diff options
author | Alan Hicks <alan@lizella.net> | 2010-05-01 14:17:18 -0400 |
---|---|---|
committer | Alan Hicks <alan@lizella.net> | 2010-05-01 14:17:18 -0400 |
commit | dbca998ce52d78ce5e525e0d799adc83d580f66a (patch) | |
tree | c2a5ee10d4e488f77354f12e4c76a64615b94890 | |
parent | 8ec49bb2c5d0fd2d3ee8dd519e783002f3c8f9ec (diff) | |
download | slackbook-dbca998ce52d78ce5e525e0d799adc83d580f66a.tar.xz |
Making room for new chapter and a few minor modifications.
-rw-r--r-- | chapter_06.xml | 208 | ||||
-rw-r--r-- | chapter_07.xml | 223 | ||||
-rw-r--r-- | chapter_08.xml | 263 | ||||
-rw-r--r-- | chapter_09.xml | 562 | ||||
-rw-r--r-- | chapter_10.xml | 685 | ||||
-rw-r--r-- | chapter_11.xml | 669 | ||||
-rw-r--r-- | chapter_12.xml | 325 | ||||
-rw-r--r-- | chapter_13.xml | 394 | ||||
-rw-r--r-- | chapter_14.xml | 564 | ||||
-rw-r--r-- | chapter_15.xml | 791 | ||||
-rw-r--r-- | chapter_16.xml | 722 | ||||
-rw-r--r-- | chapter_17.xml | 237 | ||||
-rw-r--r-- | chapter_18.xml | 456 |
13 files changed, 2876 insertions, 3223 deletions
diff --git a/chapter_06.xml b/chapter_06.xml index a6f1837..c757993 100644 --- a/chapter_06.xml +++ b/chapter_06.xml @@ -3,230 +3,30 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>The X Window System</title> +<title>Process Control</title> <section> -<title>What Is (And Isn't) X</title> +<title>Why Use Slackware?</title> <para> -Eons ago computer terminals came with a screen and a keyboard and not -much else. Mice hadn't come into common use and everything was menu -driven. Then came the Graphical User Interface (GUI) and the world was -changed. Today users are accustomed to moving a mouse around a screen, -clicking on icons and running tasks with fancy images and animation, -but UNIX systems predated this and so GUIs were added almost as an -afterthought. For many years, Linux and its UNIX brethren were -primarily used without graphics of any sort, but today it is perhaps -more common than not for users to prefer their Linux computers come -with shiney, flashy, clickable GUIs, and all these GUIs run on -<application>X</application>(7). -</para> - -<para> -So what is X? Is it the desktop with the icons? Is it the menus? Is it -the window manager? Does it mark the spot? The answer to all these is a -resounding "no". There are many parts to a GUI, but X is the most -fundamental. X is that application that receives input from the mouse, -keyboard, and possibly other devices. X is that application that tells -the graphics card what to do. In short, X is the application that talks -to your computer's hardware from graphical purposes; all other -graphical applications simply talk to X. -</para> - -<para> -Let's stop for a moment and talk about nomenclature. X is just one of a -dozen names that you may encounter. It is also called X11, the X Window -System, X Window, X11R6, X Version 11, and several others. Whatever -you hear it called, simply understand that the speakers are referring -to X. </para> </section> <section> -<title>Configuring the X Server</title> - -<para> -As powerful as Slackware Linux is, configuring X can be daunting and -is often one of the first real challenges a new user faces. Don't be -overly concerned if you find this a bit difficult. While many changes -have been made over the years that make this much easier, there are -still computers out there that don't properly auto-detect, or you'll -wish to make some change to some setting and it might not be immediately -apparent what to do. Just remember that when I started using X, it was -far more primitive than it is today, took far more work to configure, -and often crashed without telling the user what was wrong. If I and -thousands of others got this working back then, you can do it today. -</para> - -<para> -Fortunately, with <application>X.Org 1.6.3</application> an -<filename>/etc/X11/xorg.conf</filename> does not even need to be -present for <application>X</application> to attempt a working display, -further, Slackware includes a default configuration file that works -for most computers by using the VESA standard. This offers only the -most basic functions and may not allow your graphics card to operate at -its full potential. You may be limited to low resolutions, fewer -colors, and <application>X</application> will be slower. Still, this is -an option for users, particularly those who only want to occassionally -run <application>X</application>. You can try it out now simply by -running <application>startx</application>(1) from a command prompt. -</para> +<title>Differences Compared to Other Linux Distributions</title> <para> -There are many ways to configure <application>X</application>, but the -easiest is to use <application>xorgsetup</application>. This will attempt -to probe probe your computer's hardware and write a working xorg.conf -file. This option is not garaunteed to work; there are some platforms -that it is known not to work with, and there are probably others as -well. Still, it is worth trying first as it is the quickest and least -complicated for a new user to attempt. -</para> - -<para> -The second most popular way to configure <application>X</application> -on your system is the handy <application>xorgconfig</application>(1). -This application asks you a series of questions about your computer's -hardware and writes out a config file based on your choices. Unless you -know exactly what your hardware is, we recommend that you try -<application>xorgsetup</application> first. -</para> - -<para> -Additionally, the <application>X</application> has flags available to -let <application>X</application> attempt to detect hardware and render -an <filename>xorg.conf.new</filename> that should work with the hardware -present. From a virtual terminal call <command>X -configure</command>, -and the resulting file will be either <filename>/root/xorg.conf.new</filename> -or <filename>$HOME/xorg.conf.new</filename>. Before moving this new -configuration to <filename>/etc/X11/</filename>, it can be tested by -calling <command>X -config /root/xorg.conf.new</command>, then you can -exit this <application>X</application> session with <CTRL>+<ALT>+<Backspace>. -</para> - -<para> -Lastly, you can manually configure your <application>X</application> -server by modifying <filename>/etc/X11/xorg.conf</filename> with a text -editor. This is not normally a task for the faint of heart, but is -often the easiest way to make minor changes. </para> </section> <section> -<title>Choosing a Window Manager</title> - -<para> -Slackware Linux includes many different window managers and desktop -environments. Window managers are the applications responsible for -painting application windows on the screen, resizing these windows, and -similar tasks. Desktop environments include a window manager, but also -add task bars, menus, icons, and more. Slackware includes both the KDE -and XFCE desktop environments and several additional window managers. -Which you use is entirely your own decision, but in general, window -managers tend to be faster than desktop environments and more suitable -to older systems with less memory and slower processors. Desktop -environments will be more comfortable for users accustomed to Microsoft -Windows. -</para> +<title>Licensing</title> <para> -LIST OF DE'S AND WINDOW MANAGERS. -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! </para> -<para> -The easiest way to choose a window manager is -<application>xwmconfig</application>(1), included with Slackware Linux. -This application allows a user to choose what window manager to run -with <application>startx</application>. -</para> - -</section> - -<section> -<title>Setting Up A Graphical Login</title> - -<para> -By default, when you boot your Slackware Linux system you are presented -with a login prompt on a virtual terminal. This is more than adequate -for most people's needs. If you need to run commandline applications, -you may login and do so right away. If you want to run X, simply executing -<application>startx</application> will do that for you nicely. -But suppose you almost exclusively -use your system for graphical duties like many laptop owners? Wouldn't -it be nice for Slackware to take you straight into a GUI? Fortunately, -there's an easy way to do just that. -</para> - -<para> -Slackware uses the System V init system which allows the administrator -to boot into or change to different runlevels, which are really just -different "states" the computer can be in. In fact, shutting down the -computer is really only a case of changing to a runlevel which -accomplishes just that. Runlevels can be rather complicated, so we -won't delve into them any further than necessary. -</para> - -<para> -Runlevels are configured in <filename>inittab</filename>(5). -The most common ones are -runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell -Slackware to boot to a GUI screen, simply open -<filename>/etc/inittab</filename> with your -favorite editor of choice. (You may wish to refer to one of the -chapters on <application>vi</application> or -<application>emacs</application> at this point.) Near the top, you'll -see the relevant entries. -</para> - -<screen> -# These are the default runlevels in Slackware: -# 0 = halt -# 1 = single user mode -# 2 = unused (but configured the same as runlevel 3) -# 3 = multiuser mode (default Slackware runlevel) -# 4 = X11 with KDM/GDM/XDM (session managers) -# 5 = unused (but configured the same as runlevel 3) -# 6 = reboot - -# Default runlevel. (Do not set to 0 or 6) -id:3:initdefault: -</screen> - -<para> -In this file (along with most configuration files) anything following a -hash symbol # is a comment and not interpreted by init(8). Don't worry -if you don't understand everything about inittab, as many veteran users -don't either. The only line we are interested in is the last on above. -Simply change the 3 to a 4 and reboot. -</para> - -<screen> -# These are the default runlevels in Slackware: -# 0 = halt -# 1 = single user mode -# 2 = unused (but configured the same as runlevel 3) -# 3 = multiuser mode (default Slackware runlevel) -# 4 = X11 with KDM/GDM/XDM (session managers) -# 5 = unused (but configured the same as runlevel 3) -# 6 = reboot - -# Default runlevel. (Do not set to 0 or 6) -id:4:initdefault: -</screen> - </section> </chapter> diff --git a/chapter_07.xml b/chapter_07.xml index 1ba3035..a6f1837 100644 --- a/chapter_07.xml +++ b/chapter_07.xml @@ -3,45 +3,230 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Printing</title> +<title>The X Window System</title> <section> -<title>Choosing A Printer</title> +<title>What Is (And Isn't) X</title> <para> -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Eons ago computer terminals came with a screen and a keyboard and not +much else. Mice hadn't come into common use and everything was menu +driven. Then came the Graphical User Interface (GUI) and the world was +changed. Today users are accustomed to moving a mouse around a screen, +clicking on icons and running tasks with fancy images and animation, +but UNIX systems predated this and so GUIs were added almost as an +afterthought. For many years, Linux and its UNIX brethren were +primarily used without graphics of any sort, but today it is perhaps +more common than not for users to prefer their Linux computers come +with shiney, flashy, clickable GUIs, and all these GUIs run on +<application>X</application>(7). +</para> + +<para> +So what is X? Is it the desktop with the icons? Is it the menus? Is it +the window manager? Does it mark the spot? The answer to all these is a +resounding "no". There are many parts to a GUI, but X is the most +fundamental. X is that application that receives input from the mouse, +keyboard, and possibly other devices. X is that application that tells +the graphics card what to do. In short, X is the application that talks +to your computer's hardware from graphical purposes; all other +graphical applications simply talk to X. +</para> + +<para> +Let's stop for a moment and talk about nomenclature. X is just one of a +dozen names that you may encounter. It is also called X11, the X Window +System, X Window, X11R6, X Version 11, and several others. Whatever +you hear it called, simply understand that the speakers are referring +to X. </para> </section> <section> -<title>Setting Up a Printer in CUPS</title> +<title>Configuring the X Server</title> + +<para> +As powerful as Slackware Linux is, configuring X can be daunting and +is often one of the first real challenges a new user faces. Don't be +overly concerned if you find this a bit difficult. While many changes +have been made over the years that make this much easier, there are +still computers out there that don't properly auto-detect, or you'll +wish to make some change to some setting and it might not be immediately +apparent what to do. Just remember that when I started using X, it was +far more primitive than it is today, took far more work to configure, +and often crashed without telling the user what was wrong. If I and +thousands of others got this working back then, you can do it today. +</para> + +<para> +Fortunately, with <application>X.Org 1.6.3</application> an +<filename>/etc/X11/xorg.conf</filename> does not even need to be +present for <application>X</application> to attempt a working display, +further, Slackware includes a default configuration file that works +for most computers by using the VESA standard. This offers only the +most basic functions and may not allow your graphics card to operate at +its full potential. You may be limited to low resolutions, fewer +colors, and <application>X</application> will be slower. Still, this is +an option for users, particularly those who only want to occassionally +run <application>X</application>. You can try it out now simply by +running <application>startx</application>(1) from a command prompt. +</para> <para> -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +There are many ways to configure <application>X</application>, but the +easiest is to use <application>xorgsetup</application>. This will attempt +to probe probe your computer's hardware and write a working xorg.conf +file. This option is not garaunteed to work; there are some platforms +that it is known not to work with, and there are probably others as +well. Still, it is worth trying first as it is the quickest and least +complicated for a new user to attempt. +</para> + +<para> +The second most popular way to configure <application>X</application> +on your system is the handy <application>xorgconfig</application>(1). +This application asks you a series of questions about your computer's +hardware and writes out a config file based on your choices. Unless you +know exactly what your hardware is, we recommend that you try +<application>xorgsetup</application> first. +</para> + +<para> +Additionally, the <application>X</application> has flags available to +let <application>X</application> attempt to detect hardware and render +an <filename>xorg.conf.new</filename> that should work with the hardware +present. From a virtual terminal call <command>X -configure</command>, +and the resulting file will be either <filename>/root/xorg.conf.new</filename> +or <filename>$HOME/xorg.conf.new</filename>. Before moving this new +configuration to <filename>/etc/X11/</filename>, it can be tested by +calling <command>X -config /root/xorg.conf.new</command>, then you can +exit this <application>X</application> session with <CTRL>+<ALT>+<Backspace>. +</para> + +<para> +Lastly, you can manually configure your <application>X</application> +server by modifying <filename>/etc/X11/xorg.conf</filename> with a text +editor. This is not normally a task for the faint of heart, but is +often the easiest way to make minor changes. </para> </section> <section> -<title>Commandline Printing Tools</title> +<title>Choosing a Window Manager</title> + +<para> +Slackware Linux includes many different window managers and desktop +environments. Window managers are the applications responsible for +painting application windows on the screen, resizing these windows, and +similar tasks. Desktop environments include a window manager, but also +add task bars, menus, icons, and more. Slackware includes both the KDE +and XFCE desktop environments and several additional window managers. +Which you use is entirely your own decision, but in general, window +managers tend to be faster than desktop environments and more suitable +to older systems with less memory and slower processors. Desktop +environments will be more comfortable for users accustomed to Microsoft +Windows. +</para> <para> -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +LIST OF DE'S AND WINDOW MANAGERS. +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! </para> +<para> +The easiest way to choose a window manager is +<application>xwmconfig</application>(1), included with Slackware Linux. +This application allows a user to choose what window manager to run +with <application>startx</application>. +</para> + +</section> + +<section> +<title>Setting Up A Graphical Login</title> + +<para> +By default, when you boot your Slackware Linux system you are presented +with a login prompt on a virtual terminal. This is more than adequate +for most people's needs. If you need to run commandline applications, +you may login and do so right away. If you want to run X, simply executing +<application>startx</application> will do that for you nicely. +But suppose you almost exclusively +use your system for graphical duties like many laptop owners? Wouldn't +it be nice for Slackware to take you straight into a GUI? Fortunately, +there's an easy way to do just that. +</para> + +<para> +Slackware uses the System V init system which allows the administrator +to boot into or change to different runlevels, which are really just +different "states" the computer can be in. In fact, shutting down the +computer is really only a case of changing to a runlevel which +accomplishes just that. Runlevels can be rather complicated, so we +won't delve into them any further than necessary. +</para> + +<para> +Runlevels are configured in <filename>inittab</filename>(5). +The most common ones are +runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell +Slackware to boot to a GUI screen, simply open +<filename>/etc/inittab</filename> with your +favorite editor of choice. (You may wish to refer to one of the +chapters on <application>vi</application> or +<application>emacs</application> at this point.) Near the top, you'll +see the relevant entries. +</para> + +<screen> +# These are the default runlevels in Slackware: +# 0 = halt +# 1 = single user mode +# 2 = unused (but configured the same as runlevel 3) +# 3 = multiuser mode (default Slackware runlevel) +# 4 = X11 with KDM/GDM/XDM (session managers) +# 5 = unused (but configured the same as runlevel 3) +# 6 = reboot + +# Default runlevel. (Do not set to 0 or 6) +id:3:initdefault: +</screen> + +<para> +In this file (along with most configuration files) anything following a +hash symbol # is a comment and not interpreted by init(8). Don't worry +if you don't understand everything about inittab, as many veteran users +don't either. The only line we are interested in is the last on above. +Simply change the 3 to a 4 and reboot. +</para> + +<screen> +# These are the default runlevels in Slackware: +# 0 = halt +# 1 = single user mode +# 2 = unused (but configured the same as runlevel 3) +# 3 = multiuser mode (default Slackware runlevel) +# 4 = X11 with KDM/GDM/XDM (session managers) +# 5 = unused (but configured the same as runlevel 3) +# 6 = reboot + +# Default runlevel. (Do not set to 0 or 6) +id:4:initdefault: +</screen> + </section> </chapter> diff --git a/chapter_08.xml b/chapter_08.xml index a2bb4e9..1ba3035 100644 --- a/chapter_08.xml +++ b/chapter_08.xml @@ -3,268 +3,43 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Users and Groups</title> +<title>Printing</title> <section> -<title>What Are Users and Groups?</title> +<title>Choosing A Printer</title> <para> -Slackware Linux inherits a strong multi-user tradition from its UNIX -inspiration. This means that multiple people may use the system at -once, but it also means that each of these people may have different -permissions. This allows users to prevent others from modifying their -files, or lets system administrators explicitly define what users can -and cannot do on the system. Moreover, users need not be actual people -at all. In fact, Slackware includes several dozen pre-defined user -and group accounts that are not typically used by regular users. Rather -these accounts allow the system administrator to segment the system for -security reasons. We'll see how that's done in the next chapter on -filesystem permissions. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur. </para> </section> <section> -<title>Managing Users and Groups</title> +<title>Setting Up a Printer in CUPS</title> <para> -The easiest way to add new users in Slackware is through the use of our -very fine <application>adduser</application> shell script. -<application>adduser</application> will prompt you to enter the details -of the new user you wish to creature and step you through the process -quickly and easily. It will even create a password for the new user. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>adduser</userinput> - -Login name for new user []: <userinput>david</userinput> - -User ID ('UID') [ defaults to next available ]: - -Initial group [ users ]: -Additional UNIX groups: - -Users can belong to additional UNIX groups on the system. -For local users using graphical desktop login managers such -as XDM/KDM, users may need to be members of additional groups -to access the full functionality of removable media devices. - -* Security implications * -Please be aware that by adding users to additional groups may -potentially give access to the removable media of other users. - -If you are creating a new user for remote shell access only, -users do not need to belong to any additional groups as standard, -so you may press ENTER at the next prompt. - -Press ENTER to continue without adding any additional groups -Or press the UP arrow to add/select/edit additional groups -: <userinput>audio cdrom floppy plugdev video</userinput> - -Home directory [ /home/david ] - -Shell [ /bin/bash ] - -Expiry date (YYYY-MM-DD) []: - -New account will be created as follows: - ---------------------------------------- -Login name.......: david -UID..............: [ Next available ] -Initial group....: users -Additional groups: audio,cdrom,floppy,plugdev,video -Home directory...: /home/david -Shell............: /bin/bash -Expiry date......: [ Never ] - -This is it... if you want to bail out, hit Control-C. Otherwise, press -ENTER to go ahead and make the account. - - -Creating new account... - - -Changing the user information for david -Enter the new value, or press ENTER for the default - Full Name []: - Room Number []: - Work Phone []: - Home Phone []: - Other []: -Changing password for david -Enter the new password (minimum of 5, maximum of 127 characters) -Please use a combination of upper and lower case letters and numbers. -New password: -Re-enter new password: -Password changed. - - -Account setup complete. -</screen> - -<para> -The addition of optional groups needs a little explaining. Every user -in Slackware has a single group that it is always a member of. By -default, this is the "users" group. However, users can belong to more -than one group at a time and will inherit all the permissions of every -group they belong to. Typical desktop users will need to add several -group memberships in order to do things like play sound or access -removeable media like cdroms or USB flash drives. You can simply press -the up arrow key at this section and a list of default groups for -desktop users will magically appear. You can of course, add to or -remove groups from this listing. -</para> - -<para> -Now that we've demonstrated how to use the interactive -<application>adduser</application> program, lets look at some powerful -non-interactive tools that you may wish to use. The first is -<application>useradd</application>(8). -<application>useradd</application> is a little less friendly, but much -faster for creating users in batches. This makes it ideal for use in -shell scripts. In fact, <application>adduser</application> is just such -a shell script and uses <application>useradd</application> for most of -the heavy lifting. <application>useradd</application> has many options -and we can't explain them all here, so refer to its man page for the -complete details. Now, let's make a new user. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan</userinput> -</screen> - -<para> -Here I have added the user "alan". I specified the user's home -directory as <filename>/data/home/alan</filename> and used -<application>bash</application> as my shell. Also, I specified my -default group as "users" and added myself to a number of useful groups -for dekstop use. You'll note that <application>useradd</application> -does not do any prompting like <application>adduser</application>. -Unless you want to accept the defaults for everything, you'll need to -tell <application>useradd</application> what to do. -</para> - -<para> -Now that we know how to add users, we should learn how to add groups. -As you might have guessed, the command for doing this is -<application>groupadd</application>(8). -<application>groupadd</application> works in the same way as -<application>useradd</application>, but with far fewer options. The -following command adds the group "slackers" to the system. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>groupadd slackers</userinput> -</screen> - -<para> -Deleting users and groups is easy as well. Simply run the -<application>userdel</application>(8) and -<application>groupdel</application>(8) commands. By default, -<application>userdel</application> will leave the user's home directory -on the system. You can remove this with the <arg>-r</arg> argument. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur. </para> </section> <section> -<title>Other User and Group Tools</title> - -<para> -Several other tools exist for managing users and groups. Perhaps the -most important one is <application>passwd</application>(1). This -command changes a user account's password. Normal users may change -their own passwords only, but root can change anyone's password. Also, -root can lock a user account with the <arg>-l</arg> argument. This -doesn't actually shutout the account, but instead changes the user's -encrypted password to a value that can't be matched. -</para> - -<para> -Another useful tool is <application>chsh</application>(1) which changes a -user's default shell. Like <application>passwd</application>, normal -users can only change their own shell, but the root user can change -anyone's. -</para> - -<para> -The last tool we're going to discuss is -<application>chfn</application>(1). This is used to enter identifying -information on the user such as his phone number and real name. This -information is stored in the <filename>passwd</filename>(5) file and -retrieved using <application>finger</application>(1). -</para> - -</section> - -<section> -<title>Managing Users and Groups Manually</title> - -<para> -Like most things in Slackware Linux, users and groups are stored in -plain-text files. This means that you can edit all the details of a -user, or even create a new user or group simply by editing these files -and doing a few other tasks like creating the user's home directory. Of -course, after you see how this is done you'll appreciate just how -simple the included tools make this task. -</para> - -<para> -Our first stop is the <filename>/etc/passwd</filename> file. Here, all -the information about a user is stored, except for (oddly enough) the -user's password. The reason for this is rather simple. -<filename>/etc/passwd</filename> must be readable by all users on the -system, so you wouldn't want passwords stored there, even if they are -encrypted. Let's take a quick look at my entry in this file. -</para> - -<screen> -alan:x:1000:100:,,,:/home/alan:/bin/bash -</screen> - -<para> -Each line in this file contains a number of fields seperated by a -colon. They are, from left to right: username, password, UID, GUID, a -comment field, home directory, and shell. You'll notice that the -password field for every entry is an <keycap>x</keycap>. That is -because Slackware uses shadow passwords, so the actual encrypted -password is stored in <filename>/etc/shadow</filename>. Let's take a -look there. -</para> - -<screen> -alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7::: -</screen> - -<para> -The <filename>shadow</filename> file contains more than just the -encrypted password as you'll notice. The fields here, again from left -to right, are: username, encrypted password, last day the password was -changed, days before the password may be changed again, how many days -before the password expires, days that the account will be disabled -after expiring, when the account was disabled, and a reserved field. -You may notice on some accounts that the various "days" fields often -include very large numbers. The reason for this is that Slackware -counts time from the "Epoch" which is January 1, 1970 for historical -reasons. -</para> - -<para> -To create a new user account, you'll just need to open these files -using <application>vipw</application>(8). This will open -<filename>/etc/passwd</filename> in the editor -defined by your VISUAL variable or your EDITOR variable if VISUAL isn't -defined. If neither is present, it will fall back to -<application>vi</application> by default. If you pass the <arg>-s</arg> -argument, it will open <filename>/etc/shadow</filename> instead. It's -important to use <application>vipw</application> instead of using any -other editor, because <application>vipw</application> will lock the -file and prevent other programs from editing it right underneath your feet. -</para> +<title>Commandline Printing Tools</title> <para> -That isn't all you'll need to do however; you must also create the -user's home directory and change the user's password using -<application>passwd</application>. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur. </para> </section> diff --git a/chapter_09.xml b/chapter_09.xml index a0ab4d2..a2bb4e9 100644 --- a/chapter_09.xml +++ b/chapter_09.xml @@ -3,459 +3,269 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Filesystem Permissions</title> +<title>Users and Groups</title> <section> -<title>Permissions Overview</title> +<title>What Are Users and Groups?</title> <para> -As we've discussed, Slackware Linux is a multi-user operating system. -Because of this, its filesystems are mutli-user as well. This means -that every file or directory has a set of permissions that can grant or -deny privileges to different users. There are three basic permissions -and three sets of permissions for each file. Let's take a look at an -example file. +Slackware Linux inherits a strong multi-user tradition from its UNIX +inspiration. This means that multiple people may use the system at +once, but it also means that each of these people may have different +permissions. This allows users to prevent others from modifying their +files, or lets system administrators explicitly define what users can +and cannot do on the system. Moreover, users need not be actual people +at all. In fact, Slackware includes several dozen pre-defined user +and group accounts that are not typically used by regular users. Rather +these accounts allow the system administrator to segment the system for +security reasons. We'll see how that's done in the next chapter on +filesystem permissions. </para> -<screen><prompt>darkstar:~$ </prompt><userinput>ls -l /bin/ls</userinput> --rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls -</screen> +</section> + +<section> +<title>Managing Users and Groups</title> <para> -Recall from chapter 4 that <application>ls</application> <arg>-l</arg> -lists the permissions for a file or -directory along with the user and group that "own" the file. In this -case, the permissions are rwxr-xr-x, the user is root and the group is -also root. The permissions section, while grouped together, is really -three seperate pieces. The first set of three letters are the -permissions granted to the user that owns the file. The second set of -three are those granted to the group owner, and the final three are -permissions for everyone else. +The easiest way to add new users in Slackware is through the use of our +very fine <application>adduser</application> shell script. +<application>adduser</application> will prompt you to enter the details +of the new user you wish to creature and step you through the process +quickly and easily. It will even create a password for the new user. </para> -<table pgwide="0"> -<title>Permissions of /bin/ls</title> -<tgroup cols="3"> - <thead> - <row> - <entry>Set</entry> - <entry>Listing</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row> - <entry>Owner</entry> - <entry>rwx</entry> - <entry>The owner "root" may read, write, and execute</entry> - </row> - <row> - <entry>Group</entry> - <entry>r-x</entry> - <entry>The group "root" may read and execute</entry> - </row> - <row> - <entry>Others</entry> - <entry>r-x</entry> - <entry>Everyone else may read and execute</entry> - </row> - </tbody> -</tgroup> -</table> +<screen><prompt>darkstar:~# </prompt><userinput>adduser</userinput> -<para> -The permissions are pretty self explainatory of course, at least for -files. Read, write, and execute allow you to read a file, write to it, -or execute it. But what do these permissions mean for directories? -Simply put, the read permissions grants the ability to list the -directory's contents (say with <application>ls</application>). The write -permission grants the ability to create new files in the directory as -well as delete the entire directory, even if you otherwise wouldn't be -able to delete some of the other files inside it. The execute -permission grants the ability to actually enter the directory (with the -<application>bash</application> built-in command cd for example). -</para> +Login name for new user []: <userinput>david</userinput> -<para> -Let's look at the permissions on a directory now. -</para> +User ID ('UID') [ defaults to next available ]: -<screen><prompt>darkstar:~$ </prompt><userinput>ls -ld /home/alan</userinput> -drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/ -</screen> +Initial group [ users ]: +Additional UNIX groups: -<para> -Here we see the permissions on my home directory and its ownership. The -directory is owned by the user alan and the group users. The user is -granted all rights (rwx), the group is granted only read and execute -permissions (r-x), and everyone else is prohibited from doing anything. -</para> +Users can belong to additional UNIX groups on the system. +For local users using graphical desktop login managers such +as XDM/KDM, users may need to be members of additional groups +to access the full functionality of removable media devices. -</section> +* Security implications * +Please be aware that by adding users to additional groups may +potentially give access to the removable media of other users. -<section> -<title><application>chmod</application>, -<application>chown</application>, and -<application>chgrp</application></title> +If you are creating a new user for remote shell access only, +users do not need to belong to any additional groups as standard, +so you may press ENTER at the next prompt. -<para> -So now that we know what permissions are, how do we change them? And -for that matter, how do we assign user and group ownership? The answer -is right here in this section. -</para> +Press ENTER to continue without adding any additional groups +Or press the UP arrow to add/select/edit additional groups +: <userinput>audio cdrom floppy plugdev video</userinput> -<para> -The first tool we'll discuss is the useful -<application>chown</application> -(1) command. Using <application>chown</application>, we can (you guessed -it), change the ownership of a file or -directory. <application>chown</application> is historically used only -to change the user ownership, but can change the group ownership as well. -</para> +Home directory [ /home/david ] -<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> -total 0 --rw-r--r-- 1 alan users 0 2008-06-06 22:29 a --rw-r--r-- 1 alan users 0 2008-06-06 22:29 b -<prompt>darkstar:~# </prompt><userinput>chown root /tmp/foo/a</userinput> -<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> -total 0 --rw-r--r-- 1 root users 0 2008-06-06 22:29 a --rw-r--r-- 1 alan users 0 2008-06-06 22:29 b -</screen> +Shell [ /bin/bash ] -<para> -By using a colon after the user account, you may also specify a new -group account. -</para> +Expiry date (YYYY-MM-DD) []: -<screen><prompt>darkstar:~# </prompt><userinput>chown root:root /tmp/foo/b</userinput> -<prompt>darkstar:~# </prompt><userinput> ls -l /tmp/foo</userinput> -total 0 --rw-r--r-- 1 root users 0 2008-06-06 22:29 a --rw-r--r-- 1 root root 0 2008-06-06 22:29 b -</screen> +New account will be created as follows: -<para> -<application>chown</application> can also be used recursively to change -the ownership of all files and directories below a target directory. -The following command would change all the files under the directory -<filename>/tmp/foo</filename> to have their ownership set to root:root. -</para> +--------------------------------------- +Login name.......: david +UID..............: [ Next available ] +Initial group....: users +Additional groups: audio,cdrom,floppy,plugdev,video +Home directory...: /home/david +Shell............: /bin/bash +Expiry date......: [ Never ] -<screen><prompt>darkstar:~# </prompt><userinput>chown -R root:root /tmp/foo/b</userinput></screen> +This is it... if you want to bail out, hit Control-C. Otherwise, press +ENTER to go ahead and make the account. -<para> -Specifying a colon and a group name without a user name will simply -change the group for a file and leave the user ownership intact. -</para> -<screen><prompt>darkstar:~# </prompt><userinput>chown :wheel /tmp/foo/a</userinput> -<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> -ls -l /tmp/foo -total 0 --rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a --rw-r--r-- 1 root root 0 2008-06-06 22:29 b -</screen> +Creating new account... -<para> -The younger brother of <application>chown</application> is the -slightly less useful <application>chgrp</application>(1). This -command works just like <application>chown</application>, except -it can only change the group -ownership of a file. Since <application>chown</application> can -already do this, why bother with -<application>chgrp</application>? The answer is simple. Many other -operating systems use a -different version of <application>chown</application> that cannot -change the group ownership, so -if you ever come across one of those, now you know how. -</para> -<para> -There's a reason we discussed changing ownership before changing -permissions. The first is a much easier concept to grasp. The tool for -changing permissions on a file or directory is -<application>chmod</application>(1). The syntax for it -is nearly identical to that for <application>chown</application>, but -rather than -specify a user or group, the administrator must specify either a set of -octal permissions or a set of alphabetic permissions. Neither one is -especially easy to grasp the first time. We'll begin with the less -complicated octal permissions. -</para> +Changing the user information for david +Enter the new value, or press ENTER for the default + Full Name []: + Room Number []: + Work Phone []: + Home Phone []: + Other []: +Changing password for david +Enter the new password (minimum of 5, maximum of 127 characters) +Please use a combination of upper and lower case letters and numbers. +New password: +Re-enter new password: +Password changed. + + +Account setup complete. +</screen> <para> -Octal permissions derive their name from being assigned by one of eight -digits, namely the numbers 0 through 7. Each permissions is assigned a -number that is a power of 2, and those numbers are added together to -get the final permissions for one of the permission sets. If this -sounds confusing, maybe this table will help. +The addition of optional groups needs a little explaining. Every user +in Slackware has a single group that it is always a member of. By +default, this is the "users" group. However, users can belong to more +than one group at a time and will inherit all the permissions of every +group they belong to. Typical desktop users will need to add several +group memberships in order to do things like play sound or access +removeable media like cdroms or USB flash drives. You can simply press +the up arrow key at this section and a list of default groups for +desktop users will magically appear. You can of course, add to or +remove groups from this listing. </para> -<table pgwide="0"> -<title>Octal Permissions</title> -<tgroup cols="2"> - <thead> - <row> - <entry>Permission</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row> - <entry>Read</entry> - <entry>4</entry> - </row> - <row> - <entry>Write</entry> - <entry>2</entry> - </row> - <row> - <entry>Execute</entry> - <entry>1</entry> - </row> - </tbody> -</tgroup> -</table> - <para> -By adding these values together, we can reach any number between 0 and -7 and specify all possible permission combinations. For example, to -grant both read and write privilages while denying execute, we would -use the number 6. The number 3 would grant write and execute -permissions, but deny the ability to read the file. We must specify a -number for each of the three sets when using octal permissions. It's -not possible to specify only a set of user or group permissions this -way for example. +Now that we've demonstrated how to use the interactive +<application>adduser</application> program, lets look at some powerful +non-interactive tools that you may wish to use. The first is +<application>useradd</application>(8). +<application>useradd</application> is a little less friendly, but much +faster for creating users in batches. This makes it ideal for use in +shell scripts. In fact, <application>adduser</application> is just such +a shell script and uses <application>useradd</application> for most of +the heavy lifting. <application>useradd</application> has many options +and we can't explain them all here, so refer to its man page for the +complete details. Now, let's make a new user. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput> --rw-r--r-- 1 root root 0 2008-06-06 22:29 a -<prompt>darkstar:~# </prompt><userinput>chmod 750 /tmp/foo/a</userinput> -<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput> --rwxr-x--- 1 root root 0 2008-06-06 22:29 a +<screen><prompt>darkstar:~# </prompt><userinput>useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan</userinput> </screen> <para> -<application>chmod</application> can also use letter values along with -<keycap>+</keycap> or <keycap>-</keycap> to grant or deny permissions. -While this may be easier to -remember, it's often easier to use the octal permissions. +Here I have added the user "alan". I specified the user's home +directory as <filename>/data/home/alan</filename> and used +<application>bash</application> as my shell. Also, I specified my +default group as "users" and added myself to a number of useful groups +for dekstop use. You'll note that <application>useradd</application> +does not do any prompting like <application>adduser</application>. +Unless you want to accept the defaults for everything, you'll need to +tell <application>useradd</application> what to do. </para> -<table pgwide="0"> -<title>Alphabetic Permissions</title> -<tgroup cols="2"> - <thead> - <row> - <entry>Permission</entry> - <entry>Letter Value</entry> - </row> - </thead> - <tbody> - <row> - <entry>Read</entry> - <entry>r</entry> - </row> - <row> - <entry>Write</entry> - <entry>w</entry> - </row> - <row> - <entry>Execute</entry> - <entry>x</entry> - </row> - </tbody> -</tgroup> -</table> - -<table pgwide="0"> -<title>Alphabetic Users and Groups</title> -<tgroup cols="2"> - <thead> - <row> - <entry>Accounts Affected</entry> - <entry>Letter Value</entry> - </row> - </thead> - <tbody> - <row> - <entry>User/Owner</entry> - <entry>u</entry> - </row> - <row> - <entry>Group</entry> - <entry>g</entry> - </row> - <row> - <entry>Others/World</entry> - <entry>o</entry> - </row> - </tbody> -</tgroup> -</table> - <para> -To use the letter values with <application>chmod</application>, you -must specify which set to use them with, either "u" for user, "g" for -group, and "o" for all others. You must also specify whether you are -adding or removing permissions with the "+" and "-" signs. Multiple -sets can be changed at once by seperating each with a comma. +Now that we know how to add users, we should learn how to add groups. +As you might have guessed, the command for doing this is +<application>groupadd</application>(8). +<application>groupadd</application> works in the same way as +<application>useradd</application>, but with far fewer options. The +following command adds the group "slackers" to the system. </para> -<screen><prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput> -total 0 --rw-r--r-- 1 alan users 0 2008-06-06 23:37 a --rw-r--r-- 1 alan users 0 2008-06-06 23:37 b --rw-r--r-- 1 alan users 0 2008-06-06 23:37 c --rw-r--r-- 1 alan users 0 2008-06-06 23:37 d -<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x a</userinput> -<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod g+w b</userinput> -<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x,g+x,o-r c</userinput> -<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+rx-w,g+r,o-r d</userinput> -<prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput> --rwxr--r-- 1 alan users 0 2008-06-06 23:37 a* --rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b --rwxr-x--- 1 alan users 0 2008-06-06 23:37 c* --r-xr----- 1 alan users 0 2008-06-06 23:37 d* +<screen><prompt>darkstar:~# </prompt><userinput>groupadd slackers</userinput> </screen> <para> -Which you prefer to use is entirely up to you. There are places where -one is better than the other, so a real Slacker will know both inside -out. +Deleting users and groups is easy as well. Simply run the +<application>userdel</application>(8) and +<application>groupdel</application>(8) commands. By default, +<application>userdel</application> will leave the user's home directory +on the system. You can remove this with the <arg>-r</arg> argument. </para> </section> <section> -<title>SUID, SGID, and the "Sticky" Bit</title> +<title>Other User and Group Tools</title> <para> -We're not quite done with permissions just yet. There are three other -"special" permissions in addition to those mentioned above. They are -SUID, SGID, and the sticky bit. When a file has one or more of these -permissions set, it behaves in special ways. The SUID and SGID -permissions change the way an application is run, while the sticky bit -restricts deletion of files. These permissions are applied with -<application>chmod</application> -like read, write, and execute, but with a twist. +Several other tools exist for managing users and groups. Perhaps the +most important one is <application>passwd</application>(1). This +command changes a user account's password. Normal users may change +their own passwords only, but root can change anyone's password. Also, +root can lock a user account with the <arg>-l</arg> argument. This +doesn't actually shutout the account, but instead changes the user's +encrypted password to a value that can't be matched. </para> <para> -SUID and SGID stand for "Set User ID" and "Set Group ID" respectively. -When an application with one of these bits is set, the application runs -with the user or group ownership permissions of that application -regardless of what user actually -executed it. Let's take a look at a common SUID application, the humble -<application>passwd</application> and the files it modifies. +Another useful tool is <application>chsh</application>(1) which changes a +user's default shell. Like <application>passwd</application>, normal +users can only change their own shell, but the root user can change +anyone's. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/bin/passwd \ - /etc/passwd \ - /etc/shadow</userinput> --rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd --rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow --rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd* -</screen> - <para> -Notice the permissions on <application>passwd</application>. Instead of -an <keycap>x</keycap> in the user's execute slot, we have an -<keycap>s</keycap>. This tells us that -<application>passwd</application> is a SUID program, and when we run -it, the process will run as the user "root" rather than as the user -that actually executed it. The reason for this is readily apparent as -soon as you look at the two files it modifies. Neither -<filename>/etc/passwd</filename> nor <filename>/etc/shadow</filename> -are writeable by anyone other than root. Since users need to change -their personal information, <application>passwd</application> must be -run as root in order to modify those files. +The last tool we're going to discuss is +<application>chfn</application>(1). This is used to enter identifying +information on the user such as his phone number and real name. This +information is stored in the <filename>passwd</filename>(5) file and +retrieved using <application>finger</application>(1). </para> -<para> -So what about the sticky bit? The sticky bit restricts the ability to -move or delete files and is only ever set on directories. Non-root -users cannot move or delete any files under a directory with the sticky -bit set unless they are the owner of that file. Normally anyone with -write permission to the file can do this, but the sticky bit prevents -it for anyone but the owner (and of course, root). Let's take a look at -a common "sticky" directory. -</para> +</section> -<screen><prompt>darkstar:~# </prompt><userinput>ls -ld /tmp</userinput> -drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp -</screen> +<section> +<title>Managing Users and Groups Manually</title> <para> -Naturally, being a directory for the storage of temporary files sytem -wide, <filename>/tmp</filename> needs to be readable, writeable, and -executable by anyone and everyone. Since any user is likely to have a -file or two stored here at any time, it only makes good sense to -prevent other users from deleting those files, so the sticky bit has -been set. You can see it by the presence of the <keycap>t</keycap> in -place of the <keycap>x</keycap> in the world permissions section. +Like most things in Slackware Linux, users and groups are stored in +plain-text files. This means that you can edit all the details of a +user, or even create a new user or group simply by editing these files +and doing a few other tasks like creating the user's home directory. Of +course, after you see how this is done you'll appreciate just how +simple the included tools make this task. </para> -<table pgwide="0"> -<title>SUID, SGID, and "Sticky" Permissions</title> -<tgroup cols="3"> - <thead> - <row> - <entry>Permission Type</entry> - <entry>Octal Value</entry> - <entry>Letter Value</entry> - </row> - </thead> - <tbody> - <row> - <entry>SUID</entry> - <entry>4</entry> - <entry>s</entry> - </row> - <row> - <entry>SGID</entry> - <entry>2</entry> - <entry>s</entry> - </row> - <row> - <entry>Sticky</entry> - <entry>1</entry> - <entry>t</entry> - </row> - </tbody> -</tgroup> -</table> - <para> -When using octal permissions, you must specify an additional leading -octal value. For example, to recreate the permission on -<filename>/tmp</filename>, we would use 1777. To recreate those -permissions on <filename>/usr/bin/passwd</filename>, we would use 4711. -Essentially, any time this leading fourth octet isn't specified, -<application>chmod</application> assumes its value to be 0. +Our first stop is the <filename>/etc/passwd</filename> file. Here, all +the information about a user is stored, except for (oddly enough) the +user's password. The reason for this is rather simple. +<filename>/etc/passwd</filename> must be readable by all users on the +system, so you wouldn't want passwords stored there, even if they are +encrypted. Let's take a quick look at my entry in this file. </para> -<screen><prompt>darkstar:~# </prompt><userinput>chmod 1777 /tmp</userinput> -<prompt>darkstar:~# </prompt><userinput>chmod 4711 /usr/bin/passwd</userinput> +<screen> +alan:x:1000:100:,,,:/home/alan:/bin/bash </screen> <para> -Using the alphabetic permission values is slightly different. Assuming -the two files above have permissions of 0000 (no permissions at all), -here is how we would set them. +Each line in this file contains a number of fields seperated by a +colon. They are, from left to right: username, password, UID, GUID, a +comment field, home directory, and shell. You'll notice that the +password field for every entry is an <keycap>x</keycap>. That is +because Slackware uses shadow passwords, so the actual encrypted +password is stored in <filename>/etc/shadow</filename>. Let's take a +look there. </para> -<screen><prompt>darkstar:~# </prompt><userinput>chmod ug+rwx,o+rwt /tmp</userinput> -<prompt>darkstar:~# </prompt><userinput>chmod u+rws,go+x /usr/bin/passwd</userinput> +<screen> +alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7::: </screen> +<para> +The <filename>shadow</filename> file contains more than just the +encrypted password as you'll notice. The fields here, again from left +to right, are: username, encrypted password, last day the password was +changed, days before the password may be changed again, how many days +before the password expires, days that the account will be disabled +after expiring, when the account was disabled, and a reserved field. +You may notice on some accounts that the various "days" fields often +include very large numbers. The reason for this is that Slackware +counts time from the "Epoch" which is January 1, 1970 for historical +reasons. +</para> +<para> +To create a new user account, you'll just need to open these files +using <application>vipw</application>(8). This will open +<filename>/etc/passwd</filename> in the editor +defined by your VISUAL variable or your EDITOR variable if VISUAL isn't +defined. If neither is present, it will fall back to +<application>vi</application> by default. If you pass the <arg>-s</arg> +argument, it will open <filename>/etc/shadow</filename> instead. It's +important to use <application>vipw</application> instead of using any +other editor, because <application>vipw</application> will lock the +file and prevent other programs from editing it right underneath your feet. +</para> - - - +<para> +That isn't all you'll need to do however; you must also create the +user's home directory and change the user's password using +<application>passwd</application>. +</para> </section> diff --git a/chapter_10.xml b/chapter_10.xml index a721dfa..a0ab4d2 100644 --- a/chapter_10.xml +++ b/chapter_10.xml @@ -3,496 +3,457 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Working with Filesystems</title> +<title>Filesystem Permissions</title> <section> -<title>The Filesystem Hierarchy</title> +<title>Permissions Overview</title> <para> -Slackware Linux stores all of its files and directories under a single -<filename>/</filename> directory, typically referred to as "root". This -is in stark contract to what you may be familiar with in the form of -Microsoft Windows. Different hard disk partitions, cdroms, usb flash -drives, and even floppy disks can all be mounted in directories under -<filename>/</filename>, but do not have anything like "drive letters". -The contents of these devices can be found almost anywhere, but there -are some sane defaults that Slackware sets up for you. For example, -cd-rw drives are most often found at <filename>/mnt/cd-rw</filename>. -Here are a few common directories present on nearly all Slackware Linux -installations, and what you can expect to find there. +As we've discussed, Slackware Linux is a multi-user operating system. +Because of this, its filesystems are mutli-user as well. This means +that every file or directory has a set of permissions that can grant or +deny privileges to different users. There are three basic permissions +and three sets of permissions for each file. Let's take a look at an +example file. +</para> + +<screen><prompt>darkstar:~$ </prompt><userinput>ls -l /bin/ls</userinput> +-rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls +</screen> + +<para> +Recall from chapter 4 that <application>ls</application> <arg>-l</arg> +lists the permissions for a file or +directory along with the user and group that "own" the file. In this +case, the permissions are rwxr-xr-x, the user is root and the group is +also root. The permissions section, while grouped together, is really +three seperate pieces. The first set of three letters are the +permissions granted to the user that owns the file. The second set of +three are those granted to the group owner, and the final three are +permissions for everyone else. </para> <table pgwide="0"> -<title>Filesystem Layout</title> -<tgroup cols="2"> +<title>Permissions of /bin/ls</title> +<tgroup cols="3"> <thead> - <entry>Directory</entry> - <entry>Explaination</entry> - </thead> - <tbody> - <row> - <entry>/</entry> - <entry>The root directory, under which all others exist</entry> - </row> <row> - <entry>/bin</entry> - <entry>Minimal set of binary programs for all users</entry> - </row> - <row> - <entry>/boot</entry> - <entry>The kernel, initrd, and other requirements for booting Slackware</entry> - </row> - <row> - <entry>/etc/</entry> - <entry>System configuration files</entry> - </row> - <row> - <entry>/dev</entry> - <entry>Collection of special files allowing direct access to hardware</entry> - </row> - <row> - <entry>/home</entry> - <entry>User directories where personal files and settings are stored</entry> - </row> - <row> - <entry>/media</entry> - <entry>Directory for auto-mounting features in DBUS/HAL</entry> - </row> - <row> - <entry>/mnt</entry> - <entry>Places to temporarily mount removable media</entry> - </row> - <row> - <entry>/opt</entry> - <entry>Directory where some (typicaly proprietary) software may be installed</entry> - </row> - <row> - <entry>/proc</entry> - <entry>Kernel exported filesystem for process information</entry> - </row> - <row> - <entry>/root</entry> - <entry>The root user's home directory</entry> - </row> - <row> - <entry>/sbin</entry> - <entry>Minimal set of system or superuser binaries</entry> - </row> - <row> - <entry>/srv</entry> - <entry>Site-specific data such as web pages served by this system</entry> - </row> - <row> - <entry>/sys</entry> - <entry>Special kernel implimentation details</entry> + <entry>Set</entry> + <entry>Listing</entry> + <entry>Meaning</entry> </row> + </thead> + <tbody> <row> - <entry>/tmp</entry> - <entry>Directory reserved for temporary files for all users</entry> + <entry>Owner</entry> + <entry>rwx</entry> + <entry>The owner "root" may read, write, and execute</entry> </row> <row> - <entry>/usr</entry> - <entry>All non-essential programs, libraries, and shared files</entry> + <entry>Group</entry> + <entry>r-x</entry> + <entry>The group "root" may read and execute</entry> </row> <row> - <entry>/var</entry> - <entry>Regularly changing data such as log files</entry> + <entry>Others</entry> + <entry>r-x</entry> + <entry>Everyone else may read and execute</entry> </row> </tbody> </tgroup> </table> -</section> - -<section> -<title>Local Filesystem Types</title> +<para> +The permissions are pretty self explainatory of course, at least for +files. Read, write, and execute allow you to read a file, write to it, +or execute it. But what do these permissions mean for directories? +Simply put, the read permissions grants the ability to list the +directory's contents (say with <application>ls</application>). The write +permission grants the ability to create new files in the directory as +well as delete the entire directory, even if you otherwise wouldn't be +able to delete some of the other files inside it. The execute +permission grants the ability to actually enter the directory (with the +<application>bash</application> built-in command cd for example). +</para> <para> -The Linux kernel supports a wide variety of filesystems, which allows -you to choose from a long list of features to tailor to your particular -need. Fortunately, most of the default filesystem types are adequate -for any needs you may have. Some filesystems are geared towards -particular media. For example, the iso9660 filesystem is used almost -exclusively for CD and DVD media. +Let's look at the permissions on a directory now. </para> -<section> -<title>ext2</title> +<screen><prompt>darkstar:~$ </prompt><userinput>ls -ld /home/alan</userinput> +drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/ +</screen> <para> -ext2 is the oldest filesystem included in Slackware Linux for storing -data on hard disks. Compared to other filesystems, ext2 is simplistic. -It is faster than most others for reading and writing data, but does -not include any journaling capability. This means that after a hard -crash, the filesystem must be exhaustively checked to discover and -(hopefully) fix any errors. +Here we see the permissions on my home directory and its ownership. The +directory is owned by the user alan and the group users. The user is +granted all rights (rwx), the group is granted only read and execute +permissions (r-x), and everyone else is prohibited from doing anything. </para> </section> <section> -<title>ext3</title> +<title><application>chmod</application>, +<application>chown</application>, and +<application>chgrp</application></title> + <para> -ext3 is the younger cousin of ext2. It was designed to replace ext2 in -most situations and shares much the same code-base, but adds journaling -support. In fact, ext3 and ext2 are so much alike that it is possible -to convert one to the other on the fly without lose of data. ext3 -enjoys a lot of popularity for these reasons. There are many tools -available for recovering data from this filesystem in the event of -catastrophic hardware failure as well. ext3 is a good general purpose -filesystem with journaling support, but fails to perform as well as -other journaling filesystems in specific cases. One pitfall to ext3 is -that the filesystem must still go through this exhaustive check every -so often. This is done when the filesystem is mounted, usually when the -computer is booted, and causes an annoying delay. +So now that we know what permissions are, how do we change them? And +for that matter, how do we assign user and group ownership? The answer +is right here in this section. </para> -</section> -<section> -<title>reiserfs</title> <para> -reiserfs is one of the oldest journaling filesystems for the Linux -kernel and has been supported by Slackware for many years. It is a very -fast filesystem particularly well suited for storing, retrieving, and -writing lots of small files. Unfortunately there are few tools for -recovering data should you experience a drive failure, and reiserfs -partitions experience corruption more often than ext3. +The first tool we'll discuss is the useful +<application>chown</application> +(1) command. Using <application>chown</application>, we can (you guessed +it), change the ownership of a file or +directory. <application>chown</application> is historically used only +to change the user ownership, but can change the group ownership as well. </para> -</section> -<section> -<title>XFS</title> +<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> +total 0 +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 a +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b +<prompt>darkstar:~# </prompt><userinput>chown root /tmp/foo/a</userinput> +<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> +total 0 +-rw-r--r-- 1 root users 0 2008-06-06 22:29 a +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b +</screen> + <para> -XFS was contributed to the Linux kernel by SGI and is one of the best -filesystems for working with large volumes and large files. XFS uses -more RAM than other filesystems, but if you need to work with large -files its performance there is well worth the penalty in memory usage. -XFS is not particularly ill-suited for desktop or laptop use, but -really shines on a server that handles medium to large size files all -day long. Like ext3, XFS is a fully journaled filesystem. +By using a colon after the user account, you may also specify a new +group account. </para> -</section> -<section> -<title>JFS</title> +<screen><prompt>darkstar:~# </prompt><userinput>chown root:root /tmp/foo/b</userinput> +<prompt>darkstar:~# </prompt><userinput> ls -l /tmp/foo</userinput> +total 0 +-rw-r--r-- 1 root users 0 2008-06-06 22:29 a +-rw-r--r-- 1 root root 0 2008-06-06 22:29 b +</screen> + <para> -JFS was contributed to the Linux kernel by IBM and is well known for -its responsiveness even under extreme conditions. It can span colossal -volumes making it particularly well-suited for Network Attached Storage -(NAS) devices. JFS's long history and thorough testing make it one of -the most reliable journaling filesystems available for Linux. +<application>chown</application> can also be used recursively to change +the ownership of all files and directories below a target directory. +The following command would change all the files under the directory +<filename>/tmp/foo</filename> to have their ownership set to root:root. </para> -</section> -<section> -<title>iso9660</title> +<screen><prompt>darkstar:~# </prompt><userinput>chown -R root:root /tmp/foo/b</userinput></screen> + <para> -iso9660 is a filesystem specifically designed for optical media such as -CDs and DVDs. Since optical disks are read-only media, the linux kernel -does not even include write support for this filesystem. In order to -create an iso9660 filesystem, you must use user-land tools like -<application>mkisofs</application>(8) or -<application>growisofs</application>(8). +Specifying a colon and a group name without a user name will simply +change the group for a file and leave the user ownership intact. </para> -</section> -<section> -<title>vfat</title> +<screen><prompt>darkstar:~# </prompt><userinput>chown :wheel /tmp/foo/a</userinput> +<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput> +ls -l /tmp/foo +total 0 +-rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a +-rw-r--r-- 1 root root 0 2008-06-06 22:29 b +</screen> + <para> -Sometimes you may need to share data between Windows and Linux -computers, but can't transfer the files over a network. Instead you -require a shared hard drive partition or a USB flash drive. The humble -vfat filesystem is the best choice here since it is supported by the -largest variety of operating systems. Unfortuantely, being a Microsoft -designed filesystem, it does not store permissions in the same way as -traditional Linux filesystems. This means that special options must be -used to allow multiple users to access data on this filesystem. +The younger brother of <application>chown</application> is the +slightly less useful <application>chgrp</application>(1). This +command works just like <application>chown</application>, except +it can only change the group +ownership of a file. Since <application>chown</application> can +already do this, why bother with +<application>chgrp</application>? The answer is simple. Many other +operating systems use a +different version of <application>chown</application> that cannot +change the group ownership, so +if you ever come across one of those, now you know how. </para> -</section> -<section> -<title>swap</title> <para> -Unlike other filesystems which hold files and directories, swap -partitions hold virtual memory. This is very useful as it prevents the -system from crashing should all your RAM be consumed. Instead, the -kernel copies portions of the RAM into swap and frees them up for other -applications to use. Think of it as adding virtual memory to your -computer, very slow virtual memory. swap is typically a fail-safe and -shouldn't be relied upon for continual use. Add more RAM to your system -if you find yourself using lots of swap. +There's a reason we discussed changing ownership before changing +permissions. The first is a much easier concept to grasp. The tool for +changing permissions on a file or directory is +<application>chmod</application>(1). The syntax for it +is nearly identical to that for <application>chown</application>, but +rather than +specify a user or group, the administrator must specify either a set of +octal permissions or a set of alphabetic permissions. Neither one is +especially easy to grasp the first time. We'll begin with the less +complicated octal permissions. </para> -</section> -</section> +<para> +Octal permissions derive their name from being assigned by one of eight +digits, namely the numbers 0 through 7. Each permissions is assigned a +number that is a power of 2, and those numbers are added together to +get the final permissions for one of the permission sets. If this +sounds confusing, maybe this table will help. +</para> -<section> -<title>Using <application>mount</application></title> +<table pgwide="0"> +<title>Octal Permissions</title> +<tgroup cols="2"> + <thead> + <row> + <entry>Permission</entry> + <entry>Meaning</entry> + </row> + </thead> + <tbody> + <row> + <entry>Read</entry> + <entry>4</entry> + </row> + <row> + <entry>Write</entry> + <entry>2</entry> + </row> + <row> + <entry>Execute</entry> + <entry>1</entry> + </row> + </tbody> +</tgroup> +</table> <para> -Now that we've learned what (some of) the different filesystems -available in Linux are, it's time we looked at how to use them. In -order to read or write data on a filesystem, that filesystem must first -be mounted. To do this, we (naturally) use -<application>mount</application>(8). The first thing we must do is -decide where we want the filesystem located. Recall that there are no -such things are drive letters denoting filesystems in Linux. Instead, -all filesystems are mounted on directories. The base filesystem on -which you install Slackware is always located at <filename>/</filename> -and others are always located in subdirectories of -<filename>/</filename>. <filename>/mnt/hd</filename> is a common place -to temporarily locate a partition, so we'll use that in our first -example. In order to mount a filesystem's contents, we must tell mount -what kind of filesystem we have, where to mount it, and any special -options to use. +By adding these values together, we can reach any number between 0 and +7 and specify all possible permission combinations. For example, to +grant both read and write privilages while denying execute, we would +use the number 6. The number 3 would grant write and execute +permissions, but deny the ability to read the file. We must specify a +number for each of the three sets when using octal permissions. It's +not possible to specify only a set of user or group permissions this +way for example. </para> -<screen><prompt>darkstar:~# </prompt><userinput>mount -t ext3 /dev/hda3 /mnt/hd -o ro</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput> +-rw-r--r-- 1 root root 0 2008-06-06 22:29 a +<prompt>darkstar:~# </prompt><userinput>chmod 750 /tmp/foo/a</userinput> +<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput> +-rwxr-x--- 1 root root 0 2008-06-06 22:29 a </screen> <para> -Let's disect this. We have an ext3 filesystem located on the third -partition of the first IDE device, and we've decided to mount its -contents on the directory <filename>/mnt/hd</filename>. Additionally, -we have mounted it read-only so no changes can be made to these -contents. The <arg>-t ext3</arg> argument tells -<application>mount</application> -what type of filesystem we are using, -in this case it is ext3. This lets the kernel know which driver to use. -Often <application>mount</application> can determine this for itself, -but it never hurts to explicitly declare it. Second, we tell -<application>mount</application> -where to locate the filesystem's contents. Here we've chosen -<filename>/mnt/hd</filename>. -Finally, we must decide what options to use if any. These are declared -with the <arg>-o</arg> argument. A short-list of the most common -options follows. +<application>chmod</application> can also use letter values along with +<keycap>+</keycap> or <keycap>-</keycap> to grant or deny permissions. +While this may be easier to +remember, it's often easier to use the octal permissions. </para> <table pgwide="0"> -<title>Common mount options</title> +<title>Alphabetic Permissions</title> <tgroup cols="2"> <thead> - <entry>Option</entry> - <entry>Description</entry> + <row> + <entry>Permission</entry> + <entry>Letter Value</entry> + </row> </thead> <tbody> <row> - <entry>ro</entry> - <entry>read-only</entry> + <entry>Read</entry> + <entry>r</entry> </row> <row> - <entry>rw</entry> - <entry>read-write (default)</entry> + <entry>Write</entry> + <entry>w</entry> </row> <row> - <entry>uid</entry> - <entry>user to own the contents of the filesystem</entry> + <entry>Execute</entry> + <entry>x</entry> </row> + </tbody> +</tgroup> +</table> + +<table pgwide="0"> +<title>Alphabetic Users and Groups</title> +<tgroup cols="2"> + <thead> <row> - <entry>gid</entry> - <entry>group to own the contents of the filesystem</entry> + <entry>Accounts Affected</entry> + <entry>Letter Value</entry> </row> + </thead> + <tbody> <row> - <entry>noexec</entry> - <entry>prevent execution of any files on the filesystem</entry> + <entry>User/Owner</entry> + <entry>u</entry> </row> <row> - <entry>defaults</entry> - <entry>sane defaults for most filesystems</entry> + <entry>Group</entry> + <entry>g</entry> + </row> + <row> + <entry>Others/World</entry> + <entry>o</entry> </row> </tbody> </tgroup> </table> <para> -If this is your first Linux installation, the only options you -typically need to be concerned about are <arg>ro</arg> and -<arg>rw</arg>. The exception to this rule comes when you are dealing -with filesystems that don't handle traditional Linux permissions such -as vfat or NTFS. In those cases you'll need to use the <arg>uid</arg> -or <arg>gid</arg> options to allow non-root users access to these -filesystems. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>mount -t vfat /dev/hda4 /mnt/hd -o uid=alan</userinput> -</screen> - -<para> -But Alan, that's appalling! I don't want to have to tell mount what -filesystem or options to use everytime I load a CD. It should be easier -than that. Well thankfully, it is. The <filename>/etc/fstab</filename> -file contains all this information for filesystems that the installer -sets up for you, and you can make additions to it as well. -<filename>fstab</filename>(5) looks like a simple table containing the -device to mount along with its filesystem type and optional arguments. -Let's take a look. +To use the letter values with <application>chmod</application>, you +must specify which set to use them with, either "u" for user, "g" for +group, and "o" for all others. You must also specify whether you are +adding or removing permissions with the "+" and "-" signs. Multiple +sets can be changed at once by seperating each with a comma. </para> -<screen><prompt>darkstar:~# </prompt><userinput>cat /etc/fstab</userinput> -/dev/hda1 / reiserfs defaults 1 1 -/dev/hda2 /home reiserfs defaults 1 2 -/dev/hda3 swap swap defaults 0 0 -/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0 -/dev/fd0 /mnt/floppy auto noauto,owner 0 0 -devpts /dev/pts devpts gid=5,mode=620 0 0 -proc /proc proc defaults 0 0 +<screen><prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput> +total 0 +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 a +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 b +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 c +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 d +<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x a</userinput> +<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod g+w b</userinput> +<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x,g+x,o-r c</userinput> +<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+rx-w,g+r,o-r d</userinput> +<prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput> +-rwxr--r-- 1 alan users 0 2008-06-06 23:37 a* +-rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b +-rwxr-x--- 1 alan users 0 2008-06-06 23:37 c* +-r-xr----- 1 alan users 0 2008-06-06 23:37 d* </screen> <para> -If you have an entry in <filename>fstab</filename> for your filesystem, you -need only tell mount the device node or the mount location. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>mount /dev/cdrom</userinput> -<prompt>darkstar:~# </prompt><userinput>mount /home</userinput> -</screen> - -<para> -One final use for -<application>mount</application> -is to tell you what filesystems are currently mounted and with what -options. Simply run -<application>mount</application> -without any arguments to display these. +Which you prefer to use is entirely up to you. There are places where +one is better than the other, so a real Slacker will know both inside +out. </para> </section> <section> -<title>Network Filesystems</title> +<title>SUID, SGID, and the "Sticky" Bit</title> <para> -In addition to local filesystems, Slackware supports a number of network -filesystems as both client and server. This allows you to share data -between multiple computers transparently. We'll discuss the two most -common: NFS and SMB. +We're not quite done with permissions just yet. There are three other +"special" permissions in addition to those mentioned above. They are +SUID, SGID, and the sticky bit. When a file has one or more of these +permissions set, it behaves in special ways. The SUID and SGID +permissions change the way an application is run, while the sticky bit +restricts deletion of files. These permissions are applied with +<application>chmod</application> +like read, write, and execute, but with a twist. </para> -<section> -<title>NFS</title> - <para> -NFS is the Network File System for Linux as well as several other common -operating systems. It has modest performance but supports the full range of -permissions for Slackware. In order to use NFS as either a client or a -server, you must run the remote procedure call daemon. This is easily -accomplished by setting the <filename>/etc/rc.d/rc.rpc</filename> file -executable and telling it to start. Once it has been set executable, it -will run automatically every time you boot into Slackware. +SUID and SGID stand for "Set User ID" and "Set Group ID" respectively. +When an application with one of these bits is set, the application runs +with the user or group ownership permissions of that application +regardless of what user actually +executed it. Let's take a look at a common SUID application, the humble +<application>passwd</application> and the files it modifies. </para> -<screen><prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.rpc</userinput> -<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.rpc start</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/bin/passwd \ + /etc/passwd \ + /etc/shadow</userinput> +-rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd +-rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow +-rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd* </screen> <para> -Mounting an NFS share is little different than mounting a local filesystem. -Rather than specifying a local device, you must tell mount the domain name -or IP address of the NFS server and the directory to mount with a colon -between them. +Notice the permissions on <application>passwd</application>. Instead of +an <keycap>x</keycap> in the user's execute slot, we have an +<keycap>s</keycap>. This tells us that +<application>passwd</application> is a SUID program, and when we run +it, the process will run as the user "root" rather than as the user +that actually executed it. The reason for this is readily apparent as +soon as you look at the two files it modifies. Neither +<filename>/etc/passwd</filename> nor <filename>/etc/shadow</filename> +are writeable by anyone other than root. Since users need to change +their personal information, <application>passwd</application> must be +run as root in order to modify those files. </para> -<screen><prompt>darkstar:~# </prompt><userinput>mount -t nfs darkstar.example.com:/home /home</userinput> -</screen> - <para> -Running an NFS server is a little bit different. First, you must configure -each directory to be exported in the <filename>/etc/exports</filename> -file. <filename>exports</filename>(5) contains information about what -directories will be shared, who they will be shared with, and what special -permissions to grant or deny. +So what about the sticky bit? The sticky bit restricts the ability to +move or delete files and is only ever set on directories. Non-root +users cannot move or delete any files under a directory with the sticky +bit set unless they are the owner of that file. Normally anyone with +write permission to the file can do this, but the sticky bit prevents +it for anyone but the owner (and of course, root). Let's take a look at +a common "sticky" directory. </para> -<screen> -# See exports(5) for a description. -# This file contains a list of all directories exported to other computers. -# It is used by rpc.nfsd and rpc.mountd. - -/home/backup 192.168.1.0/24(sync,rw,no_root_squash) +<screen><prompt>darkstar:~# </prompt><userinput>ls -ld /tmp</userinput> +drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp </screen> <para> -The first column in -<filename>exports</filename> -is a list of the files to be exported via NFS. The second column is a list -of what systems may access the export along with special permissions. You -can specify hosts via domain name, IP address, or netblock address (as I -have here). Special permissions are always a parenthetical list. For a -complete list, you'll need to read the man page. For now, the only special -option that matters is <arg>no_root_squash</arg>. Usually the root user on -an NFS client cannot read or write an exported share. Instead, the root -user is "squashed" and forced to act as the nobody user. -<arg>no_root_squash</arg> prevents this. +Naturally, being a directory for the storage of temporary files sytem +wide, <filename>/tmp</filename> needs to be readable, writeable, and +executable by anyone and everyone. Since any user is likely to have a +file or two stored here at any time, it only makes good sense to +prevent other users from deleting those files, so the sticky bit has +been set. You can see it by the presence of the <keycap>t</keycap> in +place of the <keycap>x</keycap> in the world permissions section. </para> -<para> -You'll also need to run the NFS daemon. Starting and stopping NFS server -support is done with the <filename>/etc/rc.d/rc.nfsd</filename> rc script. -Set it executable and run it just like we did for -<filename>rc.rpc</filename> and you are ready to go. -</para> - -</section> - -<section> -<title>SMB</title> - -<para> -SMB is the Windows network file-sharing protocol. Connecting to SMB shares -(commonly called samba shares) is fairly straight forward. Unfortuantely, -SMB isn't as strongly supported as NFS. Still, it offers higher performance -and connectivity with Windows computers. For these reasons, SMB is the most -common network file-sharing protocol deployed on local networks. Exporting -SMB shares from Slackware is done through the samba daemon and configured -in <filename>smb.conf</filename>(5). Unfortunately configuring samba as a -service is beyond the scope of this book. Check online for additional -documentation, and as always refer to the man page. -</para> +<table pgwide="0"> +<title>SUID, SGID, and "Sticky" Permissions</title> +<tgroup cols="3"> + <thead> + <row> + <entry>Permission Type</entry> + <entry>Octal Value</entry> + <entry>Letter Value</entry> + </row> + </thead> + <tbody> + <row> + <entry>SUID</entry> + <entry>4</entry> + <entry>s</entry> + </row> + <row> + <entry>SGID</entry> + <entry>2</entry> + <entry>s</entry> + </row> + <row> + <entry>Sticky</entry> + <entry>1</entry> + <entry>t</entry> + </row> + </tbody> +</tgroup> +</table> <para> -Thankfully mounting an SMB share is easy and works almost exactly like -mounting an NFS share. You must tell mount where to find the server and -what share you wish to access in exactly the same way. Additionally, you -must specify a username and password. +When using octal permissions, you must specify an additional leading +octal value. For example, to recreate the permission on +<filename>/tmp</filename>, we would use 1777. To recreate those +permissions on <filename>/usr/bin/passwd</filename>, we would use 4711. +Essentially, any time this leading fourth octet isn't specified, +<application>chmod</application> assumes its value to be 0. </para> -<screen><prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home /home -o username=alan,password=secret</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>chmod 1777 /tmp</userinput> +<prompt>darkstar:~# </prompt><userinput>chmod 4711 /usr/bin/passwd</userinput> </screen> <para> -You may be wondering why the filesystem type is cifs instead of smbfs. In -older versions of the Linux kernel, smbfs was used. This has been -deprecated in favor of the better performing and more secure general -purpose cifs driver. -</para> - -<para> -All SMB shares require the <arg>username</arg> and <arg>password</arg> -arguments. This can create a security problem if you wish to place your -samba share in fstab. You may avoid this problem by using the -<arg>credentials</arg> argument. <arg>credentials</arg> points to a file -which contains the username and password information. As long as this file -is safely guarded and readable only by root, the likelyhood that your -authentication credentials will be compromised is lessened. +Using the alphabetic permission values is slightly different. Assuming +the two files above have permissions of 0000 (no permissions at all), +here is how we would set them. </para> -<screen><prompt>darkstar:~# </prompt><userinput>echo "username=alan" > /etc/creds-home</userinput> -<prompt>darkstar:~# </prompt><userinput>echo "password=secret" >> /etc/creds-home</userinput> -<prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home -o credentials=/etc/creds-home</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>chmod ug+rwx,o+rwt /tmp</userinput> +<prompt>darkstar:~# </prompt><userinput>chmod u+rws,go+x /usr/bin/passwd</userinput> </screen> -</section> - - - - - - - diff --git a/chapter_11.xml b/chapter_11.xml index 7a507f0..a721dfa 100644 --- a/chapter_11.xml +++ b/chapter_11.xml @@ -3,331 +3,498 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title><application>vi</application></title> +<title>Working with Filesystems</title> <section> -<title>What is <application>vi</application>?</title> +<title>The Filesystem Hierarchy</title> <para> -Scattered all around your computer are thousands of text files. To a -new user, this may seem inconsequential, but almost everything in -Slackware Linux uses a plain-text file for configuration. This allows -users to make changes to the system quickly, easily, and intuitively. -In chapter 5, we looked at a few commands such as -<application>cat</application> and <application>less</application> that -can be used to read these files, but what if we want to make changes to -them? For that, we need a text editor, and -<application>vi</application> is up to the task. +Slackware Linux stores all of its files and directories under a single +<filename>/</filename> directory, typically referred to as "root". This +is in stark contract to what you may be familiar with in the form of +Microsoft Windows. Different hard disk partitions, cdroms, usb flash +drives, and even floppy disks can all be mounted in directories under +<filename>/</filename>, but do not have anything like "drive letters". +The contents of these devices can be found almost anywhere, but there +are some sane defaults that Slackware sets up for you. For example, +cd-rw drives are most often found at <filename>/mnt/cd-rw</filename>. +Here are a few common directories present on nearly all Slackware Linux +installations, and what you can expect to find there. </para> -<para> -In short, <application>vi</application> is one of the oldest and most -powerful text editors still used today. It's beloved by system -administrators, programmers, hobbiests, and others the world over. In -fact, nearly this entire book was written using -<application>vi</application>; only the next chapter on -<application>emacs</application> was written with that editor. -</para> +<table pgwide="0"> +<title>Filesystem Layout</title> +<tgroup cols="2"> + <thead> + <entry>Directory</entry> + <entry>Explaination</entry> + </thead> + <tbody> + <row> + <entry>/</entry> + <entry>The root directory, under which all others exist</entry> + </row> + <row> + <entry>/bin</entry> + <entry>Minimal set of binary programs for all users</entry> + </row> + <row> + <entry>/boot</entry> + <entry>The kernel, initrd, and other requirements for booting Slackware</entry> + </row> + <row> + <entry>/etc/</entry> + <entry>System configuration files</entry> + </row> + <row> + <entry>/dev</entry> + <entry>Collection of special files allowing direct access to hardware</entry> + </row> + <row> + <entry>/home</entry> + <entry>User directories where personal files and settings are stored</entry> + </row> + <row> + <entry>/media</entry> + <entry>Directory for auto-mounting features in DBUS/HAL</entry> + </row> + <row> + <entry>/mnt</entry> + <entry>Places to temporarily mount removable media</entry> + </row> + <row> + <entry>/opt</entry> + <entry>Directory where some (typicaly proprietary) software may be installed</entry> + </row> + <row> + <entry>/proc</entry> + <entry>Kernel exported filesystem for process information</entry> + </row> + <row> + <entry>/root</entry> + <entry>The root user's home directory</entry> + </row> + <row> + <entry>/sbin</entry> + <entry>Minimal set of system or superuser binaries</entry> + </row> + <row> + <entry>/srv</entry> + <entry>Site-specific data such as web pages served by this system</entry> + </row> + <row> + <entry>/sys</entry> + <entry>Special kernel implimentation details</entry> + </row> + <row> + <entry>/tmp</entry> + <entry>Directory reserved for temporary files for all users</entry> + </row> + <row> + <entry>/usr</entry> + <entry>All non-essential programs, libraries, and shared files</entry> + </row> + <row> + <entry>/var</entry> + <entry>Regularly changing data such as log files</entry> + </row> + </tbody> +</tgroup> +</table> + +</section> + +<section> +<title>Local Filesystem Types</title> <para> -A little further explanation is needed to learn exactly what -<application>vi</application> is today though, as Slackware Linux -technically doesn't include <application>vi</application>. Rather, -Slackware includes two vi "clones", <application>elvis</application>(1) -and <application>vim</application>(1). These clones add many additional -features to vi such as syntax highlighting, binary editing modes, and -network support. We won't go too deeply into all these details. By -default, if you execute <application>vi</application> on Slackware -Linux, you'll be using <application>elvis</application>, so all -examples in this chapter will assume that is what you are using. If -you've used another Linux distribution before, you may be more familiar -with <application>vim</application>. If so, you might wish to change -the symlink for <filename>/usr/bin/vi</filename> to point to -<filename>/usr/bin/vim</filename>, or add an alias to your shell's -startup scripts. <application>vim</application> is generally considered -to be more feature-rich than <application>elvis</application>, but -<application>elvis</application> is a much smaller program and contains -more features than most users will ever need. +The Linux kernel supports a wide variety of filesystems, which allows +you to choose from a long list of features to tailor to your particular +need. Fortunately, most of the default filesystem types are adequate +for any needs you may have. Some filesystems are geared towards +particular media. For example, the iso9660 filesystem is used almost +exclusively for CD and DVD media. </para> +<section> +<title>ext2</title> + <para> -<application>vi</application> is very powerful, but also somewhat -cumbersome and challening for a new user to learn. However, mastering -<application>vi</application> is an important skill for any -self-respecting system administrator to learn, as -<application>vi</application> is included on nearly every Linux -distribution, every BSD system, and every UNIX system in existance. -It's even included in Mac OS X. -Once you've learned <application>vi</application>, you'll not have to -learn another text editor to work on any of these systems. In fact, -<application>vi</application> clones have even been ported to Microsoft Windows -systems, so you can use it there too. +ext2 is the oldest filesystem included in Slackware Linux for storing +data on hard disks. Compared to other filesystems, ext2 is simplistic. +It is faster than most others for reading and writing data, but does +not include any journaling capability. This means that after a hard +crash, the filesystem must be exhaustively checked to discover and +(hopefully) fix any errors. </para> </section> <section> -<title>The Different Modes of <application>vi</application></title> - +<title>ext3</title> <para> -New users are often frustrated when using <application>vi</application> -for the first time. When invoked without any arguments, -<application>vi</application> will display a screen something like -this. +ext3 is the younger cousin of ext2. It was designed to replace ext2 in +most situations and shares much the same code-base, but adds journaling +support. In fact, ext3 and ext2 are so much alike that it is possible +to convert one to the other on the fly without lose of data. ext3 +enjoys a lot of popularity for these reasons. There are many tools +available for recovering data from this filesystem in the event of +catastrophic hardware failure as well. ext3 is a good general purpose +filesystem with journaling support, but fails to perform as well as +other journaling filesystems in specific cases. One pitfall to ext3 is +that the filesystem must still go through this exhaustive check every +so often. This is done when the filesystem is mounted, usually when the +computer is booted, and causes an annoying delay. </para> +</section> -<screen> -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ - Command -</screen> - +<section> +<title>reiserfs</title> <para> -At this point, the user will being typing and expect the keys he -presses to appear in the document. Instead, something really strange -happens. The reason for this is simple. <application>vi</application> -has different operation "modes". There is a command mode and an insert -mode. Command mode is the default; in this mode, each keystroke -performs a particular action such as moving the cursor around, deleting -text, yanking (copying) text, searching, etc. +reiserfs is one of the oldest journaling filesystems for the Linux +kernel and has been supported by Slackware for many years. It is a very +fast filesystem particularly well suited for storing, retrieving, and +writing lots of small files. Unfortunately there are few tools for +recovering data should you experience a drive failure, and reiserfs +partitions experience corruption more often than ext3. </para> +</section> +<section> +<title>XFS</title> +<para> +XFS was contributed to the Linux kernel by SGI and is one of the best +filesystems for working with large volumes and large files. XFS uses +more RAM than other filesystems, but if you need to work with large +files its performance there is well worth the penalty in memory usage. +XFS is not particularly ill-suited for desktop or laptop use, but +really shines on a server that handles medium to large size files all +day long. Like ext3, XFS is a fully journaled filesystem. +</para> +</section> +<section> +<title>JFS</title> +<para> +JFS was contributed to the Linux kernel by IBM and is well known for +its responsiveness even under extreme conditions. It can span colossal +volumes making it particularly well-suited for Network Attached Storage +(NAS) devices. JFS's long history and thorough testing make it one of +the most reliable journaling filesystems available for Linux. +</para> </section> <section> -<title>Opening, Saving, and Quitting</title> +<title>iso9660</title> +<para> +iso9660 is a filesystem specifically designed for optical media such as +CDs and DVDs. Since optical disks are read-only media, the linux kernel +does not even include write support for this filesystem. In order to +create an iso9660 filesystem, you must use user-land tools like +<application>mkisofs</application>(8) or +<application>growisofs</application>(8). +</para> +</section> +<section> +<title>vfat</title> <para> -Ok, so you've decided that you want to learn how to use -<application>vi</application>. The first thing to do is learn how to -open and save files. Opening files is actually pretty easy. Simply type -the filename as an argument on the command-line and -<application>vi</application> will happily load it for you. For -example, <userinput>vi chapter_11.xml</userinput> will open the file -<filename>chapter_11.xml</filename> and load its content onto the -screen, simple enough. But what if we've finished with one document and -wish to save it? We can do that in command mode using the <arg>:w</arg> -command. When in command mode, pressing the <keycap>:</keycap> key -temporarily positions the cursor on the very bottom line of the window -and allows you to enter special commands. (This is technically known as -ex-mode after the venerable <application>ex</application> application -which we will not document here.) The command to save your current work -is <arg>:w</arg>. Once this is done, <application>vi</application> will -write your changes to the buffer back into the file. If you wish to -open another document, simply use the <arg>:e other_document</arg> -command and <application>vi</application> will happily open it for you. -If you've made changes to the buffer but haven't saved it yet, -<arg>:e</arg> will fail and print a warning message on the bottom line. -You can bypass this with the <arg>:e!</arg> command. Most ex-mode -commands in <application>vi</application> can be "forced" by adding -<keycap>!</keycap> to them. This tells <application>vi</application> -that you want to abandon any changes you've made to the buffer and open -the other document immediately. +Sometimes you may need to share data between Windows and Linux +computers, but can't transfer the files over a network. Instead you +require a shared hard drive partition or a USB flash drive. The humble +vfat filesystem is the best choice here since it is supported by the +largest variety of operating systems. Unfortuantely, being a Microsoft +designed filesystem, it does not store permissions in the same way as +traditional Linux filesystems. This means that special options must be +used to allow multiple users to access data on this filesystem. </para> +</section> +<section> +<title>swap</title> <para> -But what if I don't like my changes and want to quit or start over? -That's easily done as well. Executing the <arg>:e!</arg> command -without any arguments will re-open the current document from the -beginning. Quitting <application>vi</application> is as simple as -running the <arg>:q</arg> command if you haven't made any changes to -the buffer, or <arg>:q!</arg> if you'd like to quit and abandon those -changes. +Unlike other filesystems which hold files and directories, swap +partitions hold virtual memory. This is very useful as it prevents the +system from crashing should all your RAM be consumed. Instead, the +kernel copies portions of the RAM into swap and frees them up for other +applications to use. Think of it as adding virtual memory to your +computer, very slow virtual memory. swap is typically a fail-safe and +shouldn't be relied upon for continual use. Add more RAM to your system +if you find yourself using lots of swap. </para> +</section> </section> <section> -<title>Moving Around</title> +<title>Using <application>mount</application></title> + +<para> +Now that we've learned what (some of) the different filesystems +available in Linux are, it's time we looked at how to use them. In +order to read or write data on a filesystem, that filesystem must first +be mounted. To do this, we (naturally) use +<application>mount</application>(8). The first thing we must do is +decide where we want the filesystem located. Recall that there are no +such things are drive letters denoting filesystems in Linux. Instead, +all filesystems are mounted on directories. The base filesystem on +which you install Slackware is always located at <filename>/</filename> +and others are always located in subdirectories of +<filename>/</filename>. <filename>/mnt/hd</filename> is a common place +to temporarily locate a partition, so we'll use that in our first +example. In order to mount a filesystem's contents, we must tell mount +what kind of filesystem we have, where to mount it, and any special +options to use. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>mount -t ext3 /dev/hda3 /mnt/hd -o ro</userinput> +</screen> <para> -Moving around in <application>vi</application> is perhaps the hardest -thing for a new user to learn. <application>vi</application> does not -traditionally use the directional arrow keys for cursor movement, -although in Slackware Linux that is an option. Rather, movement is -simply another command issued in command-mode. The reason for this is -rather simple. <application>vi</application> actually predates the -inclusion of directional arrow keys on keyboards. Thus, -movement of the cursor had to be accomplished by using the few -keys available, so the right-hand "home row" keys of -<keycap>h</keycap>, <keycap>j</keycap>, <keycap>k</keycap>, and -<keycap>l</keycap> were chosen. These keys will move the cursor about -whenever <application>vi</application> is in command mode. Here's a -short table to help you remember how they work. +Let's disect this. We have an ext3 filesystem located on the third +partition of the first IDE device, and we've decided to mount its +contents on the directory <filename>/mnt/hd</filename>. Additionally, +we have mounted it read-only so no changes can be made to these +contents. The <arg>-t ext3</arg> argument tells +<application>mount</application> +what type of filesystem we are using, +in this case it is ext3. This lets the kernel know which driver to use. +Often <application>mount</application> can determine this for itself, +but it never hurts to explicitly declare it. Second, we tell +<application>mount</application> +where to locate the filesystem's contents. Here we've chosen +<filename>/mnt/hd</filename>. +Finally, we must decide what options to use if any. These are declared +with the <arg>-o</arg> argument. A short-list of the most common +options follows. </para> <table pgwide="0"> -<title>vi cursor movement</title> +<title>Common mount options</title> <tgroup cols="2"> <thead> - <row> - <entry>Command</entry> - <entry>Result</entry> - </row> + <entry>Option</entry> + <entry>Description</entry> </thead> <tbody> <row> - <entry>h</entry> - <entry>Move the cursor one character left.</entry> + <entry>ro</entry> + <entry>read-only</entry> + </row> + <row> + <entry>rw</entry> + <entry>read-write (default)</entry> + </row> + <row> + <entry>uid</entry> + <entry>user to own the contents of the filesystem</entry> </row> <row> - <entry>j</entry> - <entry>Move the cursor one line down</entry> + <entry>gid</entry> + <entry>group to own the contents of the filesystem</entry> </row> <row> - <entry>k</entry> - <entry>Move the cursor one line up</entry> + <entry>noexec</entry> + <entry>prevent execution of any files on the filesystem</entry> </row> <row> - <entry>l</entry> - <entry>Move the cursor one character right</entry> + <entry>defaults</entry> + <entry>sane defaults for most filesystems</entry> </row> </tbody> </tgroup> </table> <para> -Moving around is a little more powerful than that though. Like many -command keys, these movement keys accept numerical arguments. For -example, <keycap>10j</keycap> will move the cursor down 10 lines. You -can also move to the end or beginning of the current line with -<keycap>$</keycap> and <keycap>^</keycap>, respectively. +If this is your first Linux installation, the only options you +typically need to be concerned about are <arg>ro</arg> and +<arg>rw</arg>. The exception to this rule comes when you are dealing +with filesystems that don't handle traditional Linux permissions such +as vfat or NTFS. In those cases you'll need to use the <arg>uid</arg> +or <arg>gid</arg> options to allow non-root users access to these +filesystems. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>mount -t vfat /dev/hda4 /mnt/hd -o uid=alan</userinput> +</screen> + +<para> +But Alan, that's appalling! I don't want to have to tell mount what +filesystem or options to use everytime I load a CD. It should be easier +than that. Well thankfully, it is. The <filename>/etc/fstab</filename> +file contains all this information for filesystems that the installer +sets up for you, and you can make additions to it as well. +<filename>fstab</filename>(5) looks like a simple table containing the +device to mount along with its filesystem type and optional arguments. +Let's take a look. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>cat /etc/fstab</userinput> +/dev/hda1 / reiserfs defaults 1 1 +/dev/hda2 /home reiserfs defaults 1 2 +/dev/hda3 swap swap defaults 0 0 +/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0 +/dev/fd0 /mnt/floppy auto noauto,owner 0 0 +devpts /dev/pts devpts gid=5,mode=620 0 0 +proc /proc proc defaults 0 0 +</screen> + +<para> +If you have an entry in <filename>fstab</filename> for your filesystem, you +need only tell mount the device node or the mount location. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>mount /dev/cdrom</userinput> +<prompt>darkstar:~# </prompt><userinput>mount /home</userinput> +</screen> + +<para> +One final use for +<application>mount</application> +is to tell you what filesystems are currently mounted and with what +options. Simply run +<application>mount</application> +without any arguments to display these. </para> </section> <section> -<title>Editing A Document</title> +<title>Network Filesystems</title> <para> -Now that we're able to open and save documents, as well as move around -in them, it's time to learn how to edit them. The primary means of -editing is to enter insert mode using either the <keycap>i</keycap> or -<keycap>a</keycap> command keys. These either insert text at the -cursor's current location, or append it after the cursor's current -location. Once into insert mode, you can type any text normally and it -will be placed into your document. You can return to command mode in -order to save your changes by pressing the <keycap>ESC</keycap> key. +In addition to local filesystems, Slackware supports a number of network +filesystems as both client and server. This allows you to share data +between multiple computers transparently. We'll discuss the two most +common: NFS and SMB. +</para> + +<section> +<title>NFS</title> + +<para> +NFS is the Network File System for Linux as well as several other common +operating systems. It has modest performance but supports the full range of +permissions for Slackware. In order to use NFS as either a client or a +server, you must run the remote procedure call daemon. This is easily +accomplished by setting the <filename>/etc/rc.d/rc.rpc</filename> file +executable and telling it to start. Once it has been set executable, it +will run automatically every time you boot into Slackware. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.rpc</userinput> +<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.rpc start</userinput> +</screen> + +<para> +Mounting an NFS share is little different than mounting a local filesystem. +Rather than specifying a local device, you must tell mount the domain name +or IP address of the NFS server and the directory to mount with a colon +between them. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>mount -t nfs darkstar.example.com:/home /home</userinput> +</screen> + +<para> +Running an NFS server is a little bit different. First, you must configure +each directory to be exported in the <filename>/etc/exports</filename> +file. <filename>exports</filename>(5) contains information about what +directories will be shared, who they will be shared with, and what special +permissions to grant or deny. +</para> + +<screen> +# See exports(5) for a description. +# This file contains a list of all directories exported to other computers. +# It is used by rpc.nfsd and rpc.mountd. + +/home/backup 192.168.1.0/24(sync,rw,no_root_squash) +</screen> + +<para> +The first column in +<filename>exports</filename> +is a list of the files to be exported via NFS. The second column is a list +of what systems may access the export along with special permissions. You +can specify hosts via domain name, IP address, or netblock address (as I +have here). Special permissions are always a parenthetical list. For a +complete list, you'll need to read the man page. For now, the only special +option that matters is <arg>no_root_squash</arg>. Usually the root user on +an NFS client cannot read or write an exported share. Instead, the root +user is "squashed" and forced to act as the nobody user. +<arg>no_root_squash</arg> prevents this. +</para> + +<para> +You'll also need to run the NFS daemon. Starting and stopping NFS server +support is done with the <filename>/etc/rc.d/rc.nfsd</filename> rc script. +Set it executable and run it just like we did for +<filename>rc.rpc</filename> and you are ready to go. </para> </section> <section> -<title><application>vi</application> Cheat Sheet</title> +<title>SMB</title> <para> -Since <application>vi</application> can be difficult to learn, I've -prepared a short cheat sheat that should help you with the basics until -you begin to feel comfortable. +SMB is the Windows network file-sharing protocol. Connecting to SMB shares +(commonly called samba shares) is fairly straight forward. Unfortuantely, +SMB isn't as strongly supported as NFS. Still, it offers higher performance +and connectivity with Windows computers. For these reasons, SMB is the most +common network file-sharing protocol deployed on local networks. Exporting +SMB shares from Slackware is done through the samba daemon and configured +in <filename>smb.conf</filename>(5). Unfortunately configuring samba as a +service is beyond the scope of this book. Check online for additional +documentation, and as always refer to the man page. </para> -<table pgwide="0"> -<title>vi Cheat Sheet</title> -<tgroup cols="2" title="Movement"> - <thead> - <row> - <entry>Command</entry> - <entry>Result</entry> - </row> - </thead> - <tbody> - <row> - <entry>h</entry> - <entry>Move the cursor one character left.</entry> - </row> - <row> - <entry>j</entry> - <entry>Move the cursor one line down</entry> - </row> - <row> - <entry>k</entry> - <entry>Move the cursor one line up</entry> - </row> - <row> - <entry>l</entry> - <entry>Move the cursor one character right</entry> - </row> - <row> - <entry>10j</entry> - <entry>Move the cursor ten lines down</entry> - </row> - <row> - <entry>G</entry> - <entry>Move to the end of the file</entry> - </row> - <row> - <entry>^</entry> - <entry>Move to the beginning of the line</entry> - </row> - <row> - <entry>$</entry> - <entry>Move to the end of the line</entry> - </row> - <row> - <entry>dd</entry> - <entry>Remove a line</entry> - </row> - <row> - <entry>5dd</entry> - <entry>Remove 5 lines</entry> - </row> - <row> - <entry>r</entry> - <entry>Replace a single character</entry> - </row> - <row> - <entry>R</entry> - <entry>Replace multiple characters</entry> - </row> - <row> - <entry>x</entry> - <entry>Delete a character</entry> - </row> - <row> - <entry>X</entry> - <entry>Delete the previous character</entry> - </row> - <row> - <entry>u</entry> - <entry>Undo the last action</entry> - </row> - <row> - <entry>:s'old'new'g</entry> - <entry>Replace all occurances of 'old' with 'new'</entry> - </row> - <row> - <entry>/asdf</entry> - <entry>Locate next occurance of asdf</entry> - </row> - <row> - <entry>:q</entry> - <entry>Quit (without saving)</entry> - </row> - <row> - <entry>:w</entry> - <entry>Save the current document</entry> - </row> - <row> - <entry>:w file</entry> - <entry>Save the current document as 'file'</entry> - </row> - <row> - <entry>:x</entry> - <entry>Save and quit</entry> - </row> - </tbody> -</tgroup> -</table> +<para> +Thankfully mounting an SMB share is easy and works almost exactly like +mounting an NFS share. You must tell mount where to find the server and +what share you wish to access in exactly the same way. Additionally, you +must specify a username and password. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home /home -o username=alan,password=secret</userinput> +</screen> + +<para> +You may be wondering why the filesystem type is cifs instead of smbfs. In +older versions of the Linux kernel, smbfs was used. This has been +deprecated in favor of the better performing and more secure general +purpose cifs driver. +</para> + +<para> +All SMB shares require the <arg>username</arg> and <arg>password</arg> +arguments. This can create a security problem if you wish to place your +samba share in fstab. You may avoid this problem by using the +<arg>credentials</arg> argument. <arg>credentials</arg> points to a file +which contains the username and password information. As long as this file +is safely guarded and readable only by root, the likelyhood that your +authentication credentials will be compromised is lessened. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>echo "username=alan" > /etc/creds-home</userinput> +<prompt>darkstar:~# </prompt><userinput>echo "password=secret" >> /etc/creds-home</userinput> +<prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home -o credentials=/etc/creds-home</userinput> +</screen> + + + + +</section> + + + + + + + + + </section> diff --git a/chapter_12.xml b/chapter_12.xml index 021bcf8..7a507f0 100644 --- a/chapter_12.xml +++ b/chapter_12.xml @@ -3,10 +3,331 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Emacs</title> +<title><application>vi</application></title> <section> -<title>No Idea</title> +<title>What is <application>vi</application>?</title> + +<para> +Scattered all around your computer are thousands of text files. To a +new user, this may seem inconsequential, but almost everything in +Slackware Linux uses a plain-text file for configuration. This allows +users to make changes to the system quickly, easily, and intuitively. +In chapter 5, we looked at a few commands such as +<application>cat</application> and <application>less</application> that +can be used to read these files, but what if we want to make changes to +them? For that, we need a text editor, and +<application>vi</application> is up to the task. +</para> + +<para> +In short, <application>vi</application> is one of the oldest and most +powerful text editors still used today. It's beloved by system +administrators, programmers, hobbiests, and others the world over. In +fact, nearly this entire book was written using +<application>vi</application>; only the next chapter on +<application>emacs</application> was written with that editor. +</para> + +<para> +A little further explanation is needed to learn exactly what +<application>vi</application> is today though, as Slackware Linux +technically doesn't include <application>vi</application>. Rather, +Slackware includes two vi "clones", <application>elvis</application>(1) +and <application>vim</application>(1). These clones add many additional +features to vi such as syntax highlighting, binary editing modes, and +network support. We won't go too deeply into all these details. By +default, if you execute <application>vi</application> on Slackware +Linux, you'll be using <application>elvis</application>, so all +examples in this chapter will assume that is what you are using. If +you've used another Linux distribution before, you may be more familiar +with <application>vim</application>. If so, you might wish to change +the symlink for <filename>/usr/bin/vi</filename> to point to +<filename>/usr/bin/vim</filename>, or add an alias to your shell's +startup scripts. <application>vim</application> is generally considered +to be more feature-rich than <application>elvis</application>, but +<application>elvis</application> is a much smaller program and contains +more features than most users will ever need. +</para> + +<para> +<application>vi</application> is very powerful, but also somewhat +cumbersome and challening for a new user to learn. However, mastering +<application>vi</application> is an important skill for any +self-respecting system administrator to learn, as +<application>vi</application> is included on nearly every Linux +distribution, every BSD system, and every UNIX system in existance. +It's even included in Mac OS X. +Once you've learned <application>vi</application>, you'll not have to +learn another text editor to work on any of these systems. In fact, +<application>vi</application> clones have even been ported to Microsoft Windows +systems, so you can use it there too. +</para> + +</section> + +<section> +<title>The Different Modes of <application>vi</application></title> + +<para> +New users are often frustrated when using <application>vi</application> +for the first time. When invoked without any arguments, +<application>vi</application> will display a screen something like +this. +</para> + +<screen> +~ +~ +~ +~ +~ +~ +~ +~ +~ +~ +~ + Command +</screen> + +<para> +At this point, the user will being typing and expect the keys he +presses to appear in the document. Instead, something really strange +happens. The reason for this is simple. <application>vi</application> +has different operation "modes". There is a command mode and an insert +mode. Command mode is the default; in this mode, each keystroke +performs a particular action such as moving the cursor around, deleting +text, yanking (copying) text, searching, etc. +</para> + + +</section> + +<section> +<title>Opening, Saving, and Quitting</title> + +<para> +Ok, so you've decided that you want to learn how to use +<application>vi</application>. The first thing to do is learn how to +open and save files. Opening files is actually pretty easy. Simply type +the filename as an argument on the command-line and +<application>vi</application> will happily load it for you. For +example, <userinput>vi chapter_11.xml</userinput> will open the file +<filename>chapter_11.xml</filename> and load its content onto the +screen, simple enough. But what if we've finished with one document and +wish to save it? We can do that in command mode using the <arg>:w</arg> +command. When in command mode, pressing the <keycap>:</keycap> key +temporarily positions the cursor on the very bottom line of the window +and allows you to enter special commands. (This is technically known as +ex-mode after the venerable <application>ex</application> application +which we will not document here.) The command to save your current work +is <arg>:w</arg>. Once this is done, <application>vi</application> will +write your changes to the buffer back into the file. If you wish to +open another document, simply use the <arg>:e other_document</arg> +command and <application>vi</application> will happily open it for you. +If you've made changes to the buffer but haven't saved it yet, +<arg>:e</arg> will fail and print a warning message on the bottom line. +You can bypass this with the <arg>:e!</arg> command. Most ex-mode +commands in <application>vi</application> can be "forced" by adding +<keycap>!</keycap> to them. This tells <application>vi</application> +that you want to abandon any changes you've made to the buffer and open +the other document immediately. +</para> + +<para> +But what if I don't like my changes and want to quit or start over? +That's easily done as well. Executing the <arg>:e!</arg> command +without any arguments will re-open the current document from the +beginning. Quitting <application>vi</application> is as simple as +running the <arg>:q</arg> command if you haven't made any changes to +the buffer, or <arg>:q!</arg> if you'd like to quit and abandon those +changes. +</para> + +</section> + +<section> +<title>Moving Around</title> + +<para> +Moving around in <application>vi</application> is perhaps the hardest +thing for a new user to learn. <application>vi</application> does not +traditionally use the directional arrow keys for cursor movement, +although in Slackware Linux that is an option. Rather, movement is +simply another command issued in command-mode. The reason for this is +rather simple. <application>vi</application> actually predates the +inclusion of directional arrow keys on keyboards. Thus, +movement of the cursor had to be accomplished by using the few +keys available, so the right-hand "home row" keys of +<keycap>h</keycap>, <keycap>j</keycap>, <keycap>k</keycap>, and +<keycap>l</keycap> were chosen. These keys will move the cursor about +whenever <application>vi</application> is in command mode. Here's a +short table to help you remember how they work. +</para> + +<table pgwide="0"> +<title>vi cursor movement</title> +<tgroup cols="2"> + <thead> + <row> + <entry>Command</entry> + <entry>Result</entry> + </row> + </thead> + <tbody> + <row> + <entry>h</entry> + <entry>Move the cursor one character left.</entry> + </row> + <row> + <entry>j</entry> + <entry>Move the cursor one line down</entry> + </row> + <row> + <entry>k</entry> + <entry>Move the cursor one line up</entry> + </row> + <row> + <entry>l</entry> + <entry>Move the cursor one character right</entry> + </row> + </tbody> +</tgroup> +</table> + +<para> +Moving around is a little more powerful than that though. Like many +command keys, these movement keys accept numerical arguments. For +example, <keycap>10j</keycap> will move the cursor down 10 lines. You +can also move to the end or beginning of the current line with +<keycap>$</keycap> and <keycap>^</keycap>, respectively. +</para> + +</section> + +<section> +<title>Editing A Document</title> + +<para> +Now that we're able to open and save documents, as well as move around +in them, it's time to learn how to edit them. The primary means of +editing is to enter insert mode using either the <keycap>i</keycap> or +<keycap>a</keycap> command keys. These either insert text at the +cursor's current location, or append it after the cursor's current +location. Once into insert mode, you can type any text normally and it +will be placed into your document. You can return to command mode in +order to save your changes by pressing the <keycap>ESC</keycap> key. +</para> + +</section> + +<section> +<title><application>vi</application> Cheat Sheet</title> + +<para> +Since <application>vi</application> can be difficult to learn, I've +prepared a short cheat sheat that should help you with the basics until +you begin to feel comfortable. +</para> + +<table pgwide="0"> +<title>vi Cheat Sheet</title> +<tgroup cols="2" title="Movement"> + <thead> + <row> + <entry>Command</entry> + <entry>Result</entry> + </row> + </thead> + <tbody> + <row> + <entry>h</entry> + <entry>Move the cursor one character left.</entry> + </row> + <row> + <entry>j</entry> + <entry>Move the cursor one line down</entry> + </row> + <row> + <entry>k</entry> + <entry>Move the cursor one line up</entry> + </row> + <row> + <entry>l</entry> + <entry>Move the cursor one character right</entry> + </row> + <row> + <entry>10j</entry> + <entry>Move the cursor ten lines down</entry> + </row> + <row> + <entry>G</entry> + <entry>Move to the end of the file</entry> + </row> + <row> + <entry>^</entry> + <entry>Move to the beginning of the line</entry> + </row> + <row> + <entry>$</entry> + <entry>Move to the end of the line</entry> + </row> + <row> + <entry>dd</entry> + <entry>Remove a line</entry> + </row> + <row> + <entry>5dd</entry> + <entry>Remove 5 lines</entry> + </row> + <row> + <entry>r</entry> + <entry>Replace a single character</entry> + </row> + <row> + <entry>R</entry> + <entry>Replace multiple characters</entry> + </row> + <row> + <entry>x</entry> + <entry>Delete a character</entry> + </row> + <row> + <entry>X</entry> + <entry>Delete the previous character</entry> + </row> + <row> + <entry>u</entry> + <entry>Undo the last action</entry> + </row> + <row> + <entry>:s'old'new'g</entry> + <entry>Replace all occurances of 'old' with 'new'</entry> + </row> + <row> + <entry>/asdf</entry> + <entry>Locate next occurance of asdf</entry> + </row> + <row> + <entry>:q</entry> + <entry>Quit (without saving)</entry> + </row> + <row> + <entry>:w</entry> + <entry>Save the current document</entry> + </row> + <row> + <entry>:w file</entry> + <entry>Save the current document as 'file'</entry> + </row> + <row> + <entry>:x</entry> + <entry>Save and quit</entry> + </row> + </tbody> +</tgroup> +</table> </section> diff --git a/chapter_13.xml b/chapter_13.xml index 23eae86..021bcf8 100644 --- a/chapter_13.xml +++ b/chapter_13.xml @@ -3,400 +3,10 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Networking</title> +<title>Emacs</title> <section> -<title><application>netconfig</application></title> - -<para> -Computers aren't very interesting on their own. Sure, you can install -games on them, but that just turns them into glorified entertainment -consoles. Today, computers need to be able to talk to one another; they -need to be networked. Whether you're installing a business network with -hundreds or thousands of computers or just setting up a single PC for -Internet access, Slackware is simple and easy. This chapter should -teach you how to setup typical wired networks. Common wireless setup will -be thoroughly discussed in the next section, but much of what you read -here will be applicable there as well. -</para> - -<para> -There are many different ways to configure your computer to connect to -a network or the Internet, but they fall into two main categories: -static and dymanic. Static addresses are solid; they are set with the -understanding that they will not be changed, at least not anytime soon. -Dynamic addresses are fluid; the assumption is that the address will -change at some time in the future. Typically any sort of network server -requires a static address simply so other machines will know where to -contact it when they need services. Dynamic addresses tend to be used -for workstations, Internet clients, and any machine that doesn't -require a static address for any reason. Dynamic addresses are more -flexible, but present complications of their own. -</para> - -<para> -There are many different kinds of network protocols that you might -encounter, but most people will only ever need to deal with Internet -Protocol (IP). For that reason, we'll focus exclusively on IP in this -book. -</para> - -</section> - -<section> -<title>Manual Configuration</title> - -<para> -Ok, so you've installed Slackware, you've setup a desktop, but you -can't get it to connect to the Internet or your business's LAN (local -area network), what do you do? Fortunately, the answer to that question -is simple. Slackware includes a number of tools to configure your -network connection. The first we will look at today is the very -powerful <application>ifconfig</application>(8). -<application>ifconfig</application> is used to setup or modify the -configuration of a Network Interface Card (NIC or Ethernet Card), the -most common hardware for connecting to networks today. -<application>ifconfig</application> is an incredibly powerful tool -capable of doing much more than setting IP addresses. For a complete -introduction, you should read its man page. For now, we're just going -to use it to display and change the network addresses of some ethernet -controllers. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>ifconfig</userinput> -lo Link encap:Local Loopback - inet addr:127.0.0.1 Mask:255.0.0.0 - inet6 addr: ::1/128 Scope:Host - UP LOOPBACK RUNNING MTU:16436 Metric:1 - RX packets:699 errors:0 dropped:0 overruns:0 frame:0 - TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) - -wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c - inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 - inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 - TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) - -wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) -</screen> - - -<para> -As you can clearly see here, when run without any arguments, -<application>ifconfig</application> will display all the information it -has on all the ethernet cards (and wireless ethernet cards) present on -your system. The above represents a typical wireless connection from my -laptop, so don't be afraid if what you see on your system doesn't -match. If you don't see any ethX or wlanX interfaces though, the -interface may be down. To show all currently present NICs whether they are -"up" or "down", simply pass the <arg>-a</arg> argument. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>ifconfig -a</userinput> -eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 - UP BROADCAST MULTICAST MTU:1500 Metric:1 - RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 - TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) - Interrupt:16 - -lo Link encap:Local Loopback - inet addr:127.0.0.1 Mask:255.0.0.0 - inet6 addr: ::1/128 Scope:Host - UP LOOPBACK RUNNING MTU:16436 Metric:1 - RX packets:699 errors:0 dropped:0 overruns:0 frame:0 - TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) - -wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c - inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 - inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 - TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) - -wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) -</screen> - -<para>Notice that the eth0 interface is now listed among the returns. -<application>ifconfig</application> can also change the current -settings on a NIC. Typically, you would need to change the IP address -and subnet mask, but you can change virtually any parameters. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>ifconfig eth0 192.168.1.1 netmask 255.255.255.0</userinput> -<prompt>darkstar:~# </prompt><userinput>ifconfig eth0</userinput> -eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 - inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 - UP BROADCAST MULTICAST MTU:1500 Metric:1 - RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 - TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) - Interrupt:16 -</screen> - -<para> -If you look carefully, you'll notice that the interface now has the -192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup -the basics for connecting to our network, but we still need to setup a -default gateway and our DNS servers. In order to do that, we'll need to -look at a few more tools. -</para> - -<para> -Next on our stop through networking land is the equally powerful -<application>route</application>(8). This tool is responsible for -modifying the Linux kernel's routing table which affects all data -transmission on a network. Routing tables can become immensely complex -or they can be straight-forward and simple. Most users will only ever -need to setup a default gateway, so we'll show you how to do that here. -If for some reason you need a more complex routing table, you would be -well advised to read the entire man page for -<application>route</application> as well as consulting other sources. -For now, let's take a look at our routing table immediately after -setting up eth0. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>route</userinput> -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 -loopback * 255.0.0.0 U 0 0 0 lo -</screen> - -<para> -I won't explain everything here, but the general information should be -easy to pick up if you're familiar with networking at all. The -Destination and Genmask fields specify a range of IP addresses to -match. If a Gateway is defined, information in the form of packets will -be sent to that host for forwarding. We also specify an interface in -the final field that the information should traverse. Right now, we can -only communicate with computers with addresses between 192.168.1.0 and -192.168.1.255 and ourselves through the loopback interface, a type of -virtual NIC that is used for routing information from this computer to -itself. In order to reach the rest of the world, we'll need to -setup a default gateway. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>route add default gw 192.168.1.254</userinput> -<prompt>darkstar:~# </prompt><userinput>route</userinput> -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 -loopback * 255.0.0.0 U 0 0 0 lo -default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 -</screen> - -<para> -You should immediately notice the addition of a default route. This -specifies what router should be used to reach any addresses that aren't -specified elsewhere in our routing table. Now, when we try to connect -to say, 64.57.102.34, the information will be sent to 192.168.1.254 -which is responsible for delivering the data for us. Unfortunately, -we're still not quite through. We need some way of converting domain -names like slackware.com into IP addresses that the computer can use. -For that, we need to make use of a DNS server. -</para> - -<para> -Fortunately, setting up your computer to use an external (or even an -internal) DNS server is very easy. You'll need to use your favorite -text editor and open the <filename>/etc/resolv.conf</filename> file. -Don't ask me what happened to the <keycap>e</keycap>. On my computer, -<filename>resolv.conf</filename> looks like this. -</para> - -<screen> -# /etc/resolv.conf -search lizella.net -nameserver 192.168.1.254 -</screen> - -<para> -Most users won't need the "search" line. This is used to map hostnames -to domain names. Basically, if I attempt to connect to "barnowl", the -computer knows to look for "barnowl.lizella.net" thanks to this search -line. We're mainly interested in the "nameserver" line. This tells -Slackware what domain name servers (DNS) to connect to. Generally -speaking, these should always be specified by IP address. If you know -what DNS servers you should use, you can just add them one at a time to -individual nameserver lines. In fact, I don't know of any practical -limit to the number of nameservers that can be specified in -<filename>resolv.conf</filename>, so add as many as you like. Once this -is done, you should be able to communicate with other hosts via their -fully qualified domain name. -</para> - -<para> -But Alan! That's a lot of hard work! I don't want to do this time and -again for dozens or even hundreds of machines. You're absolutely right, -and that's why smarter people than you and me created DHCP. DHCP -stands for Dynamic Host Control Protocol and is a method for -automatically configuring computers with unique IP addresses, netmasks, -gateways, and DNS servers. Most of the time, you'll want to use DHCP. -The majority of wireless routers, DSL or cable modems, even firewalls -all have DHCP servers to can make your life much easier. Slackware -includes two main tools for connecting to an exising DHCP server and -can even act as a DHCP server for other computers. For now though, -we're just going to look at DHCP clients. -</para> - -<para> -First on our list is <application>dhcpcd</application>(8), part of the -ISC DHCP utilities. Assuming your computer is physically connected to -your network, and that you have an operating DHCP server on that -network, you can configure your NIC in one shot. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>dhcpcd eth0</userinput> -</screen> - -<para> -If everything went according to plan, your NIC should be properly -configured, and you should be able to communicate with other computers -on your network, and with the Internet at large. If for some reason, -<application>dhcpcd</application> fails, you may want to try -<application>dhclient</application>(8). -<application>dhclient</application> is an alternative to -<application>dhcpcd</application> and works in basically the same way. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>dhclient eth0</userinput> -Listening on LPF/eth0/00:1c:b3:ba:ad:4c -Sending on LPF/eth0/00:1c:b3:ba:ad:4c -Sending on Socket/fallback -DHCPREQUEST on eth0 to 255.255.255.255 port 67 -DHCPACK from 192.168.1.254 -bound to 192.168.1.198 -- renewal in 8547 seconds. -</screen> - -<para> -So why does Slackware include two DHCP clients? Sometimes a particular -DHCP server may be broken and not respond well to either -<application>dhcpcd</application> or -<application>dhclient</application>. In those cases, you can fall back -to the other DHCP client in hopes of getting a valid response from the -server. Traditionally, Slackware uses -<application>dhcpcd</application>, and this works in the vast majority -of cases, but it may become necessary at some point for you to use -<application>dhclient</application> instead. Both are excellent DHCP -clients, so use whichever you prefer. -</para> - -</section> - -<section> -<title>Automatic Configuration with rc.inet1.conf</title> - -<para> -Manually configuring interfaces is an important skill to have, but it -can become tedious. No one wants to manually setup their Internet -connection every time the system boots. More importantly, you may not -always have physical access to the machine when it boots. Slackware -makes it easy to automatically configure ethernet (and wireless) cards -at system startup with <filename>/etc/rc.d/rc.inet1.conf</filename>. -For now, we're going to focus on traditional wired ethernet networking; -the next chapter will discuss various wireless options. -</para> - -<para> -<filename>rc.inet1.conf</filename> is an incredibly powerful -configuration file, capable of configuring most of your network cards -automatically when Slackware is started. The file is filled with useful -comments, but there is also a man page that more thoroughly discusses -its use. To begin, we're going to look at some of the options used on -one of my personal machines. -</para> - -<screen> -# Config information for eth0: -IPADDR[0]="192.168.1.250" -NETMASK[0]="255.255.255.0" -USE_DHCP[0]="" -DHCP_HOSTNAME[0]="" -# Some lines ommitted. -GATEWAY="192.168.1.254" -</screen> - -<para> -This represents most of the information necessary to configure a static -IP address on a single ethernet controller. -<application>netconfig</application> will usually fill in these values -for a single ethernet device for you. If you have multiple network -cards in your machine and need all of them activated automatically at -boot time, then you'll need to edit or add additional entries into this -file in the same manner as above. First, let me go over some of the -basics. -</para> - -<para> -As you may have already guessed, IPADDR[n] is the Internet Protocol -Address for the "n" network interface card. Typically, "n" corrosponds -to eth0, eth1, and so on, but this isn't always the case. You can -specify these values to pertain to a different network controller with -the INFAME[n] variable, but we will reserve that for the next chapter -on wireless networking, as it more commonly pertains to wireless -network controllers. Likewise, NETMASK[n] is the subnet mask to use -for the network controller. If these lines are left empty, then static -IP addresses will not be automatically assigned to this network -controller. The USE_DHCP[n] variable tells Slackware to (naturally) -use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used, -but some DHCP servers may require it. In that case, it must be set to -a valid hostname. Finally, we come to the GATEWAY variable. It is -actually set lower in the file than it appears in my example, and it -controls the default gateway to use. You may be wondering why there is -no GATEWAY[n] variable. The answer to that lies in how Internet -Protocol works. I won't go into an indepth discussion on that subject, -but suffice it to say that there is only ever one default route that a -computer can use no matter how many interfaces are attached to it. -</para> - -<para> -If you need to use static IP addressing, you will have to obtain a -unique static IP address and the subnet mask for the interface, as well -as the default gateway address, and enter those here. There is no place -to enter DNS information in <filename>rc.inet1.conf</filename>, so DNS -servers will have to be manually placed into -<filename>resolv.conf</filename> as we discussed above. Of course, if -you use <application>netconfig</application>, this will be handled for -you by that program. Now let's take a look at another interface on my -computer. -</para> - -<screen> -# Config information for eth1: -IPADDR[1]="" -NETMASK[1]="" -USE_DHCP[1]="yes" -DHCP_HOSTNAME[1]="" -</screen> - -<para> -Here I am telling Slackware to configure eth1 using DHCP. I do not need -to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact, -if they are set, they will be ignored). Slackware will happily contact -a DHCP server as soon as the machine begins to boot. -</para> +<title>No Idea</title> </section> diff --git a/chapter_14.xml b/chapter_14.xml index c3b6d8a..23eae86 100644 --- a/chapter_14.xml +++ b/chapter_14.xml @@ -3,331 +3,399 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Wireless Networking</title> +<title>Networking</title> <section> -<title><application>iwconfig</application></title> +<title><application>netconfig</application></title> <para> -Wireless networking is somewhat more complicated than traditional wired -networking, and requires additional tools for setup. Slackware includes -a diverse collection of wireless networking tools to allow you to -configure your wireless network interface card (WNIC) at the most basic -level. We won't cover everything here, but should give you a solid -foundation to get up and running quickly. The first tool we are going -to look at is <application>iwconfig</application>(8). When run without -any argument, <application>iwconfig</application> displays the current -wireless information on any and all NICs on your computer. +Computers aren't very interesting on their own. Sure, you can install +games on them, but that just turns them into glorified entertainment +consoles. Today, computers need to be able to talk to one another; they +need to be networked. Whether you're installing a business network with +hundreds or thousands of computers or just setting up a single PC for +Internet access, Slackware is simple and easy. This chapter should +teach you how to setup typical wired networks. Common wireless setup will +be thoroughly discussed in the next section, but much of what you read +here will be applicable there as well. </para> +<para> +There are many different ways to configure your computer to connect to +a network or the Internet, but they fall into two main categories: +static and dymanic. Static addresses are solid; they are set with the +understanding that they will not be changed, at least not anytime soon. +Dynamic addresses are fluid; the assumption is that the address will +change at some time in the future. Typically any sort of network server +requires a static address simply so other machines will know where to +contact it when they need services. Dynamic addresses tend to be used +for workstations, Internet clients, and any machine that doesn't +require a static address for any reason. Dynamic addresses are more +flexible, but present complications of their own. +</para> -<screen><prompt>darkstar:~# </prompt><userinput>iwconfig</userinput> -lo no wireless extensions. +<para> +There are many different kinds of network protocols that you might +encounter, but most people will only ever need to deal with Internet +Protocol (IP). For that reason, we'll focus exclusively on IP in this +book. +</para> -eth0 no wireless extensions. +</section> -wmaster0 no wireless extensions. +<section> +<title>Manual Configuration</title> -wlan0 IEEE 802.11abgn ESSID:"nest" - Mode:Managed Frequency:2.432 GHz Access Point: -00:13:10:EA:4E:BD - Bit Rate=54 Mb/s Tx-Power=17 dBm - Retry min limit:7 RTS thr:off Fragment thr=2352 B - Encryption key:off - Power Management:off - Link Quality=100/100 Signal level:-42 dBm - Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 - Tx excessive retries:0 Invalid misc:0 Missed beacon:0 +<para> +Ok, so you've installed Slackware, you've setup a desktop, but you +can't get it to connect to the Internet or your business's LAN (local +area network), what do you do? Fortunately, the answer to that question +is simple. Slackware includes a number of tools to configure your +network connection. The first we will look at today is the very +powerful <application>ifconfig</application>(8). +<application>ifconfig</application> is used to setup or modify the +configuration of a Network Interface Card (NIC or Ethernet Card), the +most common hardware for connecting to networks today. +<application>ifconfig</application> is an incredibly powerful tool +capable of doing much more than setting IP addresses. For a complete +introduction, you should read its man page. For now, we're just going +to use it to display and change the network addresses of some ethernet +controllers. +</para> -tun0 no wireless extensions. +<screen><prompt>darkstar:~# </prompt><userinput>ifconfig</userinput> +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:699 errors:0 dropped:0 overruns:0 frame:0 + TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) + +wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c + inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 + inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 + TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) + +wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) </screen> + <para> -Unlike wired networks, wireless networks are "fuzzy". Their borders are -hard to define, and multiple networks may overlap one another. In order -to avoid confusion, each wireless network has (hopefully) unique -identifiers. The two most basic identifiers are the Extended Service -Set Identifier (ESSID) and the channel or frequency for radio -transmission. The ESSID is simply a name that identifies the wireless -network in question; you may have heard it referred to as the network -name or something similar. Typical wireless networks operate on 11 -different frequencies. In order to connect to even the most basic -wireless network, you will have to setup these two pieces of -information, and possibly others, before setting up things like the -WNIC's IP address. Here you can see that my ESSID is set to "nest" and -my laptop is transmitting at 2.432 GHz. This is all that is required to -connect to an unencrypted wireless LAN. (For any of you out there -expecting to come to my house and use my unencrypted wireless, you -should know that you'll have to break a 2048-bit SSL key before the -access point will let you communicate with my LAN.) +As you can clearly see here, when run without any arguments, +<application>ifconfig</application> will display all the information it +has on all the ethernet cards (and wireless ethernet cards) present on +your system. The above represents a typical wireless connection from my +laptop, so don't be afraid if what you see on your system doesn't +match. If you don't see any ethX or wlanX interfaces though, the +interface may be down. To show all currently present NICs whether they are +"up" or "down", simply pass the <arg>-a</arg> argument. </para> -<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ - freq 2.432G</userinput></screen> +<screen><prompt>darkstar:~# </prompt><userinput>ifconfig -a</userinput> +eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 + TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) + Interrupt:16 + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:699 errors:0 dropped:0 overruns:0 frame:0 + TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) + +wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c + inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 + inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 + TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) + +wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) +</screen> -<para> -The <arg>freq</arg> and <arg>channel</arg> arguments control basically -the same thing. You only need to use one. If you are unsure what -frequency or channel to use, Slackware can usually figure this out for -you. +<para>Notice that the eth0 interface is now listed among the returns. +<application>ifconfig</application> can also change the current +settings on a NIC. Typically, you would need to change the IP address +and subnet mask, but you can change virtually any parameters. </para> -<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ - channel auto</userinput></screen> +<screen><prompt>darkstar:~# </prompt><userinput>ifconfig eth0 192.168.1.1 netmask 255.255.255.0</userinput> +<prompt>darkstar:~# </prompt><userinput>ifconfig eth0</userinput> +eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 + inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 + TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) + Interrupt:16 +</screen> <para> -Now Slackware will attempt to connect to the strongest access point on -the "nest" essid operating at any frequency. +If you look carefully, you'll notice that the interface now has the +192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup +the basics for connecting to our network, but we still need to setup a +default gateway and our DNS servers. In order to do that, we'll need to +look at a few more tools. </para> -</section> - -<section> -<title>Wired Equivilant Protection (or Lack Thereof)</title> - <para> -Wireless networking is by its very nature less secure than wired -networking. Having your information travelling on the airwaves makes it -highly susceptible to interception by third paries, so over the years a -number of methods have been devised to make wireless networking more -secure. The first was called Wired Equivilant Protection, or WEP for -short, and well far short of its goal. If you are still using WEP -today, I encourage you to consider using WPA2 or some other form of -stronger encryption. Attacks against WEP are trivial and take only -minutes to perform. Unfortunately there are still access points -configured for WEP, and you may need to connect to one from time to -time. Connecting to WEP encrypted access points is fairly simple, -particularly if you have the key in hexidecimal format. We'll need to -pass the <arg>key</arg> argument along with the password in hexidecimal -or ASCII format. If using an ASCII password, you'll need to prepend it -with "s:"; here's a couple examples. Generally speaking, hexidecimal -format is prefered. +Next on our stop through networking land is the equally powerful +<application>route</application>(8). This tool is responsible for +modifying the Linux kernel's routing table which affects all data +transmission on a network. Routing tables can become immensely complex +or they can be straight-forward and simple. Most users will only ever +need to setup a default gateway, so we'll show you how to do that here. +If for some reason you need a more complex routing table, you would be +well advised to read the entire man page for +<application>route</application> as well as consulting other sources. +For now, let's take a look at our routing table immediately after +setting up eth0. </para> -<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ - key cf80baf8bf01a160de540bfb1c</userinput> -<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ - key s:thisisapassword</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>route</userinput> +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 +loopback * 255.0.0.0 U 0 0 0 lo </screen> -</section> +<para> +I won't explain everything here, but the general information should be +easy to pick up if you're familiar with networking at all. The +Destination and Genmask fields specify a range of IP addresses to +match. If a Gateway is defined, information in the form of packets will +be sent to that host for forwarding. We also specify an interface in +the final field that the information should traverse. Right now, we can +only communicate with computers with addresses between 192.168.1.0 and +192.168.1.255 and ourselves through the loopback interface, a type of +virtual NIC that is used for routing information from this computer to +itself. In order to reach the rest of the world, we'll need to +setup a default gateway. +</para> -<section> -<title>Wifi Protected Access</title> +<screen><prompt>darkstar:~# </prompt><userinput>route add default gw 192.168.1.254</userinput> +<prompt>darkstar:~# </prompt><userinput>route</userinput> +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 +loopback * 255.0.0.0 U 0 0 0 lo +default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 +</screen> <para> -Wifi Protected Access (or WPA for short) was the successor for WEP that -aimed to fix several problems with wireless encryption. Unfortunately, -WPA had some flaws as well. An update called WPA2 offers even stronger -protection. At this time, WPA2 is supported by nearly all wireless -network cards and access points, but some older devices may only -support WEP. If you need to secure your wireless network traffic, WPA2 -should be considered the minimum level of protection required. -Unfortunately, <application>iwconfig</application> is unable to setup -WPA2 encryption on its own. For that, we need a helper daemon, -<application>wpa_supplicant</application>(8). +You should immediately notice the addition of a default route. This +specifies what router should be used to reach any addresses that aren't +specified elsewhere in our routing table. Now, when we try to connect +to say, 64.57.102.34, the information will be sent to 192.168.1.254 +which is responsible for delivering the data for us. Unfortunately, +we're still not quite through. We need some way of converting domain +names like slackware.com into IP addresses that the computer can use. +For that, we need to make use of a DNS server. </para> <para> -Unfortunately, there's no easy way to manually configure a WPA2 -protected network; you'll have to edit -<filename>/etc/wpa_supplicant.conf</filename> directly with a text -editor. Here we will discuss the simplest form of WPA2 protection, the -Pre-Shared Key, or PSK for short. For details on setting up Slackware -to connect to more complicated WPA2 encrypted networks, see the man -page for <filename>wpa_supplicant.conf</filename>. +Fortunately, setting up your computer to use an external (or even an +internal) DNS server is very easy. You'll need to use your favorite +text editor and open the <filename>/etc/resolv.conf</filename> file. +Don't ask me what happened to the <keycap>e</keycap>. On my computer, +<filename>resolv.conf</filename> looks like this. </para> <screen> -# /etc/wpa_supplicant.conf -# ======================== -# This line enables the use of wpa_cli which is used by rc.wireless -# if possible (to check for successful association) -ctrl_interface=/var/run/wpa_supplicant -# By default, only root (group 0) may use wpa_cli -ctrl_interface_group=0 -eapol_version=1 -ap_scan=1 -fast_reauth=1 -#country=US - -# WPA protected network, supply your own ESSID and WPAPSK here: -network={ - scan_ssid=1 - ssid="nest" - key_mgmt=WPA-PSK - psk="secret passphrase" -} +# /etc/resolv.conf +search lizella.net +nameserver 192.168.1.254 </screen> <para> -The block of text we're interested in is the network block enclosed by -curly braces. Here we have set the ssid for the network "nest", as well -as the PSK to use "secret passphrase". At this point, WPA2 is setup. -You can run <application>wpa_supplicant</application> and then obtain -an IP address via DHCP or set a static address. Of course, this is a -lot of work, there must be an easier way to do this. +Most users won't need the "search" line. This is used to map hostnames +to domain names. Basically, if I attempt to connect to "barnowl", the +computer knows to look for "barnowl.lizella.net" thanks to this search +line. We're mainly interested in the "nameserver" line. This tells +Slackware what domain name servers (DNS) to connect to. Generally +speaking, these should always be specified by IP address. If you know +what DNS servers you should use, you can just add them one at a time to +individual nameserver lines. In fact, I don't know of any practical +limit to the number of nameservers that can be specified in +<filename>resolv.conf</filename>, so add as many as you like. Once this +is done, you should be able to communicate with other hosts via their +fully qualified domain name. </para> -</section> - -<section> -<title>rc.inet1.conf revisited</title> - <para> -Welcome back to <filename>rc.inet1.conf</filename>. You're recall in -the last chapter that we used this configuration file to automatically -configure NICs whenever Slackware boots. Now, we will use it to -configure wifi as well. If you're using WPA2, you'll still need to -setup <filename>wpa_supplicant.conf</filename> properly first, however. +But Alan! That's a lot of hard work! I don't want to do this time and +again for dozens or even hundreds of machines. You're absolutely right, +and that's why smarter people than you and me created DHCP. DHCP +stands for Dynamic Host Control Protocol and is a method for +automatically configuring computers with unique IP addresses, netmasks, +gateways, and DNS servers. Most of the time, you'll want to use DHCP. +The majority of wireless routers, DSL or cable modems, even firewalls +all have DHCP servers to can make your life much easier. Slackware +includes two main tools for connecting to an exising DHCP server and +can even act as a DHCP server for other computers. For now though, +we're just going to look at DHCP clients. </para> <para> -Recall that each NIC had a name or number that identified the variables -that corrospond with it? The same hold true for wifi NICs, only they -have even more variables due to the added complexity of wireless -networking. +First on our list is <application>dhcpcd</application>(8), part of the +ISC DHCP utilities. Assuming your computer is physically connected to +your network, and that you have an operating DHCP server on that +network, you can configure your NIC in one shot. </para> -<screen> -# rc.inet1.conf (excert) -# ====================== -## Example config information for wlan0. Uncomment the lines you need and fill -## in your info. (You may not need all of these for your wireless network) -IFNAME[4]="wlan0" -IPADDR[4]="" -NETMASK[4]="" -USE_DHCP[4]="yes" -#DHCP_HOSTNAME[4]="icculus-wireless" -#DHCP_KEEPRESOLV[4]="yes" -#DHCP_KEEPNTP[4]="yes" -#DHCP_KEEPGW[4]="yes" -#DHCP_IPADDR[4]="" -WLAN_ESSID[4]="nest" -#WLAN_MODE[4]=Managed -#WLAN_RATE[4]="54M auto" -#WLAN_CHANNEL[4]="auto" -#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" -#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ -# set EncrypType=TKIP | \ -# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" -WLAN_WPA[4]="wpa_supplicant" -#WLAN_WPADRIVER[4]="ndiswrapper" +<screen><prompt>darkstar:~# </prompt><userinput>dhcpcd eth0</userinput> </screen> <para> -When we discussed wired ethernet, each "n" in the variable corrosponded -with the "n" in ethn. Here however, that no longer holds true. Notice -that the variable IFNAME[4] has a value of "wlan0". It is common for -wireless cards to have an interface name other than "ethn" and that is -reflected here. When <filename>rc.inet1.conf</filename> is read by the -start-up scripts, Slackware knows to apply all these options to the -"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. -Many of the other options are the same. IP address information is -added in exactly the same way we discussed for wired network cards in -the previous chapter; however, we have a lot of new variables that need -some explaination. +If everything went according to plan, your NIC should be properly +configured, and you should be able to communicate with other computers +on your network, and with the Internet at large. If for some reason, +<application>dhcpcd</application> fails, you may want to try +<application>dhclient</application>(8). +<application>dhclient</application> is an alternative to +<application>dhcpcd</application> and works in basically the same way. </para> -<para> -To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory -by now; they refer the the essid and frequency to use. WLAN_MODE[n] is -either "managed" or "ad-hoc". Anyone connecting to an access point -will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if -you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated -variable that sets other variables inside itself. WLAN_IWPRIV[n] is -used for WPA2 networks. Here you tell Slackware what authentication -mode, encryption type, and key to use for WPA2 connections. Please -note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you -can't use both on the same interface. If you successfully configure -all this, then Slackware will attempt to connect to your wireless -network as soon as the system boots. -</para> +<screen><prompt>darkstar:~# </prompt><userinput>dhclient eth0</userinput> +Listening on LPF/eth0/00:1c:b3:ba:ad:4c +Sending on LPF/eth0/00:1c:b3:ba:ad:4c +Sending on Socket/fallback +DHCPREQUEST on eth0 to 255.255.255.255 port 67 +DHCPACK from 192.168.1.254 +bound to 192.168.1.198 -- renewal in 8547 seconds. +</screen> <para> -But wait, that's so much work! And what if I need to connect to -multiple wireless networks? I take my laptop to work and school and -need to seemlessly setup those wireless connections as soon as one is -within range. Doing things this way is simply too much work. You're -absolutely correct. +So why does Slackware include two DHCP clients? Sometimes a particular +DHCP server may be broken and not respond well to either +<application>dhcpcd</application> or +<application>dhclient</application>. In those cases, you can fall back +to the other DHCP client in hopes of getting a valid response from the +server. Traditionally, Slackware uses +<application>dhcpcd</application>, and this works in the vast majority +of cases, but it may become necessary at some point for you to use +<application>dhclient</application> instead. Both are excellent DHCP +clients, so use whichever you prefer. </para> </section> <section> -<title>wicd</title> +<title>Automatic Configuration with rc.inet1.conf</title> <para> -Introducing <application>wicd</application>(8), the premier wired and -wireless network connection manager for the laptop user on the go. -Pronounced "wicked", <application>wicd</application> is capable of -storing information for any number of wireless networks you need and -connecting to them with a simple command or the click of a mouse. -<application>wicd</application> is not part of the default Slackware -installation at this time, as it interferes somewhat with the normal -way of configuring network adapters, but you can find it in the -<filename>/extra</filename> directory of your Slackware install disks -or at your favorite mirror. <application>wicd</application> is both a -network connection daemon and a graphical application for configuring -networks. The CLI isn't forgotten either, as -<application>wicd-curses</application>(8) is every bit as powerful as -the traditional GUI front-end. In order to use -<application>wicd</application>, you will need to disable support for -any interfaces you have in <filename>rc.inet1.conf</filename> first. +Manually configuring interfaces is an important skill to have, but it +can become tedious. No one wants to manually setup their Internet +connection every time the system boots. More importantly, you may not +always have physical access to the machine when it boots. Slackware +makes it easy to automatically configure ethernet (and wireless) cards +at system startup with <filename>/etc/rc.d/rc.inet1.conf</filename>. +For now, we're going to focus on traditional wired ethernet networking; +the next chapter will discuss various wireless options. +</para> + +<para> +<filename>rc.inet1.conf</filename> is an incredibly powerful +configuration file, capable of configuring most of your network cards +automatically when Slackware is started. The file is filled with useful +comments, but there is also a man page that more thoroughly discusses +its use. To begin, we're going to look at some of the options used on +one of my personal machines. </para> <screen> -# rc.inet1.conf -# ============= # Config information for eth0: -IPADDR[0]="" -NETMASK[0]="" -USE_DHCP[0]="no" +IPADDR[0]="192.168.1.250" +NETMASK[0]="255.255.255.0" +USE_DHCP[0]="" DHCP_HOSTNAME[0]="" -# Default gateway IP address: -GATEWAY="" +# Some lines ommitted. +GATEWAY="192.168.1.254" </screen> <para> -Now we can install <application>wicd</application>, setup the daemon to -run on system boot-up, and begin using a more friendly application. +This represents most of the information necessary to configure a static +IP address on a single ethernet controller. +<application>netconfig</application> will usually fill in these values +for a single ethernet device for you. If you have multiple network +cards in your machine and need all of them activated automatically at +boot time, then you'll need to edit or add additional entries into this +file in the same manner as above. First, let me go over some of the +basics. </para> -<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput> -<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput> -<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput> -</screen> +<para> +As you may have already guessed, IPADDR[n] is the Internet Protocol +Address for the "n" network interface card. Typically, "n" corrosponds +to eth0, eth1, and so on, but this isn't always the case. You can +specify these values to pertain to a different network controller with +the INFAME[n] variable, but we will reserve that for the next chapter +on wireless networking, as it more commonly pertains to wireless +network controllers. Likewise, NETMASK[n] is the subnet mask to use +for the network controller. If these lines are left empty, then static +IP addresses will not be automatically assigned to this network +controller. The USE_DHCP[n] variable tells Slackware to (naturally) +use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used, +but some DHCP servers may require it. In that case, it must be set to +a valid hostname. Finally, we come to the GATEWAY variable. It is +actually set lower in the file than it appears in my example, and it +controls the default gateway to use. You may be wondering why there is +no GATEWAY[n] variable. The answer to that lies in how Internet +Protocol works. I won't go into an indepth discussion on that subject, +but suffice it to say that there is only ever one default route that a +computer can use no matter how many interfaces are attached to it. +</para> <para> -If you're predominately using the console, simply run -<application>wicd-curses</application> from your command line. If -instead, you are using a graphical desktop provided by -<application>X</application>, you can start the graphical front-end -from either the KDE or XFCE menu. Optionally, you could manually run -<application>wicd-client</application>(1) from a terminal or run -dialogue. +If you need to use static IP addressing, you will have to obtain a +unique static IP address and the subnet mask for the interface, as well +as the default gateway address, and enter those here. There is no place +to enter DNS information in <filename>rc.inet1.conf</filename>, so DNS +servers will have to be manually placed into +<filename>resolv.conf</filename> as we discussed above. Of course, if +you use <application>netconfig</application>, this will be handled for +you by that program. Now let's take a look at another interface on my +computer. </para> +<screen> +# Config information for eth1: +IPADDR[1]="" +NETMASK[1]="" +USE_DHCP[1]="yes" +DHCP_HOSTNAME[1]="" +</screen> + <para> -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +Here I am telling Slackware to configure eth1 using DHCP. I do not need +to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact, +if they are set, they will be ignored). Slackware will happily contact +a DHCP server as soon as the machine begins to boot. </para> </section> diff --git a/chapter_15.xml b/chapter_15.xml index 3a16ac9..c3b6d8a 100644 --- a/chapter_15.xml +++ b/chapter_15.xml @@ -3,644 +3,333 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Basic Networking Utilities</title> - -<para> -So you've finally managed to setup your network connection, now what? -How do you know that it's working? How do you know that you set it up -correctly? And just what do you do now that it's setup? Well this -chapter is for you. -</para> - -<section> -<title>Network Diagnostic Tools</title> - -<para> -Slackware Linux includes a great many networking tools for -troubleshooting and diagnosing network connection troubles, or just for -seeing what's out there on the network. Most of these tools are -command-line tools, so you can run them from a virtual terminal or in a -console window on your graphical desktop. A few of them even have -graphical front-ends, but we're going to deal almost exclusively with -command-line tools for now. -</para> +<title>Wireless Networking</title> <section> -<title>ping</title> +<title><application>iwconfig</application></title> <para> -<application>ping</application>(8) is a handy tool for determining if a -computer is operational on your network or on the Internet at large. -You can think of as a type of sonar for computers. By using it, you -send out a "ping" and listen for an echo to determine if another -computer or network device is listening. By default, -<application>ping</application> checks for the remote computer once per -second indefinitely, but you can change the interval between checks and -the total number of checks easily, just check the man page. You can -terminate the application at any time with -<keycap>CTRL</keycap>-<keycap>c</keycap>. When -<application>ping</application> is finished, it displays a handy -summary of its activity. <application>ping</application> is very useful -for determining if a computer on your network or the Internet is -available, but some systems block the packets -<application>ping</application> sends, so sometimes a system may be -functioning properly, but still not send replies. +Wireless networking is somewhat more complicated than traditional wired +networking, and requires additional tools for setup. Slackware includes +a diverse collection of wireless networking tools to allow you to +configure your wireless network interface card (WNIC) at the most basic +level. We won't cover everything here, but should give you a solid +foundation to get up and running quickly. The first tool we are going +to look at is <application>iwconfig</application>(8). When run without +any argument, <application>iwconfig</application> displays the current +wireless information on any and all NICs on your computer. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ping -c 3 www.slackware.com</userinput> -64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms -64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms -64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms - ---- slackware.com ping statistics --- -3 packets transmitted, 3 received, 0% packet loss, time 2004ms -rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms -</screen> +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig</userinput> +lo no wireless extensions. -</section> +eth0 no wireless extensions. -<section> -<title>traceroute</title> +wmaster0 no wireless extensions. -<para> -<application>traceroute</application>(8) is a handy tool for determining -what route your packets take to reach some other computer. It's mainly -of use for determining which computers are "near" or "far" from you. -This distance isn't strictly geographical, as your Internet Service -Provider may route traffic from your computer in strange ways. -<application>traceroute</application> shows you each router between -your computer and any other machine you wish to connect to. -Unfortunately, many providers, firewalls, and routers will block -<application>traceroute</application> so you might not get a complete -picture when using it. Still, it remains a handy tool for network -troubleshooting. -</para> +wlan0 IEEE 802.11abgn ESSID:"nest" + Mode:Managed Frequency:2.432 GHz Access Point: +00:13:10:EA:4E:BD + Bit Rate=54 Mb/s Tx-Power=17 dBm + Retry min limit:7 RTS thr:off Fragment thr=2352 B + Encryption key:off + Power Management:off + Link Quality=100/100 Signal level:-42 dBm + Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 + Tx excessive retries:0 Invalid misc:0 Missed beacon:0 -<screen><prompt>darkstar:~# </prompt><userinput>traceroute www.slackware.com</userinput> -traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte -packets - 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms - 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms - 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms - 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms - 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms -44.125 ms - 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms -58.247 ms 44.989 ms - 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms -46.110 ms 43.977 ms - 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms -76.735 ms 76.145 ms - 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms -108.328 ms 120.096 ms -10 wiltel-communications-group-inc.LosAngeles.savvis.net -(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms -11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436 -ms 85.575 ms -12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms -84.278 ms 86.922 ms -13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms -85.924 ms 86.102 ms -14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms -85.285 ms 84.148 ms -15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms -16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms -17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms -18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms +tun0 no wireless extensions. </screen> -</section> - -<section> -<title>telnet</title> - -<para> -Once upon a time, <application>telnet</application>(1) was the greatest -thing since sliced bread. Basically, <application>telnet</application> -opens an unencrypted network connection between two computers and hands -control of the session to the user rather than some other application. -Using <application>telnet</application>, people could connect to shells -on other computers and execute commands as if they were physically -present. Due to its unencrypted nature this is no longer recommended; -however, <application>telnet</application> is still used for this -purpose by many devices. -</para> <para> -Today, <application>telnet</application> is put to better use as a -network diagnostic tool. Because it passes control of the session -directly to the user, it can be used for a great variety of testing -purposes. As long as you know what ASCII commands to send to the -receiving computer, you can do any number of activies, such as read web -pages or check your e-mail. Simply inform -<application>telnet</application> what network port to use, and you're -all set. +Unlike wired networks, wireless networks are "fuzzy". Their borders are +hard to define, and multiple networks may overlap one another. In order +to avoid confusion, each wireless network has (hopefully) unique +identifiers. The two most basic identifiers are the Extended Service +Set Identifier (ESSID) and the channel or frequency for radio +transmission. The ESSID is simply a name that identifies the wireless +network in question; you may have heard it referred to as the network +name or something similar. Typical wireless networks operate on 11 +different frequencies. In order to connect to even the most basic +wireless network, you will have to setup these two pieces of +information, and possibly others, before setting up things like the +WNIC's IP address. Here you can see that my ESSID is set to "nest" and +my laptop is transmitting at 2.432 GHz. This is all that is required to +connect to an unencrypted wireless LAN. (For any of you out there +expecting to come to my house and use my unencrypted wireless, you +should know that you'll have to break a 2048-bit SSL key before the +access point will let you communicate with my LAN.) </para> -<screen><prompt>darkstar:~# </prompt><userinput>telnet www.slackware.com 80</userinput> -Trying 64.57.102.34... -Connected to www.slackware.com. -Escape character is '^]'. -<userinput>HEAD / HTTP/1.1 -Host: www.slackware.com -</userinput> -HTTP/1.1 200 OK -Date: Thu, 04 Feb 2010 18:01:35 GMT -Server: Apache/1.3.27 (Unix) PHP/4.3.1 -Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT -ETag: "61dc2-5374-4a973333" -Accept-Ranges: bytes -Content-Length: 21364 -Content-Type: text/html -</screen> - -</section> - -<section> -<title>ssh</title> +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ + freq 2.432G</userinput></screen> <para> -As we mentioned, <application>telnet</application> may be useful as a -diagnostic tool, but its unencrypted nature makes it a security concern -for shell access. Thankfully, there's the secure shell protocol. Nearly -every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or -<application>ssh</application>(1) for short. It is one of the most -commonly used network tools today and makes use of the strongest -cryptographic techniques. <application>ssh</application> has many -features, configuration options, and neat hacks, enough to fill its own -book, so we'll only go into the basics here. Simply run -<application>ssh</application> with the user name and the host and -you'll be connected to it quickly and safely. If this is the first time -you are connecting to this computer, <application>ssh</application> -will ask you to confirm your desire, and make a local copy of the -encryption key to use. Should this key later change, -<application>ssh</application> will warn you and refuse to connect -because it is possible that some one is attempting to hijack the -connection using what is known as a man-in-the-middle attack. +The <arg>freq</arg> and <arg>channel</arg> arguments control basically +the same thing. You only need to use one. If you are unsure what +frequency or channel to use, Slackware can usually figure this out for +you. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ssh alan@slackware.com</userinput> -alan@slackware.com's password: <userinput>secret</userinput> -<prompt>alan@slackware.com:~$ </prompt> -</screen> +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \ + channel auto</userinput></screen> <para> -The user and hostname are in the same form used by e-mail addresses. -If you leave off the username part, <application>ssh</application> will -use your current username when establishing the connection. +Now Slackware will attempt to connect to the strongest access point on +the "nest" essid operating at any frequency. </para> </section> <section> -<title>tcpdump</title> +<title>Wired Equivilant Protection (or Lack Thereof)</title> <para> -So far all the tools we've looked at have focused on making connections -to other computers, but now we're going to look at the traffic itself. -<application>tcpdump</application>(1) (which must be run as root) -allows us to view all or part of the network traffic originating or -received by our computer. <application>tcpdump</application> displays -the raw data packets in a variety of ways with all the network headers -intact. Don't be alarmed if you don't understand everything it -displays, <application>tcpdump</application> is a tool for professional -network engineers and system administrators. By default, it probes the -first network card it finds, but if you have multiple interfaces, -simply use the <arg>-i</arg> argument to specify which one you're -interested in. You can also limit the data displayed using expressions -and change the manner in which it is displayed, but that is best -explained by the man page and other reference material. +Wireless networking is by its very nature less secure than wired +networking. Having your information travelling on the airwaves makes it +highly susceptible to interception by third paries, so over the years a +number of methods have been devised to make wireless networking more +secure. The first was called Wired Equivilant Protection, or WEP for +short, and well far short of its goal. If you are still using WEP +today, I encourage you to consider using WPA2 or some other form of +stronger encryption. Attacks against WEP are trivial and take only +minutes to perform. Unfortunately there are still access points +configured for WEP, and you may need to connect to one from time to +time. Connecting to WEP encrypted access points is fairly simple, +particularly if you have the key in hexidecimal format. We'll need to +pass the <arg>key</arg> argument along with the password in hexidecimal +or ASCII format. If using an ASCII password, you'll need to prepend it +with "s:"; here's a couple examples. Generally speaking, hexidecimal +format is prefered. </para> -<screen><prompt>darkstar:~# </prompt><userinput>tcpdump -i wlan0</userinput> -tcpdump: verbose output suppressed, use -v or -vv for full protocol -decode -listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes -13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387: -Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489 -ecr 339048583], length 164WARNING: Short packet. Try increasing the -snap length by 140 -SMB PACKET: SMBtrans2 (REPLY) - -13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds: -Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr -1382697489], length 134WARNING: Short packet. Try increasing the snap -length by 110 -SMB PACKET: SMBtrans2 (REQUEST) +<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ + key cf80baf8bf01a160de540bfb1c</userinput> +<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \ + key s:thisisapassword</userinput> </screen> </section> <section> -<title>nmap</title> - -<para> -Suppose you need to know what network services are running on a -machine, or multiple machines, or you wish to determine if multiple -machines are responsive? You could <application>ping</application> -each one individually, <application>telnet</application> to each port -you're interested in, and note every detail, but that's very tedious -and time consuming. A much easier alternative is to use a port scanner, -and <application>nmap</application>(1) is just the tool for the job. -<application>nmap</application> is capable of scanning TCP and UDP -ports, determining the operating system of a network device, probing -each located service to determine its specific type, and much much -more. Perhaps the simplist way to use <application>nmap</application> -is to "ping" multiple computers at once. You can use network address -notation (CIDR) or specify a range of addresses and -<application>nmap</application> will scan every one and return the -results to you when it's finished. You can even specify host names as -you like. -</para> +<title>Wifi Protected Access</title> <para> -In order to "ping" hosts, you'll have to use the <arg>-sP</arg> -argument. The following command instructs -<application>nmap</application> to "ping" www.slackware.com and the 16 -IP addresses starting at 72.168.24.0 and ending at 72.168.24.15. +Wifi Protected Access (or WPA for short) was the successor for WEP that +aimed to fix several problems with wireless encryption. Unfortunately, +WPA had some flaws as well. An update called WPA2 offers even stronger +protection. At this time, WPA2 is supported by nearly all wireless +network cards and access points, but some older devices may only +support WEP. If you need to secure your wireless network traffic, WPA2 +should be considered the minimum level of protection required. +Unfortunately, <application>iwconfig</application> is unable to setup +WPA2 encryption on its own. For that, we need a helper daemon, +<application>wpa_supplicant</application>(8). </para> -<screen><prompt>darkstar:~# </prompt><userinput>nmap -sP www.slackware.com 72.168.24.0/28</userinput> -</screen> - <para> -Should you need to perform a port scan, <application>nmap</application> -has many options for doing just that. When run without any arguments, -<application>nmap</application> performs a standard TCP port scan on all -hosts specified. There are also options to make -<application>nmap</application> more or less aggressive with its -scanning to return results quicker or fool intrusion detection -services. For a full discussion, you should refer to the rather -exhaustive man page. The following three commands perform a regular -port scan, a SYN scan, and a "Christmas tree" scan. +Unfortunately, there's no easy way to manually configure a WPA2 +protected network; you'll have to edit +<filename>/etc/wpa_supplicant.conf</filename> directly with a text +editor. Here we will discuss the simplest form of WPA2 protection, the +Pre-Shared Key, or PSK for short. For details on setting up Slackware +to connect to more complicated WPA2 encrypted networks, see the man +page for <filename>wpa_supplicant.conf</filename>. </para> -<screen><prompt>darkstar:~# </prompt><userinput>nmap www.example.com</userinput> -<prompt>darkstar:~# </prompt><userinput>nmap -sS www.example.com</userinput> -<prompt>darkstar:~# </prompt><userinput>nmap -sX www.example.com</userinput> +<screen> +# /etc/wpa_supplicant.conf +# ======================== +# This line enables the use of wpa_cli which is used by rc.wireless +# if possible (to check for successful association) +ctrl_interface=/var/run/wpa_supplicant +# By default, only root (group 0) may use wpa_cli +ctrl_interface_group=0 +eapol_version=1 +ap_scan=1 +fast_reauth=1 +#country=US + +# WPA protected network, supply your own ESSID and WPAPSK here: +network={ + scan_ssid=1 + ssid="nest" + key_mgmt=WPA-PSK + psk="secret passphrase" +} </screen> <para> -Be warned! Some Internet Service Providers frown heavily on port -scanning and may take measures to prevent you from doing it. -<application>nmap</application> and applications like it are best used -on your own systems for maintenance and security purposes, not as -general purpose Internet scanners. +The block of text we're interested in is the network block enclosed by +curly braces. Here we have set the ssid for the network "nest", as well +as the PSK to use "secret passphrase". At this point, WPA2 is setup. +You can run <application>wpa_supplicant</application> and then obtain +an IP address via DHCP or set a static address. Of course, this is a +lot of work, there must be an easier way to do this. </para> </section> -</section> - -<section><title>Web Browsers</title> - -<para> -Slackware includes a variety of web browsers. If you're using a -graphical desktop, you'll find Firefox, Seamonkey, and others you may -already be familiar with, but what about console access? Fortunately, -there are a number of capable web browsers here as well. -</para> - -<section><title>lynx</title> - -<para> -The oldest console-based web browser included with Slackware is -definitely <application>lynx</application>(1), a very capable if -somewhat limited web browser. <application>lynx</application> does not -support frames, javascript, or pictures; it is strictly a text web -browser. Navigation is performed using your keyboard's arrow keys and -optionally, a mouse. While it lacks many features that other browsers -support, <application>lynx</application> is one of the fastest web -browsers you'll ever use for gathering information. For example, the -<arg>-dump</arg> argument sends the formatted web page directly to the -console, which can then be piped to other programs. -</para> - -<para> -PIC OF LYNX IN ACTION. -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -</para> - -</section> - -<section><title>links</title> - -<para> -A more feature-rich alternative is the popular -<application>links</application>(1), a console-based web browser that -supports frames and has better table rendering than -<application>lynx</application>. Like its predecessor, -<application>links</application> is navigated with the arrow keys, and -the use of a mouse is supported. Unlike, -<application>lynx</application> it also includes a handy menu (simply -click on the top line with your mouse to activate) and generally -formats web pages better. -</para> +<section> +<title>rc.inet1.conf revisited</title> <para> -PIC OF LINKS IN ACTION. -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! +Welcome back to <filename>rc.inet1.conf</filename>. You're recall in +the last chapter that we used this configuration file to automatically +configure NICs whenever Slackware boots. Now, we will use it to +configure wifi as well. If you're using WPA2, you'll still need to +setup <filename>wpa_supplicant.conf</filename> properly first, however. </para> -</section> - -<section><title>wget</title> - <para> -Unlike the other browsers we've looked at, -<application>wget</application>(1) is non-interactive. Rather than display -HTTP content, <application>wget</application> downloads it. This takes -the "browsing" out of the web browser. Unlike the dump modes of other -browsers, <application>wget</application> does not format its -downloads; rather it copies the content in its exact form on the web -server with all tags and binary data in place. It also supports several -recursive options that can effectively mirror online content to your -local computer. <application>wget</application> need not operate -exclusively on HTTP content; it also supports FTP and several other -protocols. +Recall that each NIC had a name or number that identified the variables +that corrospond with it? The same hold true for wifi NICs, only they +have even more variables due to the added complexity of wireless +networking. </para> -<screen><prompt>darkstar:~# </prompt><userinput>wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt</userinput> ---2010-05-01 13:51:19-- -ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt - => `ChangeLog.txt' -Resolving ftp.osuosl.org... 64.50.236.52 -Connecting to ftp.osuosl.org|64.50.236.52|:21... connected. -Logging in as anonymous ... Logged in! -==> SYST ... done. ==> PWD ... done. -==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done. -==> SIZE ChangeLog.txt ... 75306 -==> PASV ... done. ==> RETR ChangeLog.txt ... done. -Length: 75306 (74K) - -100%[======================================>] 75,306 110K/s in 0.7s - -2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306] +<screen> +# rc.inet1.conf (excert) +# ====================== +## Example config information for wlan0. Uncomment the lines you need and fill +## in your info. (You may not need all of these for your wireless network) +IFNAME[4]="wlan0" +IPADDR[4]="" +NETMASK[4]="" +USE_DHCP[4]="yes" +#DHCP_HOSTNAME[4]="icculus-wireless" +#DHCP_KEEPRESOLV[4]="yes" +#DHCP_KEEPNTP[4]="yes" +#DHCP_KEEPGW[4]="yes" +#DHCP_IPADDR[4]="" +WLAN_ESSID[4]="nest" +#WLAN_MODE[4]=Managed +#WLAN_RATE[4]="54M auto" +#WLAN_CHANNEL[4]="auto" +#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" +#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ +# set EncrypType=TKIP | \ +# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" +WLAN_WPA[4]="wpa_supplicant" +#WLAN_WPADRIVER[4]="ndiswrapper" </screen> -</section> - -</section> - -<section> -<title>FTP Clients</title> - <para> -Lots of data is stored on FTP servers the world over. In fact, -Slackware Linux was first publically offered via FTP and continues to -be distributed in this fashion today. Most open source software can be -downloaded in source code or binary form via FTP, so knowing how to -retrieve this information is a handy skill. +When we discussed wired ethernet, each "n" in the variable corrosponded +with the "n" in ethn. Here however, that no longer holds true. Notice +that the variable IFNAME[4] has a value of "wlan0". It is common for +wireless cards to have an interface name other than "ethn" and that is +reflected here. When <filename>rc.inet1.conf</filename> is read by the +start-up scripts, Slackware knows to apply all these options to the +"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. +Many of the other options are the same. IP address information is +added in exactly the same way we discussed for wired network cards in +the previous chapter; however, we have a lot of new variables that need +some explaination. </para> -<section><title>ftp</title> - <para> -The simplest FTP client included with Slackware is named simply, -<application>ftp</application>(1) and is a reliable if somewhat simple -means of sending and retrieving data. <application>ftp</application> -connects to an FTP server, asks for your username and password, and -then allows you to put or get data to and from that server. -<application>ftp</application> has fallen out of favor with more -experienced users do to a lack of features, but remains a handy tool, -and much of the documentation you see online will refer you to it. +To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory +by now; they refer the the essid and frequency to use. WLAN_MODE[n] is +either "managed" or "ad-hoc". Anyone connecting to an access point +will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if +you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated +variable that sets other variables inside itself. WLAN_IWPRIV[n] is +used for WPA2 networks. Here you tell Slackware what authentication +mode, encryption type, and key to use for WPA2 connections. Please +note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you +can't use both on the same interface. If you successfully configure +all this, then Slackware will attempt to connect to your wireless +network as soon as the system boots. </para> <para> -Once an FTP session has been initialized, you'll be placed at a prompt -somewhat like a shell. From here you can change and list directories -using the "cd" and "ls" commands, just like a shell. Additionally, you -may issue the "put" command to send a file to the server, or a "get" -command to retrieve data from the server. If you're connecting to a -public FTP server, you'll want to use the "anonymous" username and -simply enter your e-mail address (or a fake one) for the password. +But wait, that's so much work! And what if I need to connect to +multiple wireless networks? I take my laptop to work and school and +need to seemlessly setup those wireless connections as soon as one is +within range. Doing things this way is simply too much work. You're +absolutely correct. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ftp ftp.osuosl.org</userinput> -Name (ftp.osuosl.org:alan): <userinput>anonymous</userinput> -331 Please specify the password. -Password: <userinput>secret</userinput> -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> <userinput>cd pub/slackware/slackware-current/</userinput> -250 Directory successfully changed. -ftp> <userinput>get ChangeLog.txt</userinput> -local: ChangeLog.txt remote: ChangeLog.txt -200 PORT command successful. Consider using PASV. -150 Opening BINARY mode data connection for ChangeLog.txt (33967 -bytes). -226 File send OK. -33967 bytes received in 0.351 secs (94 Kbytes/sec) -ftp> <userinput>bye</userinput> -221 Goodbye. -</screen> - </section> -<section><title>ncftp</title> +<section> +<title>wicd</title> <para> -<application>ncftp</application>(1) (pronounced nick-f-t-p), is a more -feature rich successor to <application>ftp</application>, supporting -tab completion and recursive retrieval. It automatically connects to a -server as the anonymous user, unless you specify a different username -on the commandline with the <arg>-u</arg> argument. The primary -advantage over <application>ftp</application> is the ability to send -and retrieve multiple files at once with the "mput" and "mget" -commands. If you pass the <arg>-R</arg> argument to either of them, -they will recursively put or get data from directories. +Introducing <application>wicd</application>(8), the premier wired and +wireless network connection manager for the laptop user on the go. +Pronounced "wicked", <application>wicd</application> is capable of +storing information for any number of wireless networks you need and +connecting to them with a simple command or the click of a mouse. +<application>wicd</application> is not part of the default Slackware +installation at this time, as it interferes somewhat with the normal +way of configuring network adapters, but you can find it in the +<filename>/extra</filename> directory of your Slackware install disks +or at your favorite mirror. <application>wicd</application> is both a +network connection daemon and a graphical application for configuring +networks. The CLI isn't forgotten either, as +<application>wicd-curses</application>(8) is every bit as powerful as +the traditional GUI front-end. In order to use +<application>wicd</application>, you will need to disable support for +any interfaces you have in <filename>rc.inet1.conf</filename> first. </para> -<screen><prompt>darkstar:~# </prompt><userinput>ncftp ftp.osuosl.org</userinput> -Logging in... -Login successful. -Logged in to ftp.osuosl.org. -ncftp / > <userinput>cd pub/slackware/slackware-current</userinput> -Directory successfully changed. -ncftp ...ware/slackware-current > <userinput>mget -R isolinux</userinput> -isolinux/README.TXT: 4.63 kB 16.77 kB/s -isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s -isolinux/f2.txt: 793.00 B 5.68 kB/s -isolinux/initrd.img: 13.75 MB 837.91 kB/s -isolinux/iso.sort: 50.00 B 354.50 B/s -isolinux/isolinux.bin: 14.00 kB 33.99 kB/s -isolinux/isolinux.cfg: 487.00 B 3.30 kB/s -isolinux/message.txt: 760.00 B 5.32 kB/s -isolinux/setpkg: 2.76 kB 19.11 kB/s -ncftp ...ware/slackware-current > <userinput>bye</userinput> +<screen> +# rc.inet1.conf +# ============= +# Config information for eth0: +IPADDR[0]="" +NETMASK[0]="" +USE_DHCP[0]="no" +DHCP_HOSTNAME[0]="" +# Default gateway IP address: +GATEWAY="" </screen> -</section> - -<section><title>lftp</title> - <para> -The last client we're going to look at is -<application>lftp</application>(1). Like -<application>ncftp</application>, it supports tab completion and -recursive activity, but has a more friendly license. Rather than user -"mget" and "mput", all recursive operations are handled with the -"mirror" command. "mirror" has many different options available, so -I'll have to refer you to the man page and the built-in "help" command -for complete details. +Now we can install <application>wicd</application>, setup the daemon to +run on system boot-up, and begin using a more friendly application. </para> -<screen><prompt>darkstar:~# </prompt><userinput>lftp ftp.osuosl.org</userinput> -lftp ftp.osuosl.org:~> <userinput>cd /pub/slackware/slackware-current</userinput> -cd ok, cwd=/pub/slackware/slackware-current -lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>mirror isolinux</userinput> -Total: 2 directories, 16 files, 1 symlink -New: 16 files, 1 symlink -14636789 bytes transferred in 20 seconds (703.7K/s) -lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>bye</userinput> +<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput> +<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput> +<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput> </screen> -</section> - -</section> - -<section> -<title>NNTP Clients</title> - <para> -Once upon a time when the Internet was young, before the World Wide Web -was invented and no one had heard of hyperlinks, everyone retrieved -their news and information through a service known as Usenet using the -NNTP protocol. It remains today a useful knowledge base of information -on an incredible variety of subjects, but if you wish to access this -information, you're going to need a proper client. Slackware includes -a number of NNTP clients with both console and graphical interfaces, -but we'll only detail the console tools here. Popular graphical news -readers include <application>knode</application> and -<application>pan</application>. +If you're predominately using the console, simply run +<application>wicd-curses</application> from your command line. If +instead, you are using a graphical desktop provided by +<application>X</application>, you can start the graphical front-end +from either the KDE or XFCE menu. Optionally, you could manually run +<application>wicd-client</application>(1) from a terminal or run +dialogue. </para> -<section><title>tin</title> - -</section> - -<section><title>slrn</title> - -</section> - -</section> - -<section> -<title>rsync</title> - <para> -Ready to see something cool? Have you ever found yourself needing just -a handful of files from a large directory, but you're not entirely sure -which files you already have and which ones you need? You can download -the entire directory again, but that's duplicating a lot of work. You -can pick and chose, manually check everything, but that's very tedious. -Perhaps you've downloaded a large file such as an ISO, but something -went wrong with the download? It doesn't make sense that you should -have to pull down the entire file again if only a few bits have been -corrupted. Enter <application>rsync</application>(1), a fast and -versatile copying tool for local and remote files. +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! </para> -<para> -<application>rsync</application> uses a handful of simple, but very -effective techniques to determine what needs to be changed. By checking -file size and time stamps, it can determine if two files are different. -If something has changed, it can determine what bytes are different, -and simply download that handfull of data rather than an entire file. -It is truly a marvel of modern technology. -</para> - -<para> -In its simplist form, <application>rsync</application> connects to an -rsync protocol server and downloads a list of files and directories, -along with their sizes, timestamps, and other information. It then -compares this to the local files (if any) to determine what it needs to -transfer. Only files that are different will be synced. Additionally, -it breaks up large files into smaller chunks and compares those chunks -using a quick and simple hash function. Any chunks that match are not -transferred, so the amount of data that must be copied can be -dramatically reduced. <application>rsync</application> also supports -compression, verbose output, file deletion, permission handling, and -many other options. For a complete list, you'll need to refer to the -man page, but I've included a small table of some of the more common -options. -</para> - -<table pgwide="0"> -<title>rsync Arguments</title> -<tgroup cols="2"> - <thead> - <entry>Argument</entry> - <entry>Explaination</entry> - </thead> - <tbody> - <row> - <entry>-v</entry> - <entry>Increased verbosity</entry> - </row> - <row> - <entry>-c</entry> - <entry>Checksum all files rather than relying on file size and timestamp</entry> - </row> - <row> - <entry>-a</entry> - <entry>Archive mode (equivilant to -rlptgoD)</entry> - </row> - <row> - <entry>-e</entry> - <entry>Specify a remote shell to use</entry> - </row> - <row> - <entry>-r</entry> - <entry>Recursive mode</entry> - </row> - <row> - <entry>-u</entry> - <entry>Update - skip files that are newer on the receiving end</entry> - </row> - <row> - <entry>-p</entry> - <entry>Preserve permissions</entry> - </row> - <row> - <entry>-n</entry> - <entry>Dry-run - perform a trial run without making any changes</entry> - </row> - <row> - <entry>-z</entry> - <entry>Compress - handy for slow network connections</entry> - </row> - </tbody> -</tgroup> -</table> - -<para> -Due to the power and versatility of <application>rsync</application>, -it can be invoked in a number of ways. The following two examples -connect to an rsync protocol server to retrieve some information and to -another server via ssh to encrypt the transmission. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \ -/src/slackware-current/</userinput> -<prompt>darkstar:~# </prompt><userinput>rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo</userinput> -</screen> - </section> </chapter> diff --git a/chapter_16.xml b/chapter_16.xml index 4da780b..3a16ac9 100644 --- a/chapter_16.xml +++ b/chapter_16.xml @@ -3,190 +3,644 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Package Management</title> +<title>Basic Networking Utilities</title> <para> -Package management is an essential part of any Linux distribution. -Every piece of software included by Slackware, along with many -third-party tools are distributed as source code that can be compiled, -but compiling all those thousands of different applications and -libraries is tedious and time consuming. That's why many people prefer -to install pre-compiled software packages. In fact, when you installed -Slackware, the <application>setup</application> program primarily -worked by running package management tools on a list of packages. Here -we'll look at the various tools used for handling Slackware packages. +So you've finally managed to setup your network connection, now what? +How do you know that it's working? How do you know that you set it up +correctly? And just what do you do now that it's setup? Well this +chapter is for you. </para> <section> -<title><application>pkgtool</application></title> +<title>Network Diagnostic Tools</title> <para> -The simplest way to perform package maintenance tasks is to invoke -<application>pkgtool</application>(8), a menu-driven interface to some of -the other tools. <application>pkgtool</application> allows you to -install or remove packages as well as view the contents of those -packages and the list of currently installed packages in a -user-friendly ncurses interface. +Slackware Linux includes a great many networking tools for +troubleshooting and diagnosing network connection troubles, or just for +seeing what's out there on the network. Most of these tools are +command-line tools, so you can run them from a virtual terminal or in a +console window on your graphical desktop. A few of them even have +graphical front-ends, but we're going to deal almost exclusively with +command-line tools for now. </para> +<section> +<title>ping</title> + +<para> +<application>ping</application>(8) is a handy tool for determining if a +computer is operational on your network or on the Internet at large. +You can think of as a type of sonar for computers. By using it, you +send out a "ping" and listen for an echo to determine if another +computer or network device is listening. By default, +<application>ping</application> checks for the remote computer once per +second indefinitely, but you can change the interval between checks and +the total number of checks easily, just check the man page. You can +terminate the application at any time with +<keycap>CTRL</keycap>-<keycap>c</keycap>. When +<application>ping</application> is finished, it displays a handy +summary of its activity. <application>ping</application> is very useful +for determining if a computer on your network or the Internet is +available, but some systems block the packets +<application>ping</application> sends, so sometimes a system may be +functioning properly, but still not send replies. +</para> + + +<screen><prompt>darkstar:~# </prompt><userinput>ping -c 3 www.slackware.com</userinput> +64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms + +--- slackware.com ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2004ms +rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms +</screen> + +</section> + +<section> +<title>traceroute</title> + +<para> +<application>traceroute</application>(8) is a handy tool for determining +what route your packets take to reach some other computer. It's mainly +of use for determining which computers are "near" or "far" from you. +This distance isn't strictly geographical, as your Internet Service +Provider may route traffic from your computer in strange ways. +<application>traceroute</application> shows you each router between +your computer and any other machine you wish to connect to. +Unfortunately, many providers, firewalls, and routers will block +<application>traceroute</application> so you might not get a complete +picture when using it. Still, it remains a handy tool for network +troubleshooting. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>traceroute www.slackware.com</userinput> +traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte +packets + 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms + 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms + 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms + 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms + 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms +44.125 ms + 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms +58.247 ms 44.989 ms + 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms +46.110 ms 43.977 ms + 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms +76.735 ms 76.145 ms + 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms +108.328 ms 120.096 ms +10 wiltel-communications-group-inc.LosAngeles.savvis.net +(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms +11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436 +ms 85.575 ms +12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms +84.278 ms 86.922 ms +13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms +85.924 ms 86.102 ms +14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms +85.285 ms 84.148 ms +15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms +16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms +17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms +18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms +</screen> +</section> + +<section> +<title>telnet</title> + +<para> +Once upon a time, <application>telnet</application>(1) was the greatest +thing since sliced bread. Basically, <application>telnet</application> +opens an unencrypted network connection between two computers and hands +control of the session to the user rather than some other application. +Using <application>telnet</application>, people could connect to shells +on other computers and execute commands as if they were physically +present. Due to its unencrypted nature this is no longer recommended; +however, <application>telnet</application> is still used for this +purpose by many devices. +</para> + +<para> +Today, <application>telnet</application> is put to better use as a +network diagnostic tool. Because it passes control of the session +directly to the user, it can be used for a great variety of testing +purposes. As long as you know what ASCII commands to send to the +receiving computer, you can do any number of activies, such as read web +pages or check your e-mail. Simply inform +<application>telnet</application> what network port to use, and you're +all set. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>telnet www.slackware.com 80</userinput> +Trying 64.57.102.34... +Connected to www.slackware.com. +Escape character is '^]'. +<userinput>HEAD / HTTP/1.1 +Host: www.slackware.com +</userinput> +HTTP/1.1 200 OK +Date: Thu, 04 Feb 2010 18:01:35 GMT +Server: Apache/1.3.27 (Unix) PHP/4.3.1 +Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT +ETag: "61dc2-5374-4a973333" +Accept-Ranges: bytes +Content-Length: 21364 +Content-Type: text/html +</screen> + +</section> + +<section> +<title>ssh</title> + <para> -PICTURE OF PKGTOOL MAIN SCREEN. -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! +As we mentioned, <application>telnet</application> may be useful as a +diagnostic tool, but its unencrypted nature makes it a security concern +for shell access. Thankfully, there's the secure shell protocol. Nearly +every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or +<application>ssh</application>(1) for short. It is one of the most +commonly used network tools today and makes use of the strongest +cryptographic techniques. <application>ssh</application> has many +features, configuration options, and neat hacks, enough to fill its own +book, so we'll only go into the basics here. Simply run +<application>ssh</application> with the user name and the host and +you'll be connected to it quickly and safely. If this is the first time +you are connecting to this computer, <application>ssh</application> +will ask you to confirm your desire, and make a local copy of the +encryption key to use. Should this key later change, +<application>ssh</application> will warn you and refuse to connect +because it is possible that some one is attempting to hijack the +connection using what is known as a man-in-the-middle attack. </para> +<screen><prompt>darkstar:~# </prompt><userinput>ssh alan@slackware.com</userinput> +alan@slackware.com's password: <userinput>secret</userinput> +<prompt>alan@slackware.com:~$ </prompt> +</screen> + <para> -<application>pkgtool</application> is a convenient and easy way to -perform the most basic tasks, but for more advanced work more flexible -tools are needed. +The user and hostname are in the same form used by e-mail addresses. +If you leave off the username part, <application>ssh</application> will +use your current username when establishing the connection. </para> </section> <section> -<title>Installing, Removing, and Upgrading Packages</title> - -<para> -While <application>pkgtool</application> scores points for convenience, -<application>installpkg</application>(8) is much more capable of -handling odd tasks, such as quickly installing a single package, -installing an entire disk set of packages, or scripting an install. -<application>installpkg</application> takes a list of packages to -install, and simply installs them without asking any questions. Like -all Slackware package management tools, it assumes that you know what -you're doing and doesn't pretend to be smarter than you. In its -simplest form, <application>installpkg</application> simply takes a -list of packages to install, and does exactly what you would expect. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>installpkg blackbox-0.70.1-i486-2.txz</userinput> -Verifying package blackbox-0.70.1-i486-2.txz. -Installing package blackbox-0.70.1-i486-2.txz: -PACKAGE DESCRIPTION: -# blackbox (Blackbox window manager) -# -# Blackbox is that fast, light window manager you have been looking for -# without all those annoying library dependencies. -# -# Also included in this package is the bbkeys utility for controlling -# keyboard shortcut commands from within Blackbox. -# -# The Blackbox home page is http://blackboxwm.sourceforge.net -# -Package blackbox-0.70.1-i486-2.txz installed.</screen> - -<para> -You can of course install multiple packages at a time, and in fact use -shell wild cards. The following installs all of the "N" series -packages from a mounted CD-ROM. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>installpkg /mnt/cdrom/slackware/n/*.txz</userinput></screen> - -<para> -Removing a package is every bit as easy as installing one. As you might -expect, the command to do this is -<application>removepkg</application>(8). Simply tell it which packages -to remove, and <application>removepkg</application> will check the -contents of the package database and remove all the files and -directories for that package with one caveat. If that file is included -in multiple installed packages, it will be skipped and if a directory -has new files in it, the directory will be left in place. Because of -this, removing packages takes a good while longer than installing them. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>removepkg blackbox-0.70.1-i486-2.txz</userinput> +<title>tcpdump</title> + +<para> +So far all the tools we've looked at have focused on making connections +to other computers, but now we're going to look at the traffic itself. +<application>tcpdump</application>(1) (which must be run as root) +allows us to view all or part of the network traffic originating or +received by our computer. <application>tcpdump</application> displays +the raw data packets in a variety of ways with all the network headers +intact. Don't be alarmed if you don't understand everything it +displays, <application>tcpdump</application> is a tool for professional +network engineers and system administrators. By default, it probes the +first network card it finds, but if you have multiple interfaces, +simply use the <arg>-i</arg> argument to specify which one you're +interested in. You can also limit the data displayed using expressions +and change the manner in which it is displayed, but that is best +explained by the man page and other reference material. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>tcpdump -i wlan0</userinput> +tcpdump: verbose output suppressed, use -v or -vv for full protocol +decode +listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes +13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387: +Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489 +ecr 339048583], length 164WARNING: Short packet. Try increasing the +snap length by 140 +SMB PACKET: SMBtrans2 (REPLY) + +13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds: +Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr +1382697489], length 134WARNING: Short packet. Try increasing the snap +length by 110 +SMB PACKET: SMBtrans2 (REQUEST) +</screen> + +</section> + +<section> +<title>nmap</title> + +<para> +Suppose you need to know what network services are running on a +machine, or multiple machines, or you wish to determine if multiple +machines are responsive? You could <application>ping</application> +each one individually, <application>telnet</application> to each port +you're interested in, and note every detail, but that's very tedious +and time consuming. A much easier alternative is to use a port scanner, +and <application>nmap</application>(1) is just the tool for the job. +<application>nmap</application> is capable of scanning TCP and UDP +ports, determining the operating system of a network device, probing +each located service to determine its specific type, and much much +more. Perhaps the simplist way to use <application>nmap</application> +is to "ping" multiple computers at once. You can use network address +notation (CIDR) or specify a range of addresses and +<application>nmap</application> will scan every one and return the +results to you when it's finished. You can even specify host names as +you like. +</para> + +<para> +In order to "ping" hosts, you'll have to use the <arg>-sP</arg> +argument. The following command instructs +<application>nmap</application> to "ping" www.slackware.com and the 16 +IP addresses starting at 72.168.24.0 and ending at 72.168.24.15. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>nmap -sP www.slackware.com 72.168.24.0/28</userinput> +</screen> + +<para> +Should you need to perform a port scan, <application>nmap</application> +has many options for doing just that. When run without any arguments, +<application>nmap</application> performs a standard TCP port scan on all +hosts specified. There are also options to make +<application>nmap</application> more or less aggressive with its +scanning to return results quicker or fool intrusion detection +services. For a full discussion, you should refer to the rather +exhaustive man page. The following three commands perform a regular +port scan, a SYN scan, and a "Christmas tree" scan. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>nmap www.example.com</userinput> +<prompt>darkstar:~# </prompt><userinput>nmap -sS www.example.com</userinput> +<prompt>darkstar:~# </prompt><userinput>nmap -sX www.example.com</userinput> +</screen> + +<para> +Be warned! Some Internet Service Providers frown heavily on port +scanning and may take measures to prevent you from doing it. +<application>nmap</application> and applications like it are best used +on your own systems for maintenance and security purposes, not as +general purpose Internet scanners. +</para> + +</section> + +</section> + +<section><title>Web Browsers</title> + +<para> +Slackware includes a variety of web browsers. If you're using a +graphical desktop, you'll find Firefox, Seamonkey, and others you may +already be familiar with, but what about console access? Fortunately, +there are a number of capable web browsers here as well. +</para> + +<section><title>lynx</title> + +<para> +The oldest console-based web browser included with Slackware is +definitely <application>lynx</application>(1), a very capable if +somewhat limited web browser. <application>lynx</application> does not +support frames, javascript, or pictures; it is strictly a text web +browser. Navigation is performed using your keyboard's arrow keys and +optionally, a mouse. While it lacks many features that other browsers +support, <application>lynx</application> is one of the fastest web +browsers you'll ever use for gathering information. For example, the +<arg>-dump</arg> argument sends the formatted web page directly to the +console, which can then be piped to other programs. +</para> + +<para> +PIC OF LYNX IN ACTION. +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +</para> + +</section> + +<section><title>links</title> + +<para> +A more feature-rich alternative is the popular +<application>links</application>(1), a console-based web browser that +supports frames and has better table rendering than +<application>lynx</application>. Like its predecessor, +<application>links</application> is navigated with the arrow keys, and +the use of a mouse is supported. Unlike, +<application>lynx</application> it also includes a handy menu (simply +click on the top line with your mouse to activate) and generally +formats web pages better. +</para> + +<para> +PIC OF LINKS IN ACTION. +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +</para> + +</section> + +<section><title>wget</title> + +<para> +Unlike the other browsers we've looked at, +<application>wget</application>(1) is non-interactive. Rather than display +HTTP content, <application>wget</application> downloads it. This takes +the "browsing" out of the web browser. Unlike the dump modes of other +browsers, <application>wget</application> does not format its +downloads; rather it copies the content in its exact form on the web +server with all tags and binary data in place. It also supports several +recursive options that can effectively mirror online content to your +local computer. <application>wget</application> need not operate +exclusively on HTTP content; it also supports FTP and several other +protocols. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt</userinput> +--2010-05-01 13:51:19-- +ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt + => `ChangeLog.txt' +Resolving ftp.osuosl.org... 64.50.236.52 +Connecting to ftp.osuosl.org|64.50.236.52|:21... connected. +Logging in as anonymous ... Logged in! +==> SYST ... done. ==> PWD ... done. +==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done. +==> SIZE ChangeLog.txt ... 75306 +==> PASV ... done. ==> RETR ChangeLog.txt ... done. +Length: 75306 (74K) + +100%[======================================>] 75,306 110K/s in 0.7s + +2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306] </screen> +</section> + +</section> + +<section> +<title>FTP Clients</title> + <para> -Finally, upgrading is just as easy with (you guessed it), -<application>upgradepkg</application>(8) which first installs a new -package, then removes whatever files and directories are left-over from -the old package. One important thing to remember is that -<application>upgradepkg</application> doesn't check to see if the -previously installed package has a higher version number than the "new" -package, so it can also be used to downgrade to older versions. +Lots of data is stored on FTP servers the world over. In fact, +Slackware Linux was first publically offered via FTP and continues to +be distributed in this fashion today. Most open source software can be +downloaded in source code or binary form via FTP, so knowing how to +retrieve this information is a handy skill. </para> +<section><title>ftp</title> +<para> +The simplest FTP client included with Slackware is named simply, +<application>ftp</application>(1) and is a reliable if somewhat simple +means of sending and retrieving data. <application>ftp</application> +connects to an FTP server, asks for your username and password, and +then allows you to put or get data to and from that server. +<application>ftp</application> has fallen out of favor with more +experienced users do to a lack of features, but remains a handy tool, +and much of the documentation you see online will refer you to it. +</para> -<screen><prompt>darkstar:~# </prompt><userinput>upgradepkg blackbox-0.70.1-i486-2.txz</userinput> +<para> +Once an FTP session has been initialized, you'll be placed at a prompt +somewhat like a shell. From here you can change and list directories +using the "cd" and "ls" commands, just like a shell. Additionally, you +may issue the "put" command to send a file to the server, or a "get" +command to retrieve data from the server. If you're connecting to a +public FTP server, you'll want to use the "anonymous" username and +simply enter your e-mail address (or a fake one) for the password. +</para> -+============================================================================== -| Upgrading blackbox-0.65.0-x86_64-4 package using -./blackbox-0.70.1-i486-2.txz -+============================================================================== +<screen><prompt>darkstar:~# </prompt><userinput>ftp ftp.osuosl.org</userinput> +Name (ftp.osuosl.org:alan): <userinput>anonymous</userinput> +331 Please specify the password. +Password: <userinput>secret</userinput> +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> <userinput>cd pub/slackware/slackware-current/</userinput> +250 Directory successfully changed. +ftp> <userinput>get ChangeLog.txt</userinput> +local: ChangeLog.txt remote: ChangeLog.txt +200 PORT command successful. Consider using PASV. +150 Opening BINARY mode data connection for ChangeLog.txt (33967 +bytes). +226 File send OK. +33967 bytes received in 0.351 secs (94 Kbytes/sec) +ftp> <userinput>bye</userinput> +221 Goodbye. +</screen> -Pre-installing package blackbox-0.70.1-i486-2... +</section> -Removing package -/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51... - --> Deleting symlink /usr/share/blackbox/nls/POSIX - --> Deleting symlink /usr/share/blackbox/nls/US_ASCII - --> Deleting symlink /usr/share/blackbox/nls/de - --> Deleting symlink /usr/share/blackbox/nls/en - --> Deleting symlink /usr/share/blackbox/nls/en_GB -... -Package blackbox-0.65.0-x86_64-4 upgraded with new package -./blackbox-0.70.1-i486-2.txz.</screen> +<section><title>ncftp</title> <para> -All of these tools have useful arguments. For example, the -<arg>--root</arg> to <application>installpkg</application> will install -packages into an arbitrary directory. The <arg>--dry-run</arg> argument -will instruct <application>upgradepkg</application> to simply tell you -what it would attempt without actually making any changes to the -system. For complete details, you should (as always) refer to the man -pages. +<application>ncftp</application>(1) (pronounced nick-f-t-p), is a more +feature rich successor to <application>ftp</application>, supporting +tab completion and recursive retrieval. It automatically connects to a +server as the anonymous user, unless you specify a different username +on the commandline with the <arg>-u</arg> argument. The primary +advantage over <application>ftp</application> is the ability to send +and retrieve multiple files at once with the "mput" and "mget" +commands. If you pass the <arg>-R</arg> argument to either of them, +they will recursively put or get data from directories. </para> +<screen><prompt>darkstar:~# </prompt><userinput>ncftp ftp.osuosl.org</userinput> +Logging in... +Login successful. +Logged in to ftp.osuosl.org. +ncftp / > <userinput>cd pub/slackware/slackware-current</userinput> +Directory successfully changed. +ncftp ...ware/slackware-current > <userinput>mget -R isolinux</userinput> +isolinux/README.TXT: 4.63 kB 16.77 kB/s +isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s +isolinux/f2.txt: 793.00 B 5.68 kB/s +isolinux/initrd.img: 13.75 MB 837.91 kB/s +isolinux/iso.sort: 50.00 B 354.50 B/s +isolinux/isolinux.bin: 14.00 kB 33.99 kB/s +isolinux/isolinux.cfg: 487.00 B 3.30 kB/s +isolinux/message.txt: 760.00 B 5.32 kB/s +isolinux/setpkg: 2.76 kB 19.11 kB/s +ncftp ...ware/slackware-current > <userinput>bye</userinput> +</screen> + +</section> + +<section><title>lftp</title> + +<para> +The last client we're going to look at is +<application>lftp</application>(1). Like +<application>ncftp</application>, it supports tab completion and +recursive activity, but has a more friendly license. Rather than user +"mget" and "mput", all recursive operations are handled with the +"mirror" command. "mirror" has many different options available, so +I'll have to refer you to the man page and the built-in "help" command +for complete details. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>lftp ftp.osuosl.org</userinput> +lftp ftp.osuosl.org:~> <userinput>cd /pub/slackware/slackware-current</userinput> +cd ok, cwd=/pub/slackware/slackware-current +lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>mirror isolinux</userinput> +Total: 2 directories, 16 files, 1 symlink +New: 16 files, 1 symlink +14636789 bytes transferred in 20 seconds (703.7K/s) +lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>bye</userinput> +</screen> + +</section> + </section> <section> -<title>Package Compression Formats</title> +<title>NNTP Clients</title> <para> -We won't go in depth into the details of package formats, but a few -words should be given here. In the past, all Slackware packages were -compressed with the <application>gzip</application>(1) compression -utility, which was a good compromise between compression speed and -size. Recently, new compression schemes have been added and the -package management tools have been upgraded to handle these. Today, -official Slackware packages are compressed with the -<application>xz</application> utility and end with .txz extensions. -Older packages (and many third party packages) still use the .tgz -extension. +Once upon a time when the Internet was young, before the World Wide Web +was invented and no one had heard of hyperlinks, everyone retrieved +their news and information through a service known as Usenet using the +NNTP protocol. It remains today a useful knowledge base of information +on an incredible variety of subjects, but if you wish to access this +information, you're going to need a proper client. Slackware includes +a number of NNTP clients with both console and graphical interfaces, +but we'll only detail the console tools here. Popular graphical news +readers include <application>knode</application> and +<application>pan</application>. </para> +<section><title>tin</title> + +</section> + +<section><title>slrn</title> + +</section> + </section> <section> -<title><application>slackpkg</application></title> +<title>rsync</title> <para> - The <application>slackpkg</application> is an automated tool for -management of Slackware Linux Packages. It was in /extra for -the release of slackware-12.1, and since the release of -slackware-12.2 it is included in the ap/ series of a base -installation. +Ready to see something cool? Have you ever found yourself needing just +a handful of files from a large directory, but you're not entirely sure +which files you already have and which ones you need? You can download +the entire directory again, but that's duplicating a lot of work. You +can pick and chose, manually check everything, but that's very tedious. +Perhaps you've downloaded a large file such as an ISO, but something +went wrong with the download? It doesn't make sense that you should +have to pull down the entire file again if only a few bits have been +corrupted. Enter <application>rsync</application>(1), a fast and +versatile copying tool for local and remote files. </para> + +<para> +<application>rsync</application> uses a handful of simple, but very +effective techniques to determine what needs to be changed. By checking +file size and time stamps, it can determine if two files are different. +If something has changed, it can determine what bytes are different, +and simply download that handfull of data rather than an entire file. +It is truly a marvel of modern technology. +</para> + <para> - For more information see the <application>man</application> pages for -slackpkg(8) and slackpkg.conf(5). +In its simplist form, <application>rsync</application> connects to an +rsync protocol server and downloads a list of files and directories, +along with their sizes, timestamps, and other information. It then +compares this to the local files (if any) to determine what it needs to +transfer. Only files that are different will be synced. Additionally, +it breaks up large files into smaller chunks and compares those chunks +using a quick and simple hash function. Any chunks that match are not +transferred, so the amount of data that must be copied can be +dramatically reduced. <application>rsync</application> also supports +compression, verbose output, file deletion, permission handling, and +many other options. For a complete list, you'll need to refer to the +man page, but I've included a small table of some of the more common +options. </para> + +<table pgwide="0"> +<title>rsync Arguments</title> +<tgroup cols="2"> + <thead> + <entry>Argument</entry> + <entry>Explaination</entry> + </thead> + <tbody> + <row> + <entry>-v</entry> + <entry>Increased verbosity</entry> + </row> + <row> + <entry>-c</entry> + <entry>Checksum all files rather than relying on file size and timestamp</entry> + </row> + <row> + <entry>-a</entry> + <entry>Archive mode (equivilant to -rlptgoD)</entry> + </row> + <row> + <entry>-e</entry> + <entry>Specify a remote shell to use</entry> + </row> + <row> + <entry>-r</entry> + <entry>Recursive mode</entry> + </row> + <row> + <entry>-u</entry> + <entry>Update - skip files that are newer on the receiving end</entry> + </row> + <row> + <entry>-p</entry> + <entry>Preserve permissions</entry> + </row> + <row> + <entry>-n</entry> + <entry>Dry-run - perform a trial run without making any changes</entry> + </row> + <row> + <entry>-z</entry> + <entry>Compress - handy for slow network connections</entry> + </row> + </tbody> +</tgroup> +</table> + <para> -Homepage: <ulink url="http://www.slackpkg.org/">http://www.slackpkg.org/</ulink> +Due to the power and versatility of <application>rsync</application>, +it can be invoked in a number of ways. The following two examples +connect to an rsync protocol server to retrieve some information and to +another server via ssh to encrypt the transmission. </para> +<screen><prompt>darkstar:~# </prompt><userinput>rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \ +/src/slackware-current/</userinput> +<prompt>darkstar:~# </prompt><userinput>rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo</userinput> +</screen> + </section> </chapter> diff --git a/chapter_17.xml b/chapter_17.xml index ea3035c..4da780b 100644 --- a/chapter_17.xml +++ b/chapter_17.xml @@ -3,119 +3,188 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>Keeping Track of Updates</title> +<title>Package Management</title> + +<para> +Package management is an essential part of any Linux distribution. +Every piece of software included by Slackware, along with many +third-party tools are distributed as source code that can be compiled, +but compiling all those thousands of different applications and +libraries is tedious and time consuming. That's why many people prefer +to install pre-compiled software packages. In fact, when you installed +Slackware, the <application>setup</application> program primarily +worked by running package management tools on a list of packages. Here +we'll look at the various tools used for handling Slackware packages. +</para> <section> -<title>The -stable Branch</title> +<title><application>pkgtool</application></title> <para> -Whenever a new version of Slackware is released, the Slackware team will, -as needed, release updated packages to fix serious security vulnerabilities -and particularly nasty bugs. Therefore, it's important to keep up with all -of the patches for your version of Slackware, which is referred to as the -"-stable" branch. There is also a "-current" branch, which is where we do -our development work toward the next stable release (and as such, there are -often intrusive changes there), but unless you're willing to work with a -possibly broken system and are able to fix things on your own, we strongly -recommend that you stick with the "-stable" branch. +The simplest way to perform package maintenance tasks is to invoke +<application>pkgtool</application>(8), a menu-driven interface to some of +the other tools. <application>pkgtool</application> allows you to +install or remove packages as well as view the contents of those +packages and the list of currently installed packages in a +user-friendly ncurses interface. </para> <para> -Since -stable updates aren't distributed on the disks, you'll need to obtain -them from the Internet. Many people and organizations offer mirrors from -which you can download the entire Slackware tree (or only the -<filename>patches/</filename> directory) in any number of ways. While some -mirrors offer web access, the most common ways of obtaining updates are via -ftp and/or rsync servers. The Slackware project maintains a small list -(organized by country) of known mirrors. If you're unsure which mirror you -should use, simply consult -<ulink url="http://www.slackware.com/getslack/">http://www.slackware.com/getslack/</ulink> -for suggestions. If you have a major university near you, there's a good -chance that they offer a mirror of numerous open source projects, and -Slackware may be among them. The only real requirement for a mirror is that -it be complete, but usually it's best to use a mirror near where you live in -order to achieve the fastest transfer times and use the least amount of -Internet resources. +PICTURE OF PKGTOOL MAIN SCREEN. +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! </para> <para> -So how do you know when there are updates? The best way is to consult the -<filename>ChangeLog.txt</filename> on any up-to-date mirror. You can always -find the latest changelogs for the "-current" and most recent "-stable" -branch on the Slackware Project's web page, but if you're running an older -version of Slackware, you'll need to check a mirror. +<application>pkgtool</application> is a convenient and easy way to +perform the most basic tasks, but for more advanced work more flexible +tools are needed. </para> -<screen><prompt>darkstar:~# </prompt><userinput>wget -O - \ -ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \ -| less</userinput> -Sun Jan 24 20:22:46 UTC 2010 -patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. - This fixes a couple of security bugs when using mod_proxy_ftp. - For more information, see: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 - (* Security fix *)</screen> - </section> <section> -<title>Security Update Mailing List</title> +<title>Installing, Removing, and Upgrading Packages</title> + +<para> +While <application>pkgtool</application> scores points for convenience, +<application>installpkg</application>(8) is much more capable of +handling odd tasks, such as quickly installing a single package, +installing an entire disk set of packages, or scripting an install. +<application>installpkg</application> takes a list of packages to +install, and simply installs them without asking any questions. Like +all Slackware package management tools, it assumes that you know what +you're doing and doesn't pretend to be smarter than you. In its +simplest form, <application>installpkg</application> simply takes a +list of packages to install, and does exactly what you would expect. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>installpkg blackbox-0.70.1-i486-2.txz</userinput> +Verifying package blackbox-0.70.1-i486-2.txz. +Installing package blackbox-0.70.1-i486-2.txz: +PACKAGE DESCRIPTION: +# blackbox (Blackbox window manager) +# +# Blackbox is that fast, light window manager you have been looking for +# without all those annoying library dependencies. +# +# Also included in this package is the bbkeys utility for controlling +# keyboard shortcut commands from within Blackbox. +# +# The Blackbox home page is http://blackboxwm.sourceforge.net +# +Package blackbox-0.70.1-i486-2.txz installed.</screen> + +<para> +You can of course install multiple packages at a time, and in fact use +shell wild cards. The following installs all of the "N" series +packages from a mounted CD-ROM. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>installpkg /mnt/cdrom/slackware/n/*.txz</userinput></screen> + +<para> +Removing a package is every bit as easy as installing one. As you might +expect, the command to do this is +<application>removepkg</application>(8). Simply tell it which packages +to remove, and <application>removepkg</application> will check the +contents of the package database and remove all the files and +directories for that package with one caveat. If that file is included +in multiple installed packages, it will be skipped and if a directory +has new files in it, the directory will be left in place. Because of +this, removing packages takes a good while longer than installing them. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>removepkg blackbox-0.70.1-i486-2.txz</userinput> +</screen> <para> -While the Slackware team does release updated bugfix-only packages (i.e. -not security fixes) occasionally, you're probably most interested in -security fixes for vulnerabilities discovered after the -stable release. -The Slackware Project maintains a mailing list that will notify you of any -updated packages for such serious issues. In order to subscribe to the -mailing list, send an e-mail to <email>majordomo@slackware.com</email> -with the words 'subscribe slackware-security' in the body of the message. -The majordomo will be happy to add your name to the list, and when new -packages are released, it will mail an advisory to you. +Finally, upgrading is just as easy with (you guessed it), +<application>upgradepkg</application>(8) which first installs a new +package, then removes whatever files and directories are left-over from +the old package. One important thing to remember is that +<application>upgradepkg</application> doesn't check to see if the +previously installed package has a higher version number than the "new" +package, so it can also be used to downgrade to older versions. +</para> + + + +<screen><prompt>darkstar:~# </prompt><userinput>upgradepkg blackbox-0.70.1-i486-2.txz</userinput> + ++============================================================================== +| Upgrading blackbox-0.65.0-x86_64-4 package using +./blackbox-0.70.1-i486-2.txz ++============================================================================== + +Pre-installing package blackbox-0.70.1-i486-2... + +Removing package +/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51... + --> Deleting symlink /usr/share/blackbox/nls/POSIX + --> Deleting symlink /usr/share/blackbox/nls/US_ASCII + --> Deleting symlink /usr/share/blackbox/nls/de + --> Deleting symlink /usr/share/blackbox/nls/en + --> Deleting symlink /usr/share/blackbox/nls/en_GB +... +Package blackbox-0.65.0-x86_64-4 upgraded with new package +./blackbox-0.70.1-i486-2.txz.</screen> + +<para> +All of these tools have useful arguments. For example, the +<arg>--root</arg> to <application>installpkg</application> will install +packages into an arbitrary directory. The <arg>--dry-run</arg> argument +will instruct <application>upgradepkg</application> to simply tell you +what it would attempt without actually making any changes to the +system. For complete details, you should (as always) refer to the man +pages. </para> </section> <section> -<title>Upgrading Slackware Versions</title> +<title>Package Compression Formats</title> <para> -Now that we've gone this far, you should feel reasonably competent in your -ability to manage your Slackware system. But what do we do with it when -there's a new release? Updating from one release of Slackware to another -is a lot more complicated than simply updating a few packages. Each release -changes a lot of things, and while many of these changes are small, some of -them can completely break your system if you haven't prepared for them and/or -don't understand what is changing and why. While some Linux distributions -provide highly automated tools that attempt to handle every tiny detail for -you, Slackware takes a much more hands-on approach to things. +We won't go in depth into the details of package formats, but a few +words should be given here. In the past, all Slackware packages were +compressed with the <application>gzip</application>(1) compression +utility, which was a good compromise between compression speed and +size. Recently, new compression schemes have been added and the +package management tools have been upgraded to handle these. Today, +official Slackware packages are compressed with the +<application>xz</application> utility and end with .txz extensions. +Older packages (and many third party packages) still use the .tgz +extension. </para> +</section> + +<section> +<title><application>slackpkg</application></title> + <para> -The very first thing you should do before attempting an upgrade is the one -that many people neglect: decide if it's really necessary to upgrade. If -the old system is stable and doing everything you want it to do, there may -be no need to do an operating system upgrade at all. Assuming you decide -to do the upgrade, then the second thing you should do is read the -<filename>CHANGES_AND_HINTS.TXT</filename> file on your upgrade discs or -a mirror. This file is updated during the development period before every -release, and it lists lots of helpful hints and tips to aid you in dealing -with the changes. Finally, read the <filename>UPGRADE.TXT</filename> file -before proceeding. After doing these things, you may decide that it's less -trouble and potential for problems to backup your configuration files and -data and do a fresh installation of the new Slackware release rather than -attempt a possibly tricky upgrade. However, if you still wish to continue, -make backups of your data and configuration files first. At a minimum, -it's good practice to backup the <filename>/etc</filename> and <filename>/home</filename> -directories. This will give you a chance to perform a reinstall if something -goes wrong with the upgrade. + The <application>slackpkg</application> is an automated tool for +management of Slackware Linux Packages. It was in /extra for +the release of slackware-12.1, and since the release of +slackware-12.2 it is included in the ap/ series of a base +installation. +</para> +<para> + For more information see the <application>man</application> pages for +slackpkg(8) and slackpkg.conf(5). </para> - <para> -Since every new version of Slackware has a few differences, giving complete -instructions here is not only futile but potentially misleading. You should -always consult the documentation included on your Slackware disks or your -favorite mirror. +Homepage: <ulink url="http://www.slackpkg.org/">http://www.slackpkg.org/</ulink> </para> </section> diff --git a/chapter_18.xml b/chapter_18.xml index bc49aed..ea3035c 100644 --- a/chapter_18.xml +++ b/chapter_18.xml @@ -3,375 +3,119 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> <chapter> -<title>The Linux Kernel</title> +<title>Keeping Track of Updates</title> <section> -<title>What Does the Kernel Do?</title> - -<para> -You've probably heard people talking about compiling the kernel or -building a kernel, but what exactly is the kernel and what does it do? -The kernel is the center of your computer. It is the foundation for the -entire operating system. The kernel acts as a bridge between the -hardware and the applications. This means that the kernel is (usually) -the sole piece of software responsible for ordering around the hardware -components of your computer. It is the kernel that instructs the hard -drive to search for a certain data stream. It is the kernel that -instructs your network card to transmit rapid changes in voltage. The -kernel also listens to hardware as well. When the network card detects -a remote computer sending information, it forwards that information to -the kernel. This makes the kernel both the single most important piece -of software on your computer and the most complex. -</para> +<title>The -stable Branch</title> + +<para> +Whenever a new version of Slackware is released, the Slackware team will, +as needed, release updated packages to fix serious security vulnerabilities +and particularly nasty bugs. Therefore, it's important to keep up with all +of the patches for your version of Slackware, which is referred to as the +"-stable" branch. There is also a "-current" branch, which is where we do +our development work toward the next stable release (and as such, there are +often intrusive changes there), but unless you're willing to work with a +possibly broken system and are able to fix things on your own, we strongly +recommend that you stick with the "-stable" branch. +</para> + +<para> +Since -stable updates aren't distributed on the disks, you'll need to obtain +them from the Internet. Many people and organizations offer mirrors from +which you can download the entire Slackware tree (or only the +<filename>patches/</filename> directory) in any number of ways. While some +mirrors offer web access, the most common ways of obtaining updates are via +ftp and/or rsync servers. The Slackware project maintains a small list +(organized by country) of known mirrors. If you're unsure which mirror you +should use, simply consult +<ulink url="http://www.slackware.com/getslack/">http://www.slackware.com/getslack/</ulink> +for suggestions. If you have a major university near you, there's a good +chance that they offer a mirror of numerous open source projects, and +Slackware may be among them. The only real requirement for a mirror is that +it be complete, but usually it's best to use a mirror near where you live in +order to achieve the fastest transfer times and use the least amount of +Internet resources. +</para> + +<para> +So how do you know when there are updates? The best way is to consult the +<filename>ChangeLog.txt</filename> on any up-to-date mirror. You can always +find the latest changelogs for the "-current" and most recent "-stable" +branch on the Slackware Project's web page, but if you're running an older +version of Slackware, you'll need to check a mirror. +</para> + +<screen><prompt>darkstar:~# </prompt><userinput>wget -O - \ +ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \ +| less</userinput> +Sun Jan 24 20:22:46 UTC 2010 +patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. + This fixes a couple of security bugs when using mod_proxy_ftp. + For more information, see: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 + (* Security fix *)</screen> </section> <section> -<title>Working with Modules</title> - -<para> -The complexity of a modern linux kernel is staggering. The source code -for the kernel weighs in at nearly 400MB uncompressed. There are -thousands of developers, hundreds of options, and if everything were -built together, the kernel would soon pass 100MB in size itself. In -order to keep the size of the kernel down (as well as the amount of RAM -needed for the kernel), most of the kernel options are built as -modules. You can think of these modules as device drivers which can be -inserted or removed from a running kernel at will. In truth, many of -them aren't device drivers at all, but contain support for things such -as network protocols, security measures, and even filesystems. In -short, nearly any piece of the linux kernel can be built as a loadable -module. -</para> - -<para> -It's important to realize that Slackware will automatically handle -loading most modules for you. When your system boots, -<application>udevd</application>(8) is started and begins to probe your -system's hardware. For each device it finds, it loads the proper module -and created a device node in <filename>/dev</filename>. This usually -means that you will not need to load any modules in order to use your -computer, but occasionally this is necessary. -</para> - -<para> -So what modules are currently loaded on your computer and how do we -load and unload them? Fortunately we have a full suite of tools for -handling this. As you might have guessed, the tool for listing modules -is <application>lsmod</application>(8). -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>lsmod</userinput> -Module Size Used by -nls_utf8 1952 1 -cifs 240600 2 -i915 168584 2 -drm 168128 3 i915 -i2c_algo_bit 6468 1 i915 -tun 12740 1 -... many more lines ommitted ... -</screen> - -<para> -In addition to showing you what modules are loaded, it displays the -size of each module and tells you what other modules are using it. -</para> - -<para> -There are two applications for loading modules: -<application>insmod</application>(8) and -<application>modprobe</application>(8). Both will load modules and -report any errors (such as loading a module for a device that isn't -present in your system), but <application>modprobe</application> is -preferred because it can load any module dependencies. Using either is -straight-forward. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>insmod ext3</userinput> -<prompt>darkstar:~# </prompt><userinput>modprobe ext4</userinput> -<prompt>darkstar:~# </prompt><userinput>lsmod | grep ext</userinput> -ext4 239928 1 -jbd2 59088 1 ext4 -crc16 1984 1 ext4 -ext3 139408 0 -jbd 48520 1 ext3 -mbcache 8068 2 ext4,ext3 -</screen> +<title>Security Update Mailing List</title> <para> -Removing modules can be a tricky process, and once again we have two -programs for removing them: <application>rmmod</application>(8) and -<application>modprobe</application>. In order to remove a module with -modprobe, you'll need to use the <arg>-r</arg> argument. +While the Slackware team does release updated bugfix-only packages (i.e. +not security fixes) occasionally, you're probably most interested in +security fixes for vulnerabilities discovered after the -stable release. +The Slackware Project maintains a mailing list that will notify you of any +updated packages for such serious issues. In order to subscribe to the +mailing list, send an e-mail to <email>majordomo@slackware.com</email> +with the words 'subscribe slackware-security' in the body of the message. +The majordomo will be happy to add your name to the list, and when new +packages are released, it will mail an advisory to you. </para> -<screen><prompt>darkstar:~# </prompt><userinput>rmmod ext3</userinput> -<prompt>darkstar:~# </prompt><userinput>modprobe -r ext4</userinput> -<prompt>darkstar:~# </prompt><userinput>lsmod | grep ext</userinput> -</screen> - </section> <section> -<title>Compiling A Kernel and Why to do So</title> - -<para> -Most Slackware users will never need to compile a kernel. The huge and -generic kernels contain virtually all the support you will need. -However, some users may need to compile a kernel. If your computer -contains bleeding edge hardware, a newer kernel may offer improved -support. Sometimes a kernel patch my be available that corrects a -problem you are experiencing. In these cases a kernel compile is -probably warranted. Users who simply want the latest and greatest -version or who believe using a custom compiled kernel will give them -greater performance can certainly upgrade, but are unlikely to notice -any major changes. If you still think compiling your own kernel is -something you want or need to do, this section should walk you through -the many steps. -Compiling and installing a kernel is not that difficult, but there are -a number of mistakes that can be made along the way, many of which can -prevent your computer from booting and cause major frustration. -</para> - -<para> -The first step is ensuring you have the kernel source code installed on -your system. The kernel source package is included in the "k" disk set -in the Slackware installer, or you can download another version from -<ulink url="http://www.kernel.org/">http://www.kernel.org/</ulink>. -Traditionally, the kernel source is located in -<filename>/usr/src/linux</filename>, a symbolic link that points to the -specific kernel release used, but this is by no means set in stone. You -can place the kernel source code virtually anywhere without -encountering any problems. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/src</userinput> -lrwxrwxrwx 1 root root 14 2009-07-22 19:59 linux -> linux-2.6.29.6/ -drwxr-xr-x 23 root root 4096 2010-03-17 19:00 linux-2.6.29.6/ -</screen> - -<para> -The most difficult part of any kernel compile is the kernel -configuration. There are hundreds of options, many of which can -optionally be compiled into modules. This means there are thousands of -ways to configure a kernel. Fortunately, there are a few handy tricks -that can keep you from running into too much trouble. The kernel -configuration file is <filename>.config</filename>. If you are very -brave, you can manually edit this file with a text editor, but I highly -recommend you use the kernel's built-in tools for manipulating -<filename>.config</filename>. -</para> - -<para> -Unless you are very familiar with configuring kernels, you should -always start with a solid base configuration and modify it. This -prevents you from skipping an important option that might force you to -compile the kernel again and again until you get it right. The best -kernel <filename>.config</filename> files to start with are those used -by Slackware's default kernels. You can find them on your Slackware -install disks or at your favorite mirror in the -<filename>kernels/</filename> directory. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>mount /mnt/cdrom</userinput> -<prompt>darkstar:~# </prompt><userinput>cd /mnt/cdrom/kernels</userinput> -<prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>ls</userinput> -VERSIONS.TXT huge.s/ generic.s/ speakup.s/ -<prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>ls genric.s</userinput> -System.map.gz bzImage config -</screen> - -<para> -You can replace the default <filename>.config</filename> file easily by -copying or downloading the <filename>config</filename> file for the -kernel you wish to use as a base. Here I am using Slackware's -recommended generic.s kernel for a base, but you may wish to use the -huge.s config file. The generic kernel builds more things as modules -and thus creates a smaller kernel image, but it usually requires the -use of an initrd. -</para> - -<screen><prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>cp generic.s/config /usr/src/linux/.config</userinput> -</screen> - -<note><para> -The Slackware kernel file lacks the "dot" while the kernel -file includes it. If you forget, or simply copy the -<filename>config</filename> to <filename>/usr/src</filename> whatever -<filename>.config</filename> file was already present will be used -instead. -</para></note> - -<para> -If you want to use the configuration for the currently running kernel -as your base, you may be able to locate it at -<filename>/proc/config.gz</filename>. This is a special kernel-related -file that includes the entire kernel configuration in a compressed -format and requires that your kernel was built to support it. -</para> - -<screen><prompt>darkstar:~# </prompt><userinput>zcat /proc/config.gz > /usr/src/linux/.config</userinput> -</screen> - -<para> -Now that we've created a solid base configuration, it's time to make -any configuration changes we want. The entire kernel build process from -configuration to compilation is performed with the -<application>make</application>(1) command and special arguments to it. -Each argument performs a different function. -</para> - -<para> -If you are upgrading to a newer kernel release, you will definitely -want to use the <arg>oldconfig</arg> argument. This will step through -your base <filename>.config</filename> and look for missing elements -that usually indicates that the new kernel release contains additional -options. Since options are added at virtually every kernel release, -this is generally a good thing to do. -</para> - -<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make oldconfig</userinput> -scripts/kconfig/conf -o arch/x86/Kconfig -* -* Restart config... -* -* -* File systems -* -Second extended fs support (EXT2_FS) [M/n/y/?] m - Ext2 extended attributes (EXT2_FS_XATTR) [N/y/?] n - Ext2 execute in place support (EXT2_FS_XIP) [N/y/?] n -Ext3 journalling file system support (EXT3_FS) [M/n/y/?] m - Ext3 extended attributes (EXT3_FS_XATTR) [Y/n/?] y - Ext3 POSIX Access Control Lists (EXT3_FS_POSIX_ACL) [Y/n/?] y - Ext3 Security Labels (EXT3_FS_SECURITY) [Y/n/?] y -The Extended 4 (ext4) filesystem (EXT4_FS) [N/m/y/?] (NEW) <userinput>m</userinput> -</screen> - -<para> -Here you can see that I the new kernel I am compiling has added support -for a new filesystem: ext4. <arg>oldconfig</arg> has gone through my -original configuration, kept all the old options exactly as they were -set, and prompted me on what to do with new options. Typically it is -save to choose the default option, but you may wish change this. -<arg>oldconfig</arg> is a very handy tool for presenting you with only -new configuration options, making it ideal for users who simply have to -try out the latest kernel release. -</para> - -<para> -For more serious configuration tasks, there are a multitude of options. -The linux kernel can be configured in three primary ways. The first is -<arg>config</arg>, which will step through each and every option one by -one and ask what you would like to do. This is so tedious that hardly -anyone ever uses it anymore. -</para> - -<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make config</userinput> -scripts/kconfig/conf arch/x86/Kconfig -* -* Linux Kernel Configuration -* -* -* General setup -* -Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] <userinput>Y</userinput> -Local version - append to kernel release (LOCALVERSION) [] <userinput>-test</userinput> -Automatically append version information to the version string (LOCALVERSION_AUTO) [N/y/?] <userinput>n</userinput> -Support for paging of anonymous memory (swap) (SWAP) [Y/n/?] -</screen> - -<para> -Fortunately, there are two much easier ways to configure your kernel, -<arg>menuconfig</arg> and <arg>xconfig</arg>. Both of these create a -menu-driven program that lets you select and de-select options without -having to step through each one. <arg>menuconfig</arg> is the most -commonly used method, and the one I recommend. <arg>xconfig</arg> is -only useful if you are attempting to compile the kernel from a -graphical user interface within <application>X</application>. Both are -so similar however, that we are only going to document -<arg>menuconfig</arg>. -</para> - -<para> -Running <userinput>make menuconfig</userinput> from a terminal will -present you with the friendly curses-driven interface you see below. -Each kernel section is given its own submenu, and you can navigate with -the arrow keys. -</para> - -<imagedata fileref="img/make-menuconfig-w.png" format="PNG"/> - -<warning><para> -If you are compiling a kernel that is the same release as the stock -Slackware kernel, you must set the "Local version" option. This is -found on the "General setup" submenu. Failure to set this will result -in your kernel compile over-writing all the modules used by the stock -kernels. This can quickly render your system unbootable. -</para></warning> - -<para> -Once you've finished configuring the kernel, it's time to begin -compiling it. There are many different methods for this, but the most -reliable is to use <arg>bzImage</arg>. When you pass this argument to -<application>make</application>, the kernel compilation will begin and -you will see lots of data scroll through the terminal until either the -compile process is complete or a fatal error is encountered. -</para> - -<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make bzImage</userinput> -scripts/kconfig/conf -s arch/x86/Kconfig - CHK include/linux/version.h - CHK include/linux/utsrelease.h - SYMLINK include/asm -> include/asm-x86 - CALL scripts/checksyscalls.sh - CC scripts/mod/empty.o - HOSTCC scripts/mod/mk_elfconfig - MKELF scripts/mod/elfconfig.h - HOSTCC scripts/mod/file2alias.o -... many hundreds of lines ommitted ... -</screen> - -<para> -If the process ends in an error, you should check your kernel -configuration first. Compile errors are usually caused by a fault -<filename>.config</filename> file. Assuming everything went alright, -we're still not entirely finished, as we need to build the modules. -</para> - -<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make modules</userinput> - CHK include/linux/version.h - CHK include/linux/utsrelease.h - SYMLINK include/asm -> include/asm-x86 - CALL scripts/checksyscalls.sh - HOSTCC scripts/mod/file2alias.o -... many thousands of lines omitted ... -</screen> - -<para> -If both the kernel and the modules compiles finished sucessfully, we're -ready to install them. The kernel image needs to be copied into a safe -location, typically the <filename>/boot</filename> directory, and you -should give it a unique name to avoid overwriting any other kernel -images located there. Traditionaly kernel images are named -<filename>vmlinuz</filename> with the kernel release and local version -appended. -</para> - -<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>cat arch/x86/boot/bzImage > /boot/vmlinuz-release_number-local_version</userinput> -<prompt>darkstar:/usr/src/linux# </prompt><userinput>make modules_install</userinput> -</screen> - -<para> -Once these steps have been completed, you will have a new kernel image -located under <filename>/boot</filename> and a new kernel modules -directory under <filename>/lib/modules</filename>. In order to use -this new kernel, you will need to edit <filename>lilo.conf</filename>, -create an initrd for it (only if you need to load one or more of this -kernel's modules to boot), and run <application>lilo</application> to -update the boot loader. When you reboot, if all went according to plan, -you should have an option to boot with your newly compiled kernel. If -something went wrong, you may be spending some time fixing the problem. +<title>Upgrading Slackware Versions</title> + +<para> +Now that we've gone this far, you should feel reasonably competent in your +ability to manage your Slackware system. But what do we do with it when +there's a new release? Updating from one release of Slackware to another +is a lot more complicated than simply updating a few packages. Each release +changes a lot of things, and while many of these changes are small, some of +them can completely break your system if you haven't prepared for them and/or +don't understand what is changing and why. While some Linux distributions +provide highly automated tools that attempt to handle every tiny detail for +you, Slackware takes a much more hands-on approach to things. +</para> + +<para> +The very first thing you should do before attempting an upgrade is the one +that many people neglect: decide if it's really necessary to upgrade. If +the old system is stable and doing everything you want it to do, there may +be no need to do an operating system upgrade at all. Assuming you decide +to do the upgrade, then the second thing you should do is read the +<filename>CHANGES_AND_HINTS.TXT</filename> file on your upgrade discs or +a mirror. This file is updated during the development period before every +release, and it lists lots of helpful hints and tips to aid you in dealing +with the changes. Finally, read the <filename>UPGRADE.TXT</filename> file +before proceeding. After doing these things, you may decide that it's less +trouble and potential for problems to backup your configuration files and +data and do a fresh installation of the new Slackware release rather than +attempt a possibly tricky upgrade. However, if you still wish to continue, +make backups of your data and configuration files first. At a minimum, +it's good practice to backup the <filename>/etc</filename> and <filename>/home</filename> +directories. This will give you a chance to perform a reinstall if something +goes wrong with the upgrade. +</para> + +<para> +Since every new version of Slackware has a few differences, giving complete +instructions here is not only futile but potentially misleading. You should +always consult the documentation included on your Slackware disks or your +favorite mirror. </para> </section> |