Shared sessions
Terminal sessions shared by more than one concurrent user can be very useful. On a few occasions, I was asked to remotely tune machines (such as sound card drivers or XFree86 support), and the other party wanted to keep a complete track of my actions (for educational and controlling purposes).
It is possible to achieve that effect by using either screen or ttysnoop.
screen
Using screen to make shared sessions is very easy, but it requires both parties to cooperate (so you must trust the other end) and involves shared account passwords (which is a bad thing if it becomes your habit).
All one must do is to login as say, 'username1' (ssh -l username1 localhost) and run 'screen', then wait for the other party to log on to the system (under the same username, of course) and run 'screen -x'.
(This tip was provided by electr0n@OPN).
ttysnoopttysnoop is a trivial but very convenient tool that can be used to share, monitor or control user terminals. Enabling ttysnoop on your machine is dangerous; it could violate your security policy or leave the system in an unusable state if not done properly.
The ttysnoop itself doesn't need any special setup (except the /etc/snooptab file maybe) if both parties cooperate (one starts the ttysnoops server, and the other starts the ttysnoop client). However, installing it so that the ttysnoops gets started during the login does require a few changes in the system configuration files.
We will show here how to replace the system's login binary with ttysnoops and how to enable it for ssh connections. The procedure is delicate, as we said already, so we will comment each line you are about to execute in your shell.
Caution
The /bin/login file, an important part of every Unix system, will get modified. This means that all applications which use /bin/login will be affected; in other words, it would become possible for users who posess the root password to completely monitor and control those character data streams (with the root password they could do it anyway, but not *so* easily). You shouldn't notice any visual changes, but please understand that the ttysnoop server will hook itself between the login program and the user (/dev/ttyp*). If you want specific services not to use the snooped /bin/login, instruct them to use /bin/login.real as the login program (that's exactly what we will do with the system getty).
# dpkg-divert --divert /bin/login.real --add /bin/login
# mv /bin/login /bin/login.real
# echo "* socket login /bin/login.real" > /etc/snooptab
# cp /etc/inittab /etc/inittab.valid
# perl -p -i,orig -e 's#getty#getty -l /bin/login.real#g' /etc/inittab
# ln -sf /usr/sbin/ttysnoops /bin/login
# init q
# echo "UseLogin yes" >> /etc/ssh/sshd_config
# /etc/init.d/ssh restart
We already described the dpkg-divert command above. It "diverts" the file /bin/login to /bin/login.real, meaning that new packages which contain /bin/login file will unpack it to a different location, /bin/login.real. To undo this step, use dpkg-divert --remove /bin/login.
Move /bin/login to /bin/login.real. The system login will be corrupted till step 6, when we re-create the /bin/login file. To undo this step, use mv /bin/login.real /bin/login.
Create the /etc/snooptab file, which contains a single rule "* socket login /bin/login.real". See man ttysnoop(8) for details.
Create a copy of the /etc/inittab file in /etc/inittab.valid. This is important; if anything bad happens to /etc/inittab you could end up with an unusable system, so having a valid copy lying around is encouraged (also leave one shell opened, so that you can put the valid file back in place even if you break system login).
Using Perl, edit the file /etc/inittab in-place, and replace every occurence of 'getty' with 'getty -l /bin/login.real'. The copy of the original file is saved in /etc/inittab,orig. *Never* run this command twice before putting the ,orig file back first (or you'll end up with something like 'getty -l /bin/login.real -l /bin/login.real'). In case of trouble, copy the .valid file from the previous step onto /etc/inittab. Also, note that we use 'getty -l' (where -l is smallcaps -L, not the number -1).
We re-create the /bin/login, making it a symbolic link to /usr/sbin/ttysnoops, the ttysnoop server.
Reload the init process, which re-reads the /etc/inittab file. If you made a mistake in some of the previous steps, your local consoles probably won't work anymore; that's why we suggested to leave one shell open and have a copy of the original /etc/inittab. If you decide to put the old inittab back, don't forget to move the login.real file back too and remove the divert.
We append 'UseLogin yes' to the end of the sshd configuration file.
We restart the sshd daemon.
Warning
Enabling ttysnoop on your machine is dangerous; it could violate your security policy or leave the system in an unusable state if not done properly. For example, if you loose the ability to start X as a regular system user, chances are you did not make getty use the original login program so either fix that, or run dpkg-reconfigure xserver-common and allow anyone to run X server (a bad thing to do).
You can test the setup locally (but the same idea applies to remote logins, of course):
ssh to your localhost (execute: ssh 127.0.0.1 or ssh 0, which works on Linux only)
switch to another virtual console (or X terminal) and login as root. Find out the correct tty device (ttyp*) for our snoop target:
# w | grep ttyp
myuser ttyp0 - 4:20am 3.00s 0.05s 0.02s -bash
invoke the ttysnoop to hook to /dev/ttyp0:
$ /usr/sbin/ttysnoop ttyp0
type in root password (to authenticate with ttysnoops) and enjoy your shared view ;p
When letting people log in remotely to your machine, ssh is strongly-preferred way to connect. Do not even bother with telnet (which is an unencrypted and insecure service). If you have special needs or demand telnet anyway, check out working configurations from the sample /etc/snooptab files.
The Debian 'alternatives' system
The Debian distribution comes with a lot of software packages and chances are you can choose between a few different applications that basically perform the same task; you can even have them all installed and peacefully coexisting on the system. Since we speak of Debian, there intuitively has to be an elegant way to set system defaults; and yes, there is one: the 'alternatives' system. Here's a similar introduction and an example from the update-alternatives(8) man page:
It is possible for several programs fulfilling the same or similar functions to be installed on a single system at the same time. For example, many systems have several text editors installed at once. This gives choice to the users of a system, allowing each to use a different editor, if desired, but makes it difficult for a program to make a good choice of editor to invoke if the user has not specified a particular preference.
Debian's alternatives system aims to solve this problem. A generic name in the filesystem is shared by all files providing interchangeable functionality. The alternatives system and the system administrator together determine which actual file is referenced by this generic name. For example, if the text editors ed(1) and nvi(1) are both installed on the system, the alternatives system will cause the generic name /usr/bin/editor to refer to /usr/bin/nvi by default. The system administrator can override this and cause it to refer to /usr/bin/ed instead, and the alternatives system will not alter this setting until explicitly requested to do so.
To actually configure the mentioned 'editor' alternative, simply type:
# update-alternatives --config editor
For a list of possible alternatives, check out the /etc/alternatives/ directory. You will most likely want to tune the 'x-window-manager' and 'x-session-manager' choices.
Periodically checking for the available disk space
It is very important to monitor disk usage. If the disk becomes full (especially on your /home partition), you will probably damage your config files or even lose data. XFree86 won't even start if there's no free disk space available. A simple crontab script which would just send you a daily disk usage reminder could be created this way:
# echo '#!/bin/sh' > /etc/cron.daily/disk-usage
# echo 'df' >> /etc/cron.daily/disk-usage
# chmod 755 /etc/cron.daily/disk-usage
Make sure to then edit the /etc/crontab file to adjust the time at which the cron.daily/ parts are run (it defaults to 06:25 AM).
Creating and extracting file archives
In Unix, you traditionally group ('tar') many files into a single one, and then compress it using a compression alghoritm (gzip for example). We will show here how to create and extract tar, tar.gz and tar.bz2 archives.
# apt-get install bzip2
# Create a plain, uncompressed tar archive
# tar -cf etc-backup.tar /etc
# Create a tar.gz (compressed) archive
# tar -zcf etc-backup.tar.gz /etc
# Create a tar.bz2 (compressed) archive (bzip2 is superior!)
# tar -jcf etc-backup.tar.gz /etc
# Unpack the tar archive
# tar xf etc-backup.tar
# Uncompress *and* unpack the tar.gz archive
# tar zxf etc-backup.tar.gz
# Just uncompress the tar.bz2 archive
# bunzip2 etc-backup.tar.bz2
# Unpack etc-backup.tar to a different directory
# tar xf etc-backup.tar -C /tmp/
For zip, rar, arj or cab files support, use the apt-cache search command to find the packages you need to install.
Copying, mirroring and re-downloading Debian packages
Re-downloading all installed .deb packages
You might want to do that for mirroring or backup purposes, or to burn a CD set with satisifed dependencies. The trick can be achieved with:
# COLUMNS=200 dpkg -l | grep '^ii' | awk '{ print $2 }' > /tmp/pkglist
# cat /tmp/pkglist | xargs apt-get --download-only --reinstall -y install
After the download finishes, you should see all the .deb files in /var/cache/apt/archives/. Also, see the apt-move sync method below, maybe that's what you really need.
Setting up a Debian mirror or an apt source on the local hard disk
This subsection could be of interest to you if you want to copy Debian CDs to your disk (so you don't have to change cdroms in the drive all the time) or export the Debian mirror to the machines on your local LAN.
The easiest way to copy Debian CDs to your hard disk would be to use the dd tool and directly create CD images:
# dd if=/dev/cdrom of=/mnt/deb-cd1.img bs=512k
Tip
If you install the cdrecord package, the readcd command will be available to you:
# readcd dev=0,0,0 f=deb-cd1.img
You would then mount the image like this (of course, you add it to /etc/fstab if you want it permanent):
# mkdir /mnt/deb-cd1
# mount -o loop,ro /mnt/deb-cd1.img /mnt/deb-cd1
An example sources.list entry would look like this:
deb file://mnt/deb-cd1 woody main contrib non-free non-US/main non-US/contrib non-US/non-free
Please Note:
While this procedure would work and is perfectly fine if you really want the CD images (if you are, say, recording Debian CDs), you'll probably find it inconvenient for other purposes (because the kernel default maximum number of loop devices in only 7 and you will necessarily have multiple sources instead of one which has everything).
Using <command>apt-move</command> to move packages into the local hard disk repository
If you have enough disk space, you'll find apt-move very convenient. You can use it to copy the cdroms to the disk, sort the downloaded files from /var/cache/apt/archives, or stay in sync with your local Debian mirror.
First, install apt-move:
apt-get install apt-move
Edit /etc/apt-move.conf, put 'localhost' (or the Internet mirror name, of course) under APTSITES field and change the DIST option (to 'woody', if you have Debian 3.0). You could also change PKGTYPE to 'both' if you also want source packages.
Edit /etc/apt/sources.list and deactivate all lines referring to cdroms.
Export /cdrom with Apache (if using http://localhost instead of the Internet mirror as package source):
# apt-get install apache
# echo "Alias /cdrom/ /cdrom/" >> /etc/apache/httpd.conf
# /etc/init.d/apache restart
# echo "deb http://localhost/cdrom/ woody contrib main non-US/contrib non-US/main non-US/non-free non-free" >> /etc/apt/sources.list
# apt-get update
Initialize apt-move:
# apt-move get
Now for each CD you wan't to move to your hard disk, type:
# mount /cdrom
# apt-get update
# apt-move mirror
# umount /cdrom
If you don't use CDs but the Internet mirror directly:
# To only move packages from /var/cache/apt/archives/
# apt-move move
# To build complete mirror
# apt-move mirror
# To copy only the packages which are installed on the system
# apt-move sync
When you are finished, create the new Packages.gz and Sources.gz:
# apt-move packages
# cd /mirrors/debian
# gunzip `find . -name Packages.gz`
# apt-move packages
Note that the gunzip .. line is important, because it creates the plain Packages files; you must have them if you're later using tools like debootstrap. Also, you will need to copy some existing Release file to the dists/woody/ directory.
Replace the http://localhost/cdrom/ repository (we don't need it any more) with the newly created mirror and install xplanet to test it:
# perl -n -i -e 'print unless m#/cdrom/#' /etc/apt/sources.list
# apt-get install apache
# echo "Alias /mirrors/debian/ /debian/" >> /etc/apache/httpd.conf
# /etc/init.d/apache reload
# echo "deb http://localhost/debian/ woody contrib main non-US/contrib non-US/main non-US/non-free non-free" \
>> /etc/apt/sources.list
# apt-get update
# apt-get install xplanet xplanet-images
Before you move on, don't forget to remove the /cdrom/ entry from /etc/apache/httpd.conf.
Package recompilation
Debian software packages come precompiled for many architectures. In the case of Intel-compatibles, those packages are optimized to work with all variants from i386 up. However, it means that all the system binaries you have use nothing from the advanced features found in modern processors (Pentiums for example).
There's been much of a debate if local recompilation of packages would give any advantage, but the general (and sane) conclusion seems to be this:
Local recompilation makes sense for kernel source, the GNU C Library (glibc), compression tools (such as gzip or bzip2) and some open-source games.
To recompile and install the package (say, vim), use:
# apt-get -b source vim
Building .deb packages from source
TODO:
source_builder.pl,
apt-get --build,
cast
fakeroot dpkg-buildpackage -uc -us
Installing software from generic .tar.gz packages - the checkinstall project (apt-get install checkinstall)
dpsyco - Debian Packages of System Configurations
Dpsyco is an acronym for Debian Packages of System Configurations and you can create and maintain "configuration packages" with it. A configuration package is a package that resides "on top" of the normal debian packages. You can overwrite normal files, patch the system, add users and groups and much more.
# apt-get install dpsyco dpsyco-{skel,patch}
equivs - inform dpkg about localy installed packages
This is a package, that creates Debian packages that can be used to inform dpkg about localy installed packages and their dependancies. Also empty packages that just require other packages can be created with equivs. These can be used as "profile" packages that just mark other ones for installation.
Please note that this is a crude hack and if thoughtlessly used might possibly do damage to your packaging system. And please note as well that using it is not the recommended way of dealing with broken dependencies. Better file a bug report instead.
Linking to your local Internet Service Provider
Dial-ups
You don't have load any drivers to support your modem. It's done automatically, the generic 'serial.o' driver takes care for serial port communication, and all normal modems understand the AT command set. If you have a winmodem (braindamaged modem which lacks one $5 chip and its work is loaded onto machine's CPU), then just forget it (however, there is a LinModems website, if you don't want to listen the voice of sanity).
ADSL with pppoe
Surprisingly, the adsl+pppoe setup is trivial with Debian. Install the pppoe package, find out the exact name of your provider (by sending the PADI packet) and read last notes in README.Debian:
# apt-get install pppoe
# pppoe -A
# zless /usr/share/doc/pppoe/README.Debian.gz
Please Note:
There's also the pppoeconfig program. Maybe you can get away with it.
I'm connected to the Internet, now what?
Make sure you have the ircii package installed (or some other variant of irc client, such as console irssi or graphical xchat and kvirc).
Then connect to the IRC server (irc.debian.org, which is a part of the FreeNode network [former "OpenProjects"]) and join channel #debian:
# su -c 'apt-get install xchat'
# xchat
/server irc.debian.org
/join #debian
You can ask for help and advice there, or just hang around and collect useful tips.
Warning
I hope you noticed the su -c ' ... ' above; it allows you to execute apt-get install xchat as root.
The implicit message is that you should not be using the root account on a regular basis.
Please Note:
Consider visiting the The serious bit, The Parody Site, and the Petition page to understand the 'Global Notice' money-requesting messages you'll be getting if you spend some time on the OPN network.
The package popularity contest
Let's just quote the popularity-contest manpage which says it all:
The popularity-contest command gathers information about Debian packages installed on the system, and prints the name of the most recently used executable program in that package as well as its last-accessed time (atime) and last-attribute-changed time (ctime) to stdout.
When aggregated with the output of popularity-contest from many other systems, this information is valuable because it can be used to determine which Debian packages are commonly installed, used, or installed and never used. This helps Debian maintainers make decisions such as which packages should be installed by default on new systems.
Normally, popularity-contest is run from a cron(8) job, /etc/cron.weekly/popularity-contest, which automatically emails the results to Debian package maintainers according to the settings in /etc/popularity-contest.conf.
# apt-get install popularity-contest
Accessing data on MS Windows partitions
Type 'fdisk -l' and you will see the list of partitions on all disks you have in the machine. Ignore everything (including warnings) except partitions which are of type FAT16 (for older Windows) or NTFS (for that Neandertal Technology (tm) stuff or newer). See this example output:
# fdisk -l
Disk /dev/hda: 255 heads, 63 sectors, 1823 cylinders
Units = cylinders of 16065 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hda1 1 62 497983+ 82 Linux swap
/dev/hda2 * 63 70 64260 83 FAT16
/dev/hda3 71 1823 14080972+ 5 Extended
/dev/hda5 * 71 101 248976 83 NTFS
/dev/hda6 * 102 709 4883728+ 83 Linux
/dev/hda7 710 1317 4883728+ 83 Linux
/dev/hda8 1318 1823 4064413+ 83 Linux
Disk /dev/hdc: 16 heads, 63 sectors, 29065 cylinders
Units = cylinders of 1008 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdc1 1 29065 14648728+ 83 Linux
We have two physical disks, which are called /dev/hda and /dev/hdc. Windows partitions we are searching for are named /dev/hda2 and /dev/hda5 (see? it says FAT16 and NTFS there). Now create /mnt/hda2 and /mnt/hda5 directories (using the 'mkdir' command) and edit /etc/fstab to make your changes permanent:
# mkdir /mnt/hda2 /mnt/hda5
# And append this to /etc/fstab:
/dev/hda2 /mnt/hda2 vfat defaults,ro 0 0
/dev/hda5 /mnt/hda5 ntfs defaults,ro 0 0
As root, type 'mount /mnt/hda2' and windows data will be there, under /mnt/hda2/. The same procedure applies to the hda5 partition.
By adding the above to /etc/fstab we ensured it gets mounted on every boot. If you don't want that, add the 'noauto' option to the Options field ('defaults,ro'). Also, replace 'ro' with 'rw' if you want full read-write access.
Also, to mount MS windows partitions, you need appropriate kernel module support, but Linux loads it automatically. See 'lsmod' output, you should see 'vfat' or 'nfts' there after you mount some windows partition.
Tip
It is interesting to note that the mount command supports disk mounts by partition labels, so you don't need to know the device file names in advance, and they can change later, requireing no modifications on your side (see the mount(8) man page, and pay attention to the -L option).
# e2label /dev/hda7 LINUX_HOME
# mount -L LINUX_HOME /home
Using Debian GNUCommon keystrokes
Use Shift + PageUp/PageDown keys to scroll the text that ran out of the visible screen area
Ctrl+l to clear the screen (or type clear)
Ctrl+s to stop terminal output (actually, to stop the application producing it), and Ctrl+q to resume.
You can use splitvt utility to split virtual console in two separate terminals. Once you start it (simply splitvt), you can switch between open consoles with Ctrl+w. Additional keystrokes are:
Ctrl+o,q : quit
Ctrl+o,4- : make current window 4 lines smaller
Ctrl+o,2+ : make current window 2 lines bigger
To dump contents of a screen to a file, use screendump command.
Terminal settings
For more on terminal settings, see the: setterm(1), reset(1), tput(1), tset(1), stty(1), termcap(3) and terminfo(3X) man pages. We'll cover them only briefly here:
disable screen blanking (otherwise primitive screensaver)
setterm -blank 0
disable beeps
setterm -blength 0
Please Note:
Under X, use xset b off.
set foreground and background
setterm -foreground black; setterm -background white
hide/show cursor
setterm -cursor off; setterm -cursor on
tput civis; tput cnorm
Also, check out the console_codes(4) man page.
The readline key and function bindings
Fire up the bash(1) man page, press /^SHELL BUILTIN COMMANDS (to search for that phrase at the beginning of a line), and then search for 'bind' (type /bind).
More information can be found in the /usr/share/doc/bash/ directory.
User configuration files
As you probably know by now, standard Unix system users do not have write permissions everywhere, the list is often limited to various temporary locations and their home directory.
While most system services keep their configuration files in the /etc/ directory, it's obvious the users can't do the same, they need private and isolated areas to save their preferences (and finally, they don't have permissions to put anything in /etc/). Therefore, their configuration information is saved in dotfiles in their home directory. The dotfile is simply a file whose name starts with a dot (say, ".vimrc"); such files are considered hidden, and are not shown in the directory listing output, unless you use the -a (--all) switch.
Applications generally use fallbacks to load the configuration information. It means they first check the [runtime] command line options which have the highest priority. Next are the environment varibles, followed by dotfiles and finally the generic configs (could be from /etc/).
Typically, an application will create its dotfiles when you run it for the first time.
Command aliases
Let's say you like the structured output of 'ls -al', but you would like to type 'll' instead of the complete 'ls -al'. The solution to this problem is called 'an alias' and is implemented on the shell level. Edit your ~/.bash_profile and add something like this:
alias ll='ls -al'
Re-read that config file:
# Type
$ source ~/.bash_profile
# Or
$ . ~/.bash_profile
# Or press
Ctrl+x,Ctrl+r
Type ll and enjoy :)
Please Note:
As you might have noticed, format of .bash_profile and .bashrc files is very simple, you put the same commands you would type on the command line there. We have saved the alias information in ~/.bash_profile because we want to have it next time we log in.
Advanced command line features
Most probably, you are using the bash shell (echo $SHELL) with the 'readline' support included. Readline is "the library that handles reading input when using an interactive shell". While traditional Unix users despise bash (a waste of memory, they say), bash and readline form a deadly efficient user environment.
Let's take a look at just few of their features:
Type 'history' to see a list of previously executed commands. History is saved in your ~/.bash_history file. New commands get appended to the file after you close a terminal session. If you want to exit without saving history, you can close the shell with kill -9 $$ or kill -9 0 . However, that is not the regular way - the regular way is to read about history feature in the 'bash' manpage and disable it properly (the 'bash' manpage is large, when you open it, type '/hist' to search for sections talking about the history feature).
Use Arrow Up and Arrow Down keys to scroll through the history buffer (which is saved between sessions). Use Home and End keys to move cursor position within the line. If they don't work (the Home or End keys), you can achieve the same with Ctrl+a, Ctrl+e (and backspace with Ctrl+h).
Use TAB to complete commands or file names. Type 'cat /etc/syslog.' and press TAB, you'll see what it does.
Use Alt+. (dot) or Esc,Shift+_ to repeat the last argument from the previous command. To choose which argument you want repeated, use the longer form: Esc, arg_number, Ctrl+Alt+y.
Try something like:
mkdir x
cd Alt+.
Events
!! : repeats last command
!-1 : repeats last command
!co : repeats last command starting with 'co'
!n : executes command N from the history list
Press Ctrl+R, then start typing a command until you see the line you want (this "reverse search" searches the history buffer for command which is most similar to the fragment of text you type in).
When changing directories, there are a few hints: you can get back to previous dir you were in by typing 'cd -'. You achieve the same (although you can put more directory names in the list) with pushd and popd (say, 'cd /bin; pushd /etc/; popd')
You would then most probably like to find out the names of programs you can start from the command line. Here's one nice little trick:
Type 'a' and press the TAB key twice. It will show you all available commands starting with 'a' (but that's not magic, you can see the same information by just typing 'ls' in /bin, /usr/bin and /usr/local/bin directories).
Customizing the X session
Just as the name suggests, the file to look for is ~/.xsession. You can find a proper example in /usr/share/doc/xfree86-common/examples/.
The ~/.Xdefaults file would be a place to tune Xresources information (invoke xrdb -load ~/.Xdefaults command from the ~/.xsession file to load it up).
Choosing X backgrounds
Tastes vary; some prefer single-color backgrounds, some like gradients, some set pictures as backgrounds.
I've found it's possible to create very nice-looking backgrounds using the xplanet package (install xplanet and xplanet-images):
$ xplanet -blend -grid -label -projection mercator -quality 100 -rotate 45 -cloud_image clouds_2000.jpg&
$ xplanet -blend -grid -label -projection mercator -quality 100 -cloud_image clouds_2000.jpg&
$ xplanet -blend -grid -label -projection mercator -quality 100 -latitude 15 -cloud_image clouds_2000.jpg&
Please Note:
The clouds_2000.jpg picture is located at the xplanet project page and is a realistic map of clouds surrounding the Earth (refreshed every 3 hours, and the image is about 500kb big).
It is possible to have xplanet generate a new picture every 5 minutes; see the xplanetbg(1) manpage and add it to the ~/.xsession file if you like the idea.
Good background pictures can be found in the debian-propaganda package.
Manually, you can set backgrounds with the xsetbg, xsetroot or Esetroot (from the eterm package) commands.
Taking screenshots
# Use the traditional xwd
$ xwd -root >screenshot.xwd; convert screenshot.xwd screenshot.png; pngcrush screenshot.png; rm screenshot.xwd
# Use scrot
$ scrot scrnshot.png
# Use import from the imagemagick package
$ import -comment "Gnome2 + theme xy" -compress jpeg -frame -screen screenshot.jpg
Reporting bugs
Make sure the bug is reproducible and that you are using the latest version.
Set DEBMAIL and DEBFULLNAME environment variables:
# export DEBMAIL="someone@something.org"
# export DEBFULLNAME="Your Name"
# reportbug -bx [package]
Caution
Do not get involved in reporting a bug unless you are 100% sure you have found a real problem; before thinking "It's a bug", ask yourself if you're actually experienced enough (in a particular subject) to say what's a bug and what's not. Then definitely check if the problem was already reported. Package maintainers have enough work to do without your false and ridiculous "bug" reports.
However great it might seem to report bugs (and feel you're "contributing" to the project), you should watch not to be too passionate about it, there are better ways to contribute to Debian (writing documentation and man pages, for example).
Debian GNU kernelsBasic kernel information
A kernel is the essential part of a computer operating system, the core that provides functionality for all other software.
It basically consists of low-level services (interrupt handler, process scheduler ...), hardware and pseudo drivers, and a
set of system calls which make kernel features available to the operating system and other, higher-level
applications.
Every operating system has a kernel, but some of them are distributed under proprietary licenses and don't have the source
publicly available so we'll leave them out of the scope.
Probably the most popular free kernel today is Linux, and many so-called distributions have evolved around it.
It is very important to note that Debian GNU is not a typical Linux distribution because it is not tied to the
Linux kernel exclusively; other Debian ports include GNU/Hurd, GNU/NetBSD and GNU/FreeBSD.
Kernel recompilation
If you need to recompile your kernel (be it for your personal amusement or a real purpose) - read on; otherwise skip this
chapter and just scroll below to see how to install precompiled kernels.
Whether kernel recompilation gives you any real-world benefits is always open for discussion, especially if we're judging between
recompilation and the use of a precompiled package which has the optimizations for your processor type (AMD K7 for example), but
it can't hurt and from my experience, it is always a good idea. Apart from resulting in a more optimized kernel image and usually
much better disk I/O performance, it serves as a kind of a small stress-test for your machine.
Please Note:
To test the I/O performance of your disk, do the following (obviously, you'd try it before, and after you boot into the new kernel):
# apt-get install hdparm
# init s
# sync; sync
# hdparm -tT /dev/hda
# init 2
Additionally, you get the kernel tree with the .config, all the *.o files and configured
modversions, which helps you later build additional modules and kernel components that directly fit in the
running kernel, without the need for a complete recompilation or reboot.
Linux
First, make sure you have all the necessary ingredients:
# apt-get install gcc make patch bin86 kernel-package libncurses5-dev libc6-dev
The bin86 package is only needed on the ia32 (Intel and compatibles) architecture, and libc6-dev
is not critical here, but you'll almost surely need it later.
Then search apt's database for available kernel source versions and install the appropriate one (the highest usually,
unless you have some specific needs). The kernel source will be placed in a compressed archive (/usr/src/kernel-source-<version>.tar.bz2),
so after the installation we need to additionaly extract the archive, and create /usr/src/linux (by convention, a symbolic link
pointing to the kernel source):
$ apt-cache search kernel-source-
# apt-get install kernel-source-2.4.18
# cd /usr/src/
# tar jxf kernel-source-2.4.18.tar.bz2
# ln -sf kernel-source-2.4.18 linux
# cd /usr/src/linux/
Please Note:
It often happens that there are newer Linux kernel versions released, but they don't appear to be available as Debian packages
(at a moment). There's nothing wrong with it; don't complain and just use whatever the highest version available in Debian is.
The Debian people responsible for the packages definitely are doing their job very well, so if a particular
version is not available, it's either because it needs more testing prior to inclusion and widespread use, or primarily contains
backported features and structure - something you don't want to know about 90% of the time.
To check current Linux kernel versions available, you can use the traditional finger tool (which somehow got
out of mainstream use, partly due to a rich set of security problems in finger daemons, partly because of global ignorance):
# apt-get install finger
$ finger @kernel.org
If you want to include additional kernel modules in the build (provided their source is available as a Debian
package, as it is for 'i2c' and 'lm-sensors' in our example), simply install their packages, uncompress them (they will properly extract into
/usr/src/modules/) and move on:
# apt-get install i2c-source lm-sensors-source
# cd /usr/src/
# tar zxf i2c.tar.gz
# tar zxf lm-sensors.tar.gz
To quickly discover all additional module sources that are available, you'd do something like this (gives you pretty exact results):
$ apt-cache search -- -source | grep "source "
Non-standard modules which do not have the source available in an existing Debian package are not handled during this stage,
and I cover them in the next section.
At this step, you need to pre-configure the new kernel. To do so, run make menuconfig and select your options
through a very user-friendly ncurses interface (that's why you installed libncurses5-dev).
New users find this step somewhat problematic because they're presented with literally hundreds of options, and not all of them
have an obvious purpose or good documentation available. It should suffice to say that the precompiled package from your repository
(kernel-image-2.4.18 in our case) contains the file /boot/config-2.4.18, which is practically
a copy of the options the default Debian kernel was built with. So, getting that file and copying it to /usr/src/linux/.config
should help you move forward:
# apt-get --download-only kernel-image-2.4.18
# dpkg -x /var/cache/apt/archives/kernel-image-2.4.18*.deb /tmp/kernel-2.4.18/
# cp /tmp/kernel-2.4.18/boot/config-* /usr/src/linux/.config
Optionally, you could still run make menuconfig and exclude the options and drivers you know you won't be needing,
just to reduce the overall compile time (however, it usually takes less than 15 minutes on ~1 GHz PCs). Actually, you will want to run it
to change the processor type; that option is found somewhere at the top and it is very worth setting to the type that
most closely describes your hardware.
Excellent. We now only need to specify an EXTRAVERSION field for our kernel (a string added to the kernel name and file paths, we'll use
doc1.0 in this example), and we can start the compilation:
# cd /usr/src/linux
# perl -p -i,orig -e 's/^EXTRAVERSION =.*/EXTRAVERSION = doc1\.0/' Makefile
# make-kpkg --revision=doc1.0 kernel_image
# make-kpkg --revision=doc1.0 modules_image
If everything goes smoothly (and it should!), you should see some new .deb files generated in the /usr/src/ directory.
The Kernel Has Been Compiled :)
Should you recompile the kernel again (after changing options or something), make sure to raise the revision number
(doc1.0); you can't create two packages having the same revision (this has to do with the GNU
ChangeLog file).
Please Note:
We have used the official Debian way to compile the kernel here (make-kpkg). However, the generic kernel
compilation guide (found in /usr/src/linux/Documentation/) suggest a different, manual method (make dep;
make clean; make bzImage...) and indeed, some people insist on using this "bare bones" approach. I can understand their
motives, some exposure to RedHat or SuSE Linux makes you run for the border at any mention of "distribution-specific ways", but I
assure you this is not the case here. make-kpkg is a powefull tool that does not violate these healthy principles
and, at the same time, it does a lot of things you would miss doing manually (setting up initrd and System.map for example). So,
stick to Debian GNU, and stick to its superior techniques for fun and profit.
Kernel image installation
After the kernel installation and a reboot, use uname -a just to make sure you really are
using the new kernel, and optionally configure kernel modules using the modconf tool.
Manually generated packagesLinux
If you recompiled your kernel, you should see one or more (depending on any additional modules you compiled in)
.deb files in the /usr/src/ directory. You can either copy them to the
appropriate place in your local apt package repository (and install with apt-get, just like
everything else), or install them all directly with the dpkg command.
# cd /usr/src/
# dpkg -i kernel-image-2.4.18doc1.0_doc1.0_i386.deb
In case you want to add a non-standard module (or nVidia proprietary drivers for example, which I prefer to build manually
although the nvidia-kernel-source package exists), you should do that later, after you compile, install and
boot into your new kernel. Usually, non-standard modules you build from source only require you to have the appropriate kernel
running and its corresponding source in /usr/src/linux/, and they will build cleanly. You can then copy
the resulting module file(s) somewhere under /lib/modules/`uname -r`, and run depmod -a.
Needless to say, you should never run make clean or make distclean inside your kernel tree
(unless you plan to build everything again), because the former would cause problems with modversions,
and the latter would delete your /usr/src/linux/.config file so new modules wouldn't be able to match
up with the existing kernel.
Precompiled Debian packagesLinux
In case you did not recompile the kernel yourself, and just want to use some of the existing Debian kernel packages,
you can do this:
As usual, first find out the available kernel versions (optimized for AMD's k7 processor series):
$ apt-cache search kernel-image- | grep k7
Then notice how every kernel version is split into multiple .deb files:
$ apt-cache search 2.4.18
(You of course only need kernel-image-2.4.18-k7 for the start). Simply install it:
# apt-get install kernel-image-2.4.18
System bootloader
By default, Debian uses the lilo bootloader, which surely does its job, but switching
to GRUB (the GRand Unified Bootloader) is always a good idea; GRUB
is technically superior and gives so much more freedom. I suppose it didn't catch on so successfully (yet)
because it lacked the straightforward installation documentation. Fortunately, you now have very useful and
precise notes in /usr/share/doc/grub/README.Debian, and examples are available in the
same directory.
For even more advanced bootloader setups (including boot schedules etc...), see the excellent
Smart BootManager or Gag.
Try to do it yourself first
We will summarize the key points I tried to promote throughout the document:
Debian does not underestimate the intelligence of an average system user.
It is normal not to know all the usage details directly from your memory (especially if you haven't learned them yet :). Having the correct logic is, however, mandatory to know how to help yourself in Unix.
A generic tasklist
Here's the theoretical list of tasks you should perform for each problem to get in business:
Properly define the problem:
What do you want to do?
Divide your problem into logical steps. If you can't precisely express what exactly do you need done, let it mature overnight. Approach it from as broad a perspective as possible.
Does your idea make sense?
If it works "most of the time", has obvious problems or needs additional effort to cover "special cases", chances are that you got it all wrong; you are using an environment designed to be free of incomplete solutions, remember? Re-evaluate your problem and call again tomorrow.
How are problems similar to yours usually solved in Unix/GNU/Debian/Linux?
Having little experience and trying hard to reinvent the wheel the wrong way is a waste of time and money. Try to find a similar problem and re-use the resolution mechanism.
Try searching the man and info pages on your system.
Make sure your man-db is installed setuid root (dpkg-reconfigure man-db), then run mandb to re-generate the cache indexes. This will allow you to use the apropos and whatis commands, which can help you find the page(s) containing an answer.
To extract man or info pages into text files, just take advantage of Unix pipes:
$ man dpkg | col -b > /tmp/dpkg.man.txt
Check out the appropriate directories under /usr/share/doc/. You can use the find and grep utilities to filter the useful material.
Check out the relevant web sites; debian.org, The Linux Documentation project or others more closely related to your problem (listed in the Links section of this guide).
Use Google, google.com/{linux,bsd}, or the Google groups service and search by keywords (results from the mailing lists will be included too).
getting help on IRC
IRC, the Internet Relay Chat service, is a very convenient way to get help directly from the community, from the people who use or develop the same software you're using.
IRC servers and channels
irc.oftc.net : #kernelnewbies, #offtopic, #lartc, #holarse
irc.openprojects.net : #debian, #debian.de, #debian-bugs, #debian-kde, #debian-oo, #c, #perl, #crystalspace, #blenderchat, #vim, #devtools, #prelude, #interchange, #hprog
You can use /msg chanserv info #[channel] to get more information about a specific channel.
How <emphasis>not</emphasis> to ask questions on IRC
IRC itself is just a protocol. Many written and spoken conventions have been established on top of it (especially since the Free Software networks started appearing).
The rules are very 'natural' and do not impose restrictions, they just define a few things you could do to avoid annoying other people on the channel, and to raise the probability of getting an answer to your question.
Many newcomers start discussing completely off-topic issues (including, but not limited to, their private lives) on channels like #debian (which is a very much Debian-related (who would guess?) place). When someone warns them, they feel insulted and not welcome. Please note that #debian is a big channel (500+ people) and we all have to follow some rules, if we want the whole thing to function.
I've tried to compile a summary (mostly taken from the apt's database [apt is an IRC robot (bot) on #debian]) of things you should[n't] do:
If you have a question, please just *ask it*. And don't address specific people - ask the channel. If somebody knows, they'll answer :) To get help quicker, don't ask "can I ask a question," "can anyone help," or "does anybody use/know about foo". Be as specific as you can. Specific, Informative, Complete, Concise, and On-topic. Don't be demanding or insulting; please don't /msg people without permission.
Do not start by saying your program doesn't work. Look buddy, doesn't work is an ambiguous statement. Does it sit on the couch all day? Does it want more money? Does it waste its time on IRC all day long? Please be specific! Define 'it' and what it isn't doing.
Do not ask questions such as "Can someone guide me through xyz?" or "Could somebody tell me about xyz?". If you're a normal person at all, you'd come to the conclusion that we are not willing to write a book for you (in realtime!) or be your handholder. Most of the subjects we're talking about are very broad, so in absence of your proper problem description we wouldn't even know where to start.
All the documentation you need is already available, and there's no excuse for not reading it. Asking the channel instead of examining it first (and trying it on your own, of course) is a dangerous shortcut you should not be taking.
Don't repeat yourself, use excessive punctuation, paste blocks in non-#flood channels, or repeatedly annoy people in private. "Playing" ascii graphics is the other nasty thing you should avoid.
If you're a Debian newbie (a beginner), do not try to answer other people's questions unless you're 100% sure you're right. The reason you came to the channel is learning, not misinforming other people; don't make the channel's life harder.
When talking to a specific person in the channel, please prefix the messages with his/her nick. Most IRC clients support TAB nick completion nowadays.
The spectre of possible problems is very broad and the effort needed to describe the problem varies. Generally:
Do not press ENTER instead of the Spacebar; do not waste lines. Ideally, everything should fit in a single line (and if it doesn't, your client will probably split it automatically, so you just don't bother about the line length).
We assume you tried to solve the problem on your own before asking on IRC, therefore include the information on:
How did you obtain the software (i.e. "apt-get install xxx")
What was the initial goal you wanted to accomplish
How did you approach it
Where specifically did you run into trouble
By constructing such correct and precise questions, you allow people to identify your problem and answer without asking numerous other subquestions.
Besides, some people try to do things the wrong way. They start asking about an issue, and after 30 mins of discussion, they finally mention it's a part of "something else" they wanted to do, and then we come to the conclusion they took the completely wrong path. By describing the problem properly, you allow other people to evaluate your whole idea, not just the specific problem.
Frequently used terms
Dpkg, apt, dselect, tasksel
dpkg
dpkg is a medium-level tool to install, build, remove and manage Debian GNU/Linux packages. dpkg itself is controlled entirely via command line parameters, which consist of exactly one action and zero or more options. The action-parameter tells dpkg what to do and options control the behavior of the action in some way.
apt
is a management system for software packages and includes apt-get, apt-cache and apt-cdrom tools. apt-get's strengths are smooth software upgrades, automatic dependency calculation and general convenience.
dselect
is a ncurses (text) frontend to dpkg. It may have more features than apt-get, but requires some time to get used to it (and it's not always as efficient as apt-get would be).
tasksel
allows you to select whole program categories at once (such as, “install games”).
Manual and info pages
man
(as in manual) pages offer uniform interface to documentation under Unix. For example, if the program is called mkdir and I mention it somewhere but you don't know what does it do, type 'man mkdir' and find out.
info
is GNU's way to document things. Some of the serious GNU tools have only short man pages, while the real documentation is hidden in info pages.
System administrator, superuser, root
Terms all referring to the administrative account or an official person which has the privileges to do anything he likes (yes, that includes deleting all your files, locking you out of the system and reporting your real earnings to the IRS :). Don't confuse with 'root directory' below.
Home directory
When you successfully authenticate with the system, you get logged-in, and you enter your 'home directory' under which you have full control to read, write and delete files (you don't have such permissions on the rest of the system). To see which directory it is, type 'pwd' (it could look something like /home/your_name). Wherever you are, type just 'cd' to get back to your home dir. The 'tilde' (~) is a special character that expands to your home directory (try 'echo ~' or 'vim ~/.bashrc').
Root directory
In Unix, disk partitions are visible (we say they are "mounted") in normal directories, and the base directory is always "/", called the "root directory". So for example, in Windows you would have disks like C: and D: but in Unix (and Linux), you connect them to directories, so your D: disk might be mounted to /mnt/windisk-D directory under Linux (the location is arbitrary, of course).
/etc
The /etc directory contains the configuration files for your system. If someone tells you to edit the syslog's config, it means you should go to the /etc/ directory and edit the syslog.conf file. As a general rule, most packages have a config file which is named <package>.conf, or store their config files in /etc/<package>/ directory.
Please Note:
For a complete description of the filesystem layout and the system directories you see, check out the Files structure subsection from the Debian User Reference Manual.
/proc
This is a virtual directory which looks like all the others on your system, but its dynamic content is generated directly by the kernel, and not from files on your disk. It is provided as a convenience in kernel-user communication (in both directions, although it was designed read-only in its early stages), and holds kernel and process-related data. Writable files are used to tune system behavior.
Binary
Binary is a common name for any file or data in a binary (two-digit) format. It is often a synonym for an executable file. I could say something like "where's the ttysnoop binary?" and the answer would be "the binary is located in /usr/sbin/ directory".
Image
This term mostly does not refer to a picture or drawing, but to a raw, low-level data. For example, the data cdrom contains the ISO9660 filesystem and some files on it. You could use the traditional Unix dd utility to create an image of that cdrom on the hard disk (the output would, of course, be a single raw file, a direct copy of bits from the original media); it also means that the file would look like a valid device and you could even mount it locally (using the 'loop' option).
Daemon
A system process which runs in background, normally for a long period of time, and is dedicated to servicing user requests. Examples of daemons are httpd (Apache), telnetd, ftpd (ProFtpd) or sshd (Openssh).
X11R6, XFree86
X11R6 (the "XWindow System") is an industry standard for windowing applications. XFree86 is an open-source implementation of the X11 protocol used by most free operating systems today (see XFree86 website).
RMS
Richard Matthew Stallman (see picture), ace MIT hacker, founder of the Free Software Foundation.
curses
The curses (or the new, ncurses) library is a set of routines which gives the user a terminal-independent method of updating character screens with reasonable optimization. Linux uses the ``new curses'' (ncurses) implementation and it is the approved replacement for 4.4BSD classic curses, which has been discontinued.
So, when we say apt-setup is a ncurses application, we mean it has a nice textual user interface with windows, menus and buttons. Ncurses applications are generally very convenient and nice to use. I've found a link to the ncurses programming tutorial.
The Unix Epoch
The time and date corresponding to 0 in an operating system's clock and timestamp values. Under most Unix versions the epoch is 00:00:00 GMT, January 1, 1970; under VMS, it's 00:00:00 of November 17, 1858 (base date of the U.S. Naval Observatory's ephemerides); on a Macintosh, it's the midnight beginning January 1 1904.
System time is measured in seconds or ticks past The Epoch.
Weird problems may ensue when the clock wraps around, which is not necessarily a rare event; on systems counting 10 ticks per second, a signed 32-bit count of ticks is good only for 6.8 years. The 1-tick-per-second clock of Unix is good only until January 18, 2038, assuming at least some software continues to consider it signed and that word lengths don't increase by then.
The X Window System, basic principles and Debian setup
The XFree86 Project, an open-source X Window System implementation
From www.XFree86.org:
The XFree86 Project, Inc is the organization which produces XFree86, a freely redistributable open-source implementation of the X Window System which runs on Unix(R) and Unix-like operating systems such as Linux, all of the BSD variants, Sun Solaris x86, Mac OS X (via Darwin), as well as other platforms like OS/2 and Cygwin.
XFree86, the product, provides a client/server interface between display hardware (the mouse, keyboard, and video displays) and the desktop environment while also providing both the windowing infrastructure and a standardized application interface (API). XFree86 is platform-independent, network-transparent and extensible.
With XFree86 a user cannot only choose the desktop environment they prefer, but because we are an open-source project, users can also modify and update their systems as they see best. As XFree86 has always been an unabashed supporter of freedom of the user desktop, so we encourage users to customise and personalise their desktops with the application of their choice, whether it be KDE, GNOME, Enlightenment, Blackbox, AfterStep, fvwm or twm.
Our goal at XFree86 is to have X run on every platform available, including those we do not currently support, as the best windowing system available on that platform.
The X Strike Force: XFree86/X Window System support for Debian
Visit the X Strike Force homepage.
XFree86 Installation
Debian potato (2.2) is shipped with XFree86 version 3.6.6, while Debian woody (3.0) has XFree86 version 4. See current status at the X Strike Force homepage.
X4 brings a lot of improvements and is now standard in Debian. There's not much difference from administration perspective, but notes will be put where appropriate.
You can install basic X support, the icewm window manager and the wdm display manager with:
# apt-get install xserver-xfree86 xbase-clients xfonts-base icewm icewm-themes wdm
Please Note:
If you're using X3, do apt-cache search xserver- and install the appropriate one instead of xserver-xfree86.
wdm is a better-looking equivalent to xdm, the X Display Manager (it opens up graphical login prompts). It is nice to have it, especially if you want to install more window managers, and then select which one to use from the wdm's menu. If you are using Gnome or KDE consider using their native gdm or kdm programs.
XFree86 Server Configuration
When you install the packages, the configuration process will start automatically. If you don't get it right the first time, you can always re-run configuration with:
# dpkg-reconfigure xserver-common
# dpkg-reconfigure xserver-xfree86
The interface is very clean and should help you create working XFree configs in no time. In case of problems, inspect the config file (/etc/X11/XF86Config-4 or /etc/X11/XF86Config) manually to make sure you have the right Driver option, and that UseFBDev option is set to false (these are the most common errors).
Tip
If you see no UseFBDev option in the config file, you need to manually add it and set it to false. The proper location to do it is the Section "Device" part of the config file, and it needs to look more or look like this:
Section "Device"
Driver "ati"
Option "UseFBDev" "false"
BusID "PCI:1:0:0"
EndSection
Tuning the resolution in X
When you start X, it picks the default color depth, loads in the list of available resolutions for the given depth, and displays the highest one. You can then cycle over other pre-defined resolutions with Ctrl+Alt+'+' and '-'.
All this is set up in /etc/X11/XF86Config-4. Here's an excerpt from the configuration for 16bit colors with default resolution 1024x768:
...
Section "Screen"
...
DefaultDepth 16
SubSection "Display"
Depth 1
Modes "1152x864" "1024x768" "800x600" "640x480"
EndSubSection
...
SubSection "Display"
Depth 16
Modes "1024x768" "800x600" "640x480"
EndSubSection
...
EndSection
...
To explicitly start X with 16bit colors (if there's no DefaultDepth option or it is different), use:
startx -- -bpp 16
If you want to further experiment with refresh rates and resolutions, either manually tune VertRefresh, HorizSync and Modeline (in X3 only) definitions in X config file, or see OpenBSD's X tuning guidelines.
Device autodetection
To take advantage of some kind of device autodetection, see the following three programs:
read-edid, hardware information-gathering tool for VESA PnP monitors
mdetect, mouse device autodetection tool
discover, hardware identification system
The client-server model
Since X is a client-server based model (as are most other things in Unix), it means you have a whole new domain of features at your disposal. We'll discuss them now.
Typical local-user/local-machine session
When you start X (with startx, xinit or X), it opens the first free virtual console (that is console 7 in most Linux distributions), and starts X server on it (X server uses the DISPLAY environment variable to detect the target display, and in this case it is “localhost:0”; just “:0” or undefined DISPLAY variable have the same effect). The X server then starts the window manager of your preference and the desktop screen shows up.
All the files needed are found on your local disk.
You can switch back to your console screens with Ctrl+Alt+F1, F2 etc... To get back to your X display, use Alt+F7. To close your X session, either find some form of a Logout button in your window manager, or simply use Ctrl+Alt+Backspace.
Just as you can have more virtual text consoles, you can have more completely separate X displays on a single display device (of course, even under different usernames):
To see it in practice, start X (with startx& command), then switch back to text console with Ctrl+Alt+F1, and run 'startx -- :1&'. Bravo! You have two X sessions running now! Switch between them with Ctrl+Alt+F7 and Ctrl+Alt+F8.
Remote displays on your machine
Let's say you have two machines, Monarch and Denali. You are sitting at Denali, and would like to start some X program on Monarch, but have the display locally on Denali's monitor (Note that this isn't a common file sharing: in our case, the program is really executed on Monarch, only the display is sent to Denali).
We will use one very convenient approach (there are other ways, of course) - we will use slogin program (an alias for ssh actually) to log in to monarch. The slogin command will set up the .Xauthority magic cookie file and the DISPLAY variable automatically, so all we need to do is to start our application. Try xeyes.
Here's an example for convenience:
denali:~$ slogin monarch
Enter password: xxxxx
monarch:~$ echo $DISPLAY
denali:0
monarch:~$ xeyes&
Please Note:
Note however that you must have the following options enabled for the example above to work: X11Forwarding in /etc/ssh/sshd_config and ForwardX11 in /etc/ssh/ssh_config. To restart the ssh daemon, use /etc/init.d/ssh restart
The Direct Rendering Infrastructure (DRI)
Here's a little introduction from the Documentation/Configure.help file (the kernel-doc-* packages):
AGP (the Accelerated Graphics Port) is a bus system mainly used to connect graphic cards to the rest of the system.
If you have an AGP system, it will be possible to use the AGP features of your 3D rendering video card.
Note that this is the only way to have XFree4/GLX use write-combining with MTRR support on the AGP bus. Without it,
OpenGL direct rendering will be a lot slower but still faster than PIO.
Kernel-level support for the Direct Rendering Infrastructure (DRI) was introduced in XFree86 4.0
(which you do have, if you use Debian Woody (3.0) or newer releases).
XFree86 Notes
X3 has fewer drivers and you must install specific drivers for specific groups of graphic cards (for example, xserver-rage128, mach32, mach64, i128, 3dlabs, agx, 8514, s3v etc...). In X4, we solve this by only installing xserver-xfree86, which is modular and loads the appropriate modules at runtime. Also, the config file is /etc/X11/XF86Config-4 for X4, and just /etc/X11/XF86Config for old X3.
Generally, only use X3 on old machines where you want to save some memory.
Troubleshooting
Check the /var/log/XFree86.log and ~/.xsession-errors files for hints.
Edit /etc/X11/XF86Config-4 and search for the line Option "UseFBDev" "true" and turn 'true' to 'false'.
If it still doesn't work, edit Driver= config parameter.
After you make sure the driver option is ok, but it still doesn't work, try tweaking HorizSync and VertRefresh values. Try with this: HorizSync 30-80 VertRefresh 40-90
Make sure you do have some version of a window manager installed, apt-get install icewm should do.
dpkg-reconfigure xserver-xfree86 should open up an interactive configurator, try with it.
Window managers
Now you have X window system running. Let's make this clear: You need the X server because it knows how to communicate with your hardware and actually display graphics. But that's all it does. How your interface really looks like depends purely on the 'window manager'. If you listened to me, you are probably running icewm now, but there are others (when you install them, they become the default or show up in wdm's login menu). Try wmaker, blackbox, afterstep, xfce or enlightenment. Also try twm and fvwm at least for historical reasons, to understand the Unix folklore ;)
If you install GUI environments like Gnome or KDE, you won't have to worry about window managers as they will aready be taken care of.
Don't be disappointed by the look of wdm or icewm (tastes difer), you have plenty of other variants to choose; Definitely check out the Window Managers for X website.
To get a program which shows you graphical login (so you don't have to log in the console and type startx every time), install package wdm (or any of its relatives; xdm, kdm or gdm). Also, you will be able to select which window manager to use from the wdm's menu.
You can also run X without the window manager (usually for testing purposes). Try starting xinit.
Fonts for X
Fonts you might want are found in xfonts-* packages. Type this command to search for them:
# apt-cache search xfonts-
If you are interested in using the Microsoft ttf fonts, there are font servers which can handle them, and I'd recommend you try xfstt. No fonts come with it since they all have non-free licenses. That means you have to get the ttf fonts yourself, copy them to /usr/share/fonts/truetype/, add FontPath “unix/:7101” to /etc/X11/XF86Config, execute /etc/init.d/xfstt restart and then restart X.
To browse installed fonts, see the xfontsel and gfontview programs.
Also, check out the http://www.linuks.mine.nu/fonts/readme file.
Actually, X4 can deal with TrueType fonts directly, you don't need the ttf-enable font server; simply add the ttf FontPath
in the X config file.
TODO: find the fontpaths for all xfonts- packages and list them here
Gpm (the console mouse driver) and the XFree86
You will most probably have problems with gpm and XFree86 running at the same time. The solution would be to set repeat type to 'raw' in gpm's config and mouse device to /dev/gpmdata in X config file, but that doesn't always give usable results. I prefer to shut down gpm.
FirewallsWhat is a firewall
That question would wave made little sense a few years ago (before 1997) but it seems to be a must today, when most computer-related things are just dumbed down and hidden behind graphical interfaces, and children waste their time practicing skills they have no or little use for in the real world.
Anyway, on to the subject. Running an Unix machine involves a great deal of responsibility, especially today when people have high-speed Internet connections at their homes; Unix systems don't basically make a difference between physically local and remote users. Anyone who gains access to your machine (especially to privileged accounts) can use it to compromise you and other hosts on your network or attack other Internet sites and cover his tracks. Depending on the type and success of the attack, sometimes the only solace you have is the physical access to the machine and the ability to reinstall it (let alone the backups you didn't make).
Therefore, we will now introduce you to firewall software:
A firewall is a set of related programs, located at a network gateway server or the user's machine, which protect the private resources from unauthorized [ab]use. Basically, a firewall examines each network packet to determine whether to forward it toward its destination. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.
This means we will use a firewall to control access to our machine, keeping in mind that we distinguish connections initiated by us, and those initiated by the remote ends.
Caution
Installing and (mis)configuring a firewall is by no means enough to enforce the site usage policy or provide a satisfying level of security, but it does make a big difference compared to a vanilla ('out of the box') system (having a car doesn't make you a driver, but it solves a mandatory pre-requisite).
Firewall setup in Debian GNU/Linux
Free software firewalls have evolved. The old Linux 2.0 kernel series used ipfwadm, 2.2 had ipchains and the current stable 2.4 branch sports the shiny netfilter, sympathized even by those who always preferred BSD systems for that part of the job.
The user-space part (for netfilter) is covered by the iptables package, which is a rather low-level interface to the firewall functions so some people (yes, we too) tend to use frontends; I found ferm to be The Frontend. ferm is a 'firewall rule parser for linux designed to maintain and setup complicated firewall rules'. Fair enough.
# apt-get install ferm
We will now see what a generic home-firewall setup looks like. The policy we will follow is: drop everything, permit only port 113, manually specified IPs and traffic initiated by our side.
You should read ferm man page and the examples in /usr/share/doc/ferm/examples/, but here's my suggestion to get us going:
# /etc/security/ferm.rules
# Feel free to relocate this file somewhere else.
# Options
option automod
option iptables
option clearall
option createchains
# Default policies. We drop all packets.
chain input policy drop;
chain output policy drop;
chain forward policy drop;
# We accept everything going out and all ICMP messages going in.
# TODO: update this.
chain output accept;
chain input proto icmp accept;
# On lo and eth0 interfaces, accept everything that matches
# the address range. Log and drop packets that don't.
# TODO: make this look properly
chain input if ( eth0 lo ) {
saddr 192.168.7.110/24 accept;
saddr 127.0.0.1 accept;
drop log;
}
# Internet link.
# Accept everything from 129.70.28.189 and 161.53.41.91
# Accept everything coming to our identd (113) port
# Accept everything that belongs to already established or related connections.
# Log and drop the rest.
chain input if ppp0 {
saddr 129.70.28.189 ACCEPT;
saddr 161.53.41.91 ACCEPT;
proto tcp dport 113 ACCEPT;
state (established,related) ACCEPT;
drop log;
}
The example assumes your machine has the local IP address 192.168.7.110 and netmask 255.255.255.0.
Adjust the host IP (netmask is probably okay).The example assumes your Internet link is a dial-up connection ppp0. Adjust according to your setup.Tip
If you use dport or sport options in your rules, you must also include the proto tcp or udp specification.
To make the rules active:
# ferm /etc/security/ferm.rules
You could also add this command to the /etc/ppp/ip-up script, to have it start automatically, whenever the dialup link goes up.
More protection
Unless you are playing games under Wine or WineX,
you could be interested in applying the grsecurity patches to your kernel
(see apt-cache search grsec).
You could also install the Prelude Hybrid IDS (Intrusion Detection System) on your machines.
Setting up IP Masquerading/NAT
Multiple computers can all share the single connection (to the Internet usually) installed on the gateway machine. The procedure to set it up is trivial:
On the 'server' machine
# apt-get install ipmasq
On client machines
# route add default gw [server.ip]
To make client side changes permanent, add 'gateway' option to the /etc/network/interfaces file. Also, make sure the /etc/resolv.conf files on client machines are valid (copy from the main machine would do if you substitute references to 127.0.0.1 with the server's IP as it is seen from the local network).
Please Note:
If it doesn't work for you (you get 'Operation not permitted' errors even on the server machine), try '/etc/init.d/iptables stop').
For laptops, or computers which often change their network environment, see the divine package.