probably want to set up when using Mozilla Mail & News
is additional folders and filters that sort your incoming messages into these folders. You can create new
folders by right-clicking the folder list and selecting New Folder in the context menu that appears. You
can configure the filter rules by selecting Tools
Message Filters.
This concludes our discussion of email clients on Linux. As you can see, many options, from simple to
sophisticated, are available to help you administer and digest the daily flood of email messages.
6.3. Getting the Mail to Your Computer with fetchmail
If your provider stores your mail for you until you fetch it, and you do not want to use your mailer to
download the mail, you need a program that retrieves the mail from your provider's computer. There
are a lot of programs for doing this; we will discuss fetchmail here briefly because it is both robust and
flexible and can handle both POP3 and IMAP.
You can get fetchmail from your friendly Linux archive; chances are that your distribution carries it, too.
If you download a source distribution of fetchmail, unpack, build, and install it according to the
installation instructions. At the time of this writing, the current version was 6.2.5. The official home
page for fetchmail is
You can control fetchmail's behavior via both command-line options and a configuration file. It is a good
idea to first try to fetch your mail by passing the necessary information on the command line, and when
this works, to write the configuration file.
As an example, let's assume that my provider is running the POP3 protocol, that my username there is
joeuser, and that my password is secret. The hostname of the machine where the POP3 server is
running is I can then retrieve my mail with the following command:
fetchmail --protocol POP3 --username joeuser
fetchmail then asks me for my password and, after I specify it correctly, retrieves the mail waiting for
me and passes it on to my MTA for further delivery. This assumes that an SMTP server is running on
port 25 of my machine, but this should be the case if I have set up my MTA correctly.
While you are experimenting with fetchmail , it might be a good idea to also specify the option --keep.
This prevents fetchmail from deleting the messages from your POP3 account. Normally, all messages
are deleted from your provider's hard disk once they are safely stored on your own machine. This is a
good thing because most providers limit the amount of mail you can store on their machines before
retrieving them, and if you don't delete the messages after fetching them, you might reach this limit
quite quickly. On the other hand, while testing, it is a good idea to be on the safe side and use --keep
so as not to lose any mail.
With the aforementioned options to fetchmail, you should be able to get your mail in most cases. For
example, if your provider uses the newer IMAP protocol, simply specify IMAP in the command line
instead of POP3. If your provider has some unusual setup, you might need one of the other options that
the fetchmail(1) manual page tells you about.
Once you are satisfied with the download process, you can write a fetchmail configuration file in order
not to have to enter all the options each time you use the command. This configuration file is called
.fetchmailrc and should reside in your home directory. Once you are done editing it, make sure it has
the permission value 0600 so that nobody except yourself can read it because this file might contain
your password:
chmod 0600 ~/.fetchmailrc
The full syntax of the configuration file is detailed in the fetchmail manpage, but in general you need
only very simple lines that start with poll. To specify the same data as on the command line in the
previous example, but this time include the password, put the following line into your configuration file:
poll with proto pop3 username joeuser password secret
Now you can run fetchmail without any parameters. Because fetchmail already knows about your
password from the configuration file, it will not prompt you for it this time. If you want to play it safe
while testing, add the word keep to the poll line.
Using fetchmail with a configuration file has one additional advantage: you can fetch mail from as many
mailboxes as you want. Just add more poll lines to your .fetchmailrc file, and fetchmail happily
retrieves your mail from one server after the other.
When and how you run fetchmail depends on your connection to the Internet. If you have a permanent
connection or a cheap, flat rate, you might want to have fetchmail invoked by cron at a suitable interval
(such as once an hour). However, if your Internet connection is nonpermanent (dial-up) and costly, you
might want to choose to run fetchmail by hand whenever you actually want to fetch and read your mail
so as to minimize your Internet connection time. Finally, if you are using PPP for dialing in to your
Internet service provider, you might want to invoke fetchmail from the ip-up script, which is invoked as
soon as an Internet connection is made. With this setup, when you browse a web page and your
computer dials up your provider, your mail is fetched automatically.
So what happens to your email messages once fetchmail has pulled them from your account? We have
said previously that it passes them on to your MTA. Your MTA then usually puts the messages into a socalled local spool file, often /var/spool/mail/<username>. You can then set up your MUA to pull in the
messages from this spool file. Each MUA should have such a setting; in KMail, for example, you create a
"local receiving account."
6.4. OpenPGP Encryption with GnuPG
Using the GNU Privacy Guard, or GnuPG for short, you can encrypt individual files and emails, and
digitally sign them. The main command-line tool of GnuPG is gpg, thus called because it started out as a
replacement for PGP, which was the first encryption tool available to everyone that had strong
cryptography built into it. PGP, which stands for Pretty Good Privacy, was written by Phil Zimmermann
in the early 1990s. OpenPGP is the standard that describes the file format of PGP version 5.0 and later.
GnuPG and PGP both implement this standard, and hence are able to read each other's files.
6.4.1. Symmetric Encryption
The simplest way to encrypt a file with GnuPG is to encrypt it with a passphrase. [*] This method is
called symmetric encryption. The actual cryptography underlying this is beyond the scope of this book.
Suffice it to say that the passphrase is used as the encryption key to the file. Everyone knowing the
passphrase will be able to decrypt and read the file.[*]
A passphrase is just a long password, usually a sentence.
Of course, you can encrypt any kind of file, not just text files, so when we talk about "reading a file," you could just as well substitute "listen
to audio files" or "watch movie files."
To encrypt the file music.ogg, you simply type gpg --symmetric music.ogg. GnuPG will prompt you for a
passphrase, and then again to confirm the passphrase in order to avoid typos. The encrypted file is
written to music.ogg.gpg. If you prefer another output file name, use --output outfile, like this:
gpg --output music.gpg -c music.ogg
Here, we used the -c and -o shortcuts for --symmetric and --output, respectively.
To decrypt the file, simply call gpg file. For instance, to continue the previous example:
gpg music.ogg.gpg
As with encryption, you can request the output to be written to a file other than the default one by using
-o outfile.
6.4.2. Public-Key Cryptography
Although symmetric encryption works well for short-term and casual use, you will run into problems
managing the plethora of passphrases accumulated when you encrypt lots of files. The obvious solution
of using the same passphrase over and over again poses much the same problems as using the same
lock for all your doors. Among others, losing one key locks you out of everything, and if one key is
stolen, everything is open to the thief. This can be described as the problem of "Everyone who knows
the passphrase can read the contents."
Another problem is that of "Everybody who needs to read the contents also needs to know the
passphrase." If you encrypt files not for archiving but for sharing with friends, collegues, or business
partners, you run into this problem. You cannot reuse passphrases because it's insecure, as already
mentioned, and because each new file might target another set of recipients. For instance, if you reuse
a passphrase that was used to encrypt a message to Alice and Bob to now encrypt another message,
this time to Alice and Charlie, then Alice, Bob, and Charlie can all read both messages, even though
only Alice was intended to be able to read both messages.
You cannot create a new passphrase for each new message, because your recipients will not know the
passphrase. And if you have a secret channel to tell them the new passphrase, why would you need to
use encryption in the first place?
The only solution using simple encryption, then, is to negotiate a passphrase with each recipient
separately, and encrypt the message to each of the recipients separately. But this, too, becomes
prohibitively complex, because there must be a passphrase (or another shared secret) for each pair of
people wishing to exchange messages; the problem is said to be of O(n2) complexity.
These problems haunted cryptography until the mid-1970s, when Whitfield Diffie and Martin Hellman
invented a new method of key exchange that no longer required a shared secret. They used
asymmetrical encryption, where the encryption key is public, but the decryption key is secret. In this
scheme, everyone can encrypt a message to, say, Alice, but only Alice can decrypt it with her secret
This makes it easy to address the situation described earlier: encrypt the message to each recipient
using that recipient's public keys. Only the intended recipients can read the message. In addition, there
is only one key for each person, instead of one per pair of persons; the problem is said to be reduced to
O(n) complexity. Glossing over the new problem of ensuring that a public key marked as belonging to
Alice actually does belong to her, encrypting a message to another person is as easy as downloading
her public key from a keyserver, and then encrypting the message to that key. (We discuss the problem
we glossed over here in "The Web of Trust" later in this chapter.)
6.4.3. Creating a New Key Pair
To be able to send and receive messages using public-key encryption, you have to own a secret and a
public keythat is, a key pair. They can be created using the command gpg --gen-key. In this mode,
GnuPG will prompt you with a series of questions, at the end of which it has generated a new key pair.
The following shows a screen capture of the procedure for GnuPG 1.4.0. GnuPG asks for a passphrase
that is used to protect (lock away) your secret key. It is not used to encrypt any messages later on.
$ gpg --gen-key
gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Tue Mar 2 10:33:35 2010 CET
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>;"
Real name: John Doe
Email address: [email protected]
Comment: work
You selected this USER-ID:
"John Doe (work) <[email protected]>;"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Enter passphrase:
Re-enter passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 461BA2AB marked as ultimately trusted
public and secret key created and signed.
gpg: please do a --check-trustdb
pub 1024D/461BA2AB 2005-03-03 [expires: 2010-03-02]
Key fingerprint = E880 E195 62A8 9EFD ED83 3CD7 0B38 4F5D 461B A2AB
John Doe (work) <[email protected]>;
sub 2048g/6D18BF84 2005-03-03 [expires: 2010-03-02]
After creating the key pair, GnuPG stores it in the local key ring, usually in ~/.gnupg. You can check
that the key has been properly added using the commands gpg --list-keys, which lists all keys in your
public keyring, and gpg --list-secret-keys, which lists all keys in your secret keyring.
To make this key available for others to encrypt messages to you using it, you have to upload it to a
keyserver using
gpg --keyserver --send key-id
where key-id is the ID of the key ( 461BA2AB in the case of the key created above). The keyserver can be
hardcoded into ~/.gnupg/gpg.conf so you do not need to give it on the command line every time you
upload or download keys. You do not need to upload a key to more than one server, because the servers synchronize new and changed keys among each other.
It is important at this point to take precautions for the case of a lost passphrase: If the key gets
compromised, or you simply forget the passphrase, you want other people to know that this key should
no longer be used. This is the purpose of a revocation certificate. A revoked key can no longer be used
as an encryption target. To create a revocation certificate, however, you need to know the passphrase
to unlock your secret key. So in order to have a revocation certificate ready for publishing in the case of
emergency, you have to create one while you still remember the passphrase, and then store it
somewhere safe.
To create such a revocation certificate, you can use the command gpg --armour --output rev-cert.gpg -gen-revoke key-id. This will create a revocation certificate and save it in rev-cert.gpg. The --armour
option tells GnuPG to create a printable version instead of a binary file. This way, you can print the
certificate and store it on paper as backup in case of hard disk failures.
To apply the revocation certificate, simply import it by using gpg < rev-cert.gpg, and then upload the
changed key using gpg --send key-id, as shown earlier.
Keys uploaded to a keyserver cannot be removed. Furthermore, they can only be
added to; no data will ever be removed from them. This includes additional user
IDs and third-party signatures (discussed shortly), as well as revocations.
6.4.4. Encrypting with Public Keys
As mentioned earlier, when doing public-key encryption, you need to have the recipient's public keys.
For GnuPG, this means they need to be downloaded from a keyserver, and that there should be a trust
path (see "The Web of Trust," later in this chapter) from your key to the recipient's key.
For now, we can make do with a speciality of GnuPG: encrypting to untrusted keys.
First you need to find the key on the keysever. You can use the GnuPG search interface for this: gpg -search name-or-email . GnuPG will list all matching keys (which can be hundreds) in a list, from which
you can choose one to import.
If you already know the key ID of the recipient's key, then you can download it directly using gpg --recv
Next, you can encrypt a file using one or more keys. Be aware that GnuPG does not necessarily encrypt
using your key, too (this is an option in the config file), so you might not be able to decrypt the
message any more. The command to use is:
gpg --encrypt --recipient recip_1 --recipient recip_2 ... file
A shortcut notation for this is:
gpg -e -r recip_1 -r recip_2 ... file
Both versions create the encrypted message in a file called file.gpg, unless the --output (-o) option is
used to redirect the output to a non-standard file. No matter to how many recipients you encrypt, there
will always be only one output file it will just be generated such that all the recipients are able to
decrypt it.
To decrypt a file, simply run GnuPG on it: gpg file.gpg. GnuPG asks for your passphrase and then saves
the decrypted file into file (i.e., the name of the input file stripped of the .gpg extension).
If you want to encrypt a lot of files in one go, consider using --multifile, like this:
gpg --multifile -e -r recip_1 ... file1 file2 ...
6.4.5. Digital Signatures
Public-key cryptography is valuable not only for encryption, but for authentication. Digital signatures
are a way to ascertain that a given file has not been modified since it was signed. Very simply put, the
system encrypts a checksum of the data with your secret key. This works because, on the other end, the
public key can decrypt data encrypted with the secret key.
So to verify the signature, the recipient calculates the same checksum of the data, and then compares
the value with the value stored in the signature. If they match, two things have been proved: first, that
the data has not been changed since it was signed, and second, that the message was signed using
your secret key. If the data was changed, the checksum would not come out the same. Likewise, if the
original checksum was encrypted with some other key than yours, the decryption result when using
your public key would be gibberish, and the checksums would also fail to compare.
OpenPGP allows two different types of signatures: clearsigned and detached. In clearsigning, the
original message is modified to include the data and the signature of the data in one file. Detached
signatures, on the other hand, do not modify the original file, but write the signature to a second file,
usually with .gpg or .asc appended. You should use only detached signatures, becuase they work for all
types of files, while clearsigning works only with (plain) text files.
To sign a file, you need only your secret key. Use the following command to create a detached signature
of a file named music.ogg:
gpg --sign music.ogg
The signature file will be named music.ogg.gpg. As usual, you can redirect the data to another file by
using the --output (-o) option. The shortcut for --sign is -s.
It will not come as a surprise to you to learn that verifying a signature works by just running GnuPG on
the signature file: gpg music.ogg.gpg .
Signing and encrypting can be combined into a single operation. Indeed, this is the usual mode of
gpg -es -r recip_1 -r recip_2 ... file
Note that in this case of combined operation, the signature is encrypted together with the signed data,
so that there is no third file containing the signature. It is all nicely packaged into the .gpg file.
Note that as of this writing, signing does not yet work with --multifile. You have to revert to using a
shell for loop:
for i in *.ogg; do gpg --sign $i ; done
6.4.6. The Web of Trust
We have noted earlier that for public-key cryptography to work, one needs to be certain that the public
key obtained from the keyserver is actually authentic and has not been changed or created by an
To this end, OpenPGP uses the concept of a Web of Trust, in which keys known to belong to the person
described by a user ID can in turn certify that another key is authentic. This is done using signatures on
the key material, that is, the public key and the associated user ID.
As an example, consider the scenario where Alice wants to send an encrypted message to Bob, the ex of
her friend Carol. She does not know Bob personally, and so she cannot be certain that the public key
she finds when searching for Bob on the keyservers indeed belongs to Bob.
However, she knows Carol personally, and they have in the past cross-certified their keys. This means
that Carol's key now contains a signature by Alice stating more or less, "I, Alice, confirm that this key
does belong to the owner listed in the user IDthat is, Carol."
Carol, in turn, knows Bob, of course.[*] From their time together, they still have their keys cross-signed,
although it has been a long while since they were used to send secret love letters.
[*] Although she sometimes wished she didn't.
If Alice trusts Carol to not be careless about certifying other people's keys, she can use Carol's key to
create a trust path from herself to Bob: her own signature on Carol's key makes that key valid. She
trusts the owner of the key to certify other keys, and has indicated this to GnuPG by specifying a
corresponding ownertrust value for Carol's key. Because Bob's key carries Carol's signature of
certification, Bob's key is also valid from Alice's point of view.
This example illustrates two fundamental points:
The validity of a given key is not an absolute. It is always relative to another key and to that key's
owner's trust in other people, as expressed by the assigned ownertrust values . If Alice did not
trust Carol to certify other keys, she could not ascertain Bob's key's validity.
The Web of Trust model works incredibly well in your own socioecological vicinity. However, it is
hard or downright impossible to make it work across more than one or two hops (i.e.,
intermediate keys).
In recent years, however, the global Web of Trust has exploded, so the latter point becomes less and
less of a problem. Thanks to the analysis tools implemented and run fortnightly by Drew M. Streib and
Jason Harris, we now know that the global Web of Trust contains one large strongly connected set, a set
of keys with the property that each key from the set has a trust path to any other key from the set. This
big set currently encompasses 28,418 keys, and its diameter is on the order of 15 hops. Another 60,000
keys can be reached from any key in this set with up to 30 hops. Usually, around 10,000 keys are
reachable with no more than three hops. The mean square distance to the best-connected key from any
key in the cluster is currently about 3.6 hops. In contrast to the big set, the next biggest sets have only
147, 117, and 79 keys in turn.
In order to enter the strongly connected set, all you need is to cross-sign your keys with at least one of
its members. If you live in North America or Europe, this is usually not much of a problem. Visiting a
conference or fair with Debian or KDE developers lets you take part in one of the numerous key signing
parties that are often held during these events. In other parts of the world, however, it can be very
The commands to sign other keys and change the ownertrust are all available using gpg --edit key-id.
This enters a GnuPG shell where commands such as sign and trust are available to perform key
6.4.7. Using gPG-agent
After using GnuPG for a while, you will notice that you need to type in your passphrase quite often. But
do not let this fool you into choosing a short passphrase! Instead, consider using the gpg-agent tool.
Much like ssh-agent, gpg-agent can be configured to maintain a cache of recently entered passphrases
and reuse them instead of prompting the user. gpg-agent is part of the GnuPG 2, the next-generation
GnuPG. You can download GnuPG 2 from; its packages are
called gnupg-1.9.n. Even though gpg-agent is packaged alongside GnuPG 2, it works just fine with
GnuPG Version 1.2.6 or higher. Note that gpg-agent uses the pinentry package to prompt the user for a
passphrase. Versions of pinentry are currently available for Qt (KDE), GTK (GNOME), and ncurses (text
To make GnuPG use the agent, you first have to start it: eval `gpg-agent --daemon`. The eval feeds
back the output of the command in the backticks into the current shell; that is important because the
gpg-agent command outputs environment variable assignments that are necessary for GnuPG to use
the agent; in this case, the environment variable GPG_AGENT_INFO will be set. If you start GnuPG from
this shell (or any other shell spawned from it), and pass it the --use-agent option (either on the
command line or in ~/.gnupg/gpg.conf), then GnuPG will contact gpg-agent to obtain the passphrase
instead of prompting the user directly.
To make gpg-agent cache the passphrase instead of asking each time anew, create ~/.gnupg/gpgagent.conf with the following contents:
This instructs gpg-agent to cache the passphrase for 3,600 seconds that is, one hour.
Chapter 7. Games
Section 7.1. Gaming
Section 7.2. Quake III
Section 7.3. Return to Castle Wolfenstein
Section 7.4. Unreal Tournament 2004
Section 7.5. Emulators
Section 7.6. Frozen Bubble
Section 7.7. Tux Racer
7.1. Gaming
Gaming under Linux has long had a bad reputation. Even very experienced Linux users often keep a
Windows partition around to dual boot into only for games. In many ways this problem is due to a
chicken-or-egg approach from game developers: games aren't ported to Linux because not enough
people game on the platform, and not enough people game on the platform because there aren't
enough games ported to it.
The fact is, though, that gaming under Linux continues to improve every year. Not only are the major
video card manufacturers making sure their cards have full 3D acceleration support under X, but a
number of software companies, such as Id Software and Epic Games, have consistently released Linux
ports of their titles either on the same CD as the Windows software or as separate downloads released a
bit after the initial launch date. Of course, some of this good will toward the community keeps in mind
the strength of Linux as a server platform. The idea is that if the companies promote Linux clients, the
community will be more likely to run the Linux servers for the game.
When you examine the different commercial games that have been ported to Linux, you will notice that
many if not most of them are in the FPS (first-person shooter) genre. Doom, the full Quake series, the
Unreal Tournament series, Return to Castle Wolfenstein, Tribes 2, and many other FPSs have Linux
ports. This doesn't mean that other genres are unrepresented for instance, games such as Railroad
Tycoon and Neverwinter Nights have been ported to Linux just that the FPS games seem to get ported
more readily.
Even if your favorite game hasn't been ported to Linux, there's still a chance that the Windows binary
can install and run in a Wine or Cedega environment. These environments translate the Windows
system calls to Linux system calls, and many games play very well. Cedega is a commercial product
released by Transgaming that is based on Wine and focused on getting all of the latest games running
under Linux. There is an extensive list of games that Cedega supports, rated by how well they perform
under Linux, that you can browse on their site. The list includes games such as Warcraft III, Max Payne
II, and Battlefield 1942. If you decide to use Cedega, you can sign up on a subscription basis at for $5 a month. The site contains a number of FAQs for the different games it
supports to help you through the installation process.
A number of true game emulators also exist for Linux. If you have ROM images for arcade or console
cartridges, you can use arcade emulators such as Xmame or console emulators such as Nestra and
Snes9x to play those games directly on your Linux system. Some people have developed their own
personal arcade cabinet, complete with a large collection of games and arcade-style joysticks, on a
Linux platform.
Gaming under Linux isn't limited to commercial titles; Linux also has a large number of free software
titles. These games range from simple card games to board games such as chess and backgammon and
from arcade games such as xgalaga to adventure games such as rogue and nethack. There has also
been development of free 3D games, such as Tux Racer. Most distributions include a number of these
games on the CD, so you aren't limited simply to Solitaire, Freecell, and Minesweeper. The KDE Desktop
Environment comes with more than 30 basic games, including Solitaire, Backgammon, a Minesweeper
clone, a Tetris-like game, and video poker.
So if you like games, you will find plenty to keep you amused under Linux, and maybe even some
reasons to get rid of that dual-boot gaming platform you keep around. In this chapter are introductions
to a few Linux-native games including instructions to install, play, and if applicable, run a game server.
7.2. Quake III
The Quake series has long been a favorite among FPS fans for its addictive yet simple gameplay and its
graphics, which have always pushed the envelope for the time. Although Quake and Quake 2 were
initially single-player games, both became very popular for multiplayer deathmatch games over a
network. With Quake III, Id Software took the Quake universe and created a game strictly aimed at
multiplayer gaming. In Quake III there is a single-player mode, but it revolves around playing a series
of deathmatch games against one or more computer opponents in an arena style. As you progress in
the game the opponents get more difficult to defeat; in the final round, you are one-on-one with an
incredibly accurate opponent. In many ways the single-player mode is practice for multiplayer games
on the network.
The entire Quake series has Linux binaries available for download from When Quake
III was first released, Linux binaries weren't available; however, a special tin box edition of the game
containing Linux binaries was released in stores some time after the initial Windows version. Even if you
didn't get the special tin box edition, you can still use your Windows CD and download the Linux
7.2.1. Installation
To install Quake III under Linux, download the latest version of the installer from the directory. Once you have downloaded the file, use chmod +x
filename to make it executable and then run the installer from a console as root. Accept the licensing
agreement to then see the main installer window (Figure 7-1). The installer will default to putting the
game files into /usr/local/games/quake3. The installer from the Linux retail CD will copy the .pk3 data
files from the CD-ROM, but the installer that you download will not. Therefore, if you used the
downloaded installer, mount the Linux or Windows Quake III CD and copy pak0.pk3 from the
Quake3/baseq3 directory on the CD to /usr/local/games/quake3/baseq3. If you also have the Team
Arena CD-ROM, you can mount that CD and copy pak0.pk3 from the Setup/missionpack directory to
Figure 7-1. Quake III Installer
Once Quake III is installed, click the corresponding icon in your KDE or GNOME menu, or type quake3 in
a console. Quake III relies on OpenGL as its graphics library, so make sure that you have 3D hardware
acceleration with OpenGL support. Unlike with the Windows version, the Linux version of Quake III does
not require you to have the CD-ROM in the drive to start the game. Once the game begins for the first
time, a .q3a directory is created in your home directory to store settings and saved games. You can edit
the configuration files directly if you wish, or you can change game options through the Setup menu on
the main screen.
7.2.2. Single Player
In single-player mode you can either start with the first arena match and move map by map through
the game, or you can immediately get to the action and click the skirmish button inside the singleplayer screen. A skirmish is a quick match that doesn't count toward the standard single-player game.
You can choose any map and also how many and which bots to play against on the map, along with
their difficulty. Skirmish mode is very useful to hone your skills on a particular map, especially before
you move to a multiplayer game.
The rules for a standard deathmatch are pretty simplekill everyone else. When a match starts, your
player is spawned in one of the many spawn points on the map. Once the match starts the object is to
have the most frags, or kills, before the time limit lapses. Scattered across the map are weapons; items
such as health, ammo, and armor, and your opponents. You start off with a simple machine gun and
your gauntlet, so you will want to find more powerful weapons, especially before your opponents do
(Figure 7-2). Your player starts out with 100 hit points, which decrease as you take on damage. If you
reach zero or fall into one of the bottomless pits on the map, your character dies and you "respawn" at
a random spawn point on the map. Any opponents you kill also respawn in this way. There are no limits
to the number of times you can respawn, but keep in mind that you lose any weapons and armor you
previously had, so try to keep respawning to a minimum.
The Quake series is known for supplying a basic set of weapons to choose from, and Quake III
continues in that tradition by including many favorite weapons from previous games without having too
much overlap in weapon functions. It is worthwhile to get familiar with all of the different weapons
because each can be useful in different types of combat.
This is the standard melee weapon of the game and a weapon that you always have with you.
This electrified fist does not do much damage and requires you to be very close to your enemy to
use, but does not run out of ammo. If you do manage to kill an enemy with the gauntlet the
announcer will yell "humiliation" to alert all of the players to your opponent's shame at being
killed by such a weak weapon.
Machine gun
This is the default weapon that a player starts with. It does a minimum amount of damage but
has a lot of ammo and can be an effective weapon if used accurately.
Like most shotguns in FPSs, this shotgun causes a lot of damage when used at close range, and
the damage tapers off the farther away you are from your enemy.
Figure 7-2. Quake III game
Grenade launcher
Very effective as a defensive weapon, the grenade launcher fires grenades that either explode
upon direct contact with an enemy or after a short delay. The grenade launcher is a useful
weapon when running away from a pursuing enemy backwards.
Rocket launcher
A powerful weapon, the rocket launcher not only is useful for mid- to long-range combat, but the
rockets can damage opponents (and you) just by being near them when they explode. Thus, you
can fire at walls and the floor near an opponent and still damage him.
Lightning gun
The lightning gun fires a stream of lightning at your opponent. This is a better weapon at shorter
ranges, and is useful to encourage an aggressive opponent to keep his distance.
The popular sniper weapon, the railgun fires a depleted uranium slug quickly at your opponent.
The railgun has a weakness in that it needs to charge for a second between firing, so keep that in
mind if you are using it in the middle of fast-paced combat.
Plasma gun
This weapon fires balls of plasma at an enemy in rapid succession. This weapon also has some
"splash damage" like the rocket launcher so you can inflict damage on an opponent even if you
just miss him.
The BFG in Quake III is somewhat different from the weapon in Quake II. This BFG is more like a
souped-up plasma gun. It fires green balls of plasma that cause large amounts of damage, and is
the most powerful weapon in the game.
Along with weapons, there are a few other items you will find in the maps, some of which give you extra
abilities. There are the normal health and ammo packs that regenerate across the map, and on some
maps there is a Quad Damage item. If a player picks up this item, the announcer says "Quad Damage"
and the player shines a bright blue that makes him easy to see from a distance. If you pick up Quad
Damage, all of your weapons inflict four times their damage for a limited time, useful for racking up
quick kills. Be careful, though: if you are killed with time remaining, the Quad Damage will be left
behind, so other players have an incentive to kill you.
7.2.3. Multiplayer
Quake III was primarily designed to be played in multiplayer mode . The multiplayer mode is not much
different from single-player mode except that you are fighting other people instead of computercontrolled bots. When you click the Multiplayer option from the main menu, you are taken to the Quake
III server browser. Here you can see a list of available game servers you can connect to, along with the
map and game type currently in progress and the number of players on the server. You can also specify
a particular server to connect to by IP address.
If you want to create your own server, click Create and select a map and number of bots for your own
server and click Fight to launch the server. If you change the Dedicated option before you launch the
server, the server will launch in the background. Otherwise, the server will start and you will
immediately be connected to it. If you want to create your own customized dedicated server,
particularly one that runs without the client from the command line, check out some of the great Quake
III server HOWTOs on the Internet. A good place to start is
There are a number of multiplayer game types, and many of them require special mods or maps to be
installed on your system. The basic game types are baseq3, which is the standard multiplayer
deathmatch, and CTF, which is a standard two-team capture-the-flag match. Once you find a game you
wish to join, click on the server and then click the Fight button at the bottom of the screen to connect.
7.2.4. Mods
Like the previous versions of Quake, Quake III has a large number of community-created mods for it.
Some of these mods are simplistic and add a new weapon or new basic game type, whereas other mods
are very extensive and change maps, weapons, and even the major rules of the game. To find mods,
skins, and maps to add to your Quake III install, visit
Among the many mods and files hosted on that site is a popular mod called Rocket Arena 3 (RA3 ) at Rocket Arena 3 is the continuation of the Rocket Arena
mods that were available for Quake and Quake II; it takes deathmatch play and changes a few of the
rules to result in a unique style of game play. First, by default in Rocket Arena 3, you start with all of
the weapons fully loaded. This means no longer running around a map trying to find the more powerful
weapons you can get right to fragging. Second, your player is not hurt by his own splash damage. This
means you can do manuevers like rocket jumps (firing a rocket below you as you jump, launching you
high into the air) without any damage. These two changes in the rules, combined with a completely new
set of maps result in a very different deathmatch game. On RA3 servers, you can select to play directly
against another player one-one-one or in a team deathmatch. Unlike in standard deathmatch, you only
have one life, so when you die you must wait until the current match ends before you can get back in
the game.
Installing RA3 takes only a few steps. First go to the RA3 site and find the Linux/Mac installer on the
downloads page, a 135Mb .zip file. Then unzip the file into /usr/local/games/quake3/ where it should
create an arena directory. To play RA3 start Quake III from the command line with quake3 +set
fs_game arena or select "arena" from the Mods menu in Quake III. If you want to host your own RA3
server, a sample server script has already been created for you called ra3server in the arena directory.
Launch it to start a dedicated RA3 server. Read the readsrv.txt file in the arena directory for more
information on how to customize the RA3 server.
7.3. Return to Castle Wolfenstein
For many gamers, Wolfenstein 3D was their first exposure to a 3D first-person shooter. In the game you
are a captured American soldier inside a Nazi prison. Your goal is to escape the prison and shoot any
guards who get in your way. Id Software has released an updated version of the classic called Return to
Castle Wolfenstein (RTCW) that shares the same basic objectives but expands the game play and
provides updated graphics and sounds.
Unfortunately the native Linux client is not included with the Return to Castle Wolfenstein CD, so you will
need to download the latest version of the installer from
Updates are also provided in the directory, so be sure to download the full installer (it will be a larger file
and not have the word update in the filename).
7.3.1. Installation
To install RTCW, become root, add executable permissions to the installer with chmod +x filename, and
run the installer script. The installer provides a basic GUI that lets you configure a few installation
settings, including where to install the binaries (Figure 7-3). By default the installer will put files in
Figure 7-3. RTCW installer
Unlike some Linux game installers, the Wolfenstein installer will not install the compressed game files
that are on your CD. The README file that comes with the installer instructs you to copy seven files from
your Windows install of the game to the /usr/local/games/wolfenstein/main directory. These files are
mp_pak0.pk3, mp_pak1.pk3, mp_pak2.pk3, pak0.pk3, sp_pak1.pk3, and sp_pak2.pk3. If you have not
installed the game under Windows, your other option is to run the CD installer under Wine and then copy
the files. If you have trouble with the installer, you can check out the official FAQ for the Linux client,
found at
7.3.2. Single Player
Once you launch RTCW, you will probably want to click on Options and familiarize yourself with and
change the default key bindings and other settings to suit you. In the Options section you can also launch
various mods you have downloaded and installed for the game. Click Play to start a game. The default
mode for RTCW is a single-player game that puts you into a similar situation as the first Wolfenstein 3D
you are freed from your Nazi prison cell when you attack and kill a guard (Figure 7-4). Your goal is to
advance through enemy lines and escape prison.
Figure 7-4. RTCW start
As you move through the game, at different times you will want to employ stealth by walking slowly (hit
the Caps Lock key) and peeking around corners (Q and E lean to the left and to the right, respectively),
or react quickly without regard to noise and sprint through an area (hold down the Shift key when you
move) and kick in doors (the X key) and jump over obstacles (spacebar). When you find items such as
weapons or supplies, you can pick them up just by walking over them. Some objects in the game, such as
alarms, can be activated and deactivated with the Enter key. Of course, you can also deactivate an alarm
by shooting at it.
There are a number of weapons in the game to help you fight the enemy. You start with a basic knife and
quickly pick up the guard's pistol. As you progress in the game you get more powerful weapons, such as
submachine guns, rifles, grenades, and rockets. Some of the weapons share ammunition, so be aware of
your ammo counts. Also, some of the autofire guns overheat if fired too much in a short time, so be sure
to fire them only in short bursts. Certain levels contain mounted machine guns. To use these weapons,
step up to them until the hand icon appears on the screen and then press F or Enter to mount or
dismount from the machine gun. When mounted, you view through the machine gun's crosshairs and can
aim and fire at your enemies.
7.3.3. Multiplayer
RTCW also has a multiplayer mode that is rather different from the single-player game. In multiplayer
mode there are two teamsthe Axis and the Allies. In the default multiplayer mode both teams have one or
more objectives they must accomplish within a time limit. The first team that completes the objective
wins the round. In stopwatch mode the game changes a bit. After each round of play, the teams switch
sides and must beat the other team's time for completing the objective. Checkpoint mode is somewhat
like capture the flag. There are a number of checkpoint flags scattered across the map. The first team
that controls all of the different checkpoints simultaneously wins. If time runs out, the team that controls
the most checkpoints wins the round.
Multiplayer mode also differs from single player in that there are four different character classes to
choose from, each with different abilities and roles in the game. A successful team will have members
from each of the roles working together.
This is a standard fighting role. The soldier can use all of the two-handed weapons, such as the
sniper rifle. This is a good default role to pick if you are starting out and aren't sure what to do.
The engineer's primary focus is demolitions, and the engineer is the only player who can use
dynamite to destroy objectives. In addition, the engineer can repair stationary guns and disarm
dynamite that enemies lay.
A medic is an important team member. Medics can help heal and even revive dead team members
on the battlefield. Medics also are equipped with health packs that they can drop for other
teammates to pick up. If you have a medic on the team, then all players will spawn with an
additional 10 hits points. Also, the health of a medic slowly regenerates over time.
A lieutenant's primary duties are back a bit from the main battle and involve tactical decisions. A
lieutenant can drop a smoke grenade on an area to signal an airstrike. Also, lieutenants can use
binoculars to call in artillery attacks on a location. Lieutenants can drop ammo packs for other
teammates, much in the way medics drop health packs.
Unlike in some other tactical multiplayer FPSs, in RTCW players have multiple lives and respawn, but with
a twist. When a player dies, he is placed in "limbo" and must wait until the next reinforcement period
occurs to respawn. During this period he can change character classes and weapons, and even switch
teams. You can also choose to wait for a medic to revive you instead of waiting in limbo. In that case, you
can get back into the game immediately once a medic revives you.
You can play multiplayer games either locally on a LAN or on servers on the Internet. The multiplayer
interface provides a server browser that will scan for currently open servers to connect to, otherwise you
can directly enter the IP address of a server. You can also host your own server. Included in the Linux
binary is a file called QUICKSTART that goes through the basics of running a dedicated server.
The dedicated server is called wolfded and game options are changed through arguments on the
command line or by specifying a config file to execute. To get a basic server up, run:
$ wolfded +set com_hunkmegs 64 +set sv_maxrate 9000 +set com_zonemegs 32 +set \
dedicated 2 +set sv_hostname "my server" +set g_motd "my motd" +map mp_villiage
Included with the install is a basic map rotation script in main/rotate.cfg. You can specify this on the
command line to start a basic server that will cycle through the different maps:
$ wolfded +set com_hunkmegs 64 +set sv_maxrate 9000 +set com_zonemegs 32 +set \
dedicated 2 +set sv_hostname "my server" +set g_motd "my motd" +exec rotate.cfg \
+vstr m_rotate1
Unlike with standard single-player or multiplayer mode, you do not have to have a valid CD key to host a
dedicated server.
To update to the latest version of RTCW, download the latest version of the installer (or to save
bandwidth, the -update file of the same version) from and execute it as root. You will
see an interface just like that of the original installer, and updated files will overwrite the old versions
once you click Install.
7.4. Unreal Tournament 2004
Some FPS games attempt to shun the stereotype that FPS games lack depth and generally rely more on
quick reflexes than thinking or strategy by adding a basic storyline along with a single-person mode.
The storyline usually puts the character in some sort of hostile environment as a pretense to fire at
anything that moves. The fact is, however, that while some players might play through the singleperson mode now and then, the majority spend their time in a head-to-head deathmatch with other
The Unreal Tournament (UT) series has no such pretense, and instead focuses completely on arenastyle play. Because of this focus, UT has become the favorite for many players over the Net, as it
includes many different arena maps and styles of network play, from basic deathmatch and capture the
flag to bombing runs and other games that start to blur the line between an FPS and the sports genre.
7.4.1. Installation
Like its predecessors Unreal Tournament and Unreal Tournament 2003, Unreal Tournament 2004 (or
UT2K4) has native Linux support both for the client and the server. Unlike many other Linux-native FPSs
from other companies, however, UT2K4 ships with the Linux binaries and installer in the same box as
the Windows binaries. This means you don't have to search for a fast mirror and download a large .sh
file, much less wait for weeks or months for a Linux portyou can get to gaming immediately.
UT2K4 chooses its installation directory based on what user runs the installer. If a regular user starts
the installer, UT2K4 creates a ut2004 directory under the user's home directory. Although the game will
run fine for a single user either way, if you do have root privileges on a machine, it is better to install it
for every user in case you decide to switch users. If you run as root, it will install to
/usr/local/games/ut2004/ by default and be made available to all users on the system.
To install UT2K4, mount CD1, also labeled the Install Disc, on your Linux system and execute the file
called Most file managers will execute the file if you click on it; otherwise, you can
open a terminal and type:
# /mnt/cdrom/
After you accept the licensing agreement, you will see the primary screen for the Linux installer, as
shown in Figure 7-5.
In this primary screen you can change many of the installation settings, including where to install, what
language to use, and whether to add menu entries for KDE and GNOME. The install uses about 5 GB of
space, so make sure you have enough free space cleared up; otherwise, the Begin Install button will be
disabled. Once you click Begin Install, the installer will prompt you for your CD key and then start
copying files from the CD-ROM to the hard drive. If you purchased the default CD edition of UT2K4, you
will be prompted to switch CDs throughout the process. If you purchased the DVD special edition, you
can install the full game without swapping discs.
Once the install finishes, you can click the Start button in the final window to start the game, you can
select it from your KDE or GNOME menu, or you can simply type ut2004 in a terminal. Unlike in
Windows, you do not need to have the play disc mounted in the CD-ROM drive to play.
7.4.2. Play
One of the first things you will want to do when you start UT2K4 for the first time is go over all of the
configuration settings and key bindings and make sure they are to your liking. All of these settings can
be configured in the Settings menu on the main screen. All of the game options, from screen resolution
to special visual effects and your player's skin and name, can be configured here. Your options and
saved games are then stored in the ~/.ut2004 directory. You can even tweak the text configuration files
(they end in .ini) under ~/.ut2004/System/ by hand if you so choose.
Figure 7-5. Primary UT2K4 install screen
UT2K4 has a variety of play options. The first is to play in single-player mode, which places you as the
captain of a team of arena fighters you choose. Your team then moves up the ranks playing different
types of team games:
Capture the Flag
Like traditional capture the flag in other FPSs, your team attempts to penetrate the opposing
team's base, grab its flag, and return it to your flag while preventing them from doing the same
to you. You score points for each flag you capture.
Bombing Run
This game is a bit like basketball. A ball is placed in the middle of the map, and each team has a
goal on its side. Points are scored when a player picks up the ball and fires it through the
opposing team's goal. If you kill the player with the ball, the ball is dropped and you can pick it
Double Domination
A variant on capture the flag, in this game the map has two "domination points" that are initially
set to neutral. The object is to run over both domination points, which sets them to your side, and
keep both domination points set for 10 seconds to score.
This game operates with a series of rounds. Each round-one team takes the role of attacker and
the other takes the role of defender. The attacker team has a series of goals to accomplish within
a time limit, such as reaching a certain location on the map, and the defender team tries to stop
them. Once the round is over, the roles reverse.
Single-player mode is useful to get acquainted with the different maps and game types, as the game
slowly increases in difficulty. Your progress is saved at each point in the game, so you can pick up
where you left off last time. If you want to get right to the action instead, try Instant Action. This lets
you choose the type of game and map to play on, along with the number of bots and their difficulty.
Instant Action is useful to hone skills on a certain map or to practice without applying wins or losses to
your single-player record.
Be sure to become acquainted with each of the different weapons and their alternate firing modes. Also,
some weapons offer combos, such as the shock rifle. Fire the alternate fire on the shock rifle to send a
plasma charge, and then fire on that charge with the primary fire to create a large explosion that causes
a great deal of damage (Figure 7-6). The most successful players are those who have mastered multiple
weapons and can quickly switch between them as necessary.
If you are ready to play against others on the Internet or at a LAN party, click Join Game. You can then
choose whether to search for LAN or Internet games, and UT2K4 will search and list all the available
games. Joining in is as simple as selecting a game and clicking Join, but keep in mind that the lower
your ping to a server, the more responsive game play will be.
7.4.3. Game Server
You can also host your own UT2K4 server as the Host Game option. This lets you configure your own
game scenario much like with Instant Action, so you can choose maps, number of players, number of
bots, and other settings, and then start your own custom server that others can join whether on the
local LAN or on the Internet. Once you have configured your server, you can either click Listen or
Dedicated to start the server. Listen starts the server and immediately connects you to it. Dedicated
starts the server in the background and exits, which is ideal if you want to host a server but not play
yourself. You can also start a dedicated server directly from the command line. Change to the
ut2004/System directory, and then run ucc with the server argument, and then the name of the map to
Figure 7-6. UT2K4 shock combo
# cd /usr/local/games/ut2004/System
# ./ucc server DOM-SunTemple
Another advantage to starting the server this way is that you can run servers on machines with no 3D
acceleration or graphics support at all. All of the options you can change inside the GUI can be changed
on the command line as well, and there are a number of tutorials on the Internet that cover the
different command-line options. If you have configured previous Unreal Tournament servers, you will
find that many of the options are the same in UT2K4.
7.4.4. Updates
If you intend on playing UT2K4 on the Internet, you will want to keep up with your patches. Sometimes
patches fix more than bugs they prevent cheats, so in that case you will need the latest patch to connect
to a server. Patches are announced on the official Unreal Tournament site at, but check sites such as and for
links to the Linux patches. Click Join Game and you will see your current version in the upper right-hand
These patches come in .tar.bz2 format, and to apply them you will want to first extract the patch
directory and then overwite your current files with the patched version:
# tar -xjf ut2004-lnxpatchversion.tar.bz2
# cd UT2004-Patch
# /bin/cp -a * /usr/local/games/ut2004/
7.5. Emulators
Modern games with detailed graphics, sophisticated soundtracks, and fast-paced network play are
certainly fun, but sometimes you want to hearken back to a simpler time a time with 8- or 16-bit
graphics when arguably gameplay was more important than fancy graphics. Linux has a number of
emulators so you can take a trip back to the days of plunking quarters into Pacman only, as with Linux,
the arcade is free. These emulators work from ROM images that have been extracted from the arcade or
console game, and emulate the environment necessary for the ROM to function, so you can use your
keyboard or even a joystick and play the games directly from your computer.
7.5.1. MAME
Probably the most famous and popular console emulator is MAME (Multiple Arcade Machine Emulator) .
The focus of the MAME project ( is to create an emulator for the various different
arcade platforms that have been in use over the years. In this respect the MAME project is much more
complicated than many of the other console emulation projects because it supports many different
platforms. Currently MAME supports thousands of arcade titles and the list continues to grow. You can
view the list of currently supported titles on
MAME was originally a project for the Windows platform only; however, a Linux port, called Xmame ,
has been created. Xmame is based directly on the MAME source code, with changes being made only
when necessary to run under Linux. Because of this you can treat Xmame under Linux like MAME under
Windows, and ROMS that work on one will work on the other.
Xmame is a popular program and should already be packaged for your particular distribution, but if it
isn't you can download the latest source from the project's site at There are a number of
different display options for Xmame , and some distributions package the different display options
The standard Xmame display option is output to a window under X.
Xmame can also use SVGAlib to display to the console, allowing you to use Xmame without
running X.
Xmame can output to an X11 display using OpenGL libraries to take advantage of hardware
acceleration on your video card.
Xmame can also use SDL libraries for output under an X11 environment. Similar to the OpenGL
libraries, SDL lets Xmame take advantage of hardware acceleration where available.
As with OpenGL, Xmame can use the Glide libraries for hardware acceleration both under X and
with SVGAlib for 3DFX cards.
To start, you will want to use the X11 display method because it is the default and is most likely to work
with your system. The first time, just run xmame from the command line without any arguments.
Xmame will search /etc/xmame/xmamerc for system-wide defaults and will create a local configuration
directory under ~/.xmame. Copy the /etc/xmame/xmamerc file to ~/.xmame so you can tweak settings
specific to your user. This file contains all the different settings for Xmame, but the first setting you will
probably want to change is rompath. This setting controls in what directory Xmame looks for ROMs, so
if your user has a local folder for MAME ROMs, put it here and save the file. Now you will be able to play
any game you have a ROM for simply by passing the name of the ROM as an argument to Xmame.
ROMs generally come in .zip files that contain a number of different files the emulator needs all in one
package. To play your ROM, you would simply run:
$ xmame pacman
on the command line (Figure 7-7).
Now that the game is running, what do you do? Xmame uses the same keybindings as the DOS version
of MAME. Table 7-1 lists some of the primary key bindings you will find yourself using.
Figure 7-7. Xmame with Pacman
Table 7-1. Xmame key bindings
Pause the game
Reset the game
Reduce frame skip
Increase frame skip (useful to speed up games on slower machines)
Exit emulator
left-Shift + Pgup
Increase scale (makes game larger for higher-resolution displays)
left-Shift + Pgdn
Decrease scale
left-Shift + Insert
Normal window
In addition, individual games have their own key bindings. These vary from game to game, but there
left-Shift + Home
DGA fullscreen mode
In addition, individual games have their own key bindings. These vary from game to game, but there
are some standard key bindings most games use for common buttons (Table 7-2).
Table 7-2. Common button bindings
Arrow keys
Move left, right, up, and down
Select one player
Select two players
Insert a coin
Button 1
Button 2
Because some arcade games just have a joystick, and others have six or more buttons, the button
mappings to a keyboard will sometimes vary. For basic games, Ctrl and Alt work as the first and second
buttons but more complicated games will require some experimentation to discover the key bindings.
By default, Xmame will play a game in its original resolution, so on a high-resolution computer screen
you might want to increase the scale of the game once or twice with left-Shift and PageUp.
Xmame can use your mouse for applicable games as well. A good example of using a mouse in an
arcade game is Centipede , which by default uses a large trackball mouse. You can either use your
mouse or the arrow keys for movement.
Xmame also supports use of a joystick, although this isn't turned on by default. Either change the
joytype option in your xmamerc file or pass -joytype number on the command line. The number
corresponds to the type of joystick you use (Table 7-3).
Table 7-3. Joystick mapping
Joystick type
No joystick
i386 joystick driver
Fm Town Pad support
X11 input extensions joystick
New i386 Linux joystick driver
NetBSD USB joystick driver
PS2-Linux native pad
SDL joystick driver
7.5.2. Nestra
Arcade games are incredibly fun, but there are some games that seem to only exist on certain game
consoles, such as the original Nintendo Entertainment System (NES) . As with the MAME project, there
is software you can use to emulate the NES hardware and play ROMs directly on your computer. Under
Linux, the software is Nestra .
Nestra will already be packaged for you depending on your distribution, but if it isn't, you can download
and build the source directly from nestra Once installed, using Nestra is as simple as
running nestra with the path to the ROM you want to play as an argument. So, to play the original
Metroid , you would type:
$ nestra Metroid.nes
See Figure 7-8.
Figure 7-8. Metroid under Nestra
Nestra key bindings are the same across games and correspond to the standard NES controller (Table
Table 7-4. Nestra key mappings
Arrow keys
Arrow pad
Button A
z, x
Button B
Pause, Break Reset
Exit Nestra
Adjust the emulation speed. 1 is the normal speed, 2 is double speed, etc.
Run at half speed
Pause the emulator
Some games, such as Zelda, save games on the game cartridge itself. Since you are dealing with ROMs
here, Nestra will place saved games in a file in the directory containing the ROM you are running, or will
put the saved games in ~/.nestra if the directory exists.
7.5.3. SNES9x
The NES definitely had a lot of fun games, and when the next generation of Nintendo's consoles was
released the Super Nintendo Entertainment System, or SNES many of the classics, such as Super Mario
Bros, Zelda, and Metroid, found their way onto the new platform. You can play all of your favorite SNES
ROMs under Linux using the Snes9x program.
Snes9x is an SNES emulator that runs on Windows, Linux, Mac OSX, and other platforms. The Linux
port is packaged by most distributions, or you can download and build the source from the official
Snes9x page at
Once installed, running Snes9x is similar to Nestra simply type snes9x followed by the path to the SNES
ROM as an argument. To run Zelda 3, for example, you would type
$ snes9x zelda3.smc
Unlike Nestra, Snes9x has a large number of options you can pass on the command line. For instance,
the -y option enables "TV mode," which scales the image by two and inserts an extra blended pixel
between each scan line. The end result of TV mode is a larger, easier-to-read screen that looks more
like a regular television screen.
Snes9x uses a standard set of key bindings to correspond to the buttons on an SNES controller. The
standard key bindings are shown in Table 7-5.
Table 7-5. Snes9x key mappings
Quit the emulator
Pause, Scroll Lock
Pause the emulator
Up arrow, u
Up direction
Down arrow, j, n
Down direction
Left arrow, h
Left direction
Right arrow, k
Right direction
a, v, q
TL button
z, b, w
TR button
s, m, e
X button
x, ',', r
Y button
d, '.', t
A button
c, y
B button
Start button
Select button
Shift F1-F9
Save the game in one of nine different slots
Restore the saved game in the specified slot
Snes9x has support for joysticks, and by default will scan for /dev/js0, or you can specify the joystick
device to use with the -joydev1 argument. You can also control the mapping for the eight different SNES
buttons with the -joymap1 and -joymap2 options (for joystick 1 and joystick 2, respectively) followed
by the eight different buttons in order. For instance, the default is 0 1 2 3 4 5 6 7, which corresponds to
A B X Y TL TR Start Select.
There are so many different options to Snes9x, in fact, that a couple of graphical frontends have been
created to make the process of configuring Snes9x easier. Snes9express is an easy-to-use frontend that
makes it easy to organize your SNES ROMs and experiment with different settings. You can download
the latest version from or use the package that comes with your
distribution. Snes9express supports skinning and even includes a skin that makes it look like the
original SNES console (Figure 7-9).
Figure 7-9. Snes9express
Click Console
Preferences and give snes9express the path to your SNES ROM directory, and then
you can click the ROM Selector button for a window to pop up with a full list of available games to run.
Select the game you want to play and then click Power to start. The Snes9express window will
disappear while the game is running, and reappear once you exit the game.
To change Snes9x settings from within Snes9express, click on the different settings tabs in the the main
window. Sound, video, controller, and other settings can be configured in these tabs and the GUI makes
it easy to toggle an option, or to change your joystick settings quickly.
7.6. Frozen Bubble
Some of the most fun games, the games that have the highest replay value, are often the simplest
ones. Frozen Bubble is a puzzle game similar to Puzzle Bobble or Bust-a-Move. The object of Frozen
Bubble is to remove all of the different colored bubbles that are arranged on the top of the screen
(Figure 7-10). Your player is given a single colored bubble, and you aim from the bottom of the screen
and attempt to hit a bubble at the top of the screen that has a matching color. If you hit a bubble with a
matching color, it and all of the bubbles connected below it will disappear. If you don't hit a match, your
bubble becomes another bubble to eliminate. You beat a level by eliminating all of the bubbles from the
level. If you don't remove bubbles fast enough, the board shifts down closer to the bottom. Once a
bubble hits the bottom of the board, you lose.
Frozen Bubble is a common game and should be packaged by your distribution. Otherwise, you can
download and compile the source from the official site at Start Frozen Bubble
from a menu or type frozen-bubble on the command line. You can choose one- or two-player games,
and can even create your own levels from the included level editor.
The single-player game pits you against the clock. The controls are basic and easy to pick up. Left and
right arrows adjust your aim to the left and right, respectively, and the up arrow launches your bubble.
Take advantage of the fact that bubbles bounce from the side walls to get bubbles to hard-to-reach
places. If your aim is good you can sometimes complete a level with a single well-placed bubble.
Figure 7-1. Frozen Bubble
The double-player games pits you head-to-head against another player (Figure 7-11). Both players use
the keyboard, so player 1 aims left with X, right with V, and launches with the C key. The second player
uses the standard arrow keys. In two-player mode both players are playing side by side at the same
time with their own puzzle. The first player to complete the level wins that round.
The included level editor allows you to customize your own levels so you can arrange the number, color,
and location of bubbles however you choose. Right-click on a bubble to remove it, and click on the
colored bubbles on the side of the screen to choose the color to use. You can change any of the 100
included levels with the level editor.
7.7. Tux Racer
What would a chapter on Linux games be without a game featuring the Linux mascot Tux? Tux Racer is
a 3D racing game, but instead of a car or other vehicle, you race Tux the penguin down an ice hill on his
stomach. Success depends on how quickly you complete the race and the number of herrings you eat
along the way.
Figure 7-11. Frozen Bubble two-player mode
Tux Racer began as a completely open source project up through Version 0.61. With the increased
success and improvements to the game, Tux Racer 1.0 was released as a boxed commercial product
from Sunspire Studios. Although you could purchase Tux Racer 1.0 from the official site at, the open source 0.61 release was still available for download at This release is what is commonly included with most distributions.
Start Tux Racer either through your menu or by typing tuxracer on the command line. The opening
menu gives you the option to enter an event or practice. The events are a series of races, and each race
requires that you complete the previous races to advance. As you select from the available races, you
can see the maximum time and number of herrings needed to advance. If either of those requirements
aren't met, you will have to try the race again.
The controls in Tux Racer are fairly simple to learn, but the finer points of controlling Tux can take time
to master. The left and right arrow keys steer Tux through the race. The up arrow causes Tux to flap his
fins, which does different things depending on where you are in a race. If you are moving slowly
(particularly when you start a race), flap the fins to increase Tux's speed. Once your speed reaches the
yellow area, flapping the fins actually slows Tux down. Also, when you jump in the air, flapping his fins
allows Tux to stay in the air longer, and lets you adjust his direction while flying. The down arrow
serves as a brake and slows Tux down. You can combine the down arrow with the left and right arrows
to perform a hard turn in the game.
Tux can also jump in the game with the E key. Holding down this key charges Tux's "Energometer"; the
fuller the Energometer, the higher Tux will jump. If Tux gets stuck in some area of the map, you can
use the Backspace key to reset Tux's position, or, if you want to completely give up, you can press the Q
key to quit.
Tux Racer saves its files in the ~/.tuxracer directory. You can edit Tux Racer options such as whether to
run in full-screen mode, by editing the ~/.tuxracer/options file. You can also use the options file to
change the keyboard and joystick bindings that Tux Racer uses.
The practice levels provide quick access to the different levels in Tux Racer without requiring you to
beat any levels or even meet any requirements. This lets you pick out your favorite level and play a
quick game without worrying about the time or whether you picked up enough herring. A favorite is the
"Who said penguins can't fly" level, which is designed like a bobsled run to get Tux moving as quickly as
possible (Figure 7-12).
Figure 7-12. Who said penguins can't fly?
There are some strategies that you can use to get better times in the races. For one, not all surfaces are
the same to Tux's stomach. The fastest surface is the slick ice, the second fastest is the snow, and the
slowest is the rough ground. The latter will actually slow you down when you slide over it, so try to
avoid it. Also, be sure to flap Tux's fins only when you are below the yellow line in speed; otherwise,
you will be slowed down. You can also pick up a great deal of speed by flying through the air. You can
use angled sections of the race track as ramps to propel Tux through the air. Upon his descent Tux picks
up a great deal of speed and also avoids obstacles on the track that might slow him down. Of course,
keep in mind that flying too much might mean missing valuable herring you need to pick up along the
Chapter 8. Office Suites and Personal
Linux has come a long way since the early days. When people started to use Linux not just for tinkering
with the system, but rather in order to get actual work done, various kinds of servers such as email or
web servers were the normally used applications. Typical desktop and personal productivity applications
such as word processors, spreadsheets, or collaboration tools were mostly unknown on Linux.
This situation has changed fundamentally. A variety of office suites and other personal productivity
applications are available, and this chapter describes some of the options. The focus is on OpenOffice,
probably the most feature-complete office suite available for Linux today, but we also talk about other
options, as well as collaboration tools.
8.1. Using OpenOffice
By now, OpenOffice has become the leading full-function free and open source office suite program for
GNU/Linux and is included by default on most distributions, including SUSE, Red Hat, Debian, and
This should not take credit away from the other free and open source office suite development
projectsKOffice and AbiWord come quickest to mindbut OpenOffice gains the stage here due to the
relative maturity of its code base and the elegance of its native open XML file format (which even
KOffice has) as well as the suite's ability to run on Windows and its compatibility with the popular
proprietary file formats.
8.1.1. "OpenOffice" Versus ""
Certain conventions of language used in this chapter would be confusing if they are not highlighted. The
term "OpenOffice," or its abbreviated form "OOo," typically refers to the software, the code, the
product, the office suite itself. In referring to the development project, the terms "" or
"OOo project" or " development project" apply exclusively. To make things even more
confusing, there is also StarOffice, which is based on the same code base, but sold by Sun Microsystems
as a commercial product.
8.1.2. The Modules of OpenOffice
One among several hallmarks of OOo is the tight integration of its word processor, spreadsheet, and all
other modules , which leads to a strong consistency in features, menu placement, and ease of use. The
OpenOffice modules are listed in Table 8-1.
Table 8-1. The modules of OpenOffice
Module name
Label under File
Word processor
Text Document
Spreadsheet program
Presentation editor
Graphics editor
Web (HTML) editor
HTML Document
Math formulas editor
We cover OOoWriter, OOoCalc, and OOoImpress in this chapter, omitting the remaining modules
because they are less frequently used and their features and functions are well supported in the leading
reference texts and online documentation for the users who still depend upon them.
8.1.3. OpenDocument and OpenOffice 2
This section of the book was written for OpenOffice 1.1 and therefore will be most helpful to users of
Versions 1.1.1 through 1.1.5. By the time of publication, however, the development
project will have released OpenOffice Version 2 worldwide.
Generally, OpenOffice 2 looks and feels more like the modern versions of Microsoft Office. This should
help smooth transitions to the open source office suite, on both Linux and other platforms.
The most significant development in Version 2 is the new native file format, called "OASIS
OpenDocument." This has already been widely embraced by technologists and government IT
organizations (a web search for "Massachusetts" and "OpenDocument" offers a revealing start).
OpenDocument is an open XML file format, represented in OpenOffice 2 by the new filename extensions
.odt for a text file, .ods for a spreadsheet, and .odp for a presentation file, among others. (Version 1
uses the filename extensions .sxw, .sxc, and .sxi, respectively.) OpenDocument is an upgrade of the
same OASIS-based open XML file format used in Version 1; however, OpenDocument has some
additional capabilities that make it incompatible with the earlier iteration of the format.
Accordingly, OpenOffice software prior to 1.1.5 cannot open or create files in the OpenDocument file
format, and therefore cannot handle files created by users of OpenOffice 2. However, put
the OpenDocument filters into Version 1.1.5 so that users of the 1.1 version can easily upgrade to a
version that works the way they are familiar with and still open the new OpenDocument files. Users of
Version 1.1 or earlier will need to upgrade to OpenOffice 2 in order to gain all the latest functionality
and be able to create OpenDocument files themselves.
8.1.4. OpenOffice Writer
OpenOffice Writer (also known as OOoWriter ) is the word processor module included as one of six key
components of OpenOffice. By now, OOoWriter is designed to be familiar to users of Microsoft Word. Launching OOoWriter
Configuration of the Launch or Start menu may vary across the Linux distributions. On the Java Desktop
System, for example, starting OOoWriter from the Launch menu brings up the Templates and
Documents New Document window, where you can select the New Document icon in the left-hand
index, then Text Document from the list in the central pane.
You can launch OOoWriter directly if you have created a dedicated Launcher icon on the desktop,
taskbar panel, or both. Create a Launcher icon for any module of OpenOffice that you use frequently.
Keep in mind, you may launch any alternative module from within any open module of OpenOffice: on
the main menu, select File
[module]. Opening files
To open an OOoWriter or MS Word file, either open the directory where the file is located and double-
click on the file's icon or select File
Open on the main menu. Then, in the Open window, browse to
the appropriate folder, highlight the filename and select the Open button.
Note that MS Office filesthose in the .doc formatopen in OpenOffice in the same way a native OpenOffice
document opens. You can edit the MS Office document and save it either in its own format or in
OpenOffice's native format. See Table 8-2 for a complete list of file formats available for saving. Saving files
After editing a document, select File
Save. A new file will be saved to the user's
/home/[user]/Documents directory by default. You can also save a file to its current directory or the
default directory with one click of the Save Document icon on the function bar.
For information about the function bar, see "Identifying the toolbars" later in this chapter and Figure 82.
If you need to select a different target directory or change the filename or file type, select File
As. The Save As window then appears, and you can make the appropriate selections and click the Save
button. This window is explored further in the following section.
Saving as different file types. If you open an existing document, it is saved by default in its original
format. To save as a different file format, select File
Save As to open the Save As window. Here you
can make the appropriate selections in the File Type drop-down menu , then click the Save button. The
file types available in the File Type drop-down are listed in Table 8-2.
Table 8-2. Save files in many formats or file types
File format
File extension (suffix)
OpenOffice 6.0/7 Text Document
OpenOffice 6.0/7 Text Document Template
MS Word 97/2000/XP
MS Word 95
MS Word 6.0
Adobe PDF
Rich Text Format
OOoWriter 5.0
OOoWriter 5.0 Template
OOoWriter 4.0
OOoWriter 4.0 Template
OOoWriter 3.0
OOoWriter 3.0 Template
Text Encoded
File format
File extension (suffix)
HTML Document (OpenOffice Writer)
.html;. htm
AportisDoc (Palm)
DocBook (simplified)
Pocket Word
Note that you can save a native OOo text document file (with the .sxw extension) as several different
versions of the legacy MS Office file types as well as in other standard formats, including the web page
format of HTML.
You will be warned about a possible loss of formatting when saving to a format other than the native file
format. That is, of course, because OOoWriter may support features that other word processors (and
therefore their file formats) do not support. So if you want to be absolutely sure that you do not lose
any formatting, macros, or other aspects of your documents at all, always save in the native file format,
or at least keep a copy in the native file format.
Saving or exporting to common file formats. OpenOffice facilitates saving files in several different
file types, including some very useful document standards such as PDF. By choosing the format in which
you save a document, you can ensure that your work is viewable and editable in different software
environments, such as Windows, Mac, Solaris, and others.
Saving in the MS Word file formats. Chose File
Save As from the main menu. In the Save As
window, open the File Type drop-down menu and select the desired MS Office file format version.
Choices include the following:
Microsoft Word 97/2000/XP (.doc)
Microsoft Word 95 (.doc)
Microsoft Word 6.0 (.doc) Exporting and sending files
There are occasions when it's convenient to quickly send a document in its current form to a colleague.
OOo offers a few menu items to help you attach the current document to an email message in a choice
of formats.
Export as Adobe PDF . In your current document, click the small, red Export to PDF icon on the menu,
and the Export window will open with File Type preselected to Adobe PDF. Notice in Figure 8-1 that the
Export window is similar to the Save As window.
Enter the filename, choose a folder in which to save the new PDF file, and press the Save button.
You can achieve the same result by selecting File
as instructed previously.
Export as PDF and filling out the Export window
PDF is a great format for GNU/Linux users to get into the habit of using often. In a world of mixed
computer systems, PDF is one of the most universally accepted file formats, and the security of locking
down the content of your files as they get passed around your organization and supply chain can reduce
the chances of unhappy, confusing or surprising content alterations.
Figure 8-1. The Export window
Sending a document as an email file attachment. OOoWriter offers a host of facilities for exporting
or sending the current document to others through one or two mouse-clicks. To send the current
document as an attachment to an email, select File
Document as Email. This will call up
your email program along with a new Compose window with the current OOoWriter document already
attached. Fill in the address and subject lines as fitting, perhaps add a few words in the message
window, and press the Send button.
This feature automatically sends the attached file in the native or default OpenOffice open XML (.sxw)
file format.
Sending a document as a PDF attachment to an email. To send the current document as an Adobe
PDF attachment to an email, select File
Document as PDF Attachment. The PDF Options
window appears and lets you select a page range or the whole document, and the amount of file
compression. The default compression setting, Print optimized, is fine for most purposes. Identifying the toolbars
The default toolbars of OOoWriterto which we refer oftenare the main menu, the function bar, the object
bar, and the main toolbar (see Figure 8-2).
Figure 8-2. The toolbars of OOoWriter
These are merely the default toolbars available out of the box. Other toolbars can be invoked with
customization. We cover toolbar customization in the section entitled "OOoWriter Customization," later
in this chapter. Basic formatting
This section covers basic formatting techniques for short and simple documents.
One-click character formatting. The text formatting buttons located on the object bar for bold, italic,
and underline hardly need to be covered, because even beginning users know their purpose
In addition to these one-click font-change object bar buttons, many people enjoy using the shortcut
keystroke combinations Ctrl-B, Ctrl-I, or Ctrl-U to effect the same changes on any selected text. These
changes affect any word in which the cursor sits, so text selection (using the Shift key and moving the
cursor, or selecting text with the mouse) is not necessary unless you are changing multiple words of
Character, paragraph, and page formatting. For more customized or fine-grained formatting of
textual characters, whole paragraphs, or entire pages, select Format on the main menu. The sequences
Character, Format
Paragraph, and Format
Page open the Character dialog, the
Paragraph dialog, and the Page Style: Default dialog, respectively.
Inserting headers and footers. To insert a header, go to the main menu, select Insert
and check Default in the drop-down menu. This opens a header frame in the current document where
you can type or enter the appropriate content that will appear at the top of every page of the document.
Inserting a footer is similar to inserting a header, but select Insert
Footers, and check Default.
To change headers or footers in the middle of a document, see "Changing styles in mid-document,"
later in this chapter.
Page numbering . For most documents it's appropriate to place page numbers in a header or footer.
To generate page numbers automatically, insert a header or footer (depending on where you intend the
page number to go, at either the top or bottom of each page) and place the cursor inside the live
header or footer frame by clicking once there. Then go to the main menu and select Insert
This invokes a drop-down menu with the following choices: Date, Time, Page Number, Page Count,
Subject, Title, Author, and Other.
Selecting the Page Number choice inserts the page number automatically at the location of the cursor. If
you wish the page number to be located flush right, simply click the Align Right justification icon on the
object bar after inserting the page number.
To change or restart page numbering at a certain point in a document, see the section "Changing styles
in mid-document."
Generating a table of contents. For a longer written work that is structured with chapters or
headings, it is convenient to exploit OOoWriter's ability to autogenerate a table of contents. This feature
is often used because manually generating tables and indexes is extremely time-consuming and
repetitiveespecially for larger documents.
To generate a table of contents that picks up the headings you've inserted into your document, choose
Indexes and Tables and then, from the drop-down menu, Indexes and Tables once again.
You can then insert a generic table of contents simply by pressing the OK button of the Insert
Index/Tables window, as shown in Figure 8-3.
You can generate a number of different kinds of indexes and tables; the choices include Table of
Contents, Alphabetical Index, Illustration Index, Index of Tables, User-Defined, Table of Objects, and
Bibliography. Format these indexes and tables from the Insert Index/Table dialog, where you can
designate the type of index or table, its layout, the number of heading levels, and other design
characteristics. Printing a document
Print the current document in one stroke by simply clicking the printer icon on the function bar.
Figure 8-3. The Insert Index/Table window
More precise control is gained via the Print window: select File
Print from the main menu, or simply
press Ctrl-P. Here, you can choose a nondefault printer (if one is set up), a limited page range, or a
different number of copies (the default is 1) for the current print job. You can also elect to print to a file. Advanced formatting
Although the following sections introduce the strong formatting features of templates and styles below,
other advanced formatting features are outside the scope of this chapter. It may help just the same to
mention some of the useful features we're unable to cover.
Long-form documents benefit from frames, borders, and sections. These facilities help you format
sidebars, set apart quotations, or highlight elements you wish to distinguish from the running text. They
provide opportunities for adding colored or shaded backgrounds, changing fonts, and using multiple
columns. Text contained in frames can even be set to flow through multiple frames inserted throughout
a document. This is especially useful in formatting newsletters, for example, and making them more
visually engaging. Templates
A variety of stock templates and a facility for creating, editing, importing, and managing templates are
included with OOoWriter. You can access templates by clicking File
Templates and
Documents to open the Templates and Documents window. Then highlight the Templates icon on the
left-hand index, as shown in Figure 8-4.
Figure 8-4. Templates and DocumentsTemplates
Here you can open one of the various stock templates and work away: edit and save it just as you
would a normal document. Documents created this way, however, will not be linked to the template file
from which they were derived. See "Template linkages," later in this chapter, for further detail.
Saving your own document as a template. Any of the documents you've created in your filesystem
can perform as a template. Quite often users repurpose old files such as office memoranda, fax cover
sheets, or business letters and use them to create new documents by simply replacing a few key words.
This practice is fine and works well for many people; however, users could be more productive if they
took full advantage of OOoWriter's template management facilities and particularly its linkage abilities.
Creating a new template. To create a new template, open a new text document (or use an existing
document from your file store) and make the necessary formatting adjustments that you'd like to have
in your template. Now, select File
Save from the main menu. This calls up the
Templates window, which permits you to name the new template and select a template folder or
category in which to store it. You can create any number of your own personal templates and store
them this way.
Files saved as templates this way will automatically have the .stw file extension appended.
Editing templates . You can edit or generally treat a template file just like any other; however, we
recommend editing a template with special care, because it can be easy to open a template file and
then save it by mistake as a normal OOoWriter .sxw file, which would interfere with the template's
linkages and storage location.
One direct way to edit a template is to select File
Templates and Documents. This opens
up the Templates and Documents window directly in the Default folder. Click through the Templates
folders to find the template you wish to edit. Click once to highlight it. This will light up the Edit button
at the bottom of the window, second from the left. Clicking the Edit button will open your template,
ready for edits. When you save via this route, the proper directory path and file format appear
automatically in the Save dialog, so there's less opportunity to mishandle your template.
Managing templates. You can also save any of your own documents as a template or, later, move
them into one of the Templates folders/categories using the Template Manager (Figure 8-5). Access the
Template Manager from the main menu by selecting File
Figure 8-5. The Template Management window
You can browse documents in the right-hand pane of the Template Manager and drop them into folders
in the templates pane on the left-hand side.
Template Manager also offers facilities for importing, updating, and adjusting the printer settings
associated with templates.
Importing templates . The template files you encounter in the Template Management window's
Default folder are actually stored in the /home/swhiser/OpenOffice. org/user/template directory on the
system. The templates you encounter in all the other Template Management folders are actually stored
in the /home/swhiser/ directory. (This allows individual users in a
multiuser installation of OpenOffice to change their own default master templates without affecting
other users on the network.)
To import template files from MS Word or from any trusted outside sources (including useful ones you
find on the Web), you can manually copy the templates into the directories just discussed, and they will
show up in the folders you expect in the Template Management window. Templates copied in this way
will also be available when you use the AutoPilot to create documents from templates.
You can also use the Import Templates feature in the Templates Management window to get external
templates into the correct place and into the proper file format (.stw). This ensures that templates and
the files derived from them maintain their linkages (see the following section).
A third way to import a template is to select File
Save As, choose " Text Document
Template (.stw)" as the File Type, and set the path to the appropriate one of the two directories
mentioned previously.
Template linkages. Template files are linked to the documents that are derived from those templates.
It helps to imagine the template file, or the source file, as the "parent," and the derived document as
the "child." Parent-to-child linkage is one of the principal benefits of using templates. When you have a
large number of child documents in your Documents folder, for example, you have the ability to update
the formatting of all those files in one stroke by altering the formatting of the parent template file. Each
time you open a child document, you are prompted to accept or reject the formatting alterations that
were previously made to the source template, as illustrated in Figure 8-6.
Figure 8-6. Accept the formatting changes to a subdocument
Linkage is broken, however, if you later save the source template file via File
Save As or via the
Save icon on the object bar. Thus you should always save a template file via File
Save if you wish it to remain linked to its children or to keep using it as a template.
Change the default template for all new text documents. As mentioned earlier, the standard blank
document that opens up when you select File
Text Document from the main menu is based
on a default template file that is saved in the Templates and Documents New Document window (Figure
Figure 8-7. Templates and DocumentsNew Document window
To change the default template for all new text documents, first create a new template with the desired
formatting (and add custom styles if desired) as described earlier in "Creating a new template." Save it
by selecting File
Save, enter the filename (let's call it newdefault), and click once on
Default in the Categories pane at the left to save it in that folder.
Then, go into the Template Management window by selecting File
Organize and
double-click in the left pane to open up the Default folder, where you'll find your new template file,
newdefault. Click once upon it to highlight newdefault, and click on the Command button at the far right
to view the drop-down choices. Select "Set As Default Template" at the bottom of the list.
To restore the original text document default template, simply click the Command button once again
and select Reset Default Template
Text Document.
AutoPilot : quick document creation. AutoPilot is like templates on steroids. It offers a way of
creating customized documents that are much like templates, but it is a wizard that takes you through a
few steps to customize the new document rapidly before launching it. AutoPilot is therefore a useful tool
for first-time users who wish to get up and running in OOoWriter quickly.
Access AutoPilot via File
AutoPilot, where you'll see a drop-down menu, as shown in Figure 8-8.
Figure 8-8. The AutoPilot
AutoPilot is a wizard that takes you through various steps to create an individual document from a
generous list of different document types, including letters, faxes, agendas, memos, presentations, web
pages, forms, and reports.
AutoPilot also contains several different utilities to manage document or content conversion: Document
Converter, Euro Converter, StarOffice5.2 Database Import, and Address Data Source. Styles
If you work with many people and want them all to make documents that look the same, you definitely
need styles . Put another way, any formatting you can apply to text can be turned almost as quickly into
a style, which you can then apply over and over through a couple of clicks.
Figure 8-9 shows the button on the function bar (third from right, highlighted) with which you can
quickly open the Stylist in order to begin manipulating styles. Alternatively, open the Stylist by pressing
the function key, F11.
Once open, the Stylist lets you toggle among the five different style types or style categories: paragraph
styles, character styles, frame styles, page styles, and numbering styles. To switch from one style
category to another, simply click the corresponding icon at the top left of the Stylist's toolbar.
Figure 8-9. The Stylist On/Off button
The Stylist. The interface to OOoWriter's Styles is a floating palette called the Stylist. It is invoked by
pressing the function key F11 or the Stylist On/Off button on the function bar. The Stylist On/Off button
looks like a page with a tiny hand on the lower-left corner. The default state of Stylist is to open in
Paragraph Styles with the Automatic mode, as shown in Figure 8-10.
Figure 8-10. The Stylist opens to Paragraph Styles
Clicking through the icons on the Stylist's toolbar, you begin to get a feel for the different styles that
come with OOoWriter out of the box.
Applying a character style. To apply character styles in the Stylist, click on the Character Styles icon
(second from left, showing an A) at the top of the Stylist. This reveals all the default character styles
available (the window is in All mode by default).
To apply an italics style, for example, highlight the "Emphasis" character style (fifth from the top of the
list by default) with a single click and then click once on the paint can icon, which is third from right at
the top of the Stylist (Figure 8-11).
Figure 8-11. The Stylist, ready to paint italics
When you invoke the paint can, your cursor turns into a little paint can tool that makes it easy to apply
your chosen style with precision. Click on a word you wish to italicize, or draw the paint can cursor
across some text. The paint can now gives you a Midas touch that italicizes everything on which you
click. You can turn off the style by pressing F11, clicking on the X icon at the top right of the Stylist box,
or choosing a different style.
Modifying styles. To modify a style, press CtrlF11 to bring up the Style Catalog. The resulting window
is shown in Figure 8-12. You can also invoke the Style Catalog from the main menu by selecting Format
Figure 8-12. The Style Catalog
We've already shown you how to change a particular paragraph or set of characters. You can make
similar changes to styles. For instance, if you want list items indented differently from the default
indentation used in a list style, you can edit the list style and make it indent each list the way you want.
When you modify a style, it immediately takes effect on all existing items in the document, as well as
items you create afterward. This section shows you how to modify a style; a later section shows you
how to create an entirely new style so you can do things the inventors of OOoWriter didn't anticipate.
Quick-flowing styles modification is one of the key productivity benefits for using styles rather than
manual or direct formatting. It permits efficient formatting of large documents for work that is likely to
be used by many different people or reused repeatedly.
The Style Catalog displays different styles depending on the style existing at the cursor's current
location. This can be very convenient; if you wish to modify a certain style throughout an entire
document, just place the cursor on one example of that style and proceed to modify it.
With the Style Catalog open, highlight the style you wish to alter and click the Modify button at the right
of the Style Catalog window. This opens the Style Settings window for the highlighted style (in Figure 812 this is Default). The Style Settings window is shown in Figure 8-13: here you can change any
characteristic that is available for modification.
An alternate way to modify a style is to right-click on the style in the Stylist and choose from New,
Modify, or Delete. When you click Modify, the Style Settings window opens and you can make the
desired changes.
Figure 8-13. The Style Settings window
Updating styles . Short of creating a whole new style from scratch, you can quickly change an existing
style by applying the format of a selected character, paragraph, or page.
To update a particular style, press the function key F11 to open the Stylist. Next, click the icon of the
style type you want to update: paragraph, character, or page. Then, click once in the document in the
place where you want to copy or update the style. For example, you may be "borrowing" paragraph
formatting that you had previously applied manually. Next, in the Stylist, click on the style name you
wish to update. Finally, click the Update Style icon at the far right of the Stylist toolbar.
Adding new styles (or creating styles). Although OOoWriter comes with many predefined styles,
advanced situations will inevitably need new styles to be added. These styles are also known as custom
styles, and they travel with the document with which they were created when it is saved.
To add a new style to the Stylist, first open the Stylist by pressing F11. Next, pick a style type and
highlight an existing style in the Stylist that's similar to the new one you wish to create (if such a style
exists). Right-click that style and select New. This opens the Style Settings window (shown in Figure 813). Here you can set all the characteristics you want for the new style, including its category.
There are two alternative ways to add a new style. One is by clicking the "New Style from Selection"
button, which is the second button from the right at the top of the Stylist. This opens the Create Style
window, where you can choose a new style from the given list and enter a name for the new style, as
shown in Figure 8-14.
Figure 8-14. The Create Style window
Perhaps the best way to create a style that doesn't closely resemble any existing style is to press CtrlF11 to open the Style Catalog. Then click the New button on the right side. This opens the Style Settings
window, where you can make all the desired selections to create your new style.
Changing styles in mid-document. To change page styles, headers, and footers, or to restart page
numbering in mid-document, generally insert a manual break where the cursor sits by selecting Insert
Break from the main menu. The Insert Break dialog offers you the opportunity to select a new page
style or to change the page number. Headers and footers can be changed at this point by creating new
page styles with different header and footer content and invoking these new page styles when inserting
the break.
Load (transfer) styles. You can transfer styles into the current document from another document or
template by selecting Format
Load from the main menu. This calls up the Load Styles
window, shown in Figure 8-15. Here you can specify a file containing the styles you want, and load any
or all of these styles by checking the desired boxes along the bottom of the window.
Figure 8-15. The Styles Load window Collaboration with documents
When several people create and edit a document together by passing the draft around, it becomes
useful to turn on changes tracking. This allows each person's changes and deletions to appear in a
different color while the document circulates for drafting.
Changes tracking. To turn on Changes Tracking, select Edit
Changes from the main menu and
single-click both Record and Show. Once turned on, these settings travel with the document when it is
saved, and will stay on until someone un-checks them and saves the document again.
Comparing documents. To compare two different documents, open the first document and select Edit
Compare Document. This opens the Insert dialog, where you can select or type in the name of the
second document. Click the Insert button at the bottom right of the window. The insert procedure
merges the two documents and shows the results using the changes tracking feature, as if you had
started with the second document and edited it to create the first. Typical results are shown in Figure 816.
Version control. OOoWriter's version control features allow you to keep track of numerous versions of
a document from within a single file. This both saves disk storage space and provides ready and quick
access to older versions of a document. Thus, if you make edits that you later regret, you can back
them out. If somebody asks when a change was made, you can review earlier versions of the document.
Version control is accessed via the main menu under File
window (see Figure 8-17).
Versions. This launches the Versions
To save a new version of a document on which you're working, choose File
Versions from the main
menu and click the Save New Version button at the top left in the Versions window. The Insert Version
Comment window (Figure 8-18) pops up, permitting you to enter a few phrases to remind yourself and
your collaborators later what changes you made and why. Documenting what you've done here lets you
also distinguish versions later without having to open each one.
Figure 8-16. Differences are displayed as redlined content
If you use File
Save As to save a version on which you are working, none of the version information
is preserved; you have instead created a spanking new document. You could, of course, start again with
this new document as a base, and use version control once again for future changes.
To open a specific version of a document listed in the Versions window, choose File
highlight the desired version, and click the Open button. This opens the indicated version of the
document as a read-only file. You can, if you wish, save this version as a separate document, with no
reference to other versions, past or future, by using the File
Save As menu option.
Figure 8-17. The Versions window
Figure 8-18. The Insert Version Comment window
To track and show changes from one version to another, click the Compare button in the Versions
window. This highlights all version differences (just as when using the Edit
Compare Document
feature) in a document and gives you the chance to accept and reject each change. Navigator
The Navigator is a floating panel, like the Stylist, that adds horsepower to your ability to rapidly move
throughout a document. The Navigator is turned on or invoked by clicking the Navigator button on the
main menu, just to the left of the Stylist button, or by pressing the function key F5 at any time.
The Navigator panel displays an expandable outline of all the elements in your document to aid a rapid
jump to any one of them. Such elements include headings, tables and text frames, graphics, OLE
objects, bookmarks, sections, hyperlinks, references, indexes, notes, and draw objects. If you click on
the plus sign in front of any of those object types in the Navigator, you can click on any of the elements
listed to immediately scroll the document to that location. Keyboard shortcuts
This section lists the most common keyboard shortcuts that users find valuable for speeding up
document composition. The shortcuts are faster than using the mouse and drop-down menus because
the keystrokes allow you to keep both hands on the keyboard. Some people in danger of developing
repetitive stress syndrome through excessive use of the mouse can find these shortcuts of particular
Custom keyboard mappings. The key mappings reflected in Table 8-3 are merely default settings.
Users and system administrators are free to change them to reflect their personal or organizational
taste or habit by selecting Tools
Table 8-3. Common keystrokes to avoid the mouse
Copy text
Cut text
Paste text
Bold text
Italic text
Underline text
Adjustments to the Function Key defaults can be helpful, too, in the desktop migration process.
OpenOffice offers four modesF[1-12], Shift-F[1-12], Ctrl-F[1-12], and Shift-Ctrl-F[1-12]--which creates
many openings for custom function key mappings that can aid speed and productivity. Searching a document with Find & Replace
To find and replace characters in a document, press Ctrl-F to open the Find & Replace dialog.
Alternatively, you can access the Find & Replace dialog from the main menu by selecting Edit
& Replace.
Enter the term you're searching for in the "Search for" field (top left), and, if you want to change it, the
term you'd like to replace it with in the "Replace with" field. Proceed by pressing the Find button at the
top right of the window, and the search will locate the term you're searching for in the nearest location
in the document after the placement of the cursor. Continue by pressing the Replace button whenever
appropriate. If you come to a term that you don't wish to replace, just press the Find button again to
advance to the next example of the search term. Inserting hyperlinks
Inserting hyperlinkstextual references to URLs on the Webinto documents has become essential. To
insert a link, choose Insert
Hyperlink from the main menu. This invokes the Hyperlink window,
where you can enter the name of the link (compete with http://) in the Target field and the text for the
link in the document in the Text field, second from the bottom of the window. Other options are also
offered, as shown in Figure 8-19.
Figure 8-19. Inserting a hyperlink
Click the Apply button at the left of the series of buttons across the bottom of the window, and your text
will appear highlighted and clickable in your document. Close the dialog by clicking the Close button.
Test the link to see that it was spelled, punctuated, and typed correctly. If it is correct, clicking on the
link in your document will wake up your browser with the target web page in it, and produce a little
surge of joy in your heart.
Naming your hyperlinks is a good idea because that will enable you to move quickly among them with
the Navigator, where the link names will be listed in outline form and clickable. To enter a name in the
Hyperlink window, type a short but descriptive sequence in the Name field at the bottom of the dialog
before you click the Apply button.
One may also make a hyperlink from existing text by highlighting the text sequence with the cursor,
selecting Insert
Hyperlink, and filling out the dialog. Fill in at least the Target field and click the
Apply button. Close the dialog by clicking the Close button. Word count
Journalists, authors, and editors depend on this feature for their daily bread, so they can be forgiven
anxiety at missing the word count feature. In fact, word count is present in OpenOffice, but it's in a
surprising location. The feature is located in MS Word under Tools
Word Count, but in OOoWriter
it's found under File
Statistics. Password-protecting documents
You can secure OOoWriter documents from unwanted access by saving files with password protection
turned on. When saving with File
Save As, simply check the "Save with password" box and enter
and confirm your password when you are prompted to do so during the save.
To turn off whole document password protection at any time, simply choose File
the "Save with password" box, and complete the save.
Save As, uncheck
OOoWriter offers a variety of ways to protect your documents against alterations to revision markings,
sections, frames, graphics, objects, indexes, and tables. Consult the system Help under "passwords :
protecting content."
8.1.5. OOoWriter Customization
OpenOffice offers many ways to customize its settings. A quick browse of the five tabs under
OOoWriter's Tools
Configure (Menu, Keyboard, Status bar, Toolbars, Events) offers a good sense of
the scope of OOoWriter's customization possibilities for the advanced user or system administrator. OOoWriter toolbar customization
The workflow habits and nature of the business of each organization dictate the shape of its desktop
toolset. So wide latitude in toolbar customization can help system administrators or power users bring
the most frequently used toolbars or object elements to the top to increase productivity for themselves
or all users in the workgroup.
In addition to the default toolbars available out of the box (main menu, function bar, object bar and
main toolbar) the following additional toolbars are available through customization: table object bar,
numbering object bar, frame object bar, draw object bar, control bar, text object bar/graphics, Bezier
object bar, graphics object bar, objects, text object bar/Web, frame object bar/Web, graphics object
bar/Web, object/Web, and user-defined no.1.
You can hide any of the toolbars (except main menu) by unchecking their names in the top half of the
context menu that opens when you right-click in the empty space within any of the toolbars (Figure 820).
Figure 8-20. The context menu for configuring toolbars
You can further rearrange elements and redesign toolbars to your personal or workgroup preference by
choosing any of the other four choices in the bottom half of the contextual menu: Visible Buttons,
Configure, Customize, and Reset. Changes made using these commands apply to the specific toolbar on
which you right-clicked to call the context menu. Adding an OOoWriter icon on the desktop or taskbar panel
Launching OOoWriter with a quick double-click of an icon is usually faster and preferable to wading
through a series of cascading menus. You can add separate Launchers to open each of the OpenOffice
modules directly. Here's the easiest way to set up a launcher specifically for OOoWriter on both your
desktop workspace or the edge panel across the top or bottom of your desktop. The example is given
from the GNOME environment; KDE will be different.
Right-click on an open space on the edge panel and select Add to Panel
Launcher from menu
OpenOffice Text Document (the path may vary across different Linux distributions). This will
place a OOoWriter icon onto that location on your Taskbar Panel. To add either an OOoCalc or
OOoImpress icon, simply choose OpenOffice Spreadsheet or OpenOffice Presentation in the last step.
To add the same Launcher icon to the desktop space, simply drag and drop the OOoWriter icon you've
just created on your taskbar panel onto your desktop workspace. This places a duplicate Launcher icon
on the desktop, if that location is useful to you, and you can remove the taskbar panel icon if you wish
by right-clicking it and selecting Remove From Panel on the context menu. To remove a desktop icon,
right-click it and select Move to Trash in the context menu. Adjusting unpopular default settings
OpenOffice is set by default to automatically complete words, replace certain characters, and capitalize
initial letters in a new sentence. If you feel autocorrection to be intrusive while you are typing, the
autocorrect settings are easy to adjust to be less intrusive or to turn off completely.
Word Completion (turning off). OOoWriter's Word Completion feature comes turned on by default.
Some users find it distracting or annoying to have the word processor program appending the ends of
words before they finish typing them. Others are content to ignore the completion action and leave the
default alone.
If you like OOoWriter to complete your words, simply press the Enter key when its recommendations
are felicitous; otherwise, press the spacebar to reject the program's offering.
To turn Word Completion off, select Tools
Word Completion and
uncheck the box before the phrase "Enable word completion" near the top of the window. Then click the
OK button.
Auto-Replace (turning off). If you find Auto-Replace to be invasivesuch as when you attempt to type
(c) and it keeps replacing your keystrokes with the copyright symbolyou have two options: edit the
replacement list, or turn off Auto-Replace altogether.
Editing the replacement list is straightforward. Select Tools
AutoCorrect/AutoFormat and go to the
Replace tab. There, highlight the offending element and either press the Delete key or enter a different
target result in the With: field.
To turn off the Auto-Replace function, select Tools
AutoCorrect/AutoFormat and click on the Options
tab. The topmost option is "Use replacement table," with two checkboxes in front. By unchecking both
boxes in the [M] and the [T] columns, you can turn off the specific substitutions listed in the
replacement table. You can turn off all the other specific automatic replacement actions, too, by
unchecking the respective boxes under [M] or [T] as you go down this list in the Options tab.
Customizing Auto-Replace. Note that in the Tools
AutoCorrect/AutoFormat dialog, the leftmost
Replace tab contains the list of default replacements. This list is based on the OpenOffice developers'
extensive knowledge of common keystroke errors and frequently used symbols (such as the copyright
symbol). Leaving Auto-Replace turned on can aid your compositional productivity, especially if you
customize the replacement list to make your own most frequent word, character, or symbol
replacements. Add your own simply by typing elements into the Replace and With fields and then press
the New button. Delete an entry by highlighting it in the list pane and pressing the Delete button.
Auto-Capitalization (turning off). OOoWriter is set to automatically capitalize the next character you
type after a period. It also decapitalizes a second uppercase character typed in a sequence. This is
beneficial most of the time when we fail to strike the Shift key, which is surprisingly often; however,
when we type abbreviations or when we type acronyms that demand two initial capitals, these
AutoCorrect actions are unwanted.
If the Auto-Capitalization feature offends your sensibilities or disturbs your workflow, you can turn it off
by selecting Tools
AutoCorrect/AutoFormat and clicking on the Options tab. Uncheck the two boxes
under the [M] and [T] columns in front of the second option, "Correct Two Initial Capitals," and the
third option, "Capitalize the first letter of every sentence."
Auto-Capitalization (making exceptions). Auto-Capitalization can be very helpful when you
integrate it into your typing repertoire. Consider keeping the feature turned on, and just add exceptions
to make the Auto-Capitalization work for you instead of against you. You can adjust Auto-Capitalization
exceptions by selecting Tools
AutoCorrect/AutoFormat and proceeding to the Exceptions tab.
At the Exceptions tab, you can add abbreviations you repeatedly use to the "Abbreviations (no
subsequent capitals)" list in the upper window. These entries permit Auto-Capitalization to
automatically capitalize the first letter of a new sentence, while it will not make such an invasive
adjustment after any of the abbreviations listed.
Also at the Exceptions tab, you can add to the list of words or acronyms that demand two initial
capitals. The default entries already there provide a source of examples. Among our own favorite
exceptions of this type are OOo, OOoWriter, and the many variations on that sequence.
8.1.6. OpenOffice Calc
OpenOffice Calc (also known as OOoCalc ) is the spreadsheet program included in the OpenOffice office
suite. Users familiar with recent versions of Microsoft Excel will feel at home in OOoCalc. Managing files
Opening, saving, sending, and exporting OOoCalc files is the same as with OOoWriter files. See the
previously described details for OOoWriter. Entering labels (text)
Entering a labelthat is, a word rather than a numberinto a cell is the same in OOoCalc as in MS Excel:
begin the character sequence with a ' (single quote) character, finish typing the rest of the characters,
and press Enter. Autofill
Fill a row or column of numbers quickly with a simple drag-and-drop motion. After entering the number
1, for example, in the cell A1, simply highlight the cell by clicking on it once; then, grab the small black
square at the bottom right corner of the cell with a left-click and drag the square down or across to fill
in numbers. Consecutive numbers fill in the cells upon release of the mouse button. Entering simple formulas
This is basic stuff to experienced spreadsheet users. Formulas always begin with an equals sign (=). For
example, to calculate the result of 1 + 1, you would type = 1 + 1 and press Enter.
To calculate a result based on other cells, type = in the cell where you want the result to appear, then
click on the first cell in the formula. This will highlight the cell in a red outline. Type an operator such as
+ and click on the second cell. This will highlight that cell in a red outline. You can keep entering as
many operators followed by cells or other values as you like. Finally, press Enter; the result will appear
in the target cell.
Note that the formula field, just above the cell area of the spreadsheet, contains the formula just
created. The alternative way of creating the same formula would be to simply type it directly into the
formula field. First, click once on the desired cell. Then click once on the empty formula bar and type
your formula directly in it and then press the Enter key. Summing a column of numbers
To quickly sum an existing column of numbers, highlight the empty target result cell with a single click.
Then, click the sigma icon on the formula bar. This automatically highlights in blue the most likely
nearby column of numbers to be summed. If the highlighted group is appropriate, press the Enter key,
and the result will appear in the target cell. If the appropriate group of numbers is not highlighted, you
can grab the small blue square at the bottom right of the highlighted column and adjust the grouping to
the precise numbers you wish to sum. Then, press the Enter key. Moving cell contents
It's easier to move a range of cells in OOoCalc than it is to move a single cell entry. This task is the one
that gives the most people trouble when they are adjusting to the new environment of OOoCalc, but it is
quite simple once you've done it once or twice.
To move a range of cells, simply highlight the range by clicking in one cell at an extreme corner of the
range and, while holding the left mouse key down, drag the mouse pointer across the rest of the cells in
the range. When the whole range is blackened, release the left mouse key. Now, go back with the
mouse pointer and make a single mouse click anywhere in the blackened range (while holding down the
button) to grab the range and move it to its new location. Drop the range of cells in its new location by
simply releasing the mouse button.
Moving a single cell entry requires the same procedure, but highlighting a single cell usually proves
troublesome for new users. That's because the highlight motion with the left mouse button requires the
user to left-click on the cell, move the mouse pointer outside the cell and back, release the mouse
button, and then go back to grab and move the highlighted cell.
MS Office offers a single motion to move a single cell, while OOoCalc requires a double motion involving
first a highlight and then a move. The OOoCalc process is annoying because it's more complicated, but
in the end it's effective and not that difficult to master and remember (because the old method is soon
forgotten). Adjusting column widths and row heights
To change the width of a column, bring the mouse pointer up into the grid's column headings, labeled
A, B, C, and so on. Note how the mouse pointer changes to a double horizontal arrow when it rolls over
any column divider. While the arrow is visible, simply move it to the right or left to increase or decrease
the width of the column immediately to the left of the divider. To put a column back to its default width,
right-click on the column heading to call up the Column Width dialog. Check the empty box labeled
"Default value" and press the OK button. The column will now snap back to its default width (0.89
To adjust the height of a row, apply the procedure just shown for adjusting column width, but with the
mouse cursor on the top or bottom of a row heading at the left edge of the page. To restore a row's
default height, apply the procedure just shown for restoring the default column width, but at the left
edge of the page on the desired row heading. Merging cells
To merge multiple cells, first highlight the group of cells you wish to merge, then select Format
Merge Cells
Define from the main menu. This will create one cell that contains the contents of the
cells in the range you highlighted. OOoCalc's recognition of data can be quite sophisticated. For
instance, if one column contains Jun and another contains 3, the date 06/03 followed by the current year
appears in the merged cell. Freezing and splitting windows
It's hard to navigate through larger spreadsheets because the column and row headings disappear from
view. The Window
Freeze and Window
Split commands permit you to lock column and row
headings into place while scrolling to view other sections of the spreadsheet.
To lock down your column and row headings, click on the cell where you want the freeze to take effect
and select Window
Freeze from the main menu. This will put a check mark on the Freeze item on
the drop-down menu and lock the columns to the left of the highlighted cell, as well as the rows above
the cell. The spreadsheet initially shows just lines to outline the frozen cells, as can be seen in Figure 821.
Figure 8-21. Freezing the column and row headings
Now you can move down and to the right. Note in Figure 8-22 how column headings stay fixed and
visible as we move down the spreadsheet. A similar effect takes place with the column B row headings
at the left if we scroll through the spreadsheet to the right.
Another interesting way to leave parts of your spreadsheet visible is to choose Windows
instead of Window
Freeze. Now you can click on any pane and scroll it. The pane you clicked on will
move, along with one of the panes next to it depending on whether you scroll up and down or right and
left. The other two panes will stay still.
Figure 8-22. Column and row headings are frozen
To remove the Freeze or Split settings, simply click the checked selection on the drop-down menu, and
the freeze or split lines will go away. Freeze and Split settings "travel" with a document when it is saved
with either of the settings checked. Page Break View
Page Break View offers a detailed view of the current spreadsheet's page breaks for printing. To turn on
Page Break View, select View from the main menu and click on Page Break View in the drop-down
menu. This sets a check mark at the selection. To turn off Page Break View, uncheck this selection on
the drop-down menu.
You can quickly set or adjust page breaks by dragging the outside blue lines to cover the desired range,
and just as easily move the page-dividing lines to include the desired columns and rows on the proper
printed page. Page Break View also offers a way to view and navigate larger spreadsheets from a more
distant perspective. Setting the print range
When you create a new spreadsheet from scratch, it has no print range set. Such a spreadsheet appears
gray when in Page Break View. To set a print range for your spreadsheet, make sure Page Break View is
turned on, then highlight the full area you wish to print by clicking on the cell in one corner and
dragging the mouse pointer across the entire range. Alternatively, select Format
Print Ranges
Define. Any spreadsheet content that's outside the range you set this way will not be printed.
If there is a print range already defined and you need to adjust it, simply grab the corner of the blue
outline (or just grab a side) with the mouse and stretch it to include all the desired cells of your new
print range.
To grab, first move the mouse pointer over the blue outline of the print range; you'll see the mouse
pointer turn into a bidirectional arrow. The arrow permits you to drag the print range blue outline to a
different place simply by clicking and dragging the line to the desired location. Functions
OOoCalc has a full array of function types, including financial, database, temporal (date and time),
array, statistical, informational, logical, mathematical, and textual.
OOoCalc's functions, their syntax, and their required formats are well documented in the Help dropdown menu of the main menu. Select Help
Contents, and the Help window will open up. Then, in
the Index tab at the "Search term" field, type functions, and press the Enter key. Here, you can
double-click on the name of a function in the left pane to view the information about that function.
Figure 8-23 illustrates the Help Index and information on the financial function called PV, which
calculates the present value of a stream of regular payments or cash flows. PV is a spreadsheet function
that's understandably popular with MBAs and bankers.
When entering a function into a cell, remember always to precede the entry with an equals sign (=).
The example offered in Figure 8-24 indicates what the PV function formula looks like in the formula field
when it is correctly typed into a cell and the necessary information for the function is properly cellreferenced: =PV(B1;B2;B3) .
The function in Figure 8-24 is a common mortgage problem. If you are guaranteed terms by your bank
on a 30-year loan at 5% interest per annum, and you know that you have exactly $1,500 per month to
spend on your new house, the question to answer is, "What is the purchase price that corresponds with
my maximum monthly payment of $1,500?"
The PV function is perfect for solving such a problem. MBAs will fondly recall that mortgage payments
made by you to the bank are outgoing and, therefore, negative. Make your payment input negative, or
the resulting present value will be negative. The number of periods is 30 years times 12 months (360
periods), and the periodic interest rate is 5% per year divided by 12 months (0.42% per month), as
indicated in Figure 8-24.
You could just as readily use the PMT (Payment) function to determine what the monthly payment is on
your 10-million-Euro dream home.
It is possible also to enter numbers as well as cell references into the body of a function. In the Formula
Field, this would look like the following:
Figure 8-23. The PV (present value) function Using Help
However, using cell references leaves room for easily trying alternative inputs or for generating a
sensitivity analysis using a range of choices for one variable. Worksheets, or sheets
One OOoCalc spreadsheet file (sometimes called a Workbook) contains three sheets by default, but can
hold up to 256 sheets in total.
Figure 8-25 shows the three sheets of a standard, default spreadsheet file. In the figure, note from the
white coloration of the sheet tab that sheet 1 is live or current. The gray coloration of sheets 2 and 3
indicate they are present but not visible.
To move among sheets, simply click on a sheet tab and it will become the live sheet.
Figure 8-24. A common mortage problem, solved
Figure 8-25. Three sheets to the wind
To add a new sheet, right-click on the sheet area or any one of the sheet tabs to call up the context
menu. Then, select Insert Sheet from the menu and the Insert Sheet dialog box appears. Here,
designate the names, positions, and number of the new sheets. Note that you can add multiple sheets.
You can also bring in sheets from another file; after you browse and select a file, the names of its sheets
are displayed for you to choose from.
To delete a sheet from a workbook, first select the sheet you wish to delete by clicking on its tab. Then
right-click the sheet bar or live sheet tab and select Delete Sheet. Answer "Yes" in the confirmation
dialog to delete the sheet.
To rename a live sheet, right-click the target sheet's tab and select Rename Sheet from the menu that
appears. This activates the Rename Sheet dialog, where you can enter the new name for the sheet in
the Name field.
To select more than one sheet at a time, hold down the Ctrl key while clicking on each sheet tab you
wish to select.
Selecting concurrent sheets is useful when entering content, such as column headings or labels, that
you wish to have on many sheets. It saves the repetition of setting up multiple sheets with the same
If you have a workbook with many sheets and wish to select a long range of contiguous sheets, click on
the tab of the leftmost sheet in your target range. Then, while holding down the Shift key, click on the
rightmost sheet tab of your target range. This selects all sheets included in that range.
To deselect that same group, hold down the Shift key while clicking on the tab of the first sheet (the
leftmost sheet, in this case) you selected in that range.
To deselect a selected sheet (other than the live sheet, which always remains selected), hold down the
Ctrl key while clicking on its sheet tab.
If you have a spreadsheet with many sheets, not all the tabs are visible at the bottom. To make a tab
visible so you can select its sheet, you'll need to use the sheet navigation arrow buttons at the left of the
sheet tabs. Sorting data
To sort a list or chart of numerical or textual information, first highlight the full range to be sorted
(including labels, but excluding unwanted data such as totals) and then select Data
Sort from the
main menu. This launches the Sort dialog box, where you can designate the sorting order, among other
In the case illustrated in Figure 8-26, we want to reorder the data to put the largest responses at top.
Therefore, in the Sort dialog we select to sort by the "Responses per Platform" column (where the
numbers are) and set the radio button at the right to Descending. Then we press the OK button. Notice
how rearranging the order of the source chart automatically registers the new order in the bar graph
that was previously generated (see Figure 8-27). Data sources
Instead of having its own database format, OOoCalc is designed to interact with many different varieties
of external databases. Data Sources is the name for OOoCalc's strong feature set for interacting with
databases and for linking spreadsheets, forms, and reports to information contained in databases.
OOoCalc offers a variety of ways to link to a MySQL or Adabas D database, for example, or many other
data sources, including MS Outlook, Outlook Express, Mozilla, and others.
Figure 8-26. Sorting a simple table
Figure 8-27. Table (and graph) successfully sorted
In OOoCalc , call up the Data Source View by choosing Tools
Data Sources from the main menu, or
simply pressing the function key F4. Press F4 again to close the Data Source window.
Having made such a promising introduction, it's a shame to say that Data Sources is outside the scope
of this section. It's a shame because interacting with databases is becoming more relevant to the web-
enabled desktop user. Furthermore, OpenOffice's database interactivity is a hot focus of development
activity and promises to get stronger as well as easier for the average user to handle with each
progressive release of the OpenOffice software. Macros
Creating or handling macros in OOoCalc is not within the scope of this book. However, we can offer
some general information that may be useful to macro users. Macros could come into play for all the
different modules of OpenOffice (and MS Office), but here we deal strictly with their relevance to
OOoCalc (and MS Excel).
OOoCalc uses its own macro scripting language called OpenOffice Basic (or StarBasic). This is a
different macro language from the one used by Microsoft in MS Office, which is called Visual Basic (or
VBA macros are not able to run in OOoCalc, creating a significant barrier for migration from MS Excel to
OOoCalc for users with many large or significant VBA macros within their spreadsheets. VBA macros
that come with MS Excel files currently must be rewritten in StarBasic for these files to be fully useful in
Sun Microsystems has promised to release a Visual Basic-to-StarBasic macro conversion tool to
facilitate the automatic conversion of VBA macros to StarBasic macros.
Meanwhile, OOoCalc is set by default to save VBA macros to be available and written back whenever a
OOoCalc spreadsheet file is saved again in the MS Excel file format. This offers three options: (1) you
can reimport a spreadsheet to Excel in order to run the stored VBA macros, (2) you can store the VBA
macros in order to manually rewrite them in StarBasic, and (3) you can preserve them unused in
OOoCalc, to be converted later to StarBasic when Sun's macro conversion tool becomes available.
Because VBA macros do not run in OOoCalc, the viruses associated with them pose no threat as long as
you use OOoCalc. If you want to leave off the macros (for security reasons or because you just don't
want them) when importing Excel files, turn off the default in Tools
VBA Properties.
If you are interested in macros, feel free to consult the OpenOffice Basic Programmer's Guide at
8.1.7. OpenOffice Impress
OpenOffice Impress (also known as OOoImpress ) is the presentation module included in the OpenOffice
suite. Users who are familiar with most recent versions of Microsoft PowerPoint will feel at home in
OOoImpress. Creating a presentation from scratch with AutoPilot
When opening the OOoImpress module from an icon on the desktop or Taskbar Panel, or when opening
it from another OOo module via File
Presentation, you are confronted by the AutoPilot
wizard, which can lead you through the creation of a presentation from scratch. In the wizard you can
also choose to open an existing presentation or a presentation template.
Less experienced users can feel free to let the wizard take them through the process of creating a
presentation, but experienced users can simply select the Create button at the lower right in the wizard
and get right to working in a blank presentation document. Opening an existing presentation
To open a presentation you have created earlier or received from someone else, simply click once on a
presentation file's icon in its folder. Your Linux system is likely set up to open MS PowerPoint files
(which have a .ppt file suffix) automatically in OOoImpress. By default, each file is saved in the same
format it had when you opened it (PowerPoint, OOoImpress, etc.).
Alternatively, you can select File
Open from the main menu and browse your file system to find the
existing file with which you'd like to work. Saving a presentation
To save your current presentation in its existing location and format, click the Save icon (the little
floppy disk image) on the function bar, and the file will be saved into its present location in your file
system. The same result occurs if you select File
Save from the main menu.
If you are saving the presentation for the first time, the Save dialog window opens to allow you to select
a folder and fill in the filename field. Do so, then click the Save button. By default, the Save dialog
window opens to the Documents directory (folder) in your file system. That is, user swhiser by default
saves documents to /home/swhiser/Documents. This default also is consistent with other OpenOffice
If you need to change the filename, folder, or format of the presentation file you are saving, save by
selecting File
Save As and fill out the Save As dialog accordingly. Export formats
One of the principal strengths of OOoImpress is the sheer number of file formats to which you may
export your presentation. Table 8-4 lists the various export file formats available.
Table 8-4. OOoImpress file formats for export
Format Name
File extension
Windows Bitmap
Enhanced Metafile
Encapsulated Postscript
Graphics Interchange Format
Hypertext Markup Language
.html, .htm
Joint Photographic Experts Group
.jpg, .jpeg, .jfif, .jif, .jpe
OS/2 Metafile
Portable Bitmap
Format Name
File extension
Mac Pict
Printable Document Format
Portable Greymap
Portable Network Graphic
Portable Pixel Map
Sun Raster Image
Scalable Vector Graphics
StarView Metafile
Macromedia Flash
OOoImpress native file format
Tagged Image File Format
.tif, .tiff
Windows Metafile
X PixMap
Export to HTML. Among the most useful facilities here is the ability to export a presentation to the
HTML or web page format. This feature allows us to painlessly convert any presentation we've given to a
format suitable to the Web so the audienceas well as those who were unable to attendcan visit the
material from any Internet-enabled location on the planet at their own convenience.
Start by selecting File
Export from the main menu. This launches the Save As window. Here,
change the File format drop-down box to HTML Document and designate the filename and directory of
the resulting HTML files. Then click the Export button to kick off the HTML Export dialog series.
First, select a design. Leaving the default as is and clicking the Next button is fine for many situations.
Now you can choose from a variety of publication types that affect how the presentation appears and
can be manipulated once it's up on the Web. Among these types are standard HTML format, standard
HTML with frames, automatic, and WebCast (requires a server).
The default works nicely. Click Next. Here you can alter the format of graphics in the output and the
resolution of output, and turn sound effects on or off. Leaving the settings at their defaults works fine.
Click Next. This screen permits you to enter information that appears on the title page of the new web
presentation. Enter the desired information and click Next. Here you can set the look of the navigational
elements you like, such as forward and backward arrows. Leaving the "Text only" box checked (the
default setting) produces text links, but you also have a choice of four styles of colorful buttons.
Click Next. In this final screen of the export process, you can alter the default color scheme of the text.
Leaving settings alone works fine for first-timers. Finally, click the Create button, and your presentation
is ready to post to the Web.
Export to Macromedia Flash. Not to be overshadowed among the many output formats is
Macromedia Flash. This is yet another universally acceptable file format (along with PDF and HTML, in
particular), which guarantees that anyone with a web browser (that is, everyone with a desktop
computer) can view your presentation. Many of the same benefits of converting a presentation to HTML
web pages (described earlier) hold for the Flash format as well.
To export your presentation to Flash, proceed to the main menu and select File
Export. This opens
the Export dialog box, where you should go to the File Format drop-down field and select "Macromedia
Flash (SWF)(.swf)." In the Export dialog box, if you do not alter the folder or save path, the new Flash
version of your presentation will automatically be placed in the same folder as the original .sxi
presentation file. Now, click the Export button, and the Flash version of your presentation will be
created. OOoImpress workspace views
You can change the view setting from the main menu by selecting View
Workspace and checking
the desired view setting in the drop-down menu. The five workspace views include Drawing View,
Outline View, Slides View, Notes View and Handout View. Drawing View is the most commonly used
view in which to work when building or editing a presentation.
The workspace views are easiest to change with a single click of the small icons arrayed vertically along
the right edge of the OOoImpress window, toward the top, as shown in Figure 8-28.
Figure 8-28. Workspace View icons OOoImpress modes
Modes are states in which only certain editing functions can be performed or orientations/views can be
The three modes are accessed and altered from the main menu under View
or View
Layers, where the active mode is evidenced by the check mark.
Slide, View
It's a recurring point of confusion for OpenOffice users that modes are accessed and changed under
Views from the main menu. It makes it worse that OOoImpress changes the View settings based on
mode settings. And, unforgivably, the mode icons at the bottom-left corner of the workspace (see
Figure 8-29) have been mislabeled: the mouse roll-over labels for the three Mode icons read Slide View,
Master View, and Layer View. These labels should read Slide Mode, Master Mode, and Layer Mode,
Due to the complexity of changing views and modes from the main menu, we recommend using the
Mode icons (at the bottom-left edge of the workspace) and View icons (along the upper-right edge of
the workspace) to change and visually confirm the current view or mode. Passing the mouse pointer
over each icon and pausing will reveal its roll-over label if you need to know which icon is which. Figure
8-28 introduces the View icons, and Figure 8-29 shows where both sets of View and Mode icons are
located on the workspace. Editing a presentation
Altering an existing presentation is quite straightforward.
Figure 8-29. Control your modes and views
Entering text. To enter or edit an existing sequence of text, click once on the text. You will see a
shaded block appear around the text with green squares at intervals around the box. Move the cursor to
the appropriate place and enter changes. Clicking elsewhere in the slide will make the shaded block go
Using bullets. To introduce a bullet to a line of text, click once on the targeted text, then click the
Bullets icon centrally located on the object bar. If you're not sure what to press, let the mouse hover
over the icons and choose the one where the Bullets On/Off balloon appears.
To use advanced bullet formats, click the alternative Bullets icon at the extreme right of the object bar.
This brings up a dialog box with a selection of bullet and numbering styles, and other formatting
Importing graphics , tables , and charts . To import a graphic, table, or chart from another program,
web page, or module of OpenOffice, simple copy the element from its native source and paste it into
your slide.
This, for example, might involve highlighting the item in its original application with a single click and
pressing Ctrl-C to copy it (actually placing the element onto the desktop's clipboard), then clicking in
your slide once and pressing Ctrl-V to paste in the element.
Adding slides . To add or insert a slide into your presentation, simply select Insert
Slide from the
main menu, choose the desired AutoLayout format in the Insert Slide dialog that appears, and press the
OK button.
Deleting slides. You can quickly delete a slide by right-clicking on its tab and selecting Delete from the
contextual menu. Alternatively, from the main menu, select Edit
Delete Slide.
Moving slides around. The easiest way to move slides around within a presentation is to simply click,
drag, and drop the tab of any slide into a new sequence among the tabs. The presentation palette
Pressing the icon at the far right of the object bar opens the floating presentation palette, where you
can execute functions quickly when building or editing your presentation. Functions include Insert Slide,
Modify Slide Layout, Slide Design, Duplicate Slide, and Expand Slide. To turn off the presentation
palette, click the icon again. Putting on a slide show
Having created a presentation, putting on a slide show is a trivial undertaking. Press F9 to start the
slide show and the Esc key to end.
Slides how transitions . To set the transition for a single slide, select Slide Show
from the main menu. Figure 8-30 shows the transition options available.
Slide Transition
You can choose a slow, medium, or fast transition speed in the drop-down menu at the bottom of the
Slide Transition window.
If you favor using a single kind of slide transition throughout your whole presentation, it's most efficient
to set this up for all slides at the same time using AutoPilot when you first start building a presentation.
Custom slide shows . You can set up many different versions of the same presentation using only
chosen slides and different settings. This is convenient for adapting different parts of one large
presentation to specific audiences. You can also use it to pre-configure versions of a presentation that
present increased detail, to which you can switch spontaneously during a presentation to cover some
more intricate points that you would otherwise spare a general audience.
To define a new custom slide show, from the main menu of your live source presentation select Slide
Custom Slide Show, which opens the Custom Slide Shows dialog (Figure 8-31), where you
should press the New button.
Figure 8-30. The Slide Transition window
Figure 8-31. The Custom Slide Show dialog
This opens the Define Custom Slide Show dialog (Figure 8-32) where you can name the new version of
your slide show and select which slides are to be included. To select a given slide for inclusion, highlight
that slide in the "Existing slides" pane at the lefthand side of the dialog. Then, click the uppermost of
the two arrow buttons and your chosen slide will be entered into the "Selected slides" pane at the
righthand side of the dialog.
Figure 8-32. The Define Custom Slide Show dialog
8.1.8. Customizing OpenOffice
A couple of quick settings can save you a lot of time, depending on your needs. Adding a Launcher icon
You can add an icon to launch either OpenOffice with no module or OpenOffice with any specific module
ready to go.
We cover the procedure for adding an OOoWriter Launcher icon to the desktop or edge panel in the OOo
Writer section "Adding an OOoWriter icon on the desktop or taskbar panel," earlier in this chapter. The
procedure for adding OOoCalc or OOoImpress icons is analogous. Defaulting to the MS Office file formats
To set OOoWriter to automatically save files in the MS Word .doc file format, select Tools
then choose Load/Save in the left index of the Options dialog. In the index under Load/Save, click on
General. This opens the Options-Load/Save-General dialog. Here, in the "Standard file format" section,
your "Document type" drop-down is already set on "Text document." Leave that as is. In the "Always
save as" drop-down at right, change the selection to one of the three available MS Word versions:
Microsoft Word 6.0
Microsoft Word 95
Microsoft Word 97/2000/XP
Click the OK button. Use your best discretion when choosing a version. Microsoft Word 97/2000/XP has
the most users at large; however, if your environment or the people with whom you correspond use one
of the earlier versions (6.0 or 95), then that reality would inform your choice.
8.2. KOffice
OpenOffice is not the only open source office suite available on Linux; the KDE project has also created
a fully featured office suite called KOffice, which adheres to standards and fits very well into the KDE
[*] This section was contributed by Raphael Langerhorst of the KOffice documentation team.
KOffice is a highly integrated office suite that builds directly on the KDE technology. This has many
advantages in terms of integration, features, performance, familiar look and feel, and so on. KOffice can
therefore benefit from all of KDE's advanced technologies such as DCOP, KIO, and KParts. The KParts
technology, in particular, is extended for the KOffice components to allow very flexible embedding of
documents inside other documents. KOffice components can integrate very well into each other. So
basically a spreadsheet can contain anything from charts to presentations, reports and even text
documents. Likewise, almost any component can contain almost any other. Components are fully
embedded, allowing the user to perform any operations that the standalone application would allow.
Because much technology is already present inside KDE itself, KOffice is a very lightweight office suite,
which results in fast application startup and low memory consumption. This makes KOffice a very
suitable office suite for older hardware as well, which can save lots of money in some cases.
Still, KOffice is quite rich and extensive in features. It is not limited to word processing, spreadsheets,
or presentations, but also has components for image manipulation, flowcharts, business report
generation, database management, and project management. Because of KDE's flexible component
integration, smaller utilities, such as the diagram and chart engine, as well as the formula editor, are
available as standalone tools. The straightforward and KDE-like approach in look and feel, as well as its
familiar usability, make KOffice quite useful for daily office work.
The KOffice office suite is too large to list every detail. General features include document location
abstraction, DCOP scripting, parts, and plug-ins. Take a look at the KOffice web site
( to check on the latest state of the application.
KOffice adheres to the OASIS OpenDocument file format, so documents can be exchanged with other
standards-conforming utilities, such as OpenOffice.
It is important for an office suite to use standards where possible, especially for the file format. In this
way, a business can be sure that it can still open documents many years into the future, regardless of
what happens to current tools. The OASIS OpenDocument file format specification is an open standard
for office applications. Both KOffice and OpenOffice use the format, which means that files can be
exchanged seamlessly between the suites.
KOffice has more components to offer than what is covered by the OASIS specification. Still, all
components covered by the specifications actually use the OASIS OpenDocument file format.
Here are the components of KOffice:
Text processing and desktop publishing: KWord
KWord is designed mainly for text processing, but includes many desktop publishing aspects. This
creates a mixture of features that makes interesting layouts easily possible.
Spreadsheets: KSpread
KSpread is a pretty standard spreadsheet application. It offers many functions as well as
formatting, multiple sheets, charts, diagrams and more. Of course it can easily integrate any
other KOffice component to extend its abilities.
Presentations: KPresenter
KPresenter is a presentation component. It can be used to create on-screen presentations or to
design and print transparencies.
Flowcharts and more: Kivio
Kivio can be used for any kind of flowchart or diagram. Additional stencil sets can be used for
custom needs. Even UML diagrams are possible.
Vector graphics: Karbon14
Karbon14 is a vector drawing application.
Pixmap graphics: Krita
Krita is a tool for creating high-quality pixmap graphics. It offers many plug-ins for image
manipulation and supports various formats.
Business reports: Kugar
Kugar can be used to create business-quality reports. A designer helps to easily design such
Database management and forms: Kexi
Kexi is a full-blown database management application. You can design forms for working with
data. Many backends, such as PostgreSQL or MySQL, are possible. It is even capable of importing
MS Access mdb database files.
Each KOffice component comes with its own manual. These manuals offer all the latest information
about the various components KOffice has to offer and should be read to learn more about KOffice. The
web site is also a good place to find out more.
The primary site on the Internet is You will also find information there about
the user and developer mailing lists, as well as additional developer resources.
The Kexi project has an additional web site, which can be found at
The following two sections, instead of giving you a rundown of the standard features, explore two
interesting features in more depth, in the hope that this will be mouthwatering enough to interest you in
exploring KOffice further.
8.2.1. Hands On: Getting to Know KOffice
Now we will work through some examples with KOffice to get to know the office suite. You are very
welcome to actually create the documents yourself and play around with the different components as we
go along. The purpose of these examples is to get a feeling for KOffice, without trying to be a complete
walkthrough, which would fill a complete book on its own. Remember that the handbooks included in
the KOffice installation hold much more information that allows you to learn a lot about all the available
components. Using tabulators in KWord
You can use tabulators (tabs) to align text horizontally. This is very useful for simple tables or listings,
where text needs to be vertically aligned. Tabulators can also be very useful to simply place text at an
exact horizontal location.
KWord has various options for tabulators. You can set different alignments, such as left, right, centered,
or alignment on a certain character (such as a comma). In particular, the last type is useful for listing
numbers and prices.
Tabulators are part of the paragraph format. So you can configure everything related to tabulators in
the Paragraph Settings dialog (Figure 8-33). This dialog can be reached through the Format
Paragraph menu entry.
Now we will create a couple of tab stops. We start with a very intuitive way of editing tabs and later
look at some configuration details.
Start up KWord, choose the text-oriented U.S. letter template, and click OK (see Figure 8-34).
Then take a look at the top ruler of your document (Figure 8-35). The white space in the top ruler is
exactly the width of the editable area of the document. This space can also be used to enter tab stops.
In the top left corner is a small icon that represents the currently selected tab stop type. As already
mentioned, tabs can be left aligned, right aligned, centered, or aligned on a certain character. You can
change the type by simply clicking on that icon. See how it changes between different types of tab
stops. Next you should insert some tab stops by choosing the correct types and placing them at the
correct horizontal positions in the top ruler (Figure 8-36).
Figure 8-33. Configuring tabulators in KWord
To do so, first choose the correct type in the upper-left corner and then left-click on the position in the
top ruler. Do so for all four tab stops until your upper ruler looks like the one shown in the figure.
To see how the tab stops can be used, simply write some text at each tab stop:
1. Press the Tab key once. You are now at the first tab stop.
2. Write a few characters, such as How . You can see that the text is aligned on the right side with the
tab, indicating that the first tab stop is right aligned.
3. Press the Tab key again. You are now at the second tab stop.
4. Write another word, such as are . The text is aligned on the left side with the tab, indicating that
the second tab stop is left aligned.
5. Press the Tab key again. You are now at the third tab stop.
Figure 8-34. Selecting a text template
Figure 8-35. The KWord top ruler
Figure 8-36. Inserted tab stops
6. Write more text, such as you all? . The text is centered on the tab stop, indicating that the third
tab stop is center aligned.
7. Press the Tab key again, to come to the fourth and last tab stop.
8. Write a number such as 1234.567 . Notice how the number is aligned at the decimal point. This
type of tab stop is useful for numbers.
The text now looks like Figure 8-37.
Figure 8-37. Inserted text at tab stops
To allow many more configuration options, use the paragraph format. A quick way to access these
configuration options is to double-click on one of the tab stops in the top ruler. You can do this right
away with the document you just created in the previous exercise. You will see the configuration dialog,
just as at the beginning of this section. You can also get to the configuration options by choosing
Paragraph from the Format menu, and then going to the Tabulators page. Play around with the options,
which are pretty self-explanatory. You can also add or delete tab stops in this dialog.
If you need permanent tab stops for a specific style, use the Style Manager to edit the tabulators. You
can find it in the Format menu as well. Embedding charts into spreadsheets
KSpread is the spreadsheet component of KOffice. As such, it offers lots of calculation features as well
as the ability to create charts to visualize data.
KSpread uses the KChart component for data visualization. KChart can also be used as a standalone
charting application.
Now we will take a look at how simple charts can be created inside KSpread.
Assume that you are a company that deals with several products, and you want to see how much profit
you can make with each product and compare the results. For this a nice chart is very useful.
Start KSpread with a blank worksheet. The application should look like Figure 8-38.
Entering data into the table is straightforward: simply go to the desired cell with the arrow keys or click
on it with the mouse. Now enter data into the table, as shown in Figure 8-39. It does not matter much
where you start. In this example, we have chosen cell B4 for the Expense text. After you have entered
the data, select the area to create a chart from, as shown in Figure 8-40.
Now click on the Insert Chart toolbar icon, which you can see in Figure 8-40. The mouse cursor changes
to a cross, indicating that you now have to select the area where you want to place your chart. Simply
draw a rectangle below the table with the left mouse button. After you release the mouse button, a
wizard asks you for the chart type you want to insert. Use the default (Bar) and click Finish (Figure 841).
Figure 8-38. KSpread at startup
Figure 8-39. Entering data into a spreadsheet
Figure 8-40. Selecting an area to be charted
Figure 8-41. The chart wizard
The result will look like Figure 8-42. In this chart you see the expense (red on the screen, although it
does not appear in color in the printed book), the income (green), and the profit (blue) for each
product. If you would like the percentage shown for each of the products, simply double-click on the
Figure 8-42. A generated chart
Note how the toolbars and the menu change. This is a good example of the tight integration in KOffice,
which allows it to use components inside components very flexibly. The menu and the toolbar shown
here are the ones that are relevant for the KChart component.
Now right-click on the chart and choose Configure Chart. This brings up a configuration dialog, where
you should choose the Chart Subtype configuration page (Figure 8-43). On this page, you can select
various subtypes of the current chart type. For this example, select Percent and click OK. The final result
will be the nice chart in Figure 8-44. Every product is scaled to fit the 100% mark, and we see how
much expenses we have and how much income we get for each product. Finally, the profit shows the
difference between income and expense. We can conclude that bananas make the most profit, whereas
apples have very little.
Figure 8-43. Selecting a chart subtype
Go ahead and try various configurations and see how the data is represented!
8.3. Other Word Processors
Although the word processors discussed so far are the most popular among Linux users, this book would
not be fair to the rich environment in which Linux and free software thrive if it failed to mention some of
the other alternatives.
Figure 8-44. The final chart
Anyware Office, by VistaSource, Inc.
Anyware Office is an office suite that is commercially made but inexpensive for Linux. It includes
not only a word processor but also a spreadsheet, a drawing program, a mail program, and other
smaller tools. In some respects, Anyware Office behaves differently from word processors such as
Microsoft Word or WordPerfect, but once you get used to it, it can be quite useful and handy.
Especially noteworthy is its support for importing and exporting FrameMaker documents. The
development seems to have stopped somewhat, though, and it is uncertain what will become of
this product.
You can find information about this word processor at
The LyX package (also available as KLyX with a more modern user interface) provides a decent
WYSIWYG X user interface that works with window managers from standard Linux distributions
and uses the LATEX and TEX packages to format the text for printing. If you can live with the
formatting limits of the package (most of us can), you may find that LyX/KLyX is an excellent
solution. LyX/KLyX does not know how to display some of the powerful formatting features that
TEX provides, so if you are a power TEX user, this isn't for you. LyX/KLyX isn't part of most Linux
distributions; to try it, you will have to get it from a Linux archive.
8.4. Synching PDAs
Personal digital assistants (PDAs ) have become quite commonplace these days, and as Linux adepts,
we want to use them with our favorite operating system. In this section, we explain how to synchronize
PDAs with Linux desktops.
This section is not about running Linux on PDAs, even though this is possible as well. People have
successfully run Linux and Linux application software on the HP/Compaq iPaq line. One PDA product
line, the Sharp Zaurus series, even comes with Linux preinstalled, though it does not show up very
obviously when using the device. has a lot of valuable information about
running Linux on PDAs.
Using your PDA with your desktop means, for most intents and purposes, synchronizing the data on
your PDA with the data on your desktop computer. For example, you will want to keep the same
address book on both computers, and synchronization software will achieve this for you.
Do not expect PDA vendors to ship Linux synchronization software; even the Sharp Zauruswhich, as
mentioned, runs Linux on the PDAcomes with only Windows desktop synchronization software. But as
always, Linux people have been able to roll their own; a number of packages are available for this
Synchronizing your PDA with your desktop involves a number of steps:
Creating the actual hardware connection and making the hardware (the PDA and its cradle or
other means of connection) known to Linux.
Installing software that handles special synchronization hardware such as HotSync buttons
Installing software that handles the actual synchronization of data objects
Using desktop software that ensures synchronization at the application level (e.g., between the
PDA calendar and your desktop calendar software)
8.4.1. Checking the Connection
Let's have a look at the hardware first. PDAs are usually connected to the desktop by means of a socalled cradle, a small unit that is wired to the computer and accepts the PDA in order to connect it
electrically. Sometimes, a direct sync cable is used, attached to both the desktop computer and the
PDA. The connection on the desktop computer side is either a USB interface ormuch less often these
daysa serial interface.
The first step in getting the connection to work is to see whether your PDA is recognized by the kernel.
So connect the cradle (or the direct cable) to your computer and your PDA. Take a look at the kernel log
messages, which you can do by becoming root and typing tail -f /var/log/messages. (More information
on kernel log messages is presented in "Managing System Logs" in Chapter 10.)
Now, while viewing the kernel log messages, force a synchronization attempt from the PDA, such as by
pressing the HotSync button at the cradle or issuing a command in the user interface of the PDA that
performs a synchronization. If the PDA is connected via USB, you should see something like the
following (some lines were truncated to fit the book's page):
ohci_hcd 0000:02:06.1: wakeup
klogd 1.4.1, ---------- state change ---------usb 3-2: new full speed USB device using address
usb 3-2: Product: Palm Handheld
usb 3-2: Manufacturer: Palm, Inc.
usb 3-2: SerialNumber: 3030063041944034303506909
visor 3-2:1.0: Handspring Visor / Palm OS convert
usb 3-2: Handspring Visor / Palm OS converter now
usb 3-2: Handspring Visor / Palm OS converter now
In this case, a USB-connected Palm Tungsten T3 was found. If nothing shows up, several things could
have gone wrong: the hardware connection could be broken, the synchronization request could not
have been recognized, or the kernel could be missing the necessary driver modules. Chapter 18 has
more information about locating and installing kernel driver modules, in case that's the problem.
8.4.2. KPilot Synchronization
Next, you need the software that synchronizes actual data over the wire. For the very common Palm
family of PDA (which also includes the Sony Clié, the Handspring Visor, and many other look-alikes),
this is the pilot-link package. The package is already included with many popular distributions; if you
need to download it, you can find it at Usually, you are not going to use the
programs contained in this package directly, but through other application software that builds on
them. What this package contains, besides the building blocks for creating said application software, is
conduits, small applications that support one particular type of data to be synchronized. There are
conduits for the calendar, the address book, and so on.
Up to this point, the software and procedures we've described were dependent on the type of PDA you
want to synchronize, and independent of your desktop software. The actual software that you are going
to interact with, however, is different for different desktops. We look here at KPilot, a comprehensive
package for the KDE desktop that synchronizes Palm-like PDAs with both KDE desktop applications such
as KOrganizer and KAddressBook and GNOME desktop applications such as Evolution.
KPilot, at, consists of two programs, kpilotDaemon and kpilot. In theory, you
need only kpilotDaemon, as this is the software that waits for the HotSync button to be pressed and
then performs the synchronization. In practice, you will want to use the kpilot application at least
initially, as it allows you to configure the daemon and check that everything works as expected.
Upon starting up KPilot (Figure 8-45), select Settings
Configure KPilot from the menu bar. The
program offers to start the Configuration Wizard; click that button. On the first page, you need to
provide two pieces of information: the username stored in the PDA (so that the data is synced with the
right desktop data), and the desktop computer port to which the PDA is connected. KPilot offers to
autodetect this, which you should always try. If it cannot autodetect your connection (and you have
ensured that the actual hardware connection is working, as described in the previous section), try
specifying either /dev/ttyUSB1 or /dev/ttyUSB2 (or even higher numbers) if you have a USB-connected
PDA, and /dev/ttyS0 or /dev/ttyS1 if you have a serially connected PDA. On the next page, you will be
asked which desktop application set you want to synchronize with; pick the right one for you here.
Once you are set up, you can give KPilot a try. It will have started kpilotDaemon automatically if it was
not running yet.
During the following steps, keep an eye on the HotSync Log window in KPilot; there could be important
information here that can help you troubleshoot problems. If you see the message "Pilot device
/dev/ttyUSB2 does not exist. Probably it is a USB device and will appear during a HotSync" or
something similar, that's nothing to worry about.
Now press the HotSync button on the cradle or force a synchronization in whichever way your PDA does
this. If you see "Device link ready," plus many more progress messages about the various conduits,
things should be going fine. Notice that if you have a lot of applications installed on your PDA, the
synchronization progress can take quite a while.
What can you expect to work on Linux? Synchronizing the standard applications, such as calendar,
address book, and notes, should work just fine. For many other commercially available PDA
applications, there is no Linux software provided, but since KPilot is able to synchronize Palm databases
without actually understanding their contents, you can at least back up and restore this data. You can
also install the application packages themselves by means of KPilot's File Installer. Even the popular
news channel synchronization software AvantGo works nicely on Linux.
Things that typically do not work (or are very difficult to get to work) are access to additional storage
media such as CompactFlash cards, and applications that perform additional functionality for
synchronization (such as downloading new databases from a web site as part of the synchronization
process). A typical example of the latter category is airline timetable applications. So if you have a
Windows computer available (or have configured your computer to be dual-boot for both Windows and
Linux), it can be a good idea to still install the Windows desktop synchronization software. For day-today activities, Linux and your PDA (at least Palm-like PDAs) are an excellent combination.
Figure 8-45. KPilot performs a synchronization
Work is currently being done on creating a unified synchronization application called KitchenSync. Once
this is ready, the intention is to replace not only KPilot and other PDA synchronization packages but also
the many smaller packages for synchronizing your Linux desktop computer with various types of cellular
phones. KitchenSync is a work in progress, and you can find more information about it at Another program that aims in a similar direction
is OpenSync.
8.5. Groupware
Helping a group of people coordinate their work or private livestheir calendars and task lists, their notes
and address books, and so forthpresents one of the rare opportunities for computers to actually solve a
real, everyday problem. Imagine being able to change a meeting by dragging a text box to a new time
slot in the calendar application, and having the software system automatically inform all other
attendees of the change, ask them whether they still want to attend, and update their own calendars
automatically. Such software, which supports groups of people who are interacting, coordinating with
each other, and cooperating, is commonly referred to as groupware .
For all but the simplest needs of very small groups, it is usually sensible to store the information that is
to be shared or exchanged between the members at a central location on the network. Often a
computer is dedicated to this purpose; it is then referred to as a groupware server. Access to this server
is managed in different ways by different groupware projects. Most offer access via web browsers. Many
also allow users to work with full-fledged client applications such as Kontact or Evolution, which then
connect to the server using various protocols to read and manipulate the data stored there. In this
context such applications are often referred to as groupware suites.
We first look at what is possible using only client capabilites, without access to a groupware server, and
then examine the different server solutions that are available and what addtional benefits they bring.
8.5.1. Basic Group Organization
Thanks to a set of established Internet standards, groupware users can collaborate not only using a
single groupware serverwithin a single organization, for examplebut also to a certain extent with
partners using different groupware clients and servers on Linux or Windows. This is done by sending
email messages that contain the groupware information as attachments back and forth. All the available
Linux groupware suites (Kontact, Evolution, and Mozilla) support this, as do proprietary clients on
Windows and Mac OS such as MS Outlook or Lotus Notes.
As an example, let's look at what ensues when you invite your friendly neighbor, who happens to still be
running Windows and using MS Outlook, to your barbecue garden party on Wednesday. To do that you
open your calendar to the current week and create a new event on Wednesday afternoon. (See Figure
8-46. We use Kontact in this example.) Add your neighbor as an attendee of the event and, since
without him the party would be no fun, set his participation to be required. Once you've entered all the
relevant information and closed the dialog, an email is constructed and sent to the email address of
your neighbor. This message consists of a text part with the description of the event and an additional
messsage part containing the details of the event in a certain format, which is specified in RFC 2446 and
referred to as iTip.
Figure 8-46. Creating a new event in Kontact
At the receiving end, your neighbor's Outlook mailer detects the incoming message as an invitation to
an event and reads the relevant information from the attachments. One attachment asks your neighbor
whether he'll be able to attend and whether the invitation should be accepted, declined, or accepted
tentatively. Since he's not quite sure that Wednesday might be the night of a sports event he plans to
watch, let's say he chooses to accept the event tentatively. The event is then added to his own calendar
inside Outlook and a reply message is constructed and sent, again containing a special iTip attachment.
Once that message makes it back to you, Kontact will inform you that the person you invited has
tentatively accepted the invitation, and will enter that information into your calendar. As soon as your
neighbor decides to either decline or accept the invitation, an update message will be sent and the
status updated accordingly in your calendar upon receipt of that message. Should you decide to delete
the event from your calendar, such an update message would in turn be sent to all attendees
The described mechanisms work not only for events, but also for assigning and sending tasks to other
people and being informed when those tasks have been completed. To do that, you can add participants
to tasks in Kontact's Todo List view by right-clicking on a task, selecting Edit, and then opening the
Attendees tab of the dialog that pops up. Of course, this functionality is also available in other clients,
such as Evolution or Mozilla; the dialogs just look a bit different.
Similar to the iTip format (or iCal, which iTip is based on), there is an Internet standard for exchanging
contact information called vCard. To communicate your new street address and phone number to your
grandmother, who uses Mozilla on Windows for managing her many contacts, you could send her a
message with your vCard attached (Figure 8-47). Using Kontact, this is as easy as right-clicking on your
entry in the address book and selecting Send Contact. The resulting message should be easily
understandable by most email programs on Windows, Linux, or the Mac. Most programs offer the user
some convenient way to import the received vCard into his or her own address book. You can see how
Kontact's mail component presents such a message in Figure 8-48.
Figure 8-47. Sending your vCard
Figure 8-48. Receiving a vCard
As we have seen, it is quite possible to carry out basic group organization using only email mechanisms.
This has two advantages: no groupware server is needed, and the operations work across different
platforms and clients. On the other hand, things such as sharing a common calendar between several
people or allowing read-only access to centrally managed information are not easily done with this
scheme. This is where a groupware server starts to make sense.
8.5.2. Groupware Server Solutions
Linux is supported as a platform by a wide range of groupware server solutions, including both open
source projects and proprietary products. They all offer a core set of functionality for email, calendaring,
and address and task management, but also contain various extensions for things such as resource
management, time tracking, and even project planning. In general, these systems can be extended with
custom components to offer functionality that is not provided by the standard package. Such
components are sometimes available from the creators themselves, but are also often developed by
third-party developers or as part of individual consulting projects.
The following sections describe the most well-known solutions available as free software at the time of
this writing, with their respective focus areas and peculiarities. Kolab
The Kolab project grew out of a contract given by the German Federal Agency of IT Security to a group
of companies to build a groupware solution accessible by both Outlook on Microsoft Windows and a KDE
client on Linux. The developers created a sequence of concept documents and reference server
implementations (called Kolab 1 and Kolab 2). They also built the abilitity to access these servers and
operate on their data into the KDE Kontact suite client. Additionally, a closed-source plug-in for MS
Outlook and a web-based client were developed.
The server implementation (Kolab 2) includes popular free software server components such as the
Cyrus IMAP server for mail storage, the Postfix mail transfer agent, OpenLDAP as a directory service,
and the Apache web server. It is a complete, standalone system that installs itself from scratch onto a
basic Linux machine without any outside dependencies. The Kolab server is unique in that it does not
store the groupware data in a relational database, like many of the others do, but instead uses mail
folders inside the IMAP server for storage. Finally, it provides a unified management interface, written
in PHP, to the components.
The Kolab server allows users to share calendars and contact folders with each other using fine-grained
permissions for groups or individual people. It also offers management of distribution lists and
resources such as rooms or cars, and the ability to check the free or busy state of people and resources.
There is also a form of delegated authority, in which people can work on behalf of others, such as a
secretary acting on behalf of his boss.
You can find more about Kolab at
The groupware server project (nicknamed OGo) came into being when Skyrix Software AG put its
established commercial product under free software licenses and continued as the most significant
contributor in the community to improve the product. This move worked out nicely for the company, as
both its business and the groupware server project have been thriving ever since.
The OGo server provides a web-based interface to email, calendaring, contacts, and document and
tasks management. In addition to the browser-based interface, all data can be accessed via several
different standard protocols, so that access from Kontact or Evolution is also possible. Plug-ins that
enable Windows users to connect to the server with Outlook exist as well, albeit as a commercial add-on
product. Users can share calendars and address books as well as task lists, and can create arbitrary
associations between individual entries.
To be fully functional, an OGo installation needs several additional components, such as an IMAP server,
a PostgreSQL database, a working mail transfer agent, and a directory service such as OpenLDAP.
You can find more about OGo at phpGroupWare and eGroupware
Coming from a common PHP codebase, phpGroupWare and eGroupware offer groupware functionality
primarily through browser-based access. Users can manipulate and view their own and other people's
calendars and contact information and manage files, notes, and news items. Several additional optional
applications are available.
Both servers need to be installed on top of an existing web server and database and can make use of a
mail server for sending and accessing mail via IMAP, if one is available.
More information about phpGroupware and eGroupware is available at the following URL: and OPEN-XCHANGE
The OPEN-XCHANGE server started out as a proprietary product, but has since been put under open
source licenses. Like many other solutions, it builds on and works with other server components, such
as the Apache web server and OpenLDAP. On top of those, it offers several standard modules, such as a
calendar and contacts and tasks management, as well as document and project management, and
discussion forum, knowledge base, and web mail components.
Technologically, OPEN-XCHANGE is different from many of the other solutions in that it is built using
Java technologies. This makes it attractive if integration with existing Java-based applications is
Read more about OPEN-XCHANGE at Closed-source products
In addition to the free and open source solutions described in the previous sections, several commercial
and nonfree alternatives are available as well. All of them are powerful and full-featured, and support
Linux as a native platform either exclusively or along with other platforms. The most important ones
include Novell Groupwise, Novell SUSE Linux Openexchange (based on OPEN-XCHANGE), Lotus Notes &
Domino, Oracle Groupware, and Samsung Contact and Scalix (both based on HP Openmail). The web
sites of the respective vendors and products have more information on each of them.
8.5.3. LDAP: Accessing Global Address Books
One of the benefits of having information centrally stored and maintained is that changes and updates
need only be done in one place and are then available to everyone immediately. This is especially
important for contact information, which is prone to change and become out of date. The ability to
quickly search through large amounts of contacts flexibly is another requirement that becomes more
important the larger the organization gets, with all its internal and external communication partners. To
meet this need, so-called directory services have been developed, along with a standard protocol to
access and query them. The protocol is Lightweight Directory Access Protocol (LDAP), shared by a
number of implementations, including the open source implementation OpenLDAP and (with typical
Microsoft extensions) Microsoft Active Directory. OpenLDAP can be integrated with many of the
groupware systems described in the previous sections.
The address book components of all major groupware suites allow the administrator to tie them to one
or several LDAP servers, which are then queried for contact information and will be used for email
autocompletion when composing emails. In Kontact, the LDAP configuration dialog for adding a new
LDAP query host looks like Figure 8-49.
Specify the hostname of the server to be used for queries, the port it listens on (the default should be
fine), and a so-called base DN, which is the place in the LDAP hierarchy where searches should start.
The choice of base DN can help tailor the LDAP queries to the needs of your users. If, for example, your
company has a global address book with subtrees for each of its five continental branches, you might
prefer to search only your local branch instead of the full directory. Your site's administrator should be
able to tell you the values to be entered here. If the server only allows queries by authenticated users,
enter your credentials as well.
Figure 8-49. Adding a new LDAP host in Kontact
With LDAP access set up, you can try opening up a mail composer in Kontact, for example, and typing
someone's name in the recipient field. After a second or so a list of possible matches that were found in
the central LDAP addressbook should be shown. You can then simply select the one you were thinking of
from the list. Additionally all groupware suites offer the ability to search for and display someone's
contact information, if you just want to look it up. In Kontact, the query dialog can be shown by clicking
the LDAP Lookup button on the toolbar or from the Tools menu.
8.6. Managing Your Finances
By now you may have noticed there is an open source application for just about anything you could
want to do with a computer. Managing finances is one of the most common things people do with their
computers, so it should not come as a surprise that an open source application exists to do just that it's
called GnuCash.
GnuCash is the open source world's answer to popular personal financial applications such as Microsoft
Money and Intuit's Quicken. Although it doesn't have all the bells and whistles of those applications,
GnuCash has everything you need for keeping track of your money. With GnuCash you can keep tabs on
your income, expenses, checking and savings accounts, debts, investments, and assets such as cars and
houses. You will be able to see into the past to figure out where all your money has been going, keep an
eye on your balances in the present to make sure you don't suffer any nasty surprises, and forecast
your financial well-being into the distant and not-so-distant future.
If you use an off-the-shelf application such as Money or Quicken, you're in for a few surprises when you
try GnuCash. Compared with those applications, the interface is extremely simple and straightforward.
There are no fancy embedded web pages or advisors. You won't find endless options dialogs and
wizards, and you can't pay your bills electronically from inside GnuCash . Instead, when you start
GnuCash you are presented with a simple list of accounts. Double-clicking on an account opens an
account register (which looks exactly like the one in your checkbook). You enter transactions in the
account register, and the balance of each account is shown in the accounts list. You can view several
reports to get an at-a-glance view of your financial life. That's almost all there is to GnuCash.
This simplicity is an asset, not a liability. When it comes to finances, simpler is better. The other major
difference between GnuCash and those other applications has to do with the way you keep track of your
money. We cover that in detail in "The Account," later in this chapter.
8.6.1. Getting Started
Start GnuCash from the desktop menu, if GnuCash is present there, or from the command line by typing
gnucash. The GnuCash splash screen appears, showing you which modules are loading. The splash
screen is then replaced by the Tip of the Day screen and the Welcome to GnuCash! dialog box.
The Tip of the Day screen presents a different piece of information each time you start GnuCash. You
can also peruse the tips one at a time by clicking either the Prev or Next buttons. I would keep this
screen around for a while because the information can be useful, but if you prefer not to see it you can
always disable the feature by unchecking the "Display this dialog next time" checkbox. You can close
the window by clicking the Close button, but not until you answer the question in the Welcome dialog.
The Welcome dialog (Figure 8-50) is only displayed the first time you use GnuCash. It gives you the
option to create a new set of accounts, import data from Quicken (via QIF files), or open the new user
tutorial. In this exercise, you are going to create a new set of accounts, which should be the default
option, so click the OK button.
Figure 8-50. The GnuCash Welcome dialog
This launches the New Account Hierarchy Setup druid. A druid in Linux is analogous to a wizard in
Windows; both are dialogs that take you click by click through a series of questions and setup screens
to perform a complicated task. The first screen you see in the New Account Hierarchy Setup druid is an
explanation of the druid. Click Next to go on to the important parts. Choosing a currency
In Figure 8-51 you see the dialog for currency selection for new accounts. The default currency is USD
(U.S. Dollar). If you use a different currency, select it by clicking the down arrow and choosing from the
available options in the drop-down list. Click Next to continue.
Figure 8-51. The Choose Currency page Choosing accounts
Figure 8-52 shows you the list of preset account structures. Each of these options creates one or more
accounts for you. You can select multiple options (for example, if you wanted both A Simple Checkbook
and Car Loan), but for now just select A Simple Checkbook. Once you select that option, you see a
description and a list of the accounts that will be created. Don't worry about the number of available
accounts; it may look confusing, but it will become clear by the end of this chapter. Click Next to
continue. Entering opening balances
The dialog in Figure 8-53 gives you the opportunity to give each account an opening balance, that is,
the amount of money in that account when you first begin tracking it in GnuCash . If you want to put an
opening balance in your checking account, just click that account to select it and enter the opening
balance in the text box to the right. Click Next to continue.
Figure 8-52. Account creation page
Figure 8-53. Opening balances page Finishing your account setup
That's all there is to setting up an account hierarchy in GnuCash. Just click Finish, and the druid will
8.6.2. The Account
Fundamental to GnuCash is the account. An account is just what you think it is: a place where money
comes in and money goes out. When most people think of accounts, they think of their bank accounts
and credit card accounts. GnuCash treats these as accounts, but it treats everything else as an account
too. You get a paycheck from work; where does the money come from? It comes from your Income
account. You spend $30 at the grocery store; where does the money go? It goes to your Food account.
GnuCash uses the double-entry accounting method to keep track of your money. This is the same
method that professional accountants and CPAs use to keep track of billions of dollars in corporate and
government assets, and now you're going to use it too (don't you feel important?). In double-entry
accounting, money always comes from one account and goes to another account. Always. The value of
any account at a given time is either how much money is actually in that account or how much money
has passed through it.
Not all accounts are treated equally in GnuCash. There are five types of accounts that will be covered in
this introduction: assets, liabilities, income , expenses, and equity.
Asset accounts
Think of asset accounts as keeping track of things you own. Your checking account is an asset. If
money is in this account, you own it. If you have a house, it is also an asset. It can also be
treated as an account in GnuCash. The value of that account is the current value of the home. In
general, you want asset accounts to increase.
Liability accounts
You can also think of liability accounts as keeping track of things you own. The only difference is
that you don't want to own them! If you have a house, you probably have a mortgage. You "own"
this promise to pay your lender a certain amount. The amount you have left to pay is the balance
of your mortgage account. Credit card balances, car loans, and IOUs are examples of liabilities. In
general, you really want liability accounts to decrease.
Income accounts
Unlike asset and liability accounts, income accounts don't represent money you own (at least not
directly). Think of the income account as a window into someone else's (usually your employer's)
check register. When your boss writes a check to you, it gets recorded on the withdrawals side of
his register. If you can imagine those records also showing up in your income account (giving you
a glimpse into the portion of his checkbook that concerns you), then you have some idea of how
income accounts work. Money doesn't usually stay in these accounts; it immediately goes into one
of your asset accounts (usually your checkbook). The value of this account at any time is the total
amount you have been paid. It probably goes without saying that you always want these accounts
to increase.
Expense accounts
Expense accounts also don't represent money you own. You can think of them as a glimpse into
the deposit side of the checkbooks of whomever you are paying at the time. The value of each
expense account is the total amount you have paid to that person, business, or activity so far.
Although you can't decrease the value of expense accounts (except via refunds and rebates), you
do want to manage them well.
Equity accounts
Equity accounts are the odd man out of this group. Although there is a formal definition of equity
in the accounting world, it is beyond the scope of this introduction. The easiest way to think of the
equity account is as the place where opening balances come from. Remember we said that, in
GnuCash, money must always come from some account and go to some other account. What
about opening balances where do they come from? They don't come from income, since it's not
like you got a paycheck for that opening balance. Instead, they come from the equity account.
8.6.3. The GnuCash Accounts Window
The main window of GnuCash, shown in Figure 8-54, is the accounts window. This window shows all of
your accounts in the currently open file. The accounts are listed in tree form because accounts can
contain subaccounts (more on this later). For now, all you need to know is that a plus sign to the left of
an account name indicates that is a parent account of one or more subaccounts, and that clicking on the
plus sign expands the listing so you can see all accounts under the parent.
The accounts listing shows the account name, a description, and the current account total by default. If
an account is a parent to one or more subaccounts, the account total is the combined total of all its
subaccounts as well as the parent account itself. Clicking once on an account selects it. Right-clicking on
an account shows a context menu with the options to create a new account, delete an account, edit an
account's properties, and perform numerous other tasks. Double-clicking an account brings up the
associated account ledger, or register. You will learn more about ledgers later.
Figure 8-54. The GnuCash accounts window Creating new accounts
There are several ways to create a new account. The easiest way is to right-click on an empty area in
the accounts window. Another way is to select New Account under the File menu. Create a new account
now by selecting the Income account and right-clicking. In the context menu that appears, select New
Account to begin.
Figure 8-55 shows the New Account screen. The first thing you need to do is give the account a name.
Because you're going to record all the money you get from your job in this account, type Paycheck in the
Account Name field. The Account Code and Description fields are for your personal use if you need to
record an account code (such as an account number from your bank) or a more descriptive description.
You can set the commodity of this account just as you did for the main accounts file. By default it uses
the commodity (USD, Euro, GBP, etc.) and commodity type (currency) of the main file, but you can
change this to use other commodities (for example, if you're a spy and have a numbered bank account
in Zurich) or other commodity types. This is useful for tracking stocks, bonds, and other financial
instruments. The available commodity types are determined by the account type you select.
Next up is the Account Type. In this box you find the five account types introduced earlier as well as
other types used for special purposes. The point of our Paycheck account is to keep track of income, so
scroll down until you find the Income entry, and select that. After Account Type is the Parent Account
box. Accounts can be nested, which means that one account can exist as part of another account. You
already have an account called Income, so click on the plus sign next to New Top Level Account. This
expands the tree to show your existing accounts. Scroll down until you see the Income account and
select it. This puts your Paycheck account under the Income account.
If you don't see the Account Type and Parent Account fields, it is probably because you need to resize
the window to be taller. If the window is already as tall as your screen allows, you probably need to
adjust your screen resolution, which both KDE and GNOME allow through dialog boxes.
Figure 8-55. The New Account screen
If this account was for stocks and other special commodities, you could set up a way to get price quotes
(say, to check the value of a stock) online. But explaining this is beyond the purpose of this chapter.
The Notes field just lets you add notes to yourself, which you can see later if you go back to this screen.
Finally, there are two checkboxes near the bottom: Tax Related and Placeholder. The Tax Related
checkbox links this account with tax information so that certain tax values are automatically calculated.
Using this property is beyond the scope of this chapter.
The Placeholder account is used for accounts that only serve as organizers for other accounts. For
example, you may have three sources of income: job, parents, and your weekend web design business.
In this case, you would place all three accounts under the Income account. Now the Income account
shouldn't have any activity directly inside of it, because all of your income comes from one of these
three sources. To enforce this rule, you would check the Placeholder option in the Income account's
settings window. This disallows entries in the Income ledger, so you can be sure that income is properly
recorded in one of the three subaccounts. You don't want this option for your Paycheck account, so keep
the box unchecked.
Click OK on the New Account window, and you are taken back to the main account window page. You
can see that the newly created Paycheck account has been highlighted. Also notice that it has been
placed under the Income account, just like you wanted.
If you want to edit the properties of an existing account, simply click on that account to select it, and
then right-click on the account to bring up the context menu. Select Edit Account under the context
menu to bring up the properties screen. Deleting accounts
If you create an account erroneously, select that account with your mouse and then right-click on it.
Select the Delete Account menu item to delete that account from your file. Beware that this affects all
records pertaining to this account and may leave your accounts in an unbalanced state.
Do not delete an account just because you have closed it (for example, you paid off a credit card and
cut it up or you closed an account at an old bank). Even though the account is closed, you do not want
to lose all records of the transactions contained in that account, and deleting it may unbalance your
other accounts.
Unfortunately, there is no real way to hide closed accounts so they no longer appear in your accounts
window. There is a cheat, though: create a new top-level account called Closed as a placeholder
account, and move all closed accounts under that account (by setting the new Closed account as the
parent account). Since you can click the minus sign to collapse the closed accounts, all you see is the
parent account and not all of your old accounts under it. This trick isn't perfect or particularly elegant,
but it works.
8.6.4. Transactions
If the heart of GnuCash is the account, transactions are the blood. Without transactions, you simply
have a bunch of accounts listed in a window. This isn't terribly useful; you probably want to do
something with all these accounts. Recording transactions is exactly what makes GnuCash useful.
A transaction in GnuCash is a record of a specific event. This event is usually money being transferred
from one place to another, but it could also be the equivalent value in stocks, bonds, or real estate. For
a concrete example of a transaction, look no further than your own checkbook. If you keep a register,
the individual entries in that register are records of transactions. When you use GnuCash, you simply
record those transactions in the computer instead of in your checkbook (of course, a prudent person
would do both). Entering transactions
To enter transactions, you must open an account's register window, shown in Figure 8-56. You can
access the register window for any account by double-clicking on the account in the accounts window.
Let's start by recording a simple income transaction. You just mowed the lawn for Aunt Alice, and she
paid you $25.00 for your troubles. Here's how to record the transaction in GnuCash.
Expand your Assets account, followed by the Current Assets account, and then double-click on Checking
Account to bring up the register.
Figure 8-56. The account register
Today's date is already in the Date field. Hit the Tab key to move to the next field (Tab moves you
forward through fields, and Shift-Tab moves you backward). The Num field lets you enter your check
number or any other tracking number you need for this transaction. In this case, pretend that Aunt Alice
gave you check number 100, so put 100 in the field.
Tab to the Description field and enter something, well, descriptive. Mowed Aunt Alice's Lawn is
Tab to the Transfer field. This is one of the most important fields. Remember that in GnuCash, money
always come from some account and goes to another. In this case you want money to come from your
Income account and go into Checking Account. The good thing about this (and every other) field is that
it autocompletes for you. Just enter In and it should display an account list and select the Income
account automatically.
Since you are receiving money from Aunt Alice, tab to the Deposit field and enter 25.00.
When you press Enter, the transaction is recorded. When you close the register window and look at your
accounts, you can see that both the Income account and the Checking Account have increased to
$25.00. Notice also that the parent accounts of Checking Account also show $25.00. Parent accounts
show the sum of all accounts below them. At a glance, you can see that you have made $25.00 in
income so far and you have $25.00 in your checking account.
To delete a transaction, go to the register containing the transaction, right-click on the transaction, and
select Delete. Doing this removes the transaction from all affected accounts. In the case of the check
from Aunt Alice, the transaction is removed from the Income and Checking accounts. Recording split transactions
Let's say you have a paycheck in hand, ready to enter into GnuCash. If you're like most people, the
amount you get paid is different from the amount you earned. The rest of the money goes to federal,
state, and local taxes. You could just enter the amount for which the check was written, but what if you
wanted to keep track of total income and expenses, including gross income and taxes? The way to do
this in GnuCash is to use the split transaction.
Split transactions provide a way to record multiple sources and destinations of money as a single
transaction. In this example, one single transaction can record that you earned $500 and $100 went to
federal tax, $50 went to state tax, and $50 went to local tax, leaving you with a $300 deposit to your
checking account. Split transactions work by balancing money in versus money out among multiple
sources and/or destinations. GnuCash allows you to have an unbalanced split, but it will complain
To enter a split transaction, follow these steps:
1. Open an account register. Split transactions are usually recorded at the logical source or
destination. For a paycheck, it is common to record the transaction inside your checking account.
2. Enter the date and description as you would for any transaction.
3. Click the Split button on the Account Register's toolbar.
4. Press Tab to advance to the first subtransaction.
5. Enter each part of the transaction as you would a normal transaction. Here's the tricky part:
Deposit and Withdrawal apply to the account you're transferring money to or from at the time. For
our example transaction, you are withdrawing $500 from your Income:Paycheck account in the
form of wages, and splitting that into several deposits in your Expenses and Assests:Current
Assests:Checking Account. At first it may seem counterintuitive that taxes are a deposit in an
account, but if you reread the earlier definition for an Expense account it should make sense. Use
Figure 8-57 as a guide for filling out this transaction. When you finish with a subtransaction, press
Tab to go to the next subtransaction. I find it convenient to perform transactions like this by
making my first split the withdrawal from the Income account. This makes the balancing that
GnuCash automatically performs on the splits that follow work better.
6. Press the Enter key to finish the split transaction. If the transaction is not balanced (money in does
not equal money out), GnuCash warns you and offers several solutions. GnuCash realizes that
you're not as good at math as the computer, so it displays the amount remaining on the last
subtransaction line. Once everything balances correctly, the split transactions collapse into a single
7. To see an already recorded split, select that transaction with the mouse and click the Split button
on the toolbar.
Figure 8-57. Example of a split transaction
The example in Figure 8-57 shows a good reason to create subaccounts under Expenses. If you create
subaccounts called Federal, State, and Local, you can always see at a glance the amount you have paid
so far in each respective category. This technique works just as well for categorizing other expenses and
incomes. Scheduling transactions
You probably pay certain bills every month at about the same time, and entering those transactions
each time can become a chore. GnuCash's transaction scheduling feature allows you to create
transactions that automatically recur at a certain interval. To schedule a transaction, follow these steps:
1. From the accounts window, select Actions
Scheduled Transactions
Scheduled Transaction
2. Click New.
3. Enter the name of the scheduled transaction (e.g., Electric Bill), the start date, frequency, and end
date (if applicable).
4. There is a template transaction at the bottom of the window. This is where you tell GnuCash how
much money to transfer at the specified intervals. Click in the Description field and create a
transaction just like you would any other in your checking account. Remember, when you are
paying a bill you are probably depositing money into an expense account and withdrawing money
from your checking account. The template transaction needs to reflect both sides of the
transaction. At the specified time interval, this transaction will occur in the accounts involved.
A quick way to make any transaction a scheduled transaction is by right-clicking on the transaction and
selecting Schedule. If you are having trouble figuring out how to manually enter a template transaction,
you can cheat by creating one this way, clicking the Advanced button, and seeing how GnuCash
automatically creates the template transaction.
8.6.5. Reports
Once you have spent a few months entering your financial details into GnuCash, you will start to
appreciate the power that comes from having detailed records of your money habits. It's one thing to
have all this information available, and yet another to organize it in a form that can help you spot
trends or solve problems. Fortunately, GnuCash has a wide selection of reports to give you a firm grasp
on almost every aspect of your financial life. Table 8-5 lists some of the most common reports and what
you can expect each to tell you. You can access any of these reports by navigating through the Reports
menu in the accounts window.
Table 8-5. GnuCash reports
What it tells you
Account Summary
Gives you an at-a-glance view of the balances for each account.
Lets you see how your net worth is divided. For most people, their net worth is
primarily in their house, bank accounts, and retirement funds.
Breaks down your liabilities by percentage. For most people, houses and cars are
the greatest liabilities, followed by credit cards, and consumer and student loans.
Assets - Liabilities = Net Worth. This is a graphical representation of that formula.
Net Worth Barchart In general you want the blue and green bars to get higher, and the red bar to get
Shows you where your money is going. If you spend 80% of your money each
month on clothes, this will let you know (assuming you have structured your
expense accounts correctly).
Shows you where your money comes from. You may think that most of your
money comes from your job, but this report may surprise you with how much of
your money comes from other sources, such as Mom and Dad and contract work
(once again, assuming you have set up your accounts correctly).
Most of these reports require you to have an intricate account tree set up to be truly informative. For
example, if you have one big Expenses account to which you send all of your money, then the Expense
Report will show that 100% of your money goes to Expensesnot very helpful. To get the most out of the
report, you must structure your account tree so that each category of expenses has an account under
the main Expenses account, and ditto for Income, Liability, and Assets. The more structured your
accounts, the more you will get out of GnuCash .
By default, GnuCash reports from the start of the current year to the current date. You can change this
(e.g., to show expense allocations for April) by clicking on the Options button in the toolbar.
When you activate a report, it creates a tab to the far left of the window; above that tab you should also
see Accounts. Use this to switch back and forth between the accounts window and your reports. Click
the Close button on a toolbar to close a report.
Clicking Exit will exit GnuCash; it will not close the report window!
8.6.6. Real-Life Examples
Learning the basics of GnuCash is one thing actually using it in day-to-day scenarios is quite another.
You have already seen how to enter a paycheck so that total income and tax expenses are recorded.
Here are several other real-life examples to get you started on the most common tasks. Going to the grocery store
We mentioned the importance of setting up a sufficiently detailed account structure before, but what we
didn't tell you is how easy it is to do. You don't have to set all those accounts up in advance. Knowing
that you can create them as you go along gives you the motivation to do it right.
Here's what to do:
1. Open the Checking Account register.
2. Create a new transaction with today's date and Grocery Store as the description.
3. In the transfer field, enter Ex, and expenses will be selected automatically. Use the right arrow key
to complete the auto entry. Now type :Food. The colon tells GnuCash to make Food a subaccount
of Expenses.
4. Press Enter to accept your new category, and Tab to leave the transfer field. A dialog box will
appear, asking you if you would like to create the Expenses:Food account. Click Yes.
5. The New Account window appears. The defaults should be fine, so click OK.
6. Skip the Deposit field, enter 50.00 in the Withdrawal field, and press Enter.
Congratulations! You have not only created a transaction recording your food purchase, but have also
created the expense account for it. Future food transactions can now go into this account, and a quick
glance at the accounts window will show you exactly how much you have spent on food.
GnuCash's autocomplete feature is very helpful. Once you have created subaccounts, typing a colon
after an autocompleted account will jump directly to the end of that account and begin with a listing of
its subaccounts. Getting a tax refund
Most people think of tax refunds as income, but they aren't: they are rebates. If you keep track of your
taxes from each paycheck, recording a tax refund is as simple as creating a rebate from your expense
account to your checking account. Here's how it works:
1. Open the Checking Account register.
2. Create a new transaction with today's date and Tax Refund as the description.
3. Since we recorded federal taxes from our paycheck as going to the Expenses account, enter
Expenses in the transfer field.
4. Enter 50.00 in the Deposit field.
5. Press Enter to complete the transaction.
You now have 50 more dollars in your checking account, but if you look at the accounts window, you
will notice that your income has not increased. Instead, total assets have increased, and expenses have
decreased. This is an accurate depiction of what happens when you get a tax refund. No longer can you
fool yourself into thinking that a tax refund is extra money you make every year. You already earned it
you're just getting it back! Buying a car
An automobile is a big expense. And if you're buying a vehicle on credit, it becomes an even more costly
one. Luckily, GnuCash can keep track of every cent of the purchase, as well as what portion of your
monthly payment goes toward principle and what portion is lost as interest. The process of setting up a
car purchase is also a good example of how to handle a house purchase or other type of loan.
Here's the scenario: You've just bought a brand new car for $20,000. You put down $5000 and will be
paying a $400 monthly payment for 60 months. You may have received an amortization table from your
lender showing you how much money goes to principle and interest each month. If you didn't get an
amortization table, you might want to ask your lender for one, or create one yourself using tools
available at a web site such as You will probably be surprised at how much
money you spend on interest. To record a car payment transaction:
1. Begin by creating a new account. Call it Car Loan, set its Parent Account to New Top Level
Account, and its account type to Liability.
2. Create a second new account called Car, set its Parent Account to Assets:Current Assets, and its
account type to Asset.
3. Open the account register for the Car account.
4. Start a new transaction. Enter Buy Car as the description and then click the Split button on the
5. The first subtransaction records the car's value. Enter Car Value as the description. The account
will be Assets:Current Assets:Car, and the Increase value will be 20,000.
6. That 20 grand has to come from somewhere. The first place is your down payment. Enter Down
Payment as the description and Assets:Current Assets:Checking Account as the account, and
decrease the account by $5,000. (Yes, I know that in this example this makes your bank account
negative. Don't try this at home!)
7. Unfortunately, tax, title, and license cost you another $1,500. Enter the description as TT&L and
the account as Expenses , and increase the account by $1,500.
8. You now have a $16,500 balance for the transaction; this is your loan amount. Enter Loan
Principle for the description and Car Loan for the account, and decrease the account by $16,500.
9. Complete the transaction. The accounts window should show the results of your hard work.
You've had the car for about a month and now it's time to pay the payment. A quick look at the lender's
amortization table shows that $300 of your payment goes to interest and $100 goes to principle. Here's
how to record that:
1. Open the Checking Account register.
2. Start a new transaction. Use today's date and enter Car Payment in the description field. Click the
Split button to begin a split transaction.
3. Your payment is $400, so enter Payment as the description and Assets:Current Assets:Checking
Account as the account, and withdraw $400.
4. $300 goes to interest, so enter Interest as the description and Expenses:Interest as the account
(click Yes and OK after tabbing off the field to create the subaccount), and deposit $300 into the
5. The rest goes to principle. The $100 balance should already appear in the Deposit field, so just
enter Principle in the description and Car Loan for the account. Press Enter to complete the
Looking at the accounts window, you see that the Car Loan account has decreased by $100 and the
Expenses account has increased by $300, exactly as it should be. No longer will you have to consider all
of your car payment as an expense, some of it goes to decreasing liability (and therefore increasing net
worth), and now you can see it happening every month!
The preceding transaction is an excellent example of one that should be scheduled to recur every
month, saving you the hassle of typing it in every time. With each payment, be sure to change the
interest and principle amounts as the amortization table indicates.
Chapter 9. Multimedia
This chapter is about multimedia on Linux. Multimedia is a rather vague and much abused term. For the
purposes of this chapter, our loose definition is anything related to sound, graphics, or video.
Multimedia has historically been one of the more challenging areas of Linux, both for developers and
users, and one that did not receive as much attention from Linux distributions as it should have,
perhaps because Linux was initially embraced by so many as a server operating system. It was only
recently that Linux has been seriously considered as a desktop solution for mainstream users. To be
successful at attracting users from other popular operating systems, multimedia support is a
The good news is that, unlike a few years ago, most modern Linux distributions automatically detect
and configure multimedia hardware for the user and provide a basic set of applications. And despite its
historic use as a server, for a number of reasons Linux is well suited to audio and other multimedia
We start off this chapter with a quick overview of multimedia concepts such as digital audio and video,
and a description of the different types of multimedia hardware devices. Those familiar with the
technology may wish to skip over this section. If you don't really care about how it all works or get lost
in the first sentence of this section, don't worry, you can get applications up and running without
understanding the difference between an MP3 and a WAV file. The section "Movies and Music: Totem
and Rhythmbox" in Chapter 3 describes the basic playback tools offered on most Linux desktops.
We then discuss some of the issues related to multimedia support at the kernel level, which is a
prerequisite for using the hardware. We then move on to applications, first those offered by some of the
popular desktop environments, and then a sampling of more specialized applications broken down into
different categories. If you want to develop your own applications, we briefly cover some of the popular
toolkits and development environments. Finally, we wrap things up with a list of references in print and
on the Web where you can find information that is more detailed and current.
Keep in mind that multimedia is an area where Linux development moves rapidly and new technologies
quickly move from primitive prototypes to mainstream usage. In 1996, in a book on multimedia on
Linux, we wrote about a technology called MPEG-1 layer 3, or MP3. At the time it was relatively
unknown, used only by some obscure web sites to distribute music, and my then-current 40 MHz Intel
386 computer was barely able to decode it in real time. Not so many years later, it has become
ubiquitous and the de facto standard file format for digital music on the Internet. At the same time,
other technologies that appeared promising have fallen by the wayside, often not for technical reasons.
To stay current, check the resources listed at the end of the chapter.
There are minor differences among Linux distributions. Although most of the information in this chapter
is generic and applicable to most Linux distributions, for details you should consult the documentation
that came with your system, contact your distribution vendor, or consult with fellow users.
9.1. Multimedia Concepts
This section very quickly covers some concepts relevant to digital audio , video , and sound cards .
Understanding these basics will help you follow the rest of the material in this chapter.
9.1.1. Digital Sampling
Sound is produced when waves of varying pressure travel though a medium, usually air. It is inherently
an analog phenomenon, meaning that the changes in air pressure can vary continuously over a range of
Modern computers are digital, meaning they operate on discrete values, essentially the binary ones and
zeroes that are manipulated by the central processing unit (CPU). In order for a computer to manipulate
sound, then, it needs to convert the analog sound information into digital format.
A hardware device called an analog-to-digital converter converts analog signals, such as the
continuously varying electrical signals from a microphone, to digital format that can be manipulated by
a computer. Similarly, a digital-to-analog converter converts digital values into analog form so they can
be sent to an analog output device such as a speaker. Sound cards typically contain several analog-todigital and digital-to-analog converters .
The process of converting analog signals to digital form consists of taking measurements, or samples, of
the values at regular periods of time, and storing these samples as numbers. The process of analog-todigital conversion is not perfect, however, and introduces some loss or distortion. Two important factors
that affect how accurately the analog signal is represented in digital form are the sample size and
sampling rate.
The sample size is the range of values of numbers that is used to represent the digital samples, usually
expressed in bits. For example, an 8-bit sample converts the analog sound values into one of 28, or 256,
discrete values. A 16-bit sample size represents the sound using 216, or 65,536, different values. A
larger sample size allows the sound to be represented more accurately, reducing the sampling error
that occurs when the analog signal is represented as discrete values. The trade-off with using a larger
sample size is that the samples require more storage (and the hardware is typically more complex and
therefore expensive).
The sample rate is the speed at which the analog signals are periodically measured over time. It is
properly expressed as samples per second, although sometimes informally but less accurately
expressed in Hertz (Hz) . A lower sample rate will lose more information about the original analog
signal, a higher sample rate will more accurately represent it. The sampling theorem states that to
accurately represent an analog signal it must be sampled at at least twice the rate of the highest
frequency present in the original signal.
The range of human hearing is from approximately 20 to 20,000 Hz under ideal situations. To
accurately represent sound for human listening, then, a sample rate of twice 20,000 Hz should be
adequate. CD player technology uses 44,100 samples per second, which is in agreement with this
simple calculation. Human speech has little information above 4000 Hz. Digital telephone systems
typically use a sample rate of 8000 samples per second, which is perfectly adequate for conveying
speech. The trade-off involved with using different sample rates is the additional storage requirement
and more complex hardware needed as the sample rate increases.
Other issues that arise when storing sound in digital format are the number of channels and the
encoding format. To support stereo sound, two channels are required. Some audio systems use four or
more channels.
Often sounds need to be combined or changed in volume. This is the process of mixing, and can be done
in analog form (e.g., a volume control) or in digital form by the computer. Conceptually, two digital
samples can be mixed together simply by adding them, and volume can be changed by multiplying by a
constant value.
Up to now we've discussed storing audio as digital samples. Other techniques are also commonly used.
FM synthesis is an older technique that produces sound using hardware that manipulates different
waveforms such as sine and triangle waves. The hardware to do this is quite simple and was popular
with the first generation of computer sound cards for generating music. Many sound cards still support
FM synthesis for backward compatibility. Some newer cards use a technique called wavetable synthesis
that improves on FM synthesis by generating the sounds using digital samples stored in the sound card
MIDI stands for Musical Instrument Digital Interface. It is a standard protocol for allowing electronic
musical instruments to communicate. Typical MIDI devices are music keyboards, synthesizers, and
drum machines. MIDI works with events representing such things as a key on a music keyboard being
pressed, rather than storing actual sound samples. MIDI events can be stored in a MIDI file, providing a
way to represent a song in a very compact format. MIDI is most popular with professional musicians,
although many consumer sound cards support the MIDI bus interface.
9.1.2. File Formats
We've talked about sound samples, which typically come from a sound card and are stored in a
computer's memory. To store them permanently, they need to be represented as files. There are various
methods for doing this.
The most straightforward method is to store the samples directly as bytes in a file, often referred to as
raw sound files. The samples themselves can be encoded in different formats. We've already mentioned
sample size, with 8-bit and 16-bit samples being the most common. For a given sample size, they
might be encoded using signed or unsigned representation. When the storage takes more than 1 byte,
the ordering convention must be specified. These issues are important when transferring digital audio
between programs or computers, to ensure they agree on a common format.
A problem with raw sound files is that the file itself does not indicate the sample size, sampling rate, or
data representation. To interpret the file correctly, this information needs to be known. Self-describing
formats such as WAV add additional information to the file in the form of a header to indicate this
information so that applications can determine how to interpret the data from the file itself. These
formats standardize how to represent sound information in a way that can be transferred between
different computers and operating systems.
Storing the sound samples in the file has the advantage of making the sound data easy to work with,
but has the disadvantage that it can quickly become quite large. We earlier mentioned CD audio which
uses a 16-bit sample size and a 44,100 sample per second rate, with two channels (stereo). One hour of
this Compact Disc Digital Audio (CDDA ) data represents more than 600 megabytes of data. To make
the storage of sound more manageable, various schemes for compressing audio have been devised. One
approach is to simply compress the data using the same compression algorithms used for computer
data. However, by taking into account the characteristics of human hearing, it possible to compress
audio more efficiently by removing components of the sound that are not audible. This is called lossy
compression, because information is lost during the compression process, but when properly
implemented there can be a major reduction of data size with little noticeable loss in audio quality. This
is the approach that is used with MPEG-1 level 3 audio (MP3), which can achieve compression levels of
10:1 over the original digital audio. Another lossy compression algorithm that achieves similar results is
Ogg Vorbis, which is popular with many Linux users because it avoids patent issues with MP3 encoding.
Other compression algorithms are optimized for human speech, such as the GSM encoding used by
some digital telephone systems. The algorithms used for encoding and decoding audio are sometimes
referred to as codecs . Some codecs are based on open standards, such as Ogg and MP3, which can be
implemented according to a published specification. Other codes are proprietary, with the format a
trade secret held by the developer and people who license the technology. Examples of proprietary
codecs are Real Networks' RealAudio, Microsoft's WMA, and Apple's QuickTime.
We've focused mainly on audio up to now. Briefly turning to video, the storing of image data has much
in common with sound files. In the case of images, the samples are pixels (picture elements), which
represent color using samples of a specific bit depth. Large bit depths can more accurately represent the
shades of color at the expense of more storage requirement. Common image bit depths are 8, 16, 24,
and 32 bits. A bitmap file simply stores the image pixels in some predefined format. As with audio,
there are raw image formats and self-describing formats that contain additional information that allows
the file format to be determined.
Compression of image files uses various techniques. Standard compression schemes such as zip and
gzip can be used. Run-length encoding, which describes sequences of pixels having the same color, is a
good choice for images that contain areas having the same color, such as line drawings. As with audio,
there are lossy compression schemes, such as JPEG compression, which is optimized for photographictype images and designed to provide high compression with little noticeable effect on the image.
To extend still images to video, one can imagine simply stringing together many images arranged in
time sequence. Clearly, this quickly generates extremely large files. Compression schemes such as that
used for DVD movies use sophisticated algorithms that store some complete images, as well as a
mathematical representation of the differences between adjacent frames that allows the images to be
re-created. These are lossy encoding algorithms. In addition to the video, a movie also contains one or
more sound tracks and other information, such as captioning.
We mentioned Compact Disc Digital Audio, which stores about 600 MB of sound samples on a disc. The
ubiquitous CD-ROM uses the same physical format to store computer data, using a filesystem known as
the ISO 9660 format. This is a simple directory structure, similar to MS-DOS. The Rock Ridge extensions
to ISO 9660 were developed to allow storing of longer filenames and more attributes, making the
format suitable for Unix-compatible systems. Microsoft's Joliet filesystem performs a similar function
and is used on various flavors of Windows. A CD-ROM can be formatted with both the Rock Ridge and
Joliet extensions, making it readable on both Unix-compatible and Windows-compatible systems.
CD-ROMs are produced in a manufacturing facility using expensive equipment. CD-R (compact disc
recordable) allows recording of data on a disc using an inexpensive drive, which can be read on a
standard CD-ROM drive. CD-RW (compact disc rewritable) extends this with a disc that can be blanked
(erased) many times and rewritten with new data.
DVD-ROM drives allow storing of about 4.7 GB of data on the same physical format used for DVD
movies. With suitable decoding hardware or software, a PC with a DVD-ROM drive can also view DVD
movies. Recently, dual-layer DVD-ROM drives have become available, which double the storage
Like CD-R, DVD has been extended for recording, but with two different formats, known as DVD-R and
DVD+R. At the time of writing, both formats were popular, and some combo drives supported both
formats. Similarly, a rewritable DVD has been developed or rather, two different formats, known as
DVD-RW and DVD+RW. Finally, a format known as DVD-RAM offers a random-access read/write media
similar to hard disk storage.
DVD-ROM drives can be formatted with a (large) ISO 9660 filesystem, optionally with Rock Ridge or
Joliet extensions. They often, however, use the UDF (Universal Disc Format) file system, which is used
by DVD movies and is better suited to large storage media.
For applications where multimedia is to be sent live via the Internet, often broadcast to multiple users,
sending entire files is not suitable. Streaming media refers to systems where audio, or other media, is
sent and played back in real time.
9.1.3. Multimedia Hardware
Now that we've discussed digital audio concepts, let's look at the hardware used. Sound cards follow a
similar history as other peripheral cards for PCs. The first-generation cards used the ISA bus, and most
aimed to be compatible with the Sound Blaster series from Creative Labs. The introduction of the ISA
Plug and Play (PNP) standard allowed many sound cards to adopt this format and simplify configuration
by eliminating the need for hardware jumpers. Modern sound cards now typically use the PCI bus,
either as separate peripheral cards or as on-board sound hardware that resides on the motherboard but
is accessed through the PCI bus. USB sound devices are also now available, some providing traditional
sound card functions as well as peripherals such as loudspeakers that can be controlled through the
USB bus.
Some sound cards now support higher-end features such as surround sound using as many as six sound
channels, and digital inputs and outputs that can connect to home theater systems. This is beyond the
scope of what can be covered in this chapter.
In the realm of video, there is obviously the ubiquitous video card, many of which offer 3D acceleration,
large amounts of on-board memory, and sometimes more than one video output (multi-head).
TV tuner cards can decode television signals and output them to a video monitor, often via a video card
so the image can be mixed with the computer video. Video capture cards can record video in real time
for storage on hard disk and later playback.
Although the mouse and keyboard are the most common input devices, Linux also supports a number of
touch screens, digitizing tablets, and joysticks.
Many scanners are supported on Linux. Older models generally use a SCSI or parallel port interface.
Some of these use proprietary protocols and are not supported on Linux. Newer scanners tend to use
USB, although some high-end professional models instead use FireWire (Apple's term for a standard
also known as IEEE 1394) for higher throughput.
Digital cameras have had some support under Linux, improving over time as more drivers are
developed and cameras move to more standardized protocols. Older models used serial and
occasionally SCSI interfaces. Newer units employ USB if they provide a direct cable interface at all. They
also generally use one of several standard flash memory modules, which can be removed and read on a
computer with a suitable adapter that connects to a USB or PCMCIA port. With the adoption of a
standard USB mass storage protocol, all compliant devices should be supported under Linux. The Linux
kernel represents USB mass storage devices as if they were SCSI devices.
9.2. Kernel and Driver Issues
Configuring and building the kernel is covered elsewhere in this book. We cover here a few points
relevant to multimedia . As mentioned earlier, most multimedia cards use the PCI bus and should be
automatically detected and configured by the Linux kernel.
9.2.1. Sound Drivers
The history of sound drivers under Linux deserves some mention here, because it helps explain the
current diversity in offerings. Early in the development of Linux (i.e., before the 1.0 kernel release),
Hannu Savolainen implemented kernel-level sound drivers for a number of popular sound cards. Other
developers also contributed to this code, adding new features and support for more cards. These
drivers, part of the standard kernel release, are sometimes called OSS/Free, the free version of the
Open Sound System .
Hannu later joined 4Front Technologies , a company that sells commercial sound drivers for Linux as
well as a number of other Unix-compatible operating systems. These enhanced drivers are sold
commercially as OSS/4Front.
In 1998 the Advanced Linux Sound Architecture, or ALSA project, was formed with the goal of writing
new Linux sound drivers from scratch, and to address the issue that there was no active maintainer of
the OSS sound drivers. With the benefit of hindsight and the requirements for newer sound card
technology, the need was felt for a new design.
Some sound card manufacturers have also written Linux sound drivers for their cards, most notably the
Creative Labs Sound Blaster Live! series.
The result is that there are as many as four different sets of kernel sound drivers from which to choose.
This causes a dilemma when choosing a sound driver. Table 9-1 summarizes some of the advantages
and disadvantages of the different drivers, in order to help you make a decision. Another consideration
is that your particular Linux distribution will likely come with one driver, and it will be more effort on
your part to use a different one.
Table 9-1. Sound driver comparison
Not all sound cards supported
Source code available
Most sound cards not autodetected
Part of standard kernel
Deprecated in 2.6 kernel
Supports most sound cards
Does not support some newer cards
OSS/4Front Supports many sound cards
Autodetection of most cards
Payment required
Closed source
Commercial support available
Compatible with OSS
Not all sound cards supported
Source code available
Not fully compatible with OSS
Supports many sound cards
Actively developed/supported
Most sound cards are autodetected
Commercial May support cards with no other drivers
May support special hardware features
May be closed source
May not be officially supported
In addition to the drivers mentioned in Table 9-1, kernel patches are sometimes available that address
problems with specific sound cards.
The vast majority of sound cards are supported under Linux by one driver or another. The devices that
are least likely to be supported are very new cards, which may not yet have had drivers developed for
them, and some high-end professional sound cards , which are rarely used by consumers. You can find
a reasonably up-to-date list of supported cards in the current Linux Sound HOWTO document, but often
the best solution is to do some research on the Internet and experiment with drivers that seem likely to
match your hardware.
Many sound applications use the kernel sound drivers directly, but this causes a problem: the kernel
sound devices can be accessed by only one application at a time. In a graphical desktop environment, a
user may want to simultaneously play an MP3 file, associate window manager actions with sounds, be
alerted when there is new email, and so on. This requires sharing the sound devices between different
applications. To address this, modern Linux desktop environments include a sound server that takes
exclusive control of the sound devices and accepts requests from desktop applications to play sounds,
mixing them together. They may also allow sound to be redirected to another computer, just as the X
Window System allows the display to be on a different computer from the one on which the program is
running. The KDE desktop environment uses the artsd sound server, and GNOME provides esd. Because
sound servers are a somewhat recent innovation, not all sound applications are written to support them
yet. You can often work around this problem by suspending the sound server or using a wrapper
program such as artswrapper, which redirects accesses to sound devices to go to the sound server. Installation and configuration
In this section we discuss how to install and configure a sound card under Linux.
The amount of work you have to do depends on your Linux distribution. As Linux matures, some
distributions are now providing automatic detection and configuration of sound cards. The days of
manually setting card jumpers and resolving resource conflicts are becoming a thing of the past as
sound cards become standardized on the PCI bus. If you are fortunate enough that your sound card is
detected and working on your Linux distribution, the material in this section won't be particularly
relevant because it has all been done for you automatically.
Some Linux distributions also provide a sound configuration utility such as sndconfig that will attempt to
detect and configure your sound card, usually with some user intervention. You should consult the
documentation for your system and run the supplied sound configuration tool, if any, and see if it
If you have an older ISA or ISA PnP card, or if your card is not properly detected, you will need to follow
the manual procedure we outline here. These instructions also assume you are using the OSS/Free
sound drivers. If you are using ALSA, the process is similar, but if you are using commercial drivers
(OSS/4Front or a vendor-supplied driver), you should consult the document that comes with the
drivers, because the process may be considerably different.
The information here also assumes you are using Linux on an x86 architecture system. There is support
for sound on other CPU architectures, but not all drivers are supported and there will likely be some
differences in device names and other things. Collecting hardware information
Presumably you already have a sound card installed on your system. If not, you should go ahead and
install one. If you have verified that the card works with another operating system on your computer,
that will assure you that any problem you encounter on Linux is caused by software at some level.
You should identify what type of card you have, including manufacturer and model. Determine if it is an
ISA, ISA PnP , or PCI card. If the card has jumpers, you should note the settings. If you know what
resources (IRQ, I/O address, DMA channels) the card is currently using, note that information as well.
If you don't have all this information, don't worry. You should be able to get by without it; you just may
need to do a little detective work later. On laptops or systems with on-board sound hardware, for
example, you won't have the luxury of being able to look at a physical sound card. Configuring ISA Plug and Play (optional)
Modern PCI bus sound cards do not need any configuration. The older ISA bus sound cards were
configured by setting jumpers. ISA PnP cards are configured under Linux using the ISA Plug and Play
utilities. If you aren't sure if you have an ISA PnP sound card, try running the command pnpdump and
examining the output for anything that looks like a sound card. Output should include lines like the
following for a typical sound card:
Card 1: (serial identifier ba 10 03 be 24 25 00 8c 0e)
Vendor Id CTL0025, Serial Number 379791851, checksum 0xBA.
Version 1.0, Vendor version 1.0
ANSI string -->Creative SB16 PnP<--
The general process for configuring ISA PnP devices is as follows:
1. Save any existing /etc/isapnp.conf file.
2. Generate a configuration file using the command pnpdump >/etc/isapnp.conf.
3. Edit the file, uncommenting the lines for the desired device settings.
4. Run the isapnp command to configure Plug and Play cards (usually on system startup).
Most modern Linux distributions take care of initializing ISA PnP cards. You may already have a suitable
/etc/isapnp.conf file, or it may require some editing.
For more details on configuring ISA PnP cards, see the manpages for isapnp, pnpdump, and isapnp.conf
and read the Plug-and-Play HOWTO from the Linux Documentation Project. Configuring the kernel (optional)
In the most common situation, where you are running a kernel that was provided during installation of
your Linux system, all sound drivers should be included as loadable modules and it should not be
neccessary to build a new kernel.
You may want to compile a new kernel if the kernel sound driver modules you need are not provided by
the kernel you are currently running. If you prefer to compile the drivers directly into the kernel rather
than use loadable kernel modules , a new kernel will be required as well.
See Chapter 18 for detailed information on rebuilding your kernel. Configuring kernel modules
In most cases the kernel sound drivers are loadable modules, which the kernel can dynamically load
and unload. You need to ensure that the correct drivers are loaded. You do this using a configuration
file, such as /etc/conf.modules. A typical entry for a sound card might look like this:
alias sound sb
alias midi opl3
options opl3 io=0x388
options sb io=0x220 irq=5 dma=1 dma16=5 mpu_io=0x330
You need to enter the sound driver to use and the appropriate values for I/O address, IRQ, and DMA
channels that you recorded earlier. The latter settings are needed only for ISA and ISA PnP cards
because PCI cards can detect them automatically. In the preceding example, which is for a 16-bit Sound
Blaster card, we had to specify the driver as sb in the first line, and specify the options for the driver in
the last line.
Some systems use /etc/modules.conf and/or multiple files under the /etc/modutils directory, so you
should consult the documentation for your Linux distribution for the details on configuring modules. On
Debian systems, you can use the modconf utility for this task.
In practice, usually the only tricky part is determining which driver to use. The output of pnpdump for
ISA PnP cards and lspci for PCI cards can help you identify the type of card you have. You can then
compare this to documentation available either in the Sound HOWTO or in the kernel source, usually
found on Linux systems in the /usr/src/linux/Documentation/sound directory.
For example, a certain laptop system reports this sound hardware in the output of lspci:
00:05.0 Multimedia audio controller: Cirrus Logic CS 4614/22/24 [CrystalClear
SoundFusion Audio Accelerator] (rev 01)
For this system the appropriate sound driver is cs46xx. Some experimentation may be required, and it
is safe to try loading various kernel modules and see if they detect the sound card. Testing the installation
The first step to verify the installation is to confirm that the kernel module is loaded. You can use the
command lsmod; it should show that the appropriate module, among others, is loaded:
$ /sbin/lsmod
Used by
1 (autoclean)
0 (autoclean)
1 (autoclean) [parport_pc lp]
0 (autoclean)
3 [cs46xx]
0 [cs46xx]
0 (autoclean)
Here the drivers of interest are cs46xx, soundcore, and ac97_codec. When the driver detected the card,
the kernel should have also logged a message that you can retrieve with the dmesg command. The
output is likely to be long, so you can pipe it to a pager command, such as less:
PCI: Found IRQ 11 for device 00:05.0
PCI: Sharing IRQ 11 with 00:02.0
PCI: Sharing IRQ 11 with 01:00.0
Crystal 4280/46xx + AC97 Audio, version 1.28.32, 19:55:54 Dec 29 2001
cs46xx: Card found at 0xf4100000 and 0xf4000000, IRQ 11
cs46xx: Thinkpad 600X/A20/T20 (1014:0153) at 0xf4100000/0xf4000000, IRQ 11
ac97_codec: AC97 Audio codec, id: 0x4352:0x5914 (Cirrus Logic CS4297A rev B)
For ISA cards, the device file /dev/sndstat shows information about the card. This won't work for PCI
cards, however. Typical output should look something like this:
$ cat /dev/sndstat
Load type: Driver loaded as a module
Kernel: Linux curly 2.2.16 #4 Sat Aug 26 19:04:06 PDT 2000 i686
Config options: 0
Installed drivers:
Card config:
Audio devices:
0: Sound Blaster 16 (4.13) (DUPLEX)
Synth devices:
0: Yamaha OPL3
MIDI devices:
0: Sound Blaster 16
0: System clock
0: Sound Blaster
If these look right, you can now test your sound card. A simple check to do first is to run a mixer
program and verify that the mixer device is detected and that you can change the levels without seeing
any errors. Set all the levels to something reasonable. You'll have to see what mixer programs are
available on your system. Some common ones are aumix, xmix, and KMix.
Now try using a sound file player to play a sound file (e.g., a WAV file) and verify that you can hear it
play. If you are running a desktop environment, such as KDE or GNOME, you should have a suitable
media player; otherwise, look for a command-line tool such as play.
If playback works, you can then check recording. Connect a microphone to the sound card's mic input
and run a recording program, such as rec or vrec. See whether you can record input to a WAV file and
play it back. Check the mixer settings to ensure that you have selected the right input device and set
the appropriate gain levels.
You can also test whether MIDI files play correctly. Some MIDI player programs require sound cards
with an FM synthesizer, others do not. Some common MIDI players are Playmidi, KMid, and KMidi.
Testing of devices on the MIDI bus is beyond the scope of this book.
A good site for general information on MIDI and MIDI devices is The official
MIDI specifications are available from the MIDI Manufacturers Association. Their web site can be found
9.2.2. Video Drivers
When configuring the Linux kernel, you can enable a number of video -related options and drivers .
Under the Multimedia Drivers section, you can configure VideoForLinux, which has support for video
capture and overlay devices and radio tuner cards. Under the Graphics Support category, you can
enable frame buffer support for various video cards so that applications can access the video hardware
via the kernel's standardized frame buffer interface. For more information on building the kernel, see
Chapter 18.
Your X server also needs support for your video hardware. The X windowing system software provided
by your distribution vendor should have included all of the open source drivers . There may also be
closed-source drivers available for your video card from the manufacturer. If these are not included in
your distribution, you will have to obtain and install them separately. For more information on the X
Window System, see Chapter 16.
9.2.3. Alternate Input Devices
When configuring the kernel, under the Input Device Support section you can enable support for various
specialized mouse drivers, joysticks, and touchscreens.
For scanners and digital cameras, the kernel just needs to support the interface type that the devices
use (serial, SCSI, USB, etc.). Communicating with the actual device will be done by applications or
libraries such as SANE or libgphoto2.
9.3. Embedded and Other Multimedia Devices
Portable multimedia devices for playing music are very popular. The smaller devices use flash memory,
whereas the larger ones use hard drives for increased storage capacity. Typically they can play music in
MP3, WAV, or Windows WMA formats. Dedicated DVD players for watching movies are also available.
Files are transferred to these devices from a PC. Most current products do not officially support Linux as
a host PC. Devices that use the standard USB mass storage protocol should work fine with Linux. Many
devices tend to use proprietary protocols. A few of these now have Linux utilities that have been
created, sometimes by reverse engineering. It may also be possible to run the Windows applications
provided by the vendor under Wine. It is hoped that in the future more hardware vendors will officially
support Linux.
9.4. Desktop Environments
This section discusses multimedia support offered by two major desktop environments, KDE and
GNOME, discussed in Chapter 3. Note that these desktops are not mutually exclusive you can run
GNOME applications under KDE and vice versa. There are of course other desktop environments and
window managers that offer unique features, KDE and GNOME are just the largest and most commonly
offered by the major Linux distributions.
9.4.1. KDE
KDE is the K Desktop Environment, covered in Chapter 3. In the area of multimedia , KDE offers the
A sound mixer (KMix )
A sound recorder (Krec )
Various media players supporting sound and video (Noatun, Juk, Kaboodle, Kaffeine, and others)
A CD player (KsCD )
A MIDI player (KMid )
An audio CD ripping and encoding utility (KAudioCreator )
A sound effects construction tool (artsbuilder )
Because the applications are all part of the same desktop environment, there is tight integration
between applications. For example, the KDE web browser, Konqueror, can play audio and video files,
and KDE applications can play sounds to notify the user of important events.
The multimedia support in KDE is based on aRts, the analog real-time synthesizer. Part of aRts is the
sound server, artsd, which manages all sound output so that multiple applications can play sounds
simultaneously. The sound server communicates with the underlying operating system's sound drivers,
either OSS or ALSA on Linux.
There are also many KDE multimedia applications that are not officially part of the KDE release either
because they are not yet of release quality or they are maintained as separate projects. The former can
often be found in the kdenonbeta area of the KDE project. The latter can usually be found by using an
index site such as or
9.4.2. GNOME
GNOME is another free desktop project, covered in Chapter 3. Like KDE, GNOME offers a sound mixer,
sound recorder, CD player, and various media player applications. Multimedia support is integrated into
Nautilus, the GNOME file manager. GNOME uses the esd sound server to share sound resources among
A problem when running a mixed environment of KDE and GNOME applications is that the sound servers
can conflict when using sound resources. At the time of writing, both the KDE and GNOME projects were
not totally satisfied with their sound server implementation and were having discussions to develop a
replacement that could be shared between KDE and GNOME. This would finally make it possible to run
KDE and GNOME multimedia applications at the same time without resource conflicts.
9.5. Windows Compatibility
The Wine project is a technology that allows running many Windows applications directly on Linux. It is
covered in detail in Chapter 28. Some commercial multimedia applications run under Wine.
The commercial version of Wine from CodeWeavers called CrossOver supports a number of multimedia
applications, including Adobe Photoshop, Apple iTunes, the Windows Media Player, and web browser
plug-ins for QuickTime, Flash, and ShockWave.
TransGaming Technologies offers Cedega, which is optimized for running Windows games that require
DirectX support. It is based on an alternate version of Wine known as ReWind, that has less restrictive
licensing terms than Wine.
Some multimedia applications, such as MPlayer, can leverage Wine technology to directly load some
Windows DLLs, providing support for proprietary codecs.
9.6. Multimedia Applications
Once you have your hardware configured under Linux, you'll want to run some multimedia applications.
So many are available for Linux that they can't possibly be listed here, so we instead describe some of
the general categories of programs that are available and list some popular representative applications.
You can look for applications using the references listed at the end of the chapter. Toward the end of the
chapter, you will also find more in-depth descriptions of some popular or particularly useful
These are the major categories of multimedia applications that are covered:
Mixer programs for setting record and playback gain levels
Multimedia players for audio and video files and discs
CD and DVD burning tools for authoring audio and video discs
Speech tools, supporting speech recognition and synthesis
Image, sound, and video editing tools for creating and manipulating multimedia files
Recording tools for generating and manipulating sound files
Music composition tools for creating traditional music scores or music in MIDI or MP3 format
Internet telephone and conferencing tools for audio communication over computer networks
Browser plug-ins for displaying multimedia data within a web browser
9.6.1. Sound Mixers
Sound mixers allow one to modify the hardware gain levels and input devices for your sound card. Most
sound mixers are similar. If you are running KDE or GNOME you'll generally get the best results using
the mixer provided with your desktop, which typically will appear as a speaker icon on your desktop's
panel. Command line mixer programs such as aumix can be useful for use in scripts or startup files to
set audio gains to desired levels during login, or when you are not running a graphical desktop, such as
a remote login.
Figure 9-1 shows a screenshot of KMix, the mixer provided by KDE.
Figure 9-1. KMix
9.6.2. Multimedia Players
Media players are the area with the greatest selection of applications and widest range of features and
user interfaces. No one application meets everyone's needssome aim to be lightweight and fast,
whereas others strive to offer the most features. Even within the KDE desktop, for example, a half
dozen different players are offered.
If you are running a desktop environment, such as KDE or GNOME, you likely already have at least one
media player program. If so, it is recommended that you use this player, at least initially, since it
should work correctly with the sound server used by these desktop environments and provide the best
integration with the desktop.
When choosing a media player application, here are some of the features you can look for:
Support for different sound drivers (e.g., OSS and ALSA) or sound servers (KDE aRts and GNOME
An attractive user interface. Many players are "skinnable," meaning that you can download and
install alternative user interfaces.
Support for playlists, allowing you to define and save sequences of your favorite audio tracks.
Various audio effects, such as a graphical equalizer, stereo expansion, reverb, voice removal, and
visual effects for representing the audio in graphical form.
Support for other file formats, such as audio CD, WAV, and video formats.
Here is a rundown of some of the popular media player applications:
Xmms is one popular media player, with a default user interface similar to Winamp. You can
download it from if it is not included in your Linux distribution. A
screenshot is shown in Figure 9-2.
Figure 9-2. Xmms
Xine is a full-featured audio and video media player that supports many file formats and
streaming media protocols. The project is hosted at the following site: A screenshot is shown in Figure 9-3.
Figure 9-3. Xine
MPlayer is another popular video player that supports a wide range of file formats, including the
ability to load codecs from Windows DLLs. It supports output to many devices, using X11, as well
as directly to video cards. The project's home page is
Due to legal issues, MPlayer is not shipped by most Linux distributions and so must be
downloaded separately.
9.6.3. CD and DVD Burning Tools
If you are running KDE or GNOME, basic CD data and audio burning support is available within the file
manager. If you want to go beyond this, or need more help to step you through the process, specialized
applications are available.
Note that many of the graphical CD burning applications use command-line tools such as cdrecord and
cdrdao to perform the actual CD audio track extraction, ISO image creation, and CD recording. For
maximum flexibility, some advanced users prefer to use these tools directly.
One of the first graphical CD burner applications was X-CD-Roast. Although newer applications
may offer a more intuitive wizard interface, it is still a reliable and functional program. A
screenshot is shown in Figure 9-4.
Figure 9-4. X-CD-Roast
K3b is a popular KDE CD burning tool. It presents a file manager interface similar to popular
Windows CD burning utilities such as Easy CD Creator. A screenshot is shown in Figure 9-5. You
can find an introduction to K3b in "Burning CDs with K3b," in Chapter 3.
Figure 9-5. K3B
Gcombust is a graphical burner application that uses the Gtk toolkit. The project's home page is A screenshot is shown in Figure 9-6.
9.6.4. Speech Tools
Speech synthesis and recognition have applications for accessibility and specialized applications, such
as telephony, where only an audio path is available.
Speech synthesis devices fall into two major types. Dedicated hardware synthesizers are available that
act as a peripheral to a computer and perform the text-to-speech function. These have the advantage of
offloading the work of performing the speech conversion from the computer, and tend to offer goodquality output. Software synthesizers run on the PC itself. These are usually lower cost than hardware
solutions but add CPU overhead and are sometimes of poor quality if free software is used.
The Rsynth package provides a simple command-line utility called say that converts text to
speech. It is included with or available for most Linux distributions.
Figure 9-6. Gcombust
Emacspeak is a text-based audio desktop for visually impaired users. It offers a screen reader
that can be used with a hardware or software text-to-speech synthesizer. More information can be
found on the project's web site, available here:
Festival is a software framework for building speech synthesis systems. It supports multiple
spoken languages and can be used to build systems programmed using the shell, C++, Java, and
Scheme. The home page for the project is found at
IBM ViaVoice
IBM offers a Linux version of the ViaVoice speech SDK that provides both text-to-speech
conversion as well as speech recognition. This is a commercial (nonfree) software product.
9.6.5. Image, Sound, and Video Editing and Management Tools
This section describes some of the popular tools for editing images , video, and sound files, as well as
managing image collections:
The GIMP is the GNU Image Manipulation Program. It is intended for tasks such as photo
retouching, image composition, and image authoring. It has been in active development for
several years and is a very stable and powerful program. A screenshot is shown in Figure 9-7. The
official web site for the GIMP is
Figure 9-7. GIMP
CinePaint, formerly called Film Gimp, is a painting and image retouching program designed for
work with film and other high-resolution images. It is widely used in the motion picture industry
for painting of background mattes and frame-by-frame retouching of movies. CinePaint is based
on The GIMP but has added features for film editing, such as color depths up to 128 bits, easy
navigation between frames, and support for motion picture file formats such as Kodak Cineon,
ILM OpenEXR, Maya IFF, and 32-bit TIFF. A screenshot is shown in Figure 9-8. The CinePaint web
site is
Figure 9-8. CinePaint
Gphoto2 is a set of digital camera applications for Linux and other Unix-like systems. It includes
the libgphoto2 library, which supports nearly 400 models of digital cameras. The other major
components are gphoto2, a command-line program for accessing digital cameras, and Gtkam, a
graphical application. The project's home page is A screenshot of Gtkam
is shown in Figure 9-9.
Digikam is the KDE digital camera application. It uses libgphoto2 to interface to cameras. A
screenshot is shown in Figure 9-10.
Kooka is the KDE scanner program. It supports scanners using the SANE library. As well as basic
image scanning, Kooka supports optical character recognition of text using several OCR modules.
A screenshot is shown in Figure 9-11.
9.6.6. Imaging Tools
A variety of tools are available for acquiring, manipulating, and managing digital images on your
computer. In this chapter, we look at some of them. Image management with KimDaBa
Many applications for viewing images exist, and in our experience, they can be grouped into two main
categories: those which are good at generating HTML pages from your image sets, and those which are
cool for showing fancy slide shows. The number of applications in both categories is counted in
hundreds if not thousands, mostly differing in things that would be considered taste or even religion.
You can browse the Linux application sites for your favorite application. Here we focus on an application
with a slightly different set of design goals.
Figure 9-9. Gtkam
Figure 9-10. Digikam
Figure 9-11. Kooka
KimDaBa (KDE Image DataBase) is best explained by the following quote from its home page:
If you are like me you have hundreds or even thousands of images ever since you got your first
camera, some taken with a normal camera, others with a digital camera. Through all the years
you believed that until eternity you would be able to remember the story behind every single
picture, you would be able to remember the names of all the persons on your images, and you
would be able to remember the exact date of every single image.
I personally realized that this was not possible anymore, and especially for my digital imagesbut
also for my paper imagesI needed a tool to help me describe my images, and to search in the pile
of images. This is exactly what KimDaba is all about.
The basic idea behind KimDaBa is that you categorize each image with who is in it, where it was taken,
and a keyword (which might be anything you later want to use for a search). When looking at your
images, you may use these categories to browse through them. Figure 9-12 shows the browser of
You may add your own categories if the ones described do not fit your usage of KimDaBa.
Figure 9-12. Browsing images with KimDaBa
Browsing goes like this: at the top of the list shown in Figure 9-12 you see items for Keywords,
Locations, Persons, and so on. To find an image of, say, Jesper, you simply press Persons and, from the
list that appears, choose Jesper. Now you are back to the original view with Keywords, Locations,
Persons, and so forth. Now, however, you are in the scope of Jesper, meaning that KimDaBa only
displays information about images in which Jesper appears. If the number of images is low enough for
you to find the image you have in mind, then you may simply choose View Images. Alternatively, repeat
the process. If you want to find images with Jesper and Anne Helene in them, then simply choose
Persons again, and this time choose Anne Helene. If you instead want images of Jesper in Las Vegas,
then choose Locations and, from that view, Las Vegas.
There is no such thing as a free lunch. For KimDaBa this means that you need to categorize all your
images, which might be a rather big task if you have thousands of images. KimDaBa is, however, up to
this task after all, one of its main design criteria is to scale up to tens or even hundreds of thousands of
There are two ways of categorizing images in KimDaBa, depending on your current focus, but first and
foremost let's point out that the categorizing tasks can be done step by step as you have time for them.
The first way of categorizing images is by selecting one or more images in the thumbnail view (which
you get to when you press View Images), and then press the right mouse button to get to the context
menu. From the context menu, either choose Configure Images One at a Time (bound to Ctrl-1) or
Configure All Images Simultaneously (bound to Ctrl-2).
Configure All Images Simultaneously allows you to set the location of all images from, say, Las Vegas
with just a few mouse clicks, whereas Configure Images One at a Time allows you to go through all the
images one by one, specifying, say, who is in them.
Figure 9-13 shows the dialog used for setting properties for the images. In this dialog you may either
select items from the list boxes or start typing the name in questionKimDaBa will offer you alternatives
as you type. (In the screenshot, I only typed J, and KimDaBa thus found the first occurrence that
The alternative way of specifying properties is to do it while you view your images (e.g., as a full-screen
slide show). In this mode, you simply set a letter token on the image by pressing the letter in question.
This usage is intended for fixing annotations later onsay you are looking at your images and realize that
you forgot to mark that Jesper is in a given image. Once you have set a number of tokens, you can use
these for browsing, just as you use persons, locations, and keywords. What you typically would do is
simply to browse to the images with a given token, and then use the first method specified previously to
set the person missing in the images.
Once you have annotated all your images, you can drive down memory lane in multiple ways. As an
appetizer, here is a not-so-uncommon scenario derived from personal use of KimDaBa: you sit with
your girlfriend on the living-room sofa, discussing how much fun you had in Mallorca during your
vacation in 2000, and agree to grab your laptop to look at the images. You choose Holiday Mallorca
2000 from the keyword category, and start a slide show with all the images. As you go on, you see an
image from when you arrived home. On that image is an old friend who you haven't talked to in a long
time. In the full-screen viewer, you press the link with his name (all the information you typed in is
available during viewing in an info box). Pressing his name makes KimDaBa show the browser, with him
in scope. Using the date bar, you now limit the view to only show images of him from 1990 to 2000.
This leads you to some images from a party that you attended many years ago, and again the focus
changes, and you are looking at images from that party. Often, you end up getting to bed late those
evenings when you fetch the laptop.
Figure 9-13. Configuring KimDaBa Image manipulation with the GIMP
Introduction. The GIMP is the GNU Image Manipulation Program. It is intended for tasks such as photo
retouching, image composition, and image authoring. It has been in active development for several
years and is a very stable and powerful program.
The GIMP's home is, the online manual is available from,
and additional plug-ins to expand GIMP's features can be found at
It is possible to use GIMP as a simple pixel-based drawing program, but its strength is really image
manipulation. In this book we present a small selection of useful tools and techniques. A complete
coverage of the GIMP would require a whole book, so read this only as a teaser and for inspiration to
explore GIMP.
At the time of writing the current version of GIMP was 2.2. Minor details in the feature set and user
interface will be different in other versions, but the overall idea of the application is the same.
Selection tools. When GIMP is started, it shows the toolbox window, as seen in Figure 9-14. The upper
part of the toolbox contains a number of buttons, each of which represents a tool. There is also a
menubar with menus for creating new images, loading, saving, editing preferences, and so on. Below
the buttons is a section showing the current foreground and background colors, selected pen, and so on.
The lower part of the window shows the options for the current tool.
To create a new image, choose File
the tools.
New. This gives us a blank image to use for experimenting with
The first five tools are selection tools: rectangle, ellipse, freehand, magic wand, by color, and shapebased selection. A selection is an area of the image that almost any tool and filter in GIMP will work
onso it is an important concept. The current selection is shown with "marching ants." You can show and
hide the marching ants with Ctrl-Z.
The first three selection tools are, except for the shape of the selection made, quite similar. While
dragging out a rectangular or elliptical selection, it is possible to keep a constant aspect ratio by holding
down the Shift key. In the option window for each selection tool, it is possible to choose a selection
mode to add to an existing selection, subtract from one, replace the current selection, and intersect with
All selection tools have a feather parameter that will control how soft the edges of the selection are. See
Figure 9-15 for an example.
The magic wand allows you to click on a pixel in the image and thereby select a contiguous area around
the pixel with similar color. Use the threshold slider to control how similar the colors must be. Selection
by color works like the magic wand, but it selects all pixels with similar value contiguous or not. Finally,
selection by shapes allows you to place points in the image and try to connect the points with curves
that follow edges in the image. When you have selected enough points to contain an area, click in the
middle of that area to convert the traced curve to a selection.
Figure 9-14. GIMP toolbox
Painting and erasing tools. To paint in an image, the Pencil, Paintbrush, Airbrush and Ink tools can
be used. They differ in the way the shapes you draw look: Pencil paints with hard edges, and Paintbrush
with soft edges, Airbrush paints semitransparently and Ink thickens the line when you paint slowly and
thins the line when you paint quickly.
To fill in an area, make a selection and use the paintbucket or gradient fill tool to fill it with color.
Selecting the pen style, color, and/or gradient can be done by clicking the controls in the middle of the
toolbox window.
Some people have trouble drawing a straight line in GIMP, but since you have this clever book in your
hands, you will know the secret: select one of the drawing tools, place the cursor where you want the
line to start, press and hold Shift, and then move the mouse to where the line should end and click once
with the left mouse button. Now either do the same again to draw another line segment or release the
Shift key and enjoy your straight line.
Figure 9-15. GIMP selections
If you make a mistake, use the most often used keyboard shortcut in GIMP: Ctrl-Z to undo. Multiple
levels of undo are available. There is also an eraser tool that allows you to selectively erase pixels.
Everything you do with the painting tools will be confined to the currently selected area if there is a
Photo retouching tools . The tools in this section are mostly for modifying digital photos in subtle
(and not so subtle) ways. The Clone tool is very useful to remove blemishes from a photo. It works by
first Ctrl-clicking in an image to set the source point, and then painting somewhere in an image. You
will now paint with "copies" of the source area. Figure 9-16 shows the upper-right corner of a landscape
photo that got a bit of the roof from a house into the frame. The left image is the original, and the right
one has the undesired feature removed by using the clone tool with some other part of the clouds as the
source area.
The last tool in the toolbox is the Dodge and Burn tool. It is used to lighten (dodge) and darken (burn)
parts of an image by drawing on it. This tool can be used to finetune areas with shadows or highlights.
Color adjustment. During postprocessing of digital photos, it can be very useful to adjust the overall
appearance of the light, color, and contrast of a photo. GIMP supports quite a number of tools for this.
They are available in the Layer/Colors context menu.
Figure 9-16. GIMP clone tool
One of the more useful tools is the Levels tool. It allows you to adjust the black and white points of an
image. Figure 9-17 shows a photo shot in harsh lighting conditions. It has low contrast and looks hazy.
Figure 9-17. Original photo
Let's fix that problem using the Levels dialog! Open the dialog for the Levels tool by choosing Levels
from the menu. The dialog can be seen in Figure 9-18.
Figure 9-18. Levels dialog
The diagram seen under "Input Levels" is a histogram of the brightness values in the image. The left
end of the histogram represents black, and the right end white. We see that that the lower 40% of the
histogram is emptythis means that we are wasting useful dynamic range. Below the histogram are three
triangular sliders. The black and the white ones are for setting the darkest and brightest point in the
image, and the gray one is for adjusting how values are distributed within the two other ones. We can
move the black point up as shown in Figure 9-19 to remove the haziness of the image. The result is
shown in Figure 9-20.
Contrast enhancement can be done either with the Brightness-Contrast tool or with the Curves tool. The
former is quite basic consisting of two sliders, one for brightness and one for contrast; the latter allows
much more control. Figure 9-21 shows an original image and two modified versions with different
curves applied. The middle image has the contrast-enhancing curve shown in Figure 9-22 applied, and
the right image has the contrast-decreasing curve shown in Figure 9-23 applied. The curves describe a
mapping from pixel values onto itself. A straight line at a 45-degree slope is the identity mapping;
anything else will modify the image. Best results are obtained if you only deviate a little bit from the 45degree straight line.
Figure 9-19. Levels dialog
Figure 9-20. Level adjusted
Figure 9-21. Curve adjusted
Colors can be changed with several tools, such as the Color Balance and Hue-Saturation tools. The
Levels and Curves tools can also be set to operate on individual color channels to achieve various
effects. But there is also another tool available: the Channel Mixer. Unlike the other tools this is located
in the Filters/Colors/Channel Mixer context menu. The Channel Mixer can be used to create a weighted
mix of each color channel (red, green, and blue) for each of the output channels. It is particularly useful
for converting color images to monochrome, often giving better results than simply desaturating the
image. Figure 9-24 shows the Channel Mixer, and Figure 9-25 shows two monochrome versions of the
same color image. The upper one is simply desaturated, and the lower one is based only on the blue
channel and seems to emphasize the bird rather than the background. When judging how to convert a
color image to monochrome, it can be helpful to examine each color component individually. See the
paragraph about channels for more about this.
Layers and channels. The most convenient way to access layers and channels is through the combined
layers, channels, paths, and undo history window. It can be accessed by right-clicking in the image's
windows and selecting the Dialogs
Create New Dock
Layers, Channels & Paths menu item.
Layers and channels allow you to view and manipulate different aspects of your images in a structured
Figure 9-22. Contrast-enhancing curve
An image is made up from one or more channel(s). True color images have three color channels,
one for each of the red, green, and blue components. Index-colored and grayscale images have
only one color channel. All types can have an optional alpha channel that describes the opacity of
the image (white is completely opaque; black is completely transparent). By toggling the eye
button for each channel, you can selectively view only a subset of the channels in an image.
Channels can be selected or deselected for manipulation. For normal operation, all color channels
are selected, but if you only want to paint into the red channel, for example, deselect the other
channels. All drawing operations will then only affect the red channel. This can, for example, be
used to remove the red flash reflection in your subjects' eyes. You can add additional channels to
an image using the buttons at the bottom of the dialog. A very useful feature is that you can save
a selection as a channel and convert a channel to a selection. This allows you to "remember"
multiple selections for later use, and it makes it easier to fine-tune a selection because you can
paint into a channel to add or remove areas to a selection. Figure 9-26 shows the Channel tab in
the combined Layers, Channels dialog. The green and blue channels are visible, and the green
channel is selected for editing.
Layers are a very powerful feature of the GIMP. Think of layers as a way of stacking multiple
images on top of each other, affecting each other in various ways. If a layer has an alpha channel,
the layers beneath it will show through in transparent areas of the layer. You can control the
overall opacity of a layer by using the opacity slider shown in the dialog. Use the buttons at the
bottom of the dialog to create, duplicate, and delete layers and to move layers up and down the
stacking order. You can assign a name to a layer by right-clicking it and choosing Edit Layer
Attributes. Figure 9-27 shows the Layers tab in the Layers, Channels dialog with an image loaded
and two duplicate layers created.
Figure 9-23. Contrast-decreasing curve
Recall the image of the car from the curves example. The ground and car looked most interesting
with the high-contrast curve, but the sky lost detail with this curveit looked better with the lowcontrast curve because it pulled out detail from the bright sky. Let us try to combine those two
approaches. We'll leave the lowest layer alone it will serve as a reference. Rename the middle
layer "Ground" and the topmost one "Sky." Now make only the Ground layer visible, select it, and
use the Curves tool to enhance contrast. Then make the topmost layer visible, select it, and apply
a low-contrast curve to it. Now we need to blend the two layers together. To do this, we add a
layer mask to the topmost layer, but before we do that, we want to get a good starting point for
the mask. Use the magic wand selection tool to select as much of the sky as possible without
selecting any of the trees, cars, or the ground. Remember that Shift-clicking adds to a selection.
When most of the sky is selected, right-click on the topmost layer and choose Add Layer Mask and
then choose Selection in the dialog that pops up. Don't worry if the selection doesn't align
perfectly at the pixel level with the horizon we can fix that later. Press Ctrl-Shift-A to discard the
current selectionwe don't need it any more. Now the Layers dialog should look like Figure 9-28.
Figure 9-24. Channel Mixer
By clicking on either the layer thumbnail or the layer mask thumbnail, you can choose which one
of them you want to edit. Choose the layer mask and zoom in on the boundary between the trees
and the sky. Now the mask can be adjusted by simply painting on the image with a black or white
pen. White makes the sky show through and black makes the trees show through. To see the
mask itself instead of the image, right-click the mask in the Layers dialog and choose Show Mask.
The result should look something like Figure 9-29.
Figure 9-25. Channel Mixer example
So far we've only been using layers in Normal mode, but there are other modes as well. The other
modes make a layer interact with the layers below it in interesting ways. It is possible to make
the pixel values in a layer burn, dodge, multiply, and so forth, with the pixel values of the layer
below it. This can be very powerful when used properly. Figure 9-30 shows the image from before
with a new transparent layer added on top of it. This new layer contains the result of selecting a
rectangle slightly smaller than the whole image, feathering the selection with a large radius (10%
of the image height), inverting it, and filling out the selection with black paint. The mode of the
layer is set to Overlay, which causes a slight darkening of the layers below it around the black
areas near the borders. The effect looks as if the photo were taken with an old or cheap camera
and adds to the mood of the scene. If we had used the Normal mode instead of Overlay, the effect
would have been too much and looked unnatural. Try experimenting with the different modes
Figure 9-26. Channels dialog
Figure 9-27. Layers dialog
Figure 9-28. Layers and mask
Filters. The final major aspect of GIMP we cover here is its filters. Filters are effects that can be applied
to an entire image or a selection. GIMP is shipped with a large number of different filters, and it is
possible to plug in new filters to extend the capabilities of GIMP. Filters are located in the right mouse
button Filters menu. The Channel Mixer is an example of such a filter. We discuss two useful filters,
Gaussian Blur and Unsharp Mask, and apply them to the image from the previous example.
Gaussian Blur
This filter provides a nice smooth blurring effect. Try it with different blur radius settings. The IIRtype Gaussian blur seems to look better than RLE with most images.
For our example we are not going to blur the actual image. Instead, we are going to smooth out
the transition between the high- and low-contrast layers. Do this by selecting the layer mask in
the sky layer and applying Gaussian Blur. A radius of 8 seems to work well here. Zoom in on the
border between the trees and the sky, and don't be afraid to experiment you can always press
Ctrl-Z to undo and try again. Figure 9-31 shows a closeup of before and after applying Gaussian
Blur to the mask. The effect is subtle, but important for making the two layers blend seamlessly.
Unsharp Mask
Despite its name, Unsharp Mask is a filter for enhancing the perceived sharpness of images. It
offers more control and often provides more pleasing results than the simple Sharpen filter.
Unsharp Mask works like this: first it makes an internal copy of your image and applies a
Gaussian blur to it. Then it calculates the difference between the original and the blurred image
for each pixel, multiplies that difference by a factor, and finally adds it to the original image. The
idea is that blurring affects sharp edges much more than even surfaces, so the difference is large
close to the sharp edges in the image. Adding the difference back further emphasizes those sharp
edges. The Radius setting for Unsharp Mask is the radius for the Gaussian blur step, the Amount
is the factor that the differences are multipled by, and the Threshold setting is for ignoring
differences smaller than the chosen value. Setting a higher threshold can help when working with
images with digital noise in them so we don't sharpen the noise.
Figure 9-29. Two layers
Figure 9-30. Two layers
Looking at our example with the sky and car again, we notice that the high-contrast part lost
some details in the shadows when we pulled up the contrast. This can also be remedied with
Unsharp Mask. To do this, we apply Unsharp Mask with a high radius and low amount. This
technique is called "local contrast enhancement." Start out by making a copy of the whole image
by pressing Ctrl-D and merging all layers in the copy. This is done by choosing Image
Image from the context menu. Then we want to scale the image for screen viewing. Open the
scaling dialog by choosing Image
Scale Image from the context menu and choosing a suitable
size and the bicubic (best) scaling algorithm. Now we are ready to apply Unsharp Mask for local
contrast enhancement. A radius of 25, an amount of 0.15, and threshold of 0 seems to look good.
Figure 9-31. Blurring the mask before and after
Finally, we want to sharpen up the edges a bit. To do this, we apply Unsharp Mask with a small
radius (0.5) and higher amount (0.5) and with a threshold of 6. Figure 9-32 shows the
unsharpened image on the left, the image with local contrast enhancement applied in the middle,
and the image with the final sharpening pass applied on the right.
9.6.7. Recording Tools
If you want to create your own MP3 files, you will need an encoder program. There are also programs
that allow you to extract tracks for audio CDs.
Although you can perform MP3 encoding with open source tools, certain patent claims have made the
legality of doing so questionable. Ogg Vorbis is an alternative file format and encoder that claims to be
free of patent issues. To use it, your player program needs to support Ogg Vorbis files because they are
not directly compatible with MP3. However, many MP3 players, such as Xmms, support Ogg Vorbis
already; in other cases, there are direct equivalents (such as ogg123 for mpg123). For video, Ogg has
developed the Ogg Theoris codec, which is free and not encumbered by any patents.
This section lists some popular graphical tools for recording and manipulating multimedia.
Figure 9-32. Two passes of Unsharp Mask
KDE includes Krec as the standard sound recorder applications. You can record from any mixer
source, such as a microphone or CD, and save to a sound file. Although it offers some audio
effects, it is intended as a simple sound recorder application. A screenshot is shown in Figure 933.
Figure 9-33. Krec
Audacity is an audio editor that can record and play back sounds and read and write common
sound file formats. You can edit sounds using cut, copy, and paste; mix tracks; and apply effects.
It can graphically display waveforms in different formats.
A screenshot is shown in Figure 9-34. The project home page is
Figure 9-34. Audacity
Ardour is a full-featured digital audio workstation designed to replace analog or digital tape
systems. It provides multitrack and multichannel audio recording capability, mixing, editing, and
effects. A screenshot is shown in Figure 9-35. The project home page is
Figure 9-35. Ardour
Freevo is an open source home theater platform based on Linux and open source audio and video
tools. It can play audio and video files in most popular formats. Freevo can be used as a
standalone personal video recorder controlled using a television and remote, or as a regular
desktop computer using the monitor and keyboard.
A screenshot is shown in Figure 9-36. The project home page is
Figure 9-36. Freevo
MythTV is a personal video recorder (PVR ) application that supports a number of features,
Watching and recording television
Viewing images
Viewing and ripping videos from DVDs
Playing music files
Displaying weather and news and browsing the Internet
Internet telephony and video conferencing
A screenshot is shown in Figure 9-37. The MythTV home page is
Figure 9-37. MythTV
9.6.8. Music Composition Tools
Many applications are available that help music composers.
MIDI sequencers allow a composer to edit and play music in MIDI format. Because MIDI is based on
note events, tracks, and instruments, it is often a more natural way to work when composing music
than directly editing digital sound files.
Scoring programs allow composers to work with traditional music notation and produce typeset sheet
music. Some support other notation formats such as tablature for guitar and other instruments.
Some programs combine both MIDI sequencing and scoring, or can work with various standardized file
formats for musical notation.
Brahms is a KDE-based MIDI sequencer application that allows a composer to edit tracks and play
them back. You can work with MIDI events or a traditional music score using different editor
windows. A screenshot is shown in Figure 9-38. The project home page is
Rosegarden is an audio and MIDI sequencer, score editor, and general-purpose music
composition and editing environment. It allows you to work with MIDI events or music notation.
It is integrated with other KDE applications and has been localized into about 10 languages.
A screenshot is shown in Figure 9-39. The project home page is
LilyPond is a music typesetter that produces traditional sheet music using a high-level description
file as input. It supports many forms of music notation constructs, including chord names, drum
notation, figured bass, grace notes, guitar tablature, modern notation (cluster notation and
rhythmic grouping), tremolos, (nested) tuplets in arbitrary ratios, and more.
LilyPond's text-based music input language support can integrate into LATEX, HTML, and Texinfo,
allowing documents containing sheet music and traditional text to be written from a single source.
It produces PostScript and PDF output (via T EX), as well as MIDI.
The project home page is There is a graphical front end to LilyPond called
9.6.9. Internet Telephony and Conferencing Tools
Telephony over the Internet has recently become popular and mainstream. Using VOIP (Voice Over IP)
technology, audio is streamed over a LAN or Internet connection. SIP (Session Initiation Protocol) is a
standard for setting up multimedia sessions (not just audio). Either a sound card and microphone or
dedicated hardware resembling a traditional telephone can be used. Internet telephony has a number of
advantages, but the main one is costmany users today have a full-time high-speed Internet connection
that can be used to connect to anyone else in the world with compatible software. With a suitable
gateway, you can make a call between a VOIP phone and the public telephone network.
There are many VOIP applications for Linux. KPhone is one popular KDE-based one. As well as audio, it
supports instant messaging and has some support for video. The project's home page is
There are also commercial applications that use proprietary protocols or extensions to protocols. One
example is Skype, which offers a free client but requires subscription to a service to make calls to
regular phones through a gateway. Skype can be found at
H.323 is a standard for video conferencing over LANs. It is supported by Microsoft NetMeeting, which is
included with Microsoft Windows. H.323-compliant applications are available on Linux, the most notable
being GnomeMeeting. The project's home page is
Figure 9-38. Brahms
9.6.10. Browser Plug-ins
Browser plug-ins allow data types other than HTML to be presented in your web browser. Some of these
qualify as multimedia. They can be divided into three categories:
Plug-ins that come with the browser or are available from the same source as the browser (e.g.,
Mozilla or Firefox).
Native plug-ins from third parties, such as Adobe Acrobat, usually available at no cost although
they may be closed source.
Windows plug-ins that can run inside some Linux browsers using CodeWeaver's CrossOver (Wine)
technology. This category includes plug-ins such as Apple QuickTime, Windows Media Player, and
Adobe Shockwave. Many of these are not available as native Linux plug-ins.
Figure 9-39. Rosegarden
The Netscape plug-in format is supported by Netscape, Mozilla, and some other browsers derived from
Mozilla, such as FireFox. Netscape plug-ins are also supported by the KDE project's Konqueror browser.
9.6.11. Putting It All Together
This chapter has talked about a lot of different multimedia tools. Although most of these tools are
straightforward to use and perform a well-defined function on their own, more powerful tasks can be
performed by combining tools. Let's look at a real-life example.
I like to collect and restore old vacuum tube radios from the 1930s through 1950s. After I have restored
a radio to working condition I like to display it. But when I turn it on, hearing the local sports or talk
radio station doesn't seem appropriate. Wouldn't it be fun to hear some old radio shows from the era in
which the radio was made coming out of the radio?
Lots of old-time radio broadcasts are available as free downloads on the Internet. I can download a
number of these to my computer. It is also possible to buy CDs of old radio programs. I might even
have an old vinyl record or cassette tape of old radio shows. Using Audacity and connecting a turntable
or tape player to my sound card's audio input, I can convert them to sound files. The files can have
some simple editing and processing done to clean them up, and they can be converted to MP3 format.
If I want to listen to them on my computer, I can use Juk to arrange them in playlists of my favorite
programs arranged by type and have hours of continuous music or radio shows. I can save the MP3 files
to my portable MP3 player to listen to when I am away from the computer, or burn them to a CD to
listen to with a portable CD player.
Using a low-power AM transmitter, I can legally broadcast programming throughout my home. An
inexpensive AM transmitter is available from a number of sources and connects either to the sound card
output of my computer or a CD player, and can broadcast vintage radio programs on the AM band to
radios within the house. Now when I turn on that old radio, I can hear Burns and Allen, The Shadow, or
some swing music from the 1940s. I might even be able to convince the more gullible visitors to my
radio room that old radios can still pick up old radio programs.
9.7. Multimedia Toolkits and Development Environments
KDE and GNOME have already been discussed. They provide basic support for graphics and sound that
can be used for multimedia applications if they are not too demanding. If you want to do more, or if
KDE or GNOME does not fit your needs, there are other toolkits available that are worth considering.
This section briefly mentions some of the more popular multimedia toolkits and libraries available for
Simple DirectMedia Layer (SDL )
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide lowlevel access to audio, keyboard, mouse, joystick, 3D hardware via OpenGL , and 2D video
framebuffers. It is used by MPEG playback software, emulators, and many popular games,
including the award-winning Linux port of Civilization: Call to Power.
SDL is written in C, but works with C++ natively and has bindings to several other languages,
including Ada, Eiffel, Java, Lua, ML, Perl, PHP, Pike, Python, and Ruby.
The project home page is
OpenGL is a standardized API for 2D and 3D graphics programming developed by Silicon
Graphics, Inc. (SGI). It supports rendering, texture mapping, special effects, and other powerful
visualization functions. More information can be found at
There are several free implementations of OpenGL support under Linux. The most popular is
Mesa. Because it is not licensed from SGI, it cannot officially be called OpenGL, but it is designed
to be compatible. The Mesa project home page is
OpenAL is a cross-platform 3D audio API appropriate for use with gaming applications and many
other types of audio applications. Conceptually, you can think of OpenAL as a 3D rendering library
for audio just as OpenGL is a 3D rendering library for graphics.
The project's home page is
JACK is a low-latency audio server, written for POSIX-conformant operating systems such as
GNU/Linux and Apple's OS X. It can connect a number of different applications to an audio device,
as well as allowing them to share audio between themselves. Its clients can run in their own
processes (i.e., as normal applications), or they can run within the JACK server (i.e., as a plugin).
The JACK home page is
GStreamer is a library that allows the construction of graphs of media-handling components,
ranging from simple sound file playback to complex audio mixing and video nonlinear editing.
Applications can take advantage of advances in codec and filter technology transparently.
Developers can add new codecs and filters by writing a simple plug-in with a clean, generic
The GStreamer web site is
Network Multimedia Middleware (NMM)
NMM is a multimedia middleware package that allows the creation of distributed multimedia
applications . A number of plug-ins supporting various media types, operations, and I/O devices
are included. NMM has been used to implement a multimedia application that provides an
extensible home entertainment system for DVD/CD playback and frame grabbing, TV with timeshifting, video recording, and playlist creation and playback for all supported media types.
More information can be found at
Media Applications Server (MAS)
The Media Application Server (MAS) is a time-aware arbiter of video and audio hardware, meant
to scale the gamut of systems, from embedded to massively parallel, from handheld devices to
supercomputers, from a microphone source to a speech recognition engine sink. MAS is a
multimedia routing server. It moves multimedia data across the Internet virtually in real time,
ensuring quality presentation of video, audio, and other time-sensitive information.
For more information on MAS, see
Multimedia distributions
There are some Linux distributions being developed that are optimized to be used as multimedia
platforms. One such project is AGNULA, which stands for A GNU/Linux Audio distribution. With
funding from the European Commission, it is developing two reference Linux distributions of free
software: DeMuDi (Debian-based Multimedia Distribution) and ReHMuDi (Red Hat-based
Multimedia Distribution). The project's home page is
9.8. Solutions to Common Problems
Listed here are answers to some commonly asked questions and solutions to common problems related
to multimedia hardware and software:
Why doesn't my distribution include an MP3 encoder or DVD player?
Due to legal issues related to patents, many Linux distributions do not ship an MP3 encoder or
DVD player application. You may be able to download these separately after determining for
yourself that they can be used legally in your jurisdication.
Are there free alternatives to MP3 and DVD that are not encumbered by patents?
The Ogg project by the Foundation has developed several encoding formats and free
implementations that are free of patent issues including Ogg Vorbis for audio and Ogg Theoris for
video. See for more information.
Kernel modules not loaded
This could be caused by incorrect module configuration files. It will also occur if the kernel module
loader (kerneld or kmod) is not running. Make sure the module is available for loading in the
appropriate directory (typically something like /lib/modules/2.4.17/kernel/drivers/sound).
Sound card not detected
You are probably using the wrong kernel driver or the wrong settings for I/O address, IRQ, or
DMA channel.
IRQ/DMA timeout or device conflicts
You are using the wrong settings for I/O address, IRQ, and DMA, or you have a conflict with
another card that is using the same settings.
No sound after rebooting
If sound was working and then stopped when the system was rebooted, you probably have a
problem with the module configuration files. This can also occur if the system init scripts are not
configured to initialize PnP cards or to load the modules. If the drivers are loaded, it could be that
the mixer settings are set too low to hear any audio. Use a mixer program to adjust the sound
levels while using a media player program to play a known good sound file.
If you are running KDE or GNOME, make sure that the appropriate sound server (aRts or esd) is
running. On some systems, you may need to adjust the sound server settings using the control
panel provided for this purpose. In the case of KDE you can also conveniently test the sound
server from the control panel.
Sound works only for root
This probably indicates a permissions problem with the device files. Many systems allow only
users who are members of the group "audio" to access the sound devices. Add the user(s) to this
group or change the permissions on the audio devices using the chmod command. Some versions
of the 2.6 Linux kernel do not respect the group file permissions for device files, and they need to
be made readable to the user who is logged on.
No sound is heard but there are no error messages
If sound programs appear to be playing but nothing is heard, it is probably a problem with the
mixer settings, or a problem with the connection of the speakers.
Unable to record audio
This could indicate a problem with the mixer settings. You need to set the levels and select the
input device. You might also have a bad microphone or be using the wrong input jack on the
sound card.
Device busy error
Either you have a device conflict, or another application is using the sound devices. This could be
because you are running a sound server program, such as esd or artsd.
No sound when playing audio CD
To play audio CDs, you need a cable from the CD-ROM drive to your sound card. Make sure you
have selected CD input using a mixer program. Try connecting headphones to the front-panel jack
of the CD-ROM drive. If you can hear audio, the problem is not with the drive itself. If you can't
hear audio from the headphones, the problem is with the drive or CD player program. (Note that
some newer CD player programs support digital playback without a cable, but you may need to
configure them to operate in this mode.)
Cannot play MIDI files
Some MIDI applications work only with a sound card that has an FM synthesizer, and not all cards
have this hardware (or the kernel driver for the sound card may not support it). Try using another
MIDI application that supports using the standard audio device.
9.9. References
Listed here are a few sources of information related to multimedia under Linux:
Sound and MIDI Software For Linux, a directory of multimedia applications and resources
SourceForge, the world's largest open source software development web site
Freshmeat, a huge directory of open source and commercial software projects
The Linux Sound HOWTO, available from the Linux Documentation Project
The Linux CD-ROM HOWTO, available from the Linux Documentation Project
The ALSA Project
4Front Technologies
The KDE project
The GNOME project
The WINE project
CodeWeavers, developers of CrossOver
The ReWind project
TransGaming Technologies, developers of Cedega
Linux Multimedia Guide (O'Reilly)
Linux Music and Sound (No Starch Press)
Part II: System Administration
In this part of the book we show you how to set up your Linux system and its environment to do
pretty important things such as printing and sharing files with other systems; we also show you
how to take care of your system in other ways. If you have more than one person using the
system, the material in this section is particularly important. It's also important if your distribution
failed to get networking up and running, or if you want to run any of the servers in Part IV of the
Chapter 10: System Administration Basics
Chapter 11: Managing Users, Groups, and Permissions
Chapter 12: Installing, Updating, and Compiling Programs
Chapter 13: Networking
Chapter 14: Printing
Chapter 15: File Sharing
Chapter 16: The X Window System
Chapter 17: System Start and Shutdown
Chapter 18: Configuring and Building the Kernel
Chapter 19: Text Editing
Chapter 20: Text Processing
Chapter 10. System Administration Basics
If you're running your own Linux system, one of the first tasks at hand is to learn the ropes of system
administration . You won't be able to get by for long without having to perform some kind of system
maintenance, software upgrade, or mere tweaking to keep things in running order.
Running a Linux system is not unlike riding and taking care of a motorcycle. [*] Many motorcycle
hobbyists prefer caring for their own equipmentroutinely cleaning the points, replacing worn-out parts,
and so forth. Linux gives you the opportunity to experience the same kind of "hands-on" maintenance
with a complex operating system.
[*] At least one author attests a strong correspondence between Linux system administration and Robert Pirsig's
Zen and the Art of
Motorcycle Maintenance. Does Linux have the Buddha nature?
Although a passionate administrator can spend any amount of time tuning it for performance, you really
have to perform administration only when a major change occurs: you install a new disk, a new user
comes on the system, or a power failure causes the system to go down unexpectedly. We discuss all
these situations over the next four chapters.
Linux is surprisingly accessible, in all respectsfrom the more mundane tasks of upgrading shared
libraries to the more esoteric, such as mucking about with the kernel. Because all the source code is
available and the body of Linux developers and users has traditionally been of the hackish breed,
system maintenance is not only a part of daily life but also a great learning experience. Trust us: there's
nothing like telling your friends how you upgraded from PHP 4.3 to PHP 5.0 in less than half an hour,
and all the while you were recompiling the kernel to support the ISO 9660 filesystem. (They may have
no idea what you're talking about, in which case you can give them a copy of this book.)
In the next few chapters, we explore your Linux system from the mechanic's point of viewshowing you
what's under the hood, as it wereand explain how to take care of it all, including software upgrades,
managing users, filesystems, and other resources, performing backups, and handling emergencies.
Once you put the right entries in startup files, your Linux system will, for the most part, run itself. As
long as you're happy with the system configuration and the software that's running on it, very little
work will be necessary on your part. However, we'd like to encourage Linux users to experiment with
their system and customize it to taste. Very little about Linux is carved in stone, and if something
doesn't work the way that you'd like it to, you should be able to change that. For instance, in earlier
chapters we've shown you how to read blinking green text on a cyan background rather than the
traditional white-on-black, if that's the way you prefer it, or to add applets to your desktop panel. But
this book also shows you something even more important: after installing a Linux distribution, you
usually have lots of services running that you may not need (such as a web server). Any of these
services could be a potential security hole, so you might want to fiddle with the startup files to get only
the services you absolutely need.
It should be noted that many Linux systems include fancy tools to simplify many system administration
tasks. These include YaST2 on SUSE systems, the Mandriva Control Center on Mandriva systems, and a
number of utilities on Red Hat systems. These tools can do everything from managing user accounts to
creating filesystems to doing your laundry. These utilities can make your life either easier or more
difficult, depending on how you look at them. In these chapters, we present the "guts" of system
administration, demonstrating the tools that should be available on any Linux system and indeed nearly
all Unix systems. These are the core of the system administrator's toolbox: the metaphorical hammer,
screwdriver, and socket wrench that you can rely on to get the job done. If you'd rather use the 40-hp
circular saw, feel free, but it's always nice to know how to use the hand tools in case the power goes
out. Good follow-up books, should you wish to investigate more topics in Unix system administration,
include the Unix System Administration Handbook, by Evi Nemeth et al. (Prentice Hall) and Essential
System Administration, by Æleen Frisch (O'Reilly).
10.1. Maintaining the System
Being the system administrator for any Unix system requires a certain degree of responsibility and care.
This is equally true for Linux, even if you're the only user on your system.
Many of the system administrator's tasks are done by logging into the root account. This account has
special properties on Unix systems; specifically, the usual file permissions and other security
mechanisms simply don't apply to root. That is, root can access and modify any file on the system, no
matter to whom it belongs. Whereas normal users can't damage the system (say, by corrupting
filesystems or touching other users' files), root has no such restrictions.
At this point, it should be mentioned that some distributions, such as Ubuntu, disable the root account
and require users to use the sudo tool instead. With sudo, you cannot log in as root, but you can
execute exactly one command with the rights of root, which amounts to the same thing, except that you
have to prefix each command with sudo.
Why does the Unix system have security in the first place? The most obvious reason for this is to allow
users to choose how they wish their own files to be accessed. By changing file permission bits (with the
chmod command), users can specify that certain files should be readable, writable, or executable only
by certain groups of other users, or by no other users at all. Permissions help ensure privacy and
integrity of data; you wouldn't want other users to read your personal mailbox, for example, or to edit
the source code for an important program behind your back.
The Unix security mechanisms also prevent users from damaging the system. The system restricts
access to many of the raw device files (accessed via /dev--more on this in "Device Files" later in this
chapter) corresponding to hardware, such as your hard drives. If normal users could read and write
directly to the disk-drive device, they could wreak all kinds of havoc say, completely overwriting the
contents of the drive. Instead, the system requires normal users to access the drives via the
filesystemwhere security is enforced via the file permission bits described previously.
It is important to note that not all kinds of "damage" that can be caused are necessarily malevolent.
System security is more a means to protect users from their own natural mistakes and
misunderstandings rather than to enforce a police state on the system. And, in fact, on many systems
security is rather lax; Unix security is designed to foster the sharing of data between groups of users
who may be, say, cooperating on a project. The system allows users to be assigned to groups, and file
permissions may be set for an entire group. For instance, one development project might have free read
and write permission to a series of files, while at the same time other users are prevented from
modifying those files. With your own personal files, you get to decide how public or private the access
permissions should be.
The Unix security mechanism also prevents normal users from performing certain actions, such as
calling certain system calls within a program. For example, there is a system call that causes the
system to halt, called by programs such as shutdown (more on this later in the chapter). If normal
users could call this function within their programs, they could accidentally (or purposefully) halt the
system at any time.
In many cases, you have to bypass Unix security mechanisms in order to perform system maintenance
or upgrades. This is what the root account is for. Because no such restrictions apply to root, it is easy
for a knowledgeable system administrator to get work done without worrying about the usual file
permissions or other limitations. The usual way to log in as root is with the su command. su allows you
to assume the identification of another user. For example:
su andy
will prompt you for the password for andy, and if it is correct it will set your user ID to that of andy. A
superuser often wants to temporarily assume a regular user's identity to correct a problem with that
user's files or some similar reason. Without a username argument, su will prompt you for the root
password, validating your user ID as root. Once you are finished using the root account, you log out in
the usual way and return to your own mortal identity.[*]
[*] Notice that the Unix kernel does not care about the username actually being
root: it considers everybody who has the user ID 0 to be the
superuser. By default, the username root is the only username mapped to that user ID, but if you feel like it, you can always create a user
named thebigboss and map that to user ID 0 as well. The next chapter will show you how to do that.
Why not simply log in as root from the usual login prompt? As we'll see, this is desirable in some
instances, but most of the time it's best to use su after logging in as yourself. On a system with many
users, use of su records a message, such as:
1 19:28:50 loomer su: mdw on /dev/ttyp1
in the system logs, such as /var/log/messages (we talk more about these files later). This message
indicates that the user mdw successfully issued an su command, in this case for root. If you were to log
in directly as root, no such message would appear in the logs; you wouldn't be able to tell which user
was mucking about with the root account. This is important if multiple administrators are on the
machine: it is often desirable to find out who used su and when.
There is an additional little twist to the su command. Just running it as described previously will only
change your user ID; it will not give you the settings made for this ID. You might have special
configuration files for each user, but these are not executed when using su this way. To emulate a real
login with all the configuration files being executed, you need to add a -, like this:
su - andy
su -
for becoming root and executing root's configuration files.
The root account can be considered a magic wandboth a useful and potentially dangerous tool.
Fumbling the magic words you invoke while holding this wand can wreak unspeakable damage on your
system. For example, the simple eight-character sequence rm -rf / will delete every file on your
system, if executed as root, and if you're not paying attention. Does this problem seem far-fetched? Not
at all. You might be trying to delete an old directory, such as /usr/src/oldp, and accidentally slip in a
space after the first slash, producing the following:
rm -rf / usr/src/oldp
Also problematic are directory names with spaces in them. Let's say you have directories named Dir\ 1
and Dir\ 2, where the backslash indicates that Dir\ 1 is really one filename containing a space character.
Now you want to delete both directories, but by mistake add an extra space again:
rm -rf Dir\
Now there are two spaces between the backslash and the asterisk. The first one is protected by the
backslash, but not the second one, so it separates the arguments and makes the asterisk a new
argument. Oops, your current directory and everything below it are gone.
Another common mistake is to confuse the arguments for commands such as dd, a command often used
to copy large chunks of data from one place to another. For instance, in order to save the first 1024
bytes of data from the device /dev/hda (which contains the boot record and partition table for that
drive), one might use the command:
dd if=/dev/hda of=/tmp/stuff bs=1k count=1
However, if we reverse if and of in this command, something quite different happens: the contents of
/tmp/stuff are written to the top of /dev/hda. More likely than not, you've just succeeded in hosing your
partition table and possibly a filesystem superblock. Welcome to the wonderful world of system
The point here is that you should sit on your hands before executing any command as root. Stare at the
command for a minute before pressing Enter and make sure it makes sense. If you're not sure of the
arguments and syntax of the command, quickly check the manual pages or try the command in a safe
environment before firing it off. Otherwise you'll learn these lessons the hard way; mistakes made as
root can be disastrous.
A nice tip is to use the alias command to make some of the commands less dangerous for root. For
example, you could use:
alias rm="rm -i"
The -i option stands for interactively and means that the rm command will ask you before deleting each
file. Of course, this does not protect you against the horrible mistake shown earlier; the -f option (which
stands for force) simply overrides the -i because it comes later.
In many cases, the prompt for the root account differs from that for normal users. Classically, the root
prompt contains a hash mark (#), whereas normal user prompts contain $ or %. (Of course, use of this
convention is up to you; it is utilized on many Unix systems, however.) Although the prompt may
remind you that you are wielding the root magic wand, it is not uncommon for users to forget this or
accidentally enter a command in the wrong window or virtual console.
Like any powerful tool, the root account can be abused. It is important, as the system administrator, to
protect the root password, and if you give it out at all, to give it only to those users who you trust (or
who can be held responsible for their actions on the system). If you're the only user of your Linux
system, this certainly doesn't applyunless, of course, your system is connected to a network or allows
dial-in login access.
The primary benefit of not sharing the root account with other users is not so much that the potential
for abuse is diminished, although this is certainly the case. Even more important is that if you're the one
person with the ability to use the root account, you have complete knowledge of how the system is
configured. If anyone were able to, say, modify important system files (as we'll talk about in this
chapter), the system configuration could be changed behind your back, and your assumptions about
how things work would be incorrect. Having one system administrator act as the arbiter for the system
configuration means that one person always knows what's going on.
Also, allowing other people to have the root password means that it's more likely someone will
eventually make a mistake using the root account. Although each person with knowledge of the root
password may be trusted, anybody can make mistakes. If you're the only system administrator, you
have only yourself to blame for making the inevitable human mistakes as root.
That being said, let's dive into the actual tasks of system administration under Linux. Buckle your
10.2. Managing Filesystems
You probably created filesystems and swap space when you first installed Linux (most distributions help
you do the basics). Here is a chance to fine-tune these resources. Most of the time, you do these things
shortly after installing your operating system, before you start loading up your disks with fun stuff. But
occasionally you will want to change a running system, for example, to add a new device or perhaps
upgrade the swap space when you upgrade your RAM.
To Unix systems, a filesystem is some device (such as a hard drive, floppy, or CD-ROM) that is
formatted to store files. Filesystems can be found on hard drives, floppies, CD-ROMs, and other storage
media that permit random access. (A tape allows only sequential access, and therefore cannot contain a
filesystem per se.)
The exact format and means by which files are stored is not important; the system provides a common
interface for all filesystem types it recognizes. Under Linux, filesystem types include the Third Extended
filesystem, or ext3fs, which you probably use to store Linux files; the Reiser filesystem, another popular
filesystem for storing Linux files; the VFAT filesystem, which allows files on Windows 95/98/ME
partitions and floppies to be accessed under Linux (as well as Windows NT/2000/XP partitions if they
are FAT-formatted); and several others, including the ISO 9660 filesystem used by CD-ROM.
Each filesystem type has a very different underlying format for storing data. However, when you access
any filesystem under Linux, the system presents the data as files arranged into a hierarchy of
directories, along with owner and group IDs, permission bits, and the other characteristics with which
you're familiar.
In fact, information on file ownership, permissions, and so forth is provided only by filesystem types
that are meant to be used for storing Linux files. For filesystem types that don't store this information,
the kernel drivers used to access these filesystems "fake" the information. For example, the MS-DOS
filesystem has no concept of file ownership; therefore, all files are presented as if they were owned by
root. This way, above a certain level, all filesystem types look alike, and each file has certain attributes
associated with it. Whether this data is actually used in the underlying filesystem is another matter
As the system administrator, you need to know how to create filesystems should you want to store
Linux files on a floppy or add additional filesystems to your hard drives. You also need to know how to
use the various tools to check and maintain filesystems should data corruption occur. Also, you must
know the commands and files used to access filesystemsfor example, those on floppy or CD-ROM.
10.2.1. Filesystem Types
Table 10-1 lists the filesystem types supported by the Linux kernel as of Version 2.6.5. New filesystem
types are always being added to the system, and experimental drivers for several filesystems not listed
here are available. To find out what filesystem types your kernel supports, look at the file
/proc/filesystems. You can select which filesystem types to support when building your kernel; see
"Kernel configuration: make config" in Chapter 18.
Table 10-1. Linux filesystem types
Second Extended
Used to be the most common Linux filesystem, but is slowly being made
obsolete by the Reiser and Third Extended filesystems
Reiser filesystem
reiserfs A journaling filesystem for Linux
Third Extended
Another journaling filesystem for Linux that is downward-compatible with
IBM's implementation of a journaled filesystem for Linux; an alternative
to ext3 and reiserfs
Network File
System (NFS)
Allows access to remote files on network
umsdos Installs Linux on an MS-DOS partition
Accesses MS-DOS files
VFAT filesystem
Accesses Windows 95/98/ME files
NT filesystem
Accesses Windows NT/2000/XP files
/proc filesystem
Provides process information for ps
ISO 9660
iso9660 Used by most CD-ROM s
UDF filesystem
The most modern CD-ROM filesystem
SMB filesystem
Accesses files from a Windows server over the network
Coda filesystem
An advanced network filesystem, similar to NFS
Cifs filesystem
The Common Internet File System, Microsoft's suggestion for an SMB
successor; supported by Windows 2000, 2003, and XP, as well as the
Samba server
Each filesystem type has its own attributes and limitations; for example, the MS-DOS filesystem
restricts filenames to eight characters plus a three-character extension and should be used only to
access existing MS-DOS floppies or partitions. For most of your work with Linux, you'll use the Second
or Third Extended (ext2 or ext3) filesystem, which were developed primarily for Linux and support 256character filenames, a 32-terabyte maximum filesystem size, and a slew of other goodies, or you will
use the Reiser (reiserfs ). Earlier Linux systems used the Extended filesystem (no longer supported) and
the Minix filesystem. (The Minix filesystem was originally used for several reasons. First of all, Linux was
originally cross-compiled under Minix. Also, Linus was quite familiar with the Minix filesystem, and it
was straightforward to implement in the original kernels.) Some other obscure filesystems available in
older Linux kernels are no longer supported.
The main difference between the Second Extended filesystem on the one hand and the Reiser and the
Third Extended filesystem on the other hand is that the latter two are journaled. Journaling is an
advanced technique that keeps track of the changes made to a filesystem, making it much easier (and
faster!) to restore a corrupted filesystem (e.g., after a system crash or a power failure). Another
journaled filesystem is IBM's Journaling File System, JFS.
You will rarely need the ROM filesystem , which is very small, does not support write operations, and is
meant to be used in ramdisks at system configuration, startup time, or even in EPROMS. Also in this
group is the Cram filesystem, which is used for ROMs as well and compresses its contents. This is
primarily meant for embedded devices, where space is at a premium.
The UMSDOS filesystem is used to install Linux under a private directory of an existing MS-DOS
partition. This is a good way for new users to try out Linux without repartitioning, at the expense of
poorer performance. The DOS-FAT filesystem, on the other hand, is used to access MS-DOS files
directly. Files on partitions created with Windows 95 or 98 can be accessed via the VFAT filesystem,
whereas the NTFS filesystem lets you access Windows NT filesystems . The HPFS filesystem is used to
access the OS/2 filesystem.
/proc is a virtual filesystem; that is, no actual disk space is associated with it. See "The /proc
Filesystem," later in this chapter.[*]
Note that the /proc filesystem under Linux is not the same format as the /proc filesystem under SVR4 (say, Solaris 2.x). Under SVR4,
each running process has a single "file" entry in /proc, which can be opened and treated with certain ioctl( ) calls to obtain process
information. On the contrary, Linux provides most of its information in /proc through read( ) and write( ) requests.
The ISO9660 filesystem (previously known as the High Sierra Filesystem and abbreviated hsfs on other
Unix systems) is used by most CD-ROMs. Like MS-DOS, this filesystem type restricts filename length
and stores only limited information about each file. However, most CD-ROMs provide the Rock Ridge
Extensions to ISO 9660, which allow the kernel filesystem driver to assign long filenames, ownerships,
and permissions to each file. The net result is that accessing an ISO 9660 CD-ROM under MS-DOS gives
you 8.3-format filenames, but under Linux gives you the "true," complete filenames.
In addition, Linux now supports the Microsoft Joliet extensions to ISO 9660, which can handle long
filenames made up of Unicode characters. This is not widely used now but may become valuable in the
future because Unicode has been accepted internationally as the standard for encoding characters of
scripts worldwide.
Linux also supports UDF, a filesystem that is meant for use with CD-RWs and DVDs.
Next, we have many filesystem types for other platforms. Linux supports the formats that are popular
on those platforms in order to allow dual-booting and other interoperation. The systems in question
include UFS, EFS, BFS, XFS, System V, and BeOS. If you have filesystems created in one of these
formats under a foreign operating system, you'll be able to access the files from Linux.
Finally, there is a slew of filesystems for accessing data on partitions; these are created by operating
systems other than the DOS and Unix families. Those filesystems support the Acorn Disk Filing System
(ADFS), the Amiga OS filesystems (no floppy disk support except on Amigas), the Apple Mac HFS, and
the QNX4 filesystem. Most of the specialized filesystems are useful only on certain hardware
architectures; for instance, you won't have hard disks formatted with the Amiga FFS filesystem in an
Intel machine. If you need one of those drivers, please read the information that comes with them;
some are only in an experimental state.
Besides these filesystems that are used to access local hard disks, there are also network filesystems for
accessing remote resources. We talk about those to some extent later.
Finally, there are specialty filesystems , such as those that store the data in RAM instead of on the hard
disk (and consequentially are much faster, but also lose all their data when the computer is powered
off), and those that provide access to kernel objects and kernel data.
10.2.2. Mounting Filesystems
In order to access any filesystem under Linux, you must mount it on a certain directory. This makes the
files on the filesystem appear as though they reside in the given directory, allowing you to access them.
Before we tell you how to mount filesystems, we should also mention that some distributions come with
automounting setups that require you to simply load a diskette or CD into the respective drive and
access it just as you would on other platforms. There are times, however, when everybody needs to
know how to mount and unmount media directly. (We cover how to set up automounting yourself later.)
The mount command is used to do this and usually must be executed as root. (As we'll see later,
ordinary users can use mount if the device is listed in the /etc/fstab file and the entry has the user
option.) The format of this command is:
mount -t type device mount-point
where type is the type name of the filesystem as given in Table 10-1, device is the physical device
where the filesystem resides (the device file in /dev), and mount-point is the directory on which to
mount the filesystem. You have to create the directory before issuing mount.
For example, if you have a Third Extended filesystem on the partition /dev/hda2 and wish to mount it
on the directory /mnt, first create the directory if it does not already exist and then use the command:
mount -t ext3 /dev/hda2 /mnt
If all goes well, you should be able to access the filesystem under /mnt. Likewise, to mount a floppy
that was created on a Windows system and therefore is in DOS format, you use the command:
mount -t msdos /dev/fd0 /mnt
This makes the files available on an MS-DOS-format floppy under /mnt. Note that using msdos means
that you use the old DOS format that is limited to filenames of eight plus three characters. If you use
vfat instead, you get the newer format that was introduced with Windows 95. Of course, the floppy or
hard disk needs to be written with that format as well.
There are many options for the mount command, which can be specified with the -o switch. For
example, the MS-DOS and ISO 9660 filesystems support "autoconversion" of text files from MS-DOS
format (which contain CR-LF at the end of each line) to Unix format (which contain merely a newline at
the end of each line). Using a command such as:
mount -o conv=auto -t msdos /dev/fd0 /mnt
turns on this conversion for files that don't have a filename extension that could be associated with a
binary file (such as .exe, .bin, and so forth).
One common option to mount is -o ro (or, equivalently, -r), which mounts the filesystem as read-only.
All write access to such a filesystem is met with a "permission denied" error. Mounting a filesystem as
read-only is necessary for media such as CD-ROMs that are nonwritable. You can successfully mount a
CD-ROM without the -r option, but you'll get the following annoying warning message:
mount: block device /dev/cdrom is write-protected, mounting read-only
Use a command such as:
mount -t iso9660 -r /dev/cdrom /mnt
instead. This is also necessary if you are trying to mount a floppy that has the write-protect tab in
The mount manual page lists all available mounting options. Not all are of immediate interest, but you
might have a need for some of them, someday. A useful variant of using mount is mount -a, which
mounts all filesystems listed in /etc/fstab except those marked with the noauto option.
The inverse of mounting a filesystem is, naturally, unmounting it. Unmounting a filesystem has two
effects: it synchronizes the system's buffers with the actual contents of the filesystem on disk, and it
makes the filesystem no longer available from its mount point. You are then free to mount another
filesystem on that mount point.
Unmounting is done with the umount command (note that the first "n" is missing from the word
"unmount"). For example:
umount /dev/fd0
unmounts the filesystem on /dev/fd0. Similarly, to unmount whatever filesystem is currently mounted
on a particular directory, use a command such as:
umount /mnt
It is important to note that removable media, including floppies and CD-ROMs, should not be removed
from the drive or swapped for another disk while mounted. This causes the system's information on the
device to be out of sync with what's actually there and could lead to no end of trouble. Whenever you
want to switch a floppy or CD-ROM, unmount it first using the umount command, insert the new disk,
and then remount the device. Of course, with a CD-ROM or a write-protected floppy, there is no way the
device itself can get out of sync, but you could run into other problems. For example, some CD-ROM
drives won't let you eject the disk until it is unmounted.
Reads and writes to filesystems on floppies are buffered in memory, like they are for hard drives. This
means that when you read or write data to a floppy, there may not be any immediate drive activity. The
system handles I/O on the floppy asynchronously and reads or writes data only when absolutely
necessary. So if you copy a small file to a floppy, but the drive light doesn't come on, don't panic; the
data will be written eventually. You can use the sync command to force the system to write all
filesystem buffers to disk, causing a physical write of any buffered data. Unmounting a filesystem makes
this happen as well.
If you wish to allow mortal users to mount and unmount certain devices, you have two options. The first
option is to include the user option for the device in /etc/fstab (described later in this section). This
allows any user to use the mount and umount command for a given device. Another option is to use one
of the mount frontends available for Linux. These programs run setuid as root and allow ordinary users
to mount certain devices. In general, you wouldn't want normal users mounting and unmounting a hard
drive partition, but you could be more lenient about the use of CD-ROM and floppy drives on your
Quite a few things can go wrong when attempting to mount a filesystem. Unfortunately, the mount
command will give you the same error message in response to a number of problems:
mount: wrong fs type, /dev/cdrom already mounted, /mnt busy, or other error
wrong fs type is simple enough: this means that you may have specified the wrong type to mount. If
you don't specify a type, mount tries to guess the filesystem type from the superblock (this works only
for minix, ext2, ext3, and iso9660). If mount still cannot determine the type of the filesystem, it tries all
the types for which drivers are included in the kernel (as listed in /proc/filesystems). If this still does not
lead to success, mount fails.
devicealready mounted means just that: the device is already mounted on another directory. You can
find out what devices are mounted, and where, using the mount command with no arguments:
rutabaga# mount
/dev/hda2 on / type ext3 (rw)
/dev/hda3 on /windows type vfat (rw)
/dev/cdrom on /cdrom type iso9660 (ro)
/proc on /proc type proc (rw,none)
Here, we see two hard drive partitions, one of type ext3 and the other of type vfat, a CD-ROM mounted
on /cdrom, and the /proc filesystem. The last field of each line (for example, (rw)) lists the options
under which the filesystem is mounted. More on these soon. Note that the CD-ROM device is mounted in
/cdrom. If you use your CD-ROM often, it's convenient to create a special directory such as /cdrom and
mount the device there. /mnt is generally used to temporarily mount filesystems such as floppies.
The error mount-pointbusy is rather odd. Essentially, it means some activity is taking place under
mount-point that prevents you from mounting a filesystem there. Usually, this means that an open file
is under this directory, or some process has its current working directory beneath mount-point. When
using mount, be sure your root shell is not within mount-point; do a cd / to get to the top-level
directory. Or, another filesystem could be mounted with the same mount-point. Use mount with no
arguments to find out.
Of course, other error isn't very helpful. There are several other cases in which mount could fail. If the
filesystem in question has data or media errors of some kind, mount may report it is unable to read the
filesystem's superblock, which is (under Unix-like filesystems) the portion of the filesystem that stores
information on the files and attributes for the filesystem as a whole. If you attempt to mount a CD-ROM
or floppy drive and there's no CD-ROM or floppy in the drive, you will receive an error message such as
mount: /dev/cdrom is not a valid block device
Floppies are especially prone to physical defects (more so than you might initially think), and CD-ROMs
suffer from dust, scratches, and fingerprints, as well as being inserted upside-down. (If you attempt to
mount your Stan Rogers CD as ISO 9660 format, you will likely run into similar problems.)
Also, be sure the mount point you're trying to use (such as /mnt) exists. If not, you can simply create it
with the mkdir command.
If you have problems mounting or accessing a filesystem, data on the filesystem may be corrupt.
Several tools help repair certain filesystem types under Linux; see "Checking and Repairing
Filesystems," later in this chapter.
The system automatically mounts several filesystems when the system boots. This is handled by the file
/etc/fstab, which includes an entry for each filesystem that should be mounted at boot time. Each line in
this file is of the following format:
Here, device, mount-point, and type are equivalent to their meanings in the mount command, and
options is a comma-separated list of options to use with the -o switch to mount.
A sample /etc/fstab is shown here:
# device
The last line of this file specifies a swap partition. This is described in "Managing Swap Space," later in
this chapter.
The mount(8) manual page lists the possible values for options; if you wish to specify more than one
option, you can list them with separating commas and no whitespace, as in the following examples:
The user option allows users other than root to mount the filesystem. If this option is present, a user
can execute a command such as:
mount /cdrom
to mount the device. Note that if you specify only a device or mount point (not both) to mount, it looks
up the device or mount point in /etc/fstab and mounts the device with the parameters given there. This
allows you to mount devices listed in /etc/fstab with ease.
The option defaults should be used for most filesystems; it enables a number of other options, such as
rw (read-write access), async (buffer I/O to the filesystem in memory asynchronously), and so forth.
Unless you have a specific need to modify one of these parameters, use defaults for most filesystems,
and ro for read-only devices such as CD-ROMs. Another potentially useful option is umask, which lets
you set the default mask for the permission bits, something that is especially useful with some foreign
The command mount -a will mount all filesystems listed in /etc/fstab. This command is executed at boot
time by one of the scripts found in /etc/rc.d, such as rc.sysinit (or wherever your distribution stores its
configuration files). This way, all filesystems listed in /etc/fstab will be available when the system starts
up; your hard drive partitions, CD-ROM drive, and so on will all be mounted.
There is an exception to this: the root filesystem. The root filesystem, mounted on /, usually contains
the file /etc/fstab as well as the scripts in /etc/rc.d. In order for these to be available, the kernel itself
must mount the root filesystem directly at boot time. The device containing the root filesystem is coded
into the kernel image and can be altered using the rdev command (see "Using a Boot Floppy" in Chapter
17). While the system boots, the kernel attempts to mount this device as the root filesystem, trying
several filesystem types in succession. If at boot time the kernel prints an error message, such as
VFS: Unable to mount root fs
one of the following has happened:
The root device coded into the kernel is incorrect.
The kernel does not have support compiled in for the filesystem type of the root device. (See
"Building the Kernel" in Chapter 18 for more details. This is usually relevant only if you build your
own kernel.)
The root device is corrupt in some way.
In any of these cases, the kernel can't proceed and panics. See "What to Do in an Emergency" in
Chapter 27 for clues on what to do in this situation. If filesystem corruption is the problem, this can
usually be repaired; see "Checking and Repairing Filesystems," later in this chapter.
A filesystem does not need to be listed in /etc/fstab in order to be mounted, but it does need to be listed
there in order to be mounted "automatically" by mount -a, or to use the user mount option.
10.2.3. Automounting Devices
If you need to access a lot of different filesystems , especially networked ones, you might be interested
in a special feature in the Linux kernel: the automounter. This is a combination of kernel functionality, a
daemon, and some configuration files that automatically detect when somebody wants to access a
certain filesystem and mounts the filesystem transparently. When the filesystem is not used for some
time, the automounter automatically unmounts it in order to save resources such as memory and
network throughput.
If you want to use the automounter, you first need to turn this feature on when building your kernel.
(See "Building the Kernel" in Chapter 18 for more details.) You will also need to enable the NFS option.
Next, you need to start the automount daemon. In order to check whether you have automount
installed, look for the directory /usr/lib/autofs. If it is not there, you will need to get the autofs package
from your friendly Linux archive and compile and install it according to the instructions.
Note that there are two versions of automount support: Version 3 and Version 4. Version 3 is the one
still contained in most distributions, so that's what we describe here.
You can automount filesystems wherever you like, but for simplicity's sake, we will assume here that
you want to automount all filesystems below one directory that we will call /automount here. If you
want your automount points to be scattered over your filesystem, you will need to use multiple
automount daemons.
If you have compiled the autofs package yourself, it might be a good idea to start by copying the
sample configuration files that you can find in the sample directory and adapting them to your needs.
To do this, copy the files sample/auto.master and sample/auto.misc into the /etc directory, and the file
sample/rc.autofs under the name autofs wherever your distribution stores its boot scripts. We'll assume
here that you use /etc/init.d. (Unfortunately, some distributions do not provide those sample files, even
if they do carry the autofs package. In that case, it might still be a good idea to download the original
The first configuration file to edit is /etc/auto.master. This lists all the directories (the so-called mount
points) below which the automounter should mount partitions. Because we have decided to use only one
partition in this chapter's example, we will need to make only one entry here. The file could look like
This file consists of lines with two entries each, separated by whitespace. The first entry specifies the
mount point, and the second entry names a so-called map file that specifies how and where to mount
the devices or partitions to be automounted. You need one such map file for each mount point.
In our case, the file /etc/auto.misc looks like the following:
Again, this file consists of one-line entries, each specifying one particular device or partition to be
automounted. The lines have two mandatory and one optional field, separated by whitespaces. The first
value is mandatory and specifies the directory onto which the device or partition of this entry is
automounted. This value is appended to the mount point; thus, the CD-ROM will be automounted onto
The second value is optional and specifies flags to be used for the mount operation. These are
equivalent to those for the mount command itself, with the exception that the type is specified with the
option -fstype=instead of -t.
Finally, the third value specifies the partition or device to be mounted. In our case, we specify the first
SCSI CD-ROM drive and the first floppy drive, respectively. The colon in front of the entry is mandatory;
it separates the host part from the device/directory part, just as with mount. Because those two devices
are on a local machine, there is nothing to the left of the colon. If we wanted to automount the directory
sources from the NFS server sourcemaster, we would specify something like the following:
Please notice that the /etc/auto.misc file must not be executable; when in doubt, issue the following
tigger# chmod a-x /etc/auto.misc
After editing the configuration files to reflect your system, you can start the automount daemon by
issuing the following command (replace the path with the path that suits your system):
tigger# /etc/init.d/autofs start
Because this command is very taciturn, you should check whether the automounter has really started.
One way to do this is to issue:
tigger# /etc/init.d/autofs status
but it is difficult to determine from the output whether the automounter is really running. Your best bet,
therefore, is to check whether the automount process exists:
tigger# ps aux | grep automount
If this command shows the automount process, everything should be all right. If it doesn't, you need to
check your configuration files again. It could also be the case that the necessary kernel support is not
available: either the automount support is not in your kernel, or you have compiled it as a module but
not installed this module. If the latter is the case, you can fix the problem by issuing
tigger# modprobe autofs
If that doesn't work, you need to use:
tigger# modprobe autofs4
instead.[*] When your automounter works to your satisfaction, you might want to put the modprobe call
as well as the autofs call in one of your system's startup configuration files, such as /etc/rc.local,
/etc/init.d/boot.local, or whatever your distribution uses.
We cover the modprobe command in "Loadable Device Drivers" in Chapter 18.
If everything is set up correctly, all you need to do is access some directory below the mount point, and
the automounter will mount the appropriate device or partition for you. For example, if you type
tigger$ ls /automount/cd
the automounter will automatically mount the CD-ROM so that ls can list its contents. The only
difference between normal and automounting is that with automounting you will notice a slight delay
before the output comes.
To conserve resources, the automounter unmounts a partition or device if it has not been accessed for a
certain amount of time (the default is five minutes).
The automounter supports a number of advanced options; for example, you do not need to read the
map table from a file but can also access system databases or even have the automounter run a
program and use this program's output as the mapping data. See the manpages for autofs(5) and
automount(8) for further details.
10.2.4. Creating Filesystems
You can create a filesystem using the mkfs command. Creating a filesystem is analogous to formatting a
partition or floppy, allowing it to store files.
Each filesystem type has its own mkfs command associated with itfor example, MS-DOS filesystems
may be created using mkfs.msdos, Third Extended filesystems using mkfs.ext3, and so on. The program
mkfs itself is a frontend that creates a filesystem of any type by executing the appropriate version of
mkfs for that type.
When you installed Linux, you may have created filesystems by hand using a command such as mke2fs,
which, despite the name, can create both ext2 and ext3 filesystems. (If not, the installation software
created the filesystems for you.) The programs are the same (and on many systems, one is a symbolic
link to the other), but the mkfs.fs-type filename makes it easier for mkfs to execute the appropriate
filesystem-type-specific program. If you don't have the mkfs frontend, you can use mke2fs or mkfs.ext2
Assuming that you're using the mkfs frontend, you can create a filesystem using this command:
mkfs -t type device
where type is the type of filesystem to create, given in Table 10-1, and device is the device on which to
create the filesystem (such as /dev/fd0 for a floppy).
For example, to create an ext2 filesystem on a floppy (it does not make much sense to use journaling
on a floppy disk, which is why we don't use ext3 here), you use this command:
mkfs -t ext2 /dev/fd0
You could create an MS-DOS floppy using -t msdos instead.
We can now mount the floppy (as described in the previous section), copy files to it, and so forth.
Remember to unmount the floppy before removing it from the drive.
Creating a filesystem deletes all data on the corresponding physical device (floppy, hard drive partition,
whatever). mkfs usually does not prompt you before creating a filesystem, so be absolutely sure you
know what you're doing.
Creating a filesystem on a hard drive partition is done as shown earlier, except that you use the
partition name, such as /dev/hda2, as the device. Don't try to create a filesystem on a device such as
/dev/hda. This refers to the entire drive, not just a single partition on the drive. You can create
partitions using fdisk, as described in "Editing /etc/fstab" in Chapter 2.
You should be especially careful when creating filesystems on hard drive partitions. Be absolutely sure
that the device and size arguments are correct. If you enter the wrong device, you could end up
destroying the data on your current filesystems, and if you specify the wrong size, you could overwrite
data on other partitions. Be sure that size corresponds to the partition size as reported by Linux fdisk.
When creating filesystems on floppies, it's usually best to do a low-level format first. This lays down the
sector and track information on the floppy so that its size can be automatically detected using the
devices /dev/fd0 or /dev/fd1. One way to do a low-level format is with the MS-DOS FORMAT command;
another way is with the Linux program fdformat. (Debian users should use superformat instead.) For
example, to format the floppy in the first floppy drive, use the command
rutabaga# fdformat /dev/fd0
Double-sided, 80 tracks, 18 sec/track. Total capacity 1440 kB.
Formatting ... done
Verifying ... done
Using the -n option with fdformat will skip the verification step.
Each filesystem-specific version of mkfs supports several options you might find useful. Most types
support the -c option, which causes the physical media to be checked for bad blocks while creating the
filesystem. If bad blocks are found, they are marked and avoided when writing data to the filesystem.
In order to use these type-specific options, include them after the -t type option to mkfs, as follows:
mkfs -t type -c device blocks
To determine what options are available, see the manual page for the type-specific version of mkfs. (For
example, for the Second Extended filesystem, see mke2fs.)
You may not have all available type-specific versions of mkfs installed. If this is the case, mkfs will fail
when you try to create a filesystem of a type for which you have no mkfs.<type>. Many filesystem
types supported by Linux have a corresponding mkfs.<type> available somewhere.
If you run into trouble using mkfs, it's possible that Linux is having problems accessing the physical
device. In the case of a floppy, this might just mean a bad floppy. In the case of a hard drive, it could
be more serious; for example, the disk device driver in the kernel might be having problems reading
your drive. This could be a hardware problem or a simple matter of your drive geometry being specified
incorrectly. See the manual pages for the various versions of mkfs, and read the sections in Chapter 2
on troubleshooting installation problems. They apply equally here.[*]
[*] Also, the procedure for making an ISO 9660 filesystem for a CD-ROM is more complicated than simply formatting a filesystem and
copying files. See Chapter 9 and the CD-Writing HOWTO for more details.
10.2.5. Checking and Repairing Filesystems
It is sometimes necessary to check your Linux filesystems for consistency and to repair them if there are
any errors or if you lose data. Such errors commonly result from a system crash or loss of power,
making the kernel unable to sync the filesystem buffer cache with the contents of the disk. In most
cases, such errors are relatively minor. However, if the system were to crash while writing a large file,
that file might be lost and the blocks associated with it marked as "in use," when in fact no file entry is
corresponding to them. In other cases, errors can be caused by accidentally writing data directly to the
hard drive device (such as /dev/hda), or to one of the partitions.
The program fsck is used to check filesystems and correct any problems. Like mkfs, fsck is a frontend
for a filesystem-type-specific fsck.type, such as fsck.ext2 for Second Extended filesystems. (As with
mkfs.ext2, fsck.ext2 is a symbolic link to e2fsck, either of which you can execute directly if the fsck
frontend is not installed.)
Use of fsck is quite simple; the format of the command is:
fsck -t type device
where type is the type of filesystem to repair, as given in Table 10-1, and device is the device (drive
partition or floppy) on which the filesystem resides.
For example, to check an ext3 filesystem on /dev/hda2, you use:
rutabaga# fsck -t ext3 /dev/hda2
fsck 1.34 (25-Jul-2003)
/dev/hda2 is mounted. Do you really want to continue (y/n)? y
/dev/hda2 was not cleanly unmounted, check forced.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts.
Pass 5: Checking group summary information.
Free blocks count wrong for group 3 (3331, counted=3396). FIXED
Free blocks count wrong for group 4 (1983, counted=2597). FIXED
Free blocks count wrong (29643, counted=30341). FIXED
Inode bitmap differences: -8280. FIXED
Free inodes count wrong for group #4 (1405, counted=1406). FIXED
Free inodes count wrong (34522, counted=34523). FIXED
/dev/hda2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/hda2: ***** REBOOT LINUX *****
/dev/hda2: 13285/47808 files, 160875/191216 blocks
First of all, note that the system asks for confirmation before checking a mounted filesystem. If any
errors are found and corrected while using fsck, you'll have to reboot the system if the filesystem is
mounted. This is because the changes made by fsck may not be propagated back to the system's
internal knowledge of the filesystem layout. In general, it's not a good idea to check mounted
As we can see, several problems were found and corrected, and because this filesystem was mounted,
the system informed us that the machine should be rebooted.
How can you check filesystems without mounting them? With the exception of the root filesystem, you
can simply umount any filesystems before running fsck on them. The root filesystem, however, can't be
unmounted while running the system. One way to check your root filesystem while it's unmounted is to
use a boot/root floppy combination, such as the installation floppies used by your Linux distribution.
This way, the root filesystem is contained on a floppy, the root filesystem (on your hard drive) remains
unmounted, and you can check the hard drive root filesystem from there. See "What to Do in an
Emergency" in Chapter 27 for more details about this.
Another way to check the root filesystem is to mount it as read-only . This can be done using the option
ro from the LILO boot prompt (see "Specifying boot-time options" in Chapter 17). However, other parts
of your system configuration (for example, the programs executed by /etc/init at boot time) may
require write access to the root filesystem, so you can't boot the system normally or these programs will
fail. To boot the system with the root filesystem mounted as read-only, you might want to boot the
system into single-user mode as well (using the boot option single). This prevents additional system
configuration at boot time; you can then check the root filesystem and reboot the system normally. To
do this in GRUB, you would edit the command line in the GRUB screen interface by adding the ro
To cause the root filesystem to be mounted as read-only, you can either use the ro boot option, or use
rdev to set the read-only flag in the kernel image itself.
Many Linux systems automatically check the filesystems at boot time. This is usually done by executing
fsck from /etc/rc.d/boot.rootfsck for the root filesystem and /etc/rc.d/boot.localfs (filenames may vary
from distribution to distribution). When this is done, the system usually mounts the root filesystem
initially as read-only, runs fsck to check it, and then runs the command:
mount -w -o remount /
The -o remount option causes the given filesystem to be remounted with the new parameters; the -w
option (equivalent to -o rw) causes the filesystem to be mounted as read-write. The net result is that
the root filesystem is remounted with read-write access.
When fsck is executed at boot time, it checks all filesystems other than root before they are mounted.
Once fsck completes, the other filesystems are mounted using mount. Check out the files in /etc/rc.d,
especially rc.sysinit (if present on your system), to see how this is done. If you want to disable this
feature on your system, comment out the lines in the appropriate /etc/rc.d file that executes fsck.
You can pass options to the type-specific fsck. Most types support the option -a, which automatically
confirms any prompts that fsck.type may display; -c, which does bad-block checking, as with mkfs; and
-v, which prints verbose information during the check operation. These options should be given after
the -t type argument to fsck, as in
fsck -t type -v device
to run fsck with verbose output.
See the manual pages for fsck and e2fsck for more information.
Not all filesystem types supported by Linux have a fsck variant available. To check and repair MS-DOS
filesystems , you should use a tool under MS-DOS, such as the Norton Utilities, to accomplish this task.
You should be able to find versions of fsck for the Second and Third Extended filesystem, Reiser
filesystem JFS, and Minix filesystem.[*]
[*] Actually, some distributions carry a command called
dosfsck/fsck.msdos, but using this is not really recommended.
In "What to Do in an Emergency" in Chapter 27, we provide additional information on checking
filesystems and recovering from disaster. fsck will by no means catch and repair every error to your
filesystems, but most common problems should be handled. If you delete an important file, there is
currently no easy way to recover it--fsck can't do that for you. There is work under way to provide an
"undelete" utility in the Second Extended filesystem. Be sure to keep backups, or use rm -i, which
always prompts you before deleting a file.
10.2.6. Encrypted Filesystems
Linux has supported encrypted file systems since at least Version 2.2. However, due to export
regulations regarding software containing cryptographic algorithms, this feature had to be distributed
as a kernel patch, available from http://www.kerneli .org/ (note the i for international, which indicates
that the server was located outside the United States). This site is now no longer maintained.
In kernel Version 2.4, the kerneli patches were no longer actively maintained. The preferred method to
encrypt filesystems was loop-aes (, which could be built as a kernel
module, restricted itself to disk encryption with AES, and was more actively maintained.[*]
AES stands for Advanced Encrytion Standard. The algorithm underlying AES is called Rijndael. AES is the successor of DES, the 20year-old Data Encryption Standard.
The 2.6 kernel series saw the end of the kerneli crypto framework, as a group of kernel developers
created a new framework from scratch. This framework has been since integrated into the vanilla
(Linus) kernel. This text restricts itself to the 2.6 kernel, although the user-space tools have not
changed their interfaces much. For instance, all losetup commands work on the kerneli kernels, but the
mount options may be different. Configuring the kernel
Encrypted filesystem support works by using something called a transformed loopback block device
(you may already know loopback devices from mounting CD-ROM ISO image files to access their
To this end, you need to enable Device Drivers Loopback device support in the kernel's configuration, as
well as Cryptoloop support in the same section.
Cryptoloop uses the cryptographic API of a v2.6 kernel, which you can enable in Cryptographic options.
Usually, it is sufficient to build everything (ciphers, compression algorithms, and digests) as modules,
which in newer kernels is also the default. You do not need the Testing module.
You build and install the kernel as you would any other. On reboot, if you compiled Cryptoloop as a
module, use modprobe cryptoloop to load it into the kernel.
The final thing is to check for a util-linux package that can work with this kernel's cryptographic API.
This package contains a number of system administration commands for working with the kernel
cryptographic support. Unfortunately, as of this writing, the necessary patches had not been applied to
the latest release of util-linux. Many distributions ship patched versions, though. Please check whether
cryptoapi is supported in the documentation that comes with your util-linux package. If the losetup
command (described in the next section) fails with an invalid argument error, the API probably is not in
the distribution. In this case, compile it yourself after applying the patches as detailed in the
Cryptoloop-HOWTO ( Creating an encrypted filesystem
Encrypted filesystems can be created either on top of a whole partition, or with a regular file as the
storage space. This is similar to setting up swap space. However, in order to mask which blocks have
been written to, you should initialize the file or partition with random data instead of zeroes that is,
dd if=/dev/urandom of=file-or-partition bs=1k count=size-in-kb
Omit the count argument when overwriting a partition, and ignore the resulting "device full" error.
Once the backing store is initialized, a loop device can be created on it using:
losetup -e cipher /dev/loop0 file-or-partition
Check /proc/crypto for the list of available ciphers of the running kernel.
You will be prompted for a passphrase once. You are not requested to retype the passphrase. This
passphrase needs to have enough randomness to frustrate dictionary attacks. We recommend
generating a random key for a 128-bit cipher through the following command:
head -c16 /dev/random | mimencode
Replace -c16 with -c32 for a 256-bit cipher. Naturally, these passphrases are hard to remember. After
all, they are pure randomness. Write them down on a piece of paper stored far away from the computer
(e.g., in your purse).
When the command returns successfully, anything written to /dev/loop0 will now be transparently
encrypted with the chosen cipher and written to the backing store.
Now create a filesystem on /dev/loop0 as you would for any other partition. As an example, use mke2fs
-j to create an ext3 filesystem. Once created, you can try mounting it using
mount -t ext3 /dev/loop0 mount-point
Write a text file into the encrypted filesystem and try to find the contents in the backing store, for
example, using grep. Because they are encrypted, the search should fail.
After unmounting the filesystem with umount/dev/loop0, do not forget to tear down the loop device
again, using losetup -d/dev/loop0. Mounting the filesystem
Of course, setting up loopback devices and manually mounting them each time you need to access them
is kind of tedious. Thankfully, you can make mount do all the work in setting up a loopback device.
Just add -oencryption=cipher to the mount command, like this:
mount -t ext3 -oencryption=cipher file-or-partition mount-point
encryption= cipher also works in the options column of /etc/fstab, so you can allow users to mount and
unmount their own encrypted filesystems. Security Issues
When using encrypted filesystems, you should be aware of a few issues:
Mounted filesystems can be read by anyone, given appropriate permissions; they are not visible
just to the user who created them. Because of this, encrypted filesystems should not be kept
mounted when they are not used.
You cannot change the passphrase. It is hashed into the key used to encrypt everything. If you are
brave, there is one workaround: set up two loop devices with losetup. Use the same encrypted
filesystem as backing store for both, but supply the first one, say /dev/loop0, with the old
passphrase, while giving the second one, say /dev/loop1, the new passphrase. Double-check that
you can mount both (one after the other, not both at the same time). Remember you are only
asked for the new passphrase once. Unmount them again; this was only to be on the safe side.
Now, use dd to copy over data from the first loop device to the second one, like this:
dd if=/dev/loop0 of=/dev/loop1 bs=4k
The block size (bs=parameter) should match the kernel's page size, or the block size of the
physical device, whichever is larger. This reads a block using the old passphrase and immediately
writes it using the new passphrase. Better pray for no power outages while this is running, or buy
a UPS.
Using the double loopback device trick, you can also change the cipher used to encrypt the data.
The weak link in the system is really your passphrase. A cryptographic algorithm with a 256-bit
key is no good if that key is hashed from a guessable passphrase. English text has about 1.3 bits
of randomness (also called entropy) per character. So you'd need to type in a sentence about 200
characters long to get the full security of the cipher. On the other hand, using the mimencode-devrandom trick we suggested earlier, you need only type in about 40 characters, albeit pure random
10.3. Managing Swap Space
Swap space is a generic term for disk storage used to increase the amount of apparent memory
available on the system. Under Linux, swap space is used to implement paging, a process whereby
memory pages are written out to disk when physical memory is low and read back into physical
memory when needed (a page is 4096 bytes on Intel x86 systems; this value can differ on other
architectures). The process by which paging works is rather involved, but it is optimized for certain
cases. The virtual memory subsystem under Linux allows memory pages to be shared between running
programs. For example, if you have multiple copies of Emacs running simultaneously, only one copy of
the Emacs code is actually in memory. Also, text pages (those pages containing program code, not
data) are usually read-only, and therefore not written to disk when swapped out. Those pages are
instead freed directly from main memory and read from the original executable file when they are
accessed again.
Of course, swap space cannot completely make up for a lack of physical RAM. Disk access is much
slower than RAM access, by several orders of magnitude. Therefore, swap is useful primarily as a means
to run a number of programs simultaneously that would not otherwise fit into physical RAM; if you are
switching between these programs rapidly you'll notice a lag as pages are swapped to and from disk.
At any rate, Linux supports swap space in two forms: as a separate disk partition or a file somewhere
on your existing Linux filesystems. You can have up to eight swap areas, with each swap area being a
disk file or partition up to 2 GB in size (again, these values can differ on non-Intel systems). You math
whizzes out there will realize that this allows up to 16 GB of swap space. (If anyone has actually
attempted to use this much swap, the authors would love to hear about it, whether you're a math whiz
or not.)
Note that using a swap partition can yield better performance because the disk blocks are guaranteed to
be contiguous. In the case of a swap file, however, the disk blocks may be scattered around the
filesystem, which can be a serious performance hit in some cases. Many people use a swap file when
they must add additional swap space temporarilyfor example, if the system is thrashing because of lack
of physical RAM and swap. Swap files are a good way to add swap on demand.
Nearly all Linux systems utilize swap space of some kindusually a single swap partition. In Chapter 2,
we explained how to create a swap partition on your system during the Linux installation procedure. In
this section we describe how to add and remove swap files and partitions. If you already have swap
space and are happy with it, this section may not be of interest to you.
How much swap space do you have? The free command reports information on system-memory usage:
rutabaga% free
-/+ buffers/cache:
All the numbers here are reported in 1024-byte blocks. Here, we see a system with 1,034,304 blocks
(about 1 GB) of physical RAM, with 1,011,876 (slightly less) currently in use. Note that your system
actually has more physical RAM than that given in the "total" column; this number does not include the
memory used by the kernel for its own sundry needs.
The "shared" column lists the amount of physical memory shared between multiple processes. Here, we
see that no pages are being shared. The "buffers" column shows the amount of memory being used by
the kernel buffer cache. The buffer cache (described briefly in the previous section) is used to speed up
disk operations by allowing disk reads and writes to be serviced directly from memory. The buffer cache
size will increase or decrease as memory usage on the system changes; this memory is reclaimed if
applications need it. Therefore, although we see that almost 1 GB of system memory is in use, not all
(but most) of it is being used by application programs. The "cache" column indicates how many memory
pages the kernel has cached for faster access later.
Because the memory used for the buffers and cache can easily be reclaimed for use by applications, the
second line (-/+ buffers/cache) provides an indication of the memory actually used by applications
(the "used" column) or available to applications (the "free" column). The sum of the memory used by
the buffers and cache reported in the first line is subtracted from the total used memory and added to
the total free memory to give the two figures on the second line.
In the third line, we see the total amount of swap, 1,172,724 blocks (about 1.1 GB). In this case, only
very little of the swap is being used; there is plenty of physical RAM available (then again, this machine
has generous amounts of physical RAM). If additional applications were started, larger parts of the
buffer cache memory would be used to host them. Swap space is generally used as a last resort when
the system can't reclaim physical memory in other ways.
Note that the amount of swap reported by free is somewhat less than the total size of your swap
partitions and files. This is because several blocks of each swap area must be used to store a map of
how each page in the swap area is being utilized. This overhead should be rather small only a few
kilobytes per swap area.
If you're considering creating a swap file, the df command gives you information on the amount of
space remaining on your various filesystems. This command prints a list of filesystems, showing each
one's size and what percentage is currently occupied.
10.3.1. Creating Swap Space
The first step in adding additional swap is to create a file or partition to host the swap area. If you wish
to create an additional swap partition, you can create the partition using the fdisk utility, as described in
"Editing /etc/fstab" in Chapter 2.
To create a swap file, you'll need to open a file and write bytes to it equaling the amount of swap you
wish to add. One easy way to do this is with the dd command. For example, to create a 32-MB swap
file, you can use the command:
dd if=/dev/zero of=/swap bs=1024 count=32768
This will write 32,768 blocks (32 MB) of data from /dev/zero to the file /swap. (/dev/zero is a special
device in which read operations always return null bytes. It's something like the inverse of /dev/null.)
After creating a file of this size, it's a good idea to use the sync command to sync the filesystems in case
of a system crash.
Once you have created the swap file or partition, you can use the mkswap command to "format" the
swap area. As described in "Creating Swap Space" in Chapter 2, the format of the mkswap command is:
mkswap -c device size
where device is the name of the swap partition or file, and size is the size of the swap area in blocks
(again, one block is equal to one kilobyte). You normally do not need to specify this when creating a
swap area because mkswap can detect the partition size on its own. The -c switch is optional and causes
the swap area to be checked for bad blocks as it is formatted.
For example, for the swap file created in the previous example, you would use the following command:
mkswap -c /swap 32768
If the swap area were a partition, you would substitute the name of the partition (such as /dev/hda3)
and the size of the partition, also in blocks.
If you are using a swap file (and not a swap partition), you need to change its permissions first, like
chmod 0600 /swap
After running mkswap on a swap file, use the sync command to ensure the format information has been
physically written to the new swap file. Running sync is not necessary when formatting a swap partition.
10.3.2. Enabling the Swap Space
In order for the new swap space to be utilized, you must enable it with the swapon command. For
example, after creating the previous swap file and running mkswap and sync, we could use the
swapon /swap
This adds the new swap area to the total amount of available swap; use the free command to verify that
this is indeed the case. If you are using a new swap partition, you can enable it with a command such
swapon /dev/hda3
if /dev/hda3 is the name of the swap partition.
Like filesystems, swap areas are automatically enabled at boot time using the swapon -a command
from one of the system startup files (usually in /etc/rc.d/rc.sysinit). This command looks in the file
/etc/fstab, which, as you'll remember from "Mounting Filesystems" earlier in this chapter, includes
information on filesystems and swap areas. All entries in /etc/fstab with the options field set to sw are
enabled by swapon -a.
Therefore, if /etc/fstab contains the entries:
# device
the two swap areas /dev/hda3 and /swap will be enabled at boot time. For each new swap area, you
should add an entry to /etc/fstab.
10.3.3. Disabling Swap Space
As is usually the case, undoing a task is easier than doing it. To disable swap space , simply use the
where device is the name of the swap partition or file that you wish to disable. For example, to disable
swapping on the device /dev/hda3, use the command:
swapoff /dev/hda3
If you wish to disable a swap file, you can simply remove the file, using rm, after using swapoff. Don't
remove a swap file before disabling it; this can cause disaster.
If you have disabled a swap partition using swapoff, you are free to reuse that partition as you see fit:
remove it using fdisk or your preferred repartitioning tool.
Also, if there is a corresponding entry for the swap area in /etc/fstab, remove it. Otherwise, you'll get
errors when you next reboot the system and the swap area can't be found.
10.4. The /proc Filesystem
Unix systems have come a long way with respect to providing uniform interfaces to different parts of the
system; as you learned in Chapter 4, hardware is represented in Linux in the form of a special type of
file in the /dev directory. We'll have a lot more to say about this directory in "Device Files," later in this
chapter. There is, however, a special filesystem called the /proc filesystem that goes even one step
further: it unifies files and processes.
From the user's or the system administrator's point of view, the /proc filesystem looks just like any
other filesystem; you can navigate around it with the cd command, list directory contents with the ls
command, and view file contents with the cat command. However, none of these files and directories
occupies any space on your hard disk. The kernel traps accesses to the /proc filesystem and generates
directory and file contents on the fly. In other words, whenever you list a directory or view file contents
in the /proc filesystem, the kernel dynamically generates the contents you want to see.
To make this less abstract, let's see some examples. The following example displays the list of files in
the top-level directory of the /proc filesystem:
tigger # ls
1138 3898
1584 4357
1585 4368
1586 4715
2466 5222
2958 5228
The numbers will be different on your system, but the general organization will be the same. All those
numbers are directories that represent each of the processes running on your system. For example, let's
look at the information about the process with the ID 3759:
tigger # ls /proc/3759
cmdline environ
(The output can be slightly different if you are using a different version of the Linux kernel.) You see a
number of files that each contain information about this process. For example, the cmdline file shows
the command line with which this process was started. status gives information about the internal state
of the process, and cwd links to the current working directory of this process.
Probably you'll find the hardware information even more interesting than the process information. All
the information that the kernel has gathered about your hardware is collected in the /proc filesystem,
even though it can be difficult to find the information you are looking for.
Let's start by checking your machine's memory. This is represented by the file /proc/meminfo:
owl # cat /proc/meminfo
1034304 kB
382396 kB
51352 kB
312648 kB
0 kB
448816 kB
141100 kB
131008 kB
252 kB
903296 kB
382144 kB
1172724 kB
1172724 kB
164 kB
0 kB
294868 kB
38788 kB
339916 kB
2124 kB
114680 kB
78848 kB
35392 kB
4096 kB
If you then try the command free , you can see that you get exactly the same information, only in a
different format. free does nothing more than read /proc/meminfo and rearrange the output a bit.
Most tools on your system that report information about your hardware do it this way. The /proc
filesystem is a portable and easy way to get at this information. The information is especially useful if
you want to add new hardware to your system. For example, most hardware boards need a few I/O
addresses to communicate with the CPU and the operating system. If you configured two boards to use
the same I/O addresses, disaster is about to happen. You can avoid this by checking which I/O
addresses the kernel has already detected as being in use:
tigger # more /proc/ioports
0000-001f : dma1
0020-0021 : pic1
0040-005f : timer
0060-006f : keyboard
0070-0077 : rtc
0080-008f : dma page reg
00a0-00a1 : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
02f8-02ff : serial
0376-0376 : ide1
0378-037a : parport0
03c0-03df : vesafb
03f6-03f6 : ide0
03f8-03ff : serial
0cf8-0cff : PCI conf1
c000-cfff : PCI Bus #02
c000-c0ff : 0000:02:04.0
c000-c00f : advansys
c400-c43f : 0000:02:09.0
c400-c43f : e100
d000-d00f : 0000:00:07.1
d000-d007 : ide0
d008-d00f : ide1
d400-d4ff : 0000:00:07.5
d400-d4ff : AMD AMD768 - AC'97
d800-d83f : 0000:00:07.5
d800-d83f : AMD AMD768 - Controller
dc00-dcff : 0000:00:09.0
e000-e003 : 0000:00:00.0
Now you can look for I/O addresses that are free. Of course, the kernel can show I/O addresses only for
boards that it has detected and recognized, but in a correctly configured system, this should be the case
for all boards.
You can use the /proc filesystem for the other information you might need when configuring new
hardware as well: /proc/interrupts lists the occupied interrupt lines (IRQs) and /proc/dma lists the DMA
channels in use.
10.5. Device Files
Device files allow user programs to access hardware devices on the system through the kernel. They are
not "files" per se, but look like files from the program's point of view: you can read from them, write to
them, mmap( ) onto them, and so forth. When you access such a device "file," the kernel recognizes the
I/O request and passes it a device driver, which performs some operation, such as reading data from a
serial port or sending data to a sound card.
Device files (although they are inappropriately named, we will continue to use this term) provide a
convenient way to access system resources without requiring the applications programmer to know how
the underlying device works. Under Linux, as with most Unix systems, device drivers themselves are
part of the kernel. In "Building the Kernel" in Chapter 18, we show you how to build your own kernel,
including only those device drivers for the hardware on your system.
Device files are located in the directory /dev on nearly all Unix-like systems. Each device on the system
should have a corresponding entry in /dev. For example, /dev/ttyS0 corresponds to the first serial port,
known as COM1 under MS-DOS; /dev/hda2 corresponds to the second partition on the first IDE drive.
In fact, there should be entries in /dev for devices you do not have. The device files are generally
created during system installation and include every possible device driver. They don't necessarily
correspond to the actual hardware on your system.
A number of pseudo-devices in /dev don't correspond to any actual peripheral. For example, /dev/null
acts as a byte sink; any write request to /dev/null will succeed, but the data written will be ignored.
Similarly, we've already demonstrated the use of /dev/zero to create a swap file; any read request on
/dev/zero simply returns null bytes.
When using ls -l to list device files in /dev, you'll see something such as the following (if you are using a
version of the ls command that supports colorized output, you should see the /dev/hda in a different
color, since it's not an ordinary file):
1 root disk 3, 0 2004-04-06 15:27 /dev/hda
This is /dev/hda, which corresponds to the first IDE drive. First of all, note that the first letter of the
permissions field is b, which means this is a block device file. (Normal files have a - in this first column,
directories a d, and so on; we'll talk more about this in the next chapter.) Device files are denoted either
by b, for block devices, or c, for character devices. A block device is usually a peripheral such as a hard
drive: data is read and written to the device as entire blocks (where the block size is determined by the
device; it may not be 1024 bytes as we usually call "blocks" under Linux), and the device may be
accessed randomly. In contrast, character devices are usually read or written sequentially, and I/O may
be done as single bytes. An example of a character device is a serial port.
Also, note that the size field in the ls -l listing is replaced by two numbers, separated by a comma. The
first value is the major device number and the second is the minor device number. When a device file is
accessed by a program, the kernel receives the I/O request in terms of the major and minor numbers of
the device. The major number generally specifies a particular driver within the kernel, and the minor
number specifies a particular device handled by that driver. For example, all serial port devices have
the same major number, but different minor numbers. The kernel uses the major number to redirect an
I/O request to the appropriate driver, and the driver uses the minor number to figure out which specific
device to access. In some cases, minor numbers can also be used for accessing specific functions of a
The naming convention used by files in /dev is, to put it bluntly, a complete mess. Because the kernel
itself doesn't care what filenames are used in /dev (it cares only about the major and minor numbers),
the distribution maintainers, applications programmers, and device driver writers are free to choose
names for a device file. Often, the person writing a device driver will suggest a name for the device, and
later the name will be changed to accommodate other, similar devices. This can cause confusion and
inconsistency as the system develops; hopefully, you won't encounter this problem unless you're
working with newer device driversthose that are under testing. A project called udev should soon solve
the problem of clashing device names.
At any rate, the device files included in your original distribution should be accurate for the kernel
version and for device drivers included with that distribution. When you upgrade your kernel or add
additional device drivers (see "Building a New Kernel" in Chapter 18), you may need to add a device file
using the mknod command. The format of this command is:
mknod -m permissions name type major minor
name is the full pathname of the device to create, such as /dev/rft0
type is either c for a character device or b for a block device
major is the major number of the device
minor is the minor number of the device
-m permissions is an optional argument that sets the permission bits of the new device file to
For example, let's say you're adding a new device driver to the kernel, and the documentation says that
you need to create the block device /dev/bogus, major number 42, minor number 0. You would use the
following command:
mknod /dev/bogus b 42 0
Making devices is even easier with the command /dev/MAKEDEV that comes with many distributionsyou
specify only the kind of device you want, and MAKEDEV finds out the major and minor numbers for you.
Getting back to the mknod command, if you don't specify the -m permissions argument, the new device
is given the permissions for a newly created file, modified by your current umaskusually 0644. To set
the permissions for /dev/bogus to 0660 instead, we use:
mknod -m 660 /dev/bogus b 42 0
You can also use chmod to set the permissions for a device file after creation.
Why are device permissions important? Like any file, the permissions for a device file control who may
access the raw device, and how. As we saw in the previous example, the device file for /dev/hda has
permissions 0660, which means that only the owner and users in the file's group (here, the group disk
is used) may read and write directly to this device. (Permissions are introduced in "File Ownership and
Permissions" in Chapter 11.)
In general, you don't want to give any user direct read and write access to certain devicesespecially
those devices corresponding to disk drives and partitions. Otherwise, anyone could, say, run mkfs on a
drive partition and completely destroy all data on the system.
In the case of drives and partitions, write access is required to corrupt data in this way, but read access
is also a breach of security; given read access to a raw device file corresponding to a disk partition, a
user could peek in on other users' files. Likewise, the device file /dev/mem corresponds to the system's
physical memory (it's generally used only for extreme debugging purposes). Given read access, clever
users could spy on other users' passwords, including the one belonging to root, as they are entered at
login time.
Be sure that the permissions for any device you add to the system correspond to how the device can
and should be accessed by users. Devices such as serial ports, sound cards, and virtual consoles are
generally safe for mortals to have access to, but most other devices on the system should be limited to
use by root (and to programs running setuid as root).
A technique that some distributions follow is to assign a device file to the user root, but not to use root
as the group, but rather something different. For example, on SUSE, the device file /dev/video0 that is
the access point to the first video hardware (such as a TV card) is owned by user root, but group video.
You can thus add all users who are supposed to have access to the video hardware to the group video.
Everybody else (besides root, of course) will be forbidden access to the video hardware and cannot
watch TV.[*]
A time will come when parents say to their children, "If you do not do your homework, I will remove you from the video group." Of course,
clever kids will have cracked the root account already and won't care.
Many files found in /dev are actually symbolic links (created using ln -s, in the usual way) to another
device file. These links make it easier to access certain devices by using a more common name. For
example, if you have a serial mouse, that mouse might be accessed through one of the device files
/dev/ttyS0, /dev/ttyS1, /dev/ttyS2, or /dev/ttyS3, depending on which serial port the mouse is
attached to. Many people create a link named /dev/mouse to the appropriate serial device, as in the
following example:
ln -s /dev/ttyS2 /dev/mouse
In this way, users can access the mouse from /dev/mouse, instead of having to remember which serial
port it is on. This convention is also used for devices such as /dev/cdrom and /dev/modem. These files
are usually symbolic links to a device file in /dev corresponding to the actual CD-ROM or modem device.
To remove a device file, just use rm, as in:
rm /dev/bogus
Removing a device file does not remove the corresponding device driver from memory or from the
kernel; it simply leaves you with no means to talk to a particular device driver. Similarly, adding a
device file does not add a device driver to the system; in fact, you can add device files for drivers that
don't even exist. Device files simply provide a hook into a particular device driver should such a driver
exist in the kernel.
10.6. Scheduling Recurring Jobs Using cron
The original purpose of the computer was to automate routine tasks. If you must back up your disk at
1:00 A.M. every day, why should you have to enter the commands manually each timeparticularly if it
means getting out of bed? You should be able to tell the computer to do it and then forget about it. On
Unix systems, cron exists to perform this automating function. Briefly, you use cron by running the
crontab command and entering lines in a special format recognized by cron. Each line specifies a
command to run and when to run it.
Behind your back, crontab saves your commands in a file bearing your username in the /var/spool/cron
/crontabs directory. (For instance, the crontab file for user mdw would be called
/var/spool/cron/crontabs/mdw.) A daemon called crond reads this file regularly and executes the
commands at the proper times. One of the rc files on your system starts up crond when the system
boots. There actually is no command named cron, only the crontab utility and the crond daemon.
On some systems, use of cron is limited to the root user. In any case, let's look at a useful command
you might want to run as root and show how you'd specify it as a crontab entry. Suppose that every day
you'd like to clean old files out of the /tmp directory, which is supposed to serve as temporary storage
for files created by lots of utilities.
Notice that cron never writes anything to the console. All output and error messages are sent as an
email message to the user who owns the corresponding crontab. You can override this setting by
specifying MAILTO=address in the crontab file before the jobs themselves.
Most systems remove the contents of /tmp when the system reboots, but if you keep it up for a long
time, you may find it useful to use cron to check for old files (say, files that haven't been accessed in the
past three days). The command you want to enter is
ls -l filename
But how do you know which filename to specify? You have to place the command inside a find
command, which lists all files beneath a directory and performs the operation you specify on each one.
Here, we'll specify /tmp as the directory to search, and use the -atime option to find files whose last
access time is more than three days in the past. The -exec option means "execute the following
command on every file we find," the -type d option selects directories, and the \! inverts the selection,
just choosing all items except directories (regular files, device files, and so on):
find /tmp \! -type d -atime +3 -exec ls -l {
} \;
The command we are asking find to execute is ls -l, which simply shows details about the files. (Many
people use a similar crontab entry to remove files, but this is hard to do without leaving a security
hole.) The funny string { } is just a way of saying "Do it to each file you find, according to the previous
selection material." The string \; tells find that the -exec option is finished.
Now we have a command that looks for old files on /tmp. We still have to say how often it runs. The
format used by crontab consists of six fields:
Fill the fields as follows:
1. Minute (specify from 0 to 59)
2. Hour (specify from 0 to 23)
3. Day of the month (specify from 1 to 31)
4. Month (specify from 1 to 12, or a name such as jan , feb , and so on)
5. Day of the week (specify from 0 to 6, where 0 is Sunday, or a name such as mon , tue , and so on)
6. Command (can be multiple words)
Figure 10-1 shows a cron entry with all the fields filled in. The command is a shell script, run with the
Bourne shell sh. But the entry is not too realistic: the script runs only when all the conditions in the first
five fields are true. That is, it has to run on a Sunday that falls on the 15th day of either January or
Julynot a common occurrence! So this is not a particularly useful example.
Figure 10-1. Sample cron entry
If you want a command to run every day at 1:00 A.M., specify the minute as 0 and the hour as 1. The
other three fields should be asterisks, which mean "every day and month at the given time." The
complete line in crontab is:
0 1 * * * find /tmp -atime 3 -exec ls -l {
} \;
Because you can do a lot of fancy things with the time fields, let's play with this command a bit more.
Suppose you want to run the command just on the first day of each month. You would keep the first two
fields, but add a 1 in the third field:
0 1 1 * * find /tmp -atime 3 -exec ls -l {
} \;
To do it once a week on Monday, restore the third field to an asterisk but specify either 1 or mon as the
fifth field:
0 1 * * mon find /tmp -atime 3 -exec ls -l {
} \;
To get even more sophisticated, there are ways to specify multiple times in each field. Here, a comma
means "run on the 1st and 15th day" of each month:
0 1 1,15 * * find /tmp -atime 3 -exec ls -l {
} \;
A hyphen means "run every day from the 1st through the 15th, inclusive":
0 1 1-15 * * find /tmp -atime 3 -exec ls -l {
} \;
A slash followed by a 5 means "run every fifth day," which comes out to the 1st, 6th, 11th, and so on:
0 1 */5 * * find /tmp -atime 3 -exec ls -l {
} \;
Now we're ready to actually put the entry in our crontab file. Become root (because this is the kind of
thing root should do) and enter the crontab command with the -e option for "edit":
rutabaga# crontab -e
By default, this command starts a vi edit session. If you'd like to use XEmacs instead, you can specify
this before you start crontab. For a Bourne-compliant shell, enter the command:
rutabaga# export VISUAL=xemacs
For the C shell, enter:
rutabaga# setenv VISUAL xemacs
The environment variable EDITOR also works in place of VISUAL for some versions of crontab. Enter a line
or two beginning with hash marks (#) to serve as comments explaining what you're doing, then put in
your crontab entry:
# List files on /tmp that are 3 or more days old.
# each morning.
0 1 * * * find /tmp -atime 3 -exec ls -l { } \;
Runs at 1:00 AM
When you exit vi, the commands are saved. Look at your crontab entry by entering:
rutabaga# crontab -l
We have not yet talked about a critical aspect of our crontab entry: where does the output go? By
default, cron saves the standard output and standard error and sends them to the user as a mail
message. In this example, the mail goes to root, but that should automatically be directed to you as the
system administrator. Make sure the following line appears in /usr/lib/aliases (/etc/aliases on SUSE,
Debian, and RedHat):
root: your-account-name
In a moment, we'll show what to do if you want output saved in a file instead of being mailed to you.
Here's another example of a common type of command used in crontab files. It performs a tape backup
of a directory. We assume that someone has put a tape in the drive before the command runs. First, an
mt command makes sure the tape in the /dev/qft0 device is rewound to the beginning. Then a tar
command transfers all the files from the directory /src to the tape. A semicolon is used to separate the
commands; that is standard shell syntax:
# back up the /src directory once every two months.
0 2 1 */2 * mt -f /dev/qft0 rewind; tar cf /dev/qft0 /src
The first two fields ensure that the command runs at 2:00 A.M., and the third field specifies the first day
of the month. The fourth field specifies every two months. We could achieve the same effect, in a
possibly more readable manner, by entering:
0 2 1 jan,mar,may,jul,sep,nov * mt -f /dev/qft0 rewind; \
tar cf /dev/qft0 /src
The section "Making Backups" in Chapter 27 explains how to perform backups on a regular basis.
The following example uses mailq every two days to test whether any mail is stuck in the mail queue,
and sends the mail administrator the results by mail. If mail is stuck in the mail queue, the report
includes details about addressing and delivery problems, but otherwise the message is empty:
0 6 */2 * * mailq -v | \
mail -s "Tested Mail Queue for Stuck Email" postmaster
Probably you don't want to receive a mail message every day when everything is going normally. In the
examples we've used so far, the commands do not produce any output unless they encounter errors.
But you may want to get into the habit of redirecting the standard output to /dev/null, or sending it to a
logfile like this (note the use of two > signs so that we don't wipe out previous output):
0 1 * * * find /tmp -atime 3 -exec ls -l {
} \; >> /home/mdw/log
In this entry, we redirect the standard output, but allow the standard error to be sent as a mail
message. This can be a nice feature because we'll get a mail message if anything goes wrong. If you
want to make sure you don't receive mail under any circumstances, redirect both the standard output
and the standard error to a file:
0 1 * * * find /tmp -atime 3 -exec ls -l {
} \; >> /home/mdw/log 2>&1
When you save output in a logfile, you get the problem of a file that grows continuously. You may want
another cron entry that runs once a week or so, just to remove the file.
Only Bourne shell commands can be used in crontab entries. That means you can't use any of the
convenient extensions recognized by bash and other modern shells, such as aliases or the use of ~ to
mean "my home directory." You can use $HOME, however; cron recognizes the $USER, $HOME, and $SHELL
environment variables. Each command runs with your home directory as its current directory.
Some people like to specify absolute pathnames for commands, such as /usr/bin/find and /bin/rm, in
crontab entries. This ensures that the right command is always found, instead of relying on the path
being set correctly.
If a command gets too long and complicated to put on a single line, write a shell script and invoke it
from cron. Make sure the script is executable (use chmod +x) or execute it by using a shell, such as:
0 1 * * * sh runcron
As a system administrator, you often have to create crontab files for dummy users, such as news or
UUCP. Running all utilities as root would be overkill and possibly dangerous, so these special users exist
The choice of a user also affects file ownership: a crontab file for news should run files owned by news,
and so on. In general, make sure utilities are owned by the user in whose name you create the crontab
As root, you can edit other users' crontab files by using the -u option. For example:
tigger # crontab -u news -e
This is useful because you can't log in as user news, but you still might want to edit this user's crontab
10.7. Executing Jobs Once
With cron, you can schedule recurring jobs, as we have seen in the previous section. But what if you
want to run a certain command just once or a limited number of times, but still at times when it is
inconvenient to type in the command interactively? Of course, you could always add the command to
the crontab and then remove it later, or pick a date selection that only applies very rarely. But there is
also a tool that is made for this job, the at command.
at reads commands to be executed from a file or from standard input. You can specify the time in a
number of ways, including natural-language specifications such as noon, midnight , or, interestingly,
teatime (which, much to the dismay of British users, maps to 4 p.m.).
For at to work, the at daemon, atd, needs to run. How it is started depends on your distribution: rcatd
start and /etc/init.d/atd start are good tries. In a pinch, you should also be able to just run
/usr/sbin/atd as root.
As an example, let's say that you want to download a large file from the Internet at midnight when your
ISP is cheaper or when you expect the lines to be less congested so that the probability of success is
higher. Let's further assume that you need to run a command connectinet for setting up your (dial-up)
Internet connection, and disconnectinet for shutting it down. For the actual download in this example,
we use the wget command:
tigger$ at midnight
warning: commands will be executed using /bin/sh
at> connectinet
at> wget
at> disconnectinet
at> <EOT>
job 1 at 2005-02-26 00:00
After typing at midnight, the at command first tells us that it is going to execute our commands with
another shell (we are using the Z shell for interactive work here, whereas at will be using the Bourne
shell) and then lets us enter our commands one after the other. When we are done, we type Ctrl-D,
which at shows as <EOT>. at then shows the job number and the exact date and time for the execution.
Now you can lean back in confidence that your command will be issued at the specified timejust don't
turn off your computer!
If you are unsure which commands you have in the queue, you can check with the atq command:
tigger$ atq
2005-02-26 00:00 a kalle
This shows the job number in the first column, then the date of the planned execution, a letter
specifying the queue used (here a, you can have more than queue something that is rarely used and
that we will not go into here), and finally the owner of the job.
If you decide that it wasn't such a good idea after all to submit that command, you can cancel a job if
you know its job numberwhich you now know how to find out using the atq command, in case you have
forgotten the output of the at command when you submitted the command in the first place.
Deleting a job from the queue is done using the atrm command. Just specify the job number:
tigger$ atrm 1
atrm is one of the more taciturn commands, but you can always use atq to see whether everything is as
tigger$ atq
Not much talk, either, but your command is gone.
10.8. Managing System Logs
The syslogd utility logs various kinds of system activity, such as debugging output from sendmail and
warnings printed by the kernel. syslogd runs as a daemon and is usually started in one of the rc files at
boot time.
The file /etc/syslog.conf is used to control where syslogd records information. Such a file might look like
the following (even though they tend to be much more complicated on most systems):
The first field of each line lists the kinds of messages that should be logged, and the second field lists
the location where they should be logged. The first field is of the format:
facility.level [; facility.level ... ]
where facility is the system application or facility generating the message, and level is the severity of
the message.
For example, facility can be mail (for the mail daemon), kern (for the kernel), user (for user
programs), or auth (for authentication programs such as login or su). An asterisk in this field specifies
all facilities.
level can be (in increasing severity): debug, info, notice, warning, err , crit, alert, or emerg.
In the previous /etc/syslog.conf, we see that all messages of severity info and notice are logged to
/var/log/messages, all debug messages from the mail daemon are logged to /var/log/maillog, and all
warn messages are logged to /var/log/syslog. Also, any emerg warnings from the kernel are sent to the
console (which is the current virtual console, or a terminal emulator started with the -C option on a
The messages logged by syslogd usually include the date, an indication of what process or facility
delivered the message, and the message itselfall on one line. For example, a kernel error message
indicating a problem with data on an ext2fs filesystem might appear in the logfiles, as in:
1 21:03:35 loomer kernel: EXT2-fs error (device 3/2):
ext2_check_blocks_bit map: Wrong free blocks count in super block,
stored = 27202, counted = 27853
Similarly, if an su to the root account succeeds, you might see a log message such as:
Dec 11 15:31:51 loomer su: mdw on /dev/ttyp3
Logfiles can be important in tracking down system problems. If a logfile grows too large, you can empty
it using cat /dev/null > logfile. This clears out the file, but leaves it there for the logging system to write
Your system probably comes equipped with a running syslogd and an /etc/syslog.conf that does the
right thing. However, it's important to know where your logfiles are and what programs they represent.
If you need to log many messages (say, debugging messages from the kernel, which can be very
verbose) you can edit syslog.conf and tell syslogd to reread its configuration file with the command:
kill -HUP `cat /var/run/`
Note the use of backquotes to obtain the process ID of syslogd, contained in /var/run/
Other system logs might be available as well. These include the following:
This file contains binary data indicating the login times and duration for each user on the system;
it is used by the last command to generate a listing of user logins. The output of last might look
like this:
still logged in
15:24 - 15:25 (00:00)
still logged in
A record is also logged in /var/log/wtmp when the system is rebooted.
This is another binary file that contains information on users currently logged into the system.
Commands such as who, w, and finger use this file to produce information on who is logged in.
For example, the w command might print the following:
up 4:12,
5 users, load average: 0.01, 0.02, 0.00
[email protected] idle
PCPU what
We see the login times for each user (in this case, one user logged in many times), as well as the
command currently being used. The w(1) manual page describes all the fields displayed.
This file is similar to wtmp but is used by different programs (such as finger to determine when a
user was last logged in).
Note that the format of the wtmp and utmp files differs from system to system. Some programs may be
compiled to expect one format, and others another format. For this reason, commands that use the files
may produce confusing or inaccurate informationespecially if the files become corrupted by a program
that writes information to them in the wrong format.
Logfiles can get quite large, and if you do not have the necessary hard disk space, you have to do
something about your partitions being filled too fast. Of course, you can delete the logfiles from time to
time, but you may not want to do this, because the logfiles also contain information that can be
valuable in crisis situations.
One option is to copy the logfiles from time to time to another file and compress this file. The logfile
itself starts at 0 again. Here is a short shell script that does this for the logfile /var/log/messages:
mv /var/log/messages /var/log/messages-backup
cp /dev/null /var/log/messages
CURDATE=`date +"%m%d%y"`
mv /var/log/messages-backup /var/log/messages-$CURDATE
gzip /var/log/messages-$CURDATE
First, we move the logfile to a different name and then truncate the original file to 0 bytes by copying to
it from /dev/null. We do this so that further logging can be done without problems while the next steps
are done. Then, we compute a date string for the current date that is used as a suffix for the filename,
rename the backup file, and finally compress it with gzip.
You might want to run this small script from cron, but as it is presented here, it should not be run more
than once a dayotherwise the compressed backup copy will be overwritten because the filename reflects
the date but not the time of day (of course, you could change the date format string to include the
time). If you want to run this script more often, you must use additional numbers to distinguish
between the various copies.
You could make many more improvements here. For example, you might want to check the size of the
logfile first and copy and compress it only if this size exceeds a certain limit.
Even though this is already an improvement, your partition containing the logfiles will eventually get
filled. You can solve this problem by keeping around only a certain number of compressed logfiles (say,
10). When you have created as many logfiles as you want to have, you delete the oldest, and overwrite
it with the next one to be copied. This principle is also called log rotation. Some distributions have
scripts such as savelog or logrotate that can do this automatically.
To finish this discussion, it should be noted that most recent distributions, such as SUSE, Debian, and
Red Hat, already have built-in cron scripts that manage your logfiles and are much more sophisticated
than the small one presented here.
10.9. Processes
At the heart of Unix lies the concept of a process. Understanding this concept will help you keep control
of your login session as a user. If you are also a system administrator, the concept is even more
A process is an independently running program that has its own set of resources. For instance, we
showed in an earlier section how you could direct the output of a program to a file while your shell
continued to direct output to your screen. The reason that the shell and the other program can send
output to different places is that they are separate processes .
On Unix, the finite resources of the system, such as the memory and the disks, are managed by one allpowerful program called the kernel. Everything else on the system is a process.
Thus, before you log in, your terminal is monitored by a getty process. After you log in, the getty
process dies (a new one is started by the kernel when you log out) and your terminal is managed by
your shell, which is a different process. The shell then creates a new process each time you enter a
command. The creation of a new process is called forking because one process splits into two.
If you are using the X Window System , each process starts up one or more windows. Thus, the window
in which you are typing commands is owned by an xterm process or a reloaded terminal program. That
process forks a shell to run within the window. And that shell forks yet more processes as you enter
To see the processes you are running, enter the command ps. Figure 10-2 shows some typical output
and what each field means. You may be surprised how many processes you are running, especially if
you are using X. One of the processes is the ps command itself, which of course dies as soon as the
output is displayed.
Figure 10-2. Output of ps command
The first field in the ps output is a unique identifier for the process. If you have a runaway process that
you can't get rid of through Ctrl-C or other means, you can kill it by going to a different virtual console
or X window and entering:
$ kill
The TTY field shows which terminal the process is running on, if any. (Everything run from a shell uses a
terminal, of course, but background daemons don't have a terminal.)
The STAT field shows what state the process is in. The shell is currently suspended, so this field shows an
S. An Emacs editing session is running, but it's suspended using Ctrl-Z. This is shown by the T in its STAT
field. The last process shown is the ps that is generating all this input; its state, of course, is R because
it is running.
The TIME field shows how much CPU time the processes have used. Because both bash and Emacs are
interactive, they actually don't use much of the CPU.
You aren't restricted to seeing your own processes. Look for a minute at all the processes on the
system. The a option stands for all processes, while the x option includes processes that have no
controlling terminal (such as daemons started at runtime):
$ ps ax | more
Now you can see the daemons that we mentioned in the previous section.
Recent versions of the ps command have a nice additional option. If you are looking for a certain
process whose name (or at least parts of it) you know, you can use the option -C, followed by the name
to see only the processes whose names match the name you specify:
$ ps -C httpd
And here, with a breathtaking view of the entire Linux system at work, we end our discussion of
processes (the lines are cut off at column 76; if you want to see the command lines in their full glory,
add the option -w to the ps command):
[email protected]:~ > ps aux
1 0.0 0.0
2 0.0 0.0
3 0.0 0.0
4 0.0 0.0
5 0.0 0.0
6 0.0 0.0
7 0.0 0.0
8 0.0 0.0
9 0.0 0.0
10 0.0 0.0
11 0.0 0.0
14 0.0 0.0
15 0.0 0.0
16 0.0 0.0
17 0.0 0.0
init [3]
0 ?
0 ?
0 ?
0 ?
0 ?
0 ?
0 ?
0 ?
0 ?
0.0 1412 436 ?
0.0 1436 612 ?
0.1 2352 1516 ?
0.0 1420 492 ?
0.0 1588 652 ?
0.0 1396 544 ?
0.0 1420 528 ?
0 ?
0 ?
0.1 4708 1804 ?
0.1 2600 1240 ?
0.3 6416 3392 ?
0.1 4176 1432 ?
0.1 4252 1512 ?
0.0 1584 704 ?
0.0 42624 784 ?
0.1 2264 1216 ?
0.0 1608 608 tty2
0.0 1608 608 tty3
0.0 1608 608 tty4
0.0 1608 608 tty5
0.0 1608 608 tty6
0.1 4180 1996 tty1
0.0 3012 816 ?
0.1 4296 1332 ?
0.1 3708 1248 tty1
0.0 2504 564 tty1
0.0 2384 652 tty1
4.5 106948 46744 ?
0.1 3704 1288 tty1
1.0 24252 10412 ?
0.8 22876 8976 ?
1.0 25340 10916 ?
1.7 31316 18540 ?
1.3 26480 14292 ?
0.5 9820 5736 ?
0.0 1372 336 tty1
1.1 24800 12116 ?
1.4 27464 15512 ?
1.8 30160 18920 ?
1.8 31748 19460 ?
1.0 25856 11360 ?
1.3 26324 14304 ?
0.7 21144 7908 ?
1.3 25840 13804 ?
1.2 24764 12668 ?
1.4 29260 15260 ?
0:00 [aio/0]
0:00 [aio/1]
0:00 [kseriod]
0:00 [scsi_eh_0]
0:00 [kjournald]
0:00 [kjournald]
0:00 [kjournald]
0:00 [kjournald]
0:00 [khubd]
0:00 [hwscand]
0:00 /sbin/syslogd -a
0:00 /sbin/klogd -c 1
0:00 /sbin/portmap
0:00 /sbin/resmgrd
0:00 hcid: processing
0:00 /usr/sbin/sdpd
0:00 [usb-storage]
0:00 [scsi_eh_1]
0:00 /usr/sbin/sshd -o
0:00 /usr/sbin/powersa
0:00 /usr/sbin/cupsd
0:00 /usr/lib/postfix/
0:00 qmgr -l -t fifo 0:00 /usr/sbin/cron
0:00 /usr/sbin/nscd
0:00 login -- kalle
0:00 /sbin/mingetty tt
0:00 /sbin/mingetty tt
0:00 /sbin/mingetty tt
0:00 /sbin/mingetty tt
0:00 /sbin/mingetty tt
0:00 -zsh
0:00 gpg-agent --daemo
0:00 ssh-agent
0:00 /bin/sh /usr/X11R
0:00 tee /home/kalle/.
0:00 xinit /home/kalle
7:12 X :0 -auth /home/
0:00 /bin/sh /usr/X11R
0:00 kdeinit Running..
0:00 kdeinit: dcopserv
0:00 kdeinit: klaunche
0:05 kdeinit: kded
0:00 kdeinit: kxkb
0:00 /opt/kde3/bin/art
0:00 kwrapper ksmserve
0:00 kdeinit: ksmserve
0:09 kdeinit: kwin -se
0:05 kdeinit: kdesktop
0:19 kdeinit: kicker
0:00 kdeinit: kio_file
0:02 kdeinit: klipper
0:00 kpowersave
0:00 kamix
0:00 kpowersave
0:01 suseplugger -capt
13376 ?
16564 ?
12468 ?
19920 ?
15716 ?
11260 ?
16928 ?
42244 ?
16632 ?
5976 ?
1920 pts/2
1944 pts/3
2572 pts/4
9988 ?
27472 ?
1172 pts/3
2348 pts/3
20204 ?
1244 ?
1264 ?
43512 ?
3612 ?
5616 ?
30384 ?
17424 ?
2624 pts/1
31456 pts/1
2500 pts/5
1264 pts/5
1732 pts/5
17316 ?
2396 pts/6
16564 ?
2040 pts/7
1908 pts/7
536 ?
1448 ?
1396 ?
1784 ?
1848 ?
1768 ?
700 ?
1144 ?
688 pts/5
susewatcher -capt
kdeinit: khotkeys
oooqs -caption Op
kdeinit: kio_uise
kdeinit: kio_file
kdeinit: konsole
kontact -session
kdeinit: konsole
kalarmd --login
sh ./sshtunnel
ssh -X -L 23456:1
kdeinit: ksirc -i
/bin/sh /home/kal
/bin/sh /home/kal
perl /opt/kde3/bi
kdeinit: konquero
kdeinit: konsole
kdeinit: konsole
kdeinit: konsole
pickup -l -t fifo
proxymap -t unix
trivial-rewrite cleanup -z -t uni
local -t unix
ps aux
10.10. Programs That Serve You
We include this section because you should start to be interested in what's running on your system
behind your back.
Many modern computer activities are too complex for the system simply to look at a file or some other
static resource. Sometimes these activities need to interact with another running process.
For instance, take FTP, which you may have used to download some Linux-related documents or
software. When you FTP to another system, another program has to be running on that system to
accept your connection and interpret your commands. So there's a program running on that system
called ftpd. The d in the name stands for daemon, which is a quaint Unix term for a server that runs in
the background all the time. Most daemons handle network activities.
You've probably heard of the buzzword client/server enough to make you sick, but here it is in actionit
has been in action for decades on Unix.
Daemons start up when the system is booted. To see how they get started, look in the /etc/inittab and
/etc/xinetd.conf files, as well as distribution-specific configuration files. We won't go into their formats
here. But each line in these files lists a program that runs when the system starts. You can find the
distribution-specific files either by checking the documentation that came with your system or by
looking for pathnames that occur frequently in /etc/inittab. Those normally indicate the directory tree
where your distribution stores its system startup files.
To give an example of how your system uses /etc/inittab, look at one or more lines with the string getty
or agetty. This is the program that listens at a terminal (tty) waiting for a user to log in. It's the
program that displays the login : prompt we talked about at the beginning of this chapter.
The /etc/inetd.conf file represents a more complicated way of running programsanother level of
indirection. The idea behind /etc/inetd.conf is that it would waste a lot of system resources if a dozen or
more daemons were spinning idly, waiting for a request to come over the network. So, instead, the
system starts up a single daemon named inetd. This daemon listens for connections from clients on
other machines, and when an incoming connection is made, it starts up the appropriate daemon to
handle it. For example, when an incoming FTP connection is made, inetd starts up the FTP daemon
(ftpd) to manage the connection. In this way, the only network daemons running are those actually in
There's a daemon for every service offered by the system to other systems on a network: fingerd to
handle remote finger requests, rwhod to handle rwho requests, and so on. A few daemons also handle
non-networking services, such as kerneld, which handles the automatic loading of modules into the
kernel. (In Versions 2.4 and up, this is called kmod instead and is no longer a process, but rather a
kernel thread.)
Chapter 11. Managing Users, Groups, and
Section 11.1. Managing User Accounts
Section 11.2. File Ownership and Permissions
Section 11.3. Changing the Owner, Group, and Permissions
11.1. Managing User Accounts
Even if you're the only actual human being who uses your Linux system, understanding how to manage
user accounts is importanteven more so if your system hosts multiple users.
User accounts serve a number of purposes on Unix systems. Most prominently, they give the system a
way to distinguish between different people who use the system for reasons of identification and
security. Each user has a personal account with a separate username and password. As discussed in
"File Ownership and Permissions," later in this chapter, users may set permissions on their files,
allowing or restricting access to them by other users. Each file on the system is "owned" by a particular
user, who may set the permissions for that file. User accounts are used to authenticate access to the
system; only those people with accounts may access the machine. Also, accounts are used to identify
users, keep system logs, tag electronic mail messages with the name of the sender, and so forth.
Apart from personal accounts, there are users on the system who provide administrative functions. As
we've seen, the system administrator uses the root account to perform maintenancebut usually not for
personal system use. Such accounts are accessed using the su command, allowing another account to
be accessed after logging in through a personal account.
Other accounts on the system may not involve human interaction at all. These accounts are generally
used by system daemons , which must access files on the system through a specific user ID other than
root or one of the personal user accounts. For example, if you configure your system to receive a
newsfeed from another site, the news daemon must store news articles in a spool directory that anyone
can access but only one user (the news daemon) can write to. No human being is associated with the
news account; it is an "imaginary" user set aside for the news daemon only.
One of the permission bits that can be set on executables is the setuid bit, which causes the program to
be executed with the permissions of the owner of that file. For example, if the news daemon were
owned by the user news, and the setuid bit were set on the executable, it would run as if by the user
news. news would have write access to the news spool directory, and all other users would have read
access to the articles stored there. This is a security feature. News programs can give users just the
right amount of access to the news spool directory, but no one can just play around there.
As the system administrator, it is your job to create and manage accounts for all users (real and virtual)
on your machine. This is actually a painless, hands-off task in most cases, but it's important to
understand how it works.
11.1.1. The passwd File
Every account on the system has an entry in the file /etc/passwd. This file contains entries, one line per
user, that specify several attributes for each account, such as the username, real name, and so forth.
Each entry in this file is of the following format:
The following list explains each field:
A unique character string, identifying the account. For personal accounts, this is the name the
user logs in with. On most systems it is limited to eight alphanumeric charactersfor example, larry
or kirsten.
An encrypted representation of the user's password. This field is set using the passwd program to
set the account's password; it uses a one-way encryption scheme that is difficult (but not
impossible) to break. You don't set this by hand; the passwd program does it for you. Note,
however, that if the first character of the password field is * (an asterisk), the account is
"disabled"; the system will not allow logins as this user. See "Creating Accounts," later in this
The user ID, a unique integer the system uses to identify the account. The system uses the uid
field internally when dealing with process and file permissions; it's easier and more compact to
deal with integers than byte strings. Therefore, both the user ID and the username identify a
particular account: the user ID is more important to the system, whereas the username is more
convenient for humans.
The group ID, an integer referring to the user's default group, found in the file /etc/group. See
"The Group File," later in this chapter.
Miscellaneous information about the user, such as the user's real name, and optional "location
information" such as the user's office address or phone number. Such programs as mail and finger
use this information to identify users on the system; we'll talk more about it later. By the way,
gecos is a historical name dating back to the 1970s; it stands for General Electric Comprehensive
Operating System. GECOS has nothing to do with Unix, except that this field was originally added
to /etc/passwd to provide compatibility with some of its services.
The user's home directory , for the user's personal use; more on this later. When the user first
logs in, the shell finds its current working directory in the named home directory.
The name of the program to run when the user logs in; in most cases, this is the full pathname of
a shell, such as /bin/bash or /bin/tcsh.
Many of these fields are optional; the only required fields are username , uid , gid , and homedir. Most user
accounts have all fields filled in, but "imaginary" or administrative accounts may use only a few.
Here are two sample entries you might find in /etc/passwd:
root:ZxPsI9ZjiVd9Y:0:0:The root of all evil:/root:/bin/bash
aclark:BjDf5hBysDsii:104:50:Anna Clark:/home/aclark:/bin/bash
The first entry is for the root account. First of all, notice that the user ID of root is 0. This is what makes
root root: the system knows that uid 0 is "special" and that it does not have the usual security
restrictions. The gid of root is also 0, which is mostly a convention. Many of the files on the system are
owned by root and the root group, which have a uid and gid of 0, respectively. More on groups in a
On many systems, root uses the home directory /root, or just /. This is not usually relevant because you
most often use su to access root from your own account. Also, it is traditional to use a Bourne-shell
variant (in this case /bin/bash) for the root account, although you can use the C shell if you like. (Shells
are discussed in Chapter 4.) Be careful, though: Bourne shells and C shells have differing syntax, and
switching between them when using root can be confusing and lead to mistakes.
The second entry is for an actual human being, username aclark. In this case, the uid is 104. The uid
field can technically be any unique integer; on many systems, it's customary to have user accounts
numbered 100 and above and administrative accounts in the sub-100 range. The gid is 50, which just
means that aclark is in whatever group is numbered 50 in the /etc/group file. Hang on to your hats;
groups are covered in "The Group File," later in this chapter.
Home directories are often found in /home , and named for the username of their owner. This is, for the
most part, a useful convention that avoids confusion when finding a particular user's home directory.
You can technically place a home directory anywhere, but it must exist for you to be able to log into the
system. You should, however, observe the directory layout used on your system.
Note that as the system administrator, it's not usually necessary to modify the /etc/passwd file directly.
Several programs are available that can help you create and maintain user accounts; see "Creating
Accounts," later in this chapter. If you really want to edit the raw /etc/passwd data, consider using a
command such as vipw that protects the password file against corruption from simultaneous editing.
11.1.2. Shadow Passwords
To some extent, it is a security risk to let everybody with access to the system view the encrypted
passwords in /etc/passwd. Special crack programs are available that try a huge number of possible
passwords and check whether the encrypted version of those passwords is equal to a specified one.
To overcome this potential security risk, shadow passwords have been invented. When shadow
passwords are used, the password field in /etc/passwd contains only an x or a *, which can never occur
in the encrypted version of a password. Instead, a second file called /etc/shadow is used. This file
contains entries that look very similar to those in /etc/passwd, but contain the real encrypted password
in the password field. /etc/shadow is readable only by root, so normal users do not have access to the
encrypted passwords. The other fields in /etc/shadow, except the username and the password, are
present as well, but normally contain bogus values or are empty.
Note that in order to use shadow passwords, you need special versions of the programs that access or
modify user information, such as passwd or login. Nowadays, most distributions come with shadow
passwords already set up, so this should not be a problem for you. Debian users should use
"shadowconfig on" instead to ensure that shadow passwords are enabled on their systems.
There are two tools for converting "normal" user entries to shadow entries and back. pwconv takes the
/etc/passwd file, looks for entries that are not yet present in /etc/shadow, generates shadow entries for
those, and merges them with the entries already present in /etc/shadow.
pwunconv is rarely used because it gives you less security instead of more. It works like pwconv, but
generates traditional /etc/passwd entries that work without /etc/shadow counterparts.
Modern Linux systems also provide something called password aging. This is sort of an expiry date for a
password; if it approaches, a warning is issued, a configurable number of days before the password
expires, and the user is asked to change his password. If he fails to do so, his account will be locked
after a while. It is also possible to set a minimum number of days before a changed or created
password can be changed again.
All these settings are configured with the passwd command. The -n option sets the minimum number of
days between changes, -x the maximum number of days between changes, -w the number of days a
warning is issued before a password expires, and -i the number of days of inactivity between the expiry
of a password and the time the account is locked.
Most distributions provide graphical tools to change these settings, often hidden on an Advanced
Settings page or similar.
11.1.3. PAM and Other Authentication Methods
You might think that having two means of user authentication, /etc/passwd and /etc/shadow, is already
enough choice, but you are wrong. There are a number of other authentication methods with strange
names, such as Kerberos authentication (so named after the dog from Greek mythology that guards the
entrance to Hell). Although we think that shadow passwords provide enough security for almost all
cases, it all depends on how much security you really need and how paranoid you want to be.
The problem with all those authentication methods is that you cannot simply switch from one to another
because you always need a set of programs, such as login and passwd, that go with those tools. To
overcome this problem, the Pluggable Authentication Methods (PAM) system has been invented. Once
you have a PAM-enabled set of tools, you can change the authentication method of your system by
reconfiguring PAM. The tools will automatically get the code necessary to perform the required
authentication procedures from dynamically loaded shared libraries.
Setting up and using PAM is beyond the scope of this book, but you can get all the information you need
from Most modern distributions will set up PAM for you as
11.1.4. The Group File
User groups are a convenient way to logically organize sets of user accounts and allow users to share
files within their group or groups. Each file on the system has both a user and a group owner associated
with it. Using ls -l, you can see the owner and group for a particular file, as in the following example:
rutabaga$ ls -l boiler.tex
-rwxrw-r-1 mdw
10316 Oct
6 20:19 boiler.tex
This file is owned by the user mdw and belongs to the megabozo group. We can see from the file
permissions that mdw has read, write, and execute access to the file; that anyone in the megabozo
group has read and write access; and that all other users have read access only.
This doesn't mean that mdw is in the megabozo group; it simply means the file may be accessed, as
shown by the permission bits, by anyone in the megabozo group (which may or may not include mdw).
This way, files can be shared among groups of users, and permissions can be specified separately for
the owner of the file, the group to which the file belongs, and everyone else. An introduction to
permissions appears in "File Ownership and Permissions," later in this chapter.
Every user is assigned to at least one group, which you specify in the gid field of the /etc/passwd file.
However, a user can be a member of multiple groups. The file /etc/group contains a one-line entry for
each group on the system, very similar in nature to /etc/passwd. The format of this file is
Here, groupname is a character string identifying the group; it is the group name printed when using
commands such as ls -l.
password is an optional encrypted password associated with the group, which allows users not in this
group to access the group with the newgrp command. Read on for information on this.
gid is the group ID used by the system to refer to the group; it is the number used in the gid field of
/etc/passwd to specify a user's default group.
members is a comma-separated list of usernames (with no whitespace in between), identifying those
users who are members of this group but who have a different gid in /etc/passwd. That is, this list need
not contain those users who have this group set as their "default" group in /etc/passwd; it's only for
users who are additional members of the group.
For example, /etc/group might contain the following entries:
The first entries, for the groups root and bin, are administrative groups, similar in nature to the
"imaginary" accounts used on the system. Many files are owned by groups, such as root and bin. The
other groups are for user accounts. Like user IDs, the group ID values for user groups are often placed
in ranges above 50 or 100.
The password field of the group file is something of a curiosity. It isn't used much, but in conjunction
with the newgrp program it allows users who aren't members of a particular group to assume that
group ID if they have the password. For example, using the command
rutabaga$ newgrp bozo
Password: password for group bozo
starts a new shell with the group ID of bozo. If the password field is blank, or the first character is an
asterisk, you receive a permission denied error if you attempt to newgrp to that group.
However, the password field of the group file is seldom used and is really not necessary. (In fact, most
systems don't provide tools to set the password for a group; you could use passwd to set the password
for a dummy user with the same name as the group in /etc/passwd and copy the encrypted password
field to /etc/group.) Instead, you can make a user a member of multiple groups simply by including the
username in the members field for each additional group. In the previous example, the users linus and
mdw are members of the bozo group, as well as whatever group they are assigned to in the
/etc/passwd file. If we wanted to add linus to the megabozo group as well, we'd change the last line of
the previous example to:
The command groups tells you which groups you belong to:
rutabaga$ groups
users bozo
Giving a list of usernames to groups lists the groups to which each user in the list belongs.
When you log in, you are automatically assigned to the group ID given in /etc/passwd, as well as any
additional groups for which you're listed in /etc/group. This means you have "group access" to any files
on the system with a group ID contained in your list of groups. In this case, the group permission bits
(set with chmod g+...) for those files apply to you (unless you're the owner, in which case the owner
permission bits apply instead).
Now that you know the ins and outs of groups, how should you assign groups on your system? This is
really a matter of style and depends on how your system will be used. For systems with just one or a
handful of users, it's easiest to have a single group (called, say, users) to which all personal user
accounts belong. Note that all the system groupsthose groups contained within /etc/group when the
system is first installedshould probably be left alone. Various daemons and programs may depend upon
If you have a number of users on your machine, there are several ways to organize groups. For
example, an educational institution might have separate groups for students, faculty, and staff. A
software company might have different groups for each design team. On other systems, each user is
placed into a separate group, named identically to the username. This keeps each pigeon in its own
hole, so to speak. Files can also be assigned to special groups; many users create new groups and place
files into them for sharing the files between users. However, this requires adding users to the additional
groups, a task that usually requires the system administrator to intervene (by editing /etc/group or
using utilities, such as gpasswd on Debian systems). It's really up to you.
Another situation in which groups are often used is special hardware groups. Let's say that you have a
scanner that is accessed via /dev/scanner. If you do not want to give everybody access to the scanner,
you could create a special group called scanner, assign /dev/scanner to this group, make this special
file readable for the group and nonreadable for everybody else, and add everybody who is allowed to
use the scanner to the scanner group in the /etc/groups file.
11.1.5. Creating Accounts
Creating a user account requires several steps: adding an entry to /etc/passwd, creating the user's
home directory, and setting up the user's default configuration files (such as .bashrc) in her home
directory. Luckily, you don't have to perform these steps manually; nearly all Linux systems include a
program called adduser to do this for you. Some Linux systems, such as Red Hat or SUSE, use a
different set of tools for account creation and deletion. If the sequence of inputs in this section does not
work for you, check the documentation for your distribution. (Red Hat allows accounts to be managed
through the control-panel tool, and SUSE does it via yast2; Debian includes an adduser script
(interactive in some versions and noninteractive on others) that automatically sets up users based on
the configuration file /etc/adduser.conf). In addition, there are graphical user management programs,
such as KUser from KDE and the GNOME System Tools.
Running adduser as root should work as follows. Just enter the requested information at the prompts;
many of the prompts have reasonable defaults you can select by pressing Enter:
Adding a new user. The username should not exceed 8 characters
in length, or you many run into problems later.
Enter login name for new account (^C to quit): norbert
Editing information for new user [norbert]
Full Name: Norbert Ebersol
GID [100]: 117
Checking for an available UID after 500
First unused uid is 501
UID [501]: (enter)
Home Directory [/home/norbert]: (enter)
Shell [/bin/bash]: (enter)
Password [norbert]: (norbert's password)
Information for new user [norbert]:
Home directory: [/home/norbert] Shell: [/bin/bash]
Password: [(norbert's password) ] uid: [501] gid: [117]
Is this correct? [y/N]: y
Adding login [norbert] and making directory [/home/norbert]
Adding the files from the /etc/skel directory:
./.emacs -> /home/norbert/./.emacs
./.kermrc -> /home/norbert/./.kermrc
./.bashrc -> /home/norbert/./.bashrc
... more files ...
There should be no surprises here; just enter the information as requested or choose the defaults. Note
that adduser uses 100 as the default group ID, and looks for the first unused user ID after 500 (500 is
used as the minimum on SUSE and Red Hat; Debian uses 1000). It should be safe to go along with
these defaults; in the previous example, we used a group ID of 117 because we designated that to be
the group for the user, as well as the default user ID of 501.
After the account is created, the files from /etc/skel are copied to the user's home directory. /etc/skel
contains the "skeleton" files for a new account; they are the default configuration files (such as .emacs
and .bashrc) for the new user. Feel free to place other files here if your new user accounts should have
After this is done, the new account is ready to roll; norbert can log in, using the password set using
adduser. To guarantee security, new users should always change their own passwords, using passwd,
immediately after logging in for the first time.
root can set the password for any user on the system. For example, the command:
passwd norbert
prompts for a new password for norbert, without asking for the original password. Note, however, that
you must know the root password in order to change it. If you forget the root password entirely, you
can boot Linux from an emergency disk (as discussed previously), and clear the password field of the
/etc/passwd entry for root. See "What to Do in an Emergency" in Chapter 27.
Some Linux systems provide the command-line-driven useradd instead of adduser. (And, to make
things even more confusing, on some other systems, the two commands are synonyms.) This program
requires you to provide all relevant information as command-line arguments. If you can't locate adduser
and are stuck with useradd, see the manual pages, which should help you out.
11.1.6. Deleting and Disabling Accounts
Deleting a user account is much easier than creating one; this is the well-known concept of entropy at
work. To delete an account, you must remove the user's entry in /etc/passwd, remove any references to
the user in /etc/group, and delete the user's home directory, as well as any additional files created or
owned by the user. For example, if the user has an incoming mailbox in /var/spool/mail, it must be
deleted as well.
The command userdel (the yin to useradd's yang) deletes an account and the account's home directory.
For example:
userdel -r norbert
will remove the recently created account for norbert. The -r option forces the home directory to be
removed as well. Other files associated with the userfor example, the incoming mailbox, crontab files,
and so forthmust be removed by hand. Usually these are quite insignificant and can be left around. By
the end of this chapter, you should know where these files are, if they exist. A simple way to find the
files associated with a particular user is through the following command:
find / -user username -ls
This will give an ls -l listing of each file owned by username . Of course, to use this, the account
associated with username must still have an entry in /etc/passwd. If you deleted the account, use the uid num argument instead, where num is the numeric user ID of the dearly departed user.
Temporarily (or not so temporarily) disabling a user account, for whatever reason, is even simpler. You
can either remove the user's entry in /etc/passwd (leaving the home directory and other files intact) or
add an asterisk to the first character of the password field of the /etc/passwd entry, as follows:
aclark:*BjDf5hBysDsii:104:50:Anna Clark:/home/aclark:/bin/bash
This will disallow logins to the account in question. Note that if you use shadow passwords, you need to
do the same thing in /etc/shadow. But why would you want to do that? Well, imagine that an employee
is leaving the company, and you want to prevent him from logging in any more, but you still want to
keep his files around in case there is anything his colleagues still need. In this case, it is convenient to
be able to disable the account without actually deleting the home directory (and other related files such
as the mail spool).
11.1.7. Modifying User Accounts
Modifying attributes of user accounts and groups is usually a simple matter of editing /etc/passwd and
/etc/group. Many systems provide commands such as usermod and groupmod to do just this; it's often
easier to edit the files by hand.
To change a user's password, use the passwd command, which will prompt for a password, encrypt it,
and store the encrypted password in the /etc/passwd file.
If you need to change the user ID of an existing account, you can do this by editing the uid field of
/etc/passwd directly. However, you should also chown the files owned by the user to that of the new
user ID. For example:
chown -R aclark /home/aclark
will set the ownership for all files in the home directory used by aclark back to aclark, if you changed
the uid for this account. If ls -l prints a numeric user ID, instead of a username, this means there is no
username associated with the uid owning the files. Use chown to fix this.
11.2. File Ownership and Permissions
Ownership and permissions are central to security. It's important to get them right, even when you're
the only user, because odd things can happen if you don't. For the files that users create and use daily,
these things usually work without much thought (although it's still useful to know the concepts). For
system administration, matters are not so easy. Assign the wrong ownership or permission, and you
might get into a frustrating bind such as being unable to read your mail. In general, the message:
Permission denied
means that someone has assigned an ownership or permission that restricts access more than you
11.2.1. What Permissions Mean
Permissions refer to the ways in which someone can use a file. There are three such permissions under
Read permission means you can look at the file's contents.
Write permission means you can change or delete the file.
Execute permission means you can run the file as a program.
When each file is created, the system assigns some default permissions that work most of the time. For
instance, it gives you both read and write permission , but most of the world has only read permission .
If you have a reason to be paranoid, you can set things up so that other people have no permissions at
Additionally, most utilities know how to assign permissions . For instance, when the compiler creates an
executable program, it automatically assigns execute permission.
There are times when defaults don't work, though. For instance, if you create a shell script or Perl
program, you'll have to assign execute permission yourself so that you can run it. We show how to do
that later in this section, after we get through the basic concepts.
Permissions have different meanings for a directory:
Read permission means you can list the contents of that directory.
Write permission means you can add or remove files in that directory.
Execute permission means you can list information about the files in that directory.
Don't worry about the difference between read and execute permission for directories; basically, they go
together. Assign both or neither.
Note that if you allow people to add files to a directory, you are also letting them remove files. The two
privileges go together when you assign write permission. However, there is a way you can let users
share a directory and keep them from deleting each other's files. See "Upgrading Software Not Provided
in Packages" in Chapter 12.
There are more files on Unix systems than the plain files and directories we've talked about so far.
These are special files (devices), sockets, symbolic links, and so fortheach type observing its own rules
regarding permissions. But you don't need to know the details on each type.
11.2.2. Owners and Groups
Now, who gets these permissions? To allow people to work together, Unix has three levels of
permission: owner, group, and other. The "other" level covers everybody who has access to the system
and who isn't the owner or a member of the group.
The idea behind having groups is to give a set of users, such as a team of programmers, access to a
file. For instance, a programmer creating source code may reserve write permission to herself, but allow
members of her group to have read access through a group permission. As for "other," it might have no
permission at all so that people outside the team can't snoop around. (You think your source code is
that good?)
Each file has an owner and a group. The owner is generally the user who created the file. Each user also
belongs to a default group, and that group is assigned to every file the user creates. You can create
many groups, though, and assign each user to multiple groups. By changing the group assigned to a
file, you can give access to any collection of people you want. We discussed groups earlier in "The
Group File."
Now we have all the elements of our security system: three permissions (read, write, execute) and
three levels (user, group, other). Let's look at some typical files and see what permissions are assigned.
Figure 11-1 shows a typical executable program. We generated this output by executing ls with the -l
Figure 11-1. Displaying ownership and permissions
Two useful facts stand right out: the owner of the file is an author of this book and your faithful guide,
mdw, and the group is lib (perhaps a group created for programmers working on libraries). But the key
information about permissions is encrypted in the set of letters on the left side of the display.
The first character is a hyphen, indicating a plain file. The next three bits apply to the owner; as we
would expect, mdw has all three permissions. The next three bits apply to members of the group: they
can read the file (not too useful for a binary file) and execute it, but they can't write to it because the
field that should contain a w contains a hyphen instead. And the last three bits apply to "other"; they
have the same permissions in this case as the group.
Here is another example. If you asked for a long listing of a C source file, it would look something like
$ ls -l
1 kalle
12577 Apr 30 13:13 simc.c
The listing shows that the owner has read and write (rw) privileges, and so does the group. Everyone
else on the system has only read privileges.
Now suppose we compile the file to create an executable program. The file simc is created by the gcc
$ gcc -osimc simc.c
$ ls -l
total 36
1 kalle
-rw-rw-r-1 kalle
19365 Apr 30 13:14 simc
12577 Apr 30 13:13 simc.c
In addition to the read and write bits, gcc has set the executable (x) bit for owner, group, and other on
the executable file. This is the appropriate thing to do so that the file can be run:
$ ./simc
(output here)
One more examplea typical directory:
2 mdw
512 Jul 17 18:23 perl
The leftmost bit is now a d to show that this is a directory. The executable bits are back because you
want people to see the contents of the directory.
Files can be in some obscure states that aren't covered here; see the ls manual page for gory details.
But now it's time to see how you can change ownership and permissions.
11.3. Changing the Owner, Group, and Permissions
As we said, most of the time you can get by with the default security the system gives you. But there
are always exceptions, particularly for system administrators. To take a simple example, suppose you
are creating a directory under /home for a new user. You have to create everything as root, but when
you're done you have to change the ownership to the user; otherwise, that user won't be able to use the
files! (Fortunately, if you use the adduser command discussed earlier in "Creating Accounts," it takes
care of ownership for you.)
Similarly, certain utilities and programs such as the MySQL database and News have their own users.
No one ever logs in as mysql or News, but those users and groups must exist so that the utilities can do
their job in a secure manner. In general, the last step when installing software is usually to change the
owner, group, and permissions as the documentation tells you to do.
The chown command changes the owner of a file, and the chgrp command changes the group. On Linux,
only root can use chown for changing ownership of a file, but any user can change the group to another
group to which he belongs.
So after installing some software named sampsoft, you might change both the owner and the group to
bin by executing:
# chown bin sampsoft
# chgrp bin sampsoft
You could also do this in one step by using the dot notation:
# chown bin.bin sampsoft
The syntax for changing permissions is more complicated. The permissions can also be called the file's
"mode," and the command that changes permissions is chmod. Let's start our exploration of this
command through a simple example. Say you've written a neat program in Perl or Tcl named header,
and you want to be able to execute it. You would type the following command:
$ chmod +x header
The plus sign means "add a permission," and the x indicates which permission to add.
If you want to remove execute permission, use a minus sign in place of a plus:
$ chmod -x header
This command assigns permissions to all levels: user, group, and other. Let's say that you are secretly
into software hoarding and don't want anybody to use the command but yourself. No, that's too
cruellet's say instead that you think the script is buggy and want to protect other people from hurting
themselves until you've exercised it. You can assign execute permission just to yourself through the
$ chmod u+x header
Whatever goes before the plus sign is the level of permission, and whatever goes after is the type of
permission. User permission (for yourself) is u, group permission is g, and other is o. So to assign
permission to both yourself and the file's group, enter:
$ chmod ug+x header
You can also assign multiple types of permissions:
$ chmod ug+rwx header
You can learn a few more shortcuts from the chmod manual page in order to impress someone looking
over your shoulder, but they don't offer any functionality besides what we've shown you.
As arcane as the syntax of the mode argument may seem, there's another syntax that is even more
complicated. We have to describe it, though, for several reasons. First of all, there are several situations
that cannot be covered by the syntax, called symbolic mode , that we've just shown. Second, people
often use the other syntax, called absolute mode , in their documentation. Third, there are times you
may actually find the absolute mode more convenient.
To understand absolute mode, you have to think in terms of bits and octal notation. Don't worry, it's not
too hard. A typical mode contains three characters, corresponding to the three levels of permission
(user, group, and other). These levels are illustrated in Figure 11-2. Within each level, there are three
bits corresponding to read, write, and execute permission.
Figure 11-2. Bits in absolute mode
Let's say you want to give yourself read permission and no permission to anybody else. You want to
specify just the bit represented by the number 400. So the chmod command would be:
$ chmod 400 header
To give read permission to everybody, choose the correct bit from each level: 400 for yourself, 40 for
your group, and 4 for other. The full command is:
$ chmod 444 header
This is like using a mode +r, except that it simultaneously removes any write or execute permission.
(To be precise, it's just like a mode of =r, which we didn't mention earlier. The equal sign means
"assign these rights and no others.")
To give read and execute permission to everybody, you have to add up the read and execute bits: 400
plus 100 is 500, for instance. So the corresponding command is:
$ chmod 555 header
which is the same as =rx. To give someone full access, you would specify that digit as a 7: the sum of
4, 2, and 1.
One final trick: how to set the default mode that is assigned to each file you create (with a text editor,
the > redirection operator, and so on). You do so by executing a umask command, or putting one in
your shell's startup file. This file could be called .bashrc, .cshrc, or something else depending on the
shell you use (we discussed startup files in Chapter 4).
The umask command takes an argument like the absolute mode in chmod, but the meaning of the bits
is inverted. You have to determine the access you want to grant for user, group, and other, and subtract
each digit from 7. That gives you a three-digit mask.
For instance, say you want yourself to have all permissions (7), your group to have read and execute
permissions (5), and others to have no permissions (0). Subtract each bit from 7 and you get 0 for
yourself, 2 for your group, and 7 for other. So the command to put in your startup file is
umask 027
A strange technique, but it works. The chmod command looks at the mask when it interprets your
mode; for instance, if you assign execute mode to a file at creation time, it will assign execute
permission for you and your group, but will exclude others because the mask doesn't permit them to
have any access.
Chapter 12. Installing, Updating, and
Compiling Programs
In this chapter, we show you how to upgrade software on your system. Although most Linux
distributions provide some automated means to install, remove, and upgrade specific software packages
on your system, it is sometimes necessary to install software by hand.
Non-expert users will find it easiest to install and upgrade software by using a package system, which
most distributions provide. If you don't use a package system, installations and upgrades are more
complicated than with most commercial operating systems. Even though precompiled binaries are
available, you may have to uncompress them and unpack them from an archive file. You may also have
to create symbolic links or set environment variables so that the binaries know where to look for the
resources they use. In other cases, you'll need to compile the software yourself from sources.
12.1. Upgrading Software
Linux is a fast-moving target. Because of the cooperative nature of the project, new software is always
becoming available, and programs are constantly being updated with newer versions.
With this constant development, how can you possibly hope to stay on top of the most recent versions
of your system software? The short answer is, you can't. In this section, we talk about why and when to
upgrade and show you how to upgrade several important parts of the system.
When should you upgrade? In general, you should consider upgrading a portion of your system only
when you have a demonstrated need to upgrade. For example, if you hear of a new release of some
application that fixes important bugs (that is, those bugs that actually affect your personal use of the
application), you might want to consider upgrading that application. If the new version of the program
provides new features you might find useful, or has a performance boost over your present version, it's
also a good idea to upgrade. When your machine is somehow connected to the Internet, another good
reason for upgrading would be plugging a security hole that has been recently reported. However,
upgrading just for the sake of having the newest version of a particular program is probably silly. In
some, luckily rare, cases, newer versions are even regressions, that is, they introduce bugs or
performance hits compared with the previous version.
Upgrading can sometimes be a painful thing to do. For example, you might want to upgrade a program
that requires the newest versions of the compiler, libraries, and other software in order to run.
Upgrading this program will also require you to upgrade several other parts of the system, which can be
a time-consuming process. On the other hand, this can be seen as an argument for keeping your
software up to date; if your compiler and libraries are current, upgrading the program in question won't
be a problem.
How can you find out about new versions of Linux software? The best way is to watch the Usenet
newsgroup comp.os.linux.announce (see the section "Usenet Newsgroups" in Chapter 1), where
announcements of new software releases and other important information are posted. If you have
Internet access, you can then download the software via FTP and install it on your system. Another
good source to learn about new Linux software is the web site Many
individual packages have mailing lists that update you about new versions of just that particular
If you don't have access to Usenet or the Internet, the best way to keep in touch with recent
developments is to pay for a CD-ROM subscription. Here you receive an updated copy of the various
Linux FTP sites, on CD-ROM, every couple of months. This service is available from a number of Linux
vendors. It's a good thing to have, even if you have Internet access.
This brings us to another issue: what's the best upgrade method? Some people feel it's easier to
completely upgrade the system by reinstalling everything from scratch whenever a new version of their
favorite distribution is released. This way you don't have to worry about various versions of the software
working together. For those without Internet access, this may indeed be the easiest method; if you
receive a new CD-ROM only once every two months, a great deal of your software may be out of date.
It's our opinion, however, that reinstallation is not a good upgrade plan at all. Most of the current Linux
distributions are not meant to be upgraded in this way, and a complete reinstallation may be complex
or time-consuming. Also, if you plan to upgrade in this manner, you generally lose all your
modifications and customizations to the system, and you'll have to make backups of your user's home
directories and any other important files that would be deleted (or at least endangered) during a
reinstallation. Finally, adapting a drastic approach to upgrading means that, in practice, you probably
will wait longer than you should to upgrade software when critical security flaws are announced. In
actuality, not much changes from release to release, so a complete reinstallation is usually unnecessary
and can be avoided with a little upgrading know-how.
12.2. General Upgrade Procedure
As discussed in the previous section, it's usually easier and best to upgrade only those applications you need
to upgrade. For example, if you never use Emacs on your system, why bother keeping up-to-date with the
most recent version of Emacs? For that matter, you may not need to stay completely current with oft-used
applications. If something works for you, there's little need to upgrade.
Modern Linux systems provide various ways of upgrading software, some manual (which ultimately are the
most flexible, but also the most difficult), others quite automated. In this section, we look at three different
techniques: using the RPM package system, using the Debian package system, and doing things manually.
We'd like to stress here that using packages and package systems is convenient, and even if you are a power
user, you might want to use these techniques because they save you time for other, more fun stuff. Here is a
short summary of the advantages:
You have everything that belongs to a software package in one downloadable file.
You can remove a software package entirely, without endangering other packages.
Package systems keep a dependency database and can thus automatically track dependencies. For
example, they can tell you if you need to install a newer version of a library in order to run a certain
application you are about to install (and will refuse to remove a library package as long as packages are
installed that use the libraries this package provides).
Of course, package systems also have a few disadvantages, some of which we discuss when we talk about
RPM and the Debian package system. A generic problem is that once you start using a package system (which
is a requirement if you use the distributions' automated installation interfaces) you ought to really install
everything through packages. Otherwise, you can't keep track of the dependencies. For the same reason,
mixing different package systems is a bad idea.
Every day some program you use is likely to be updatedall too often because of an important security flaw,
unfortunately. Some grizzled system administrators insist on checking security reports regularly and
upgrading every package manually, using the means shown in this section, so they can control every aspect of
their systems and make sure no change breaks existing functionality. That's a noble cause to dedicate yourself
to, and one that's feasible on systems with dedicated purposes (such as mail servers or routers) and a limited
set of software.
For more general-purpose systems, though, keeping everything you use regularly up-to-date becomes a major
part-time job. For this reason, all major distributions provide automated update services. We explore a few of
them later in this chapter, but you'll want to understand general package management first. It shows what the
update services are doing, and is important when you want to install new software or do something else that
isn't offered by those services.
12.2.1. Using RPM
RPM, which originally expanded to Red Hat Package Manager but now just stands as a name on its own, is a
tool that automates the installation of software binaries and remembers what files are needed so that you can
be assured the software will run properly. Despite the name, RPM is not Red Hat-specific, but is used in many
other distributions nowadays, including SUSE. Using RPM makes installing and uninstalling software a lot
The basic idea of RPM is that you have a database of packages and the files that belong to a package. When
you install a new package, the information about this package is recorded in the database. Then, when you
want to uninstall the package for every file of the package, RPM checks whether other installed packages are
using this file too. If this is the case, the file in question is not deleted.
In addition, RPM tracks dependencies. Each package can be dependent on one or more other packages. When
you install a package, RPM checks whether the packages the new package is dependent on are already
installed. If not, it informs you about the dependency and refuses to install the package.
The dependencies are also used for removing packages: when you want to uninstall a package that other
packages are still dependent upon, RPM tells you about this, too, and refuses to execute the task.
The increased convenience of using RPM packages comes at a price, however: first, as a developer, it is
significantly more difficult to make an RPM package than to simply pack everything in a tar archive. And
second, it is not possible to retrieve just one file from an RPM package; you have to install everything or
If you already have an RPM system, installing RPM packages is very easy. Let's say that you have an RPM
package called SuperFrob-4.i386.rpm (RPM packages always have the extension .rpm; the i386 indicates that
this is a binary package compiled for Intel x86 machines). You could then install it with:
tigger # rpm -i SuperFrob-4.i386.rpm
Instead of -i, you can also use the long-named version of this option; choose whatever you like better:
tigger # rpm --install SuperFrob-4.i386.rpm
If everything goes well, there will be no output. If you want RPM to be more verbose, you can try:
tigger # rpm -ivh SuperFrob-4.i386.rpm
This prints the name of the package plus a number of hash marks so that you can see how the installation
If the package you want to install needs another package that is not yet installed, you will get something like
the following:
tigger # rpm -i SuperFrob-4.i386.rpm
failed dependencies:
frobnik-2 is needed by SuperFrob-4
If you see this, you have to hunt for the package frobnik-2 and install this first. Of course, this package can
itself be dependent on other packages.
If you want to update a package that is already installed, use the -U or --update option (which is just the -i
option combined with a few more implied options):
tigger # rpm -U SuperFrob-5.i386.rpm
Uninstalling a package is done with the -e or --erase option. In this case, you do not specify the package file
(you might not have that around any longer), but rather, the package name and version number:
tigger # rpm -e SuperFrob-5
Besides the options described so far that alter the state of your system, the -q option provides various kinds of
information about everything that is recorded in the RPM database as well as package files. Here are some
useful things you can do with -q:
Find out the version number of an installed package:
tigger# rpm -q SuperFrob
Get a list of all installed packages:
tigger# rpm -qa
Find out to which package a file belongs:
tigger# rpm -qf /usr/bin/dothefrob
tigger# rpm -qf /home/kalle/.xinitrc
file /home/kalle/.xinitrc is not owned by any package
Display information about the specified package:
tigger# rpm -qi rpm
: rpm
Relocations: (not relocatable)
: 4.1.1
Vendor: SUSE LINUX Products GmbH,
Nuernberg, Germany
: 208.2
Build Date: Sat 11 Jun 2005 01:53:04
Install date: Tue 28 Jun 2005 10:02:18 AM CEST
Build Host:
: System/Packages
Source RPM: rpm-4.1.1-208.2.src.rpm
: 5970541
License: GPL
: DSA/SHA1, Sat 11 Jun 2005 01:58:41 AM CEST, Key ID a84edae89c800aca
: The RPM Package Manager
Description :
RPM Package Manager is the main tool for managing the software packages
of the SuSE Linux distribution.
Distribution: SuSE Linux 9.3 (i586)
Show the files that will be installed for the specified package file:
tigger# rpm -qpl SuperFrob-5.i386.rpm
What we've just finished showing are the basic modes of operation, which are supplemented by a large
number of additional options. You can check those in the manual page for the rpm(8) command.
If you are faced with an RPM package that you want to install, but have a system such as Slackware or Debian
that is not based on RPM, things get a little bit more difficult.
You can either use the fairly self-explanatory command alien that can convert between various package
formats and comes with most distributions, or you can build the RPM database from scratch.
The first thing you have to do in this latter case is to get the rpm program itself. You can download it from Follow the installation instructions to build and install it; if you have the C compiler gcc
installed on your system, there should be no problems with this. It should be mentioned that some newer
versions of rpm have experienced stability problems, so if you do not use the rpm version that your
distribution provides, you should be a bit careful and look out for unexpected results. Version 4.1.1 seems to
be reasonably stable, though.
The next task is to initialize the RPM database. Distributions that come with RPM do the initialization
automatically, but on other systems you will have to issue the following command:
tigger # rpm --initdb
This command creates several files in the directory /var/lib/rpm. The directory /var/lib should already exist; if
it doesn't, create it with the mkdir command first.
Now you can install RPM packages the normal way, but because you have not installed the basic parts of the
system, such as the C library with RPM, you will get errors like the following:
tigger # rpm -i SuperFrob-4.i386.rpm
failed dependencies: is needed by SuperFrob-4 is needed by SuperFrob-4 is needed by SuperFrob-4
because those files are not recorded in the RPM database. Of course, you really do have those files on your
system; otherwise most programs wouldn't run. For RPM to work, you must tell it not to care about any
dependencies. You do this by specifying the command-line option --nodeps:
tigger # rpm -i --nodeps SuperFrob-4.i386.rpm
Now, RPM will install the package without complaining. Of course, it will run only if the libraries it needs are
installed. The mere fact that you use --nodeps doesn't save you when the "dependent" library or software is
not installed on your system.
With this information, you should be able to administer your RPM-based system. If you want to know more,
read the manual page for the rpm command, or check out
Some commercial companies sell automated upgrade services based on RPM. As a subscriber to these
services, you can have your system upgraded automatically; the service finds out which new packages are
available and installs them for you. If you use the SUSE distribution, SUSE provides such a service (called
"YOU") for free. Even the Debian distribution (whose package system is described in the next section) has an
automated upgrade system (described there). However, some security experts consider these automated
upgrades a security risk.
12.2.2. Using dpkg and apt
After rpm, the most popular package manager for Linux distributions is dpkg, which is used to manage .deb
archives. As the name implies, the .deb format is tied to the Debian distribution, so it is also used by
distributions based on Debian, such as Ubuntu and Kubuntu, Libranet, and Xandros. Like the RPM format, the
.deb format keeps track of dependencies and files to help ensure your system is consistent.
The technical differences between the two formats are actually fairly small; although the RPM and .deb
formats are incompatible (for example, you can't install a Debian package directly on Red Hat), you can use
alien to translate .deb packages for other distributions (and vice versa). The main difference between the
formats is that .deb packages are built using tools that help make sure they have a consistent layout and
generally conform to policies (most notably, the Debian Policy Manual, provided in the debian-policy package)
that help developers create high-quality packages.
While dpkg is the low-level interface to the Debian package manager, most functions are usually handled
through either the apt suite of programs or frontends such as dselect, aptitude, gnome-apt, synaptic, or
Installing .deb packages on a Debian system is quite easy. For example, if you have a package named
superfrob_4-1_i386.deb, you can install it with:
tigger # dpkg -i superfrob_4-1_i386.deb
Selecting previously deselected package superfrob.
(Reading database ... 159540 files and directories currently installed.)
Unpacking superfrob (from superfrob_4-1_i386.deb) ...
Setting up superfrob (4-1) ...
If the superfrob package is missing a dependency, dpkg will issue a warning message:
tigger # dpkg -i superfrob_4-1_i386.deb
Selecting previously deselected package superfrob.
(Reading database ... 159540 files and directories currently installed.)
Unpacking superfrob (from superfrob_4-1_i386.deb) ...
dpkg: dependency problems prevent configuration of superfrob:
superfrob depends on frobnik (>> 2); however:
Package frobnik is not installed.
dpkg: error processing superfrob (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
The output indicates that you would need frobnik Version 2 or later for the package to install completely. (The
files in the package are installed, but they may not work until frobnik is installed too.)
Unlike RPM, dpkg doesn't make a distinction between installing a new package and upgrading an existing one;
the -i (or --install) option is used in both cases. For example, if we want to upgrade superfrob using a newly
downloaded package superfrob_5-1_i386.deb, we'd simply type:
tigger # dpkg -i superfrob_5-1_i386.deb
(Reading database ... 159546 files and directories currently installed.)
Preparing to replace superfrob 4-1 (using superfrob_5-1_i386.deb) ...
Unpacking replacement superfrob ...
Setting up superfrob (5-1) ...
To uninstall a package, you can use either the -r (--remove) or -P (--purge) options. The --remove option will
remove most of the package, but will retain any configuration files, while --purge will remove the system-wide
configuration files as well. For example, to completely remove superfrob:
tigger # dpkg -P superfrob
(Reading database ... 159547 files and directories currently installed.)
Removing superfrob ...
dpkg can also be used to find out what packages are installed on a system, using the -l (--list) option:
tigger $ dpkg -l
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name
+++-= == == == == == == =-= == == == == == == =-= == == == ==
== == == == == == == == == == == == == == == =
ii a2ps
GNU a2ps 'Anything to PostScript' converter
ii aalib1
ascii art library
ii abcde
A Better CD Encoder
ii zlib1g-dev
compression library - development
The first three lines of the output are designed to tell you what the first three columns before each package's
name mean. Most of the time, they should read ii, which means the package is correctly installed. If they
don't, you should type dpkg --audit for an explanation of what is wrong with your system and how to fix it.
You can also use the -l option with a package name or glob-style pattern; for example, you could find out
what version of superfrob is installed using the following:
tigger $ dpkg -l superfrob
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name
+++-= == == == == == == =-= == == == == == == =-= == == == ==
== == == == == == == == == == == == == == == =
ii superfrob
The superfrobulator
dpkg can also be used to find out the package to which a particular file belongs:
tigger $ dpkg --search /bin/false
shellutils: /bin/false
tigger $ dpkg --search /home/kalle/.xinitrc
dpkg: /home/kalle/.xinitrc not found.
You can also display information about an installed package or .deb archive:
tigger $ dpkg --status dpkg
Package: dpkg
Essential: yes
Status: install ok installed
Priority: required
Section: base
Installed-Size: 3156
Origin: debian
Maintainer: Dpkg Development <[email protected]>
Bugs: debbugs://
Version: 1.9.19
Replaces: dpkg-doc-ja
Pre-Depends: libc6 (>= 2.2.4-4), libncurses5 (>= 5.2.20020112a-1), libstdc++2.10glibc2.2 (>= 1:2.95.4-0.010810)
Conflicts: sysvinit (<< 2.80)
/etc/alternatives/README 69c4ba7f08363e998e0f2e244a04f881
/etc/dpkg/dpkg.cfg 1db461ac9a1d4f4c8b47f5061078f5ee
/etc/dpkg/dselect.cfg 190f7cf843556324495ef12759b752e3
/etc/dpkg/origins/debian 24926c0576edec3e316fd9f6072b8118
Description: Package maintenance system for Debian
This package contains the programs which handle the installation and
removal of packages on your system.
The primary interface for the dpkg suite is the 'dselect' program;
a more low-level and less user-friendly interface is available in
the form of the 'dpkg' command.
In order to unpack and build Debian source packages you will need to
install the developers' package 'dpkg-dev' as well as this one.
tigger $ dpkg --info reportbug_1.43_all.deb
new debian package, version 2.0.
size 66008 bytes: control archive= 1893 bytes.
40 bytes,
2 lines
1000 bytes,
24 lines
986 bytes,
15 lines
1014 bytes,
41 lines
* postinst
147 bytes,
5 lines
* postrm
416 bytes,
19 lines
* prerm
Package: reportbug
Version: 1.43
Section: utils
Priority: standard
Architecture: all
Depends: python
Recommends: python-newt
Suggests: postfix | mail-transport-agent, gnupg | pgp, python-ldap (>= 1.8-1)
Conflicts: python (>> 2.3), python-newt (= 0.50.17-7.1)
Installed-Size: 195
Maintainer: Chris Lawrence <[email protected]>
Description: Reports bugs in the Debian distribution.
reportbug is a tool designed to make the reporting of bugs in Debian
and derived distributions relatively painless. Its features include:
* Integration with the mutt, af, and mh/nmh mail readers.
* Access to outstanding bug reports to make it easier to identify
whether problems have already been reported.
* Support for following-up on outstanding reports.
* Optional PGP/GnuPG integration.
reportbug is designed to be used on systems with an installed mail
transport agent, like exim or sendmail; however, you can edit the
configuration file and send reports using any available mail server.
dpkg can also list the files and directories included in a .deb archive:
tigger $ dpkg --contents superfrob_4-1_i386.deb
-rwxr-xr-x root/root
44951 2002-02-10 12:16:48 ./usr/bin/dothefrob
-rwxr-xr-x root/root
10262 2002-02-10 12:16:48 ./usr/bin/frobhelper
dpkg, like rpm, has numerous other options; for more details, refer to the manual pages for dpkg and dpkgdeb.
In addition to dpkg, Debian and other Debian-based distributions provide the apt suite of programs. [*] apt
stands for "advanced package tool," and is designed as an archive-independent system that can handle
multiple package formats. Perhaps the most important feature of apt is its ability to resolve dependencies
automatically; if, for example, superfrob requires Version 2 or later of frobnik, apt will try to find frobnik from
the sources that are available to it (including CD-ROMs, local mirrors, and the Internet).
[*] Some RPM-based distributions now include
apt as well because apt was designed to work with any packaging format.
The most useful interface to apt is the apt-get command. apt-get manages the list of available packages (the
"package cache") and can be used to resolve dependencies and install packages. A typical session would start
with an update of the apt cache:
tigger # apt-get update
Get:1 stable/main Packages [808kB]
Get:2 stable/main Release [88B]
Hit stable/non-US/main Packages
Hit stable/non-US/main Release
Get:3 stable/updates/main Packages [62.1kB]
Get:4 stable/updates/main Release [93B]
Fetched 870kB in 23s (37kB/s)
Reading Package Lists... Done
Building Dependency Tree... Done
The output indicates that there have been updates to the stable distribution, so we may want to upgrade the
packages already installed on the system. To do this automatically, we can use apt-get's upgrade option:
tigger # apt-get upgrade
The following packages have been kept back:
17 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 16.3MB of archives. After unpacking 5kB will be freed.
Do you want to continue? [Y/n] y
Get:1 stable/main base-passwd 3.4.6 [17.2kB]
Get:2 stable/updates/main ssh 1:3.1.6p4-1 [600kB]
(Reading database ... 159546 files and directories currently installed.)
Preparing to replace ssh 1:3.0.3p2-6 (using .../ssh_1%3a3.1.6p4-1_i386.deb) ...
Unpacking replacement ssh ...
One thing you will notice is that unlike most Linux commands, the actions taken by apt commands are
specified without dashes. apt-get does allow some options, but they are used only to change the behavior of
the main action specified.[ ]
] Some other Linux commands, such as
cvs, also act this way.
Note that gnumeric was not automatically upgraded, probably because it would have required additional
packages to be installed. To upgrade it and resolve dependencies, we can use apt-get's install option, with the
names of one or more packages: [*]
Note that apt-get does not install packages directly from .deb archives; dpkg's --install option should be used instead for an archive that you have in
a .deb archive on disk or have downloaded directly from the Internet. When using dpkg, you will need to resolve the dependencies yourself.
tigger # apt-get install gnumeric
The following extra packages will be installed:
libgal36 libglade3
The following NEW packages will be installed:
2 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 8.3MB of archives. After unpacking 503kB will be used.
Do you want to continue? [Y/n] y
Another useful feature of apt is its ability to find information about packages in the repository. The apt-cache
command is used to look up information about packages that are available for installation. One common use
of apt-cache is to find packages based on keywords in the package's description, by using words, complete
phrases (in quotes), or regular expressions. For example, if you want to find a package that allows you to play
Ogg Vorbis-encoded music files, you can use the search option to find appropriate packages:
tigger $ apt-cache search "ogg vorbis"
audacity - A fast, cross-platform audio editor
bitcollider-plugins - bitcollider plugins
cplay - A front-end for various audio players
gqmpeg - a GTK+ front end to mpg321/mpg123 and ogg123
libapache-mod-mp3 - turns Apache into a streaming audio server
libvorbis0 - The Vorbis General Audio Compression Codec
mp3blaster - Full-screen console mp3 and ogg vorbis player
mp3burn - burn audio CDs directly from MP3s or Ogg Vorbis files
oggtst - Read comments in ogg vorbis files
python-pyvorbis - A Python interface to the Ogg Vorbis library
vorbis-tools - Several Ogg Vorbis Tools
xmms - Versatile X audio player that looks like Winamp
xmms-dev - XMMS development static library and header files
mq3 - a mp3/ogg audio player written in Qt.
Now, if we are interested in one of these packages, we can find out more about it using the show option of
tigger $ apt-cache show xmms
Package: xmms
Priority: optional
Section: sound
Installed-Size: 4035
Maintainer: Josip Rodin <[email protected]>
Description: Versatile X audio player that looks like Winamp
XMMS (formerly known as X11Amp) is an X/GTK+ based audio player
for various audio formats.
It's able to read and play:
* Audio MPEG layer 1, 2, and 3 (with mpg123 plug-in),
* WAV, RAW, AU (with internal wav plug-in and MikMod plug-in),
* MOD, XM, S3M, and other module formats (with MikMod plug-in),
* CD Audio (with CDAudio plug-in), with CDDB support,
* .cin files, id Software,
* Ogg Vorbis files.
It has eSound, OSS, and disk writer support for outputting sound.
It looks almost the same as famous Winamp, and includes those neat
features like general purpose, visualization and effect plug-ins,
several of which come bundled, then spectrum analyzer, oscilloscope,
skins support, and of course, a playlist window.
Although a full exploration of apt's features is beyond the scope of this chapter, the apt manual page (and the
manual pages it references) along with the APT HOWTO (available in the apt-howto-en package) should
answer any questions you may have.
In addition to the command-line tools, a number of easy-to-use text-based and graphical frontends have been
developed. One of the most mature frontends is KPackage , which is part of the KDE Desktop Environment, but
can be used with other desktops, such as GNOME. KPackage can be run from the command line or found in the
System menu of KDE. Figure 12-1 shows a sample screen from KPackage.
The main window of KPackage displays a list of all the packages available for your system on the left, with a
box to the right; when you choose a package in the list, the box to the right includes information about the
package you selected. You can install or uninstall packages by selecting them and choosing Install or Uninstall
from the Packages menu, or by clicking the column labeled Mark to place a check mark next to them and then
clicking the "Install marked" or "Uninstall marked" buttons. You can also install .deb packages directly by
clicking the Open button on the toolbar to the left of the screen and selecting the file, or dragging .deb icons
from KDE file manager windows into KPackage's window. KPackage also has tools for finding packages with
particular names. Like all KDE applications, KPackage has help available by pressing F1 or using the Help
12.3. Automated and Bulk Upgrades
Nearly every distribution now includes a convenient update mechanism. SUSE ships one as part of
YaST, and Red Hat uses an application called up2date that connects to the Red Hat Network. Debian, of
course, has the apt-get utility described in the previous section. There are other tools out there, but
you'll have to install them first. Usually there's no reason to go to all that trouble.
Figure 12-1. KPackage package manager
The update systems are designed to be ultra-simple and therefore are mostly intuitive to use. We will
briefly introduce two here: YOU, which comes from the SUSE world, and ZENworks, which comes from
the Red Hat world.
12.3.1. YaST Online Update: Automated Updates
YOU ("YaST Online Update") is SUSE's automated update tool. The service is free to use (i.e., it is not a
subscription-based service). You run it whenever you feel like it (but doing it regularly might be a good
idea if you plan to use such a tool at all). YOU is integrated into the YaST system administration tool; in
the Software section, you'll find the Online Update icon. Click this, and the online update screen will
appear. At first it is empty, because it needs to load the list of available servers. This can change
dynamically over time. You can browse the drop-down list "Installation source" to choose a location that
is close to you network-wise.
If you check the checkbox Manually Select Patches and click Next, you will, after a period of time during
which the list of updated packages is loaded, be taken to another page (see Figure 12-2) where you can
select the packages to update. Those updates that are relevant to you (in other words, that apply to
packages you have installed) are already checked. It might still be a good idea to browse down the list,
though, because YOU even gets you some packages that are, for legal reasons, not on the installation
media. For example, the package fetchmsttfonts lets you download and install TrueType fonts provided
by Microsoft (isn't that ironic?). Drivers for various WLAN cards are another example of packages that
are only available via the online update. Because these do not update existing packages, they are never
checked by default initially, so you may want to choose the manual update selection at least once and
check them.
Figure 12-2. Manual package selection in YOU
If you do not check the Manually Select Patches box, the update selection step will be skipped, and the
update will be performed immediately.
Another nice little gadget that comes with YOU is the SUSE Watcher. This is a panel applet for your KDE
desktop that monitors the package update sites and alerts you when security patches are available by
switching into a red ball (see Figure 12-3). Right-clicking that ball opens a context menu that lets you
start the online update.
Figure 12-3. SUSE Watcher indicates available security patches
12.3.2. Red Carpet and ZENworks Linux Management: Alternative Package
Management Tools
This section looks at another tool for automated update management, called Red Carpet (now part of
the ZENworks Linux Management tools from Novell), and explains some of the advantages of different
approaches to package management.
Originally developed as an updater for GNOME desktop software, Red Carpet is currently distributed by
Novell as part of SUSE Linux distributions and is also available from other sources as a standalone
system updater. It can install updates from a variety of servers, including apt repositories and
ZENworks servers. Administrators of several flavors of Linux will appreciate having the Red Carpet tools
on all their systems, because they provide a consistent interface and command set that abstracts away
the package management quirks of individual distributions.
The client side of the package system consists of a daemon (rcd, soon to be changed to zmd), a
command-line interface (rug), and a graphical interface. All three of these pieces are free software,
although Novell sells a proprietary server application as part of its overall software management suite.
The server side is designed for very large, complex organizations and won't be covered here, but we will
cover a free alternative for software distribution, Open Carpet.
The ZENworks system distributes Linux software divided into channels, like television shows. Each
channel contains a group of individual RPM packages that are related in some way: core operating
system, for example, or games. Each package is also assigned a section, such as Productivity or
Multimedia, to help you find applications that perform a particular task. You can subscribe to channels
the way you would with cable television, so that they can show only software you are interested in. This
is particularly useful when there are multiple channels offering different versions of the same
application, such as one for the stable branch of Evolution, and one for unstable developer snapshots.
Red Carpet, like other tools, will handle all dependency checking for you: if you try to install a new
version of Evolution, and it requires that you upgrade gtkhtml, the program will offer to upgrade that as
well. Similarly, if you try to remove software that is required, Red Carpet will warn you that, to keep a
clean package database, it will be removing everything upstream from that. For example, if you try to
remove the gtk+ package, you'll also have to tear out most of your GNOME desktop tools, which almost
universally require that library. Installing Red Carpet
You can download Red Carpet RPM packages from or from your Linux distribution's
web site. You may also wish to check or for additional
sources. You will need the daemon package rcd or zmd and at least one of the rug (command-line) or
Red Carpet (GUI) interface tools. The packages have few dependencies, so you should be able to install
them no trouble using the command rpm -Uvh. Using the Red Carpet GUI
The Red Carpet graphical update tool can be invoked either from a menu or with the red-carpet
command. When you first start it, it will tell you that there are no updates available, because you have
not subscribed to any channels. To change your channel subscriptions, click the Channels button and
select the items you want.
Once you have subscribed to channels, the start screen of Red Carpet will display new versions of
packages you already have installed, if any are available. Each update is displayed with its name, the
version you have and the version of the updated package, plus a recommendation as to how important
that update is, ranging from "minor" for small enhancements to "urgent" and "necessary" for more
important bugs such as security problems.
To install updates, select the packages you want to update and click the Mark for Installation button, or
just click Update All. Then, click the Run Now button. Red Carpet will ask you to confirm the operation,
and then perform it.
Near the top of the Red Carpet window is a set of tabsInstalled Software, Available Software, and
Searchthat let you see longer lists of software. The first one lists software you already have, the second
lists software you don't have, and the third displays all the software that the system knows about
whether it's installed or not. In all three cases, you can filter out software by channels and sections,
search for specific words in the package name and description, or just show the whole list.
You can mark any package for installation or removal in any of the first four tabs. Actions you have
decided to take are listed in the left side of the screen and, in greater detail, in the Pending Actions tab.
Only when you click Run Now and confirm all the actions you want to perform will the application
remove or install software.
Once you've run a transaction or two, click the History tab to see them listed. This can be very useful if
something breaks after a particular software change, and you want to know what you need to undo.
If you're not satisfied with the download performance you get, or with the software available to you,
select Edit
Services and add or remove servers. You can even use several services at once, for the
maximum variety of software. You'll find a list of additional services at Using the rug command
Once you understand the general zmd concepts, you may find it more convenient to run updates at the
command line with rug. Each command consists of rug followed by an action and any option flags or
arguments. All actions also have convenient shorthand notations, which we won't use here, but which
you can find in the manpages.
Note that, as with all package management systems, most rug actions will require root privileges.
The first action you'll want to use is rug list-updates, which displays a list of available updates. If you
want to install them, you can then run rug update. To search for software, use rug search followed by a
package name or name fragment. For these and all other rug actions, you can get detailed help by
running the command rug action --help. A complete list of actions is available in the manpage and as
the output of the command rug help.
More advanced commands for rug include package locking , which lets you mark certain packages as
not upgradeable. To add a lock, use rug lock-add packagename. Locks are listed numerically with the rug
lock-list command, and deleted using the rug lock-delete locknumber command.
Other actions let you check dependencies. For example, rug what-requires item tells you what software
requires a particular piece of software. You can check dependencies on entire packages, on libraries,
commands, or almost anything else. For example:
system:/root # rug what-requires libusb
S | Channel
| Package
| Version
| libusb Version
--+--------------+-------------------+------------------+---------------| suse-92-i586 | ctapi-cyberjack
| 1.0.0-173.1
| (any)
i | suse-92-i586 | pcsc-cyberjack
| 1.1.1-245.1
| (any)
v | suse-92-i586 | pcsc-etoken
| 1.1.1-245.1
| (any)
In this example, we see what packages make use of the libusb library. The first column, S, represents
the status of the packages in the list. The i next to pcsc-cyberjack denotes that the package is
installed. The spaces next to the other packages let us know that they are not installed, and a v
indicates that a different version of the package is installed. The second column notes the channel from
which the package comes, the third and fourth the package and its version, and the last shows which
version of the library is required by the package. In this case, all three packages are content with any
version of libusb.
One side effect of being able to check dependencies at a finer level than packages is that you can use
the rug solvedeps command to install a library without having to worry about versions or packages. For
example, if an application you are trying to install demands libfoo greater than 1.5, you can ask it to
solve the problem for you with the command rug solvedeps "libfoo > 1.5". You can also tell solvedeps to
avoid a package, library, or binary by placing an exclamation point in front of it: rug solvedeps "!libfoo"
"frob > 2.3". If it is possible to install frob Version 2.3 or greater without installing libfoo, it will do so.
Finally, you can access multiple services through rug just like you can with the GUI. Use the rug serviceadd command, followed by the URL for the service. Several services are listed at Multiple users
Imagine that you are a system administrator and want to update several systems, but that you don't
have root access to all of them. How can you do it? During your system install, install zmd and
configure it to recognize you as a remote user. Then, even when the root password changes, you can
still install security updates.
To add a user, use the command rug user-add username or, in the GUI, select Edit
Users. You will
need to enter a password and select privileges for the user you are creating. Note that these usernames
and passwords are totally distinct from system logins.
You can grant the following privileges:
User can install new software.
User can add or delete package locks.
User can remove software.
User can alter channel subscriptions.
User has all access granted to the local root user.
User can install unsigned packages.
User can upgrade existing software.
User can see what software is installed, and check updates. This is the only privilege that is
turned on by default.
Once you have created a user account with the daemon, you can let that user update the system and
maintain its software without having to grant them full access to the data on the machine.
To disable remote user connections, use the command rug set-prefs remote-enabled false.
To access a remote daemon using the Red Carpet GUI, select File
Connect to Daemon and enter the
address of the remote server. To access a remote daemon using rug, use the --host flag to set the host.
Note that the default port for listening is 505. Operating an update server
Large businesses often want to keep software updates within their firewalls and completely under their
control. To do that, they use enterprise-class upgrade servers with sophisticated interfaces and multiple
levels of administrator privileges. That's not the kind of update server we're covering here. If you're
shipping a few updates to a few systems, or if you're a developer shipping software and want to make it
easy to install and update, you don't need a really complicated system. You just want to make sure that
the beta testers have the latest version.
Open Carpet is a free server for HTTP, FTP, and Red Carpet access to packages and package metadata.
That means that anyone with a web browser can also download the files and install them by hand, just
like with a regular file server, but in addition, Red Carpet users can update and resolve dependencies
automatically. In some places it's a little rough around the edges, but it works nicely for those willing to
fiddle with configuration files a little bit.
To set up your own server, install open-carpet and libredcarpet-python, available at http://opencarpet.organd of course through the site's own official Open Carpet service. The packages provided
contain sample configuration files, normally installed to /usr/share/doc/packages/open-carpet/sample/.
Edit the server.conf file first. It's simple enough: enter a name for the server, your email address, and
so forth. At the end, it points to a channel directory. Create that directory, put packages in it, and run
the open-carpet command. If all goes well, you've got a server. To ship updates, just copy them to the
channel directories and run the script again.
12.4. Upgrading Software Not Provided in Packages
A lot of interesting software is offered outside the package systems, although as it becomes popular, the
developers tend to provide Linux packages. In order to install or upgrade applications that don't yet exist
as packages, you'll have to obtain the newest release of the software. This is usually available as a gzipped
or compressed tar file. Such a package could come in several forms. The most common are binary
distributions, in which the binaries and related files are archived and ready to unpack on your system, and
source distributions, in which the source code (or portions of the source code) for the software is provided,
and you have to issue commands to compile and install it on your system.
Shared libraries make distributing software in binary form easy; as long as you have a version of the
libraries installed that is compatible with the library stubs used to build the program, you're set. However,
in many cases, it is easier (and a good idea) to release a program as source . Not only does this make the
source code available to you for inspection and further development, but it also allows you to build the
application specifically for your system, with your own libraries. Many programs allow you to specify
certain options at compile time, such as selectively including various features in the program when built.
This kind of customization isn't possible if you get prebuilt binaries.
There's also a security issue at play when installing binaries without source code. Although on Unix
systems viruses are nearly unheard of, it's not difficult to write a Trojan Horse, a program that appears to
do something useful but, in actuality, causes damage to the system. [*] For example, someone could write
an application that includes the "feature" of deleting all files in the home directory of the user executing
the program. Because the program would be running with the permissions of the user executing it, the
program itself would have the ability to do this kind of damage. (Of course, the Unix security mechanism
prevents damage being done to other users' files or to any important system files owned by root.)
A virus in the classic sense is a program that attaches to a "host" and runs when the host is executed. On Unix systems, this usually requires
root privileges to do any harm, and if programmers could obtain such privileges, they probably wouldn't bother with a virus.
Although having source code won't necessarily prevent this from happening (do you read the source code
for every program you compile on your system?), at least it gives you a way to verify what the program is
really doing. Also, if source code is available, it is likely that some people will peruse it, so that using
source is a bit safer; however, you can't count on that.
There are techniques for verifying binary packages as well, namely signed packages. The packager can
sign a package with his PGP key, and package tools such as RPM have means of verifying such a signature.
However, you will still have to rely on the packager having packaged correctly and without bad intentions.
All the signature tells you is that the package really comes from who it says it comes from, and that it
hasn't been tampered with on its way from the packager to your hard disk.
At any rate, dealing with source and binary distributions of software is quite simple. If the package is
released as a tar file, first use the tar t option to determine how the files have been archived. In the case
of binary distributions, you may be able to unpack the tar file directly on your systemsay, from / or /usr.
When doing this, be sure to delete any old versions of the program and its support files (those that aren't
overwritten by the new tar file). If the old executable comes before the new one on your path, you'll
continue to run the old version unless you remove it.
Source distributions are a bit trickier. First, you must unpack the sources into a directory of their own.
Most systems use /usr/src for just this. Because you usually don't have to be root to build a software
package (although you will usually require root permissions to install the program once compiled!), it
might be a good idea to make /usr/src writable by all users, with the command:
chmod 1777 /usr/src
This allows any user to create subdirectories in /usr/src and place files there. The first 1 in the mode is the
"sticky" bit, which prevents users from deleting each other's subdirectories.
You can now create a subdirectory under /usr/src and unpack the tar file there, or you can unpack the tar
file directly from /usr/src if the archive contains a subdirectory of its own.
Once the sources are available, the next step is to read any README and INSTALL files or installation notes
included with the sources. Nearly all packages include such documentation. The basic method used to build
most programs is as follows:
1. Check the Makefile. This file contains instructions for make, which controls the compiler to build
programs. Many applications require you to edit minor aspects of the Makefile for your own system;
this should be self-explanatory. The installation notes will tell you if you have to do this. If there is no
Makefile in the package, you might have to generate it first. See item 3 for how to do this.
2. Possibly edit other files associated with the program. Some applications require you to edit a file
named config.h; again, this will be explained in the installation instructions.
3. Possibly run a configuration script. Such a script is used to determine what facilities are available on
your system, which is necessary to build more complex applications.
Specifically, when the sources do not contain a Makefile in the top-level directory, but instead a file
called and a file called configure, the package has been built with the Autoconf system. In
this (more and more common) case, you run the configuration script like this:
The ./ should be used so that the local configure is run, and not another configure program that
might accidentally be in your path. Some packages let you pass options to configure that often enable
or disable specific features of the package. (You can find out what these options are with configure -help.) Once the configure script has run, you can proceed with the next step.
4. Run make. Generally, this executes the appropriate compilation commands as given in the Makefile.
In many cases you'll have to give a "target" to make, as in make all or make install. These are two
common targets; the former is usually not necessary but can be used to build all targets listed in a
Makefile (e.g., if the package includes several programs, but only one is compiled by default); the
latter is often used to install the executables and support files on the system after compilation. For
this reason, make install is usually run as root.
Even after the installation, there is often one major difference between programs installed from
source or from a binary package. Programs installed from source are often installed below /usr/local
by default, which is rarely the case with binary packages.
You might have problems compiling or installing new software on your system, especially if the program in
question hasn't been tested under Linux, or depends on other software you don't have installed. In Chapter
21, we talk about the compiler, make, and related tools in detail.
Most software packages include manual pages and other files, in addition to the source and executables.
The installation script (if there is one) will place these files in the appropriate location. In the case of
manual pages, you'll find files with names such as foobar.1 or These files are usually nroff
source files, which are formatted to produce the human-readable pages displayed by the man command. If
the manual page source has a numeric extension, such as .1, copy it to the directory /usr/man/man1,
where 1 is the number used in the filename extension. (This corresponds to the manual "section" number;
for most user programs, it is 1.) If the file has an extension such as .man, it usually suffices to copy the file
to /usr/man/man1, renaming the .man extension to .1.
12.4.1. Upgrading Libraries
Most of the programs on a Linux system are compiled to use shared libraries . These libraries contain
useful functions common to many programs. Instead of storing a copy of these routines in each program
that calls them, the libraries are contained in files on the system that are read by all programs at runtime.
That is, when a program is executed, the code from the program file itself is read, followed by any routines
from the shared library files. This saves a great deal of disk spaceonly one copy of the library routines is
stored on disk.
If you're lucky, using the package system means that the right versions of the libraries each program
needs are installed along with the programs. The package system is supposed to be aware of dependencies
on shared libraries. But because different programs may depend on different versions of libraries, or
because you might install a program without using the package system, you occasionally have to
understand the conventions for libraries explained in this section.
In some instances, it's necessary to compile a program to have its own copy of the library routines (usually
for debugging) instead of using the routines from the shared libraries. We say that programs built in this
way are statically linked, whereas programs built to use shared libraries are dynamically linked.
Therefore, dynamically linked executables depend upon the presence of the shared libraries on disk.
Shared libraries are implemented in such a way that the programs compiled to use them generally don't
depend on the version of the available libraries. This means that you can upgrade your shared libraries,
and all programs that are built to use those libraries will automatically use the new routines. (There is an
exception: if major changes are made to a library, the old programs won't work with the new library. You'll
know this is the case because the major version number is different; we explain more later. In this case,
you keep both the old and new libraries around. All your old executables will continue to use the old
libraries, and any new programs that are compiled will use the new libraries.)
When you build a program to use shared libraries, a piece of code is added to the program that causes it
to execute, the dynamic linker, when the program is started. is responsible for finding the
shared libraries the program needs and loading the routines into memory. Dynamically linked programs
are also linked against "stub" routines, which simply take the place of the actual shared library routines in
the executable. replaces the stub routine with the code from the libraries when the program is
The ldd command can be used to list the shared libraries on which a given executable depends. For
rutabaga$ ldd /usr/bin/X11/xterm => (0xffffe000) => /usr/X11R6/lib/ (0x40037000) => /usr/lib/ (0x4004b000) => /usr/lib/ (0x40079000) => /usr/lib/ (0x400e8000) => /usr/X11R6/lib/ (0x40107000) => /usr/X11R6/lib/ (0x4010f000) => /usr/X11R6/lib/ (0x4016b000) => /usr/X11R6/lib/ (0x40182000) => /usr/X11R6/lib/ (0x401d5000) => /usr/X11R6/lib/ (0x401dd000) => /usr/X11R6/lib/ (0x401f5000) => /usr/X11R6/lib/ (0x40205000) => /usr/X11R6/lib/ (0x4020d000) => /usr/X11R6/lib/ (0x4021c000) => /lib/ (0x40318000) => /usr/lib/ (0x4035d000) => /lib/tls/ (0x4035f000) => /lib/ (0x40478000)
/lib/ (0x40000000)
Here, we see that the xterm program depends on a number of shared libraries, including libXaw, libXt,
libX11, and libc. (The libraries starting with libX as well as libSM and libICE are all related to the X Window
System; libc is the standard C library.) We also see the version numbers of the libraries for which the
program was compiled (that is, the version of the stub routines used), and the name of the file that
contains each shared library. This is the file that will find when the program is executed. The first file
in the list, by the way,, is not a real shared library, but rather a so-called dynamic shared
object provided by the kernel, a technicality that speeds up system calls into the kernel and provides other
useful low-level things.
To use a shared library, the version of the stub routines (in the executable) must be compatible with the
version of the shared libraries. Basically, a library is compatible if its major version number matches that
of the stub routines. The major version number is the part right after the .so. In this case, libX11 (the
most basic library used by the X Window System) is used with the major Version 6. The library file (which usually resides in /usr/X11R6/lib) might very well just be a symbolic linkfor example, to This means that the library has the major version number 6 and the minor version number
2. Library versions with the same major version number are supposed to be interchangeable. This way, if a
program was compiled with Version 6.0 of the stub routines, shared library Versions 6.1, 6.2, and so forth
could be used by the executable. If a new version with the major version number 6 and the minor version
number 3 were released (and thus had the filename, all you would need to do to use this
new version is change the symbolic link to point to the new version. The xterm executable
would then automatically benefit from any bug fixes or similar that are included in the new version. In
"More Fun with Libraries" in Chapter 21, we describe how to use shared libraries with your own programs.
The file /etc/ contains a list of directories that searches to find shared library files. An
example of such a file is:
/opt/kde3/lib always looks in /lib and /usr/lib, regardless of the contents of Usually, there's no reason to
modify this file, and the environment variable LD_LIBRARY_PATH can add additional directories to this search
path (e.g., if you have your own private shared libraries that shouldn't be used system-wide). However, if
you do add entries to /etc/ or upgrade or install additional libraries on your system, be sure to
use the ldconfig command, which will regenerate the shared library cache in /etc/ from the
search path. This cache is used by to find libraries quickly at runtime without actually having to
search the directories on its path. For more information, check the manual pages for and ldconfig.
Now that you understand how shared libraries are used, let's move on to upgrading them. The two
libraries that are most commonly updated are libc (the standard C library) and libm (the math library).
Because naming is a little bit special for these, we will look at another library here, namely libncurses,
which "emulates" a graphical windowing system on the text console.
For each shared library, there are two separate files:
This is the static version of the library. When a program is statically linked, routines are copied from
this file directly into the executable, so the executable contains its own copy of the library
On some distributions, the static versions of the libraries are moved into a separate package and not necessarily
installed by default. If this is the case, you won't find the .a files unless you install them.
< library>.so.<version>
This is the shared library image itself. When a program is dynamically linked, the stub routines from
this file are copied into the executable, allowing to locate the shared library at runtime. When
the program is executed, copies routines from the shared library into memory for use by the
program. If a program is dynamically linked, the <library>.a file is not used for this library.
For the libncurses library, you'll have files such as libncurses.a and The .a files are
generally kept in /usr/lib, and .so files are kept in /lib. When you compile a program, either the .a or the
.so file is used for linking, and the compiler looks in /lib and /usr/lib (as well as a variety of other places)
by default. If you have your own libraries, you can keep these files anywhere, and control where the linker
looks with the -L option to the compiler. See "More Fun with Libraries" in Chapter 21 for details.
The shared library image, <library>.so. version, is kept in /lib for most system-wide libraries. Shared
library images can be found in any of the directories that searches at runtime; these include /lib,
/usr/lib, and the files listed in See the manual page for details.
If you look in /lib, you'll see a collection of files such as the following:
1 root
1 root
1 root
1 root
17 Jul 11 06:45 /lib/ \
319472 Jul 11 06:45 /lib/
13 Jul 11 06:45 ->
62606 Jul 11 06:45
Here, we see the shared library images for two libraries -- libncurses and libz. Note that each image has a
symbolic link to it, named <library>.so.<major>, where <major> is the major version number of the
library. The minor number is omitted because searches for a library only by its major version
number. When sees a program that has been compiled with the stubs for Version 5.4 of libncurses, it
looks for a file called in its search path. Here, /lib/ is a symbolic link to
/lib/, the actual version of the library we have installed.
When you upgrade a library, you must replace the .a and .so.<version> files corresponding to the library.
Replacing the .a file is easy: just copy over it with the new versions. However, you must use some caution
when replacing the shared library image, .so.<version>; many of the text-based programs on the system
depend on shared library images, so you can't simply delete them or rename them. To put this another
way, the symbolic link <library>.so.<major> must always point to a valid library image. To accomplish
this, first copy the new image file to /lib, and then change the symbolic link to point to the new file in one
step, using ln -sf. This is demonstrated in the following example.
Let's say you're upgrading from Version 5.4 of the libncurses library to Version 5.5. You should have the
files libncurses.a and First, copy the .a file to the appropriate location, overwriting the
old version:
rutabaga# cp libncurses.a /usr/lib
Now, copy the new image file to /lib (or wherever the library image should be):
rutabaga# cp /lib
Now, if you use the command ls -l /lib/libncurses, you should see something like the following:
1 root
1 root
1 root
17 Dec 10
319472 May 11
321042 May 11
1999 /lib/ ->
2001 /lib/
2001 /lib/
To update the symbolic link to point to the new library, use the command:
rutabaga# ln -sf /lib/ /lib/
This gives you:
lrwxrwxrwx 1 root root
14 Oct 23 13:25 ->\
-rwxr-xr-x 1 root root 623620 Oct 23 13:24
-rwxr-xr-x 1 root root 720310 Nov 16 11:02
Now you can safely remove the old image file, You must use ln -sf to replace the
symbolic link in one step, especially when updating crucial libraries, such as libc. If you were to remove
the symbolic link first, and then attempt to use ln -s to add it again, more than likely ln would not be able
to execute because the symbolic link is gone, and as far as is concerned, the libc library can't be
found. Once the link is gone, nearly all the programs on your system will be unable to execute. Be very
careful when updating shared library images. For libncurses, things are less critical because you will
always have command-line programs left to clean up any mess you have made, but if you are used to
using ncurses-based programs, such as Midnight Commander, this might still be an inconvenience for you.
Whenever you upgrade or add a library to the system, it's not a bad idea to run ldconfig to regenerate the
library cache used by In some cases, a new library may not be recognized by until you run
One question remains: where can you obtain the new versions of libraries? Several of the basic system
libraries (libc, libm, and so on) can be downloaded from the directory This
contains source versions of libc and related libraries. Other libraries are maintained and archived
separately. At any rate, all libraries you install should include the .so.version files and possibly the .a files,
as well as a set of include files for use with the compiler.
12.4.2. Upgrading the Compiler
One other important part of the system to keep up to date is the C compiler and related utilities. These
include gcc (the GNU C and C++ compiler itself), the linker, the assembler, the C preprocessor, and
various include files and libraries used by the compiler itself. All are included in the Linux gcc distribution.
Usually, a new version of gcc is released along with new versions of the libc library and include files, and
each requires the other.
You can find the current gcc release on the various FTP archives, including
The release notes there should tell you what to do. If you don't have Internet access, you can obtain the
newest compiler from CD-ROM archives of the FTP sites, as described earlier.
To find out what version of gcc you have, use the command:
gcc -v
This should tell you something like:
Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.5/specs
Configured with: ../configure --enable-threads=posix --prefix=/usr --with-localprefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --enablelanguages=c,c++,f77,objc,java,ada --disable-checking --libdir=/usr/lib --enablelibgcj --with-slibdir=/lib --with-system-zlib --enable-shared --enable-_ _cxa_atexit
Thread model: posix
gcc version 3.3.5 20050117 (prerelease) (SUSE Linux)
The last line is the interesting one, telling you the version number of gcc and when it was released. Note
that gcc itself is just a frontend to the actual compiler and code-generation tools found under
gcc (usually in /usr/bin) can be used with multiple versions of the compiler proper, with the -V option. In
"Programming with gcc" in Chapter 21, we describe the use of gcc in detail.
We would at this point like to warn you not to try newer compilers without knowing exactly what you are
doing. Newer compilers might generate object files that are incompatible with the older ones; this can lead
to all kinds of trouble. Version 3.3.x of gcc is, at the time of this writing, considered the standard compiler
for Linux that everybody expects to find available, even though Versions 3.4.0 and even 4.0.0 are already
available. Earlier, when one distributor (Red Hat) started to ship a newer version instead (and even that
newer version was not officially released), users ran into lots of trouble. Of course, by the time you read
this, another compiler version might be considered the standard. And if you feel adventurous, by all means
try newer versions, just be prepared for some serious tweaking.
12.5. Archive and Compression Utilities
When installing or upgrading software on Unix systems, the first things you need to be familiar with are
the tools used for compressing and archiving files. Dozens of such utilities are available. Some of these
(such as tar and compress) date back to the earliest days of Unix; others (such as gzip and the even
newer bzip2) are relative newcomers. The main goal of these utilities is to archive files (that is, to pack
many files together into a single file for easy transportation or backup) and to compress files (to reduce
the amount of disk space required to store a particular file or set of files).
In this section, we're going to discuss the most common file formats and utilities you're likely to run
into. For instance, a near-universal convention in the Unix world is to transport files or software as a tar
archive, compressed using compress, gzip, or bzip2. In order to create or unpack these files yourself,
you'll need to know the tools of the trade. The tools are most often used when installing new software or
creating backupsthe subject of the following two sections in this chapter. Packages coming from other
worlds, such as the Windows or Java world, are often archived and compressed using the zip utility; you
can unpack these with the unzip command, which should be available in most Linux installations.[*]
[*] Notice that despite the similarity in names,
zip on the one hand and gzip and bzip2 on the other hand do not have much in common. zip is
both a packaging and compression tool, whereas gzip/bzip2 are for compression onlythey typically rely on tar for the actual packaging. Their
formats are incompatible; you need to use the correct program for unpacking a certain package.
12.5.1. Using gzip and bzip2
gzip is a fast and efficient compression program distributed by the GNU project. The basic function of
gzip is to take a file, compress it, save the compressed version as filename.gz, and remove the original,
uncompressed file. The original file is removed only if gzip is successful; it is very difficult to accidentally
delete a file in this manner. Of course, being GNU software, gzip has more options than you want to
think about, and many aspects of its behavior can be modified using command-line options.
First, let's say that we have a large file named garbage.txt:
rutabaga$ ls -l garbage.txt
-rw-r--r-1 mdw
312996 Nov 17 21:44 garbage.txt
To compress this file using gzip, we simply use the command:
gzip garbage.txt
This replaces garbage.txt with the compressed file garbage.txt.gz. What we end up with is the following:
rutabaga$ gzip garbage.txt
rutabaga$ ls -l garbage.txt.gz
-rw-r--r-1 mdw
103441 Nov 17 21:44 garbage.txt.gz
Note that garbage.txt is removed when gzip completes.
You can give gzip a list of filenames; it compresses each file in the list, storing each with a .gz
extension. (Unlike the zip program for Unix and MS-DOS systems, gzip will not, by default, compress
several files into a single .gz archive. That's what tar is for; see the next section.)
How efficiently a file is compressed depends on its format and contents. For example, many graphics file
formats (such as PNG and JPEG) are already well compressed, and gzip will have little or no effect upon
such files. Files that compress well usually include plain-text files and binary files, such as executables
and libraries. You can get information on a gzipped file using gzip -l. For example:
rutabaga$ gzip -l garbage.txt.gz
compressed uncompr. ratio uncompressed_name
312996 67.0% garbage.txt
To get our original file back from the compressed version, we use gunzip, as in the following:
gunzip garbage.txt.gz
After doing this, we get:
rutabaga$ gunzip garbage.txt.gz
rutabaga$ ls -l garbage.txt
-rw-r--r-1 mdw
312996 Nov 17 21:44 garbage.txt
which is identical to the original file. Note that when you gunzip a file, the compressed version is
removed once the uncompression is complete. Instead of using gunzip, you can also use gzip -d (e.g., if
gunzip happens not to be installed).
gzip stores the name of the original, uncompressed file in the compressed version. This way, if the
compressed filename (including the .gz extension) is too long for the filesystem type (say, you're
compressing a file on an MS-DOS filesystem with 8.3 filenames), the original filename can be restored
using gunzip even if the compressed file had a truncated name. To uncompress a file to its original
filename, use the -N option with gunzip. To see the value of this option, consider the following sequence
of commands:
rutabaga$ gzip garbage.txt
rutabaga$ mv garbage.txt.gz rubbish.txt.gz
If we were to gunzip rubbish.txt.gz at this point, the uncompressed file would be named rubbish.txt,
after the new (compressed) filename. However, with the -N option, we get the following:
rutabaga$ gunzip -N rubbish.txt.gz
rutabaga$ ls -l garbage.txt
-rw-r--r-1 mdw
312996 Nov 17 21:44 garbage.txt
gzip and gunzip can also compress or uncompress data from standard input and output. If gzip is given
no filenames to compress, it attempts to compress data read from standard input. Likewise, if you use
the -c option with gunzip, it writes uncompressed data to standard output. For example, you could pipe
the output of a command to gzip to compress the output stream and save it to a file in one step:
rutabaga$ ls -laR $HOME | gzip > filelist.gz
This will produce a recursive directory listing of your home directory and save it in the compressed file
filelist.gz. You can display the contents of this file with the command:
rutabaga$ gunzip -c filelist.gz | more
This will uncompress filelist.gz and pipe the output to the more command. When you use gunzip -c, the
file on disk remains compressed.
The zcat command is identical to gunzip -c. You can think of this as a version of cat for compressed
files. Linux even has a version of the pager less for compressed files, called zless.
When compressing files, you can use one of the options -1 through -9 to specify the speed and quality of
the compression used. -1 (also --fast) specifies the fastest method, which compresses the files less
compactly, and -9 (also -- --best) uses the slowest, but best compression method. If you don't specify
one of these options, the default is -6. None of these options has any bearing on how you use gunzip;
gunzip will be able to uncompress the file no matter what speed option you use.
Compared with the more than three decades long history of Unix, gzip is relatively new in the Unix
world. The compression programs used on most Unix systems are compress and uncompress, which
were included in the original Berkeley versions of Unix. compress and uncompress are very much like
gzip and gunzip, respectively; compress saves compressed files as filename.Z as opposed to
filename.gz, and uses a slightly less efficient compression algorithm.
However, the free software community has been moving to gzip for several reasons. First of all, gzip
works better. Second, there has been a patent dispute over the compression algorithm used by
compressthe results of which could prevent third parties from implementing the compress algorithm on
their own. Because of this, the Free Software Foundation urged a move to gzip, which at least the Linux
community has embraced. gzip has been ported to many architectures, and many others are following
suit. Happily, gunzip is able to uncompress the .Z format files produced by compress.
Another compression/decompression program has also emerged to take the lead from gzip. bzip2 is the
newest kid on the block and sports even better compression (on the average about 10% to 20% better
than gzip), at the expense of longer compression times. You cannot use bunzip2 to uncompress files
compressed with gzip and vice versa, and because you cannot expect everybody to have bunzip2
installed on their machine, you might want to confine yourself to gzip for the time being if you want to
send the compressed file to somebody else. However, it pays to have bzip2 installed because more and
more FTP servers now provide bzip2-compressed packages in order to conserve disk space and
bandwidth. It is not unlikely that in a few years from now, gzip will be as uncommon in the Linux world
as compress is today. You can recognize bzip2-compressed files by their .bz2 filename extension.
Although the command-line options of bzip2 are not exactly the same as those of gzip, those that have
been described in this section are. For more information, see the bzip2(1) manual page.
The bottom line is that you should use gzip/gunzip or bzip2/bunzip2 for your compression needs. If you
encounter a file with the extension .Z, it was probably produced by compress, and gunzip can
uncompress it for you.
Earlier versions of gzip used .z (lowercase) instead of .gz as the compressed-filename extension.
Because of the potential confusion with .Z, this was changed. At any rate, gunzip retains backward
compatibility with a number of filename extensions and file types.
12.5.2. Using tar
tar is a general-purpose archiving utility capable of packing many files into a single archive file, while
retaining information needed to restore the files fully, such as file permissions and ownership. The name
tar stands for tape archive because the tool was originally used to archive files as backups on tape.
However, use of tar is not at all restricted to making tape backups, as we'll see.
The format of the tar command is:
tar functionoptions files...
where function is a single letter indicating the operation to perform, options is a list of (single-letter)
options to that function, and files is the list of files to pack or unpack in an archive. (Note that
function is not separated from options by any space.)
function can be one of the following:
To create a new archive
To extract files from an archive
To list the contents of an archive
To append files to the end of an archive
To update files that are newer than those in the archive
To compare files in the archive to those in the filesystem
You'll rarely use most of these functions; the more commonly used are c, x, and t.
The most common options are
To keep any existing files when extractingthat is, to not overwrite any existing files that are
contained within the tar file.
f filename
To specify that the tar file to be read or written is filename .
To specify that the data to be written to the tar file should be compressed or that the data in the
tar file is compressed with gzip.
Like z, but uses bzip2 instead of gzip; works only with newer versions of tar. Some intermediate
versions of tar used I instead; older ones don't support bzip2 at all.
To make tar show the files it is archiving or restoring. It is good practice to use this so that you
can see what actually happens (unless, of course, you are writing shell scripts).
There are others, which we cover later in this section.
Although the tar syntax might appear complex at first, in practice it's quite simple. For example, say we
have a directory named mt, containing these files:
rutabaga$ ls
total 37
-l mt
21 2004 Makefile
21 2004 README
16 19:03 mt
7 2004 mt.1
7 2004 mt.c
16 19:02 mt.o
5 2004 st_info.txt
We wish to pack the contents of this directory into a single tar archive. To do this, we use the
tar cf mt.tar mt
The first argument to tar is the function (here, c, for create) followed by any options. Here, we use the
option f mt.tar to specify that the resulting tar archive be named mt.tar. The last argument is the name
of the file or files to archive; in this case, we give the name of a directory, so tar packs all files in that
directory into the archive.
Note that the first argument to tar must be the function letter and options. Because of this, there's no
reason to use a hyphen ( -) to precede the options as many Unix commands require. tar allows you to
use a hyphen, as in:
tar -cf mt.tar mt
but it's really not necessary. In some versions of tar, the first letter must be the function, as in c, t, or
x. In other versions, the order of letters does not matter.
The function letters as described here follow the so-called "old option style." There is also a newer
"short option style" in which you precede the function options with a hyphen, and a "long option style"
in which you use long option names with two hyphens. See the Info page for tar for more details if you
are interested.
Be careful to remember the filename if you use the cf function letters. Otherwise tar will overwrite the
first file in your list of files to pack because it will mistake that for the filename!
It is often a good idea to use the v option with tar; this lists each file as it is archived. For example:
rutabaga$ tar cvf mt.tar mt
If you use v multiple times, additional information will be printed:
rutabaga$ tar cvvf mt.tar mt
drwxr-xr-x root/root
-rw-r--r-- root/root
-rw-r--r-- root/root
-rw-r--r-- root/root
-rw-r--r-- root/root
-rw-r--r-- root/root
-rw-r--r-- root/root
-rwxr-xr-x root/root
This is especially useful because it lets you verify that tar is doing the right thing.
In some versions of tar, f must be the last letter in the list of options. This is because tar expects the f
option to be followed by a filenamethe name of the tar file to read from or write to. If you don't specify
f filename at all, tar assumes for historical reasons that it should use the device /dev/rmt0 (that is, the
first tape drive). In "Making Backups," in Chapter 27, we talk about using tar in conjunction with a tape
drive to make backups.
Now, we can give the file mt.tar to other people, and they can extract it on their own system. To do
this, they would use the following command:
tar xvf mt.tar
This creates the subdirectory mt and places all the original files into it, with the same permissions as
found on the original system. The new files will be owned by the user running the tar xvf (you) unless
you are running as root, in which case the original owner is preserved. The x option stands for "extract."
The v option is used again here to list each file as it is extracted. This produces:
courgette% tar xvf mt.tar
We can see that tar saves the pathname of each file relative to the location where the tar file was
originally created. That is, when we created the archive using tar cf mt.tar mt, the only input filename
we specified was mt, the name of the directory containing the files. Therefore, tar stores the directory
itself and all the files below that directory in the tar file. When we extract the tar file, the directory mt is
created and the files placed into it, which is the exact inverse of what was done to create the archive.
By default, tar extracts all tar files relative to the current directory where you execute tar. For example,
if you were to pack up the contents of your /bin directory with the command:
tar cvf bin.tar /bin
tar would give the warning:
tar: Removing leading / from absolute pathnames in the archive.
What this means is that the files are stored in the archive within the subdirectory bin. When this tar file
is extracted, the directory bin is created in the working directory of tarnot as /bin on the system where
the extraction is being done. This is very important and is meant to prevent terrible mistakes when
extracting tar files. Otherwise, extracting a tar file packed as, say, /bin would trash the contents of your
/bin directory when you extracted it.[*] If you really wanted to extract such a tar file into /bin, you
would extract it from the root directory, /. You can override this behavior using the P option when
packing tar files, but it's not recommended you do so.
[*] Some (older) implementations of Unix (e.g., Sinix and Solaris) do just that.
Another way to create the tar file mt.tar would have been to cd into the mt directory itself, and use a
command such as:
tar cvf mt.tar *
This way the mt subdirectory would not be stored in the tar file; when extracted, the files would be
placed directly in your current working directory. One fine point of tar etiquette is to always pack tar
files so that they have a subdirectory at the top level, as we did in the first example with tar cvf mt.tar
mt. Therefore, when the archive is extracted, the subdirectory is also created and any files placed there.
This way you can ensure that the files won't be placed directly in your current working directory; they
will be tucked out of the way and prevent confusion. This also saves the person doing the extraction the
trouble of having to create a separate directory (should they wish to do so) to unpack the tar file. Of
course, there are plenty of situations where you wouldn't want to do this. So much for etiquette.
When creating archives, you can, of course, give tar a list of files or directories to pack into the archive.
In the first example, we have given tar the single directory mt, but in the previous paragraph we used
the wildcard *, which the shell expands into the list of filenames in the current directory.
Before extracting a tar file, it's usually a good idea to take a look at its table of contents to determine
how it was packed. This way you can determine whether you do need to create a subdirectory yourself
where you can unpack the archive. A command such as:
tar tvf tarfile
lists the table of contents for the named tarfile. Note that when using the t function, only one v is
required to get the long file listing, as in this example:
tar tvf mt.tar
No extraction is being done here; we're just displaying the archive's table of contents. We can see from
the filenames that this file was packed with all files in the subdirectory mt, so that when we extract the
tar file, the directory mt will be created and the files placed there.
You can also extract individual files from a tar archive. To do this, use the command:
tar xvf tarfile files
where files is the list of files to extract. As we've seen, if you don't specify any files, tar extracts the
entire archive.
When specifying individual files to extract, you must give the full pathname as it is stored in the tar file.
For example, if we wanted to grab just the file mt.c from the previous archive mt.tar, we'd use the
tar xvf mt.tar mt/mt.c
This would create the subdirectory mt and place the file mt.c within it.
tar has many more options than those mentioned here. These are the features that you're likely to use
most of the time, but GNU tar, in particular, has extensions that make it ideal for creating backups and
the like. See the tar manual page and the following section for more information.
12.5.3. Using tar with gzip and bzip2
tar does not compress the data stored in its archives in any way. If you are creating a tar file from three
200 K files, you'll end up with an archive of about 600 K. It is common practice to compress tar archives
with gzip (or the older compress program). You could create a gzipped tar file using the commands:
tar cvf tarfile files...
gzip -9 tarfile
But that's so cumbersome, and requires you to have enough space to store the uncompressed tar file
before you gzip it.
A much trickier way to accomplish the same task is to use an interesting feature of tar that allows you
to write an archive to standard output. If you specify - as the tar file to read or write, the data will be
read from or written to standard input or output. For example, we can create a gzipped tar file using
the command:
tar cvf - files... | gzip -9 > tarfile.tar.gz
Here, tar creates an archive from the named files and writes it to standard output; next, gzip reads the
data from standard input, compresses it, and writes the result to its own standard output; finally, we
redirect the gzipped tar file to tarfile.tar.gz.
We could extract such a tar file using the command:
gunzip -c tarfile.tar.gz | tar xvf -
gunzip uncompresses the named archive file and writes the result to standard output, which is read by
tar on standard input and extracted. Isn't Unix fun?
Of course, both commands are rather cumbersome to type. Luckily, the GNU version of tar provides the
z option, which automatically creates or extracts gzipped archives. (We saved the discussion of this
option until now, so you'd truly appreciate its convenience.) For example, we could use the commands:
tar cvzf tarfile.tar.gz files...
tar xvzf tarfile.tar.gz
to create and extract gzipped tar files. Note that you should name the files created in this way with the
.tar.gz filename extensions (or the equally often used .tgz, which also works on systems with limited
filename capabilities) to make their format obvious. The z option works just as well with other tar
functions, such as t.
Only the GNU version of tar supports the z option; if you are using tar on another Unix system, you may
have to use one of the longer commands to accomplish the same tasks. Nearly all Linux systems use
GNU tar.
When you want to use tar in conjunction with bzip2, you need to tell tar about your compression
program preferences, like this:
tar cvf tarfile.tar.bz2
--use-compress-program=bzip2 files...
Or, shorter:
tar cvf tarfile.tar.bz2
--use-compress-program=bzip2 files...
Or, shorter still:
tar cvjf tarfile.tar.bz2 files
The last version works only with newer versions of GNU tar that support the j option.
Keeping this in mind, you could write short shell scripts or aliases to handle cookbook tar file creation
and extraction for you. Under bash, you could include the following functions in your .bashrc:
tarc ( ) { tar czvf $1.tar.gz $1 }
tarx ( ) { tar xzvf $1 }
tart ( ) { tar tzvf $1 }
With these functions, to create a gzipped tar file from a single directory, you could use the command:
tarc directory
The resulting archive file would be named directory.tar.gz. (Be sure that there's no trailing slash on
the directory name; otherwise, the archive will be created as .tar.gz within the given directory.) To list
the table of contents of a gzipped tar file, just use
tart file.tar.gz
Or, to extract such an archive, use:
tarx file.tar.gz
As a final note, we would like to mention that files created with gzip and/or tar can be unpacked with
the well-known WinZip utility on Windows systems. WinZip doesn't have support for bzip2 yet, though.
If you, on the other hand, get a file in .zip format, you can unpack it on your Linux system using the
unzip command.
12.5.4. tar Tricks
Because tar saves the ownership and permissions of files in the archive and retains the full directory
structure, as well as symbolic and hard links, using tar is an excellent way to copy or move an entire
directory tree from one place to another on the same system (or even between different systems, as
we'll see). Using the - syntax described earlier, you can write a tar file to standard output, which is read
and extracted on standard input elsewhere.
For example, say that we have a directory containing two subdirectories: from-stuff and to-stuff. fromstuff contains an entire tree of files, symbolic links, and so forthsomething that is difficult to mirror
precisely using a recursive cp. To mirror the entire tree beneath from-stuff to to-stuff, we could use the
cd from-stuff
tar cf - . | (cd ../to-stuff; tar xvf -)
Simple and elegant, right? We start in the directory from-stuff and create a tar file of the current
directory, which is written to standard output. This archive is read by a subshell (the commands
contained within parentheses); the subshell does a cd to the target directory, ../to-stuff (relative to
from-stuff, that is), and then runs tar xvf, reading from standard input. No tar file is ever written to
disk; the data is sent entirely via pipe from one tar process to another. The second tar process has the v
option that prints each file as it's extracted; in this way, we can verify that the command is working as
In fact, you could transfer directory trees from one machine to another (via the network) using this
trickjust include an appropriate rsh (or ssh) command within the subshell on the right side of the pipe.
The remote shell would execute tar to read the archive on its standard input. (Actually, GNU tar has
facilities to read or write tar files automatically from other machines over the network; see the tar(1)
manual page for details.)
Chapter 13. Networking
So, you've staked out your homestead on the Linux frontier, and installed and configured your system.
What's next? Eventually you'll want to communicate with other systemsLinux and otherwiseand the
Pony Express isn't going to suffice.
Fortunately, Linux supports a number of methods for data communication and networking. This mostly
means TCP/IP these days, but other techniques such as serial communications and even communication
via radio links are available. In this chapter, we discuss how to configure your system to communicate
with the world.
The Linux Network Administrator's Guide (O'Reilly), also available from the Linux Documentation
Project, is a wide-ranging guide to configuring TCP/IP and other networking protocols under Linux. For
a detailed account of the information presented here, we refer you to that book.
13.1. Networking with TCP/IP
Linux supports a full implementation of the Transmission Control Protocol/Internet Protocol (TCP/IP)
networking protocols. TCP/IP has become the most successful mechanism for networking computers
worldwide. With Linux and an Ethernet card, you can network your machine to a local area network
(LAN) or (with the proper network connections) to the Internetthe worldwide TCP/IP network.
Hooking up a small LAN of Unix machines is easy. It simply requires an Ethernet controller in each
machine and the appropriate Ethernet cables and other hardware. Or if your business or university
provides access to the Internet, you can easily add your Linux machine to this network.
Linux also supports Serial Line Internet Protocol (SLIP ) and Point-to-Point Protocol (PPP ). SLIP and
PPP allow you to have dial-up Internet access using a modem. If your business or university provides
SLIP or PPP access, you can dial in to the SLIP or PPP server and put your machine on the Internet over
the phone line. Alternatively, if your Linux machine also has Ethernet access to the Internet, you can
configure it as a SLIP or PPP server.
In the following sections, we won't mention SLIP anymore because nowadays most people use PPP.
Besides the Linux Network Administrator's Guide, the various HOWTOs at contain lots of information about how to
set up particular aspects of networking, including how to deal with unruly hardware like some modems.
For example, Linux Ethernet HOWTO at is a
document that describes configuration of various Ethernet card drivers for Linux.
Also of interest is TCP/IP Network Administration (O'Reilly). It contains complete information on using
and configuring TCP/IP on Unix systems. If you plan to set up a network of Linux machines or do any
serious TCP/IP hacking, you should have the background in network administration presented by that
If you really want to get serious about setting up and operating networks, you will probably also want
to read DNS and BIND (O'Reilly). This book tells you all there is to know about nameservers in a
refreshingly funny manner.
13.1.1. TCP/IP Concepts
In order to fully appreciate (and utilize) the power of TCP/IP, you should be familiar with its underlying
principles. TCP/IP is a suite of protocols (the magic buzzword for this chapter) that define how machines
should communicate with each other via a network, as well as internally to other layers of the protocol
suite. For the theoretical background of the Internet protocols, the best sources of information are the
first volume of Douglas Comer's Internetworking with TCP/IP (Prentice Hall) and the first volume of W.
Richard Stevens' TCP/IP Illustrated (Addison Wesley).
TCP/IP was originally developed for use on the Advanced Research Projects Agency network, ARPAnet,
which was funded to support military and computer-science research. Therefore, you may hear TCP/IP
being referred to as the "DARPA Internet Protocols." Since that first Internet, many other TCP/IP
networks have come into use, such as the National Science Foundation's NSFNET, as well as thousands
of other local and regional networks around the world. All these networks are interconnected into a
single conglomerate known as the Internet.
On a TCP/IP network, each machine is assigned an IP address, which is a 32-bit number uniquely
identifying the machine. You need to know a little about IP addresses to structure your network and
assign addresses to hosts. The IP address is usually represented as a dotted quad: four numbers in
decimal notation, separated by dots. As an example, the IP address 0x80114b14 (in hexadecimal
format) can be written as
Two special cases should be mentioned here: dynamic IP addresses and masqueraded IP addresses.
Both were invented to overcome the current shortage of IP addresses (which will not be of concern any
longer once everybody has adopted the new IPv6 standard that prescribes 6 bytes for the IP
addressesenough for every amoeba in the universe to have an IP address).[*]
Linux supports IPv6, but since most local networks and ISPs do not use it yet, it is not very relevant at this time, unfortunately.
Dynamic IP addresses are what most Internet service providers (ISPs) use. When you connect to your
ISP's service, whether by dial-up, DSL, or otherwise, you are assigned an IP number out of a pool that
the ISP has allocated for this service. The next time you log in, you might get a different IP number. The
idea behind this is that only a small number of the customers of an ISP are logged in at the same time,
so a smaller number of IP addresses are needed. Still, as long as your computer is connected to the
Internet, it has a unique IP address that no other computer is using at that time.
Masquerading (also known as Network Address Translation, NAT ) allows several computers to share an
IP address. All machines in a masqueraded network use so-called private IP numbers, numbers out of a
range that is allocated for internal purposes and that can never serve as real addresses out there on the
Internet. Any number of networks can use the same private IP numbers, as they are never visible
outside of the LAN. One machine, the "masquerading server," will map these private IP numbers to one
public IP number (either dynamic or static) and ensure through an ingenious mapping mechanism that
incoming packets are routed to the right machine.
The IP address is divided into two parts: the network address and the host address. The network
address consists of the higher-order bits of the address and the host address of the remaining bits. (In
general, each host is a separate machine on the network.) The size of these two fields depends on the
type of network in question. For example, on a Class B network (for which the first byte of the IP
address is between 128 and 191), the first two bytes of the address identify the network, and the
remaining two bytes identify the host (Figure 13-1). For the example address just given, the network
address is 128.17, and the host address is 75.20. To put this another way, the machine with IP address is host number 75.20 on the network 128.17.
In addition, the host portion of the IP address may be subdivided to allow for a subnetwork address.
Subnetworking allows large networks to be divided into smaller subnets, each of which may be
maintained independently. For example, an organization may allocate a single Class B network, which
provides 2 bytes of host information, up to 65,534 hosts on the network. [ ] The organization may then
wish to dole
] Why not 65,536 instead? For reasons to be discussed later, a host address of 0 or 255 is invalid.
Figure 13-1. IP address
out the responsibility of maintaining portions of the network so that each subnetwork is handled by a
different department. Using subnetworking, the organization can specify, for example, that the first byte
of the host address (that is, the third byte of the overall IP address) is the subnet address, and the
second byte is the host address for that subnetwork (Figure 13-2). In this case, the IP address identifies host number 20 on subnetwork 75 of network 128.17.
Figure 13-2. IP address with subnet
Processes (on either the same or different machines) that wish to communicate via TCP/IP generally
specify the destination machine's IP address as well as a port address. The destination IP address is
used, of course, to route data from one machine to the destination machine. The port address is a 16bit number that specifies a particular service or application on the destination machine that should
receive the data. Port numbers can be thought of as office numbers at a large office building: the entire
building has a single IP address, but each business has a separate office there.
Here's a real-life example of how IP addresses and port numbers are used. The ssh program allows a
user on one machine to start a login session on another, while encrypting all the data traffic between
the two so that nobody can intercept the communication. On the remote machine, the ssh daemon,
sshd, is listening to a specific port for incoming connections (in this case, the port number is 22).[*]
On many systems, sshd is not always listening to port 22; the Internet services daemon inetd is listening on its behalf. For now, let's
sweep that detail under the carpet.
The user executing ssh specifies the address of the machine to log in to, and the ssh program attempts
to open a connection to port 22 on the remote machine. If it is successful, ssh and sshd are able to
communicate with each other to provide the remote login for the user in question.
Note that the ssh client on the local machine has a port address of its own. This port address is
allocated to the client dynamically when it begins execution. This is because the remote sshd doesn't
need to know the port number of the incoming ssh client beforehand. When the client initiates the
connection, part of the information it sends to sshd is its port number. sshd can be thought of as a
business with a well-known mailing address. Any customers who wish to correspond with the sshd
running on a particular machine need to know not only the IP address of the machine to talk to (the
address of the sshd office building), but also the port number where sshd can be found (the particular
office within the building). The address and port number of the ssh client are included as part of the
"return address" on the envelope containing the letter.
The TCP /IP family contains a number of protocols. Transmission Control Protocol (TCP) is responsible
for providing reliable, connection-oriented communications between two processes, which may be
running on different machines on the network. User Datagram Protocol (UDP ) is similar to TCP except
that it provides connectionless, unreliable service. Processes that use UDP must implement their own
acknowledgment and synchronization routines if necessary.
TCP and UDP transmit and receive data in units known as packets . Each packet contains a chunk of
information to send to another machine, as well as a header specifying the destination and source port
Internet Protocol (IP) sits beneath TCP and UDP in the protocol hierarchy. It is responsible for
transmitting and routing TCP or UDP packets via the network. In order to do so, IP wraps each TCP or
UDP packet within another packet (known as an IP datagram), which includes a header with routing and
destination information. The IP datagram header includes the IP address of the source and destination
Note that IP doesn't know anything about port addresses; those are the responsibility of TCP and UDP.
Similarly, TCP and UDP don't deal with IP addresses, which (as the name implies) are only IP's concern.
As you can see, the mail metaphor with return addresses and envelopes is quite accurate: each packet
can be thought of as a letter contained within an envelope. TCP and UDP wrap the letter in an envelope
with the source and destination port numbers (office numbers) written on it.
IP acts as the mail room for the office building sending the letter. IP receives the envelope and wraps it
in yet another envelope, with the IP address (office building address) of both the destination and the
source affixed. The post office (which we haven't discussed quite yet) delivers the letter to the
appropriate office building. There, the mail room unwraps the outer envelope and hands it to TCP/UDP,
which delivers the letter to the appropriate office based on the port number (written on the inner
envelope). Each envelope has a return address that IP and TCP/UDP use to reply to the letter.
To make the specification of machines on the Internet more humane, network hosts are often given a
name as well as an IP address. The Domain Name System (DNS ) takes care of translating hostnames
to IP addresses, and vice versa, as well as handling the distribution of the name-to-IP-address database
across the entire Internet. Using hostnames also allows the IP address associated with a machine to
change (e.g., if the machine is moved to a different network), without having to worry that others won't
be able to "find" the machine once the address changes. The DNS record for the machine is simply
updated with the new IP address, and all references to the machine, by name, will continue to work.
DNS is an enormous, worldwide distributed database. Each organization maintains a piece of the
database, listing the machines in the organization. If you find yourself in the position of maintaining the
list for your organization, you can get help from the Linux Network Administrator's Guide or TCP/IP
Network Administration, both from O'Reilly. If those aren't enough, you can really get the full scoop
from the book DNS and BIND (O'Reilly).
For the purposes of most administration, all you need to know is that either a daemon called named
(pronounced "name-dee") has to run on your system, or you need to configure your system to use
somebody else's name servicetypically your ISP's or one running in your local network. This daemon or
name service is your window onto DNS.
Now, we might ask ourselves how a packet gets from one machine (office building) to another. This is
the actual job of IP, as well as a number of other protocols that aid IP in its task. Besides managing IP
datagrams on each host (as the mail room), IP is also responsible for routing packets between hosts.
Before we can discuss how routing works, we must explain the model upon which TCP/IP networks are
built. A network is just a set of machines that are connected through some physical network
mediumsuch as Ethernet or serial lines. In TCP/IP terms, each network has its own methods for
handling routing and packet transfer internally.
Networks are connected to each other via gateways (also known as routers ). A gateway is a host that
has direct connections to two or more networks; the gateway can then exchange information between
the networks and route packets from one network to another. For instance, a gateway might be a
workstation with more than one Ethernet interface. Each interface is connected to a different network,
and the operating system uses this connectivity to allow the machine to act as a gateway.
In order to make our discussion more concrete, let's introduce an imaginary network, made up of the
machines eggplant, papaya, apricot, and zucchini. Figure 13-3 depicts the configuration of these
machines on the network.
Figure 13-3. Network with two gateways
As you can see, papaya has two IP addressesone on the 128.17.75 subnetwork and another on the
128.17.112 subnetwork. pear and pineapple are both on network 128.17.112, and pineapple is also on
IP uses the network portion of the IP address to determine how to route packets between machines. To
do this, each machine on the network has a routing table, which contains a list of networks and the
gateway machine for that network. To route a packet to a particular machine, IP looks at the network
portion of the destination address. If there is an entry for that network in the routing table, IP routes
the packet through the appropriate gateway. Otherwise, IP routes the packet through the "default"
gateway given in the routing table.
Routing tables can contain entries for specific machines as well as for networks. In addition, each
machine has a routing table entry for itself.
Let's examine the routing table for eggplant. Using the command netstat -rn, we see the following:
eggplant:$ netstat -rn
Kernel IP routing table
Flags MSS
Window irtt Iface
0 eth0
0 eth0
0 lo
0 lo
The first column displays the destination networks (and hosts) that the routing table includes. The first
entry is for the network 128.17.75 (note that the host address is 0 for network entries), which is the
network that eggplant lives on. Any packets sent to this network should be routed through, which is the IP address of eggplant. In general, a machine's route to its own network is
through itself.
The Flags column of the routing table gives information on the destination address for this entry; U
specifies that the route is "up," N that the destination is a network, and so on. The MSS field shows how
many bytes are transferred at a time over the respective connection, Window indicates how many frames
may be sent ahead before a confirmation must be made, irtt gives statistics on the use of this route,
and Iface lists the network device used for the route. On Linux systems, Ethernet interfaces are named
eth0, eth1, and so on. lo is the loopback device, which we'll discuss shortly.
The second entry in the routing table is the default route, which applies to all packets destined for
networks or hosts for which there is no entry in the table. In this case, the default route is through
papaya, which can be considered the door to the outside world. Every machine on the 128.17.75 subnet
must go through papaya to talk to machines on any other network.
The third entry in the table is for the address, which is the loopback address. This address is
used when a machine wants to make a TCP/IP connection to itself. It uses the lo device as its interface,
which prevents loopback connections from using the Ethernet (via the eth0 interface). In this way,
network bandwidth is not wasted when a machine wishes to talk to itself.
The last entry in the routing table is for the IP address, which is the eggplant host's own
address. As we can see, it uses as its gateway. This way, any time eggplant makes a TCP/IP
connection to itself, the loopback address is used as the gateway, and the lo network device is used.
Let's say that eggplant wants to send a packet to zucchini. The IP datagram contains a source address
of and a destination address of IP determines that the network portion of
the destination address is 128.17.75 and uses the routing table entry for accordingly. The
packet is sent directly to the network, which zucchini receives and is able to process.
What happens if eggplant wants to send packets to a machine not on the local network, such as pear?
The destination address is IP attempts to find a route for the 128.17.112 network in the
routing tables, but none exists, so it selects the default route through papaya. papaya receives the
packet and looks up the destination address in its own routing tables. The routing table for papaya
might look like this:
Flags MSS Window irtt Iface UN
1500 0
0 eth0 UN
1500 0
0 eth1
1500 0
0 eth1
3584 0
0 lo UH
3584 0
0 lo
As you can see, papaya is connected to the 128.17.75 network through its eth0 device and to
128.17.112 through eth1. The default route is through pineapple, which is a gateway to the Wild Blue
Yonder (as far as papaya is concerned).
Once papaya receives a packet destined for pear, it sees that the destination address is on the network
128.17.112 and routes that packet to the network using the second entry in the routing table.
Similarly, if eggplant wanted to send packets to machines outside the local organization, it would route
packets through papaya (its gateway). papaya would, in turn, route outgoing packets through
pineapple, and so forth. Packets are handed from one gateway to the next until they reach the intended
destination network. This is the basic structure upon which the Internet is based: a seemingly infinite
chain of networks, interconnected via gateways.
13.1.2. Hardware Requirements
You can use Linux TCP/IP without any networking hardware ; configuring "loopback" mode allows you
to talk to yourself. This is necessary for some applications and games that use the loopback network
However, if you want to use Linux with an Ethernet TCP/IP network, you'll need an Ethernet adapter
card. Many Ethernet adapters are supported by Linux for the ISA, EISA, and PCI buses, as well as USB
and PCMCIA adapters. See the Linux Ethernet HOWTO for a complete discussion of Linux Ethernet
hardware compatibility. For any reasonably new computer (that was sold in the last, say, two to three
years), it is also quite likely that the computer has Ethernet built in, so you do not have install an
Ethernet adapter card. You'll recognize this because there is an Ethernet connector socket (type RJ45)
Over the last few years, support has been added for non-Ethernet high-speed networking, such as
HIPPI. This topic is beyond the scope of this book, but if you are interested, you can get some
information from the directory Documentation/networking in your kernel sources.
If you have an ADSL connection and use an ADSL router, this looks to Linux just like a normal Ethernet
connection. As such, you need neither specific hardware (except an Ethernet card, of course) nor special
drivers besides the Ethernet card driver itself. If you want to connect your Linux box directly to your
ADSL modem, you still don't need to have any particular hardware or driver, but you do need to run a
protocol called PPPoE (PPP over Ethernet); more about this later.
Linux also supports SLIP and PPP, which allow you to use a modem to access the Internet over a phone
line. In this case, you'll need a modem compatible with your SLIP or PPP server; for example, many
servers require a 56-kbps V.90 modem (most also support K56flex). In this book, we describe the
configuration of PPP because it is what most Internet service providers offer.
Finally, there is PLIP, which lets you connect two computers directly via parallel ports, requiring a
special cable between the two.
13.1.3. Configuring TCP/IP with Ethernet
In this section, we discuss how to configure an Ethernet TCP/IP connection on a Linux system.
Presumably this system will be part of a local network of machines that are already running TCP/IP; in
this case, your gateway, nameserver, and so forth are already configured and available.
The following information applies primarily to Ethernet connections. If you're planning to use PPP, read
this section to understand the concepts, and follow the PPP-specific instructions in "Dial-Up PPP," later
in this chapter.
On the other hand, you may wish to set up an entire LAN of Linux machines (or a mix of Linux machines
and other systems). In this case, you'll have to take care of a number of other issues not discussed
here. This includes setting up a nameserver for yourself, as well as a gateway machine if your network
is to be connected to other networks. If your network is to be connected to the Internet, you'll also have
to obtain IP addresses and related information from your access provider.
In short, the method described here should work for many Linux systems configured for an existing
LANbut certainly not all. For further details, we direct you to a book on TCP/IP network administration,
such as those mentioned at the beginning of this chapter.
First of all, we assume that your Linux system has the necessary TCP/IP software installed. This includes
basic clients such as ssh and FTP, system-administration commands such as ifconfig and route (usually
found in /etc or /sbin), and networking configuration files (such as /etc/hosts). The other Linux-related
networking documents described earlier explain how to go about installing the Linux networking
software if you do not have it already.
A new system administration interface has been developed that unifies the various networking tasks
(configurating, routing, etc.) into a single command named ip, provided by the IPROUTE2 package. We
won't cover it here, because its value lies mainly in advanced features that most administrators don't
use, but once you understand the concepts in this chapter you can figure out how to use those
commands if you want to use that package.
We also assume that your kernel has been configured and compiled with TCP/IP support enabled. See
"Building a New Kernel" in Chapter 18 for information on compiling your kernel. To enable networking,
you must answer yes to the appropriate questions during the make config or make menuconfig step,
rebuild the kernel, and boot from it.
Once this has been done, you must modify a number of configuration files. For the most part this is a
simple procedure. Unfortunately, however, there is wide disagreement between Linux distributions as to
where the various TCP/IP configuration files and support programs should go. Much of the time, they
can be found in /etc or /etc/sysconfig, but in other cases they may be found in /usr/etc, /usr/etc/inet, or
other bizarre locations. In the worst case, you'll have to use the find command to locate the files on
your system. Also note that not all distributions keep the network configuration files and software in the
same location; they may be spread across several directories.
Here we cover how to set up and configure networking on a Linux box manually. This should help you
get some insight into what goes on behind the scenes and enable you to help yourself if something goes
wrong with automatic setup tools provided by your distribution. It can be a good idea, though, to first
try setting up your network with the configuration programs that your distribution provides; many of
these are quite advanced these days and detect many of the necessary settings automatically. They are
usually available from the menus on your desktop. If you understand the concepts in this chapter, it is
not hard to figure out how to use them, but we do not cover them here because they tend to change,
and what you mainly need to know is the effects you're aiming to achieve.
This section also assumes use of one Ethernet device on the system. These instructions should be fairly
easy to extrapolate if your system has more than one network connection (and hence acts as a
Here, we also discuss configuration for loopback-only systems (systems with no Ethernet or PPP
connection). If you have no network access, you may wish to configure your system for loopback-only
TCP/IP so that you can use applications that require it. Your network configuration
Before you can configure TCP/IP , you need to determine the following information about your network
setup. In most cases, your local network administrator or ISP can provide you with this information. If
your network is using DHCP, things are going to be a bit differentfor example, you do not need to know
your IP address, since it will be assigned to you automatically. But it's often easier to test things one
step at a time and start with a static IP address. Just make sure with your network administrator or
Internet service provider that you are not using one that another computer on the network is already
usingthat could be very annoying both for you and the other user, because communication will be
disturbed, to say the least.
Your IP address
This is the unique machine address in dotted-decimal format. An example is Your
network administrators will provide you with this number.
If you're configuring loopback mode (i.e., no PPP and no Ethernet card, just TCP/IP connections to
your own machine), your IP address is
Your subnetwork mask
This is a dotted quad, similar to the IP address, which determines which portion of the IP address
specifies the subnetwork number and which portion specifies the host on that subnet.
The subnetwork mask is a pattern of bits, which, when bitwise-ANDed with an IP address on your
network, will tell you which subnet that address belongs to. For example, your subnet mask might
be If your IP address is, the subnetwork portion of your address is
We distinguish here between "network address" and "subnetwork address." Remember that for
Class B addresses , the first two bytes (here, 128.17) specify the network, while the second two
bytes specify the host. With a subnet mask of 255.