summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--chapter_06.xml208
-rw-r--r--chapter_07.xml223
-rw-r--r--chapter_08.xml263
-rw-r--r--chapter_09.xml562
-rw-r--r--chapter_10.xml685
-rw-r--r--chapter_11.xml669
-rw-r--r--chapter_12.xml325
-rw-r--r--chapter_13.xml394
-rw-r--r--chapter_14.xml564
-rw-r--r--chapter_15.xml791
-rw-r--r--chapter_16.xml722
-rw-r--r--chapter_17.xml237
-rw-r--r--chapter_18.xml456
13 files changed, 2876 insertions, 3223 deletions
diff --git a/chapter_06.xml b/chapter_06.xml
index a6f1837..c757993 100644
--- a/chapter_06.xml
+++ b/chapter_06.xml
@@ -3,230 +3,30 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>The X Window System</title>
+<title>Process Control</title>
<section>
-<title>What Is (And Isn't) X</title>
+<title>Why Use Slackware?</title>
<para>
-Eons ago computer terminals came with a screen and a keyboard and not
-much else. Mice hadn't come into common use and everything was menu
-driven. Then came the Graphical User Interface (GUI) and the world was
-changed. Today users are accustomed to moving a mouse around a screen,
-clicking on icons and running tasks with fancy images and animation,
-but UNIX systems predated this and so GUIs were added almost as an
-afterthought. For many years, Linux and its UNIX brethren were
-primarily used without graphics of any sort, but today it is perhaps
-more common than not for users to prefer their Linux computers come
-with shiney, flashy, clickable GUIs, and all these GUIs run on
-<application>X</application>(7).
-</para>
-
-<para>
-So what is X? Is it the desktop with the icons? Is it the menus? Is it
-the window manager? Does it mark the spot? The answer to all these is a
-resounding "no". There are many parts to a GUI, but X is the most
-fundamental. X is that application that receives input from the mouse,
-keyboard, and possibly other devices. X is that application that tells
-the graphics card what to do. In short, X is the application that talks
-to your computer's hardware from graphical purposes; all other
-graphical applications simply talk to X.
-</para>
-
-<para>
-Let's stop for a moment and talk about nomenclature. X is just one of a
-dozen names that you may encounter. It is also called X11, the X Window
-System, X Window, X11R6, X Version 11, and several others. Whatever
-you hear it called, simply understand that the speakers are referring
-to X.
</para>
</section>
<section>
-<title>Configuring the X Server</title>
-
-<para>
-As powerful as Slackware Linux is, configuring X can be daunting and
-is often one of the first real challenges a new user faces. Don't be
-overly concerned if you find this a bit difficult. While many changes
-have been made over the years that make this much easier, there are
-still computers out there that don't properly auto-detect, or you'll
-wish to make some change to some setting and it might not be immediately
-apparent what to do. Just remember that when I started using X, it was
-far more primitive than it is today, took far more work to configure,
-and often crashed without telling the user what was wrong. If I and
-thousands of others got this working back then, you can do it today.
-</para>
-
-<para>
-Fortunately, with <application>X.Org 1.6.3</application> an
-<filename>/etc/X11/xorg.conf</filename> does not even need to be
-present for <application>X</application> to attempt a working display,
-further, Slackware includes a default configuration file that works
-for most computers by using the VESA standard. This offers only the
-most basic functions and may not allow your graphics card to operate at
-its full potential. You may be limited to low resolutions, fewer
-colors, and <application>X</application> will be slower. Still, this is
-an option for users, particularly those who only want to occassionally
-run <application>X</application>. You can try it out now simply by
-running <application>startx</application>(1) from a command prompt.
-</para>
+<title>Differences Compared to Other Linux Distributions</title>
<para>
-There are many ways to configure <application>X</application>, but the
-easiest is to use <application>xorgsetup</application>. This will attempt
-to probe probe your computer's hardware and write a working xorg.conf
-file. This option is not garaunteed to work; there are some platforms
-that it is known not to work with, and there are probably others as
-well. Still, it is worth trying first as it is the quickest and least
-complicated for a new user to attempt.
-</para>
-
-<para>
-The second most popular way to configure <application>X</application>
-on your system is the handy <application>xorgconfig</application>(1).
-This application asks you a series of questions about your computer's
-hardware and writes out a config file based on your choices. Unless you
-know exactly what your hardware is, we recommend that you try
-<application>xorgsetup</application> first.
-</para>
-
-<para>
-Additionally, the <application>X</application> has flags available to
-let <application>X</application> attempt to detect hardware and render
-an <filename>xorg.conf.new</filename> that should work with the hardware
-present. From a virtual terminal call <command>X -configure</command>,
-and the resulting file will be either <filename>/root/xorg.conf.new</filename>
-or <filename>$HOME/xorg.conf.new</filename>. Before moving this new
-configuration to <filename>/etc/X11/</filename>, it can be tested by
-calling <command>X -config /root/xorg.conf.new</command>, then you can
-exit this <application>X</application> session with &lt;CTRL&gt;+&lt;ALT&gt;+&lt;Backspace&gt;.
-</para>
-
-<para>
-Lastly, you can manually configure your <application>X</application>
-server by modifying <filename>/etc/X11/xorg.conf</filename> with a text
-editor. This is not normally a task for the faint of heart, but is
-often the easiest way to make minor changes.
</para>
</section>
<section>
-<title>Choosing a Window Manager</title>
-
-<para>
-Slackware Linux includes many different window managers and desktop
-environments. Window managers are the applications responsible for
-painting application windows on the screen, resizing these windows, and
-similar tasks. Desktop environments include a window manager, but also
-add task bars, menus, icons, and more. Slackware includes both the KDE
-and XFCE desktop environments and several additional window managers.
-Which you use is entirely your own decision, but in general, window
-managers tend to be faster than desktop environments and more suitable
-to older systems with less memory and slower processors. Desktop
-environments will be more comfortable for users accustomed to Microsoft
-Windows.
-</para>
+<title>Licensing</title>
<para>
-LIST OF DE'S AND WINDOW MANAGERS.
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
-FILL THIS IN!!!!
</para>
-<para>
-The easiest way to choose a window manager is
-<application>xwmconfig</application>(1), included with Slackware Linux.
-This application allows a user to choose what window manager to run
-with <application>startx</application>.
-</para>
-
-</section>
-
-<section>
-<title>Setting Up A Graphical Login</title>
-
-<para>
-By default, when you boot your Slackware Linux system you are presented
-with a login prompt on a virtual terminal. This is more than adequate
-for most people's needs. If you need to run commandline applications,
-you may login and do so right away. If you want to run X, simply executing
-<application>startx</application> will do that for you nicely.
-But suppose you almost exclusively
-use your system for graphical duties like many laptop owners? Wouldn't
-it be nice for Slackware to take you straight into a GUI? Fortunately,
-there's an easy way to do just that.
-</para>
-
-<para>
-Slackware uses the System V init system which allows the administrator
-to boot into or change to different runlevels, which are really just
-different "states" the computer can be in. In fact, shutting down the
-computer is really only a case of changing to a runlevel which
-accomplishes just that. Runlevels can be rather complicated, so we
-won't delve into them any further than necessary.
-</para>
-
-<para>
-Runlevels are configured in <filename>inittab</filename>(5).
-The most common ones are
-runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell
-Slackware to boot to a GUI screen, simply open
-<filename>/etc/inittab</filename> with your
-favorite editor of choice. (You may wish to refer to one of the
-chapters on <application>vi</application> or
-<application>emacs</application> at this point.) Near the top, you'll
-see the relevant entries.
-</para>
-
-<screen>
-# These are the default runlevels in Slackware:
-# 0 = halt
-# 1 = single user mode
-# 2 = unused (but configured the same as runlevel 3)
-# 3 = multiuser mode (default Slackware runlevel)
-# 4 = X11 with KDM/GDM/XDM (session managers)
-# 5 = unused (but configured the same as runlevel 3)
-# 6 = reboot
-
-# Default runlevel. (Do not set to 0 or 6)
-id:3:initdefault:
-</screen>
-
-<para>
-In this file (along with most configuration files) anything following a
-hash symbol # is a comment and not interpreted by init(8). Don't worry
-if you don't understand everything about inittab, as many veteran users
-don't either. The only line we are interested in is the last on above.
-Simply change the 3 to a 4 and reboot.
-</para>
-
-<screen>
-# These are the default runlevels in Slackware:
-# 0 = halt
-# 1 = single user mode
-# 2 = unused (but configured the same as runlevel 3)
-# 3 = multiuser mode (default Slackware runlevel)
-# 4 = X11 with KDM/GDM/XDM (session managers)
-# 5 = unused (but configured the same as runlevel 3)
-# 6 = reboot
-
-# Default runlevel. (Do not set to 0 or 6)
-id:4:initdefault:
-</screen>
-
</section>
</chapter>
diff --git a/chapter_07.xml b/chapter_07.xml
index 1ba3035..a6f1837 100644
--- a/chapter_07.xml
+++ b/chapter_07.xml
@@ -3,45 +3,230 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Printing</title>
+<title>The X Window System</title>
<section>
-<title>Choosing A Printer</title>
+<title>What Is (And Isn't) X</title>
<para>
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
-eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
-minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
-ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
-voluptate velit esse cillum dolore eu fugiat nulla pariatur.
+Eons ago computer terminals came with a screen and a keyboard and not
+much else. Mice hadn't come into common use and everything was menu
+driven. Then came the Graphical User Interface (GUI) and the world was
+changed. Today users are accustomed to moving a mouse around a screen,
+clicking on icons and running tasks with fancy images and animation,
+but UNIX systems predated this and so GUIs were added almost as an
+afterthought. For many years, Linux and its UNIX brethren were
+primarily used without graphics of any sort, but today it is perhaps
+more common than not for users to prefer their Linux computers come
+with shiney, flashy, clickable GUIs, and all these GUIs run on
+<application>X</application>(7).
+</para>
+
+<para>
+So what is X? Is it the desktop with the icons? Is it the menus? Is it
+the window manager? Does it mark the spot? The answer to all these is a
+resounding "no". There are many parts to a GUI, but X is the most
+fundamental. X is that application that receives input from the mouse,
+keyboard, and possibly other devices. X is that application that tells
+the graphics card what to do. In short, X is the application that talks
+to your computer's hardware from graphical purposes; all other
+graphical applications simply talk to X.
+</para>
+
+<para>
+Let's stop for a moment and talk about nomenclature. X is just one of a
+dozen names that you may encounter. It is also called X11, the X Window
+System, X Window, X11R6, X Version 11, and several others. Whatever
+you hear it called, simply understand that the speakers are referring
+to X.
</para>
</section>
<section>
-<title>Setting Up a Printer in CUPS</title>
+<title>Configuring the X Server</title>
+
+<para>
+As powerful as Slackware Linux is, configuring X can be daunting and
+is often one of the first real challenges a new user faces. Don't be
+overly concerned if you find this a bit difficult. While many changes
+have been made over the years that make this much easier, there are
+still computers out there that don't properly auto-detect, or you'll
+wish to make some change to some setting and it might not be immediately
+apparent what to do. Just remember that when I started using X, it was
+far more primitive than it is today, took far more work to configure,
+and often crashed without telling the user what was wrong. If I and
+thousands of others got this working back then, you can do it today.
+</para>
+
+<para>
+Fortunately, with <application>X.Org 1.6.3</application> an
+<filename>/etc/X11/xorg.conf</filename> does not even need to be
+present for <application>X</application> to attempt a working display,
+further, Slackware includes a default configuration file that works
+for most computers by using the VESA standard. This offers only the
+most basic functions and may not allow your graphics card to operate at
+its full potential. You may be limited to low resolutions, fewer
+colors, and <application>X</application> will be slower. Still, this is
+an option for users, particularly those who only want to occassionally
+run <application>X</application>. You can try it out now simply by
+running <application>startx</application>(1) from a command prompt.
+</para>
<para>
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
-eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
-minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
-ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
-voluptate velit esse cillum dolore eu fugiat nulla pariatur.
+There are many ways to configure <application>X</application>, but the
+easiest is to use <application>xorgsetup</application>. This will attempt
+to probe probe your computer's hardware and write a working xorg.conf
+file. This option is not garaunteed to work; there are some platforms
+that it is known not to work with, and there are probably others as
+well. Still, it is worth trying first as it is the quickest and least
+complicated for a new user to attempt.
+</para>
+
+<para>
+The second most popular way to configure <application>X</application>
+on your system is the handy <application>xorgconfig</application>(1).
+This application asks you a series of questions about your computer's
+hardware and writes out a config file based on your choices. Unless you
+know exactly what your hardware is, we recommend that you try
+<application>xorgsetup</application> first.
+</para>
+
+<para>
+Additionally, the <application>X</application> has flags available to
+let <application>X</application> attempt to detect hardware and render
+an <filename>xorg.conf.new</filename> that should work with the hardware
+present. From a virtual terminal call <command>X -configure</command>,
+and the resulting file will be either <filename>/root/xorg.conf.new</filename>
+or <filename>$HOME/xorg.conf.new</filename>. Before moving this new
+configuration to <filename>/etc/X11/</filename>, it can be tested by
+calling <command>X -config /root/xorg.conf.new</command>, then you can
+exit this <application>X</application> session with &lt;CTRL&gt;+&lt;ALT&gt;+&lt;Backspace&gt;.
+</para>
+
+<para>
+Lastly, you can manually configure your <application>X</application>
+server by modifying <filename>/etc/X11/xorg.conf</filename> with a text
+editor. This is not normally a task for the faint of heart, but is
+often the easiest way to make minor changes.
</para>
</section>
<section>
-<title>Commandline Printing Tools</title>
+<title>Choosing a Window Manager</title>
+
+<para>
+Slackware Linux includes many different window managers and desktop
+environments. Window managers are the applications responsible for
+painting application windows on the screen, resizing these windows, and
+similar tasks. Desktop environments include a window manager, but also
+add task bars, menus, icons, and more. Slackware includes both the KDE
+and XFCE desktop environments and several additional window managers.
+Which you use is entirely your own decision, but in general, window
+managers tend to be faster than desktop environments and more suitable
+to older systems with less memory and slower processors. Desktop
+environments will be more comfortable for users accustomed to Microsoft
+Windows.
+</para>
<para>
-Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
-eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
-minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
-ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
-voluptate velit esse cillum dolore eu fugiat nulla pariatur.
+LIST OF DE'S AND WINDOW MANAGERS.
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
+FILL THIS IN!!!!
</para>
+<para>
+The easiest way to choose a window manager is
+<application>xwmconfig</application>(1), included with Slackware Linux.
+This application allows a user to choose what window manager to run
+with <application>startx</application>.
+</para>
+
+</section>
+
+<section>
+<title>Setting Up A Graphical Login</title>
+
+<para>
+By default, when you boot your Slackware Linux system you are presented
+with a login prompt on a virtual terminal. This is more than adequate
+for most people's needs. If you need to run commandline applications,
+you may login and do so right away. If you want to run X, simply executing
+<application>startx</application> will do that for you nicely.
+But suppose you almost exclusively
+use your system for graphical duties like many laptop owners? Wouldn't
+it be nice for Slackware to take you straight into a GUI? Fortunately,
+there's an easy way to do just that.
+</para>
+
+<para>
+Slackware uses the System V init system which allows the administrator
+to boot into or change to different runlevels, which are really just
+different "states" the computer can be in. In fact, shutting down the
+computer is really only a case of changing to a runlevel which
+accomplishes just that. Runlevels can be rather complicated, so we
+won't delve into them any further than necessary.
+</para>
+
+<para>
+Runlevels are configured in <filename>inittab</filename>(5).
+The most common ones are
+runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell
+Slackware to boot to a GUI screen, simply open
+<filename>/etc/inittab</filename> with your
+favorite editor of choice. (You may wish to refer to one of the
+chapters on <application>vi</application> or
+<application>emacs</application> at this point.) Near the top, you'll
+see the relevant entries.
+</para>
+
+<screen>
+# These are the default runlevels in Slackware:
+# 0 = halt
+# 1 = single user mode
+# 2 = unused (but configured the same as runlevel 3)
+# 3 = multiuser mode (default Slackware runlevel)
+# 4 = X11 with KDM/GDM/XDM (session managers)
+# 5 = unused (but configured the same as runlevel 3)
+# 6 = reboot
+
+# Default runlevel. (Do not set to 0 or 6)
+id:3:initdefault:
+</screen>
+
+<para>
+In this file (along with most configuration files) anything following a
+hash symbol # is a comment and not interpreted by init(8). Don't worry
+if you don't understand everything about inittab, as many veteran users
+don't either. The only line we are interested in is the last on above.
+Simply change the 3 to a 4 and reboot.
+</para>
+
+<screen>
+# These are the default runlevels in Slackware:
+# 0 = halt
+# 1 = single user mode
+# 2 = unused (but configured the same as runlevel 3)
+# 3 = multiuser mode (default Slackware runlevel)
+# 4 = X11 with KDM/GDM/XDM (session managers)
+# 5 = unused (but configured the same as runlevel 3)
+# 6 = reboot
+
+# Default runlevel. (Do not set to 0 or 6)
+id:4:initdefault:
+</screen>
+
</section>
</chapter>
diff --git a/chapter_08.xml b/chapter_08.xml
index a2bb4e9..1ba3035 100644
--- a/chapter_08.xml
+++ b/chapter_08.xml
@@ -3,268 +3,43 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Users and Groups</title>
+<title>Printing</title>
<section>
-<title>What Are Users and Groups?</title>
+<title>Choosing A Printer</title>
<para>
-Slackware Linux inherits a strong multi-user tradition from its UNIX
-inspiration. This means that multiple people may use the system at
-once, but it also means that each of these people may have different
-permissions. This allows users to prevent others from modifying their
-files, or lets system administrators explicitly define what users can
-and cannot do on the system. Moreover, users need not be actual people
-at all. In fact, Slackware includes several dozen pre-defined user
-and group accounts that are not typically used by regular users. Rather
-these accounts allow the system administrator to segment the system for
-security reasons. We'll see how that's done in the next chapter on
-filesystem permissions.
+Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
+eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
+minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
+ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
+voluptate velit esse cillum dolore eu fugiat nulla pariatur.
</para>
</section>
<section>
-<title>Managing Users and Groups</title>
+<title>Setting Up a Printer in CUPS</title>
<para>
-The easiest way to add new users in Slackware is through the use of our
-very fine <application>adduser</application> shell script.
-<application>adduser</application> will prompt you to enter the details
-of the new user you wish to creature and step you through the process
-quickly and easily. It will even create a password for the new user.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>adduser</userinput>
-
-Login name for new user []: <userinput>david</userinput>
-
-User ID ('UID') [ defaults to next available ]:
-
-Initial group [ users ]:
-Additional UNIX groups:
-
-Users can belong to additional UNIX groups on the system.
-For local users using graphical desktop login managers such
-as XDM/KDM, users may need to be members of additional groups
-to access the full functionality of removable media devices.
-
-* Security implications *
-Please be aware that by adding users to additional groups may
-potentially give access to the removable media of other users.
-
-If you are creating a new user for remote shell access only,
-users do not need to belong to any additional groups as standard,
-so you may press ENTER at the next prompt.
-
-Press ENTER to continue without adding any additional groups
-Or press the UP arrow to add/select/edit additional groups
-: <userinput>audio cdrom floppy plugdev video</userinput>
-
-Home directory [ /home/david ]
-
-Shell [ /bin/bash ]
-
-Expiry date (YYYY-MM-DD) []:
-
-New account will be created as follows:
-
----------------------------------------
-Login name.......: david
-UID..............: [ Next available ]
-Initial group....: users
-Additional groups: audio,cdrom,floppy,plugdev,video
-Home directory...: /home/david
-Shell............: /bin/bash
-Expiry date......: [ Never ]
-
-This is it... if you want to bail out, hit Control-C. Otherwise, press
-ENTER to go ahead and make the account.
-
-
-Creating new account...
-
-
-Changing the user information for david
-Enter the new value, or press ENTER for the default
- Full Name []:
- Room Number []:
- Work Phone []:
- Home Phone []:
- Other []:
-Changing password for david
-Enter the new password (minimum of 5, maximum of 127 characters)
-Please use a combination of upper and lower case letters and numbers.
-New password:
-Re-enter new password:
-Password changed.
-
-
-Account setup complete.
-</screen>
-
-<para>
-The addition of optional groups needs a little explaining. Every user
-in Slackware has a single group that it is always a member of. By
-default, this is the "users" group. However, users can belong to more
-than one group at a time and will inherit all the permissions of every
-group they belong to. Typical desktop users will need to add several
-group memberships in order to do things like play sound or access
-removeable media like cdroms or USB flash drives. You can simply press
-the up arrow key at this section and a list of default groups for
-desktop users will magically appear. You can of course, add to or
-remove groups from this listing.
-</para>
-
-<para>
-Now that we've demonstrated how to use the interactive
-<application>adduser</application> program, lets look at some powerful
-non-interactive tools that you may wish to use. The first is
-<application>useradd</application>(8).
-<application>useradd</application> is a little less friendly, but much
-faster for creating users in batches. This makes it ideal for use in
-shell scripts. In fact, <application>adduser</application> is just such
-a shell script and uses <application>useradd</application> for most of
-the heavy lifting. <application>useradd</application> has many options
-and we can't explain them all here, so refer to its man page for the
-complete details. Now, let's make a new user.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan</userinput>
-</screen>
-
-<para>
-Here I have added the user "alan". I specified the user's home
-directory as <filename>/data/home/alan</filename> and used
-<application>bash</application> as my shell. Also, I specified my
-default group as "users" and added myself to a number of useful groups
-for dekstop use. You'll note that <application>useradd</application>
-does not do any prompting like <application>adduser</application>.
-Unless you want to accept the defaults for everything, you'll need to
-tell <application>useradd</application> what to do.
-</para>
-
-<para>
-Now that we know how to add users, we should learn how to add groups.
-As you might have guessed, the command for doing this is
-<application>groupadd</application>(8).
-<application>groupadd</application> works in the same way as
-<application>useradd</application>, but with far fewer options. The
-following command adds the group "slackers" to the system.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>groupadd slackers</userinput>
-</screen>
-
-<para>
-Deleting users and groups is easy as well. Simply run the
-<application>userdel</application>(8) and
-<application>groupdel</application>(8) commands. By default,
-<application>userdel</application> will leave the user's home directory
-on the system. You can remove this with the <arg>-r</arg> argument.
+Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
+eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
+minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
+ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
+voluptate velit esse cillum dolore eu fugiat nulla pariatur.
</para>
</section>
<section>
-<title>Other User and Group Tools</title>
-
-<para>
-Several other tools exist for managing users and groups. Perhaps the
-most important one is <application>passwd</application>(1). This
-command changes a user account's password. Normal users may change
-their own passwords only, but root can change anyone's password. Also,
-root can lock a user account with the <arg>-l</arg> argument. This
-doesn't actually shutout the account, but instead changes the user's
-encrypted password to a value that can't be matched.
-</para>
-
-<para>
-Another useful tool is <application>chsh</application>(1) which changes a
-user's default shell. Like <application>passwd</application>, normal
-users can only change their own shell, but the root user can change
-anyone's.
-</para>
-
-<para>
-The last tool we're going to discuss is
-<application>chfn</application>(1). This is used to enter identifying
-information on the user such as his phone number and real name. This
-information is stored in the <filename>passwd</filename>(5) file and
-retrieved using <application>finger</application>(1).
-</para>
-
-</section>
-
-<section>
-<title>Managing Users and Groups Manually</title>
-
-<para>
-Like most things in Slackware Linux, users and groups are stored in
-plain-text files. This means that you can edit all the details of a
-user, or even create a new user or group simply by editing these files
-and doing a few other tasks like creating the user's home directory. Of
-course, after you see how this is done you'll appreciate just how
-simple the included tools make this task.
-</para>
-
-<para>
-Our first stop is the <filename>/etc/passwd</filename> file. Here, all
-the information about a user is stored, except for (oddly enough) the
-user's password. The reason for this is rather simple.
-<filename>/etc/passwd</filename> must be readable by all users on the
-system, so you wouldn't want passwords stored there, even if they are
-encrypted. Let's take a quick look at my entry in this file.
-</para>
-
-<screen>
-alan:x:1000:100:,,,:/home/alan:/bin/bash
-</screen>
-
-<para>
-Each line in this file contains a number of fields seperated by a
-colon. They are, from left to right: username, password, UID, GUID, a
-comment field, home directory, and shell. You'll notice that the
-password field for every entry is an <keycap>x</keycap>. That is
-because Slackware uses shadow passwords, so the actual encrypted
-password is stored in <filename>/etc/shadow</filename>. Let's take a
-look there.
-</para>
-
-<screen>
-alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7:::
-</screen>
-
-<para>
-The <filename>shadow</filename> file contains more than just the
-encrypted password as you'll notice. The fields here, again from left
-to right, are: username, encrypted password, last day the password was
-changed, days before the password may be changed again, how many days
-before the password expires, days that the account will be disabled
-after expiring, when the account was disabled, and a reserved field.
-You may notice on some accounts that the various "days" fields often
-include very large numbers. The reason for this is that Slackware
-counts time from the "Epoch" which is January 1, 1970 for historical
-reasons.
-</para>
-
-<para>
-To create a new user account, you'll just need to open these files
-using <application>vipw</application>(8). This will open
-<filename>/etc/passwd</filename> in the editor
-defined by your VISUAL variable or your EDITOR variable if VISUAL isn't
-defined. If neither is present, it will fall back to
-<application>vi</application> by default. If you pass the <arg>-s</arg>
-argument, it will open <filename>/etc/shadow</filename> instead. It's
-important to use <application>vipw</application> instead of using any
-other editor, because <application>vipw</application> will lock the
-file and prevent other programs from editing it right underneath your feet.
-</para>
+<title>Commandline Printing Tools</title>
<para>
-That isn't all you'll need to do however; you must also create the
-user's home directory and change the user's password using
-<application>passwd</application>.
+Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
+eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad
+minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip
+ex ea commodo consequat. Duis aute irure dolor in reprehenderit in
+voluptate velit esse cillum dolore eu fugiat nulla pariatur.
</para>
</section>
diff --git a/chapter_09.xml b/chapter_09.xml
index a0ab4d2..a2bb4e9 100644
--- a/chapter_09.xml
+++ b/chapter_09.xml
@@ -3,459 +3,269 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Filesystem Permissions</title>
+<title>Users and Groups</title>
<section>
-<title>Permissions Overview</title>
+<title>What Are Users and Groups?</title>
<para>
-As we've discussed, Slackware Linux is a multi-user operating system.
-Because of this, its filesystems are mutli-user as well. This means
-that every file or directory has a set of permissions that can grant or
-deny privileges to different users. There are three basic permissions
-and three sets of permissions for each file. Let's take a look at an
-example file.
+Slackware Linux inherits a strong multi-user tradition from its UNIX
+inspiration. This means that multiple people may use the system at
+once, but it also means that each of these people may have different
+permissions. This allows users to prevent others from modifying their
+files, or lets system administrators explicitly define what users can
+and cannot do on the system. Moreover, users need not be actual people
+at all. In fact, Slackware includes several dozen pre-defined user
+and group accounts that are not typically used by regular users. Rather
+these accounts allow the system administrator to segment the system for
+security reasons. We'll see how that's done in the next chapter on
+filesystem permissions.
</para>
-<screen><prompt>darkstar:~$ </prompt><userinput>ls -l /bin/ls</userinput>
--rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls
-</screen>
+</section>
+
+<section>
+<title>Managing Users and Groups</title>
<para>
-Recall from chapter 4 that <application>ls</application> <arg>-l</arg>
-lists the permissions for a file or
-directory along with the user and group that "own" the file. In this
-case, the permissions are rwxr-xr-x, the user is root and the group is
-also root. The permissions section, while grouped together, is really
-three seperate pieces. The first set of three letters are the
-permissions granted to the user that owns the file. The second set of
-three are those granted to the group owner, and the final three are
-permissions for everyone else.
+The easiest way to add new users in Slackware is through the use of our
+very fine <application>adduser</application> shell script.
+<application>adduser</application> will prompt you to enter the details
+of the new user you wish to creature and step you through the process
+quickly and easily. It will even create a password for the new user.
</para>
-<table pgwide="0">
-<title>Permissions of /bin/ls</title>
-<tgroup cols="3">
- <thead>
- <row>
- <entry>Set</entry>
- <entry>Listing</entry>
- <entry>Meaning</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>Owner</entry>
- <entry>rwx</entry>
- <entry>The owner "root" may read, write, and execute</entry>
- </row>
- <row>
- <entry>Group</entry>
- <entry>r-x</entry>
- <entry>The group "root" may read and execute</entry>
- </row>
- <row>
- <entry>Others</entry>
- <entry>r-x</entry>
- <entry>Everyone else may read and execute</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
+<screen><prompt>darkstar:~# </prompt><userinput>adduser</userinput>
-<para>
-The permissions are pretty self explainatory of course, at least for
-files. Read, write, and execute allow you to read a file, write to it,
-or execute it. But what do these permissions mean for directories?
-Simply put, the read permissions grants the ability to list the
-directory's contents (say with <application>ls</application>). The write
-permission grants the ability to create new files in the directory as
-well as delete the entire directory, even if you otherwise wouldn't be
-able to delete some of the other files inside it. The execute
-permission grants the ability to actually enter the directory (with the
-<application>bash</application> built-in command cd for example).
-</para>
+Login name for new user []: <userinput>david</userinput>
-<para>
-Let's look at the permissions on a directory now.
-</para>
+User ID ('UID') [ defaults to next available ]:
-<screen><prompt>darkstar:~$ </prompt><userinput>ls -ld /home/alan</userinput>
-drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/
-</screen>
+Initial group [ users ]:
+Additional UNIX groups:
-<para>
-Here we see the permissions on my home directory and its ownership. The
-directory is owned by the user alan and the group users. The user is
-granted all rights (rwx), the group is granted only read and execute
-permissions (r-x), and everyone else is prohibited from doing anything.
-</para>
+Users can belong to additional UNIX groups on the system.
+For local users using graphical desktop login managers such
+as XDM/KDM, users may need to be members of additional groups
+to access the full functionality of removable media devices.
-</section>
+* Security implications *
+Please be aware that by adding users to additional groups may
+potentially give access to the removable media of other users.
-<section>
-<title><application>chmod</application>,
-<application>chown</application>, and
-<application>chgrp</application></title>
+If you are creating a new user for remote shell access only,
+users do not need to belong to any additional groups as standard,
+so you may press ENTER at the next prompt.
-<para>
-So now that we know what permissions are, how do we change them? And
-for that matter, how do we assign user and group ownership? The answer
-is right here in this section.
-</para>
+Press ENTER to continue without adding any additional groups
+Or press the UP arrow to add/select/edit additional groups
+: <userinput>audio cdrom floppy plugdev video</userinput>
-<para>
-The first tool we'll discuss is the useful
-<application>chown</application>
-(1) command. Using <application>chown</application>, we can (you guessed
-it), change the ownership of a file or
-directory. <application>chown</application> is historically used only
-to change the user ownership, but can change the group ownership as well.
-</para>
+Home directory [ /home/david ]
-<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
-total 0
--rw-r--r-- 1 alan users 0 2008-06-06 22:29 a
--rw-r--r-- 1 alan users 0 2008-06-06 22:29 b
-<prompt>darkstar:~# </prompt><userinput>chown root /tmp/foo/a</userinput>
-<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
-total 0
--rw-r--r-- 1 root users 0 2008-06-06 22:29 a
--rw-r--r-- 1 alan users 0 2008-06-06 22:29 b
-</screen>
+Shell [ /bin/bash ]
-<para>
-By using a colon after the user account, you may also specify a new
-group account.
-</para>
+Expiry date (YYYY-MM-DD) []:
-<screen><prompt>darkstar:~# </prompt><userinput>chown root:root /tmp/foo/b</userinput>
-<prompt>darkstar:~# </prompt><userinput> ls -l /tmp/foo</userinput>
-total 0
--rw-r--r-- 1 root users 0 2008-06-06 22:29 a
--rw-r--r-- 1 root root 0 2008-06-06 22:29 b
-</screen>
+New account will be created as follows:
-<para>
-<application>chown</application> can also be used recursively to change
-the ownership of all files and directories below a target directory.
-The following command would change all the files under the directory
-<filename>/tmp/foo</filename> to have their ownership set to root:root.
-</para>
+---------------------------------------
+Login name.......: david
+UID..............: [ Next available ]
+Initial group....: users
+Additional groups: audio,cdrom,floppy,plugdev,video
+Home directory...: /home/david
+Shell............: /bin/bash
+Expiry date......: [ Never ]
-<screen><prompt>darkstar:~# </prompt><userinput>chown -R root:root /tmp/foo/b</userinput></screen>
+This is it... if you want to bail out, hit Control-C. Otherwise, press
+ENTER to go ahead and make the account.
-<para>
-Specifying a colon and a group name without a user name will simply
-change the group for a file and leave the user ownership intact.
-</para>
-<screen><prompt>darkstar:~# </prompt><userinput>chown :wheel /tmp/foo/a</userinput>
-<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
-ls -l /tmp/foo
-total 0
--rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a
--rw-r--r-- 1 root root 0 2008-06-06 22:29 b
-</screen>
+Creating new account...
-<para>
-The younger brother of <application>chown</application> is the
-slightly less useful <application>chgrp</application>(1). This
-command works just like <application>chown</application>, except
-it can only change the group
-ownership of a file. Since <application>chown</application> can
-already do this, why bother with
-<application>chgrp</application>? The answer is simple. Many other
-operating systems use a
-different version of <application>chown</application> that cannot
-change the group ownership, so
-if you ever come across one of those, now you know how.
-</para>
-<para>
-There's a reason we discussed changing ownership before changing
-permissions. The first is a much easier concept to grasp. The tool for
-changing permissions on a file or directory is
-<application>chmod</application>(1). The syntax for it
-is nearly identical to that for <application>chown</application>, but
-rather than
-specify a user or group, the administrator must specify either a set of
-octal permissions or a set of alphabetic permissions. Neither one is
-especially easy to grasp the first time. We'll begin with the less
-complicated octal permissions.
-</para>
+Changing the user information for david
+Enter the new value, or press ENTER for the default
+ Full Name []:
+ Room Number []:
+ Work Phone []:
+ Home Phone []:
+ Other []:
+Changing password for david
+Enter the new password (minimum of 5, maximum of 127 characters)
+Please use a combination of upper and lower case letters and numbers.
+New password:
+Re-enter new password:
+Password changed.
+
+
+Account setup complete.
+</screen>
<para>
-Octal permissions derive their name from being assigned by one of eight
-digits, namely the numbers 0 through 7. Each permissions is assigned a
-number that is a power of 2, and those numbers are added together to
-get the final permissions for one of the permission sets. If this
-sounds confusing, maybe this table will help.
+The addition of optional groups needs a little explaining. Every user
+in Slackware has a single group that it is always a member of. By
+default, this is the "users" group. However, users can belong to more
+than one group at a time and will inherit all the permissions of every
+group they belong to. Typical desktop users will need to add several
+group memberships in order to do things like play sound or access
+removeable media like cdroms or USB flash drives. You can simply press
+the up arrow key at this section and a list of default groups for
+desktop users will magically appear. You can of course, add to or
+remove groups from this listing.
</para>
-<table pgwide="0">
-<title>Octal Permissions</title>
-<tgroup cols="2">
- <thead>
- <row>
- <entry>Permission</entry>
- <entry>Meaning</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>Read</entry>
- <entry>4</entry>
- </row>
- <row>
- <entry>Write</entry>
- <entry>2</entry>
- </row>
- <row>
- <entry>Execute</entry>
- <entry>1</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
-
<para>
-By adding these values together, we can reach any number between 0 and
-7 and specify all possible permission combinations. For example, to
-grant both read and write privilages while denying execute, we would
-use the number 6. The number 3 would grant write and execute
-permissions, but deny the ability to read the file. We must specify a
-number for each of the three sets when using octal permissions. It's
-not possible to specify only a set of user or group permissions this
-way for example.
+Now that we've demonstrated how to use the interactive
+<application>adduser</application> program, lets look at some powerful
+non-interactive tools that you may wish to use. The first is
+<application>useradd</application>(8).
+<application>useradd</application> is a little less friendly, but much
+faster for creating users in batches. This makes it ideal for use in
+shell scripts. In fact, <application>adduser</application> is just such
+a shell script and uses <application>useradd</application> for most of
+the heavy lifting. <application>useradd</application> has many options
+and we can't explain them all here, so refer to its man page for the
+complete details. Now, let's make a new user.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput>
--rw-r--r-- 1 root root 0 2008-06-06 22:29 a
-<prompt>darkstar:~# </prompt><userinput>chmod 750 /tmp/foo/a</userinput>
-<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput>
--rwxr-x--- 1 root root 0 2008-06-06 22:29 a
+<screen><prompt>darkstar:~# </prompt><userinput>useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan</userinput>
</screen>
<para>
-<application>chmod</application> can also use letter values along with
-<keycap>+</keycap> or <keycap>-</keycap> to grant or deny permissions.
-While this may be easier to
-remember, it's often easier to use the octal permissions.
+Here I have added the user "alan". I specified the user's home
+directory as <filename>/data/home/alan</filename> and used
+<application>bash</application> as my shell. Also, I specified my
+default group as "users" and added myself to a number of useful groups
+for dekstop use. You'll note that <application>useradd</application>
+does not do any prompting like <application>adduser</application>.
+Unless you want to accept the defaults for everything, you'll need to
+tell <application>useradd</application> what to do.
</para>
-<table pgwide="0">
-<title>Alphabetic Permissions</title>
-<tgroup cols="2">
- <thead>
- <row>
- <entry>Permission</entry>
- <entry>Letter Value</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>Read</entry>
- <entry>r</entry>
- </row>
- <row>
- <entry>Write</entry>
- <entry>w</entry>
- </row>
- <row>
- <entry>Execute</entry>
- <entry>x</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
-
-<table pgwide="0">
-<title>Alphabetic Users and Groups</title>
-<tgroup cols="2">
- <thead>
- <row>
- <entry>Accounts Affected</entry>
- <entry>Letter Value</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>User/Owner</entry>
- <entry>u</entry>
- </row>
- <row>
- <entry>Group</entry>
- <entry>g</entry>
- </row>
- <row>
- <entry>Others/World</entry>
- <entry>o</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
-
<para>
-To use the letter values with <application>chmod</application>, you
-must specify which set to use them with, either "u" for user, "g" for
-group, and "o" for all others. You must also specify whether you are
-adding or removing permissions with the "+" and "-" signs. Multiple
-sets can be changed at once by seperating each with a comma.
+Now that we know how to add users, we should learn how to add groups.
+As you might have guessed, the command for doing this is
+<application>groupadd</application>(8).
+<application>groupadd</application> works in the same way as
+<application>useradd</application>, but with far fewer options. The
+following command adds the group "slackers" to the system.
</para>
-<screen><prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput>
-total 0
--rw-r--r-- 1 alan users 0 2008-06-06 23:37 a
--rw-r--r-- 1 alan users 0 2008-06-06 23:37 b
--rw-r--r-- 1 alan users 0 2008-06-06 23:37 c
--rw-r--r-- 1 alan users 0 2008-06-06 23:37 d
-<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x a</userinput>
-<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod g+w b</userinput>
-<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x,g+x,o-r c</userinput>
-<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+rx-w,g+r,o-r d</userinput>
-<prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput>
--rwxr--r-- 1 alan users 0 2008-06-06 23:37 a*
--rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b
--rwxr-x--- 1 alan users 0 2008-06-06 23:37 c*
--r-xr----- 1 alan users 0 2008-06-06 23:37 d*
+<screen><prompt>darkstar:~# </prompt><userinput>groupadd slackers</userinput>
</screen>
<para>
-Which you prefer to use is entirely up to you. There are places where
-one is better than the other, so a real Slacker will know both inside
-out.
+Deleting users and groups is easy as well. Simply run the
+<application>userdel</application>(8) and
+<application>groupdel</application>(8) commands. By default,
+<application>userdel</application> will leave the user's home directory
+on the system. You can remove this with the <arg>-r</arg> argument.
</para>
</section>
<section>
-<title>SUID, SGID, and the "Sticky" Bit</title>
+<title>Other User and Group Tools</title>
<para>
-We're not quite done with permissions just yet. There are three other
-"special" permissions in addition to those mentioned above. They are
-SUID, SGID, and the sticky bit. When a file has one or more of these
-permissions set, it behaves in special ways. The SUID and SGID
-permissions change the way an application is run, while the sticky bit
-restricts deletion of files. These permissions are applied with
-<application>chmod</application>
-like read, write, and execute, but with a twist.
+Several other tools exist for managing users and groups. Perhaps the
+most important one is <application>passwd</application>(1). This
+command changes a user account's password. Normal users may change
+their own passwords only, but root can change anyone's password. Also,
+root can lock a user account with the <arg>-l</arg> argument. This
+doesn't actually shutout the account, but instead changes the user's
+encrypted password to a value that can't be matched.
</para>
<para>
-SUID and SGID stand for "Set User ID" and "Set Group ID" respectively.
-When an application with one of these bits is set, the application runs
-with the user or group ownership permissions of that application
-regardless of what user actually
-executed it. Let's take a look at a common SUID application, the humble
-<application>passwd</application> and the files it modifies.
+Another useful tool is <application>chsh</application>(1) which changes a
+user's default shell. Like <application>passwd</application>, normal
+users can only change their own shell, but the root user can change
+anyone's.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/bin/passwd \
- /etc/passwd \
- /etc/shadow</userinput>
--rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd
--rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow
--rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd*
-</screen>
-
<para>
-Notice the permissions on <application>passwd</application>. Instead of
-an <keycap>x</keycap> in the user's execute slot, we have an
-<keycap>s</keycap>. This tells us that
-<application>passwd</application> is a SUID program, and when we run
-it, the process will run as the user "root" rather than as the user
-that actually executed it. The reason for this is readily apparent as
-soon as you look at the two files it modifies. Neither
-<filename>/etc/passwd</filename> nor <filename>/etc/shadow</filename>
-are writeable by anyone other than root. Since users need to change
-their personal information, <application>passwd</application> must be
-run as root in order to modify those files.
+The last tool we're going to discuss is
+<application>chfn</application>(1). This is used to enter identifying
+information on the user such as his phone number and real name. This
+information is stored in the <filename>passwd</filename>(5) file and
+retrieved using <application>finger</application>(1).
</para>
-<para>
-So what about the sticky bit? The sticky bit restricts the ability to
-move or delete files and is only ever set on directories. Non-root
-users cannot move or delete any files under a directory with the sticky
-bit set unless they are the owner of that file. Normally anyone with
-write permission to the file can do this, but the sticky bit prevents
-it for anyone but the owner (and of course, root). Let's take a look at
-a common "sticky" directory.
-</para>
+</section>
-<screen><prompt>darkstar:~# </prompt><userinput>ls -ld /tmp</userinput>
-drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp
-</screen>
+<section>
+<title>Managing Users and Groups Manually</title>
<para>
-Naturally, being a directory for the storage of temporary files sytem
-wide, <filename>/tmp</filename> needs to be readable, writeable, and
-executable by anyone and everyone. Since any user is likely to have a
-file or two stored here at any time, it only makes good sense to
-prevent other users from deleting those files, so the sticky bit has
-been set. You can see it by the presence of the <keycap>t</keycap> in
-place of the <keycap>x</keycap> in the world permissions section.
+Like most things in Slackware Linux, users and groups are stored in
+plain-text files. This means that you can edit all the details of a
+user, or even create a new user or group simply by editing these files
+and doing a few other tasks like creating the user's home directory. Of
+course, after you see how this is done you'll appreciate just how
+simple the included tools make this task.
</para>
-<table pgwide="0">
-<title>SUID, SGID, and "Sticky" Permissions</title>
-<tgroup cols="3">
- <thead>
- <row>
- <entry>Permission Type</entry>
- <entry>Octal Value</entry>
- <entry>Letter Value</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>SUID</entry>
- <entry>4</entry>
- <entry>s</entry>
- </row>
- <row>
- <entry>SGID</entry>
- <entry>2</entry>
- <entry>s</entry>
- </row>
- <row>
- <entry>Sticky</entry>
- <entry>1</entry>
- <entry>t</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
-
<para>
-When using octal permissions, you must specify an additional leading
-octal value. For example, to recreate the permission on
-<filename>/tmp</filename>, we would use 1777. To recreate those
-permissions on <filename>/usr/bin/passwd</filename>, we would use 4711.
-Essentially, any time this leading fourth octet isn't specified,
-<application>chmod</application> assumes its value to be 0.
+Our first stop is the <filename>/etc/passwd</filename> file. Here, all
+the information about a user is stored, except for (oddly enough) the
+user's password. The reason for this is rather simple.
+<filename>/etc/passwd</filename> must be readable by all users on the
+system, so you wouldn't want passwords stored there, even if they are
+encrypted. Let's take a quick look at my entry in this file.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>chmod 1777 /tmp</userinput>
-<prompt>darkstar:~# </prompt><userinput>chmod 4711 /usr/bin/passwd</userinput>
+<screen>
+alan:x:1000:100:,,,:/home/alan:/bin/bash
</screen>
<para>
-Using the alphabetic permission values is slightly different. Assuming
-the two files above have permissions of 0000 (no permissions at all),
-here is how we would set them.
+Each line in this file contains a number of fields seperated by a
+colon. They are, from left to right: username, password, UID, GUID, a
+comment field, home directory, and shell. You'll notice that the
+password field for every entry is an <keycap>x</keycap>. That is
+because Slackware uses shadow passwords, so the actual encrypted
+password is stored in <filename>/etc/shadow</filename>. Let's take a
+look there.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>chmod ug+rwx,o+rwt /tmp</userinput>
-<prompt>darkstar:~# </prompt><userinput>chmod u+rws,go+x /usr/bin/passwd</userinput>
+<screen>
+alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7:::
</screen>
+<para>
+The <filename>shadow</filename> file contains more than just the
+encrypted password as you'll notice. The fields here, again from left
+to right, are: username, encrypted password, last day the password was
+changed, days before the password may be changed again, how many days
+before the password expires, days that the account will be disabled
+after expiring, when the account was disabled, and a reserved field.
+You may notice on some accounts that the various "days" fields often
+include very large numbers. The reason for this is that Slackware
+counts time from the "Epoch" which is January 1, 1970 for historical
+reasons.
+</para>
+<para>
+To create a new user account, you'll just need to open these files
+using <application>vipw</application>(8). This will open
+<filename>/etc/passwd</filename> in the editor
+defined by your VISUAL variable or your EDITOR variable if VISUAL isn't
+defined. If neither is present, it will fall back to
+<application>vi</application> by default. If you pass the <arg>-s</arg>
+argument, it will open <filename>/etc/shadow</filename> instead. It's
+important to use <application>vipw</application> instead of using any
+other editor, because <application>vipw</application> will lock the
+file and prevent other programs from editing it right underneath your feet.
+</para>
-
-
-
+<para>
+That isn't all you'll need to do however; you must also create the
+user's home directory and change the user's password using
+<application>passwd</application>.
+</para>
</section>
diff --git a/chapter_10.xml b/chapter_10.xml
index a721dfa..a0ab4d2 100644
--- a/chapter_10.xml
+++ b/chapter_10.xml
@@ -3,496 +3,457 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Working with Filesystems</title>
+<title>Filesystem Permissions</title>
<section>
-<title>The Filesystem Hierarchy</title>
+<title>Permissions Overview</title>
<para>
-Slackware Linux stores all of its files and directories under a single
-<filename>/</filename> directory, typically referred to as "root". This
-is in stark contract to what you may be familiar with in the form of
-Microsoft Windows. Different hard disk partitions, cdroms, usb flash
-drives, and even floppy disks can all be mounted in directories under
-<filename>/</filename>, but do not have anything like "drive letters".
-The contents of these devices can be found almost anywhere, but there
-are some sane defaults that Slackware sets up for you. For example,
-cd-rw drives are most often found at <filename>/mnt/cd-rw</filename>.
-Here are a few common directories present on nearly all Slackware Linux
-installations, and what you can expect to find there.
+As we've discussed, Slackware Linux is a multi-user operating system.
+Because of this, its filesystems are mutli-user as well. This means
+that every file or directory has a set of permissions that can grant or
+deny privileges to different users. There are three basic permissions
+and three sets of permissions for each file. Let's take a look at an
+example file.
+</para>
+
+<screen><prompt>darkstar:~$ </prompt><userinput>ls -l /bin/ls</userinput>
+-rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls
+</screen>
+
+<para>
+Recall from chapter 4 that <application>ls</application> <arg>-l</arg>
+lists the permissions for a file or
+directory along with the user and group that "own" the file. In this
+case, the permissions are rwxr-xr-x, the user is root and the group is
+also root. The permissions section, while grouped together, is really
+three seperate pieces. The first set of three letters are the
+permissions granted to the user that owns the file. The second set of
+three are those granted to the group owner, and the final three are
+permissions for everyone else.
</para>
<table pgwide="0">
-<title>Filesystem Layout</title>
-<tgroup cols="2">
+<title>Permissions of /bin/ls</title>
+<tgroup cols="3">
<thead>
- <entry>Directory</entry>
- <entry>Explaination</entry>
- </thead>
- <tbody>
- <row>
- <entry>/</entry>
- <entry>The root directory, under which all others exist</entry>
- </row>
<row>
- <entry>/bin</entry>
- <entry>Minimal set of binary programs for all users</entry>
- </row>
- <row>
- <entry>/boot</entry>
- <entry>The kernel, initrd, and other requirements for booting Slackware</entry>
- </row>
- <row>
- <entry>/etc/</entry>
- <entry>System configuration files</entry>
- </row>
- <row>
- <entry>/dev</entry>
- <entry>Collection of special files allowing direct access to hardware</entry>
- </row>
- <row>
- <entry>/home</entry>
- <entry>User directories where personal files and settings are stored</entry>
- </row>
- <row>
- <entry>/media</entry>
- <entry>Directory for auto-mounting features in DBUS/HAL</entry>
- </row>
- <row>
- <entry>/mnt</entry>
- <entry>Places to temporarily mount removable media</entry>
- </row>
- <row>
- <entry>/opt</entry>
- <entry>Directory where some (typicaly proprietary) software may be installed</entry>
- </row>
- <row>
- <entry>/proc</entry>
- <entry>Kernel exported filesystem for process information</entry>
- </row>
- <row>
- <entry>/root</entry>
- <entry>The root user's home directory</entry>
- </row>
- <row>
- <entry>/sbin</entry>
- <entry>Minimal set of system or superuser binaries</entry>
- </row>
- <row>
- <entry>/srv</entry>
- <entry>Site-specific data such as web pages served by this system</entry>
- </row>
- <row>
- <entry>/sys</entry>
- <entry>Special kernel implimentation details</entry>
+ <entry>Set</entry>
+ <entry>Listing</entry>
+ <entry>Meaning</entry>
</row>
+ </thead>
+ <tbody>
<row>
- <entry>/tmp</entry>
- <entry>Directory reserved for temporary files for all users</entry>
+ <entry>Owner</entry>
+ <entry>rwx</entry>
+ <entry>The owner "root" may read, write, and execute</entry>
</row>
<row>
- <entry>/usr</entry>
- <entry>All non-essential programs, libraries, and shared files</entry>
+ <entry>Group</entry>
+ <entry>r-x</entry>
+ <entry>The group "root" may read and execute</entry>
</row>
<row>
- <entry>/var</entry>
- <entry>Regularly changing data such as log files</entry>
+ <entry>Others</entry>
+ <entry>r-x</entry>
+ <entry>Everyone else may read and execute</entry>
</row>
</tbody>
</tgroup>
</table>
-</section>
-
-<section>
-<title>Local Filesystem Types</title>
+<para>
+The permissions are pretty self explainatory of course, at least for
+files. Read, write, and execute allow you to read a file, write to it,
+or execute it. But what do these permissions mean for directories?
+Simply put, the read permissions grants the ability to list the
+directory's contents (say with <application>ls</application>). The write
+permission grants the ability to create new files in the directory as
+well as delete the entire directory, even if you otherwise wouldn't be
+able to delete some of the other files inside it. The execute
+permission grants the ability to actually enter the directory (with the
+<application>bash</application> built-in command cd for example).
+</para>
<para>
-The Linux kernel supports a wide variety of filesystems, which allows
-you to choose from a long list of features to tailor to your particular
-need. Fortunately, most of the default filesystem types are adequate
-for any needs you may have. Some filesystems are geared towards
-particular media. For example, the iso9660 filesystem is used almost
-exclusively for CD and DVD media.
+Let's look at the permissions on a directory now.
</para>
-<section>
-<title>ext2</title>
+<screen><prompt>darkstar:~$ </prompt><userinput>ls -ld /home/alan</userinput>
+drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/
+</screen>
<para>
-ext2 is the oldest filesystem included in Slackware Linux for storing
-data on hard disks. Compared to other filesystems, ext2 is simplistic.
-It is faster than most others for reading and writing data, but does
-not include any journaling capability. This means that after a hard
-crash, the filesystem must be exhaustively checked to discover and
-(hopefully) fix any errors.
+Here we see the permissions on my home directory and its ownership. The
+directory is owned by the user alan and the group users. The user is
+granted all rights (rwx), the group is granted only read and execute
+permissions (r-x), and everyone else is prohibited from doing anything.
</para>
</section>
<section>
-<title>ext3</title>
+<title><application>chmod</application>,
+<application>chown</application>, and
+<application>chgrp</application></title>
+
<para>
-ext3 is the younger cousin of ext2. It was designed to replace ext2 in
-most situations and shares much the same code-base, but adds journaling
-support. In fact, ext3 and ext2 are so much alike that it is possible
-to convert one to the other on the fly without lose of data. ext3
-enjoys a lot of popularity for these reasons. There are many tools
-available for recovering data from this filesystem in the event of
-catastrophic hardware failure as well. ext3 is a good general purpose
-filesystem with journaling support, but fails to perform as well as
-other journaling filesystems in specific cases. One pitfall to ext3 is
-that the filesystem must still go through this exhaustive check every
-so often. This is done when the filesystem is mounted, usually when the
-computer is booted, and causes an annoying delay.
+So now that we know what permissions are, how do we change them? And
+for that matter, how do we assign user and group ownership? The answer
+is right here in this section.
</para>
-</section>
-<section>
-<title>reiserfs</title>
<para>
-reiserfs is one of the oldest journaling filesystems for the Linux
-kernel and has been supported by Slackware for many years. It is a very
-fast filesystem particularly well suited for storing, retrieving, and
-writing lots of small files. Unfortunately there are few tools for
-recovering data should you experience a drive failure, and reiserfs
-partitions experience corruption more often than ext3.
+The first tool we'll discuss is the useful
+<application>chown</application>
+(1) command. Using <application>chown</application>, we can (you guessed
+it), change the ownership of a file or
+directory. <application>chown</application> is historically used only
+to change the user ownership, but can change the group ownership as well.
</para>
-</section>
-<section>
-<title>XFS</title>
+<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
+total 0
+-rw-r--r-- 1 alan users 0 2008-06-06 22:29 a
+-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b
+<prompt>darkstar:~# </prompt><userinput>chown root /tmp/foo/a</userinput>
+<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
+total 0
+-rw-r--r-- 1 root users 0 2008-06-06 22:29 a
+-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b
+</screen>
+
<para>
-XFS was contributed to the Linux kernel by SGI and is one of the best
-filesystems for working with large volumes and large files. XFS uses
-more RAM than other filesystems, but if you need to work with large
-files its performance there is well worth the penalty in memory usage.
-XFS is not particularly ill-suited for desktop or laptop use, but
-really shines on a server that handles medium to large size files all
-day long. Like ext3, XFS is a fully journaled filesystem.
+By using a colon after the user account, you may also specify a new
+group account.
</para>
-</section>
-<section>
-<title>JFS</title>
+<screen><prompt>darkstar:~# </prompt><userinput>chown root:root /tmp/foo/b</userinput>
+<prompt>darkstar:~# </prompt><userinput> ls -l /tmp/foo</userinput>
+total 0
+-rw-r--r-- 1 root users 0 2008-06-06 22:29 a
+-rw-r--r-- 1 root root 0 2008-06-06 22:29 b
+</screen>
+
<para>
-JFS was contributed to the Linux kernel by IBM and is well known for
-its responsiveness even under extreme conditions. It can span colossal
-volumes making it particularly well-suited for Network Attached Storage
-(NAS) devices. JFS's long history and thorough testing make it one of
-the most reliable journaling filesystems available for Linux.
+<application>chown</application> can also be used recursively to change
+the ownership of all files and directories below a target directory.
+The following command would change all the files under the directory
+<filename>/tmp/foo</filename> to have their ownership set to root:root.
</para>
-</section>
-<section>
-<title>iso9660</title>
+<screen><prompt>darkstar:~# </prompt><userinput>chown -R root:root /tmp/foo/b</userinput></screen>
+
<para>
-iso9660 is a filesystem specifically designed for optical media such as
-CDs and DVDs. Since optical disks are read-only media, the linux kernel
-does not even include write support for this filesystem. In order to
-create an iso9660 filesystem, you must use user-land tools like
-<application>mkisofs</application>(8) or
-<application>growisofs</application>(8).
+Specifying a colon and a group name without a user name will simply
+change the group for a file and leave the user ownership intact.
</para>
-</section>
-<section>
-<title>vfat</title>
+<screen><prompt>darkstar:~# </prompt><userinput>chown :wheel /tmp/foo/a</userinput>
+<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo</userinput>
+ls -l /tmp/foo
+total 0
+-rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a
+-rw-r--r-- 1 root root 0 2008-06-06 22:29 b
+</screen>
+
<para>
-Sometimes you may need to share data between Windows and Linux
-computers, but can't transfer the files over a network. Instead you
-require a shared hard drive partition or a USB flash drive. The humble
-vfat filesystem is the best choice here since it is supported by the
-largest variety of operating systems. Unfortuantely, being a Microsoft
-designed filesystem, it does not store permissions in the same way as
-traditional Linux filesystems. This means that special options must be
-used to allow multiple users to access data on this filesystem.
+The younger brother of <application>chown</application> is the
+slightly less useful <application>chgrp</application>(1). This
+command works just like <application>chown</application>, except
+it can only change the group
+ownership of a file. Since <application>chown</application> can
+already do this, why bother with
+<application>chgrp</application>? The answer is simple. Many other
+operating systems use a
+different version of <application>chown</application> that cannot
+change the group ownership, so
+if you ever come across one of those, now you know how.
</para>
-</section>
-<section>
-<title>swap</title>
<para>
-Unlike other filesystems which hold files and directories, swap
-partitions hold virtual memory. This is very useful as it prevents the
-system from crashing should all your RAM be consumed. Instead, the
-kernel copies portions of the RAM into swap and frees them up for other
-applications to use. Think of it as adding virtual memory to your
-computer, very slow virtual memory. swap is typically a fail-safe and
-shouldn't be relied upon for continual use. Add more RAM to your system
-if you find yourself using lots of swap.
+There's a reason we discussed changing ownership before changing
+permissions. The first is a much easier concept to grasp. The tool for
+changing permissions on a file or directory is
+<application>chmod</application>(1). The syntax for it
+is nearly identical to that for <application>chown</application>, but
+rather than
+specify a user or group, the administrator must specify either a set of
+octal permissions or a set of alphabetic permissions. Neither one is
+especially easy to grasp the first time. We'll begin with the less
+complicated octal permissions.
</para>
-</section>
-</section>
+<para>
+Octal permissions derive their name from being assigned by one of eight
+digits, namely the numbers 0 through 7. Each permissions is assigned a
+number that is a power of 2, and those numbers are added together to
+get the final permissions for one of the permission sets. If this
+sounds confusing, maybe this table will help.
+</para>
-<section>
-<title>Using <application>mount</application></title>
+<table pgwide="0">
+<title>Octal Permissions</title>
+<tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Permission</entry>
+ <entry>Meaning</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Read</entry>
+ <entry>4</entry>
+ </row>
+ <row>
+ <entry>Write</entry>
+ <entry>2</entry>
+ </row>
+ <row>
+ <entry>Execute</entry>
+ <entry>1</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
<para>
-Now that we've learned what (some of) the different filesystems
-available in Linux are, it's time we looked at how to use them. In
-order to read or write data on a filesystem, that filesystem must first
-be mounted. To do this, we (naturally) use
-<application>mount</application>(8). The first thing we must do is
-decide where we want the filesystem located. Recall that there are no
-such things are drive letters denoting filesystems in Linux. Instead,
-all filesystems are mounted on directories. The base filesystem on
-which you install Slackware is always located at <filename>/</filename>
-and others are always located in subdirectories of
-<filename>/</filename>. <filename>/mnt/hd</filename> is a common place
-to temporarily locate a partition, so we'll use that in our first
-example. In order to mount a filesystem's contents, we must tell mount
-what kind of filesystem we have, where to mount it, and any special
-options to use.
+By adding these values together, we can reach any number between 0 and
+7 and specify all possible permission combinations. For example, to
+grant both read and write privilages while denying execute, we would
+use the number 6. The number 3 would grant write and execute
+permissions, but deny the ability to read the file. We must specify a
+number for each of the three sets when using octal permissions. It's
+not possible to specify only a set of user or group permissions this
+way for example.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>mount -t ext3 /dev/hda3 /mnt/hd -o ro</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput>
+-rw-r--r-- 1 root root 0 2008-06-06 22:29 a
+<prompt>darkstar:~# </prompt><userinput>chmod 750 /tmp/foo/a</userinput>
+<prompt>darkstar:~# </prompt><userinput>ls -l /tmp/foo/a</userinput>
+-rwxr-x--- 1 root root 0 2008-06-06 22:29 a
</screen>
<para>
-Let's disect this. We have an ext3 filesystem located on the third
-partition of the first IDE device, and we've decided to mount its
-contents on the directory <filename>/mnt/hd</filename>. Additionally,
-we have mounted it read-only so no changes can be made to these
-contents. The <arg>-t ext3</arg> argument tells
-<application>mount</application>
-what type of filesystem we are using,
-in this case it is ext3. This lets the kernel know which driver to use.
-Often <application>mount</application> can determine this for itself,
-but it never hurts to explicitly declare it. Second, we tell
-<application>mount</application>
-where to locate the filesystem's contents. Here we've chosen
-<filename>/mnt/hd</filename>.
-Finally, we must decide what options to use if any. These are declared
-with the <arg>-o</arg> argument. A short-list of the most common
-options follows.
+<application>chmod</application> can also use letter values along with
+<keycap>+</keycap> or <keycap>-</keycap> to grant or deny permissions.
+While this may be easier to
+remember, it's often easier to use the octal permissions.
</para>
<table pgwide="0">
-<title>Common mount options</title>
+<title>Alphabetic Permissions</title>
<tgroup cols="2">
<thead>
- <entry>Option</entry>
- <entry>Description</entry>
+ <row>
+ <entry>Permission</entry>
+ <entry>Letter Value</entry>
+ </row>
</thead>
<tbody>
<row>
- <entry>ro</entry>
- <entry>read-only</entry>
+ <entry>Read</entry>
+ <entry>r</entry>
</row>
<row>
- <entry>rw</entry>
- <entry>read-write (default)</entry>
+ <entry>Write</entry>
+ <entry>w</entry>
</row>
<row>
- <entry>uid</entry>
- <entry>user to own the contents of the filesystem</entry>
+ <entry>Execute</entry>
+ <entry>x</entry>
</row>
+ </tbody>
+</tgroup>
+</table>
+
+<table pgwide="0">
+<title>Alphabetic Users and Groups</title>
+<tgroup cols="2">
+ <thead>
<row>
- <entry>gid</entry>
- <entry>group to own the contents of the filesystem</entry>
+ <entry>Accounts Affected</entry>
+ <entry>Letter Value</entry>
</row>
+ </thead>
+ <tbody>
<row>
- <entry>noexec</entry>
- <entry>prevent execution of any files on the filesystem</entry>
+ <entry>User/Owner</entry>
+ <entry>u</entry>
</row>
<row>
- <entry>defaults</entry>
- <entry>sane defaults for most filesystems</entry>
+ <entry>Group</entry>
+ <entry>g</entry>
+ </row>
+ <row>
+ <entry>Others/World</entry>
+ <entry>o</entry>
</row>
</tbody>
</tgroup>
</table>
<para>
-If this is your first Linux installation, the only options you
-typically need to be concerned about are <arg>ro</arg> and
-<arg>rw</arg>. The exception to this rule comes when you are dealing
-with filesystems that don't handle traditional Linux permissions such
-as vfat or NTFS. In those cases you'll need to use the <arg>uid</arg>
-or <arg>gid</arg> options to allow non-root users access to these
-filesystems.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>mount -t vfat /dev/hda4 /mnt/hd -o uid=alan</userinput>
-</screen>
-
-<para>
-But Alan, that's appalling! I don't want to have to tell mount what
-filesystem or options to use everytime I load a CD. It should be easier
-than that. Well thankfully, it is. The <filename>/etc/fstab</filename>
-file contains all this information for filesystems that the installer
-sets up for you, and you can make additions to it as well.
-<filename>fstab</filename>(5) looks like a simple table containing the
-device to mount along with its filesystem type and optional arguments.
-Let's take a look.
+To use the letter values with <application>chmod</application>, you
+must specify which set to use them with, either "u" for user, "g" for
+group, and "o" for all others. You must also specify whether you are
+adding or removing permissions with the "+" and "-" signs. Multiple
+sets can be changed at once by seperating each with a comma.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>cat /etc/fstab</userinput>
-/dev/hda1 / reiserfs defaults 1 1
-/dev/hda2 /home reiserfs defaults 1 2
-/dev/hda3 swap swap defaults 0 0
-/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0
-/dev/fd0 /mnt/floppy auto noauto,owner 0 0
-devpts /dev/pts devpts gid=5,mode=620 0 0
-proc /proc proc defaults 0 0
+<screen><prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput>
+total 0
+-rw-r--r-- 1 alan users 0 2008-06-06 23:37 a
+-rw-r--r-- 1 alan users 0 2008-06-06 23:37 b
+-rw-r--r-- 1 alan users 0 2008-06-06 23:37 c
+-rw-r--r-- 1 alan users 0 2008-06-06 23:37 d
+<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x a</userinput>
+<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod g+w b</userinput>
+<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+x,g+x,o-r c</userinput>
+<prompt>darkstar:/tmp/foo# </prompt><userinput>chmod u+rx-w,g+r,o-r d</userinput>
+<prompt>darkstar:/tmp/foo# </prompt><userinput>ls -l</userinput>
+-rwxr--r-- 1 alan users 0 2008-06-06 23:37 a*
+-rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b
+-rwxr-x--- 1 alan users 0 2008-06-06 23:37 c*
+-r-xr----- 1 alan users 0 2008-06-06 23:37 d*
</screen>
<para>
-If you have an entry in <filename>fstab</filename> for your filesystem, you
-need only tell mount the device node or the mount location.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>mount /dev/cdrom</userinput>
-<prompt>darkstar:~# </prompt><userinput>mount /home</userinput>
-</screen>
-
-<para>
-One final use for
-<application>mount</application>
-is to tell you what filesystems are currently mounted and with what
-options. Simply run
-<application>mount</application>
-without any arguments to display these.
+Which you prefer to use is entirely up to you. There are places where
+one is better than the other, so a real Slacker will know both inside
+out.
</para>
</section>
<section>
-<title>Network Filesystems</title>
+<title>SUID, SGID, and the "Sticky" Bit</title>
<para>
-In addition to local filesystems, Slackware supports a number of network
-filesystems as both client and server. This allows you to share data
-between multiple computers transparently. We'll discuss the two most
-common: NFS and SMB.
+We're not quite done with permissions just yet. There are three other
+"special" permissions in addition to those mentioned above. They are
+SUID, SGID, and the sticky bit. When a file has one or more of these
+permissions set, it behaves in special ways. The SUID and SGID
+permissions change the way an application is run, while the sticky bit
+restricts deletion of files. These permissions are applied with
+<application>chmod</application>
+like read, write, and execute, but with a twist.
</para>
-<section>
-<title>NFS</title>
-
<para>
-NFS is the Network File System for Linux as well as several other common
-operating systems. It has modest performance but supports the full range of
-permissions for Slackware. In order to use NFS as either a client or a
-server, you must run the remote procedure call daemon. This is easily
-accomplished by setting the <filename>/etc/rc.d/rc.rpc</filename> file
-executable and telling it to start. Once it has been set executable, it
-will run automatically every time you boot into Slackware.
+SUID and SGID stand for "Set User ID" and "Set Group ID" respectively.
+When an application with one of these bits is set, the application runs
+with the user or group ownership permissions of that application
+regardless of what user actually
+executed it. Let's take a look at a common SUID application, the humble
+<application>passwd</application> and the files it modifies.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.rpc</userinput>
-<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.rpc start</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/bin/passwd \
+ /etc/passwd \
+ /etc/shadow</userinput>
+-rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd
+-rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow
+-rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd*
</screen>
<para>
-Mounting an NFS share is little different than mounting a local filesystem.
-Rather than specifying a local device, you must tell mount the domain name
-or IP address of the NFS server and the directory to mount with a colon
-between them.
+Notice the permissions on <application>passwd</application>. Instead of
+an <keycap>x</keycap> in the user's execute slot, we have an
+<keycap>s</keycap>. This tells us that
+<application>passwd</application> is a SUID program, and when we run
+it, the process will run as the user "root" rather than as the user
+that actually executed it. The reason for this is readily apparent as
+soon as you look at the two files it modifies. Neither
+<filename>/etc/passwd</filename> nor <filename>/etc/shadow</filename>
+are writeable by anyone other than root. Since users need to change
+their personal information, <application>passwd</application> must be
+run as root in order to modify those files.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>mount -t nfs darkstar.example.com:/home /home</userinput>
-</screen>
-
<para>
-Running an NFS server is a little bit different. First, you must configure
-each directory to be exported in the <filename>/etc/exports</filename>
-file. <filename>exports</filename>(5) contains information about what
-directories will be shared, who they will be shared with, and what special
-permissions to grant or deny.
+So what about the sticky bit? The sticky bit restricts the ability to
+move or delete files and is only ever set on directories. Non-root
+users cannot move or delete any files under a directory with the sticky
+bit set unless they are the owner of that file. Normally anyone with
+write permission to the file can do this, but the sticky bit prevents
+it for anyone but the owner (and of course, root). Let's take a look at
+a common "sticky" directory.
</para>
-<screen>
-# See exports(5) for a description.
-# This file contains a list of all directories exported to other computers.
-# It is used by rpc.nfsd and rpc.mountd.
-
-/home/backup 192.168.1.0/24(sync,rw,no_root_squash)
+<screen><prompt>darkstar:~# </prompt><userinput>ls -ld /tmp</userinput>
+drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp
</screen>
<para>
-The first column in
-<filename>exports</filename>
-is a list of the files to be exported via NFS. The second column is a list
-of what systems may access the export along with special permissions. You
-can specify hosts via domain name, IP address, or netblock address (as I
-have here). Special permissions are always a parenthetical list. For a
-complete list, you'll need to read the man page. For now, the only special
-option that matters is <arg>no_root_squash</arg>. Usually the root user on
-an NFS client cannot read or write an exported share. Instead, the root
-user is "squashed" and forced to act as the nobody user.
-<arg>no_root_squash</arg> prevents this.
+Naturally, being a directory for the storage of temporary files sytem
+wide, <filename>/tmp</filename> needs to be readable, writeable, and
+executable by anyone and everyone. Since any user is likely to have a
+file or two stored here at any time, it only makes good sense to
+prevent other users from deleting those files, so the sticky bit has
+been set. You can see it by the presence of the <keycap>t</keycap> in
+place of the <keycap>x</keycap> in the world permissions section.
</para>
-<para>
-You'll also need to run the NFS daemon. Starting and stopping NFS server
-support is done with the <filename>/etc/rc.d/rc.nfsd</filename> rc script.
-Set it executable and run it just like we did for
-<filename>rc.rpc</filename> and you are ready to go.
-</para>
-
-</section>
-
-<section>
-<title>SMB</title>
-
-<para>
-SMB is the Windows network file-sharing protocol. Connecting to SMB shares
-(commonly called samba shares) is fairly straight forward. Unfortuantely,
-SMB isn't as strongly supported as NFS. Still, it offers higher performance
-and connectivity with Windows computers. For these reasons, SMB is the most
-common network file-sharing protocol deployed on local networks. Exporting
-SMB shares from Slackware is done through the samba daemon and configured
-in <filename>smb.conf</filename>(5). Unfortunately configuring samba as a
-service is beyond the scope of this book. Check online for additional
-documentation, and as always refer to the man page.
-</para>
+<table pgwide="0">
+<title>SUID, SGID, and "Sticky" Permissions</title>
+<tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Permission Type</entry>
+ <entry>Octal Value</entry>
+ <entry>Letter Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>SUID</entry>
+ <entry>4</entry>
+ <entry>s</entry>
+ </row>
+ <row>
+ <entry>SGID</entry>
+ <entry>2</entry>
+ <entry>s</entry>
+ </row>
+ <row>
+ <entry>Sticky</entry>
+ <entry>1</entry>
+ <entry>t</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
<para>
-Thankfully mounting an SMB share is easy and works almost exactly like
-mounting an NFS share. You must tell mount where to find the server and
-what share you wish to access in exactly the same way. Additionally, you
-must specify a username and password.
+When using octal permissions, you must specify an additional leading
+octal value. For example, to recreate the permission on
+<filename>/tmp</filename>, we would use 1777. To recreate those
+permissions on <filename>/usr/bin/passwd</filename>, we would use 4711.
+Essentially, any time this leading fourth octet isn't specified,
+<application>chmod</application> assumes its value to be 0.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home /home -o username=alan,password=secret</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>chmod 1777 /tmp</userinput>
+<prompt>darkstar:~# </prompt><userinput>chmod 4711 /usr/bin/passwd</userinput>
</screen>
<para>
-You may be wondering why the filesystem type is cifs instead of smbfs. In
-older versions of the Linux kernel, smbfs was used. This has been
-deprecated in favor of the better performing and more secure general
-purpose cifs driver.
-</para>
-
-<para>
-All SMB shares require the <arg>username</arg> and <arg>password</arg>
-arguments. This can create a security problem if you wish to place your
-samba share in fstab. You may avoid this problem by using the
-<arg>credentials</arg> argument. <arg>credentials</arg> points to a file
-which contains the username and password information. As long as this file
-is safely guarded and readable only by root, the likelyhood that your
-authentication credentials will be compromised is lessened.
+Using the alphabetic permission values is slightly different. Assuming
+the two files above have permissions of 0000 (no permissions at all),
+here is how we would set them.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>echo "username=alan" > /etc/creds-home</userinput>
-<prompt>darkstar:~# </prompt><userinput>echo "password=secret" >> /etc/creds-home</userinput>
-<prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home -o credentials=/etc/creds-home</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>chmod ug+rwx,o+rwt /tmp</userinput>
+<prompt>darkstar:~# </prompt><userinput>chmod u+rws,go+x /usr/bin/passwd</userinput>
</screen>
-</section>
-
-
-
-
-
-
-
diff --git a/chapter_11.xml b/chapter_11.xml
index 7a507f0..a721dfa 100644
--- a/chapter_11.xml
+++ b/chapter_11.xml
@@ -3,331 +3,498 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title><application>vi</application></title>
+<title>Working with Filesystems</title>
<section>
-<title>What is <application>vi</application>?</title>
+<title>The Filesystem Hierarchy</title>
<para>
-Scattered all around your computer are thousands of text files. To a
-new user, this may seem inconsequential, but almost everything in
-Slackware Linux uses a plain-text file for configuration. This allows
-users to make changes to the system quickly, easily, and intuitively.
-In chapter 5, we looked at a few commands such as
-<application>cat</application> and <application>less</application> that
-can be used to read these files, but what if we want to make changes to
-them? For that, we need a text editor, and
-<application>vi</application> is up to the task.
+Slackware Linux stores all of its files and directories under a single
+<filename>/</filename> directory, typically referred to as "root". This
+is in stark contract to what you may be familiar with in the form of
+Microsoft Windows. Different hard disk partitions, cdroms, usb flash
+drives, and even floppy disks can all be mounted in directories under
+<filename>/</filename>, but do not have anything like "drive letters".
+The contents of these devices can be found almost anywhere, but there
+are some sane defaults that Slackware sets up for you. For example,
+cd-rw drives are most often found at <filename>/mnt/cd-rw</filename>.
+Here are a few common directories present on nearly all Slackware Linux
+installations, and what you can expect to find there.
</para>
-<para>
-In short, <application>vi</application> is one of the oldest and most
-powerful text editors still used today. It's beloved by system
-administrators, programmers, hobbiests, and others the world over. In
-fact, nearly this entire book was written using
-<application>vi</application>; only the next chapter on
-<application>emacs</application> was written with that editor.
-</para>
+<table pgwide="0">
+<title>Filesystem Layout</title>
+<tgroup cols="2">
+ <thead>
+ <entry>Directory</entry>
+ <entry>Explaination</entry>
+ </thead>
+ <tbody>
+ <row>
+ <entry>/</entry>
+ <entry>The root directory, under which all others exist</entry>
+ </row>
+ <row>
+ <entry>/bin</entry>
+ <entry>Minimal set of binary programs for all users</entry>
+ </row>
+ <row>
+ <entry>/boot</entry>
+ <entry>The kernel, initrd, and other requirements for booting Slackware</entry>
+ </row>
+ <row>
+ <entry>/etc/</entry>
+ <entry>System configuration files</entry>
+ </row>
+ <row>
+ <entry>/dev</entry>
+ <entry>Collection of special files allowing direct access to hardware</entry>
+ </row>
+ <row>
+ <entry>/home</entry>
+ <entry>User directories where personal files and settings are stored</entry>
+ </row>
+ <row>
+ <entry>/media</entry>
+ <entry>Directory for auto-mounting features in DBUS/HAL</entry>
+ </row>
+ <row>
+ <entry>/mnt</entry>
+ <entry>Places to temporarily mount removable media</entry>
+ </row>
+ <row>
+ <entry>/opt</entry>
+ <entry>Directory where some (typicaly proprietary) software may be installed</entry>
+ </row>
+ <row>
+ <entry>/proc</entry>
+ <entry>Kernel exported filesystem for process information</entry>
+ </row>
+ <row>
+ <entry>/root</entry>
+ <entry>The root user's home directory</entry>
+ </row>
+ <row>
+ <entry>/sbin</entry>
+ <entry>Minimal set of system or superuser binaries</entry>
+ </row>
+ <row>
+ <entry>/srv</entry>
+ <entry>Site-specific data such as web pages served by this system</entry>
+ </row>
+ <row>
+ <entry>/sys</entry>
+ <entry>Special kernel implimentation details</entry>
+ </row>
+ <row>
+ <entry>/tmp</entry>
+ <entry>Directory reserved for temporary files for all users</entry>
+ </row>
+ <row>
+ <entry>/usr</entry>
+ <entry>All non-essential programs, libraries, and shared files</entry>
+ </row>
+ <row>
+ <entry>/var</entry>
+ <entry>Regularly changing data such as log files</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
+
+</section>
+
+<section>
+<title>Local Filesystem Types</title>
<para>
-A little further explanation is needed to learn exactly what
-<application>vi</application> is today though, as Slackware Linux
-technically doesn't include <application>vi</application>. Rather,
-Slackware includes two vi "clones", <application>elvis</application>(1)
-and <application>vim</application>(1). These clones add many additional
-features to vi such as syntax highlighting, binary editing modes, and
-network support. We won't go too deeply into all these details. By
-default, if you execute <application>vi</application> on Slackware
-Linux, you'll be using <application>elvis</application>, so all
-examples in this chapter will assume that is what you are using. If
-you've used another Linux distribution before, you may be more familiar
-with <application>vim</application>. If so, you might wish to change
-the symlink for <filename>/usr/bin/vi</filename> to point to
-<filename>/usr/bin/vim</filename>, or add an alias to your shell's
-startup scripts. <application>vim</application> is generally considered
-to be more feature-rich than <application>elvis</application>, but
-<application>elvis</application> is a much smaller program and contains
-more features than most users will ever need.
+The Linux kernel supports a wide variety of filesystems, which allows
+you to choose from a long list of features to tailor to your particular
+need. Fortunately, most of the default filesystem types are adequate
+for any needs you may have. Some filesystems are geared towards
+particular media. For example, the iso9660 filesystem is used almost
+exclusively for CD and DVD media.
</para>
+<section>
+<title>ext2</title>
+
<para>
-<application>vi</application> is very powerful, but also somewhat
-cumbersome and challening for a new user to learn. However, mastering
-<application>vi</application> is an important skill for any
-self-respecting system administrator to learn, as
-<application>vi</application> is included on nearly every Linux
-distribution, every BSD system, and every UNIX system in existance.
-It's even included in Mac OS X.
-Once you've learned <application>vi</application>, you'll not have to
-learn another text editor to work on any of these systems. In fact,
-<application>vi</application> clones have even been ported to Microsoft Windows
-systems, so you can use it there too.
+ext2 is the oldest filesystem included in Slackware Linux for storing
+data on hard disks. Compared to other filesystems, ext2 is simplistic.
+It is faster than most others for reading and writing data, but does
+not include any journaling capability. This means that after a hard
+crash, the filesystem must be exhaustively checked to discover and
+(hopefully) fix any errors.
</para>
</section>
<section>
-<title>The Different Modes of <application>vi</application></title>
-
+<title>ext3</title>
<para>
-New users are often frustrated when using <application>vi</application>
-for the first time. When invoked without any arguments,
-<application>vi</application> will display a screen something like
-this.
+ext3 is the younger cousin of ext2. It was designed to replace ext2 in
+most situations and shares much the same code-base, but adds journaling
+support. In fact, ext3 and ext2 are so much alike that it is possible
+to convert one to the other on the fly without lose of data. ext3
+enjoys a lot of popularity for these reasons. There are many tools
+available for recovering data from this filesystem in the event of
+catastrophic hardware failure as well. ext3 is a good general purpose
+filesystem with journaling support, but fails to perform as well as
+other journaling filesystems in specific cases. One pitfall to ext3 is
+that the filesystem must still go through this exhaustive check every
+so often. This is done when the filesystem is mounted, usually when the
+computer is booted, and causes an annoying delay.
</para>
+</section>
-<screen>
-~
-~
-~
-~
-~
-~
-~
-~
-~
-~
-~
- Command
-</screen>
-
+<section>
+<title>reiserfs</title>
<para>
-At this point, the user will being typing and expect the keys he
-presses to appear in the document. Instead, something really strange
-happens. The reason for this is simple. <application>vi</application>
-has different operation "modes". There is a command mode and an insert
-mode. Command mode is the default; in this mode, each keystroke
-performs a particular action such as moving the cursor around, deleting
-text, yanking (copying) text, searching, etc.
+reiserfs is one of the oldest journaling filesystems for the Linux
+kernel and has been supported by Slackware for many years. It is a very
+fast filesystem particularly well suited for storing, retrieving, and
+writing lots of small files. Unfortunately there are few tools for
+recovering data should you experience a drive failure, and reiserfs
+partitions experience corruption more often than ext3.
</para>
+</section>
+<section>
+<title>XFS</title>
+<para>
+XFS was contributed to the Linux kernel by SGI and is one of the best
+filesystems for working with large volumes and large files. XFS uses
+more RAM than other filesystems, but if you need to work with large
+files its performance there is well worth the penalty in memory usage.
+XFS is not particularly ill-suited for desktop or laptop use, but
+really shines on a server that handles medium to large size files all
+day long. Like ext3, XFS is a fully journaled filesystem.
+</para>
+</section>
+<section>
+<title>JFS</title>
+<para>
+JFS was contributed to the Linux kernel by IBM and is well known for
+its responsiveness even under extreme conditions. It can span colossal
+volumes making it particularly well-suited for Network Attached Storage
+(NAS) devices. JFS's long history and thorough testing make it one of
+the most reliable journaling filesystems available for Linux.
+</para>
</section>
<section>
-<title>Opening, Saving, and Quitting</title>
+<title>iso9660</title>
+<para>
+iso9660 is a filesystem specifically designed for optical media such as
+CDs and DVDs. Since optical disks are read-only media, the linux kernel
+does not even include write support for this filesystem. In order to
+create an iso9660 filesystem, you must use user-land tools like
+<application>mkisofs</application>(8) or
+<application>growisofs</application>(8).
+</para>
+</section>
+<section>
+<title>vfat</title>
<para>
-Ok, so you've decided that you want to learn how to use
-<application>vi</application>. The first thing to do is learn how to
-open and save files. Opening files is actually pretty easy. Simply type
-the filename as an argument on the command-line and
-<application>vi</application> will happily load it for you. For
-example, <userinput>vi chapter_11.xml</userinput> will open the file
-<filename>chapter_11.xml</filename> and load its content onto the
-screen, simple enough. But what if we've finished with one document and
-wish to save it? We can do that in command mode using the <arg>:w</arg>
-command. When in command mode, pressing the <keycap>:</keycap> key
-temporarily positions the cursor on the very bottom line of the window
-and allows you to enter special commands. (This is technically known as
-ex-mode after the venerable <application>ex</application> application
-which we will not document here.) The command to save your current work
-is <arg>:w</arg>. Once this is done, <application>vi</application> will
-write your changes to the buffer back into the file. If you wish to
-open another document, simply use the <arg>:e other_document</arg>
-command and <application>vi</application> will happily open it for you.
-If you've made changes to the buffer but haven't saved it yet,
-<arg>:e</arg> will fail and print a warning message on the bottom line.
-You can bypass this with the <arg>:e!</arg> command. Most ex-mode
-commands in <application>vi</application> can be "forced" by adding
-<keycap>!</keycap> to them. This tells <application>vi</application>
-that you want to abandon any changes you've made to the buffer and open
-the other document immediately.
+Sometimes you may need to share data between Windows and Linux
+computers, but can't transfer the files over a network. Instead you
+require a shared hard drive partition or a USB flash drive. The humble
+vfat filesystem is the best choice here since it is supported by the
+largest variety of operating systems. Unfortuantely, being a Microsoft
+designed filesystem, it does not store permissions in the same way as
+traditional Linux filesystems. This means that special options must be
+used to allow multiple users to access data on this filesystem.
</para>
+</section>
+<section>
+<title>swap</title>
<para>
-But what if I don't like my changes and want to quit or start over?
-That's easily done as well. Executing the <arg>:e!</arg> command
-without any arguments will re-open the current document from the
-beginning. Quitting <application>vi</application> is as simple as
-running the <arg>:q</arg> command if you haven't made any changes to
-the buffer, or <arg>:q!</arg> if you'd like to quit and abandon those
-changes.
+Unlike other filesystems which hold files and directories, swap
+partitions hold virtual memory. This is very useful as it prevents the
+system from crashing should all your RAM be consumed. Instead, the
+kernel copies portions of the RAM into swap and frees them up for other
+applications to use. Think of it as adding virtual memory to your
+computer, very slow virtual memory. swap is typically a fail-safe and
+shouldn't be relied upon for continual use. Add more RAM to your system
+if you find yourself using lots of swap.
</para>
+</section>
</section>
<section>
-<title>Moving Around</title>
+<title>Using <application>mount</application></title>
+
+<para>
+Now that we've learned what (some of) the different filesystems
+available in Linux are, it's time we looked at how to use them. In
+order to read or write data on a filesystem, that filesystem must first
+be mounted. To do this, we (naturally) use
+<application>mount</application>(8). The first thing we must do is
+decide where we want the filesystem located. Recall that there are no
+such things are drive letters denoting filesystems in Linux. Instead,
+all filesystems are mounted on directories. The base filesystem on
+which you install Slackware is always located at <filename>/</filename>
+and others are always located in subdirectories of
+<filename>/</filename>. <filename>/mnt/hd</filename> is a common place
+to temporarily locate a partition, so we'll use that in our first
+example. In order to mount a filesystem's contents, we must tell mount
+what kind of filesystem we have, where to mount it, and any special
+options to use.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>mount -t ext3 /dev/hda3 /mnt/hd -o ro</userinput>
+</screen>
<para>
-Moving around in <application>vi</application> is perhaps the hardest
-thing for a new user to learn. <application>vi</application> does not
-traditionally use the directional arrow keys for cursor movement,
-although in Slackware Linux that is an option. Rather, movement is
-simply another command issued in command-mode. The reason for this is
-rather simple. <application>vi</application> actually predates the
-inclusion of directional arrow keys on keyboards. Thus,
-movement of the cursor had to be accomplished by using the few
-keys available, so the right-hand "home row" keys of
-<keycap>h</keycap>, <keycap>j</keycap>, <keycap>k</keycap>, and
-<keycap>l</keycap> were chosen. These keys will move the cursor about
-whenever <application>vi</application> is in command mode. Here's a
-short table to help you remember how they work.
+Let's disect this. We have an ext3 filesystem located on the third
+partition of the first IDE device, and we've decided to mount its
+contents on the directory <filename>/mnt/hd</filename>. Additionally,
+we have mounted it read-only so no changes can be made to these
+contents. The <arg>-t ext3</arg> argument tells
+<application>mount</application>
+what type of filesystem we are using,
+in this case it is ext3. This lets the kernel know which driver to use.
+Often <application>mount</application> can determine this for itself,
+but it never hurts to explicitly declare it. Second, we tell
+<application>mount</application>
+where to locate the filesystem's contents. Here we've chosen
+<filename>/mnt/hd</filename>.
+Finally, we must decide what options to use if any. These are declared
+with the <arg>-o</arg> argument. A short-list of the most common
+options follows.
</para>
<table pgwide="0">
-<title>vi cursor movement</title>
+<title>Common mount options</title>
<tgroup cols="2">
<thead>
- <row>
- <entry>Command</entry>
- <entry>Result</entry>
- </row>
+ <entry>Option</entry>
+ <entry>Description</entry>
</thead>
<tbody>
<row>
- <entry>h</entry>
- <entry>Move the cursor one character left.</entry>
+ <entry>ro</entry>
+ <entry>read-only</entry>
+ </row>
+ <row>
+ <entry>rw</entry>
+ <entry>read-write (default)</entry>
+ </row>
+ <row>
+ <entry>uid</entry>
+ <entry>user to own the contents of the filesystem</entry>
</row>
<row>
- <entry>j</entry>
- <entry>Move the cursor one line down</entry>
+ <entry>gid</entry>
+ <entry>group to own the contents of the filesystem</entry>
</row>
<row>
- <entry>k</entry>
- <entry>Move the cursor one line up</entry>
+ <entry>noexec</entry>
+ <entry>prevent execution of any files on the filesystem</entry>
</row>
<row>
- <entry>l</entry>
- <entry>Move the cursor one character right</entry>
+ <entry>defaults</entry>
+ <entry>sane defaults for most filesystems</entry>
</row>
</tbody>
</tgroup>
</table>
<para>
-Moving around is a little more powerful than that though. Like many
-command keys, these movement keys accept numerical arguments. For
-example, <keycap>10j</keycap> will move the cursor down 10 lines. You
-can also move to the end or beginning of the current line with
-<keycap>$</keycap> and <keycap>^</keycap>, respectively.
+If this is your first Linux installation, the only options you
+typically need to be concerned about are <arg>ro</arg> and
+<arg>rw</arg>. The exception to this rule comes when you are dealing
+with filesystems that don't handle traditional Linux permissions such
+as vfat or NTFS. In those cases you'll need to use the <arg>uid</arg>
+or <arg>gid</arg> options to allow non-root users access to these
+filesystems.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>mount -t vfat /dev/hda4 /mnt/hd -o uid=alan</userinput>
+</screen>
+
+<para>
+But Alan, that's appalling! I don't want to have to tell mount what
+filesystem or options to use everytime I load a CD. It should be easier
+than that. Well thankfully, it is. The <filename>/etc/fstab</filename>
+file contains all this information for filesystems that the installer
+sets up for you, and you can make additions to it as well.
+<filename>fstab</filename>(5) looks like a simple table containing the
+device to mount along with its filesystem type and optional arguments.
+Let's take a look.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>cat /etc/fstab</userinput>
+/dev/hda1 / reiserfs defaults 1 1
+/dev/hda2 /home reiserfs defaults 1 2
+/dev/hda3 swap swap defaults 0 0
+/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0
+/dev/fd0 /mnt/floppy auto noauto,owner 0 0
+devpts /dev/pts devpts gid=5,mode=620 0 0
+proc /proc proc defaults 0 0
+</screen>
+
+<para>
+If you have an entry in <filename>fstab</filename> for your filesystem, you
+need only tell mount the device node or the mount location.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>mount /dev/cdrom</userinput>
+<prompt>darkstar:~# </prompt><userinput>mount /home</userinput>
+</screen>
+
+<para>
+One final use for
+<application>mount</application>
+is to tell you what filesystems are currently mounted and with what
+options. Simply run
+<application>mount</application>
+without any arguments to display these.
</para>
</section>
<section>
-<title>Editing A Document</title>
+<title>Network Filesystems</title>
<para>
-Now that we're able to open and save documents, as well as move around
-in them, it's time to learn how to edit them. The primary means of
-editing is to enter insert mode using either the <keycap>i</keycap> or
-<keycap>a</keycap> command keys. These either insert text at the
-cursor's current location, or append it after the cursor's current
-location. Once into insert mode, you can type any text normally and it
-will be placed into your document. You can return to command mode in
-order to save your changes by pressing the <keycap>ESC</keycap> key.
+In addition to local filesystems, Slackware supports a number of network
+filesystems as both client and server. This allows you to share data
+between multiple computers transparently. We'll discuss the two most
+common: NFS and SMB.
+</para>
+
+<section>
+<title>NFS</title>
+
+<para>
+NFS is the Network File System for Linux as well as several other common
+operating systems. It has modest performance but supports the full range of
+permissions for Slackware. In order to use NFS as either a client or a
+server, you must run the remote procedure call daemon. This is easily
+accomplished by setting the <filename>/etc/rc.d/rc.rpc</filename> file
+executable and telling it to start. Once it has been set executable, it
+will run automatically every time you boot into Slackware.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.rpc</userinput>
+<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.rpc start</userinput>
+</screen>
+
+<para>
+Mounting an NFS share is little different than mounting a local filesystem.
+Rather than specifying a local device, you must tell mount the domain name
+or IP address of the NFS server and the directory to mount with a colon
+between them.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>mount -t nfs darkstar.example.com:/home /home</userinput>
+</screen>
+
+<para>
+Running an NFS server is a little bit different. First, you must configure
+each directory to be exported in the <filename>/etc/exports</filename>
+file. <filename>exports</filename>(5) contains information about what
+directories will be shared, who they will be shared with, and what special
+permissions to grant or deny.
+</para>
+
+<screen>
+# See exports(5) for a description.
+# This file contains a list of all directories exported to other computers.
+# It is used by rpc.nfsd and rpc.mountd.
+
+/home/backup 192.168.1.0/24(sync,rw,no_root_squash)
+</screen>
+
+<para>
+The first column in
+<filename>exports</filename>
+is a list of the files to be exported via NFS. The second column is a list
+of what systems may access the export along with special permissions. You
+can specify hosts via domain name, IP address, or netblock address (as I
+have here). Special permissions are always a parenthetical list. For a
+complete list, you'll need to read the man page. For now, the only special
+option that matters is <arg>no_root_squash</arg>. Usually the root user on
+an NFS client cannot read or write an exported share. Instead, the root
+user is "squashed" and forced to act as the nobody user.
+<arg>no_root_squash</arg> prevents this.
+</para>
+
+<para>
+You'll also need to run the NFS daemon. Starting and stopping NFS server
+support is done with the <filename>/etc/rc.d/rc.nfsd</filename> rc script.
+Set it executable and run it just like we did for
+<filename>rc.rpc</filename> and you are ready to go.
</para>
</section>
<section>
-<title><application>vi</application> Cheat Sheet</title>
+<title>SMB</title>
<para>
-Since <application>vi</application> can be difficult to learn, I've
-prepared a short cheat sheat that should help you with the basics until
-you begin to feel comfortable.
+SMB is the Windows network file-sharing protocol. Connecting to SMB shares
+(commonly called samba shares) is fairly straight forward. Unfortuantely,
+SMB isn't as strongly supported as NFS. Still, it offers higher performance
+and connectivity with Windows computers. For these reasons, SMB is the most
+common network file-sharing protocol deployed on local networks. Exporting
+SMB shares from Slackware is done through the samba daemon and configured
+in <filename>smb.conf</filename>(5). Unfortunately configuring samba as a
+service is beyond the scope of this book. Check online for additional
+documentation, and as always refer to the man page.
</para>
-<table pgwide="0">
-<title>vi Cheat Sheet</title>
-<tgroup cols="2" title="Movement">
- <thead>
- <row>
- <entry>Command</entry>
- <entry>Result</entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>h</entry>
- <entry>Move the cursor one character left.</entry>
- </row>
- <row>
- <entry>j</entry>
- <entry>Move the cursor one line down</entry>
- </row>
- <row>
- <entry>k</entry>
- <entry>Move the cursor one line up</entry>
- </row>
- <row>
- <entry>l</entry>
- <entry>Move the cursor one character right</entry>
- </row>
- <row>
- <entry>10j</entry>
- <entry>Move the cursor ten lines down</entry>
- </row>
- <row>
- <entry>G</entry>
- <entry>Move to the end of the file</entry>
- </row>
- <row>
- <entry>^</entry>
- <entry>Move to the beginning of the line</entry>
- </row>
- <row>
- <entry>$</entry>
- <entry>Move to the end of the line</entry>
- </row>
- <row>
- <entry>dd</entry>
- <entry>Remove a line</entry>
- </row>
- <row>
- <entry>5dd</entry>
- <entry>Remove 5 lines</entry>
- </row>
- <row>
- <entry>r</entry>
- <entry>Replace a single character</entry>
- </row>
- <row>
- <entry>R</entry>
- <entry>Replace multiple characters</entry>
- </row>
- <row>
- <entry>x</entry>
- <entry>Delete a character</entry>
- </row>
- <row>
- <entry>X</entry>
- <entry>Delete the previous character</entry>
- </row>
- <row>
- <entry>u</entry>
- <entry>Undo the last action</entry>
- </row>
- <row>
- <entry>:s'old'new'g</entry>
- <entry>Replace all occurances of 'old' with 'new'</entry>
- </row>
- <row>
- <entry>/asdf</entry>
- <entry>Locate next occurance of asdf</entry>
- </row>
- <row>
- <entry>:q</entry>
- <entry>Quit (without saving)</entry>
- </row>
- <row>
- <entry>:w</entry>
- <entry>Save the current document</entry>
- </row>
- <row>
- <entry>:w file</entry>
- <entry>Save the current document as 'file'</entry>
- </row>
- <row>
- <entry>:x</entry>
- <entry>Save and quit</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
+<para>
+Thankfully mounting an SMB share is easy and works almost exactly like
+mounting an NFS share. You must tell mount where to find the server and
+what share you wish to access in exactly the same way. Additionally, you
+must specify a username and password.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home /home -o username=alan,password=secret</userinput>
+</screen>
+
+<para>
+You may be wondering why the filesystem type is cifs instead of smbfs. In
+older versions of the Linux kernel, smbfs was used. This has been
+deprecated in favor of the better performing and more secure general
+purpose cifs driver.
+</para>
+
+<para>
+All SMB shares require the <arg>username</arg> and <arg>password</arg>
+arguments. This can create a security problem if you wish to place your
+samba share in fstab. You may avoid this problem by using the
+<arg>credentials</arg> argument. <arg>credentials</arg> points to a file
+which contains the username and password information. As long as this file
+is safely guarded and readable only by root, the likelyhood that your
+authentication credentials will be compromised is lessened.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>echo "username=alan" > /etc/creds-home</userinput>
+<prompt>darkstar:~# </prompt><userinput>echo "password=secret" >> /etc/creds-home</userinput>
+<prompt>darkstar:~# </prompt><userinput>mount -t cifs //darkstar/home -o credentials=/etc/creds-home</userinput>
+</screen>
+
+
+
+
+</section>
+
+
+
+
+
+
+
+
+
</section>
diff --git a/chapter_12.xml b/chapter_12.xml
index 021bcf8..7a507f0 100644
--- a/chapter_12.xml
+++ b/chapter_12.xml
@@ -3,10 +3,331 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Emacs</title>
+<title><application>vi</application></title>
<section>
-<title>No Idea</title>
+<title>What is <application>vi</application>?</title>
+
+<para>
+Scattered all around your computer are thousands of text files. To a
+new user, this may seem inconsequential, but almost everything in
+Slackware Linux uses a plain-text file for configuration. This allows
+users to make changes to the system quickly, easily, and intuitively.
+In chapter 5, we looked at a few commands such as
+<application>cat</application> and <application>less</application> that
+can be used to read these files, but what if we want to make changes to
+them? For that, we need a text editor, and
+<application>vi</application> is up to the task.
+</para>
+
+<para>
+In short, <application>vi</application> is one of the oldest and most
+powerful text editors still used today. It's beloved by system
+administrators, programmers, hobbiests, and others the world over. In
+fact, nearly this entire book was written using
+<application>vi</application>; only the next chapter on
+<application>emacs</application> was written with that editor.
+</para>
+
+<para>
+A little further explanation is needed to learn exactly what
+<application>vi</application> is today though, as Slackware Linux
+technically doesn't include <application>vi</application>. Rather,
+Slackware includes two vi "clones", <application>elvis</application>(1)
+and <application>vim</application>(1). These clones add many additional
+features to vi such as syntax highlighting, binary editing modes, and
+network support. We won't go too deeply into all these details. By
+default, if you execute <application>vi</application> on Slackware
+Linux, you'll be using <application>elvis</application>, so all
+examples in this chapter will assume that is what you are using. If
+you've used another Linux distribution before, you may be more familiar
+with <application>vim</application>. If so, you might wish to change
+the symlink for <filename>/usr/bin/vi</filename> to point to
+<filename>/usr/bin/vim</filename>, or add an alias to your shell's
+startup scripts. <application>vim</application> is generally considered
+to be more feature-rich than <application>elvis</application>, but
+<application>elvis</application> is a much smaller program and contains
+more features than most users will ever need.
+</para>
+
+<para>
+<application>vi</application> is very powerful, but also somewhat
+cumbersome and challening for a new user to learn. However, mastering
+<application>vi</application> is an important skill for any
+self-respecting system administrator to learn, as
+<application>vi</application> is included on nearly every Linux
+distribution, every BSD system, and every UNIX system in existance.
+It's even included in Mac OS X.
+Once you've learned <application>vi</application>, you'll not have to
+learn another text editor to work on any of these systems. In fact,
+<application>vi</application> clones have even been ported to Microsoft Windows
+systems, so you can use it there too.
+</para>
+
+</section>
+
+<section>
+<title>The Different Modes of <application>vi</application></title>
+
+<para>
+New users are often frustrated when using <application>vi</application>
+for the first time. When invoked without any arguments,
+<application>vi</application> will display a screen something like
+this.
+</para>
+
+<screen>
+~
+~
+~
+~
+~
+~
+~
+~
+~
+~
+~
+ Command
+</screen>
+
+<para>
+At this point, the user will being typing and expect the keys he
+presses to appear in the document. Instead, something really strange
+happens. The reason for this is simple. <application>vi</application>
+has different operation "modes". There is a command mode and an insert
+mode. Command mode is the default; in this mode, each keystroke
+performs a particular action such as moving the cursor around, deleting
+text, yanking (copying) text, searching, etc.
+</para>
+
+
+</section>
+
+<section>
+<title>Opening, Saving, and Quitting</title>
+
+<para>
+Ok, so you've decided that you want to learn how to use
+<application>vi</application>. The first thing to do is learn how to
+open and save files. Opening files is actually pretty easy. Simply type
+the filename as an argument on the command-line and
+<application>vi</application> will happily load it for you. For
+example, <userinput>vi chapter_11.xml</userinput> will open the file
+<filename>chapter_11.xml</filename> and load its content onto the
+screen, simple enough. But what if we've finished with one document and
+wish to save it? We can do that in command mode using the <arg>:w</arg>
+command. When in command mode, pressing the <keycap>:</keycap> key
+temporarily positions the cursor on the very bottom line of the window
+and allows you to enter special commands. (This is technically known as
+ex-mode after the venerable <application>ex</application> application
+which we will not document here.) The command to save your current work
+is <arg>:w</arg>. Once this is done, <application>vi</application> will
+write your changes to the buffer back into the file. If you wish to
+open another document, simply use the <arg>:e other_document</arg>
+command and <application>vi</application> will happily open it for you.
+If you've made changes to the buffer but haven't saved it yet,
+<arg>:e</arg> will fail and print a warning message on the bottom line.
+You can bypass this with the <arg>:e!</arg> command. Most ex-mode
+commands in <application>vi</application> can be "forced" by adding
+<keycap>!</keycap> to them. This tells <application>vi</application>
+that you want to abandon any changes you've made to the buffer and open
+the other document immediately.
+</para>
+
+<para>
+But what if I don't like my changes and want to quit or start over?
+That's easily done as well. Executing the <arg>:e!</arg> command
+without any arguments will re-open the current document from the
+beginning. Quitting <application>vi</application> is as simple as
+running the <arg>:q</arg> command if you haven't made any changes to
+the buffer, or <arg>:q!</arg> if you'd like to quit and abandon those
+changes.
+</para>
+
+</section>
+
+<section>
+<title>Moving Around</title>
+
+<para>
+Moving around in <application>vi</application> is perhaps the hardest
+thing for a new user to learn. <application>vi</application> does not
+traditionally use the directional arrow keys for cursor movement,
+although in Slackware Linux that is an option. Rather, movement is
+simply another command issued in command-mode. The reason for this is
+rather simple. <application>vi</application> actually predates the
+inclusion of directional arrow keys on keyboards. Thus,
+movement of the cursor had to be accomplished by using the few
+keys available, so the right-hand "home row" keys of
+<keycap>h</keycap>, <keycap>j</keycap>, <keycap>k</keycap>, and
+<keycap>l</keycap> were chosen. These keys will move the cursor about
+whenever <application>vi</application> is in command mode. Here's a
+short table to help you remember how they work.
+</para>
+
+<table pgwide="0">
+<title>vi cursor movement</title>
+<tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Command</entry>
+ <entry>Result</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>h</entry>
+ <entry>Move the cursor one character left.</entry>
+ </row>
+ <row>
+ <entry>j</entry>
+ <entry>Move the cursor one line down</entry>
+ </row>
+ <row>
+ <entry>k</entry>
+ <entry>Move the cursor one line up</entry>
+ </row>
+ <row>
+ <entry>l</entry>
+ <entry>Move the cursor one character right</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
+
+<para>
+Moving around is a little more powerful than that though. Like many
+command keys, these movement keys accept numerical arguments. For
+example, <keycap>10j</keycap> will move the cursor down 10 lines. You
+can also move to the end or beginning of the current line with
+<keycap>$</keycap> and <keycap>^</keycap>, respectively.
+</para>
+
+</section>
+
+<section>
+<title>Editing A Document</title>
+
+<para>
+Now that we're able to open and save documents, as well as move around
+in them, it's time to learn how to edit them. The primary means of
+editing is to enter insert mode using either the <keycap>i</keycap> or
+<keycap>a</keycap> command keys. These either insert text at the
+cursor's current location, or append it after the cursor's current
+location. Once into insert mode, you can type any text normally and it
+will be placed into your document. You can return to command mode in
+order to save your changes by pressing the <keycap>ESC</keycap> key.
+</para>
+
+</section>
+
+<section>
+<title><application>vi</application> Cheat Sheet</title>
+
+<para>
+Since <application>vi</application> can be difficult to learn, I've
+prepared a short cheat sheat that should help you with the basics until
+you begin to feel comfortable.
+</para>
+
+<table pgwide="0">
+<title>vi Cheat Sheet</title>
+<tgroup cols="2" title="Movement">
+ <thead>
+ <row>
+ <entry>Command</entry>
+ <entry>Result</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>h</entry>
+ <entry>Move the cursor one character left.</entry>
+ </row>
+ <row>
+ <entry>j</entry>
+ <entry>Move the cursor one line down</entry>
+ </row>
+ <row>
+ <entry>k</entry>
+ <entry>Move the cursor one line up</entry>
+ </row>
+ <row>
+ <entry>l</entry>
+ <entry>Move the cursor one character right</entry>
+ </row>
+ <row>
+ <entry>10j</entry>
+ <entry>Move the cursor ten lines down</entry>
+ </row>
+ <row>
+ <entry>G</entry>
+ <entry>Move to the end of the file</entry>
+ </row>
+ <row>
+ <entry>^</entry>
+ <entry>Move to the beginning of the line</entry>
+ </row>
+ <row>
+ <entry>$</entry>
+ <entry>Move to the end of the line</entry>
+ </row>
+ <row>
+ <entry>dd</entry>
+ <entry>Remove a line</entry>
+ </row>
+ <row>
+ <entry>5dd</entry>
+ <entry>Remove 5 lines</entry>
+ </row>
+ <row>
+ <entry>r</entry>
+ <entry>Replace a single character</entry>
+ </row>
+ <row>
+ <entry>R</entry>
+ <entry>Replace multiple characters</entry>
+ </row>
+ <row>
+ <entry>x</entry>
+ <entry>Delete a character</entry>
+ </row>
+ <row>
+ <entry>X</entry>
+ <entry>Delete the previous character</entry>
+ </row>
+ <row>
+ <entry>u</entry>
+ <entry>Undo the last action</entry>
+ </row>
+ <row>
+ <entry>:s'old'new'g</entry>
+ <entry>Replace all occurances of 'old' with 'new'</entry>
+ </row>
+ <row>
+ <entry>/asdf</entry>
+ <entry>Locate next occurance of asdf</entry>
+ </row>
+ <row>
+ <entry>:q</entry>
+ <entry>Quit (without saving)</entry>
+ </row>
+ <row>
+ <entry>:w</entry>
+ <entry>Save the current document</entry>
+ </row>
+ <row>
+ <entry>:w file</entry>
+ <entry>Save the current document as 'file'</entry>
+ </row>
+ <row>
+ <entry>:x</entry>
+ <entry>Save and quit</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
</section>
diff --git a/chapter_13.xml b/chapter_13.xml
index 23eae86..021bcf8 100644
--- a/chapter_13.xml
+++ b/chapter_13.xml
@@ -3,400 +3,10 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Networking</title>
+<title>Emacs</title>
<section>
-<title><application>netconfig</application></title>
-
-<para>
-Computers aren't very interesting on their own. Sure, you can install
-games on them, but that just turns them into glorified entertainment
-consoles. Today, computers need to be able to talk to one another; they
-need to be networked. Whether you're installing a business network with
-hundreds or thousands of computers or just setting up a single PC for
-Internet access, Slackware is simple and easy. This chapter should
-teach you how to setup typical wired networks. Common wireless setup will
-be thoroughly discussed in the next section, but much of what you read
-here will be applicable there as well.
-</para>
-
-<para>
-There are many different ways to configure your computer to connect to
-a network or the Internet, but they fall into two main categories:
-static and dymanic. Static addresses are solid; they are set with the
-understanding that they will not be changed, at least not anytime soon.
-Dynamic addresses are fluid; the assumption is that the address will
-change at some time in the future. Typically any sort of network server
-requires a static address simply so other machines will know where to
-contact it when they need services. Dynamic addresses tend to be used
-for workstations, Internet clients, and any machine that doesn't
-require a static address for any reason. Dynamic addresses are more
-flexible, but present complications of their own.
-</para>
-
-<para>
-There are many different kinds of network protocols that you might
-encounter, but most people will only ever need to deal with Internet
-Protocol (IP). For that reason, we'll focus exclusively on IP in this
-book.
-</para>
-
-</section>
-
-<section>
-<title>Manual Configuration</title>
-
-<para>
-Ok, so you've installed Slackware, you've setup a desktop, but you
-can't get it to connect to the Internet or your business's LAN (local
-area network), what do you do? Fortunately, the answer to that question
-is simple. Slackware includes a number of tools to configure your
-network connection. The first we will look at today is the very
-powerful <application>ifconfig</application>(8).
-<application>ifconfig</application> is used to setup or modify the
-configuration of a Network Interface Card (NIC or Ethernet Card), the
-most common hardware for connecting to networks today.
-<application>ifconfig</application> is an incredibly powerful tool
-capable of doing much more than setting IP addresses. For a complete
-introduction, you should read its man page. For now, we're just going
-to use it to display and change the network addresses of some ethernet
-controllers.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>ifconfig</userinput>
-lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:699 errors:0 dropped:0 overruns:0 frame:0
- TX packets:699 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB)
-
-wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c
- inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB)
-
-wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
-</screen>
-
-
-<para>
-As you can clearly see here, when run without any arguments,
-<application>ifconfig</application> will display all the information it
-has on all the ethernet cards (and wireless ethernet cards) present on
-your system. The above represents a typical wireless connection from my
-laptop, so don't be afraid if what you see on your system doesn't
-match. If you don't see any ethX or wlanX interfaces though, the
-interface may be down. To show all currently present NICs whether they are
-"up" or "down", simply pass the <arg>-a</arg> argument.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>ifconfig -a</userinput>
-eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44
- UP BROADCAST MULTICAST MTU:1500 Metric:1
- RX packets:122780 errors:0 dropped:0 overruns:0 frame:0
- TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB)
- Interrupt:16
-
-lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:699 errors:0 dropped:0 overruns:0 frame:0
- TX packets:699 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB)
-
-wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c
- inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB)
-
-wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
-</screen>
-
-<para>Notice that the eth0 interface is now listed among the returns.
-<application>ifconfig</application> can also change the current
-settings on a NIC. Typically, you would need to change the IP address
-and subnet mask, but you can change virtually any parameters.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>ifconfig eth0 192.168.1.1 netmask 255.255.255.0</userinput>
-<prompt>darkstar:~# </prompt><userinput>ifconfig eth0</userinput>
-eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44
- inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
- UP BROADCAST MULTICAST MTU:1500 Metric:1
- RX packets:122780 errors:0 dropped:0 overruns:0 frame:0
- TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB)
- Interrupt:16
-</screen>
-
-<para>
-If you look carefully, you'll notice that the interface now has the
-192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup
-the basics for connecting to our network, but we still need to setup a
-default gateway and our DNS servers. In order to do that, we'll need to
-look at a few more tools.
-</para>
-
-<para>
-Next on our stop through networking land is the equally powerful
-<application>route</application>(8). This tool is responsible for
-modifying the Linux kernel's routing table which affects all data
-transmission on a network. Routing tables can become immensely complex
-or they can be straight-forward and simple. Most users will only ever
-need to setup a default gateway, so we'll show you how to do that here.
-If for some reason you need a more complex routing table, you would be
-well advised to read the entire man page for
-<application>route</application> as well as consulting other sources.
-For now, let's take a look at our routing table immediately after
-setting up eth0.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>route</userinput>
-Kernel IP routing table
-Destination Gateway Genmask Flags Metric Ref Use Iface
-192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
-loopback * 255.0.0.0 U 0 0 0 lo
-</screen>
-
-<para>
-I won't explain everything here, but the general information should be
-easy to pick up if you're familiar with networking at all. The
-Destination and Genmask fields specify a range of IP addresses to
-match. If a Gateway is defined, information in the form of packets will
-be sent to that host for forwarding. We also specify an interface in
-the final field that the information should traverse. Right now, we can
-only communicate with computers with addresses between 192.168.1.0 and
-192.168.1.255 and ourselves through the loopback interface, a type of
-virtual NIC that is used for routing information from this computer to
-itself. In order to reach the rest of the world, we'll need to
-setup a default gateway.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>route add default gw 192.168.1.254</userinput>
-<prompt>darkstar:~# </prompt><userinput>route</userinput>
-Kernel IP routing table
-Destination Gateway Genmask Flags Metric Ref Use Iface
-192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
-loopback * 255.0.0.0 U 0 0 0 lo
-default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
-</screen>
-
-<para>
-You should immediately notice the addition of a default route. This
-specifies what router should be used to reach any addresses that aren't
-specified elsewhere in our routing table. Now, when we try to connect
-to say, 64.57.102.34, the information will be sent to 192.168.1.254
-which is responsible for delivering the data for us. Unfortunately,
-we're still not quite through. We need some way of converting domain
-names like slackware.com into IP addresses that the computer can use.
-For that, we need to make use of a DNS server.
-</para>
-
-<para>
-Fortunately, setting up your computer to use an external (or even an
-internal) DNS server is very easy. You'll need to use your favorite
-text editor and open the <filename>/etc/resolv.conf</filename> file.
-Don't ask me what happened to the <keycap>e</keycap>. On my computer,
-<filename>resolv.conf</filename> looks like this.
-</para>
-
-<screen>
-# /etc/resolv.conf
-search lizella.net
-nameserver 192.168.1.254
-</screen>
-
-<para>
-Most users won't need the "search" line. This is used to map hostnames
-to domain names. Basically, if I attempt to connect to "barnowl", the
-computer knows to look for "barnowl.lizella.net" thanks to this search
-line. We're mainly interested in the "nameserver" line. This tells
-Slackware what domain name servers (DNS) to connect to. Generally
-speaking, these should always be specified by IP address. If you know
-what DNS servers you should use, you can just add them one at a time to
-individual nameserver lines. In fact, I don't know of any practical
-limit to the number of nameservers that can be specified in
-<filename>resolv.conf</filename>, so add as many as you like. Once this
-is done, you should be able to communicate with other hosts via their
-fully qualified domain name.
-</para>
-
-<para>
-But Alan! That's a lot of hard work! I don't want to do this time and
-again for dozens or even hundreds of machines. You're absolutely right,
-and that's why smarter people than you and me created DHCP. DHCP
-stands for Dynamic Host Control Protocol and is a method for
-automatically configuring computers with unique IP addresses, netmasks,
-gateways, and DNS servers. Most of the time, you'll want to use DHCP.
-The majority of wireless routers, DSL or cable modems, even firewalls
-all have DHCP servers to can make your life much easier. Slackware
-includes two main tools for connecting to an exising DHCP server and
-can even act as a DHCP server for other computers. For now though,
-we're just going to look at DHCP clients.
-</para>
-
-<para>
-First on our list is <application>dhcpcd</application>(8), part of the
-ISC DHCP utilities. Assuming your computer is physically connected to
-your network, and that you have an operating DHCP server on that
-network, you can configure your NIC in one shot.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>dhcpcd eth0</userinput>
-</screen>
-
-<para>
-If everything went according to plan, your NIC should be properly
-configured, and you should be able to communicate with other computers
-on your network, and with the Internet at large. If for some reason,
-<application>dhcpcd</application> fails, you may want to try
-<application>dhclient</application>(8).
-<application>dhclient</application> is an alternative to
-<application>dhcpcd</application> and works in basically the same way.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>dhclient eth0</userinput>
-Listening on LPF/eth0/00:1c:b3:ba:ad:4c
-Sending on LPF/eth0/00:1c:b3:ba:ad:4c
-Sending on Socket/fallback
-DHCPREQUEST on eth0 to 255.255.255.255 port 67
-DHCPACK from 192.168.1.254
-bound to 192.168.1.198 -- renewal in 8547 seconds.
-</screen>
-
-<para>
-So why does Slackware include two DHCP clients? Sometimes a particular
-DHCP server may be broken and not respond well to either
-<application>dhcpcd</application> or
-<application>dhclient</application>. In those cases, you can fall back
-to the other DHCP client in hopes of getting a valid response from the
-server. Traditionally, Slackware uses
-<application>dhcpcd</application>, and this works in the vast majority
-of cases, but it may become necessary at some point for you to use
-<application>dhclient</application> instead. Both are excellent DHCP
-clients, so use whichever you prefer.
-</para>
-
-</section>
-
-<section>
-<title>Automatic Configuration with rc.inet1.conf</title>
-
-<para>
-Manually configuring interfaces is an important skill to have, but it
-can become tedious. No one wants to manually setup their Internet
-connection every time the system boots. More importantly, you may not
-always have physical access to the machine when it boots. Slackware
-makes it easy to automatically configure ethernet (and wireless) cards
-at system startup with <filename>/etc/rc.d/rc.inet1.conf</filename>.
-For now, we're going to focus on traditional wired ethernet networking;
-the next chapter will discuss various wireless options.
-</para>
-
-<para>
-<filename>rc.inet1.conf</filename> is an incredibly powerful
-configuration file, capable of configuring most of your network cards
-automatically when Slackware is started. The file is filled with useful
-comments, but there is also a man page that more thoroughly discusses
-its use. To begin, we're going to look at some of the options used on
-one of my personal machines.
-</para>
-
-<screen>
-# Config information for eth0:
-IPADDR[0]="192.168.1.250"
-NETMASK[0]="255.255.255.0"
-USE_DHCP[0]=""
-DHCP_HOSTNAME[0]=""
-# Some lines ommitted.
-GATEWAY="192.168.1.254"
-</screen>
-
-<para>
-This represents most of the information necessary to configure a static
-IP address on a single ethernet controller.
-<application>netconfig</application> will usually fill in these values
-for a single ethernet device for you. If you have multiple network
-cards in your machine and need all of them activated automatically at
-boot time, then you'll need to edit or add additional entries into this
-file in the same manner as above. First, let me go over some of the
-basics.
-</para>
-
-<para>
-As you may have already guessed, IPADDR[n] is the Internet Protocol
-Address for the "n" network interface card. Typically, "n" corrosponds
-to eth0, eth1, and so on, but this isn't always the case. You can
-specify these values to pertain to a different network controller with
-the INFAME[n] variable, but we will reserve that for the next chapter
-on wireless networking, as it more commonly pertains to wireless
-network controllers. Likewise, NETMASK[n] is the subnet mask to use
-for the network controller. If these lines are left empty, then static
-IP addresses will not be automatically assigned to this network
-controller. The USE_DHCP[n] variable tells Slackware to (naturally)
-use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used,
-but some DHCP servers may require it. In that case, it must be set to
-a valid hostname. Finally, we come to the GATEWAY variable. It is
-actually set lower in the file than it appears in my example, and it
-controls the default gateway to use. You may be wondering why there is
-no GATEWAY[n] variable. The answer to that lies in how Internet
-Protocol works. I won't go into an indepth discussion on that subject,
-but suffice it to say that there is only ever one default route that a
-computer can use no matter how many interfaces are attached to it.
-</para>
-
-<para>
-If you need to use static IP addressing, you will have to obtain a
-unique static IP address and the subnet mask for the interface, as well
-as the default gateway address, and enter those here. There is no place
-to enter DNS information in <filename>rc.inet1.conf</filename>, so DNS
-servers will have to be manually placed into
-<filename>resolv.conf</filename> as we discussed above. Of course, if
-you use <application>netconfig</application>, this will be handled for
-you by that program. Now let's take a look at another interface on my
-computer.
-</para>
-
-<screen>
-# Config information for eth1:
-IPADDR[1]=""
-NETMASK[1]=""
-USE_DHCP[1]="yes"
-DHCP_HOSTNAME[1]=""
-</screen>
-
-<para>
-Here I am telling Slackware to configure eth1 using DHCP. I do not need
-to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact,
-if they are set, they will be ignored). Slackware will happily contact
-a DHCP server as soon as the machine begins to boot.
-</para>
+<title>No Idea</title>
</section>
diff --git a/chapter_14.xml b/chapter_14.xml
index c3b6d8a..23eae86 100644
--- a/chapter_14.xml
+++ b/chapter_14.xml
@@ -3,331 +3,399 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Wireless Networking</title>
+<title>Networking</title>
<section>
-<title><application>iwconfig</application></title>
+<title><application>netconfig</application></title>
<para>
-Wireless networking is somewhat more complicated than traditional wired
-networking, and requires additional tools for setup. Slackware includes
-a diverse collection of wireless networking tools to allow you to
-configure your wireless network interface card (WNIC) at the most basic
-level. We won't cover everything here, but should give you a solid
-foundation to get up and running quickly. The first tool we are going
-to look at is <application>iwconfig</application>(8). When run without
-any argument, <application>iwconfig</application> displays the current
-wireless information on any and all NICs on your computer.
+Computers aren't very interesting on their own. Sure, you can install
+games on them, but that just turns them into glorified entertainment
+consoles. Today, computers need to be able to talk to one another; they
+need to be networked. Whether you're installing a business network with
+hundreds or thousands of computers or just setting up a single PC for
+Internet access, Slackware is simple and easy. This chapter should
+teach you how to setup typical wired networks. Common wireless setup will
+be thoroughly discussed in the next section, but much of what you read
+here will be applicable there as well.
</para>
+<para>
+There are many different ways to configure your computer to connect to
+a network or the Internet, but they fall into two main categories:
+static and dymanic. Static addresses are solid; they are set with the
+understanding that they will not be changed, at least not anytime soon.
+Dynamic addresses are fluid; the assumption is that the address will
+change at some time in the future. Typically any sort of network server
+requires a static address simply so other machines will know where to
+contact it when they need services. Dynamic addresses tend to be used
+for workstations, Internet clients, and any machine that doesn't
+require a static address for any reason. Dynamic addresses are more
+flexible, but present complications of their own.
+</para>
-<screen><prompt>darkstar:~# </prompt><userinput>iwconfig</userinput>
-lo no wireless extensions.
+<para>
+There are many different kinds of network protocols that you might
+encounter, but most people will only ever need to deal with Internet
+Protocol (IP). For that reason, we'll focus exclusively on IP in this
+book.
+</para>
-eth0 no wireless extensions.
+</section>
-wmaster0 no wireless extensions.
+<section>
+<title>Manual Configuration</title>
-wlan0 IEEE 802.11abgn ESSID:"nest"
- Mode:Managed Frequency:2.432 GHz Access Point:
-00:13:10:EA:4E:BD
- Bit Rate=54 Mb/s Tx-Power=17 dBm
- Retry min limit:7 RTS thr:off Fragment thr=2352 B
- Encryption key:off
- Power Management:off
- Link Quality=100/100 Signal level:-42 dBm
- Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
- Tx excessive retries:0 Invalid misc:0 Missed beacon:0
+<para>
+Ok, so you've installed Slackware, you've setup a desktop, but you
+can't get it to connect to the Internet or your business's LAN (local
+area network), what do you do? Fortunately, the answer to that question
+is simple. Slackware includes a number of tools to configure your
+network connection. The first we will look at today is the very
+powerful <application>ifconfig</application>(8).
+<application>ifconfig</application> is used to setup or modify the
+configuration of a Network Interface Card (NIC or Ethernet Card), the
+most common hardware for connecting to networks today.
+<application>ifconfig</application> is an incredibly powerful tool
+capable of doing much more than setting IP addresses. For a complete
+introduction, you should read its man page. For now, we're just going
+to use it to display and change the network addresses of some ethernet
+controllers.
+</para>
-tun0 no wireless extensions.
+<screen><prompt>darkstar:~# </prompt><userinput>ifconfig</userinput>
+lo Link encap:Local Loopback
+ inet addr:127.0.0.1 Mask:255.0.0.0
+ inet6 addr: ::1/128 Scope:Host
+ UP LOOPBACK RUNNING MTU:16436 Metric:1
+ RX packets:699 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:699 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:0
+ RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB)
+
+wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c
+ inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0
+ inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB)
+
+wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
</screen>
+
<para>
-Unlike wired networks, wireless networks are "fuzzy". Their borders are
-hard to define, and multiple networks may overlap one another. In order
-to avoid confusion, each wireless network has (hopefully) unique
-identifiers. The two most basic identifiers are the Extended Service
-Set Identifier (ESSID) and the channel or frequency for radio
-transmission. The ESSID is simply a name that identifies the wireless
-network in question; you may have heard it referred to as the network
-name or something similar. Typical wireless networks operate on 11
-different frequencies. In order to connect to even the most basic
-wireless network, you will have to setup these two pieces of
-information, and possibly others, before setting up things like the
-WNIC's IP address. Here you can see that my ESSID is set to "nest" and
-my laptop is transmitting at 2.432 GHz. This is all that is required to
-connect to an unencrypted wireless LAN. (For any of you out there
-expecting to come to my house and use my unencrypted wireless, you
-should know that you'll have to break a 2048-bit SSL key before the
-access point will let you communicate with my LAN.)
+As you can clearly see here, when run without any arguments,
+<application>ifconfig</application> will display all the information it
+has on all the ethernet cards (and wireless ethernet cards) present on
+your system. The above represents a typical wireless connection from my
+laptop, so don't be afraid if what you see on your system doesn't
+match. If you don't see any ethX or wlanX interfaces though, the
+interface may be down. To show all currently present NICs whether they are
+"up" or "down", simply pass the <arg>-a</arg> argument.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
- freq 2.432G</userinput></screen>
+<screen><prompt>darkstar:~# </prompt><userinput>ifconfig -a</userinput>
+eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44
+ UP BROADCAST MULTICAST MTU:1500 Metric:1
+ RX packets:122780 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB)
+ Interrupt:16
+
+lo Link encap:Local Loopback
+ inet addr:127.0.0.1 Mask:255.0.0.0
+ inet6 addr: ::1/128 Scope:Host
+ UP LOOPBACK RUNNING MTU:16436 Metric:1
+ RX packets:699 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:699 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:0
+ RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB)
+
+wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c
+ inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0
+ inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB)
+
+wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00
+ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
+</screen>
-<para>
-The <arg>freq</arg> and <arg>channel</arg> arguments control basically
-the same thing. You only need to use one. If you are unsure what
-frequency or channel to use, Slackware can usually figure this out for
-you.
+<para>Notice that the eth0 interface is now listed among the returns.
+<application>ifconfig</application> can also change the current
+settings on a NIC. Typically, you would need to change the IP address
+and subnet mask, but you can change virtually any parameters.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
- channel auto</userinput></screen>
+<screen><prompt>darkstar:~# </prompt><userinput>ifconfig eth0 192.168.1.1 netmask 255.255.255.0</userinput>
+<prompt>darkstar:~# </prompt><userinput>ifconfig eth0</userinput>
+eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44
+ inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
+ UP BROADCAST MULTICAST MTU:1500 Metric:1
+ RX packets:122780 errors:0 dropped:0 overruns:0 frame:0
+ TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0
+ collisions:0 txqueuelen:1000
+ RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB)
+ Interrupt:16
+</screen>
<para>
-Now Slackware will attempt to connect to the strongest access point on
-the "nest" essid operating at any frequency.
+If you look carefully, you'll notice that the interface now has the
+192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup
+the basics for connecting to our network, but we still need to setup a
+default gateway and our DNS servers. In order to do that, we'll need to
+look at a few more tools.
</para>
-</section>
-
-<section>
-<title>Wired Equivilant Protection (or Lack Thereof)</title>
-
<para>
-Wireless networking is by its very nature less secure than wired
-networking. Having your information travelling on the airwaves makes it
-highly susceptible to interception by third paries, so over the years a
-number of methods have been devised to make wireless networking more
-secure. The first was called Wired Equivilant Protection, or WEP for
-short, and well far short of its goal. If you are still using WEP
-today, I encourage you to consider using WPA2 or some other form of
-stronger encryption. Attacks against WEP are trivial and take only
-minutes to perform. Unfortunately there are still access points
-configured for WEP, and you may need to connect to one from time to
-time. Connecting to WEP encrypted access points is fairly simple,
-particularly if you have the key in hexidecimal format. We'll need to
-pass the <arg>key</arg> argument along with the password in hexidecimal
-or ASCII format. If using an ASCII password, you'll need to prepend it
-with "s:"; here's a couple examples. Generally speaking, hexidecimal
-format is prefered.
+Next on our stop through networking land is the equally powerful
+<application>route</application>(8). This tool is responsible for
+modifying the Linux kernel's routing table which affects all data
+transmission on a network. Routing tables can become immensely complex
+or they can be straight-forward and simple. Most users will only ever
+need to setup a default gateway, so we'll show you how to do that here.
+If for some reason you need a more complex routing table, you would be
+well advised to read the entire man page for
+<application>route</application> as well as consulting other sources.
+For now, let's take a look at our routing table immediately after
+setting up eth0.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
- key cf80baf8bf01a160de540bfb1c</userinput>
-<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
- key s:thisisapassword</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>route</userinput>
+Kernel IP routing table
+Destination Gateway Genmask Flags Metric Ref Use Iface
+192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
+loopback * 255.0.0.0 U 0 0 0 lo
</screen>
-</section>
+<para>
+I won't explain everything here, but the general information should be
+easy to pick up if you're familiar with networking at all. The
+Destination and Genmask fields specify a range of IP addresses to
+match. If a Gateway is defined, information in the form of packets will
+be sent to that host for forwarding. We also specify an interface in
+the final field that the information should traverse. Right now, we can
+only communicate with computers with addresses between 192.168.1.0 and
+192.168.1.255 and ourselves through the loopback interface, a type of
+virtual NIC that is used for routing information from this computer to
+itself. In order to reach the rest of the world, we'll need to
+setup a default gateway.
+</para>
-<section>
-<title>Wifi Protected Access</title>
+<screen><prompt>darkstar:~# </prompt><userinput>route add default gw 192.168.1.254</userinput>
+<prompt>darkstar:~# </prompt><userinput>route</userinput>
+Kernel IP routing table
+Destination Gateway Genmask Flags Metric Ref Use Iface
+192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
+loopback * 255.0.0.0 U 0 0 0 lo
+default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
+</screen>
<para>
-Wifi Protected Access (or WPA for short) was the successor for WEP that
-aimed to fix several problems with wireless encryption. Unfortunately,
-WPA had some flaws as well. An update called WPA2 offers even stronger
-protection. At this time, WPA2 is supported by nearly all wireless
-network cards and access points, but some older devices may only
-support WEP. If you need to secure your wireless network traffic, WPA2
-should be considered the minimum level of protection required.
-Unfortunately, <application>iwconfig</application> is unable to setup
-WPA2 encryption on its own. For that, we need a helper daemon,
-<application>wpa_supplicant</application>(8).
+You should immediately notice the addition of a default route. This
+specifies what router should be used to reach any addresses that aren't
+specified elsewhere in our routing table. Now, when we try to connect
+to say, 64.57.102.34, the information will be sent to 192.168.1.254
+which is responsible for delivering the data for us. Unfortunately,
+we're still not quite through. We need some way of converting domain
+names like slackware.com into IP addresses that the computer can use.
+For that, we need to make use of a DNS server.
</para>
<para>
-Unfortunately, there's no easy way to manually configure a WPA2
-protected network; you'll have to edit
-<filename>/etc/wpa_supplicant.conf</filename> directly with a text
-editor. Here we will discuss the simplest form of WPA2 protection, the
-Pre-Shared Key, or PSK for short. For details on setting up Slackware
-to connect to more complicated WPA2 encrypted networks, see the man
-page for <filename>wpa_supplicant.conf</filename>.
+Fortunately, setting up your computer to use an external (or even an
+internal) DNS server is very easy. You'll need to use your favorite
+text editor and open the <filename>/etc/resolv.conf</filename> file.
+Don't ask me what happened to the <keycap>e</keycap>. On my computer,
+<filename>resolv.conf</filename> looks like this.
</para>
<screen>
-# /etc/wpa_supplicant.conf
-# ========================
-# This line enables the use of wpa_cli which is used by rc.wireless
-# if possible (to check for successful association)
-ctrl_interface=/var/run/wpa_supplicant
-# By default, only root (group 0) may use wpa_cli
-ctrl_interface_group=0
-eapol_version=1
-ap_scan=1
-fast_reauth=1
-#country=US
-
-# WPA protected network, supply your own ESSID and WPAPSK here:
-network={
- scan_ssid=1
- ssid="nest"
- key_mgmt=WPA-PSK
- psk="secret passphrase"
-}
+# /etc/resolv.conf
+search lizella.net
+nameserver 192.168.1.254
</screen>
<para>
-The block of text we're interested in is the network block enclosed by
-curly braces. Here we have set the ssid for the network "nest", as well
-as the PSK to use "secret passphrase". At this point, WPA2 is setup.
-You can run <application>wpa_supplicant</application> and then obtain
-an IP address via DHCP or set a static address. Of course, this is a
-lot of work, there must be an easier way to do this.
+Most users won't need the "search" line. This is used to map hostnames
+to domain names. Basically, if I attempt to connect to "barnowl", the
+computer knows to look for "barnowl.lizella.net" thanks to this search
+line. We're mainly interested in the "nameserver" line. This tells
+Slackware what domain name servers (DNS) to connect to. Generally
+speaking, these should always be specified by IP address. If you know
+what DNS servers you should use, you can just add them one at a time to
+individual nameserver lines. In fact, I don't know of any practical
+limit to the number of nameservers that can be specified in
+<filename>resolv.conf</filename>, so add as many as you like. Once this
+is done, you should be able to communicate with other hosts via their
+fully qualified domain name.
</para>
-</section>
-
-<section>
-<title>rc.inet1.conf revisited</title>
-
<para>
-Welcome back to <filename>rc.inet1.conf</filename>. You're recall in
-the last chapter that we used this configuration file to automatically
-configure NICs whenever Slackware boots. Now, we will use it to
-configure wifi as well. If you're using WPA2, you'll still need to
-setup <filename>wpa_supplicant.conf</filename> properly first, however.
+But Alan! That's a lot of hard work! I don't want to do this time and
+again for dozens or even hundreds of machines. You're absolutely right,
+and that's why smarter people than you and me created DHCP. DHCP
+stands for Dynamic Host Control Protocol and is a method for
+automatically configuring computers with unique IP addresses, netmasks,
+gateways, and DNS servers. Most of the time, you'll want to use DHCP.
+The majority of wireless routers, DSL or cable modems, even firewalls
+all have DHCP servers to can make your life much easier. Slackware
+includes two main tools for connecting to an exising DHCP server and
+can even act as a DHCP server for other computers. For now though,
+we're just going to look at DHCP clients.
</para>
<para>
-Recall that each NIC had a name or number that identified the variables
-that corrospond with it? The same hold true for wifi NICs, only they
-have even more variables due to the added complexity of wireless
-networking.
+First on our list is <application>dhcpcd</application>(8), part of the
+ISC DHCP utilities. Assuming your computer is physically connected to
+your network, and that you have an operating DHCP server on that
+network, you can configure your NIC in one shot.
</para>
-<screen>
-# rc.inet1.conf (excert)
-# ======================
-## Example config information for wlan0. Uncomment the lines you need and fill
-## in your info. (You may not need all of these for your wireless network)
-IFNAME[4]="wlan0"
-IPADDR[4]=""
-NETMASK[4]=""
-USE_DHCP[4]="yes"
-#DHCP_HOSTNAME[4]="icculus-wireless"
-#DHCP_KEEPRESOLV[4]="yes"
-#DHCP_KEEPNTP[4]="yes"
-#DHCP_KEEPGW[4]="yes"
-#DHCP_IPADDR[4]=""
-WLAN_ESSID[4]="nest"
-#WLAN_MODE[4]=Managed
-#WLAN_RATE[4]="54M auto"
-#WLAN_CHANNEL[4]="auto"
-#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7"
-#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \
-# set EncrypType=TKIP | \
-# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16"
-WLAN_WPA[4]="wpa_supplicant"
-#WLAN_WPADRIVER[4]="ndiswrapper"
+<screen><prompt>darkstar:~# </prompt><userinput>dhcpcd eth0</userinput>
</screen>
<para>
-When we discussed wired ethernet, each "n" in the variable corrosponded
-with the "n" in ethn. Here however, that no longer holds true. Notice
-that the variable IFNAME[4] has a value of "wlan0". It is common for
-wireless cards to have an interface name other than "ethn" and that is
-reflected here. When <filename>rc.inet1.conf</filename> is read by the
-start-up scripts, Slackware knows to apply all these options to the
-"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC.
-Many of the other options are the same. IP address information is
-added in exactly the same way we discussed for wired network cards in
-the previous chapter; however, we have a lot of new variables that need
-some explaination.
+If everything went according to plan, your NIC should be properly
+configured, and you should be able to communicate with other computers
+on your network, and with the Internet at large. If for some reason,
+<application>dhcpcd</application> fails, you may want to try
+<application>dhclient</application>(8).
+<application>dhclient</application> is an alternative to
+<application>dhcpcd</application> and works in basically the same way.
</para>
-<para>
-To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory
-by now; they refer the the essid and frequency to use. WLAN_MODE[n] is
-either "managed" or "ad-hoc". Anyone connecting to an access point
-will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if
-you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated
-variable that sets other variables inside itself. WLAN_IWPRIV[n] is
-used for WPA2 networks. Here you tell Slackware what authentication
-mode, encryption type, and key to use for WPA2 connections. Please
-note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you
-can't use both on the same interface. If you successfully configure
-all this, then Slackware will attempt to connect to your wireless
-network as soon as the system boots.
-</para>
+<screen><prompt>darkstar:~# </prompt><userinput>dhclient eth0</userinput>
+Listening on LPF/eth0/00:1c:b3:ba:ad:4c
+Sending on LPF/eth0/00:1c:b3:ba:ad:4c
+Sending on Socket/fallback
+DHCPREQUEST on eth0 to 255.255.255.255 port 67
+DHCPACK from 192.168.1.254
+bound to 192.168.1.198 -- renewal in 8547 seconds.
+</screen>
<para>
-But wait, that's so much work! And what if I need to connect to
-multiple wireless networks? I take my laptop to work and school and
-need to seemlessly setup those wireless connections as soon as one is
-within range. Doing things this way is simply too much work. You're
-absolutely correct.
+So why does Slackware include two DHCP clients? Sometimes a particular
+DHCP server may be broken and not respond well to either
+<application>dhcpcd</application> or
+<application>dhclient</application>. In those cases, you can fall back
+to the other DHCP client in hopes of getting a valid response from the
+server. Traditionally, Slackware uses
+<application>dhcpcd</application>, and this works in the vast majority
+of cases, but it may become necessary at some point for you to use
+<application>dhclient</application> instead. Both are excellent DHCP
+clients, so use whichever you prefer.
</para>
</section>
<section>
-<title>wicd</title>
+<title>Automatic Configuration with rc.inet1.conf</title>
<para>
-Introducing <application>wicd</application>(8), the premier wired and
-wireless network connection manager for the laptop user on the go.
-Pronounced "wicked", <application>wicd</application> is capable of
-storing information for any number of wireless networks you need and
-connecting to them with a simple command or the click of a mouse.
-<application>wicd</application> is not part of the default Slackware
-installation at this time, as it interferes somewhat with the normal
-way of configuring network adapters, but you can find it in the
-<filename>/extra</filename> directory of your Slackware install disks
-or at your favorite mirror. <application>wicd</application> is both a
-network connection daemon and a graphical application for configuring
-networks. The CLI isn't forgotten either, as
-<application>wicd-curses</application>(8) is every bit as powerful as
-the traditional GUI front-end. In order to use
-<application>wicd</application>, you will need to disable support for
-any interfaces you have in <filename>rc.inet1.conf</filename> first.
+Manually configuring interfaces is an important skill to have, but it
+can become tedious. No one wants to manually setup their Internet
+connection every time the system boots. More importantly, you may not
+always have physical access to the machine when it boots. Slackware
+makes it easy to automatically configure ethernet (and wireless) cards
+at system startup with <filename>/etc/rc.d/rc.inet1.conf</filename>.
+For now, we're going to focus on traditional wired ethernet networking;
+the next chapter will discuss various wireless options.
+</para>
+
+<para>
+<filename>rc.inet1.conf</filename> is an incredibly powerful
+configuration file, capable of configuring most of your network cards
+automatically when Slackware is started. The file is filled with useful
+comments, but there is also a man page that more thoroughly discusses
+its use. To begin, we're going to look at some of the options used on
+one of my personal machines.
</para>
<screen>
-# rc.inet1.conf
-# =============
# Config information for eth0:
-IPADDR[0]=""
-NETMASK[0]=""
-USE_DHCP[0]="no"
+IPADDR[0]="192.168.1.250"
+NETMASK[0]="255.255.255.0"
+USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
-# Default gateway IP address:
-GATEWAY=""
+# Some lines ommitted.
+GATEWAY="192.168.1.254"
</screen>
<para>
-Now we can install <application>wicd</application>, setup the daemon to
-run on system boot-up, and begin using a more friendly application.
+This represents most of the information necessary to configure a static
+IP address on a single ethernet controller.
+<application>netconfig</application> will usually fill in these values
+for a single ethernet device for you. If you have multiple network
+cards in your machine and need all of them activated automatically at
+boot time, then you'll need to edit or add additional entries into this
+file in the same manner as above. First, let me go over some of the
+basics.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput>
-<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput>
-<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput>
-</screen>
+<para>
+As you may have already guessed, IPADDR[n] is the Internet Protocol
+Address for the "n" network interface card. Typically, "n" corrosponds
+to eth0, eth1, and so on, but this isn't always the case. You can
+specify these values to pertain to a different network controller with
+the INFAME[n] variable, but we will reserve that for the next chapter
+on wireless networking, as it more commonly pertains to wireless
+network controllers. Likewise, NETMASK[n] is the subnet mask to use
+for the network controller. If these lines are left empty, then static
+IP addresses will not be automatically assigned to this network
+controller. The USE_DHCP[n] variable tells Slackware to (naturally)
+use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used,
+but some DHCP servers may require it. In that case, it must be set to
+a valid hostname. Finally, we come to the GATEWAY variable. It is
+actually set lower in the file than it appears in my example, and it
+controls the default gateway to use. You may be wondering why there is
+no GATEWAY[n] variable. The answer to that lies in how Internet
+Protocol works. I won't go into an indepth discussion on that subject,
+but suffice it to say that there is only ever one default route that a
+computer can use no matter how many interfaces are attached to it.
+</para>
<para>
-If you're predominately using the console, simply run
-<application>wicd-curses</application> from your command line. If
-instead, you are using a graphical desktop provided by
-<application>X</application>, you can start the graphical front-end
-from either the KDE or XFCE menu. Optionally, you could manually run
-<application>wicd-client</application>(1) from a terminal or run
-dialogue.
+If you need to use static IP addressing, you will have to obtain a
+unique static IP address and the subnet mask for the interface, as well
+as the default gateway address, and enter those here. There is no place
+to enter DNS information in <filename>rc.inet1.conf</filename>, so DNS
+servers will have to be manually placed into
+<filename>resolv.conf</filename> as we discussed above. Of course, if
+you use <application>netconfig</application>, this will be handled for
+you by that program. Now let's take a look at another interface on my
+computer.
</para>
+<screen>
+# Config information for eth1:
+IPADDR[1]=""
+NETMASK[1]=""
+USE_DHCP[1]="yes"
+DHCP_HOSTNAME[1]=""
+</screen>
+
<para>
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
-ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+Here I am telling Slackware to configure eth1 using DHCP. I do not need
+to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact,
+if they are set, they will be ignored). Slackware will happily contact
+a DHCP server as soon as the machine begins to boot.
</para>
</section>
diff --git a/chapter_15.xml b/chapter_15.xml
index 3a16ac9..c3b6d8a 100644
--- a/chapter_15.xml
+++ b/chapter_15.xml
@@ -3,644 +3,333 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Basic Networking Utilities</title>
-
-<para>
-So you've finally managed to setup your network connection, now what?
-How do you know that it's working? How do you know that you set it up
-correctly? And just what do you do now that it's setup? Well this
-chapter is for you.
-</para>
-
-<section>
-<title>Network Diagnostic Tools</title>
-
-<para>
-Slackware Linux includes a great many networking tools for
-troubleshooting and diagnosing network connection troubles, or just for
-seeing what's out there on the network. Most of these tools are
-command-line tools, so you can run them from a virtual terminal or in a
-console window on your graphical desktop. A few of them even have
-graphical front-ends, but we're going to deal almost exclusively with
-command-line tools for now.
-</para>
+<title>Wireless Networking</title>
<section>
-<title>ping</title>
+<title><application>iwconfig</application></title>
<para>
-<application>ping</application>(8) is a handy tool for determining if a
-computer is operational on your network or on the Internet at large.
-You can think of as a type of sonar for computers. By using it, you
-send out a "ping" and listen for an echo to determine if another
-computer or network device is listening. By default,
-<application>ping</application> checks for the remote computer once per
-second indefinitely, but you can change the interval between checks and
-the total number of checks easily, just check the man page. You can
-terminate the application at any time with
-<keycap>CTRL</keycap>-<keycap>c</keycap>. When
-<application>ping</application> is finished, it displays a handy
-summary of its activity. <application>ping</application> is very useful
-for determining if a computer on your network or the Internet is
-available, but some systems block the packets
-<application>ping</application> sends, so sometimes a system may be
-functioning properly, but still not send replies.
+Wireless networking is somewhat more complicated than traditional wired
+networking, and requires additional tools for setup. Slackware includes
+a diverse collection of wireless networking tools to allow you to
+configure your wireless network interface card (WNIC) at the most basic
+level. We won't cover everything here, but should give you a solid
+foundation to get up and running quickly. The first tool we are going
+to look at is <application>iwconfig</application>(8). When run without
+any argument, <application>iwconfig</application> displays the current
+wireless information on any and all NICs on your computer.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ping -c 3 www.slackware.com</userinput>
-64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms
-64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms
-64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms
-
---- slackware.com ping statistics ---
-3 packets transmitted, 3 received, 0% packet loss, time 2004ms
-rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms
-</screen>
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig</userinput>
+lo no wireless extensions.
-</section>
+eth0 no wireless extensions.
-<section>
-<title>traceroute</title>
+wmaster0 no wireless extensions.
-<para>
-<application>traceroute</application>(8) is a handy tool for determining
-what route your packets take to reach some other computer. It's mainly
-of use for determining which computers are "near" or "far" from you.
-This distance isn't strictly geographical, as your Internet Service
-Provider may route traffic from your computer in strange ways.
-<application>traceroute</application> shows you each router between
-your computer and any other machine you wish to connect to.
-Unfortunately, many providers, firewalls, and routers will block
-<application>traceroute</application> so you might not get a complete
-picture when using it. Still, it remains a handy tool for network
-troubleshooting.
-</para>
+wlan0 IEEE 802.11abgn ESSID:"nest"
+ Mode:Managed Frequency:2.432 GHz Access Point:
+00:13:10:EA:4E:BD
+ Bit Rate=54 Mb/s Tx-Power=17 dBm
+ Retry min limit:7 RTS thr:off Fragment thr=2352 B
+ Encryption key:off
+ Power Management:off
+ Link Quality=100/100 Signal level:-42 dBm
+ Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
+ Tx excessive retries:0 Invalid misc:0 Missed beacon:0
-<screen><prompt>darkstar:~# </prompt><userinput>traceroute www.slackware.com</userinput>
-traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte
-packets
- 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms
- 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms
- 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms
- 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms
- 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms
-44.125 ms
- 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms
-58.247 ms 44.989 ms
- 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms
-46.110 ms 43.977 ms
- 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms
-76.735 ms 76.145 ms
- 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms
-108.328 ms 120.096 ms
-10 wiltel-communications-group-inc.LosAngeles.savvis.net
-(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms
-11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436
-ms 85.575 ms
-12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms
-84.278 ms 86.922 ms
-13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms
-85.924 ms 86.102 ms
-14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms
-85.285 ms 84.148 ms
-15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms
-16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms
-17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms
-18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms
+tun0 no wireless extensions.
</screen>
-</section>
-
-<section>
-<title>telnet</title>
-
-<para>
-Once upon a time, <application>telnet</application>(1) was the greatest
-thing since sliced bread. Basically, <application>telnet</application>
-opens an unencrypted network connection between two computers and hands
-control of the session to the user rather than some other application.
-Using <application>telnet</application>, people could connect to shells
-on other computers and execute commands as if they were physically
-present. Due to its unencrypted nature this is no longer recommended;
-however, <application>telnet</application> is still used for this
-purpose by many devices.
-</para>
<para>
-Today, <application>telnet</application> is put to better use as a
-network diagnostic tool. Because it passes control of the session
-directly to the user, it can be used for a great variety of testing
-purposes. As long as you know what ASCII commands to send to the
-receiving computer, you can do any number of activies, such as read web
-pages or check your e-mail. Simply inform
-<application>telnet</application> what network port to use, and you're
-all set.
+Unlike wired networks, wireless networks are "fuzzy". Their borders are
+hard to define, and multiple networks may overlap one another. In order
+to avoid confusion, each wireless network has (hopefully) unique
+identifiers. The two most basic identifiers are the Extended Service
+Set Identifier (ESSID) and the channel or frequency for radio
+transmission. The ESSID is simply a name that identifies the wireless
+network in question; you may have heard it referred to as the network
+name or something similar. Typical wireless networks operate on 11
+different frequencies. In order to connect to even the most basic
+wireless network, you will have to setup these two pieces of
+information, and possibly others, before setting up things like the
+WNIC's IP address. Here you can see that my ESSID is set to "nest" and
+my laptop is transmitting at 2.432 GHz. This is all that is required to
+connect to an unencrypted wireless LAN. (For any of you out there
+expecting to come to my house and use my unencrypted wireless, you
+should know that you'll have to break a 2048-bit SSL key before the
+access point will let you communicate with my LAN.)
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>telnet www.slackware.com 80</userinput>
-Trying 64.57.102.34...
-Connected to www.slackware.com.
-Escape character is '^]'.
-<userinput>HEAD / HTTP/1.1
-Host: www.slackware.com
-</userinput>
-HTTP/1.1 200 OK
-Date: Thu, 04 Feb 2010 18:01:35 GMT
-Server: Apache/1.3.27 (Unix) PHP/4.3.1
-Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT
-ETag: "61dc2-5374-4a973333"
-Accept-Ranges: bytes
-Content-Length: 21364
-Content-Type: text/html
-</screen>
-
-</section>
-
-<section>
-<title>ssh</title>
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
+ freq 2.432G</userinput></screen>
<para>
-As we mentioned, <application>telnet</application> may be useful as a
-diagnostic tool, but its unencrypted nature makes it a security concern
-for shell access. Thankfully, there's the secure shell protocol. Nearly
-every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or
-<application>ssh</application>(1) for short. It is one of the most
-commonly used network tools today and makes use of the strongest
-cryptographic techniques. <application>ssh</application> has many
-features, configuration options, and neat hacks, enough to fill its own
-book, so we'll only go into the basics here. Simply run
-<application>ssh</application> with the user name and the host and
-you'll be connected to it quickly and safely. If this is the first time
-you are connecting to this computer, <application>ssh</application>
-will ask you to confirm your desire, and make a local copy of the
-encryption key to use. Should this key later change,
-<application>ssh</application> will warn you and refuse to connect
-because it is possible that some one is attempting to hijack the
-connection using what is known as a man-in-the-middle attack.
+The <arg>freq</arg> and <arg>channel</arg> arguments control basically
+the same thing. You only need to use one. If you are unsure what
+frequency or channel to use, Slackware can usually figure this out for
+you.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ssh alan@slackware.com</userinput>
-alan@slackware.com's password: <userinput>secret</userinput>
-<prompt>alan@slackware.com:~$ </prompt>
-</screen>
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 essid nest \
+ channel auto</userinput></screen>
<para>
-The user and hostname are in the same form used by e-mail addresses.
-If you leave off the username part, <application>ssh</application> will
-use your current username when establishing the connection.
+Now Slackware will attempt to connect to the strongest access point on
+the "nest" essid operating at any frequency.
</para>
</section>
<section>
-<title>tcpdump</title>
+<title>Wired Equivilant Protection (or Lack Thereof)</title>
<para>
-So far all the tools we've looked at have focused on making connections
-to other computers, but now we're going to look at the traffic itself.
-<application>tcpdump</application>(1) (which must be run as root)
-allows us to view all or part of the network traffic originating or
-received by our computer. <application>tcpdump</application> displays
-the raw data packets in a variety of ways with all the network headers
-intact. Don't be alarmed if you don't understand everything it
-displays, <application>tcpdump</application> is a tool for professional
-network engineers and system administrators. By default, it probes the
-first network card it finds, but if you have multiple interfaces,
-simply use the <arg>-i</arg> argument to specify which one you're
-interested in. You can also limit the data displayed using expressions
-and change the manner in which it is displayed, but that is best
-explained by the man page and other reference material.
+Wireless networking is by its very nature less secure than wired
+networking. Having your information travelling on the airwaves makes it
+highly susceptible to interception by third paries, so over the years a
+number of methods have been devised to make wireless networking more
+secure. The first was called Wired Equivilant Protection, or WEP for
+short, and well far short of its goal. If you are still using WEP
+today, I encourage you to consider using WPA2 or some other form of
+stronger encryption. Attacks against WEP are trivial and take only
+minutes to perform. Unfortunately there are still access points
+configured for WEP, and you may need to connect to one from time to
+time. Connecting to WEP encrypted access points is fairly simple,
+particularly if you have the key in hexidecimal format. We'll need to
+pass the <arg>key</arg> argument along with the password in hexidecimal
+or ASCII format. If using an ASCII password, you'll need to prepend it
+with "s:"; here's a couple examples. Generally speaking, hexidecimal
+format is prefered.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>tcpdump -i wlan0</userinput>
-tcpdump: verbose output suppressed, use -v or -vv for full protocol
-decode
-listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
-13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387:
-Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489
-ecr 339048583], length 164WARNING: Short packet. Try increasing the
-snap length by 140
-SMB PACKET: SMBtrans2 (REPLY)
-
-13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds:
-Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr
-1382697489], length 134WARNING: Short packet. Try increasing the snap
-length by 110
-SMB PACKET: SMBtrans2 (REQUEST)
+<screen><prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
+ key cf80baf8bf01a160de540bfb1c</userinput>
+<prompt>darkstar:~# </prompt><userinput>iwconfig wlan0 \
+ key s:thisisapassword</userinput>
</screen>
</section>
<section>
-<title>nmap</title>
-
-<para>
-Suppose you need to know what network services are running on a
-machine, or multiple machines, or you wish to determine if multiple
-machines are responsive? You could <application>ping</application>
-each one individually, <application>telnet</application> to each port
-you're interested in, and note every detail, but that's very tedious
-and time consuming. A much easier alternative is to use a port scanner,
-and <application>nmap</application>(1) is just the tool for the job.
-<application>nmap</application> is capable of scanning TCP and UDP
-ports, determining the operating system of a network device, probing
-each located service to determine its specific type, and much much
-more. Perhaps the simplist way to use <application>nmap</application>
-is to "ping" multiple computers at once. You can use network address
-notation (CIDR) or specify a range of addresses and
-<application>nmap</application> will scan every one and return the
-results to you when it's finished. You can even specify host names as
-you like.
-</para>
+<title>Wifi Protected Access</title>
<para>
-In order to "ping" hosts, you'll have to use the <arg>-sP</arg>
-argument. The following command instructs
-<application>nmap</application> to "ping" www.slackware.com and the 16
-IP addresses starting at 72.168.24.0 and ending at 72.168.24.15.
+Wifi Protected Access (or WPA for short) was the successor for WEP that
+aimed to fix several problems with wireless encryption. Unfortunately,
+WPA had some flaws as well. An update called WPA2 offers even stronger
+protection. At this time, WPA2 is supported by nearly all wireless
+network cards and access points, but some older devices may only
+support WEP. If you need to secure your wireless network traffic, WPA2
+should be considered the minimum level of protection required.
+Unfortunately, <application>iwconfig</application> is unable to setup
+WPA2 encryption on its own. For that, we need a helper daemon,
+<application>wpa_supplicant</application>(8).
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>nmap -sP www.slackware.com 72.168.24.0/28</userinput>
-</screen>
-
<para>
-Should you need to perform a port scan, <application>nmap</application>
-has many options for doing just that. When run without any arguments,
-<application>nmap</application> performs a standard TCP port scan on all
-hosts specified. There are also options to make
-<application>nmap</application> more or less aggressive with its
-scanning to return results quicker or fool intrusion detection
-services. For a full discussion, you should refer to the rather
-exhaustive man page. The following three commands perform a regular
-port scan, a SYN scan, and a "Christmas tree" scan.
+Unfortunately, there's no easy way to manually configure a WPA2
+protected network; you'll have to edit
+<filename>/etc/wpa_supplicant.conf</filename> directly with a text
+editor. Here we will discuss the simplest form of WPA2 protection, the
+Pre-Shared Key, or PSK for short. For details on setting up Slackware
+to connect to more complicated WPA2 encrypted networks, see the man
+page for <filename>wpa_supplicant.conf</filename>.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>nmap www.example.com</userinput>
-<prompt>darkstar:~# </prompt><userinput>nmap -sS www.example.com</userinput>
-<prompt>darkstar:~# </prompt><userinput>nmap -sX www.example.com</userinput>
+<screen>
+# /etc/wpa_supplicant.conf
+# ========================
+# This line enables the use of wpa_cli which is used by rc.wireless
+# if possible (to check for successful association)
+ctrl_interface=/var/run/wpa_supplicant
+# By default, only root (group 0) may use wpa_cli
+ctrl_interface_group=0
+eapol_version=1
+ap_scan=1
+fast_reauth=1
+#country=US
+
+# WPA protected network, supply your own ESSID and WPAPSK here:
+network={
+ scan_ssid=1
+ ssid="nest"
+ key_mgmt=WPA-PSK
+ psk="secret passphrase"
+}
</screen>
<para>
-Be warned! Some Internet Service Providers frown heavily on port
-scanning and may take measures to prevent you from doing it.
-<application>nmap</application> and applications like it are best used
-on your own systems for maintenance and security purposes, not as
-general purpose Internet scanners.
+The block of text we're interested in is the network block enclosed by
+curly braces. Here we have set the ssid for the network "nest", as well
+as the PSK to use "secret passphrase". At this point, WPA2 is setup.
+You can run <application>wpa_supplicant</application> and then obtain
+an IP address via DHCP or set a static address. Of course, this is a
+lot of work, there must be an easier way to do this.
</para>
</section>
-</section>
-
-<section><title>Web Browsers</title>
-
-<para>
-Slackware includes a variety of web browsers. If you're using a
-graphical desktop, you'll find Firefox, Seamonkey, and others you may
-already be familiar with, but what about console access? Fortunately,
-there are a number of capable web browsers here as well.
-</para>
-
-<section><title>lynx</title>
-
-<para>
-The oldest console-based web browser included with Slackware is
-definitely <application>lynx</application>(1), a very capable if
-somewhat limited web browser. <application>lynx</application> does not
-support frames, javascript, or pictures; it is strictly a text web
-browser. Navigation is performed using your keyboard's arrow keys and
-optionally, a mouse. While it lacks many features that other browsers
-support, <application>lynx</application> is one of the fastest web
-browsers you'll ever use for gathering information. For example, the
-<arg>-dump</arg> argument sends the formatted web page directly to the
-console, which can then be piped to other programs.
-</para>
-
-<para>
-PIC OF LYNX IN ACTION.
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-</para>
-
-</section>
-
-<section><title>links</title>
-
-<para>
-A more feature-rich alternative is the popular
-<application>links</application>(1), a console-based web browser that
-supports frames and has better table rendering than
-<application>lynx</application>. Like its predecessor,
-<application>links</application> is navigated with the arrow keys, and
-the use of a mouse is supported. Unlike,
-<application>lynx</application> it also includes a handy menu (simply
-click on the top line with your mouse to activate) and generally
-formats web pages better.
-</para>
+<section>
+<title>rc.inet1.conf revisited</title>
<para>
-PIC OF LINKS IN ACTION.
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
-FILL THIS IN!!!!!!!
+Welcome back to <filename>rc.inet1.conf</filename>. You're recall in
+the last chapter that we used this configuration file to automatically
+configure NICs whenever Slackware boots. Now, we will use it to
+configure wifi as well. If you're using WPA2, you'll still need to
+setup <filename>wpa_supplicant.conf</filename> properly first, however.
</para>
-</section>
-
-<section><title>wget</title>
-
<para>
-Unlike the other browsers we've looked at,
-<application>wget</application>(1) is non-interactive. Rather than display
-HTTP content, <application>wget</application> downloads it. This takes
-the "browsing" out of the web browser. Unlike the dump modes of other
-browsers, <application>wget</application> does not format its
-downloads; rather it copies the content in its exact form on the web
-server with all tags and binary data in place. It also supports several
-recursive options that can effectively mirror online content to your
-local computer. <application>wget</application> need not operate
-exclusively on HTTP content; it also supports FTP and several other
-protocols.
+Recall that each NIC had a name or number that identified the variables
+that corrospond with it? The same hold true for wifi NICs, only they
+have even more variables due to the added complexity of wireless
+networking.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt</userinput>
---2010-05-01 13:51:19--
-ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt
- => `ChangeLog.txt'
-Resolving ftp.osuosl.org... 64.50.236.52
-Connecting to ftp.osuosl.org|64.50.236.52|:21... connected.
-Logging in as anonymous ... Logged in!
-==> SYST ... done. ==> PWD ... done.
-==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done.
-==> SIZE ChangeLog.txt ... 75306
-==> PASV ... done. ==> RETR ChangeLog.txt ... done.
-Length: 75306 (74K)
-
-100%[======================================>] 75,306 110K/s in 0.7s
-
-2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306]
+<screen>
+# rc.inet1.conf (excert)
+# ======================
+## Example config information for wlan0. Uncomment the lines you need and fill
+## in your info. (You may not need all of these for your wireless network)
+IFNAME[4]="wlan0"
+IPADDR[4]=""
+NETMASK[4]=""
+USE_DHCP[4]="yes"
+#DHCP_HOSTNAME[4]="icculus-wireless"
+#DHCP_KEEPRESOLV[4]="yes"
+#DHCP_KEEPNTP[4]="yes"
+#DHCP_KEEPGW[4]="yes"
+#DHCP_IPADDR[4]=""
+WLAN_ESSID[4]="nest"
+#WLAN_MODE[4]=Managed
+#WLAN_RATE[4]="54M auto"
+#WLAN_CHANNEL[4]="auto"
+#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7"
+#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \
+# set EncrypType=TKIP | \
+# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16"
+WLAN_WPA[4]="wpa_supplicant"
+#WLAN_WPADRIVER[4]="ndiswrapper"
</screen>
-</section>
-
-</section>
-
-<section>
-<title>FTP Clients</title>
-
<para>
-Lots of data is stored on FTP servers the world over. In fact,
-Slackware Linux was first publically offered via FTP and continues to
-be distributed in this fashion today. Most open source software can be
-downloaded in source code or binary form via FTP, so knowing how to
-retrieve this information is a handy skill.
+When we discussed wired ethernet, each "n" in the variable corrosponded
+with the "n" in ethn. Here however, that no longer holds true. Notice
+that the variable IFNAME[4] has a value of "wlan0". It is common for
+wireless cards to have an interface name other than "ethn" and that is
+reflected here. When <filename>rc.inet1.conf</filename> is read by the
+start-up scripts, Slackware knows to apply all these options to the
+"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC.
+Many of the other options are the same. IP address information is
+added in exactly the same way we discussed for wired network cards in
+the previous chapter; however, we have a lot of new variables that need
+some explaination.
</para>
-<section><title>ftp</title>
-
<para>
-The simplest FTP client included with Slackware is named simply,
-<application>ftp</application>(1) and is a reliable if somewhat simple
-means of sending and retrieving data. <application>ftp</application>
-connects to an FTP server, asks for your username and password, and
-then allows you to put or get data to and from that server.
-<application>ftp</application> has fallen out of favor with more
-experienced users do to a lack of features, but remains a handy tool,
-and much of the documentation you see online will refer you to it.
+To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory
+by now; they refer the the essid and frequency to use. WLAN_MODE[n] is
+either "managed" or "ad-hoc". Anyone connecting to an access point
+will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if
+you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated
+variable that sets other variables inside itself. WLAN_IWPRIV[n] is
+used for WPA2 networks. Here you tell Slackware what authentication
+mode, encryption type, and key to use for WPA2 connections. Please
+note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you
+can't use both on the same interface. If you successfully configure
+all this, then Slackware will attempt to connect to your wireless
+network as soon as the system boots.
</para>
<para>
-Once an FTP session has been initialized, you'll be placed at a prompt
-somewhat like a shell. From here you can change and list directories
-using the "cd" and "ls" commands, just like a shell. Additionally, you
-may issue the "put" command to send a file to the server, or a "get"
-command to retrieve data from the server. If you're connecting to a
-public FTP server, you'll want to use the "anonymous" username and
-simply enter your e-mail address (or a fake one) for the password.
+But wait, that's so much work! And what if I need to connect to
+multiple wireless networks? I take my laptop to work and school and
+need to seemlessly setup those wireless connections as soon as one is
+within range. Doing things this way is simply too much work. You're
+absolutely correct.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ftp ftp.osuosl.org</userinput>
-Name (ftp.osuosl.org:alan): <userinput>anonymous</userinput>
-331 Please specify the password.
-Password: <userinput>secret</userinput>
-230 Login successful.
-Remote system type is UNIX.
-Using binary mode to transfer files.
-ftp> <userinput>cd pub/slackware/slackware-current/</userinput>
-250 Directory successfully changed.
-ftp> <userinput>get ChangeLog.txt</userinput>
-local: ChangeLog.txt remote: ChangeLog.txt
-200 PORT command successful. Consider using PASV.
-150 Opening BINARY mode data connection for ChangeLog.txt (33967
-bytes).
-226 File send OK.
-33967 bytes received in 0.351 secs (94 Kbytes/sec)
-ftp> <userinput>bye</userinput>
-221 Goodbye.
-</screen>
-
</section>
-<section><title>ncftp</title>
+<section>
+<title>wicd</title>
<para>
-<application>ncftp</application>(1) (pronounced nick-f-t-p), is a more
-feature rich successor to <application>ftp</application>, supporting
-tab completion and recursive retrieval. It automatically connects to a
-server as the anonymous user, unless you specify a different username
-on the commandline with the <arg>-u</arg> argument. The primary
-advantage over <application>ftp</application> is the ability to send
-and retrieve multiple files at once with the "mput" and "mget"
-commands. If you pass the <arg>-R</arg> argument to either of them,
-they will recursively put or get data from directories.
+Introducing <application>wicd</application>(8), the premier wired and
+wireless network connection manager for the laptop user on the go.
+Pronounced "wicked", <application>wicd</application> is capable of
+storing information for any number of wireless networks you need and
+connecting to them with a simple command or the click of a mouse.
+<application>wicd</application> is not part of the default Slackware
+installation at this time, as it interferes somewhat with the normal
+way of configuring network adapters, but you can find it in the
+<filename>/extra</filename> directory of your Slackware install disks
+or at your favorite mirror. <application>wicd</application> is both a
+network connection daemon and a graphical application for configuring
+networks. The CLI isn't forgotten either, as
+<application>wicd-curses</application>(8) is every bit as powerful as
+the traditional GUI front-end. In order to use
+<application>wicd</application>, you will need to disable support for
+any interfaces you have in <filename>rc.inet1.conf</filename> first.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>ncftp ftp.osuosl.org</userinput>
-Logging in...
-Login successful.
-Logged in to ftp.osuosl.org.
-ncftp / > <userinput>cd pub/slackware/slackware-current</userinput>
-Directory successfully changed.
-ncftp ...ware/slackware-current > <userinput>mget -R isolinux</userinput>
-isolinux/README.TXT: 4.63 kB 16.77 kB/s
-isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s
-isolinux/f2.txt: 793.00 B 5.68 kB/s
-isolinux/initrd.img: 13.75 MB 837.91 kB/s
-isolinux/iso.sort: 50.00 B 354.50 B/s
-isolinux/isolinux.bin: 14.00 kB 33.99 kB/s
-isolinux/isolinux.cfg: 487.00 B 3.30 kB/s
-isolinux/message.txt: 760.00 B 5.32 kB/s
-isolinux/setpkg: 2.76 kB 19.11 kB/s
-ncftp ...ware/slackware-current > <userinput>bye</userinput>
+<screen>
+# rc.inet1.conf
+# =============
+# Config information for eth0:
+IPADDR[0]=""
+NETMASK[0]=""
+USE_DHCP[0]="no"
+DHCP_HOSTNAME[0]=""
+# Default gateway IP address:
+GATEWAY=""
</screen>
-</section>
-
-<section><title>lftp</title>
-
<para>
-The last client we're going to look at is
-<application>lftp</application>(1). Like
-<application>ncftp</application>, it supports tab completion and
-recursive activity, but has a more friendly license. Rather than user
-"mget" and "mput", all recursive operations are handled with the
-"mirror" command. "mirror" has many different options available, so
-I'll have to refer you to the man page and the built-in "help" command
-for complete details.
+Now we can install <application>wicd</application>, setup the daemon to
+run on system boot-up, and begin using a more friendly application.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>lftp ftp.osuosl.org</userinput>
-lftp ftp.osuosl.org:~> <userinput>cd /pub/slackware/slackware-current</userinput>
-cd ok, cwd=/pub/slackware/slackware-current
-lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>mirror isolinux</userinput>
-Total: 2 directories, 16 files, 1 symlink
-New: 16 files, 1 symlink
-14636789 bytes transferred in 20 seconds (703.7K/s)
-lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>bye</userinput>
+<screen><prompt>darkstar:~# </prompt><userinput>installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz</userinput>
+<prompt>darkstar:~# </prompt><userinput>chmod +x /etc/rc.d/rc.wicd</userinput>
+<prompt>darkstar:~# </prompt><userinput>/etc/rc.d/rc.wicd start</userinput>
</screen>
-</section>
-
-</section>
-
-<section>
-<title>NNTP Clients</title>
-
<para>
-Once upon a time when the Internet was young, before the World Wide Web
-was invented and no one had heard of hyperlinks, everyone retrieved
-their news and information through a service known as Usenet using the
-NNTP protocol. It remains today a useful knowledge base of information
-on an incredible variety of subjects, but if you wish to access this
-information, you're going to need a proper client. Slackware includes
-a number of NNTP clients with both console and graphical interfaces,
-but we'll only detail the console tools here. Popular graphical news
-readers include <application>knode</application> and
-<application>pan</application>.
+If you're predominately using the console, simply run
+<application>wicd-curses</application> from your command line. If
+instead, you are using a graphical desktop provided by
+<application>X</application>, you can start the graphical front-end
+from either the KDE or XFCE menu. Optionally, you could manually run
+<application>wicd-client</application>(1) from a terminal or run
+dialogue.
</para>
-<section><title>tin</title>
-
-</section>
-
-<section><title>slrn</title>
-
-</section>
-
-</section>
-
-<section>
-<title>rsync</title>
-
<para>
-Ready to see something cool? Have you ever found yourself needing just
-a handful of files from a large directory, but you're not entirely sure
-which files you already have and which ones you need? You can download
-the entire directory again, but that's duplicating a lot of work. You
-can pick and chose, manually check everything, but that's very tedious.
-Perhaps you've downloaded a large file such as an ISO, but something
-went wrong with the download? It doesn't make sense that you should
-have to pull down the entire file again if only a few bits have been
-corrupted. Enter <application>rsync</application>(1), a fast and
-versatile copying tool for local and remote files.
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
+ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!!
</para>
-<para>
-<application>rsync</application> uses a handful of simple, but very
-effective techniques to determine what needs to be changed. By checking
-file size and time stamps, it can determine if two files are different.
-If something has changed, it can determine what bytes are different,
-and simply download that handfull of data rather than an entire file.
-It is truly a marvel of modern technology.
-</para>
-
-<para>
-In its simplist form, <application>rsync</application> connects to an
-rsync protocol server and downloads a list of files and directories,
-along with their sizes, timestamps, and other information. It then
-compares this to the local files (if any) to determine what it needs to
-transfer. Only files that are different will be synced. Additionally,
-it breaks up large files into smaller chunks and compares those chunks
-using a quick and simple hash function. Any chunks that match are not
-transferred, so the amount of data that must be copied can be
-dramatically reduced. <application>rsync</application> also supports
-compression, verbose output, file deletion, permission handling, and
-many other options. For a complete list, you'll need to refer to the
-man page, but I've included a small table of some of the more common
-options.
-</para>
-
-<table pgwide="0">
-<title>rsync Arguments</title>
-<tgroup cols="2">
- <thead>
- <entry>Argument</entry>
- <entry>Explaination</entry>
- </thead>
- <tbody>
- <row>
- <entry>-v</entry>
- <entry>Increased verbosity</entry>
- </row>
- <row>
- <entry>-c</entry>
- <entry>Checksum all files rather than relying on file size and timestamp</entry>
- </row>
- <row>
- <entry>-a</entry>
- <entry>Archive mode (equivilant to -rlptgoD)</entry>
- </row>
- <row>
- <entry>-e</entry>
- <entry>Specify a remote shell to use</entry>
- </row>
- <row>
- <entry>-r</entry>
- <entry>Recursive mode</entry>
- </row>
- <row>
- <entry>-u</entry>
- <entry>Update - skip files that are newer on the receiving end</entry>
- </row>
- <row>
- <entry>-p</entry>
- <entry>Preserve permissions</entry>
- </row>
- <row>
- <entry>-n</entry>
- <entry>Dry-run - perform a trial run without making any changes</entry>
- </row>
- <row>
- <entry>-z</entry>
- <entry>Compress - handy for slow network connections</entry>
- </row>
- </tbody>
-</tgroup>
-</table>
-
-<para>
-Due to the power and versatility of <application>rsync</application>,
-it can be invoked in a number of ways. The following two examples
-connect to an rsync protocol server to retrieve some information and to
-another server via ssh to encrypt the transmission.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \
-/src/slackware-current/</userinput>
-<prompt>darkstar:~# </prompt><userinput>rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo</userinput>
-</screen>
-
</section>
</chapter>
diff --git a/chapter_16.xml b/chapter_16.xml
index 4da780b..3a16ac9 100644
--- a/chapter_16.xml
+++ b/chapter_16.xml
@@ -3,190 +3,644 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Package Management</title>
+<title>Basic Networking Utilities</title>
<para>
-Package management is an essential part of any Linux distribution.
-Every piece of software included by Slackware, along with many
-third-party tools are distributed as source code that can be compiled,
-but compiling all those thousands of different applications and
-libraries is tedious and time consuming. That's why many people prefer
-to install pre-compiled software packages. In fact, when you installed
-Slackware, the <application>setup</application> program primarily
-worked by running package management tools on a list of packages. Here
-we'll look at the various tools used for handling Slackware packages.
+So you've finally managed to setup your network connection, now what?
+How do you know that it's working? How do you know that you set it up
+correctly? And just what do you do now that it's setup? Well this
+chapter is for you.
</para>
<section>
-<title><application>pkgtool</application></title>
+<title>Network Diagnostic Tools</title>
<para>
-The simplest way to perform package maintenance tasks is to invoke
-<application>pkgtool</application>(8), a menu-driven interface to some of
-the other tools. <application>pkgtool</application> allows you to
-install or remove packages as well as view the contents of those
-packages and the list of currently installed packages in a
-user-friendly ncurses interface.
+Slackware Linux includes a great many networking tools for
+troubleshooting and diagnosing network connection troubles, or just for
+seeing what's out there on the network. Most of these tools are
+command-line tools, so you can run them from a virtual terminal or in a
+console window on your graphical desktop. A few of them even have
+graphical front-ends, but we're going to deal almost exclusively with
+command-line tools for now.
</para>
+<section>
+<title>ping</title>
+
+<para>
+<application>ping</application>(8) is a handy tool for determining if a
+computer is operational on your network or on the Internet at large.
+You can think of as a type of sonar for computers. By using it, you
+send out a "ping" and listen for an echo to determine if another
+computer or network device is listening. By default,
+<application>ping</application> checks for the remote computer once per
+second indefinitely, but you can change the interval between checks and
+the total number of checks easily, just check the man page. You can
+terminate the application at any time with
+<keycap>CTRL</keycap>-<keycap>c</keycap>. When
+<application>ping</application> is finished, it displays a handy
+summary of its activity. <application>ping</application> is very useful
+for determining if a computer on your network or the Internet is
+available, but some systems block the packets
+<application>ping</application> sends, so sometimes a system may be
+functioning properly, but still not send replies.
+</para>
+
+
+<screen><prompt>darkstar:~# </prompt><userinput>ping -c 3 www.slackware.com</userinput>
+64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms
+64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms
+64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms
+
+--- slackware.com ping statistics ---
+3 packets transmitted, 3 received, 0% packet loss, time 2004ms
+rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms
+</screen>
+
+</section>
+
+<section>
+<title>traceroute</title>
+
+<para>
+<application>traceroute</application>(8) is a handy tool for determining
+what route your packets take to reach some other computer. It's mainly
+of use for determining which computers are "near" or "far" from you.
+This distance isn't strictly geographical, as your Internet Service
+Provider may route traffic from your computer in strange ways.
+<application>traceroute</application> shows you each router between
+your computer and any other machine you wish to connect to.
+Unfortunately, many providers, firewalls, and routers will block
+<application>traceroute</application> so you might not get a complete
+picture when using it. Still, it remains a handy tool for network
+troubleshooting.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>traceroute www.slackware.com</userinput>
+traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte
+packets
+ 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms
+ 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms
+ 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms
+ 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms
+ 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms
+44.125 ms
+ 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms
+58.247 ms 44.989 ms
+ 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms
+46.110 ms 43.977 ms
+ 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms
+76.735 ms 76.145 ms
+ 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms
+108.328 ms 120.096 ms
+10 wiltel-communications-group-inc.LosAngeles.savvis.net
+(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms
+11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436
+ms 85.575 ms
+12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms
+84.278 ms 86.922 ms
+13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms
+85.924 ms 86.102 ms
+14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms
+85.285 ms 84.148 ms
+15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms
+16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms
+17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms
+18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms
+</screen>
+</section>
+
+<section>
+<title>telnet</title>
+
+<para>
+Once upon a time, <application>telnet</application>(1) was the greatest
+thing since sliced bread. Basically, <application>telnet</application>
+opens an unencrypted network connection between two computers and hands
+control of the session to the user rather than some other application.
+Using <application>telnet</application>, people could connect to shells
+on other computers and execute commands as if they were physically
+present. Due to its unencrypted nature this is no longer recommended;
+however, <application>telnet</application> is still used for this
+purpose by many devices.
+</para>
+
+<para>
+Today, <application>telnet</application> is put to better use as a
+network diagnostic tool. Because it passes control of the session
+directly to the user, it can be used for a great variety of testing
+purposes. As long as you know what ASCII commands to send to the
+receiving computer, you can do any number of activies, such as read web
+pages or check your e-mail. Simply inform
+<application>telnet</application> what network port to use, and you're
+all set.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>telnet www.slackware.com 80</userinput>
+Trying 64.57.102.34...
+Connected to www.slackware.com.
+Escape character is '^]'.
+<userinput>HEAD / HTTP/1.1
+Host: www.slackware.com
+</userinput>
+HTTP/1.1 200 OK
+Date: Thu, 04 Feb 2010 18:01:35 GMT
+Server: Apache/1.3.27 (Unix) PHP/4.3.1
+Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT
+ETag: "61dc2-5374-4a973333"
+Accept-Ranges: bytes
+Content-Length: 21364
+Content-Type: text/html
+</screen>
+
+</section>
+
+<section>
+<title>ssh</title>
+
<para>
-PICTURE OF PKGTOOL MAIN SCREEN.
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
-FILL THIS IN!!!!!!
+As we mentioned, <application>telnet</application> may be useful as a
+diagnostic tool, but its unencrypted nature makes it a security concern
+for shell access. Thankfully, there's the secure shell protocol. Nearly
+every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or
+<application>ssh</application>(1) for short. It is one of the most
+commonly used network tools today and makes use of the strongest
+cryptographic techniques. <application>ssh</application> has many
+features, configuration options, and neat hacks, enough to fill its own
+book, so we'll only go into the basics here. Simply run
+<application>ssh</application> with the user name and the host and
+you'll be connected to it quickly and safely. If this is the first time
+you are connecting to this computer, <application>ssh</application>
+will ask you to confirm your desire, and make a local copy of the
+encryption key to use. Should this key later change,
+<application>ssh</application> will warn you and refuse to connect
+because it is possible that some one is attempting to hijack the
+connection using what is known as a man-in-the-middle attack.
</para>
+<screen><prompt>darkstar:~# </prompt><userinput>ssh alan@slackware.com</userinput>
+alan@slackware.com's password: <userinput>secret</userinput>
+<prompt>alan@slackware.com:~$ </prompt>
+</screen>
+
<para>
-<application>pkgtool</application> is a convenient and easy way to
-perform the most basic tasks, but for more advanced work more flexible
-tools are needed.
+The user and hostname are in the same form used by e-mail addresses.
+If you leave off the username part, <application>ssh</application> will
+use your current username when establishing the connection.
</para>
</section>
<section>
-<title>Installing, Removing, and Upgrading Packages</title>
-
-<para>
-While <application>pkgtool</application> scores points for convenience,
-<application>installpkg</application>(8) is much more capable of
-handling odd tasks, such as quickly installing a single package,
-installing an entire disk set of packages, or scripting an install.
-<application>installpkg</application> takes a list of packages to
-install, and simply installs them without asking any questions. Like
-all Slackware package management tools, it assumes that you know what
-you're doing and doesn't pretend to be smarter than you. In its
-simplest form, <application>installpkg</application> simply takes a
-list of packages to install, and does exactly what you would expect.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>installpkg blackbox-0.70.1-i486-2.txz</userinput>
-Verifying package blackbox-0.70.1-i486-2.txz.
-Installing package blackbox-0.70.1-i486-2.txz:
-PACKAGE DESCRIPTION:
-# blackbox (Blackbox window manager)
-#
-# Blackbox is that fast, light window manager you have been looking for
-# without all those annoying library dependencies.
-#
-# Also included in this package is the bbkeys utility for controlling
-# keyboard shortcut commands from within Blackbox.
-#
-# The Blackbox home page is http://blackboxwm.sourceforge.net
-#
-Package blackbox-0.70.1-i486-2.txz installed.</screen>
-
-<para>
-You can of course install multiple packages at a time, and in fact use
-shell wild cards. The following installs all of the "N" series
-packages from a mounted CD-ROM.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>installpkg /mnt/cdrom/slackware/n/*.txz</userinput></screen>
-
-<para>
-Removing a package is every bit as easy as installing one. As you might
-expect, the command to do this is
-<application>removepkg</application>(8). Simply tell it which packages
-to remove, and <application>removepkg</application> will check the
-contents of the package database and remove all the files and
-directories for that package with one caveat. If that file is included
-in multiple installed packages, it will be skipped and if a directory
-has new files in it, the directory will be left in place. Because of
-this, removing packages takes a good while longer than installing them.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>removepkg blackbox-0.70.1-i486-2.txz</userinput>
+<title>tcpdump</title>
+
+<para>
+So far all the tools we've looked at have focused on making connections
+to other computers, but now we're going to look at the traffic itself.
+<application>tcpdump</application>(1) (which must be run as root)
+allows us to view all or part of the network traffic originating or
+received by our computer. <application>tcpdump</application> displays
+the raw data packets in a variety of ways with all the network headers
+intact. Don't be alarmed if you don't understand everything it
+displays, <application>tcpdump</application> is a tool for professional
+network engineers and system administrators. By default, it probes the
+first network card it finds, but if you have multiple interfaces,
+simply use the <arg>-i</arg> argument to specify which one you're
+interested in. You can also limit the data displayed using expressions
+and change the manner in which it is displayed, but that is best
+explained by the man page and other reference material.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>tcpdump -i wlan0</userinput>
+tcpdump: verbose output suppressed, use -v or -vv for full protocol
+decode
+listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
+13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387:
+Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489
+ecr 339048583], length 164WARNING: Short packet. Try increasing the
+snap length by 140
+SMB PACKET: SMBtrans2 (REPLY)
+
+13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds:
+Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr
+1382697489], length 134WARNING: Short packet. Try increasing the snap
+length by 110
+SMB PACKET: SMBtrans2 (REQUEST)
+</screen>
+
+</section>
+
+<section>
+<title>nmap</title>
+
+<para>
+Suppose you need to know what network services are running on a
+machine, or multiple machines, or you wish to determine if multiple
+machines are responsive? You could <application>ping</application>
+each one individually, <application>telnet</application> to each port
+you're interested in, and note every detail, but that's very tedious
+and time consuming. A much easier alternative is to use a port scanner,
+and <application>nmap</application>(1) is just the tool for the job.
+<application>nmap</application> is capable of scanning TCP and UDP
+ports, determining the operating system of a network device, probing
+each located service to determine its specific type, and much much
+more. Perhaps the simplist way to use <application>nmap</application>
+is to "ping" multiple computers at once. You can use network address
+notation (CIDR) or specify a range of addresses and
+<application>nmap</application> will scan every one and return the
+results to you when it's finished. You can even specify host names as
+you like.
+</para>
+
+<para>
+In order to "ping" hosts, you'll have to use the <arg>-sP</arg>
+argument. The following command instructs
+<application>nmap</application> to "ping" www.slackware.com and the 16
+IP addresses starting at 72.168.24.0 and ending at 72.168.24.15.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>nmap -sP www.slackware.com 72.168.24.0/28</userinput>
+</screen>
+
+<para>
+Should you need to perform a port scan, <application>nmap</application>
+has many options for doing just that. When run without any arguments,
+<application>nmap</application> performs a standard TCP port scan on all
+hosts specified. There are also options to make
+<application>nmap</application> more or less aggressive with its
+scanning to return results quicker or fool intrusion detection
+services. For a full discussion, you should refer to the rather
+exhaustive man page. The following three commands perform a regular
+port scan, a SYN scan, and a "Christmas tree" scan.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>nmap www.example.com</userinput>
+<prompt>darkstar:~# </prompt><userinput>nmap -sS www.example.com</userinput>
+<prompt>darkstar:~# </prompt><userinput>nmap -sX www.example.com</userinput>
+</screen>
+
+<para>
+Be warned! Some Internet Service Providers frown heavily on port
+scanning and may take measures to prevent you from doing it.
+<application>nmap</application> and applications like it are best used
+on your own systems for maintenance and security purposes, not as
+general purpose Internet scanners.
+</para>
+
+</section>
+
+</section>
+
+<section><title>Web Browsers</title>
+
+<para>
+Slackware includes a variety of web browsers. If you're using a
+graphical desktop, you'll find Firefox, Seamonkey, and others you may
+already be familiar with, but what about console access? Fortunately,
+there are a number of capable web browsers here as well.
+</para>
+
+<section><title>lynx</title>
+
+<para>
+The oldest console-based web browser included with Slackware is
+definitely <application>lynx</application>(1), a very capable if
+somewhat limited web browser. <application>lynx</application> does not
+support frames, javascript, or pictures; it is strictly a text web
+browser. Navigation is performed using your keyboard's arrow keys and
+optionally, a mouse. While it lacks many features that other browsers
+support, <application>lynx</application> is one of the fastest web
+browsers you'll ever use for gathering information. For example, the
+<arg>-dump</arg> argument sends the formatted web page directly to the
+console, which can then be piped to other programs.
+</para>
+
+<para>
+PIC OF LYNX IN ACTION.
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+</para>
+
+</section>
+
+<section><title>links</title>
+
+<para>
+A more feature-rich alternative is the popular
+<application>links</application>(1), a console-based web browser that
+supports frames and has better table rendering than
+<application>lynx</application>. Like its predecessor,
+<application>links</application> is navigated with the arrow keys, and
+the use of a mouse is supported. Unlike,
+<application>lynx</application> it also includes a handy menu (simply
+click on the top line with your mouse to activate) and generally
+formats web pages better.
+</para>
+
+<para>
+PIC OF LINKS IN ACTION.
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+FILL THIS IN!!!!!!!
+</para>
+
+</section>
+
+<section><title>wget</title>
+
+<para>
+Unlike the other browsers we've looked at,
+<application>wget</application>(1) is non-interactive. Rather than display
+HTTP content, <application>wget</application> downloads it. This takes
+the "browsing" out of the web browser. Unlike the dump modes of other
+browsers, <application>wget</application> does not format its
+downloads; rather it copies the content in its exact form on the web
+server with all tags and binary data in place. It also supports several
+recursive options that can effectively mirror online content to your
+local computer. <application>wget</application> need not operate
+exclusively on HTTP content; it also supports FTP and several other
+protocols.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt</userinput>
+--2010-05-01 13:51:19--
+ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt
+ => `ChangeLog.txt'
+Resolving ftp.osuosl.org... 64.50.236.52
+Connecting to ftp.osuosl.org|64.50.236.52|:21... connected.
+Logging in as anonymous ... Logged in!
+==> SYST ... done. ==> PWD ... done.
+==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done.
+==> SIZE ChangeLog.txt ... 75306
+==> PASV ... done. ==> RETR ChangeLog.txt ... done.
+Length: 75306 (74K)
+
+100%[======================================>] 75,306 110K/s in 0.7s
+
+2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306]
</screen>
+</section>
+
+</section>
+
+<section>
+<title>FTP Clients</title>
+
<para>
-Finally, upgrading is just as easy with (you guessed it),
-<application>upgradepkg</application>(8) which first installs a new
-package, then removes whatever files and directories are left-over from
-the old package. One important thing to remember is that
-<application>upgradepkg</application> doesn't check to see if the
-previously installed package has a higher version number than the "new"
-package, so it can also be used to downgrade to older versions.
+Lots of data is stored on FTP servers the world over. In fact,
+Slackware Linux was first publically offered via FTP and continues to
+be distributed in this fashion today. Most open source software can be
+downloaded in source code or binary form via FTP, so knowing how to
+retrieve this information is a handy skill.
</para>
+<section><title>ftp</title>
+<para>
+The simplest FTP client included with Slackware is named simply,
+<application>ftp</application>(1) and is a reliable if somewhat simple
+means of sending and retrieving data. <application>ftp</application>
+connects to an FTP server, asks for your username and password, and
+then allows you to put or get data to and from that server.
+<application>ftp</application> has fallen out of favor with more
+experienced users do to a lack of features, but remains a handy tool,
+and much of the documentation you see online will refer you to it.
+</para>
-<screen><prompt>darkstar:~# </prompt><userinput>upgradepkg blackbox-0.70.1-i486-2.txz</userinput>
+<para>
+Once an FTP session has been initialized, you'll be placed at a prompt
+somewhat like a shell. From here you can change and list directories
+using the "cd" and "ls" commands, just like a shell. Additionally, you
+may issue the "put" command to send a file to the server, or a "get"
+command to retrieve data from the server. If you're connecting to a
+public FTP server, you'll want to use the "anonymous" username and
+simply enter your e-mail address (or a fake one) for the password.
+</para>
-+==============================================================================
-| Upgrading blackbox-0.65.0-x86_64-4 package using
-./blackbox-0.70.1-i486-2.txz
-+==============================================================================
+<screen><prompt>darkstar:~# </prompt><userinput>ftp ftp.osuosl.org</userinput>
+Name (ftp.osuosl.org:alan): <userinput>anonymous</userinput>
+331 Please specify the password.
+Password: <userinput>secret</userinput>
+230 Login successful.
+Remote system type is UNIX.
+Using binary mode to transfer files.
+ftp> <userinput>cd pub/slackware/slackware-current/</userinput>
+250 Directory successfully changed.
+ftp> <userinput>get ChangeLog.txt</userinput>
+local: ChangeLog.txt remote: ChangeLog.txt
+200 PORT command successful. Consider using PASV.
+150 Opening BINARY mode data connection for ChangeLog.txt (33967
+bytes).
+226 File send OK.
+33967 bytes received in 0.351 secs (94 Kbytes/sec)
+ftp> <userinput>bye</userinput>
+221 Goodbye.
+</screen>
-Pre-installing package blackbox-0.70.1-i486-2...
+</section>
-Removing package
-/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51...
- --> Deleting symlink /usr/share/blackbox/nls/POSIX
- --> Deleting symlink /usr/share/blackbox/nls/US_ASCII
- --> Deleting symlink /usr/share/blackbox/nls/de
- --> Deleting symlink /usr/share/blackbox/nls/en
- --> Deleting symlink /usr/share/blackbox/nls/en_GB
-...
-Package blackbox-0.65.0-x86_64-4 upgraded with new package
-./blackbox-0.70.1-i486-2.txz.</screen>
+<section><title>ncftp</title>
<para>
-All of these tools have useful arguments. For example, the
-<arg>--root</arg> to <application>installpkg</application> will install
-packages into an arbitrary directory. The <arg>--dry-run</arg> argument
-will instruct <application>upgradepkg</application> to simply tell you
-what it would attempt without actually making any changes to the
-system. For complete details, you should (as always) refer to the man
-pages.
+<application>ncftp</application>(1) (pronounced nick-f-t-p), is a more
+feature rich successor to <application>ftp</application>, supporting
+tab completion and recursive retrieval. It automatically connects to a
+server as the anonymous user, unless you specify a different username
+on the commandline with the <arg>-u</arg> argument. The primary
+advantage over <application>ftp</application> is the ability to send
+and retrieve multiple files at once with the "mput" and "mget"
+commands. If you pass the <arg>-R</arg> argument to either of them,
+they will recursively put or get data from directories.
</para>
+<screen><prompt>darkstar:~# </prompt><userinput>ncftp ftp.osuosl.org</userinput>
+Logging in...
+Login successful.
+Logged in to ftp.osuosl.org.
+ncftp / > <userinput>cd pub/slackware/slackware-current</userinput>
+Directory successfully changed.
+ncftp ...ware/slackware-current > <userinput>mget -R isolinux</userinput>
+isolinux/README.TXT: 4.63 kB 16.77 kB/s
+isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s
+isolinux/f2.txt: 793.00 B 5.68 kB/s
+isolinux/initrd.img: 13.75 MB 837.91 kB/s
+isolinux/iso.sort: 50.00 B 354.50 B/s
+isolinux/isolinux.bin: 14.00 kB 33.99 kB/s
+isolinux/isolinux.cfg: 487.00 B 3.30 kB/s
+isolinux/message.txt: 760.00 B 5.32 kB/s
+isolinux/setpkg: 2.76 kB 19.11 kB/s
+ncftp ...ware/slackware-current > <userinput>bye</userinput>
+</screen>
+
+</section>
+
+<section><title>lftp</title>
+
+<para>
+The last client we're going to look at is
+<application>lftp</application>(1). Like
+<application>ncftp</application>, it supports tab completion and
+recursive activity, but has a more friendly license. Rather than user
+"mget" and "mput", all recursive operations are handled with the
+"mirror" command. "mirror" has many different options available, so
+I'll have to refer you to the man page and the built-in "help" command
+for complete details.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>lftp ftp.osuosl.org</userinput>
+lftp ftp.osuosl.org:~> <userinput>cd /pub/slackware/slackware-current</userinput>
+cd ok, cwd=/pub/slackware/slackware-current
+lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>mirror isolinux</userinput>
+Total: 2 directories, 16 files, 1 symlink
+New: 16 files, 1 symlink
+14636789 bytes transferred in 20 seconds (703.7K/s)
+lftp ftp.osuosl.org:/pub/slackware/slackware-current> <userinput>bye</userinput>
+</screen>
+
+</section>
+
</section>
<section>
-<title>Package Compression Formats</title>
+<title>NNTP Clients</title>
<para>
-We won't go in depth into the details of package formats, but a few
-words should be given here. In the past, all Slackware packages were
-compressed with the <application>gzip</application>(1) compression
-utility, which was a good compromise between compression speed and
-size. Recently, new compression schemes have been added and the
-package management tools have been upgraded to handle these. Today,
-official Slackware packages are compressed with the
-<application>xz</application> utility and end with .txz extensions.
-Older packages (and many third party packages) still use the .tgz
-extension.
+Once upon a time when the Internet was young, before the World Wide Web
+was invented and no one had heard of hyperlinks, everyone retrieved
+their news and information through a service known as Usenet using the
+NNTP protocol. It remains today a useful knowledge base of information
+on an incredible variety of subjects, but if you wish to access this
+information, you're going to need a proper client. Slackware includes
+a number of NNTP clients with both console and graphical interfaces,
+but we'll only detail the console tools here. Popular graphical news
+readers include <application>knode</application> and
+<application>pan</application>.
</para>
+<section><title>tin</title>
+
+</section>
+
+<section><title>slrn</title>
+
+</section>
+
</section>
<section>
-<title><application>slackpkg</application></title>
+<title>rsync</title>
<para>
- The <application>slackpkg</application> is an automated tool for
-management of Slackware Linux Packages. It was in /extra for
-the release of slackware-12.1, and since the release of
-slackware-12.2 it is included in the ap/ series of a base
-installation.
+Ready to see something cool? Have you ever found yourself needing just
+a handful of files from a large directory, but you're not entirely sure
+which files you already have and which ones you need? You can download
+the entire directory again, but that's duplicating a lot of work. You
+can pick and chose, manually check everything, but that's very tedious.
+Perhaps you've downloaded a large file such as an ISO, but something
+went wrong with the download? It doesn't make sense that you should
+have to pull down the entire file again if only a few bits have been
+corrupted. Enter <application>rsync</application>(1), a fast and
+versatile copying tool for local and remote files.
</para>
+
+<para>
+<application>rsync</application> uses a handful of simple, but very
+effective techniques to determine what needs to be changed. By checking
+file size and time stamps, it can determine if two files are different.
+If something has changed, it can determine what bytes are different,
+and simply download that handfull of data rather than an entire file.
+It is truly a marvel of modern technology.
+</para>
+
<para>
- For more information see the <application>man</application> pages for
-slackpkg(8) and slackpkg.conf(5).
+In its simplist form, <application>rsync</application> connects to an
+rsync protocol server and downloads a list of files and directories,
+along with their sizes, timestamps, and other information. It then
+compares this to the local files (if any) to determine what it needs to
+transfer. Only files that are different will be synced. Additionally,
+it breaks up large files into smaller chunks and compares those chunks
+using a quick and simple hash function. Any chunks that match are not
+transferred, so the amount of data that must be copied can be
+dramatically reduced. <application>rsync</application> also supports
+compression, verbose output, file deletion, permission handling, and
+many other options. For a complete list, you'll need to refer to the
+man page, but I've included a small table of some of the more common
+options.
</para>
+
+<table pgwide="0">
+<title>rsync Arguments</title>
+<tgroup cols="2">
+ <thead>
+ <entry>Argument</entry>
+ <entry>Explaination</entry>
+ </thead>
+ <tbody>
+ <row>
+ <entry>-v</entry>
+ <entry>Increased verbosity</entry>
+ </row>
+ <row>
+ <entry>-c</entry>
+ <entry>Checksum all files rather than relying on file size and timestamp</entry>
+ </row>
+ <row>
+ <entry>-a</entry>
+ <entry>Archive mode (equivilant to -rlptgoD)</entry>
+ </row>
+ <row>
+ <entry>-e</entry>
+ <entry>Specify a remote shell to use</entry>
+ </row>
+ <row>
+ <entry>-r</entry>
+ <entry>Recursive mode</entry>
+ </row>
+ <row>
+ <entry>-u</entry>
+ <entry>Update - skip files that are newer on the receiving end</entry>
+ </row>
+ <row>
+ <entry>-p</entry>
+ <entry>Preserve permissions</entry>
+ </row>
+ <row>
+ <entry>-n</entry>
+ <entry>Dry-run - perform a trial run without making any changes</entry>
+ </row>
+ <row>
+ <entry>-z</entry>
+ <entry>Compress - handy for slow network connections</entry>
+ </row>
+ </tbody>
+</tgroup>
+</table>
+
<para>
-Homepage: <ulink url="http://www.slackpkg.org/">http://www.slackpkg.org/</ulink>
+Due to the power and versatility of <application>rsync</application>,
+it can be invoked in a number of ways. The following two examples
+connect to an rsync protocol server to retrieve some information and to
+another server via ssh to encrypt the transmission.
</para>
+<screen><prompt>darkstar:~# </prompt><userinput>rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \
+/src/slackware-current/</userinput>
+<prompt>darkstar:~# </prompt><userinput>rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo</userinput>
+</screen>
+
</section>
</chapter>
diff --git a/chapter_17.xml b/chapter_17.xml
index ea3035c..4da780b 100644
--- a/chapter_17.xml
+++ b/chapter_17.xml
@@ -3,119 +3,188 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>Keeping Track of Updates</title>
+<title>Package Management</title>
+
+<para>
+Package management is an essential part of any Linux distribution.
+Every piece of software included by Slackware, along with many
+third-party tools are distributed as source code that can be compiled,
+but compiling all those thousands of different applications and
+libraries is tedious and time consuming. That's why many people prefer
+to install pre-compiled software packages. In fact, when you installed
+Slackware, the <application>setup</application> program primarily
+worked by running package management tools on a list of packages. Here
+we'll look at the various tools used for handling Slackware packages.
+</para>
<section>
-<title>The -stable Branch</title>
+<title><application>pkgtool</application></title>
<para>
-Whenever a new version of Slackware is released, the Slackware team will,
-as needed, release updated packages to fix serious security vulnerabilities
-and particularly nasty bugs. Therefore, it's important to keep up with all
-of the patches for your version of Slackware, which is referred to as the
-"-stable" branch. There is also a "-current" branch, which is where we do
-our development work toward the next stable release (and as such, there are
-often intrusive changes there), but unless you're willing to work with a
-possibly broken system and are able to fix things on your own, we strongly
-recommend that you stick with the "-stable" branch.
+The simplest way to perform package maintenance tasks is to invoke
+<application>pkgtool</application>(8), a menu-driven interface to some of
+the other tools. <application>pkgtool</application> allows you to
+install or remove packages as well as view the contents of those
+packages and the list of currently installed packages in a
+user-friendly ncurses interface.
</para>
<para>
-Since -stable updates aren't distributed on the disks, you'll need to obtain
-them from the Internet. Many people and organizations offer mirrors from
-which you can download the entire Slackware tree (or only the
-<filename>patches/</filename> directory) in any number of ways. While some
-mirrors offer web access, the most common ways of obtaining updates are via
-ftp and/or rsync servers. The Slackware project maintains a small list
-(organized by country) of known mirrors. If you're unsure which mirror you
-should use, simply consult
-<ulink url="http://www.slackware.com/getslack/">http://www.slackware.com/getslack/</ulink>
-for suggestions. If you have a major university near you, there's a good
-chance that they offer a mirror of numerous open source projects, and
-Slackware may be among them. The only real requirement for a mirror is that
-it be complete, but usually it's best to use a mirror near where you live in
-order to achieve the fastest transfer times and use the least amount of
-Internet resources.
+PICTURE OF PKGTOOL MAIN SCREEN.
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
+FILL THIS IN!!!!!!
</para>
<para>
-So how do you know when there are updates? The best way is to consult the
-<filename>ChangeLog.txt</filename> on any up-to-date mirror. You can always
-find the latest changelogs for the "-current" and most recent "-stable"
-branch on the Slackware Project's web page, but if you're running an older
-version of Slackware, you'll need to check a mirror.
+<application>pkgtool</application> is a convenient and easy way to
+perform the most basic tasks, but for more advanced work more flexible
+tools are needed.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>wget -O - \
-ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \
-| less</userinput>
-Sun Jan 24 20:22:46 UTC 2010
-patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded.
- This fixes a couple of security bugs when using mod_proxy_ftp.
- For more information, see:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
- (* Security fix *)</screen>
-
</section>
<section>
-<title>Security Update Mailing List</title>
+<title>Installing, Removing, and Upgrading Packages</title>
+
+<para>
+While <application>pkgtool</application> scores points for convenience,
+<application>installpkg</application>(8) is much more capable of
+handling odd tasks, such as quickly installing a single package,
+installing an entire disk set of packages, or scripting an install.
+<application>installpkg</application> takes a list of packages to
+install, and simply installs them without asking any questions. Like
+all Slackware package management tools, it assumes that you know what
+you're doing and doesn't pretend to be smarter than you. In its
+simplest form, <application>installpkg</application> simply takes a
+list of packages to install, and does exactly what you would expect.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>installpkg blackbox-0.70.1-i486-2.txz</userinput>
+Verifying package blackbox-0.70.1-i486-2.txz.
+Installing package blackbox-0.70.1-i486-2.txz:
+PACKAGE DESCRIPTION:
+# blackbox (Blackbox window manager)
+#
+# Blackbox is that fast, light window manager you have been looking for
+# without all those annoying library dependencies.
+#
+# Also included in this package is the bbkeys utility for controlling
+# keyboard shortcut commands from within Blackbox.
+#
+# The Blackbox home page is http://blackboxwm.sourceforge.net
+#
+Package blackbox-0.70.1-i486-2.txz installed.</screen>
+
+<para>
+You can of course install multiple packages at a time, and in fact use
+shell wild cards. The following installs all of the "N" series
+packages from a mounted CD-ROM.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>installpkg /mnt/cdrom/slackware/n/*.txz</userinput></screen>
+
+<para>
+Removing a package is every bit as easy as installing one. As you might
+expect, the command to do this is
+<application>removepkg</application>(8). Simply tell it which packages
+to remove, and <application>removepkg</application> will check the
+contents of the package database and remove all the files and
+directories for that package with one caveat. If that file is included
+in multiple installed packages, it will be skipped and if a directory
+has new files in it, the directory will be left in place. Because of
+this, removing packages takes a good while longer than installing them.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>removepkg blackbox-0.70.1-i486-2.txz</userinput>
+</screen>
<para>
-While the Slackware team does release updated bugfix-only packages (i.e.
-not security fixes) occasionally, you're probably most interested in
-security fixes for vulnerabilities discovered after the -stable release.
-The Slackware Project maintains a mailing list that will notify you of any
-updated packages for such serious issues. In order to subscribe to the
-mailing list, send an e-mail to <email>majordomo@slackware.com</email>
-with the words 'subscribe slackware-security' in the body of the message.
-The majordomo will be happy to add your name to the list, and when new
-packages are released, it will mail an advisory to you.
+Finally, upgrading is just as easy with (you guessed it),
+<application>upgradepkg</application>(8) which first installs a new
+package, then removes whatever files and directories are left-over from
+the old package. One important thing to remember is that
+<application>upgradepkg</application> doesn't check to see if the
+previously installed package has a higher version number than the "new"
+package, so it can also be used to downgrade to older versions.
+</para>
+
+
+
+<screen><prompt>darkstar:~# </prompt><userinput>upgradepkg blackbox-0.70.1-i486-2.txz</userinput>
+
++==============================================================================
+| Upgrading blackbox-0.65.0-x86_64-4 package using
+./blackbox-0.70.1-i486-2.txz
++==============================================================================
+
+Pre-installing package blackbox-0.70.1-i486-2...
+
+Removing package
+/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51...
+ --> Deleting symlink /usr/share/blackbox/nls/POSIX
+ --> Deleting symlink /usr/share/blackbox/nls/US_ASCII
+ --> Deleting symlink /usr/share/blackbox/nls/de
+ --> Deleting symlink /usr/share/blackbox/nls/en
+ --> Deleting symlink /usr/share/blackbox/nls/en_GB
+...
+Package blackbox-0.65.0-x86_64-4 upgraded with new package
+./blackbox-0.70.1-i486-2.txz.</screen>
+
+<para>
+All of these tools have useful arguments. For example, the
+<arg>--root</arg> to <application>installpkg</application> will install
+packages into an arbitrary directory. The <arg>--dry-run</arg> argument
+will instruct <application>upgradepkg</application> to simply tell you
+what it would attempt without actually making any changes to the
+system. For complete details, you should (as always) refer to the man
+pages.
</para>
</section>
<section>
-<title>Upgrading Slackware Versions</title>
+<title>Package Compression Formats</title>
<para>
-Now that we've gone this far, you should feel reasonably competent in your
-ability to manage your Slackware system. But what do we do with it when
-there's a new release? Updating from one release of Slackware to another
-is a lot more complicated than simply updating a few packages. Each release
-changes a lot of things, and while many of these changes are small, some of
-them can completely break your system if you haven't prepared for them and/or
-don't understand what is changing and why. While some Linux distributions
-provide highly automated tools that attempt to handle every tiny detail for
-you, Slackware takes a much more hands-on approach to things.
+We won't go in depth into the details of package formats, but a few
+words should be given here. In the past, all Slackware packages were
+compressed with the <application>gzip</application>(1) compression
+utility, which was a good compromise between compression speed and
+size. Recently, new compression schemes have been added and the
+package management tools have been upgraded to handle these. Today,
+official Slackware packages are compressed with the
+<application>xz</application> utility and end with .txz extensions.
+Older packages (and many third party packages) still use the .tgz
+extension.
</para>
+</section>
+
+<section>
+<title><application>slackpkg</application></title>
+
<para>
-The very first thing you should do before attempting an upgrade is the one
-that many people neglect: decide if it's really necessary to upgrade. If
-the old system is stable and doing everything you want it to do, there may
-be no need to do an operating system upgrade at all. Assuming you decide
-to do the upgrade, then the second thing you should do is read the
-<filename>CHANGES_AND_HINTS.TXT</filename> file on your upgrade discs or
-a mirror. This file is updated during the development period before every
-release, and it lists lots of helpful hints and tips to aid you in dealing
-with the changes. Finally, read the <filename>UPGRADE.TXT</filename> file
-before proceeding. After doing these things, you may decide that it's less
-trouble and potential for problems to backup your configuration files and
-data and do a fresh installation of the new Slackware release rather than
-attempt a possibly tricky upgrade. However, if you still wish to continue,
-make backups of your data and configuration files first. At a minimum,
-it's good practice to backup the <filename>/etc</filename> and <filename>/home</filename>
-directories. This will give you a chance to perform a reinstall if something
-goes wrong with the upgrade.
+ The <application>slackpkg</application> is an automated tool for
+management of Slackware Linux Packages. It was in /extra for
+the release of slackware-12.1, and since the release of
+slackware-12.2 it is included in the ap/ series of a base
+installation.
+</para>
+<para>
+ For more information see the <application>man</application> pages for
+slackpkg(8) and slackpkg.conf(5).
</para>
-
<para>
-Since every new version of Slackware has a few differences, giving complete
-instructions here is not only futile but potentially misleading. You should
-always consult the documentation included on your Slackware disks or your
-favorite mirror.
+Homepage: <ulink url="http://www.slackpkg.org/">http://www.slackpkg.org/</ulink>
</para>
</section>
diff --git a/chapter_18.xml b/chapter_18.xml
index bc49aed..ea3035c 100644
--- a/chapter_18.xml
+++ b/chapter_18.xml
@@ -3,375 +3,119 @@
"/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd">
<chapter>
-<title>The Linux Kernel</title>
+<title>Keeping Track of Updates</title>
<section>
-<title>What Does the Kernel Do?</title>
-
-<para>
-You've probably heard people talking about compiling the kernel or
-building a kernel, but what exactly is the kernel and what does it do?
-The kernel is the center of your computer. It is the foundation for the
-entire operating system. The kernel acts as a bridge between the
-hardware and the applications. This means that the kernel is (usually)
-the sole piece of software responsible for ordering around the hardware
-components of your computer. It is the kernel that instructs the hard
-drive to search for a certain data stream. It is the kernel that
-instructs your network card to transmit rapid changes in voltage. The
-kernel also listens to hardware as well. When the network card detects
-a remote computer sending information, it forwards that information to
-the kernel. This makes the kernel both the single most important piece
-of software on your computer and the most complex.
-</para>
+<title>The -stable Branch</title>
+
+<para>
+Whenever a new version of Slackware is released, the Slackware team will,
+as needed, release updated packages to fix serious security vulnerabilities
+and particularly nasty bugs. Therefore, it's important to keep up with all
+of the patches for your version of Slackware, which is referred to as the
+"-stable" branch. There is also a "-current" branch, which is where we do
+our development work toward the next stable release (and as such, there are
+often intrusive changes there), but unless you're willing to work with a
+possibly broken system and are able to fix things on your own, we strongly
+recommend that you stick with the "-stable" branch.
+</para>
+
+<para>
+Since -stable updates aren't distributed on the disks, you'll need to obtain
+them from the Internet. Many people and organizations offer mirrors from
+which you can download the entire Slackware tree (or only the
+<filename>patches/</filename> directory) in any number of ways. While some
+mirrors offer web access, the most common ways of obtaining updates are via
+ftp and/or rsync servers. The Slackware project maintains a small list
+(organized by country) of known mirrors. If you're unsure which mirror you
+should use, simply consult
+<ulink url="http://www.slackware.com/getslack/">http://www.slackware.com/getslack/</ulink>
+for suggestions. If you have a major university near you, there's a good
+chance that they offer a mirror of numerous open source projects, and
+Slackware may be among them. The only real requirement for a mirror is that
+it be complete, but usually it's best to use a mirror near where you live in
+order to achieve the fastest transfer times and use the least amount of
+Internet resources.
+</para>
+
+<para>
+So how do you know when there are updates? The best way is to consult the
+<filename>ChangeLog.txt</filename> on any up-to-date mirror. You can always
+find the latest changelogs for the "-current" and most recent "-stable"
+branch on the Slackware Project's web page, but if you're running an older
+version of Slackware, you'll need to check a mirror.
+</para>
+
+<screen><prompt>darkstar:~# </prompt><userinput>wget -O - \
+ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \
+| less</userinput>
+Sun Jan 24 20:22:46 UTC 2010
+patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded.
+ This fixes a couple of security bugs when using mod_proxy_ftp.
+ For more information, see:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
+ (* Security fix *)</screen>
</section>
<section>
-<title>Working with Modules</title>
-
-<para>
-The complexity of a modern linux kernel is staggering. The source code
-for the kernel weighs in at nearly 400MB uncompressed. There are
-thousands of developers, hundreds of options, and if everything were
-built together, the kernel would soon pass 100MB in size itself. In
-order to keep the size of the kernel down (as well as the amount of RAM
-needed for the kernel), most of the kernel options are built as
-modules. You can think of these modules as device drivers which can be
-inserted or removed from a running kernel at will. In truth, many of
-them aren't device drivers at all, but contain support for things such
-as network protocols, security measures, and even filesystems. In
-short, nearly any piece of the linux kernel can be built as a loadable
-module.
-</para>
-
-<para>
-It's important to realize that Slackware will automatically handle
-loading most modules for you. When your system boots,
-<application>udevd</application>(8) is started and begins to probe your
-system's hardware. For each device it finds, it loads the proper module
-and created a device node in <filename>/dev</filename>. This usually
-means that you will not need to load any modules in order to use your
-computer, but occasionally this is necessary.
-</para>
-
-<para>
-So what modules are currently loaded on your computer and how do we
-load and unload them? Fortunately we have a full suite of tools for
-handling this. As you might have guessed, the tool for listing modules
-is <application>lsmod</application>(8).
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>lsmod</userinput>
-Module Size Used by
-nls_utf8 1952 1
-cifs 240600 2
-i915 168584 2
-drm 168128 3 i915
-i2c_algo_bit 6468 1 i915
-tun 12740 1
-... many more lines ommitted ...
-</screen>
-
-<para>
-In addition to showing you what modules are loaded, it displays the
-size of each module and tells you what other modules are using it.
-</para>
-
-<para>
-There are two applications for loading modules:
-<application>insmod</application>(8) and
-<application>modprobe</application>(8). Both will load modules and
-report any errors (such as loading a module for a device that isn't
-present in your system), but <application>modprobe</application> is
-preferred because it can load any module dependencies. Using either is
-straight-forward.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>insmod ext3</userinput>
-<prompt>darkstar:~# </prompt><userinput>modprobe ext4</userinput>
-<prompt>darkstar:~# </prompt><userinput>lsmod | grep ext</userinput>
-ext4 239928 1
-jbd2 59088 1 ext4
-crc16 1984 1 ext4
-ext3 139408 0
-jbd 48520 1 ext3
-mbcache 8068 2 ext4,ext3
-</screen>
+<title>Security Update Mailing List</title>
<para>
-Removing modules can be a tricky process, and once again we have two
-programs for removing them: <application>rmmod</application>(8) and
-<application>modprobe</application>. In order to remove a module with
-modprobe, you'll need to use the <arg>-r</arg> argument.
+While the Slackware team does release updated bugfix-only packages (i.e.
+not security fixes) occasionally, you're probably most interested in
+security fixes for vulnerabilities discovered after the -stable release.
+The Slackware Project maintains a mailing list that will notify you of any
+updated packages for such serious issues. In order to subscribe to the
+mailing list, send an e-mail to <email>majordomo@slackware.com</email>
+with the words 'subscribe slackware-security' in the body of the message.
+The majordomo will be happy to add your name to the list, and when new
+packages are released, it will mail an advisory to you.
</para>
-<screen><prompt>darkstar:~# </prompt><userinput>rmmod ext3</userinput>
-<prompt>darkstar:~# </prompt><userinput>modprobe -r ext4</userinput>
-<prompt>darkstar:~# </prompt><userinput>lsmod | grep ext</userinput>
-</screen>
-
</section>
<section>
-<title>Compiling A Kernel and Why to do So</title>
-
-<para>
-Most Slackware users will never need to compile a kernel. The huge and
-generic kernels contain virtually all the support you will need.
-However, some users may need to compile a kernel. If your computer
-contains bleeding edge hardware, a newer kernel may offer improved
-support. Sometimes a kernel patch my be available that corrects a
-problem you are experiencing. In these cases a kernel compile is
-probably warranted. Users who simply want the latest and greatest
-version or who believe using a custom compiled kernel will give them
-greater performance can certainly upgrade, but are unlikely to notice
-any major changes. If you still think compiling your own kernel is
-something you want or need to do, this section should walk you through
-the many steps.
-Compiling and installing a kernel is not that difficult, but there are
-a number of mistakes that can be made along the way, many of which can
-prevent your computer from booting and cause major frustration.
-</para>
-
-<para>
-The first step is ensuring you have the kernel source code installed on
-your system. The kernel source package is included in the "k" disk set
-in the Slackware installer, or you can download another version from
-<ulink url="http://www.kernel.org/">http://www.kernel.org/</ulink>.
-Traditionally, the kernel source is located in
-<filename>/usr/src/linux</filename>, a symbolic link that points to the
-specific kernel release used, but this is by no means set in stone. You
-can place the kernel source code virtually anywhere without
-encountering any problems.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>ls -l /usr/src</userinput>
-lrwxrwxrwx 1 root root 14 2009-07-22 19:59 linux -> linux-2.6.29.6/
-drwxr-xr-x 23 root root 4096 2010-03-17 19:00 linux-2.6.29.6/
-</screen>
-
-<para>
-The most difficult part of any kernel compile is the kernel
-configuration. There are hundreds of options, many of which can
-optionally be compiled into modules. This means there are thousands of
-ways to configure a kernel. Fortunately, there are a few handy tricks
-that can keep you from running into too much trouble. The kernel
-configuration file is <filename>.config</filename>. If you are very
-brave, you can manually edit this file with a text editor, but I highly
-recommend you use the kernel's built-in tools for manipulating
-<filename>.config</filename>.
-</para>
-
-<para>
-Unless you are very familiar with configuring kernels, you should
-always start with a solid base configuration and modify it. This
-prevents you from skipping an important option that might force you to
-compile the kernel again and again until you get it right. The best
-kernel <filename>.config</filename> files to start with are those used
-by Slackware's default kernels. You can find them on your Slackware
-install disks or at your favorite mirror in the
-<filename>kernels/</filename> directory.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>mount /mnt/cdrom</userinput>
-<prompt>darkstar:~# </prompt><userinput>cd /mnt/cdrom/kernels</userinput>
-<prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>ls</userinput>
-VERSIONS.TXT huge.s/ generic.s/ speakup.s/
-<prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>ls genric.s</userinput>
-System.map.gz bzImage config
-</screen>
-
-<para>
-You can replace the default <filename>.config</filename> file easily by
-copying or downloading the <filename>config</filename> file for the
-kernel you wish to use as a base. Here I am using Slackware's
-recommended generic.s kernel for a base, but you may wish to use the
-huge.s config file. The generic kernel builds more things as modules
-and thus creates a smaller kernel image, but it usually requires the
-use of an initrd.
-</para>
-
-<screen><prompt>darkstar:/mnt/cdrom/kernels# </prompt><userinput>cp generic.s/config /usr/src/linux/.config</userinput>
-</screen>
-
-<note><para>
-The Slackware kernel file lacks the "dot" while the kernel
-file includes it. If you forget, or simply copy the
-<filename>config</filename> to <filename>/usr/src</filename> whatever
-<filename>.config</filename> file was already present will be used
-instead.
-</para></note>
-
-<para>
-If you want to use the configuration for the currently running kernel
-as your base, you may be able to locate it at
-<filename>/proc/config.gz</filename>. This is a special kernel-related
-file that includes the entire kernel configuration in a compressed
-format and requires that your kernel was built to support it.
-</para>
-
-<screen><prompt>darkstar:~# </prompt><userinput>zcat /proc/config.gz > /usr/src/linux/.config</userinput>
-</screen>
-
-<para>
-Now that we've created a solid base configuration, it's time to make
-any configuration changes we want. The entire kernel build process from
-configuration to compilation is performed with the
-<application>make</application>(1) command and special arguments to it.
-Each argument performs a different function.
-</para>
-
-<para>
-If you are upgrading to a newer kernel release, you will definitely
-want to use the <arg>oldconfig</arg> argument. This will step through
-your base <filename>.config</filename> and look for missing elements
-that usually indicates that the new kernel release contains additional
-options. Since options are added at virtually every kernel release,
-this is generally a good thing to do.
-</para>
-
-<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make oldconfig</userinput>
-scripts/kconfig/conf -o arch/x86/Kconfig
-*
-* Restart config...
-*
-*
-* File systems
-*
-Second extended fs support (EXT2_FS) [M/n/y/?] m
- Ext2 extended attributes (EXT2_FS_XATTR) [N/y/?] n
- Ext2 execute in place support (EXT2_FS_XIP) [N/y/?] n
-Ext3 journalling file system support (EXT3_FS) [M/n/y/?] m
- Ext3 extended attributes (EXT3_FS_XATTR) [Y/n/?] y
- Ext3 POSIX Access Control Lists (EXT3_FS_POSIX_ACL) [Y/n/?] y
- Ext3 Security Labels (EXT3_FS_SECURITY) [Y/n/?] y
-The Extended 4 (ext4) filesystem (EXT4_FS) [N/m/y/?] (NEW) <userinput>m</userinput>
-</screen>
-
-<para>
-Here you can see that I the new kernel I am compiling has added support
-for a new filesystem: ext4. <arg>oldconfig</arg> has gone through my
-original configuration, kept all the old options exactly as they were
-set, and prompted me on what to do with new options. Typically it is
-save to choose the default option, but you may wish change this.
-<arg>oldconfig</arg> is a very handy tool for presenting you with only
-new configuration options, making it ideal for users who simply have to
-try out the latest kernel release.
-</para>
-
-<para>
-For more serious configuration tasks, there are a multitude of options.
-The linux kernel can be configured in three primary ways. The first is
-<arg>config</arg>, which will step through each and every option one by
-one and ask what you would like to do. This is so tedious that hardly
-anyone ever uses it anymore.
-</para>
-
-<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make config</userinput>
-scripts/kconfig/conf arch/x86/Kconfig
-*
-* Linux Kernel Configuration
-*
-*
-* General setup
-*
-Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] <userinput>Y</userinput>
-Local version - append to kernel release (LOCALVERSION) [] <userinput>-test</userinput>
-Automatically append version information to the version string (LOCALVERSION_AUTO) [N/y/?] <userinput>n</userinput>
-Support for paging of anonymous memory (swap) (SWAP) [Y/n/?]
-</screen>
-
-<para>
-Fortunately, there are two much easier ways to configure your kernel,
-<arg>menuconfig</arg> and <arg>xconfig</arg>. Both of these create a
-menu-driven program that lets you select and de-select options without
-having to step through each one. <arg>menuconfig</arg> is the most
-commonly used method, and the one I recommend. <arg>xconfig</arg> is
-only useful if you are attempting to compile the kernel from a
-graphical user interface within <application>X</application>. Both are
-so similar however, that we are only going to document
-<arg>menuconfig</arg>.
-</para>
-
-<para>
-Running <userinput>make menuconfig</userinput> from a terminal will
-present you with the friendly curses-driven interface you see below.
-Each kernel section is given its own submenu, and you can navigate with
-the arrow keys.
-</para>
-
-<imagedata fileref="img/make-menuconfig-w.png" format="PNG"/>
-
-<warning><para>
-If you are compiling a kernel that is the same release as the stock
-Slackware kernel, you must set the "Local version" option. This is
-found on the "General setup" submenu. Failure to set this will result
-in your kernel compile over-writing all the modules used by the stock
-kernels. This can quickly render your system unbootable.
-</para></warning>
-
-<para>
-Once you've finished configuring the kernel, it's time to begin
-compiling it. There are many different methods for this, but the most
-reliable is to use <arg>bzImage</arg>. When you pass this argument to
-<application>make</application>, the kernel compilation will begin and
-you will see lots of data scroll through the terminal until either the
-compile process is complete or a fatal error is encountered.
-</para>
-
-<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make bzImage</userinput>
-scripts/kconfig/conf -s arch/x86/Kconfig
- CHK include/linux/version.h
- CHK include/linux/utsrelease.h
- SYMLINK include/asm -> include/asm-x86
- CALL scripts/checksyscalls.sh
- CC scripts/mod/empty.o
- HOSTCC scripts/mod/mk_elfconfig
- MKELF scripts/mod/elfconfig.h
- HOSTCC scripts/mod/file2alias.o
-... many hundreds of lines ommitted ...
-</screen>
-
-<para>
-If the process ends in an error, you should check your kernel
-configuration first. Compile errors are usually caused by a fault
-<filename>.config</filename> file. Assuming everything went alright,
-we're still not entirely finished, as we need to build the modules.
-</para>
-
-<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>make modules</userinput>
- CHK include/linux/version.h
- CHK include/linux/utsrelease.h
- SYMLINK include/asm -> include/asm-x86
- CALL scripts/checksyscalls.sh
- HOSTCC scripts/mod/file2alias.o
-... many thousands of lines omitted ...
-</screen>
-
-<para>
-If both the kernel and the modules compiles finished sucessfully, we're
-ready to install them. The kernel image needs to be copied into a safe
-location, typically the <filename>/boot</filename> directory, and you
-should give it a unique name to avoid overwriting any other kernel
-images located there. Traditionaly kernel images are named
-<filename>vmlinuz</filename> with the kernel release and local version
-appended.
-</para>
-
-<screen><prompt>darkstar:/usr/src/linux# </prompt><userinput>cat arch/x86/boot/bzImage > /boot/vmlinuz-release_number-local_version</userinput>
-<prompt>darkstar:/usr/src/linux# </prompt><userinput>make modules_install</userinput>
-</screen>
-
-<para>
-Once these steps have been completed, you will have a new kernel image
-located under <filename>/boot</filename> and a new kernel modules
-directory under <filename>/lib/modules</filename>. In order to use
-this new kernel, you will need to edit <filename>lilo.conf</filename>,
-create an initrd for it (only if you need to load one or more of this
-kernel's modules to boot), and run <application>lilo</application> to
-update the boot loader. When you reboot, if all went according to plan,
-you should have an option to boot with your newly compiled kernel. If
-something went wrong, you may be spending some time fixing the problem.
+<title>Upgrading Slackware Versions</title>
+
+<para>
+Now that we've gone this far, you should feel reasonably competent in your
+ability to manage your Slackware system. But what do we do with it when
+there's a new release? Updating from one release of Slackware to another
+is a lot more complicated than simply updating a few packages. Each release
+changes a lot of things, and while many of these changes are small, some of
+them can completely break your system if you haven't prepared for them and/or
+don't understand what is changing and why. While some Linux distributions
+provide highly automated tools that attempt to handle every tiny detail for
+you, Slackware takes a much more hands-on approach to things.
+</para>
+
+<para>
+The very first thing you should do before attempting an upgrade is the one
+that many people neglect: decide if it's really necessary to upgrade. If
+the old system is stable and doing everything you want it to do, there may
+be no need to do an operating system upgrade at all. Assuming you decide
+to do the upgrade, then the second thing you should do is read the
+<filename>CHANGES_AND_HINTS.TXT</filename> file on your upgrade discs or
+a mirror. This file is updated during the development period before every
+release, and it lists lots of helpful hints and tips to aid you in dealing
+with the changes. Finally, read the <filename>UPGRADE.TXT</filename> file
+before proceeding. After doing these things, you may decide that it's less
+trouble and potential for problems to backup your configuration files and
+data and do a fresh installation of the new Slackware release rather than
+attempt a possibly tricky upgrade. However, if you still wish to continue,
+make backups of your data and configuration files first. At a minimum,
+it's good practice to backup the <filename>/etc</filename> and <filename>/home</filename>
+directories. This will give you a chance to perform a reinstall if something
+goes wrong with the upgrade.
+</para>
+
+<para>
+Since every new version of Slackware has a few differences, giving complete
+instructions here is not only futile but potentially misleading. You should
+always consult the documentation included on your Slackware disks or your
+favorite mirror.
</para>
</section>