openSUSE 12.1 December 19, 2011 www.suse.
Reference Copyright © 2006– 2011 Novell, Inc. and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For Novell trademarks, see the Novell Trademark and Service Mark list http://www.
Contents About This Guide ix Part I Installation and Deployment 1 1 Installation with YaST 3 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 Choosing the Installation Media . . . . . . . . . . . . . . . . . . . Choosing the Installation Method . . . . . . . . . . . . . . . . . . . The Installation Workflow . . . . . . . . . . . . . . . . . . . . . . System Start-Up for Installation . . . . . . . . . . . . . . . . . . . The Boot Screen . . . . . . . . . . . . . . . . . . . . . . . .
3 Advanced Disk Setup 3.1 3.2 3.3 73 Using the YaST Partitioner . . . . . . . . . . . . . . . . . . . . . LVM Configuration . . . . . . . . . . . . . . . . . . . . . . . . Soft RAID Configuration . . . . . . . . . . . . . . . . . . . . . . 73 81 87 Part II System 91 4 32-Bit and 64-Bit Applications in a 64-Bit System Environment 93 4.1 4.2 4.3 4.4 Runtime Support . . . . . . . . . . . Software Development . . . . . . . . Software Compilation on Biarch Platforms Kernel Specifications . . . . . . . .
8.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 147 Part III Services 149 9 Basic Networking 151 9.1 9.2 9.3 9.4 9.5 9.6 9.7 IP Addresses and Routing . . . . . . . . . IPv6—The Next Generation Internet . . . . Name Resolution . . . . . . . . . . . . Configuring a Network Connection with YaST NetworkManager . . . . . . . . . . . . Configuring a Network Connection Manually . smpppd as Dial-up Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 3 Time Synchronization with NTP 13.1 13.2 13.3 13.4 251 Configuring an NTP Client with YaST . . Manually Configuring ntp in the Network Dynamic Time Synchronization at Runtime Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4 Sharing File Systems with NFS 14.1 14.2 14.3 14.4 14.5 Terminology . . . . . Installing NFS Server . Configuring NFS Server Configuring Clients . .
Part IV Mobility 337 1 8 Mobile Computing with Linux 339 18.1 18.2 18.3 18.4 Laptops . . . . . . . . Mobile Hardware . . . . Cellular Phones and PDAs . For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 9 Power Management 19.1 19.2 19.3 19.4 19.5 349 Power Saving Functions . . . . . . . . . . . . . Advanced Configuration and Power Interface (ACPI) .
22.3 22.4 22.5 22.6 22.7 22.8 Using the Virtual Keyboard Rotating Your Display . . . Using Gesture Recognition Taking Notes and Sketching Troubleshooting . . . . . For More Information . . . . . . . . . . . . . . with the . . . . . . . . . . . . . . Pen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3 Copying and Sharing Files 23.1 23.2 23.3 23.4 23.5 23.6 23.
About This Guide This manual gives you a general understanding of openSUSE®. It is intended mainly for system administrators and home users with basic system administration knowledge. Check out the various parts of this manual for a selection of applications needed in everyday life and in-depth descriptions of advanced installation and configuration scenarios. Advanced Deployment Scenarios Learn how to deploy openSUSE from a remote location and become acquainted with complex disk setup scenarios.
1 Available Documentation We provide HTML and PDF versions of our books in different languages. The following manuals for users and administrators are available on this product: Start-Up (↑Start-Up) Guides you step-by-step through the installation of openSUSE from DVD, or from an ISO image, gives short introductions to the GNOME and KDE desktops including some key applications running on it.
Find HTML versions of most product manuals in your installed system under /usr/ share/doc/manual or in the help centers of your desktop. Find the latest documentation updates at http://www.novell.com/documentation where you can download PDF or HTML versions of the manuals for your product. 2 Feedback Several feedback channels are available: Bugs and Enhancement Requests To report bugs for a product component, or to submit enhancement requests, please use https://bugzilla.novell.com/.
• user: users or groups • Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as on a keyboard • File, File > Save As: menu items, buttons • Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a chapter in another manual. 4 About the Making of This Manual This book is written in Novdoc, a subset of DocBook (see http://www.docbook .org).
Part I.
1 Installation with YaST Install your openSUSE® system with YaST, the central tool for installation and configuration of your system. YaST guides you through the installation process and the basic configuration of your system. During the installation and configuration process, YaST analyzes both your current system settings and your hardware components and proposes installation settings based on this analysis.
however, make the contents of the DVD available on an installation server and make them available all across your network. DVD-download One DVD5, available via download for 32bit or 64bit systems. Choose this installation option if you want a fully-fledged openSUSE system. Beyond the downloading of the DVD ISO, there is no network connection required to make use of this installation option. Once the medium has been fully downloaded and the physical medium created, you can go ahead with the installation.
To install from a HTTP, FTP, NFS, or SMB server, follow the instructions in Section 1.2.2, “Installing from a Network Source without SLP” (page 7). IMPORTANT: Add-On CDs—Installing Additional Software Although add-on CDs (extensions or third-party products) cannot be used as stand-alone installation media, they can be embedded as additional software sources during the installation. Currently CDs with additional languages and non open source software are available as add-on CDs for openSUSE.
Installing with openSUSE 12.1 Installer from Windows Choose this installation option if you prefer a smooth transition from using Windows to using Linux. openSUSE 12.1 Installer allows you to boot into the openSUSE installation right from a running Windows by modifying the Windows boot loader. This installation option is only available from the DVD media. Refer to Section 1.2.3, “Installing with the openSUSE 12.1 Installer from Windows” (page 8) for details.
TIP: Booting from DVD on UEFI machines ►amd64 em64t: DVD1 can be used as a boot medium for machines equipped with UEFI (Unified Extensible Firmware Interface). Refer to your vendor's documentation for specific information. If booting fails, try to enable CSM (Compatibility Support Module) in your firmware. ◄ 1.2.1 Installing from a Network Server Using SLP If your network setup supports OpenSLP and your network installation source has been configured to announce itself via SLP (described in Section 2.
1.2.3 Installing with the openSUSE 12.1 Installer from Windows openSUSE 12.1 Installer is a Microsoft Windows application that prepares your computer to directly boot into the openSUSE installation without having to adjust BIOS settings. It is only available on DVD media. To use the installer, insert the openSUSE media under Windows. The openSUSE 12.1 Installer setup automatically starts (if not, run openSUSE11_2_LOCAL.exe from the DVD).
to do a fully automatic or a manual configuration. In this stage, network and Internet access, as well as hardware components such as printers, are set up. 1.4 System Start-Up for Installation You can install openSUSE from local installation sources, such as the openSUSE CDs or DVD, or from network source of an FTP, HTTP, NFS, or SMB server. Any of these approaches requires physical access to the system to install as well as user interaction during the installation.
Firmware Test Starts a BIOS checker that validates ACPI and other parts of your BIOS. This option is not available on the LiveCDs. Memory Test Tests your system RAM using repeated read and write cycles. Terminate the test by rebooting. For more information, see Section “Fails to Boot” (Appendix A, Help and Troubleshooting, ↑Start-Up). This option is not available on the LiveCDs. Figure 1.
F3Video Mode Select various graphical display modes for the installation. Select Text Mode if the graphical installation causes problems. F4Source Normally, the installation is performed from the inserted installation medium. Here, select other sources, like FTP or NFS servers. If the installation is deployed on a network with an SLP server, select an installation source available on the server with this option. Find information about SLP in Chapter 10, SLP Services in the Network (page 211).
bootprompt: ipv6=1 (accept IPv4 and IPv6) or ipv6only=1 (accept IPv6 only). After starting the installation, openSUSE loads and configures a minimal Linux system to run the installation procedure. To view the boot messages and copyright notices during this process, press Esc. On completion of this process, the YaST installation program starts and displays the graphical installer.
Figure 1.2 Welcome 1.7 Installation Mode After a system analysis (where YaST probes for storage devices and tries to find other installed systems on your machine) the available installation modes are displayed. This step is skipped when installing from a LiveCD, since this medium only supports a new installation with automatic configuration. New installation Select this option to start a new installation from scratch. Update Select this option to update an existing installation to a newer version.
Figure 1.3 Installation Mode By default, the automatic configuration is used when performing a new installation. In this mode the system automatically configures your hardware and the network, so the installation is performed with minimal user interaction. If necessary, you can change every configuration that is set up later in the installed system using YaST. Uncheck Use Automatic Configuration if you prefer a manual configuration during the installation.
the Network Setup and proceed as described in Section 1.7.1.1, “Network Setup” (page 15). If the add-on product is available locally, select No, Skip the Network Setup. Click Next and specify the product source. Source types available are CD, DVD, Hard Disk, USB Mass Storage, a Local Directory or a Local ISO Image (if no network was configured). If the add-on product is available on removable media, the system automatically mounts the media and reads its contents.
1.8 Clock and Time Zone In this dialog, select your region and time zone. Both are preselected according to the selected installation language. To change the preselected values, either use the map or the drop down lists for Region and Time Zone. When using the map, point the cursor at the rough direction of your region and left-click to zoom. Now choose your country or region by left-clicking. Right-click to return to the world map. Figure 1.
1.9 Desktop Selection In openSUSE, you can choose from various desktops. The major ones, KDE and GNOME, are powerful graphical desktop environments similar to Windows. This step is skipped when installing from a LiveCD, since this medium is already preconfigured to either use KDE or GNOME. If you prefer a different desktop, choose Other for more options. The XFCE Desktop and the LXDE Desktop are fast and lightweight desktop environments suitable for modest hardware.
FAT or NTFS partitions is selected as the installation target, YaST proposes to shrink one of these partitions. Accept the proposal with Next and proceed with the installation. Experienced users can also customize the proposal or apply their own partitioning scheme. The proposed partitioning is Partition Based by default. If you prefer an LVM Based setup, check the respective option to automatically convert the proposal. Refer to Section 3.
to utilize. To add a separate partition for you personal data check Propose a Separate Home Partition. Instead of the default partition-based proposal, it is possible to Create an LVM Based Proposal. Choose two times Next to proceed to the next step. 1.10.1.1 Resizing a Windows Partition If the selected hard disk only contains a Windows FAT or NTFS partition, YaST offers to delete or shrink this partition.
Figure 1.7 Resizing the Windows Partition If you leave this dialog by selecting Next, the settings are stored and you are returned to the previous dialog. The actual resizing takes place later, before the hard disk is formatted. IMPORTANT: Writing on NTFS Partitions By default, the Windows uses the NTFS file system. openSUSE includes read and write access to the NTFS file system, but this feature has a few limitations. This means that you cannot read or write encrypted or compressed files.
1.11 Create New User Create a local user in this step. Administrating local users is a suitable option for standalone workstations. If setting up a client on a network with centralized user authentication, click Change and proceed with the Section 1.11.1, “Expert Settings” (page 23). After entering the first name and last name, either accept the proposal or specify a new Username that will be used to log in. Finally, enter a password for the user.
Figure 1.8 Create New User Three additional options are available: Use this Password for the System Administrator If checked, the same password you have entered for the user will be used for the system administrator root. This option is suitable for stand-alone workstations or machines in a home network that are administrated by a single user. When not checked, you are prompted for a system administrator password in the next step of the installation workflow (see Section 1.11.
Automatic Login This option automatically logs the current user in to the system when it starts. This is mainly useful if the computer is operated by only one user. WARNING: Automatic Login With the automatic login enabled, the system boots straight into your desktop with no authentication at all. If you store sensitive data on your system, you should not enable this option as long as the computer can also be accessed by others. 1.11.
Windows Domain SMB authentication is often used in mixed Linux and Windows networks. and Section “Configuring a Linux Client for Active Directory” (Chapter 5, Active Directory Support, ↑Security Guide). Along with user administration via LDAP and NIS, you can use Kerberos authentication. To use it, select Set Up Kerberos Authentication. For more information on Kerberos, refer to Chapter 6, Network Authentication with Kerberos (↑Security Guide). 1.11.
1.12 Installation Settings On the last step before the real installation takes place, you can alter installation settings suggested by YaST and also review the settings you made so far. To modify the suggestions, either click Change and select the category to change or click on one of the headlines. After configuring any of the items presented in these dialogs, you are always returned to the Installation Settings window, which is updated accordingly. Figure 1.
1.12.2 Booting YaST proposes a boot configuration for your system. Other operating systems found on your computer, such as Microsoft Windows or other Linux installations, will automatically be detected and added to the boot loader. However, openSUSE will be booted by default. Normally, you can leave these settings unchanged. If you need a custom setup, modify the proposal for your system. For information, see Section 6.2, “Configuring the Boot Loader with YaST” (page 110).
Figure 1.10 Software Selection and System Tasks 1.12.4 Locale Settings Here you can change the system Language and Keyboard Layout you defined in the first step of the installation. It is also possible to add additional languages. To adjust the system language settings, select Language. Select a language from the list. The primary language is used as the system language. You can also adapt keyboard layout and time zone to the primary language if the current settings differ.
1.12.5 Time Zone Adjust time zone and clock settings here. Provided a network is configured, you can also set up a Network Time Protocol (NTP) client that automatically synchronizes your computer with a time server. This is the same configuration as shown earlier in Section 1.8, “Clock and Time Zone” (page 16). 1.12.6 User Settings Change the current User settings and change or set the Root Password here. This is the same configuration as shown earlier in Section 1.11, “Create New User” (page 21). 1.12.
1.12.10 Firewall By default SuSEFirewall2 is enabled on all configured network interfaces. To globally disable the firewall for this computer, click on Disable. If the firewall is enabled, you may Open the SSH port in order to allow remote connections via secure shell. 1.13 Performing the Installation After configuring all installation settings, click Install in the Installation Settings window to start the installation. Some software may require a license confirmation.
TIP: Existing SSH Host Keys If you install openSUSE on a machine with existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation. 1.14 Configuration of the Installed System The system is now installed, but not yet configured for use. The hardware, the network and other services are not yet set up. If you follow the default installation path, the system will be automatically configured.
In many networks, the system receives its name over DHCP. In this case it is not necessary to modify the proposed hostname and domain name. Select Change Hostname via DHCP instead. To be able to access your system using this hostname, even when it is not connected to the network, select Assign Hostname to Loopback IP. Do n ot enable this option when your machine provides network services. If you often change networks without restarting the desktop environment (e.g.
enabled, you may Open the SSH port in order to allow remote connections via secure shell. To open the detailed firewall configuration dialog, click on Firewall. See Section “Configuring the Firewall with YaST” (Chapter 13, Masquerading and Firewalls, ↑Security Guide) for detailed information. Network Interfaces All network cards detected by YaST are listed here. If you have already set up a network connection during the installation (as described in Section 1.7.1.
If you have multiple network interfaces, verify that the desired card is used to connect to the Internet. If not, click Change Device. To start the test, select Yes, Test Connection to the Internet and click Next. In the following dialog, view the progress of the test and the results. Detailed information about the test process is available via View Logs. If the test fails, click Back to return to the network configuration to correct your entries. Proceed with Next.
1.14.2.4 New Local User If no local user was created in step one, you can create one in this dialog. To create more users, manage groups, modify defaults for new users and set up network authentication, launch User Management. Refer to Chapter 10, Managing Users with YaST (↑Start-Up) for more information about user management. To skip this step, click Next without entering any data. 1.14.2.5 Release Notes After completing the user authentication setup, YaST displays the release notes.
AutoYaST is a system for installing one or more openSUSE systems automatically without user intervention. AutoYaST installations are performed using a control file with installation and configuration data. Finish the installation of openSUSE with Finish in the final dialog. 1.15 Graphical Login openSUSE is now fully installed and configured.
2 Remote Installation openSUSE® can be installed in different ways. As well as the usual media installation covered in Chapter 1, Installation with YaST (page 3), you can choose from various network-based approaches or even take a completely hands-off approach to the installation of openSUSE. Each method is introduced by means of two short check lists: one listing the prerequisites for this method and the other illustrating the basic procedure.
2.1.1 Simple Remote Installation via VNC—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation. The installation itself is entirely controlled by a remote workstation using VNC to connect to the installation program. User interaction is required as with the manual installation in Chapter 1, Installation with YaST (page 3).
dressed by any VNC viewer application or browser. VNC installations announce themselves over OpenSLP and if the firewall settings permit, they can be found using Konqueror in service:/ or slp:/ mode. 4 On the controlling workstation, open a VNC viewing application or Web browser and connect to the target system as described in Section 2.5.1, “VNC Installation” (page 69). 5 Perform the installation as described in Chapter 1, Installation with YaST (page 3).
1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit. For more information about the openSUSE media kit, see Section 1.1, “Choosing the Installation Media” (page 3).
• TFTP server. • Running DHCP server for your network. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera). To perform this type of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46).
2.1.4 Simple Remote Installation via SSH—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation and to determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using SSH to connect to the installer. User interaction is required as with the regular installation described in Chapter 1, Installation with YaST (page 3).
and SSH enablement. This is described in detail in Section 2.4.2, “Using Custom Boot Options” (page 66). The target system boots to a text-based environment, giving the network address under which the graphical installation environment can be addressed by any SSH client. 4 On the controlling workstation, open a terminal window and connect to the target system as described in Section 2.5.2.2, “Connecting to the Installation Program” (page 71).
1 Set up the repository source as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit. For more information about the openSUSE media kit, see Section 1.1, “Choosing the Installation Media” (page 3).
• Running DHCP server for your network, providing a static IP to the host to install. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and SSH client software. To perform this type of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server.
2.2 Setting Up the Server Holding the Installation Sources Depending on the operating system running on the machine to use as the network installation source for openSUSE, there are several options for the server configuration. The easiest way to set up an installation server is to use YaST on openSUSE 11.1 and higher. TIP You can even use a Microsoft Windows machine as the installation server for your Linux deployment. See Section 2.2.5, “Managing an SMB Repository” (page 53) for details. 2.2.
Define an alias for the root directory of the FTP or HTTP server on which the installation data should be found. The repository will later be located under ftp://Server-IP/Alias/Name (FTP) or under http://Server-IP/Alias/Name (HTTP). Name stands for the name of the repository, which is defined in the following step. If you selected NFS in the previous step, define wild cards and export options. The NFS server will be accessible under nfs://Server-IP/Name.
Your installation server is now fully configured and ready for service. It is automatically started every time the system is started. No further intervention is required. You only need to configure and start this service correctly by hand if you have deactivated the automatic configuration of the selected network service with YaST as an initial step. To deactivate a repository, select the repository to remove then select Delete. The installation data are removed from the system.
cp -a /media/path_to_your_DVD_drive . Replace path_to_your_DVD_drive with the actual path under which your DVD drive is addressed. Depending on the type of drive used in your system, this can be cdrom, cdrecorder, dvd, or dvdrecorder. 3b Rename the directory to the DVD number: mv path_to_your_DVD_drive DVDx Replace x with the actual number of your DVD. On openSUSE, you can export the repository with NFS using YaST. Proceed as follows: 1 Log in as root. 2 Start YaST > Network Services > NFS Server.
This exports the directory /productversion to any host that is part of this network or to any host that can connect to this server. To limit the access to this server, use netmasks or domain names instead of the general wild card *. Refer to the export man page for details. Save and exit this configuration file. 3 To add the NFS service to the list of servers started during system boot, execute the following commands: insserv /etc/init.d/nfsserver 4 Start the NFS server with rcnfsserver start.
1 Create a directory holding the installation sources as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48). 2 Configure the FTP server to distribute the contents of your installation directory: 2a Log in as root and install the package vsftpd using the YaST software management. 2b Enter the FTP server root directory: cd /srv/ftp 2c Create a subdirectory holding the installation sources in the FTP root directory: mkdir repository Replace repository with the product name.
TIP: Configuring an FTP Server with YaST If you prefer using YaST over manually configuring the FTP installation server, refer to Chapter 17, Setting up an FTP server with YaST (page 331) for more information on how to use the YaST FTP server module. 2.2.4 Setting Up an HTTP Repository Manually Creating an HTTP repository is very similar to creating an NFS repository. An HTTP repository can be announced over the network using OpenSLP as well.
2e Reload the HTTP server configuration using rcapache2 reload. 3 Announce the repository via OpenSLP, if this is supported by your network setup: 3a Create the /etc/slp.reg.d/install.suse.http.reg configuration file with the following lines: # Register the HTTP Installation Server service:install.suse:http://$HOSTNAME/repository/DVD1/,en,65535 description=HTTP Repository Replace repository with the actual path to the repository on your server. The service: line should be entered as one continuous line.
1 Boot the installation target. 2 Select Installation. 3 Press F4 for a selection of the repository. 4 Choose SMB and enter the Windows machine's name or IP address, the share name (INSTALL/product/DVD1, in this example), username, and password. After you hit Enter, YaST starts and you can perform the installation. 2.2.
the product name, and mediumx with the type (CD or DVD) and number of media you are using. 6 Repeat the previous step to mount all ISO images needed for your product. 7 Start your installation server as usual, as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48), Section 2.2.3, “Setting Up an FTP Repository Manually” (page 50), or Section 2.2.4, “Setting Up an HTTP Repository Manually” (page 52).
1 Log in as root to the machine hosting the DHCP server. 2 Install the yast2-dhcp-server package. 3 Start YaST > Network Services > DHCP Server. 4 Complete the setup wizard for basic DHCP server setup. 5 Select Expert Settings and select Yes when warned about leaving the start-up dialog. 6 In the Configured Declarations dialog, select the subnet in which the new system should be located and click Edit. 7 In the Subnet Configuration dialog select Add to add a new option to the subnet's configuration.
subnet 192.168.1.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.1.200 192.168.1.228; # PXE related stuff # # "next-server" defines the tftp server that will be used next-server ip_tftp_server: # # "filename" specifies the pxelinux image on the tftp server # the server runs in chroot under /srv/tftpboot filename "pxelinux.0"; } Replace ip_of_the_tftp_server with the actual IP address of the TFTP server. For more information about the options available in dhcpd.conf, refer to the dhcpd.
2.3.2 Setting Up a TFTP Server Set up a TFTP server with YaST or set it up manually on any other Linux operating system that supports xinetd and TFTP. The TFTP server delivers the boot image to the target system once it boots and sends a request for it. 2.3.2.1 Setting Up a TFTP Server Using YaST 1 Log in as root. 2 Install the yast2-tftp-server package. 3 Start YaST > Network Services > TFTP Server and install the requested package.
4 Modify the configuration of xinetd located under /etc/xinetd.d to make sure that the TFTP server is started on boot: 4a If it does not exist, create a file called tftp under this directory with touch tftp. Then run chmod 755 tftp. 4b Open the file tftp and add the following lines: service tftp { socket_type protocol wait user server server_args disable } = = = = = = = dgram udp yes root /usr/sbin/in.tftpd -s /srv/tftpboot no 4c Save the file and restart xinetd with rcxinetd restart. 2.3.
4 Change to the directory of your installation repository and copy the isolinux .cfg file to /srv/tftpboot/pxelinux.cfg/default by entering the following: cp -a boot//loader/isolinux.cfg /srv/tftpboot/pxelinux.cfg/default 5 Edit the /srv/tftpboot/pxelinux.cfg/default file and remove the lines beginning with gfxboot, readinfo, and framebuffer.
TIP: Changing Kernel and initrd Filenames It is possible to use different filenames for Kernel and initrd images. This is useful if you want to provide different operating systems from the same boot server. However, you should be aware that only one dot is permitted in the filenames that are provided by TFTP for the PXE boot. An example /srv/tftpboot/pxelinux.cfg/default file follows.
Replace ip_instserver and path_to_repository with the values used in your setup. The following section serves as a short reference to the PXELINUX options used in this setup. Find more information about the options available in the documentation of the syslinux package located under /usr/share/doc/packages/ syslinux/. 2.3.4 PXELINUX Configuration Options The options listed here are a subset of all the options available for the PXELINUX configuration file. DEFAULT kernel options...
PXELINUX uses the following syntax: label mylabel kernel mykernel append myoptions Labels are mangled as if they were filenames and they must be unique after mangling. For example, the two labels “v2.6.30” and “v2.6.31” would not be distinguishable under PXELINUX because both mangle to the same DOS filename. The Kernel does not have to be a Linux Kernel; it can be a boot sector or a COMBOOT file. APPEND Append nothing.
PROMPT flag_val If flag_val is 0, displays the boot prompt only if Shift or Alt is pressed or Caps Lock or Scroll Lock is set (this is the default). If flag_val is 1, always displays the boot prompt. F2 filename F1 filename ..etc... F9 filename F10 filename Displays the indicated file on the screen when a function key is pressed at the boot prompt. This can be used to implement preboot online help (presumably for the Kernel command line options).
2.3.7 Wake on LAN Wake on LAN allows a machine to be turned on by a special network packet containing the machine's MAC address. Because every machine in the world has a unique MAC identifier, you do not need to worry about accidentally turning on the wrong machine.
2.4.2 Using Custom Boot Options Using the appropriate set of boot options helps facilitate your installation procedure. Many parameters can also be configured later using the linuxrc routines, but using the boot options is easier. In some automated setups, the boot options can be provided with initrd or an info file. The following table lists all installation scenarios mentioned in this chapter with the required parameters for booting and the corresponding boot options.
Installation Scenario Parameters Needed for Boot Options Booting Section 2.1.2, “Simple Remote Installation via VNC—Dynamic Network Configuration” (page 39) • Location of the instal- • install=(nfs,http, lation server ftp,smb)://path_to • VNC enablement _instmedia • VNC password • vnc=1 • vncpassword=some _password Section 2.1.
Installation Scenario Parameters Needed for Boot Options Booting Section 2.1.5, “Simple Remote Installation via SSH—Dynamic Network Configuration” (page 43) • Location of the instal- • install=(nfs,http, lation server ftp,smb)://path_to • SSH enablement _instmedia • SSH password • usessh=1 • sshpassword=some _password Section 2.1.
2.5.1 VNC Installation Using any VNC viewer software, you can remotely control the installation of openSUSE from virtually any operating system. This section introduces the setup using a VNC viewer application or a Web browser. 2.5.1.1 Preparing for VNC Installation All you need to do on the installation target to prepare for a VNC installation is to provide the appropriate boot options at the initial boot for installation (see Section 2.4.2, “Using Custom Boot Options” (page 66)).
On a Linux machine, make sure that the package tightvnc is installed. On a Windows machine, install the Windows port of this application, which can be obtained at the TightVNC home page (http://www.tightvnc.com/download.html). To connect to the installation program running on the target machine, proceed as follows: 1 Start the VNC viewer.
2.5.2.1 Preparing for SSH Installation Apart from installing the appropriate software package (OpenSSH for Linux and PuTTY for Windows), you just need to pass the appropriate boot options to enable SSH for installation. See Section 2.4.2, “Using Custom Boot Options” (page 66) for details. OpenSSH is installed by default on any SUSE Linux–based operating system. 2.5.2.2 Connecting to the Installation Program 1 Retrieve the installation target's IP address.
3 Advanced Disk Setup Sophisticated system configurations require specific disk setups. All common partitioning tasks can be done with YaST. To get persistent device naming with block devices, use the block devices below /dev/disk/by-id or /dev/disk/by-uuid. Logical Volume Management (LVM) is a disk partitioning scheme that is designed to be much more flexible than the physical partitioning used in standard setups. Its snapshot functionality enables easy creation of data backups.
Figure 3.1 The YaST Partitioner All existing or suggested partitions on all connected hard disks are displayed in the list of Available Storage in the YaST Expert Partitioner dialog. Entire hard disks are listed as devices without numbers, such as /dev/sda. Partitions are listed as parts of these devices, such as /dev/sda1. The size, type, encryption status, file system, and mount point of the hard disks and their partitions are also displayed.
3.1.1 Partition Types Every hard disk has a partition table with space for four entries. Every entry in the partition table corresponds to a primary partition or an extended partition. Only one extended partition entry is allowed, however. A primary partition simply consists of a continuous range of cylinders (physical disk areas) assigned to a particular operating system. With primary partitions you would be limited to four partitions per hard disk, because more do not fit in the partition table.
4 Specify additional file system options if your setup requires them. This is necessary, for example, if you need persistent device names. For details on the available options, refer to Section 3.1.3, “Editing a Partition” (page 76). 5 Click Finish to apply your partitioning setup and leave the partitioning module. If you created the partition during installation, you are returned to the installation overview screen. 3.1.
space, consider adding more memory to your system instead of adding more swap space. WARNING: Changing the file system Changing the file system and reformatting partitions irreversibly deletes all data from the partition. Encrypt Device If you activate the encryption, all data is written to the hard disk in encrypted form. This increases the security of sensitive data, but reduces the system speed, as the encryption takes some time to process.
NOTE: Resize Filesystems To resize an existing file system, select the partition and use Resize. Note, that it is not possible to resize partitions while mounted. To resize partitions, unmount the relevant partition before running the partitioner. 3.1.4 Expert Options After you select a hard disk device (like sda) in the System View pane, you can access the Expert... menu in the lower right part of the Expert Partitioner window.
3.1.6 More Partitioning Tips The following section includes a few hints and tips on partitioning that should help you make the right decisions when setting up your system. TIP: Cylinder Numbers Note, that different partitioning tools may start counting the cylinders of a partition with 0 or with 1. When calculating the number of cylinders, you should always use the difference between the last and the first cylinder number and add one. 3.1.6.1 Using swap Swap is used to extend the available physical memory.
perform a “suspend to disk”. In that case, the swap size should be large enough to contain the necessary data from memory (512 MB–1GB). System with lots of swap (several GB) It is better to not have an application that is out of control and swapping excessively in this case. If you use such application, the system will need many hours to recover. In the process, it is likely that other processes get timeouts and faults, leaving the system in an undefined state, even after killing the faulty process.
cat /proc/swaps Note that at this point, it is only temporary swap space. After the next reboot, it is no longer utilized. 5 To enable this swap file permanently, add the following line to /etc/fstab: /var/lib/swap/swapfile swap swap defaults 0 0 3.1.7 Partitioning and LVM From the Expert partitioner, access the LVM configuration by clicking the Volume Management item in the System View pane.
WARNING Using LVM is sometimes associated with increased risk such as data loss. Risks also include application crashes, power failures, and faulty commands. Save your data before implementing LVM or reconfiguring volumes. Never work without a backup. 3.2.1 The Logical Volume Manager The LVM enables flexible distribution of hard disk space over several file systems.
have been defined. VG 1 contains two partitions from DISK 1 and one from DISK 2. VG 2 contains the remaining two partitions from DISK 2. In LVM, the physical disk partitions that are incorporated in a volume group are called physical volumes (PVs). Within the volume groups, four LVs (LV 1 through LV 4) have been defined. They can be used by the operating system via the associated mount points. The border between different LVs do not need to be aligned with any partition border.
3.2.2 LVM Configuration with YaST The YaST LVM configuration can be reached from the YaST Expert Partitioner (see Section 3.1, “Using the YaST Partitioner” (page 73)) within the Volume Management item in the System View pane. The Expert Partitioner allows you to edit and delete existing partitions and also create new ones that need to be used with LVM. The first task is to create PVs that provide space to a volume group: 1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab.
Figure 3.3 Creating a Volume Group If you have multiple volume groups defined and want to add or remove PVs, select the volume group in the Volume Management list and click Resize. In the following window, you can add or remove PVs to the selected volume group. 3.2.2.2 Configuring Logical Volumes After the volume group has been filled with PVs, define the LVs which the operating system should use in the next dialog. Choose the current volume group and change to the Logical Volumes tab.
Figure 3.4 Logical Volume Management Click Add and go through the wizard-like pop-up that opens: 1. Enter the name of the LV. For a partition that should be mounted to /home, a selfexplanatory name like HOME could be used. 2. Select the size and the number of stripes of the LV. If you have only one PV, selecting more than one stripe is not useful. 3. Choose the filesystem to use on the LV as well as the mount point.
If you have already configured LVM on your system, the existing logical volumes can also be used. Before continuing, assign appropriate mount points to these LVs. With Finish, return to the YaST Expert Partitioner and finish your work there. 3.3 Soft RAID Configuration The purpose of RAID (redundant array of independent disks) is to combine several hard disk partitions into one large virtual hard disk to optimize performance and/or data security.
faster in comparison to any one of the normal physical hard disks. The reason is that the duplicate data can be parallel-scanned. Generally it can be said that Level 1 provides nearly twice the read transfer rate of single disks and almost the same write transfer rate as single disks. RAID 5 RAID 5 is an optimized compromise between Level 0 and Level 1, in terms of performance and redundancy. The hard disk space equals the number of disks used minus one.
1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab. 3 Click Add and enter the desired size of the raid partition on this disk. 4 Use Do not Format the Partition and change the File System ID to 0xFD Linux RAID. Do not mount this partition. 5 Repeat this procedure until you have defined all the desired physical volumes on the available disks. For RAID 0 and RAID 1, at least two partitions are needed—for RAID 1, usually exactly two and no more.
the partition remains unused. After assigning all partitions, click Next to select the available RAID Options. In this last step, set the file system to use as well as encryption and the mount point for the RAID volume. After completing the configuration with Finish, see the /dev/md0 device and others indicated with RAID in the expert partitioner. 3.3.2 Troubleshooting Check the file /proc/mdstat to find out whether a RAID partition has been damaged.
Part II.
32-Bit and 64-Bit Applications in a 64-Bit System Environment 4 openSUSE® is available for 64-bit platforms. This does not necessarily mean that all the applications included have already been ported to 64-bit platforms. openSUSE supports the use of 32-bit applications in a 64-bit system environment. This chapter offers a brief overview of how this support is implemented on 64-bit openSUSE platforms.
An exception to this rule is PAM (pluggable authentication modules). openSUSE uses PAM in the authentication process as a layer that mediates between user and application. On a 64-bit operating system that also runs 32-bit applications it is necessary to always install both versions of a PAM module. To be executed correctly, every application requires a range of libraries. Unfortunately, the names for the 32-bit and 64-bit versions of these libraries are identical.
4.3 Software Compilation on Biarch Platforms To develop binaries for the other architecture on a biarch architecture, the respective libraries for the second architecture must additionally be installed. These packages are called rpmname-32bit. You also need the respective headers and libraries from the rpmname-devel packages and the development libraries for the second architecture from rpmname-devel-32bit. Most open source programs use an autoconf-based program configuration.
Not all of these variables are needed for every program. Adapt them to the respective program. CC="gcc -m32" LDFLAGS="-L/usr/lib;" ./configure --prefix=/usr --libdir=/usr/lib --x-libraries=/usr/lib make make install 4.4 Kernel Specifications The 64-bit kernels for x86_64 offer both a 64-bit and a 32-bit kernel ABI (application binary interface). The latter is identical with the ABI for the corresponding 32-bit kernel.
Booting and Configuring a Linux System 5 With the release of openSUSE 12.1 switched from System-V init to systemd. When booting openSUSE, systemd is started as the very firts process and is responsible for starting, stopping and controlling all other processes on the system. See http://en .opensuse.org/SDB:Systemd for more information.
6 The Boot Loader GRUB This chapter describes how to configure GRUB (Grand Unified Bootloader), the boot loader used in openSUSE®. A special YaST module is available for configuring all settings. If you are not familiar with the subject of booting in Linux, read the following sections to acquire some background information. This chapter also describes some of the problems frequently encountered when booting with GRUB and their solutions.
Boot Sectors Boot sectors are the first sectors of hard disk partitions with the exception of the extended partition, which merely serves as a “container” for other partitions. These boot sectors have 512 bytes of space for code used to boot an operating system installed in the respective partition. This applies to boot sectors of formatted DOS, Windows, and OS/2 partitions, which also contain some basic important data of the file system.
the user for how to proceed. For details, see Section 6.1.1.3, “Editing Menu Entries during the Boot Procedure” (page 106). /boot/grub/device.map This file translates device names from the GRUB and BIOS notation to Linux device names. /etc/grub.conf This file contains the commands, parameters and options the GRUB shell needs for installing the boot loader correctly.
6.1.1 The File /boot/grub/menu.lst The graphical splash screen with the boot menu is based on the GRUB configuration file /boot/grub/menu.lst, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB loads the menu file from the file system. For this reason, GRUB does not need to be reinstalled after every change to the file. Use the YaST boot loader to modify the GRUB configuration as described in Section 6.
The command root simplifies the specification of kernel and initrd files. The only argument of root is a device or a partition. This device is used for all kernel, initrd, or other file paths for which no device is explicitly specified until the next root command. The boot command is implied at the end of every menu entry, so it does not need to be written into the menu file. However, if you use GRUB interactively for booting, you must enter the boot command at the end. The command itself has no arguments.
Unfortunately, it is often not possible to map the Linux device names to BIOS device names exactly. It generates this mapping with the help of an algorithm and saves it to the file device.map, which can be edited if necessary. Information about the file device.map is available in Section 6.1.2, “The File device.map” (page 107). A complete GRUB path consists of a device name written in parentheses and the path to the file in the file system in the specified partition. The path begins with a slash.
❷ Color scheme: white (foreground), blue (background), black (selection) and light gray (background of the selection). The color scheme has no effect on the splash screen, only on the customizable GRUB menu that you can access by exiting the splash screen with Esc. ❸ The first (0) menu entry title linux is booted by default. ❹ After eight seconds without any user input, GRUB automatically boots the default entry. To deactivate automatic boot, delete the timeout line.
6.1.1.3 Editing Menu Entries during the Boot Procedure In the graphical boot menu, select the operating system to boot with the arrow keys. If you select a Linux system, you can enter additional boot parameters at the boot prompt. To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB text-based menu then press E. Changes made in this way only apply to the current boot and are not adopted permanently.
6.1.2 The File device.map The file device.map maps GRUB and BIOS device names to Linux device names. In a mixed system containing PATA (IDE) and SCSI hard disks, GRUB must try to determine the boot sequence by a special procedure, because GRUB may not have access to the BIOS information on the boot sequence. GRUB saves the result of this analysis in the file /boot/grub/device.map. Example device.
This command tells GRUB to automatically install the boot loader to the second partition on the first hard disk (hd0,1) using the boot images located on the same partition. The --stage2=/boot/grub/stage2 parameter is needed to install the stage2 image from a mounted file system. Some BIOSes have a faulty LBA support implementation, --force-lba provides a solution to ignore them. 6.1.
640x480 800x600 1024x768 1280x1024 1600x1200 15bit 0x310 0x313 0x316 0x319 0x31D 16bit 0x311 0x314 0x317 0x31A 0x31E 24bit 0x312 0x315 0x318 0x31B 0x31F DEFAULT_APPEND / FAILSAFE_APPEND / XEN_KERNEL_APPEND Kernel parameters (other than vga) that are automatically appended to the default, failsafe and XEN boot entries in the bootloader configuration file.
gfxmenu (hd0,4)/message color white/blue black/light-gray default 0 timeout 8 password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/ Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu. 3 To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password.
Figure 6.1 Boot Loader Settings Use the Section Management tab to edit, change and delete boot loader sections for the individual operating systems. To add an option, click Add. To change the value of an existing option, select it with the mouse and click Edit. To remove an existing entry, select it and click Delete. If you are not familiar with boot loader options, read Section 6.1, “Booting with GRUB” (page 100) first.
6.2.1 Adjusting the Default Boot Entry To change the system that is booted by default, proceed as follows: Procedure 6.1 Setting the Default System 1 Open the Section Management tab. 2 Select the desired entry from the list. 3 Click Set as Default. 4 Click OK to activate these changes. 6.2.2 Modifying the Boot Loader Location To modify the location of the boot loader, follow these steps: Procedure 6.
2 Click OK to apply your changes. 6.2.3 Changing the Boot Loader Time-Out The boot loader does not boot the default system immediately. During the time-out, you can select the system to boot or write some kernel parameters. To set the boot loader time-out, proceed as follows: Procedure 6.3 Changing the Boot Loader Time-Out 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Options.
3 Activate the Protect Boot Loader with Password option with a click and type in your Password twice. 4 Click OK twice to save the changes. 6.2.5 Adjusting the Disk Order If your computer has more than one hard disk, you can specify the boot sequence of the disks to match the BIOS setup of the machine (see Section 6.1.2, “The File device.map” (page 107)). To do so, proceed as follows: Procedure 6.5 Setting the Disk Order 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Installation Details.
WARNING When hiding the boot menu, you will not be able to access GRUB during boot time. When having set the default boot option to a non-Linux operation system at the same time, this effectively disables access to the Linux system. Use Trusted GRUB Starts the Trusted GRUB which supports trusted computing functionality. Enable Acoustic Signals Enables or disables acoustic signals in GRUB. Graphical Menu File Path to the graphics file used when displaying the boot screen.
Propose New Configuration Have YaST propose a new configuration. Convert Current Configuration Have YaST convert the current configuration. When converting the configuration, some settings may be lost. Start New Configuration from Scratch Write a custom configuration. This action is not available during the installation of openSUSE. Read Configuration Saved on Disk Load your own /etc/lilo.conf. This action is not available during the installation of openSUSE. 4 Click OK two times to save the changes.
6.4 Creating Boot CDs If problems occur while booting your system using a boot manager or if the boot manager cannot be installed on your hard disk disk, it is also possible to create a bootable CD with all the necessary start-up files for Linux. This requires a CD writer be installed in your system. Creating a bootable CD-ROM with GRUB merely requires a special form of stage2 called stage2_eltorito and, optionally, a customized menu.lst. The classic files stage1 and stage2 are not required. Procedure 6.
Use splash=silent instead of splash=verbose to prevent the boot messages from appearing during the boot procedure. 5 Create the ISO image with the following command: genisoimage -R -b boot/grub/stage2_eltorito -no-emul-boot \ -boot-load-size 4 -boot-info-table -iso-level 2 -input-charset utf-8 \ -o grub.iso /tmp/iso 6 Write the resulting file grub.iso to a CD using your preferred utility. Do not burn the ISO image as a data file, but use the option for burning a CD image in your burning utility. 6.
6.6 Troubleshooting This section lists some of the problems frequently encountered when booting with GRUB and a short description of possible solutions. Some of the problems are covered in articles in the Support Database at http://en.opensuse.org/Portal: Support_database. Use the search dialog to search for keywords like GRUB, boot and boot loader. GRUB and XFS XFS leaves no room for stage1 in the partition boot block. Therefore, do not specify an XFS partition as the location of the boot loader.
Booting Windows from the Second Hard Disk Some operating systems, such as Windows, can only boot from the first hard disk. If such an operating system is installed on a hard disk other than the first hard disk, you can effect a logical change for the respective menu entry. ... title windows map (hd0) (hd1) map (hd1) (hd0) chainloader(hd1,0)+1 ... In this example, Windows is started from the second hard disk. For this purpose, the logical order of the hard disks is changed with map.
7 Special System Features This chapter starts with information about various software packages, the virtual consoles and the keyboard layout. We talk about software components like bash, cron and logrotate, because they were changed or enhanced during the last release cycles. Even if they are small or considered of minor importance, users may want to change their default behavior, because these components are often closely coupled with the system.
1. /etc/profile 2. ~/.profile 3. /etc/bash.bashrc 4. ~/.bashrc Make custom settings in ~/.profile or ~/.bashrc. To ensure the correct processing of these files, it is necessary to copy the basic settings from /etc/skel/ .profile or /etc/skel/.bashrc into the home directory of the user. It is recommended to copy the settings from /etc/skel after an update. Execute the following shell commands to prevent the loss of personal adjustments: mv cp mv cp ~/.bashrc ~/.bashrc.old /etc/skel/.bashrc ~/.bashrc ~/.
A number of packages install shell scripts to the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, whose execution is controlled by /usr/lib/cron/run-crons. /usr/lib/cron/run -crons is run every 15 minutes from the main table (/etc/crontab). This guarantees that processes that may have been neglected can be run at the proper time.
Configure logrotate with the file /etc/logrotate.conf. In particular, the include specification primarily configures the additional files to read. Programs that produce log files install individual configuration files in /etc/logrotate.d. For example, such files ship with the packages apache2 (/etc/logrotate.d/ apache2) and syslogd (/etc/logrotate.d/syslog). Example 7.3 Example for /etc/logrotate.
7.1.4 The locate Command locate, a command for quickly finding files, is not included in the standard scope of installed software. If desired, install the package findutils-locate. The updatedb process is started automatically every night or about 15 minutes after booting the system. 7.1.5 The ulimit Command With the ulimit (user limits) command, it is possible to set limits for the use of system resources and to have these displayed.
Example 7.4 ulimit: Settings in ~/.bashrc # Limits maximum resident set size (physical memory): ulimit -m 98304 # Limits of virtual memory: ulimit -v 98304 Memory allocations must be specified in KB. For more detailed information, see man bash. IMPORTANT Not all shells support ulimit directives. PAM (for instance, pam_limits) offers comprehensive adjustment possibilities if you depend on encompassing settings for these restrictions. 7.1.
7.1.7 Man Pages and Info Pages For some GNU applications (such as tar), the man pages are no longer maintained. For these commands, use the --help option to get a quick overview of the info pages, which provide more in-depth instructions. Info is GNU's hypertext system. Read an introduction to this system by entering info info. Info pages can be viewed with Emacs by entering emacs -f info or directly in a console with info. You can also use tkinfo, xinfo or the help system to view info pages. 7.1.
With openSUSE, the emacs package installs the file site-start.el in the directory /usr/share/emacs/site-lisp. The file site-start.el is loaded before the initialization file ~/.emacs. Among other things, site-start.el ensures that special configuration files distributed with Emacs add-on packages, such as psgml, are loaded automatically. Configuration files of this type are located in /usr/share/ emacs/site-lisp, too, and always begin with suse-start-.
7.3 Keyboard Mapping To standardize the keyboard mapping of programs, changes were made to the following files: /etc/inputrc /etc/X11/Xmodmap /etc/skel/.emacs /etc/skel/.gnu-emacs /etc/skel/.vimrc /etc/csh.cshrc /etc/termcap /usr/share/terminfo/x/xterm /usr/share/X11/app-defaults/XTerm /usr/share/emacs/VERSION/site-lisp/term/*.el These changes only affect applications that use terminfo entries or whose configuration files are changed directly (vi, emacs, etc.).
Settings are made with LC_ variables defined in the file /etc/sysconfig/ language. This refers not only to native language support, but also to the categories Messages (Language), Character Set, Sort Order, Time and Date, Numbers and Money. Each of these categories can be defined directly with its own variable or indirectly with a master variable in the file language (see the locale man page).
It only makes sense to set values for which usable description files can be found in /usr/lib/locale. Additional description files can be created from the files in /usr/share/i18n using the command localedef. The description files are part of the glibc-i18ndata package. A description file for en_US.UTF-8 (for English and United States) can be created with: localedef -i en_US -f UTF-8 en_US.UTF-8 LANG=en_US.UTF-8 This is the default setting if American English is selected during installation.
• For tcsh: At login, /etc/csh.login reads /etc/profile.d/lang.csh which, in turn, analyzes /etc/sysconfig/language. This ensures that any changes to /etc/sysconfig/language are available at the next login to the respective shell, without having to run SuSEconfig first. Users can override the system defaults by editing their ~/.bashrc accordingly. For instance, if you do not want to use the systemwide en_US for program messages, include LC_MESSAGES=es_ES so that messages are displayed in Spanish instead.
LANGUAGE="nn_NO:nb_NO:no" or LANG="nb_NO" LANGUAGE="nb_NO:nn_NO:no" Note that in Norwegian, LC_TIME is also treated differently. One problem that can arise is a separator used to delimit groups of digits not being recognized properly. This occurs if LANG is set to only a two-letter language code like de, but the definition file glibc uses is located in /usr/share/lib/de_DE/LC _NUMERIC. Thus LC_NUMERIC must be set to de_DE to make the separator definition visible to the system. 7.4.
Dynamic Kernel Device Management with udev 8 The kernel can add or remove almost any device in a running system. Changes in the device state (whether a device is plugged in or removed) need to be propagated to userspace. Devices need to be configured as soon as they are plugged in and recognized. Users of a certain device need to be informed about any changes in this device's recognized state.
is copied to the /dev directory with the same ownership and permissions as the files in /lib/udev/devices. 8.2 Kernel uevents and udev The required device information is exported by the sysfs file system. For every device the kernel has detected and initialized, a directory with the device name is created. It contains attribute files with device-specific properties. Every time a device is added or removed, the kernel sends a uevent to notify udev of the change.
Every device driver carries a list of known aliases for devices it can handle. The list is contained in the kernel module file itself. The program depmod reads the ID lists and creates the file modules.alias in the kernel's /lib/modules directory for all currently available modules. With this infrastructure, module loading is as easy as calling modprobe for every event that carries a MODALIAS key.
8.5 Monitoring the Running udev Daemon The program udevadm monitor can be used to visualize the driver core events and the timing of the udev event processes. UEVENT[1185238505.276660] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UDEV [1185238505.279198] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UEVENT[1185238505.279527] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UDEV [1185238505.285573] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UEVENT[1185238505.
REL=103 MODALIAS=input:b0003v046DpC03Ee0110-e0,1,2,k110,111,112,r0,1,8,amlsfw udev also sends messages to syslog. The default syslog priority that controls which messages are sent to syslog is specified in the udev configuration file /etc/udev/ udev.conf. The log priority of the running daemon can be changed with udevadm control log_priority=level/number. 8.
The console rule consists of three keys: one match key (KERNEL) and two assign keys (MODE, OPTIONS). The KERNEL match rule searches the device list for any items of the type console. Only exact matches are valid and trigger this rule to be executed. The MODE key assigns special permissions to the device node, in this case, read and write permissions to the owner of this device only. The OPTIONS key makes this rule the last rule to be applied to any device of this type.
• A key's operation is determined by the operator. udev rules support several different operators. • Each given value must be enclosed by quotation marks. • Each line of the rules file represents one rule. If a rule is longer than just one line, use \ to join the different lines just as you would do in shell syntax. • udev rules support a shell-style pattern that matches the *, ?, and [] patterns. • udev rules support substitutions. 8.6.
8.6.2 Using Substitutions in udev Rules udev rules support the use of placeholders and substitutions. Use them in a similar fashion as you would do in any other scripts. The following substitutions can be used with udev rules: %r, $root The device directory, /dev by default. %p, $devpath The value of DEVPATH. %k, $kernel The value of KERNEL or the internal device name. %n, $number The device number. %N, $tempnode The temporary name of the device file. %M, $major The major number of the device.
$$ The $ character. 8.6.3 Using udev Match Keys Match keys describe conditions that must be met before a udev rule can be applied. The following match keys are available: ACTION The name of the event action, for example, add or remove when adding or removing a device. DEVPATH The device path of the event device, for example, DEVPATH=/bus/pci/drivers/ipw3945 to search for all events related to the ipw3945 driver. KERNEL The internal (kernel) name of the event device.
ATTRS{filename} Let udev search the device path upwards for a device with matching sysfs attribute values. ENV{key} The value of an environment variable, for example, ENV{ID_BUS}="ieee1394 to search for all events related to the FireWire bus ID. PROGRAM Let udev execute an external program. To be successful, the program must return with exit code zero. The program's output, printed to stdout, is available to the RESULT key. RESULT Match the output string of the last PROGRAM call.
ATTR{key} Specify a value to be written to a sysfs attribute of the event device. If the == operator is used, this key is also used to match against the value of a sysfs attribute. ENV{key} Tell udev to export a variable to the environment. If the == operator is used, this key is also used to match against an environment variable. RUN Tell udev to add a program to the list of programs to be executed for this device.
• last_rule tells udev to ignore all later rules. • ignore_device tells udev to ignore this event completely. • ignore_remove tells udev to ignore all later remove events for the device. • all_partitions tells udev to create device nodes for all available partitions on a block device. 8.
8.8 Files used by udev /sys/* Virtual file system provided by the Linux kernel, exporting all currently known devices. This information is used by udev to create device nodes in /dev /dev/* Dynamically created device nodes and static content copied at boot time from /lib/udev/devices/* The following files and directories contain the crucial elements of the udev infrastructure: /etc/udev/udev.conf Main udev configuration file. /etc/udev/rules.d/* udev event matching rules.
udevd Information about the udev event managing daemon.
Part III.
9 Basic Networking Linux offers the necessary networking tools and features for integration into all types of network structures. Network access using a network card, modem or other device can be configured with YaST. Manual configuration is also possible. In this chapter only the fundamental mechanisms and the relevant network configuration files are covered. Linux and other Unix operating systems use the TCP/IP protocol.
Table 9.1 Several Protocols in the TCP/IP Protocol Family Protocol Description TCP Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system. The data arrives at the respective application on the destination host in the original data stream format it was initially sent. TCP determines whether any data has been lost or jumbled during the transmission.
Figure 9.1 Simplified Layer Model for TCP/IP The diagram provides one or two examples for each layer. The layers are ordered according to abstraction levels. The lowest layer is very close to the hardware. The uppermost layer, however, is almost a complete abstraction from the hardware. Every layer has its own special function. The special functions of each layer are mostly implicit in their description. The data link and physical layers represent the physical network used, such as ethernet.
cated at the end of the packet, not at the beginning. This simplifies things for the network hardware. Figure 9.2 TCP/IP Ethernet Packet Usage Data (maximum 1460 bytes) TCP (Layer 4) Protocol Header (approx. 20 bytes) IP (Layer 3) Protocol Header (approx. 20 bytes) Ethernet (Layer 2) Protocol Header (approx. 14 bytes) + Checksum (2 bytes) When an application sends data over the network, the data passes through each layer, all implemented in the Linux kernel except the physical layer.
9.1.1 IP Addresses Every computer on the Internet has a unique 32-bit address. These 32 bits (or 4 bytes) are normally written as illustrated in the second row in Example 9.1, “Writing IP Addresses” (page 155). Example 9.1 Writing IP Addresses IP Address (binary): 11000000 10101000 00000000 00010100 IP Address (decimal): 192. 168. 0. 20 In decimal form, the four bytes are written in the decimal number system, separated by periods. The IP address is assigned to a host or a network interface.
Example 9.2 Linking IP Addresses to the Netmask IP address (192.168.0.20): 11000000 10101000 00000000 00010100 Netmask (255.255.255.0): 11111111 11111111 11111111 00000000 --------------------------------------------------------------Result of the link: 11000000 10101000 00000000 00000000 In the decimal system: 192. 168. 0. 0 IP address (213.95.15.200): 11010101 10111111 00001111 11001000 Netmask (255.255.255.
Address Type Description ple therefore results in 192.168.0.255. This address cannot be assigned to any hosts. Local Host The address 127.0.0.1 is assigned to the “loopback device” on each host. A connection can be set up to your own machine with this address and with all addresses from the complete 127.0.0.0/8 loopback network as defined with IPv4. With IPv6 there is just one loopback address (::1). Because IP addresses must be unique all over the world, you cannot just select random addresses.
As mentioned, an IPv4 address consists of only 32 bits. Also, quite a few IP addresses are lost—they cannot be used due to the way in which networks are organized. The number of addresses available in your subnet is two to the power of the number of bits, minus two. A subnetwork has, for example, 2, 6, or 14 addresses available.
from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery (ND) protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server or the usage of ARP and 169.254.0.0/16 addresses.
servers to address hosts through multicasting—by addressing a number of hosts as parts of a group (which is different from addressing all hosts through broadcasting or each host individually through unicasting). Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers (the all name servers multicast group), for example, or all routers (the all routers multicast group). 9.2.
for some reason, the protocol automatically selects the second closest server, then the third one, and so forth. An IPv6 address is made up of eight four-digit fields, each representing 16 bits, written in hexadecimal notation. They are separated by colons (:). Any leading zero bytes within a given field may be dropped, but zeros within the field or at its end may not. Another convention is that more than four consecutive zero bytes may be collapsed into a double colon.
Prefix (hex) Definition Several special addresses, such as the one for the loopback device, have this prefix as well. 2 or 3 as the first digit Aggregatable global unicast addresses. As is the case with IPv4, an interface can be assigned to form part of a certain subnetwork. Currently, there are the following address spaces: 2001::/16 (production quality address space) and 2002::/16 (6to4 address space). fe80::/10 Link-local addresses.
the remaining 24 bits containing special information about the token type. This also makes it possible to assign an EUI-64 token to interfaces that do not have a MAC, such as those based on PPP or ISDN. On top of this basic structure, IPv6 distinguishes between five different types of unicast addresses: :: (unspecified) This address is used by the host as its source address when the interface is initialized for the first time—when the address cannot yet be determined by other means.
face ID, and a 16 bit field specifying the subnetwork ID. Again, the rest is filled with zero bytes. As a completely new feature introduced with IPv6, each network interface normally gets several IP addresses, with the advantage that several networks can be accessed through the same interface.
across an IPv4 network. Such a connection between two IPv4 hosts is called a tunnel. To achieve this, packets must include the IPv6 destination address (or the corresponding prefix) as well as the IPv4 address of the remote host at the receiving end of the tunnel. A basic tunnel can be configured manually according to an agreement between the hosts' administrators. This is also called static tunneling.
enter modprobe -i ipv6 as root. It is basically impossible to unload the ipv6 module once loaded. Because of the autoconfiguration concept of IPv6, the network card is assigned an address in the link-local network. Normally, no routing table management takes place on a workstation. The network routers can be queried by the workstation, using the router advertisement protocol, for what prefix and gateways should be implemented. The radvd program can be used to set up an IPv6 router.
9.3 Name Resolution DNS assists in assigning an IP address to one or more names and assigning a name to an IP address. In Linux, this conversion is usually carried out by a special type of software known as bind. The machine that takes care of this conversion is called a name server. The names make up a hierarchical system in which each name component is separated by a period. The name hierarchy is, however, independent of the IP address hierarchy described above. Consider a complete name, such as jupiter.
at all. The dial-up protocol provides the name server address as the connection is made. The configuration of name server access with openSUSE® is described in Section 9.4.1.4, “Configuring Hostname and DNS” (page 177). Setting up your own name server is described in Chapter 11, The Domain Name System (page 215). The protocol whois is closely related to DNS. With this program, quickly find out who is responsible for any given domain. NOTE: MDNS and .local Domain Names The .
9.4.1 Configuring the Network Card with YaST To configure your wired or wireless network card in YaST, select Network Devices > Network Settings. After starting the module, YaST displays the Network Settings dialog with four tabs: Global Options, Overview, Hostname/DNS and Routing. The Global Options tab allows you to set general networking options such as the use of NetworkManager, IPv6 and general DHCP options. For more information, see Section 9.4.1.1, “Configuring Global Networking Options” (page 170).
Figure 9.3 Configuring Network Settings 9.4.1.1 Configuring Global Networking Options The Global Options tab of the YaST Network Settings module allows you to set important global networking options, such as the use of NetworkManager, IPv6 and DHCP client options. These settings are applicable for all network interfaces. In the Network Setup Method choose the way network connections are managed.
In the IPv6 Protocol Settings choose whether you want to use the IPv6 protocol. It is possible to use IPv6 together with IPv4. By default, IPv6 is activated. However, in networks not using IPv6 protocol, response times can be faster with IPv6 protocol disabled. If you want to disable IPv6, uncheck the Enable IPv6 option. This disables autoload of the kernel module for IPv6. This will be applied after reboot. In the DHCP Client Options configure options for the DHCP client.
If using Dynamic Address, select whether to use DHCP Version 4 Only (for IPv4), DHCP Version 6 Only (for IPv6) or DHCP Both Version 4 and 6. If possible, the first network card with link that is available during the installation is automatically configured to use automatic address setup via DHCP. In case of laptop computers where NetworkManager is active by default, all network cards are configured.
Configuring Aliases One network device can have multiple IP addresses, called aliases. NOTE: Aliases Are a Compatibility Feature These so-called aliases resp. labels work with IPv4 only. With IPv6 they will be ignored. Using iproute2 network interfaces can have one or more addresses. Using YaST to set an alias for your network card, proceed as follows: 1 Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit.
4 To change the device name, check the Change Device Name option and edit the name. 5 Click OK and Next. 6 To activate the configuration, click OK. Changing Network Card Kernel Driver For some network cards, several kernel drivers may be available. If the card is already configured, YaST allows you to select a kernel driver to be used from a list of available suitable drivers. It is also possible to specify options for the kernel driver.
Hotplug, the interface is set as soon as available. It is similar to the At Boot Time option, and only differs in the fact that no error occurs if the interface is not present at boot time. Choose Manually to control the interface manually with ifup. Choose Never to not start the device at all. The On NFSroot is similar to At Boot Time, but the interface does not shut down with the rcnetwork stop command. Use this if you use an nfs or iscsi root file system. 3 Click Next.
2 Enter the General tab of the Network Settings dialog. 3 Determine the firewall zone to which your interface should be assigned. The following options are available: Firewall Disabled This option is available only if the firewall is disabled and the firewall does not run at all. Only use this option if your machine is part of a greater network that is protected by an outer firewall. Automatically Assign Zone This option is available only if the firewall is enabled.
as bridge, bond, TUN or TAP. To configure an undetected network card (or a special device) proceed as follows: 1 In the Network Devices > Network Settings > Overview dialog in YaST click Add. 2 In the Hardware dialog, set the Device Type of the interface from the available options and Configuration Name. If the network card is a PCMCIA or USB device, activate the respective check box and exit this dialog with Next.
To change the name of your computer and adjust the name server search list, proceed as follows: 1 Go to the Network Settings > Hostname/DNS tab in the Network Devices module in YaST. 2 Enter the Hostname and, if needed, the Domain Name. The domain is especially important if the machine is a mail server. Note that the hostname is global and applies to all set network interfaces. If you are using DHCP to get an IP address, the hostname of your computer will be automatically set by the DHCP.
STATIC The static settings have to be merged together with the dynamic settings. STATIC_FALLBACK The static settings are used only when no dynamic configuration is available. For more information, see the man 8 netconfig. 4 Enter the Name Servers and fill in the Domain Search list. Name servers must be specified by IP addresses, such as 192.168.1.116, not by hostnames. Names specified in the Domain Search tab are domain names used for resolving hostnames without a specified domain.
enter - metric number in Options. The route with the highest metric is used as default. If the network device is disconnected, its route will be removed and the next one will be used. However, the current kernel does not use metric in static routing, only routing daemons like multipathd do. 4 If the system is a router, enable the IP Forwarding option in the Network Settings. 5 To activate the configuration, click OK. 9.4.
Figure 9.4 Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone. The last option should not be enabled if the modem is connected to an exchange. Under Details, set the baud rate and the modem initialization strings.
In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP. This includes a name for the dial-up connection and ISP as well as the login and password provided by your ISP. Enable Always Ask for Password to be prompted for the password each time you connect.
IP address and the remote IP address. Ask your ISP for this information. Leave Default Route enabled and close the dialog by selecting OK. Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK. 9.4.3 ISDN Use this module to configure one or several ISDN cards for your system. If YaST did not detect your ISDN card, click on Add in the ISDN Devices tab and manually select your card.
your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option. Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots. Manually requires you to load the ISDN driver as root with the command rcisdn start. On Hotplug, used for PCMCIA or USB devices, loads the driver after the device is plugged in. When finished with these settings, select OK.
wrong number, your phone operator automatically falls back to the first MSN assigned to your ISDN line. ISDN Card Connected to a Private Branch Exchange Again, the configuration may vary depending on the equipment installed: 1. Smaller private branch exchanges (PBX) built for home purposes mostly use the Euro-ISDN (EDSS1) protocol for internal calls. These exchanges have an internal S0 bus and use internal numbers for the equipment connected to them. Use one of the internal numbers as your MSN.
When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next. To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99.
• Point-to-Point Tunneling Protocol (PPTP)—Austria In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way.
Figure 9.7 DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP.
9.5 NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. With NetworkManager, you do not need to worry about configuring network interfaces and switching between networks when you are moving. 9.5.1 NetworkManager and ifup However, NetworkManager is not a suitable solution for all cases, so you can still choose between the traditional method for managing network connections (ifup) and NetworkManager.
mobile broadband (3G) modem, which is not possible with the traditional configuration. NetworkManager tries to keep your computer connected at all times using the best connection available. If the network cable is accidentally disconnected, it tries to reconnect. It can find the network with the best signal strength from the list of your wireless connections and automatically use it to connect. To get the same functionality with ifup, a great deal of configuration effort is required. 9.5.
The following table gives an overview of the PolicyKit identifiers related to NetworkManager: Table 9.5 PolicyKit Identifiers for NetworkManager Identifier Description org.freedesktop.NetworkManager.enabledisable-network Enable or disable system networking org.freedesktop.NetworkManager.sleep-wake Put NetworkManager to sleep or wake it up org.freedesktop.NetworkManager.enabledisable-wwan Enable or disable mobile broadband devices org.freedesktop.NetworkManager.
9.6 Configuring a Network Connection Manually Manual configuration of the network software should always be the last alternative. Using YaST is recommended. However, this background information about the network configuration can also assist your work with YaST. When the Kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the Kernel modules.
Command Function stop to stop, rcnetwork start to start and rcnetwork restart to restart network interfaces. If you want to stop, start or restart just one interface, use the command followed by the interface name, for example rcnetwork restart eth0. The rcnetwork status command displays the state of the interfaces, their IP addresses and whether a DHCP client is running.
9.6.1.2 /etc/sysconfig/network/config, /etc/sysconfig/network/dhcp, and /etc/sysconfig/network/wireless The file config contains general settings for the behavior of ifup, ifdown and ifstatus. dhcp contains settings for DHCP and wireless for wireless LAN cards. The variables in all three configuration files are commented. Some of the variables from /etc/sysconfig/network/config can also be used in ifcfg-* files, where they are given a higher priority. The /etc/sysconfig/network/ifcfg .
behind a gateway. For example, the mask is 255.255.255.255 for a host behind a gateway. The fourth column is only relevant for networks connected to the local host such as loopback, Ethernet, ISDN, PPP and dummy device. The device name must be entered here. An (optional) fifth column can be used to specify the type of a route. Columns that are not needed should contain a minus sign - to ensure that the parser correctly interprets the command. For details, refer to the routes(5) man page.
However, the /etc/resolv.conf should not be edited by hand. Instead, it is generated by the netconfig script.
settings from standard input or from a file specified with the --lease-file filename option and internally stores them until a system reboot (or the next modify or remove action). Already existing settings for the same interface and service combination are overwritten. The interface is specified by the -i interface_name parameter. The service is specified by the -s service_name parameter.
the beginning of the line and the entries separated by blanks and tabs. Comments are always preceded by the # sign. Example 9.6 /etc/hosts 127.0.0.1 localhost 192.168.2.100 jupiter.example.com jupiter 192.168.2.101 venus.example.com venus 9.6.1.7 /etc/networks Here, network names are converted to network addresses. The format is similar to that of the hosts file, except the network names precede the addresses. See Example 9.7, “/etc/networks” (page 198). Example 9.7 /etc/networks loopback localnet 127.0.
multi on/off Defines if a host entered in /etc/hosts can have multiple IP addresses. nospoof on spoofalert on/off These parameters influence the name server spoofing but do not exert any influence on the network configuration. trim domainname The specified domain name is separated from the hostname after hostname resolution (as long as the hostname includes the domain name).
Example 9.9 /etc/nsswitch.conf passwd: group: compat compat hosts: networks: files dns files dns services: protocols: rpc: ethers: netmasks: netgroup: publickey: db files db files files files files files nis files bootparams: automount: aliases: shadow: files files nis files nis compat The “databases” available over NSS are listed in Table 9.8, “Databases Available via /etc/nsswitch.conf” (page 200). The configuration options for NSS databases are listed in Table 9.
networks Network names and addresses, used by getnetent. publickey Public and secret keys for Secure_RPC used by NFS and NIS+.. passwd User passwords, used by getpwent; see the passwd(5) man page. protocols Network protocols, used by getprotoent; see the protocols(5) man page. rpc Remote procedure call names and addresses, used by getrpcbyname and similar functions. services Network services, used by getservent. shadow Shadow passwords of users, used by getspnam; see the shadow(5) man page.
groups are cached by nscd. This is important for the performance of directory services, like NIS and LDAP, because otherwise the network connection needs to be used for every access to names or groups. hosts is not cached by default, because the mechanism in nscd to cache hosts makes the local system unable to trust forward and reverse lookup checks. Instead of asking nscd to cache names, set up a caching DNS server.
neighbor This object represents a ARP or NDISC cache entry. route This object represents the routing table entry. rule This object represents a rule in the routing policy database. maddress This object represents a multicast address. mroute This object represents a multicast routing cache entry. tunnel This object represents a tunnel over IP. If no command is given, the default command is used (usually list). Change the state of a device with the command ip link set device_name command.
For more information about using ip, enter ip help or see the ip(8) man page. The help option is also available for all ip subcommands. If, for example, you need help for ip addr, enter ip addr help. Find the ip manual in /usr/share/ doc/packages/iproute2/ip-cref.pdf. 9.6.2.2 Testing a Connection with ping The ping command is the standard tool for testing whether a TCP/IP connection works.
In a system with multiple network devices, it is sometimes useful to send the ping through a specific interface address. To do so, use the -I option with the name of the selected device, for example, ping -I wlan1 example.com. For more options and information about using ping, enter ping -h or see the ping (8) man page. TIP: Pinging IPv6 Addresses For IPv6 addresses use the ping6 command. Note, to ping link-local addresses, you must specify the interface with -I.
Example 9.11 Output of the ifconfig Command eth0 Link encap:Ethernet HWaddr 00:08:74:98:ED:51 inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:634735 errors:0 dropped:0 overruns:4 frame:0 TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:162531992 (155.0 Mb) TX bytes:49575995 (47.2 Mb) Interrupt:11 Base address:0xec80 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.
Example 9.12 Output of the route -n Command route -n Kernel IP routing table Destination Gateway 10.20.0.0 * link-local * loopback * default styx.exam.com Genmask 255.255.248.0 255.255.0.0 255.0.0.0 0.0.0.0 Flags U U U UG MSS 0 0 0 0 Window 0 0 0 0 irtt 0 0 0 0 Iface eth0 eth0 lo eth0 For more options and information about using route, enter route -h or see the route (8) man page. 9.6.
/etc/init.d/ypbind Starts the NIS client. 9.7 smpppd as Dial-up Assistant Some home users do not have a dedicated line connecting them to the Internet. Instead, they use dial-up connections. Depending on the dial-up method (ISDN or DSL), the connection is controlled by ipppd or pppd. Basically, all that needs to be done to go online is to start these programs correctly.
bind-address = ip address If a host has several IP addresses, use this parameter to determine at which IP address smpppd should accept connections. The default is to listen at all addresses. host-range = min ipmax ip The parameter host-range defines a network range. Hosts whose IP addresses are within this range are granted access to smpppd. All hosts not within this range are denied access. password = password By assigning a password, limit the clients to authorized hosts.
port = port The port on which smpppd runs. password = password The password selected for smpppd.
SLP Services in the Network 10 The service location protocol (SLP) was developed to simplify the configuration of networked clients within a local network. To configure a network client, including all required services, the administrator traditionally needs detailed knowledge of the servers available in the network. SLP makes the availability of selected services known to all clients in the local network. Applications that support SLP can use the information distributed and be configured automatically.
10.2 Activating SLP slpd must run on your system to offer services with SLP. If the machine should only operate as client, and does not offer services, it is not necessary to run slpd. Like most system services in openSUSE, the slpd daemon is controlled by means of a separate init script. After the installation, the daemon is inactive by default. To activate it temporarily, run rcslpd start as root or rcslpd stop to stop it. Perform a restart or status check with restart or status.
10.5 Providing Services via SLP Many applications in openSUSE have integrated SLP support through the use of the libslp library. If a service has not been compiled with SLP support, use one of the following methods to make it available via SLP: Static Registration with /etc/slp.reg.d Create a separate registration file for each new service.
Dynamic Registration with slptool If a service needs to be registered dynamically without the need of configuration files, use the slptool command line utility. The same utility can also be used to deregister an existing service offering without restarting slpd. 10.6 For More Information RFC 2608, 2609, 2610 RFC 2608 generally deals with the definition of SLP. RFC 2609 deals with the syntax of the service URLs used in greater detail and RFC 2610 deals with DHCP via SLP. http://www.openslp.
The Domain Name System 11 DNS (domain name system) is needed to resolve the domain names and hostnames into IP addresses. In this way, the IP address 192.168.2.100 is assigned to the hostname jupiter, for example. Before setting up your own name server, read the general information about DNS in Section 9.3, “Name Resolution” (page 167). The following configuration examples refer to BIND. 11.1 DNS Terminology Zone The domain namespace is divided into regions called zones.
(not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone. Forwarder Forwarders are DNS servers to which your DNS server should send queries it cannot answer. To enable different configuration sources in one configuration, netconfig is used (see also man 8 netconfig). Record The record is information about name and IP address. Supported records and their syntax are described in BIND documentation.
a basic server configuration. Use the expert mode to deal with more advanced configuration tasks, such as setting up ACLs, logging, TSIG keys, and other options. 11.3.1 Wizard Configuration The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode. 1 When starting the module for the first time, the Forwarder Settings dialog, shown in Figure 11.
2 The DNS Zones dialog consists of several parts and is responsible for the management of zone files, described in Section 11.6, “Zone Files” (page 233). For a new zone, provide a name for it in Name. To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the Type (master, slave, or forward). See Figure 11.2, “DNS Server Installation: DNS Zones” (page 218). Click Edit to configure other settings of an existing zone. To remove a zone, click Delete. Figure 11.
Figure 11.3 DNS Server Installation: Finish Wizard 11.3.2 Expert Configuration After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place: 11.3.2.1 Start-Up Under Start-Up, define whether the DNS server should be started when the booting the system or manually. To start the DNS server immediately, click Start DNS Server Now. To stop the DNS server, click Stop DNS Server Now.
11.3.2.2 Forwarders If your local DNS server cannot answer a request, it tries to forward the request to a Forwarder, if configured so. This forwarder may be added manually to the Forwarder List. If the forwarder is not static like in dial-up connections, netconfig handles the configuration. For more information about netconfig, see man 8 netconfig. 11.3.2.3 Basic Options In this section, set basic server options.
Figure 11.4 DNS Server: Logging 11.3.2.5 ACLs Use this dialog to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under Name, specify an IP address (with or without netmask) under Value in the following fashion: { 192.168.1/24; } The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces. 11.3.2.
To generate a TSIG key, enter a distinctive name in the field labeled Key ID and specify the file where the key should be stored (Filename). Confirm your choices with Generate. To use a previously created key, leave the Key ID field blank and select the file where it is stored under Filename. After that, confirm with Add. 11.3.2.7 DNS Zones (Adding a Slave Zone) To add a slave zone, select DNS Zones, choose the zone type Slave, write the name of the new zone, and click Add.
Figure 11.5 DNS Server: Zone Editor (Basics) Zone Editor (NS Records) The NS Records dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. See Figure 11.6, “DNS Server: Zone Editor (NS Records)” (page 224).
Figure 11.6 DNS Server: Zone Editor (NS Records) Zone Editor (MX Records) To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. See Figure 11.7, “DNS Server: Zone Editor (MX Records)” (page 225).
Figure 11.7 DNS Server: Zone Editor (MX Records) Zone Editor (SOA) This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 11.6, “The /var/lib/named/example.com.zone File” (page 233).
Figure 11.8 DNS Server: Zone Editor (SOA) Zone Editor (Records) This dialog manages name resolution. In Record Key, enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. Use the types NS and MX for detailed or partial records that expand on the information provided in the NS Records and MX Records tabs. These three types resolve to an existing A record. PTR is for reverse zones.
11.4 Starting the BIND Name Server On a openSUSE® system, the name server BIND (Berkeley Internet Name Domain) comes preconfigured so it can be started right after installation without any problems. If you already have a functioning Internet connection and have entered 127.0.0.1 as the name server address for localhost in /etc/resolv.conf, you normally already have a working name resolution without needing to know the DNS of the provider.
To use the name server of the provider (or one already running on your network) as the forwarder, enter the corresponding IP address or addresses in the options section under forwarders. The addresses included in Example 11.1, “Forwarding Options in named.conf” (page 228) are just examples. Adjust these entries to your own setup. Example 11.1 Forwarding Options in named.conf options { directory "/var/lib/named"; forwarders { 10.11.12.13; 10.11.12.14; }; listen-on { 127.0.0.1; 192.168.1.
Example 11.2 A Basic /etc/named.conf options { directory "/var/lib/named"; forwarders { 10.0.0.1; }; notify no; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "." in { type hint; file "root.hint"; }; 11.5.1 Important Configuration Options directory "filename"; Specifies the directory in which BIND can find the files containing the zone data. Usually, this is /var/lib/named.
127.0.0.1 to permit requests from the local host. If you omit this entry entirely, all interfaces are used by default. listen-on-v6 port 53 {any; }; Tells BIND on which port it should listen for IPv6 client requests. The only alternative to any is none. As far as IPv6 is concerned, the server only accepts wild card addresses. query-source address * port 53; This entry is necessary if a firewall is blocking outgoing DNS requests.
tected at start-up. Otherwise, the interval can be defined in minutes. The default is sixty minutes. notify no; no prevents other name servers from being informed when changes are made to the zone data or when the name server is restarted. For a list of available options, read the manual page man 5 named.conf. 11.5.2 Logging What, how, and where logging takes place can be extensively configured in BIND. Normally, the default settings should be sufficient. Example 11.
Example 11.5 Zone Entry for example.net zone "example.net" in { type slave; file "slave/example.net.zone"; masters { 10.0.0.1; }; }; The zone options: type master; By specifying master, tell BIND that the zone is handled by the local name server. This assumes that a zone file has been created in the correct format. type slave; This zone is transferred from another name server. It must be used together with masters. type hint; The zone . of the hint type is used to set the root name servers.
11.6 Zone Files Two types of zone files are needed. One assigns IP addresses to hostnames and the other does the reverse: it supplies a hostname for an IP address. TIP: Using the Dot (Period, Fullstop) in Zone Files The "." has an important meaning in the zone files. If hostnames are given without a final ., the zone is appended. Complete hostnames specified with a full domain name must end with a . to avoid having the domain added to it again. A missing or wrongly placed ".
Line 2: This is where the SOA (start of authority) control record begins: • The name of the domain to administer is example.com in the first position. This ends with ".", because otherwise the zone would be appended a second time. Alternatively, @ can be entered here, in which case the zone would be extracted from the corresponding entry in /etc/named.conf. • After IN SOA is the name of the name server in charge as master for this zone. The name is expanded from dns to dns.example.
Line 7: The last entry in the SOA record specifies the negative caching TTL—the time for which results of unresolved DNS queries from other servers may be cached. Line 9: The IN NS specifies the name server responsible for this domain. dns is extended to dns.example.com because it does not end with a ".". There can be several lines like this—one for the primary and one for each secondary name server. If notify is not set to no in /etc/named.
The pseudodomain in-addr.arpa is used for the reverse lookup of IP addresses into hostnames. It is appended to the network part of the address in reverse notation. So 192.168 is resolved into 168.192.in-addr.arpa. See Example 11.7, “Reverse Lookup” (page 236). Example 11.7 Reverse Lookup 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. $TTL 2D 168.192.in-addr.arpa. 1.5 100.3 253.2 IN SOA dns.example.com. root.example.com. ( 2003072441 ; serial 1D ; refresh 2H ; retry 1W ; expiry 2D ) ; minimum IN NS dns.
the "." at the end. Appending the zone to this (without the .in-addr.arpa) results in the complete IP address in reverse order. Normally, zone transfers between different versions of BIND should be possible without any problems. 11.7 Dynamic Update of Zone Data The term dynamic update refers to operations by which entries in the zone files of a master server are added, changed, or deleted. This mechanism is described in RFC 2136.
The key itself (a string like ejIkuCyyGJwwuN3xAteKgg==) is found in both files. To use it for transactions, the second file (Khost1-host2.+157+34265.key) must be transferred to the remote host, preferably in a secure way (using scp, for example). On the remote server, the key must be included in the /etc/named.conf file to enable a secure communication between host1 and host2: key host1-host2 { algorithm hmac-md5; secret "ejIkuCyyGJwwuN3xAteKgg=="; }; WARNING: File Permissions of /etc/named.
11.9 DNS Security DNSSEC, or DNS security, is described in RFC 2535. The tools available for DNSSEC are discussed in the BIND Manual. A zone considered secure must have one or several zone keys associated with it. These are generated with dnssec-keygen, just like the host keys. The DSA encryption algorithm is currently used to generate these keys. The public keys generated should be included in the corresponding zone file with an $INCLUDE rule.
12 DHCP The purpose of the Dynamic Host Configuration Protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. If you use the NetworkManager on the client side, you do not need to configure the client at all.
and serves two address ranges, 192.168.2.10 to 192.168.2.20 and 192.168.2.100 192.168.2.200. A DHCP server supplies not only the IP address and the netmask, but also the hostname, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server. 12.
Card Selection In the first step, YaST looks for the network interfaces available on your system and displays them in a list. From the list, select the interface to which the DHCP server should listen and click Select. After this, select Open Firewall for Selected Interfaces to open the firewall for this interface, and click Next. See Figure 12.1, “DHCP Server: Card Selection” (page 243). Figure 12.
Figure 12.2 DHCP Server: Global Settings Dynamic DHCP In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease.
Figure 12.3 DHCP Server: Dynamic DHCP Finishing the Configuration and Setting the Start Mode After the third part of the configuration wizard, a last dialog is shown in which you can define how the DHCP server should be started. Here, specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for testing purposes). Click Finish to complete the configuration of the server. See Figure 12.4, “DHCP Server: Start-Up” (page 245). Figure 12.
12.2 DHCP Software Packages Both the DHCP server and the DHCP clients are available for openSUSE. The DHCP server available is dhcpd (published by the Internet Systems Consortium). On the client side, choose between two different DHCP client programs: dhcp-client (also from ISC) and the DHCP client daemon in the dhcpcd package. openSUSE installs dhcpcd by default. The program is very easy to handle and is launched automatically on each system boot to watch for a DHCP server.
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd is not started. The sample file can be divided into three sections. The first one defines how many seconds an IP address is leased to a requesting client by default (default-lease-time) before it should apply for renewal.
unexpected problems with your configuration (the server aborts with an error or does not return done on start), you should be able to find out what has gone wrong by looking for information either in the main system log /var/log/messages or on console 10 (Ctrl + Alt + F10). On a default openSUSE system, the DHCP daemon is started in a chroot environment for security reasons. The configuration files must be copied to the chroot environment so the daemon can find them.
In the preceding example, a client with a network card having the MAC address 00:30:6E:08:EC:80 is assigned the IP address 192.168.2.100 and the hostname jupiter automatically. The type of hardware to enter is ethernet in nearly all cases, although token-ring, which is often found on IBM systems, is also supported. 12.3.2 The openSUSE Version To improve security, the openSUSE version of the ISC's DHCP server comes with the non-root/chroot patch by Ari Edelkind applied.
even after a restart of the syslog-ng daemon, there is an additional entry SYSLOGD_ADDITIONAL_SOCKET_DHCP in the file /etc/sysconfig/syslog. 12.4 For More Information More information about DHCP is available at the Web site of the Internet Systems Consortium (http://www.isc.org/products/DHCP/). Information is also available in the dhcpd, dhcpd.conf, dhcpd.leases, and dhcp-options man pages.
Time Synchronization with NTP 13 The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofold—maintaining the absolute time and synchronizing the system time of all machines within a network. Maintaining an exact system time is important in many situations.
13.1.1 Basic Configuration The YaST NTP client configuration (Network Services > NTP Configuration) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab. Figure 13.1 Advanced NTP Configuration: General Settings Only Manually Select Only Manually, if you want to configure everything on your own. Synchronize without Daemon On laptops and other machines that suspend automatically, select Synchronize without Daemon.
Now and On Boot Select Now and On Boot to start ntpd automatically when the system is booted. Either of 0.opensuse.pool.ntp.org, 1.opensuse.pool.ntp.org, 2.opensuse.pool.ntp.org, or 3.opensuse.pool.ntp.org is preselected. 13.1.2 Changing Basic Configuration The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add, Edit, and Delete. Display Log provides the possibility to view the log files of your client.
Server In the pull-down Select list (see Figure 13.2, “YaST: NTP Server” (page 253), determine whether to set up time synchronization using a time server from your local network (Local NTP Server) or an Internet-based time server that takes care of your time zone (Public NTP Server). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK.
local radio clock is available in /usr/share/doc/packages/ntp-doc/ refclock.html. Outgoing Broadcast Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock.
Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. Once enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.
13.3 Dynamic Time Synchronization at Runtime If the system boots without network connection, ntpd starts up, but it cannot resolve DNS names of the time servers set in the configuration file. This can happen if you use Network Manager with an encrypted WLAN. If you want ntpd to resolve DNS names at runtime, you must set the dynamic option. Then, when the network is establish some time after booting, ntpd looks up the names again and can reach the time servers to get the time. Manually edit /etc/ntp.
The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127.t.u. Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used. Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driverNN .
Sharing File Systems with NFS 14 Distributing and sharing file systems over a network is a common task in corporate environments. The well-proven network file system (NFS) works together with NIS, the yellow pages protocol. For a more secure protocol that works together with LDAP and may also use Kerberos, check NFSv4. NFS with NIS makes a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network.
NFS Client The NFS client is a system that uses NFS services from an NFS server over the Network File System protocol. The TCP/IP protocol is already integrated into the Linux kernel; there is no need to install any additional software. NFS Server The NFS server provides NFS services to clients. A running server depends on the following daemons: nfsd (worker), idmapd (user and group name mappings to IDs and vice versa), statd (file locking), and mountd (mount requests). 14.
Figure 14.1 NFS Server Configuration Tool 2 Activate the Start radio button and enter the NFSv4 Domain Name. 3 Click Enable GSS Security if you need secure access to the server. A prerequisite for this is to have Kerberos installed on your domain and to have both the server and the clients kerberized. Click Next. 4 Enter the directories to export in the upper text field. Below, enter the hosts that should have access to them. This dialog is shown in Figure 14.
Figure 14.2 Configuring an NFS Server with YaST The figure shows the scenario where NFSv4 is enabled in the previous dialog. Bindmount Targets is shown in the right pane. For more details, click Help. In the lower half of the dialog, there are four options that can be set for each host: single host, netgroups, wildcards, and IP networks. For a more thorough explanation of these options, refer to the exports man page. 5 Click Finish to complete the configuration.
14.3.1.1 Exporting for NFSv4 Clients Activate Enable NFSv4 to support NFSv4 clients. Clients with NFSv3 can still access the server's exported directories if they are exported appropriately. This is explained in detail in Section 14.3.1.3, “Coexisting v3 and v4 Exports” (page 266). After activating NFSv4, enter an appropriate domain name. Make sure the name is the same as the one in the /etc/idmapd.conf file of any NFSv4 client that accesses this particular server.
Figure 14.3 Exporting Directories with NFSv4 In the lower half of the dialog, enter the client (wild card) and export options for a particular directory. After adding a directory in the upper half, another dialog for entering the client information and options pops up automatically. After that, to add a new client or a set of clients, click Add Host. In the small dialog that opens, enter the host wild card.
the list and that /exports/data is an already existing subdirectory of /exports. Any change in the option bind=/target/path, whether addition, deletion, or change in value, is reflected in Bindmount Targets. This column is not a directly editable column, but instead summarizes directories and their nature. After all information is provided, click Finish to complete the configuration. The service will become available immediately. 14.3.1.
Figure 14.4 Exporting Directories with NFSv2 and v3 14.3.1.3 Coexisting v3 and v4 Exports NFSv3 and NFSv4 exports can coexist on a server. After enabling the support for NFSv4 in the initial configuration dialog, those exports for which fsid=0 and bind=/target/path are not included in the option list are considered v3 exports. Consider the example in Figure 14.2, “Configuring an NFS Server with YaST” (page 262).
14.3.2 Exporting File Systems Manually The configuration files for the NFS export service are /etc/exports and /etc/ sysconfig/nfs. In addition to these files, /etc/idmapd.conf is needed for the NFSv4 server configuration. To start or restart the services, run the command rcnfsserver restart. This also starts the rpc.idmapd if NFSv4 is configured in /etc/sysconfig/nfs. The NFS server depends on a running RPC portmapper. Therefore, also start or restart the portmapper service with rcrpcbind restart. 14.3.2.
When clients mount from this server, they just mount servername:/ rather than servername:/export. It is not necessary to mount servername:/data, because it will automatically appear beneath wherever servername:/ was mounted. /etc/sysconfig/nfs The /etc/sysconfig/nfs file contains a few parameters that determine NFSv4 server daemon behavior. It is important to set the parameter NFS4_SUPPORT to yes. NFS4_SUPPORT determines whether the NFS server supports NFSv4 exports and clients. /etc/idmapd.
Starting and Stopping Services After changing /etc/exports or /etc/sysconfig/nfs, start or restart the NFS server service with rcnfsserver restart. After changing /etc/idmapd .conf, reload the configuration file with the command killall -HUP rpc.idmapd. If the NFS service needs to start at boot time, run the command chkconfig nfsserver on. 14.3.2.2 Exporting File Systems with NFSv2 and NFSv3 This section is specific to NFSv3 and NFSv2 exports. Refer to Section 14.3.1.
server to use this feature. YaST does not set up the server but just uses the provided functionality. If you want to use Kerberos authentication in addition to the YaST configuration, complete at least the following steps before running the NFS configuration: 1 Make sure that both the server and the client are in the same Kerberos domain. They must access the same KDC (Key Distribution Center) server and share their krb5 .keytab file (the default location on any machine is /etc/krb5.keytab).
The configuration is written to /etc/fstab and the specified file systems are mounted. When you start the YaST configuration client at a later time, it also reads the existing configuration from this file. Figure 14.5 NFS Client Configuration with YaST 14.4.2 Importing File Systems Manually The prerequisite for importing file systems manually from an NFS server is a running RPC port mapper. Start it by entering rcrpcbind start as root.
14.4.2.1 Using the Automount Service The autofs daemon can be used to mount remote file systems automatically. Add the following entry in the your /etc/auto.master file: /nfsmounts /etc/auto.nfs Now the /nfsmounts directory acts as the root for all the NFS mounts on the client if the auto.nfs file is filled appropriately. The name auto.nfs is chosen for the sake of convenience—you can choose any name. In auto.
Note, that if you do not enter the noauto option, the initialization scripts of the system will handle the mount of those file systems at start up. 14.5 For More Information In addition to the man pages of exports, nfs, and mount, information about configuring an NFS server and client is available in /usr/share/doc/packages/ nfsidmap/README. For further documentation online refer to the following Web sites: • Find the detailed technical documentation online at SourceForge [http://nfs .sourceforge.net/].
15 Samba Using Samba, a Unix machine can be configured as a file and print server for Mac OS X, Windows, and OS/2 machines. Samba has developed into a fully-fledged and rather complex product. Configure Samba with YaST, SWAT (a Web interface), or by editing the configuration file manually. 15.1 Terminology The following are some terms used in Samba documentation and in the YaST module. SMB protocol Samba uses the SMB (server message block) protocol that is based on the NetBIOS services.
reserve names for themselves. After reservation, these machines can be addressed by name. There is no central process that checks names. Any machine on the network can reserve as many names as it wants as long as the names are not already in use. The NetBIOS interface can be implemented for different network architectures. An implementation that works relatively closely with network hardware is called NetBEUI, but this is often referred to as NetBIOS.
15.2 Installing a Samba Server To install a Samba server, start YaST and select Software > Software Management. Choose Filter > Patterns and select File Server. Confirm the installation of the required packages to finish the installation process. 15.3 Starting and Stopping Samba You can start or stop the Samba server automatically (during boot) or manually. Starting and stopping policy is a part of the YaST Samba server configuration described in Section 15.4.
The Samba Installation dialog consists of two steps and optional detailed settings: Workgroup or Domain Name Select an existing name from Workgroup or Domain Name or enter a new one and click Next. Samba Server Type In the next step, specify whether your server should act as a primary domain controller (PDC), backup domain controller (BDC), or not to act as a domain controller at all. Continue with Next. Start-Up Select whether you want to start Samba During Boot or Manually and click OK.
Shares In the Shares tab, determine the Samba shares to activate. There are some predefined shares, like homes and printers. Use Toggle Status to switch between Active and Inactive. Click Add to add new shares and Delete to delete the selected share. Allow Users to Share Their Directories enables members of the group in Permitted Group to share directories they own with other users. For example, users for a local scope or DOMAIN\Users for a domain scope.
15.4.2 Web Administration with SWAT An alternative tool for Samba server administration is SWAT (Samba Web Administration Tool). It provides a simple Web interface with which to configure the Samba server. To use SWAT, open http://localhost:901 in a Web browser and log in as user root. If you do not have a special Samba root account, use the system root account. NOTE: Activating SWAT After Samba server installation, SWAT is not activated.
os level = 20 This parameter triggers whether your Samba server tries to become LMB (local master browser) for its workgroup. With the Samba 3 release series, it is seldom necessary to override the default setting (20). Choose a very low value such as 2 to spare the existing Windows network from any disturbances caused by a misconfigured Samba server.
Example 15.1 A CD-ROM Share (deactivated) ;[cdrom] ; comment = Linux CD-ROM ; path = /media/cdrom ; locking = No [cdrom] and comment The [cdrom] section entry is the name of the share that can be seen by all SMB clients on the network. An additional comment can be added to further describe the share. path = /media/cdrom path exports the directory /media/cdrom. By means of a very restrictive default configuration, this kind of share is only made available to the users present on this system.
valid users = %S %S is replaced with the concrete name of the share as soon as a connection has been successfully established. For a [homes] share, this is always the username. As a consequence, access rights to a user's share are restricted exclusively to that user. browseable = No This setting makes the share invisible in the network environment. read only = No By default, Samba prohibits write access to any exported share by means of the read only = Yes parameter.
Server Level Security (security = server) To its clients, Samba pretends to be working in user level mode. However, it passes all password queries to another user level mode server, which takes care of authentication. This setting requires the additional password server parameter. ADS Level Security (security = ADS) In this mode, Samba will act as a domain member in an Active Directory environment. To operate in this mode, the machine running Samba needs Kerberos installed and configured.
for Linux Authentication, the user authentication runs over the Samba, NT or Kerberos server. Click Expert Settings for advanced configuration options. For example, use the Mount Server Directories table to enable mounting server home directory automatically with authentication. This way users will be able to access their home directories when hosted on CIFS. For details, see the the pam_mount man page. After completing all settings, confirm the dialog to finish the configuration. 15.
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \ -s /bin/false %m\$ To make sure that Samba can execute this script correctly, choose a Samba user with the required administrator permissions and add it to the ntadmin group.
16 The Apache HTTP Server With a share of more than 50%, the Apache HTTP Server (Apache) is the world's most widely-used Web server according to the survey from http://www.netcraft .com/. Apache, developed by the Apache Software Foundation (http://www .apache.org/), is available for most operating systems. openSUSE® includes Apache version 2.2. In this chapter, learn how to install, configure and set up a Web server; how to use SSL, CGI, and additional modules; and how to troubleshoot Apache. 16.
3. The latest security updates are installed. If in doubt, run a YaST Online Update. 4. The default Web server port (80) is opened in the firewall. For this, configure the SuSEFirewall2 to allow the service HTTP Server in the external zone. This can be done using YaST. See Section “Configuring the Firewall with YaST” (Chapter 13, Masquerading and Firewalls, ↑Security Guide) for details. 16.1.2 Installation Apache on openSUSE is not installed by default.
The Web server starts immediately. 4 Save your changes with Finish. The system is configured to automatically start Apache in runlevels 3 and 5 during boot. To manually start Apache using the shell, run rcapache2 start. Procedure 16.3 Checking if Apache is Running If you do not receive error messages when starting Apache, this usually indicates that the Web server is running. To test this: 1 Start a browser and open http://localhost/. If Apache is up and running, you get a test page stating “It works!”.
of the restart options as described in Section 16.3, “Starting and Stopping Apache” (page 304). If you configure Apache with YaST, this can be taken care of automatically if you set HTTP Service to Enabled as described in Section 16.2.3.2, “HTTP Server Configuration” (page 302). 16.2.1 Apache Configuration Files This section gives an overview of the Apache configuration files.
||| | | |||||||||||| | | | | ||| charset.conv conf.d/ | |- *.conf default-server.conf errors.conf httpd.conf listen.conf magic mime.types mod_*.conf server-tuning.conf ssl.* ssl-global.conf sysconfig.d | |- global.conf |- include.conf |- loadmodule.conf . . uid.conf vhosts.d |- *.conf Apache Configuration Files in /etc/apache2/ charset.conv Specifies which character sets to use for different languages. Do not edit this file. conf.d/*.conf Configuration files added by other modules.
httpd.conf The main Apache server configuration file. Avoid changing this file. It primarily contains include statements and global settings. Overwrite global settings in the pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration. listen.conf Binds Apache to specific IP addresses and ports. Name-based virtual hosting is also configured here. For details, see Section “Name-Based Virtual Hosts” (page 294).
uid.conf Specifies under which user and group ID Apache runs. Do not change this file. vhosts.d/*.conf Your virtual host configuration should be located here. The directory contains template files for virtual hosts with and without SSL. Every file in this directory ending with .conf is automatically included in the Apache configuration. Refer to Section 16.2.2.1, “Virtual Host Configuration” (page 293) for details. 16.2.
TIP: Always Create a Virtual Host Configuration It is recommended to always create a virtual host configuration file, even if your Web server only hosts one domain. By doing so, you not only have the domain-specific configuration in one file, but you can always fall back to a working basic configuration by simply moving, deleting, or renaming the configuration file for the virtual host. For the same reason, you should also create separate configuration files for each virtual host.
The wild card * can be used for both the IP address and the port number to receive requests on all interfaces. IPv6 addresses must be enclosed in square brackets. Example 16.1 Variations of Name-Based VirtualHost Entries # NameVirtualHost IP-address[:Port] NameVirtualHost 192.168.3.100:80 NameVirtualHost 192.168.3.
IP-Based Virtual Hosts This alternative virtual host configuration requires the setup of multiple IPs for a machine. One instance of Apache hosts several domains, each of which is assigned a different IP. The physical server must have one IP address for each IP-based virtual host. If the machine does not have multiple network cards, virtual network interfaces (IP aliasing) can also be used. The following example shows Apache running on a machine with the IP 192.168.3.
DocumentRoot Path to the directory from which Apache should serve files for this host. For security reasons, access to the entire file system is forbidden by default, so you must explicitly unlock this directory within a Directory container. ServerAdmin E-mail address of the server administrator. This address is, for example, shown on error pages Apache creates. ErrorLog The error log file for this virtual host.
16.2.3 Configuring Apache with YaST To configure your Web server with YaST, start YaST and select Network Services > HTTP Server. When starting the module for the first time, the HTTP Server Wizard starts, prompting you to make a few basic decisions concerning administration of the server. After having finished the wizard, the HTTP Server Configuration dialog starts each time you call the HTTP Server module. For more information, see Section 16.2.3.2, “HTTP Server Configuration” (page 302). 16.2.3.
Default Host This option pertains to the default Web server. As explained in Section 16.2.2.1, “Virtual Host Configuration” (page 293), Apache can serve multiple virtual hosts from a single physical machine. The first declared virtual host in the configuration file is commonly referred to as the default host. Each virtual host inherits the default host's configuration. To edit the host settings (also called directives), choose the appropriate entry in the table then click Edit.
Alias With the help of Alias directives, URLs can be mapped to physical file system locations. This means that a certain path even outside the Document Root in the file system can be accessed via a URL aliasing that path. The default openSUSE Alias /icons points to /usr/share/apache2/ icons for the Apache icons displayed in the directory index view. ScriptAlias Similar to the Alias directive, the ScriptAlias directive maps a URL to a file system location.
After finishing with the Default Host step, click Next to continue with the configuration. Virtual Hosts In this step, the wizard displays a list of already configured virtual hosts (see Section 16.2.2.1, “Virtual Host Configuration” (page 293)). If you have not made manual changes prior to starting the YaST HTTP wizard, no virtual host is present.
Figure 16.2 HTTP Server Wizard: Summary 16.2.3.2 HTTP Server Configuration The HTTP Server Configuration dialog also lets you make even more adjustments to the configuration than the wizard (which only runs if you configure your Web server for the first time). It consists of four tabs described in the following. No configuration option you change here is effective immediately—you always must confirm your changes with Finish to make them effective.
faces, click Firewall Details... to specify on which interface(s) the port(s) should be opened. With Log Files, watch either the access log or the error log. This is useful if you want to test your configuration. The log file opens in a separate window from which you can also restart or reload the Web server. For details, see Section 16.3, “Starting and Stopping Apache” (page 304). These commands are effective immediately and their log messages are also displayed immediately. Figure 16.
Figure 16.4 HTTP Server Configuration: Server Modules Main Host or Hosts These dialogs are identical to the ones already described. Refer to Section “Default Host” (page 299) and Section “Virtual Hosts” (page 301). 16.3 Starting and Stopping Apache If configured with YaST as described in Section 16.2.3, “Configuring Apache with YaST” (page 298), Apache is started at boot time in runlevels 3 and 5 and stopped in runlevels 0, 1, 2, and 6.
status Checks if Apache is started. start Starts Apache if it is not already running. startssl Starts Apache with SSL support if it is not already running. For more information about SSL support, refer to Section 16.6, “Setting Up a Secure Web Server with SSL” (page 317). stop Stops Apache by terminating the parent process. restart Stops and then restarts Apache. Starts the Web server if it was not running before. try-restart Stops then restarts Apache only if it is already running.
GracefulShutdownTimeout needs to be set, otherwise restart-graceful will result in a regular restart. If set to zero, the server will wait indefinitely until all remaining requests have been fully served. A graceful restart can fail if the original Apache instance is not able to clear all necessary resources. In this case, the command will result in a graceful stop.
TIP: Additional Flags If you specify additional flags to the rcapache2, these are passed through to the Web server. 16.4 Installing, Activating, and Configuring Modules The Apache software is built in a modular fashion: all functionality except some core tasks are handled by modules. This has progressed so far that even HTTP is processed by a module (http_core). Apache modules can be compiled into the Apache binary at build time or dynamically loaded at runtime. Refer to Section 16.4.
16.4.1 Module Installation If you have done a default installation as described in Section 16.1.2, “Installation” (page 288), the following modules are already installed: all base and extension modules, the multiprocessing module Prefork MPM, and the external modules mod_php5 and mod_python. You can install additional external modules by starting YaST and choosing Software > Software Management. Now choose Filter > Search and search for apache.
http://httpd.apache.org/docs/2.2/mod/ to learn details about each module. mod_actions Provides methods to execute a script whenever a certain MIME type (such as application/pdf), a file with a specific extension (like .rpm), or a certain request method (such as GET) is requested. This module is enabled by default. mod_alias Provides Alias and Redirect directives with which you can map a URl to a specific directory (Alias) or redirect a requested URL to another location. This module is enabled by default.
mod_deflate Using this module, Apache can be configured to compress given file types on the fly before delivering them. mod_dir mod_dir provides the DirectoryIndex directive with which you can configure which files are automatically delivered when a directory is requested (index .html by default). It also provides an automatic redirect to the correct URL when a directory request does not contain a trailing slash. This module is enabled by default.
mod_negotiation Necessary for content negotiation. See http://httpd.apache.org/docs/ 2.2/content-negotiation.html for more information. This module is enabled by default. mod_rewrite Provides the functionality of mod_alias, but offers more features and flexibility. With mod_rewrite, you can redirect URLs based on multiple rules, request headers, and more. mod_setenvif Sets environment variables based on details of the client's request, such as the browser string the client sends, or the client's IP address.
16.4.4 Multiprocessing Modules openSUSE provides two different multiprocessing modules (MPMs) for use with Apache: • Prefork MPM (page 312) • Section 16.4.4.2, “Worker MPM” (page 312) 16.4.4.1 Prefork MPM The prefork MPM implements a nonthreaded, preforking Web server. It makes the Web server behave similarly to Apache version 1.x. In this version it isolates each request and handles it by forking a separate child process. Thus problematic requests cannot affect others, avoiding a lockup of the Web server.
Apache is that not all available Apache modules are thread-safe and thus cannot be used in conjunction with the worker MPM. WARNING: Using PHP Modules with MPMs Not all available PHP modules are thread-safe. Using the worker MPM with mod_php is strongly discouraged. 16.4.5 External Modules Find a list of all external modules shipped with openSUSE here. Find the module's documentation in the listed directory.
Package Name: apache2-mod_php5 Configuration File: /etc/apache2/conf.d/php5.conf More Information: /usr/share/doc/packages/apache2-mod_php5 mod_python mod_python allows embedding Python within the Apache HTTP server for a considerable boost in performance and added flexibility in designing Web-based applications. Package Name: apache2-mod_python More Information: /usr/share/doc/packages/apache2-mod_python mod_tidy mod_tidy validates each outgoing HTML page by means of the TidyLib.
• /usr/sbin/apxs2-prefork—suitable for prefork MPM modules. The installation location is /usr/lib/apache2-prefork. • /usr/sbin/apxs2-worker—suitable for worker MPM modules. The installation location is /usr/lib/apache2-worker. Install and activate a module from source code with the following commands: cd /path/to/module/source; apxs2 -cia mod_foo.c where -c compiles the module, -i installs it, and -a activates it. Other options of apxs2 are described in the apxs2(1) man page. 16.
Example 16.5 VirtualHost CGI Configuration ScriptAlias /cgi-bin/ "/srv/www/www.example.com/cgi-bin/"❶ Options +ExecCGI❷ AddHandler cgi-script .cgi .pl❸ Order allow,deny❹ Allow from all ❶ Tells Apache to handle all files within this directory as CGI scripts. ❷ Enables CGI script execution ❸ Tells the server to treat files with the extensions .pl and .cgi as CGI scripts. Adjust according to your needs.
Now call http://localhost/cgi-bin/test.cgi or http://www.example.com/cgi-bin/test.cgi. You should see the “CGI/1.0 test script report”. 16.5.3 CGI Troubleshooting If you do not see the output of the test program but an error message instead, check the following: CGI Troubleshooting • Have you reloaded the server after having changed the configuration? Check with rcapache2 probe.
is established. Data integrity is ensured and client and server are able to authenticate each other. For this purpose, the server sends an SSL certificate that holds information proving the server's valid identity before any request to a URL is answered. In turn, this guarantees that the server is the uniquely correct end point for the communication.
TIP: For More Information To learn more about concepts and definitions of SSL/TSL, refer to http:// httpd.apache.org/docs/2.2/ssl/ssl_intro.html. 16.6.1.1 Creating a “Dummy” Certificate Generating a dummy certificate is simple. Just call the script /usr/bin/gensslcert. It creates or overwrites the files listed below. Make use of gensslcert's optional switches to fine-tune the certificate. Call /usr/bin/gensslcert -h for more information. • /etc/apache2/ssl.crt/ca.crt • /etc/apache2/ssl.crt/server.
/usr/sbin/ custom. Do not attempt to run this command from outside this directory. The program provides a series of prompts, some of which require user input. Procedure 16.4 Creating a Self-Signed Certificate with mkcert.sh 1 Decide the signature algorithm used for certificates Choose RSA (R, the default), because some older browsers have problems with DSA. 2 Generating RSA private key for CA (1024 bit) No interaction needed. 3 Generating X.
IMPORTANT: Selecting a Common Name The common name you enter here must be the fully qualified hostname of your secure server (for example, www.example.com). Otherwise the browser issues a warning that the certificate does not match the server when accessing the Web server. 7 Generating X.509 certificate signed by own CA Choose certificate version 3 (the default).
of known and trusted CAs in their Web browsers. Otherwise a browser complains that the certificate was issued by an unknown authority. The certificate is valid for one year. IMPORTANT: Self-Signed Certificates Only use a self-signed certificate on a Web server that is accessed by people who know and trust you as a certificate authority. It is not recommended to use such a certificate for a public shop, for example. 16.6.1.
16.6.2 Configuring Apache with SSL The default port for SSL and TLS requests on the Web server side is 443. There is no conflict between a “regular” Apache listening on port 80 and an SSL/TLS-enabled Apache listening on port 443. In fact, HTTP and HTTPS can be run with the same Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80 and port 443 to separate virtual servers.
16.6.2.1 Name-Based Virtual Hosts and SSL By default it is not possible to run multiple SSL-enabled virtual hosts on a server with only one IP address. Name-based virtual hosting requires that Apache knows which server name has been requested. The problem with SSL connections is, that such a request can only be read after the SSL connection has already been established (by using the default virtual host).
16.7 Avoiding Security Problems A Web server exposed to the public Internet requires an ongoing administrative effort. It is inevitable that security issues appear, both related to the software and to accidental misconfiguration. Here are some tips for how to deal with them. 16.7.1 Up-to-Date Software If there are vulnerabilities found in the Apache software, a security advisory will be issued by SUSE.
16.7.3 File System Access By default, access to the whole file system is denied in /etc/apache2/httpd .conf. You should never overwrite these directives, but specifically enable access to all directories Apache should be able to read. For details, see Section “Basic Virtual Host Configuration” (page 296). In doing so, ensure that no critical files, such as password or system configuration files, can be read from the outside. 16.7.
16.8 Troubleshooting If Apache does not start, the Web page is not accessible, or users cannot connect to the Web server, it is important to find the cause of the problem. Here are some typical places to look for error explanations and important things to check: Output of rcapache2 Instead of starting and stopping the Web server with the binary /usr/sbin/ httpd2, rather use the rcapache2 script instead (described in Section 16.3, “Starting and Stopping Apache” (page 304)).
16.9 For More Information The package apache2-doc contains the complete Apache manual in various localizations for local installation and reference. It is not installed by default—the quickest way to install it is to use the command zypper in apache2-doc. Once installed, the Apache manual is available at http://localhost/manual/. You may also access it on the Web at http://httpd.apache.org/docs-2.2/. SUSE-specific configuration hints are available in the directory /usr/share/doc/packages/ apache2/README.*.
mod_tidy http://mod-tidy.sourceforge.net/ 16.9.3 Development More information about developing Apache modules or about getting involved in the Apache Web server project are available at the following locations: Apache Developer Information http://httpd.apache.org/dev/ Apache Developer Documentation http://httpd.apache.org/docs/2.2/developer/ Writing Apache Modules with Perl and C http://www.modperl.com/ 16.9.
Setting up an FTP server with YaST 17 Using the YaST FTP Server module, you can configure your machine to function as an FTP (File Transfer Protocol) server. Anonymous and/or authenticated users can connect to your machine and download files using the FTP protocol. Depending on the configuration, they can also upload files to the FTP server. YaST provides a unified configuration interface for various FTP server daemons installed on your system.
1 Open YaST Control Center and choose Network Services > FTP Server or run the yast2 ftp-server command as root. 2 If there is not any FTP server installed in your system, you will be asked which server to install when the YaST FTP Server module starts. Choose a server (vsftpd is the standard server for openSUSE) and confirm the dialog. If there are two servers installed, choose the preferred server and click OK. 3 In the Start-Up dialog, configure the options for starting of the FTP server.
Settings and Restart FTP Now. Your configurations will be saved by leaving the configuration module with Finish. The Selected Service frame of the FTP Start-Up dialog shows which FTP server is used: either vsftpd or pure-ftpd. If both servers are installed, you can switch between them—the current configuration will automatically be converted. The pure-ftpd package is not included in the standard openSUSE media so you have to install it from a different installation source if you want to use it. Figure 17.
You can limit permissions of files created by anonymous and/or authenticated users with umask. Set the file creation mask for anonymous users in Umask for Anonymous and the file creation mask for authenticated users in Umask for Authenticated Users. The masks should be entered as octal numbers with a leading zero. For more information about umask, see the umask man page (man 1p umask). In the FTP Directories frame set the directories used for anonymous and authorized users.
between the following options: granting access to anonymous users only, to authenticated users only (with accounts on the system) or to both types of users. If you want to allow users to upload files to the FTP server, check Enable Upload in the Uploading frame of the Authentication dialog. Here you are able to allow uploading or creating directories even for anonymous users by checking the respective box.
Part IV.
Mobile Computing with Linux 18 Mobile computing is mostly associated with laptops, PDAs and cellular phones (and the data exchange between them). Mobile hardware components, such as external hard disks, flash drives, or digital cameras, can be connected to laptops or desktop systems. A number of software components are involved in mobile computing scenarios and some applications are tailor-made for mobile use. 18.1 Laptops The hardware of laptops differs from that of a normal desktop system.
18.1.1 Power Conservation The inclusion of energy-optimized system components during laptop manufacturing contributes to their suitability for use without access to the electrical power grid. Their contribution towards conservation of power is at least as important as that of the operating system. openSUSE® supports various methods that influence the power consumption of a laptop and have varying effects on the operating time under battery power.
Figure 18.1 Integrating a Mobile Computer in an Existing Environment The services affected in the case of a laptop commuting back and forth between a small home network and an office network are: Network This includes IP address assignment, name resolution, Internet connectivity and connectivity to other networks. Printing A current database of available printers and an available print server must be present, depending on the network.
openSUSE offers several ways of integrating laptops into existing operating environments: NetworkManager NetworkManager is especially tailored for mobile networking on laptops. It provides a means to easily and automatically switch between network environments or different types of networks such as mobile broadband (such as GPRS, EDGE, or 3G), wireless LAN, and Ethernet. NetworkManager supports WEP and WPA-PSK encryption in wireless LANs. It also supports dial-up connections (with smpppd).
SLP The service location protocol (SLP) simplifies the connection of a laptop to an existing network. Without SLP, the administrator of a laptop usually requires detailed knowledge of the services available in a network. SLP broadcasts the availability of a certain type of service to all clients in a local network. Applications that support SLP can process the information dispatched by SLP and be configured automatically.
default. Process Table gives detailed information about currently running processes, such as CPU load, memory usage, or process ID number and nice value. The presentation and filtering of the collected data can be customized — to add a new type of process information, left-click on the process table header and choose which column to hide or add to the view. It is also possible to monitor different system parameters in various data pages or collect the data of various machines in parallel over the network.
18.1.3.3 Wireless Communication As well as connecting to a home or office network with a cable, a laptop can also use wireless connection to access other computers, peripherals, cellular phones or PDAs. Linux supports three types of wireless communication: WLAN With the largest range of these wireless technologies, WLAN is the only one suitable for the operation of large and sometimes even spatially separate networks.
Protection against Theft Always physically secure your system against theft whenever possible. Various securing tools (like chains) are available in retail stores. Strong Authentication Use biometric authentication in addition to standard authentication via login and password. openSUSE supports fingerprint authentication. For more details, see Chapter 7, Using the Fingerprint Reader (↑Security Guide).
External Hard Disks (USB and FireWire) As soon as an external hard disk is correctly recognized by the system, its icon appears in the file manager. Clicking the icon displays the contents of the drive. It is possible to create folders and files here and edit or delete them. To rename a hard disk from the name it had been given by the system, select the corresponding menu item from the menu that opens when the icon is right-clicked. This name change is limited to display in the file manager.
18.4 For More Information The central point of reference for all questions regarding mobile devices and Linux is http://tuxmobil.org/. Various sections of that Web site deal with the hardware and software aspects of laptops, PDAs, cellular phones and other mobile hardware. A similar approach to that of http://tuxmobil.org/ is made by http://www .linux-on-laptops.com/. Information about laptops and handhelds can be found here. SUSE maintains a mailing list in German dedicated to the subject of laptops.
19 Power Management Power management is especially important on laptop computers, but is also useful on other systems. ACPI (Advanced Configuration and Power Interface) is available on all modern computers (laptops, desktops, and servers). Power management technologies require suitable hardware and BIOS routines. Most laptops and many modern desktops and servers meet these requirements. It is also possible to control CPU frequency scaling to save power or decrease noise. 19.
Hibernation (suspend to disk) In this operating mode, the entire system state is written to the hard disk and the system is powered off. There must be a swap partition at least as big as the RAM to write all the active data. Reactivation from this state takes about 30 to 90 seconds. The state prior to the suspend is restored. Some manufacturers offer useful hybrid variants of this mode, such as RediSafe in IBM Thinkpads. The corresponding ACPI state is S4.
.msg. See Section 19.2.3, “Troubleshooting” (page 354) for more information about troubleshooting ACPI problems. 19.2.1 Controlling the CPU Performance The CPU can save energy in three ways: • Frequency and Voltage Scaling (page 351) • Throttling the Clock Frequency (T-states) (page 353) • Putting the Processor to Sleep (C-states) (page 353) Depending on the operating mode of the computer, these methods can be combined.
There are two main approaches to performing CPU frequency scaling—by the kernel itself (CPUfreq infrastructure with in-kernel governors) or by a userspace application. The in-kernel governors are policy governors that can change the CPU frequency based on different criteria (a sort of pre-configured power schemes for the CPU). The following governors are available with the CPUfreq subsystem: Performance Governor The CPU frequency is statically set to the highest possible for maximum performance.
19.2.1.2 Throttling the Clock Frequency (T-states) This technology omits a certain percentage of the clock signal impulses for the CPU. At 25% throttling, every fourth impulse is omitted. At 87.5%, only every eighth impulse reaches the processor. However, the energy savings are a little less than linear. Normally, throttling is only used if frequency scaling is not available or to maximize power savings. This technology must be controlled by a special process, as well.
essary high power consumption (for example, processes that are mainly responsible for waking up a processor from its idle state) and to optimize your system settings to avoid these. It supports both Intel and AMD processors. For detailed information, refer to the powerTOP project page at http://www.lesswatts.org/projects/ powertop/.
WARNING: Problems Booting without ACPI Some newer machines (especially SMP systems and AMD64 systems) need ACPI for configuring the hardware correctly. On these machines, disabling ACPI can cause problems. Sometimes, the machine is confused by hardware that is attached over USB or FireWire. If a machine refuses to boot, unplug all unneeded hardware and try again.
19.3 Rest for the Hard Disk In Linux, the hard disk can be put to sleep entirely if it is not needed or it can be run in a more economic or quieter mode. On modern laptops, you do not need to switch off the hard disks manually, because they automatically enter an economic operating mode whenever they are not needed. However, if you want to maximize power savings, test some of the following methods, using the hdparm command. It can be used to modify various hard disk settings.
/proc/sys/vm/dirty_background_ratio Maximum percentage of dirty pages until pdflush begins to write them. Default is 5%. /proc/sys/vm/dirty_ratio When the dirty page exceeds this percentage of the total memory, processes are forced to write dirty buffers during their time slice instead of continuing to write. WARNING: Impairment of the Data Integrity Changes to the pdflush daemon settings endanger the data integrity.
19.4.1 ACPI Activated with Hardware Support but Functions Do Not Work If you experience problems with ACPI, search the output of dmesg for ACPI-specific messages by using the command dmesg|grep -i acpi. A BIOS update may be required to resolve the problem. Go to the home page of your laptop manufacturer, look for an updated BIOS version, and install it. Ask the manufacturer to comply with the latest ACPI specification.
19.4.2 CPU Frequency Does Not Work Refer to the kernel sources to see if your processor is supported. You may need a special kernel module or module option to activate CPU frequency control. If the kernel-source package is installed, this information is available in /usr/src/ linux/Documentation/cpu-freq/*. 19.4.3 Suspend and Standby Do Not Work ACPI systems may have problems with suspend and standby due to a faulty DSDT implementation (BIOS). If this is the case, update the BIOS.
• http://wiki.opensuse.org/SDB:Suspend_to_RAM—How to get Suspend to RAM working • http://old-en.opensuse.
20 Wireless LAN Wireless LANs, or Wireless Local Area Network (WLANs), have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. This chapter describes how to set up a WLAN card with YaST, encrypt transmissions, and use tips and tricks. Alternatively, you can configure and manage WLAN access with NetworkManager. For details, refer to Chapter 21, Using NetworkManager (page 379). 20.1 WLAN Standards WLAN cards communicate using the 802.
Name Band (GHz) Maximum Transmission Rate (Mbit/s) Note 802.11b 2.4 11 Less common 802.11g 2.4 54 Widespread, backwardscompatible with 11b 802.11n 2.4 and/or 5 300 Common 802.11 Legacy cards are not supported by openSUSE®. Most cards using 802.11a, 802.11b, 802.11g and 802.11n are supported. New cards usually comply with the 802.11n standard, but cards using 802.11g are still available. 20.
Master Mode In master mode your network card is used as the access point. It works only if your WLAN card supports this mode. Find out the details of your WLAN card on http://linux-wless.passys.nl. 20.3 Authentication Because a wireless network is much easier to intercept and compromise than a wired network, the various standards include authentication and encryption methods. In the original version of the IEEE 802.11 standard, these are described under the term WEP (Wired Equivalent Privacy).
WPA-PSK (or WPA-Personal, according to IEEE 802.1x) WPA-PSK (PSK stands for preshared key) works similarly to the Shared Key procedure. All participating stations as well as the access point need the same key. The key is 256 bits in length and is usually entered as a passphrase. This system does not need a complex key management like WPA-EAP and is more suitable for private use. Therefore, WPA-PSK is sometimes referred to as WPA “Home”. WPA-EAP (or WPA-Enterprise, according to IEEE 802.
However, this standard has some weaknesses. Attacks against the keys generated by this system may be successful. Nevertheless, it is better to use WEP than to not encrypt the network at all. Some vendors have implemented the non-standard “Dynamic WEP”. It works exactly as WEP and shares the same weaknesses, except that the key is periodically changed by a key management service. TKIP (defined in WPA/IEEE 802.
IP Address Use either a static IP address or let a DHCP server dynamically assign an IP address to the interface. Operating Mode Defines how to integrate your machine into a WLAN, depending on the network topology. For background information, refer to Section 20.2, “Operating Modes” (page 362). Network Name (ESSID) Unique string identifying a network.
20.5.2 Configuration for Access Points In this section, learn how to configure your WLAN card to connect to an (external) access point or how to use your WLAN card as access point if your WLAN card supports this. For configuration of networks without an access point, refer to Section 20.5.3, “Establishing an Ad-Hoc Network” (page 371). Procedure 20.1 Configuring Your WLAN Card for Using an Access Point 1 Start YaST and open the Network Settings dialog.
NOTE: WPA Authentication Requires an ESSID If you select WPA authentication, a network name (ESSID) must be set. 8 Select an Authentication Mode for your network. Which mode is suitable, depends on your WLAN card's driver and the ability of the other devices in the network. 9 If you have chosen to set the Authentication Mode to No Encryption, finish the configuration by clicking Next.
For WEP, usually only key is needed—however, up to 4 different WEP keys can be defined for your station. One of them needs to be set as the default key and is used for encryption. The others are used for decryption. Per default, a key length of 128-bit is used, but you can also choose to set the length to 64-bit. For higher security, WPA-EAP uses a RADIUS server to authenticate users. For authentication at the server, three different methods are available: TLS, TTLS and PEAP.
2 To enter a key for WPA-PSK: 2a Select the input method Passphrase or Hexadecimal. 2b Enter the respective Encryption Key. In the Passphrase mode, the input must be 8 to 63 characters. In the Hexadecimal mode, enter 64 characters. 3 If you have chosen WPA-EAP authentication, click Next to switch to the WPA-EAP dialog, where you enter the credentials and certificates you have been given by your network administrator. 3a Select the EAP Mode the RADIUS server uses for authentication.
20.5.3 Establishing an Ad-Hoc Network In some cases it is useful to connect two computers equipped with a WLAN card. To establish an ad-hoc network with YaST, do the following: 1 Start YaST and open the Network Settings dialog. 2 Switch to the Overview tab, choose your wireless card from the list and click Edit to open the Network Card Setup dialog. 3 Choose Statically assigned IP Address and enter the following data: • IP Address: 192.168.1.1. Change this address on the second computer to 192.168.1.
10 Configure the other WLAN cards in the network accordingly, using the same Network Name (ESSID), the same Authentication Mode but different IP addresses. 20.5.4 Setting Additional Configuration Parameters Usually there is no need to change the preconfigured settings when configuring your WLAN card. However, if you need detailed configuration of your WLAN connection, YaST allows you to tweak the following settings: Channel The specification of a channel on which the WLAN station should work.
4 Click Expert Settings. 5 In Ad-hoc mode, select one of the offered channels (11 to 14, depending on your country) for the communication of your station with the other stations. In Master mode, determine on which Channel your card should offer access point functionality. The default setting for this option is Auto. 6 Select the Bit Rate to use. 7 Enter the MAC address of the Access Point you want to connect to. 8 Choose if to Use Power Management or not.
20.6.2 Stability and Speed The performance and reliability of a wireless network mainly depend on whether the participating stations receive a clear signal from the other stations. Obstructions like walls greatly weaken the signal. The more the signal strength sinks, the more the transmission slows down. During operation, check the signal strength with the iwconfig utility on the command line (Link Quality field) or with the NetworkManager applets provided by KDE or GNOME.
Use strong passwords for your authentication method. For example, the Web page https://www.grc.com/passwords.htm generates random 64 character passwords. 20.7 Troubleshooting If your WLAN card is not automatically detected, check whether it is supported by openSUSE. A list of supported WLAN network cards is available under http://en .opensuse.org/HCL:Network_(Wireless). If your card is not supported, it may be possible to make it work using the Microsoft Windows drivers with Ndiswrapper.
You can also get the previous information with the iwlist command. For example, the following line displays the current bit rate: iwlist wlan0 rate wlan0 unknown bit-rate information. Current Bit Rate=54 Mb/s If you want an overview how many access points are available, it can also be done with the iwlist command. It gives you a list of “cells” which looks like this: iwlist wlan0 scanning wlan0 Scan completed: Cell 01 - Address: 00:11:22:33:44:55 Channel:40 Frequency:5.
20.8 For More Information More information can be found on the following pages: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ Wireless.html The Internet pages of Jean Tourrilhes, who developed the Wireless Tools for Linux, present a wealth of useful information about wireless networks. tuxmobil.org Useful hands-on information about mobile computers under Linux. http://www.linux-on-laptops.com More information about Linux on laptops. http://en.opensuse.
21 Using NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. It supports state-of-the-art encryption types and standards for network connections, including connections to 802.1X protected networks. 802.1X is the “IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control”. With NetworkManager, you do not need to worry about configuring network interfaces and switching between wired or wireless networks when you are moving.
21.2 Enabling NetworkManager On laptop computers, NetworkManager is enabled by default. However, it can be at any time enabled or disabled in the YaST Network Settings module. 1 Run YaST and go to Network Devices > Network Settings. 2 The Network Settings dialog opens. Go to the Global Options tab. 3 To configure and manage your network connections with NetworkManager, select User Controlled with NetworkManager. 4 Click OK.
of network connections, such as wired, wireless, mobile broadband, DSL, and VPN connections. On each tab, you can add, edit or delete connections of that type. In the KDE configuration dialog, the appropriate tabs are only active if the connection type is available on your system (depending on hardware and software). By default, KNetworkManager also displays comprehensive tooltips for the input fields and options available on each tab.
Figure 21.2 KDE Network Configuration Dialog Alternatively, you can also start the configuration dialogs from the NetworkManager applet in the system tray. In KDE, left-click the icon and select Manage Connections. In GNOME, right-click the icon and select Edit Connections. NOTE: Availability of Options Depending on your system set-up, you may not be allowed to configure connections. In a secured environment, some options might be locked or require root permission.
NOTE: Hidden Networks To connect to a “hidden” network (a network that does not broadcast its service) you have to know the Service Set Identifier or Extended Service Set Identifier (SSID or ESSID) of the network because it cannot be detected automatically. 1 To add a new connection or edit an existing one, click the tab for the connection type you want to use and click Add or choose an existing connection and click Edit. 2 Enter a Connection Name and your connection details.
Figure 21.3 KNetworkManager—Configured and Available Connections 21.4 Using KNetworkManager The KDE front-end for NetworkManager is the NetworkManager plasmoid. If the network has been set up for NetworkManager control, the plasmoid usually starts automatically with the desktop environment and is shown as an icon in the system tray. If your system tray does not show any network connection icon, the plasmoid is probably not started. Click on the Panel Tool Box and choose Add Widgets.
window, while interfaces show up in the left half. The connection and interface currently being used is marked with a blue globe. 2 Click on Networking Interface listed in the right half of the plasmoid window to get detailed information and statistics for that interface. Switch back to the interface overview by clicking on the blue arrow icon. 3 To disconnect an active connection, click on the red icon for the Networking Interface in the right half of the plasmoid window.
4 NetworkManager automatically connects to the configured network. Procedure 21.3 Managing Active Wireless Connections 1 Click on WLAN Interface listed in the right half of the plasmoid window to get detailed information and statistics for that interface. Switch back to the interface overview by clicking on the blue arrow icon. 2 To disconnect an active connection, click on the red icon for the WLAN Interface. 3 To completely disable wireless networking, uncheck Enable Wireless.
IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose between various WEP and WPA–based encryptions. If you are not sure which technology is best for you, read Section 20.3, “Authentication” (page 363).
3 To disconnect an active connection, left-click the applet and choose its Disconnect entry. 4 If you want to use a different configuration with the wired network, right-click the applet, choose Edit Connections and add another wired connection as described in Procedure 21.1, “Adding or Editing Connections” (page 382). Click the NetworkManager icon and select the newly configured connection to activate it.
A wireless network that has been chosen explicitly will remain connected as long as possible. If a network cable is plugged in during that time, any connections that have been set to Connect Automatically will be connected, while the wireless connection remains up. 21.5.3 Configuring Your Wireless Card as an Access Point If your wireless card supports access point mode, you can use NetworkManager for configuration.
IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Wireless Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose between various WEP and WPA–based encryptions. If you are not sure which technology is best for you, read Section 20.3, “Authentication” (page 363). 21.
• NetworkManager-vpnc-kde4 or NetworkManager-vpnc-gnome. PPTP (Point-to-Point Tunneling Protocol) To use this VPN technology, install • NetworkManager-pptp and • NetworkManager-pptp-kde4 or NetworkManager-pptp-gnome. After you have installed the packages, configure your VPN connection as described in Section 21.3, “Configuring Network Connections” (page 380). 21.7 NetworkManager and Security NetworkManager distinguishes two types of wireless connections, trusted and untrusted.
available right after NetworkManager is started—before any users log in. In case of system connections, all credentials must be provided at the time the connection is created. Such system connections can be used to automatically connect to networks that require authorization. For information how to configure user or system connections with NetworkManager, refer to Section 21.3, “Configuring Network Connections” (page 380).
21.8 Frequently Asked Questions In the following, find some frequently asked questions about configuring special network options with NetworkManager. How to tie a connection to a specific device? By default, connections in NetworkManager are device type-specific: they apply to all physical devices with the same type. If more than one physical device per connection type is available (for example, your machine is equipped with two ethernet cards), you can tie a connection to a certain device.
1. Start the dialog for configuring network connections as described in Section 21.3, “Configuring Network Connections” (page 380). Choose the connection you want to modify and click Edit. If you are using GNOME, switch to the IPv4 Settings tab and from the Method drop-down list, choose Shared to other computers. If you are using KDE, switch to the IP Address tab and from the Method drop-down list, choose Shared. That will enable IP traffic forwarding and run a DHCP server on the device.
NetworkManager Desktop Applet Does Not Start The GNOME and KDE NetworkManager applets start automatically if the network is set up for NetworkManager control. If the applet does not start, check if NetworkManager is enabled in YaST as described in Section 21.2, “Enabling NetworkManager” (page 380). Then make sure that the appropriate package for your desktop environment is also installed. If you are using KDE 4, the package is plasmoid-networkmanagement. For GNOME users the package is NetworkManager-gnome.
Package Documentation Also check out the information in the following directories for the latest information about NetworkManager and the GNOME and KDE NetworkManager applets: • /usr/share/doc/packages/NetworkManager/, • /usr/share/doc/packages/NetworkManager-gnome/.
22 Using Tablet PCs openSUSE® comes with support for Tablet PCs. In the following, learn how to install and configure your Tablet PC and discover some useful Linux* applications which accept input from digital pens. The following Tablet PCs are supported: • Tablet PCs with serial and USB Wacom tablet (pen based), touch-screen or multitouch devices. • Tablet PCs with FinePoint devices, such as Gateway C210X/M280E/CX2724 or HP Compaq TC1000.
• Using gesture recognition in applications of the X Window System • Drawing with GIMP • Taking notes or sketching with applications like Jarnal or Xournal or editing larger amounts of text with Dasher 22.
22.2 Configuring Your Tablet Device During installation, your tablet or touch device is configured by default. If you have trouble with the configuration of your Wacom device, you use xsetwacom on the command line to change the settings. 22.3 Using the Virtual Keyboard To log in to the KDE or GNOME desktop or to unlock the screen, you can either enter your username and password as usual or via the virtual keyboard (xvkbd) displayed below the login field.
Start KRandRTray or gnome-display-properties from the main menu, or enter krandrtray or gnome-display-properties to start the applet from a shell. After you have started the applet, the applet icon is usually added to your system tray. If the gnome-display-properties icon does not automatically appear in the system tray, make sure Show Displays in Panel is activated in the Monitor Resolution Settings dialog. To rotate your display with KRandRTray, right-click the icon and select Configure Display.
2 Enter the gesture you would like to use for a character into the respective character's cell. With the first input, the background changes its color to white, whereas the character itself is shown in light gray. Repeat the gesture multiple times until the character changes its color to black. Untrained characters are shown on a light gray or brown background (depending on the desktop's color scheme). 3 Repeat this step until you have trained CellWriter for all characters you need.
22.5.2 Using Xstroke With xstroke, you can use gestures with your pen or other pointing devices as input for applications on the X Window System. The xstroke alphabet is a unistroke alphabet that resembles the Graffiti* alphabet. When activated, xstroke sends the input to the currently focused window. 1 Start xstroke from the main menu or with xstroke from a shell. This adds a pencil icon to your system tray.
22.6 Taking Notes and Sketching with the Pen To create drawings with the pen, you can use a professional graphics editor like GIMP or try one of the note-taking applications, Xournal or Jarnal. With both Xournal and Jarnal, you can take notes, create drawings or comment PDF files with the pen. As a Java-based application available for several platforms, Jarnal also offers basic collaboration features. For more information, refer to http://www.dklevine.com/ general/software/tc1000/jarnal-net.htm.
of text using only the pen (or other input devices—it can even be driven with an eye tracker). Start Dasher from the main menu or with dasher from a shell. Move your pen in one direction and the application starts to zoom into the letters on the right side. From the letters passing the cross hairs in the middle, the text is created or predicted and is printed to the upper part of the window. To stop or start writing, click the display once with the pen. Modify the zooming speed at the bottom of the window.
Orientation of the Wacom Graphics Tablets Does Not Change With the xrandr command, you can change the orientation of your display from within a shell. Enter xrandr --help to view the options available.
22.8 For More Information Some of the applications mentioned here do not offer integrated online help, but you can find some useful information about usage and configuration in your installed system in /usr/share/doc/package/packagename or on the Web: • For the Xournal manual, refer to http://xournal.sourceforge.net/ manual.html • The Jarnal documentation is located at http://www.dklevine.com/general/ software/tc1000/jarnal.htm#documentation • Find the xstroke man page at http://davesource.
Copying and Sharing Files 23 If using multiple operating systems (OS) simultaneously, it is often necessary to exchange files among them. Different systems may reside on different partitions on the same machine or on different machines across your network. There are various approaches to file exchange with different basic instructions and possible pitfalls.
on the server, not locally on the client. File servers typically serve a large number of clients simultaneously. 23.1 Scenarios The following list provides a number of possible scenarios involving file transfer: Different OS on the Same Computer Many users have an operating system preinstalled by their vendor and run Linux in a separate partition. Refer to Section 23.4, “Accessing Files on Different OS on the Same Computer” (page 412) for more information.
23.2 Access Methods The following methods and protocols are well-suited to file transfer and sharing. FTP Use FTP (File Transfer Protocol) if you need to exchange files very often and with different users. Set up an FTP server on one system and access it with clients. There are many graphical client applications available for FTP on Windows*, MacOS, and Linux. Depending on how your FTP server is used, enable read and write permissions. See Section 23.5.
CSync CSync is an alternative to Unison. Just like Unison it synchronizes files bidirectionally. However, its architecture is modular so it can be extended with plug-ins. See http://www.csync.org for more details. SMB Samba is a client/server system and an implementation of the SMB protocol. It is usually used in Windows networks, but is supported by several operating systems. Refer to Chapter 15, Samba (page 275) for more information about Samba.
• An established connection. • The SSH daemon running on both machines. To start the service, run the command rcsshd start as root. Proceed as follows: Procedure 23.1 GNOME 1 Start Nautilus. 2 Click on File > Connect to Server. 3 Set the Service Type to ssh. 4 Enter the IP address and port of the remote computer (default is 22). 5 Specify the folder you want to open on the remote Computer. 6 Click Connect. Procedure 23.2 KDE 1 Start Dolphin. 2 Click on Network, Add Network.
23.4 Accessing Files on Different OS on the Same Computer New computers generally ship with a preinstalled operating system, usually Windows. If you have installed Linux on a different partition, you might want to exchange files between the different operating systems. Windows cannot read Linux partitions by default. If you want to exchange files between these two operating systems, you have to create an “exchange partition”. For a more direct approach, see http://www.fs-driver.
Command Line Just list the contents of /windows to see one or more directories containing your Windows drives. The directory /windows/c maps to the Windows C:\ drive, for example. NOTE: Changing the Accessibility of Windows Partitions Initially, Windows partitions are mounted read-only for normal users to avoid accidental damage to the file system. To grant normal users full access to a mounted Windows partition, change the mount behavior of this Windows partition.
User tux 23.5.1 Copying Files with SSH The following requirements must be met on both computers that are accessed via SSH: 1. If you use a hostname, make sure each hostname is listed in /etc/hosts on both computers (see Section 9.6.1.6, “/etc/hosts” (page 197).) If you use SSH with IP addresses, you do not need to change anything. 2. If you use a firewall, open the SSH port. To do so, start YaST, and select Security and Users > Firewall.
4 Drag and drop the desired files or directories to your desktop or a local directory. KDE provides another protocol called fish that can be used if sftp is not available. The use of this protocol is similar to sftp. Just replace the sftp protocol prefix of the URL with fish: fish://tux@jupiter.example.com 23.5.2 Transferring Files with rsync rsync is useful for archiving or copying data and can also be used as a daemon to provide directories to the network (see Procedure 23.
23.5.2.2 rsync Daemon Mode Start the rsyncd daemon on one of your systems to make use of the full functionality of rsync. In this mode, it is possible to create synchronization points (modules) that can be accessed without an account. To use the rsyncd daemon, proceed as follows: Procedure 23.3 Advanced Setup for rsync Synchronization 1 Log in as root and install the rsync package. 2 Configure your synchronization points in /etc/rsyncd.conf.
1. The package unison is installed. 2. Enough disk space is available on your local and remote computer. 3. If you want to benefit from Unison's full potential, make sure that Unison is also installed and running on the remote computer. In case you need help, run Unison with the -doc topics option to get a full list of available sections.
formed the synchronization now. A question mark indicates a conflict (both files have been changed and Unison cannot decide which one to overwrite). Figure 23.1 File Synchronization Proposal 5 To modify the proposals Unison shows for each file (for example, if you want to change the direction), select the file and click Right to Left or Left to Right. With Skip, exclude a file from synchronization. The symbol in the Action column changes accordingly. 6 To start the synchronization, click Go.
local <---- jupiter new file dir [f] 3 Press F if you want to follow Unison's recommendation. For other commands, press ?. 4 Proceed with y, if you want to propagate your updates. 23.5.4 Copying Files with FTP Before configuring your FTP server, make sure that the following requirements are met: 1. The package vsftp is installed. 2. You have root access to your FTP server. 3. Enough disk space is available on your computer.
2 Replace the configuration files according to the preferred scenario (refer to the manual page of vsftpd.
PuTTY PuTTY is a suite of different command line tools for working with an SSH daemon. Download it from http://www.chiark.greenend.org.uk/~sgtatham/ putty.html. WinSCP WinSCP is very similar to PuTTY, but includes a graphical user interface. Choose from an Explorer or Norton Commander style. Download it from http://winscp .net. To copy a file from Windows to Linux with PuTTY, proceed as follows (on the Windows machine): 1 Start PSCP. 2 Enter the hostname of your SSH server.
23.7 Sharing Files between Linux Computers The following sections feature various methods for sharing data. Use one of these if you are looking for a permanent solution for data sharing. 23.7.
3b Set the export options to: rw,root_squash,async 3c Repeat these steps, if you need to export more than one directory. 4 Apply your settings and leave YaST. Your NFS server is ready to use. To manually start the NFS server, enter rcnfsserver start as root. To stop the server, enter rcnfsserver stop. By default, YaST takes care of starting this service at boot time. To configure the client, proceed as follows: 1 Prepare the NFS client: 1a Start YaST as root. 1b Select Network Services > NFS Client.
3 Apply your settings and leave YaST. Your NFS client is ready to use. To start the NFS client manually, enter rcnfs start. NOTE: Consistent User Names If your home network is used by just a small number of users, set up identical users manually on all machines. If, however, you need a larger consistent user base across a larger home network, consider using NIS or LDAP to manage user data.
23.7.2.2 Accessing Shares from the Command Line If you prefer using the command line, use the smbclient command. To log in to your Samba server, run: smbclient //jupiter/share -U tux Omit the -U option if you are the current user tux. After logging in successfully, use some basic commands like ls (list contents), mkdir (create directory), get (download file), and put (upload file). Use help to display all commands. Refer to the manual page of smbclient for more information. 23.
Procedure 23.4 Setting Up a Samba Server To set up a Samba server, do the following: 1 Prepare the Samba server: 1a Start YaST as root. 1b Install the samba package. 1c Create a directory (for example, /srv/share). 2 Create the server configuration: 2a Select Network Services > Samba Server. 2b Select one of the workgroups or enter a new one (for example, Penguin). 2c Check Primary Domain Controller (PDC) 2d Select During Boot if the Samba service should be started every time your computer boots.
4 Provide a password for all users that are allowed to use this service: smbpasswd -a tux For easier configuration, just hit Enter to leave the password empty. Take into account that the usernames on your Windows and Linux computers are probably different. Configuring a consistent user base for both Windows and Linux is beyond the scope of this document.
23.9 For More Information • http://en.wikipedia.org/wiki/VFAT • http://en.wikipedia.org/wiki/NTFS • http://en.wikipedia.org/wiki/Fstab • http://en.wikipedia.org/wiki/Network_File_System • http://en.wikipedia.org/wiki/File_Transfer_Protocol • http://en.wikipedia.org/wiki/SSH • http://en.wikipedia.org/wiki/Rsync • http://en.wikipedia.
An Example Network This example network is used across all network-related chapters of the openSUSE® documentation.
GNU Licenses This appendix contains the GNU General Public License version 2 and the GNU Free Documentation License version 1.2. GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.
This program is modify it under as published by of the License, free software; you can redistribute it and/or the terms of the GNU General Public License the Free Software Foundation; either version 2 or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the “with...Texts.
