openSUSE 11.4 December 19, 2011 www.suse.
Reference Copyright © 2006– 2011 Novell, Inc. and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For Novell trademarks, see the Novell Trademark and Service Mark list http://www.
Contents About This Guide xiii Part I Installation and Deployment 1 1 Installation with YaST 3 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 Choosing the Installation Media . . . . . . . . . . . . . . . . . . . Choosing the Installation Method . . . . . . . . . . . . . . . . . . . The Installation Workflow . . . . . . . . . . . . . . . . . . . . . . System Start-Up for Installation . . . . . . . . . . . . . . . . . . . The Boot Screen . . . . . . . . . . . . . . . . . . . . . . .
3 Advanced Disk Setup 3.1 3.2 3.3 Using the YaST Partitioner . . . . . . . . . . . . . . . . . . . . . LVM Configuration . . . . . . . . . . . . . . . . . . . . . . . . Soft RAID Configuration . . . . . . . . . . . . . . . . . . . . . . 73 73 81 87 Part II Managing and Updating Software 91 4 Installing or Removing Software 93 4.1 4.2 4.3 4.4 4.5 Definition of Terms . . . . . . . . . . . . . . . . . . . . . . . . Using the KDE Interface (Qt) . . . . . . . . . . . . . . . . . . . .
9.4 9.5 9.6 9.7 Changing Default Settings for Local Users . Assigning Users to Groups . . . . . . . . Managing Groups . . . . . . . . . . . Changing the User Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0 Changing Language and Country Settings with YaST 10.1 10.2 171 Changing the System Language . . . . . . . . . . . . . . . . . . . Changing the Country and Time Settings . . . . . . . . . . . . . .
Part IV System 227 1 6 32-Bit and 64-Bit Applications in a 64-Bit System Environment 229 16.1 16.2 16.3 16.4 Runtime Support . . . . . . . . . . . Software Development . . . . . . . . . Software Compilation on Biarch Platforms . Kernel Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 7 Booting and Configuring a Linux System 17.1 17.2 17.3 233 The Linux Boot Process . . . . . . . . . . . . . . . . . . .
2 1 Shell Basics 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8 21.9 21.10 21.11 21.12 299 Starting a Shell . . . . . . . . . . . . Entering Commands . . . . . . . . . . Working with Files and Directories . . . . Becoming Root . . . . . . . . . . . . File Access Permissions . . . . . . . . . Useful Features of the Shell . . . . . . . Editing Texts . . . . . . . . . . . . . Searching for Files or Contents . . . . . . Viewing Text Files . . . . . . . . . . . Redirection and Pipes . . . . . . . . . .
24.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 2 5 The Domain Name System 25.1 25.2 25.3 25.4 25.5 25.6 25.7 25.8 25.9 25.10 421 DNS Terminology . . . . . . . . . . . . . . . . . . . . . . . . Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration with YaST . . . . . . . . . . . . . . . . . . . . . . Starting the BIND Name Server . . . . . . . . . . . . . . . . . . The /etc/named.conf Configuration File . . . . . . . . . . . . . . . Zone Files . . . . . .
29.5 29.6 29.7 Configuring Clients . . . . . . . . . . . . . . . . . . . . . . . . Samba as Login Server . . . . . . . . . . . . . . . . . . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . . 3 0 The Apache HTTP Server 30.1 30.2 30.3 30.4 30.5 30.6 30.7 30.8 30.9 491 Quick Start . . . . . . . . . . . . . . . Configuring Apache . . . . . . . . . . . Starting and Stopping Apache . . . . . . . Installing, Activating, and Configuring Modules Getting CGI Scripts to Work . . . . . . . .
3 4 Wireless LAN 34.1 34.2 34.3 34.4 34.5 34.6 34.7 34.8 563 WLAN Standards . . . . . . . . . . . . . . . . . . . . . . . . . Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . Authentication . . . . . . . . . . . . . . . . . . . . . . . . . Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration with YaST . . . . . . . . . . . . . . . . . . . . . . Tips and Tricks for Setting Up a WLAN . . . . . . . . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . .
A An Example Network 631 B GNU Licenses 633 B.1 B.2 GNU General Public License . . . . . . . . . . . . . . . . . . . . GNU Free Documentation License . . . . . . . . . . . . . . . . .
About This Guide This manual gives you a general understanding of openSUSE®. It is intended mainly for system administrators and home users with basic system administration knowledge. Check out the various parts of this manual for a selection of applications needed in everyday life and in-depth descriptions of advanced installation and configuration scenarios. Advanced Deployment Scenarios Learn how to deploy openSUSE from a remote location and become acquainted with complex disk setup scenarios.
1 Available Documentation We provide HTML and PDF versions of our books in different languages. The following manuals for users and administrators are available on this product: Start-Up (↑Start-Up) Guides you step-by-step through the installation of openSUSE from DVD, or from an ISO image, gives short introductions to the GNOME and KDE desktops including some key applications running on it.
Find HTML versions of most product manuals in your installed system under /usr/ share/doc/manual or in the help centers of your desktop. Find the latest documentation updates at http://www.novell.com/documentation where you can download PDF or HTML versions of the manuals for your product. 2 Feedback Several feedback channels are available: Bugs and Enhancement Requests To report bugs for a product component, or to submit enhancement requests, please use https://bugzilla.novell.com/.
• user: users or groups • Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as on a keyboard • File, File > Save As: menu items, buttons • Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a chapter in another manual. 4 About the Making of This Manual This book is written in Novdoc, a subset of DocBook (see http://www.docbook .org).
6 Acknowledgments With a lot of voluntary commitment, the developers of Linux cooperate on a global scale to promote the development of Linux. We thank them for their efforts—this distribution would not exist without them. Furthermore, we thank Frank Zappa and Pawar. Special thanks, of course, goes to Linus Torvalds.
Part I.
1 Installation with YaST Install your openSUSE® system with YaST, the central tool for installation and configuration of your system. YaST guides you through the installation process and the basic configuration of your system. During the installation and configuration process, YaST analyzes both your current system settings and your hardware components and proposes installation settings based on this analysis.
however, make the contents of the DVD available on an installation server and make them available all across your network. DVD-download One DVD5, available via download for 32bit or 64bit systems. Choose this installation option if you want a fully-fledged openSUSE system. Beyond the downloading of the DVD ISO, there is no network connection required to make use of this installation option. Once the medium has been fully downloaded and the physical medium created, you can go ahead with the installation.
To install from a HTTP, FTP, NFS, or SMB server, follow the instructions in Section 1.2.2, “Installing from a Network Source without SLP” (page 7). IMPORTANT: Add-On CDs—Installing Additional Software Although add-on CDs (extensions or third-party products) cannot be used as stand-alone installation media, they can be embedded as additional software sources during the installation. Currently CDs with additional languages and non open source software are available as add-on CDs for openSUSE.
Installing with openSUSE 11.4 Installer from Windows Choose this installation option if you prefer a smooth transition from using Windows to using Linux. openSUSE 11.4 Installer allows you to boot into the openSUSE installation right from a running Windows by modifying the Windows boot loader. This installation option is only available from the DVD media. Refer to Section 1.2.3, “Installing with the openSUSE 11.4 Installer from Windows” (page 8) for details.
TIP: Booting from DVD on UEFI machines ►amd64 em64t: DVD1 can be used as a boot medium for machines equipped with UEFI (Unified Extensible Firmware Interface). Refer to your vendor's documentation for specific information. If booting fails, try to enable CSM (Compatibility Support Module) in your firmware. ◄ 1.2.1 Installing from a Network Server Using SLP If your network setup supports OpenSLP and your network installation source has been configured to announce itself via SLP (described in Section 2.
1.2.3 Installing with the openSUSE 11.4 Installer from Windows openSUSE 11.4 Installer is a Microsoft Windows application that prepares your computer to directly boot into the openSUSE installation without having to adjust BIOS settings. It is only available on DVD media. To use the installer, insert the openSUSE media under Windows. The openSUSE 11.4 Installer setup automatically starts (if not, run openSUSE11_2_LOCAL.exe from the DVD).
to do a fully automatic or a manual configuration. In this stage, network and Internet access, as well as hardware components such as printers, are set up. 1.4 System Start-Up for Installation You can install openSUSE from local installation sources, such as the openSUSE CDs or DVD, or from network source of an FTP, HTTP, NFS, or SMB server. Any of these approaches requires physical access to the system to install as well as user interaction during the installation.
Firmware Test Starts a BIOS checker that validates ACPI and other parts of your BIOS. This option is not available on the LiveCDs. Memory Test Tests your system RAM using repeated read and write cycles. Terminate the test by rebooting. For more information, see Section “Fails to Boot” (Appendix A, Help and Troubleshooting, ↑Start-Up). This option is not available on the LiveCDs. Figure 1.
F3Video Mode Select various graphical display modes for the installation. Select Text Mode if the graphical installation causes problems. F4Source Normally, the installation is performed from the inserted installation medium. Here, select other sources, like FTP or NFS servers. If the installation is deployed on a network with an SLP server, select an installation source available on the server with this option. Find information about SLP in Chapter 24, SLP Services in the Network (page 417).
bootprompt: ipv6=1 (accept IPv4 and IPv6) or ipv6only=1 (accept IPv6 only). After starting the installation, openSUSE loads and configures a minimal Linux system to run the installation procedure. To view the boot messages and copyright notices during this process, press Esc. On completion of this process, the YaST installation program starts and displays the graphical installer.
Figure 1.2 Welcome 1.7 Installation Mode After a system analysis (where YaST probes for storage devices and tries to find other installed systems on your machine) the available installation modes are displayed. This step is skipped when installing from a LiveCD, since this medium only supports a new installation with automatic configuration. New installation Select this option to start a new installation from scratch. Update Select this option to update an existing installation to a newer version.
Figure 1.3 Installation Mode By default, the automatic configuration is used when performing a new installation. In this mode the system automatically configures your hardware and the network, so the installation is performed with minimal user interaction. If necessary, you can change every configuration that is set up later in the installed system using YaST. Uncheck Use Automatic Configuration if you prefer a manual configuration during the installation.
the Network Setup and proceed as described in Section 1.7.1.1, “Network Setup” (page 15). If the add-on product is available locally, select No, Skip the Network Setup. Click Next and specify the product source. Source types available are CD, DVD, Hard Disk, USB Mass Storage, a Local Directory or a Local ISO Image (if no network was configured). If the add-on product is available on removable media, the system automatically mounts the media and reads its contents.
1.8 Clock and Time Zone In this dialog, select your region and time zone. Both are preselected according to the selected installation language. To change the preselected values, either use the map or the drop down lists for Region and Time Zone. When using the map, point the cursor at the rough direction of your region and left-click to zoom. Now choose your country or region by left-clicking. Right-click to return to the world map. Figure 1.
1.9 Desktop Selection In openSUSE, you can choose from various desktops. The major ones, KDE and GNOME, are powerful graphical desktop environments similar to Windows. This step is skipped when installing from a LiveCD, since this medium is already preconfigured to either use KDE or GNOME. If you prefer a different desktop, choose Other for more options. The XFCE Desktop and the LXDE Desktop are fast and lightweight desktop environments suitable for modest hardware.
FAT or NTFS partitions is selected as the installation target, YaST proposes to shrink one of these partitions. Accept the proposal with Next and proceed with the installation. Experienced users can also customize the proposal or apply their own partitioning scheme. The proposed partitioning is Partition Based by default. If you prefer an LVM Based setup, check the respective option to automatically convert the proposal. Refer to Section 3.
to utilize. To add a separate partition for you personal data check Propose a Separate Home Partition. Instead of the default partition-based proposal, it is possible to Create an LVM Based Proposal. Choose two times Next to proceed to the next step. 1.10.1.1 Resizing a Windows Partition If the selected hard disk only contains a Windows FAT or NTFS partition, YaST offers to delete or shrink this partition.
Figure 1.7 Resizing the Windows Partition If you leave this dialog by selecting Next, the settings are stored and you are returned to the previous dialog. The actual resizing takes place later, before the hard disk is formatted. IMPORTANT: Writing on NTFS Partitions By default, the Windows uses the NTFS file system. openSUSE includes read and write access to the NTFS file system, but this feature has a few limitations. This means that you cannot read or write encrypted or compressed files.
1.11 Create New User Create a local user in this step. Administrating local users is a suitable option for standalone workstations. If setting up a client on a network with centralized user authentication, click Change and proceed with the Section 1.11.1, “Expert Settings” (page 23). After entering the first name and last name, either accept the proposal or specify a new Username that will be used to log in. Finally, enter a password for the user.
Figure 1.8 Create New User Three additional options are available: Use this Password for the System Administrator If checked, the same password you have entered for the user will be used for the system administrator root. This option is suitable for stand-alone workstations or machines in a home network that are administrated by a single user. When not checked, you are prompted for a system administrator password in the next step of the installation workflow (see Section 1.11.
Automatic Login This option automatically logs the current user in to the system when it starts. This is mainly useful if the computer is operated by only one user. WARNING: Automatic Login With the automatic login enabled, the system boots straight into your desktop with no authentication at all. If you store sensitive data on your system, you should not enable this option as long as the computer can also be accessed by others. 1.11.
Windows Domain SMB authentication is often used in mixed Linux and Windows networks. and Section “Configuring a Linux Client for Active Directory” (Chapter 5, Active Directory Support, ↑Security Guide). Along with user administration via LDAP and NIS, you can use Kerberos authentication. To use it, select Set Up Kerberos Authentication. For more information on Kerberos, refer to Chapter 6, Network Authentication with Kerberos (↑Security Guide). 1.11.
1.12 Installation Settings On the last step before the real installation takes place, you can alter installation settings suggested by YaST and also review the settings you made so far. To modify the suggestions, either click Change and select the category to change or click on one of the headlines. After configuring any of the items presented in these dialogs, you are always returned to the Installation Settings window, which is updated accordingly. Figure 1.
1.12.2 Booting YaST proposes a boot configuration for your system. Other operating systems found on your computer, such as Microsoft Windows or other Linux installations, will automatically be detected and added to the boot loader. However, openSUSE will be booted by default. Normally, you can leave these settings unchanged. If you need a custom setup, modify the proposal for your system. For information, see Section 18.2, “Configuring the Boot Loader with YaST” (page 260).
Figure 1.10 Software Selection and System Tasks 1.12.4 Locale Settings Here you can change the system Language and Keyboard Layout you defined in the first step of the installation. It is also possible to add additional languages. To adjust the system language settings, select Language. Select a language from the list. The primary language is used as the system language. You can also adapt keyboard layout and time zone to the primary language if the current settings differ.
1.12.5 Time Zone Adjust time zone and clock settings here. Provided a network is configured, you can also set up a Network Time Protocol (NTP) client that automatically synchronizes your computer with a time server. This is the same configuration as shown earlier in Section 1.8, “Clock and Time Zone” (page 16). 1.12.6 User Settings Change the current User settings and change or set the Root Password here. This is the same configuration as shown earlier in Section 1.11, “Create New User” (page 21). 1.12.
Unless your custom software selection does not match any of the available images, this feature is Enabled by default. In case of problems, Disable it for debugging purposes. 1.12.10 Firewall By default SuSEfirewall2 is enabled on all configured network interfaces. To globally disable the firewall for this computer, click on Disable. If the firewall is enabled, you may Open the SSH port in order to allow remote connections via secure shell. 1.
TIP: Existing SSH Host Keys If you install openSUSE on a machine with existing Linux installations, the installation routine automatically imports the SSH host key with the most recent access time from an existing installation. 1.14 Configuration of the Installed System The system is now installed, but not yet configured for use. The hardware, the network and other services are not yet set up. If you follow the default installation path, the system will be automatically configured.
In many networks, the system receives its name over DHCP. In this case it is not necessary to modify the proposed hostname and domain name. Select Change Hostname via DHCP instead. To be able to access your system using this hostname, even when it is not connected to the network, select Assign Hostname to Loopback IP. Do n ot enable this option when your machine provides network services. If you often change networks without restarting the desktop environment (e.g.
enabled, you may Open the SSH port in order to allow remote connections via secure shell. To open the detailed firewall configuration dialog, click on Firewall. See Section “Configuring the Firewall with YaST” (Chapter 14, Masquerading and Firewalls, ↑Security Guide) for detailed information. Network Interfaces All network cards detected by YaST are listed here. If you have already set up a network connection during the installation (as described in Section 1.7.1.
If you have multiple network interfaces, verify that the desired card is used to connect to the Internet. If not, click Change Device. To start the test, select Yes, Test Connection to the Internet and click Next. In the following dialog, view the progress of the test and the results. Detailed information about the test process is available via View Logs. If the test fails, click Back to return to the network configuration to correct your entries. Proceed with Next.
1.14.2.4 New Local User If no local user was created in phase one, you can create one in this dialog—otherwise this step is skipped. To create more users, manage groups, modify defaults for new users and set up network authentication, launch User Management. Refer to Chapter 9, Managing Users with YaST (page 155) for more information about user management. To skip this step, click Next without entering any data. 1.14.2.
AutoYaST is a system for installing one or more openSUSE systems automatically without user intervention. AutoYaST installations are performed using a control file with installation and configuration data. Finish the installation of openSUSE with Finish in the final dialog. 1.15 Graphical Login openSUSE is now fully installed and configured.
2 Remote Installation openSUSE® can be installed in different ways. As well as the usual media installation covered in Chapter 1, Installation with YaST (page 3), you can choose from various network-based approaches or even take a completely hands-off approach to the installation of openSUSE. Each method is introduced by means of two short check lists: one listing the prerequisites for this method and the other illustrating the basic procedure.
2.1.1 Simple Remote Installation via VNC—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation. The installation itself is entirely controlled by a remote workstation using VNC to connect to the installation program. User interaction is required as with the manual installation in Chapter 1, Installation with YaST (page 3).
dressed by any VNC viewer application or browser. VNC installations announce themselves over OpenSLP and if the firewall settings permit, they can be found using Konqueror in service:/ or slp:/ mode. 4 On the controlling workstation, open a VNC viewing application or Web browser and connect to the target system as described in Section 2.5.1, “VNC Installation” (page 69). 5 Perform the installation as described in Chapter 1, Installation with YaST (page 3).
1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit. For more information about the openSUSE media kit, see Section 1.1, “Choosing the Installation Media” (page 3).
• TFTP server. • Running DHCP server for your network. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera). To perform this type of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46).
2.1.4 Simple Remote Installation via SSH—Static Network Configuration This type of installation still requires some degree of physical access to the target system to boot for installation and to determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using SSH to connect to the installer. User interaction is required as with the regular installation described in Chapter 1, Installation with YaST (page 3).
and SSH enablement. This is described in detail in Section 2.4.2, “Using Custom Boot Options” (page 66). The target system boots to a text-based environment, giving the network address under which the graphical installation environment can be addressed by any SSH client. 4 On the controlling workstation, open a terminal window and connect to the target system as described in Section 2.5.2.2, “Connecting to the Installation Program” (page 71).
1 Set up the repository source as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server. For an SMB repository, refer to Section 2.2.5, “Managing an SMB Repository” (page 53). 2 Boot the target system using a boot medium (DVD, CD, or USB flash drive) of the openSUSE media kit. For more information about the openSUSE media kit, see Section 1.1, “Choosing the Installation Media” (page 3).
• Running DHCP server for your network, providing a static IP to the host to install. • Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network. • Controlling system with working network connection and SSH client software. To perform this type of installation, proceed as follows: 1 Set up the repository as described in Section 2.2, “Setting Up the Server Holding the Installation Sources” (page 46). Choose an NFS, HTTP, or FTP network server.
2.2 Setting Up the Server Holding the Installation Sources Depending on the operating system running on the machine to use as the network installation source for openSUSE, there are several options for the server configuration. The easiest way to set up an installation server is to use YaST on openSUSE 11.1 and higher. TIP You can even use a Microsoft Windows machine as the installation server for your Linux deployment. See Section 2.2.5, “Managing an SMB Repository” (page 53) for details. 2.2.
Define an alias for the root directory of the FTP or HTTP server on which the installation data should be found. The repository will later be located under ftp://Server-IP/Alias/Name (FTP) or under http://Server-IP/Alias/Name (HTTP). Name stands for the name of the repository, which is defined in the following step. If you selected NFS in the previous step, define wild cards and export options. The NFS server will be accessible under nfs://Server-IP/Name.
Your installation server is now fully configured and ready for service. It is automatically started every time the system is started. No further intervention is required. You only need to configure and start this service correctly by hand if you have deactivated the automatic configuration of the selected network service with YaST as an initial step. To deactivate a repository, select the repository to remove then select Delete. The installation data are removed from the system.
cp -a /media/path_to_your_DVD_drive . Replace path_to_your_DVD_drive with the actual path under which your DVD drive is addressed. Depending on the type of drive used in your system, this can be cdrom, cdrecorder, dvd, or dvdrecorder. 3b Rename the directory to the DVD number: mv path_to_your_DVD_drive DVDx Replace x with the actual number of your DVD. On openSUSE, you can export the repository with NFS using YaST. Proceed as follows: 1 Log in as root. 2 Start YaST > Network Services > NFS Server.
This exports the directory /productversion to any host that is part of this network or to any host that can connect to this server. To limit the access to this server, use netmasks or domain names instead of the general wild card *. Refer to the export man page for details. Save and exit this configuration file. 3 To add the NFS service to the list of servers started during system boot, execute the following commands: insserv /etc/init.d/nfsserver 4 Start the NFS server with rcnfsserver start.
1 Create a directory holding the installation sources as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48). 2 Configure the FTP server to distribute the contents of your installation directory: 2a Log in as root and install the package vsftpd using the YaST software management. 2b Enter the FTP server root directory: cd /srv/ftp 2c Create a subdirectory holding the installation sources in the FTP root directory: mkdir repository Replace repository with the product name.
TIP: Configuring an FTP Server with YaST If you prefer using YaST over manually configuring the FTP installation server, refer to Chapter 31, Setting up an FTP server with YaST (page 533) for more information on how to use the YaST FTP server module. 2.2.4 Setting Up an HTTP Repository Manually Creating an HTTP repository is very similar to creating an NFS repository. An HTTP repository can be announced over the network using OpenSLP as well.
Options Indexes FollowSymLinks 2e Reload the HTTP server configuration using rcapache2 reload. 3 Announce the repository via OpenSLP, if this is supported by your network setup: 3a Create the /etc/slp.reg.d/install.suse.http.reg configuration file with the following lines: # Register the HTTP Installation Server service:install.suse:http://$HOSTNAME/repository/DVD1/,en,65535 description=HTTP Repository Replace repository with the actual path to the repository on your server.
To use a SMB mounted share as a repository, proceed as follows: 1 Boot the installation target. 2 Select Installation. 3 Press F4 for a selection of the repository. 4 Choose SMB and enter the Windows machine's name or IP address, the share name (INSTALL/product/DVD1, in this example), username, and password. After you hit Enter, YaST starts and you can perform the installation. 2.2.
Replace path_to_iso with the path to your local copy of the ISO image, path_to_repository with the source directory of your server, product with the product name, and mediumx with the type (CD or DVD) and number of media you are using. 6 Repeat the previous step to mount all ISO images needed for your product. 7 Start your installation server as usual, as described in Section 2.2.2, “Setting Up an NFS Repository Manually” (page 48), Section 2.2.
1 Log in as root to the machine hosting the DHCP server. 2 Install the yast2-dhcp-server package. 3 Start YaST > Network Services > DHCP Server. 4 Complete the setup wizard for basic DHCP server setup. 5 Select Expert Settings and select Yes when warned about leaving the start-up dialog. 6 In the Configured Declarations dialog, select the subnet in which the new system should be located and click Edit. 7 In the Subnet Configuration dialog select Add to add a new option to the subnet's configuration.
subnet 192.168.1.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.1.200 192.168.1.228; # PXE related stuff # # "next-server" defines the tftp server that will be used next-server ip_tftp_server: # # "filename" specifies the pxelinux image on the tftp server # the server runs in chroot under /srv/tftpboot filename "pxelinux.0"; } Replace ip_of_the_tftp_server with the actual IP address of the TFTP server. For more information about the options available in dhcpd.conf, refer to the dhcpd.
2.3.2 Setting Up a TFTP Server Set up a TFTP server with YaST or set it up manually on any other Linux operating system that supports xinetd and TFTP. The TFTP server delivers the boot image to the target system once it boots and sends a request for it. 2.3.2.1 Setting Up a TFTP Server Using YaST 1 Log in as root. 2 Install the yast2-tftp-server package. 3 Start YaST > Network Services > TFTP Server and install the requested package.
4 Modify the configuration of xinetd located under /etc/xinetd.d to make sure that the TFTP server is started on boot: 4a If it does not exist, create a file called tftp under this directory with touch tftp. Then run chmod 755 tftp. 4b Open the file tftp and add the following lines: service tftp { socket_type protocol wait user server server_args disable } = = = = = = = dgram udp yes root /usr/sbin/in.tftpd -s /srv/tftpboot no 4c Save the file and restart xinetd with rcxinetd restart. 2.3.
4 Change to the directory of your installation repository and copy the isolinux .cfg file to /srv/tftpboot/pxelinux.cfg/default by entering the following: cp -a boot//loader/isolinux.cfg /srv/tftpboot/pxelinux.cfg/default 5 Edit the /srv/tftpboot/pxelinux.cfg/default file and remove the lines beginning with gfxboot, readinfo, and framebuffer.
TIP: Changing Kernel and initrd Filenames It is possible to use different filenames for Kernel and initrd images. This is useful if you want to provide different operating systems from the same boot server. However, you should be aware that only one dot is permitted in the filenames that are provided by TFTP for the PXE boot. An example /srv/tftpboot/pxelinux.cfg/default file follows.
Replace ip_instserver and path_to_repository with the values used in your setup. The following section serves as a short reference to the PXELINUX options used in this setup. Find more information about the options available in the documentation of the syslinux package located under /usr/share/doc/packages/ syslinux/. 2.3.4 PXELINUX Configuration Options The options listed here are a subset of all the options available for the PXELINUX configuration file. DEFAULT kernel options...
PXELINUX uses the following syntax: label mylabel kernel mykernel append myoptions Labels are mangled as if they were filenames and they must be unique after mangling. For example, the two labels “v2.6.30” and “v2.6.31” would not be distinguishable under PXELINUX because both mangle to the same DOS filename. The Kernel does not have to be a Linux Kernel; it can be a boot sector or a COMBOOT file. APPEND Append nothing.
PROMPT flag_val If flag_val is 0, displays the boot prompt only if Shift or Alt is pressed or Caps Lock or Scroll Lock is set (this is the default). If flag_val is 1, always displays the boot prompt. F2 filename F1 filename ..etc... F9 filename F10 filename Displays the indicated file on the screen when a function key is pressed at the boot prompt. This can be used to implement preboot online help (presumably for the Kernel command line options).
2.3.7 Wake on LAN Wake on LAN allows a machine to be turned on by a special network packet containing the machine's MAC address. Because every machine in the world has a unique MAC identifier, you do not need to worry about accidentally turning on the wrong machine.
2.4.2 Using Custom Boot Options Using the appropriate set of boot options helps facilitate your installation procedure. Many parameters can also be configured later using the linuxrc routines, but using the boot options is easier. In some automated setups, the boot options can be provided with initrd or an info file. The following table lists all installation scenarios mentioned in this chapter with the required parameters for booting and the corresponding boot options.
Installation Scenario Parameters Needed for Boot Options Booting Section 2.1.2, “Simple Remote Installation via VNC—Dynamic Network Configuration” (page 39) • Location of the instal- • install=(nfs,http, lation server ftp,smb)://path_to • VNC enablement _instmedia • VNC password • vnc=1 • vncpassword=some _password Section 2.1.
Installation Scenario Parameters Needed for Boot Options Booting Section 2.1.5, “Simple Remote Installation via SSH—Dynamic Network Configuration” (page 43) • Location of the instal- • install=(nfs,http, lation server ftp,smb)://path_to • SSH enablement _instmedia • SSH password • usessh=1 • sshpassword=some _password Section 2.1.
2.5.1 VNC Installation Using any VNC viewer software, you can remotely control the installation of openSUSE from virtually any operating system. This section introduces the setup using a VNC viewer application or a Web browser. 2.5.1.1 Preparing for VNC Installation All you need to do on the installation target to prepare for a VNC installation is to provide the appropriate boot options at the initial boot for installation (see Section 2.4.2, “Using Custom Boot Options” (page 66)).
On a Linux machine, make sure that the package tightvnc is installed. On a Windows machine, install the Windows port of this application, which can be obtained at the TightVNC home page (http://www.tightvnc.com/download.html). To connect to the installation program running on the target machine, proceed as follows: 1 Start the VNC viewer.
2.5.2.1 Preparing for SSH Installation Apart from installing the appropriate software package (OpenSSH for Linux and PuTTY for Windows), you just need to pass the appropriate boot options to enable SSH for installation. See Section 2.4.2, “Using Custom Boot Options” (page 66) for details. OpenSSH is installed by default on any SUSE Linux–based operating system. 2.5.2.2 Connecting to the Installation Program 1 Retrieve the installation target's IP address.
3 Advanced Disk Setup Sophisticated system configurations require specific disk setups. All common partitioning tasks can be done with YaST. To get persistent device naming with block devices, use the block devices below /dev/disk/by-id or /dev/disk/by-uuid. Logical Volume Management (LVM) is a disk partitioning scheme that is designed to be much more flexible than the physical partitioning used in standard setups. Its snapshot functionality enables easy creation of data backups.
Figure 3.1 The YaST Partitioner All existing or suggested partitions on all connected hard disks are displayed in the list of Available Storage in the YaST Expert Partitioner dialog. Entire hard disks are listed as devices without numbers, such as /dev/sda. Partitions are listed as parts of these devices, such as /dev/sda1. The size, type, encryption status, file system, and mount point of the hard disks and their partitions are also displayed.
3.1.1 Partition Types Every hard disk has a partition table with space for four entries. Every entry in the partition table corresponds to a primary partition or an extended partition. Only one extended partition entry is allowed, however. A primary partition simply consists of a continuous range of cylinders (physical disk areas) assigned to a particular operating system. With primary partitions you would be limited to four partitions per hard disk, because more do not fit in the partition table.
4 Specify additional file system options if your setup requires them. This is necessary, for example, if you need persistent device names. For details on the available options, refer to Section 3.1.3, “Editing a Partition” (page 76). 5 Click Finish to apply your partitioning setup and leave the partitioning module. If you created the partition during installation, you are returned to the installation overview screen. 3.1.
as the encryption takes some time to process. More information about the encryption of file systems is provided in Chapter 11, Encrypting Partitions and Files (↑Security Guide). Fstab Options Specify various parameters contained in the global file system administration file (/etc/fstab). The default settings should suffice for most setups. You can, for example, change the file system identification from the device name to a volume label. In the volume label, use all characters except / and space.
Create New Partition Table This option helps you create a new partition table on the selected device. WARNING: Creating a New Partition Table Creating a new partition table on a device irreversibly removes all the partitions and their data from that device. Clone This Disk This option helps you clone the device partition layout and its data to other available disk devices. 3.1.
3.1.6.1 Using swap Swap is used to extend the available physical memory. It is then possible to use more memory than physical RAM available. The memory management system of kernels before 2.4.10 needed swap as a safety measure. Then, if you did not have twice the size of your RAM in swap, the performance of the system suffered. These limitations no longer exist. Linux uses a page called “Least Recently Used” (LRU) to select pages that might be moved from memory to disk.
If your system is not out of control, but needs more swap after some time, it is possible to extend the swap space online. If you prepared a partition for swap space, just add this partition with YaST. If you do not have a partition available, you may also just use a swap file to extend the swap. Swap files are generally slower than partitions, but compared to physical ram, both are extremely slow so the actual difference is negligible. Procedure 3.
already exists on your system, it is automatically activated upon entering the initial LVM configuration of a session. In this case, all disks containing a partition (belonging to an activated volume group) cannot be repartitioned. The Linux kernel cannot reread the modified partition table of a hard disk when any partition on this disk is in use. However, if you already have a working LVM configuration on your system, physical repartitioning should not be necessary.
3.2.1 The Logical Volume Manager The LVM enables flexible distribution of hard disk space over several file systems. It was developed because sometimes the need to change the segmenting of hard disk space arises just after the initial partitioning has been done. Because it is difficult to modify partitions on a running system, LVM provides a virtual pool (volume group, VG for short) of memory space from which logical volumes (LVs) can be created as needed.
LVM features: • Several hard disks or partitions can be combined in a large logical volume. • Provided the configuration is suitable, an LV (such as /usr) can be enlarged if free space is exhausted. • With LVM, it is possible to add hard disks or LVs in a running system. However, this requires hot-swappable hardware. • It is possible to activate a "striping mode" that distributes the data stream of a LV over several PVs.
1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab. 3 Click Add and enter the desired size of the PV on this disk. 4 Use Do not format partition and change the File System ID to 0x8E Linux LVM. Do not mount this partition. 5 Repeat this procedure until you have defined all the desired physical volumes on the available disks. 3.2.2.1 Creating Volume Groups If no volume group exists on your system, you must add one (see Figure 3.3, “Creating a Volume Group” (page 85)).
Figure 3.3 Creating a Volume Group If you have multiple volume groups defined and want to add or remove PVs, select the volume group in the Volume Management list. Then change to the Overview tab and select Resize. In the following window, you can add or remove PVs to the selected volume group. 3.2.2.2 Configuring Logical Volumes After the volume group has been filled with PVs, define the LVs which the operating system should use in the next dialog.
Figure 3.4 Logical Volume Management Click Add and go through the wizard-like pop-up that opens: 1. Enter the name of the LV. For a partition that should be mounted to /home, a selfexplanatory name like HOME could be used. 2. Select the size and the number of stripes of the LV. If you have only one PV, selecting more than one stripe is not useful. 3. Choose the filesystem to use on the LV as well as the mount point.
If you have already configured LVM on your system, the existing logical volumes can also be used. Before continuing, assign appropriate mount points to these LVs. With Finish, return to the YaST Expert Partitioner and finish your work there. 3.3 Soft RAID Configuration The purpose of RAID (redundant array of independent disks) is to combine several hard disk partitions into one large virtual hard disk to optimize performance and/or data security.
faster in comparison to any one of the normal physical hard disks. The reason is that the duplicate data can be parallel-scanned. Generally it can be said that Level 1 provides nearly twice the read transfer rate of single disks and almost the same write transfer rate as single disks. RAID 2 and RAID 3 These are not typical RAID implementations. Level 2 stripes data at the bit level rather than the block level.
1 Select a hard disk from Hard Disks. 2 Change to the Partitions tab. 3 Click Add and enter the desired size of the raid partition on this disk. 4 Use Do not Format the Partition and change the File System ID to 0xFD Linux RAID. Do not mount this partition. 5 Repeat this procedure until you have defined all the desired physical volumes on the available disks. For RAID 0 and RAID 1, at least two partitions are needed—for RAID 1, usually exactly two and no more.
the partition remains unused. After assigning all partitions, click Next to select the available RAID Options. In this last step, set the file system to use as well as encryption and the mount point for the RAID volume. After completing the configuration with Finish, see the /dev/md0 device and others indicated with RAID in the expert partitioner. 3.3.2 Troubleshooting Check the file /proc/mdstat to find out whether a RAID partition has been damaged.
Part II.
4 Installing or Removing Software Use YaST's software management tool to search for software components you want to add or remove. YaST resolves all dependencies for you. To install packages not shipped with the installation media, add additional software repositories to your setup and let YaST manage them. Keep your system up-to-date by managing software updates with the update applet. Change the software collection of your system with YaST Software Manager.
cept or Apply respectively. YaST maintains a list with all actions, allowing you to review and modify your changes before applying them to the system. 4.1 Definition of Terms Repository A local or remote directory containing packages, plus additional information about these packages (package meta-data). (Repository) Alias A short name for a repository used by various zypper commands. The alias can be chosen by the user when adding a repository and must be unique.
deltarpm A deltarpm consists only of the binary diff between two defined versions of a package, and therefore has the smallest download size. Before being installed, the full RPM package is rebuilt on the local machine. Package Dependencies Certain packages are dependent on other packages, such as shared libraries. In other terms, a package may require other packages—if the required packages are not available, the package cannot be installed.
4.2.1 Views for Searching Packages or Patterns The YaST software manager can install packages or patterns from all currently enabled repositories. It offers different views and filters to make it easier to find the software you are searching for. The Search view is the default view of the window. To change view, click View and select one of the following entries from the drop-down list. The selected view opens in a new tab. Patterns Lists all patterns available for installation on your system.
TIP: Finding Packages Not Belonging to an Active Repository To list all packages that do not belong to an active repository, choose View > Repositories > @System and then choose Secondary Filter > Unmaintained Packages. This is useful, for example, if you have deleted a repository and would like to make sure no packages from that repository remain installed. 4.2.2 Installing and Removing Packages or Patterns Certain packages are dependent on other packages, such as shared libraries.
4 It is not possible to remove a pattern per se. Instead, select the packages of a pattern you want to remove and mark them for removal. 5 In order to select more packages, repeat the steps mentioned above. 6 Before applying your changes, you can review or modify them by clicking View > Installation Summary. By default, all packages that will change status, are listed.
• package vendor Which of the aspects has the highest importance for choosing the update candidates depends on the respective update option you choose. 1 To update all installed packages to the latest version, choose Package > All Packages > Update if Newer Version Available from the main menu. All repositories are checked for possible update candidates, using the following policy: YaST first tries to restrict the search to packages with the same architecture and vendor like the installed one.
2b On the right hand side of the window, click Switch system packages to the versions in this repository. This explicitly allows YaST to change the package vendor when replacing the packages. As soon as you proceed with Accept, all installed packages will be replaced by packages deriving from this repository, if available. This may lead to changes in vendor and architecture and even to downgrading some packages.
Manually perform a dependency check with Dependencies > Check Now. A consistency check is always performed when you confirm your selection with Accept. To review a package's dependencies, right-click it and choose Show Solver Information. A map showing the dependencies opens. Packages that are already installed are displayed in a green frame.
4.3 Using the GNOME Interface (GTK+) The YaST GTK+ interface is started by default when using the desktops GNOME and XFCE. Start the software manager from the YaST Control Center by clicking Software > Software Management. 4.3.1 Views for Searching Packages or Patterns The easiest way to find a package is to use the search field in the upper right corner of the software manager. Enter a search term and press Enter. By default it will search package names and summaries.
Groups The default view lists all packages sorted by groups such as Admin Tools, Graphics, Programming, or Security. RPM Groups Lists all packages sorted by functionality with groups and subgroups. For example Networking > Email > Clients. Repositories Filter to list packages by repository. In order to select more than one repository, hold the Ctrl key while clicking on repository names. The “pseudo repository” @System lists all packages currently installed.
one of the entries in the box at the lower left corner of the dialog. For details about a package, click the package in the list. Information like available versions, authors and changelog of the package are displayed in the lower right corner of the window. To mark a package for installation, re-installation, removal, or upgrade, right-click the package and choose the appropriate action from the menu.
NOTE: Installing Source Packages Installing source packages with YaST Software Manager is not possible at the moment. Use the command line tool zypper for this purpose. For more information, see Section 8.1.2.1, “Installing Source Packages” (page 134). 4.3.3 Updating Packages Instead of updating individual packages, you can also update all installed packages or all packages from a certain repository.
3b On the right hand side of the window, click Switch system packages to the versions in this repository. This explicitly allows YaST to change the package vendor when replacing the packages. All installed packages will be replaced by packages deriving from this repository, if available. This may lead to changes in vendor and architecture and even to downgrading some packages. 4 Before applying the changes, you can review or modify them by clicking View All Changes at the bottom of the dialog.
Manually perform a dependency check with Dependencies > Check Now. A consistency check is always performed when you confirm your selection with Apply. NOTE: Manually Solving Package Conflicts Unless you are very experienced, follow the suggestions YaST makes when handling package conflicts, otherwise you may not be able to resolve them. Keep in mind that every change you make, potentially triggers other conflicts, so you can easily end up with a steadily increasing number of conflicts.
To manage repositories, start YaST and select Software > Software Repositories. The Configured Software Repositories dialog opens. Here, you can also manage subscriptions to so-called Services by changing the View at the right corner of the dialog to All Services. A Service in this context is a Repository Index Service (RIS) that can offer one or more software repositories. Such a Service can be changed dynamically by its administrator or vendor.
4 When adding a repository from the network, enter the data you are prompted for. Continue with Next. 5 Depending on the repository you have added, you might be asked if you want to import the GPG key with which is signed or asked to agree to a license. After confirming these messages, YaST will download and parse the metadata and add the repository to the list of Configured Repositories.. 6 If needed, adjust the repository Properties as described in Section 4.4.
6 The new software repositories are now listed in the Configured Software Repositories overview. Click OK to leave the software repositories configuration. 4.4.2 Managing Repository Properties The Configured Software Repositories overview of the Software Repositories lets you change the following repository properties: Status The repository status can either be Enabled or Disabled. You can only install packages from repositories that are enabled. To turn a repository off temporarily click Disable.
IMPORTANT: Priority vs. Version The repository with the highest priority takes precedence in any case. Therefore, make sure that the update repository always has the highest priority (20 by default), otherwise you might install an outdated version that will not be updated until the next online update.
4.5.1 Using the KDE Software Updater The Software Updater icon resides in the system tray of your panel depicting a gearwheel with a green arrow. To start Software Updater manually, choose System Settings > SoftwareManagement > Software Updates from the main menu. Alternatively, press Alt + F2 and enter kpk_update. NOTE: Icon visibility The Software Updater icon is only visible in the system tray, if patches are available. Hover over the icon to see the number of patches available. 4.5.1.
Figure 4.3 KDE Software Updater The YaST Online Update offers advanced features to customize the patch installation. Please refer to Chapter 5, YaST Online Update (page 117) for more information. 4.5.1.2 Configuring the KDE Software Updater By default Software Updater checks for updates every 24 hours, notifies you when patches are available and does not automatically install patches. These settings can be changed with the Software Management settings.
4.5.2 Using the GNOME Update Applet The update applet resides in the notification area of the panel. Its icon changes depending on the availability and relevance of patches and the status of the update. To invoke the applet manually, choose Computer > More Applications > System > Software Update. NOTE: Icon visibility By default, the update applet icon is only visible in the notification area, if patches are available.
4 The Additional Confirmation Required window showing an installation summary opens. Click Continue to proceed. 5 Enter the root password in the authentication screen and proceed with Authenticate. Figure 4.4 GNOME Update Applet The YaST Online Update offers advanced features to customize the patch installation. Please refer to Chapter 5, YaST Online Update (page 117) for more information. 4.5.2.
Automatically Install Configure whether patches are installed automatically or not (default). Automatic installation can be chosen for either security patches only or for all patches. Check for Major Upgrades Choose how often a check for major upgrades is performed: Daily, Weekly, or Never. Check for updates when using mobile broadband This configuration option is only available on mobile computers. Turned off by default. More options are configurable using gconf-editor: apps > gnome-packagekit.
5 YaST Online Update openSUSE offers a continuous stream of software security updates for your product. By default, the update applet is used to keep your system up-to-date. Refer to Section 4.5, “Keeping the System Up-to-date” (page 111) for further information on the update applet. This chapter covers the alternative tool for updating software packages: YaST Online Update.
5.1 The Online Update Dialog The YaST Online Update dialog is available in two toolkit flavors: GTK (for GNOME) and Qt (for KDE). Both interfaces differ in look and feel but basically provide the same functions. The following sections provide a brief description of each. To open the dialog, start YaST and select Software > Online Update. Alternatively, start it from the command line with yast2 online_update. 5.1.1 KDE Interface (Qt) The Online Update window consists of four sections. Figure 5.
Needed Patches (default view) Non-installed patches that apply to packages installed on your system. Unneeded Patches Patches that either apply to packages not installed on your system, or patches that have requirements which have already have been fulfilled (because the relevant packages have already been updated from another source). All Patches All patches available for openSUSE. Each list entry in the Summary section consists of a symbol and the patch name.
Figure 5.2 YaST Online Update—GTK Interface The upper right section lists the available (or already installed) patches for openSUSE. To filter patches according to their security relevance, click the corresponding Priority entry in the upper right section of the window: Security, Recommended, Optional or Any priority. If all available patches are already installed, the Package listing in the upper right section will show no entries.
5.2 Installing Patches The YaST Online Update dialog allows you to either install all available patches at one go or to manually select the patches that you want to apply to your system. You may also revert patches that have been applied to the system. By default, all new patches (except the optional ones) that are currently available for your system are already marked for installation. They will be applied automatically once you click Accept or Apply. Procedure 5.
4 After the installation is complete, click Finish to leave the YaST Online Update. Your system is now up-to-date. TIP: Disabling deltarpms By default updates are downloaded as deltarpms. Since rebuilding rpm packages from deltarpms is a memory and CPU time consuming task, certain setups or hardware configurations might require you to disable the usage of deltarpms for performance sake. To disable the use of deltarpms edit the file /etc/zypp/zypp.conf and set download.use_deltarpm to false. 5.
IMPORTANT: Skipping Patches If you select to skip any packages that require interaction, run a manual Online Update from time to time in order to install those patches, too. Otherwise you might miss important patches. 6 Confirm your configuration with OK.
Installing Packages From the Internet 6 By default, it is only possible to install packages from configured and enabled repositories. Apart from the official repositories that are configured during the installation, numerous other repositories exist. The openSUSE® Build Service hosts several hundred ones and a lot of third party repositories exist, too—see http://en.opensuse .org/Additional_package_repositories.
Procedure 6.1 Installing Packages from the openSUSE Build Service via 1-Click Install 1 Start the openSUSE Build Service search interface at http://software .opensuse.org/search. 2 Select your system version from the drop-down menu, for example openSUSE 11.4. 3 Enter the name of the package you want to install, for example the OpenStreetMap editor josm. 4 To refine the search, adjust the Search Options according to your wishes. 5 Click Search.
During the installation several progress pop-ups appear that do not need any interaction. After reading the “Installation was successful” message, click Finish. TIP: Disabling 1-Click Install Feature If you want to disable the 1-Click install feature, uninstall the yast2-metapackage-handler package using YaST. Alternatively, enter the following command as root: rpm -e yast2-metapackage-handler 6.
4 Mark a package for installation by activating its checkbox. You can mark several packages at once. You can even start a new search for other packages without losing your current selection, which is always available on the All Selected Packages. Once you have finished the package selection, proceed with Next. The Additional Software Repositories dialog shows the repositories providing the packages you want to install. They are activated per default.
Installing Add-On Products 7 Add-on products are system extensions. You can install a third party add-on product or a special system extension of openSUSE® (for example, a CD with support for additional languages or a CD with binary drivers). To install a new add-on, start YaST and select Software > Add-On Products . You can select various types of product media, like CD, FTP, USB mass storage devices (such as USB flash drives or disks) or a local directory. You can work also directly with ISO files.
5 You can choose to Download Repository Description Files now. If the option is unchecked, YaST will automatically download the files later, if needed. Click Next to proceed. 6 When adding a repository from the network, enter the data you are prompted for. Continue with Next. 7 Depending on the repository you have added, you might be asked if you want to import the GPG key with which is signed or asked to agree to a license.
Managing Software with Command Line Tools 8 This chapter describes Zypper and RPM, two command line tools for managing software. For a definition of the terminology used in this context (for example, repository, patch, or update) refer to Section 4.1, “Definition of Terms” (page 94). 8.1 Using Zypper Zypper is a command line package manager for installing, updating and removing packages as well as for managing repositories.
zypper --non-interactive patch To use the options specific to a particular command, type them right after the command. For example, --auto-agree-with-licenses means applying all needed patches to the system without asking to confirm any licenses (they will automatically be accepted): zypper patch --auto-agree-with-licenses Some commands require one or more arguments.
by the exact package name (and version number) zypper install MozillaFirefox or zypper install MozillaFirefox-3.5.3 by repository alias and package name zypper install mozilla:MozillaFirefox Where mozilla is the alias of the repository from which to install. by package name using wildcards The following command will install all packages that have names starting with “Moz”. Use with care, especially when removing packages.
To remove emacs and install vim simultaneously, use: zypper remove emacs +vim To prevent the package name starting with the - being interpreted as a command option, always use it as the second argument.
Of course, this will only work if you have the repository with the source packages enabled in your repository list (it is added by default, but not enabled). See Section 8.1.4, “Managing Repositories with Zypper” (page 138) for details on repository management. A list of all source packages available in your repositories can be obtained with: zypper search -t srcpackage 8.1.2.
In this case, all patches available in your repositories are checked for relevance and installed, if necessary. The above command is all you must enter in order to apply them when needed. Zypper knows three different commands to query for the availability of patches: zypper patch-check Lists the number of needed patches (patches, that apply to your system but are not yet installed) ~ # zypper patch-check Loading repository data... Reading installed packages...
or zypper patch --cve=number For example, to install a security patch with the CVE number CVE-2010-2713, execute: zypper patch --cve=CVE-2010-2713 8.1.3.2 Installing Updates If a repository contains only new packages, but does not provide patches, zypper patch does not show any effect.
8.1.3.3 Upgrading to a New Product Version To easily upgrade your installation to a new product version (for example, from openSUSE 11.2 to openSUSE 11.3), first adjust your repositories to match the current openSUSE repositories. For details, refer to Section 8.1.4, “Managing Repositories with Zypper” (page 138). Then use the zypper dist-upgrade command with the required repositories. This command ensures that all packages will be installed from the repositories currently enabled.
Example 8.1 Zypper—List of Known Repositories # | Alias | Name | Enabled | Refresh --+-----------------------+-----------------------+---------+-------1 | Updates | Updates | Yes | Yes 2 | openSUSE 11.2-0 | openSUSE 11.2-0 | No | No 3 | openSUSE-11.2-Debug | openSUSE-11.2-Debug | No | Yes 4 | openSUSE-11.2-Non-Oss | openSUSE-11.2-Non-Oss | Yes | Yes 5 | openSUSE-11.2-Oss | openSUSE-11.2-Oss | Yes | Yes 6 | openSUSE-11.2-Source | openSUSE-11.
8.1.4.3 Modifying Repositories Enable or disable repositories with zypper modifyrepo. You can also alter the repository's properties (such as refreshing behavior, name or priority) with this command.
To search for packages which provide a special capability, use the command what-provides. For example, if you would like to know which package provides the perl module SVN::Core, use the following command: zypper what-provides 'perl(SVN::Core)' To query single packages, use info with an exact package name as an argument. It displays detailed information about a package.
8.1.8 For More Information For more information on managing software from the command line, enter zypper help, zypper help command or refer to the zypper(8) manpage. For a complete and detailed command reference, including cheat sheets with the most important commands, and information on how to use Zypper in scripts and applications, refer to http://en.opensuse.org/SDB:Zypper_usage. A list of software changes for the latest openSUSE version can be found at . [http://en.opensuse .
8.2.1 Verifying Package Authenticity RPM packages have a GnuPG signature. To verify the signature of an RPM package, use the command rpm --checksig package-1.2.3.rpm to determine whether the package originates from Novell/SUSE or from another trustworthy facility. This is especially recommended for update packages from the Internet. 8.2.2 Managing Packages: Install, Update, and Uninstall Normally, the installation of an RPM archive is quite simple: rpm -i package.rpm.
• .rpmnew files appear if the configuration file already exists and if the noreplace label was specified in the .spec file. Following an update, .rpmsave and .rpmnew files should be removed after comparing them, so they do not obstruct future updates. The .rpmorig extension is assigned if the file has not previously been recognized by the RPM database. Otherwise, .rpmsave is used. In other words, .rpmorig results from updating from a foreign format to RPM. .
rpm -q pine pine-4.44-188 Then check if the patch RPM is suitable for this version of pine: rpm -qp --basedon pine-4.44-224.i586.patch.rpm pine = 4.44-188 pine = 4.44-195 pine = 4.44-207 This patch is suitable for three different versions of pine. The installed version in the example is also listed, so the patch can be installed. Which files are replaced by the patch? The files affected by a patch can easily be seen in the patch RPM. The rpm parameter -P allows selection of special patch features.
rpm -q --basedon pine pine = 4.44-188 More information, including information about the patch feature of RPM, is available in the man pages of rpm and rpmbuild. NOTE: Official Updates for openSUSE In order to make the download size of updates as small as possible, official updates for openSUSE are not provided as Patch RPMs, but as Delta RPM packages. For details, see Section 8.2.4, “Delta RPM Packages” (page 146). 8.2.
See /usr/share/doc/packages/deltarpm/README for technical details. 8.2.5 RPM Queries With the -q option rpm initiates queries, making it possible to inspect an RPM archive (by adding the option -p) and also to query the RPM database of installed packages. Several switches are available to specify the type of information required. See Table 8.1, “The Most Important RPM Query Options” (page 147). Table 8.
Example 8.2 rpm -q -i wget Name : wget Relocations: (not relocatable) Version : 1.11.4 Vendor: openSUSE Release : 1.70 Build Date: Sat 01 Aug 2009 09:49:48 CEST Install Date: Thu 06 Aug 2009 14:53:24 CEST Build Host: build18 Group : Productivity/Networking/Web/Utilities Source RPM: wget-1.11.4-1.70.src.rpm Size : 1525431 License: GPL v3 or later Signature : RSA/8, Sat 01 Aug 2009 09:50:04 CEST, Key ID b88b2fd43dbdc284 Packager : http://bugs.opensuse.org URL : http://www.gnu.
that have been changed since installation. rpm uses eight character symbols to give some hints about the following changes: Table 8.2 RPM Verify Options 5 MD5 check sum S File size L Symbolic link T Modification time D Major and minor device numbers U Owner G Group M Mode (permissions and file type) In the case of configuration files, the letter c is printed. For example, for changes to /etc/wgetrc (wget package): rpm -V wget S.5....
8.2.6 Installing and Compiling Source Packages All source packages carry a .src.rpm extension (source RPM). NOTE: Installed Source Packages Source packages can be copied from the installation medium to the hard disk and unpacked with YaST. They are not, however, marked as installed ([i]) in the package manager. This is because the source packages are not entered in the RPM database. Only installed operating system software is listed in the RPM database.
WARNING Do not experiment with system components (glibc, rpm, sysvinit, etc.), because this endangers the stability of your system. The following example uses the wget.src.rpm package. After installing the source package, you should have files similar to those in the following list: /usr/src/packages/SOURCES/wget-1.11.4.tar.bz2 /usr/src/packages/SOURCES/wgetrc.patch /usr/src/packages/SPECS/wget.spec rpmbuild -bX /usr/src/packages/SPECS/wget.spec starts the compilation.
The binary RPM created can now be installed with rpm -i or, preferably, with rpm -U. Installation with rpm makes it appear in the RPM database. 8.2.7 Compiling RPM Packages with build The danger with many packages is that unwanted files are added to the running system during the build process. To prevent this use build, which creates a defined environment in which the package is built. To establish this chroot environment, the build script must be provided with a complete package tree.
Part III.
Managing Users with YaST 9 During installation, you chose a method for user authentication. This method is either local (via /etc/passwd) or, if a network connection is established, via NIS, LDAP, Kerberos or Samba (see Section 1.11, “Create New User” (page 21) . You can create or modify user accounts and change the authentication method with YaST at any time. Every user is assigned a system-wide user ID (UID).
Figure 9.1 YaST User and Group Administration Depending on the set of users you choose to view and modify with, the dialog (local users, network users, system users), the main window shows several tabs. These allow you to execute the following tasks: Managing User Accounts From the Users tab create, modify, delete or temporarily disable user accounts as described in Section 9.2, “Managing User Accounts” (page 157).
Assigning Users to Groups Learn how to change the group assignment for individual users in Section 9.5, “Assigning Users to Groups” (page 167). Managing Groups From the Groups tab, you can add, modify or delete existing groups. Refer to Section 9.6, “Managing Groups” (page 167) for information on how to do this.
In the following, learn how to set up default user accounts. For some further options, such as auto login, login without password, setting up encrypted home directories or managing quotas for users and groups, refer to Section 9.3, “Additional Options for User Accounts” (page 159). Procedure 9.1 Adding or Modifying User Accounts 1 Open the YaST User and Group Administration dialog and click the Users tab. 2 With Set Filter define the set of users you want to manage.
and to save the changes. A newly added user can now log in to the system using the login name and password you created. TIP: Matching User IDs For a new (local) user on a laptop which also needs to integrate into a network environment where this user already has a user ID, it is useful to match the (local) user ID to the ID in the network. This ensures that the file ownership of the files the user creates “offline” is the same as if he had created them directly on the network. Procedure 9.
ality can only be activated for one user at a time. Login without password allows all users to log in to the system after they have entered their username in the login manager. WARNING: Security Risk Enabling Auto Login or Passwordless Login on a machine that can be accessed by more than one person is a security risk. Without the need to authenticate, any user can gain access to your system and your data. If your system contains confidential data, do not use this functionality.
8 You can also specify a certain expiration date for a password. Enter the Expiration Date in YYYY-MM-DD format. 9 For more information about the options and about the default values, click Help. 10 Apply your changes with OK. 9.3.3 Managing Encrypted Home Directories To protect data in home directories against theft and hard disk removal, you can create encrypted home directories for users.
2 To encrypt the home directory of an existing user, select the user and click Edit. Otherwise, click Add to create a new user account and enter the appropriate user data on the first tab. 3 In the Details tab, activate Use Encrypted Home Directory. With Directory Size in MB, specify the size of the encrypted image file to be created for this user. 4 Apply your settings with OK. 5 Enter the user's current login password to proceed if YaST prompts for it.
Procedure 9.5 Modifying or Disabling Encrypted Home Directories Of course, you can also disable the encryption of a home directory or change the size of the image file at any time. 1 Open the YaST User and Group Administration dialog in the Users view. 2 Select a user from the list and click Edit. 3 If you want to disable the encryption, switch to the Details tab and disable Use Encrypted Home Directory.
file systems and restrict the amount of disk space that can be used and the number of inodes (index nodes) that can be created there. Inodes are data structures on a file system that store basic information about a regular file, directory, or other file system object. They store all attributes of a file system object (like user and group ownership, read, write, or execute permissions), except file name and contents. openSUSE allows usage of soft and hard quotas.
4 Below Size Limits, restrict the amount of disk space. Enter the number of 1 KB blocks the user or group may have on this partition. Specify a Soft Limit and a Hard Limit value. 5 Additionally, you can restrict the number of inodes the user or group may have on the partition. Below Inodes Limits, enter a Soft Limit and Hard Limit. 6 You can only define grace intervals if the user or group has already exceeded the soft limit specified for size or inodes.
exceeding their quota. With quota_nld, administrators can also forward kernel messages about exceeded quotas to D-BUS. For more information, refer to the repquota, the warnquota and the quota_nld man page. 9.4 Changing Default Settings for Local Users When creating new local users, several default settings are used by YaST. These include, for example, the primary group and the secondary groups the user belongs to, or the access permissions of the user's home directory.
9.5 Assigning Users to Groups Local users are assigned to several groups according to the default settings which you can access from the User and Group Administration dialog on the Defaults for New Users tab. In the following, learn how to modify an individual user's group assignment. If you need to change the default group assignments for new users, refer to Section 9.4, “Changing Default Settings for Local Users” (page 166). Procedure 9.
3 To create a new group, click Add. 4 To modify an existing group, select the group and click Edit. 5 In the following dialog, enter or change the data. The list on the right shows an overview of all available users and system users which can be members of the group. 6 To add existing users to a new group select them from the list of possible Group Members by checking the corresponding box. To remove them from the group just uncheck the box. 7 Click OK to apply your changes.
9.7 Changing the User Authentication Method When your machine is connected to a network, you can change the authentication method you set during installation. The following options are available: NIS Users are administered centrally on a NIS server for all systems in the network. For details, see Chapter 3, Using NIS (↑Security Guide). LDAP Users are administered centrally on an LDAP server for all systems in the network. For details about LDAP, see Chapter 4, LDAP—A Directory Service (↑Security Guide).
modules in YaST. For information about the configuration of the appropriate client, refer to the following sections: NIS: Section “Configuring NIS Clients” (Chapter 3, Using NIS, ↑Security Guide) LDAP: Section “Configuring an LDAP Client with YaST” (Chapter 4, LDAP—A Directory Service, ↑Security Guide) 4 After accepting the configuration, return to the User and Group Administration overview. 5 Click OK to close the administration dialog.
Changing Language and Country Settings with YaST 10 Working in different countries or having to work in a multilingual environment requires your computer to be set up to support this. openSUSE® can handle different locales in parallel. A locale is a set of parameters that defines the language and country settings reflected in the user interface. The main system language was selected during installation and keyboard and time zone settings were adjusted.
Changing the System Language Globally Proceed as described in Section 10.1.1, “Modifying System Languages with YaST” (page 172) and Section 10.1.2, “Switching the Default System Language” (page 174) to install additional localized packages with YaST and to set the default language. Changes are effective after relogin. To ensure that the entire system reflects the change, reboot the system or close and restart all running services, applications, and programs.
Before installing additional languages, determine which of them should be the default system language (primary language) after you have installed them. To access the YaST language module, start YaST and click System > Language. Alternatively, start the Languages dialog directly by running yast2 language as user root from a command line. Procedure 10.
2 To make a language the default language, set it as Primary Language. 3 Additionally, adapt the keyboard to the new primary language and adjust the time zone, if appropriate. TIP For advanced keyboard or time zone settings, select Hardware > Keyboard Layout or System > Date and Time in YaST to start the respective dialogs. For more information, refer to Section 10.2, “Changing the Country and Time Settings” (page 176). 4 To change language settings specific to the user root, click Details.
IMPORTANT: Deleting Former System Languages If you switch to a different primary language, the localized software packages for the former primary language will be removed from the system. If you want to switch the default system language but want to keep the former primary language as additional language, add it as Secondary Language by enabling the respective checkbox. 3 Adjust the keyboard and time zone options as desired. 4 Confirm your changes with OK.
10.2 Changing the Country and Time Settings Using the YaST date and time module, adjust your system date, clock and time zone information to the area you are working in. To access the YaST module, start YaST and click System > Date and Time. Alternatively, start the Clock and Time Zone dialog directly by running yast2 timezone & as user root from a command line. First, select a general region, such as Europe. Choose an appropriate country that matches the one you are working in, for example, Germany.
• If you only run Linux on your machine, set the hardware clock to UTC and have the switch form standard time to daylight saving time performed automatically. You can change the date and time manually or opt for synchronizing your machine against an NTP server, either permanently or just for adjusting your hardware clock. Procedure 10.2 Manually Adjusting Time and Date 1 In the YaST timezone module, click Change to set date and time. 2 Select Manually and enter date and time values.
4 Click Synchronize Now, to get your system time set correctly. 5 If you want to make use of NTP permanently, enable Save NTP Configuration. 6 With the Configure button, you can open the advanced NTP configuration. For details, see Section 27.1, “Configuring an NTP Client with YaST” (page 457). 7 Confirm your changes with Accept.
11 YaST in Text Mode This section is intended for system administrators and experts who do not run an X server on their systems and depend on the text-based installation tool. It provides basic information about starting and operating YaST in text mode. YaST in text mode uses the ncurses library to provide an easy pseudo-graphical user interface. The ncurses library is installed by default. The minimum supported size of the terminal emulator in which to run YaST is 80x25 characters. Figure 11.
provides an overview of the modules available in the active category. The bottom frame contains the buttons for Help and Quit. When you start the YaST Control Center, the category Software is selected automatically. Use ↓ and ↑ to change the category. To select a module from the category, activate the right frame with → and then use ↓ and ↑ to select the module. Keep the arrow keys pressed to scroll through the list of available modules. The selected module is highlighted.
Function Keys The F keys (F1 through F12) enable quick access to the various buttons. Available F key shortcuts are shown in the bottom line of the YaST screen. Which function keys are actually mapped to which buttons depend on the active YaST module, because the different modules offer different buttons (Details, Info, Add, Delete, etc.). Use F10 for Accept, OK, Next, and Finish. Press F1 to access the YaST help.
Replacing Alt with Esc Alt shortcuts can be executed with Esc instead of Alt. For example, Esc – H replaces Alt + H. (First press Esc, then press H.) Backward and Forward Navigation with Ctrl + F and Ctrl + B If the Alt and Shift combinations are occupied by the window manager or the terminal, use the combinations Ctrl + F (forward) and Ctrl + B (backward) instead. Restriction of Function Keys The F keys are also used for functions.
or yast --install package_name can be a single short package name, for example gvim, which is installed with dependency checking, or the full path to an rpm package, which is installed without dependency checking. If you need a command-line based software management utility with functionality beyond what YaST provides, consider using zypper. This new utility uses the same software management library that is also the foundation for the YaST package manager.
Setting Up Hardware Components with YaST 12 YaST allows you to configure hardware items at installation time as well as on an already-installed system. Configure audio hardware, printers or scanner support or learn which hardware components are connected to your computer by using the YaST Hardware Information module. TIP: Graphics card, monitor, mouse and keyboard settings Graphics card, monitor, mouse and keyboard can be configured with either KDE or GNOME tools. 12.
4 Click Close to leave the hardware information overview. 12.2 Setting Up Sound Cards YaST detects most sound cards automatically and configures them with the appropriate values. If you want to change the default settings, or need to set up a sound card that could not be configured automatically, use the YaST sound module. There, you can also set up additional sound cards or switch their order. To start the sound module, start YaST and click Hardware > Sound.
tation for the required information. During configuration, you can choose between various setup options: Quick Automatic Setup You are not required to go through any of the further configuration steps—the sound card is configured automatically. You can set the volume or any options you want to change later. Normal Setup Allows you to adjust the output volume and play a test sound during the configuration. Advanced setup with possibility to change options For experts only.
6 To remove a sound card configuration that you no longer need, select the respective entry and click Delete. 7 Click OK to save the changes and leave the YaST sound module. Procedure 12.2 Modifying Sound Card Configurations 1 To change the configuration of an individual sound card (for experts only!), select the sound card entry in the Sound Configuration dialog and click Edit. This takes you to the Sound Card Advanced Options where you can fine-tune a number of parameters.
The volume and configuration of all sound cards are saved when you click OK and leave the YaST sound module. The mixer settings are saved to the file /etc/asound .conf and the ALSA configuration data is appended to the end of the files /etc/ modprobe.d/sound and /etc/sysconfig/hardware. 12.3 Setting Up a Scanner You can configure a USB or SCSI scanner with YaST. The sane-backends package contains hardware drivers and other essentials needed to use a scanner.
If your USB device is not properly detected, or your HP All-In-One device is connected to the parallel port or the network, run the HP Device Manager: 1 Start YaST and select Hardware > Scanner. YaST loads the scanner database. 2 Start the HP Device Manager with Other > Run hp-setup and follow the on-screen instructions. After having finished the HP Device Manager, the YaST scanner module automatically restarts the auto detection. 3 Test it by choosing Other > Test. 4 Leave the configuration screen with OK.
4 Leave with OK. The network scanner is now listed in the Scanner Configuration window and is ready to use.
13 Printer Operation openSUSE® supports printing with many types of printers, including remote network printers. Printers can be configured manually or with YaST. For configuration instructions, refer to Section 13.4, “Setting Up a Printer” (page 196). Both graphical and command line utilities are available for starting and managing print jobs. If your printer does not work as expected, refer to Section 13.8, “Troubleshooting” (page 207).
to address some special printer functions. Except for HP developing HPLIP (HP Linux Imaging and Printing), there are currently no printer manufacturers who develop Linux drivers and make them available to Linux distributors under an open source license. Proprietary Printers (Also Called GDI Printers) These printers do not support any of the common printer languages. They use their own undocumented printer languages, which are subject to change when a new edition of a model is released.
At least one dedicated printer queue exists for every printer. The spooler holds the print job in the queue until the desired printer is ready to receive data. When the printer is ready, the spooler sends the data through the filter and back-end to the printer. The filter converts the data generated by the application that is printing (usually PostScript or PDF, but also ASCII, JPEG, etc.) into printer-specific data (PostScript, PCL, ESC/P, etc.). The features of the printer are described in the PPD files.
13.3 Installing the Software PPD (PostScript printer description) is the computer language that describes the properties, like resolution, and options, such as the availability of a duplex unit. These descriptions are required for using various printer options in CUPS. Without a PPD file, the print data would be forwarded to the printer in a “raw” state, which is usually not desired. During the installation of openSUSE, many PPD files are preinstalled.
13.4.1 Configuring Local Printers Usually a local USB printer is automatically detected. There are two possible reasons why a USB printer is not automatically detected: • The USB printer is switched off. • The communication between printer and computer is not possible. Check the cable and the plugs to make sure that the printer is properly connected. If this is the case, the problem may not be printer-related, but rather a USB related problem. Configuring a printer is basically a three-step process.
2 Click Add in the Printer Configurations screen 3 If your printer is already listed under Specify the Connection, proceed with the next step. Otherwise, try to Detect More or start the Connection Wizard. 4 Enter the vendor name and the model name into the input box under Find and Assign a Driver and click Search for. 5 Choose the driver marked as recommended that best matches your printer.
Procedure 13.2 Adding a PPD file 1 Start the YaST printer module with Hardware > Printer 2 Click Add in the Printer Configurations screen 3 Click Driver Packages in the Find and Assign a Driver section 4 Enter the full path to the PPD file into the input box under Make a Printer Description File Available or choose the file from a dialog box by clicking on Browse 5 Click OK to return to the Add New Printer Configuration screen. 6 In order to directly use this PPD file, proceed as described in Procedure 13.
13.4.2 Configuring Printing via the Network with YaST Network printers are not detected automatically. They must be configured manually using the YaST printer module. Depending on your network setup, you can print to a print server (CUPS, LPD, SMB, or IPX) or directly to a network printer (preferably via TCP). Access the configuration view for network printing by choosing Printing via Network from the left pane in the YaST printer module. 13.4.2.
4 Specify which servers to use under General Settings. You may accept connections from all networks available, from the local network, or from specific hosts. If you choose the latter option, you need to specify the hostnames or IP addresses, as well. 5 Confirm by clicking OK and then Yes when asked to start a local CUPS server. After the server has started you will return to the Printer Configurations screen. Click Refresh list to see the printers detected by now.
• Add the network interface to be used by the CUPS server. If you want to share your printers via specified network interfaces, add those in the input box below. • In case you like to restrict access to your CUPS server to certain networks or IP addresses, specify these via the two input boxes. 4 Click OK to restart the CUPS server and return to the Printer Configurations screen. 5 Regarding CUPS and firewall settings, see http://en.opensuse.org/SDB: CUPS_and_SANE_Firewall_settings. 13.
number for an LPD service is 515. An example device URI is lpd://192.168.2.202/LPT1. IPP (Internet Printing Protocol) IPP is a relatively new protocol (1999) based on the HTTP protocol. With IPP, more job-related data is transmitted than with the other protocols. CUPS uses IPP for internal data transmission. The name of the print queue is necessary to configure IPP correctly. The port number for IPP is 631. Example device URIs are ipp://192.168.2.202/ps and ipp://192.168.2.202/printers/ps.
lpadmin -p queue -v device-URI -P PPD-file -E Then the device (-v) is available as queue (-p), using the specified PPD file (-P). This means that you must know the PPD file and the device URI to configure the printer manually. Do not use -E as the first option. For all CUPS commands, -E as the first argument sets use of an encrypted connection. To enable the printer, -E must be used as shown in the following example: lpadmin -p ps -v parallel:/dev/lp0 -P \ /usr/share/cups/model/Postscript.ppd.
13.6 Printing from the Command Line To print from the command line, enter lp -d queuename filename, substituting the corresponding names for queuename and filename. Some applications rely on the lp command for printing. In this case, enter the correct command in the application's print dialog, usually without specifying filename, for example, lp -d queuename. 13.7 Special Features in openSUSE A number of CUPS features have been adapted for openSUSE. Some of the most important changes are covered here. 13.
unless you take care that it is protected by special firewall rules and secure settings in the CUPS configuration. 13.7.2 PPD Files in Various Packages The YaST printer configuration sets up the queues for CUPS using the PPD files installed in /usr/share/cups/model. To find the suitable PPD files for the printer model, YaST compares the vendor and model determined during hardware detection with the vendors and models in all PPD files.
YaST generally prefers a manufacturer-PPD file. However, when no suitable manufacturer-PPD file exists, a Foomatic PPD file with the entry *NickName: ... Foomatic ... (recommended) is selected. 13.7.2.3 Gutenprint PPD Files in the gutenprint Package Instead of foomatic-rip, the CUPS filter rastertogutenprint from Gutenprint (formerly known as GIMP-Print) can be used for many non-PostScript printers. This filter and suitable Gutenprint PPD files are available in the gutenprint package.
13.8.1 Printers without Standard Printer Language Support These printers do not support any common printer language and can only be addressed with special proprietary control sequences. Therefore they can only work with the operating system versions for which the manufacturer delivers a driver. GDI is a programming interface developed by Microsoft* for graphics devices.
printer manufacturer or download a suitable PPD file from the Web page of the printer manufacturer. If the PPD file is provided as a zip archive (.zip) or a self-extracting zip archive (.exe), unpack it with unzip. First, review the license terms of the PPD file. Then use the cupstestppd utility to check if the PPD file complies with “Adobe PostScript Printer Description File Format Specification, version 4.3.
Example 13.1 /etc/modprobe.conf: Interrupt Mode for the First Parallel Port alias parport_lowlevel parport_pc options parport_pc io=0x378 irq=7 13.8.4 Network Printer Connections Identifying Network Problems Connect the printer directly to the computer. For test purposes, configure the printer as a local printer. If this works, the problems are related to the network. Checking the TCP/IP Network The TCP/IP network and name resolution must be functional.
Checking a Remote cupsd A CUPS network server can broadcast its queues by default every 30 seconds on UDP port 631. Accordingly, the following command can be used to test whether there is a broadcasting CUPS network server in the network. Make sure to stop your local CUPS daemon before executing the command. netcat -u -l -p 631 & PID=$! ; sleep 40 ; kill $PID If a broadcasting CUPS network server exists, the output appears as shown in Example 13.3, “Broadcast from the CUPS Network Server” (page 211).
to the print server box and turned on, this TCP port can usually be determined with the nmap utility from the nmap package some time after the print server box is powered up. For example, nmap IP-address may deliver the following output for a print server box: Port 23/tcp 80/tcp 515/tcp 631/tcp 9100/tcp State open open open open open Service telnet http printer cups jetdirect This output indicates that the printer connected to the print server box can be addressed via TCP socket on port 9100.
back-end determines how many unsuccessful attempts are appropriate until the data transfer is reported as impossible. As further attempts would be in vain, cupsd disables printing for the respective queue. After eliminating the cause of the problem, the system administrator must reenable printing with the command cupsenable. 13.8.
1 To stop printing, remove all paper from ink jet printers or open the paper trays of laser printers. High-quality printers have a button for canceling the current printout. 2 The print job may still be in the queue, because jobs are only removed after they are sent completely to the printer. Use lpstat -o or lpstat -h cups.example.com -o to check which queue is currently printing. Delete the print job with cancel queue-jobnumber or cancel -h cups.example.com queue-jobnumber.
13.8.10 For More Information Solutions to many specific problems are presented in the SUSE Support Database (http://en.opensuse.org/Portal:Support_database). Locate the relevant articles with a text search for SDB:CUPS.
Installing and Configuring Fonts for the Graphical User Interface 14 The installation of additional fonts in openSUSE® is very easy. Simply copy the fonts to any directory located in the X11 font path . To the enable use of the fonts, the installation directory should be a subdirectory of the directories configured in /etc/fonts/ fonts.conf or included into this file with /etc/fonts/suse-font-dirs .conf. The following is an excerpt from /etc/fonts/fonts.conf.
14.1 Adding Fonts To install additional fonts systemwide, manually copy the font files to a suitable directory (as root), such as /usr/share/fonts/truetype. Alternatively, the task can be performed with the KDE font installer in the KDE Personal Settings. The result is the same. Instead of copying the actual fonts, you can also create symbolic links. For example, you may want to do this if you have licensed fonts on a mounted Windows partition and want to use them.
Upgrading the System and System Changes 15 You can upgrade an existing system without completely reinstalling it. There are two types of renewing the system or parts of it: updating individual software packages and upgrading the entire system. Updating individual packages is covered in Chapter 4, Installing or Removing Software (page 93) and Chapter 5, YaST Online Update (page 117). Two ways to upgrade the system are discussed in the following sections— see Section 15.1.
to write the user data in /home (the HOME directories) to a backup medium. Back up this data as root. Only root has read permission for all local files. Before starting your update, make note of the root partition. The command df / lists the device name of the root partition. In Example 15.1, “List with df -h” (page 220), the root partition to write down is /dev/sda3 (mounted as /). Example 15.1 List with df -h Filesystem /dev/sda3 udev /dev/sda5 /dev/sda1 /dev/sda2 Size 74G 252M 116G 39G 4.
15.1.3 Upgrading with YaST Following the preparation procedure outlined in Section 15.1.1, “Preparations” (page 219), you can now upgrade your system: 1 Boot the system as for the installation, described in Section 1.4, “System Start-Up for Installation” (page 9). In YaST, choose a language and select Update in the Installation Mode dialog. Do not select New Installation. Also add repositories to make sure to get all available software updated whenever possible.
You also have the possibility to make backups of various system components. Selecting backups slows down the upgrade process. Use this option if you do not have a recent system backup. 6 Confirm the upgrade by clicking Start Update. Once the basic upgrade installation is finished, YaST reboots the system. Finally, YaST updates the remaining software, if any and displays the release notes, if wanted. 15.1.
15.1.4.2 The Upgrade Procedure WARNING: Check Your System Backup Before actually starting the upgrade procedure, check that your system backup is up-to-date and restorable. This is especially important because you must enter many of the following steps manually. 1 Run the online update to make sure the software management stack is up-to-date. For more information, see Chapter 5, YaST Online Update (page 117). 2 Configure the repositories you want to use as an update source. Getting this right is essential.
2b Disable third party repositories or other openSUSE Build Service repositories, because zypper dup is guaranteed to work with the default repositories only (replace repo-alias with the name of the repository you want to disable): zypper mr -d repo-alias Alternatively, you can lower the priority of these repositories.
15.1.5 Updating Individual Packages Regardless of your overall updated environment, you can always update individual packages. From this point on, however, it is your responsibility to ensure that your system remains consistent. Use the YaST software management tool to update packages as described in Chapter 4, Installing or Removing Software (page 93). Select components from the YaST package selection list according to your needs.
Part IV.
32-Bit and 64-Bit Applications in a 64-Bit System Environment 16 openSUSE® is available for 64-bit platforms. This does not necessarily mean that all the applications included have already been ported to 64-bit platforms. openSUSE supports the use of 32-bit applications in a 64-bit system environment. This chapter offers a brief overview of how this support is implemented on 64-bit openSUSE platforms.
An exception to this rule is PAM (pluggable authentication modules). openSUSE uses PAM in the authentication process as a layer that mediates between user and application. On a 64-bit operating system that also runs 32-bit applications it is necessary to always install both versions of a PAM module. To be executed correctly, every application requires a range of libraries. Unfortunately, the names for the 32-bit and 64-bit versions of these libraries are identical.
16.3 Software Compilation on Biarch Platforms To develop binaries for the other architecture on a biarch architecture, the respective libraries for the second architecture must additionally be installed. These packages are called rpmname-32bit. You also need the respective headers and libraries from the rpmname-devel packages and the development libraries for the second architecture from rpmname-devel-32bit. Most open source programs use an autoconf-based program configuration.
Not all of these variables are needed for every program. Adapt them to the respective program. CC="gcc -m32" LDFLAGS="-L/usr/lib;" ./configure --prefix=/usr --libdir=/usr/lib --x-libraries=/usr/lib make make install 16.4 Kernel Specifications The 64-bit kernels for x86_64 offer both a 64-bit and a 32-bit kernel ABI (application binary interface). The latter is identical with the ABI for the corresponding 32-bit kernel.
Booting and Configuring a Linux System 17 Booting a Linux system involves different components. The hardware itself is initialized by the BIOS, which starts the Kernel by means of a boot loader. After this point, the boot process with init and the runlevels is completely controlled by the operating system. The runlevel concept enables you to maintain setups for everyday usage as well as to perform maintenance tasks on the system. 17.
tual operating system, in this case, the Linux Kernel. More information about GRUB, the Linux boot loader, can be found in Chapter 18, The Boot Loader GRUB (page 249). 3. Kernel and initramfs To pass system control, the boot loader loads both the Kernel and an initial RAM–based file system (initramfs) into memory. The contents of the initramfs can be used by the Kernel directly. initramfs contains a small executable called init that handles the mounting of the real root file system.
loaded, udev provides the initramfs with the needed devices. Later in the boot process, after changing the root file system, it is necessary to regenerate the devices. This is done by boot.udev with the command udevtrigger. If you need to change hardware (for example, hard disks) in an installed system and this hardware requires different drivers to be present in the Kernel at boot time, you must update initramfs. This is done in the same way as with its predecessor, initrd—by calling mkinitrd.
Providing Block Special Files For each loaded module, the Kernel generates device events. udev handles these events and generates the required block special files on a RAM file system in /dev. Without those special files, the file system and other devices would not be accessible. Managing RAID and LVM Setups If you configured your system to hold the root file system under RAID or LVM, init sets up LVM or RAID to enable access to the root file system later.
Loading the Installation System or Rescue System As soon as the hardware is properly recognized, the appropriate drivers are loaded, and udev creates the special device files, init starts the installation system with the actual YaST installer, or the rescue system. Starting YaST Finally, init starts YaST, which starts package installation and system configuration. 17.2 The init Process The program init is the process with process ID 1. It is responsible for initializing the system in the required way.
evaluated by the Kernel itself are passed to init. To boot into runlevel 3, just add the single number 3 to the boot prompt. Table 17.1 Available Runlevels Runlevel Description 0 System halt S or 1 Single user mode 2 Local multiuser mode without remote network (NFS, etc.) 3 Full multiuser mode with network 4 User Defined, this is not used unless the administrator configures this runlevel.
telinit 3 All essential programs and services (including network) are started and regular users are allowed to log in and work with the system without a graphical environment. telinit 5 The graphical environment is enabled. Usually a display manager like XDM, GDM or KDM is started. If autologin is enabled, the local user is logged in to the preselected window manager (GNOME or KDE or any other window manager). telinit 0 or shutdown -h now The system halts.
3. Now rc calls the stop scripts of the current runlevel for which there is no start script in the new runlevel. In this example, these are all the scripts that reside in /etc/ init.d/rc3.d (the old runlevel was 3) and start with a K. The number following K specifies the order to run the scripts with the stop parameter, because there are some dependencies to consider. 4. The last things to start are the start scripts of the new runlevel. In this example, these are in /etc/init.d/rc5.d and begin with an S.
Table 17.2 Possible init Script Options Option Description start Start service. stop Stop service. restart If the service is running, stop it then restart it. If it is not running, start it. reload Reload the configuration without stopping and restarting the service. force-reload Reload the configuration if the service supports this. Otherwise, do the same as if restart had been given. status Show the current status of service.
The blogd daemon is a service started by boot and rc before any other one. It is stopped after the actions triggered by these scripts (running a number of subscripts, for example, making block special files available) are completed. blogd writes any screen output to the log file /var/log/boot.msg, but only if and when /var is mounted read-write. Otherwise, blogd buffers all screen data until /var becomes available. Get further information about blogd on the blogd(8) man page.
Find useful information about init scripts in Section 17.2.1, “Runlevels” (page 237). To create a custom init script for a given program or service, use the file /etc/init .d/skeleton as a template. Save a copy of this file under the new name and edit the relevant program and filenames, paths and other details as needed. You may also need to enhance the script with your own parts, so the correct actions are triggered by the init procedure.
If a script already present in /etc/init.d/ should be integrated into the existing runlevel scheme, create the links in the runlevel directories right away with insserv or by enabling the corresponding service in the runlevel editor of YaST. Your changes are applied during the next reboot—the new service is started automatically. Do not set these links manually. If something is wrong in the INFO block, problems will arise when insserv is run later for some other service.
WARNING: Faulty Runlevel Settings May Damage Your System Faulty runlevel settings may make your system unusable. Before applying your changes, make absolutely sure that you know their consequences. Figure 17.1 System Services (Runlevel) With Start, Stop, or Refresh, decide whether a service should be activated. Refresh status checks the current status. Set or Reset lets you select whether to apply your changes to the system or to restore the settings that existed before starting the runlevel editor.
to which they are relevant. This ensures that network settings, for example, only need to be parsed by network-related scripts. There are two ways to edit the system configuration. Either use the YaST sysconfig Editor or edit the configuration files manually. 17.3.1 Changing the System Configuration Using the YaST sysconfig Editor The YaST sysconfig editor provides an easy-to-use front-end for system configuration.
Figure 17.2 System Configuration Using the sysconfig Editor The YaST sysconfig dialog is split into three parts. The left part of the dialog shows a tree view of all configurable variables. When you select a variable, the right part displays both the current selection and the current setting of this variable. Below, a third window displays a short description of the variable's purpose, possible values, the default value and the actual configuration file from which this variable originates.
17.3.2 Changing the System Configuration Manually To manually change the system configuration, proceed as follows 1 Become root. 2 Bring the system into single user mode (runlevel 1) with telinit 1. 3 Change the configuration files as needed with an editor of your choice. If you do not use YaST to change the configuration files in /etc/sysconfig, make sure that empty variable values are represented by two quotation marks (KEYTABLE="") and that values with blanks in them are enclosed in quotation marks.
18 The Boot Loader GRUB This chapter describes how to configure GRUB (Grand Unified Bootloader), the boot loader used in openSUSE®. A special YaST module is available for configuring all settings. If you are not familiar with the subject of booting in Linux, read the following sections to acquire some background information. This chapter also describes some of the problems frequently encountered when booting with GRUB and their solutions.
Boot Sectors Boot sectors are the first sectors of hard disk partitions with the exception of the extended partition, which merely serves as a “container” for other partitions. These boot sectors have 512 bytes of space for code used to boot an operating system installed in the respective partition. This applies to boot sectors of formatted DOS, Windows, and OS/2 partitions, which also contain some basic important data of the file system.
the user for how to proceed. For details, see Section 18.1.1.3, “Editing Menu Entries during the Boot Procedure” (page 256). /boot/grub/device.map This file translates device names from the GRUB and BIOS notation to Linux device names. /etc/grub.conf This file contains the commands, parameters and options the GRUB shell needs for installing the boot loader correctly.
18.1.1 The File /boot/grub/menu.lst The graphical splash screen with the boot menu is based on the GRUB configuration file /boot/grub/menu.lst, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB loads the menu file from the file system. For this reason, GRUB does not need to be reinstalled after every change to the file. Use the YaST boot loader to modify the GRUB configuration as described in Section 18.
The command root simplifies the specification of kernel and initrd files. The only argument of root is a device or a partition. This device is used for all kernel, initrd, or other file paths for which no device is explicitly specified until the next root command. The boot command is implied at the end of every menu entry, so it does not need to be written into the menu file. However, if you use GRUB interactively for booting, you must enter the boot command at the end. The command itself has no arguments.
Unfortunately, it is often not possible to map the Linux device names to BIOS device names exactly. It generates this mapping with the help of an algorithm and saves it to the file device.map, which can be edited if necessary. Information about the file device.map is available in Section 18.1.2, “The File device.map” (page 257). A complete GRUB path consists of a device name written in parentheses and the path to the file in the file system in the specified partition. The path begins with a slash.
gfxmenu (hd0,4)/message The background image message is located in the top directory of the /dev/ sda5 partition. color white/blue black/light-gray Color scheme: white (foreground), blue (background), black (selection) and light gray (background of the selection). The color scheme has no effect on the splash screen, only on the customizable GRUB menu that you can access by exiting the splash screen with Esc. default 0 The first menu entry title linux is the one to boot by default.
GRUB. See Section 18.1.1.3, “Editing Menu Entries during the Boot Procedure” (page 256). 18.1.1.3 Editing Menu Entries during the Boot Procedure In the graphical boot menu, select the operating system to boot with the arrow keys. If you select a Linux system, you can enter additional boot parameters at the boot prompt. To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB text-based menu then press E.
18.1.2 The File device.map The file device.map maps GRUB and BIOS device names to Linux device names. In a mixed system containing PATA (IDE) and SCSI hard disks, GRUB must try to determine the boot sequence by a special procedure, because GRUB may not have access to the BIOS information on the boot sequence. GRUB saves the result of this analysis in the file /boot/grub/device.map. Example device.
This command tells GRUB to automatically install the boot loader to the second partition on the first hard disk (hd0,1) using the boot images located on the same partition. The --stage2=/boot/grub/stage2 parameter is needed to install the stage2 image from a mounted file system. Some BIOSes have a faulty LBA support implementation, --force-lba provides a solution to ignore them. 18.1.
640x480 800x600 1024x768 1280x1024 1600x1200 15bit 0x310 0x313 0x316 0x319 0x31D 16bit 0x311 0x314 0x317 0x31A 0x31E 24bit 0x312 0x315 0x318 0x31B 0x31F DEFAULT_APPEND / FAILSAFE_APPEND / XEN_KERNEL_APPEND Kernel parameters (other than vga) that are automatically appended to the default, failsafe and XEN boot entries in the bootloader configuration file.
gfxmenu (hd0,4)/message color white/blue black/light-gray default 0 timeout 8 password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/ Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu. 3 To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password.
Figure 18.1 Boot Loader Settings Use the Section Management tab to edit, change and delete boot loader sections for the individual operating systems. To add an option, click Add. To change the value of an existing option, select it with the mouse and click Edit. To remove an existing entry, select it and click Delete. If you are not familiar with boot loader options, read Section 18.1, “Booting with GRUB” (page 250) first.
18.2.1 Adjusting the Default Boot Entry To change the system that is booted by default, proceed as follows: Procedure 18.1 Setting the Default System 1 Open the Section Management tab. 2 Select the desired entry from the list. 3 Click Set as Default. 4 Click OK to activate these changes. 18.2.2 Modifying the Boot Loader Location To modify the location of the boot loader, follow these steps: Procedure 18.
2 Click OK to apply your changes. 18.2.3 Changing the Boot Loader Time-Out The boot loader does not boot the default system immediately. During the time-out, you can select the system to boot or write some kernel parameters. To set the boot loader time-out, proceed as follows: Procedure 18.3 Changing the Boot Loader Time-Out 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Options.
18.2.5 Adjusting the Disk Order If your computer has more than one hard disk, you can specify the boot sequence of the disks to match the BIOS setup of the machine (see Section 18.1.2, “The File device.map” (page 257)). To do so, proceed as follows: Procedure 18.5 Setting the Disk Order 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Installation Details. 3 If more than one disk is listed, select a disk and click Up or Down to reorder the displayed disks.
Enable Acoustic Signals Enables or disables acoustic signals in GRUB. Graphical Menu File Path to the graphics file used when displaying the boot screen. Use Serial Console If your machine is controlled via a serial console, activate this option and specify which COM port to use at which speed. See info grub or http://www.gnu .org/software/grub/manual/grub.html#Serial-terminal 18.2.7 Changing Boot Loader Type Set the boot loader type in Boot Loader Installation. The default boot loader in openSUSE is GRUB.
Read Configuration Saved on Disk Load your own /etc/lilo.conf. This action is not available during the installation of openSUSE. 4 Click OK two times to save the changes. During the conversion, the old GRUB configuration is saved to the disk. To use it, simply change the boot loader type back to GRUB and choose Restore Configuration Saved before Conversion. This action is available only on an installed system.
Procedure 18.7 Creating Boot CDs 1 Change into a directory in which to create the ISO image, for example: cd /tmp 2 Create a subdirectory for GRUB and change into the newly created iso directory: mkdir -p iso/boot/grub && cd iso 3 Copy the kernel, the files stage2_eltorito, initrd, menu.lst and message to iso/boot/: cp cp cp cp cp /boot/vmlinuz boot/ /boot/initrd boot/ /boot/message boot/ /usr/lib/grub/stage2_eltorito boot/grub /boot/grub/menu.
18.5 The Graphical SUSE Screen The graphical SUSE screen is displayed on the first console if the option vga=value is used as a kernel parameter. If you install using YaST, this option is automatically activated in accordance with the selected resolution and the graphics card. There are three ways to disable the SUSE screen, if desired: Disabling the SUSE Screen When Necessary Enter the command echo 0 >/proc/splash on the command line to disable the graphical screen.
GRUB and XFS XFS leaves no room for stage1 in the partition boot block. Therefore, do not specify an XFS partition as the location of the boot loader. This problem can be solved by creating a separate boot partition that is not formatted with XFS. GRUB Reports GRUB Geom Error GRUB checks the geometry of connected hard disks when the system is booted. Sometimes, the BIOS returns inconsistent information and GRUB reports a GRUB Geom Error. In this case, update the BIOS.
the logic within the GRUB menu file. Therefore, the second hard disk must be specified for chainloader. 18.7 For More Information Extensive information about GRUB is available at http://www.gnu.org/ software/grub/. Also refer to the grub info page. You can also search for the keyword “GRUB” in the Support Database at http://en.opensuse.org/ Portal:Support_database to get information about special issues.
19 Special System Features This chapter starts with information about various software packages, the virtual consoles and the keyboard layout. We talk about software components like bash, cron and logrotate, because they were changed or enhanced during the last release cycles. Even if they are small or considered of minor importance, users may want to change their default behavior, because these components are often closely coupled with the system.
1. /etc/profile 2. ~/.profile 3. /etc/bash.bashrc 4. ~/.bashrc Make custom settings in ~/.profile or ~/.bashrc. To ensure the correct processing of these files, it is necessary to copy the basic settings from /etc/skel/ .profile or /etc/skel/.bashrc into the home directory of the user. It is recommended to copy the settings from /etc/skel after an update. Execute the following shell commands to prevent the loss of personal adjustments: mv cp mv cp ~/.bashrc ~/.bashrc.old /etc/skel/.bashrc ~/.bashrc ~/.
A number of packages install shell scripts to the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, whose execution is controlled by /usr/lib/cron/run-crons. /usr/lib/cron/run -crons is run every 15 minutes from the main table (/etc/crontab). This guarantees that processes that may have been neglected can be run at the proper time.
Configure logrotate with the file /etc/logrotate.conf. In particular, the include specification primarily configures the additional files to read. Programs that produce log files install individual configuration files in /etc/logrotate.d. For example, such files ship with the packages, e.g. apache2 (/etc/logrotate.d/ apache2) and syslogd (/etc/logrotate.d/syslog). Example 19.3 Example for /etc/logrotate.
19.1.4 The locate Command locate, a command for quickly finding files, is not included in the standard scope of installed software. If desired, install the package findutils-locate. The updatedb process is started automatically every night or about 15 minutes after booting the system. 19.1.5 The ulimit Command With the ulimit (user limits) command, it is possible to set limits for the use of system resources and to have these displayed.
Example 19.4 ulimit: Settings in ~/.bashrc # Limits maximum resident set size (physical memory): ulimit -m 98304 # Limits of virtual memory: ulimit -v 98304 Memory allocations must be specified in KB. For more detailed information, see man bash. IMPORTANT Not all shells support ulimit directives. PAM (for instance, pam_limits) offers comprehensive adjustment possibilities if you depend on encompassing settings for these restrictions. 19.1.
19.1.7 Man Pages and Info Pages For some GNU applications (such as tar), the man pages are no longer maintained. For these commands, use the --help option to get a quick overview of the info pages, which provide more in-depth instructions. Info is GNU's hypertext system. Read an introduction to this system by entering info info. Info pages can be viewed with Emacs by entering emacs -f info or directly in a console with info. You can also use tkinfo, xinfo or the help system to view info pages. 19.1.
.gnu-emacs defines the file ~/.gnu-emacs-custom as custom-file. If users make settings with the customize options in Emacs, the settings are saved to ~/ .gnu-emacs-custom. With openSUSE, the emacs package installs the file site-start.el in the directory /usr/share/emacs/site-lisp. The file site-start.el is loaded before the initialization file ~/.emacs. Among other things, site-start.el ensures that special configuration files distributed with Emacs add-on packages, such as psgml, are loaded automatically.
is reserved for X and the tenth console shows kernel messages. More or fewer consoles can be assigned by modifying the file /etc/inittab. To switch to a console from X without shutting it down, use Ctrl + Alt + F1 to Ctrl + Alt + F6. To return to X, press Alt + F7. 19.3 Keyboard Mapping To standardize the keyboard mapping of programs, changes were made to the following files: /etc/inputrc /etc/X11/Xmodmap /etc/skel/.emacs /etc/skel/.gnu-emacs /etc/skel/.vimrc /etc/csh.
19.4 Language and Country-Specific Settings The system is, to a very large extent, internationalized and can be flexibly modified for local needs. In other words, internationalization (I18N) allows specific localizations (L10N). The abbreviations I18N and L10N are derived from the first and last letters of the words and, in between, the number of letters omitted. Settings are made with LC_ variables defined in the file /etc/sysconfig/ language.
19.4.1 Some Examples You should always set the language and country codes together. Language settings follow the standard ISO 639 available at http://www.evertype.com/ standards/iso639/iso639-en.html and http://www.loc.gov/ standards/iso639-2/. Country codes are listed in ISO 3166 available at http:// www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/en_listp1 .html. It only makes sense to set values for which usable description files can be found in /usr/lib/locale.
profile. /etc/SuSEconfig/csh.cshrc is sourced by /etc/csh.cshrc. This makes the settings available systemwide. Users can override the system defaults by editing their ~/.bashrc accordingly. For instance, if you do not want to use the systemwide en_US for program messages, include LC_MESSAGES=es_ES so that messages are displayed in Spanish instead. 19.4.2 Locale Settings in ~/.i18n If you are not satisfied with locale system defaults, change the settings in ~/.i18n according to the Bash scripting syntax.
or LANG="nb_NO" LANGUAGE="nb_NO:nn_NO:no" Note that in Norwegian, LC_TIME is also treated differently. One problem that can arise is a separator used to delimit groups of digits not being recognized properly. This occurs if LANG is set to only a two-letter language code like de, but the definition file glibc uses is located in /usr/share/lib/de_DE/LC _NUMERIC. Thus LC_NUMERIC must be set to de_DE to make the separator definition visible to the system. 19.4.
Dynamic Kernel Device Management with udev 20 The kernel can add or remove almost any device in a running system. Changes in the device state (whether a device is plugged in or removed) need to be propagated to userspace. Devices need to be configured as soon as they are plugged in and recognized. Users of a certain device need to be informed about any changes in this device's recognized state.
is copied to the /dev directory with the same ownership and permissions as the files in /lib/udev/devices. 20.2 Kernel uevents and udev The required device information is exported by the sysfs file system. For every device the kernel has detected and initialized, a directory with the device name is created. It contains attribute files with device-specific properties. Every time a device is added or removed, the kernel sends a uevent to notify udev of the change.
Every device driver carries a list of known aliases for devices it can handle. The list is contained in the kernel module file itself. The program depmod reads the ID lists and creates the file modules.alias in the kernel's /lib/modules directory for all currently available modules. With this infrastructure, module loading is as easy as calling modprobe for every event that carries a MODALIAS key.
20.5 Monitoring the Running udev Daemon The program udevadm monitor can be used to visualize the driver core events and the timing of the udev event processes. UEVENT[1185238505.276660] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UDEV [1185238505.279198] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1 (usb) UEVENT[1185238505.279527] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UDEV [1185238505.285573] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UEVENT[1185238505.
REL=103 MODALIAS=input:b0003v046DpC03Ee0110-e0,1,2,k110,111,112,r0,1,8,amlsfw udev also sends messages to syslog. The default syslog priority that controls which messages are sent to syslog is specified in the udev configuration file /etc/udev/ udev.conf. The log priority of the running daemon can be changed with udevadm control log_priority=level/number. 20.
The console rule consists of three keys: one match key (KERNEL) and two assign keys (MODE, OPTIONS). The KERNEL match rule searches the device list for any items of the type console. Only exact matches are valid and trigger this rule to be executed. The MODE key assigns special permissions to the device node, in this case, read and write permissions to the owner of this device only. The OPTIONS key makes this rule the last rule to be applied to any device of this type.
• A key's operation is determined by the operator. udev rules support several different operators. • Each given value must be enclosed by quotation marks. • Each line of the rules file represents one rule. If a rule is longer than just one line, use \ to join the different lines just as you would do in shell syntax. • udev rules support a shell-style pattern that matches the *, ?, and [] patterns. • udev rules support substitutions. 20.6.
20.6.2 Using Substitutions in udev Rules udev rules support the use of placeholders and substitutions. Use them in a similar fashion as you would do in any other scripts. The following substitutions can be used with udev rules: %r, $root The device directory, /dev by default. %p, $devpath The value of DEVPATH. %k, $kernel The value of KERNEL or the internal device name. %n, $number The device number. %N, $tempnode The temporary name of the device file. %M, $major The major number of the device.
$$ The $ character. 20.6.3 Using udev Match Keys Match keys describe conditions that must be met before a udev rule can be applied. The following match keys are available: ACTION The name of the event action, for example, add or remove when adding or removing a device. DEVPATH The device path of the event device, for example, DEVPATH=/bus/pci/drivers/ipw3945 to search for all events related to the ipw3945 driver. KERNEL The internal (kernel) name of the event device.
ATTRS{filename} Let udev search the device path upwards for a device with matching sysfs attribute values. ENV{key} The value of an environment variable, for example, ENV{ID_BUS}="ieee1394 to search for all events related to the FireWire bus ID. PROGRAM Let udev execute an external program. To be successful, the program must return with exit code zero. The program's output, printed to stdout, is available to the RESULT key. RESULT Match the output string of the last PROGRAM call.
ATTR{key} Specify a value to be written to a sysfs attribute of the event device. If the == operator is used, this key is also used to match against the value of a sysfs attribute. ENV{key} Tell udev to export a variable to the environment. If the == operator is used, this key is also used to match against an environment variable. RUN Tell udev to add a program to the list of programs to be executed for this device.
• last_rule tells udev to ignore all later rules. • ignore_device tells udev to ignore this event completely. • ignore_remove tells udev to ignore all later remove events for the device. • all_partitions tells udev to create device nodes for all available partitions on a block device. 20.
20.8 Files used by udev /sys/* Virtual file system provided by the Linux kernel, exporting all currently known devices. This information is used by udev to create device nodes in /dev /dev/* Dynamically created device nodes and static content copied at boot time from /lib/udev/devices/* The following files and directories contain the crucial elements of the udev infrastructure: /etc/udev/udev.conf Main udev configuration file. /etc/udev/rules.d/* udev event matching rules.
udevd Information about the udev event managing daemon.
21 Shell Basics When working with Linux these days, you can communicate with the system almost without ever requiring a command line interpreter (the shell). After booting your Linux system, you are usually directed to a graphical user interface that guides you through the login process and the following interactions with the operating system. The graphical user interface in Linux (the X Window System or X11) is initially configured during installation.
21.1 Starting a Shell Basically, there are two different ways to start a shell from the graphical user interface which usually shows after you have booted your computer: • you can leave the graphical user interface or • you can start a terminal window within the graphical user interface. While the first option is always available, you can only make use of the second option when you are already logged in to a desktop such as KDE or GNOME.
When you are already logged in to the GNOME or the KDE desktop and want to start a terminal window within the desktop, press Alt + F2 and enter konsole (for KDE) or gnome-terminal (for GNOME). This opens a terminal window on your desktop. As you are already logged in to your desktop, the prompt shows information about your system as described above. You can now enter commands and execute tasks just like in any shell which runs parallel to your desktop.
tux@knox:~> ls bin Desktop Documents public_html tux.txt tux@knox:~> Files in Linux may have a file extension or a suffix, such as .txt, but do not need to have one. This makes it difficult to differentiate between files and folders in this output of the ls. By default, the colors in the Bash shell give you a hint: directories are usually shown in blue, files in black. 21.2.
Usually, you can combine several options by prefixing only the first option with a hyphen and then write the others consecutively without a blank. For example, if you want to see all files in a directory in long listing format, you can combine the two options -l and -a (show all files) for the ls command. Executing ls -la shows also hidden files in the directory, indicated by a dot in front (for example, .hiddenfile). The list of contents you get with ls is sorted alphabetically by filenames.
ment with Home and End. End this viewing mode by pressing Q. Learn more about the man command itself with man man. Info Pages Info pages usually provide even more information about commands. To view the info page for a certain command, enter info followed by the name of the command (for example, info ls). You can browse an info page with a viewer directly in the shell and display the different sections, called “nodes.” Use Space to move forward and <— to move backwards.
Shortcut Key Function Ctrl + D Closes the shell session. ↑, ↓ Browses in the history of executed commands. 21.3 Working with Files and Directories To address a certain file or directory, you must specify the path leading to that directory or file. As you may know from MS DOS or Mac OS already, there are two ways to specify a path: Absolute Path Enter the entire path from the root directory to the relevant file or directory.
When specifying paths, the following “shortcuts” can save you a lot of typing: • The tilde symbol (~) is a shortcut for home directories. For example, to list the contents of your home directory, use ls ~. To list the contents of another user's home directory, enter ls ~username (or course, this will only work if you have permission to view the contents, see Section 21.5, “File Access Permissions” (page 311)). For example, entering ls ~tux would list the contents of the home directory of a user named tux.
mkdir stands for “make directory”. This command creates a new directory named test in the /tmp directory. In this case, you are using an absolute path to create the test directory. 2 To check what happened, now enter ls -l /tmp The new directory test should appear in the list of contents of the /tmp directory. 3 Switch to the newly created directory with cd /tmp/test Procedure 21.2 Creating and Copying Files Now create a new file in a subdirectory of your home directory and copy it to /tmp/ test.
Usually, the touch command updates the modification and access date for an existing file. If you use touch with a filename which does not exist in your target directory, it creates a new file. 3 Enter ls -l ~/Documents The new file should appear in the list of contents. 4 To copy the newly created file, enter cp ~/Documents/myfile.txt . Do not forget the dot at the end. This command tells Bash to go to your home directory and to copy myfile.
• to rename a file or a directory, • to move a file or directory to a new location or • to do both in one step. 3 Coming to the conclusion that you do not need the file any longer, you can delete it by entering rm tuxfile.txt Bash deletes the file without any confirmation. 4 Move up one level with cd .. and check with ls -l test if the test directory is empty now. 5 If yes, you can remove the test directory by entering rmdir test 21.
is correct, a hash symbol # appears at the end of the prompt, signaling that you are acting as root now. 3 Execute your task. For example, transfer ownership of a file to a new user which only root is allowed to do: chown wilber kde_quick.xml 4 After having completed your tasks as root, switch back to your normal user account. To do so, enter exit The hash symbol disappears and you are acting as “normal” user again. 21.4.
21.5 File Access Permissions In Linux, objects such as files or folders or processes generally belong to the user who created or initiated them. There are some exceptions to this rule. For more information about the exceptions, refer to Chapter 10, Access Control Lists in Linux (↑Security Guide). The group which is associated with a file or a folder depends on the primary group the user belongs to when creating the object.
permissions the first column of the list must be examined more closely. Let's have a look at the file kde-start.xml: Type User Permissions Group Permissions Permissions for Others - rw- r-- r-- The first column of the list consists of one leading character followed by nine characters grouped in three blocks. The leading character indicates the file type of the object: in this case, the hyphen (–) shows that kde-start.xml is a file.
Access Permission File Folder have execute permission for the directory, they can nevertheless access certain files in this directory if they know of their existence. Write (w) Users can change the file: They can Users can create, rename or delete add or drop data and can even delete files in the directory. the contents of the file.
predefined scheme. For further details refer to Section 21.5, “File Access Permissions” (page 311). As the owner of a file or directory (and, of course, as root), you can change the access permissions to this object.
Procedure 21.4 Changing Access Permissions Suppose you are tux and want to modify the access permissions to your files: 1 If you want to grant the users group also write access to kde-start.xml, enter chmod g+w kde-start.xml 2 To grant the users group and other users write access to kde-start.xml, enter chmod go+w kde-start.xml 3 To remove write access for all users, enter chmod -w kde-start.
You should get the following output: -rw-r--r-- 1 wilber users 47896 2006-06-21 09:46 kde_quick.xml 4 If the ownership is set according to your wishes, switch back to your normal user account. 21.6 Useful Features of the Shell As you probably noticed in the examples above, entering commands in Bash can include a lot of typing. In the following, get to know some features of the Bash that can make your work a lot easier and save a lot of typing.
Completion Completing a filename or directory name to its full length after typing its first letters is another helpful feature of Bash. To do so, type the first letters then press →| (Tabulator). If the filename or path can be uniquely identified, it is completed at once and the cursor moves to the end of the filename. You can then enter the next option of the command, if necessary.
Procedure 21.6 Using History and Completion If you already did the example Section 21.3.1, “Examples for Working with Files and Directories” (page 306) your shell buffer should be filled with commands which you can retrieve using the history function. 1 Press ↑ repeatedly until cd ~ appears. 2 Press Enter to execute the command and to switch to your home directory. By default, your home directory contains two subdirectories starting with the same letter, Documents and Desktop. 3 Enter cd D and press →|.
You can do this consecutively (do not forget to use the Bash history function) or with only one touch command: simply add several filenames separated by a space. 1b Create at least two files that have the same file extension, for example .html. 1c To create several “versions” of one file, enter touch myfile{1..5}.txt This command creates five consecutively numbered files: myfile1.txt,…,myfile5.txt 1d List the contents of your home directory.
2c To remove, for example, version 1-3 and version 5 of myfile.txt, enter rm myfile[1-3,5].txt 2d Check the result with ls -l Of all myfile.txt versions only myfile4.txt should be left. You can also combine several wild cards in one command. In the example above, rm myfile[1-3,5].* would lead to the same result as rm myfile[1-3,5].txt because there are only files with the extension .txt available.
extended mode In this mode, also known as colon mode (as you have to enter a colon to switch to this mode), vi can execute also more complex tasks such as searching and replacing text. In the following (very simple) example, you will learn how to open and edit a file with vi, how to save your changes and quit vi. 21.7.1 Example: Editing with vi NOTE: Display of Keys In the following, find several commands that you can enter in vi by just pressing keys. These appear in uppercase as on a keyboard.
21.8 Searching for Files or Contents Bash offers you several commands to search for files and to search for the contents of files: locate This utility is only available if you have installed the findutils-locate package. With this command you can find out in which directory a specified file is located. If desired, use wild cards to specify filenames. The program is very quick, because it uses a database specifically created for the purpose (rather than searching through the entire file system).
You will see that locate displays all file names in the database that contain the string .kde or .gnome anywhere. To learn how to modify this behavior refer to the man page of locate. 2 To search your home directory for all occurrences of filenames that contain the file extension .txt, use find ~ -name '*.
less With less, display the whole contents of a text file. To move up and down half a page use Page ↑ and Page ↓. Use Space to scroll down one page. Home takes you to the beginning, and End to the end of the document. To end the viewing mode, press Q. more Instead of less, you can also use the older program more. It has basically the same function—however, it is less convenient because it does not allow you to scroll backwards. Use Space to move forward.
21.10.1 Examples for Redirection and Pipe 1 To write the output of a command like ls to a file, enter ls -l > filelist.txt This creates a file named filelist.txt that contains the list of contents of your current directory as generated by the ls command. However, if a file named filelist.txt already exists, this command overwrites the existing file. To prevent this, use >> instead of >. Entering ls -l >> filelist.txt simply appends the output of the ls command to an already existing file named filelist.
21.11 Starting Programs and Handling Processes As you have seen in Section 21.7, “Editing Texts” (page 320), programs can be started from the shell. Applications with a graphical user interface need the X Window System and can only be started from a terminal window within a graphical user interface. For example, if you want to open a file named vacation.pdf in your home directory from a terminal window in KDE or GNOME, simply run okular ~/vacation.pdf (or evince ~/vacation.
In case a program cannot be terminated in the normal way, use the kill command to stop the process (or processes) belonging to that program. To do so, specify the process ID (PID) shown by the output of ps. For example, to shut down the KWrite editor in the example above, enter kill 30187 This sends a TERM signal that instructs the program to shut itself down.
In the following overview, the individual command elements are written in different typefaces. The actual command and its mandatory options are always printed as command option. Specifications or parameters that are not required are placed in [square brackets]. Adjust the settings to your needs. It makes no sense to write ls file if no file named file actually exists. You can usually combine several parameters, for example, by writing ls -la instead of ls -l -a. 21.12.
-b Creates a backup copy of the source before moving -i Waits for confirmation, if necessary, before an existing targetfile is overwritten rm [options] files Removes the specified files from the file system. Directories are not removed by rm unless the option -r is used. -r Deletes any existing subdirectories -i Waits for confirmation before deleting each file ln [options] source target Creates an internal link from source to target. Normally, such a link points directly to source on the same file system.
-R Changes files and directories in all subdirectories chgrp [options] groupname files Transfers the group ownership of a given file to the group with the specified group name. The file owner can change group ownership only if a member of both the current and the new group. chmod [options] mode files Changes the access permissions. The mode parameter has three parts: group, access, and access type.
As an alternative, a numeric code can be used. The four digits of this code are composed of the sum of the values 4, 2, and 1—the decimal result of a binary mask. The first digit sets the set user ID (SUID) (4), the set group ID (2), and the sticky (1) bits. The second digit defines the permissions of the owner of the file. The third digit defines the permissions of the group members and the last digit sets the permissions for all other users.
-x Unpacks files from an archive (extraction) -z Packs the resulting archive with gzip -j Compresses the resulting archive with bzip2 -v Lists files processed The archive files created by tar end with .tar. If the tar archive was also compressed using gzip, the ending is .tgz or .tar.gz. If it was compressed using bzip2, the ending is .tar.bz2. locate patterns This command is only available if you have installed the findutils-locate package.
21.12.1.2 Commands to Access File Contents file [options] [files] With file, detect the contents of the specified files. -z Tries to look inside compressed files cat [options] files The cat command displays the contents of a file, printing the entire contents to the screen without interruption. -n Numbers the output on the left margin less [options] files This command can be used to browse the contents of the specified file.
diff [options] file1 file2 The diff command compares the contents of any two files. The output produced by the program lists all lines that do not match. This is frequently used by programmers who need only to send their program alterations and not the entire source code. -q Only reports whether the two files differ -u Produces a “unified” diff, which makes the output more readable 21.12.1.
21.12.2 System Commands The following section lists a few of the most important commands needed for retrieving system information and controlling processes and the network. 21.12.2.1 System Information df [options] [directory] The df (disk free) command, when used without any options, displays information about the total disk space, the disk space currently in use, and the free space on all the mounted drives.
-b Output in bytes -k Output in kilobytes -m Output in megabytes date [options] This simple program displays the current system time. If run as root, it can also be used to change the system time. Details about the program are available in the date(1) man page. 21.12.2.2 Processes top [options] top provides a quick overview of the currently running processes. Press H to access a page that briefly explains the main options for customizing the program.
killall [options] processname This command is similar to kill, but uses the process name (instead of the process ID) as an argument, killing all processes with that name. 21.12.2.3 Network ping [options] hostname_or_IP address The ping command is the standard tool for testing the basic functionality of TCP/IP networks. It sends a small data packet to the destination host, requesting an immediate reply.
21.12.2.4 Miscellaneous passwd [options] [username] Users may change their own passwords at any time using this command. The administrator root can use the command to change the password of any user on the system. su [options] [username] The su command makes it possible to log in under a different username from a running session. Specify a username and the corresponding password. The password is not required from root, because root is authorized to assume the identity of any user.
22 Bash and Bash Scripts These days many people use computers with a graphical user interface (GUI) like KDE or GNOME. Although they offer lots of features, their use is limited when it comes to the execution of automatical tasks. Shells are a good addition to GUIs and this chapter gives you an overview of some aspects of shells, in this case Bash. 22.1 What is “The Shell”? Traditionally, the shell is Bash (Bourne again Shell). When this chapter speaks about “the shell” it means Bash.
Depending on which type of shell you use, different configuration files are being read. The following tables show the login and non-login shell configuration files. Table 22.1 Bash Configuration Files for Login Shells File Description /etc/profile Do not modify this file, otherwise your modifications can be destroyed during your next update! /etc/profile.local Use this file if you extend /etc/profile /etc/profile.d/ Contains system-wide configuration files for specific programs ~/.
22.1.2 The Directory Structure The following table provides a short overview of the most important higher-level directories that you find on a Linux system. Find more detailed information about the directories and important subdirectories in the following list. Table 22.4 Overview of a Standard Directory Tree Directory Contents / Root directory—the starting point of the directory tree. /bin Essential binary files, such as commands that are needed by both the system administrator and normal users.
Directory Contents /srv Data for services provided by the system. /tmp Temporary files. /usr Secondary hierarchy with read-only data. /var Variable data such as log files. /windows Only available if you have both Microsoft Windows* and Linux installed on your system. Contains the Windows data.
here in the form of hidden files and directories. KDE users find the personal configuration data for their desktop in .kde4 and GNOME users find it in .gconf. NOTE: Home Directory in a Network Environment If you are working in a network environment, your home directory may be mapped to a directory in the file system other than /home. /lib Contains the essential shared libraries needed to boot the system and to run the commands in the root file system.
/tmp This directory is used by programs that require temporary storage of files. IMPORTANT: Cleaning up /tmp at Boot Time Data stored in /tmp are not guaranteed to survive a system reboot. It depends, for example, on settings in /etc/sysconfig/cron. /usr /usr has nothing to do with users, but is the acronym for UNIX system resources. The data in /usr is static, read-only data that can be shared among various hosts compliant with the Filesystem Hierarchy Standard (FHS).
If HOWTOs are installed on your system /usr/share/doc also holds the howto subdirectory in which to find additional documentation on many tasks related to the setup and operation of Linux software. /var Whereas /usr holds static, read-only data, /var is for data which is written during system operation and thus is variable data, such as log files or spooling data. For an overview of the most important log files you can find under /var/log/, refer to Table “Log Files” (↑Start-Up).
Before you can run this script you need some prerequisites: 1. Every script should contain a Shebang line (this is already the case with our example above). If a script does not have this line, you have to call the interpreter manually. 2. Save the script to a directory where the shell can find it. The search path in a shell is determined by the environment variable PATH. Usually a normal user does not have write access to /usr/bin.
Command > File Saves the output of the command into a file, an existing file will be deleted. For example, the ls command writes its output into the file listing.txt: ls > listing.txt Command >> File Appends the output of the command to a file. For example, the ls command appends its output to the file listing.txt: ls >> listing.txt Command < File Reads the file as input for the given command.
alias lt='ls -ltr' To view all alias definitions, use alias. Remove your alias with unalias. 22.5 Using Variables in Bash A shell variable can be global or local. Global variables, or environment variables, can be accessed in all shells. In contrast, local variables are visible in the current shell only. To view all environment variables, use the printenv command.
LANG when a tool is localized, it uses the language from this environment variable. English can also be set to C PATH the search path of the shell, a list of directories separated by colon PS1 specifies the normal prompt printed before each command PS2 specifies the secondary prompt printed when you execute a multi-line command PWD current working directory USER the current user 22.5.1 Using Argument Variables For example, if you have the script foo.sh you can execute it like this: foo.
${VAR#pattern} removes the shortest possible match from the left: file=/home/tux/book/book.tar.bz2 echo ${file#*/} home/tux/book/book.tar.bz2 ${VAR##pattern} removes the longest possible match from the left: file=/home/tux/book/book.tar.bz2 echo ${file##*/} book.tar.bz2 ${VAR%pattern} removes the shortest possible match from the right: file=/home/tux/book/book.tar.bz2 echo ${file%.*} /home/tux/book/book.tar ${VAR%%pattern} removes the longest possible match from the right: file=/home/tux/book/book.tar.
Command1 ; Command2 executes the commands in sequential order. The exit code is not checked. The following line displays the content of the file with cat and then prints its file properties with ls regardless of their exit codes: cat filelist.txt ; ls -l filelist.txt Command1 && Command2 runs the right command, if the left command was successful (logical AND).
22.7.1 The if Control Command The if command is used to check expressions. For example, the following code tests whether the current user is Tux: if test $USER = "tux" ; then echo "Hello Tux." else echo "You are not Tux." fi The test expression can be as complex or simple as possible. The following expression checks if the file foo.txt exists: if test -e /tmp/foo.txt ; then echo "Found foo.txt" fi The test expression can also be abbreviated in angled brackets: if [ -e /tmp/foo.
• http://tldp.org/LDP/Bash-Beginners-Guide/html/index .html—Bash Guide for Beginners • http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html—BASH Programming - Introduction HOW-TO • http://tldp.org/LDP/abs/html/index.html—Advanced BashScripting Guide • http://www.grymoire.com/Unix/Sh.
Part V.
23 Basic Networking Linux offers the necessary networking tools and features for integration into all types of network structures. Network access using a network card, modem or other device can be configured with YaST. Manual configuration is also possible. In this chapter only the fundamental mechanisms and the relevant network configuration files are covered. Linux and other Unix operating systems use the TCP/IP protocol.
Table 23.1 Several Protocols in the TCP/IP Protocol Family Protocol Description TCP Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system. The data arrives at the respective application on the destination host in the original data stream format it was initially sent. TCP determines whether any data has been lost or jumbled during the transmission.
Figure 23.1 Simplified Layer Model for TCP/IP The diagram provides one or two examples for each layer. The layers are ordered according to abstraction levels. The lowest layer is very close to the hardware. The uppermost layer, however, is almost a complete abstraction from the hardware. Every layer has its own special function. The special functions of each layer are mostly implicit in their description. The data link and physical layers represent the physical network used, such as ethernet.
located at the end of the packet, not at the beginning. This simplifies things for the network hardware. Figure 23.2 TCP/IP Ethernet Packet When an application sends data over the network, the data passes through each layer, all implemented in the Linux kernel except the physical layer. Each layer is responsible for preparing the data so it can be passed to the next layer. The lowest layer is ultimately responsible for sending the data. The entire procedure is reversed when data is received.
23.1.1 IP Addresses Every computer on the Internet has a unique 32-bit address. These 32 bits (or 4 bytes) are normally written as illustrated in the second row in Example 23.1, “Writing IP Addresses” (page 361). Example 23.1 Writing IP Addresses IP Address (binary): 11000000 10101000 00000000 00010100 IP Address (decimal): 192. 168. 0. 20 In decimal form, the four bytes are written in the decimal number system, separated by periods. The IP address is assigned to a host or a network interface.
Example 23.2 Linking IP Addresses to the Netmask IP address (192.168.0.20): 11000000 10101000 00000000 00010100 Netmask (255.255.255.0): 11111111 11111111 11111111 00000000 --------------------------------------------------------------Result of the link: 11000000 10101000 00000000 00000000 In the decimal system: 192. 168. 0. 0 IP address (213.95.15.200): 11010101 10111111 00001111 11001000 Netmask (255.255.255.
Address Type Description ple therefore results in 192.168.0.255. This address cannot be assigned to any hosts. Local Host The address 127.0.0.1 is assigned to the “loopback device” on each host. A connection can be set up to your own machine with this address and with all addresses from the complete 127.0.0.0/8 loopback network as defined with IPv4. With IPv6 there is just one loopback address (::1). Because IP addresses must be unique all over the world, you cannot just select random addresses.
As mentioned, an IPv4 address consists of only 32 bits. Also, quite a few IP addresses are lost—they cannot be used due to the way in which networks are organized. The number of addresses available in your subnet is two to the power of the number of bits, minus two. A subnetwork has, for example, 2, 6, or 14 addresses available.
from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery (ND) protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server or the usage of ARP and 169.254.0.0/16 addresses.
servers to address hosts through multicasting—by addressing a number of hosts as parts of a group (which is different from addressing all hosts through broadcasting or each host individually through unicasting). Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers (the all name servers multicast group), for example, or all routers (the all routers multicast group). 23.2.
for some reason, the protocol automatically selects the second closest server, then the third one, and so forth. An IPv6 address is made up of eight four-digit fields, each representing 16 bits, written in hexadecimal notation. They are separated by colons (:). Any leading zero bytes within a given field may be dropped, but zeros within the field or at its end may not. Another convention is that more than four consecutive zero bytes may be collapsed into a double colon.
Prefix (hex) Definition Several special addresses, such as the one for the loopback device, have this prefix as well. 2 or 3 as the first digit Aggregatable global unicast addresses. As is the case with IPv4, an interface can be assigned to form part of a certain subnetwork. Currently, there are the following address spaces: 2001::/16 (production quality address space) and 2002::/16 (6to4 address space). fe80::/10 Link-local addresses.
the remaining 24 bits containing special information about the token type. This also makes it possible to assign an EUI-64 token to interfaces that do not have a MAC, such as those based on PPP or ISDN. On top of this basic structure, IPv6 distinguishes between five different types of unicast addresses: :: (unspecified) This address is used by the host as its source address when the interface is initialized for the first time—when the address cannot yet be determined by other means.
face ID, and a 16 bit field specifying the subnetwork ID. Again, the rest is filled with zero bytes. As a completely new feature introduced with IPv6, each network interface normally gets several IP addresses, with the advantage that several networks can be accessed through the same interface.
across an IPv4 network. Such a connection between two IPv4 hosts is called a tunnel. To achieve this, packets must include the IPv6 destination address (or the corresponding prefix) as well as the IPv4 address of the remote host at the receiving end of the tunnel. A basic tunnel can be configured manually according to an agreement between the hosts' administrators. This is also called static tunneling.
enter modprobe -i ipv6 as root. It is basically impossible to unload the ipv6 module once loaded. Because of the autoconfiguration concept of IPv6, the network card is assigned an address in the link-local network. Normally, no routing table management takes place on a workstation. The network routers can be queried by the workstation, using the router advertisement protocol, for what prefix and gateways should be implemented. The radvd program can be used to set up an IPv6 router.
23.3 Name Resolution DNS assists in assigning an IP address to one or more names and assigning a name to an IP address. In Linux, this conversion is usually carried out by a special type of software known as bind. The machine that takes care of this conversion is called a name server. The names make up a hierarchical system in which each name component is separated by a period. The name hierarchy is, however, independent of the IP address hierarchy described above. Consider a complete name, such as jupiter.
at all. The dial-up protocol provides the name server address as the connection is made. The configuration of name server access with openSUSE® is described in Section 23.4.1.4, “Configuring Hostname and DNS” (page 383). Setting up your own name server is described in Chapter 25, The Domain Name System (page 421). The protocol whois is closely related to DNS. With this program, quickly find out who is responsible for any given domain. NOTE: MDNS and .local Domain Names The .
23.4.1 Configuring the Network Card with YaST To configure your wired or wireless network card in YaST, select Network Devices > Network Settings. After starting the module, YaST displays the Network Settings dialog with four tabs: Global Options, Overview, Hostname/DNS and Routing. The Global Options tab allows you to set general networking options such as the use of NetworkManager, IPv6 and general DHCP options. For more information, see Section 23.4.1.
Figure 23.3 Configuring Network Settings 23.4.1.1 Configuring Global Networking Options The Global Options tab of the YaST Network Settings module allows you to set important global networking options, such as the use of NetworkManager, IPv6 and DHCP client options. These settings are applicable for all network interfaces. In the Network Setup Method choose the way network connections are managed.
In the IPv6 Protocol Settings choose whether you want to use the IPv6 protocol. It is possible to use IPv6 together with IPv4. By default, IPv6 is activated. However, in networks not using IPv6 protocol, response times can be faster with IPv6 protocol disabled. If you want to disable IPv6, uncheck the Enable IPv6 option. This disables autoload of the kernel module for IPv6. This will be applied after reboot. In the DHCP Client Options configure options for the DHCP client.
If using Dynamic Address, select whether to use DHCP Version 4 Only (for IPv4), DHCP Version 6 Only (for IPv6) or DHCP Both Version 4 and 6. If possible, the first network card with link that is available during the installation is automatically configured to use automatic address setup via DHCP. In case of laptop computers where NetworkManager is active by default, all network cards are configured.
Configuring Aliases One network device can have multiple IP addresses, called aliases. NOTE: Aliases Are a Compatibility Feature These so-called aliases resp. labels work with IPv4 only. With IPv6 they will be ignored. Using iproute2 network interfaces can have one or more addresses. Using YaST to set an alias for your network card, proceed as follows: 1 Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit.
4 To change the device name, check the Change Device Name option and edit the name. 5 Click OK and Next. 6 To activate the configuration, click OK. Changing Network Card Kernel Driver For some network cards, several kernel drivers may be available. If the card is already configured, YaST allows you to select a kernel driver to be used from a list of available suitable drivers. It is also possible to specify options for the kernel driver.
Hotplug, the interface is set as soon as available. It is similar to the At Boot Time option, and only differs in the fact that no error occurs if the interface is not present at boot time. Choose Manually to control the interface manually with ifup. Choose Never to not start the device at all. The On NFSroot is similar to At Boot Time, but the interface does not shut down with the rcnetwork stop command. Use this if you use an nfs or iscsi root file system. 3 Click Next.
2 Enter the General tab of the Network Settings dialog. 3 Determine the firewall zone to which your interface should be assigned. The following options are available: Firewall Disabled This option is available only if the firewall is disabled and the firewall does not run at all. Only use this option if your machine is part of a greater network that is protected by an outer firewall. Automatically Assign Zone This option is available only if the firewall is enabled.
as bridge, bond, TUN or TAP. To configure an undetected network card (or a special device) proceed as follows: 1 In the Network Devices > Network Settings > Overview dialog in YaST click Add. 2 In the Hardware dialog, set the Device Type of the interface from the available options and Configuration Name. If the network card is a PCMCIA or USB device, activate the respective check box and exit this dialog with Next.
To change the name of your computer and adjust the name server search list, proceed as follows: 1 Go to the Network Settings > Hostname/DNS tab in the Network Devices module in YaST. 2 Enter the Hostname and, if needed, the Domain Name. The domain is especially important if the machine is a mail server. Note that the hostname is global and applies to all set network interfaces. If you are using DHCP to get an IP address, the hostname of your computer will be automatically set by the DHCP.
STATIC The static settings have to be merged together with the dynamic settings. STATIC_FALLBACK The static settings are used only when no dynamic configuration is available. For more information, see the man 8 netconfig. 4 Enter the Name Servers and fill in the Domain Search list. Name servers must be specified by IP addresses, such as 192.168.1.116, not by hostnames. Names specified in the Domain Search tab are domain names used for resolving hostnames without a specified domain.
enter - metric number in Options. The route with the highest metric is used as default. If the network device is disconnected, its route will be removed and the next one will be used. However, the current kernel does not use metric in static routing, only routing daemons like multipathd do. 4 If the system is a router, enable the IP Forwarding option in the Network Settings. 5 To activate the configuration, click OK. 23.4.
Figure 23.4 Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone. The last option should not be enabled if the modem is connected to an exchange. Under Details, set the baud rate and the modem initialization strings.
In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP. This includes a name for the dial-up connection and ISP as well as the login and password provided by your ISP. Enable Always Ask for Password to be prompted for the password each time you connect.
IP address and the remote IP address. Ask your ISP for this information. Leave Default Route enabled and close the dialog by selecting OK. Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK. 23.4.3 ISDN Use this module to configure one or several ISDN cards for your system. If YaST did not detect your ISDN card, click on Add in the ISDN Devices tab and manually select your card.
your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option. Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots. Manually requires you to load the ISDN driver as root with the command rcisdn start. On Hotplug, used for PCMCIA or USB devices, loads the driver after the device is plugged in. When finished with these settings, select OK.
wrong number, your phone operator automatically falls back to the first MSN assigned to your ISDN line. ISDN Card Connected to a Private Branch Exchange Again, the configuration may vary depending on the equipment installed: 1. Smaller private branch exchanges (PBX) built for home purposes mostly use the Euro-ISDN (EDSS1) protocol for internal calls. These exchanges have an internal S0 bus and use internal numbers for the equipment connected to them. Use one of the internal numbers as your MSN.
When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next. To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99.
• Point-to-Point Tunneling Protocol (PPTP)—Austria In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way.
Figure 23.7 DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP.
23.5 NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. With NetworkManager, you do not need to worry about configuring network interfaces and switching between networks when you are moving. 23.5.1 NetworkManager and ifup However, NetworkManager is not a suitable solution for all cases, so you can still choose between the traditional method for managing network connections (ifup) and NetworkManager.
NetworkManager tries to keep your computer connected at all times using the best connection available. If the network cable is accidentally disconnected, it tries to reconnect. It can find the network with the best signal strength from the list of your wireless connections and automatically use it to connect. To get the same functionality with ifup, a great deal of configuration effort is required. 23.5.
Table 23.5 PolicyKit Identifiers for NetworkManager Identifier Description org.freedesktop.NetworkManager.enabledisable-network Enable or disable system networking org.freedesktop.NetworkManager.sleep-wake Put NetworkManager to sleep or wake it up org.freedesktop.NetworkManager.enabledisable-wwan Enable or disable mobile broadband devices org.freedesktop.NetworkManager.networkcontrol Allow control of network connections org.freedesktop.NetworkManager.
When the Kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the Kernel modules. The default Kernel device names are only predictable in very simple or tightly controlled hardware environments. Systems which allow adding or removing hardware during runtime or support automatic configuration of devices cannot expect stable network device names assigned by the Kernel across reboots.
Command Function rcnetwork restart-all-dhcp-clients you can stop or restart DHCP clients running on network interfaces. For more information about udev and persistent device names, see Chapter 20, Dynamic Kernel Device Management with udev (page 285). 23.6.1 Configuration Files This section provides an overview of the network configuration files and explains their purpose and the format used. 23.6.1.1 /etc/sysconfig/network/ifcfg-* These files contain the configurations for network interfaces.
where they are given a higher priority. The /etc/sysconfig/network/ifcfg .template file lists variables that can be specified in a per interface scope. However, most of the /etc/sysconfig/network/config variables are global and cannot be overridden in ifcfg-files. For example, NETWORKMANAGER or NETCONFIG_* variables are global. 23.6.1.3 /etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-* The static routing of TCP/IP packets is determined here.
The unified format for IPv4 and IPv6 now looks as follows: prefix/length gateway - [interface] And the so-called compatibility format looks accordingly: prefix gateway length [interface] For IPv4 you still can use the old format with netmask: ipv4-network gateway ipv4-netmask [interface] The following examples are equivalent: 2001:db8:abba:cafe::/64 2001:db8:abba:cafe::dead 208.77.188.0/24 208.77.188.166 - eth0 eth0 2001:db8:abba:cafe:: 208.77.188.0 2001:db8:abba:cafe::dead 64 208.77.188.
NETCONFIG_DNS_FORWARDER defines the name of the DNS forwarder that has to be configured To disable DNS configuration using netconfig, set NETCONFIG_DNS_POLICY=''. For more information about netconfig, see man 8 netconfig. Example 23.5 /etc/resolv.conf # Our domain search example.com # # We use dns.example.com (192.168.1.116) as nameserver nameserver 192.168.1.116 23.6.1.5 /sbin/netconfig netconfig is a modular tool to manage additional network configuration settings.
the network configuration. The interface is specified by the -i interface_name parameter. The service is specified by the -s service_name parameter. update The netconfig update command updates the network configuration using current settings. This is useful when the policy or the static configuration has changed. Use the -m module_type parameter, if you want to update a specified service only (dns, nis, or ntp).
23.6.1.7 /etc/networks Here, network names are converted to network addresses. The format is similar to that of the hosts file, except the network names precede the addresses. See Example 23.7, “/etc/networks” (page 404). Example 23.7 /etc/networks loopback localnet 127.0.0.0 192.168.0.0 23.6.1.8 /etc/host.conf Name resolution—the translation of host and network names via the resolver library—is controlled by this file. This file is only used for programs linked to libc4 or libc5.
trim domainname The specified domain name is separated from the hostname after hostname resolution (as long as the hostname includes the domain name). This option is useful only if names from the local domain are in the /etc/hosts file, but should still be recognized with the attached domain names. Example 23.8 /etc/host.conf # We have named running order hosts bind # Allow multiple address multi on 23.6.1.9 /etc/nsswitch.conf The introduction of the GNU C Library 2.
The “databases” available over NSS are listed in Table 23.8, “Databases Available via /etc/nsswitch.conf” (page 406). The configuration options for NSS databases are listed in Table 23.9, “Configuration Options for NSS “Databases”” (page 407). Table 23.8 406 Databases Available via /etc/nsswitch.conf aliases Mail aliases implemented by sendmail; see man 5 aliases. ethers Ethernet addresses. netmasks List of network and their subnet masks. Only needed, if you use subnetting.
services Network services, used by getservent. shadow Shadow passwords of users, used by getspnam; see the shadow(5) man page. Table 23.9 Configuration Options for NSS “Databases” files directly access files, for example, /etc/aliases db access via a database nis, nisplus NIS, see also Chapter 3, Using NIS (↑Security Guide) dns can only be used as an extension for hosts and networks compat can only be used as an extension for passwd, shadow and group 23.6.1.10 /etc/nscd.
23.6.1.11 /etc/HOSTNAME This contains the fully qualified hostname with the domain name attached. This file is read by several scripts while the machine is booting. It must contain only one line (in which the hostname is set). 23.6.2 Testing the Configuration Before you write your configuration to the configuration files, you can test it. To set up a test configuration, use the ip command. To test the connection, use the ping command. Older configuration tools, ifconfig and route, are also available.
maddress This object represents a multicast address. mroute This object represents a multicast routing cache entry. tunnel This object represents a tunnel over IP. If no command is given, the default command is used (usually list). Change the state of a device with the command ip link set device_name command. For example, to deactivate device eth0, enter ip link set eth0 down. To activate it again, use ip link set eth0 up. After activating a device, you can configure it.
23.6.2.2 Testing a Connection with ping The ping command is the standard tool for testing whether a TCP/IP connection works. It uses the ICMP protocol to send a small data packet, ECHO_REQUEST datagram, to the destination host, requesting an immediate reply. If this works, ping displays a message to that effect, which indicates that the network link is basically functioning.
TIP: Pinging IPv6 Addresses For IPv6 addresses use the ping6 command. Note, to ping link-local addresses, you must specify the interface with -I. The following command works, if the address is reachable via eth1: ping6 -I eth1 fe80::117:21ff:feda:a425 23.6.2.3 Configuring the Network with ifconfig ifconfig is a network configuration tool. NOTE: ifconfig and ip The ifconfig tool is obsolete. Use ip instead. In contrast to ip, you can use ifconfig only for interface configuration.
Example 23.11 Output of the ifconfig Command eth0 Link encap:Ethernet HWaddr 00:08:74:98:ED:51 inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:634735 errors:0 dropped:0 overruns:4 frame:0 TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:162531992 (155.0 Mb) TX bytes:49575995 (47.2 Mb) Interrupt:11 Base address:0xec80 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.
Example 23.12 Output of the route -n Command route -n Kernel IP routing table Destination Gateway 10.20.0.0 * link-local * loopback * default styx.exam.com Genmask 255.255.248.0 255.255.0.0 255.0.0.0 0.0.0.0 Flags U U U UG MSS 0 0 0 0 Window 0 0 0 0 irtt 0 0 0 0 Iface eth0 eth0 lo eth0 For more options and information about using route, enter route -h or see the route (8) man page. 23.6.
/etc/init.d/ypbind Starts the NIS client. 23.7 smpppd as Dial-up Assistant Some home users do not have a dedicated line connecting them to the Internet. Instead, they use dial-up connections. Depending on the dial-up method (ISDN or DSL), the connection is controlled by ipppd or pppd. Basically, all that needs to be done to go online is to start these programs correctly.
bind-address = ip address If a host has several IP addresses, use this parameter to determine at which IP address smpppd should accept connections. The default is to listen at all addresses. host-range = min ipmax ip The parameter host-range defines a network range. Hosts whose IP addresses are within this range are granted access to smpppd. All hosts not within this range are denied access. password = password By assigning a password, limit the clients to authorized hosts.
port = port The port on which smpppd runs. password = password The password selected for smpppd.
SLP Services in the Network 24 The service location protocol (SLP) was developed to simplify the configuration of networked clients within a local network. To configure a network client, including all required services, the administrator traditionally needs detailed knowledge of the servers available in the network. SLP makes the availability of selected services known to all clients in the local network. Applications that support SLP can use the information distributed and be configured automatically.
24.2 Activating SLP slpd must run on your system to offer services with SLP. If the machine should only operate as client, and does not offer services, it is not necessary to run slpd. Like most system services in openSUSE, the slpd daemon is controlled by means of a separate init script. After the installation, the daemon is inactive by default. To activate it temporarily, run rcslpd start as root or rcslpd stop to stop it. Perform a restart or status check with restart or status.
24.5 Providing Services via SLP Many applications in openSUSE have integrated SLP support through the use of the libslp library. If a service has not been compiled with SLP support, use one of the following methods to make it available via SLP: Static Registration with /etc/slp.reg.d Create a separate registration file for each new service.
Dynamic Registration with slptool If a service needs to be registered dynamically without the need of configuration files, use the slptool command line utility. The same utility can also be used to deregister an existing service offering without restarting slpd. 24.6 For More Information RFC 2608, 2609, 2610 RFC 2608 generally deals with the definition of SLP. RFC 2609 deals with the syntax of the service URLs used in greater detail and RFC 2610 deals with DHCP via SLP. http://www.openslp.
The Domain Name System 25 DNS (domain name system) is needed to resolve the domain names and hostnames into IP addresses. In this way, the IP address 192.168.2.100 is assigned to the hostname jupiter, for example. Before setting up your own name server, read the general information about DNS in Section 23.3, “Name Resolution” (page 373). The following configuration examples refer to BIND. 25.1 DNS Terminology Zone The domain namespace is divided into regions called zones.
(not expired) zone data. If the slave cannot obtain a new copy of the zone data, it stops responding for the zone. Forwarder Forwarders are DNS servers to which your DNS server should send queries it cannot answer. To enable different configuration sources in one configuration, netconfig is used (see also man 8 netconfig). Record The record is information about name and IP address. Supported records and their syntax are described in BIND documentation.
a basic server configuration. Use the expert mode to deal with more advanced configuration tasks, such as setting up ACLs, logging, TSIG keys, and other options. 25.3.1 Wizard Configuration The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode. 1 When starting the module for the first time, the Forwarder Settings dialog, shown in Figure 25.
2 The DNS Zones dialog consists of several parts and is responsible for the management of zone files, described in Section 25.6, “Zone Files” (page 439). For a new zone, provide a name for it in Name. To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the Type (master, slave, or forward). See Figure 25.2, “DNS Server Installation: DNS Zones” (page 424). Click Edit to configure other settings of an existing zone. To remove a zone, click Delete. Figure 25.
Figure 25.3 DNS Server Installation: Finish Wizard 25.3.2 Expert Configuration After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place: 25.3.2.1 Start-Up Under Start-Up, define whether the DNS server should be started when the booting the system or manually. To start the DNS server immediately, click Start DNS Server Now. To stop the DNS server, click Stop DNS Server Now.
25.3.2.2 Forwarders If your local DNS server cannot answer a request, it tries to forward the request to a Forwarder, if configured so. This forwarder may be added manually to the Forwarder List. If the forwarder is not static like in dial-up connections, netconfig handles the configuration. For more information about netconfig, see man 8 netconfig. 25.3.2.3 Basic Options In this section, set basic server options.
Figure 25.4 DNS Server: Logging 25.3.2.5 ACLs Use this dialog to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under Name, specify an IP address (with or without netmask) under Value in the following fashion: { 192.168.1/24; } The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces. 25.3.2.
To generate a TSIG key, enter a distinctive name in the field labeled Key ID and specify the file where the key should be stored (Filename). Confirm your choices with Generate. To use a previously created key, leave the Key ID field blank and select the file where it is stored under Filename. After that, confirm with Add. 25.3.2.7 DNS Zones (Adding a Slave Zone) To add a slave zone, select DNS Zones, choose the zone type Slave, write the name of the new zone, and click Add.
Figure 25.5 DNS Server: Zone Editor (Basics) Zone Editor (NS Records) The NS Records dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. See Figure 25.6, “DNS Server: Zone Editor (NS Records)” (page 430).
Figure 25.6 DNS Server: Zone Editor (NS Records) Zone Editor (MX Records) To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. See Figure 25.7, “DNS Server: Zone Editor (MX Records)” (page 431).
Figure 25.7 DNS Server: Zone Editor (MX Records) Zone Editor (SOA) This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 25.6, “The /var/lib/named/example.com.zone File” (page 439).
Figure 25.8 DNS Server: Zone Editor (SOA) Zone Editor (Records) This dialog manages name resolution. In Record Key, enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. Use the types NS and MX for detailed or partial records that expand on the information provided in the NS Records and MX Records tabs. These three types resolve to an existing A record. PTR is for reverse zones.
25.4 Starting the BIND Name Server On a openSUSE® system, the name server BIND (Berkeley Internet Name Domain) comes preconfigured so it can be started right after installation without any problems. If you already have a functioning Internet connection and have entered 127.0.0.1 as the name server address for localhost in /etc/resolv.conf, you normally already have a working name resolution without needing to know the DNS of the provider.
To use the name server of the provider (or one already running on your network) as the forwarder, enter the corresponding IP address or addresses in the options section under forwarders. The addresses included in Example 25.1, “Forwarding Options in named.conf” (page 434) are just examples. Adjust these entries to your own setup. Example 25.1 Forwarding Options in named.conf options { directory "/var/lib/named"; forwarders { 10.11.12.13; 10.11.12.14; }; listen-on { 127.0.0.1; 192.168.1.
Example 25.2 A Basic /etc/named.conf options { directory "/var/lib/named"; forwarders { 10.0.0.1; }; notify no; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "." in { type hint; file "root.hint"; }; 25.5.1 Important Configuration Options directory "filename"; Specifies the directory in which BIND can find the files containing the zone data. Usually, this is /var/lib/named.
127.0.0.1 to permit requests from the local host. If you omit this entry entirely, all interfaces are used by default. listen-on-v6 port 53 {any; }; Tells BIND on which port it should listen for IPv6 client requests. The only alternative to any is none. As far as IPv6 is concerned, the server only accepts wild card addresses. query-source address * port 53; This entry is necessary if a firewall is blocking outgoing DNS requests.
tected at start-up. Otherwise, the interval can be defined in minutes. The default is sixty minutes. notify no; no prevents other name servers from being informed when changes are made to the zone data or when the name server is restarted. For a list of available options, read the manual page man 5 named.conf. 25.5.2 Logging What, how, and where logging takes place can be extensively configured in BIND. Normally, the default settings should be sufficient. Example 25.
Example 25.5 Zone Entry for example.net zone "example.net" in { type slave; file "slave/example.net.zone"; masters { 10.0.0.1; }; }; The zone options: type master; By specifying master, tell BIND that the zone is handled by the local name server. This assumes that a zone file has been created in the correct format. type slave; This zone is transferred from another name server. It must be used together with masters. type hint; The zone . of the hint type is used to set the root name servers.
25.6 Zone Files Two types of zone files are needed. One assigns IP addresses to hostnames and the other does the reverse: it supplies a hostname for an IP address. TIP: Using the Dot (Period, Fullstop) in Zone Files The "." has an important meaning in the zone files. If hostnames are given without a final ., the zone is appended. Complete hostnames specified with a full domain name must end with a . to avoid having the domain added to it again. A missing or wrongly placed ".
Line 2: This is where the SOA (start of authority) control record begins: • The name of the domain to administer is example.com in the first position. This ends with ".", because otherwise the zone would be appended a second time. Alternatively, @ can be entered here, in which case the zone would be extracted from the corresponding entry in /etc/named.conf. • After IN SOA is the name of the name server in charge as master for this zone. The name is expanded from dns to dns.example.
Line 7: The last entry in the SOA record specifies the negative caching TTL—the time for which results of unresolved DNS queries from other servers may be cached. Line 9: The IN NS specifies the name server responsible for this domain. dns is extended to dns.example.com because it does not end with a ".". There can be several lines like this—one for the primary and one for each secondary name server. If notify is not set to no in /etc/named.
The pseudodomain in-addr.arpa is used for the reverse lookup of IP addresses into hostnames. It is appended to the network part of the address in reverse notation. So 192.168 is resolved into 168.192.in-addr.arpa. See Example 25.7, “Reverse Lookup” (page 442). Example 25.7 Reverse Lookup 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. $TTL 2D 168.192.in-addr.arpa. 1.5 100.3 253.2 IN SOA dns.example.com. root.example.com. ( 2003072441 ; serial 1D ; refresh 2H ; retry 1W ; expiry 2D ) ; minimum IN NS dns.
the "." at the end. Appending the zone to this (without the .in-addr.arpa) results in the complete IP address in reverse order. Normally, zone transfers between different versions of BIND should be possible without any problems. 25.7 Dynamic Update of Zone Data The term dynamic update refers to operations by which entries in the zone files of a master server are added, changed, or deleted. This mechanism is described in RFC 2136.
The key itself (a string like ejIkuCyyGJwwuN3xAteKgg==) is found in both files. To use it for transactions, the second file (Khost1-host2.+157+34265.key) must be transferred to the remote host, preferably in a secure way (using scp, for example). On the remote server, the key must be included in the /etc/named.conf file to enable a secure communication between host1 and host2: key host1-host2 { algorithm hmac-md5; secret "ejIkuCyyGJwwuN3xAteKgg=="; }; WARNING: File Permissions of /etc/named.
25.9 DNS Security DNSSEC, or DNS security, is described in RFC 2535. The tools available for DNSSEC are discussed in the BIND Manual. A zone considered secure must have one or several zone keys associated with it. These are generated with dnssec-keygen, just like the host keys. The DSA encryption algorithm is currently used to generate these keys. The public keys generated should be included in the corresponding zone file with an $INCLUDE rule.
26 DHCP The purpose of the Dynamic Host Configuration Protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. If you use the NetworkManager on the client side, you do not need to configure the client at all.
and serves two address ranges, 192.168.2.10 to 192.168.2.20 and 192.168.2.100 192.168.2.200. A DHCP server supplies not only the IP address and the netmask, but also the hostname, domain name, gateway, and name server addresses for the client to use. In addition to that, DHCP allows a number of other parameters to be configured in a centralized way, for example, a time server from which clients may poll the current time or even a print server. 26.
Card Selection In the first step, YaST looks for the network interfaces available on your system and displays them in a list. From the list, select the interface to which the DHCP server should listen and click Select. After this, select Open Firewall for Selected Interfaces to open the firewall for this interface, and click Next. See Figure 26.1, “DHCP Server: Card Selection” (page 449). Figure 26.
Figure 26.2 DHCP Server: Global Settings Dynamic DHCP In this step, configure how dynamic IP addresses should be assigned to clients. To do so, specify an IP range from which the server can assign addresses to DHCP clients. All these addresses must be covered by the same netmask. Also specify the lease time during which a client may keep its IP address without needing to request an extension of the lease.
Figure 26.3 DHCP Server: Dynamic DHCP Finishing the Configuration and Setting the Start Mode After the third part of the configuration wizard, a last dialog is shown in which you can define how the DHCP server should be started. Here, specify whether to start the DHCP server automatically when the system is booted or manually when needed (for example, for testing purposes). Click Finish to complete the configuration of the server. See Figure 26.4, “DHCP Server: Start-Up” (page 451). Figure 26.
26.2 DHCP Software Packages Both the DHCP server and the DHCP clients are available for openSUSE. The DHCP server available is dhcpd (published by the Internet Systems Consortium). On the client side, choose between two different DHCP client programs: dhcp-client (also from ISC) and the DHCP client daemon in the dhcpcd package. openSUSE installs dhcpcd by default. The program is very easy to handle and is launched automatically on each system boot to watch for a DHCP server.
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd is not started. The sample file can be divided into three sections. The first one defines how many seconds an IP address is leased to a requesting client by default (default-lease-time) before it should apply for renewal.
unexpected problems with your configuration (the server aborts with an error or does not return done on start), you should be able to find out what has gone wrong by looking for information either in the main system log /var/log/messages or on console 10 (Ctrl + Alt + F10). On a default openSUSE system, the DHCP daemon is started in a chroot environment for security reasons. The configuration files must be copied to the chroot environment so the daemon can find them.
In the preceding example, a client with a network card having the MAC address 00:30:6E:08:EC:80 is assigned the IP address 192.168.2.100 and the hostname jupiter automatically. The type of hardware to enter is ethernet in nearly all cases, although token-ring, which is often found on IBM systems, is also supported. 26.3.2 The openSUSE Version To improve security, the openSUSE version of the ISC's DHCP server comes with the non-root/chroot patch by Ari Edelkind applied.
even after a restart of the syslog-ng daemon, there is an additional entry SYSLOGD_ADDITIONAL_SOCKET_DHCP in the file /etc/sysconfig/syslog. 26.4 For More Information More information about DHCP is available at the Web site of the Internet Systems Consortium (http://www.isc.org/products/DHCP/). Information is also available in the dhcpd, dhcpd.conf, dhcpd.leases, and dhcp-options man pages.
Time Synchronization with NTP 27 The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network. The goal is twofold—maintaining the absolute time and synchronizing the system time of all machines within a network. Maintaining an exact system time is important in many situations.
27.1.1 Basic Configuration The YaST NTP client configuration (Network Services > NTP Configuration) consists of tabs. Set the start mode of ntpd and the server to query on the General Settings tab. Figure 27.1 Advanced NTP Configuration: General Settings Only Manually Select Only Manually, if you want to configure everything on your own. Synchronize without Daemon On laptops and other machines that suspend automatically, select Synchronize without Daemon.
Now and On Boot Select Now and On Boot to start ntpd automatically when the system is booted. Either of 0.opensuse.pool.ntp.org, 1.opensuse.pool.ntp.org, 2.opensuse.pool.ntp.org, or 3.opensuse.pool.ntp.org is preselected. 27.1.2 Changing Basic Configuration The servers and other time sources for the client to query are listed in the lower part of the General Settings tab. Modify this list as needed with Add, Edit, and Delete. Display Log provides the possibility to view the log files of your client.
Server In the pull-down Select list (see Figure 27.2, “YaST: NTP Server” (page 459), determine whether to set up time synchronization using a time server from your local network (Local NTP Server) or an Internet-based time server that takes care of your time zone (Public NTP Server). For a local time server, click Lookup to start an SLP query for available time servers in your network. Select the most suitable time server from the list of search results and exit the dialog with OK.
local radio clock is available in /usr/share/doc/packages/ntp-doc/ refclock.html. Outgoing Broadcast Time information and queries can also be transmitted by broadcast in the network. In this dialog, enter the address to which such broadcasts should be sent. Do not activate broadcasting unless you have a reliable time source like a radio controlled clock.
Restrict NTP Service to Configured Servers Only increases the security of your system by disallowing remote computers to view and modify NTP settings of your computer and to use the trap facility for remote event logging. Once enabled, these restrictions apply to all remote computers, unless you override the access control options for individual computers in the list of time sources in the General Settings tab. For all other remote computers, only querying for local time is allowed.
27.3 Dynamic Time Synchronization at Runtime If the system boots without network connection, ntpd starts up, but it cannot resolve DNS names of the time servers set in the configuration file. This can happen if you use Network Manager with an encrypted WLAN. If you want ntpd to resolve DNS names at runtime, you must set the dynamic option. Then, when the network is establish some time after booting, ntpd looks up the names again and can reach the time servers to get the time. Manually edit /etc/ntp.
The clocks are entered in the file /etc/ntp.conf as though they existed in the network. For this purpose, they are assigned special IP addresses in the form 127.127.t.u. Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used. Normally, the individual drivers have special parameters that describe configuration details. The file /usr/share/doc/packages/ntp-doc/drivers/driverNN .
Sharing File Systems with NFS 28 Distributing and sharing file systems over a network is a common task in corporate environments. The proven NFS system works together with NIS, the yellow pages protocol. For a more secure protocol that works together with LDAP and may also be kerberized, check NFSv4. NFS with NIS makes a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network.
> Patterns and select File Server or use the Search option and search for NFS Server. Confirm the installation of the packages to finish the installation process. 28.2 Importing File Systems with YaST Authorized users can mount NFS directories from an NFS server into the local file tree using the YaST NFS client module. Click on Add and enter the hostname of the NFS server, the directory to import, and the mount point at which to mount this directory locally.
Figure 28.1 NFS Client Configuration with YaST 28.3 Importing File Systems Manually The prerequisite for importing file systems manually from an NFS server is a running RPC port mapper. Start it by entering rcrpcbind start as root. Then remote file systems can be mounted in the file system like local partitions using mount: mount host:remote-path local-path To import user directories from the nfs.example.com machine, for example, use: mount nfs.example.com:/home /home 28.3.
Now the /nfsmounts directory acts as the root for all the NFS mounts on the client if the auto.nfs file is filled appropriately. The name auto.nfs is chosen for the sake of convenience—you can choose any name. In auto.nfs add entries for all the NFS mounts as follows: localdata -fstype=nfs server1:/data nfs4mount -fstype=nfs4 server2:/ Activate the settings with rcautofs start as root.
28.4 Exporting File Systems with YaST With YaST, turn a host in your network into an NFS server—a server that exports directories and files to all hosts granted access to it. This could be done to provide applications to all members of a group without installing the applications locally on each and every host. To install such a server, start YaST and select Network Services > NFS Server; see Figure 28.2, “NFS Server Configuration Tool” (page 469). Figure 28.
click Help. In the lower half of the dialog, there are four options that can be set for each host: single host, netgroups, wildcards, and IP networks. For a more thorough explanation of these options, refer to the exports man page. Click Finish to complete the configuration. Figure 28.
After activating NFSv4, enter an appropriate domain name. Make sure the name is the same as the one in the /etc/idmapd.conf file of any NFSv4 client that accesses this particular server. This parameter is for the idmapd service that is required for NFSv4 support (on both server and client). Leave it as localdomain (the default) if you do not have special requirements. For more information, see the links in Section 28.7, “For More Information” (page 477). Click Next. The dialog that follows has two sections.
In the lower half of the dialog, enter the client (wild card) and export options for a particular directory. After adding a directory in the upper half, another dialog for entering the client and option information pops up automatically. After that, to add a new client (client set), click Add Host. In the small dialog that opens, enter the host wild card.
Figure 28.5 Exporting Directories with NFSv2 and v3 28.4.3 Coexisting v3 and v4 Exports Both, NFSv3 and NFSv4 exports can coexist on a server. After enabling the support for NFSv4 in the initial configuration dialog, those exports for which fsid=0 and bind=/target/path are not included in the option list are considered v3 exports. Consider the example in Figure 28.3, “Configuring an NFS Server with YaST” (page 470).
28.5 Exporting File Systems Manually The configuration files for the NFS export service are /etc/exports and /etc/ sysconfig/nfs. In addition to these files, /etc/idmapd.conf is needed for the NFSv4 server configuration. To start or restart the services, run the command rcnfsserver restart. This also starts the rpc.idmapd if NFSv4 is configured in /etc/sysconfig/nfs. The NFS server depends on a running RPC portmapper. Therefore, also start or restart the portmapper service with rcrpcbind restart. 28.5.
In the example above, /data is not within /export, so we export /export/data, and specify that the /data directory should be bound to that name. The directory /export/data must exist and should normally be empty. When clients mount from this server, they just mount servername:/ rather than servername:/export. It is not necessary to mount servername:/data, because it will automatically appear beneath wherever servername:/ was mounted. 28.5.1.
For further reference, read the man page of idmapd and idmapd.conf; man idmapd, man idmapd.conf. 28.5.1.4 Starting and Stopping Services After changing /etc/exports or /etc/sysconfig/nfs, start or restart the NFS server service with rcnfsserver restart. After changing /etc/idmapd .conf, reload the configuration file with the command killall -HUP rpc.idmapd. If the NFS service needs to start at boot time, run the command chkconfig nfsserver on. 28.5.
28.6 NFS with Kerberos To use Kerberos authentication for NFS, GSS security must be enabled. To do so, select Enable GSS Security in the initial YaST NFS Server dialog. You must have a working Kerberos server to use this feature. YaST does not set up the server but just uses the provided functionality.
29 Samba Using Samba, a Unix machine can be configured as a file and print server for Mac OS X, Windows, and OS/2 machines. Samba has developed into a fully-fledged and rather complex product. Configure Samba with YaST, SWAT (a Web interface), or by editing the configuration file manually. 29.1 Terminology The following are some terms used in Samba documentation and in the YaST module. SMB protocol Samba uses the SMB (server message block) protocol that is based on the NetBIOS services.
reserve names for themselves. After reservation, these machines can be addressed by name. There is no central process that checks names. Any machine on the network can reserve as many names as it wants as long as the names are not already in use. The NetBIOS interface can be implemented for different network architectures. An implementation that works relatively closely with network hardware is called NetBEUI, but this is often referred to as NetBIOS.
29.2 Installing a Samba Server To install a Samba server, start YaST and select Software > Software Management. Choose Filter > Patterns and select File Server. Confirm the installation of the required packages to finish the installation process. 29.3 Starting and Stopping Samba You can start or stop the Samba server automatically (during boot) or manually. Starting and stopping policy is a part of the YaST Samba server configuration described in Section 29.4.
The Samba Installation dialog consists of two steps and optional detailed settings: Workgroup or Domain Name Select an existing name from Workgroup or Domain Name or enter a new one and click Next. Samba Server Type In the next step, specify whether your server should act as CD (PDC) and click Next. Start-Up Select whether you want to start Samba During Boot or Manually and click OK. Then in the final pop-up box, set the Samba root Password.
Shares In the Shares tab, determine the Samba shares to activate. There are some predefined shares, like homes and printers. Use Toggle Status to switch between Active and Inactive. Click Add to add new shares and Delete to delete the selected share. Allow Users to Share Their Directories enables members of the group in Permitted Group to share directories they own with other users. For example, users for a local scope or DOMAIN\Users for a domain scope.
29.4.2 Web Administration with SWAT An alternative tool for Samba server administration is SWAT (Samba Web Administration Tool). It provides a simple Web interface with which to configure the Samba server. To use SWAT, open http://localhost:901 in a Web browser and log in as user root. If you do not have a special Samba root account, use the system root account. NOTE: Activating SWAT After Samba server installation, SWAT is not activated.
os level = 20 This parameter triggers whether your Samba server tries to become LMB (local master browser) for its workgroup. With the Samba 3 release series, it is seldom necessary to override the default setting (20). Choose a very low value such as 2 to spare the existing Windows network from any disturbances caused by a misconfigured Samba server.
Example 29.1 A CD-ROM Share (deactivated) ;[cdrom] ; comment = Linux CD-ROM ; path = /media/cdrom ; locking = No [cdrom] and comment The [cdrom] section entry is the name of the share that can be seen by all SMB clients on the network. An additional comment can be added to further describe the share. path = /media/cdrom path exports the directory /media/cdrom. By means of a very restrictive default configuration, this kind of share is only made available to the users present on this system.
valid users = %S %S is replaced with the concrete name of the share as soon as a connection has been successfully established. For a [homes] share, this is always the username. As a consequence, access rights to a user's share are restricted exclusively to that user. browseable = No This setting makes the share invisible in the network environment. read only = No By default, Samba prohibits write access to any exported share by means of the read only = Yes parameter.
Server Level Security (security = server) To its clients, Samba pretends to be working in user level mode. However, it passes all password queries to another user level mode server, which takes care of authentication. This setting requires the additional password server parameter. ADS Level Security (security = ADS) In this mode, Samba will act as a domain member in an Active Directory environment. To operate in this mode, the machine running Samba needs Kerberos installed and configured.
for Linux Authentication, the user authentication runs over the Samba, NT or Kerberos server. Click Expert Settings for advanced configuration options. For example, use the Mount Server Directories table to enable mounting server home directory automatically with authentication. This way users will be able to access their home directories when hosted on CIFS. For details, see the the pam_mount man page. After completing all settings, confirm the dialog to finish the configuration. 29.
add machine script = /usr/sbin/useradd -g nogroup -c "NT Machine Account" \ -s /bin/false %m\$ To make sure that Samba can execute this script correctly, choose a Samba user with the required administrator permissions and add it to the ntadmin group.
30 The Apache HTTP Server With a share of more than 50%, the Apache HTTP Server (Apache) is the world's most widely-used Web server according to the survey from http://www.netcraft .com/. Apache, developed by the Apache Software Foundation (http://www .apache.org/), is available for most operating systems. openSUSE® includes Apache version 2.2. In this chapter, learn how to install, configure and set up a Web server; how to use SSL, CGI, and additional modules; and how to troubleshoot Apache. 30.
3. The latest security updates are installed. If in doubt, run a YaST Online Update. 4. The default Web server port (80) is opened in the firewall. For this, configure the SUSEFirewall2 to allow the service HTTP Server in the external zone. This can be done using YaST. See Section “Configuring the Firewall with YaST” (Chapter 14, Masquerading and Firewalls, ↑Security Guide) for details. 30.1.2 Installation Apache on openSUSE is not installed by default.
The Web server starts immediately. 4 Save your changes with Finish. The system is configured to automatically start Apache in runlevels 3 and 5 during boot. For more information about the runlevels in openSUSE and a description of the YaST runlevel editor, refer to Section 17.2.3, “Configuring System Services (Runlevel) with YaST” (page 244). To manually start Apache using the shell, run rcapache2 start. Procedure 30.
IMPORTANT: Reload or Restart Apache After Configuration Changes Most configuration changes require a reload (some also a restart) of Apache to take effect. Manually reload Apache with rcapache2 reload or use one of the restart options as described in Section 30.3, “Starting and Stopping Apache” (page 508). If you configure Apache with YaST, this can be taken care of automatically if you set HTTP Service to Enabled as described in Section 30.2.3.2, “HTTP Server Configuration” (page 506). 30.2.
to as directives). Every configuration option in these files is extensively documented and therefore not mentioned here. The Apache configuration files are organized as follows: /etc/apache2/ | |- charset.conv |- conf.d/ | | | |- *.conf | |- default-server.conf |- errors.conf |- httpd.conf |- listen.conf |- magic |- mime.types |- mod_*.conf |- server-tuning.conf |- ssl.* |- ssl-global.conf |- sysconfig.d | | | |- global.conf | |- include.conf | |- loadmodule.conf . . | |- uid.conf |- vhosts.d | |- *.
errors.conf Defines how Apache responds to errors. To customize these messages for all virtual hosts, edit this file. Otherwise overwrite these directives in your virtual host configurations. httpd.conf The main Apache server configuration file. Avoid changing this file. It primarily contains include statements and global settings. Overwrite global settings in the pertinent configuration files listed here. Change host-specific settings (such as document root) in your virtual host configuration. listen.
sysconfig.d/*.conf Configuration files automatically generated from /etc/sysconfig/apache2. Do not change any of these files—edit /etc/sysconfig/apache2 instead. Do not put other configuration files in this directory. uid.conf Specifies under which user and group ID Apache runs. Do not change this file. vhosts.d/*.conf Your virtual host configuration should be here. The directory contains template files for virtual hosts with and without SSL. Every file in this directory ending with .
.d/. All files in this directory with the extension .conf are automatically included to the configuration. A basic template for a virtual host is provided in this directory (vhost.template or vhost-ssl.template for a virtual host with SSL support). TIP: Always Create a Virtual Host Configuration It is recommended to always create a virtual host configuration file, even if your Web server only hosts one domain.
The first argument can be a fully qualified domain name, but it is recommended to use the IP address. The second argument is the port and is optional. By default, port 80 is used and is configured via the Listen directive. The wild card * can be used for both the IP address and the port number to receive requests on all interfaces. IPv6 addresses must be enclosed in square brackets. Example 30.1 Variations of Name-Based VirtualHost Entries # NameVirtualHost IP-address[:Port] NameVirtualHost 192.168.3.
IP-Based Virtual Hosts This alternative virtual host configuration requires the setup of multiple IPs for a machine. One instance of Apache hosts several domains, each of which is assigned a different IP. The physical server must have one IP address for each IP-based virtual host. If the machine does not have multiple network cards, virtual network interfaces (IP aliasing) can also be used. The following example shows Apache running on a machine with the IP 192.168.3.
DocumentRoot Path to the directory from which Apache should serve files for this host. For security reasons, access to the entire file system is forbidden by default, so you must explicitly unlock this directory within a Directory container. ServerAdmin E-mail address of the server administrator. This address is, for example, shown on error pages Apache creates. ErrorLog The error log file for this virtual host.
30.2.3 Configuring Apache with YaST To configure your Web server with YaST, start YaST and select Network Services > HTTP Server. When starting the module for the first time, the HTTP Server Wizard starts, prompting you to make a few basic decisions concerning administration of the server. After having finished the wizard, the HTTP Server Configuration dialog starts each time you call the HTTP Server module. For more information, see Section 30.2.3.2, “HTTP Server Configuration” (page 506). 30.2.3.
Default Host This option pertains to the default Web server. As explained in Section 30.2.2.1, “Virtual Host Configuration” (page 497), Apache can serve multiple virtual hosts from a single physical machine. The first declared virtual host in the configuration file is commonly referred to as the default host. Each virtual host inherits the default host's configuration. To edit the host settings (also called directives), choose the appropriate entry in the table then click Edit.
Alias With the help of Alias directives, URLs can be mapped to physical file system locations. This means that a certain path even outside the Document Root in the file system can be accessed via a URL aliasing that path. The default openSUSE Alias /icons points to /usr/share/apache2/ icons for the Apache icons displayed in the directory index view. ScriptAlias Similar to the Alias directive, the ScriptAlias directive maps a URL to a file system location.
After finishing with the Default Host step, click Next to continue with the configuration. Virtual Hosts In this step, the wizard displays a list of already configured virtual hosts (see Section 30.2.2.1, “Virtual Host Configuration” (page 497)). If you have not made manual changes prior to starting the YaST HTTP wizard, no virtual host is present.
Figure 30.2 HTTP Server Wizard: Summary 30.2.3.2 HTTP Server Configuration The HTTP Server Configuration dialog also lets you make even more adjustments to the configuration than the wizard (which only runs if you configure your Web server for the first time). It consists of four tabs described in the following. No configuration option you change here is effective immediately—you always must confirm your changes with Finish to make them effective.
faces, click Firewall Details... to specify on which interface(s) the port(s) should be opened. With Log Files, watch either the access log or the error log. This is useful if you want to test your configuration. The log file opens in a separate window from which you can also restart or reload the Web server. For details, see Section 30.3, “Starting and Stopping Apache” (page 508). These commands are effective immediately and their log messages are also displayed immediately. Figure 30.
Figure 30.4 HTTP Server Configuration: Server Modules Main Host or Hosts These dialogs are identical to the ones already described. Refer to Section “Default Host” (page 503) and Section “Virtual Hosts” (page 505). 30.3 Starting and Stopping Apache If configured with YaST as described in Section 30.2.3, “Configuring Apache with YaST” (page 502), Apache is started at boot time in runlevels 3 and 5 and stopped in runlevels 0, 1, 2, and 6.
status Checks if Apache is started. start Starts Apache if it is not already running. startssl Starts Apache with SSL support if it is not already running. For more information about SSL support, refer to Section 30.6, “Setting Up a Secure Web Server with SSL” (page 521). stop Stops Apache by terminating the parent process. restart Stops and then restarts Apache. Starts the Web server if it was not running before. try-restart Stops then restarts Apache only if it is already running.
GracefulShutdownTimeout needs to be set, otherwise restart-graceful will result in a regular restart. If set to zero, the server will wait indefinitely until all remaining requests have been fully served. A graceful restart can fail if the original Apache instance is not able to clear all necessary resources. In this case, the command will result in a graceful stop.
30.4 Installing, Activating, and Configuring Modules The Apache software is built in a modular fashion: all functionality except some core tasks are handled by modules. This has progressed so far that even HTTP is processed by a module (http_core). Apache modules can be compiled into the Apache binary at build time or dynamically loaded at runtime. Refer to Section 30.4.2, “Activation and Deactivation” (page 512) for details of how to load modules dynamically.
the multiprocessing module Prefork MPM, and the external modules mod_php5 and mod_python. You can install additional external modules by starting YaST and choosing Software > Software Management. Now choose Filter > Search and search for apache. Among other packages, the results list contains all available external Apache modules. 30.4.2 Activation and Deactivation Activate or deactivate particular modules either manually or with YaST.
mod_actions Provides methods to execute a script whenever a certain MIME type (such as application/pdf), a file with a specific extension (like .rpm), or a certain request method (such as GET) is requested. This module is enabled by default. mod_alias Provides Alias and Redirect directives with which you can map a URL to a specific directory (Alias) or redirect a requested URL to another location. This module is enabled by default.
mod_dir mod_dir provides the DirectoryIndex directive with which you can configure which files are automatically delivered when a directory is requested (index .html by default). It also provides an automatic redirect to the correct URL when a directory request does not contain a trailing slash. This module is enabled by default. mod_env Controls the environment that is passed to CGI scripts or SSI pages. Environment variables can be set or unset or passed from the shell that invoked the httpd process.
mod_rewrite Provides the functionality of mod_alias, but offers more features and flexibility. With mod_rewrite, you can redirect URLs based on multiple rules, request headers, and more. mod_setenvif Sets environment variables based on details of the client's request, such as the browser string the client sends, or the client's IP address. This module is enabled by default. mod_speling mod_speling attempts to automatically correct typographical errors in URLs, such as capitalization errors.
• Section 30.4.4.2, “Worker MPM” (page 516) 30.4.4.1 Prefork MPM The prefork MPM implements a nonthreaded, preforking Web server. It makes the Web server behave similarly to Apache version 1.x. In this version it isolates each request and handles it by forking a separate child process. Thus problematic requests cannot affect others, avoiding a lockup of the Web server.
30.4.5 External Modules Find a list of all external modules shipped with openSUSE here. Find the module's documentation in the listed directory. mod-apparmor Adds support to Apache to provide Novell AppArmor confinement to individual CGI scripts handled by modules like mod_php5 and mod_perl. Package Name: apache2-mod_apparmor More Information: Part “Confining Privileges with Novell AppArmor” (↑Security Guide) mod_mono Using mod_mono allows you to run ASP.NET pages in your server.
Package Name: apache2-mod_python More Information: /usr/share/doc/packages/apache2-mod_python mod_tidy mod_tidy validates each outgoing HTML page by means of the TidyLib. In case of a validation error, a page with an error list is delivered. Otherwise the original HTML page is delivered. Package Name: apache2-mod_tidy Configuration File: /etc/apache2/mod_tidy.conf More Information: /usr/share/doc/packages/apache2-mod_tidy 30.4.
where -c compiles the module, -i installs it, and -a activates it. Other options of apxs2 are described in the apxs2(1) man page. 30.5 Getting CGI Scripts to Work Apache's Common Gateway Interface (CGI) lets you create dynamic content with programs or scripts usually referred to as CGI scripts. CGI scripts can be written in any programming language. Usually, script languages such as Perl or PHP are used. To enable Apache to deliver content created by CGI scripts, mod_cgi needs to be activated.
Example 30.5 VirtualHost CGI Configuration ScriptAlias /cgi-bin/ "/srv/www/www.example.com/cgi-bin/"❶ Options +ExecCGI❷ AddHandler cgi-script .cgi .pl❸ Order allow,deny❹ Allow from all ❶ Tells Apache to handle all files within this directory as CGI scripts. ❷ Enables CGI script execution ❸ Tells the server to treat files with the extensions .pl and .cgi as CGI scripts. Adjust according to your needs.
Now call http://localhost/cgi-bin/test.cgi or http://www.example.com/cgi-bin/test.cgi. You should see the “CGI/1.0 test script report”. 30.5.3 CGI Troubleshooting If you do not see the output of the test program but an error message instead, check the following: CGI Troubleshooting • Have you reloaded the server after having changed the configuration? Check with rcapache2 probe.
is established. Data integrity is ensured and client and server are able to authenticate each other. For this purpose, the server sends an SSL certificate that holds information proving the server's valid identity before any request to a URL is answered. In turn, this guarantees that the server is the uniquely correct end point for the communication.
TIP: For More Information To learn more about concepts and definitions of SSL/TSL, refer to http:// httpd.apache.org/docs/2.2/ssl/ssl_intro.html. 30.6.1.1 Creating a “Dummy” Certificate Generating a dummy certificate is simple. Just call the script /usr/bin/gensslcert. It creates or overwrites the files listed below. Make use of gensslcert's optional switches to fine-tune the certificate. Call /usr/bin/gensslcert -h for more information. • /etc/apache2/ssl.crt/ca.crt • /etc/apache2/ssl.crt/server.
/usr/sbin/ custom. Do not attempt to run this command from outside this directory. The program provides a series of prompts, some of which require user input. Procedure 30.4 Creating a Self-Signed Certificate with mkcert.sh 1 Decide the signature algorithm used for certificates Choose RSA (R, the default), because some older browsers have problems with DSA. 2 Generating RSA private key for CA (1024 bit) No interaction needed. 3 Generating X.
IMPORTANT: Selecting a Common Name The common name you enter here must be the fully qualified hostname of your secure server (for example, www.example.com). Otherwise the browser issues a warning that the certificate does not match the server when accessing the Web server. 7 Generating X.509 certificate signed by own CA Choose certificate version 3 (the default).
of known and trusted CAs in their Web browsers. Otherwise a browser complains that the certificate was issued by an unknown authority. The certificate is valid for one year. IMPORTANT: Self-Signed Certificates Only use a self-signed certificate on a Web server that is accessed by people who know and trust you as a certificate authority. It is not recommended to use such a certificate for a public shop, for example. 30.6.1.
30.6.2 Configuring Apache with SSL The default port for SSL and TLS requests on the Web server side is 443. There is no conflict between a “regular” Apache listening on port 80 and an SSL/TLS-enabled Apache listening on port 443. In fact, HTTP and HTTPS can be run with the same Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80 and port 443 to separate virtual servers.
IMPORTANT: Name-Based Virtual Hosts and SSL It is not possible to run multiple SSL-enabled virtual hosts on a server with only one IP address. Users connecting to such a setup receive a warning message stating that the certificate does not match the server name every time they visit the URL. A separate IP address or port is necessary for every SSL-enabled domain to achieve communication based on a valid SSL certificate. 30.
place files into them. These files might then be executed by Apache with the permissions of wwwrun, which may give the user unintended access to file system resources. Use subdirectories of /srv/www to place the DocumentRoot and CGI directories for your virtual hosts and make sure that directories and files belong to user and group root. 30.7.3 File System Access By default, access to the whole file system is denied in /etc/apache2/httpd .conf.
security settings. At least you should limit the user's engagement by using the directive AllowOverRide. In openSUSE, .htaccess files are enabled by default, but the user is not allowed to overwrite any Option directives when using mod_userdir (see the /etc/apache2/mod_userdir.conf configuration file). 30.8 Troubleshooting If Apache does not start, the Web page is not accessible, or users cannot connect to the Web server, it is important to find the cause of the problem.
the Apache user community can be reached via a mailing list available at http:// httpd.apache.org/userslist.html. A recommended newsgroup is comp .infosystems.www.servers.unix. 30.9 For More Information The package apache2-doc contains the complete Apache manual in various localizations for local installation and reference. It is not installed by default—the quickest way to install it is to use the command zypper in apache2-doc. Once installed, the Apache manual is available at http://localhost/manual/.
mod_php5 http://www.php.net/manual/en/install.unix.apache2.php mod_python http://www.modpython.org/ mod_tidy http://mod-tidy.sourceforge.net/ 30.9.3 Development More information about developing Apache modules or about getting involved in the Apache Web server project are available at the following locations: Apache Developer Information http://httpd.apache.org/dev/ Apache Developer Documentation http://httpd.apache.org/docs/2.2/developer/ Writing Apache Modules with Perl and C http://www.modperl.com/ 30.
Setting up an FTP server with YaST 31 Using the YaST FTP Server module, you can configure your machine to function as an FTP (File Transfer Protocol) server. Anonymous and/or authenticated users can connect to your machine and download files using the FTP protocol. Depending on the configuration, they can also upload files to the FTP server. YaST provides a unified configuration interface for various FTP server daemons installed on your system.
1 Open YaST Control Center and choose Network Services > FTP Server or run the yast2 ftp-server command as root. 2 If there is not any FTP server installed in your system, you will be asked which server to install when the YaST FTP Server module starts. Choose a server (vsftpd is the standard server for openSUSE) and confirm the dialog. 3 In the Start-Up dialog, configure the options for starting of the FTP server. For more information, see Section 31.1, “Starting the FTP server” (page 534).
The Selected Service frame of the FTP Start-Up dialog shows which FTP server is used: either vsftpd or pure-ftpd. If both servers are installed, you can switch between them—the current configuration will automatically be converted. The pure-ftpd package is not included in the standard openSUSE media so you have to install it from a different installation source if you want to use it. Figure 31.1 FTP Server Configuration — Start-Up 31.
and the file creation mask for authenticated users in Umask for Authenticated Users. The masks should be entered as octal numbers with a leading zero. For more information about umask, see the umask man page (man 1p umask). In the FTP Directories frame set the directories used for anonymous and authorized users. With Browse, you can select a directory to be used from the local filesystem. The default FTP directory for anonymous users is /srv/ftp.
If you want to allow users to upload files to the FTP server, check Enable Upload in the Uploading frame of the Authentication dialog. Here you are able to allow uploading or creating directories even for anonymous users by checking the respective box.
Part VI.
Mobile Computing with Linux 32 Mobile computing is mostly associated with laptops, PDAs and cellular phones (and the data exchange between them). Mobile hardware components, such as external hard disks, flash drives, or digital cameras, can be connected to laptops or desktop systems. A number of software components are involved in mobile computing scenarios and some applications are tailor-made for mobile use. 32.1 Laptops The hardware of laptops differs from that of a normal desktop system.
32.1.1 Power Conservation The inclusion of energy-optimized system components during laptop manufacturing contributes to their suitability for use without access to the electrical power grid. Their contribution towards conservation of power is at least as important as that of the operating system. openSUSE® supports various methods that influence the power consumption of a laptop and have varying effects on the operating time under battery power.
Figure 32.1 Integrating a Mobile Computer in an Existing Environment The services affected in the case of a laptop commuting back and forth between a small home network and an office network are: Network This includes IP address assignment, name resolution, Internet connectivity and connectivity to other networks. Printing A current database of available printers and an available print server must be present, depending on the network.
openSUSE offers several ways of integrating laptops into existing operating environments: NetworkManager NetworkManager is especially tailored for mobile networking on laptops. It provides a means to easily and automatically switch between network environments or different types of networks, such as wireless LAN and Ethernet. NetworkManager supports WEP and WPA-PSK encryption in wireless LANs. It also supports dialup connections (with smpppd).
32.1.3 Software Options There are various special task areas in mobile use that are covered by dedicated software: system monitoring (especially the battery charge), data synchronization, and wireless communication with peripherals and the Internet. The following sections cover the most important applications that openSUSE provides for each task. 32.1.3.
32.1.3.2 Synchronizing Data When switching between working on a mobile machine disconnected from the network and working at a networked workstation in an office, it is necessary to keep processed data synchronized across all instances. This could include e-mail folders, directories and individual files that need to be present for work on the road as well as at the office. The solution in both cases is as follows: Synchronizing E-Mail Use an IMAP account for storing your e-mails in the office network.
Bluetooth Bluetooth has the broadest application spectrum of all wireless technologies. It can be used for communication between computers (laptops) and PDAs or cellular phones, as can IrDA. It can also be used to connect various computers within range. Bluetooth is also used to connect wireless system components, like a keyboard or mouse. The range of this technology is, however, not sufficient to connect remote systems to a network.
IMPORTANT: Data Security and Suspend to Disk Encrypted partitions are not unmounted during a suspend to disk event. Thus, all data on these partitions is available to any party who manages to steal the hardware and issue a resume of the hard disk. Network Security Any transfer of data should be secured, no matter how the transfer is done. Find general security issues regarding Linux and networks in Chapter 1, Security and Confidentiality (↑Security Guide).
the URL camera:/ . The images can then be processed using digiKam or f-spot. For advanced photo processing, use GIMP. 32.3 Cellular Phones and PDAs A desktop system or a laptop can communicate with a cellular phone via Bluetooth or IrDA. Some models support both protocols and some only one of the two. The usage areas for the two protocols and the corresponding extended documentation has already been mentioned in Section 32.1.3.3, “Wireless Communication” (page 546).
German. Use http://lists.opensuse.org/opensuse-mobile/ for English postings. Information about OpenSync is available on http://en.opensuse.org/ OpenSync.
33 Power Management Power management is especially important on laptop computers, but is also useful on other systems. ACPI (Advanced Configuration and Power Interface) is available on all modern computers (laptops, desktops, and servers). Power management technologies require suitable hardware and BIOS routines. Most laptops and many modern desktops and servers meet these requirements. It is also possible to control CPU frequency scaling to save power or decrease noise. 33.
Hibernation (suspend to disk) In this operating mode, the entire system state is written to the hard disk and the system is powered off. There must be a swap partition at least as big as the RAM to write all the active data. Reactivation from this state takes about 30 to 90 seconds. The state prior to the suspend is restored. Some manufacturers offer useful hybrid variants of this mode, such as RediSafe in IBM Thinkpads. The corresponding ACPI state is S4.
.msg. See Section 33.2.3, “Troubleshooting” (page 556) for more information about troubleshooting ACPI problems. 33.2.1 Controlling the CPU Performance The CPU can save energy in three ways: • Frequency and Voltage Scaling (page 553) • Throttling the Clock Frequency (T-states) (page 555) • Putting the Processor to Sleep (C-states) (page 555) Depending on the operating mode of the computer, these methods can be combined.
There are two main approaches to performing CPU frequency scaling—by the kernel itself (CPUfreq infrastructure with in-kernel governors) or by a userspace application. The in-kernel governors are policy governors that can change the CPU frequency based on different criteria (a sort of pre-configured power schemes for the CPU). The following governors are available with the CPUfreq subsystem: Performance Governor The CPU frequency is statically set to the highest possible for maximum performance.
33.2.1.2 Throttling the Clock Frequency (T-states) This technology omits a certain percentage of the clock signal impulses for the CPU. At 25% throttling, every fourth impulse is omitted. At 87.5%, only every eighth impulse reaches the processor. However, the energy savings are a little less than linear. Normally, throttling is only used if frequency scaling is not available or to maximize power savings. This technology must be controlled by a special process, as well.
essary high power consumption (for example, processes that are mainly responsible for waking up a processor from its idle state) and to optimize your system settings to avoid these. It supports both Intel and AMD processors. For detailed information, refer to the powerTOP project page at http://www.lesswatts.org/projects/ powertop/.
WARNING: Problems Booting without ACPI Some newer machines (especially SMP systems and AMD64 systems) need ACPI for configuring the hardware correctly. On these machines, disabling ACPI can cause problems. Sometimes, the machine is confused by hardware that is attached over USB or FireWire. If a machine refuses to boot, unplug all unneeded hardware and try again.
33.3 Rest for the Hard Disk In Linux, the hard disk can be put to sleep entirely if it is not needed or it can be run in a more economic or quieter mode. On modern laptops, you do not need to switch off the hard disks manually, because they automatically enter an economic operating mode whenever they are not needed. However, if you want to maximize power savings, test some of the following methods, using the hdparm command. It can be used to modify various hard disk settings.
/proc/sys/vm/dirty_background_ratio Maximum percentage of dirty pages until pdflush begins to write them. Default is 5%. /proc/sys/vm/dirty_ratio When the dirty page exceeds this percentage of the total memory, processes are forced to write dirty buffers during their time slice instead of continuing to write. WARNING: Impairment of the Data Integrity Changes to the pdflush daemon settings endanger the data integrity.
33.4.1 ACPI Activated with Hardware Support but Functions Do Not Work If you experience problems with ACPI, search the output of dmesg for ACPI-specific messages by using the command dmesg|grep -i acpi. A BIOS update may be required to resolve the problem. Go to the home page of your laptop manufacturer, look for an updated BIOS version, and install it. Ask the manufacturer to comply with the latest ACPI specification.
33.4.2 CPU Frequency Does Not Work Refer to the kernel sources to see if your processor is supported. You may need a special kernel module or module option to activate CPU frequency control. If the kernel-source package is installed, this information is available in /usr/src/ linux/Documentation/cpu-freq/*. 33.4.3 Suspend and Standby Do Not Work ACPI systems may have problems with suspend and standby due to a faulty DSDT implementation (BIOS). If this is the case, update the BIOS.
• http://wiki.opensuse.org/SDB:Suspend_to_RAM—How to get Suspend to RAM working • http://old-en.opensuse.
34 Wireless LAN Wireless LANs, or Wireless Local Area Network (WLANs), have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. This chapter describes how to set up a WLAN card with YaST, encrypt transmissions, and use tips and tricks. Alternatively, you can configure and manage WLAN access with NetworkManager. For details, refer to Chapter 35, Using NetworkManager (page 581). 34.1 WLAN Standards WLAN cards communicate using the 802.
Name Band (GHz) Maximum Transmission Rate (Mbit/s) Note 802.11b 2.4 11 Less common 802.11g 2.4 54 Widespread, backwardscompatible with 11b 802.11n 2.4 and/or 5 300 Common 802.11 Legacy cards are not supported by openSUSE®. Most cards using 802.11a, 802.11b, 802.11g and 802.11n are supported. New cards usually comply with the 802.11n standard, but cards using 802.11g are still available. 34.
Master Mode In master mode your network card is used as the access point. It works only if your WLAN card supports this mode. Find out the details of your WLAN card on http://linux-wless.passys.nl. 34.3 Authentication Because a wireless network is much easier to intercept and compromise than a wired network, the various standards include authentication and encryption methods. In the original version of the IEEE 802.11 standard, these are described under the term WEP (Wired Equivalent Privacy).
WPA-PSK (or WPA-Personal, according to IEEE 802.1x) WPA-PSK (PSK stands for preshared key) works similarly to the Shared Key procedure. All participating stations as well as the access point need the same key. The key is 256 bits in length and is usually entered as a passphrase. This system does not need a complex key management like WPA-EAP and is more suitable for private use. Therefore, WPA-PSK is sometimes referred to as WPA “Home”. WPA-EAP (or WPA-Enterprise, according to IEEE 802.
However, this standard has some weaknesses. Attacks against the keys generated by this system may be successful. Nevertheless, it is better to use WEP than to not encrypt the network at all. Some vendors have implemented the non-standard “Dynamic WEP”. It works exactly as WEP and shares the same weaknesses, except that the key is periodically changed by a key management service. TKIP (defined in WPA/IEEE 802.
IP Address Use either a static IP address or let a DHCP server dynamically assign an IP address to the interface. Operating Mode Defines how to integrate your machine into a WLAN, depending on the network topology. For background information, refer to Section 34.2, “Operating Modes” (page 564). Network Name (ESSID) Unique string identifying a network.
34.5.2 Configuration for Access Points In this section, learn how to configure your WLAN card to connect to an (external) access point or how to use your WLAN card as access point (if supported by your WLAN card) . For configuration of networks without an access point, refer to Section 34.5.3, “Establishing an Ad-Hoc Network” (page 573). Procedure 34.1 Configuring Your WLAN Card for Using an Access Point 1 Start YaST and open the Network Settings dialog.
NOTE: WPA Authentication Requires an ESSID If you select WPA authentication, a network name (ESSID) must be set. 8 Select an Authentication Mode for your network. Which mode is suitable, depends on your WLAN card's driver and the ability of the other devices in the network. 9 If you have chosen to set the Authentication Mode to No Encryption, finish the configuration by clicking Next.
For WEP, usually only key is needed—however, up to 4 different WEP keys can be defined for your station. One of them needs to be set as the default key and is used for encryption. The others are used for decryption. Per default, a key length of 128-bit is used, but you can also choose to set the length to 64-bit. For higher security, WPA-EAP uses a RADIUS server to authenticate users. For authentication at the server, three different methods are available: TLS, TTLS and PEAP.
2 To enter a key for WPA-PSK: 2a Select the input method Passphrase or Hexadecimal. 2b Enter the respective Encryption Key. In the Passphrase mode, the input must be 8 to 63 characters. In the Hexadecimal mode, enter 64 characters. 3 If you have chosen WPA-EAP authentication, click Next to switch to the WPA-EAP dialog, where to enter the credentials and certificates you have been given by your network administrator. 3a Select the EAP Mode the RADIUS server uses for authentication.
34.5.3 Establishing an Ad-Hoc Network In some cases it is useful to connect two computers equipped with a WLAN card. To establish an ad-hoc network with YaST, do the following: 1 Start YaST and open the Network Settings dialog. 2 Switch to the Overview tab, choose your wireless card from the list and click Edit to open the Network Card Setup dialog. 3 Choose Statically assigned IP Address and enter the following data: • IP Address: 192.168.1.1. Change this address on the second computer to 192.168.1.
10 Configure the other WLAN cards in the network accordingly, using the same Network Name (ESSID), the same Authentication Mode but different IP addresses. 34.5.4 Setting Additional Configuration Parameters Usually there is no need to change the preconfigured settings when configuring your WLAN card. However, if you need detailed configuration of your WLAN connection, YaST allows you to tweak the following settings: Channel The specification of a channel on which the WLAN station should work.
4 Click Expert Settings. 5 In Ad-hoc mode, select one of the offered channels (11 to 14, depending on your country) for the communication of your station with the other stations. In Master mode, determine on which Channel your card should offer access point functionality. The default setting for this option is Auto. 6 Select the Bit Rate to use. 7 Enter the MAC address of the Access Point you want to connect to. 8 Choose if to Use Power Management or not.
34.6.2 Stability and Speed The performance and reliability of a wireless network mainly depend on whether the participating stations receive a clear signal from the other stations. Obstructions like walls greatly weaken the signal. The more the signal strength sinks, the more the transmission slows down. During operation, check the signal strength with the iwconfig utility on the command line (Link Quality field) or with the NetworkManager applets provided by KDE or GNOME.
Use strong passwords for your authentication method. For example, the Web page https://www.grc.com/passwords.htm generates random 64 character passwords. 34.7 Troubleshooting If your WLAN card is not automatically detected, check whether it is supported by openSUSE. A list of supported WLAN network cards is available under http://en .opensuse.org/HCL:Network_(Wireless). If your card is not supported, it may be possible to make it work using the Microsoft Windows drivers with Ndiswrapper.
You can also get the previous information with the iwlist command. For example, the following line displays the current bit rate: iwlist wlan0 rate wlan0 unknown bit-rate information. Current Bit Rate=54 Mb/s If you want an overview how many access points are available, it can also be done with the iwlist command. It gives you a list of “cells” which looks like this: iwlist wlan0 scanning wlan0 Scan completed: Cell 01 - Address: 00:11:22:33:44:55 Channel:40 Frequency:5.
34.8 For More Information More information can be found on the following pages: http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ Wireless.html The Internet pages of Jean Tourrilhes, who developed the Wireless Tools for Linux, present a wealth of useful information about wireless networks. tuxmobil.org Useful hands-on information about mobile computers under Linux. http://www.linux-on-laptops.com More information about Linux on laptops. http://en.opensuse.
35 Using NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. It supports state-of-the-art encryption types and standards for network connections, including connections to 802.1X protected networks. 802.1X is the “IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control”. With NetworkManager, you do not need to worry about configuring network interfaces and switching between wired or wireless networks when you are moving.
35.2 Enabling NetworkManager On laptop computers, NetworkManager is enabled by default. However, it can be at any time enabled or disabled in the YaST Network Settings module. 1 Run YaST and go to Network Devices > Network Settings. 2 The Network Settings dialog opens. Go to the Global Options tab. 3 To configure and manage your network connections with NetworkManager, select User Controlled with NetworkManager. 4 Click OK.
of network connections, such as wired, wireless, mobile broadband, DSL, and VPN connections. On each tab, you can add, edit or delete connections of that type. In the KDE configuration dialog, the appropriate tabs are only active if the connection type is available on your system (depending on hardware and software). By default, KNetworkManager also displays comprehensive tooltips for the input fields and options available on each tab.
Figure 35.2 KDE Network Configuration Dialog Alternatively, you can also start the configuration dialogs from the NetworkManager applet in the system tray. In KDE, left-click the icon and select Manage Connections. In GNOME, right-click the icon and select Edit Connections. NOTE: Availability of Options Depending on your system set-up, you may not be allowed to configure connections. In a secured environment, some options might be locked or require root permission.
NOTE: Hidden Networks To connect to a “hidden” network (a network that does not broadcast its service) you have to know the Service Set Identifier or Extended Service Set Identifier (SSID or ESSID) of the network because it cannot be detected automatically. 1 To add a new connection or edit an existing one, click the tab for the connection type you want to use and click Add or choose an existing connection and click Edit. 2 Enter a Connection Name and your connection details.
Figure 35.3 KNetworkManager—Configured and Available Connections 35.4 Using KNetworkManager The KDE front-end for NetworkManager is the NetworkManager plasmoid. If the network has been set up for NetworkManager control, the plasmoid usually starts automatically with the desktop environment and is shown as an icon in the system tray. If your system tray does not show any network connection icon, the plasmoid is probably not started. Click on the Panel Tool Box and choose Add Widgets.
window, while interfaces show up in the left half. The connection and interface currently being used is marked with a blue globe. 2 Click on Networking Interface listed in the right half of the plasmoid window to get detailed information and statistics for that interface. Switch back to the interface overview by clicking on the blue arrow icon. 3 To disconnect an active connection, click on the red icon for the Networking Interface in the right half of the plasmoid window.
4 NetworkManager automatically connects to the configured network. Procedure 35.3 Managing Active Wireless Connections 1 Click on WLAN Interface listed in the right half of the plasmoid window to get detailed information and statistics for that interface. Switch back to the interface overview by clicking on the blue arrow icon. 2 To disconnect an active connection, click on the red icon for the WLAN Interface. 3 To completely disable wireless networking, uncheck Enable Wireless.
IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose between various WEP and WPA–based encryptions. If you are not sure which technology is best for you, read Section 34.3, “Authentication” (page 565).
3 To disconnect an active connection, left-click the applet and choose its Disconnect entry. 4 If you want to use a different configuration with the wired network, right-click the applet, choose Edit Connections and add another wired connection as described in Procedure 35.1, “Adding or Editing Connections” (page 584). Click the NetworkManager icon and select the newly configured connection to activate it.
A wireless network that has been chosen explicitly will remain connected as long as possible. If a network cable is plugged in during that time, any connections that have been set to Connect Automatically will be connected, while the wireless connection remains up. 35.5.3 Configuring Your Wireless Card as an Access Point If your wireless card supports access point mode, you can use NetworkManager for configuration.
IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Wireless Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption. You can choose between various WEP and WPA–based encryptions. If you are not sure which technology is best for you, read Section 34.3, “Authentication” (page 565). 35.
• NetworkManager-vpnc-kde4 or NetworkManager-vpnc-gnome. PPTP (Point-to-Point Tunneling Protocol) To use this VPN technology, install • NetworkManager-pptp and • NetworkManager-pptp-kde4 or NetworkManager-pptp-gnome. After you have installed the packages, configure your VPN connection as described in Section 35.3, “Configuring Network Connections” (page 582). 35.7 NetworkManager and Security NetworkManager distinguishes two types of wireless connections, trusted and untrusted.
available right after NetworkManager is started—before any users log in. In case of system connections, all credentials must be provided at the time the connection is created. Such system connections can be used to automatically connect to networks that require authorization. For information how to configure user or system connections with NetworkManager, refer to Section 35.3, “Configuring Network Connections” (page 582).
35.8 Frequently Asked Questions In the following, find some frequently asked questions about configuring special network options with NetworkManager. How to tie a connection to a specific device? By default, connections in NetworkManager are device type-specific: they apply to all physical devices with the same type. If more than one physical device per connection type is available (for example, your machine is equipped with two ethernet cards), you can tie a connection to a certain device.
1. Start the dialog for configuring network connections as described in Section 35.3, “Configuring Network Connections” (page 582). Choose the connection you want to modify and click Edit. If you are using GNOME, switch to the IPv4 Settings tab and from the Method drop-down list, choose Shared to other computers. If you are using KDE, switch to the IP Address tab and from the Method drop-down list, choose Shared. That will enable IP traffic forwarding and run a DHCP server on the device.
NetworkManager Desktop Applet Does Not Start The GNOME and KDE NetworkManager applets start automatically if the network is set up for NetworkManager control. If the applet does not start, check if NetworkManager is enabled in YaST as described in Section 35.2, “Enabling NetworkManager” (page 582). Then make sure that the appropriate package for your desktop environment is also installed. If you are using KDE 4, the package is plasmoid-networkmanagement. For GNOME users the package is NetworkManager-gnome.
Package Documentation Also check out the information in the following directories for the latest information about NetworkManager and the GNOME and KDE NetworkManager applets: • /usr/share/doc/packages/NetworkManager/, • /usr/share/doc/packages/NetworkManager-gnome/.
36 Using Tablet PCs openSUSE® comes with support for Tablet PCs. In the following, learn how to install and configure your Tablet PC and discover some useful Linux* applications which accept input from digital pens. The following Tablet PCs are supported: • Tablet PCs with serial and USB Wacom tablet (pen based), touch-screen or multitouch devices. • Tablet PCs with FinePoint devices, such as Gateway C210X/M280E/CX2724 or HP Compaq TC1000.
• Using gesture recognition in applications of the X Window System • Drawing with GIMP • Taking notes or sketching with applications like Jarnal or Xournal or editing larger amounts of text with Dasher 36.
36.2 Configuring Your Tablet Device During installation, your tablet or touch device is configured by default. If you have trouble with the configuration of your Wacom device, you use xsetwacom on the command line to change the settings. 36.3 Using the Virtual Keyboard To log in to the KDE or GNOME desktop or to unlock the screen, you can either enter your username and password as usual or via the virtual keyboard (xvkbd) displayed below the login field.
Start KRandRTray or gnome-display-properties from the main menu, or enter krandrtray or gnome-display-properties to start the applet from a shell. After you have started the applet, the applet icon is usually added to your system tray. If the gnome-display-properties icon does not automatically appear in the system tray, make sure Show Displays in Panel is activated in the Monitor Resolution Settings dialog. To rotate your display with KRandRTray, right-click the icon and select Configure Display.
2 Enter the gesture you would like to use for a character into the respective character's cell. With the first input, the background changes its color to white, whereas the character itself is shown in light gray. Repeat the gesture multiple times until the character changes its color to black. Untrained characters are shown on a light gray or brown background (depending on the desktop's color scheme). 3 Repeat this step until you have trained CellWriter for all characters you need.
36.5.2 Using Xstroke With xstroke, you can use gestures with your pen or other pointing devices as input for applications on the X Window System. The xstroke alphabet is a unistroke alphabet that resembles the Graffiti* alphabet. When activated, xstroke sends the input to the currently focused window. 1 Start xstroke from the main menu or with xstroke from a shell. This adds a pencil icon to your system tray.
36.6 Taking Notes and Sketching with the Pen To create drawings with the pen, you can use a professional graphics editor like GIMP or try one of the note-taking applications, Xournal or Jarnal. With both Xournal and Jarnal, you can take notes, create drawings or comment PDF files with the pen. As a Java-based application available for several platforms, Jarnal also offers basic collaboration features. For more information, refer to http://www.dklevine.com/ general/software/tc1000/jarnal-net.htm.
of text using only the pen (or other input devices—it can even be driven with an eye tracker). Start Dasher from the main menu or with dasher from a shell. Move your pen in one direction and the application starts to zoom into the letters on the right side. From the letters passing the cross hairs in the middle, the text is created or predicted and is printed to the upper part of the window. To stop or start writing, click the display once with the pen. Modify the zooming speed at the bottom of the window.
Orientation of the Wacom Graphics Tablets Does Not Change With the xrandr command, you can change the orientation of your display from within a shell. Enter xrandr --help to view the options available.
36.8 For More Information Some of the applications mentioned here do not offer integrated online help, but you can find some useful information about usage and configuration in your installed system in /usr/share/doc/package/packagename or on the Web: • For the Xournal manual, refer to http://xournal.sourceforge.net/ manual.html • The Jarnal documentation is located at http://www.dklevine.com/general/ software/tc1000/jarnal.htm#documentation • Find the xstroke man page at http://davesource.
Copying and Sharing Files 37 If using multiple operating systems (OS) simultaneously, it is often necessary to exchange files among them. Different systems may reside on different partitions on the same machine or on different machines across your network. There are various approaches to file exchange with different basic instructions and possible pitfalls.
on the server, not locally on the client. File servers typically serve a large number of clients simultaneously. 37.1 Scenarios The following list provides a number of possible scenarios involving file transfer: Different OS on the Same Computer Many users have an operating system preinstalled by their vendor and run Linux in a separate partition. Refer to Section 37.4, “Accessing Files on Different OS on the Same Computer” (page 614) for more information.
37.2 Access Methods The following methods and protocols are well-suited to file transfer and sharing. FTP Use FTP (File Transfer Protocol) if you need to exchange files very often and with different users. Set up an FTP server on one system and access it with clients. There are many graphical client applications available for FTP on Windows*, MacOS, and Linux. Depending on how your FTP server is used, enable read and write permissions. See Section 37.5.
CSync CSync is an alternative to Unison. Just like Unison it synchronizes files bidirectionally. However, its architecture is modular so it can be extended with plug-ins. See http://www.csync.org for more details. SMB Samba is a client/server system and an implementation of the SMB protocol. It is usually used in Windows networks, but is supported by several operating systems. Refer to Chapter 29, Samba (page 479) for more information about Samba.
• An established connection. • The SSH daemon running on both machines. To start the service, run the command rcsshd start as root. Proceed as follows: Procedure 37.1 GNOME 1 Start Nautilus. 2 Click on File > Connect to Server. 3 Set the Service Type to ssh. 4 Enter the IP address and port of the remote computer (default is 22). 5 Specify the folder you want to open on the remote Computer. 6 Click Connect. Procedure 37.2 KDE 1 Start Dolphin. 2 Click on Network, Add Network.
37.4 Accessing Files on Different OS on the Same Computer New computers generally ship with a preinstalled operating system, usually Windows. If you have installed Linux on a different partition, you might want to exchange files between the different operating systems. Windows cannot read Linux partitions by default. If you want to exchange files between these two operating systems, you have to create an “exchange partition”. For a more direct approach, see http://www.fs-driver.
Command Line Just list the contents of /windows to see one or more directories containing your Windows drives. The directory /windows/c maps to the Windows C:\ drive, for example. NOTE: Changing the Accessibility of Windows Partitions Initially, Windows partitions are mounted read-only for normal users to avoid accidental damage to the file system. To grant normal users full access to a mounted Windows partition, change the mount behavior of this Windows partition.
User tux 37.5.1 Copying Files with SSH The following requirements must be met on both computers that are accessed via SSH: 1. If you use a hostname, make sure each hostname is listed in /etc/hosts on both computers (see Section 23.6.1.6, “/etc/hosts” (page 403).) If you use SSH with IP addresses, you do not need to change anything. 2. If you use a firewall, open the SSH port. To do so, start YaST, and select Security and Users > Firewall.
4 Drag and drop the desired files or directories to your desktop or a local directory. KDE provides another protocol called fish that can be used if sftp is not available. The use of this protocol is similar to sftp. Just replace the sftp protocol prefix of the URL with fish: fish://tux@jupiter.example.com 37.5.2 Transferring Files with rsync rsync is useful for archiving or copying data and can also be used as a daemon to provide directories to the network (see Procedure 37.
37.5.2.2 rsync Daemon Mode Start the rsyncd daemon on one of your systems to make use of the full functionality of rsync. In this mode, it is possible to create synchronization points (modules) that can be accessed without an account. To use the rsyncd daemon, proceed as follows: Procedure 37.3 Advanced Setup for rsync Synchronization 1 Log in as root and install the rsync package. 2 Configure your synchronization points in /etc/rsyncd.conf.
1. The package unison is installed. 2. Enough disk space is available on your local and remote computer. 3. If you want to benefit from Unison's full potential, make sure that Unison is also installed and running on the remote computer. In case you need help, run Unison with the -doc topics option to get a full list of available sections.
formed the synchronization now. A question mark indicates a conflict (both files have been changed and Unison cannot decide which one to overwrite). Figure 37.1 File Synchronization Proposal 5 To modify the proposals Unison shows for each file (for example, if you want to change the direction), select the file and click Right to Left or Left to Right. With Skip, exclude a file from synchronization. The symbol in the Action column changes accordingly. 6 To start the synchronization, click Go.
local <---- jupiter new file dir [f] 3 Press F if you want to follow Unison's recommendation. For other commands, press ?. 4 Proceed with y, if you want to propagate your updates. 37.5.4 Copying Files with FTP Before configuring your FTP server, make sure that the following requirements are met: 1. The package vsftp is installed. 2. You have root access to your FTP server. 3. Enough disk space is available on your computer.
2 Replace the configuration files according to the preferred scenario (refer to the manual page of vsftpd.
PuTTY PuTTY is a suite of different command line tools for working with an SSH daemon. Download it from http://www.chiark.greenend.org.uk/~sgtatham/ putty.html. WinSCP WinSCP is very similar to PuTTY, but includes a graphical user interface. Choose from an Explorer or Norton Commander style. Download it from http://winscp .net. To copy a file from Windows to Linux with PuTTY, proceed as follows (on the Windows machine): 1 Start PSCP. 2 Enter the hostname of your SSH server.
37.7 Sharing Files between Linux Computers The following sections feature various methods for sharing data. Use one of these if you are looking for a permanent solution for data sharing. 37.7.
3b Set the export options to: rw,root_squash,async 3c Repeat these steps, if you need to export more than one directory. 4 Apply your settings and leave YaST. Your NFS server is ready to use. To manually start the NFS server, enter rcnfsserver start as root. To stop the server, enter rcnfsserver stop. By default, YaST takes care of starting this service at boot time. To configure the client, proceed as follows: 1 Prepare the NFS client: 1a Start YaST as root. 1b Select Network Services > NFS Client.
3 Apply your settings and leave YaST. Your NFS client is ready to use. To start the NFS client manually, enter rcnfs start. NOTE: Consistent User Names If your home network is used by just a small number of users, set up identical users manually on all machines. If, however, you need a larger consistent user base across a larger home network, consider using NIS or LDAP to manage user data.
37.7.2.2 Accessing Shares from the Command Line If you prefer using the command line, use the smbclient command. To log in to your Samba server, run: smbclient //jupiter/share -U tux Omit the -U option if you are the current user tux. After logging in successfully, use some basic commands like ls (list contents), mkdir (create directory), get (download file), and put (upload file). Use help to display all commands. Refer to the manual page of smbclient for more information. 37.
Procedure 37.4 Setting Up a Samba Server To set up a Samba server, do the following: 1 Prepare the Samba server: 1a Start YaST as root. 1b Install the samba package. 1c Create a directory (for example, /srv/share). 2 Create the server configuration: 2a Select Network Services > Samba Server. 2b Select one of the workgroups or enter a new one (for example, Penguin). 2c Check Primary Domain Controller (PDC) 2d Select During Boot if the Samba service should be started every time your computer boots.
4 Provide a password for all users that are allowed to use this service: smbpasswd -a tux For easier configuration, just hit Enter to leave the password empty. Take into account that the usernames on your Windows and Linux computers are probably different. Configuring a consistent user base for both Windows and Linux is beyond the scope of this document.
37.9 For More Information • http://en.wikipedia.org/wiki/VFAT • http://en.wikipedia.org/wiki/NTFS • http://en.wikipedia.org/wiki/Fstab • http://en.wikipedia.org/wiki/Network_File_System • http://en.wikipedia.org/wiki/File_Transfer_Protocol • http://en.wikipedia.org/wiki/SSH • http://en.wikipedia.org/wiki/Rsync • http://en.wikipedia.
An Example Network This example network is used across all network-related chapters of the openSUSE® documentation.
GNU Licenses This appendix contains the GNU General Public License version 2 and the GNU Free Documentation License version 1.2. GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions.
This program is modify it under as published by of the License, free software; you can redistribute it and/or the terms of the GNU General Public License the Free Software Foundation; either version 2 or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the “with...Texts.