openSUSE www.suse.
Reference Copyright © 2006–2012 Novell, Inc. and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For Novell trademarks, see the Novell Trademark and Service Mark list http://www.
Contents About This Guide xiii 1 Available Documentation ...................................................................... xiv 2 Feedback ............................................................................................. xv 3 Documentation Conventions ................................................................. xvi 4 About the Making of This Manual ......................................................... xvi 5 Source Code ..............................................................
1.12 Installation Settings .......................................................................... 26 1.13 Performing the Installation ................................................................ 30 1.14 Configuration of the Installed System .................................................. 31 1.15 Graphical Login ............................................................................... 36 2 Remote Installation 37 2.1 Installation Scenarios for Remote Installation ..........................
Remote Access with VNC 115 5.1 One-time VNC Sessions .................................................................... 115 5.2 Persistent VNC Sessions ................................................................... 118 III System 6 32-Bit and 64-Bit Applications in a 64-Bit System Environment 121 123 6.1 Runtime Support .............................................................................. 123 6.2 Software Development ....................................................................
10 The Boot Loader GRUB2 177 10.1 Main Differences from GRUB Legacy .............................................. 177 10.2 Configuration File Structure ............................................................. 178 10.3 Configuring the Boot Loader with YaST ............................................ 186 10.4 For More Information ...................................................................... 192 11 Special System Features 193 11.1 Information about Special Software Packages ...............
13.4 Configuring a Network Connection with YaST ................................... 241 13.5 NetworkManager ............................................................................ 261 13.6 Configuring a Network Connection Manually ..................................... 264 13.7 smpppd as Dial-up Assistant ............................................................ 280 14 SLP Services in the Network 283 14.1 Installation ................................................................................
16.4 For More Information ...................................................................... 322 17 Time Synchronization with NTP 323 17.1 Configuring an NTP Client with YaST .............................................. 323 17.2 Manually Configuring ntp in the Network .......................................... 328 17.3 Dynamic Time Synchronization at Runtime ....................................... 329 17.4 Setting Up a Local Reference Clock ..................................................
20.6 Setting Up a Secure Web Server with SSL ......................................... 389 20.7 Avoiding Security Problems ............................................................. 397 20.8 Troubleshooting ............................................................................. 399 20.9 For More Information ...................................................................... 400 21 Setting up an FTP server with YaST 403 21.1 Starting the FTP server .............................................
24.2 Operating Modes ............................................................................ 432 24.3 Authentication ................................................................................ 433 24.4 Encryption ..................................................................................... 434 24.5 Configuration with YaST ................................................................. 435 24.6 Tips and Tricks for Setting Up a WLAN ............................................ 444 24.
27 Copying and Sharing Files 479 27.1 Scenarios ....................................................................................... 480 27.2 Access Methods ............................................................................. 481 27.3 Accessing Files Using a Direct Connection ........................................ 482 27.4 Accessing Files on Different OS on the Same Computer ...................... 484 27.5 Copying Files between Linux Computers ...........................................
About This Guide This manual gives you a general understanding of openSUSE®. It is intended mainly for system administrators and home users with basic system administration knowledge. Check out the various parts of this manual for a selection of applications needed in everyday life and in-depth descriptions of advanced installation and configuration scenarios. Advanced Deployment Scenarios Learn how to deploy openSUSE from a remote location and become acquainted with complex disk setup scenarios.
1 Available Documentation We provide HTML and PDF versions of our books in different languages. The following manuals for users and administrators are available on this product: Start-Up (↑Start-Up) Guides you step-by-step through the installation of openSUSE from DVD, or from an ISO image, gives short introductions to the GNOME and KDE desktops including some key applications running on it.
Find HTML versions of most product manuals in your installed system under /usr/ share/doc/manual or in the help centers of your desktop. Find the latest documentation updates at http://www.suse.com/documentation where you can download PDF or HTML versions of the manuals for your product. 2 Feedback Several feedback channels are available: Bugs and Enhancement Requests To report bugs for a product component, or to submit enhancement requests, please use https://bugzilla.novell.com/.
3 Documentation Conventions The following typographical conventions are used in this manual: • /etc/passwd: directory names and filenames • placeholder: replace placeholder with the actual value • PATH: the environment variable PATH • ls, --help: commands, options, and parameters • user: users or groups • Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as on a keyboard • File, File > Save As: menu items, buttons • Dancing Penguins (Chapter Penguins, ↑Another Manual): This is
6 Acknowledgments With a lot of voluntary commitment, the developers of Linux cooperate on a global scale to promote the development of Linux. We thank them for their efforts—this distribution would not exist without them. Furthermore, we thank Frank Zappa and Pawar. Special thanks, of course, goes to Linus Torvalds.
Part I.
1 Installation with YaST Install your openSUSE® system with YaST, the central tool for installation and configuration of your system. YaST guides you through the installation process and the basic configuration of your system. During the installation and configuration process, YaST analyzes both your current system settings and your hardware components and proposes installation settings based on this analysis.
however, make the contents of the DVD available on an installation server and make them available all across your network. DVD-download One DVD5, available via download for 32bit or 64bit systems. Choose this installation option if you want a fully-fledged openSUSE system. Beyond the downloading of the DVD ISO, there is no network connection required to make use of this installation option. Once the medium has been fully downloaded and the physical medium created, you can go ahead with the installation.
To install from a HTTP, FTP, NFS, or SMB server, follow the instructions in Section 1.2.2, “Installing from a Network Source without SLP” (page 8). IMPORTANT: Add-On CDs—Installing Additional Software Although add-on CDs (extensions or third-party products) cannot be used as stand-alone installation media, they can be embedded as additional software sources during the installation. Currently CDs with additional languages and non open source software are available as add-on CDs for openSUSE.
Installing with openSUSE 12.2 Installer from Windows Choose this installation option if you prefer a smooth transition from using Windows to using Linux. openSUSE 12.2 Installer allows you to boot into the openSUSE installation right from a running Windows by modifying the Windows boot loader. This installation option is only available from the DVD media. Refer to Section 1.2.3, “Installing with the openSUSE 12.2 Installer from Windows” (page 8) for details.
Boot Option Description copy the kernel (linux) and the installation system (initrd) from the directory /boot/architecture/ on the installation media to the hard disk and add an appropriate entry to the existing boot loader of a previous openSUSE installation. TIP: Booting from DVD on UEFI machines ►amd64 em64t: DVD1 can be used as a boot medium for machines equipped with UEFI (Unified Extensible Firmware Interface). Refer to your vendor's documentation for specific information.
1.2.2 Installing from a Network Source without SLP If your network setup does not support OpenSLP for the retrieval of network installation sources, boot the system and press F4 in the boot screen to select the desired network protocol (NFS, HTTP, FTP, or SMB/CIFS). Provide the server's address and the path to the installation media. The installation program automatically configures the network connection with DHCP. If this configuration fails, you are prompted to enter the appropriate parameters manually.
the whole installation disk, the installation routine will make a proposal to shrink an existing Windows partition in order to make room for the openSUSE. Please read Section 1.10.1.1, “Resizing a Windows Partition” (page 20) prior to the installation for detailed information. 1.3 The Installation Workflow The openSUSE installation is split into three main parts: preparation, installation, and configuration.
Installation The normal installation mode. All modern hardware functions are enabled. In case the installation fails, see “F5 Kernel ” (page 12) for boot options that disable potentially problematic functions. Rescue System Starts a minimal Linux system without a graphical user interface. For more information, see Section “Using the Rescue System” (Appendix A, Help and Troubleshooting, ↑Start-Up). This option is not available on LiveCDs.
Figure 1.1: The Boot Screen Use the function keys indicated in the bar at the bottom of the screen to change the language, screen resolution, installation source or to add an additional driver from your hardware vendor: F1 Help Get context-sensitive help for the active element of the boot screen. Use the arrow keys to navigate, Enter to follow a link, and Esc to leave the help screen. F2 Language Select the display language and a corresponding keyboard layout for the installation.
F5 Kernel If you encounter problems with the regular installation, this menu offers to disable a few potentially problematic functions. If your hardware does not support ACPI (advanced configuration and power interface) select No ACPI to install without ACPI support. No local APIC disables support for APIC (Advanced Programmable Interrupt Controllers) which may cause problems with some hardware. Safe Settings boots the system with the DMA mode (for CD/DVD-ROM drives) and power management functions disabled.
TIP: Installation without a Mouse If the installer does not detect your mouse correctly, use Tab for navigation, arrow keys to scroll, and Enter to confirm a selection. Various buttons or selection fields contain a letter with an underscore. Use Alt + Letter to select a button or a selection directly instead of navigating there with the Tab button. 1.6 Welcome Start the installation of openSUSE by choosing your language. Changing the language will automatically preselect a corresponding keyboard layout.
Figure 1.2: Welcome 1.7 Installation Mode After a system analysis (where YaST probes for storage devices and tries to find other installed systems on your machine) the available installation modes are displayed. This step is skipped when installing from a LiveCD, since this medium only supports a new installation with automatic configuration. New installation Select this option to start a new installation from scratch. Update Select this option to update an existing installation to a newer version.
Figure 1.3: Installation Mode By default, the automatic configuration is used when performing a new installation. In this mode the system automatically configures your hardware and the network, so the installation is performed with minimal user interaction. If necessary, you can change every configuration that is set up later in the installed system using YaST. Uncheck Use Automatic Configuration if you prefer a manual configuration during the installation.
installation— in this case the existing network configuration is used). Choose Yes, Run the Network Setup and proceed as described in Section 1.7.1.1, “Network Setup” (page 16). If the add-on product is available locally, select No, Skip the Network Setup. Click Next and specify the product source. Source types available are CD, DVD, Hard Disk, USB Mass Storage, a Local Directory or a Local ISO Image (if no network was configured).
1.8 Clock and Time Zone In this dialog, select your region and time zone. Both are preselected according to the selected installation language. To change the preselected values, either use the map or the drop down lists for Region and Time Zone. When using the map, point the cursor at the rough direction of your region and left-click to zoom. Now choose your country or region by left-clicking. Right-click to return to the world map. Figure 1.
1.9 Desktop Selection In openSUSE, you can choose from various desktops. The major ones, KDE and GNOME, are powerful graphical desktop environments similar to Windows. This step is skipped when installing from a LiveCD, since this medium is already preconfigured to either use KDE or GNOME. If you prefer a different desktop, choose Other for more options. The XFCE Desktop and the LXDE Desktop are fast and lightweight desktop environments suitable for modest hardware.
one of these partitions. Accept the proposal with Next and proceed with the installation. Experienced users can also customize the proposal or apply their own partitioning scheme. The proposed partitioning is Partition Based by default. If you prefer an LVM Based setup, check the respective option to automatically convert the proposal. Refer to Section 3.2, “LVM Configuration” (page 84) for more information about the Logical Volume Manager (LVM).
Home Partition. Instead of the default partition-based proposal, it is possible to Create an LVM Based Proposal. Choose two times Next to proceed to the next step. 1.10.1.1 Resizing a Windows Partition If the selected hard disk only contains a Windows FAT or NTFS partition, YaST offers to delete or shrink this partition. If you select Delete Windows Completely, the Windows partition is marked for deletion and the space is used for the installation of openSUSE.
Figure 1.7: Resizing the Windows Partition If you leave this dialog by selecting Next, the settings are stored and you are returned to the previous dialog. The actual resizing takes place later, before the hard disk is formatted. IMPORTANT: Writing on NTFS Partitions By default, the Windows uses the NTFS file system. openSUSE includes read and write access to the NTFS file system, but this feature has a few limitations. This means that you cannot read or write encrypted or compressed files.
1.11 Create New User Create a local user in this step. Administrating local users is a suitable option for standalone workstations. If setting up a client on a network with centralized user authentication, click Change and proceed with the Section 1.11.1, “Expert Settings” (page 24). After entering the first name and last name, either accept the proposal or specify a new Username that will be used to log in. Finally, enter a password for the user.
Figure 1.8: Create New User Three additional options are available: Use this Password for the System Administrator If checked, the same password you have entered for the user will be used for the system administrator root. This option is suitable for stand-alone workstations or machines in a home network that are administrated by a single user. When not checked, you are prompted for a system administrator password in the next step of the installation workflow (see Section 1.11.
Automatic Login This option automatically logs the current user in to the system when it starts. This is mainly useful if the computer is operated by only one user. WARNING: Automatic Login With the automatic login enabled, the system boots straight into your desktop with no authentication at all. If you store sensitive data on your system, you should not enable this option as long as the computer can also be accessed by others. 1.11.
Windows Domain SMB authentication is often used in mixed Linux and Windows networks. and Section “Configuring a Linux Client for Active Directory” (Chapter 5, Active Directory Support, ↑Security Guide). Along with user administration via LDAP and NIS, you can use Kerberos authentication. To use it, select Set Up Kerberos Authentication. For more information on Kerberos, refer to Chapter 6, Network Authentication with Kerberos (↑Security Guide). 1.11.
1.12 Installation Settings On the last step before the real installation takes place, you can alter installation settings suggested by YaST and also review the settings you made so far. To modify the suggestions, either click Change and select the category to change or click on one of the headlines. After configuring any of the items presented in these dialogs, you are always returned to the Installation Settings window, which is updated accordingly. Figure 1.
1.12.2 Booting YaST proposes a boot configuration for your system. Other operating systems found on your computer, such as Microsoft Windows or other Linux installations, will automatically be detected and added to the boot loader. However, openSUSE will be booted by default. Normally, you can leave these settings unchanged. If you need a custom setup, modify the proposal for your system. For information, see Section 9.2, “Configuring the Boot Loader with YaST” (page 166).
Figure 1.10: Software Selection and System Tasks 1.12.4 Locale Settings Here you can change the system Language and Keyboard Layout you defined in the first step of the installation. It is also possible to add additional languages. To adjust the system language settings, select Language. Select a language from the list. The primary language is used as the system language. You can also adapt keyboard layout and time zone to the primary language if the current settings differ.
1.12.5 Time Zone Adjust time zone and clock settings here. Provided a network is configured, you can also set up a Network Time Protocol (NTP) client that automatically synchronizes your computer with a time server. This is the same configuration as shown earlier in Section 1.8, “Clock and Time Zone” (page 17). 1.12.6 User Settings Change the current User settings and change or set the Root Password here. This is the same configuration as shown earlier in Section 1.11, “Create New User” (page 22). 1.12.
NOTE: Installation Time Stamps The RPM database keeps track of the date a package was last installed or updated (check with for example rpm -qa --last). When installing from images, the time stamps of all packages originating from the images do not match the installation date but rather the date the image was created. 1.12.10 Firewall By default SuSEFirewall2 is enabled on all configured network interfaces. To globally disable the firewall for this computer, click on Disable.
After the software installation has completed, the basic system is set up. Among others, “Finishing the Basic Installation” includes installing the boot manager, initializing fonts and more. Next YaST boots into the new Linux system to start the system configuration. TIP: Existing SSH Host Keys If you install openSUSE on a machine with existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation. 1.
1.14.2.1 Hostname and Domain Name The hostname is the computer's name in the network. The domain name is the name of the network. A hostname and domain are proposed by default. If your system is part of a network, the hostname has to be unique in this network, whereas the domain name has to be common to all hosts on the network. In many networks, the system receives its name over DHCP. In this case it is not necessary to modify the proposed hostname and domain name. Select Change Hostname via DHCP instead.
General Network Settings Enable or disable the use of NetworkManager as described above. Also change the IPv6 support here. By default the IPv6 support is enabled. To disable it, click Disable IPv6. For more information about IPv6, see Section 13.2, “IPv6—The Next Generation Internet” (page 230). Firewall By default SuSEFirewall2 is enabled on all configured network interfaces. To globally disable the firewall for this computer, click on Disable.
Test Internet Connection After having configured a network connection, you can test it. For this purpose, YaST establishes a connection to the openSUSE server and downloads the latest release notes. Read them at the end of the installation process. A successful test is also a prerequisite for the automatic addition of the default repositories and for updating online. If you have multiple network interfaces, verify that the desired card is used to connect to the Internet. If not, click Change Device.
IMPORTANT: Downloading Software Updates The download of updates might take quite some time, depending on the bandwidth of the Internet connection and the size of the update files. In case the patch system itself is updated, the online update will restart and download more patches after the restart. If the kernel was updated, the system will reboot before completing the configuration. 1.14.2.4 New Local User If no local user was created in step one, you can create one in this dialog.
TIP: Resetting Hardware Configuration to the Default Values You can cancel any changes to the hardware configuration by clicking Change > Reset to Defaults. YaST then shows the original proposal again. 1.14.2.7 Installation Completed After a successful installation, YaST shows the Installation Completed dialog. In this dialog, select whether to clone your newly installed system for AutoYaST. To clone your system, select Clone This System for AutoYaST.
2 Remote Installation openSUSE® can be installed in different ways. As well as the usual media installation covered in Chapter 1, Installation with YaST (page 3), you can choose from various network-based approaches or even take a completely hands-off approach to the installation of openSUSE. Each method is introduced by means of two short check lists: one listing the prerequisites for this method and the other illustrating the basic procedure.
IMPORTANT The configuration of the X Window System is not part of any remote installation process. After the installation has finished, log in to the target system as root, enter telinit 3, and start SaX2 to configure the graphics hardware . 2.1.1 Simple Remote Installation via VNC—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation.
3 When the boot screen of the target system appears, use the boot options prompt to set the appropriate VNC options and the address of the repository. This is described in detail in Section 2.4, “Booting the Target System for Installation” (page 65). The target system boots to a text-based environment, giving the network address and display number under which the graphical installation environment can be addressed by any VNC viewer application or browser.
• Running DHCP server providing IP addresses. To perform this kind of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit.
To perform this type of installation, make sure that the following requirements are met: • Remote repository: NFS, HTTP, FTP, or SMB with working network connection. • TFTP server. • Running DHCP server for your network. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera).
2.1.4 Simple Remote Installation via SSH—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation and to determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using SSH to connect to the installer. User interaction is required as with the regular installation described in Chapter 1, Installation with YaST (page 3).
and SSH enablement. This is described in detail in Section 2.4.2, “Using Custom Boot Options” (page 66). The target system boots to a text-based environment, giving the network address under which the graphical installation environment can be addressed by any SSH client. 4 On the controlling workstation, open a terminal window and connect to the target system as described in Section 2.5.2.2, “Connecting to the Installation Program” (page 71).
1 Set up the repository source as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit. For more information about the openSUSE media kit, see Section 1.1, “Choosing the Installation Media” (page 3).
• Running DHCP server for your network, providing a static IP to the host to install. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and SSH client software. To perform this type of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server.
2.2 Setting Up the Server Holding the Installation Sources Depending on the operating system running on the machine to use as the network installation source for openSUSE, there are several options for the server configuration. The easiest way to set up an installation server is to use YaST on openSUSE 11.1 and higher. TIP You can even use a Microsoft Windows machine as the installation server for your Linux deployment. See Section 2.2.5, “Managing an SMB Repository” (page 53) for details. 2.2.
Define an alias for the root directory of the FTP or HTTP server on which the installation data should be found. The repository will later be located under ftp://Server-IP/Alias/Name (FTP) or under http://Server-IP/Alias/Name (HTTP). Name stands for the name of the repository, which is defined in the following step. If you selected NFS in the previous step, define wild cards and export options. The NFS server will be accessible under nfs://Server-IP/Name.
Your installation server is now fully configured and ready for service. It is automatically started every time the system is started. No further intervention is required. You only need to configure and start this service correctly by hand if you have deactivated the automatic configuration of the selected network service with YaST as an initial step. To deactivate a repository, select the repository to remove then select Delete. The installation data are removed from the system.
cp -a /media/path_to_your_DVD_drive . Replace path_to_your_DVD_drive with the actual path under which your DVD drive is addressed. Depending on the type of drive used in your system, this can be cdrom, cdrecorder, dvd, or dvdrecorder. 3b Rename the directory to the DVD number: mv path_to_your_DVD_drive DVDx Replace x with the actual number of your DVD. On openSUSE, you can export the repository with NFS using YaST. Proceed as follows: 1 Log in as root. 2 Start YaST > Network Services > NFS Server.
This exports the directory /productversion to any host that is part of this network or to any host that can connect to this server. To limit the access to this server, use netmasks or domain names instead of the general wild card *. Refer to the export man page for details. Save and exit this configuration file. 3 To add the NFS service to the list of servers started during system boot, execute the following commands: insserv /etc/init.d/nfsserver 4 Start the NFS server with rcnfsserver start.
1 Create a directory holding the installation sources as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48). 2 Configure the FTP server to distribute the contents of your installation directory: 2a Log in as root and install the package vsftpd using the YaST software management. 2b Enter the FTP server root directory: cd /srv/ftp 2c Create a subdirectory holding the installation sources in the FTP root directory: mkdir repository Replace repository with the product name.
TIP: Configuring an FTP Server with YaST If you prefer using YaST over manually configuring the FTP installation server, refer to Chapter 21, Setting up an FTP server with YaST (page 403) for more information on how to use the YaST FTP server module. 2.2.4 Setting Up an HTTP Repository Manually Creating an HTTP repository is very similar to creating an NFS repository. An HTTP repository can be announced over the network using OpenSLP as well.
2e Reload the HTTP server configuration using rcapache2 reload. 3 Announce the repository via OpenSLP, if this is supported by your network setup: 3a Create the /etc/slp.reg.d/install.suse.http.reg configuration file with the following lines: # Register the HTTP Installation Server service:install.suse:http://$HOSTNAME/repository/DVD1/,en,65535 description=HTTP Repository Replace repository with the actual path to the repository on your server. The service: line should be entered as one continuous line.
1 Boot the installation target. 2 Select Installation. 3 Press F4 for a selection of the repository. 4 Choose SMB and enter the Windows machine's name or IP address, the share name (INSTALL/product/DVD1, in this example), username, and password. After you hit Enter, YaST starts and you can perform the installation. 2.2.
the product name, and mediumx with the type (CD or DVD) and number of media you are using. 6 Repeat the previous step to mount all ISO images needed for your product. 7 Start your installation server as usual, as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48), Section 2.2.3, “Setting Up an FTP Repository Manually” (page 50), or Section 2.2.4, “Setting Up an HTTP Repository Manually” (page 52).
1 Log in as root to the machine hosting the DHCP server. 2 Install the yast2-dhcp-server package. 3 Start YaST > Network Services > DHCP Server. 4 Complete the setup wizard for basic DHCP server setup. 5 Select Expert Settings and select Yes when warned about leaving the start-up dialog. 6 In the Configured Declarations dialog, select the subnet in which the new system should be located and click Edit. 7 In the Subnet Configuration dialog select Add to add a new option to the subnet's configuration.
subnet 192.168.1.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.1.200 192.168.1.228; # PXE related stuff # # "next-server" defines the tftp server that will be used next-server ip_tftp_server: # # "filename" specifies the pxelinux image on the tftp server # the server runs in chroot under /srv/tftpboot filename "pxelinux.0"; } Replace ip_of_the_tftp_server with the actual IP address of the TFTP server. For more information about the options available in dhcpd.conf, refer to the dhcpd.
2.3.2 Setting Up a TFTP Server Set up a TFTP server with YaST or set it up manually on any other Linux operating system that supports xinetd and TFTP. The TFTP server delivers the boot image to the target system once it boots and sends a request for it. 2.3.2.1 Setting Up a TFTP Server Using YaST 1 Log in as root. 2 Install the yast2-tftp-server package. 3 Start YaST > Network Services > TFTP Server and install the requested package.
4 Modify the configuration of xinetd located under /etc/xinetd.d to make sure that the TFTP server is started on boot: 4a If it does not exist, create a file called tftp under this directory with touch tftp. Then run chmod 755 tftp. 4b Open the file tftp and add the following lines: service tftp { socket_type protocol wait user server server_args disable } = = = = = = = dgram udp yes root /usr/sbin/in.tftpd -s /srv/tftpboot no 4c Save the file and restart xinetd with rcxinetd restart. 2.3.
4 Change to the directory of your installation repository and copy the isolinux .cfg file to /srv/tftpboot/pxelinux.cfg/default by entering the following: cp -a boot//loader/isolinux.cfg /srv/tftpboot/pxelinux.cfg/default 5 Edit the /srv/tftpboot/pxelinux.cfg/default file and remove the lines beginning with readinfo and framebuffer.
TIP: Changing Kernel and initrd Filenames It is possible to use different filenames for Kernel and initrd images. This is useful if you want to provide different operating systems from the same boot server. However, you should be aware that only one dot is permitted in the filenames that are provided by TFTP for the PXE boot. An example /srv/tftpboot/pxelinux.cfg/default file follows.
7 Replace ip_instserver and path_to_repository with the values used in your setup. The following section serves as a short reference to the PXELINUX options used in this setup. Find more information about the options available in the documentation of the syslinux package located under /usr/share/doc/packages/ syslinux/. 2.3.4 PXELINUX Configuration Options The options listed here are a subset of all the options available for the PXELINUX configuration file. DEFAULT kernel options...
PXELINUX uses the following syntax: label mylabel kernel mykernel append myoptions Labels are mangled as if they were filenames and they must be unique after mangling. For example, the two labels “v2.6.30” and “v2.6.31” would not be distinguishable under PXELINUX because both mangle to the same DOS filename. The Kernel does not have to be a Linux Kernel; it can be a boot sector or a COMBOOT file. APPEND Append nothing.
disables the time-out completely (this is also the default). The maximum possible time-out value is 35996 (just less than one hour). PROMPT flag_val If flag_val is 0, displays the boot prompt only if Shift or Alt is pressed or Caps Lock or Scroll Lock is set (this is the default). If flag_val is 1, always displays the boot prompt. F2 filename F1 filename ..etc... F9 filename F10 filename Displays the indicated file on the screen when a function key is pressed at the boot prompt.
2.3.7 Wake on LAN Wake on LAN allows a machine to be turned on by a special network packet containing the machine's MAC address. Because every machine in the world has a unique MAC identifier, you do not need to worry about accidentally turning on the wrong machine.
2.4.2 Using Custom Boot Options Using the appropriate set of boot options helps facilitate your installation procedure. Many parameters can also be configured later using the linuxrc routines, but using the boot options is easier. In some automated setups, the boot options can be provided with initrd or an info file. The following table lists all installation scenarios mentioned in this chapter with the required parameters for booting and the corresponding boot options.
• gateway=ip_gateway • vnc=1 • vncpassword=some_password Section 2.1.2, “Simple Remote Installation via VNC—Dynamic Network Configuration” (page 39) Parameters Needed for Booting • Location of the installation server • VNC enablement • VNC password Boot Options • install=(nfs,http,ftp,smb)://path_to_instmedia • vnc=1 • vncpassword=some_password Section 2.1.
• SSH password Boot Options • install=(nfs,http,ftp,smb)://path_to_instmedia • netdevice=some_netdevice (only needed if several network devices are available) • hostip=some_ip • netmask=some_netmask • gateway=ip_gateway • usessh=1 • sshpassword=some_password Section 2.1.
2.5 Monitoring the Installation Process There are several options for remotely monitoring the installation process. If the proper boot options have been specified while booting for installation, either VNC or SSH can be used to control the installation and system configuration from a remote workstation. 2.5.1 VNC Installation Using any VNC viewer software, you can remotely control the installation of openSUSE from virtually any operating system.
2.5.1.2 Connecting to the Installation Program Basically, there are two ways to connect to a VNC server (the installation target in this case). You can either start an independent VNC viewer application on any operating system or connect using a Java-enabled Web browser. Using VNC, you can control the installation of a Linux system from any other operating system, including other Linux flavors, Windows, or Mac OS. On a Linux machine, make sure that the package tightvnc is installed.
2.5.2 SSH Installation Using SSH, you can remotely control the installation of your Linux machine using any SSH client software. 2.5.2.1 Preparing for SSH Installation Apart from installing the appropriate software package (OpenSSH for Linux and PuTTY for Windows), you just need to pass the appropriate boot options to enable SSH for installation. See Section 2.4.2, “Using Custom Boot Options” (page 66) for details. OpenSSH is installed by default on any SUSE Linux–based operating system. 2.5.2.
3 Advanced Disk Setup Sophisticated system configurations require specific disk setups. All common partitioning tasks can be done with YaST. To get persistent device naming with block devices, use the block devices below /dev/disk/by-id or /dev/disk/by-uuid. Logical Volume Management (LVM) is a disk partitioning scheme that is designed to be much more flexible than the physical partitioning used in standard setups. Its snapshot functionality enables easy creation of data backups.
Figure 3.1: The YaST Partitioner All existing or suggested partitions on all connected hard disks are displayed in the list of Available Storage in the YaST Expert Partitioner dialog. Entire hard disks are listed as devices without numbers, such as /dev/sda. Partitions are listed as parts of these devices, such as /dev/sda1. The size, type, encryption status, file system, and mount point of the hard disks and their partitions are also displayed.
3.1.1 Partition Types Every hard disk has a partition table with space for four entries. Every entry in the partition table corresponds to a primary partition or an extended partition. Only one extended partition entry is allowed, however. A primary partition simply consists of a continuous range of cylinders (physical disk areas) assigned to a particular operating system. With primary partitions you would be limited to four partitions per hard disk, because more do not fit in the partition table.
4 Specify additional file system options if your setup requires them. This is necessary, for example, if you need persistent device names. For details on the available options, refer to Section 3.1.3, “Editing a Partition” (page 78). 5 Click Finish to apply your partitioning setup and leave the partitioning module. If you created the partition during installation, you are returned to the installation overview screen. 3.1.2.
/var/log Contains system and applications' log files which should never be rolled back. /var/crash Contains memory dumps of crashed kernels. /srv Contains data files belonging to FTP and HTTP servers. /opt Contains third party software. TIP: Size of Btrfs Partition Because saved snapshots require more disk space, it is recommended to reserve more space for Btrfs partition than for a partition not capable of snapshotting (such as Ext3).
5a To remove a subvolume, select it from the list of Exisitng Subvolumes and click Remove. 5b To add a new subvolume, enter its name to the New Subvolume text field and click Add new. Figure 3.2: Btrfs Subvolumes in YaST Partitioner 6 Confirm with OK and Finish. 7 Leave the partitioner with Finish. 3.1.3 Editing a Partition When you create a new partition or modify an existing partition, you can set various parameters.
1 Select the partition. 2 Click Edit to edit the partition and set the parameters: File System ID Even if you do not want to format the partition at this stage, assign it a file system ID to ensure that the partition is registered correctly. Typical values are Linux, Linux swap, Linux LVM, and Linux RAID. File System To change the partition file system, click Format Partition and select file system type in the File System list. openSUSE supports several types of filesystems.
Mount Point Specify the directory where the partition should be mounted in the file system tree. Select from YaST suggestions or enter any other name. Fstab Options Specify various parameters contained in the global file system administration file (/etc/fstab). The default settings should suffice for most setups. You can, for example, change the file system identification from the device name to a volume label. In the volume label, use all characters except / and space.
WARNING: Creating a New Partition Table Creating a new partition table on a device irreversibly removes all the partitions and their data from that device. Clone This Disk This option helps you clone the device partition layout (but not the data) to other available disk devices. 3.1.5 Advanced Options After you select the hostname of the computer (the top-level of the tree in the System View pane), you can access the Configure... menu in the lower right part of the Expert Partitioner window.
3.1.6.1 Using swap Swap is used to extend the available physical memory. It is then possible to use more memory than physical RAM available. The memory management system of kernels before 2.4.10 needed swap as a safety measure. Then, if you did not have twice the size of your RAM in swap, the performance of the system suffered. These limitations no longer exist. Linux uses a page called “Least Recently Used” (LRU) to select pages that might be moved from memory to disk.
If your system is not out of control, but needs more swap after some time, it is possible to extend the swap space online. If you prepared a partition for swap space, just add this partition with YaST. If you do not have a partition available, you may also just use a swap file to extend the swap. Swap files are generally slower than partitions, but compared to physical ram, both are extremely slow so the actual difference is negligible. Procedure 3.
already exists on your system, it is automatically activated upon entering the initial LVM configuration of a session. In this case, all disks containing a partition (belonging to an activated volume group) cannot be repartitioned. The Linux kernel cannot reread the modified partition table of a hard disk when any partition on this disk is in use. If you already have a working LVM configuration on your system, physical repartitioning should not be necessary.
partitions on a running system, LVM provides a virtual pool (volume group, VG for short) of memory space from which logical volumes (LVs) can be created as needed. The operating system accesses these LVs instead of the physical partitions. Volume groups can occupy more than one disk, so that several disks or parts of them may constitute one single VG.
• With LVM, it is possible to add hard disks or LVs in a running system. However, this requires hot-swappable hardware. • It is possible to activate a "striping mode" that distributes the data stream of a LV over several PVs. If these PVs reside on different disks, the read and write performance is enhanced, as with RAID 0. • The snapshot feature enables consistent backups (especially for servers) of the running system. With these features, LVM is ready for heavily used home PCs or small servers.
4 Use Do not format partition and change the File System ID to 0x8E Linux LVM. Do not mount this partition. 5 Repeat this procedure until you have defined all the desired physical volumes on the available disks. 3.2.2.1 Creating Volume Groups If no volume group exists on your system, you must add one (see Figure 3.4, “Creating a Volume Group” (page 88)). It is possible to create additional groups by clicking on Volume Management in the System View pane, and then on Add Volume Group.
Figure 3.4: Creating a Volume Group If you have multiple volume groups defined and want to add or remove PVs, select the volume group in the Volume Management list and click Resize. In the following window, you can add or remove PVs to the selected volume group. 3.2.2.2 Configuring Logical Volumes After the volume group has been filled with PVs, define the LVs which the operating system should use in the next dialog. Choose the current volume group and change to the Logical Volumes tab.
Figure 3.5: Logical Volume Management Click Add and go through the wizard-like pop-up that opens: 1. Enter the name of the LV. For a partition that should be mounted to /home, a selfexplanatory name like HOME could be used. 2. Select the size and the number of stripes of the LV. If you have only one PV, selecting more than one stripe is not useful. 3. Choose the filesystem to use on the LV as well as the mount point.
If you have already configured LVM on your system, the existing logical volumes can also be used. Before continuing, assign appropriate mount points to these LVs. With Finish, return to the YaST Expert Partitioner and finish your work there. 3.3 Soft RAID Configuration The purpose of RAID (redundant array of independent disks) is to combine several hard disk partitions into one large virtual hard disk to optimize performance and/or data security.
faster in comparison to any one of the normal physical hard disks. The reason is that the duplicate data can be parallel-scanned. Generally it can be said that Level 1 provides nearly twice the read transfer rate of single disks and almost the same write transfer rate as single disks. RAID 5 RAID 5 is an optimized compromise between Level 0 and Level 1, in terms of performance and redundancy. The hard disk space equals the number of disks used minus one.
1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab. 3 Click Add and enter the desired size of the raid partition on this disk. 4 Use Do not Format the Partition and change the File System ID to 0xFD Linux RAID. Do not mount this partition. 5 Repeat this procedure until you have defined all the desired physical volumes on the available disks. For RAID 0 and RAID 1, at least two partitions are needed—for RAID 1, usually exactly two and no more.
the partition remains unused. After assigning all partitions, click Next to select the available RAID Options. In this last step, set the file system to use as well as encryption and the mount point for the RAID volume. After completing the configuration with Finish, see the /dev/md0 device and others indicated with RAID in the expert partitioner. 3.3.2 Troubleshooting Check the file /proc/mdstat to find out whether a RAID partition has been damaged.
Part II.
Snapshots/Rollback with Snapper 4 Being able to do file system snapshots on Linux providing the ability to do rollbacks is a feature that was often requested in the past. Snapper, in conjunction with the Btrfs file system now fills that gap. Btrfs, a new copy-on-write file system for Linux, supports file system snapshots (a copy of the state of a subvolume at a certain point of time) of subvolumes (one or more separately mountable file systems within each physical partition).
in the original file system is modified, changed data blocks are copied while the old data blocks are kept for the snapshot. Therefore, a snapshot occupies the same amount of space as the data modified. So, over time, the amount of space a snapshot allocates, constantly grows. As a consequence, deleting files from a Btrfs file system containing snapshots may not free disk space! NOTE: Snapshot Location Snapshots always reside on the same partition or subvolume that has been snapshotted.
Using the YaST Snapper module or the snapper command line tool, you can undo the changes made by YaST/zypper by restoring files from the “pre-snapshot”. Comparing two snapshots the tools also allow you to see which files have been changed. You can also display the differences between two versions of a file (diff). Since Linux is a multitasking system, processes other than YaST or zypper may modify data in the timeframe between the pre- and the post-snapshot.
4 Click Show Changes to open the list of files that differ between the two snapshots. The following image shows a list of files that have changed after having added the user tester.
5 Review the list of files. To display a “diff” between the pre- and post-version of a file, select it from the list. The following images shows the changes to /etc/ passwd after having added the user tester. 6 To restore a set of files, select the relevant files or directories by ticking the respective checkbox. Click Restore Selected and confirm the action by clicking Yes.
To restore a single file, activate its diff view by clicking on its name. Click Restore From First and confirm your choice with Yes. Procedure 4.2: Undoing changes using the snapper command 1 Get a list of yast and zypper snapshots by running snapper list -t pre-post. YaST snapshots are labeled as yast module_name in the Description column; zypper snapshots are labeled zypp (zypper).
c... /var/lib/rpm/Sigmd5 c... /var/lib/zypp/SoftLocks 3 To display the diff for a certain file, run snapper diff PRE..POST FILENAME. If you do not specify FILENAME, a diff for all files will be displayed. ~ # snapper diff 108..109 /var/lib/zypp/SoftLocks --- /.snapshots/108/snapshot/var/lib/zypp/SoftLocks 2012-01-12 23:15:22.408009164 +0100 +++ /.snapshots/109/snapshot/var/lib/zypp/SoftLocks 2012-01-13 13:01:08.
4.3 Using Snapper to Restore Files from Hourly Backups Apart from the YaST and zypper snapshots, Snapper creates hourly snapshots of the system partition (/). You can use these backup snapshots to restore files that have accidentally been deleted or modified beyond recovery. By making use of Snapper's diff feature you can also find out which modifications have been made at a certain point of time. Hourly backup snapshots are of the type Single and are marked with the description timeline.
4.4.1 Snapshot Metadata Each snapshot consists of the snapshot itself and some metadata. With Snapper you can set and modify some metadata. The following metadata is available for each snapshot: • Type: Snapshot type, see Section 4.4.1.1, “Snapshot Types” (page 105) for details. This data can not be changed. • Number: Unique number of the snapshot. This data can not be changed. • Pre Number: Specifies the number of the corresponding pre snapshot. For snapshots of type post only.
4.4.1.2 Cleanup-algorithms Snapper provides three algorithms to cleanup old snapshots. The algorithms are executed in a daily cron-job. The cleanup-frequency itself is defined in the Snapper configuration for the partition or subvolume (see Section 4.6.1, “Adjusting the Config File” (page 109) for details). number Deletes old snapshots when a certain snapshot count is reached. timeline Deletes old snapshots having passed a certain age, but keeps a number of hourly, daily, monthly and yearly snapshots.
4.4.3 Modifying Snapshot Metadata Snapper allows to modify the description, the cleanup algorithm and the userdata of a snapshot. All other metadata cannot be changed. snapper modify -c "timeline" 10 Modifies the metadata of snapshot 10 for the default (root) configuration. The cleanup algorithm is set to timeline. snapper -c home modify -d "daily backup" -c "" 120 Modifies the metadata of snapshot 120 for a custom configuration named home. A new description is set and the cleanup algorithm is unset. 4.4.
4.5 Disabling Snapper If you have set up the root partition with Btrfs during the installation, Snapper automatically creates hourly snapshots of the system, as well as pre- and post-snapshots for YaST and zypper transactions.
snapper -c www-data /srv/www create-config Name of config file. Mount point of the partition or Btrfs subvolume to snapshot. This command will create a new config file /etc/snapper/config-templates/ www-data with reasonable default values (taken from /etc/snapper/config -templates/default). TIP: Config Defaults Default values for a new config are taken from /etc/snapper/config -templates/default. To use your own set of defaults, create a copy of this file in the same directory and adjust it to your needs.
NOTE: Limit and Age NUMBER_LIMIT and NUMBER_MIN_AGE are always evaluated both. Snapshots are only deleted when both conditions are met. If you always want to keep a certain number of snapshots regardless of their age, set NUMBER_MIN_AGE to 0. On the other hand, if you do not want to keep snapshots beyond a certain age, set NUMBER_LIMIT to 0. NUMBER_LIMIT Defines how many snapshots to keep if NUMBER_CLEANUP is set to yes.
TIMELINE_LIMIT_YEARLY="10" This example configuration enables hourly screenshots which are automatically cleaned up. TIMELINE_MIN_AGE and TIMELINE_LIMIT_* are always evaluated both. In this example, the minimum age of a snapshot, before it can be deleted is set to 30 minutes (1800 seconds). Since we create hourly snapshots, this ensures that only the latest snapshots are kept. If TIMELINE_LIMIT_DAILY is set to not zero, this means that the first screenshot of the day is kept, too.
4.7.2 Reverting User Additions Usually /home resides on a separate partition. Such a separate partition is not part of the default configuration for doing YaST rollbacks. Therefore the user's home partition will not be deleted when reverting a user addition using Snapper. It is strongly recommended to use the YaST User and Group Management tool to remove users. 4.7.3 No Rollback on /boot and Boot Loader Changes Currently openSUSE cannot boot from Btrfs partitions.
• /opt • /srv • /tmp • /var/crash • /var/log • /var/run • /var/spool • /var/tmp Can I boot a Snapshot from the Bootloader? This is currently not possible. The bootloader on openSUSE currently does not support booting from a Btrfs partition.
5 Remote Access with VNC Virtual Network Computing (VNC) enables you to control a remote computer via a graphical desktop (as opposed to a remote shell access). VNC is platform-independent and lets you access the remote machine from any operating system. openSUSE supports two different kinds of VNC sessions: One-time sessions that “live” as long as the VNC connection from the client is kept up, and persistent sessions that “live” until they are explicitly terminated.
2 Check Allow Remote Administration. 3 If necessary, also check Open Port in Firewall (for example, when your network interface is configured to be in the External Zone). If you have more than one network interface, restrict opening the firewall ports to a specific interface via Firewall Details. 4 Confirm your settings with Finish. 5 In case not all needed packages are available yet, you need to approve the installation of missing packages.
vncviewer jupiter.example.com::5901 Alternatively use a Java-capable Web browser to view the VNC session by entering the following URL: http://jupiter.example.com:5801 5.1.2 Configuring One-time VNC Sessions You can skip this section, if you do not need or want to modify the default configuration. One-time VNC sessions are started via the xinetd daemon. A configuration file is located at /etc/xinetd.d/vnc.
5.2 Persistent VNC Sessions A persistent VNC session is initiated on the server. The session and all applications started in this session run regardless of client connections until the session is terminated. A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes where one client has full access and all other clients have view-only access. Another usecase are trainings where the trainer might need access to the trainee's desktop.
The vncserver command picks an unused display number when none is given and prints out its choice. See man 1 vncserver for more options. When running vncviewer for the first time, it asks for a password for full access to the session. If needed, you can also provide a password for view-only access to the session. The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the vncpasswd command.
Instead of the VNC display number you can also specify the port number with two colons: vncviewer jupiter.example.com::5901 Alternatively use a Java-capable Web browser to view the VNC session by entering the following URL: http://jupiter.example.com:5801 5.2.2 Configuring Persistent VNC Sessions Persistent VNC sessions can be configured by editing $HOME/.vnc/xstartup. By default this shell script starts an xterm and the twm Window Manager.
Part III.
32-Bit and 64-Bit Applications in a 64-Bit System Environment 6 openSUSE® is available for 64-bit platforms. This does not necessarily mean that all the applications included have already been ported to 64-bit platforms. openSUSE supports the use of 32-bit applications in a 64-bit system environment. This chapter offers a brief overview of how this support is implemented on 64-bit openSUSE platforms.
An exception to this rule is PAM (pluggable authentication modules). openSUSE uses PAM in the authentication process as a layer that mediates between user and application. On a 64-bit operating system that also runs 32-bit applications it is necessary to always install both versions of a PAM module. To be executed correctly, every application requires a range of libraries. Unfortunately, the names for the 32-bit and 64-bit versions of these libraries are identical.
6.3 Software Compilation on Biarch Platforms To develop binaries for the other architecture on a biarch architecture, the respective libraries for the second architecture must additionally be installed. These packages are called rpmname-32bit. You also need the respective headers and libraries from the rpmname-devel packages and the development libraries for the second architecture from rpmname-devel-32bit. Most open source programs use an autoconf-based program configuration.
Not all of these variables are needed for every program. Adapt them to the respective program. CC="gcc -m32" LDFLAGS="-L/usr/lib;" ./configure --prefix=/usr --libdir=/usr/lib --x-libraries=/usr/lib make make install 6.4 Kernel Specifications The 64-bit kernels for x86_64 offer both a 64-bit and a 32-bit kernel ABI (application binary interface). The latter is identical with the ABI for the corresponding 32-bit kernel.
7 Booting a Linux System Booting a Linux system involves different components and tasks. The hardware itself is initialized by the BIOS or the UEFI, which starts the Kernel by means of a boot loader. After this point, the boot process is completely controlled by the operating system and handled by systemd. systemd provides a set of “targets” that boot setups for everyday usage, maintenance or emergencies. 7.
of the boot process. Therefore, the first 512 bytes on the first hard disk are referred to as the Master Boot Record (MBR). The boot loader then passes control to the actual operating system, in this case, the Linux Kernel. More information about GRUB, the Linux boot loader, can be found in Chapter 9, The Boot Loader GRUB (page 155). For a network boot, the BIOS acts as the boot loader. It gets the boot image from the boot server and starts the system. This is completely independent of local hard disks. 3.
5. systemd By starting services and mounting file systems systemd handles the actual booting of the system. systemd is described in Chapter 8, The systemd daemon (page 133). 7.1.1 initramfs initramfs is a small cpio archive that the Kernel can load into a RAM disk. It provides a minimal Linux environment that enables the execution of programs before the actual root file system is mounted.
IMPORTANT: Updating initramfs or init The boot loader loads initramfs or init in the same way as the Kernel. It is not necessary to re-install GRUB after updating initramfs or init, because GRUB searches the directory for the right file when booting. 7.1.2 init on initramfs The main purpose of init on initramfs is to prepare the mounting of and access to the real root file system. Depending on your system configuration, init on initramfs is responsible for the following tasks.
When init on initramfs is called during the initial boot as part of the installation process, its tasks differ from those mentioned above: Finding the Installation Medium When starting the installation process, your machine loads an installation Kernel and a special init containing the YaST installer. The YaST installer is running in a RAM file system and needs to have information about the location of the installation medium in order to access it for installing the operating system.
8 The systemd daemon The program systemd is the process with process ID 1. It is responsible for initializing the system in the required way. systemd is started directly by the Kernel and resists signal 9, which normally kills processes. All other programs are either started directly by systemd or by one of its child processes. NOTE: Using System V init rather than systemd Being fully compatible, both systemd and System V init (SysV init) can act as a drop-in replacement for each other.
8.1 Basic Usage The SysV init system utilized several different commands to handle services— the init scripts, insserv, telinit and others. systemd makes it easier to manage services, since there is only one command to memorize for the majority of service handling tasks: systemctl.It uses the command plus subcommand notation like git or zypper: systemctl [general OPTIONS] subcommand [subcommand OPTIONS] See man 1 systemctl for a complete manual.
systemctl start .service .service The following table shows a list of the most important service management commands for systemd and SysV init: Table 8.1: Service Management Commands Task systemd Subcommand SysV init Subcommand Starting start start Stopping stop stop Restarting restart restart try-restart try-restart reload reload reload-or-restart n/a Shuts down services and starts them afterwards. If a service is not yet running it will be started.
Task systemd Subcommand SysV init Subcommand reload-or-try-restart n/a status status is-active status Reloads services if reloading is supported, otherwise restarts them. Services is not yet running it will be started. Reloading or restarting conditionally Reloads services if reloading is supported, otherwise restarts them if currently running. Does nothing for services that are not running. Getting detailed status information Lists information about the status of services.
systemd comes with its own logging mechanism (“The Journal”) that logs system messages. This allows to display the service messages together with status messages. The status command works similar to tail and can also display the log messages in different formats, making it a powerful debugging tool. Show Service Start-Up Failure Whenever a service fails to start, use systemctl status .service to get a detailed error message: www.example.com: ~ # systemctl start apache2.service Job failed.
verbose Full output with all fields. cat Terse output without time stamps. 8.1.3 Permanently Enabling/Disabling Services The service management commands mentioned in the previous section let you manipulate services for the current session. systemd also lets you permanently enable or disable services, so they are automatically started when requested or are always unavailable. You can either do this by using YaST, or on the command line. 8.1.3.
Task systemd subcommand SysV init subcommand Disabling systemctl disable .service insserv -r Checking systemctl is-enabled .service n/a systemctl reenable .service n/a systemctl mask .service n/a systemctl unmask .service n/a Shows whether a service is enabled or not. Re-Enabling Similar to restarting a service, this commands first disables and then enables a service.
8.1.3.2 Enabling/Disabling Services with YaST Start the YaST module with YaST > System > System Services (Runlevel). In the default view, the Simple Mode, it displays an overview listing all the available services and the current status of each service (see Figure 8.1, “System Services (Runlevel)” (page 141)). The left column shows the name of the service, the center column indicates its current status and the right column gives a short description.
Figure 8.1: System Services (Runlevel) With Start/Stop/Refresh, decide whether a service should be activated. Refresh status checks the current status. Set/Reset lets you enable or disable a service in the same manner as with the Simple Mode interface. Selecting OK saves the changed settings to disk. 8.2 System Start and Target Management The entire process of starting the system and shutting it down is maintained by systemd.
8.2.1 Targets vs. Runlevels With SysV init the system was booted into a so called “Runlevel”. A runlevel defines how the system is started and what services are available in the running system. Runlevels are numbered, the most commonly known ones are 0 (shutting down the system), 3 (multiuser with network) and 5 (multiuser with network and displaymanager). systemd introduces a new concept by using so-called “target units”. However, it remains fully compatible to the runlevel concept.
mail-transfer-agent.target Starts all services necessary for sending and receiving mails. multi-user.target Starts a multi-user system with network. reboot.target Reboots the system. rescue.target Starts a single user system without network. In order to remain compatible to the SysV init runlevel system, systemd provides special targets named runlevelX.target mapping the corresponding runlevels numbered X. Table 8.
SysV runlevel systemd target Purpose 6 runlevel6.target, reboot.target, System reboot IMPORTANT: systemd Ignores /etc/inittab The runlevels in a SysV init system are configured in /etc/inittab. systemd does not use this configuration. Please refer to Section 8.2.2, “Custom Targets” (page 145) for instructions on how to create your own bootable target. 8.2.1.
Task systemd command SysV init command Change the default runlevel persistently Use the YaST runlevel editor or run the following command: Use the YaST runlevel editor or change the line ln -sf /lib/systemd/system/.target /etc/systemd/system/default.target Change the default runlevel for the current boot process Enter the following option at the boot prompt Show a target's/runlevel's dependencies systemctl show -p "Requires"
WARNING: Avoiding Overwritten Customizations Always do systemd customization in /etc/systemd, never in /lib/ systemd. Otherwise your changes will be overwritten by the next update of systemd. Procedure 8.1: Create a Custom Target 1 Copy the configuration file /lib/systemd/system/graphical.target to /etc/systemd/system/.target and adjust it according to your needs. 2 The configuration file copied in the previous step already covers the required (“hard”) dependencies for the target.
Example 8.1: List Active Services jupiter.example.com: ~ # systemctl UNIT LOAD ACTIVE SUB JOB DESCRIPTION [...] systemd-random-seed-load.path loaded active waiting Random Seed acpid.service loaded active running ACPI Event Daemon apache2.service loaded failed failed apache avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack bluez-coldplug.service loaded active exited LSB: handles udev coldplug of bluetooth dongles console-kit...-system-start.
Listing the Services Start-Up Time jupiter.example.com: ~ # systemd-analyze blame 6472ms systemd-modules-load.service 5833ms remount-rootfs.service 4597ms network.service 4254ms systemd-vconsole-setup.service 4096ms postfix.service 2998ms xdm.service 2483ms localnet.service 2470ms SuSEfirewall2_init.service 2189ms avahi-daemon.service 2120ms systemd-logind.service 1210ms xinetd.service 1080ms ntp.service [...] 75ms fbset.service 72ms purge-kernels.service 47ms dev-vda1.swap 38ms bluez-coldplug.
8.2.3.3 Review the Complete Start-Up Process Above mentioned commands let you review the services that started and the time it took to start them. If you need to know more details, you can tell systemd to verbosely log the complete start-up procedure by entering the following parameters at the boot prompt: systemd.log_level=debug systemd.log_target=kmsg Now systemd writes its log messages into the kernel ring buffer.
8.3 Advanced Usage The following sections cover advanced topics for system administrators. For even more advanced systemd documentation, please refer Lennart Pöttering's series about systemd for administrators at http://0pointer.de/blog/projects. 8.3.1 System Log Section 8.1.2, “Debugging Services” (page 136) explains how to view log messages for given service. However, displaying log messages is not restricted to service logs.
8.3.3 Kernel Control Groups (cgroups) On a traditional SysV init system it is not always possible to clearly assign a process to the service that spawned it. Some services such as Apache, spawn a lot of 3rd party processes (e.g. CGI or Java processes), which themselves spawn more processes. This makes a clear assignment difficult or even impossible. Additionally, a service may not terminate correctly, leaving some of its children alive.
ntp.service 2202 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf sshd.service 1743 /usr/sbin/sshd -D See Chapter 10, Kernel Control Groups (↑System Analysis and Tuning Guide) for more information about cgroups. 8.3.4 Killing Services (Sending Signals) As explained in Section 8.3.3, “Kernel Control Groups (cgroups)” (page 151), it is not always possible to assign a process to its parent service process in a SysV init system.
8.4 More information For more information on systemd refer to the following online resources: Homepage http://www.freedesktop.org/wiki/Software/systemd systemd for Administrators Lennart Pöttering, one of the systemd authors, has written a series of blog entries (13 at the time of writing this chapter). Find them at http://0pointer.de/ blog/projects. Control Centre: The systemd Linux init system http://www.h-online.com/open/features/Control-Centre-The -systemd-Linux-init-system-1565543.
9 The Boot Loader GRUB This chapter describes how to configure GRUB (Grand Unified Bootloader), the boot loader used in openSUSE®. A special YaST module is available for configuring all settings. If you are not familiar with the subject of booting in Linux, read the following sections to acquire some background information. This chapter also describes some of the problems frequently encountered when booting with GRUB and their solutions.
Boot Sectors Boot sectors are the first sectors of hard disk partitions with the exception of the extended partition, which merely serves as a “container” for other partitions. These boot sectors have 512 bytes of space for code used to boot an operating system installed in the respective partition. This applies to boot sectors of formatted DOS, Windows, and OS/2 partitions, which also contain some basic important data of the file system.
the user for how to proceed. For details, see Section 9.1.1.3, “Editing Menu Entries during the Boot Procedure” (page 161). /boot/grub/device.map This file translates device names from the GRUB and BIOS notation to Linux device names. /etc/grub.conf This file contains the commands, parameters and options the GRUB shell needs for installing the boot loader correctly.
9.1.1 The File /boot/grub/menu.lst The graphical splash screen with the boot menu is based on the GRUB configuration file /boot/grub/menu.lst, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB loads the menu file from the file system. For this reason, GRUB does not need to be reinstalled after every change to the file. Use the YaST boot loader to modify the GRUB configuration as described in Section 9.
The command root simplifies the specification of kernel and initrd files. The only argument of root is a device or a partition. This device is used for all kernel, initrd, or other file paths for which no device is explicitly specified until the next root command. The boot command is implied at the end of every menu entry, so it does not need to be written into the menu file. However, if you use GRUB interactively for booting, you must enter the boot command at the end. The command itself has no arguments.
Unfortunately, it is often not possible to map the Linux device names to BIOS device names exactly. It generates this mapping with the help of an algorithm and saves it to the file device.map, which can be edited if necessary. Information about the file device.map is available in Section 9.1.2, “The File device.map” (page 162). A complete GRUB path consists of a device name written in parentheses and the path to the file in the file system in the specified partition. The path begins with a slash.
Color scheme: white (foreground), blue (background), black (selection) and light gray (background of the selection). The color scheme has no effect on the splash screen, only on the customizable GRUB menu that you can access by exiting the splash screen with Esc. The first (0) menu entry title linux is booted by default. After eight seconds without any user input, GRUB automatically boots the default entry. To deactivate automatic boot, delete the timeout line.
To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB text-based menu then press E. Changes made in this way only apply to the current boot and are not adopted permanently. IMPORTANT: Keyboard Layout during the Boot Procedure The US keyboard layout is the only one available when booting. See Figure “US Keyboard Layout” (↑Start-Up).
on which the boot sequence in the BIOS is set to PATA before SCSI could look as follows: (fd0) (hd0) (hd1) /dev/fd0 /dev/sda /dev/sdb or (fd0) (hd0) (hd1) /dev/fd0 /dev/disk-by-id/DISK1 ID /dev/disk-by-id/DISK2 ID Because the order of PATA (IDE), SCSI and other hard disks depends on various factors and Linux is not able to identify the mapping, the sequence in the file device.map can be set manually.
9.1.4 The File /etc/sysconfig/bootloader This configuration file is only used when configuring the bootloader with YaST and every time a new kernel is installed. It is evaluated by the perl-bootloader library which modifies the bootloader configuration file (for example /boot/grub/menu.lst for GRUB) accordingly. /etc/sysconfig/bootloader is not a GRUB specific configuration file - the values are applied to any bootloader installed on openSUSE.
DEFAULT_APPEND / FAILSAFE_APPEND / XEN_KERNEL_APPEND Kernel parameters (other than vga) that are automatically appended to the default, failsafe and XEN boot entries in the bootloader configuration file. CYCLE_DETECTION / CYCLE_NEXT_ENTRY Configure whether to use boot cycle detection and if so, which alternative entry from /boot/grub/menu.lst to boot in case of a reboot cycle (e.g. Failsafe). See /usr/share/doc/packages/bootcycle/README for detailed information. 9.1.
3 To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password. For example: title linux kernel (hd0,4)/vmlinuz root=/dev/sda7 vga=791 initrd (hd0,4)/initrd lock After rebooting the system and selecting the Linux entry from the boot menu, the following error message is displayed: Error 32: Must be authenticated Press Enter to enter the menu. Then press P to get a password prompt.
Figure 9.1: Boot Loader Settings Use the Section Management tab to edit, change and delete boot loader sections for the individual operating systems. To add an option, click Add. To change the value of an existing option, select it with the mouse and click Edit. To remove an existing entry, select it and click Delete. If you are not familiar with boot loader options, read Section 9.1, “Booting with GRUB” (page 156) first.
9.2.1 Adjusting the Default Boot Entry To change the system that is booted by default, proceed as follows: Procedure 9.1: Setting the Default System 1 Open the Section Management tab. 2 Select the desired entry from the list. 3 Click Set as Default. 4 Click OK to activate these changes. 9.2.2 Modifying the Boot Loader Location To modify the location of the boot loader, follow these steps: Procedure 9.
2 Click OK to apply your changes. 9.2.3 Changing the Boot Loader Time-Out The boot loader does not boot the default system immediately. During the time-out, you can select the system to boot or write some kernel parameters. To set the boot loader time-out, proceed as follows: Procedure 9.3: Changing the Boot Loader Time-Out 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Options.
4 Click OK twice to save the changes. 9.2.5 Adjusting the Disk Order If your computer has more than one hard disk, you can specify the boot sequence of the disks to match the BIOS setup of the machine (see Section 9.1.2, “The File device.map” (page 162)). To do so, proceed as follows: Procedure 9.5: Setting the Disk Order 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Installation Details. 3 If more than one disk is listed, select a disk and click Up or Down to reorder the displayed disks.
WARNING When hiding the boot menu, you will not be able to access GRUB during boot time. When having set the default boot option to a non-Linux operation system at the same time, this effectively disables access to the Linux system. Use Trusted GRUB Starts the Trusted GRUB which supports trusted computing functionality. Enable Acoustic Signals Enables or disables acoustic signals in GRUB. Graphical Menu File Path to the graphics file used when displaying the boot screen.
Propose New Configuration Have YaST propose a new configuration. Convert Current Configuration Have YaST convert the current configuration. When converting the configuration, some settings may be lost. Start New Configuration from Scratch Write a custom configuration. This action is not available during the installation of openSUSE. Read Configuration Saved on Disk Load your own /etc/lilo.conf. This action is not available during the installation of openSUSE. 4 Click OK two times to save the changes.
9.4 Creating Boot CDs If problems occur while booting your system using a boot manager or if the boot manager cannot be installed on your hard disk disk, it is also possible to create a bootable CD with all the necessary start-up files for Linux. This requires a CD writer be installed in your system. Creating a bootable CD-ROM with GRUB merely requires a special form of stage2 called stage2_eltorito and, optionally, a customized menu.lst. The classic files stage1 and stage2 are not required. Procedure 9.
Use splash=silent instead of splash=verbose to prevent the boot messages from appearing during the boot procedure. 5 Create the ISO image with the following command: genisoimage -R -b boot/grub/stage2_eltorito -no-emul-boot \ -boot-load-size 4 -boot-info-table -iso-level 2 -input-charset utf-8 \ -o grub.iso /tmp/iso 6 Write the resulting file grub.iso to a CD using your preferred utility. Do not burn the ISO image as a data file, but use the option for burning a CD image in your burning utility. 9.
9.6 Troubleshooting This section lists some of the problems frequently encountered when booting with GRUB and a short description of possible solutions. Some of the problems are covered in articles in the Support Database at http://en.opensuse.org/Portal: Support_database. Use the search dialog to search for keywords like GRUB, boot and boot loader. GRUB and XFS XFS leaves no room for stage1 in the partition boot block. Therefore, do not specify an XFS partition as the location of the boot loader.
Booting Windows from the Second Hard Disk Some operating systems, such as Windows, can only boot from the first hard disk. If such an operating system is installed on a hard disk other than the first hard disk, you can effect a logical change for the respective menu entry. ... title windows map (hd0) (hd1) map (hd1) (hd0) chainloader(hd1,0)+1 ... In this example, Windows is started from the second hard disk. For this purpose, the logical order of the hard disks is changed with map.
10 The Boot Loader GRUB2 This chapter describes how to configure GRUB2 (Grand Unified Bootloader), the boot loader used in openSUSE®. It is a successor of the traditional GRUB boot loader — now called “GRUB Legacy” — which is described in Chapter 9, The Boot Loader GRUB (page 155). GRUB2 has become the default boot loader in openSUSE® since version 12.2. A special YaST module is available for configuring major GRUB2 settings.
• So called “Stages” were dropped and the images that make up GRUB2 were re-organized. 10.2 Configuration File Structure The actual configuration of GRUB2 is based on the following files: /boot/grub2/grub.cfg This file contains all information about the GRUB2 menu items. It replaces menu .lst used in GRUB Legacy. grub.cfg is built by the grub2-mkconfig command, and normally is not edited manually.
10.2.1 The File /boot/grub2/grub.cfg The graphical splash screen with the boot menu is based on the GRUB2 configuration file /boot/grub2/grub.cfg, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB2 loads the menu file from the file system. For this reason, GRUB2 does not need to be re-installed after every change to the file. grub .cfg is automatically rebuilt with kernel installations or removals. grub.
GRUB_DEFAULT Sets the default menu entry that will be booted next time the computer is rebooted. It can be a numeric value, a complete menu entry quotation, or “saved”. A few examples follow: GRUB_DEFAULT=2 boots the third (counted from zero) boot menu entry. GRUB_DEFAULT=2>0 boots the first entry from the third submenu. GRUB_DEFAULT="Example boot menu entry" boots the menu entry whose title matches the quotation.
GRUB_CMDLINE_LINUX Entries on this line are added to the end of the booting command line for both normal and recovery modes. It is used to pass options to the kernel. GRUB_CMDLINE_LINUX_DEFAULT Same as GRUB_CMDLINE_LINUX but the entries are passed and appended in the normal mode only. GRUB_TERMINAL Enables and specifies input/output terminal device. Can be console (PC BIOS and EFI consoles), serial (serial terminal), ofconsole (Open Firmware console), or the default gfxterm (graphics-mode output).
in this directory are run. Files with a leading numeral are executed first, beginning with the lowest number. 00_header is run before 10_linux, which would run before 40_custom. If files with alphabetic names are present, they are executed after the numerically-named files. Only executable files generate output to grub.cfg during execution of grub2-mkconfig. By default all files in the /etc/grub.d directory are executable. A list of default scripts follows.
modifies the bootloader configuration file (for example /boot/grub2/grub.cfg for GRUB2) accordingly. /etc/sysconfig/bootloader is not a GRUB2 specific configuration file - the values are applied to any bootloader installed on openSUSE. NOTE: Bootloader Configuration after a Kernel Update Every time a new kernel is installed, the perl bootloader writes a new bootloader configuration file using the defaults specified in /etc/sysconfig/ bootloader.
DEFAULT_APPEND / FAILSAFE_APPEND / XEN_KERNEL_APPEND Kernel parameters (other than vga) that are automatically appended to the default, failsafe and XEN boot entries in the bootloader configuration file. CYCLE_DETECTION / CYCLE_NEXT_ENTRY Configure whether to use boot cycle detection and if so, which alternative boot entry from to boot in case of a reboot cycle (e.g. Failsafe). See /usr/share/ doc/packages/bootcycle/README for detailed information. 10.2.
To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB2 text-based menu then press E. Changes made in this way only apply to the current boot and are not adopted permanently. NOTE: Password-protected Bootloader If you protected you bootloader with a password as described in Section 10.2.7, “Setting a Boot Password” (page 185), you need to first enter the specified username and password to “unlock” the bootloader.
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.9CA4611006FE96BC77A... 2 Paste the encrypted long string into the file /etc/grub.d/40_custom together with the set superusers command. Remember to keep the commented lines at the beginning: set superusers="root" password_pbkdf2 root grub.pbkdf2.sha512.10000.9CA4611006FE96BC77A... 3 Run grub2-mkconfig -o /boot/grub2/grub.cfg to import the changes into the main configuration file.
Figure 10.1: Boot Loader Settings Use the Boot Loader Installation tab to view and change settings related to type, location and advanced loader settings. To use the GRUB2 boot loader, make sure it is selected from the list of available boot loaders. 10.3.1 Adjusting the Default Boot Entry To change the system that is booted by default, proceed as follows: Procedure 10.1: Setting the Default System 1 Click Boot Loader Options and open the Default Boot Section list.
3 Click OK to activate these changes. 10.3.2 Modifying the Boot Loader Location To modify the location of the boot loader, follow these steps: Procedure 10.2: Changing the Boot Loader Location 1 Select the Boot Loader Installation tab and then choose one of the following options for Boot Loader Location: Boot from Master Boot Record This installs the boot loader in the MBR of the first disk (according to the boot sequence preset in the BIOS).
2 Click Boot Loader Options. 3 Change the value of Time-Out in Seconds by typing in a new value and clicking the appropriate arrow key with your mouse, or by using the arrow keys on the keyboard. 4 Click OK twice to save the changes. WARNING: Timeout of 0 Seconds When setting the timeout to 0 seconds, you will not be able to access GRUB2 during boot time. When having set the default boot option to a non-Linux operation system at the same time, this effectively disables access to the Linux system. 10.3.
Figure 10.2: Boot Loader Options Set Active Flag in Partition Table for Boot Partition Activates the partition that contains the boot loader. Some legacy operating systems (such as Windows 98) can only boot from an active partition. Write Generic Boot Code to MBR Replaces the current MBR with generic, operating system independent code. Hide Menu on Boot Hides the boot menu and boots the default entry.
Use Serial Console If your machine is controlled via a serial console, activate this option and specify which COM port to use at which speed. See info grub or http://www.gnu .org/software/grub/manual/grub.html#Serial-terminal 10.3.5 Changing Boot Loader Type Set the boot loader type in Boot Loader Installation. The default boot loader in openSUSE is GRUB2. To use GRUB, LILO or ELILO, proceed as follows: WARNING: LILO is unsupported Using LILO is not recommended—it is unsupported on openSUSE.
During the conversion, the old GRUB2 configuration is saved to the disk. To use it, simply change the boot loader type back to GRUB2 and choose Restore Configuration Saved before Conversion. This action is available only on an installed system. NOTE: Custom Boot Loader To use a boot loader other than GRUB2, GRUB, or LILO, select Do Not Install Any Boot Loader. Read the documentation of your boot loader carefully before choosing this option. 10.
11 Special System Features This chapter starts with information about various software packages, the virtual consoles and the keyboard layout. We talk about software components like bash, cron and logrotate, because they were changed or enhanced during the last release cycles. Even if they are small or considered of minor importance, users may want to change their default behavior, because these components are often closely coupled with the system.
1. /etc/profile 2. ~/.profile 3. /etc/bash.bashrc 4. ~/.bashrc Make custom settings in ~/.profile or ~/.bashrc. To ensure the correct processing of these files, it is necessary to copy the basic settings from /etc/skel/ .profile or /etc/skel/.bashrc into the home directory of the user. It is recommended to copy the settings from /etc/skel after an update. Execute the following shell commands to prevent the loss of personal adjustments: mv cp mv cp ~/.bashrc ~/.bashrc.old /etc/skel/.bashrc ~/.bashrc ~/.
A number of packages install shell scripts to the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, whose execution is controlled by /usr/lib/cron/run-crons. /usr/lib/cron/run -crons is run every 15 minutes from the main table (/etc/crontab). This guarantees that processes that may have been neglected can be run at the proper time.
produce log files install individual configuration files in /etc/logrotate.d. For example, such files ship with the packages apache2 (/etc/logrotate.d/ apache2) and syslogd (/etc/logrotate.d/syslog). Example 11.3: Example for /etc/logrotate.
11.1.5 The ulimit Command With the ulimit (user limits) command, it is possible to set limits for the use of system resources and to have these displayed. ulimit is especially useful for limiting available memory for applications. With this, an application can be prevented from co-opting too much of the system resources and slowing or even hanging up the operating system. ulimit can be used with various options. To limit memory usage, use the options listed in Table 11.
IMPORTANT Not all shells support ulimit directives. PAM (for instance, pam_limits) offers comprehensive adjustment possibilities if you depend on encompassing settings for these restrictions. 11.1.6 The free Command The free command displays the total amount of free and used physical memory and swap space in the system, as well as the buffers and cache consumed by the kernel. The concept of available RAM dates back to before the days of unified memory management.
11.1.8 Selecting Man Pages Using the man Command To read a man page enter man man_page. If a man page with the same name exists in different sections, they will all be listed with the corresponding section numbers. Select the one to display. If you don't enter a section number within a few seconds, the first man page will be displayed. If you want to change this to the default system behavior, set MAN_POSIXLY_CORRECT=1 in a shell initialization file such as ~/.bashrc. 11.1.
More information about these files is available in the Emacs info file under Init File: info:/emacs/InitFile. Information about how to disable the loading of these files (if necessary) is also provided at this location. The components of Emacs are divided into several packages: • The base package emacs. • emacs-x11 (usually installed): the program with X11 support. • emacs-nox: the program without X11 support. • emacs-info: online documentation in info format.
/etc/skel/.emacs /etc/skel/.gnu-emacs /etc/skel/.vimrc /etc/csh.cshrc /etc/termcap /usr/share/terminfo/x/xterm /usr/share/X11/app-defaults/XTerm /usr/share/emacs/VERSION/site-lisp/term/*.el These changes only affect applications that use terminfo entries or whose configuration files are changed directly (vi, emacs, etc.). Applications not shipped with the system should be adapted to these defaults. Under X, the compose key (multikey) can be enabled as explained in /etc/X11/ Xmodmap.
RC_LC_MESSAGES, RC_LC_CTYPE, RC_LC_COLLATE, RC_LC_TIME, RC_LC_NUMERIC, RC_LC_MONETARY These variables are passed to the shell without the RC_ prefix and represent the listed categories. The shell profiles concerned are listed below. The current setting can be shown with the command locale. RC_LC_ALL This variable, if set, overwrites the values of the variables already mentioned. RC_LANG If none of the previous variables are set, this is the fallback. By default, only RC_LANG is set.
LANG=en_US.UTF-8 This is the default setting if American English is selected during installation. If you selected another language, that language is enabled but still with UTF-8 as the character encoding. LANG=en_US.ISO-8859-1 This sets the language to English, country to United States and the character set to ISO-8859-1. This character set does not support the Euro sign, but it can be useful sometimes for programs that have not been updated to support UTF-8.
Users can override the system defaults by editing their ~/.bashrc accordingly. For instance, if you do not want to use the systemwide en_US for program messages, include LC_MESSAGES=es_ES so that messages are displayed in Spanish instead. 11.4.2 Locale Settings in ~/.i18n If you are not satisfied with locale system defaults, change the settings in ~/.i18n according to the Bash scripting syntax. Entries in ~/.i18n override system defaults from /etc/sysconfig/language.
LANGUAGE="nb_NO:nn_NO:no" Note that in Norwegian, LC_TIME is also treated differently. One problem that can arise is a separator used to delimit groups of digits not being recognized properly. This occurs if LANG is set to only a two-letter language code like de, but the definition file glibc uses is located in /usr/share/lib/de_DE/LC _NUMERIC. Thus LC_NUMERIC must be set to de_DE to make the separator definition visible to the system. 11.4.
Dynamic Kernel Device Management with udev 12 The kernel can add or remove almost any device in a running system. Changes in the device state (whether a device is plugged in or removed) need to be propagated to userspace. Devices need to be configured as soon as they are plugged in and recognized. Users of a certain device need to be informed about any changes in this device's recognized state.
is copied to the /dev directory with the same ownership and permissions as the files in /lib/udev/devices. 12.2 Kernel uevents and udev The required device information is exported by the sysfs file system. For every device the kernel has detected and initialized, a directory with the device name is created. It contains attribute files with device-specific properties. Every time a device is added or removed, the kernel sends a uevent to notify udev of the change.
Every device driver carries a list of known aliases for devices it can handle. The list is contained in the kernel module file itself. The program depmod reads the ID lists and creates the file modules.alias in the kernel's /lib/modules directory for all currently available modules. With this infrastructure, module loading is as easy as calling modprobe for every event that carries a MODALIAS key.
12.5 Monitoring the Running udev Daemon The program udevadm monitor can be used to visualize the driver core events and the timing of the udev event processes. UEVENT[1185238505.276660] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UDEV [1185238505.279198] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UEVENT[1185238505.279527] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UDEV [1185238505.285573] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UEVENT[1185238505.
REL=103 MODALIAS=input:b0003v046DpC03Ee0110-e0,1,2,k110,111,112,r0,1,8,amlsfw udev also sends messages to syslog. The default syslog priority that controls which messages are sent to syslog is specified in the udev configuration file /etc/udev/ udev.conf. The log priority of the running daemon can be changed with udevadm control log_priority=level/number. 12.
The console rule consists of three keys: one match key (KERNEL) and two assign keys (MODE, OPTIONS). The KERNEL match rule searches the device list for any items of the type console. Only exact matches are valid and trigger this rule to be executed. The MODE key assigns special permissions to the device node, in this case, read and write permissions to the owner of this device only. The OPTIONS key makes this rule the last rule to be applied to any device of this type.
• A key's operation is determined by the operator. udev rules support several different operators. • Each given value must be enclosed by quotation marks. • Each line of the rules file represents one rule. If a rule is longer than just one line, use \ to join the different lines just as you would do in shell syntax. • udev rules support a shell-style pattern that matches the *, ?, and [] patterns. • udev rules support substitutions. 12.6.
12.6.2 Using Substitutions in udev Rules udev rules support the use of placeholders and substitutions. Use them in a similar fashion as you would do in any other scripts. The following substitutions can be used with udev rules: %r, $root The device directory, /dev by default. %p, $devpath The value of DEVPATH. %k, $kernel The value of KERNEL or the internal device name. %n, $number The device number. %N, $tempnode The temporary name of the device file. %M, $major The major number of the device.
$$ The $ character. 12.6.3 Using udev Match Keys Match keys describe conditions that must be met before a udev rule can be applied. The following match keys are available: ACTION The name of the event action, for example, add or remove when adding or removing a device. DEVPATH The device path of the event device, for example, DEVPATH=/bus/pci/drivers/ipw3945 to search for all events related to the ipw3945 driver. KERNEL The internal (kernel) name of the event device.
ATTRS{filename} Let udev search the device path upwards for a device with matching sysfs attribute values. ENV{key} The value of an environment variable, for example, ENV{ID_BUS}="ieee1394 to search for all events related to the FireWire bus ID. PROGRAM Let udev execute an external program. To be successful, the program must return with exit code zero. The program's output, printed to stdout, is available to the RESULT key. RESULT Match the output string of the last PROGRAM call.
ATTR{key} Specify a value to be written to a sysfs attribute of the event device. If the == operator is used, this key is also used to match against the value of a sysfs attribute. ENV{key} Tell udev to export a variable to the environment. If the == operator is used, this key is also used to match against an environment variable. RUN Tell udev to add a program to the list of programs to be executed for this device.
• last_rule tells udev to ignore all later rules. • ignore_device tells udev to ignore this event completely. • ignore_remove tells udev to ignore all later remove events for the device. • all_partitions tells udev to create device nodes for all available partitions on a block device. 12.
12.8 Files used by udev /sys/* Virtual file system provided by the Linux kernel, exporting all currently known devices. This information is used by udev to create device nodes in /dev /dev/* Dynamically created device nodes and static content copied at boot time from /lib/udev/devices/* The following files and directories contain the crucial elements of the udev infrastructure: /etc/udev/udev.conf Main udev configuration file. /etc/udev/rules.d/* udev event matching rules.
udevd Information about the udev event managing daemon.
Part IV.
13 Basic Networking Linux offers the necessary networking tools and features for integration into all types of network structures. Network access using a network card, modem or other device can be configured with YaST. Manual configuration is also possible. In this chapter only the fundamental mechanisms and the relevant network configuration files are covered. Linux and other Unix operating systems use the TCP/IP protocol.
Table 13.1: 224 Several Protocols in the TCP/IP Protocol Family Protocol Description TCP Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system. The data arrives at the respective application on the destination host in the original data stream format it was initially sent.
Protocol Description IGMP Internet Group Management Protocol: This protocol controls machine behavior when implementing IP multicast. As shown in Figure 13.1, “Simplified Layer Model for TCP/IP” (page 225), data exchange takes place in different layers. The actual network layer is the insecure data transfer via IP (Internet protocol). On top of IP, TCP (transmission control protocol) guarantees, to a certain extent, security of the data transfer.
Almost all hardware protocols work on a packet-oriented basis. The data to transmit is collected into packets (it cannot be sent all at once). The maximum size of a TCP/IP packet is approximately 64 KB. Packets are normally quite smaller, as the network hardware can be a limiting factor. The maximum size of a data packet on an ethernet is about fifteen hundred bytes. The size of a TCP/IP packet is limited to this amount when the data is sent over an ethernet.
Likewise, it is irrelevant for the data line which kind of data is transmitted, as long as packets are in the correct format. 13.1 IP Addresses and Routing The discussion in this section is limited to IPv4 networks. For information about IPv6 protocol, the successor to IPv4, refer to Section 13.2, “IPv6—The Next Generation Internet” (page 230). 13.1.1 IP Addresses Every computer on the Internet has a unique 32-bit address.
To understand how the netmask works, look at Example 13.2, “Linking IP Addresses to the Netmask” (page 228). The netmask consists of 32 bits that identify how much of an IP address belongs to the network. All those bits that are 1 mark the corresponding bit in the IP address as belonging to the network. All bits that are 0 mark bits inside the subnetwork. This means that the more bits are 1, the smaller the subnetwork is.
Table 13.2: Specific Addresses Address Type Description Base Network Address This is the netmask AND any address in the network, as shown in Example 13.2, “Linking IP Addresses to the Netmask” (page 228) under Result. This address cannot be assigned to any hosts. Broadcast Address This basically says, “Access all hosts in this subnetwork.” To generate this, the netmask is inverted in binary form and linked to the base network address with a logical OR. The above example therefore results in 192.168.
Table 13.3: Private IP Address Domains Network/Netmask Domain 10.0.0.0/255.0.0.0 10.x.x.x 172.16.0.0/255.240.0.0 172.16.x.x – 172.31.x.x 192.168.0.0/255.255.0.0 192.168.x.x 13.2 IPv6—The Next Generation Internet Due to the emergence of the WWW (World Wide Web), the Internet has experienced explosive growth, with an increasing number of computers communicating via TCP/IP in the past fifteen years. Since Tim Berners-Lee at CERN (http://public.web .cern.
With IPv6, both the address shortage and the complicated configuration should be a thing of the past. The following sections tell more about the improvements and benefits brought by IPv6 and about the transition from the old protocol to the new one. 13.2.1 Advantages The most important and most visible improvement brought by the new protocol is the enormous expansion of the available address space. An IPv6 address is made up of 128 bit values instead of the traditional 32 bits.
logs in to a foreign service as soon as it enters the corresponding area, so you can be reached under the same number everywhere and are able to place an outgoing call just like in your home area. Secure Communication With IPv4, network security is an add-on function. IPv6 includes IPsec as one of its core features, allowing systems to communicate over a secure tunnel to avoid eavesdropping by outsiders on the Internet.
When dealing with IPv6, it is useful to know about three different types of addresses: Unicast Addresses of this type are associated with exactly one network interface. Packets with such an address are delivered to only one destination. Accordingly, unicast addresses are used to transfer packets to individual hosts on the local network or the Internet. Multicast Addresses of this type relate to a group of network interfaces.
is defined by indicating the length of the prefix after a slash at the end of the address. An address, as shown in Example 13.4, “IPv6 Address Specifying the Prefix Length” (page 234), contains the information that the first 64 bits form the network part of the address and the last 64 form its host part. In other words, the 64 means that the netmask is filled with 64 1-bit values from the left.
Prefix (hex) Definition fec0::/10 Site-local addresses. These may be routed, but only within the network of the organization to which they belong. In effect, they are the IPv6 equivalent of the current private network address space, such as 10.x.x.x. ff These are multicast addresses. A unicast address consists of three basic components: Public Topology The first part (which also contains one of the prefixes mentioned above) is used to route packets through the public Internet.
::1 (loopback) The address of the loopback device. IPv4 Compatible Addresses The IPv6 address is formed by the IPv4 address and a prefix consisting of 96 zero bits. This type of compatibility address is used for tunneling (see Section 13.2.3, “Coexistence of IPv4 and IPv6” (page 237)) to allow IPv4 and IPv6 hosts to communicate with others operating in a pure IPv4 environment. IPv4 Addresses Mapped to IPv6 This type of address specifies a pure IPv4 address in IPv6 notation.
For a host to go back and forth between different networks, it needs at least two addresses. One of them, the home address, not only contains the interface ID but also an identifier of the home network to which it normally belongs (and the corresponding prefix). The home address is a static address and, as such, it does not normally change. Still, all packets destined to the mobile host can be delivered to it, regardless of whether it operates in the home network or somewhere outside.
6over4 IPv6 packets are automatically encapsulated as IPv4 packets and sent over an IPv4 network capable of multicasting. IPv6 is tricked into seeing the whole network (Internet) as a huge local area network (LAN). This makes it possible to determine the receiving end of the IPv4 tunnel automatically. However, this method does not scale very well and is also hampered by the fact that IP multicasting is far from widespread on the Internet.
Consult the ifcfg-tunnel (5) man page to get information about how to set up various types of tunnels using the /etc/sysconfig/network files. 13.2.5 For More Information The above overview does not cover the topic of IPv6 comprehensively. For a more indepth look at the new protocol, refer to the following online documentation and books: http://www.ipv6.org/ The starting point for everything about IPv6. http://www.ipv6day.org All information needed to start your own IPv6 network. http://www.
(FQDN), consists of a hostname and a domain name (example.com). The latter also includes the top level domain or TLD (com). TLD assignment has become quite confusing for historical reasons. Traditionally, threeletter domain names are used in the USA. In the rest of the world, the two-letter ISO national codes are the standard. In addition to that, longer TLDs were introduced in 2000 that represent certain spheres of activity (for example, .info, .name, .museum).
quests. If you already use the .local domain in your nameserver configuration, you must switch this option off in /etc/host.conf. For more information, see the host.conf manual page. If you want to switch off MDNS during installation, use nomdns=1 as a boot parameter. For more information on multicast DNS, see http://www.multicastdns .org. 13.4 Configuring a Network Connection with YaST There are many supported networking types on Linux.
The Overview tab contains information about installed network interfaces and configurations. Any properly detected network card is listed with its name. You can manually configure new cards, remove or change their configuration in this dialog. If you want to manually configure a card that was not automatically detected, see Section 13.4.1.3, “Configuring an Undetected Network Card” (page 249). If you want to change the configuration of an already configured card, see Section 13.4.1.
13.4.1.1 Configuring Global Networking Options The Global Options tab of the YaST Network Settings module allows you to set important global networking options, such as the use of NetworkManager, IPv6 and DHCP client options. These settings are applicable for all network interfaces. In the Network Setup Method choose the way network connections are managed. If you want a NetworkManager desktop applet to manage connections for all interfaces, choose User Controlled with NetworkManager.
13.4.1.2 Changing the Configuration of a Network Card To change the configuration of a network card, select a card from the list of the detected cards in Network Settings > Overview in YaST and click Edit. The Network Card Setup dialog appears in which to adjust the card configuration using the General, Address and Hardware tabs. For information about wireless card configuration, see Section 24.5, “Configuration with YaST” (page 435).
3 Enter the IP Address. Both IPv4 and IPv6 addresses can be used. Enter the network mask in Subnet Mask. If the IPv6 address is used, use Subnet Mask for prefix length in format /64. Optionally, you can enter a fully qualified Hostname for this address, which will be written to the /etc/hosts configuration file. 4 Click Next. 5 To activate the configuration, click OK. If you use the static address, the name servers and default gateway are not configured automatically.
Changing the Device Name and Udev Rules It is possible to change the device name of the network card when it is used. It is also possible to determine whether the network card should be identified by udev via its hardware (MAC) address or via the bus ID. The later option is preferable in large servers to ease hot swapping of cards. To set these options with YaST, proceed as follows: 1 Select a card from the list of detected cards in the Overview tab of the YaST Network Settings module and click Edit.
5 To activate the configuration, click OK. Activating the Network Device If you use the traditional method with ifup, you can configure your device to either start during boot, on cable connection, on card detection, manually or never. To change device start-up, proceed as follows: 1 In YaST select a card from the list of detected cards in Network Devices > Network Settings and click Edit. 2 In the General tab, select the desired entry from Device Activation.
2 In the General tab, select the desired entry from the Set MTU list. 3 Click Next. 4 To activate the configuration, click OK. Configuring the Firewall Without having to enter the detailed firewall setup as described in Section “Configuring the Firewall with YaST” (Chapter 13, Masquerading and Firewalls, ↑Security Guide), you can determine the basic firewall setup for your device as part of the device setup. Proceed as follows: 1 Open the YaST Network Devices > Network Settings module.
Demilitarized Zone A demilitarized zone is an additional line of defense in front of an internal network and the (hostile) Internet. Hosts assigned to this zone can be reached from the internal network and from the Internet, but cannot access the internal network. External Zone The firewall is running on this interface and fully protects it against other—presumably hostile—network traffic. This is the default option. 4 Click Next. 5 Activate the configuration by clicking OK. 13.4.1.
mation about the configuration options, see Section 13.4.1.2, “Changing the Configuration of a Network Card” (page 244). 5 If you selected Wireless as the device type of the interface, configure the wireless connection in the next dialog. 6 Click Next. 7 To activate the new network configuration, click OK. 13.4.1.
3 In Modify DNS Configuration, select the way the DNS configuration (name servers, search list, the content of the /etc/resolv.conf file) is modified. If the Use Default Policy option is selected, the configuration is handled by the netconfig script which merges the data defined statically (with YaST or in the configuration files) with data obtained dynamically (from the DHCP client or NetworkManager). This default policy is sufficient in most cases.
used, this information is automatically provided. If a static setup is used, this data must be added manually. 1 In YaST go to Network Settings > Routing. 2 Enter the IP address of the Default Gateway (IPv4 and IPv6 if necessary). The default gateway matches every possible destination, but if any other entry exists that matches the required address, use this instead of the default route. 3 More entries can be entered in the Routing Table.
TIP: CDMA and GPRS Modems Configure supported CDMA and GPRS modems with the YaST Modem module just as you would configure regular modems. Figure 13.4: Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone.
an interface. Under Dial Prefix Regular Expression, specify a regular expression. The Dial Prefix in KInternet, which can be modified by the normal user, must match this regular expression. If this field is left empty, the user cannot set a different Dial Prefix without administrator permissions. In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP.
IP Details This opens the address configuration dialog. If your ISP does not assign a dynamic IP address to your host, disable Dynamic IP Address then enter your host's local IP address and the remote IP address. Ask your ISP for this information. Leave Default Route enabled and close the dialog by selecting OK. Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK. 13.4.
The corresponding country code then appears in the field next to it. Finally, provide your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option. Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots. Manually requires you to load the ISDN driver as root with the command rcisdn start.
wrong number, your phone operator automatically falls back to the first MSN assigned to your ISDN line. ISDN Card Connected to a Private Branch Exchange Again, the configuration may vary depending on the equipment installed: 1. Smaller private branch exchanges (PBX) built for home purposes mostly use the Euro-ISDN (EDSS1) protocol for internal calls. These exchanges have an internal S0 bus and use internal numbers for the equipment connected to them. Use one of the internal numbers as your MSN.
When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next. To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99.
• Point-to-Point Tunneling Protocol (PPTP)—Austria In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way.
Figure 13.7: DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP.
13.5 NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. With NetworkManager, you do not need to worry about configuring network interfaces and switching between networks when you are moving. 13.5.1 NetworkManager and ifup However, NetworkManager is not a suitable solution for all cases, so you can still choose between the traditional method for managing network connections (ifup) and NetworkManager.
mobile broadband (3G) modem, which is not possible with the traditional configuration. NetworkManager tries to keep your computer connected at all times using the best connection available. If the network cable is accidentally disconnected, it tries to reconnect. It can find the network with the best signal strength from the list of your wireless connections and automatically use it to connect. To get the same functionality with ifup, a great deal of configuration effort is required. 13.5.
The following table gives an overview of the PolicyKit identifiers related to NetworkManager: Table 13.5: PolicyKit Identifiers for NetworkManager Identifier Description org.freedesktop.NetworkManager.enable-disable-network Enable or disable system networking. org.freedesktop.NetworkManager.sleep-wake Put NetworkManager to sleep or wake it up. org.freedesktop.NetworkManager.enable-disable-wwan Enable or disable mobile broadband devices. org.freedesktop.NetworkManager.
13.6 Configuring a Network Connection Manually Manual configuration of the network software should always be the last alternative. Using YaST is recommended. However, this background information about the network configuration can also assist your work with YaST. When the Kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the Kernel modules.
Command Function faces (or just a specified one). Use rcnetwork stop to stop, rcnetwork start to start and rcnetwork restart to restart network interfaces. If you want to stop, start or restart just one interface, use the command followed by the interface name, for example rcnetwork restart eth0. The rcnetwork status command displays the state of the interfaces, their IP addresses and whether a DHCP client is running.
are global and cannot be overridden in ifcfg-files. For example NETWORKMANAGER or NETCONFIG_* variables are global. For ifcfg.template, see Section 13.6.1.2, “/etc/sysconfig/network/ config, /etc/sysconfig/network/dhcp, and /etc/sysconfig/ network/wireless” (page 266). 13.6.1.2 /etc/sysconfig/network/config, /etc/sysconfig/network/dhcp, and /etc/sysconfig/network/wireless The file config contains general settings for the behavior of ifup, ifdown and ifstatus.
The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or hostname. The second column contains the default gateway or a gateway through which a host or network can be accessed. The third column contains the netmask for networks or hosts behind a gateway. For example, the mask is 255.255.255.255 for a host behind a gateway.
fully qualified, an attempt is made to generate one by attaching the individual search entries. Multiple name servers can be specified in multiple lines, each beginning with nameserver. Comments are preceded by # signs. Example 13.5, “/etc/resolv .conf” (page 268) shows what /etc/resolv.conf could look like. However, the /etc/resolv.conf should not be edited by hand. Instead, it is generated by the netconfig script.
provide or remove settings to netconfig. Only the netconfig update command is available for the user: modify The netconfig modify command modifies the current interface and service specific dynamic settings and updates the network configuration. Netconfig reads settings from standard input or from a file specified with the --lease-file filename option and internally stores them until a system reboot (or the next modify or remove action).
13.6.1.6 /etc/hosts In this file, shown in Example 13.6, “/etc/hosts” (page 270), IP addresses are assigned to hostnames. If no name server is implemented, all hosts to which an IP connection will be set up must be listed here. For each host, enter a line consisting of the IP address, the fully qualified hostname, and the hostname into the file. The IP address must be at the beginning of the line and the entries separated by blanks and tabs. Comments are always preceded by the # sign. Example 13.
hosts: searches the /etc/hosts file bind: accesses a name server nis: uses NIS multi on/off Defines if a host entered in /etc/ hosts can have multiple IP addresses. nospoof on spoofalert on/off These parameters influence the name server spoofing but do not exert any influence on the network configuration. trim domainname The specified domain name is separated from the hostname after hostname resolution (as long as the hostname includes the domain name).
Example 13.9: /etc/nsswitch.conf passwd: group: compat compat hosts: networks: files dns files dns services: protocols: rpc: ethers: netmasks: netgroup: publickey: db files db files files files files files nis files bootparams: automount: aliases: shadow: files files nis files nis compat The “databases” available over NSS are listed in Table 13.8, “Databases Available via /etc/nsswitch.conf” (page 272). The configuration options for NSS databases are listed in Table 13.
permissions; see the netgroup(5) man page. networks Network names and addresses, used by getnetent. publickey Public and secret keys for Secure_RPC used by NFS and NIS+.. passwd User passwords, used by getpwent; see the passwd(5) man page. protocols Network protocols, used by getprotoent; see the protocols(5) man page. rpc Remote procedure call names and addresses, used by getrpcbyname and similar functions. services Network services, used by getservent.
dns can only be used as an extension for hosts and networks compat can only be used as an extension for passwd, shadow and group 13.6.1.10 /etc/nscd.conf This file is used to configure nscd (name service cache daemon). See the nscd(8) and nscd.conf(5) man pages. By default, the system entries of passwd and groups are cached by nscd.
13.6.2.1 Configuring a Network Interface with ip ip is a tool to show and configure network devices, routing, policy routing, and tunnels. ip is a very complex tool. Its common syntax is ip options object command. You can work with the following objects: link This object represents a network device. address This object represents the IP address of device. neighbor This object represents a ARP or NDISC cache entry. route This object represents the routing table entry.
interface eth0 to 192.168.12.154/30 with standard broadcast (option brd), enter ip addr add 192.168.12.154/30 brd + dev eth0. To have a working connection, you must also configure the default gateway. To set a gateway for your system, enter ip route add gateway_ip_address. To translate one IP address to another, use nat: ip route add nat ip_address via other_ip_address. To display all devices, use ip link ls. To display the running interfaces only, use ip link ls up.
If you only need to check the functionality of the connection, you can limit the number of the packets with the -c option. For example to limit ping to three packets, enter ping -c 3 example.com. Example 13.10: Output of the Command ping ping -c 3 example.com PING example.com (192.168.3.100) 56(84) bytes of data. 64 bytes from example.com (192.168.3.100): icmp_seq=1 ttl=49 time=188 ms 64 bytes from example.com (192.168.3.100): icmp_seq=2 ttl=49 time=184 ms 64 bytes from example.com (192.168.3.
NOTE: ifconfig and ip The ifconfig tool is obsolete. Use ip instead. In contrast to ip, you can use ifconfig only for interface configuration. It limits interface names to 9 characters. Without arguments, ifconfig displays the status of the currently active interfaces. As you can see in Example 13.11, “Output of the ifconfig Command” (page 278), ifconfig has very well-arranged and detailed output.
13.6.2.4 Configuring Routing with route route is a program for manipulating the IP routing table. You can use it to view your routing configuration and to add or remove routes. NOTE: route and ip The program route is obsolete. Use ip instead. route is especially useful if you need quick and comprehensible information about your routing configuration to determine problems with routing. To view your current routing configuration, enter route -n as root. Example 13.
/etc/init.d/xinetd Starts xinetd. xinetd can be used to make server services available on the system. For example, it can start vsftpd whenever an FTP connection is initiated. /etc/init.d/rpcbind Starts the rpcbind utility that converts RPC program numbers to universal addresses. It is needed for RPC services, such as an NFS server. /etc/init.d/nfsserver Starts the NFS server. /etc/init.d/postfix Controls the postfix process. /etc/init.d/ypserv Starts the NIS server. /etc/init.
controlling dial-up connections to the Internet from a workstation in a private subnetwork. 13.7.1 Configuring smpppd The connections provided by smpppd are automatically configured by YaST. The actual dial-up programs KInternet and cinternet are also preconfigured. Manual settings are only required to configure additional features of smpppd such as remote control. The configuration file of smpppd is /etc/smpppd.conf. By default, it does not enable remote control.
13.7.2 Configuring qinternet for Remote Use qinternet can be used to control a local or remote smpppd. cinternet is the commandline counterpart to the graphical KInternet. To prepare these utilities for use with a remote smpppd, edit the configuration file /etc/smpppd-c.conf manually or using qinternet. This file only uses four options: sites = list of sites list of sites where the front-ends search for smpppd. The front-ends test the options in the order specified here.
SLP Services in the Network 14 The service location protocol (SLP) was developed to simplify the configuration of networked clients within a local network. To configure a network client, including all required services, the administrator traditionally needs detailed knowledge of the servers available in the network. SLP makes the availability of selected services known to all clients in the local network. Applications that support SLP can use the information distributed and be configured automatically.
14.2 Activating SLP slpd must run on your system to offer services with SLP. If the machine should only operate as client, and does not offer services, it is not necessary to run slpd. Like most system services in openSUSE, the slpd daemon is controlled by means of a separate init script. After the installation, the daemon is inactive by default. To activate it temporarily, run rcslpd start as root or rcslpd stop to stop it. Perform a restart or status check with restart or status.
14.5 Providing Services via SLP Many applications in openSUSE have integrated SLP support through the use of the libslp library. If a service has not been compiled with SLP support, use one of the following methods to make it available via SLP: Static Registration with /etc/slp.reg.d Create a separate registration file for each new service.
Dynamic Registration with slptool If a service needs to be registered dynamically without the need of configuration files, use the slptool command line utility. The same utility can also be used to deregister an existing service offering without restarting slpd. 14.6 For More Information RFC 2608, 2609, 2610 RFC 2608 generally deals with the definition of SLP. RFC 2609 deals with the syntax of the service URLs used in greater detail and RFC 2610 deals with DHCP via SLP. http://www.openslp.
The Domain Name System 15 DNS (domain name system) is needed to resolve the domain names and hostnames into IP addresses. In this way, the IP address 192.168.2.100 is assigned to the hostname jupiter, for example. Before setting up your own name server, read the general information about DNS in Section 13.3, “Name Resolution” (page 239). The following configuration examples refer to BIND. 15.1 DNS Terminology Zone The domain namespace is divided into regions called zones.
(not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone. Forwarder Forwarders are DNS servers to which your DNS server should send queries it cannot answer. To enable different configuration sources in one configuration, netconfig is used (see also man 8 netconfig). Record The record is information about name and IP address. Supported records and their syntax are described in BIND documentation.
a basic server configuration. Use the expert mode to deal with more advanced configuration tasks, such as setting up ACLs, logging, TSIG keys, and other options. 15.3.1 Wizard Configuration The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode. 1 When starting the module for the first time, the Forwarder Settings dialog, shown in Figure 15.
provide a name for it in Name. To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the Type (master, slave, or forward). See Figure 15.2, “DNS Server Installation: DNS Zones” (page 290). Click Edit to configure other settings of an existing zone. To remove a zone, click Delete. Figure 15.2: DNS Server Installation: DNS Zones 3 In the final dialog, you can open the DNS port in the firewall by clicking Open Port in Firewall.
Figure 15.3: DNS Server Installation: Finish Wizard 15.3.2 Expert Configuration After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place: 15.3.2.1 Start-Up Under Start-Up, define whether the DNS server should be started when the booting the system or manually. To start the DNS server immediately, click Start DNS Server Now. To stop the DNS server, click Stop DNS Server Now.
15.3.2.2 Forwarders If your local DNS server cannot answer a request, it tries to forward the request to a Forwarder, if configured so. This forwarder may be added manually to the Forwarder List. If the forwarder is not static like in dial-up connections, netconfig handles the configuration. For more information about netconfig, see man 8 netconfig. 15.3.2.3 Basic Options In this section, set basic server options.
Figure 15.4: DNS Server: Logging 15.3.2.5 ACLs Use this dialog to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under Name, specify an IP address (with or without netmask) under Value in the following fashion: { 192.168.1/24; } The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces. 15.3.2.
To use a previously created key, leave the Key ID field blank and select the file where it is stored under Filename. After that, confirm with Add. 15.3.2.7 DNS Zones (Adding a Slave Zone) To add a slave zone, select DNS Zones, choose the zone type Slave, write the name of the new zone, and click Add. In the Zone Editor sub-dialog under Master DNS Server IP, specify the master from which the slave should pull its data. To limit access to the server, select one of the ACLs from the list. 15.3.2.
Figure 15.5: DNS Server: Zone Editor (Basics) Zone Editor (NS Records) The NS Records dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. See Figure 15.6, “DNS Server: Zone Editor (NS Records)” (page 296).
Figure 15.6: DNS Server: Zone Editor (NS Records) Zone Editor (MX Records) To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. See Figure 15.7, “DNS Server: Zone Editor (MX Records)” (page 297).
Figure 15.7: DNS Server: Zone Editor (MX Records) Zone Editor (SOA) This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 15.6, “The /var/lib/named/example.com.zone File” (page 305).
Figure 15.8: DNS Server: Zone Editor (SOA) Zone Editor (Records) This dialog manages name resolution. In Record Key, enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. Use the types NS and MX for detailed or partial records that expand on the information provided in the NS Records and MX Records tabs. These three types resolve to an existing A record. PTR is for reverse zones.
15.4 Starting the BIND Name Server On a openSUSE® system, the name server BIND (Berkeley Internet Name Domain) comes preconfigured so it can be started right after installation without any problems. If you already have a functioning Internet connection and have entered 127.0.0.1 as the name server address for localhost in /etc/resolv.conf, you normally already have a working name resolution without needing to know the DNS of the provider.
To use the name server of the provider (or one already running on your network) as the forwarder, enter the corresponding IP address or addresses in the options section under forwarders. The addresses included in Example 15.1, “Forwarding Options in named.conf” (page 300) are just examples. Adjust these entries to your own setup. Example 15.1: Forwarding Options in named.conf options { directory "/var/lib/named"; forwarders { 10.11.12.13; 10.11.12.14; }; listen-on { 127.0.0.1; 192.168.1.
Example 15.2: A Basic /etc/named.conf options { directory "/var/lib/named"; forwarders { 10.0.0.1; }; notify no; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "." in { type hint; file "root.hint"; }; 15.5.1 Important Configuration Options directory "filename"; Specifies the directory in which BIND can find the files containing the zone data. Usually, this is /var/lib/named.
127.0.0.1 to permit requests from the local host. If you omit this entry entirely, all interfaces are used by default. listen-on-v6 port 53 {any; }; Tells BIND on which port it should listen for IPv6 client requests. The only alternative to any is none. As far as IPv6 is concerned, the server only accepts wild card addresses. query-source address * port 53; This entry is necessary if a firewall is blocking outgoing DNS requests.
tected at start-up. Otherwise, the interval can be defined in minutes. The default is sixty minutes. notify no; no prevents other name servers from being informed when changes are made to the zone data or when the name server is restarted. For a list of available options, read the manual page man 5 named.conf. 15.5.2 Logging What, how, and where logging takes place can be extensively configured in BIND. Normally, the default settings should be sufficient. Example 15.
file "slave/example.net.zone"; masters { 10.0.0.1; }; }; The zone options: type master; By specifying master, tell BIND that the zone is handled by the local name server. This assumes that a zone file has been created in the correct format. type slave; This zone is transferred from another name server. It must be used together with masters. type hint; The zone . of the hint type is used to set the root name servers. This zone definition can be left as is. file example.com.zone or file “slave/example.net.
TIP: Using the Dot (Period, Fullstop) in Zone Files The "." has an important meaning in the zone files. If hostnames are given without a final ., the zone is appended. Complete hostnames specified with a full domain name must end with a . to avoid having the domain added to it again. A missing or wrongly placed "." is probably the most frequent cause of name server configuration errors. The first case to consider is the zone file example.com.zone, responsible for the domain example.com, shown in Example 15.
a second time. Alternatively, @ can be entered here, in which case the zone would be extracted from the corresponding entry in /etc/named.conf. • After IN SOA is the name of the name server in charge as master for this zone. The name is expanded from dns to dns.example.com, because it does not end with a ".". • An e-mail address of the person in charge of this name server follows. Because the @ sign already has a special meaning, "." is entered here instead. For root@example.com the entry must read root.
Line 9: The IN NS specifies the name server responsible for this domain. dns is extended to dns.example.com because it does not end with a ".". There can be several lines like this—one for the primary and one for each secondary name server. If notify is not set to no in /etc/named.conf, all the name servers listed here are informed of the changes made to the zone data. Line 10: The MX record specifies the mail server that accepts, processes, and forwards emails for the domain example.com.
So 192.168 is resolved into 168.192.in-addr.arpa. See Example 15.7, “Reverse Lookup” (page 308). Example 15.7: Reverse Lookup 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. $TTL 2D 168.192.in-addr.arpa. 1.5 100.3 253.2 IN SOA dns.example.com. root.example.com. ( 2003072441 ; serial 1D ; refresh 2H ; retry 1W ; expiry 2D ) ; minimum IN NS dns.example.com. IN PTR IN PTR IN PTR gate.example.com. www.example.com. cups.example.com. Line 1: $TTL defines the standard TTL that applies to all entries here.
Normally, zone transfers between different versions of BIND should be possible without any problems. 15.7 Dynamic Update of Zone Data The term dynamic update refers to operations by which entries in the zone files of a master server are added, changed, or deleted. This mechanism is described in RFC 2136. Dynamic update is configured individually for each zone entry by adding an optional allow-update or update-policy rule. Zones to update dynamically should not be edited by hand.
ple). On the remote server, the key must be included in the /etc/named.conf file to enable a secure communication between host1 and host2: key host1-host2 { algorithm hmac-md5; secret "ejIkuCyyGJwwuN3xAteKgg=="; }; WARNING: File Permissions of /etc/named.conf Make sure that the permissions of /etc/named.conf are properly restricted. The default for this file is 0640, with the owner being root and the group named.
15.9 DNS Security DNSSEC, or DNS security, is described in RFC 2535. The tools available for DNSSEC are discussed in the BIND Manual. A zone considered secure must have one or several zone keys associated with it. These are generated with dnssec-keygen, just like the host keys. The DSA encryption algorithm is currently used to generate these keys. The public keys generated should be included in the corresponding zone file with an $INCLUDE rule.
DHCP 16 The purpose of the Dynamic Host Configuration Protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. If you use the NetworkManager on the client side, you do not need to configure the client at all.
and serves two address ranges, 192.168.2.10 to 192.168.2.20 and 192.168.2.100 192.168.2.200. A DHCP server supplies not only the IP address and the netmask, but also the hostname, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server. 16.
Card Selection In the first step, YaST looks for the network interfaces available on your system and displays them in a list. From the list, select the interface to which the DHCP server should listen and click Select. After this, select Open Firewall for Selected Interfaces to open the firewall for this interface, and click Next. See Figure 16.1, “DHCP Server: Card Selection” (page 315). Figure 16.
Figure 16.2: DHCP Server: Global Settings Dynamic DHCP In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease.
Figure 16.3: DHCP Server: Dynamic DHCP Finishing the Configuration and Setting the Start Mode After the third part of the configuration wizard, a last dialog is shown in which you can define how the DHCP server should be started. Here, specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for testing purposes). Click Finish to complete the configuration of the server. See Figure 16.4, “DHCP Server: Start-Up” (page 317). Figure 16.
16.2 DHCP Software Packages Both the DHCP server and the DHCP clients are available for openSUSE. The DHCP server available is dhcpd (published by the Internet Systems Consortium). On the client side, choose between two different DHCP client programs: dhcp-client (also from ISC) and the DHCP client daemon in the dhcpcd package. openSUSE installs dhcpcd by default. The program is very easy to handle and is launched automatically on each system boot to watch for a DHCP server.
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd is not started. The sample file can be divided into three sections. The first one defines how many seconds an IP address is leased to a requesting client by default (default-lease-time) before it should apply for renewal.
unexpected problems with your configuration (the server aborts with an error or does not return done on start), you should be able to find out what has gone wrong by looking for information either in the main system log /var/log/messages or on console 10 (Ctrl + Alt + F10). On a default openSUSE system, the DHCP daemon is started in a chroot environment for security reasons. The configuration files must be copied to the chroot environment so the daemon can find them.
In the preceding example, a client with a network card having the MAC address 00:30:6E:08:EC:80 is assigned the IP address 192.168.2.100 and the hostname jupiter automatically. The type of hardware to enter is ethernet in nearly all cases, although token-ring, which is often found on IBM systems, is also supported. 16.3.2 The openSUSE Version To improve security, the openSUSE version of the ISC's DHCP server comes with the non-root/chroot patch by Ari Edelkind applied.
even after a restart of the syslog-ng daemon, there is an additional entry SYSLOGD_ADDITIONAL_SOCKET_DHCP in the file /etc/sysconfig/syslog. 16.4 For More Information More information about DHCP is available at the Web site of the Internet Systems Consortium (http://www.isc.org/products/DHCP/). Information is also available in the dhcpd, dhcpd.conf, dhcpd.leases, and dhcp-options man pages.
Time Synchronization with NTP 17 The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofold—maintaining the absolute time and synchronizing the system time of all machines within a network. Maintaining an exact system time is important in many situations.
17.1.1 Basic Configuration The YaST NTP client configuration (Network Services > NTP Configuration) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab. Figure 17.1: Advanced NTP Configuration: General Settings Only Manually Select Only Manually, if you want to configure everything on your own. Synchronize without Daemon On laptops and other machines that suspend automatically, select Synchronize without Daemon.
Now and On Boot Select Now and On Boot to start ntpd automatically when the system is booted. Either of 0.opensuse.pool.ntp.org, 1.opensuse.pool.ntp.org, 2.opensuse.pool.ntp.org, or 3.opensuse.pool.ntp.org is preselected. 17.1.2 Changing Basic Configuration The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add, Edit, and Delete. Display Log provides the possibility to view the log files of your client.
Server In the pull-down Select list (see Figure 17.2, “YaST: NTP Server” (page 325), determine whether to set up time synchronization using a time server from your local network (Local NTP Server) or an Internet-based time server that takes care of your time zone (Public NTP Server). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK.
Outgoing Broadcast Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock. Incoming Broadcast If you want your client to receive its information via broadcast, enter the address from which the respective packets should be accepted in this fields. Figure 17.
apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed. Enable Open Port in Firewall if SuSEfirewall2 is active (which it is by default). If you leave the port closed, it is not possible to establish a connection to the time server. 17.
17.3 Dynamic Time Synchronization at Runtime If the system boots without network connection, ntpd starts up, but it cannot resolve DNS names of the time servers set in the configuration file. This can happen if you use Network Manager with an encrypted WLAN. If you want ntpd to resolve DNS names at runtime, you must set the dynamic option. Then, when the network is establish some time after booting, ntpd looks up the names again and can reach the time servers to get the time. Manually edit /etc/ntp.
The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127.t.u. Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used. Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driverNN .
Sharing File Systems with NFS 18 Distributing and sharing file systems over a network is a common task in corporate environments. The well-proven network file system (NFS) works together with NIS, the yellow pages protocol. For a more secure protocol that works together with LDAP and may also use Kerberos, check NFSv4. NFS with NIS makes a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network.
NFS Client The NFS client is a system that uses NFS services from an NFS server over the Network File System protocol. The TCP/IP protocol is already integrated into the Linux kernel; there is no need to install any additional software. NFS Server The NFS server provides NFS services to clients. A running server depends on the following daemons: nfsd (worker), idmapd (user and group name mappings to IDs and vice versa), statd (file locking), and mountd (mount requests). 18.
Figure 18.1: NFS Server Configuration Tool 2 Activate the Start radio button and enter the NFSv4 Domain Name. 3 Click Enable GSS Security if you need secure access to the server. A prerequisite for this is to have Kerberos installed on your domain and to have both the server and the clients kerberized. Click Next. 4 Enter the directories to export in the upper text field. Below, enter the hosts that should have access to them. This dialog is shown in Figure 18.
Figure 18.2: Configuring an NFS Server with YaST The figure shows the scenario where NFSv4 is enabled in the previous dialog. Bindmount Targets is shown in the right pane. For more details, click Help. In the lower half of the dialog, there are four options that can be set for each host: single host, netgroups, wildcards, and IP networks. For a more thorough explanation of these options, refer to the exports man page. 5 Click Finish to complete the configuration.
18.3.1.1 Exporting for NFSv4 Clients Activate Enable NFSv4 to support NFSv4 clients. Clients with NFSv3 can still access the server's exported directories if they are exported appropriately. This is explained in detail in Section 18.3.1.3, “Coexisting v3 and v4 Exports” (page 338). After activating NFSv4, enter an appropriate domain name. Make sure the name is the same as the one in the /etc/idmapd.conf file of any NFSv4 client that accesses this particular server.
Figure 18.3: Exporting Directories with NFSv4 In the lower half of the dialog, enter the client (wild card) and export options for a particular directory. After adding a directory in the upper half, another dialog for entering the client information and options pops up automatically. After that, to add a new client or a set of clients, click Add Host. In the small dialog that opens, enter the host wild card.
the list and that /exports/data is an already existing subdirectory of /exports. Any change in the option bind=/target/path, whether addition, deletion, or change in value, is reflected in Bindmount Targets. This column is not a directly editable column, but instead summarizes directories and their nature. After all information is provided, click Finish to complete the configuration. The service will become available immediately. 18.3.1.
Figure 18.4: Exporting Directories with NFSv2 and v3 18.3.1.3 Coexisting v3 and v4 Exports NFSv3 and NFSv4 exports can coexist on a server. After enabling the support for NFSv4 in the initial configuration dialog, those exports for which fsid=0 and bind=/target/path are not included in the option list are considered v3 exports. Consider the example in Figure 18.2, “Configuring an NFS Server with YaST” (page 334).
18.3.2 Exporting File Systems Manually The configuration files for the NFS export service are /etc/exports and /etc/ sysconfig/nfs. In addition to these files, /etc/idmapd.conf is needed for the NFSv4 server configuration. To start or restart the services, run the command rcnfsserver restart. This also starts the rpc.idmapd if NFSv4 is configured in /etc/sysconfig/nfs. The NFS server depends on a running RPC portmapper. Therefore, also start or restart the portmapper service with rcrpcbind restart. 18.3.2.
When clients mount from this server, they just mount servername:/ rather than servername:/export. It is not necessary to mount servername:/data, because it will automatically appear beneath wherever servername:/ was mounted. /etc/sysconfig/nfs The /etc/sysconfig/nfs file contains a few parameters that determine NFSv4 server daemon behavior. It is important to set the parameter NFS4_SUPPORT to yes. NFS4_SUPPORT determines whether the NFS server supports NFSv4 exports and clients. /etc/idmapd.
Starting and Stopping Services After changing /etc/exports or /etc/sysconfig/nfs, start or restart the NFS server service with rcnfsserver restart. After changing /etc/idmapd .conf, reload the configuration file with the command killall -HUP rpc.idmapd. If the NFS service needs to start at boot time, run the command chkconfig nfsserver on. 18.3.2.2 Exporting File Systems with NFSv2 and NFSv3 This section is specific to NFSv3 and NFSv2 exports. Refer to Section 18.3.1.
server to use this feature. YaST does not set up the server but just uses the provided functionality. If you want to use Kerberos authentication in addition to the YaST configuration, complete at least the following steps before running the NFS configuration: 1 Make sure that both the server and the client are in the same Kerberos domain. They must access the same KDC (Key Distribution Center) server and share their krb5 .keytab file (the default location on any machine is /etc/krb5.keytab).
The configuration is written to /etc/fstab and the specified file systems are mounted. When you start the YaST configuration client at a later time, it also reads the existing configuration from this file. Figure 18.5: NFS Client Configuration with YaST 18.4.2 Importing File Systems Manually The prerequisite for importing file systems manually from an NFS server is a running RPC port mapper. Start it by entering rcrpcbind start as root.
18.4.2.1 Using the Automount Service The autofs daemon can be used to mount remote file systems automatically. Add the following entry in the your /etc/auto.master file: /nfsmounts /etc/auto.nfs Now the /nfsmounts directory acts as the root for all the NFS mounts on the client if the auto.nfs file is filled appropriately. The name auto.nfs is chosen for the sake of convenience—you can choose any name. In auto.
Note, that if you do not enter the noauto option, the initialization scripts of the system will handle the mount of those file systems at start up. 18.5 For More Information In addition to the man pages of exports, nfs, and mount, information about configuring an NFS server and client is available in /usr/share/doc/packages/ nfsidmap/README. For further documentation online refer to the following Web sites: • Find the detailed technical documentation online at SourceForge [http://nfs .sourceforge.net/].
19 Samba Using Samba, a Unix machine can be configured as a file and print server for Mac OS X, Windows, and OS/2 machines. Samba has developed into a fully-fledged and rather complex product. Configure Samba with YaST, SWAT (a Web interface), or by editing the configuration file manually. 19.1 Terminology The following are some terms used in Samba documentation and in the YaST module. SMB protocol Samba uses the SMB (server message block) protocol that is based on the NetBIOS services.
reserve names for themselves. After reservation, these machines can be addressed by name. There is no central process that checks names. Any machine on the network can reserve as many names as it wants as long as the names are not already in use. The NetBIOS interface can be implemented for different network architectures. An implementation that works relatively closely with network hardware is called NetBEUI, but this is often referred to as NetBIOS.
19.2 Installing a Samba Server To install a Samba server, start YaST and select Software > Software Management. Choose Filter > Patterns and select File Server. Confirm the installation of the required packages to finish the installation process. 19.3 Starting and Stopping Samba You can start or stop the Samba server automatically (during boot) or manually. Starting and stopping policy is a part of the YaST Samba server configuration described in Section 19.4.
The Samba Installation dialog consists of two steps and optional detailed settings: Workgroup or Domain Name Select an existing name from Workgroup or Domain Name or enter a new one and click Next. Samba Server Type In the next step, specify whether your server should act as a primary domain controller (PDC), backup domain controller (BDC), or not to act as a domain controller at all. Continue with Next. If you do not want to proceed with a detailed server configuration, confirm with OK.
Shares In the Shares tab, determine the Samba shares to activate. There are some predefined shares, like homes and printers. Use Toggle Status to switch between Active and Inactive. Click Add to add new shares and Delete to delete the selected share. Allow Users to Share Their Directories enables members of the group in Permitted Group to share directories they own with other users. For example, users for a local scope or DOMAIN\Users for a domain scope.
19.4.2 Web Administration with SWAT An alternative tool for Samba server administration is SWAT (Samba Web Administration Tool). It provides a simple Web interface with which to configure the Samba server. To use SWAT, open http://localhost:901 in a Web browser and log in as user root. If you do not have a special Samba root account, use the system root account. NOTE: Activating SWAT After Samba server installation, SWAT is not activated.
os level = 20 This parameter triggers whether your Samba server tries to become LMB (local master browser) for its workgroup. With the Samba 3 release series, it is seldom necessary to override the default setting (20). Choose a very low value such as 2 to spare the existing Windows network from any disturbances caused by a misconfigured Samba server.
Example 19.1: A CD-ROM Share (deactivated) ;[cdrom] ; comment = Linux CD-ROM ; path = /media/cdrom ; locking = No [cdrom] and comment The [cdrom] section entry is the name of the share that can be seen by all SMB clients on the network. An additional comment can be added to further describe the share. path = /media/cdrom path exports the directory /media/cdrom. By means of a very restrictive default configuration, this kind of share is only made available to the users present on this system.
valid users = %S %S is replaced with the concrete name of the share as soon as a connection has been successfully established. For a [homes] share, this is always the username. As a consequence, access rights to a user's share are restricted exclusively to that user. browseable = No This setting makes the share invisible in the network environment. read only = No By default, Samba prohibits write access to any exported share by means of the read only = Yes parameter.
Server Level Security (security = server) To its clients, Samba pretends to be working in user level mode. However, it passes all password queries to another user level mode server, which takes care of authentication. This setting requires the additional password server parameter. ADS Level Security (security = ADS) In this mode, Samba will act as a domain member in an Active Directory environment. To operate in this mode, the machine running Samba needs Kerberos installed and configured.
for Linux Authentication, the user authentication runs over the Samba, NT or Kerberos server. Click Expert Settings for advanced configuration options. For example, use the Mount Server Directories table to enable mounting server home directory automatically with authentication. This way users will be able to access their home directories when hosted on CIFS. For details, see the the pam_mount man page. After completing all settings, confirm the dialog to finish the configuration. 19.
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \ -s /bin/false %m\$ To make sure that Samba can execute this script correctly, choose a Samba user with the required administrator permissions and add it to the ntadmin group.
20 The Apache HTTP Server With a share of more than 50%, the Apache HTTP Server (Apache) is the world's most widely-used Web server according to the survey from http://www.netcraft .com/. Apache, developed by the Apache Software Foundation (http://www .apache.org/), is available for most operating systems. openSUSE® includes Apache version 2.2. In this chapter, learn how to install, configure and set up a Web server; how to use SSL, CGI, and additional modules; and how to troubleshoot Apache. 20.
3. The latest security updates are installed. If in doubt, run a YaST Online Update. 4. The default Web server port (80) is opened in the firewall. For this, configure the SuSEFirewall2 to allow the service HTTP Server in the external zone. This can be done using YaST. See Section “Configuring the Firewall with YaST” (Chapter 13, Masquerading and Firewalls, ↑Security Guide) for details. 20.1.2 Installation Apache on openSUSE is not installed by default.
4 Save your changes with Finish. The system is configured to automatically start Apache in runlevels 3 and 5 during boot. To manually start Apache using the shell, run rcapache2 start. Procedure 20.3: Checking if Apache is Running If you do not receive error messages when starting Apache, this usually indicates that the Web server is running. To test this: 1 Start a browser and open http://localhost/. If Apache is up and running, you get a test page stating “It works!”.
If you configure Apache with YaST, this can be taken care of automatically if you set HTTP Service to Enabled as described in Section 20.2.3.2, “HTTP Server Configuration” (page 374). 20.2.1 Apache Configuration Files This section gives an overview of the Apache configuration files. If you use YaST for configuration, you do not need to touch these files—however, the information might be useful for you if you want to switch to manual configuration later on.
| |||||||||||| | | | | ||| default-server.conf errors.conf httpd.conf listen.conf magic mime.types mod_*.conf server-tuning.conf ssl.* ssl-global.conf sysconfig.d | |- global.conf |- include.conf |- loadmodule.conf . . uid.conf vhosts.d |- *.conf Apache Configuration Files in /etc/apache2/ charset.conv Specifies which character sets to use for different languages. Do not edit this file. conf.d/*.conf Configuration files added by other modules.
pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration. listen.conf Binds Apache to specific IP addresses and ports. Name-based virtual hosting is also configured here. For details, see Section “Name-Based Virtual Hosts” (page 366). magic Data for the mime_magic module that helps Apache automatically determine the MIME type of an unknown file. Do not change this file. mime.
vhosts.d/*.conf Your virtual host configuration should be located here. The directory contains template files for virtual hosts with and without SSL. Every file in this directory ending with .conf is automatically included in the Apache configuration. Refer to Section 20.2.2.1, “Virtual Host Configuration” (page 365) for details. 20.2.2 Configuring Apache Manually Configuring Apache manually involves editing plain text configuration files as user root. 20.2.2.
TIP: Always Create a Virtual Host Configuration It is recommended to always create a virtual host configuration file, even if your Web server only hosts one domain. By doing so, you not only have the domain-specific configuration in one file, but you can always fall back to a working basic configuration by simply moving, deleting, or renaming the configuration file for the virtual host. For the same reason, you should also create separate configuration files for each virtual host.
The wild card * can be used for both the IP address and the port number to receive requests on all interfaces. IPv6 addresses must be enclosed in square brackets. Example 20.1: Variations of Name-Based VirtualHost Entries # NameVirtualHost IP-address[:Port] NameVirtualHost 192.168.3.100:80 NameVirtualHost 192.168.3.
The physical server must have one IP address for each IP-based virtual host. If the machine does not have multiple network cards, virtual network interfaces (IP aliasing) can also be used. The following example shows Apache running on a machine with the IP 192.168.3.100, hosting two domains on the additional IPs 192.168.3.101 and 192.168.3.102. A separate VirtualHost block is needed for every virtual server. Example 20.3: IP-Based VirtualHost Directives ...
ErrorLog The error log file for this virtual host. Although it is not necessary to create separate error log files for each virtual host, it is common practice to do so, because it makes the debugging of errors much easier. /var/log/apache2/ is the default directory for Apache's log files. CustomLog The access log file for this virtual host.
each time you call the HTTP Server module. For more information, see Section 20.2.3.2, “HTTP Server Configuration” (page 374). 20.2.3.1 HTTP Server Wizard The HTTP Server Wizard consists of five steps. In the last step of the dialog, you are given the opportunity to enter the expert configuration mode to make even more specific settings. Network Device Selection Here, specify the network interfaces and ports Apache uses to listen for incoming requests.
commonly referred to as the default host. Each virtual host inherits the default host's configuration. To edit the host settings (also called directives), choose the appropriate entry in the table then click Edit. To add new directives, click Add. To delete a directive, select it and click Delete. Figure 20.1: HTTP Server Wizard: Default Host Here is list of the default settings of the server: Document Root Path to the directory from which Apache serves files for this host.
The default openSUSE Alias /icons points to /usr/share/apache2/ icons for the Apache icons displayed in the directory index view. ScriptAlias Similar to the Alias directive, the ScriptAlias directive maps a URL to a file system location. The difference is that ScriptAlias designates the target directory as a CGI location, meaning that CGI scripts should be executed in that location.
Virtual Hosts In this step, the wizard displays a list of already configured virtual hosts (see Section 20.2.2.1, “Virtual Host Configuration” (page 365)). If you have not made manual changes prior to starting the YaST HTTP wizard, no virtual host is present. To add a host, click Add to open a dialog in which to enter basic information about the host, such as Server Name, Server Contents Root (DocumentRoot), and the Administrator E-Mail.
Figure 20.2: HTTP Server Wizard: Summary 20.2.3.2 HTTP Server Configuration The HTTP Server Configuration dialog also lets you make even more adjustments to the configuration than the wizard (which only runs if you configure your Web server for the first time). It consists of four tabs described in the following. No configuration option you change here is effective immediately—you always must confirm your changes with Finish to make them effective.
faces, click Firewall Details... to specify on which interface(s) the port(s) should be opened. With Log Files, watch either the access log or the error log. This is useful if you want to test your configuration. The log file opens in a separate window from which you can also restart or reload the Web server. For details, see Section 20.3, “Starting and Stopping Apache” (page 376). These commands are effective immediately and their log messages are also displayed immediately. Figure 20.
Figure 20.4: HTTP Server Configuration: Server Modules Main Host or Hosts These dialogs are identical to the ones already described. Refer to Section “Default Host” (page 370) and Section “Virtual Hosts” (page 373). 20.3 Starting and Stopping Apache If configured with YaST as described in Section 20.2.3, “Configuring Apache with YaST” (page 369), Apache is started at boot time in runlevels 3 and 5 and stopped in runlevels 0, 1, 2, and 6.
status Checks if Apache is started. start Starts Apache if it is not already running. startssl Starts Apache with SSL support if it is not already running. For more information about SSL support, refer to Section 20.6, “Setting Up a Secure Web Server with SSL” (page 389). stop Stops Apache by terminating the parent process. restart Stops and then restarts Apache. Starts the Web server if it was not running before. try-restart Stops then restarts Apache only if it is already running.
GracefulShutdownTimeout needs to be set, otherwise restart-graceful will result in a regular restart. If set to zero, the server will wait indefinitely until all remaining requests have been fully served. A graceful restart can fail if the original Apache instance is not able to clear all necessary resources. In this case, the command will result in a graceful stop.
TIP: Additional Flags If you specify additional flags to the rcapache2, these are passed through to the Web server. 20.4 Installing, Activating, and Configuring Modules The Apache software is built in a modular fashion: all functionality except some core tasks are handled by modules. This has progressed so far that even HTTP is processed by a module (http_core). Apache modules can be compiled into the Apache binary at build time or dynamically loaded at runtime. Refer to Section 20.4.
20.4.1 Module Installation If you have done a default installation as described in Section 20.1.2, “Installation” (page 360), the following modules are already installed: all base and extension modules, the multiprocessing module Prefork MPM, and the external modules mod_php5 and mod_python. You can install additional external modules by starting YaST and choosing Software > Software Management. Now choose Filter > Search and search for apache.
http://httpd.apache.org/docs/2.2/mod/ to learn details about each module. mod_actions Provides methods to execute a script whenever a certain MIME type (such as application/pdf), a file with a specific extension (like .rpm), or a certain request method (such as GET) is requested. This module is enabled by default. mod_alias Provides Alias and Redirect directives with which you can map a URl to a specific directory (Alias) or redirect a requested URL to another location. This module is enabled by default.
mod_deflate Using this module, Apache can be configured to compress given file types on the fly before delivering them. mod_dir mod_dir provides the DirectoryIndex directive with which you can configure which files are automatically delivered when a directory is requested (index .html by default). It also provides an automatic redirect to the correct URL when a directory request does not contain a trailing slash. This module is enabled by default.
mod_negotiation Necessary for content negotiation. See http://httpd.apache.org/docs/ 2.2/content-negotiation.html for more information. This module is enabled by default. mod_rewrite Provides the functionality of mod_alias, but offers more features and flexibility. With mod_rewrite, you can redirect URLs based on multiple rules, request headers, and more. mod_setenvif Sets environment variables based on details of the client's request, such as the browser string the client sends, or the client's IP address.
20.4.4 Multiprocessing Modules openSUSE provides two different multiprocessing modules (MPMs) for use with Apache: • Prefork MPM (page 384) • Section 20.4.4.2, “Worker MPM” (page 384) 20.4.4.1 Prefork MPM The prefork MPM implements a nonthreaded, preforking Web server. It makes the Web server behave similarly to Apache version 1.x. In this version it isolates each request and handles it by forking a separate child process. Thus problematic requests cannot affect others, avoiding a lockup of the Web server.
Apache is that not all available Apache modules are thread-safe and thus cannot be used in conjunction with the worker MPM. WARNING: Using PHP Modules with MPMs Not all available PHP modules are thread-safe. Using the worker MPM with mod_php is strongly discouraged. 20.4.5 External Modules Find a list of all external modules shipped with openSUSE here. Find the module's documentation in the listed directory.
Package Name: apache2-mod_php5 Configuration File: /etc/apache2/conf.d/php5.conf More Information: /usr/share/doc/packages/apache2-mod_php5 mod_python mod_python allows embedding Python within the Apache HTTP server for a considerable boost in performance and added flexibility in designing Web-based applications. Package Name: apache2-mod_python More Information: /usr/share/doc/packages/apache2-mod_python mod_tidy mod_tidy validates each outgoing HTML page by means of the TidyLib.
• /usr/sbin/apxs2-prefork—suitable for prefork MPM modules. The installation location is /usr/lib/apache2-prefork. • /usr/sbin/apxs2-worker—suitable for worker MPM modules. The installation location is /usr/lib/apache2-worker. Install and activate a module from source code with the following commands: cd /path/to/module/source; apxs2 -cia mod_foo.c where -c compiles the module, -i installs it, and -a activates it. Other options of apxs2 are described in the apxs2(1) man page. 20.
Example 20.5: VirtualHost CGI Configuration ScriptAlias /cgi-bin/ "/srv/www/www.example.com/cgi-bin/" Options +ExecCGI AddHandler cgi-script .cgi .pl Order allow,deny Allow from all Tells Apache to handle all files within this directory as CGI scripts. Enables CGI script execution Tells the server to treat files with the extensions .pl and .cgi as CGI scripts. Adjust according to your needs.
Now call http://localhost/cgi-bin/test.cgi or http://www.example.com/cgi-bin/test.cgi. You should see the “CGI/1.0 test script report”. 20.5.3 CGI Troubleshooting If you do not see the output of the test program but an error message instead, check the following: CGI Troubleshooting • Have you reloaded the server after having changed the configuration? Check with rcapache2 probe.
is established. Data integrity is ensured and client and server are able to authenticate each other. For this purpose, the server sends an SSL certificate that holds information proving the server's valid identity before any request to a URL is answered. In turn, this guarantees that the server is the uniquely correct end point for the communication.
TIP: For More Information To learn more about concepts and definitions of SSL/TSL, refer to http:// httpd.apache.org/docs/2.2/ssl/ssl_intro.html. 20.6.1.1 Creating a “Dummy” Certificate Generating a dummy certificate is simple. Just call the script /usr/bin/gensslcert. It creates or overwrites the files listed below. Make use of gensslcert's optional switches to fine-tune the certificate. Call /usr/bin/gensslcert -h for more information. • /etc/apache2/ssl.crt/ca.crt • /etc/apache2/ssl.crt/server.
/usr/sbin/ custom. Do not attempt to run this command from outside this directory. The program provides a series of prompts, some of which require user input. Procedure 20.4: Creating a Self-Signed Certificate with mkcert.sh 1 Decide the signature algorithm used for certificates Choose RSA (R, the default), because some older browsers have problems with DSA. 2 Generating RSA private key for CA (1024 bit) No interaction needed. 3 Generating X.
IMPORTANT: Selecting a Common Name The common name you enter here must be the fully qualified hostname of your secure server (for example, www.example.com). Otherwise the browser issues a warning that the certificate does not match the server when accessing the Web server. 7 Generating X.509 certificate signed by own CA Choose certificate version 3 (the default).
of known and trusted CAs in their Web browsers. Otherwise a browser complains that the certificate was issued by an unknown authority. The certificate is valid for one year. IMPORTANT: Self-Signed Certificates Only use a self-signed certificate on a Web server that is accessed by people who know and trust you as a certificate authority. It is not recommended to use such a certificate for a public shop, for example. 20.6.1.
20.6.2 Configuring Apache with SSL The default port for SSL and TLS requests on the Web server side is 443. There is no conflict between a “regular” Apache listening on port 80 and an SSL/TLS-enabled Apache listening on port 443. In fact, HTTP and HTTPS can be run with the same Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80 and port 443 to separate virtual servers.
20.6.2.1 Name-Based Virtual Hosts and SSL By default it is not possible to run multiple SSL-enabled virtual hosts on a server with only one IP address. Name-based virtual hosting requires that Apache knows which server name has been requested. The problem with SSL connections is, that such a request can only be read after the SSL connection has already been established (by using the default virtual host).
20.7 Avoiding Security Problems A Web server exposed to the public Internet requires an ongoing administrative effort. It is inevitable that security issues appear, both related to the software and to accidental misconfiguration. Here are some tips for how to deal with them. 20.7.1 Up-to-Date Software If there are vulnerabilities found in the Apache software, a security advisory will be issued by SUSE.
20.7.3 File System Access By default, access to the whole file system is denied in /etc/apache2/httpd .conf. You should never overwrite these directives, but specifically enable access to all directories Apache should be able to read. For details, see Section “Basic Virtual Host Configuration” (page 368). In doing so, ensure that no critical files, such as password or system configuration files, can be read from the outside. 20.7.
20.8 Troubleshooting If Apache does not start, the Web page is not accessible, or users cannot connect to the Web server, it is important to find the cause of the problem. Here are some typical places to look for error explanations and important things to check: Output of rcapache2 Instead of starting and stopping the Web server with the binary /usr/sbin/ httpd2, rather use the rcapache2 script instead (described in Section 20.3, “Starting and Stopping Apache” (page 376)).
20.9 For More Information The package apache2-doc contains the complete Apache manual in various localizations for local installation and reference. It is not installed by default—the quickest way to install it is to use the command zypper in apache2-doc. Once installed, the Apache manual is available at http://localhost/manual/. You may also access it on the Web at http://httpd.apache.org/docs-2.2/. SUSE-specific configuration hints are available in the directory /usr/share/doc/packages/ apache2/README.*.
mod_tidy http://mod-tidy.sourceforge.net/ 20.9.3 Development More information about developing Apache modules or about getting involved in the Apache Web server project are available at the following locations: Apache Developer Information http://httpd.apache.org/dev/ Apache Developer Documentation http://httpd.apache.org/docs/2.2/developer/ Writing Apache Modules with Perl and C http://www.modperl.com/ 20.9.
Setting up an FTP server with YaST 21 Using the YaST FTP Server module, you can configure your machine to function as an FTP (File Transfer Protocol) server. Anonymous and/or authenticated users can connect to your machine and download files using the FTP protocol. Depending on the configuration, they can also upload files to the FTP server. YaST provides a unified configuration interface for various FTP server daemons installed on your system.
1 Open YaST Control Center and choose Network Services > FTP Server or run the yast2 ftp-server command as root. 2 If there is not any FTP server installed in your system, you will be asked which server to install when the YaST FTP Server module starts. Choose a server (vsftpd is the standard server for openSUSE) and confirm the dialog. If there are two servers installed, choose the preferred server and click OK. 3 In the Start-Up dialog, configure the options for starting of the FTP server.
Settings and Restart FTP Now. Your configurations will be saved by leaving the configuration module with Finish. The Selected Service frame of the FTP Start-Up dialog shows which FTP server is used: either vsftpd or pure-ftpd. If both servers are installed, you can switch between them—the current configuration will automatically be converted. The pure-ftpd package is not included in the standard openSUSE media so you have to install it from a different installation source if you want to use it. Figure 21.
You can limit permissions of files created by anonymous and/or authenticated users with umask. Set the file creation mask for anonymous users in Umask for Anonymous and the file creation mask for authenticated users in Umask for Authenticated Users. The masks should be entered as octal numbers with a leading zero. For more information about umask, see the umask man page (man 1p umask). In the FTP Directories frame set the directories used for anonymous and authorized users.
between the following options: granting access to anonymous users only, to authenticated users only (with accounts on the system) or to both types of users. If you want to allow users to upload files to the FTP server, check Enable Upload in the Uploading frame of the Authentication dialog. Here you are able to allow uploading or creating directories even for anonymous users by checking the respective box.
Part V.
Mobile Computing with Linux 22 Mobile computing is mostly associated with laptops, PDAs and cellular phones (and the data exchange between them). Mobile hardware components, such as external hard disks, flash drives, or digital cameras, can be connected to laptops or desktop systems. A number of software components are involved in mobile computing scenarios and some applications are tailor-made for mobile use. 22.1 Laptops The hardware of laptops differs from that of a normal desktop system.
22.1.1 Power Conservation The inclusion of energy-optimized system components during laptop manufacturing contributes to their suitability for use without access to the electrical power grid. Their contribution towards conservation of power is at least as important as that of the operating system. openSUSE® supports various methods that influence the power consumption of a laptop and have varying effects on the operating time under battery power.
Figure 22.1: Integrating a Mobile Computer in an Existing Environment The services affected in the case of a laptop commuting back and forth between a small home network and an office network are: Network This includes IP address assignment, name resolution, Internet connectivity and connectivity to other networks. Printing A current database of available printers and an available print server must be present, depending on the network.
openSUSE offers several ways of integrating laptops into existing operating environments: NetworkManager NetworkManager is especially tailored for mobile networking on laptops. It provides a means to easily and automatically switch between network environments or different types of networks such as mobile broadband (such as GPRS, EDGE, or 3G), wireless LAN, and Ethernet. NetworkManager supports WEP and WPA-PSK encryption in wireless LANs. It also supports dial-up connections (with smpppd).
SLP The service location protocol (SLP) simplifies the connection of a laptop to an existing network. Without SLP, the administrator of a laptop usually requires detailed knowledge of the services available in a network. SLP broadcasts the availability of a certain type of service to all clients in a local network. Applications that support SLP can process the information dispatched by SLP and be configured automatically.
default. Process Table gives detailed information about currently running processes, such as CPU load, memory usage, or process ID number and nice value. The presentation and filtering of the collected data can be customized — to add a new type of process information, left-click on the process table header and choose which column to hide or add to the view. It is also possible to monitor different system parameters in various data pages or collect the data of various machines in parallel over the network.
22.1.3.3 Wireless Communication As well as connecting to a home or office network with a cable, a laptop can also use wireless connection to access other computers, peripherals, cellular phones or PDAs. Linux supports three types of wireless communication: WLAN With the largest range of these wireless technologies, WLAN is the only one suitable for the operation of large and sometimes even spatially separate networks.
Protection against Theft Always physically secure your system against theft whenever possible. Various securing tools (like chains) are available in retail stores. Strong Authentication Use biometric authentication in addition to standard authentication via login and password. openSUSE supports fingerprint authentication. For more details, see Chapter 7, Using the Fingerprint Reader (↑Security Guide).
External Hard Disks (USB and FireWire) As soon as an external hard disk is correctly recognized by the system, its icon appears in the file manager. Clicking the icon displays the contents of the drive. It is possible to create folders and files here and edit or delete them. To rename a hard disk from the name it had been given by the system, select the corresponding menu item from the menu that opens when the icon is right-clicked. This name change is limited to display in the file manager.
22.4 For More Information The central point of reference for all questions regarding mobile devices and Linux is http://tuxmobil.org/. Various sections of that Web site deal with the hardware and software aspects of laptops, PDAs, cellular phones and other mobile hardware. A similar approach to that of http://tuxmobil.org/ is made by http://www .linux-on-laptops.com/. Information about laptops and handhelds can be found here. SUSE maintains a mailing list in German dedicated to the subject of laptops.
23 Power Management Power management is especially important on laptop computers, but is also useful on other systems. ACPI (Advanced Configuration and Power Interface) is available on all modern computers (laptops, desktops, and servers). Power management technologies require suitable hardware and BIOS routines. Most laptops and many modern desktops and servers meet these requirements. It is also possible to control CPU frequency scaling to save power or decrease noise. 23.
Hibernation (suspend to disk) In this operating mode, the entire system state is written to the hard disk and the system is powered off. There must be a swap partition at least as big as the RAM to write all the active data. Reactivation from this state takes about 30 to 90 seconds. The state prior to the suspend is restored. Some manufacturers offer useful hybrid variants of this mode, such as RediSafe in IBM Thinkpads. The corresponding ACPI state is S4.
.msg. See Section 23.2.2, “Troubleshooting” (page 423) for more information about troubleshooting ACPI problems. 23.2.1 Controlling the CPU Performance The CPU can save energy in three ways: • Frequency and Voltage Scaling • Throttling the Clock Frequency (T-states) • Putting the Processor to Sleep (C-states) Depending on the operating mode of the computer, these methods can be combined. Saving energy also means that the system heats up less and the fans are activated less frequently.
components that have serious errors in the ACPI implementation are recorded in a blacklist that prevents the Linux kernel from using ACPI for these components. The first thing to do when problems are encountered is to update the BIOS. If the computer does not boot at all, one of the following boot parameters may be helpful: pci=noacpi Do not use ACPI for configuring the PCI devices. acpi=ht Only perform a simple resource configuration. Do not use ACPI for other purposes. acpi=off Disable ACPI.
23.2.2.1 For More Information • http://tldp.org/HOWTO/ACPI-HOWTO/ (detailed ACPI HOWTO, contains DSDT patches) • http://www.acpi.info (Advanced Configuration & Power Interface Specification) • http://www.lesswatts.org/projects/acpi/ (the ACPI4Linux project at Sourceforge) • http://acpi.sourceforge.net/dsdt/index.php (DSDT patches by Bruno Ducrot) 23.3 Rest for the Hard Disk In Linux, the hard disk can be put to sleep entirely if it is not needed or it can be run in a more economic or quieter mode.
in the RAM. This buffer is monitored by the pdflush daemon. When the data reaches a certain age limit or when the buffer is filled to a certain degree, the buffer content is flushed to the hard disk. The buffer size is dynamic and depends on the size of the memory and the system load. By default, pdflush is set to short intervals to achieve maximum data integrity. It checks the buffer every 5 seconds and writes the data to the hard disk.
In this connection, the mail daemon postfix makes use of the variable POSTFIX_LAPTOP. If this variable is set to yes, postfix accesses the hard disk far less frequently. 23.4 Troubleshooting All error messages and alerts are logged in the file /var/log/messages. The following sections cover the most common problems. 23.4.
3 Copy the (resulting) file DSDT.aml to any location (/etc/DSDT.aml is recommended). 4 Edit /etc/sysconfig/kernel and adapt the path to the DSDT file accordingly. 5 Start mkinitrd. Whenever you install the kernel and use mkinitrd to create an initrd file, the modified DSDT is integrated and loaded when the system is booted. 23.4.2 CPU Frequency Does Not Work Refer to the kernel sources to see if your processor is supported.
23.5 For More Information • http://www.acpi.info (Advanced Configuration and Power Interface Specification) • http://www.lesswatts.org/projects/acpi/ (the ACPI4Linux project at Sourceforge) • http://acpi.sourceforge.net/dsdt/index.php (DSDT patches by Bruno Ducrot) • http://en.opensuse.org/SDB:Suspend_to_RAM—How to get Suspend to RAM working • http://old-en.opensuse.
24 Wireless LAN Wireless LANs, or Wireless Local Area Network (WLANs), have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. This chapter describes how to set up a WLAN card with YaST, encrypt transmissions, and use tips and tricks. Alternatively, you can configure and manage WLAN access with NetworkManager. For details, refer to Chapter 25, Using NetworkManager (page 449). 24.1 WLAN Standards WLAN cards communicate using the 802.
Name Band (GHz) Maximum Transmission Rate (Mbit/s) Note 802.11a 5 54 Less interference-prone 802.11b 2.4 11 Less common 802.11g 2.4 54 Widespread, backwards-compatible with 11b 802.11n 2.4 and/or 5 300 Common 802.11 Legacy cards are not supported by openSUSE®. Most cards using 802.11a, 802.11b, 802.11g and 802.11n are supported. New cards usually comply with the 802.11n standard, but cards using 802.11g are still available. 24.
work. However, the transmission range and number of participating stations are greatly limited in ad-hoc networks. They also do not support WPA authentication. If you intend to use WPA security, you should not use Ad-Hoc_Mode. Master Mode In master mode your network card is used as the access point. It works only if your WLAN card supports this mode. Find out the details of your WLAN card on http://linux-wless.passys.nl. 24.
not have the key cannot decrypt received packets. Accordingly, it cannot communicate, regardless of whether it had to authenticate itself. WPA-PSK (or WPA-Personal, according to IEEE 802.1x) WPA-PSK (PSK stands for preshared key) works similarly to the Shared Key procedure. All participating stations as well as the access point need the same key. The key is 256 bits in length and is usually entered as a passphrase.
WEP (defined in IEEE 802.11) This standard makes use of the RC4 encryption algorithm, originally with a key length of 40 bits, later also with 104 bits. Often, the length is declared as 64 bits or 128 bits, depending on whether the 24 bits of the initialization vector are included. However, this standard has some weaknesses. Attacks against the keys generated by this system may be successful. Nevertheless, it is better to use WEP than to not encrypt the network at all.
tion 24.4, “Encryption” (page 434) and Section 24.6.3, “Security” (page 445) for information. To configure a wireless LAN with YaST, you need to define the following parameters: IP Address Use either a static IP address or let a DHCP server dynamically assign an IP address to the interface. Operating Mode Defines how to integrate your machine into a WLAN, depending on the network topology. For background information, refer to Section 24.2, “Operating Modes” (page 432).
4 For further configuration, proceed with Section 24.5.2, “Configuration for Access Points” (page 437) or Section 24.5.3, “Establishing an Ad-Hoc Network” (page 441). Otherwise confirm your changes with OK to write the network configuration. 24.5.2 Configuration for Access Points In this section, learn how to configure your WLAN card to connect to an (external) access point or how to use your WLAN card as access point if your WLAN card supports this.
7 To connect to a certain network, enter the Network Name (ESSID). Alternatively, click Scan Network and select a network from the list of available wireless networks. All stations in a wireless network need the same ESSID for communicating with each other. If no ESSID is specified, your WLAN card automatically associates with the access point that has the best signal strength. NOTE: WPA Authentication Requires an ESSID If you select WPA authentication, a network name (ESSID) must be set.
Figure 24.1: YaST: Configuring the Wireless Network Card Procedure 24.2: Entering the Encryption Details The following authentication methods require an encryption key: WEP - Open, WEP Shared Key, and WPA-PSK. For WEP, usually only key is needed—however, up to 4 different WEP keys can be defined for your station. One of them needs to be set as the default key and is used for encryption. The others are used for decryption.
1a Set the Key Input Type either to Passphrase, ASCII or Hexadecimal. 1b Enter the respective Encryption Key (usually only one key is used): If you have selected Passphrase, enter a word or a character string from which a key is generated according to the specified key length (per default, 128-bit) . ASCII requests an input of 5 characters for a 64-bit key and 13 characters for a 128-bit key. For Hexadecimal, enter 10 characters for a 64-bit key or 26 characters for a 128-bit key in hexadecimal notation.
3b For TLS, provide Identity, Client Certificate, Client Key, and Client Key Password. To increase security, you can also configure a Server Certificate used to validate the server's authenticity. TTLS and PEAP require Identity and Password, whereas Server Certificate and Anonymous Identity are optional. 3c To enter the advanced authentication dialog for your WPA-EAP setup, click Details. 3d Select the Authentication Method for the second stage of EAP-TTLS or EAPPEAP communication (inner authentication).
• Hostname: Choose any name you like. 4 Proceed with Next. 5 Set the Operating Mode to Ad-hoc. 6 Choose a Network Name (ESSID). This can be any name, but it has to be used on every computer in the ad-hoc network. 7 Select an Authentication Mode for your network. Which mode is suitable, depends on your WLAN card's driver and the ability of the other devices in the network. 8 If you have chosen to set the Authentication Mode to No Encryption, finish the configuration by clicking Next.
Bit Rate Depending on the performance of your network, you may want to set a certain bit rate for the transmission from one point to another. In the default setting Auto, the system tries to use the highest possible data transmission rate. Some WLAN cards do not support the setting of bit rates. Access Point In an environment with several access points, one of them can be preselected by specifying the MAC address.
24.6 Tips and Tricks for Setting Up a WLAN The following tools and tips can help to monitor and improve speed and stability as well as security aspects of your WLAN. 24.6.1 Utilities The package wireless-tools contains utilities that allow to set wireless LAN specific parameters and get statistics. See http://www.hpl.hp.com/personal/ Jean_Tourrilhes/Linux/Tools.html for more information. kismet (package kismet) is a network diagnosis tool with which to listen to the WLAN packet traffic.
dBm (updated) Typical/Reference : Quality:26/94 dBm Signal level:-60 dBm Noise level:-90 24.6.3 Security If you want to set up a wireless network, remember that anybody within the transmission range can easily access it if no security measures are implemented. Therefore, be sure to activate an encryption method. All WLAN cards and access points support WEP encryption. Although this is not entirely safe, it does present an obstacle for a potential attacker. For private use, use WPA-PSK if available.
2. Have you checked your needed firmware? Refer to /usr/share/doc/ packages/wireless-tools/README.firmware for more information. 3. Is the ESSID of your router broadcasted and visible (not hidden)? 24.7.1 Check the Network Status The command iwconfig can give you important information about your wireless connection. For example, the following line displays the ESSID, the wireless mode, frequency, if you signal is encrypted, the link quality, and much more: iwconfig wlan0 wlan0 IEEE 802.
24.7.2 Multiple Network Devices Modern laptops usually have a network card and a WLAN card. If you configured both devices with DHCP (automatic address assignment), you may encounter problems with the name resolution and the default gateway. This is evident from the fact that you can ping the router but cannot surf the Internet. The Support Database features an article on this subject at http://old-en.opensuse.org/SDB:Name_Resolution _Does_Not_Work_with_Several_Concurrent_DHCP_Clients. 24.7.
http://en.opensuse.org/SDB:Ndiswrapper Offers a work-around for running unsupported WLAN cards with the Microsoft Windows using Ndiswrapper.
25 Using NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. It supports state-of-the-art encryption types and standards for network connections, including connections to 802.1X protected networks. 802.1X is the “IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control”. With NetworkManager, you need not worry about configuring network interfaces and switching between wired or wireless networks when you are moving.
25.2 Enabling or Disabling NetworkManager On laptop computers, NetworkManager is enabled by default. However, it can be at any time enabled or disabled in the YaST Network Settings module. 1 Run YaST and go to Network Devices > Network Settings. 2 The Network Settings dialog opens. Go to the Global Options tab. 3 To configure and manage your network connections with NetworkManager: 3a In the Network Setup Method field, select User Controlled with NetworkManager. 3b Click OK and close YaST.
Find a detailed description of the network configuration with YaST in Section 13.4, “Configuring a Network Connection with YaST” (page 241) and Chapter 24, Wireless LAN (page 431). 25.3 Configuring Network Connections After having enabled NetworkManager in YaST, configure your network connections with the NetworkManager front-ends available in KDE and GNOME. The network configuration dialogs for both front-ends are very similar.
Figure 25.1: GNOME Network Connections Dialog If you are using KDE, open the main menu and click System settings. In the Network and Connectivity section select Network Settings > Network Connections to open the network configuration dialog. Figure 25.2: KDE Network Configuration Dialog Alternatively, you can also start the configuration dialogs from the NetworkManager front-end in the system tray or the top bar, respectively. In KDE, left-click the icon and select Manage Connections.
NOTE: Availability of Options Depending on your system setup, you may not be allowed to configure connections. In a secured environment, some options might be locked or require root permission. Ask your system administrator for details. Procedure 25.1: Adding or Editing Connections When configuring network connections with NetworkManager, you can also define system connections that can be shared by all users.
5 For NetworkManager to automatically use a certain connection, activate Connect Automatically for this connection. 6 To turn a connection into a system connection activate System Connection (KDE) or Available to all users (GNOME). To create and edit system connections, root permission is required. After having confirmed your changes, the newly configured network connection appears in the list of available networks you get by left-clicking the NetworkManager icon. Figure 25.
25.4 Using the KDE NetworkManager Front-End The KDE front-end for NetworkManager is the NetworkManager plasmoid. If the network has been set up for NetworkManager control, the plasmoid usually starts automatically with the desktop environment and is shown as an icon in the system tray. If your system tray does not show any network connection icon, the plasmoid is probably not started. Click the Panel Tool Box and choose Add Widgets.
5 To switch off all network connections, both wired and wireless, click the NetworkManager icon and uncheck Enable Networking. 25.4.2 Managing Wireless Network Connections By default the NetworkManager front-end only lists connections that are already configured. The signal strength of each network is indicated by a series of bars, each one representing 10%. Encrypted wireless networks are marked with a green (WPA) or yellow (WEP) shield, while open networks are marked with a red shield. Procedure 25.
Switch back to the interface overview by clicking on the blue arrow icon. 2 To disconnect an active connection, click the red icon for the WLAN Interface. 3 To completely disable wireless networking, uncheck Enable Wireless. This can be useful if you are on a plane or in any other environment where wireless networking is not allowed. A wireless network that has been chosen explicitly will remain connected as long as possible.
IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose between various WEP and WPA–based encryptions. If you are not sure which technology is best for you, read Section 24.3, “Authentication” (page 433). 5 Confirm your configuration with OK. 25.
“Adding or Editing Connections” (page 453). Click the NetworkManager icon and select the newly configured connection to activate it. 5 To switch off all network connections, both wired and wireless, right-click the icon and uncheck Enable Networking. 25.5.2 Managing Wireless Network Connections GNOME NetworkManager lists a number of available visible wireless networks. To extend the list, click More Networks. The signal strength of each network is also shown in the menu.
25.5.3 Configuring Your Wireless Card as an Access Point If your wireless card supports access point mode, you can use NetworkManager for configuration. NOTE: Availability of Options Depending on your system set-up, you may not be allowed to configure connections. In a secured environment, some options might be locked or require root permission. Ask your system administrator for details. 1 Click the NetworkManager icon and select Network Settings Wireless.
NOTE: WEP 40/128-bit Key (Hex or ASCII) When using WEP 40/128-bit Key as encryption method, the Key length is restricted to either 5, 10, or 13 characters. Otherwise the Save button is inactive. 3d Confirm your changes. After a short delay, the Network dialog will show your changes. 4 To stop the hotspot and disconnect any users, click Stop Hotspot and confirm your choice in the pop-up dialog. 25.6 NetworkManager and VPN NetworkManager supports several Virtual Private Network (VPN) technologies.
vpnc (Cisco) To use this VPN technology, install • NetworkManager-vpnc and • NetworkManager-vpnc-kde4 or NetworkManager-vpnc-gnome. PPTP (Point-to-Point Tunneling Protocol) To use this VPN technology, install • NetworkManager-pptp and • NetworkManager-pptp-kde4 or NetworkManager-pptp-gnome. After you have installed the packages, configure your VPN connection as described in Section 25.3, “Configuring Network Connections” (page 451). 25.
25.7.1 User and System Connections NetworkManager knows two types of connections: user and system connections. User connections are connections that become available to NetworkManager when the first user logs in. Any required credentials are asked from the user and when the user logs out, the connections are disconnected and removed from NetworkManager.
In Secure Storage (Encrypted) If you choose this option, your credentials are stored in KWalletManager. 25.8 Frequently Asked Questions In the following, find some frequently asked questions about configuring special network options with NetworkManager. How to tie a connection to a specific device? By default, connections in NetworkManager are device type-specific: they apply to all physical devices with the same type.
How to share network connections to other computers? The primary device (the device which is connected to the Internet) does not need any special configuration. However, you need to configure the device that is connected to the local hub or machine as follows: 1. Start the dialog for configuring network connections as described in Section 25.3, “Configuring Network Connections” (page 451). Choose the connection you want to modify and click Edit.
25.9 Troubleshooting Connection problems can occur. Some common problems related to NetworkManager include the front-end not starting or a missing VPN option. Methods for resolving and preventing these problems depend on the tool used. NetworkManager Front-End Does Not Start The GNOME and KDE NetworkManager front-ends start automatically if the network is set up for NetworkManager control. If the front-end does not start, check if NetworkManager is enabled in YaST as described in Section 25.
NetworkManager Project Page http://projects.gnome.org/NetworkManager/ KDE NetworkManager Front-End http://userbase.kde.org/NetworkManagement Package Documentation Also check out the information in the following directories for the latest information about NetworkManager and the GNOME and KDE NetworkManager front-ends: • /usr/share/doc/packages/NetworkManager/, • /usr/share/doc/packages/NetworkManager-gnome/.
26 Using Tablet PCs openSUSE® comes with support for Tablet PCs. In the following, learn how to install and configure your Tablet PC and discover some useful Linux* applications which accept input from digital pens. The following Tablet PCs are supported: • Tablet PCs with serial and USB Wacom tablet (pen based), touch-screen or multitouch devices. • Tablet PCs with FinePoint devices, such as Gateway C210X/M280E/CX2724 or HP Compaq TC1000.
• Using gesture recognition in applications of the X Window System • Drawing with GIMP • Taking notes or sketching with applications like Jarnal or Xournal or editing larger amounts of text with Dasher 26.
26.2 Configuring Your Tablet Device During installation, your tablet or touch device is configured by default. If you have trouble with the configuration of your Wacom device, you use xsetwacom on the command line to change the settings. 26.3 Using the Virtual Keyboard To log in to the KDE or GNOME desktop or to unlock the screen, you can either enter your username and password as usual or via the virtual keyboard (xvkbd) displayed below the login field.
Start KRandRTray or gnome-display-properties from the main menu, or enter krandrtray or gnome-display-properties to start the applet from a shell. After you have started the applet, the applet icon is usually added to your system tray. If the gnome-display-properties icon does not automatically appear in the system tray, make sure Show Displays in Panel is activated in the Monitor Resolution Settings dialog. To rotate your display with KRandRTray, right-click the icon and select Configure Display.
2 Enter the gesture you would like to use for a character into the respective character's cell. With the first input, the background changes its color to white, whereas the character itself is shown in light gray. Repeat the gesture multiple times until the character changes its color to black. Untrained characters are shown on a light gray or brown background (depending on the desktop's color scheme). 3 Repeat this step until you have trained CellWriter for all characters you need.
26.5.2 Using Xstroke With xstroke, you can use gestures with your pen or other pointing devices as input for applications on the X Window System. The xstroke alphabet is a unistroke alphabet that resembles the Graffiti* alphabet. When activated, xstroke sends the input to the currently focused window. 1 Start xstroke from the main menu or with xstroke from a shell. This adds a pencil icon to your system tray.
26.6 Taking Notes and Sketching with the Pen To create drawings with the pen, you can use a professional graphics editor like GIMP or try one of the note-taking applications, Xournal or Jarnal. With both Xournal and Jarnal, you can take notes, create drawings or comment PDF files with the pen. As a Java-based application available for several platforms, Jarnal also offers basic collaboration features. For more information, refer to http://www.dklevine.com/ general/software/tc1000/jarnal-net.htm.
of text using only the pen (or other input devices—it can even be driven with an eye tracker). Start Dasher from the main menu or with dasher from a shell. Move your pen in one direction and the application starts to zoom into the letters on the right side. From the letters passing the cross hairs in the middle, the text is created or predicted and is printed to the upper part of the window. To stop or start writing, click the display once with the pen. Modify the zooming speed at the bottom of the window.
Orientation of the Wacom Graphics Tablets Does Not Change With the xrandr command, you can change the orientation of your display from within a shell. Enter xrandr --help to view the options available.
26.8 For More Information Some of the applications mentioned here do not offer integrated online help, but you can find some useful information about usage and configuration in your installed system in /usr/share/doc/package/packagename or on the Web: • For the Xournal manual, refer to http://xournal.sourceforge.net/ manual.html • The Jarnal documentation is located at http://www.dklevine.com/general/ software/tc1000/jarnal.htm#documentation • Find the xstroke man page at http://davesource.
27 Copying and Sharing Files If using multiple operating systems (OS) simultaneously, it is often necessary to exchange files among them. Different systems may reside on different partitions on the same machine or on different machines across your network. There are various approaches to file exchange with different basic instructions and possible pitfalls.
on the server, not locally on the client. File servers typically serve a large number of clients simultaneously. 27.1 Scenarios The following list provides a number of possible scenarios involving file transfer: Different OS on the Same Computer Many users have an operating system preinstalled by their vendor and run Linux in a separate partition. Refer to Section 27.4, “Accessing Files on Different OS on the Same Computer” (page 484) for more information.
27.2 Access Methods The following methods and protocols are well-suited to file transfer and sharing. FTP Use FTP (File Transfer Protocol) if you need to exchange files very often and with different users. Set up an FTP server on one system and access it with clients. There are many graphical client applications available for FTP on Windows*, MacOS, and Linux. Depending on how your FTP server is used, enable read and write permissions. See Section 27.5.
CSync CSync is an alternative to Unison. Just like Unison it synchronizes files bidirectionally. However, its architecture is modular so it can be extended with plug-ins. See http://www.csync.org for more details. SMB Samba is a client/server system and an implementation of the SMB protocol. It is usually used in Windows networks, but is supported by several operating systems. Refer to Chapter 19, Samba (page 347) for more information about Samba.
• An established connection. • The SSH daemon running on both machines. To start the service, run the command rcsshd start as root. Proceed as follows: Procedure 27.1: GNOME 1 Start Nautilus. 2 Click on File > Connect to Server. 3 Set the Service Type to ssh. 4 Enter the IP address and port of the remote computer (default is 22). 5 Specify the folder you want to open on the remote Computer. 6 Click Connect. Procedure 27.2: KDE 1 Start Dolphin. 2 Click on Network, Add Network.
27.4 Accessing Files on Different OS on the Same Computer New computers generally ship with a preinstalled operating system, usually Windows. If you have installed Linux on a different partition, you might want to exchange files between the different operating systems. Windows cannot read Linux partitions by default. If you want to exchange files between these two operating systems, you have to create an “exchange partition”. For a more direct approach, see http://www.fs-driver.
Command Line Just list the contents of /windows to see one or more directories containing your Windows drives. The directory /windows/c maps to the Windows C:\ drive, for example. NOTE: Changing the Accessibility of Windows Partitions Initially, Windows partitions are mounted read-only for normal users to avoid accidental damage to the file system. To grant normal users full access to a mounted Windows partition, change the mount behavior of this Windows partition.
User tux 27.5.1 Copying Files with SSH The following requirements must be met on both computers that are accessed via SSH: 1. If you use a hostname, make sure each hostname is listed in /etc/hosts on both computers (see Section 13.6.1.6, “/etc/hosts” (page 270).) If you use SSH with IP addresses, you do not need to change anything. 2. If you use a firewall, open the SSH port. To do so, start YaST, and select Security and Users > Firewall.
4 Drag and drop the desired files or directories to your desktop or a local directory. KDE provides another protocol called fish that can be used if sftp is not available. The use of this protocol is similar to sftp. Just replace the sftp protocol prefix of the URL with fish: fish://tux@jupiter.example.com 27.5.2 Transferring Files with rsync rsync is useful for archiving or copying data and can also be used as a daemon to provide directories to the network (see Procedure 27.
27.5.2.2 rsync Daemon Mode Start the rsyncd daemon on one of your systems to make use of the full functionality of rsync. In this mode, it is possible to create synchronization points (modules) that can be accessed without an account. To use the rsyncd daemon, proceed as follows: Procedure 27.3: Advanced Setup for rsync Synchronization 1 Log in as root and install the rsync package. 2 Configure your synchronization points in /etc/rsyncd.conf.
1. The package unison is installed. 2. Enough disk space is available on your local and remote computer. 3. If you want to benefit from Unison's full potential, make sure that Unison is also installed and running on the remote computer. In case you need help, run Unison with the -doc topics option to get a full list of available sections.
formed the synchronization now. A question mark indicates a conflict (both files have been changed and Unison cannot decide which one to overwrite). Figure 27.1: File Synchronization Proposal 5 To modify the proposals Unison shows for each file (for example, if you want to change the direction), select the file and click Right to Left or Left to Right. With Skip, exclude a file from synchronization. The symbol in the Action column changes accordingly. 6 To start the synchronization, click Go.
local <---- jupiter new file dir [f] 3 Press F if you want to follow Unison's recommendation. For other commands, press ?. 4 Proceed with y, if you want to propagate your updates. 27.5.4 Copying Files with FTP Before configuring your FTP server, make sure that the following requirements are met: 1. The package vsftp is installed. 2. You have root access to your FTP server. 3. Enough disk space is available on your computer.
2 Replace the configuration files according to the preferred scenario (refer to the manual page of vsftpd.
PuTTY PuTTY is a suite of different command line tools for working with an SSH daemon. Download it from http://www.chiark.greenend.org.uk/~sgtatham/ putty.html. WinSCP WinSCP is very similar to PuTTY, but includes a graphical user interface. Choose from an Explorer or Norton Commander style. Download it from http://winscp .net. To copy a file from Windows to Linux with PuTTY, proceed as follows (on the Windows machine): 1 Start PSCP. 2 Enter the hostname of your SSH server.
27.7 Sharing Files between Linux Computers The following sections feature various methods for sharing data. Use one of these if you are looking for a permanent solution for data sharing. 27.7.
3b Set the export options to: rw,root_squash,async 3c Repeat these steps, if you need to export more than one directory. 4 Apply your settings and leave YaST. Your NFS server is ready to use. To manually start the NFS server, enter rcnfsserver start as root. To stop the server, enter rcnfsserver stop. By default, YaST takes care of starting this service at boot time. To configure the client, proceed as follows: 1 Prepare the NFS client: 1a Start YaST as root. 1b Select Network Services > NFS Client.
3 Apply your settings and leave YaST. Your NFS client is ready to use. To start the NFS client manually, enter rcnfs start. NOTE: Consistent User Names If your home network is used by just a small number of users, set up identical users manually on all machines. If, however, you need a larger consistent user base across a larger home network, consider using NIS or LDAP to manage user data.
27.7.2.2 Accessing Shares from the Command Line If you prefer using the command line, use the smbclient command. To log in to your Samba server, run: smbclient //jupiter/share -U tux Omit the -U option if you are the current user tux. After logging in successfully, use some basic commands like ls (list contents), mkdir (create directory), get (download file), and put (upload file). Use help to display all commands. Refer to the manual page of smbclient for more information. 27.
Procedure 27.4: Setting Up a Samba Server To set up a Samba server, do the following: 1 Prepare the Samba server: 1a Start YaST as root. 1b Install the samba package. 1c Create a directory (for example, /srv/share). 2 Create the server configuration: 2a Select Network Services > Samba Server. 2b Select one of the workgroups or enter a new one (for example, Penguin). 2c Check Primary Domain Controller (PDC) 2d Select During Boot if the Samba service should be started every time your computer boots.
4 Provide a password for all users that are allowed to use this service: smbpasswd -a tux For easier configuration, just hit Enter to leave the password empty. Take into account that the usernames on your Windows and Linux computers are probably different. Configuring a consistent user base for both Windows and Linux is beyond the scope of this document.
27.9 For More Information • http://en.wikipedia.org/wiki/VFAT • http://en.wikipedia.org/wiki/NTFS • http://en.wikipedia.org/wiki/Fstab • http://en.wikipedia.org/wiki/Network_File_System • http://en.wikipedia.org/wiki/File_Transfer_Protocol • http://en.wikipedia.org/wiki/SSH • http://en.wikipedia.org/wiki/Rsync • http://en.wikipedia.
An Example Network This example network is used across all network-related chapters of the openSUSE® documentation.
GNU Licenses This appendix contains the GNU General Public License version 2 and the GNU Free Documentation License version 1.2. GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.
This program is modify it under as published by of the License, free software; you can redistribute it and/or the terms of the GNU General Public License the Free Software Foundation; either version 2 or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software. We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does.
You may also lend copies, under the same conditions stated above, and you may publicly display copies. 3. COPYING IN QUANTITY If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover.
M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified Version. N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant Section. O. Preserve any Warranty Disclaimers. If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant.
8. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections.
If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.
