openSUSE 11.2 August 06, 2010 www.novell.
Reference Copyright © 2006–2010 Novell, Inc. and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”.
Contents About This Guide xi Part I Advanced Deployment Scenarios 1 1 Remote Installation 3 1.1 1.2 1.3 1.4 1.5 Installation Scenarios for Remote Installation . . . . . . . . . . . . . . Setting Up the Server Holding the Installation Sources . . . . . . . . . Preparing the Boot of the Target System . . . . . . . . . . . . . . . Booting the Target System for Installation . . . . . . . . . . . . . . . Monitoring the Installation Process . . . . . . . . . . . . . . . . . 2 Advanced Disk Setup 2.1 2.
YaST Online Update 4.1 4.2 4.3 81 The Online Update Dialog . . . . . . . . . . . . . . . . . . . . . Installing Patches . . . . . . . . . . . . . . . . . . . . . . . . . Automatic Online Update . . . . . . . . . . . . . . . . . . . . . 5 Installing Packages From the Internet 5.1 5.2 89 1-Click Install . . . . . . . . . . . . . . . . . . . . . . . . . . . YaST Package Search . . . . . . . . . . . . . . . . . . . . . . . 6 Installing Add-On Products 6.1 6.2 89 91 93 Add-Ons . . . . . . . . . . . .
1 1 Printer Operation 11.1 11.2 11.3 11.4 11.5 11.6 11.7 149 The Workflow of the Printing System . . . . Methods and Protocols for Connecting Printers Installing the Software . . . . . . . . . . Network Printers . . . . . . . . . . . . . Printing from the Command Line . . . . . . Special Features in openSUSE . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 6 Booting and Configuring a Linux System 16.1 16.2 16.3 227 The Linux Boot Process . . . . . . . . . . . . . . . . . . . . . . The init Process . . . . . . . . . . . . . . . . . . . . . . . . . System Configuration via /etc/sysconfig . . . . . . . . . . . . . . . 1 7 The Boot Loader GRUB 17.1 17.2 17.3 17.4 17.5 17.6 17.7 Booting with GRUB . . . . . . . . . Configuring the Boot Loader with YaST Uninstalling the Linux Boot Loader . . Creating Boot CDs . . . . . . . . . The Graphical SUSE Screen . . . .
Part V Services 309 2 1 Basic Networking 311 21.1 21.2 21.3 21.4 21.5 21.6 21.7 IP Addresses and Routing . . . . . . . . . IPv6—The Next Generation Internet . . . . Name Resolution . . . . . . . . . . . . Configuring a Network Connection with YaST NetworkManager . . . . . . . . . . . . Configuring a Network Connection Manually . smpppd as Dial-up Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25.3 25.4 Dynamic Time Synchronization at Runtime . . . . . . . . . . . . . . Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . . 2 6 Sharing File Systems with NFS 26.1 26.2 26.3 26.4 26.5 26.6 26.7 Installing the Required Software Importing File Systems with YaST Importing File Systems Manually Exporting File Systems with YaST Exporting File Systems Manually NFS with Kerberos . . . . . . For More Information . . . . 417 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part VI Mobility 491 3 0 Mobile Computing with Linux 493 30.1 30.2 30.3 30.4 Laptops . . . . . . . . Mobile Hardware . . . . Cellular Phones and PDAs . For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 Power Management 31.1 31.2 31.3 31.4 31.5 503 Power Saving Functions . . . . . . . . . . . . . Advanced Configuration and Power Interface (ACPI) .
34.5 34.6 34.7 34.8 34.9 Copying Files between Linux Computers . . . . . . . . . . . Copying Files between Linux and Windows Computers with SSH . Sharing Files between Linux Computers . . . . . . . . . . . Sharing Files between Linux and Windows with Samba . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5 Help and Documentation 35.1 35.2 35.3 35.4 Documentation Directory Man Pages . . . . . . Info Pages . . . . . . openSUSE Wiki . . . .
About This Guide This manual gives you a general understanding of openSUSE®. It is intended mainly for system administrators and home users with basic system administration knowledge. Check out the various parts of this manual for a selection of applications needed in everyday life and in-depth descriptions of advanced installation and configuration scenarios. Advanced Deployment Scenarios Learn how to deploy openSUSE from a remote location and become acquainted with complex disk setup scenarios.
1 Available Documentation We provide HTML and PDF versions of our books in different languages. The following manuals for users and administrators are available on this product: Start-Up (↑Start-Up) Guides you through the installation and basic configuration of your system. For newcomers, the manual also introduces basic Linux concepts such as the file system, the user concept and access permissions and gives an overview of the features openSUSE offers to support mobile computing.
may read, write, and execute) or the auditing system that reliably collects information about any security-relevant events. In addition to the comprehensive manuals, several quick start guides are available: KDE Quick Start (↑KDE Quick Start) Gives a short introduction to the KDE desktop and some key applications running on it. GNOME Quick Start (↑GNOME Quick Start) Gives a short introduction to the GNOME desktop and some key applications running on it.
User Comments We want to hear your comments and suggestions about this manual and the other documentation included with this product. Use the User Comments feature at the bottom of each page in the online documentation or go to http://www.novell .com/documentation/feedback.html and enter your comments there.
5 Source Code The source code of openSUSE is publicly available. To download the source code, proceed as outlined under http://www.novell.com/products/suselinux/ source_code.html. If requested we send you the source code on a DVD. We need to charge a $15 or €15 fee for creation, handling and postage. To request a DVD of the source code, send an e-mail to sourcedvd@suse.de [mailto:sourcedvd@suse .de] or mail the request to: SUSE Linux Products GmbH Product Management openSUSE Maxfeldstr.
Part I.
1 Remote Installation openSUSE® can be installed in different ways. As well as the usual media installation covered in Chapter 1, Installation with YaST (↑Start-Up), you can choose from various network-based approaches or even take a completely hands-off approach to the installation of openSUSE. Each method is introduced by means of two short check lists: one listing the prerequisites for this method and the other illustrating the basic procedure.
1.1.1 Simple Remote Installation via VNC—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation. The installation itself is entirely controlled by a remote workstation using VNC to connect to the installation program. User interaction is required as with the manual installation in Chapter 1, Installation with YaST (↑Start-Up).
The target system boots to a text-based environment, giving the network address and display number under which the graphical installation environment can be addressed by any VNC viewer application or browser. VNC installations announce themselves over OpenSLP and if the firewall settings permit, they can be found using Konqueror in service:/ or slp:/ mode. 4 On the controlling workstation, open a VNC viewing application or Web browser and connect to the target system as described in Section 1.5.
To perform this kind of installation, proceed as follows: 1 Set up the repository as described in Section 1.2, “Setting Up the Server Holding the Installation Sources” (page 12). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 1.2.5, “Managing an SMB Repository” (page 20). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit.
To perform this type of installation, make sure that the following requirements are met: • Remote repository: NFS, HTTP, FTP, or SMB with working network connection. • TFTP server. • Running DHCP server for your network. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera).
8 Finish the installation. 1.1.4 Simple Remote Installation via SSH—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation and to determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using SSH to connect to the installer. User interaction is required as with the regular installation described in Chapter 1, Installation with YaST (↑Start-Up).
see Section “Choosing the Installation Media” (Chapter 1, Installation with YaST, ↑Start-Up). 3 When the boot screen of the target system appears, use the boot options prompt to set the appropriate parameters for network connection, address of the repository, and SSH enablement. This is described in detail in Section 1.4.2, “Using Custom Boot Options” (page 33).
• Physical boot medium (CD, DVD, or USB flash drive) for booting the target system. • Running DHCP server providing IP addresses. To perform this kind of installation, proceed as follows: 1 Set up the repository source as described in Section 1.2, “Setting Up the Server Holding the Installation Sources” (page 12). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 1.2.5, “Managing an SMB Repository” (page 20).
1.1.6 Remote Installation via SSH—PXE Boot and Wake on LAN This type of installation is completely hands-off. The target machine is started and booted remotely. To perform this type of installation, make sure that the following requirements are met: • Remote repository: NFS, HTTP, FTP, or SMB with working network connection. • TFTP server. • Running DHCP server for your network, providing a static IP to the host to install.
6 On the controlling workstation, start an SSH client and connect to the target system as described in Section 1.5.2, “SSH Installation” (page 37). 7 Perform the installation as described in Chapter 1, Installation with YaST (↑StartUp). Reconnect to the target system after it reboots for the final part of the installation. 8 Finish the installation. 1.
4 Select the repository type (HTTP, FTP, or NFS). The selected service is started automatically every time the system starts. If a service of the selected type is already running on your system and you want to configure it manually for the server, deactivate the automatic configuration of the server service with Do Not Configure Any Network Services. In both cases, define the directory in which the installation data should be made available on the server. 5 Configure the required repository type.
TIP Consider announcing your repository via OpenSLP if your network setup supports this option. This saves you from entering the network installation path on every target machine. The target systems are just booted using the SLP boot option and find the network repository without any further configuration. For details on this option, refer to Section 1.4, “Booting the Target System for Installation” (page 32). 7 Upload the installation data.
To create a directory to hold the installation data, proceed as follows: 1 Log in as root. 2 Create a directory that will later hold all installation data and change into this directory. For example: mkdir install/product/productversion cd install/product/productversion Replace product with an abbreviation of the product name and productversion with a string that contains the product name and version.
5 Select Add Host and enter the hostnames of the machines to which to export the installation data. Instead of specifying hostnames here, you could also use wild cards, ranges of network addresses, or just the domain name of your network. Enter the appropriate export options or leave the default, which works fine in most setups. For more information about the syntax used in exporting NFS shares, read the exports man page. 6 Click Finish.
# Register the NFS Installation Server service:install.suse:nfs://$HOSTNAME/path_to_repository/DVD1,en,65535 description=NFS Repository Replace path_to_repository with the actual path to the installation source on your server. 3 Start the OpenSLP daemon with rcslpd start. For more information about OpenSLP, refer to the package documentation located under /usr/share/doc/packages/openslp/ or refer to Chapter 22, SLP Services in the Network (page 369).
Replace path_to_repository and repository with values matching your setup. If you need to make this permanent, add it to /etc/fstab. 2e Start vsftpd with vsftpd. 3 Announce the repository via OpenSLP, if this is supported by your network setup: 3a Create the /etc/slp.reg.d/install.suse.ftp.reg configuration file with the following lines: # Register the FTP Installation Server service:install.
2a Install the Web server Apache as described in Section 28.1.2, “Installation” (page 444). 2b Enter the root directory of the HTTP server (/srv/www/htdocs) and create the subdirectory that will hold the installation sources: mkdir repository Replace repository with the product name.
1.2.5 Managing an SMB Repository Using SMB, you can import the installation sources from a Microsoft Windows server and start your Linux deployment even with no Linux machine around. To set up an exported Windows Share holding your openSUSE repository, proceed as follows: 1 Log in to your Windows machine. 2 Create a new folder that will hold the entire installation tree and name it INSTALL, for example. 3 Export this share according the procedure outlined in your Windows documentation.
1.2.6 Using ISO Images of the Installation Media on the Server Instead of copying physical media into your server directory manually, you can also mount the ISO images of the installation media into your installation server and use them as a repository. To set up an HTTP, NFS or FTP server that uses ISO images instead of media copies, proceed as follows: 1 Download the ISO images and save them to the machine to use as the installation server. 2 Log in as root.
path_to_iso path_to_repository/product medium auto loop 1.3 Preparing the Boot of the Target System This section covers the configuration tasks needed in complex boot scenarios. It contains ready-to-apply configuration examples for DHCP, PXE boot, TFTP, and Wake on LAN. 1.3.1 Setting Up a DHCP Server There are two ways to set up a DHCP server. For openSUSE, YaST provides a graphical interface to the process. Users can also manually edit the configuration files.
7 Select filename and enter pxelinux.0 as the value. 8 Add another option (next-server) and set its value to the address of the TFTP server. 9 Select OK and Finish to complete the DHCP server configuration. To configure DHCP to provide a static IP address to a specific host, enter the Expert Settings of the DHCP server configuration module (Step 4 (page 22)) and add a new declaration of the host type. Add the options hardware and fixed-address to this host declaration and provide the appropriate values.
If you plan on using SSH for the remote control of a PXE and Wake on LAN installation, explicitly specify the IP address DHCP should provide to the installation target.
4 Click Enable to make sure that the server is started and included in the boot routines. No further action from your side is required to secure this. xinetd starts tftpd at boot time. 5 Click Open Port in Firewall to open the appropriate port in the firewall running on your machine. If there is no firewall running on your server, this option is not available. 6 Click Browse to browse for the boot image directory. The default directory /tftpboot is created and selected automatically.
4c Save the file and restart xinetd with rcxinetd restart. 1.3.3 Using PXE Boot Some technical background information as well as PXE's complete specifications are available in the Preboot Execution Environment (PXE) Specification (http://www .pix.net/software/pxeboot/archive/pxespec.pdf).
insmod=kernel module By means of this entry, enter the network kernel module needed to support network installation on the PXE client. Replace kernel module with the appropriate module name for your network device. netdevice=interface This entry defines the client's network interface that must be used for the network installation. It is only necessary if the client is equipped with several network cards and must be adapted accordingly. In case of a single network card, this entry can be omitted.
install entry. The lines separated by \ must be entered as one continuous line without a line break and without the \.
1.3.4 PXELINUX Configuration Options The options listed here are a subset of all the options available for the PXELINUX configuration file. DEFAULT kernel options... Sets the default kernel command line. If PXELINUX boots automatically, it acts as if the entries after DEFAULT had been typed in at the boot prompt, except the auto option is automatically added, indicating an automatic boot.
The kernel does not have to be a Linux kernel; it can be a boot sector or a COMBOOT file. APPEND Append nothing. APPEND with a single hyphen as argument in a LABEL section can be used to override a global APPEND. LOCALBOOT type On PXELINUX, specifying LOCALBOOT 0 instead of a KERNEL option means invoking this particular label and causes a local disk boot instead of a kernel boot.
F9 filename F10 filename Displays the indicated file on the screen when a function key is pressed at the boot prompt. This can be used to implement preboot online help (presumably for the kernel command line options). For backward compatibility with earlier releases, F10 can be also entered as F0. Note that there is currently no way to bind filenames to F11 and F12. 1.3.5 Preparing the Target System for PXE Boot Prepare the system's BIOS for PXE boot by including the PXE option in the BIOS boot order.
IMPORTANT: Wake on LAN across Different Network Segments If the controlling machine is not located in the same network segment as the installation target that should be awakened, either configure the WOL requests to be sent as multicasts or remotely control a machine on that network segment to act as the sender of these requests. 1.4 Booting the Target System for Installation Basically, there are two different ways to customize the boot process for installation apart from those mentioned under Section 1.3.
1.4.2 Using Custom Boot Options Using the appropriate set of boot options helps facilitate your installation procedure. Many parameters can also be configured later using the linuxrc routines, but using the boot options is easier. In some automated setups, the boot options can be provided with initrd or an info file. The following table lists all installation scenarios mentioned in this chapter with the required parameters for booting and the corresponding boot options.
Installation Scenario 34 Parameters Needed for Boot Options Booting Section 1.1.2, “Simple Remote Installation via VNC—Dynamic Network Configuration” (page 5) • Location of the installation server • VNC enablement • VNC password Section 1.1.3, “Remote Installation via VNC—PXE Boot and Wake on LAN” (page 6) • Location of the installation server • Location of the TFTP server • VNC enablement • VNC password Section 1.1.
Installation Scenario Parameters Needed for Boot Options Booting Section 1.1.5, “Simple Remote Installation via SSH—Dynamic Network Configuration” (page 9) • Location of the installation server • SSH enablement • SSH password Section 1.1.
1.5.1 VNC Installation Using any VNC viewer software, you can remotely control the installation of openSUSE from virtually any operating system. This section introduces the setup using a VNC viewer application or a Web browser. Preparing for VNC Installation All you need to do on the installation target to prepare for a VNC installation is to provide the appropriate boot options at the initial boot for installation (see Section 1.4.2, “Using Custom Boot Options” (page 33)).
On a Linux machine, make sure that the package tightvnc is installed. On a Windows machine, install the Windows port of this application, which can be obtained at the TightVNC home page (http://www.tightvnc.com/download.html). To connect to the installation program running on the target machine, proceed as follows: 1 Start the VNC viewer.
Preparing for SSH Installation Apart from installing the appropriate software package (OpenSSH for Linux and PuTTY for Windows), you just need to pass the appropriate boot options to enable SSH for installation. See Section 1.4.2, “Using Custom Boot Options” (page 33) for details. OpenSSH is installed by default on any SUSE Linux–based operating system. Connecting to the Installation Program 1 Retrieve the installation target's IP address.
2 Advanced Disk Setup Sophisticated system configurations require specific disk setups. All common partitioning tasks can be done with YaST. To get persistent device naming with block devices, use the block devices below /dev/disk/by-id or /dev/disk/by-uuid. Logical Volume Management (LVM) is a disk partitioning scheme that is designed to be much more flexible than the physical partitioning used in standard setups. Its snapshot functionality enables easy creation of data backups.
Figure 2.1 The YaST Partitioner All existing or suggested partitions on all connected hard disks are displayed in the list of Available Storage in the YaST Expert Partitioner dialog. Entire hard disks are listed as devices without numbers, such as /dev/sda. Partitions are listed as parts of these devices, such as /dev/sda1. The size, type, encryption status, file system, and mount point of the hard disks and their partitions are also displayed.
2.1.1 Partition Types Every hard disk has a partition table with space for four entries. Every entry in the partition table corresponds to a primary partition or an extended partition. Only one extended partition entry is allowed, however. A primary partition simply consists of a continuous range of cylinders (physical disk areas) assigned to a particular operating system. With primary partitions you would be limited to four partitions per hard disk, because more do not fit in the partition table.
4 Specify additional file system options if your setup requires them. This is necessary, for example, if you need persistent device names. For details on the available options, refer to Section 2.1.3, “Editing a Partition” (page 42). 5 Click Finish to apply your partitioning setup and leave the partitioning module. If you created the partition during installation, you are returned to the installation overview screen. 2.1.
speed, as the encryption takes some time to process. More information about the encryption of file systems is provided in Chapter 11, Encrypting Partitions and Files (↑Security Guide). Fstab Options Specify various parameters contained in the global file system administration file (/etc/fstab). The default settings should suffice for most setups. You can, for example, change the file system identification from the device name to a volume label. In the volume label, use all characters except / and space.
2.1.4 Expert Options After you select a hard disk device (like sda) in the System View pane, you can access the Expert... menu in the lower right part of the Expert Partitioner window. The menu contains the following commands: Create New Partition Table This option helps you create a new partition table on the selected device. WARNING: Creating a New Partition Table Creating a new partition table on a device irreversibly removes all the partitions and their data from that device.
TIP: Cylinder Numbers Note, that different partitioning tools may start counting the cylinders of a partition with 0 or with 1. When calculating the number of cylinders, you should always use the difference between the last and the first cylinder number and add one. Using swap Swap is used to extend the available physical memory. It is then possible to use more memory than physical RAM available. The memory management system of kernels before 2.4.10 needed swap as a safety measure.
System with lots of swap (several GB) It is better to not have an application that is out of control and swapping excessively in this case. If you use such application, the system will need many hours to recover. In the process, it is likely that other processes get timeouts and faults, leaving the system in an undefined state, even after killing the faulty process. In this case, do a hard machine reboot and try to get it running again.
Note that at this point, it is only temporary swap space. After the next reboot, it is no longer utilized. 5 To enable this swap file permanently, add the following line to /etc/fstab: /var/lib/swap/swapfile swap swap defaults 0 0 2.1.7 Partitioning and LVM From the Expert partitioner, access the LVM configuration by clicking the Volume Management item in the System View pane.
WARNING Using LVM is sometimes associated with increased risk such as data loss. Risks also include application crashes, power failures, and faulty commands. Save your data before implementing LVM or reconfiguring volumes. Never work without a backup. 2.2.1 The Logical Volume Manager The LVM enables flexible distribution of hard disk space over several file systems.
the operating system can gain access. On the right side, two disks have been divided into two and three physical partitions each. Two LVM volume groups (VG 1 and VG 2) have been defined. VG 1 contains two partitions from DISK 1 and one from DISK 2. VG 2 contains the remaining two partitions from DISK 2. In LVM, the physical disk partitions that are incorporated in a volume group are called physical volumes (PVs). Within the volume groups, four LVs (LV 1 through LV 4) have been defined.
2.2.2 LVM Configuration with YaST The YaST LVM configuration can be reached from the YaST Expert Partitioner (see Section 2.1, “Using the YaST Partitioner” (page 39)) within the Volume Management item in the System View pane. The Expert Partitioner allows you to edit and delete existing partitions and also create new ones that need to be used with LVM. The first task is to create PVs that provide space to a volume group: 1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab.
3 Add the prepared PVs to the VG by selecting the device and clicking on Add. Selecting several devices is possible by holding Ctrl while selecting the devices. 4 Select Finish to make the VG available to further configuration steps. Figure 2.3 Creating a Volume Group If you have multiple volume groups defined and want to add or remove PVs, select the volume group in the Volume Management list. Then change to the Overview tab and select Resize.
Figure 2.4 Logical Volume Management Click Add and go through the wizard-like popup that opens: 1. Enter the name of the LV. For a partition that should be mounted to /home, a selfexplanatory name like HOME could be used. 2. Select the size and the number of stripes of the LV. If you have only one PV, selecting more than one stripe is not useful. 3. Choose the filesystem to use on the LV as well as the mount point.
WARNING: Striping YaST cannot, at this point, verify the correctness of your entries concerning striping. Any mistake made here is apparent only later when the LVM is implemented on disk. If you have already configured LVM on your system, the existing logical volumes can also be used. Before continuing, assign appropriate mount points to these LVs. With Finish, return to the YaST Expert Partitioner and finish your work there. 2.
RAID 1 This level provides adequate security for your data, because the data is copied to another hard disk 1:1. This is known as hard disk mirroring. If one disk is destroyed, a copy of its contents is available on the other one. All disks but one could be damaged without endangering your data. However, if the damage is not detected, the damaged data can be mirrored to the undamaged disk. This could result in the same loss of data.
2.3.1 Soft RAID Configuration with YaST The YaST RAID configuration can be reached from the YaST Expert Partitioner, described in Section 2.1, “Using the YaST Partitioner” (page 39). This partitioning tool enables you to edit and delete existing partitions and create new ones to be used with soft RAID: 1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab. 3 Click Add and enter the desired size of the raid partition on this disk.
Figure 2.5 RAID Partitions To add a previously unassigned partition to the selected RAID volume, first click the partition then Add. Assign all partitions reserved for RAID. Otherwise, the space on the partition remains unused. After assigning all partitions, click Next to select the available RAID Options. In this last step, set the file system to use as well as encryption and the mount point for the RAID volume.
2.3.3 For More Information Configuration instructions and more details for soft RAID can be found in the HOWTOs at: • /usr/share/doc/packages/mdadm/Software-RAID.HOWTO.html • http://en.tldp.org/HOWTO/Software-RAID-HOWTO.html Linux RAID mailing lists are available, such as http://marc.theaimsgroup .com/?l=linux-raid.
Part II.
3 Installing or Removing Software Use YaST's software management tool to search for software components you want to add or remove. YaST resolves all dependencies for you. To install packages not shipped with the installation media, add additional software repositories to your setup and let YaST manage them. Keep your system up-to-date by managing software updates with the update applet. Change the software collection of your system with YaST Software Manager.
cept or Apply respectively. YaST maintains a list with all actions, allowing you to review and modify your changes before applying them to the system. 3.1 Definition of Terms Repository A local or remote directory containing packages, plus additional information about these packages (package meta-data). (Repository) Alias A short name for a repository used by various zypper commands. The alias can be chosen by the user when adding a repository and must be unique.
deltarpm A deltarpm consists only of the binary diff between two defined versions of a package, and therefore has the smallest download size. Before being installed, the full RPM package is rebuilt on the local machine. Package Dependencies Certain packages are dependent on other packages, such as shared libraries. In other terms, a package may require other packages—if the required packages are not available, the package cannot be installed.
3.2.1 Views for Searching Packages or Patterns The YaST software manager can install packages or patterns from all currently enabled repositories. It offers different views and filters to make it easier to find the software you are searching for. The Search view is the default view of the window. To change view, click View and select one of the following entries from the drop-down list. The selected view opens in a new tab. Patterns Lists all patterns available for installation on your system.
TIP: Finding Packages Not Belonging to an Active Repository To list all packages that do not belong to an active repository, choose View > Repositories > @System and then choose Secondary Filter > Unmaintained Packages. This is useful, for example, if you have deleted a repository and would like to make sure no packages from that repository remain installed. 3.2.2 Installing and Removing Packages or Patterns Certain packages are dependent on other packages, such as shared libraries.
4 It is not possible to remove a pattern per se. Instead, select the packages of a pattern you want to remove and mark them for removal. 5 In order to select more packages, repeat the steps mentioned above. 6 Before applying your changes, you can review or modify them by clicking View > Installation Summary. By default, all packages that will change status, are listed.
• version number of the package • package vendor Which of the aspects has the highest importance for choosing the update candidates depends on the respective update option you choose. 1 To update all installed packages to the latest version, choose Package > All Packages > Update if Newer Version Available from the main menu.
2a Choose the repository from which to update as described in Section 3.2.1, “Views for Searching Packages or Patterns” (page 64) . 2b On the right hand side of the window, click Switch system packages to the versions in this repository. This explicitly allows YaST to change the package vendor when replacing the packages. As soon as you proceed with Accept, all installed packages will be replaced by packages deriving from this repository, if available.
By default, dependencies are automatically checked. A check is performed every time you change a package status (for example, by marking a package for installation or removal). This is generally useful, but can become exhausting when manually resolving a dependency conflict. To disable this function, uncheck Dependencies > Autocheck. Manually perform a dependency check with Dependencies > Check Now. A consistency check is always performed when you confirm your selection with Accept.
3.3 Using the GNOME Interface (GTK+) The YaST GTK+ interface is started by default when using the desktops GNOME and XFCE. Start the software manager from the YaST Control Center by clicking Software > Software Management. 3.3.1 Views for Searching Packages or Patterns The easiest way to find a package is to use the search field in the upper right corner of the software manager. Enter a search term and press Enter. By default it will search package names and summaries.
Groups The default view lists all packages sorted by groups such as Admin Tools, Graphics, Programming, or Security. RPM Groups Lists all packages sorted by functionality with groups and subgroups. For example Networking > Email > Clients. Repositories Filter to list packages by repository. In order to select more than one repository, hold the Ctrl key while clicking on repository names. The “pseudo repository” @System lists all packages currently installed.
select one of the entries in the box at the lower left corner of the dialog. For details about a package, click the package in the list. Information like available versions, authors and changelog of the package are displayed in the lower right corner of the window. To mark a package for installation, re-installation, removal, or upgrade, rightclick the package and choose the appropriate action from the menu.
NOTE: Installing Source Packages Installing source packages with YaST Software Manager is not possible at the moment. Use the command line tool zypper for this purpose. For more information, see Section “Installing Source Packages” (page 98). 3.3.3 Updating Packages Instead of updating individual packages, you can also update all installed packages or all packages from a certain repository.
3b On the right hand side of the window, click Switch system packages to the versions in this repository. This explicitly allows YaST to change the package vendor when replacing the packages. All installed packages will be replaced by packages deriving from this repository, if available. This may lead to changes in vendor and architecture and even to downgrading some packages. 4 Before applying the changes, you can review or modify them by clicking View All Changes at the bottom of the dialog.
Manually perform a dependency check with Dependencies > Check Now. A consistency check is always performed when you confirm your selection with Apply. NOTE: Manually Solving Package Conflicts Unless you are very experienced, follow the suggestions YaST makes when handling package conflicts, otherwise you may not be able to resolve them. Keep in mind that every change you make, potentially triggers other conflicts, so you can easily end up with a steadily increasing number of conflicts.
To manage repositories, start YaST and select Software > Software Repositories. The Configured Software Repositories dialog opens. Here, you can also manage subscriptions to so-called Services by changing the View at the right corner of the dialog to All Services. A Service in this context is a Repository Index Service (RIS) that can offer one or more software repositories. Such a Service can be changed dynamically by its administrator or vendor.
4 When adding a repository from the network, enter the data you are prompted for. Continue with Next. 5 Depending on the repository you have added, you might be asked if you want to import the GPG key with which is signed or asked to agree to a license. After confirming these messages, YaST will download and parse the metadata and add the repository to the list of Configured Repositories.. 6 If needed, adjust the repository Properties as described in Section 3.4.
3.4.2 Managing Repository Properties The Configured Software Repositories overview of the Software Repositories lets you change the following repository properties: Status The repository status can either be Enabled or Disabled. You can only install packages from repositories that are enabled. To turn a repository off temporarily click Disable. You can also double-click on a repository name to toggle its status. If you want to remove a repository completely, click Delete.
IMPORTANT: Priority vs. Version The repository with the highest priority takes precedence in any case. Therefore, make sure that the update repository always has the highest priority (20 by default), otherwise you might install an outdated version that will not be updated until the next online update.
4 YaST Online Update openSUSE offers a continuous stream of software security updates for your product. By default, the update applet is used to keep your system up-to-date. Refer to Section “Keeping the System Up-to-date” (Chapter 3, Installing, Removing and Updating Software, ↑Start-Up) for further information on the update applet. This chapter covers the alternative tool for updating software packages: YaST Online Update.
4.1 The Online Update Dialog The YaST Online Update dialog is available in two toolkit flavors: GTK (for GNOME) and Qt (for KDE). Both interfaces differ in look and feel but basically provide the same functions. The following sections provide a brief description of each. To open the dialog, start YaST and select Software > Online Update. Alternatively, start it from the command line with yast2 online_update. 4.1.1 KDE Interface (Qt) The Online Update window consists of four sections. Figure 4.
Needed Patches (default view) Non-installed patches that apply to packages installed on your system. Unneeded Patches Patches that either apply to packages not installed on your system, or patches that have requirements which have already have been fulfilled (because the relevant packages have already been updated from another source). All Patches All patches available for openSUSE. Each list entry in the Summary section consists of a symbol and the patch name.
Figure 4.2 YaST Online Update—GTK Interface The upper right section lists the available (or already installed) patches for openSUSE. To filter patches according to their security relevance, click the corresponding Priority entry in the upper right section of the window: Security, Recommended, Optional or Any priority. If all available patches are already installed, the Package listing in the upper right section will show no entries.
4.2 Installing Patches The YaST Online Update dialog allows you to either install all available patches at one go or to manually select the patches that you want to apply to your system. You may also revert patches that have been applied to the system. By default, all new patches (except the optional ones) that are currently available for your system are already marked for installation. They will be applied automatically once you click Accept or Apply. Procedure 4.
4 After the installation is complete, click Finish to leave the YaST Online Update. Your system is now up-to-date. TIP: Disabling deltarpms By default updates are downloaded as deltarpms. Since rebuilding rpm packages from deltarpms is a memory and CPU time consuming task, certain setups or hardware configurations might require you to disable the usage of deltarpms for performance sake. To disable the use of deltarpms edit the file /etc/zypp/zypp.conf and set download.use_deltarpm to false. 4.
IMPORTANT: Skipping Patches If you select to skip any packages that require interaction, run a manual Online Update from time to time in order to install those patches, too. Otherwise you might miss important patches. 6 Confirm your configuration with OK.
Installing Packages From the Internet 5 By default, it is only possible to install packages from configured and enabled repositories. Apart from the official repositories that are configured during the installation, numerous other repositories exist. The openSUSE® Build Service hosts several hundred ones and a lot of third party repositories exist, too—see http://en.opensuse .org/Additional_package_repositories.
Procedure 5.1 Installing Packages from the openSUSE BuildService via 1-Click Install 1 Start the openSUSE Build Service search interface at http://software .opensuse.org/search. 2 Select your system version from the drop-down menu, for example openSUSE 11.2. 3 Enter the name of the package you want to install, for example the OpenStreetMap editor josm. 4 To refine the search, adjust the Search Options according to your wishes. 5 Click Search.
11 Enter the root password to start the installation. In case a new repository was added you also need to confirm the import of the repository's GnuPG key. During the installation several progress pop-ups appear that do not need any interaction. After reading the “Installation was successful” message, click Finish. TIP: Disabling 1-Click Install Feature If you want to disable the 1-Click install feature, uninstall the yast2-metapackage-handler package using YaST.
with your system (x86_64 packages can only be installed on 64bit systems). 4 Mark a package for installation by activating its checkbox. You can mark several packages at once. You can even start a new search for other packages without losing your current selection, which is always available on the All Selected Packages. Once you have finished the package selection, proceed with Next. The Additional Software Repositories dialog shows the repositories providing the packages you want to install.
Installing Add-On Products 6 Add-on products are system extensions. You can install a third party add-on product or a special system extension of openSUSE® (for example, a CD with support for additional languages or a CD with binary drivers). To install a new add-on, start YaST and select Software > Add-On Products . You can select various types of product media, like CD, FTP, USB mass storage devices (such as USB flash drives or disks) or a local directory. You can work also directly with ISO files.
5 You can choose to Download Repository Description Files now. If the option is unchecked, YaST will automatically download the files later, if needed. Click Next to proceed. 6 When adding a repository from the network, enter the data you are prompted for. Continue with Next. 7 Depending on the repository you have added, you might be asked if you want to import the GPG key with which is signed or asked to agree to a license.
Managing Software with Command Line Tools 7 This chapter describes Zypper and RPM, two command line tools for managing software. For a definition of the terminology used in this context (for example, repository, patch, or update) refer to Section 3.1, “Definition of Terms” (page 62). 7.1 Using Zypper Zypper is a command line package manager for installing, updating and removing packages as well as for managing repositories.
zypper --non-interactive patch To use the options specific to a particular command, type them right after the command. For example, --auto-agree-with-licenses means applying all needed patches to the system without asking to confirm any licenses (they will automatically be accepted): zypper patch --auto-agree-with-licenses Some commands require one or more arguments.
by the exact package name (and version number) zypper in MozillaFirefox or zypper in MozillaFirefox-3.5.3 by repository alias and package name zypper in mozilla:MozillaFirefox Where mozilla is the alias of the repository from which to install. by package name using wildcards The following command will install all packages that have names starting with “Moz”. Use with care, especially when removing packages.
To remove emacs and install vim simultaneously, use: zypper remove emacs +vim To prevent the package name starting with the - being interpreted as a command option, always use it as the second argument.
Of course, this will only work if you have the repository with the source packages enabled in your repository list (it is added by default, but not enabled). See Section 7.1.4, “Managing Repositories with Zypper” (page 102) for details on repository management.
In this case, all patches available in your repositories are checked for relevance and installed, if necessary. The above command is all you must enter in order to apply them when needed. Zypper knows three different commands to query for the availability of patches: zypper patch-check Lists the number of needed patches (patches, that apply to your system but are not yet installed) ~ # zypper patch-check Loading repository data... Reading installed packages...
or zypper patch --cve=number For example, to install a security patch with the CVE number CVE-2010-2713, execute: zypper patch --cve=CVE-2010-2713 Installing Updates If a repository contains only new packages, but does not provide patches, zypper patch does not show any effect.
Upgrading to a New Product Version To easily upgrade your installation to a new product version (for example, from openSUSE 11.2 to openSUSE 11.3), first adjust your repositories to match the current openSUSE repositories. For details, refer to Section 7.1.4, “Managing Repositories with Zypper” (page 102). Then use the zypper dist-upgrade command with the required repositories. This command ensures that all packages will be installed from the repositories currently enabled.
The result will look similar to the following output: Example 7.1 Zypper—List of Known Repositories # | Alias | Name | Enabled | Refresh --+-----------------------+-----------------------+---------+-------1 | Updates | Updates | Yes | Yes 2 | openSUSE 11.2-0 | openSUSE 11.2-0 | No | No 3 | openSUSE-11.2-Debug | openSUSE-11.2-Debug | No | Yes 4 | openSUSE-11.2-Non-Oss | openSUSE-11.2-Non-Oss | Yes | Yes 5 | openSUSE-11.2-Oss | openSUSE-11.2-Oss | Yes | Yes 6 | openSUSE-11.2-Source | openSUSE-11.
zypper removerepo 3 Modifying Repositories Enable or disable repositories with zypper modifyrepo. You can also alter the repository's properties (such as refreshing behavior, name or priority) with this command.
zypper zypper zypper zypper se se se se firefox *fire* -d fire -u firefox # # # # simple search for "firefox" using wildcards also search in package descriptions and summaries only display packages not already installed To search for packages which provide a special capability, use the command what-provides.
This forces a complete refresh and rebuild of the database, including a forced download of raw metadata. 7.1.8 For More Information For more information on managing software from the command line, enter zypper help, zypper help command or refer to the zypper(8) manpage. For a complete and detailed command reference, including cheat sheets with the most important commands, and information on how to use Zypper in scripts and applications, refer to http://wiki.opensuse.org/SDB:Zypper_usage.
by the name extension -devel, such as the packages alsa-devel, gimp-devel, and libkde4-devel. 7.2.1 Verifying Package Authenticity RPM packages have a GnuPG signature. To verify the signature of an RPM package, use the command rpm --checksig package-1.2.3.rpm to determine whether the package originates from Novell/SUSE or from another trustworthy facility. This is especially recommended for update packages from the Internet. 7.2.
file and the newer version are different). If this is the case, compare the backup file (.rpmorig or .rpmsave) with the newly installed file and make your changes again in the new file. Afterwards, be sure to delete all .rpmorig and .rpmsave files to avoid problems with future updates. • .rpmnew files appear if the configuration file already exists and if the noreplace label was specified in the .spec file. Following an update, .rpmsave and .
Is the patch RPM suitable for my system? To check this, first query the installed version of the package. For pine, this can be done with rpm -q pine pine-4.44-188 Then check if the patch RPM is suitable for this version of pine: rpm -qp --basedon pine-4.44-224.i586.patch.rpm pine = 4.44-188 pine = 4.44-195 pine = 4.44-207 This patch is suitable for three different versions of pine. The installed version in the example is also listed, so the patch can be installed.
If, at a later date, you want to know which package version was originally installed, this information is also available in the RPM database. For pine, this information can be displayed with the following command: rpm -q --basedon pine pine = 4.44-188 More information, including information about the patch feature of RPM, is available in the man pages of rpm and rpmbuild.
To derive it from the old RPM without accessing the file system, use the -r option: applydeltarpm -r old.rpm new.delta.rpm new.rpm See /usr/share/doc/packages/deltarpm/README for technical details. 7.2.5 RPM Queries With the -q option rpm initiates queries, making it possible to inspect an RPM archive (by adding the option -p) and also to query the RPM database of installed packages. Several switches are available to specify the type of information required. See Table 7.
For example, the command rpm -q -i wget displays the information shown in Example 7.2, “rpm -q -i wget” (page 112). Example 7.2 rpm -q -i wget Name : wget Relocations: (not relocatable) Version : 1.11.4 Vendor: openSUSE Release : 1.70 Build Date: Sat 01 Aug 2009 09:49:48 CEST Install Date: Thu 06 Aug 2009 14:53:24 CEST Build Host: build18 Group : Productivity/Networking/Web/Utilities Source RPM: wget-1.11.4-1.70.src.
With the help of the installed RPM database, verification checks can be made. Initiate these with -V, -y or --verify. With this option, rpm shows all files in a package that have been changed since installation. rpm uses eight character symbols to give some hints about the following changes: Table 7.
7.2.6 Installing and Compiling Source Packages All source packages carry a .src.rpm extension (source RPM). NOTE: Installed Source Packages Source packages can be copied from the installation medium to the hard disk and unpacked with YaST. They are not, however, marked as installed ([i]) in the package manager. This is because the source packages are not entered in the RPM database. Only installed operating system software is listed in the RPM database.
WARNING Do not experiment with system components (glibc, rpm, sysvinit, etc.), because this endangers the stability of your system. The following example uses the wget.src.rpm package. After installing the source package, you should have files similar to those in the following list: /usr/src/packages/SOURCES/wget-1.11.4.tar.bz2 /usr/src/packages/SOURCES/wgetrc.patch /usr/src/packages/SPECS/wget.spec rpmbuild -bX /usr/src/packages/SPECS/wget.spec starts the compilation.
The binary RPM created can now be installed with rpm -i or, preferably, with rpm -U. Installation with rpm makes it appear in the RPM database. 7.2.7 Compiling RPM Packages with build The danger with many packages is that unwanted files are added to the running system during the build process. To prevent this use build, which creates a defined environment in which the package is built. To establish this chroot environment, the build script must be provided with a complete package tree.
Part III.
Managing Users with YaST 8 During installation, you chose a method for user authentication. This method is either local (via /etc/passwd) or, if a network connection is established, via NIS, LDAP, Kerberos or Samba (see Section “Create New User” (Chapter 1, Installation with YaST, ↑Start-Up) . You can create or modify user accounts and change the authentication method with YaST at any time. Every user is assigned a system-wide user ID (UID).
Figure 8.1 YaST User and Group Administration Depending on the set of users you choose to view and modify with, the dialog (local users, network users, system users), the main window shows several tabs. These allow you to execute the following tasks: Managing User Accounts From the Users tab create, modify, delete or temporarily disable user accounts as described in Section 8.2, “Managing User Accounts” (page 121).
Assigning Users to Groups Learn how to change the group assignment for individual users in Section 8.5, “Assigning Users to Groups” (page 130). Managing Groups From the Groups tab, you can add, modify or delete existing groups. Refer to Section 8.6, “Managing Groups” (page 131) for information on how to do this.
In the following, learn how to set up default user accounts. For some further options, such as auto login, login without password, setting up encrypted home directories or managing quotas for users and groups, refer to Section 8.3, “Additional Options for User Accounts” (page 123). Procedure 8.1 Adding or Modifying User Accounts 1 Open the YaST User and Group Administration dialog and click the Users tab. 2 With Set Filter define the set of users you want to manage.
dialog and to save the changes. A newly added user can now log in to the system using the login name and password you created. TIP: Matching User IDs For a new (local) user on a laptop which also needs to integrate into a network environment where this user already has a user ID, it is useful to match the (local) user ID to the ID in the network. This ensures that the file ownership of the files the user creates “offline” is the same as if he had created them directly on the network. Procedure 8.
ality can only be activated for one user at a time. Login without password allows all users to log in to the system after they have entered their username in the login manager. WARNING: Security Risk Enabling Auto Login or Passwordless Login on a machine that can be accessed by more than one person is a security risk. Without the need to authenticate, any user can gain access to your system and your data. If your system contains confidential data, do not use this functionality.
8 You can also specify a certain expiration date for a password. Enter the Expiration Date in YYYY-MM-DD format. 9 For more information about the options and about the default values, click Help. 10 Apply your changes with OK. 8.3.3 Managing Encrypted Home Directories To protect data in home directories against theft and hard disk removal, you can create encrypted home directories for users.
Procedure 8.4 Creating Encrypted Home Directories 1 Open the YaST User and Group Management dialog and click the Users tab. 2 To encrypt the home directory of an existing user, select the user and click Edit. Otherwise, click Add to create a new user account and enter the appropriate user data on the first tab. 3 In the Details tab, activate Use Encrypted Home Directory. With Directory Size in MB, specify the size of the encrypted image file to be created for this user. 4 Apply your settings with OK.
Procedure 8.5 Modifying or Disabling Encrypted Home Directories Of course, you can also disable the encryption of a home directory or change the size of the image file at any time. 1 Open the YaST User and Group Administration dialog in the Users view. 2 Select a user from the list and click Edit. 3 If you want to disable the encryption, switch to the Details tab and disable Use Encrypted Home Directory.
file systems and restrict the amount of disk space that can be used and the number of inodes (index notes) that can be created there. Inodes are data structures on a file system that store basic information about a regular file, directory, or other file system object. They store all attributes of a file system object (like user and group ownership, read, write, or execute permissions), except file name and contents. openSUSE allows usage of soft and hard quotas.
4 Below Size Limits, restrict the amount of disk space. Enter the number of 1 KB blocks the user or group may have on this partition. Specify a Soft Limit and a Hard Limit value. 5 Additionally, you can restrict the number of inodes the user or group may have on the partition. Below Inodes Limits, enter a Soft Limit and Hard Limit. 6 You can only define grace intervals if the user or group has already exceeded the soft limit specified for size or inodes.
messages about exceeded quotas to D-BUS. For more information, refer to the repquota, the warnquota and the quota_nld man page (root password needed). 8.4 Changing Default Settings for Local Users When creating new local users, several default settings are used by YaST. These include, for example, the primary group and the secondary groups the user belongs to, or the access permissions of the user's home directory.
Users tab. In the following, learn how to modify an individual user's group assignment. If you need to change the default group assignments for new users, refer to Section 8.4, “Changing Default Settings for Local Users” (page 130). Procedure 8.8 Changing a User's Group Assignment 1 Open the YaST User and Group Administration dialog and click the Users tab. It shows a list of users and of the groups the users belong to. 2 Click Edit and switch to the Details tab.
5 In the following dialog, enter or change the data. The list on the right shows an overview of all available users and system users which can be members of the group. 6 To add existing users to a new group select them from the list of possible Group Members by checking the corresponding box. To remove them from the group just uncheck the box. 7 Click OK to apply your changes. 8 Click Expert Options > Write Changes Now to save all changes without exiting the User and Group Administration dialog.
8.7 Changing the User Authentication Method When your machine is connected to a network, you can change the authentication method you set during installation. The following options are available: NIS Users are administered centrally on a NIS server for all systems in the network. For details, see Chapter 3, Using NIS (↑Security Guide). LDAP Users are administered centrally on an LDAP server for all systems in the network. For details about LDAP, see Chapter 4, LDAP—A Directory Service (↑Security Guide).
modules in YaST. For information about the configuration of the appropriate client, refer to the following sections: NIS: Section “Configuring NIS Clients” (Chapter 3, Using NIS, ↑Security Guide) LDAP: Section “Configuring an LDAP Client with YaST” (Chapter 4, LDAP—A Directory Service, ↑Security Guide) 4 After accepting the configuration, return to the User and Group Administration overview. 5 Click OK to close the administration dialog.
Changing Language and Country Settings with YaST 9 Working in different countries or having to work in a multilingual environment requires your computer to be set up to support this. openSUSE® can handle different locales in parallel. A locale is a set of parameters that defines the language and country settings reflected in the user interface. The main system language was selected during installation and keyboard and time zone settings were adjusted.
Changing the System Language Globally Proceed as described in Section 9.1.1, “Modifying System Languages with YaST” (page 136) and Section 9.1.2, “Switching the Default System Language” (page 138) to install additional localized packages with YaST and to set the default language. Changes are effective after relogin. To ensure that the entire system reflects the change, reboot the system or close and restart all running services, applications, and programs.
ple, use a secondary language to start an application in a certain language in order to do word processing in this language. Before installing additional languages, determine which of them should be the default system language (primary language) after you have installed them. To access the YaST language module, start YaST and click System > Language. Alternatively, start the Languages dialog directly by running yast2 language & as user root from a command line. Procedure 9.
1 To add additional languages in the YaST language module, select the Secondary Languages you wish to install. 2 To make a language the default language, set it as Primary Language. 3 Additionally, adapt the keyboard to the new primary language and adjust the time zone, if appropriate. TIP For advanced keyboard or time zone settings, select Hardware > Keyboard Layout or System > Date and Time in YaST to start the respective dialogs. For more information, refer to Section 9.
2 Select the desired new system language as Primary Language. IMPORTANT: Deleting Former System Languages If you switch to a different primary language, the localized software packages for the former primary language will be removed from the system. If you want to switch the default system language but want to keep the former primary language as additional language, add it as Secondary Language by enabling the respective checkbox. 3 Adjust the keyboard and time zone options as desired.
9.2 Changing the Country and Time Settings Using the YaST date and time module, adjust your system date, clock and time zone information to the area you are working in. To access the YaST module, start YaST and click System > Date and Time. Alternatively, start the Clock and Time Zone dialog directly by running yast2 timezone & as user root from a command line. First, select a general region, such as Europe. Choose an appropriate time zone that matches the one you are working in, for example, Germany.
• If you only run Linux on your machine, set the hardware clock to UTC and have the switch form standard time to daylight saving time performed automatically. You can change the date and time manually or opt for synchronizing your machine against an NTP server, either permanently or just for adjusting your hardware clock. Procedure 9.2 Manually Adjusting Time and Date 1 In the YaST timezone module, click Change to set date and time. 2 Select Manually and enter date and time values.
4 Click Synchronize Now, to get your system time set correctly. 5 If you want to make use of NTP permanently, enable Save NTP Configuration. 6 With the Configure button, you can open the advanced NTP configuration. For details, see Section 25.1, “Configuring an NTP Client with YaST” (page 409). 7 Confirm your changes with Accept.
10 YaST in Text Mode This section is intended for system administrators and experts who do not run an X server on their systems and depend on the text-based installation tool. It provides basic information about starting and operating YaST in text mode. YaST in text mode uses the ncurses library to provide an easy pseudo-graphical user interface. The ncurses library is installed by default. The minimum supported size of the terminal emulator in which to run YaST is 80x25 characters. Figure 10.
provides an overview of the modules available in the active category. The bottom frame contains the buttons for Help and Quit. When you start the YaST Control Center, the category Software is selected automatically. Use ↓ and ↑ to change the category. To select a module from the category, activate the right frame with → and then use ↓ and ↑ to select the module. Keep the arrow keys pressed to scroll through the list of available modules. The selected module is highligted.
Function Keys The F keys (F1 through F12) enable quick access to the various buttons. Available F key shortcuts are shown in the bottom line of the YaST screen. Which function keys are actually mapped to which buttons depend on the active YaST module, because the different modules offer different buttons (Details, Info, Add, Delete, etc.). Use F10 for Accept, OK, Next, and Finish. Press F1 to access the YaST help.
Replacing Alt with Esc Alt shortcuts can be executed with Esc instead of Alt. For example, Esc – H replaces Alt + H. (First press Esc, then press H.) Backward and Forward Navigation with Ctrl + F and Ctrl + B If the Alt and Shift combinations are occupied by the window manager or the terminal, use the combinations Ctrl + F (forward) and Ctrl + B (backward) instead. Restriction of Function Keys The F keys are also used for functions.
or yast --install package_name can be a single short package name, for example gvim, which is installed with dependency checking, or the full path to an rpm package, which is installed without dependency checking. If you need a command-line based software management utility with functionality beyond what YaST provides, consider using zypper. This new utility uses the same software management library that is also the foundation for the YaST package manager.
11 Printer Operation openSUSE® supports printing with many types of printers, including remote network printers. Printers can be configured manually or with YaST. For configuration instructions, refer to Section “Setting Up a Printer” (Chapter 2, Setting Up Hardware Components with YaST, ↑Start-Up). Both graphical and command line utilities are available for starting and managing print jobs. If your printer does not work as expected, refer to Section 11.7, “Troubleshooting” (page 158).
supported by Linux and produce an adequate print result. Linux may not be able to address some special printer functions. Except for HP developing HPLIP (HP Linux Imaging and Printing), there are currently no printer manufacturers who develop Linux drivers and make them available to Linux distributors under an open source license. Proprietary Printers (Also Called GDI Printers) These printers do not support any of the common printer languages.
At least one dedicated printer queue exists for every printer. The spooler holds the print job in the queue until the desired printer is ready to receive data. When the printer is ready, the spooler sends the data through the filter and back-end to the printer. The filter converts the data generated by the application that is printing (usually PostScript or PDF, but also ASCII, JPEG, etc.) into printer-specific data (PostScript, PCL, ESC/P, etc.). The features of the printer are described in the PPD files.
11.3 Installing the Software PPD (PostScript printer description) is the computer language that describes the properties, like resolution, and options, such as the availability of a duplex unit. These descriptions are required for using various printer options in CUPS. Without a PPD file, the print data would be forwarded to the printer in a “raw” state, which is usually not desired. During the installation of openSUSE, many PPD files are preinstalled.
socket Socket refers to a connection in which the plain print data is sent directly to a TCP socket. Some of the socket port numbers that are commonly used are 9100 or 35. The device URI (uniform resource identifier) syntax is: socket://IP.of.the.printer:port, for example: socket://192.168.2.202:9100/. LPD (Line Printer Daemon) The LPD protocol is described in RFC 1179. Under this protocol, some job-related data, such as the ID of the printer queue, is sent before the actual print data is sent.
11.4.1 Configuring CUPS with Command Line Tools CUPS can be configured with command line tools like lpinfo, lpadmin and lpoptions. You need a device URI consisting of a back-end, such as parallel, and parameters. To determine valid device URIs on your system use the command lpinfo -v | grep ":/": # lpinfo -v | grep ":/" direct usb://ACME/FunPrinter%20XL direct parallel:/dev/lp0 With lpadmin the CUPS server administrator can add, remove or manage print queues.
Resolution/Output Resolution: 150dpi *300dpi 600dpi The activated default option is identified by a preceding asterisk (*). 2 Change the option with lpadmin: lpadmin -p queue -o Resolution=600dpi 3 Check the new setting: lpoptions -p queue -l Resolution/Output Resolution: 150dpi 300dpi *600dpi When a normal user runs lpoptions, the settings are written to ~/.cups/ lpoptions. However, root settings are written to /etc/cups/lpoptions. 11.
and at http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall _settings. CUPS Client Normally, a CUPS client runs on a regular workstation located in a trusted network environment behind a firewall. In this case it is recommended to configure the network interface to be in the Internal Zone, so the workstation is reachable from within the network.
CUPS PPD Files in the cups Package The generic PPD files in the cups package have been complemented with adapted Foomatic PPD files for PostScript level 1 and level 2 printers: • /usr/share/cups/model/Postscript-level1.ppd.gz • /usr/share/cups/model/Postscript-level2.ppd.gz PPD Files in the cups-drivers Package Normally, the Foomatic printer filter foomatic-rip is used together with Ghostscript for non-PostScript printers. Suitable Foomatic PPD files have the entries *NickName: ...
manufacturer-PPDs. YaST cannot use a PPD file from the manufacturer-PPDs package if the model name does not match. This may happen if the manufacturer-PPDs package contains only one PPD file for similar models, like Funprinter 12xx series. In this case, select the respective PPD file manually in YaST. 11.7 Troubleshooting The following sections cover some of the most frequently encountered printer hardware and software problems and ways to solve or circumvent these problems.
Instead of spending time trying to make a proprietary Linux driver work, it may be more cost-effective to purchase a printer which supports a standard printer language (preferably PostScript). This would solve the driver problem once and for all, eliminating the need to install and configure special driver software and obtain driver updates that may be required due to new developments in the print system. 11.7.
in /etc/modprobe.conf. If there are two parallel ports that are set to the I/O addresses 378 and 278 (hexadecimal), enter these in the form 0x378,0x278. If interrupt 7 is free, it can be activated with the entry shown in Example 11.1, “/etc/ modprobe.conf: Interrupt Mode for the First Parallel Port” (page 160). Before activating the interrupt mode, check the file /proc/interrupts to see which interrupts are already in use. Only the interrupts currently being used are displayed.
If lpd does not respond, it may not be active or there may be basic network problems. If lpd responds, the response should show why printing is not possible on the queue on host. If you receive a response like that shown in Example 11.2, “Error Message from lpd” (page 161), the problem is caused by the remote lpd. Example 11.
Troubleshooting a Network Printer or Print Server Box Spoolers running in a print server box sometimes cause problems when they have to deal with multiple print jobs. Since this is caused by the spooler in the print server box, there no way to resolve this issue. As a work-around, circumvent the spooler in the print server box by addressing the printer connected to the print server box directly with the TCP socket. See Section 11.4, “Network Printers” (page 152).
11.7.5 Defective Printouts without Error Message For the print system, the print job is completed when the CUPS back-end completes the data transfer to the recipient (printer). If further processing on the recipient fails (for example, if the printer is not able to print the printer-specific data) the print system does not notice this. If the printer is not able to print the printer-specific data, select a PPD file that is more suitable for the printer. 11.7.
11.7.8 Defective Print Jobs and Data Transfer Errors If you switch the printer off or shut down the computer during the printing process, print jobs remain in the queue. Printing resumes when the computer (or the printer) is switched back on. Defective print jobs must be removed from the queue with cancel.
2 Stop cupsd. 3 Remove /var/log/cups/error_log* to avoid having to search through very large log files. 4 Start cupsd. 5 Repeat the action that led to the problem. 6 Check the messages in /var/log/cups/error_log* to identify the cause of the problem. 11.7.10 For More Information Solutions to many specific problems are presented in the SUSE Support Database (http://en.opensuse.org/Portal:Support_database). Locate the relevant articles with a text search for SDB:CUPS.
Installing and Configuring Fonts for the Graphical User Interface 12 The installation of additional fonts in openSUSE® is very easy. Simply copy the fonts to any directory located in the X11 font path (see Section 12.1, “X11 Core Fonts” (page 168)). To the enable use of the fonts, the installation directory should be a subdirectory of the directories configured in /etc/fonts/fonts.conf (see Section 12.2, “Xft” (page 169)) or included into this file with /etc/fonts/suse-font-dirs .conf.
To install additional fonts systemwide, manually copy the font files to a suitable directory (as root), such as /usr/share/fonts/truetype. Alternatively, the task can be performed with the KDE font installer in the KDE Personal Settings. The result is the same. Instead of copying the actual fonts, you can also create symbolic links. For example, you may want to do this if you have licensed fonts on a mounted Windows partition and want to use them. Subsequently, run SuSEconfig --module fonts.
by the X server at start-up. It searches for a valid fonts.dir file in each of the FontPath entries in the configuration file /etc/X11/xorg.conf. These entries are found in the Files section. Display the actual FontPath with xset q. This path may also be changed at runtime with xset. To add an additional path, use xset +fp . To remove an unwanted path, use xset -fp .
Xft uses the fontconfig library for finding fonts and influencing how they are rendered. The properties of fontconfig are controlled by the global configuration file /etc/ fonts/fonts.conf. Special configurations should be added to /etc/fonts/ local.conf and the user-specific configuration file ~/.fonts.conf. Each of these fontconfig configuration files must begin with
Users can easily add rules to ~/.fonts.conf to resolve these aliases to their favorite fonts: sans-serif FreeSans serif FreeSerif monospace FreeMono Because nearly all applications use these aliases by default, this affects almost the entire system.
Table 12.1 172 Parameters of fc-list Parameter Meaning and Possible Values family Name of the font family, for example, FreeSans. foundry The manufacturer of the font, for example, urw. style The font style, such as Medium, Regular, Bold, Italic or Heavy. lang The language that the font supports, for example, de for German, ja for Japanese, zh-TW for traditional Chinese or zh-CN for simplified Chinese. weight The font weight, such as 80 for regular or 200 for bold.
System Monitoring Utilities 13 There are number of programs, tools, and utilities which you can use to examine the status of your system. This chapter introduces some of them and describes their most important and frequently used parameters. For each of the described commands, examples of the relevant outputs are presented. In the examples, the first line is the command itself (after the > or # sign prompt). Omissions are indicated with square brackets ([...]) and long lines are wrapped where necessary.
system at a glance. Use these tools first in order to get an overview and find out which part of the system to examine further. 13.1.1 vmstat vmstat collects information about processes, memory, I/O, interrupts and CPU. If called without a sampling rate, it displays average values since the last reboot. When called with a sampling rate, it displays actual samples: Example 13.
b Shows the amount of processes waiting for a resource other than a CPU. A high number in this column may indicate an I/O problem (network or disk). swpd The amount of swap space currently used. free The amount of unused memory. inact Recently unused memory that can be reclaimed. This column is only visible when calling vmstat with the parameter -a (recommended). active Recently used memory that normally does not get reclaimed.
bo Number of blocks per second sent to a block device (e.g. a disk write). Note that swapping also impacts the values shown here. in Interrupts per second. A high value indicates a high I/O level (network and/or disk). cs Number of context switches per second. Simplified this means that the kernel has to replace executable code of one program in memory with that of another program. us Percentage of CPU usage from user processes. sy Percentage of CPU usage from system processes.
NOTE: sysstat package sar and sadc are part of sysstat package. you need to install the package either with YaST, or with zypper in sysstat. Automatically Collecting Daily Statistics With sadc If you want to monitor your system about a longer period of time, use sadc to automatically collect the data. You can read this data at any time using sar. To start sadc, simply run /etc/init.d/boot.sysstat start. This will add a link to /etc/ cron.
a report from /var/log/sa/saDD, where DD stands for the current day. This is the default location to where sadc writes its data. Query multiple files with multiple -f options. sar 2 10 # on-the-fly report, 10 times every 2 seconds sar -f ~/reports/sar_2010_05_03 # queries file sar_2010_05_03 sar # queries file from today in /var/log/sa/ cd /var/log/sa &&\ sar -f sa01 -f sa02 # queries files /var/log/sa/0[12] Find examples for useful sar calls and their interpretation below.
16:12:42 16:12:52 16:13:02 Average: 381096 642668 311984 428651 1674580 1413008 1743692 1627025 81.46 68.74 84.82 79.15 21084 21392 21712 21104 75460 81212 84040 75515 2328192 1938820 2212024 2209280 64.82 53.98 61.58 61.51 The last two columns (kbcommit and %commit) show an approximation of the total amount of memory (RAM plus swap) the current workload would need in the worst case (in kilobyte or percent respectively).
16:28:51 DEV 16:29:01 sdc 16:29:01 scd0 tps rd_sec/s 32.47 876.72 0.00 0.00 wr_sec/s 647.35 0.00 avgrq-sz 46.94 0.00 avgqu-sz 0.33 0.00 await 10.20 0.00 svctm 3.67 0.00 %util 11.91 0.00 16:29:01 DEV 16:29:11 sdc 16:29:11 scd0 tps rd_sec/s 48.75 2852.45 0.00 0.00 wr_sec/s 366.77 0.00 avgrq-sz 66.04 0.00 avgqu-sz 0.82 0.00 await 16.93 0.00 svctm 4.91 0.00 %util 23.94 0.00 16:29:11 DEV 16:29:21 sdc 16:29:21 scd0 tps rd_sec/s 13.20 362.40 0.00 0.00 wr_sec/s 412.00 0.00 avgrq-sz 58.67 0.
13.2 System Information 13.2.1 Device Load Information: iostat iostat monitors the system device loading. It generates reports that can be useful for better balancing the load between physical disks attached to your system. The first iostat report shows statistics collected since the system was booted. Subsequent reports cover the time since the previous report. tux@mercury:~> iostat Linux 2.6.32.7-0.
With the -P option, you can specify the number of processors to be reported (note that 0 is the first processor). The timing arguments work the same way as with the iostat command. Entering mpstat -P 1 2 5 prints five reports for the second processor (number 1) at 2 second intervals. tux@mercury:~> mpstat -P 1 2 5 Linux 2.6.32.7-0.2-default (geeko@buildhost) 08:57:10 CPU %usr %guest %idle 08:57:12 1 4.46 0.00 89.11 08:57:14 1 1.98 0.00 93.07 08:57:16 1 2.50 0.00 93.50 08:57:18 1 14.36 0.00 83.
Average: Average: PID 23576 %usr %system 37.54 61.46 %guest 0.00 %CPU 99.00 CPU - Command top 13.2.4 Kernel Ring Buffer: dmesg The Linux kernel keeps certain messages in a ring buffer. To view these messages, enter the command dmesg: tux@mercury:~> dmesg [...] end_request: I/O error, dev fd0, sector 0 subfs: unsuccessful attempt to mount media (256) e100: eth0: e100_watchdog: link up, 100Mbps, half-duplex NET: Registered protocol family 17 IA-32 Microcode Update Driver: v1.14
The special shell variable $$, whose value is the process ID of the shell, has been used. The command lsof lists all the files currently open when used without any parameters. There are often thousands of open files, therefore, listing all of them is rarely useful. However, the list of all files can be combined with search functions to generate useful lists.
NOTE: Monitoring udev Events Only root user is allowed to monitor udev events by running the udevadm command.
3e00000 4600000 1600000 3400000 2c00000 2e00000 2600000 4800000 2a00000 1800000 1400000 3c00000 3a00000 0a00000 4e00000 2400000 0e00000 3200000 2200000 4400000 1a00000 3800000 1e00000 3600000 2000000 3000000 385 391 35 52 50 50 37 37 209 182 157 175 326 85 25 11 20 6 54 2 255 2 10 106 10 21 36 122 11 31 25 10 24 24 33 32 121 36 42 38 17 10 12 41 9 11 7 14 7 6 5 7 1 751 1 1182 0 76 1 69 1 43 1 36 1 34 1 34 1 323 1 302 1 231 1 248 1 579 1 317 1 60 0 56 1 50 5 72 1 30 1 30 0 42 1 34 0 42 1 30 0 21 0 11 107
13.3.2 Process List: ps The command ps produces a list of processes. Most parameters must be written without a minus sign. Refer to ps --help for a brief help or to the man page for extensive help. To list all processes with user and command line information, use ps axu: tux@mercury:~> ps axu USER PID %CPU %MEM VSZ RSS TTY root 1 0.0 0.0 696 272 ? root 2 0.0 0.0 0 0 ? root 3 0.0 0.0 0 0 ? [...] tux 4047 0.0 6.0 158548 31400 ? tux 4057 0.0 0.7 9036 3684 ? tux 4067 0.0 0.1 2204 636 ? tux 4072 0.0 1.
4114 4023 4047 3973 19172 25144 31400 31520 sound-juicer gnome-panel --sm-client-id default1 mono-best --debug /usr/lib/beagle/Best.exe --autostarted mono-beagled --debug /usr/lib/beagle/BeagleDaemon.exe --bg --aut Useful ps Calls ps aux --sort column Sort the output by column.
| | `-bash | `-kwin |-kdesktop---kdesktop_lock---xmatrix |-kdesud |-kdm-+-X | `-kdm---startkde---kwrapper [...] The parameter -p adds the process ID to a given name. To have the command lines displayed as well, use the -a parameter: 13.3.4 Table of Processes: top The command top, which stands for table of processes, displays a list of processes that is refreshed every two seconds. To terminate the program, press Q. The parameter -n 1 terminates the program after a single display of the process list.
2235 2289 2403 2709 2714 root root root root root 15 16 23 19 16 0 0 0 0 0 1736 800 652 S 4192 2852 1444 S 1756 600 524 S 2668 1076 944 S 1756 648 564 S 0.0 0.0 0.0 0.0 0.0 0.2 0.6 0.1 0.2 0.1 0:00.10 0:02.05 0:00.00 0:00.00 0:00.56 resmgrd hald hald-addon-acpi NetworkManagerD hald-addon-stor By default the output is sorted by CPU usage (column %CPU, shortcut Shift + P).
To change the niceness of a running process, use renice priority -p process id, for example: renice +5 3266 To renice all processes owned by a specific user, use the option -u user. Process groups are reniced by the option -g process group id. 13.4 Memory 13.4.1 Memory Usage: free The utility free examines RAM and swap usage.
Active: 4048268 kB Inactive: 2674796 kB Active(anon): 663088 kB Inactive(anon): 107108 kB Active(file): 3385180 kB Inactive(file): 2567688 kB Unevictable: 4 kB Mlocked: 4 kB SwapTotal: 2096440 kB SwapFree: 2076692 kB Dirty: 44 kB Writeback: 0 kB AnonPages: 756108 kB Mapped: 147320 kB Slab: 329216 kB SReclaimable: 300220 kB SUnreclaim: 28996 kB PageTables: 21092 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 6187916 kB Committed_AS: 1388160 kB VmallocTotal: 34359738367 kB VmallocUsed: 133
SwapCached Page cache in swap Active Recently used memory that normally is not reclaimed. This value is the sum of memory claimed by anonymous pages (listed as Active(anon)) and file-backed pages (listed as Active(file)) Inactive Recently unused memory that can be reclaimed. This value is the sum of memory claimed by anonymous pages (listed as Inactive(anon)) and file-backed pages (listed as Inactive(file)).
the number of clean and dirty memory pages the process with the ID PID is using at that time. It differentiates between shared and private memory, so you are able to see how much memory the process is using without including memory shared with other processes. 13.5 Networking 13.5.1 Show the Network Status: netstat netstat shows network connections, routing tables (-r), interfaces (-i), masquerade connections (-M), multicast memberships (-g), and statistics (-s).
tux@mercury:~> netstat -s -t Tcp: 2427 active connections openings 2374 passive connection openings 0 failed connection attempts 0 connection resets received 1 connections established 27476 segments received 26786 segments send out 54 segments retransmited 0 bad segments received. 6 resets sent [...] TCPAbortOnLinger: 0 TCPAbortFailed: 0 TCPMemoryPressures: 0 13.5.2 Interactive Network Monitor: iptraf The iptraf utility is a menu based Local Area Network (LAN) monitor.
1 minute (-t). It will be run in the background (-B) and the statistics will be written to the iptraf.log file in your home directory (-L). tux@mercury:~> iptraf -i eth0 -t 1 -B -L ~/iptraf.log You can examine the log file with the more command: tux@mercury:~> more ~/iptraf.log Mon Mar 23 10:08:02 2010; ******** IP traffic monitor started ******** Mon Mar 23 10:08:02 2010; UDP; eth0; 107 bytes; from 192.168.1.192:33157 to \ 239.255.255.253:427 Mon Mar 23 10:08:02 2010; VRRP; eth0; 46 bytes; from 192.168.1.
Query the allocation and use of interrupts with the following command: tux@mercury:~> cat /proc/interrupts CPU0 0: 3577519 XT-PIC timer 1: 130 XT-PIC i8042 2: 0 XT-PIC cascade 5: 564535 XT-PIC Intel 82801DB-ICH4 7: 1 XT-PIC parport0 8: 2 XT-PIC rtc 9: 1 XT-PIC acpi, uhci_hcd:usb1, ehci_hcd:usb4 10: 0 XT-PIC uhci_hcd:usb3 11: 71772 XT-PIC uhci_hcd:usb2, eth0 12: 101150 XT-PIC i8042 14: 33146 XT-PIC ide0 15: 149202 XT-PIC ide1 NMI: 0 LOC: 0 ERR: 0 MIS: 0 Some of the important files and their contents are: /p
tux@mercury:~> ls -l /proc/self/ total 0 dr-xr-xr-x 2 tux users 0 2007-07-16 -r-------- 1 tux users 0 2007-07-16 -r--r--r-- 1 tux users 0 2007-07-16 lrwxrwxrwx 1 tux users 0 2007-07-16 -r-------- 1 tux users 0 2007-07-16 lrwxrwxrwx 1 tux users 0 2007-07-16 dr-x------ 2 tux users 0 2007-07-16 -rw-r--r-- 1 tux users 0 2007-07-16 -r--r--r-- 1 tux users 0 2007-07-16 -rw------- 1 tux users 0 2007-07-16 -r--r--r-- 1 tux users 0 2007-07-16 -rw-r--r-- 1 tux users 0 2007-07-16 -r--r--r-- 1 tux users 0 2007-07-16 lrw
tux@mercury:~> procinfo Linux 2.6.32.7-0.2-default (geeko@buildhost) (gcc 4.3.4) #1 2CPU Memory: Mem: Swap: Total 2060604 2104472 Used 2011264 112 Bootup: Wed Feb 17 03:39:33 2010 user : nice : system: IOwait: hw irq: sw irq: idle : uptime: 2:43:13.78 1d 22:21:27.87 13:39:57.57 18:02:18.59 0:03:39.44 1:15:35.25 9d 16:07:56.79 6d 13:07:11.14 0.8% 14.7% 4.3% 5.7% 0.0% 0.4% 73.
The command lspci lists the PCI resources: mercury:~ # lspci 00:00.0 Host bridge: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE \ DRAM Controller/Host-Hub Interface (rev 01) 00:01.0 PCI bridge: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE \ Host-to-AGP Bridge (rev 01) 00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM \ (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01) 00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM \ (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 01) 00:1d.
13.7.2 USB Devices: lsusb The command lsusb lists all USB devices. With the option -v, print a more detailed list. The detailed information is read from the directory /proc/bus/usb/. The following is the output of lsusb with these USB devices attached: hub, memory stick, hard disk and mouse. mercury:/ # lsusb Bus 004 Device 007: ID 0ea0:2168 2.
13.8.
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x402540 Start of program headers: 64 (bytes into file) Start of section headers: 95720 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (byt
13.9 User Information 13.9.1 User Accessing Files: fuser It can be useful to determine what processes or users are currently accessing certain files. Suppose, for example, you want to unmount a file system mounted at /mnt. umount returns "device is busy." The command fuser can then be used to determine what processes are accessing the device: tux@mercury:~> fuser -v /mnt/* /mnt/notes.txt USER tux PID ACCESS COMMAND 26597 f....
13.10 Time and Date 13.10.1 Time Measurement with time Determine the time spent by commands with the time utility. This utility is available in two versions: as a shell built-in and as a program (/usr/bin/time). tux@mercury:~> time find . > /dev/null real user sys 0m4.051s 0m0.042s 0m0.205s 13.11 Graph Your Data: RRDtool There are a lot of data in the world around you, which can be easily measured in time.
As mentioned above, RRDtool is designed to work with data that change in time. The ideal case is a sensor which repeatedly reads measured data (like temperature, speed etc.) in constant periods of time, and then exports them in a given format. Such data are perfectly ready for RRDtool, and it is easy to process them and create the desired output. Sometimes it is not possible to obtain the data automatically and regularly.
FREEMEM=`free -b | grep "Mem" | awk '{ print $4 }'` sleep $INTERVAL echo "rrdtool update free_mem.rrd $DATE:$FREEMEM" done Points to Notice • The time interval is set to 4 seconds, and is implemented with the sleep command. • RRDtool accepts time information in a special format - so called Unix time. It is defined as the number of seconds since the midnight of January 1, 1970 (UTC). For example, 1272907114 represents 2010-05-03 17:18:34. • The free memory information is reported in bytes with free -b.
rrdtool create free_mem.rrd --start 1272974834 --step=4 \ DS:memory:GAUGE:600:U:U RRA:AVERAGE:0.5:1:24 Points to Notice • This command creates a file called free_mem.rrd for storing our measured values in a Round Robin type database. • The --start option specifies the time (in Unix time) when the first value will be added to the database. In this example, it is one less than the first time value of the free_mem.sh output (1272974835).
As you can see, the size of free_mem.rrd remained the same even after updating its data. Viewing Measured Values We have already measured the values, created the database, and stored the measured value in it. Now we can play with the database, and retrieve or view its values. To retrieve all the values from our database, enter the following on the command line: tux@mercury:~> rrdtool fetch free_mem.rrd AVERAGE --start 1272974830 \ --end 1272974871 memory 1272974832: nan 1272974836: 1.
LINE2:free_memory#FF0000 \ --vertical-label "GB" \ --title "Free System Memory in Time" \ --zoom 1.5 \ --x-grid SECOND:1:SECOND:4:SECOND:10:0:%X Points to Notice • free_mem.png is the file name of the graph to be created. • --start and --end limit the time range within which the graph will be drawn. • --step specifies the time resolution (in seconds) of the graph. • The DEF:... part is a data definition called free_memory. Its data are read from the free_mem.rrd database and its data source called memory.
13.11.3 For More Information RRDtool is a very complex tool with a lot of sub-commands and command line options. Some of them are easy to understand, but you have to really study RRDtool to make it produce the results you want and fine-tune them according to your liking. Apart form RRDtool's man page (man 1 rrdtool) which gives you only basic information, you should have a look at the RRDtool homepage [http://oss.oetiker .ch/rrdtool/]. There is a detailed documentation [http://oss.oetiker.
Upgrading the System and System Changes 14 You can upgrade an existing system without completely reinstalling it. There are two types of renewing the system or parts of it: updating individual software packages and upgrading the entire system. Updating individual packages is covered in Chapter 3, Installing or Removing Software (page 61) and Chapter 4, YaST Online Update (page 81). Two ways to upgrade the system are discussed in the following sections— see Section 14.1.
may also want to write the user data in /home (the HOME directories) to a backup medium. Back up this data as root. Only root has read permission for all local files. Before starting your update, make note of the root partition. The command df / lists the device name of the root partition. In Example 14.1, “List with df -h” (page 214), the root partition to write down is /dev/sda3 (mounted as /). Example 14.1 List with df -h Filesystem /dev/sda3 udev /dev/sda5 /dev/sda1 /dev/sda2 Size 74G 252M 116G 39G 4.
14.1.3 Upgrading with YaST Following the preparation procedure outlined in Section 14.1.1, “Preparations” (page 213), you can now upgrade your system: 1 Boot the system as for the installation, described in Section “System Start-Up for Installation” (Chapter 1, Installation with YaST, ↑Start-Up). In YaST, choose a language and select Update in the Installation Mode dialog. Do not select New Installation. Also add repositories to make sure to get all available software updated whenever possible.
You also have the possibility to make backups of various system components. Selecting backups slows down the upgrade process. Use this option if you do not have a recent system backup. 6 Confirm the upgrade by clicking Start Update. Once the basic upgrade installation is finished, YaST reboots the system. Finally, YaST updates the remaining software, if any and displays the release notes, if wanted. 14.1.
The Upgrade Procedure WARNING: Check Your System Backup Before acutally starting the upgrade procedure, check that your system backup is up-to-date and restorable. This is especially important because you must enter many of the following steps manually. 1 Run the online update to make sure the software management stack is up-to-date. For more information, see Chapter 4, YaST Online Update (page 81). 2 Configure the repositories you want to use as an update source. Getting this right is essential.
only (replace repo-alias with the name of the repository you want to disable): zypper mr -d repo-alias Alternatively, you can lower the priority of these repositories. NOTE: Handling of Unresolved Dependencies zypper dup will remove all packages having unresolved dependencies, but it keeps packages of disabled repositories as long as their dependencies are satisfied. zypper dup ensures that all installed packages come from one of the available repositories.
14.1.5 Updating Individual Packages Regardless of your overall updated environment, you can always update individual packages. From this point on, however, it is your responsibility to ensure that your system remains consistent. Update advice can be found at http://www.novell .com/linux/download/updates/. Select components from the YaST package selection list according to your needs. If you select a package essential for the overall operation of the system, YaST issues a warning.
Part IV.
32-Bit and 64-Bit Applications in a 64-Bit System Environment 15 openSUSE® is available for 64-bit platforms. This does not necessarily mean that all the applications included have already been ported to 64-bit platforms. openSUSE supports the use of 32-bit applications in a 64-bit system environment. This chapter offers a brief overview of how this support is implemented on 64-bit openSUSE platforms.
An exception to this rule is PAM (pluggable authentication modules). openSUSE uses PAM in the authentication process as a layer that mediates between user and application. On a 64-bit operating system that also runs 32-bit applications it is necessary to always install both versions of a PAM module. To be executed correctly, every application requires a range of libraries. Unfortunately, the names for the 32-bit and 64-bit versions of these libraries are identical.
15.3 Software Compilation on Biarch Platforms To develop binaries for the other architecture on a biarch architecture, the respective libraries for the second architecture must additionally be installed. These packages are called rpmname-32bit. You also need the respective headers and libraries from the rpmname-devel packages and the development libraries for the second architecture from rpmname-devel-32bit. Most open source programs use an autoconf-based program configuration.
Not all of these variables are needed for every program. Adapt them to the respective program. CC="gcc -m32" LDFLAGS="-L/usr/lib;" ./configure --prefix=/usr --libdir=/usr/lib --x-libraries=/usr/lib make make install 15.4 Kernel Specifications The 64-bit kernels for x86_64 offer both a 64-bit and a 32-bit kernel ABI (application binary interface). The latter is identical with the ABI for the corresponding 32-bit kernel.
Booting and Configuring a Linux System 16 Booting a Linux system involves different components. The hardware itself is initialized by the BIOS, which starts the kernel by means of a boot loader. After this point, the boot process with init and the runlevels is completely controlled by the operating system. The runlevel concept enables you to maintain setups for everyday usage as well as to perform maintenance tasks on the system. 16.
tion about GRUB, the Linux boot loader, can be found in Chapter 17, The Boot Loader GRUB (page 243). 3. Kernel and initramfs To pass system control, the boot loader loads both the kernel and an initial RAM–based file system (initramfs) into memory. The contents of the initramfs can be used by the kernel directly. initramfs contains a small executable called init that handles the mounting of the real root file system.
changing the root file system, it is necessary to regenerate the devices. This is done by boot.udev with the command udevtrigger. If you need to change hardware (e.g. hard disks) in an installed system and this hardware requires different drivers to be present in the kernel at boot time, you must update initramfs. This is done in the same way as with its predecessor, initrd—by calling mkinitrd. Calling mkinitrd without any argument creates an initramfs. Calling mkinitrd -R creates an initrd.
Providing Block Special Files For each loaded module, the kernel generates device events. udev handles these events and generates the required block special files on a RAM file system in /dev. Without those special files, the file system and other devices would not be accessible. Managing RAID and LVM Setups If you configured your system to hold the root file system under RAID or LVM, init sets up LVM or RAID to enable access to the root file system later.
Loading the Installation System or Rescue System As soon as the hardware is properly recognized, the appropriate drivers are loaded, and udev creates the special device files, init starts the installation system with the actual YaST installer, or the rescue system. Starting YaST Finally, init starts YaST, which starts package installation and system configuration. 16.2 The init Process The program init is the process with process ID 1. It is responsible for initializing the system in the required way.
evaluated by the kernel itself are passed to init. To boot into runlevel 3, just add a the single number 3 to the boot prompt. Table 16.1 Available Runlevels Runlevel Description 0 System halt S or 1 Single user mode 2 Local multiuser mode without remote network (NFS, etc.) 3 Full multiuser mode with network 4 User Defined, this is not used unless the administrator configures this runlevel.
telinit 3 All essential programs and services (including network) are started and regular users are allowed to log in and work with the system without a graphical environment. telinit 5 The graphical environment is enabled. Usually a display manager like XDM, GDM or KDM is started. If autologin is enabled, the local user is logged in to the preselected window manager (GNOME or KDE or any other window manager). telinit 0 or shutdown -h now The system halts.
3. Now rc calls the stop scripts of the current runlevel for which there is no start script in the new runlevel. In this example, these are all the scripts that reside in /etc/init.d/rc3.d (the old runlevel was 3) and start with a K. The number following K specifies the order to run the scripts with the stop parameter, because there are some dependencies to consider. 4. The last things to start are the start scripts of the new runlevel. In this example, these are in /etc/init.d/rc5.d and begin with an S.
Table 16.2 Possible init Script Options Option Description start Start service. stop Stop service. restart If the service is running, stop it then restart it. If it is not running, start it. reload Reload the configuration without stopping and restarting the service. force-reload Reload the configuration if the service supports this. Otherwise, do the same as if restart had been given. status Show the current status of service.
The blogd daemon is a service started by boot and rc before any other one. It is stopped after the actions triggered by these scripts (running a number of subscripts, for example, making block special files available) are completed. blogd writes any screen output to the log file /var/log/boot.msg, but only if and when /var is mounted read-write. Otherwise, blogd buffers all screen data until /var becomes available. Get further information about blogd on the blogd(8) man page.
Find useful information about init scripts in Section 16.2.1, “Runlevels” (page 231). To create a custom init script for a given program or service, use the file /etc/init .d/skeleton as a template. Save a copy of this file under the new name and edit the relevant program and filenames, paths and other details as needed. You may also need to enhance the script with your own parts, so the correct actions are triggered by the init procedure.
If a script already present in /etc/init.d/ should be integrated into the existing runlevel scheme, create the links in the runlevel directories right away with insserv or by enabling the corresponding service in the runlevel editor of YaST. Your changes are applied during the next reboot—the new service is started automatically. Do not set these links manually. If something is wrong in the INFO block, problems will arise when insserv is run later for some other service.
WARNING: Faulty Runlevel Settings May Damage Your System Faulty runlevel settings may make your system unusable. Before applying your changes, make absolutely sure that you know their consequences. Figure 16.1 System Services (Runlevel) With Start, Stop, or Refresh, decide whether a service should be activated. Refresh status checks the current status. Set or Reset lets you select whether to apply your changes to the system or to restore the settings that existed before starting the runlevel editor.
to which they are relevant. This ensures that network settings, for example, only need to be parsed by network-related scripts. There are two ways to edit the system configuration. Either use the YaST sysconfig Editor or edit the configuration files manually. 16.3.1 Changing the System Configuration Using the YaST sysconfig Editor The YaST sysconfig editor provides an easy-to-use front-end for system configuration.
Figure 16.2 System Configuration Using the sysconfig Editor The YaST sysconfig dialog is split into three parts. The left part of the dialog shows a tree view of all configurable variables. When you select a variable, the right part displays both the current selection and the current setting of this variable. Below, a third window displays a short description of the variable's purpose, possible values, the default value and the actual configuration file from which this variable originates.
16.3.2 Changing the System Configuration Manually To manually change the system configuration, proceed as follows 1 Become root. 2 Bring the system into single user mode (runlevel 1) with telinit 1. 3 Change the configuration files as needed with an editor of your choice. If you do not use YaST to change the configuration files in /etc/sysconfig, make sure that empty variable values are represented by two quotation marks (KEYTABLE="") and that values with blanks in them are enclosed in quotation marks.
17 The Boot Loader GRUB This chapter describes how to configure GRUB, the boot loader used in openSUSE®. A special YaST module is available for configuring all settings. If you are not familiar with the subject of booting in Linux, read the following sections to acquire some background information. This chapter also describes some of the problems frequently encountered when booting with GRUB and their solutions. This chapter focuses on boot management and the configuration of the boot loader GRUB.
Boot Sectors Boot sectors are the first sectors of hard disk partitions with the exception of the extended partition, which merely serves as a “container” for other partitions. These boot sectors have 512 bytes of space for code used to boot an operating system installed in the respective partition. This applies to boot sectors of formatted DOS, Windows, and OS/2 partitions, which also contain some basic important data of the file system.
/boot/grub/menu.lst This file contains all information about partitions or operating systems that can be booted with GRUB. Without this information, the GRUB command line prompts the user for how to proceed. For details, see Section “Editing Menu Entries during the Boot Procedure” (page 250). /boot/grub/device.map This file translates device names from the GRUB and BIOS notation to Linux device names. /etc/grub.
17.1.1 The File /boot/grub/menu.lst The graphical splash screen with the boot menu is based on the GRUB configuration file /boot/grub/menu.lst, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB loads the menu file from the file system. For this reason, GRUB does not need to be reinstalled after every change to the file. Use the YaST boot loader to modify the GRUB configuration as described in Section 17.
The command root simplifies the specification of kernel and initrd files. The only argument of root is a device or a partition. This device is used for all kernel, initrd, or other file paths for which no device is explicitly specified until the next root command. The boot command is implied at the end of every menu entry, so it does not need to be written into the menu file. However, if you use GRUB interactively for booting, you must enter the boot command at the end. The command itself has no arguments.
the file device.map, which can be edited if necessary. Information about the file device.map is available in Section 17.1.2, “The File device.map” (page 251). A complete GRUB path consists of a device name written in parentheses and the path to the file in the file system in the specified partition. The path begins with a slash.
color white/blue black/light-gray Color scheme: white (foreground), blue (background), black (selection) and light gray (background of the selection). The color scheme has no effect on the splash screen, only on the customizable GRUB menu that you can access by exiting the splash screen with Esc. default 0 The first menu entry title linux is the one to boot by default. timeout 8 After eight seconds without any user input, GRUB automatically boots the default entry.
Editing Menu Entries during the Boot Procedure In the graphical boot menu, select the operating system to boot with the arrow keys. If you select a Linux system, you can enter additional boot parameters at the boot prompt. To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB text-based menu then press E. Changes made in this way only apply to the current boot and are not adopted permanently.
17.1.2 The File device.map The file device.map maps GRUB and BIOS device names to Linux device names. In a mixed system containing IDE and SCSI hard disks, GRUB must try to determine the boot sequence by a special procedure, because GRUB may not have access to the BIOS information on the boot sequence. GRUB saves the result of this analysis in the file /boot/grub/device.map. Example device.
This command tells GRUB to automatically install the boot loader to the second partition on the first hard disk (hd0,1) using the boot images located on the same partition. The --stage2=/boot/grub/stage2 parameter is needed to install the stage2 image from a mounted file system. Some BIOSes have a faulty LBA support implementation, --force-lba provides a solution to ignore them. 17.1.
640x480 800x600 1024x768 1280x1024 1600x1200 15bit 0x310 0x313 0x316 0x319 0x31D 16bit 0x311 0x314 0x317 0x31A 0x31E 24bit 0x312 0x315 0x318 0x31B 0x31F DEFAULT_APPEND / FAILSAFE_APPEND / XEN_KERNEL_APPEND Kernel parameters (other than vga) that are automatically appended to the default, failsafe and XEN boot entries in the bootloader configuration file.
gfxmenu (hd0,4)/message color white/blue black/light-gray default 0 timeout 8 password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/ Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu. 3 To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password.
Figure 17.1 Boot Loader Settings Use the Section Management tab to edit, change and delete boot loader sections for the individual operating systems. To add an option, click Add. To change the value of an existing option, select it with the mouse and click Edit. To remove an existing entry, select it and click Delete. If you are not familiar with boot loader options, read Section 17.1, “Booting with GRUB” (page 244) first.
17.2.1 Adjusting the Default Boot Entry To change the system that is booted by default, proceed as follows: Procedure 17.1 Setting the Default System 1 Open the Section Management tab. 2 Select the desired entry from the list. 3 Click Set as Default. 4 Click OK to activate these changes. 17.2.2 Modifying the Boot Loader Location To modify the location of the boot loader, follow these steps: Procedure 17.
2 Click OK to apply your changes. 17.2.3 Changing the Boot Loader Time-Out The boot loader does not boot the default system immediately. During the time-out, you can select the system to boot or write some kernel parameters. To set the boot loader time-out, proceed as follows: Procedure 17.3 Changing the Boot Loader Time-Out 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Options.
17.2.5 Adjusting the Disk Order If your computer has more than one hard disk, you can specify the boot sequence of the disks to match the BIOS setup of the machine (see Section 17.1.2, “The File device.map” (page 251)). To do so, proceed as follows: Procedure 17.5 Setting the Disk Order 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Installation Details. 3 If more than one disk is listed, select a disk and click Up or Down to reorder the displayed disks.
Enable Acoustic Signals Enables or disables acoustic signals in GRUB. Graphical Menu File Path to the graphics file used when displaying the boot screen. Use Serial Console If your machine is controlled via a serial console, activate this option and specify which COM port to use at which speed. See info grub or http://www.gnu .org/software/grub/manual/grub.html#Serial-terminal 17.2.7 Changing Boot Loader Type Set the boot loader type in Boot Loader Installation. The default boot loader in openSUSE is GRUB.
Read Configuration Saved on Disk Load your own /etc/lilo.conf. This action is not available during the installation of openSUSE. 4 Click OK two times to save the changes. During the conversion, the old GRUB configuration is saved to the disk. To use it, simply change the boot loader type back to GRUB and choose Restore Configuration Saved before Conversion. This action is available only on an installed system.
Procedure 17.7 Creating Boot CDs 1 Change into a directory in which to create the ISO image, for example: cd /tmp 2 Create a subdirectory for GRUB and change into the newly created iso directory: mkdir -p iso/boot/grub && cd iso 3 Copy the kernel, the files stage2_eltorito, initrd, menu.lst and message to iso/boot/: cp cp cp cp cp /boot/vmlinuz boot/ /boot/initrd boot/ /boot/message boot/ /usr/lib/grub/stage2_eltorito boot/grub /boot/grub/menu.
17.5 The Graphical SUSE Screen The graphical SUSE screen is displayed on the first console if the option vga=value is used as a kernel parameter. If you install using YaST, this option is automatically activated in accordance with the selected resolution and the graphics card. There are three ways to disable the SUSE screen, if desired: Disabling the SUSE Screen When Necessary Enter the command echo 0 >/proc/splash on the command line to disable the graphical screen.
GRUB and XFS XFS leaves no room for stage1 in the partition boot block. Therefore, do not specify an XFS partition as the location of the boot loader. This problem can be solved by creating a separate boot partition that is not formatted with XFS. GRUB Reports GRUB Geom Error GRUB checks the geometry of connected hard disks when the system is booted. Sometimes, the BIOS returns inconsistent information and GRUB reports a GRUB Geom Error. In this case, update the BIOS.
the logic within the GRUB menu file. Therefore, the second hard disk must be specified for chainloader. 17.7 For More Information Extensive information about GRUB is available at http://www.gnu.org/ software/grub/. Also refer to the grub info page. You can also search for the keyword “GRUB” in the Support Database at http://en.opensuse.org/ Portal:Support_database/ to get information about special issues.
18 Special System Features This chapter starts with information about various software packages, the virtual consoles and the keyboard layout. We talk about software components like bash, cron and logrotate, because they were changed or enhanced during the last release cycles. Even if they are small or considered of minor importance, users may want to change their default behavior, because these components are often closely coupled with the system.
1. /etc/profile 2. ~/.profile 3. /etc/bash.bashrc 4. ~/.bashrc Make custom settings in ~/.profile or ~/.bashrc. To ensure the correct processing of these files, it is necessary to copy the basic settings from /etc/skel/ .profile or /etc/skel/.bashrc into the home directory of the user. It is recommended to copy the settings from /etc/skel after an update. Execute the following shell commands to prevent the loss of personal adjustments: mv cp mv cp ~/.bashrc ~/.bashrc.old /etc/skel/.bashrc ~/.bashrc ~/.
A number of packages install shell scripts to the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, whose execution is controlled by /usr/lib/cron/run-crons. /usr/lib/cron/run -crons is run every 15 minutes from the main table (/etc/crontab). This guarantees that processes that may have been neglected can be run at the proper time.
Configure logrotate with the file /etc/logrotate.conf. In particular, the include specification primarily configures the additional files to read. Programs that produce log files install individual configuration files in /etc/logrotate.d. For example, such files ship with the packages, e.g. apache2 (/etc/logrotate.d/ apache2) and syslogd (/etc/logrotate.d/syslog). Example 18.3 Example for /etc/logrotate.
18.1.4 The locate Command locate, a command for quickly finding files, is not included in the standard scope of installed software. If desired, install the package findutils-locate. The updatedb process is started automatically every night or about 15 minutes after booting the system. 18.1.5 The ulimit Command With the ulimit (user limits) command, it is possible to set limits for the use of system resources and to have these displayed.
Example 18.4 ulimit: Settings in ~/.bashrc # Limits maximum resident set size (physical memory): ulimit -m 98304 # Limits of virtual memory: ulimit -v 98304 Memory allocations must be specified in KB. For more detailed information, see man bash. IMPORTANT Not all shells support ulimit directives. PAM (for instance, pam_limits) offers comprehensive adjustment possibilities if you depend on encompassing settings for these restrictions. 18.1.
18.1.7 Man Pages and Info Pages For some GNU applications (such as tar), the man pages are no longer maintained. For these commands, use the --help option to get a quick overview of the info pages, which provide more in-depth instructions. Info is GNU's hypertext system. Read an introduction to this system by entering info info. Info pages can be viewed with Emacs by entering emacs -f info or directly in a console with info. You can also use tkinfo, xinfo or the help system to view info pages. 18.1.
.gnu-emacs defines the file ~/.gnu-emacs-custom as custom-file. If users make settings with the customize options in Emacs, the settings are saved to ~/ .gnu-emacs-custom. With openSUSE, the emacs package installs the file site-start.el in the directory /usr/share/emacs/site-lisp. The file site-start.el is loaded before the initialization file ~/.emacs. Among other things, site-start.el ensures that special configuration files distributed with Emacs add-on packages, such as psgml, are loaded automatically.
is reserved for X and the tenth console shows kernel messages. More or fewer consoles can be assigned by modifying the file /etc/inittab. To switch to a console from X without shutting it down, use Ctrl + Alt + F1 to Ctrl + Alt + F6. To return to X, press Alt + F7. 18.3 Keyboard Mapping To standardize the keyboard mapping of programs, changes were made to the following files: /etc/inputrc /etc/X11/Xmodmap /etc/skel/.emacs /etc/skel/.gnu-emacs /etc/skel/.vimrc /etc/csh.
18.4 Language and Country-Specific Settings The system is, to a very large extent, internationalized and can be flexibly modified for local needs. In other words, internationalization (I18N) allows specific localizations (L10N). The abbreviations I18N and L10N are derived from the first and last letters of the words and, in between, the number of letters omitted. Settings are made with LC_ variables defined in the file /etc/sysconfig/ language.
18.4.1 Some Examples You should always set the language and country codes together. Language settings follow the standard ISO 639 available at http://www.evertype.com/ standards/iso639/iso639-en.html and http://www.loc.gov/ standards/iso639-2/. Country codes are listed in ISO 3166 available at http:// www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/en_listp1 .html. It only makes sense to set values for which usable description files can be found in /usr/lib/locale.
profile. /etc/SuSEconfig/csh.cshrc is sourced by /etc/csh.cshrc. This makes the settings available systemwide. Users can override the system defaults by editing their ~/.bashrc accordingly. For instance, if you do not want to use the systemwide en_US for program messages, include LC_MESSAGES=es_ES so that messages are displayed in Spanish instead. 18.4.2 Locale Settings in ~/.i18n If you are not satisfied with locale system defaults, change the settings in ~/.i18n according to the Bash scripting syntax.
or LANG="nb_NO" LANGUAGE="nb_NO:nn_NO:no" Note that in Norwegian, LC_TIME is also treated differently. One problem that can arise is a separator used to delimit groups of digits not being recognized properly. This occurs if LANG is set to only a two-letter language code like de, but the definition file glibc uses is located in /usr/share/lib/de_DE/LC _NUMERIC. Thus LC_NUMERIC must be set to de_DE to make the separator definition visible to the system. 18.4.
Dynamic Kernel Device Management with udev 19 The kernel can add or remove almost any device in a running system. Changes in the device state (whether a device is plugged in or removed) need to be propagated to userspace. Devices need to be configured as soon as they are plugged in and recognized. Users of a certain device need to be informed about any changes in this device's recognized state.
19.2 Kernel uevents and udev The required device information is exported by the sysfs file system. For every device the kernel has detected and initialized, a directory with the device name is created. It contains attribute files with device-specific properties. Every time a device is added or removed, the kernel sends a uevent to notify udev of the change. The udev daemon reads and parses all provided rules from the /etc/ udev/rules.d/*.rules files once at start-up and keeps them in memory.
calling modprobe for every event that carries a MODALIAS key. If modprobe $MODALIAS is called, it matches the device alias composed for the device with the aliases provided by the modules. If a matching entry is found, that module is loaded. All this is automatically triggered by udev. 19.
UEVENT[1185238505.279527] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UDEV [1185238505.285573] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UEVENT[1185238505.298878] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10 (input) UDEV [1185238505.305026] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10 (input) UEVENT[1185238505.305442] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10/mouse2 (input) UEVENT[1185238505.
19.6 Influencing Kernel Device Event Handling with udev Rules A udev rule can match any property the kernel adds to the event itself or any information that the kernel exports to sysfs. The rule can also request additional information from external programs. Every event is matched against all provided rules. All rules are located in the /etc/udev/rules.d directory. Every line in the rules file contains at least one key value pair. There are two kinds of keys, match and assignment keys.
The serial devices rule is not available in 50-udev-default.rules anymore, but it is still worth considering. It consists of two match keys (KERNEL and ATTRS) and one assign key (SYMLINK). The KERNEL key searches for all devices of the ttyUSB type. Using the * wild card, this key matches several of these devices. The second match key, ATTRS, checks whether the product attribute file in sysfs for any ttyUSB device contains a certain string.
• udev rules support substitutions. 19.6.1 Using Operators in udev Rules Creating keys you can choose from several different operators, depending on the type of key you want to create. Match keys will normally just be used to find a value that either matches or explicitly mismatches the search value. Match keys contain either of the following operators: == Compare for equality. If the key contains a search pattern, all results matching this pattern are valid. != Compare for non-equality.
%p, $devpath The value of DEVPATH. %k, $kernel The value of KERNEL or the internal device name. %n, $number The device number. %N, $tempnode The temporary name of the device file. %M, $major The major number of the device. %m, $minor The minor number of the device. %s{attribute}, $attr{attribute} The value of a sysfs attribute (specified by attribute). %E{variable}, $attr{variable} The value of an environment variable (specified by variable). %c, $result The output of PROGRAM. %% The % character.
ACTION The name of the event action, for example, add or remove when adding or removing a device. DEVPATH The device path of the event device, for example, DEVPATH=/bus/pci/drivers/ipw3945 to search for all events related to the ipw3945 driver. KERNEL The internal (kernel) name of the event device. SUBSYSTEM The subsystem of the event device, for example, SUBSYSTEM=usb for all events related to USB devices. ATTR{filename} sysfs attributes of the event device.
PROGRAM Let udev execute an external program. To be successful, the program must return with exit code zero. The program's output, printed to stdout, is available to the RESULT key. RESULT Match the output string of the last PROGRAM call. Either include this key in the same rule as the PROGRAM key or in a later one. 19.6.4 Using udev Assign Keys In contrast to the match keys described above, assign keys do not describe conditions that must be met.
RUN Tell udev to add a program to the list of programs to be executed for this device. Keep in mind to restrict this to very short tasks to avoid blocking further events for this device. LABEL Add a label where a GOTO can jump to. GOTO Tell udev to skip a number of rules and continue with the one that carries the label referenced by the GOTO key. IMPORT{type} Load variables into the event environment such as the output of an external program. udev imports variables of several different types.
19.7 Persistent Device Naming The dynamic device directory and the udev rules infrastructure make it possible to provide stable names for all disk devices—regardless of their order of recognition or the connection used for the device. Every appropriate block device the kernel creates is examined by tools with special knowledge about certain buses, drive types or file systems.
The following files and directories contain the crucial elements of the udev infrastructure: /etc/udev/udev.conf Main udev configuration file. /etc/udev/rules.d/* udev event matching rules. /lib/udev/devices/* Static /dev content. /lib/udev/* Helper programs called from udev rules. 19.9 For More Information For more information about the udev infrastructure, refer to the following man pages: udev General information about udev, keys, rules and other important configuration issues.
20 Bash and Bash Scripts These days many people use computers with a graphical user interface (GUI) like KDE or GNOME. Although they offer lots of features, their use is limited when it comes to the execution of automatical tasks. Shells are a good addition to GUIs and this chapter gives you an overview of some aspects of shells, in this case Bash. 20.1 What is “The Shell”? Traditionally, the shell is Bash (Bourne again Shell). When this chapter speaks about “the shell” it means Bash.
Depending on which type of shell you use, different configuration files are being read. The following tables show the login and non-login shell configuration files. Table 20.1 Bash Configuration Files for Login Shells File Description /etc/profile Do not modify this file, otherwise your modifications can be destroyed during your next update! /etc/profile.local Use this file if you extend /etc/profile /etc/profile.d/ Contains system-wide configuration files for specific programs ~/.
20.1.2 The Directory Structure The following table provides a short overview of the most important higher-level directories that you find on a Linux system. Find more detailed information about the directories and important subdirectories in the following list. Table 20.4 Overview of a Standard Directory Tree Directory Contents / Root directory—the starting point of the directory tree. /bin Essential binary files, such as commands that are needed by both the system administrator and normal users.
Directory Contents /srv Data for services provided by the system. /tmp Temporary files. /usr Secondary hierarchy with read-only data. /var Variable data such as log files. /windows Only available if you have both Microsoft Windows* and Linux installed on your system. Contains the Windows data.
guration data for their desktop in .kde4 and GNOME users find it in .gconf. For information about hidden files, refer to Section “Key Features” (Chapter 6, Basic Concepts, ↑Start-Up). NOTE: Home Directory in a Network Environment If you are working in a network environment, your home directory may be mapped to a directory in the file system other than /home. /lib Contains the essential shared libraries needed to boot the system and to run the commands in the root file system.
/tmp This directory is used by programs that require temporary storage of files. IMPORTANT: Cleaning up /tmp at Boot Time Data stored in /tmp are not guaranteed to survive a system reboot. It, for example, depends on settings in /etc/sysconfig/cron. /usr /usr has nothing to do with users, but is the acronym for UNIX system resources. The data in /usr is static, read-only data that can be shared among various hosts compliant with the Filesystem Hierarchy Standard (FHS).
If HOWTOs are installed on your system /usr/share/doc also holds the howto subdirectory in which to find additional documentation on many tasks related to the setup and operation of Linux software. /var Whereas /usr holds static, read-only data, /var is for data which is written during system operation and thus is variable data, such as log files or spooling data. For an overview of the most important log files you can find under /var/log/, refer to Table “Log Files” (↑Start-Up).
Before you can run this script you need some prerequisites: 1. Every script should contain a Shebang line (this is already the case with our example above.) If a script does not have this line, you have to call the interpreter manually. 2. You can save the script wherever you want. However, it is a good idea to save it in a directory where the shell can find it. The search path in a shell is determined by the environment variable PATH. Usually a normal user does not have write access to /usr/bin.
Command > File Saves the output of the command into a file, an existing file will be deleted. For example, the ls command writes its output into the file listing.txt: ls > listing.txt Command >> File Appends the output of the command to a file. For example, the ls command appends its output to the file listing.txt: ls >> listing.txt Command < File Reads the file as input for the given command.
alias lt='ls -ltr' To view all alias definitions, use alias. Remove your alias with unalias. 20.5 Using Variables in Bash A shell variable can be global or local. Global variables, or environment variables, can be accessed in all shells. In contrast, local variables are visible in the current shell only. To view all environment variables, use the printenv command.
LANG when a tool is localized, it uses the language from this environment variable. English can also be set to C PATH the search path of the shell, a list of directories separated by colon PS1 specifies the normal prompt printed before each command PS2 specifies the secondary prompt printed when you execute a multi-line command PWD current working directory USER the current user 20.5.1 Using Argument Variables For example, if you have the script foo.sh you can execute it like this: foo.
${VAR#pattern} removes the shortest possible match from the left: file=/home/tux/book/book.tar.bz2 echo ${file#*/} home/tux/book/book.tar.bz2 ${VAR##pattern} removes the longest possible match from the left: file=/home/tux/book/book.tar.bz2 echo ${file##*/} book.tar.bz2 ${VAR%pattern} removes the shortest possible match from the right: file=/home/tux/book/book.tar.bz2 echo ${file%.*} /home/tux/book/book.tar ${VAR%%pattern} removes the longest possible match from the right: file=/home/tux/book/book.tar.
Command1 ; Command2 executes the commands in sequential order. The exit code is not checked. The following line displays the content of the file with cat and then prints its file properties with ls regardless of their exit codes: cat filelist.txt ; ls -l filelist.txt Command1 && Command2 runs the right command, if the left command was successful (logical AND).
20.7.1 The if Control Command The if command is used to check expressions. For example, the following code tests whether the current user is Tux: if test $USER = "tux" ;then echo "Hello Tux." else echo "You are not Tux." fi The test expression can be as complex or simple as possible. The following expression checks if the file foo.txt exists: if test -e /tmp/foo.txt ; then echo "Found foo.txt" fi The test expression can also be abbreviated in angled brackets: if [ -e /tmp/foo.txt ] ; then echo "Found foo.
• http://tldp.org/LDP/Bash-Beginners-Guide/html/index .html—Bash Guide for Beginners • http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html—BASH Programming - Introduction HOW-TO • http://tldp.org/LDP/abs/html/index.html—Advanced BashScripting Guide • http://www.grymoire.com/Unix/Sh.
Part V.
21 Basic Networking Linux offers the necessary networking tools and features for integration into all types of network structures. Network access using a network card, modem or other device can be configured with YaST. Manual configuration is also possible. In this chapter only the fundamental mechanisms and the relevant network configuration files are covered. Linux and other Unix operating systems use the TCP/IP protocol.
Table 21.1 Several Protocols in the TCP/IP Protocol Family Protocol Description TCP Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system. The data arrives at the respective application on the destination host in the original data stream format it was initially sent. TCP determines whether any data has been lost or jumbled during the transmission.
Figure 21.1 Simplified Layer Model for TCP/IP Host sun Host earth Application Layer Applications Application Layer Transport Layer TCP, UDP Transport Layer Network Layer IP Network Layer Data Link Layer Ethernet, FDDI, ISDN Data Link Layer Physical Layer Cable, Fiberglass Physical Layer Data Transfer The diagram provides one or two examples for each layer. The layers are ordered according to abstraction levels. The lowest layer is very close to the hardware.
located at the end of the packet, not at the beginning. This simplifies things for the network hardware. Figure 21.2 TCP/IP Ethernet Packet Usage Data (maximum 1460 bytes) TCP (Layer 4) Protocol Header (approx. 20 bytes) IP (Layer 3) Protocol Header (approx. 20 bytes) Ethernet (Layer 2) Protocol Header (approx. 14 bytes) + Checksum (2 bytes) When an application sends data over the network, the data passes through each layer, all implemented in the Linux kernel except the physical layer.
21.1.1 IP Addresses Every computer on the Internet has a unique 32-bit address. These 32 bits (or 4 bytes) are normally written as illustrated in the second row in Example 21.1, “Writing IP Addresses” (page 315). Example 21.1 Writing IP Addresses IP Address (binary): 11000000 10101000 00000000 00010100 IP Address (decimal): 192. 168. 0. 20 In decimal form, the four bytes are written in the decimal number system, separated by periods. The IP address is assigned to a host or a network interface.
Example 21.2 Linking IP Addresses to the Netmask IP address (192.168.0.20): 11000000 10101000 00000000 00010100 Netmask (255.255.255.0): 11111111 11111111 11111111 00000000 --------------------------------------------------------------Result of the link: 11000000 10101000 00000000 00000000 In the decimal system: 192. 168. 0. 0 IP address (213.95.15.200): 11010101 10111111 00001111 11001000 Netmask (255.255.255.
Address Type Description ple therefore results in 192.168.0.255. This address cannot be assigned to any hosts. Local Host The address 127.0.0.1 is assigned to the “loopback device” on each host. A connection can be set up to your own machine with this address and with all addresses from the complete 127.0.0.0/8 loopback network as defined with IPv4. With IPv6 there is just one loopback address (::1). Because IP addresses must be unique all over the world, you cannot just select random addresses.
As mentioned, an IPv4 address consists of only 32 bits. Also, quite a few IP addresses are lost—they cannot be used due to the way in which networks are organized. The number of addresses available in your subnet is two to the power of the number of bits, minus two. A subnetwork has, for example, 2, 6, or 14 addresses available.
from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery (ND) protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server or the usage of ARP and 169.254.0.0/16 addresses.
servers to address hosts through multicasting—by addressing a number of hosts as parts of a group (which is different from addressing all hosts through broadcasting or each host individually through unicasting). Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers (the all name servers multicast group), for example, or all routers (the all routers multicast group). 21.2.
for some reason, the protocol automatically selects the second closest server, then the third one, and so forth. An IPv6 address is made up of eight four-digit fields, each representing 16 bits, written in hexadecimal notation. They are separated by colons (:). Any leading zero bytes within a given field may be dropped, but zeros within the field or at its end may not. Another convention is that more than four consecutive zero bytes may be collapsed into a double colon.
Prefix (hex) Definition Several special addresses, such as the one for the loopback device, have this prefix as well. 2 or 3 as the first digit Aggregatable global unicast addresses. As is the case with IPv4, an interface can be assigned to form part of a certain subnetwork. Currently, there are the following address spaces: 2001::/16 (production quality address space) and 2002::/16 (6to4 address space). fe80::/10 Link-local addresses.
the remaining 24 bits containing special information about the token type. This also makes it possible to assign an EUI-64 token to interfaces that do not have a MAC, such as those based on PPP or ISDN. On top of this basic structure, IPv6 distinguishes between five different types of unicast addresses: :: (unspecified) This address is used by the host as its source address when the interface is initialized for the first time—when the address cannot yet be determined by other means.
face ID, and a 16 bit field specifying the subnetwork ID. Again, the rest is filled with zero bytes. As a completely new feature introduced with IPv6, each network interface normally gets several IP addresses, with the advantage that several networks can be accessed through the same interface.
across an IPv4 network. Such a connection between two IPv4 hosts is called a tunnel. To achieve this, packets must include the IPv6 destination address (or the corresponding prefix) as well as the IPv4 address of the remote host at the receiving end of the tunnel. A basic tunnel can be configured manually according to an agreement between the hosts' administrators. This is also called static tunneling.
porarily until the next reboot, enter modprobe -i ipv6 as root. It is basically impossible to unload the ipv6 module once loaded. Because of the autoconfiguration concept of IPv6, the network card is assigned an address in the link-local network. Normally, no routing table management takes place on a workstation. The network routers can be queried by the workstation, using the router advertisement protocol, for what prefix and gateways should be implemented.
21.3 Name Resolution DNS assists in assigning an IP address to one or more names and assigning a name to an IP address. In Linux, this conversion is usually carried out by a special type of software known as bind. The machine that takes care of this conversion is called a name server. The names make up a hierarchical system in which each name component is separated by a period. The name hierarchy is, however, independent of the IP address hierarchy described above. Consider a complete name, such as jupiter.
at all. The dial-up protocol provides the name server address as the connection is made. The configuration of name server access with openSUSE® is described in Section “Configuring Hostname and DNS” (page 337). Setting up your own name server is described in Chapter 23, The Domain Name System (page 373). The protocol whois is closely related to DNS. With this program, quickly find out who is responsible for any given domain. NOTE: MDNS and .local Domain Names The .
21.4.1 Configuring the Network Card with YaST To configure your wired or wireless network card in YaST, select Network Devices > Network Settings. After starting the module, YaST displays the Network Settings dialog with four tabs: Global Options, Overview, Hostname/DNS and Routing. The Global Options tab allows you to set general networking options such as the use of NetworkManager, IPv6 and general DHCP options. For more information, see Section “Configuring Global Networking Options” (page 330).
Figure 21.3 Configuring Network Settings Configuring Global Networking Options The Global Options tab of the YaST Network Settings module allows you to set important global networking options, such as the use of NetworkManager, IPv6 and DHCP client options. These settings are applicable for all network interfaces. In the Network Setup Method choose the way network connections are managed.
In the IPv6 Protocol Settings choose whether you want to use the IPv6 protocol. It is possible to use IPv6 together with IPv4. By default, IPv6 is activated. However, in networks not using IPv6 protocol, response times can be faster with IPv6 protocol disabled. If you want to disable IPv6, uncheck the Enable IPv6 option. This disables autoload of the kernel module for IPv6. This will be applied after reboot. In the DHCP Client Options configure options for the DHCP client.
If possible, the first network card with link that is available during the installation is automatically configured to use automatic address setup via DHCP. In case of laptop computers where NetworkManager is active by default, all network cards are configured. DHCP should also be used if you are using a DSL line but with no static IP assigned by the ISP (Internet Service Provider).
NOTE: Aliases Are a Compatibility Feature These so-called aliases resp. labels work with IPv4 only. With IPv6 they will be ignored. Using iproute2 network interfaces can have one or more addresses. Using YaST to set an alias for your network card, proceed as follows: 1 Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit. 2 In the Address > Additional Addresses tab, click Add. 3 Enter Alias Name, IP Address, and Netmask.
5 Click OK and Next. 6 To activate the configuration, click OK. Changing Network Card Kernel Driver For some network cards, several kernel drivers may be available. If the card is already configured, YaST allows you to select a kernel driver to be used from a list of available suitable drivers. It is also possible to specify options for the kernel driver.
ifup. Choose Never to not start the device at all. The On NFSroot is similar to At Boot Time, but the interface does not shut down with the rcnetwork stop command. Use this if you use an nfs or iscsi root file system. 3 Click Next. 4 To activate the configuration, click OK. Usually, only the system administrator can activate and deactivate network interfaces. If you want any user to be able to activate this interface via KInternet, select Enable Device Control for Non-root User via Kinternet.
3 Determine the firewall zone to which your interface should be assigned. The following options are available: Firewall Disabled This option is available only if the firewall is disabled and the firewall does not run at all. Only use this option if your machine is part of a greater network that is protected by an outer firewall. Automatically Assign Zone This option is available only if the firewall is enabled. The firewall is running and the interface is automatically assigned to a firewall zone.
as bridge, bond, TUN or TAP. To configure an undetected network card (or a special device) proceed as follows: 1 In the Network Devices > Network Settings > Overview dialog in YaST click Add. 2 In the Hardware dialog, set the Device Type of the interface from the available options and Configuration Name. If the network card is a PCMCIA or USB device, activate the respective check box and exit this dialog with Next.
To change the name of your computer and adjust the name server search list, proceed as follows: 1 Go to the Network Settings > Hostname/DNS tab in the Network Devices module in YaST. 2 Enter the Hostname and, if needed, the Domain Name. The domain is especially important if the machine is a mail server. Note that the hostname is global and applies to all set network interfaces. If you are using DHCP to get an IP address, the hostname of your computer will be automatically set by the DHCP.
STATIC The static settings have to be merged together with the dynamic settings. STATIC_FALLBACK The static settings are used only when no dynamic configuration is avalaible. For more information, see the man 8 netconfig. 4 Enter the Name Servers and fill in the Domain Search list. Name servers must be specified by IP addresses, such as 192.168.1.116, not by hostnames. Names specified in the Domain Search tab are domain names used for resolving hostnames without a specified domain.
option, enter - metric number in Options. The route with the highest metric is used as default. If the network device is disconnected, its route will be removed and the next one will be used. However, the current kernel does not use metric in static routing, only routing daemons like multipathd do. 4 If the system is a router, enable the IP Forwarding option in the Network Settings. 5 To activate the configuration, click OK. 21.4.
Figure 21.4 Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone. The last option should not be enabled if the modem is connected to an exchange. Under Details, set the baud rate and the modem initialization strings.
In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP. This includes a name for the dial-up connection and ISP as well as the login and password provided by your ISP. Enable Always Ask for Password to be prompted for the password each time you connect.
IP address and the remote IP address. Ask your ISP for this information. Leave Default Route enabled and close the dialog by selecting OK. Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK. 21.4.3 ISDN Use this module to configure one or several ISDN cards for your system. If YaST did not detect your ISDN card, click on Add in the ISDN Devices tab and manually select your card.
your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option. Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots. Manually requires you to load the ISDN driver as root with the command rcisdn start. On Hotplug, used for PCMCIA or USB devices, loads the driver after the device is plugged in. When finished with these settings, select OK.
wrong number, your phone operator automatically falls back to the first MSN assigned to your ISDN line. ISDN Card Connected to a Private Branch Exchange Again, the configuration may vary depending on the equipment installed: 1. Smaller private branch exchanges (PBX) built for home purposes mostly use the Euro-ISDN (EDSS1) protocol for internal calls. These exchanges have an internal S0 bus and use internal numbers for the equipment connected to them. Use one of the internal numbers as your MSN.
When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next. To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99.
• PPP over ATM (PPPoATM) • CAPI for ADSL (Fritz Cards) • Point-to-Point Tunneling Protocol (PPTP)—Austria In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way.
Figure 21.7 DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP.
21.5 NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. With NetworkManager, you do not need to worry about configuring network interfaces and switching between networks when you are moving. 21.5.1 NetworkManager and ifup However, NetworkManager is not a suitable solution for all cases, so you can still choose between the traditional method for managing network connections (ifup) and NetworkManager.
NetworkManager tries to keep your computer connected at all times using the best connection available. If the network cable is accidentally disconnected, it tries to reconnect. It can find the network with the best signal strength from the list of your wireless connections and automatically use it to connect. To get the same functionality with ifup, a great deal of configuration effort is required. 21.5.
21.6 Configuring a Network Connection Manually Manual configuration of the network software should always be the last alternative. Using YaST is recommended. However, this background information about the network configuration can also assist your work with YaST. When the kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the kernel modules.
Command Function stop to stop, rcnetwork start to start and rcnetwork restart to restart network interfaces. If you want to stop, start or restart just one interface, use the command followed by the interface name, for example rcnetwork restart eth0. The rcnetwork status command displays the state of the interfaces, their IP addresses and whether a DHCP client is running.
/etc/sysconfig/network/config, /etc/sysconfig/network/dhcp, and /etc/sysconfig/network/wireless The file config contains general settings for the behavior of ifup, ifdown and ifstatus. dhcp contains settings for DHCP and wireless for wireless LAN cards. The variables in all three configuration files are commented. Some of the variables from /etc/sysconfig/network/config can also be used in ifcfg-* files, where they are given a higher priority. The /etc/sysconfig/network/ifcfg .
behind a gateway. For example, the mask is 255.255.255.255 for a host behind a gateway. The fourth column is only relevant for networks connected to the local host such as loopback, Ethernet, ISDN, PPP and dummy device. The device name must be entered here. An (optional) fifth column can be used to specify the type of a route. Columns that are not needed should contain a minus sign - to ensure that the parser correctly interprets the command. For details, refer to the routes(5) man page.
However, the /etc/resolv.conf should not be edited by hand. Instead, it is generated by the netconfig script.
settings from standard input or from a file specified with the --lease-file filename option and internally stores them until a system reboot (or the next modify or remove action). Already existing settings for the same interface and service combination are overwritten. The interface is specified by the -i interface_name parameter. The service is specified by the -s service_name parameter.
must be at the beginning of the line and the entries separated by blanks and tabs. Comments are always preceded by the # sign. Example 21.6 /etc/hosts 127.0.0.1 localhost 192.168.2.100 jupiter.example.com jupiter 192.168.2.101 venus.example.com venus /etc/networks Here, network names are converted to network addresses. The format is similar to that of the hosts file, except the network names precede the addresses. See Example 21.7, “/etc/networks” (page 357). Example 21.
multi on/off Defines if a host entered in /etc/hosts can have multiple IP addresses. nospoof on spoofalert on/off These parameters influence the name server spoofing but do not exert any influence on the network configuration. trim domainname The specified domain name is separated from the hostname after hostname resolution (as long as the hostname includes the domain name).
The “databases” available over NSS are listed in Table 21.7, “Databases Available via /etc/nsswitch.conf” (page 359). In addition, automount, bootparams, netmasks and publickey are expected in the near future. The configuration options for NSS databases are listed in Table 21.8, “Configuration Options for NSS “Databases”” (page 360). Table 21.7 Databases Available via /etc/nsswitch.conf aliases Mail aliases implemented by sendmail; see man 5 aliases. ethers Ethernet addresses.
Table 21.8 Configuration Options for NSS “Databases” files directly access files, for example, /etc/aliases db access via a database nis, nisplus NIS, see also Chapter 3, Using NIS (↑Security Guide) dns can only be used as an extension for hosts and networks compat can only be used as an extension for passwd, shadow and group /etc/nscd.conf This file is used to configure nscd (name service cache daemon). See the nscd(8) and nscd.conf(5) man pages.
21.6.2 Testing the Configuration Before you write your configuration to the configuration files, you can test it. To set up a test configuration, use the ip command. To test the connection, use the ping command. Older configuration tools, ifconfig and route, are also available. The commands ip, ifconfig and route change the network configuration directly without saving it in the configuration file.
If no command is given, the default command is used (usually list). Change the state of a device with the command ip link set device_name command. For example, to deactivate device eth0, enter ip link set eth0 down. To activate it again, use ip link set eth0 up. After activating a device, you can configure it. To set the IP address, use ip addr add ip_address + dev device_name. For example, to set the address of the interface eth0 to 192.168.12.
ping output. The second-to-last line contains information about number of transmitted packets, packet loss, and total time of ping running. As the destination, you can use a hostname or IP address, for example, ping example.com or ping 192.168.3.100. The program sends packets until you press Ctrl + C. If you only need to check the functionality of the connection, you can limit the number of the packets with the -c option. For example to limit ping to three packets, enter ping -c 3 example.com. Example 21.
Configuring the Network with ifconfig ifconfig is a network configuration tool. NOTE: ifconfig and ip The ifconfig tool is obsolete. Use ip instead. In contrast to ip, you can use ifconfig only for interface configuration. It limits interface names to 9 characters. Without arguments, ifconfig displays the status of the currently active interfaces. As you can see in Example 21.11, “Output of the ifconfig Command” (page 364), ifconfig has very well-arranged and detailed output.
Configuring Routing with route route is a program for manipulating the IP routing table. You can use it to view your routing configuration and add or remove of routes. NOTE: route and ip The program route is obsolete. Use ip instead. route is especially useful if you need quick and comprehensible information about your routing configuration to determine problems with routing. To view your current routing configuration, enter route -n as root. Example 21.
/etc/init.d/xinetd Starts xinetd. xinetd can be used to make server services available on the system. For example, it can start vsftpd whenever an FTP connection is initiated. /etc/init.d/rpcbind Starts the rpcbind utility that converts RPC program numbers to universal addresses. It is needed for RPC services, such as an NFS server. /etc/init.d/nfsserver Starts the NFS server. /etc/init.d/postfix Controls the postfix process. /etc/init.d/ypserv Starts the NIS server. /etc/init.
21.7.1 Configuring smpppd The connections provided by smpppd are automatically configured by YaST. The actual dial-up programs KInternet and cinternet are also preconfigured. Manual settings are only required to configure additional features of smpppd such as remote control. The configuration file of smpppd is /etc/smpppd.conf. By default, it does not enable remote control.
21.7.2 Configuring KInternet and cinternet for Remote Use KInternet and cinternet can be used to control a local or remote smpppd. cinternet is the command-line counterpart to the graphical KInternet. To prepare these utilities for use with a remote smpppd, edit the configuration file /etc/smpppd-c.conf manually or using KInternet. This file only uses four options: sites = list of sites list of sites where the front-ends search for smpppd. The front-ends test the options in the order specified here.
SLP Services in the Network 22 The service location protocol (SLP) was developed to simplify the configuration of networked clients within a local network. To configure a network client, including all required services, the administrator traditionally needs detailed knowledge of the servers available in the network. SLP makes the availability of selected services known to all clients in the local network. Applications that support SLP can use the information distributed and be configured automatically.
22.2 Activating SLP slpd must run on your system to offer services with SLP. If the machine should only operate as client, and does not offer services, it is not necessary to run slpd. Like most system services in openSUSE, the slpd daemon is controlled by means of a separate init script. After the installation, the daemon is inactive by default. To activate it temporarily, run rcslpd start as root or rcslpd stop to stop it. Perform a restart or status check with restart or status.
22.5 Providing Services via SLP Many applications in openSUSE have integrated SLP support through the use of the libslp library. If a service has not been compiled with SLP support, use one of the following methods to make it available via SLP: Static Registration with /etc/slp.reg.d Create a separate registration file for each new service.
Dynamic Registration with slptool If a service needs to be registered dynamically without the need of configuration files, use the slptool command line utility. The same utility can also be used to deregister an existing service offering without restarting slpd. 22.6 For More Information RFC 2608, 2609, 2610 RFC 2608 generally deals with the definition of SLP. RFC 2609 deals with the syntax of the service URLs used in greater detail and RFC 2610 deals with DHCP via SLP. http://www.openslp.
The Domain Name System 23 DNS (domain name system) is needed to resolve the domain names and hostnames into IP addresses. In this way, the IP address 192.168.2.100 is assigned to the hostname jupiter, for example. Before setting up your own name server, read the general information about DNS in Section 21.3, “Name Resolution” (page 327). The following configuration examples refer to BIND. 23.1 DNS Terminology Zone The domain namespace is divided into regions called zones.
(not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone. Forwarder Forwarders are DNS servers to which your DNS server should send queries it cannot answer. To enable different configuration sources in one configuration, netconfig is used (see also man 8 netconfig). Record The record is information about name and IP address. Supported records and their syntax are described in BIND documentation.
a basic server configuration. Use the expert mode to deal with more advanced configuration tasks, such as setting up ACLs, logging, TSIG keys, and other options. 23.3.1 Wizard Configuration The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode. 1 When starting the module for the first time, the Forwarder Settings dialog, shown in Figure 23.
new zone, provide a name for it in Name. To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the Type (master, slave, or forward). See Figure 23.2, “DNS Server Installation: DNS Zones” (page 376). Click Edit to configure other settings of an existing zone. To remove a zone, click Delete. Figure 23.2 DNS Server Installation: DNS Zones 3 In the final dialog, you can open the DNS port in the firewall by clicking Open Port in Firewall.
Figure 23.3 DNS Server Installation: Finish Wizard 23.3.2 Expert Configuration After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place: Start-Up Under Start-Up, define whether the DNS server should be started when the booting the system or manually. To start the DNS server immediately, click Start DNS Server Now. To stop the DNS server, click Stop DNS Server Now.
Forwarders If your local DNS server cannot answer a request, it tries to forward the request to a Forwarder, if configured so. This forwarder may be added manually to the Forwarder List. If the forwarder is not static like in dial-up connections, netconfig handles the configuration. For more information about netconfig, see man 8 netconfig. Basic Options In this section, set basic server options. From the Option menu, select the desired item then specify the value in the corresponding entry field.
Figure 23.4 DNS Server: Logging ACLs Use this dialog to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under Name, specify an IP address (with or without netmask) under Value in the following fashion: { 192.168.1/24; } The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces. TSIG Keys The main purpose of TSIGs (transaction signatures) is to secure communications between DHCP and DNS servers.
To generate a TSIG key, enter a distinctive name in the field labeled Key ID and specify the file where the key should be stored (Filename). Confirm your choices with Generate. To use a previously created key, leave the Key ID field blank and select the file where it is stored under Filename. After that, confirm with Add. DNS Zones (Adding a Slave Zone) To add a slave zone, select DNS Zones, choose the zone type Slave, write the name of the new zone, and click Add.
Figure 23.5 DNS Server: Zone Editor (Basics) Zone Editor (NS Records) The NS Records dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. See Figure 23.6, “DNS Server: Zone Editor (NS Records)” (page 382).
Figure 23.6 DNS Server: Zone Editor (NS Records) Zone Editor (MX Records) To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. See Figure 23.7, “DNS Server: Zone Editor (MX Records)” (page 383).
Figure 23.7 DNS Server: Zone Editor (MX Records) Zone Editor (SOA) This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 23.6, “The /var/lib/named/example.com.zone File” (page 391).
Figure 23.8 DNS Server: Zone Editor (SOA) Zone Editor (Records) This dialog manages name resolution. In Record Key, enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. Use the types NS and MX for detailed or partial records that expand on the information provided in the NS Records and MX Records tabs. These three types resolve to an existing A record. PTR is for reverse zones.
23.4 Starting the BIND Name Server On a openSUSE® system, the name server BIND (Berkeley Internet Name Domain) comes preconfigured so it can be started right after installation without any problem. If you already have a functioning Internet connection and have entered 127.0.0.1 as the name server address for localhost in /etc/resolv.conf, you normally already have a working name resolution without needing to know the DNS of the provider.
To use the name server of the provider (or one already running on your network) as the forwarder, enter the corresponding IP address or addresses in the options section under forwarders. The addresses included in Example 23.1, “Forwarding Options in named.conf” (page 386) are just examples. Adjust these entries to your own setup. Example 23.1 Forwarding Options in named.conf options { directory "/var/lib/named"; forwarders { 10.11.12.13; 10.11.12.14; }; listen-on { 127.0.0.1; 192.168.1.
Example 23.2 A Basic /etc/named.conf options { directory "/var/lib/named"; forwarders { 10.0.0.1; }; notify no; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "." in { type hint; file "root.hint"; }; 23.5.1 Important Configuration Options directory "filename"; Specifies the directory in which BIND can find the files containing the zone data. Usually, this is /var/lib/named.
127.0.0.1 to permit requests from the local host. If you omit this entry entirely, all interfaces are used by default. listen-on-v6 port 53 {any; }; Tells BIND on which port it should listen for IPv6 client requests. The only alternative to any is none. As far as IPv6 is concerned, the server only accepts wild card addresses. query-source address * port 53; This entry is necessary if a firewall is blocking outgoing DNS requests.
tected at start-up. Otherwise, the interval can be defined in minutes. The default is sixty minutes. notify no; no prevents other name servers from being informed when changes are made to the zone data or when the name server is restarted. For a list of available options, read the manual page man 5 named.conf. 23.5.2 Logging What, how, and where logging takes place can be extensively configured in BIND. Normally, the default settings should be sufficient. Example 23.
Example 23.5 Zone Entry for example.net zone "example.net" in { type slave; file "slave/example.net.zone"; masters { 10.0.0.1; }; }; The zone options: type master; By specifying master, tell BIND that the zone is handled by the local name server. This assumes that a zone file has been created in the correct format. type slave; This zone is transferred from another name server. It must be used together with masters. type hint; The zone . of the hint type is used to set the root name servers.
23.6 Zone Files Two types of zone files are needed. One assigns IP addresses to hostnames and the other does the reverse: it supplies a hostname for an IP address. TIP: Using the Dot (Period, Fullstop) in Zone Files The "." has an important meaning in the zone files. If hostnames are given without a final ., the zone is appended. Complete hostnames specified with a full domain name must end with a . to avoid having the domain added to it again. A missing or wrongly placed ".
Line 2: This is where the SOA (start of authority) control record begins: • The name of the domain to administer is example.com in the first position. This ends with ".", because otherwise the zone would be appended a second time. Alternatively, @ can be entered here, in which case the zone would be extracted from the corresponding entry in /etc/named.conf. • After IN SOA is the name of the name server in charge as master for this zone. The name is expanded from dns to dns.example.
Line 7: The last entry in the SOA record specifies the negative caching TTL—the time for which results of unresolved DNS queries from other servers may be cached. Line 9: The IN NS specifies the name server responsible for this domain. dns is extended to dns.example.com because it does not end with a ".". There can be several lines like this—one for the primary and one for each secondary name server. If notify is not set to no in /etc/named.
The pseudodomain in-addr.arpa is used for the reverse lookup of IP addresses into hostnames. It is appended to the network part of the address in reverse notation. So 192.168 is resolved into 168.192.in-addr.arpa. See Example 23.7, “Reverse Lookup” (page 394). Example 23.7 Reverse Lookup 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. $TTL 2D 168.192.in-addr.arpa. 1.5 100.3 253.2 IN SOA dns.example.com. root.example.com. ( 2003072441 ; serial 1D ; refresh 2H ; retry 1W ; expiry 2D ) ; minimum IN NS dns.
the "." at the end. Appending the zone to this (without the .in-addr.arpa) results in the complete IP address in reverse order. Normally, zone transfers between different versions of BIND should be possible without any problem. 23.7 Dynamic Update of Zone Data The term dynamic update refers to operations by which entries in the zone files of a master server are added, changed, or deleted. This mechanism is described in RFC 2136.
The key itself (a string like ejIkuCyyGJwwuN3xAteKgg==) is found in both files. To use it for transactions, the second file (Khost1-host2.+157+34265.key) must be transferred to the remote host, preferably in a secure way (using scp, for example). On the remote server, the key must be included in the /etc/named.conf file to enable a secure communication between host1 and host2: key host1-host2 { algorithm hmac-md5; secret "ejIkuCyyGJwwuN3xAteKgg=="; }; WARNING: File Permissions of /etc/named.
23.9 DNS Security DNSSEC, or DNS security, is described in RFC 2535. The tools available for DNSSEC are discussed in the BIND Manual. A zone considered secure must have one or several zone keys associated with it. These are generated with dnssec-keygen, just like the host keys. The DSA encryption algorithm is currently used to generate these keys. The public keys generated should be included in the corresponding zone file with an $INCLUDE rule.
24 DHCP The purpose of the dynamic host configuration protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. If you use the NetworkManager on the client side, you do not need to configure the client at all.
and serves two address ranges, 192.168.2.10 to 192.168.2.20 and 192.168.2.100 192.168.2.200. A DHCP server supplies not only the IP address and the netmask, but also the hostname, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server. 24.
Card Selection In the first step, YaST looks for the network interfaces available on your system, then displays them in a list. From the list, select the interface on which the DHCP server should listen and click Select. After this, select Open Firewall for Selected Interfaces to open the firewall for this interface, and click Next. See Figure 24.1, “DHCP Server: Card Selection” (page 401). Figure 24.
Figure 24.2 DHCP Server: Global Settings Dynamic DHCP In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease.
Figure 24.3 DHCP Server: Dynamic DHCP Finishing the Configuration and Setting the Start Mode After the third part of the configuration wizard, a last dialog is shown in which you can define how the DHCP server should be started. Here, specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for test purposes). Click Finish to complete the configuration of the server. See Figure 24.4, “DHCP Server: Start-Up” (page 403). Figure 24.
24.2 DHCP Software Packages Both the DHCP server and the DHCP clients are available for openSUSE. The DHCP server available is dhcpd (published by the Internet Systems Consortium). On the client side, choose between two different DHCP client programs: dhcp-client (also from ISC) and the DHCP client daemon in the dhcpcd package. openSUSE installs dhcpcd by default. The program is very easy to handle and is launched automatically on each system boot to watch for a DHCP server.
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd is not started. The sample file can be divided into three sections. The first one defines how many seconds an IP address is leased to a requesting client by default (default-lease-time) before it should apply for renewal.
unexpected problems with your configuration (the server aborts with an error or does not return done on start) ,you should be able to find out what has gone wrong by looking for information either in the main system log /var/log/messages or on console 10 (Ctrl + Alt + F10). On a default openSUSE system, the DHCP daemon is started in a chroot environment for security reasons. The configuration files must be copied to the chroot environment so the daemon can find them.
In the preceding example, a client with a network card having the MAC address 00:30:6E:08:EC:80 is assigned the IP address 192.168.2.100 and the hostname jupiter automatically. The type of hardware to enter is ethernet in nearly all cases, although token-ring, which is often found on IBM systems, is also supported. 24.3.2 The openSUSE Version To improve security, the openSUSE version of the ISC's DHCP server comes with the non-root/chroot patch by Ari Edelkind applied.
even after a restart of the syslog-ng daemon, there is an additional entry SYSLOGD_ADDITIONAL_SOCKET_DHCP in the file /etc/sysconfig/syslog. 24.4 For More Information More information about DHCP is available at the Web site of the Internet Systems Consortium (http://www.isc.org/products/DHCP/). Information is also available in the dhcpd, dhcpd.conf, dhcpd.leases, and dhcp-options man pages.
Time Synchronization with NTP 25 The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofold—maintaining the absolute time and synchronizing the system time of all machines within a network. Maintaining an exact system time is important in many situations.
25.1.1 Basic Configuration The YaST NTP client configuration (Network Services > NTP Configuration) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab. Figure 25.1 Advanced NTP Configuration: General Settings Only Manually Select Only Manually, if you want to configure everything on your own. Synchronize without Daemon On laptops and other machines that suspend automatically, select Synchronize without Daemon.
Now and On Boot Select Now and On Boot to start ntpd automatically when the system is booted. Either of 0.opensuse.pool.ntp.org, 1.opensuse.pool.ntp.org, 2.opensuse.pool.ntp.org, or 3.opensuse.pool.ntp.org is preselected. 25.1.2 Changing Basic Configuration The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add, Edit, and Delete. Display Log provides the possibility to view the log files of your client.
Server In the pull-down Select list (see Figure 25.2, “YaST: NTP Server” (page 411), determine whether to set up time synchronization using a time server from your local network (Local NTP Server) or an Internet-based time server that takes care of your time zone (Public NTP Server). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK.
local radio clock is available in /usr/share/doc/packages/ntp-doc/ refclock.html. Outgoing Broadcast Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock.
Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. Once enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.
25.3 Dynamic Time Synchronization at Runtime If the system boots without network connection, ntpd starts up, but it cannot resolve DNS names of the time servers set in the configuration file. This can happen if you use Network Manager with an encrypted WLAN. If you want ntpd to resolve DNS names at runtime, you must set the dynamic option. Then, when the network is establish some time after booting, ntpd looks up the names again and can reach the time servers to get the time. Manually edit /etc/ntp.
The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127.t.u. Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used. Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driverNN .
Sharing File Systems with NFS 26 Distributing and sharing file systems over a network is a common task in corporate environments. The proven NFS system works together with NIS, the yellow pages protocol. For a more secure protocol that works together with LDAP and may also be kerberized, check NFSv4. NFS with NIS makes a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network.
> Patterns and select File Server or use the Search option and search for NFS Server. Confirm the installation of the packages to finish the installation process. 26.2 Importing File Systems with YaST Authorized users can mount NFS directories from an NFS server into the local file tree using the YaST NFS client module. Click on Add and enter the hostname of the NFS server, the directory to import, and the mount point at which to mount this directory locally.
Figure 26.1 NFS Client Configuration with YaST 26.3 Importing File Systems Manually The prerequisite for importing file systems manually from an NFS server is a running RPC port mapper. Start it by entering rcrpcbind start as root. Then remote file systems can be mounted in the file system like local partitions using mount: mount host:remote-path local-path To import user directories from the nfs.example.com machine, for example, use: mount nfs.example.com:/home /home 26.3.
Now the /nfsmounts directory acts as the root for all the NFS mounts on the client if the auto.nfs file is filled appropriately. The name auto.nfs is chosen for the sake of convenience—you can choose any name. In auto.nfs add entries for all the NFS mounts as follows: localdata -fstype=nfs server1:/data nfs4mount -fstype=nfs4 server2:/ Activate the settings with rcautofs start as root.
26.4 Exporting File Systems with YaST With YaST, turn a host in your network into an NFS server—a server that exports directories and files to all hosts granted access to it. This could be done to provide applications to all members of a group without installing the appliocations locally on each and every host. To install such a server, start YaST and select Network Services > NFS Server; see Figure 26.2, “NFS Server Configuration Tool” (page 421). Figure 26.
click Help. In the lower half of the dialog, there are four options that can be set for each host: single host, netgroups, wildcards, and IP networks. For a more thorough explanation of these options, refer to the exports man page. Click Finish to complete the configuration. Figure 26.
After activating NFSv4, enter an appropriate domain name. Make sure the name is the same as the one in the /etc/idmapd.conf file of any NFSv4 client that accesses this particular server. This parameter is for the idmapd service that is required for NFSv4 support (on both server and client). Leave it as localdomain (the default) if you do not have special requirements. For more information, see the links in Section 26.7, “For More Information” (page 429). Click Next. The dialog that follows has two sections.
In the lower half of the dialog, enter the client (wild card) and export options for a particular directory. After adding a directory in the upper half, another dialog for entering the client and option information pops up automatically. After that, to add a new client (client set), click Add Host. In the small dialog that opens, enter the host wild card.
Figure 26.5 Exporting Directories with NFSv2 and v3 26.4.3 Coexisting v3 and v4 Exports Both, NFSv3 and NFSv4 exports can coexist on a server. After enabling the support for NFSv4 in the initial configuration dialog, those exports for which fsid=0 and bind=/target/path are not included in the option list are considered v3 exports. Consider the example in Figure 26.3, “Configuring an NFS Server with YaST” (page 422).
26.5 Exporting File Systems Manually The configuration files for the NFS export service are /etc/exports and /etc/ sysconfig/nfs. In addition to these files, /etc/idmapd.conf is needed for the NFSv4 server configuration. To start or restart the services, run the command rcnfsserver restart. This also starts the rpc.idmapd if NFSv4 is configured in /etc/sysconfig/nfs. The NFS server depends on a running RPC portmapper. Therefore, also start or restart the portmapper service with rcrpcbind restart. 26.5.
In the example above, /data is not within /export, so we export /export/data, and specify that the /data directory should be bound to that name. The directory /export/data must exist and should normally be empty. When clients mount from this server, they just mount servername:/ rather than servername:/export. It is not necessary to mount servername:/data, because it will automatically appear beneath wherever servername:/ was mounted.
For further reference, read the man page of idmapd and idmapd.conf; man idmapd, man idmapd.conf. Starting and Stopping Services After changing /etc/exports or /etc/sysconfig/nfs, start or restart the NFS server service with rcnfsserver restart. After changing /etc/idmapd .conf, reload the configuration file with the command killall -HUP rpc.idmapd. If the NFS service needs to start at boot time, run the command chkconfig nfsserver on. 26.5.
26.6 NFS with Kerberos To use Kerberos authentication for NFS, GSS security must be enabled. To do so, select Enable GSS Security in the initial YaST NFS Server dialog. You must have a working Kerberos server to use this feature. YaST does not set up the server but just uses the provided functionality.
27 Samba Using Samba, a Unix machine can be configured as a file and print server for Mac OS X, Windows, and OS/2 machines. Samba has developed into a fully-fledged and rather complex product. Configure Samba with YaST, SWAT (a Web interface), or by editing the configuration file manually. 27.1 Terminology The following are some terms used in Samba documentation and in the YaST module. SMB protocol Samba uses the SMB (server message block) protocol that is based on the NetBIOS services.
reserve names for themselves. After reservation, these machines can be addressed by name. There is no central process that checks names. Any machine on the network can reserve as many names as it wants as long as the names are not already in use. The NetBIOS interface can be implemented for different network architectures. An implementation that works relatively closely with network hardware is called NetBEUI, but this is often referred to as NetBIOS.
27.2 Installing a Samba Server To install a Samba server, start YaST and select Software > Software Management. Choose Filter > Patterns and select File Server. Confirm the installation of the required packages to finish the installation process. 27.3 Starting and Stopping Samba You can start or stop the Samba server automatically (during boot) or manually. Starting and stopping policy is a part of the YaST Samba server configuration described in Section 27.4.
The Samba Installation dialog consists of two steps and optional detailed settings: Workgroup or Domain Name Select an existing name from Workgroup or Domain Name or enter a new one and click Next. Samba Server Type In the next step, specify whether your server should act as CD (PDC) and click Next. Start-Up Select whether you want to start Samba During Boot or Manually and click OK. Then in the final popup box, set the Samba root Password.
Shares In the Shares tab, determine the Samba shares to activate. There are some predefined shares, like homes and printers. Use Toggle Status to switch between Active and Inactive. Click Add to add new shares and Delete to delete the selected share. Allow Users to Share Their Directories enables members of the group in Permitted Group to share directories they own with other users. For example, users for a local scope or DOMAIN\Users for a domain scope.
27.4.2 Web Administration with SWAT An alternative tool for Samba server administration is SWAT (Samba Web Administration Tool). It provides a simple Web interface with which to configure the Samba server. To use SWAT, open http://localhost:901 in a Web browser and log in as user root. If you do not have a special Samba root account, use the system root account. NOTE: Activating SWAT After Samba server installation, SWAT is not activated.
os level = 20 This parameter triggers whether your Samba server tries to become LMB (local master browser) for its workgroup. With the Samba 3 release series, it is seldom necessary to override the default setting (20). Choose a very low value such as 2 to spare the existing Windows network from any disturbances caused by a misconfigured Samba server.
Example 27.1 A CD-ROM Share (deactivated) ;[cdrom] ; comment = Linux CD-ROM ; path = /media/cdrom ; locking = No [cdrom] and comment The [cdrom] section entry is the name of the share that can be seen by all SMB clients on the network. An additional comment can be added to further describe the share. path = /media/cdrom path exports the directory /media/cdrom. By means of a very restrictive default configuration, this kind of share is only made available to the users present on this system.
valid users = %S %S is replaced with the concrete name of the share as soon as a connection has been successfully established. For a [homes] share, this is always the username. As a consequence, access rights to a user's share are restricted exclusively to that user. browseable = No This setting makes the share invisible in the network environment. read only = No By default, Samba prohibits write access to any exported share by means of the read only = Yes parameter.
Server Level Security (security = server) To its clients, Samba pretends to be working in user level mode. However, it passes all password queries to another user level mode server, which takes care of authentication. This setting requires the additional password server parameter. ADS Level Security (security = ADS) In this mode, Samba will act as a domain member in an Active Directory environment. To operate in this mode, the machine running Samba needs Kerberos installed and configured.
user authentication runs over the Samba server. After completing all settings, click Finish to finish the configuration. 27.6 Samba as Login Server In networks where predominantly Windows clients are found, it is often preferable that users may only register with a valid account and password. In a Windows-based network, this task is handled by a primary domain controller (PDC). You can use a Windows NT server configured as PDC, but this task can also be done with a Samba server.
belonging to this Linux group can be assigned Domain Admin status with the command: net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin For more information about this topic, see Chapter 12 of the Samba 3 HOWTO, found in /usr/share/doc/packages/samba/Samba3-HOWTO.pdf. 27.7 For More Information Detailed Samba information is available in the digital documentation.
28 The Apache HTTP Server With a share of more than 50%, the Apache HTTP Server (Apache) is the world's most widely-used Web server according to the Survey from http://www.netcraft .com/. Apache, developed by the Apache Software Foundation (http://www .apache.org/), is available for most operating systems. openSUSE® includes Apache version 2.2. In this chapter, learn how to install, configure and set up a Web server; how to use SSL, CGI, and additional modules; and how to troubleshoot Apache. 28.
3. The latest security updates are installed. If in doubt, run a YaST Online Update. 4. The default Web server port (port 80) is opened in the firewall. For this, configure the SUSEFirewall2 to allow the service HTTP Server in the external zone. This can be done using YaST. Section “Configuring the Firewall with YaST” (Chapter 14, Masquerading and Firewalls, ↑Security Guide) gives details. 28.1.2 Installation Apache on openSUSE is not installed by default.
3 Search for apache2 and Enable the service. The Web server starts immediately. 4 Save your changes with Finish. The system is configured to automatically start Apache in runlevels 3 and 5 during boot. For more information about the runlevels in openSUSE and a description of the YaST runlevel editor, refer to Section 16.2.3, “Configuring System Services (Runlevel) with YaST” (page 238). To manually start Apache using the shell, run rcapache2 start. Procedure 28.
IMPORTANT: Reload or Restart Apache After Configuration Changes Most configuration changes require a reload (some also a restart) of Apache to take effect. Manually reload Apache with rcapache2 reload or use one of the restart options as described in Section 28.3, “Starting and Stopping Apache” (page 460). If you configure Apache with YaST, this can be taken care of automatically if you set HTTP Service to Enabled as described in Section “HTTP Server Configuration” (page 458). 28.2.
to as directives). Every configuration option in these files is extensively documented and therefore not mentioned here. The Apache configuration files are organized as follows: /etc/apache2/ | |- charset.conv |- conf.d/ | | | |- *.conf | |- default-server.conf |- errors.conf |- httpd.conf |- listen.conf |- magic |- mime.types |- mod_*.conf |- server-tuning.conf |- ssl.* |- ssl-global.conf |- sysconfig.d | | | |- global.conf | |- include.conf | |- loadmodule.conf . . | |- uid.conf |- vhosts.d | |- *.
errors.conf Defines how Apache responds to errors. To customize these messages for all virtual hosts, edit this file. Otherwise overwrite these directives in your virtual host configurations. httpd.conf The main Apache server configuration file. Avoid changing this file. It primarily contains include statements and global settings. Overwrite global settings in the pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration. listen.
sysconfig.d/*.conf Configuration files automatically generated from /etc/sysconfig/apache2. Do not change any of these files—edit /etc/sysconfig/apache2 instead. Do not put other configuration files in this directory. uid.conf Specifies under which user and group ID Apache runs. Do not change. vhosts.d/*.conf Your virtual host configuration should go here. The directory contains template files for virtual hosts with and without SSL. Every file in this directory ending in .
.d/. All files in this directory with the extension .conf are automatically included to the configuration. A basic template for a virtual host is provided in this directory (vhost.template or vhost-ssl.template for a virtual host with SSL support). TIP: Always Create a Virtual Host Configuration It is recommended to always create a virtual host configuration file, even if your Web server only hosts one domain.
The first argument can be a fully qualified domain name, but it is recommended to use the IP address. The second argument is the port and is optional. By default, port 80 is used and is configured via the Listen directive. The wild card * can be used for both the IP address and the port number to receive requests on all interfaces. IPv6 addresses must be enclosed in square brackets. Example 28.1 Variations of Name-Based VirtualHost Entries # NameVirtualHost IP-address[:Port] NameVirtualHost 192.168.3.
IP-Based Virtual Hosts This alternative virtual host configuration requires the setup of multiple IPs for a machine. One instance of Apache hosts several domains, each of which is assigned a different IP. The physical server must have one IP address for each IP-based virtual host. If the machine does not have multiple network cards, virtual network interfaces (IP aliasing) can also be used. The following example shows Apache running on a machine with the IP 192.168.3.
DocumentRoot Path to the directory from which Apache should serve files for this host. For security reasons, access to the entire file system is forbidden by default, so you must explicitly unlock this directory within a Directory container. ServerAdmin E-mail address of the server administrator. This address is, for example, shown on error pages Apache creates. ErrorLog The error log file for this virtual host.
28.2.3 Configuring Apache with YaST To configure your Web server with YaST, start YaST and select Network Services > HTTP Server. When starting the module for the first time, the HTTP Server Wizard starts, prompting you to make a few basic decisions concerning administration of the server. After having finished the wizard, the HTTP Server Configuration dialog starts each time you call the HTTP Server module. For more information, see Section “HTTP Server Configuration” (page 458).
Default Host This option pertains to the default Web server. As explained in Section “Virtual Host Configuration” (page 449), Apache can serve multiple virtual hosts from a single physical machine. The first declared virtual host in the configuration file is commonly referred to as the default host. Each virtual host inherits the default host's configuration. To edit the host settings (also called directives), choose the appropriate entry in the table then click Edit. To add new directives, click Add.
Alias With the help of Alias directives, URLs can be mapped to physical file system locations. This means that a certain path even outside the Document Root in the file system can be accessed via a URL aliasing that path. The default openSUSE Alias /icons points to /usr/share/apache2/ icons for the Apache icons displayed in the directory index view. ScriptAlias Similar to the Alias directive, the ScriptAlias directive maps a URL to a file system location.
After finishing with the Default Host step, click Next to continue with the configuration. Virtual Hosts In this step, the wizard displays a list of already configured virtual hosts (see Section “Virtual Host Configuration” (page 449)). If you have not made manual changes prior to starting the YaST HTTP wizard, no virtual host is present.
Figure 28.2 HTTP Server Wizard: Summary HTTP Server Configuration The HTTP Server Configuration dialog also lets you make even more adjustments to the configuration than the wizard (which only runs if you configure your Web server for the first time). It consists of four tabs described in the following. No configuration option you change here is effective immediately—you always must confirm your changes with Finish to make them effective.
interfaces, click on Firewall Details... to specify on which interface(s) the port(s) should be opened. With Log Files, watch either the access log or the error log. This is useful if you want to test your configuration. The log file opens in a separate window from which you can also restart or reload the Web server. For details, see Section 28.3, “Starting and Stopping Apache” (page 460). These commands are effective immediately and their log messages are also displayed immediately. Figure 28.
Figure 28.4 HTTP Server Configuration: Server Modules Main Host or Hosts These dialogs are identical to the ones already described. Refer to Section “Default Host” (page 455) and Section “Virtual Hosts” (page 457). 28.3 Starting and Stopping Apache If configured with YaST as described in Section 28.2.3, “Configuring Apache with YaST” (page 454), Apache is started at boot time in runlevels 3 and 5 and stopped in runlevels 0, 1, 2, and 6.
status Checks if Apache is started. start Starts Apache if it is not already running. startssl Starts Apache with SSL support if it is not already running. For more information about SSL support, refer to Section 28.6, “Setting Up a Secure Web Server with SSL” (page 473). stop Stops Apache by terminating the parent process. restart Stops and then restarts Apache. Starts the Web server if it was not running before. try-restart Stops then restarts Apache only if it is already running.
GracefulShutdownTimeout needs to be set, otherwise restart-graceful will result in a regular restart. If set to zero, the server will wait indefinitely until all remaining requests have been fully served. A graceful restart can fail if the original Apache instance is not able to clear all necessary resources. In this case, the command will result in a graceful stop.
28.4 Installing, Activating, and Configuring Modules The Apache software is built in a modular fashion: all functionality except some core tasks is handled by modules. This has progressed so far that even HTTP is processed by a module (http_core). Apache modules can be compiled into the Apache binary at build time or dynamically loaded at runtime. Refer to Section 28.4.2, “Activation and Deactivation” (page 464) for details of how to load modules dynamically.
You can install additional external modules by starting YaST and choosing Software > Software Management. Now choose Filter > Search and search for apache. Among other packages, the results list contains all available external Apache modules. 28.4.2 Activation and Deactivation Activate or deactivate particular modules either manually or with YaST.
mod_alias Provides Alias and Redirect directives with which you can map a URl to a specific directory (Alias) or redirect a requested URL to another location. This module is enabled by default. mod_auth* The authentication modules provide different authentication methods: basic authentication with mod_auth_basic or digest authentication with mod_auth_digest. Digest authentication in Apache 2.2 is considered experimental.
mod_env Controls the environment that is passed to CGI scripts or SSI pages. Environment variables can be set or unset or passed from the shell that invoked the httpd process. This module is enabled by default. mod_expires With mod_expires, you can control how often proxy and browser caches refresh your documents by sending an Expires header. This module is enabled by default.
mod_setenvif Sets environment variables based on details of the client's request, such as the browser string the client sends, or the client's IP address. This module is enabled by default. mod_speling mod_speling attempts to automatically correct typographical errors in URLs, such as capitalization errors. mod_ssl Enables encrypted connections between Web server and clients. See Section 28.6, “Setting Up a Secure Web Server with SSL” (page 473) for details. This module is enabled by default.
Prefork MPM The prefork MPM implements a nonthreaded, preforking Web server. It makes the Web server behave similarly to Apache version 1.x in that it isolates each request and handles it by forking a separate child process. Thus problematic requests cannot affect others, avoiding a lockup of the Web server. While providing stability with this process-based approach, the prefork MPM consumes more system resources than its counterpart, the worker MPM.
28.4.5 External Modules Find a list of all external modules shipped with openSUSE here. Find the module's documentation in the listed directory. mod-apparmor Adds support to Apache to provide Novell AppArmor confinement to individual CGI scripts handled by modules like mod_php5 and mod_perl. Package Name: apache2-mod_apparmor More Information: Part “Confining Privileges with Novell AppArmor” (↑Security Guide) mod_mono Using mod_mono allows you to run ASP.NET pages in your server.
Package Name: apache2-mod_python More Information: /usr/share/doc/packages/apache2-mod_python mod_tidy mod_tidy validates each outgoing HTML page by means of the TidyLib. In case of a validation error, a page with an error list is delivered. Otherwise the original HTML page is delivered. Package Name: apache2-mod_tidy Configuration File: /etc/apache2/mod_tidy.conf More Information: /usr/share/doc/packages/apache2-mod_tidy 28.4.
where -c compiles the module, -i installs it, and -a activates it. Other options of apxs2 are described in the apxs2(1) man page. 28.5 Getting CGI Scripts to Work Apache's Common Gateway Interface (CGI) lets you create dynamic content with programs or scripts usually referred to as CGI scripts. CGI scripts can be written in any programming language. Usually, script languages such as Perl or PHP are used. To enable Apache to deliver content created by CGI scripts, mod_cgi needs to be activated.
Example 28.5 VirtualHost CGI Configuration ScriptAlias /cgi-bin/ "/srv/www/www.example.com/cgi-bin/"❶ Options +ExecCGI❷ AddHandler cgi-script .cgi .pl❸ Order allow,deny❹ Allow from all ❶ Tells Apache to handle all files within this directory as CGI scripts. ❷ Enables CGI script execution ❸ Tells the server to treat files with the extensions .pl and .cgi as CGI scripts. Adjust according to your needs.
Now call http://localhost/cgi-bin/test.cgi or http://www.example.com/cgi-bin/test.cgi. You should see the “CGI/1.0 test script report”. 28.5.3 CGI Troubleshooting If you do not see the output of the test program but an error message instead, check the following: CGI Troubleshooting • Have you reloaded the server after having changed the configuration? Check with rcapache2 probe.
For this purpose, the server sends an SSL certificate that holds information proving the server's valid identity before any request to a URL is answered. In turn, this guarantees that the server is the uniquely correct end point for the communication. Additionally, the certificate generates an encrypted connection between client and server that can transport information without the risk of exposing sensitive, plain-text content.
Creating a “Dummy” Certificate Generating a dummy certificate is simple. Just call the script /usr/bin/gensslcert. It creates or overwrites the files listed below. Make use of gensslcert's optional switches to fine-tune the certificate. Call /usr/bin/gensslcert -h for more information. • /etc/apache2/ssl.crt/ca.crt • /etc/apache2/ssl.crt/server.crt • /etc/apache2/ssl.key/server.key • /etc/apache2/ssl.csr/server.csr • /root/.mkcert.cfg A copy of ca.crt is also placed at /srv/www/htdocs/CA.crt for download.
Choose RSA (R, the default), because some older browsers have problems with DSA. 2 Generating RSA private key for CA (1024 bit) No interaction needed. 3 Generating X.509 certificate signing request for CA Create the CA's distinguished name here. This requires you to answer a few questions, such as country name or organization name. Enter valid data, because everything you enter here later shows up in the certificate. You do not need to answer every question.
browser issues a warning that the certificate does not match the server when accessing the Web server. 7 Generating X.509 certificate signed by own CA Choose certificate version 3 (the default). 8 Encrypting RSA private key of CA with a pass phrase for security It is strongly recommended to encrypt the private key of the CA with a password, so choose Y and enter a password.
IMPORTANT: Self-Signed Certificates Only use a self-signed certificate on a Web server that is accessed by people who know and trust you as a certificate authority. It is not recommended to use such a certificate on a public shop, for example. Getting an Officially Signed Certificate There are a number of official certificate authorities that sign your certificates. The certificate is signed by a trustworthy third party, so can be fully trusted.
Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80 and port 443 to separate virtual servers. IMPORTANT: Firewall Configuration Do not forget to open the firewall for SSL-enabled Apache on port 443. This can be done with YaST as described in Section “Configuring the Firewall with YaST” (Chapter 14, Masquerading and Firewalls, ↑Security Guide). The SSL module is enabled by default in the global server configuration.
stating that the certificate does not match the server name every time they visit the URL. A separate IP address or port is necessary for every SSL-enabled domain to achieve communication based on a valid SSL certificate. 28.7 Avoiding Security Problems A Web server exposed to the public Internet requires an ongoing administrative effort. It is inevitable that security issues appear, both related to the software and to accidental misconfiguration. Here are some tips for how to deal with them. 28.7.
rectories for your virtual hosts and make sure that directories and files belong to user and group root. 28.7.3 File System Access By default, access to the whole file system is denied in /etc/apache2/httpd .conf. You should never overwrite these directives, but specifically enable access to all directories Apache should be able to read. For details, see Section “Basic Virtual Host Configuration” (page 452).
user is not allowed to overwrite any Option directives when using mod_userdir (see the /etc/apache2/mod_userdir.conf configuration file). 28.8 Troubleshooting If Apache does not start, the Web page is not accessible, or users cannot connect to the Web server, it is important to find the cause of the problem.
httpd.apache.org/userslist.html. A recommended newsgroup is comp .infosystems.www.servers.unix. 28.9 For More Information The package apache2-doc contains the complete Apache manual in various localizations for local installation and reference. It is not installed by default—the quickest way to install it is to use the command zypper in apache2-doc. Once installed, the Apache manual is available at http://localhost/manual/. You may also access it on the Web at http://httpd.apache.org/docs-2.2/.
mod_php5 http://www.php.net/manual/en/install.unix.apache2.php mod_python http://www.modpython.org/ mod_tidy http://mod-tidy.sourceforge.net/ 28.9.3 Development More information about developing Apache modules or about getting involved in the Apache Web server project are available at the following locations: Apache Developer Information http://httpd.apache.org/dev/ Apache Developer Documentation http://httpd.apache.org/docs/2.2/developer/ Writing Apache Modules with Perl and C http://www.modperl.com/ 28.
Setting up an FTP server with YaST 29 Using the YaST FTP Server module, you can configure your machine to function as an FTP (File Transfer Protocol) server. Anonymous and/or authenticated users can connect to your machine and download files using the FTP protocol. Depending on the configuration, they can also upload files to the FTP server. YaST provides a unified configuration interface for various FTP server daemons installed on your system.
1 Open YaST Control Center and choose Network Services > FTP Server or run the yast2 ftp-server command as root. 2 If there is not any FTP server installed in your system, you will be asked which server to install when the YaST FTP Server module starts. Choose a server (vsftpd is the standard server for openSUSE) and confirm the dialog. 3 In the Start-Up dialog, configure the options for starting of the FTP server. For more information, see Section 29.1, “Starting the FTP server” (page 486).
Settings and Restart FTP Now. Your configurations will be saved by leaving the configuration module with Finish. The Selected Service frame of the FTP Start-Up dialog shows which FTP server is used: either vsftpd or pure-ftpd. If both servers are installed, you can switch between them—the current configuration will automatically be converted. The pure-ftpd package is not included in the standard openSUSE media so you have to install it from a different installation source if you want to use it. Figure 29.
You can limit permissions of files created by anonymous and/or authenticated users with umask. Set the file creation mask for anonymous users in Umask for Anonymous and the file creation mask for authenticated users in Umask for Authenticated Users. The masks should be entered as octal numbers with a leading zero. For more information about umask, see the umask man page (man 1p umask). In the FTP Directories frame set the directories used for anonymous and authorized users.
between the following options: granting access to anonymous users only, to authenticated users only (with accounts on the system) or to both types of users. If you want to allow users to upload files to the FTP server, check Enable Upload in the Uploading frame of the Authentication dialog. Here you are able to allow uploading or creating directories even for anonymous users by checking the respective box.
Part VI.
Mobile Computing with Linux 30 Mobile computing is mostly associated with laptops, PDAs and cellular phones (and the data exchange between them). Mobile hardware components, such as external hard disks, flash drives, or digital cameras, can be connected to laptops or desktop systems. A number of software components are involved in mobile computing scenarios and some applications are tailor-made for mobile use. 30.1 Laptops The hardware of laptops differs from that of a normal desktop system.
30.1.1 Power Conservation The inclusion of energy-optimized system components during laptop manufacturing contributes to their suitability for use without access to the electrical power grid. Their contribution towards conservation of power is at least as important as that of the operating system. openSUSE® supports various methods that influence the power consumption of a laptop and have varying effects on the operating time under battery power.
30.1.2 Integration in Changing Operating Environments Your system needs to adapt to changing operating environments when used for mobile computing. Many services depend on the environment and the underlying clients must be reconfigured. openSUSE handles this task for you. Figure 30.
E-Mail and Proxies As with printing, the list of the corresponding servers must be current. X (Graphical Environment) If your laptop is temporarily connected to a projector or an external monitor, the different display configurations must be available. openSUSE offers several ways of integrating laptops into existing operating environments: NetworkManager NetworkManager is especially tailored for mobile networking on laptops.
of a certain type of service to all clients in a local network. Applications that support SLP can process the information dispatched by SLP and be configured automatically. SLP can even be used for the installation of a system, sparing the effort of searching for a suitable installation source. Find detailed information about SLP in Chapter 22, SLP Services in the Network (page 369). 30.1.
ronment. Find more information about this program in its integrated help function or in the SUSE help pages. In the GNOME desktop, use GNOME Power Management and System Monitor applications. Synchronizing Data When switching between working on a mobile machine disconnected from the network and working at a networked workstation in an office, it is necessary to keep processed data synchronized across all instances.
WLAN With the largest range of these wireless technologies, WLAN is the only one suitable for the operation of large and sometimes even spatially disjointed networks. Single machines can connect with each other to form an independent wireless network or access the Internet. Devices called access points act as base stations for WLANenabled devices and act as intermediaries for access to the Internet.
Strong Authentication Use biometric authentication in addition to standard authentication via login and password. openSUSE supports fingerprint authentication. For more details, see Chapter 7, Using the Fingerprint Reader (↑Security Guide). Securing Data on the System Important data should not only be encrypted during transmission, but also on the hard disk. This ensures its safety in case of theft.
External Hard Disks (USB and FireWire) As soon as an external hard disk is correctly recognized by the system, its icon appears in the file manager. Clicking the icon displays the contents of the drive. It is possible to create folders and files here and edit or delete them. To rename a hard disk from the name it had been given by the system, select the corresponding menu item from the menu that opens when the icon is right-clicked. This name change is limited to display in the file manager.
A more sophisticated synchronization solution is available with the program opensync (see packages libopensync, msynctool and the respective plug-ins for the different devices). 30.4 For More Information The central point of reference for all questions regarding mobile devices and Linux is http://tuxmobil.org/. Various sections of that Web site deal with the hardware and software aspects of laptops, PDAs, cellular phones and other mobile hardware. A similar approach to that of http://tuxmobil.
31 Power Management Power management is especially important on laptop computers, but is also useful on other systems. ACPI (Advanced Configuration and Power Interface) is available on all modern computers (laptops, desktops, and servers). Power management technologies require suitable hardware and BIOS routines. Most laptops and many modern desktops and servers meet these requirements. It is also possible to control CPU frequency scaling to save power or decrease noise. 31.
Hibernation (suspend to disk) In this operating mode, the entire system state is written to the hard disk and the system is powered off. There must be a swap partition at least as big as the RAM to write all the active data. Reactivation from this state takes about 30 to 90 seconds. The state prior to the suspend is restored. Some manufacturers offer useful hybrid variants of this mode, such as RediSafe in IBM Thinkpads. The corresponding ACPI state is S4.
.msg. See Section 31.2.3, “Troubleshooting” (page 508) for more information about troubleshooting ACPI problems. 31.2.1 Controlling the CPU Performance The CPU can save energy in three ways: • Frequency and Voltage Scaling (page 505) • Throttling the Clock Frequency (T-states) (page 507) • Putting the Processor to Sleep (C-states) (page 507) Depending on the operating mode of the computer, these methods can be combined.
There are two main approaches to performing CPU frequency scaling—by the kernel itself (CPUfreq infrastructure with in-kernel governors) or by a userspace application. The in-kernel governors are policy governors that can change the CPU frequency based on different criteria (a sort of pre-configured power schemes for the CPU). The following governors are available with the CPUfreq subsystem: Performance Governor The CPU frequency is statically set to the highest possible for maximum performance.
Throttling the Clock Frequency (T-states) This technology omits a certain percentage of the clock signal impulses for the CPU. At 25% throttling, every fourth impulse is omitted. At 87.5%, only every eighth impulse reaches the processor. However, the energy savings are a little less than linear. Normally, throttling is only used if frequency scaling is not available or to maximize power savings. This technology must be controlled by a special process, as well.
essary high power consumption (for example, processes that are mainly responsible for waking up a processor from its idle state) and to optimize your system settings to avoid these. It supports both Intel and AMD processors. For detailed information, refer to the powerTOP project page at http://www.lesswatts.org/projects/ powertop/.
WARNING: Problems Booting without ACPI Some newer machines (especially SMP systems and AMD64 systems) need ACPI for configuring the hardware correctly. On these machines, disabling ACPI can cause problems. Sometimes, the machine is confused by hardware that is attached over USB or FireWire. If a machine refuses to boot, unplug all unneeded hardware and try again.
31.3 Rest for the Hard Disk In Linux, the hard disk can be put to sleep entirely if it is not needed or it can be run in a more economic or quieter mode. On modern laptops, you do not need to switch off the hard disks manually, because they automatically enter an economic operating mode whenever they are not needed. However, if you want to maximize power savings, test some of the following methods, using the hdparm command. It can be used to modify various hard disk settings.
/proc/sys/vm/dirty_background_ratio Maximum percentage of dirty pages until pdflush begins to write them. Default is 5%. /proc/sys/vm/dirty_ratio When the dirty page exceeds this percentage of the total memory, processes are forced to write dirty buffers during their time slice instead of continuing to write. WARNING: Impairment of the Data Integrity Changes to the pdflush daemon settings endanger the data integrity.
31.4.1 ACPI Activated with Hardware Support but Functions Do Not Work If you experience problems with ACPI, search the output of dmesg for ACPI-specific messages by using the command dmesg|grep -i acpi. A BIOS update may be required to resolve the problem. Go to the home page of your laptop manufacturer, look for an updated BIOS version, and install it. Ask the manufacturer to comply with the latest ACPI specification.
31.4.2 CPU Frequency Does Not Work Refer to the kernel sources to see if your processor is supported. You may need a special kernel module or module option to activate CPU frequency control. If the kernel-source package is installed, this information is available in /usr/src/ linux/Documentation/cpu-freq/*. 31.4.3 Suspend and Standby Do Not Work ACPI systems may have problems with suspend and standby due to a faulty DSDT implementation (BIOS). If this is the case, update the BIOS.
• http://wiki.opensuse.org/SDB:Suspend_to_RAM—How to get Suspend to RAM working • http://old-en.opensuse.
32 Wireless LAN Wireless LANs, or Wireless Local Area Network (WLANs), have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. This chapter describes how to set up a WLAN card with YaST, encrypt transmissions, and use tips and tricks. Alternatively, you can configure and manage WLAN access with NetworkManager. For details, refer to Chapter 5, Using NetworkManager (↑Start-Up). 32.1 WLAN Standards WLAN cards communicate using the 802.
Name Band (GHz) Maximum Transmission Rate (Mbit/s) Note 802.11b 2.4 11 Less common 802.11g 2.4 54 Widespread, backwardscompatible with 11b 802.11n 2.4 and/or 5 300 Common 802.11 Legacy cards are not supported by openSUSE®. Most cards using 802.11a, 802.11b, 802.11g and 802.11n are supported. New cards usually comply with the 802.11n standard, but cards using 802.11g are still available. 32.
Master Mode In master mode your network card is used as the access point. It works only if your WLAN card supports this mode. Find out the details of your WLAN card on http://linux-wless.passys.nl. 32.3 Authentication Because a wireless network is much easier to intercept and compromise than a wired network, the various standards include authentication and encryption methods. In the original version of the IEEE 802.11 standard, these are described under the term WEP (Wired Equivalent Privacy).
WPA-PSK (or WPA-Personal, according to IEEE 802.1x) WPA-PSK (PSK stands for preshared key) works similarly to the Shared Key procedure. All participating stations as well as the access point need the same key. The key is 256 bits in length and is usually entered as a passphrase. This system does not need a complex key management like WPA-EAP and is more suitable for private use. Therefore, WPA-PSK is sometimes referred to as WPA “Home”. WPA-EAP (or WPA-Enterprise, according to IEEE 802.
However, this standard has some weaknesses. Attacks against the keys generated by this system may be successful. Nevertheless, it is better to use WEP than to not encrypt the network at all. Some vendors have implemented the non-standard “Dynamic WEP”. It works exactly as WEP and shares the same weaknesses, except that the key is periodically changed by a key management service. TKIP (defined in WPA/IEEE 802.
IP Address Use either a static IP address or let a DHCP server dynamically assign an IP address to the interface. Operating Mode Defines how to integrate your machine into a WLAN, depending on the network topology. For background information, refer to Section 32.2, “Operating Modes” (page 516). Network Name (ESSID) Unique string identifying a network.
Otherwise confirm your changes with OK to write the network configuration. 32.5.2 Configuration for Access Points In this section, learn how to configure your WLAN card to connect to an (external) access point or how to use your WLAN card as access point (if supported by your WLAN card) . For configuration of networks without an access point, refer to Section 32.5.3, “Establishing an Ad-Hoc Network” (page 525). Procedure 32.
7 To connect to a certain network, enter the Network Name (ESSID). Alternatively, click Scan Network and select a network from the list of available wireless networks. All stations in a wireless network need the same ESSID for communicating with each other. If no ESSID is specified, your WLAN card automatically associates with the access point that has the best signal strength. NOTE: WPA Authentication Requires an ESSID If you select WPA authentication, a network name (ESSID) must be set.
Figure 32.1 YaST: Configuring the Wireless Network Card Procedure 32.2 Entering the Encryption Details The following authentication methods require an encryption key: WEP - Open, WEP - Shared Key, and WPA-PSK. For WEP, usually only key is needed—however, up to 4 different WEP keys can be defined for your station. One of them needs to be set as the default key and is used for encryption. The others are used for decryption.
1 To enter the key for WEP - Open or WEP - Shared Key: 1a Set the Key Input Type either to Passphrase, ASCII or Hexadecimal. 1b Enter the respective Encryption Key (usually only one key is used): If you have selected Passphrase, enter a word or a character string from which a key is generated according to the specified key length (per default, 128-bit) . ASCII requests an input of 5 characters for a 64-bit key and 13 characters for a 128-bit key.
3a Select the EAP Mode the RADIUS server uses for authentication. The details you need to enter in the following depend on the selected EAP Mode. 3b For TLS, provide Identity, Client Certificate, Client Key, and Client Key Password. To increase security, you can also configure a Server Certificate used to validate the server's authenticity. TTLS and PEAP require Identity and Password, whereas Server Certificate and Anonymous Identity are optional.
• IP Address: 192.168.1.1. Change this address on the second computer to 192.168.1.2, for example. • Subnet Mask: /24 • Hostname: Choose any name you like. 4 Proceed with Next. 5 Set the Operating Mode to Ad-hoc. 6 Choose a Network Name (ESSID). This can be any name, but it has to be used on every computer in the ad-hoc network. 7 Select an Authentication Mode for your network. Which mode is suitable, depends on your WLAN card's driver and the ability of the other devices in the network.
Channel The specification of a channel on which the WLAN station should work. This is only needed in Ad-hoc and Master modes. In Managed mode, the card automatically searches the available channels for access points. Bit Rate Depending on the performance of your network, you may want to set a certain bit rate for the transmission from one point to another. In the default setting Auto, the system tries to use the highest possible data transmission rate.
9 Confirm your changes with OK and click Next and OK to finish the configuration. 32.6 Tips and Tricks for Setting Up a WLAN The following tools and tips can help to monitor and improve speed and stability as well as security aspects of your WLAN. 32.6.1 Utilities The package wireless-tools contains utilities that allow to set wireless LAN specific parameters and get statistics. See http://www.hpl.hp.com/personal/ Jean_Tourrilhes/Linux/Tools.html for more information.
iwspy wlan0 wlan0 Statistics collected: 00:AA:BB:CC:DD:EE : Quality:0 Signal level:0 Noise level:0 Link/Cell/AP : Quality:60/94 Signal level:-50 dBm Noise level:-140 dBm (updated) Typical/Reference : Quality:26/94 Signal level:-60 dBm Noise level:-90 dBm 32.6.3 Security If you want to set up a wireless network, remember that anybody within the transmission range can easily access it if no security measures are implemented. Therefore, be sure to activate an encryption method.
1. Do you know the device name of the WLAN card? Usually it is wlan0. Check with the tool ifconfig. 2. Have you checked your needed firmware? Refer to /usr/share/doc/ packages/wireless-tools/README.firmware for more information. 3. Is the ESSID of your router broadcasted and visible (not hidden)? 32.7.1 Check the Network Status The command iwconfig can give you important information about your wireless connection.
Extra:tsf=0000111122223333 Extra: Last beacon: 179ms ago IE: Unknown: ... 32.7.2 Multiple Network Devices Modern laptops usually have a network card and a WLAN card. If you configured both devices with DHCP (automatic address assignment), you may encounter problems with the name resolution and the default gateway. This is evident from the fact that you can ping the router but cannot surf the Internet. The Support Database features an article on this subject at http://old-en.opensuse.
http://en.opensuse.org/HCL:Network_(Wireless) Lists supported WLAN network cards. http://en.opensuse.org/SDB:Ndiswrapper Offers a work-around for running unsupported WLAN cards with the Microsoft Windows using Ndiswrapper.
33 Using Tablet PCs openSUSE® comes with support for Tablet PCs. In the following, learn how to install and configure your Tablet PC and discover some useful Linux* applications which accept input from digital pens. The following Tablet PCs are supported: • Tablet PCs with serial and USB Wacom tablet (pen based), touch-screen or multitouch devices. • Tablet PCs with FinePoint devices, such as Gateway C210X/M280E/CX2724 or HP Compaq TC1000.
After you have installed the Tablet PC packages and configured your digitizer correctly, input with the pen (also called a stylus) can be used for the following actions and applications: • Logging in to KDM or GDM • Unlocking your screen on the KDE and GNOME desktops • Actions that can also be triggered by other pointing devices (such as mouse or touch pad), for example, moving the cursor on the screen, starting applications, closing, resizing and moving windows, shifting window focus and dragging and dropp
• x11-input-evtouch: the X input module for some Tablet PCs with touch screens • xorg-x11-driver-input: the X input module for input devices, including the module for Wacom devices. If these packages are not installed, manually install the packages you need from command line or select the TabletPC pattern for installation in YaST. 33.2 Configuring Your Tablet Device During installation, your tablet or touch device is configured by default.
If you want to use xvkbd after login, start it from the main menu or with xvkbd from a shell. 33.4 Rotating Your Display Use KRandRTray (KDE) or gnome-display-properties (GNOME) to rotate or resize your display manually on the fly. Both KRandRTray and gnome-display-properties are applets for the RANDR extension of the X server. Start KRandRTray or gnome-display-properties from the main menu, or enter krandrtray or gnome-display-properties to start the applet from a shell.
33.5.1 Using CellWriter With CellWriter, you can write characters into a grid of cells—the writing is instantly recognized on a character basis. After you have finished writing, you can send the input to the currently focused application. Before you can use CellWriter for gesture recognition, the application needs to be trained to recognize your handwriting: You need to train each character of a certain map of keys (untrained characters are not activated and thus cannot be used). Procedure 33.
should receive the input by clicking into the application's window. Then send the input to the application by clicking Enter. Figure 33.2 Gesture Recognition with CellWriter If you click the Keys button in CellWriter, you get a virtual keyboard that can be used instead of the handwriting recognition. To hide CellWriter, close the CellWriter window. The application now appears as icon in your system tray. To show the input window again, click the icon in the system tray. 33.5.
6 To deactivate the gesture recognition mode, click the pencil icon again. 33.6 Taking Notes and Sketching with the Pen To create drawings with the pen, you can use a professional graphics editor like GIMP or try one of the note-taking applications, Xournal or Jarnal. With both Xournal and Jarnal, you can take notes, create drawings or comment PDF files with the pen. As a Java-based application available for several platforms, Jarnal also offers basic collaboration features.
Dasher is another useful application. It was designed for situations where keyboard input is impractical or unavailable. With a bit of training, you can rapidly enter larger amounts of text using only the pen (or other input devices—it can even be driven with an eye tracker). Start Dasher from the main menu or with dasher from a shell. Move your pen in one direction and the application starts to zoom into the letters on the right side.
virtual keyboard still does not show, connect an external keyboard to your slate model and log in using the hardware keyboard. Orientation of the Wacom Graphics Tablets Does Not Change With the xrandr command, you can change the orientation of your display from within a shell. Enter xrandr --help to view the options available.
33.8 For More Information Some of the applications mentioned here do not offer integrated online help, but you can find some useful information about usage and configuration in your installed system in /usr/share/doc/package/packagename or on the Web: • For the Xournal manual, refer to http://xournal.sourceforge.net/ manual.html • The Jarnal documentation is located at http://www.dklevine.com/ general/software/tc1000/jarnal.htm#documentation • Find the xstroke man page at http://davesource.
Copying and Sharing Files 34 If using multiple operating systems (OS) simultaneously, it is often necessary to exchange files among them. Different systems may reside on different partitions on the same machine or on different machines across your network. There are various approaches to file exchange with different basic instructions and possible pitfalls.
on the server, not locally on the client. File servers typically serve a large number of clients simultaneously. 34.1 Scenarios The following list provides a number of possible scenarios involving file transfer: Different OS on the Same Computer Many users have an operating system preinstalled by their vendor and run Linux in a separate partition. Refer to Section 34.4, “Accessing Files on Different OS on the Same Computer” (page 548) for more information.
34.2 Access Methods The following methods and protocols are well-suited to file transfer and sharing. FTP Use FTP (File Transfer Protocol) if you need to exchange files very often and with different users. Set up an FTP server on one system and access it with clients. There are many graphical client applications available for FTP on Windows*, MacOS, and Linux. Depending on how your FTP server is used, enable read and write permissions. See Section 34.5.
CSync CSync is an alternative to Unison. Just like Unison it synchronize files bidirectionally. However, its architecture is modular so it can be extended with plugins. See http://www.csync.org for more details. SMB Samba is a client/server system and an implementation of the SMB protocol. It is usually used in Windows networks, but is supported by several operating systems. Refer to Chapter 27, Samba (page 431) for more information about Samba.
• An established connection. See Section “General Notes on File Sharing and Network Browsing” (Chapter 5, Accessing Network Resources, ↑KDE User Guide). Proceed as follows: Procedure 34.1 GNOME 1 Start Nautilus. 2 Click on File > Connect to Server. 3 Set the Service Type to ssh. 4 Enter the IP address and port of the remote computer (default: 22). 5 Specify the folder you want to open on the remote Computer. 6 Click Connect. Procedure 34.2 KDE 1 Start Dolphin. 2 Click on Network, Add Network.
34.4 Accessing Files on Different OS on the Same Computer New computers generally ship with a preinstalled operating system, usually Windows. If you have installed Linux on a different partition, you might want to exchange files between the different operating systems. Windows can not read Linux partitions by default. If you want to exchange files between these two operating systems, you have to create an “exchange partition”. If you prefer a more direct approach, look at http://www.fs-driver.
Command Line Just list the contents of /windows to see one or more directories containing your Windows drives. The directory /windows/c maps to the Windows drive C:\, for example. NOTE: Changing the Accessibility of Windows Partitions Initially, Windows partitions are mounted read-only for normal users to avoid accidental damage to the file system. To grant normal users full access to a mounted Windows partition, change the mount behavior of this Windows partition.
User tux 34.5.1 Copying Files with SSH The following requirements must be met on both computers that are accessed via SSH: 1. If you use a hostname, make sure each hostname is listed in /etc/hosts on both computers (see Section “/etc/hosts” (page 356).) If you use SSH with IP addresses, you do not need to change anything. 2. If you use a firewall, open the SSH port. To do so, start YaST, and select Security and Users > Firewall.
4 Drag and drop the desired files or directories to your desktop or a local directory. KDE provides another protocol called fish that can be used if sftp is not available. The use of this protocol is similar to sftp. Just replace the sftp protocol prefix of the URL with fish: fish://tux@jupiter.example.com 34.5.2 Transferring Files with rsync rsync is useful for archiving or copying data and can also be used as a daemon to provide directories to the network (see Procedure 34.
rsync Daemon Mode Start the rsyncd daemon on one of your systems to make use of the full functionality of rsync. In this mode, it is possible to create synchronization points (modules) that can be accessed without an account. To use the rsyncd daemon, proceed as follows: Procedure 34.3 Advanced Setup for rsync Synchronization 1 Log in as root and install the rsync package. 2 Configure your synchronization points in /etc/rsyncd.conf.
1. The package unison is installed. 2. Enough disk space is available on your local and remote computer. 3. If you want to benefit from Unison's full potential, make sure that Unison is also installed and running on the remote computer. In case you need help, run Unison with the -doc topics option to get a full list of available sections.
a conflict (both files have been changed and Unison cannot decide which one to overwrite). Figure 34.1 File Synchronization Proposal 5 To modify the proposals Unison shows for each file (for example, if you want to change the direction), select the file and click Right to Left or Left to Right. With Skip, exclude a file from synchronization. The symbol in the Action column changes accordingly. 6 To start the synchronization, click Go.
local <---- jupiter new file dir [f] 3 Press F if you want to follow Unison's recommendation. For other commands, press ?. 4 Proceed with y, if you want to propagate your updates. 34.5.4 Copying Files with FTP Before configuring your FTP server, make sure that the following requirements are met: 1. The package vsftp is installed. 2. You have root access to your FTP server. 3. Enough disk space is available on your computer.
2 Replace the configuration files according to the preferred scenario (refer to the manual page of vsftpd.
PuTTY PuTTY is a suite of different command line tools for working with an SSH daemon. Download it from http://www.chiark.greenend.org.uk/~sgtatham/ putty.html. WinSCP WinSCP is very similar to PuTTY, but includes a graphical user interface. Choose from an Explorer or Norton Commander style. Download it from http://winscp .net. To copy a file from Windows to Linux with PuTTY, proceed as follows (on the Windows machine): 1 Start PSCP. 2 Enter the hostname of your SSH server.
34.7 Sharing Files between Linux Computers The following sections feature various methods for sharing data. Use one of these if you are looking for a permanent solution for data sharing. 34.7.
3b Set the export options to: rw,root_squash,async 3c Repeat these steps, if you need to export more than one directory. 4 Apply your settings and leave YaST. Your NFS server is ready to use. To manually start the NFS server, enter rcnfsserver start as root. To stop the server, enter rcnfsserver stop. By default, YaST takes care of starting this service at boot time. To configure the client, proceed as follows: 1 Prepare the NFS client: 1a Start YaST as root. 1b Select Network Services > NFS Client.
To start the NFS client manually, enter rcnfs start. NOTE: Consistent User Names If your home network is used by just a small number of users, set up identical users manually on all machines. If, however, you need a larger consistent user base across a larger home network, consider using NIS or LDAP to manage user data. For further information, refer to Chapter 3, Using NIS (↑Security Guide) and Chapter 4, LDAP—A Directory Service (↑Security Guide). 34.7.
Accessing Shares from the Command Line If you prefer using the command line, use the smbclient command. To log in to your Samba server, run: smbclient //jupiter/share -U tux Omit the -U option if you are the current user tux. After logging in successfully, use some basic commands like ls (list contents), mkdir (create directory), get (download file), and put (upload file). Use help to display all commands. Refer to the manual page of smbclient for more information. 34.
Procedure 34.4 Setting Up a Samba Server To set up a Samba server, do the following: 1 Prepare the Samba server: 1a Start YaST as root. 1b Install the samba package. 1c Create a directory (for example, /srv/share). 2 Create the server configuration: 2a Select Network Services > Samba Server. 2b Select one of the workgroups or enter a new one (for example, Penguin). 2c Check Primary Domain Controller (PDC) 2d Set During Boot if the Samba service should be started every time your computer boots.
4 Provide a password for all users that are allowed to use this service: smbpasswd -a tux For easier configuration, just hit Enter to leave the password empty. Take into account that the usernames on your Windows and Linux computers are probably different. Configuring a consistent user base for both Windows and Linux is beyond the scope of this document.
34.9 For More Information • http://en.wikipedia.org/wiki/VFAT • http://en.wikipedia.org/wiki/NTFS • http://en.wikipedia.org/wiki/Fstab • http://en.wikipedia.org/wiki/Network_File_System • http://en.wikipedia.org/wiki/File_Transfer_Protocol • http://en.wikipedia.org/wiki/SSH • http://en.wikipedia.org/wiki/Rsync • http://en.wikipedia.
35 Help and Documentation openSUSE® comes with various sources of information and documentation, many of which are already integrated into your installed system. Documentation in /usr/share/doc This traditional help directory holds various documentation files and release notes for your system. It contains also information of installed packages in the subdirectory packages. Find more detailed information in Section 35.1, “Documentation Directory” (page 566).
35.1 Documentation Directory The traditional directory to find documentation on your installed Linux system is /usr/ share/doc. Usually, the directory contains information about the packages installed on your system, plus release notes, manuals, and more. NOTE: Contents Depends on Installed Packages In the Linux world, many manuals and other kinds of documentation are available in the form of packages, just like software.
35.1.3 Package Documentation Under packages, find the documentation that is included in the software packages installed on your system. For every package, a subdirectory /usr/share/doc/ packages/packagename is created. It often contains README files for the package and sometimes examples, configuration files, or additional scripts. The following list introduces typical files to be found under /usr/share/doc/packages. None of these entries are mandatory and many packages might just include a few of them.
NEWS Description of what is new in this version. 35.2 Man Pages Man pages are an essential part of any Linux system. They explain the usage of a command and all available options and parameters. Man pages can be accessed with man followed by the name of the command, for example, man ls. Man pages are displayed directly in the shell. To navigate them, move up and down with Page ↑ and Page ↓. Move between the beginning and the end of a document with Home and End. End this viewing mode by pressing Q.
Number Description 9 Kernel routines (nonstandard) Each man page consists of several parts labeled NAME, SYNOPSIS, DESCRIPTION, SEE ALSO, LICENSING, and AUTHOR. There may be additional sections available depending on the type of command. 35.3 Info Pages Info pages are another important source of information on your system. Usually, they are more detailed than man pages. To view the info page for a certain command, enter info followed by the name of the command, for example, info ls.
An Example Network This example network is used across all network-related chapters of the openSUSE® documentation.
GNU Licenses This appendix contains the GNU General Public License version 2 and the GNU Free Documentation License version 1.2. GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6.
Copyright (C) yyyy name of author This program is modify it under as published by of the License, free software; you can redistribute it and/or the terms of the GNU General Public License the Free Software Foundation; either version 2 or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
This License is a kind of “copyleft”, which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does.
Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects. If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one. The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the “with...Texts.
