From dbca998ce52d78ce5e525e0d799adc83d580f66a Mon Sep 17 00:00:00 2001 From: Alan Hicks Date: Sat, 1 May 2010 14:17:18 -0400 Subject: Making room for new chapter and a few minor modifications. --- chapter_06.xml | 208 +-------------- chapter_07.xml | 223 ++++++++++++++-- chapter_08.xml | 263 ++----------------- chapter_09.xml | 562 ++++++++++++++-------------------------- chapter_10.xml | 685 +++++++++++++++++++++++-------------------------- chapter_11.xml | 669 ++++++++++++++++++++++++++++++------------------ chapter_12.xml | 325 +++++++++++++++++++++++- chapter_13.xml | 394 +--------------------------- chapter_14.xml | 564 ++++++++++++++++++++++------------------ chapter_15.xml | 791 +++++++++++++++++---------------------------------------- chapter_16.xml | 722 ++++++++++++++++++++++++++++++++++++++++++---------- chapter_17.xml | 237 +++++++++++------ chapter_18.xml | 456 ++++++++------------------------- 13 files changed, 2876 insertions(+), 3223 deletions(-) diff --git a/chapter_06.xml b/chapter_06.xml index a6f1837..c757993 100644 --- a/chapter_06.xml +++ b/chapter_06.xml @@ -3,230 +3,30 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -The X Window System +Process Control
-What Is (And Isn't) X +Why Use Slackware? -Eons ago computer terminals came with a screen and a keyboard and not -much else. Mice hadn't come into common use and everything was menu -driven. Then came the Graphical User Interface (GUI) and the world was -changed. Today users are accustomed to moving a mouse around a screen, -clicking on icons and running tasks with fancy images and animation, -but UNIX systems predated this and so GUIs were added almost as an -afterthought. For many years, Linux and its UNIX brethren were -primarily used without graphics of any sort, but today it is perhaps -more common than not for users to prefer their Linux computers come -with shiney, flashy, clickable GUIs, and all these GUIs run on -X(7). - - - -So what is X? Is it the desktop with the icons? Is it the menus? Is it -the window manager? Does it mark the spot? The answer to all these is a -resounding "no". There are many parts to a GUI, but X is the most -fundamental. X is that application that receives input from the mouse, -keyboard, and possibly other devices. X is that application that tells -the graphics card what to do. In short, X is the application that talks -to your computer's hardware from graphical purposes; all other -graphical applications simply talk to X. - - - -Let's stop for a moment and talk about nomenclature. X is just one of a -dozen names that you may encounter. It is also called X11, the X Window -System, X Window, X11R6, X Version 11, and several others. Whatever -you hear it called, simply understand that the speakers are referring -to X.
-Configuring the X Server - - -As powerful as Slackware Linux is, configuring X can be daunting and -is often one of the first real challenges a new user faces. Don't be -overly concerned if you find this a bit difficult. While many changes -have been made over the years that make this much easier, there are -still computers out there that don't properly auto-detect, or you'll -wish to make some change to some setting and it might not be immediately -apparent what to do. Just remember that when I started using X, it was -far more primitive than it is today, took far more work to configure, -and often crashed without telling the user what was wrong. If I and -thousands of others got this working back then, you can do it today. - - - -Fortunately, with X.Org 1.6.3 an -/etc/X11/xorg.conf does not even need to be -present for X to attempt a working display, -further, Slackware includes a default configuration file that works -for most computers by using the VESA standard. This offers only the -most basic functions and may not allow your graphics card to operate at -its full potential. You may be limited to low resolutions, fewer -colors, and X will be slower. Still, this is -an option for users, particularly those who only want to occassionally -run X. You can try it out now simply by -running startx(1) from a command prompt. - +Differences Compared to Other Linux Distributions -There are many ways to configure X, but the -easiest is to use xorgsetup. This will attempt -to probe probe your computer's hardware and write a working xorg.conf -file. This option is not garaunteed to work; there are some platforms -that it is known not to work with, and there are probably others as -well. Still, it is worth trying first as it is the quickest and least -complicated for a new user to attempt. - - - -The second most popular way to configure X -on your system is the handy xorgconfig(1). -This application asks you a series of questions about your computer's -hardware and writes out a config file based on your choices. Unless you -know exactly what your hardware is, we recommend that you try -xorgsetup first. - - - -Additionally, the X has flags available to -let X attempt to detect hardware and render -an xorg.conf.new that should work with the hardware -present. From a virtual terminal call X -configure, -and the resulting file will be either /root/xorg.conf.new -or $HOME/xorg.conf.new. Before moving this new -configuration to /etc/X11/, it can be tested by -calling X -config /root/xorg.conf.new, then you can -exit this X session with <CTRL>+<ALT>+<Backspace>. - - - -Lastly, you can manually configure your X -server by modifying /etc/X11/xorg.conf with a text -editor. This is not normally a task for the faint of heart, but is -often the easiest way to make minor changes.
-Choosing a Window Manager - - -Slackware Linux includes many different window managers and desktop -environments. Window managers are the applications responsible for -painting application windows on the screen, resizing these windows, and -similar tasks. Desktop environments include a window manager, but also -add task bars, menus, icons, and more. Slackware includes both the KDE -and XFCE desktop environments and several additional window managers. -Which you use is entirely your own decision, but in general, window -managers tend to be faster than desktop environments and more suitable -to older systems with less memory and slower processors. Desktop -environments will be more comfortable for users accustomed to Microsoft -Windows. - +Licensing -LIST OF DE'S AND WINDOW MANAGERS. -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! -FILL THIS IN!!!! - -The easiest way to choose a window manager is -xwmconfig(1), included with Slackware Linux. -This application allows a user to choose what window manager to run -with startx. - - -
- -
-Setting Up A Graphical Login - - -By default, when you boot your Slackware Linux system you are presented -with a login prompt on a virtual terminal. This is more than adequate -for most people's needs. If you need to run commandline applications, -you may login and do so right away. If you want to run X, simply executing -startx will do that for you nicely. -But suppose you almost exclusively -use your system for graphical duties like many laptop owners? Wouldn't -it be nice for Slackware to take you straight into a GUI? Fortunately, -there's an easy way to do just that. - - - -Slackware uses the System V init system which allows the administrator -to boot into or change to different runlevels, which are really just -different "states" the computer can be in. In fact, shutting down the -computer is really only a case of changing to a runlevel which -accomplishes just that. Runlevels can be rather complicated, so we -won't delve into them any further than necessary. - - - -Runlevels are configured in inittab(5). -The most common ones are -runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell -Slackware to boot to a GUI screen, simply open -/etc/inittab with your -favorite editor of choice. (You may wish to refer to one of the -chapters on vi or -emacs at this point.) Near the top, you'll -see the relevant entries. - - - -# These are the default runlevels in Slackware: -# 0 = halt -# 1 = single user mode -# 2 = unused (but configured the same as runlevel 3) -# 3 = multiuser mode (default Slackware runlevel) -# 4 = X11 with KDM/GDM/XDM (session managers) -# 5 = unused (but configured the same as runlevel 3) -# 6 = reboot - -# Default runlevel. (Do not set to 0 or 6) -id:3:initdefault: - - - -In this file (along with most configuration files) anything following a -hash symbol # is a comment and not interpreted by init(8). Don't worry -if you don't understand everything about inittab, as many veteran users -don't either. The only line we are interested in is the last on above. -Simply change the 3 to a 4 and reboot. - - - -# These are the default runlevels in Slackware: -# 0 = halt -# 1 = single user mode -# 2 = unused (but configured the same as runlevel 3) -# 3 = multiuser mode (default Slackware runlevel) -# 4 = X11 with KDM/GDM/XDM (session managers) -# 5 = unused (but configured the same as runlevel 3) -# 6 = reboot - -# Default runlevel. (Do not set to 0 or 6) -id:4:initdefault: - -
diff --git a/chapter_07.xml b/chapter_07.xml index 1ba3035..a6f1837 100644 --- a/chapter_07.xml +++ b/chapter_07.xml @@ -3,45 +3,230 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Printing +The X Window System
-Choosing A Printer +What Is (And Isn't) X -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Eons ago computer terminals came with a screen and a keyboard and not +much else. Mice hadn't come into common use and everything was menu +driven. Then came the Graphical User Interface (GUI) and the world was +changed. Today users are accustomed to moving a mouse around a screen, +clicking on icons and running tasks with fancy images and animation, +but UNIX systems predated this and so GUIs were added almost as an +afterthought. For many years, Linux and its UNIX brethren were +primarily used without graphics of any sort, but today it is perhaps +more common than not for users to prefer their Linux computers come +with shiney, flashy, clickable GUIs, and all these GUIs run on +X(7). + + + +So what is X? Is it the desktop with the icons? Is it the menus? Is it +the window manager? Does it mark the spot? The answer to all these is a +resounding "no". There are many parts to a GUI, but X is the most +fundamental. X is that application that receives input from the mouse, +keyboard, and possibly other devices. X is that application that tells +the graphics card what to do. In short, X is the application that talks +to your computer's hardware from graphical purposes; all other +graphical applications simply talk to X. + + + +Let's stop for a moment and talk about nomenclature. X is just one of a +dozen names that you may encounter. It is also called X11, the X Window +System, X Window, X11R6, X Version 11, and several others. Whatever +you hear it called, simply understand that the speakers are referring +to X.
-Setting Up a Printer in CUPS +Configuring the X Server + + +As powerful as Slackware Linux is, configuring X can be daunting and +is often one of the first real challenges a new user faces. Don't be +overly concerned if you find this a bit difficult. While many changes +have been made over the years that make this much easier, there are +still computers out there that don't properly auto-detect, or you'll +wish to make some change to some setting and it might not be immediately +apparent what to do. Just remember that when I started using X, it was +far more primitive than it is today, took far more work to configure, +and often crashed without telling the user what was wrong. If I and +thousands of others got this working back then, you can do it today. + + + +Fortunately, with X.Org 1.6.3 an +/etc/X11/xorg.conf does not even need to be +present for X to attempt a working display, +further, Slackware includes a default configuration file that works +for most computers by using the VESA standard. This offers only the +most basic functions and may not allow your graphics card to operate at +its full potential. You may be limited to low resolutions, fewer +colors, and X will be slower. Still, this is +an option for users, particularly those who only want to occassionally +run X. You can try it out now simply by +running startx(1) from a command prompt. + -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +There are many ways to configure X, but the +easiest is to use xorgsetup. This will attempt +to probe probe your computer's hardware and write a working xorg.conf +file. This option is not garaunteed to work; there are some platforms +that it is known not to work with, and there are probably others as +well. Still, it is worth trying first as it is the quickest and least +complicated for a new user to attempt. + + + +The second most popular way to configure X +on your system is the handy xorgconfig(1). +This application asks you a series of questions about your computer's +hardware and writes out a config file based on your choices. Unless you +know exactly what your hardware is, we recommend that you try +xorgsetup first. + + + +Additionally, the X has flags available to +let X attempt to detect hardware and render +an xorg.conf.new that should work with the hardware +present. From a virtual terminal call X -configure, +and the resulting file will be either /root/xorg.conf.new +or $HOME/xorg.conf.new. Before moving this new +configuration to /etc/X11/, it can be tested by +calling X -config /root/xorg.conf.new, then you can +exit this X session with <CTRL>+<ALT>+<Backspace>. + + + +Lastly, you can manually configure your X +server by modifying /etc/X11/xorg.conf with a text +editor. This is not normally a task for the faint of heart, but is +often the easiest way to make minor changes.
-Commandline Printing Tools +Choosing a Window Manager + + +Slackware Linux includes many different window managers and desktop +environments. Window managers are the applications responsible for +painting application windows on the screen, resizing these windows, and +similar tasks. Desktop environments include a window manager, but also +add task bars, menus, icons, and more. Slackware includes both the KDE +and XFCE desktop environments and several additional window managers. +Which you use is entirely your own decision, but in general, window +managers tend to be faster than desktop environments and more suitable +to older systems with less memory and slower processors. Desktop +environments will be more comfortable for users accustomed to Microsoft +Windows. + -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +LIST OF DE'S AND WINDOW MANAGERS. +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! +FILL THIS IN!!!! + +The easiest way to choose a window manager is +xwmconfig(1), included with Slackware Linux. +This application allows a user to choose what window manager to run +with startx. + + +
+ +
+Setting Up A Graphical Login + + +By default, when you boot your Slackware Linux system you are presented +with a login prompt on a virtual terminal. This is more than adequate +for most people's needs. If you need to run commandline applications, +you may login and do so right away. If you want to run X, simply executing +startx will do that for you nicely. +But suppose you almost exclusively +use your system for graphical duties like many laptop owners? Wouldn't +it be nice for Slackware to take you straight into a GUI? Fortunately, +there's an easy way to do just that. + + + +Slackware uses the System V init system which allows the administrator +to boot into or change to different runlevels, which are really just +different "states" the computer can be in. In fact, shutting down the +computer is really only a case of changing to a runlevel which +accomplishes just that. Runlevels can be rather complicated, so we +won't delve into them any further than necessary. + + + +Runlevels are configured in inittab(5). +The most common ones are +runlevel 3 (Slackware's default) and runlevel 4 (GUI). In order to tell +Slackware to boot to a GUI screen, simply open +/etc/inittab with your +favorite editor of choice. (You may wish to refer to one of the +chapters on vi or +emacs at this point.) Near the top, you'll +see the relevant entries. + + + +# These are the default runlevels in Slackware: +# 0 = halt +# 1 = single user mode +# 2 = unused (but configured the same as runlevel 3) +# 3 = multiuser mode (default Slackware runlevel) +# 4 = X11 with KDM/GDM/XDM (session managers) +# 5 = unused (but configured the same as runlevel 3) +# 6 = reboot + +# Default runlevel. (Do not set to 0 or 6) +id:3:initdefault: + + + +In this file (along with most configuration files) anything following a +hash symbol # is a comment and not interpreted by init(8). Don't worry +if you don't understand everything about inittab, as many veteran users +don't either. The only line we are interested in is the last on above. +Simply change the 3 to a 4 and reboot. + + + +# These are the default runlevels in Slackware: +# 0 = halt +# 1 = single user mode +# 2 = unused (but configured the same as runlevel 3) +# 3 = multiuser mode (default Slackware runlevel) +# 4 = X11 with KDM/GDM/XDM (session managers) +# 5 = unused (but configured the same as runlevel 3) +# 6 = reboot + +# Default runlevel. (Do not set to 0 or 6) +id:4:initdefault: + +
diff --git a/chapter_08.xml b/chapter_08.xml index a2bb4e9..1ba3035 100644 --- a/chapter_08.xml +++ b/chapter_08.xml @@ -3,268 +3,43 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Users and Groups +Printing
-What Are Users and Groups? +Choosing A Printer -Slackware Linux inherits a strong multi-user tradition from its UNIX -inspiration. This means that multiple people may use the system at -once, but it also means that each of these people may have different -permissions. This allows users to prevent others from modifying their -files, or lets system administrators explicitly define what users can -and cannot do on the system. Moreover, users need not be actual people -at all. In fact, Slackware includes several dozen pre-defined user -and group accounts that are not typically used by regular users. Rather -these accounts allow the system administrator to segment the system for -security reasons. We'll see how that's done in the next chapter on -filesystem permissions. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur.
-Managing Users and Groups +Setting Up a Printer in CUPS -The easiest way to add new users in Slackware is through the use of our -very fine adduser shell script. -adduser will prompt you to enter the details -of the new user you wish to creature and step you through the process -quickly and easily. It will even create a password for the new user. - - -darkstar:~# adduser - -Login name for new user []: david - -User ID ('UID') [ defaults to next available ]: - -Initial group [ users ]: -Additional UNIX groups: - -Users can belong to additional UNIX groups on the system. -For local users using graphical desktop login managers such -as XDM/KDM, users may need to be members of additional groups -to access the full functionality of removable media devices. - -* Security implications * -Please be aware that by adding users to additional groups may -potentially give access to the removable media of other users. - -If you are creating a new user for remote shell access only, -users do not need to belong to any additional groups as standard, -so you may press ENTER at the next prompt. - -Press ENTER to continue without adding any additional groups -Or press the UP arrow to add/select/edit additional groups -: audio cdrom floppy plugdev video - -Home directory [ /home/david ] - -Shell [ /bin/bash ] - -Expiry date (YYYY-MM-DD) []: - -New account will be created as follows: - ---------------------------------------- -Login name.......: david -UID..............: [ Next available ] -Initial group....: users -Additional groups: audio,cdrom,floppy,plugdev,video -Home directory...: /home/david -Shell............: /bin/bash -Expiry date......: [ Never ] - -This is it... if you want to bail out, hit Control-C. Otherwise, press -ENTER to go ahead and make the account. - - -Creating new account... - - -Changing the user information for david -Enter the new value, or press ENTER for the default - Full Name []: - Room Number []: - Work Phone []: - Home Phone []: - Other []: -Changing password for david -Enter the new password (minimum of 5, maximum of 127 characters) -Please use a combination of upper and lower case letters and numbers. -New password: -Re-enter new password: -Password changed. - - -Account setup complete. - - - -The addition of optional groups needs a little explaining. Every user -in Slackware has a single group that it is always a member of. By -default, this is the "users" group. However, users can belong to more -than one group at a time and will inherit all the permissions of every -group they belong to. Typical desktop users will need to add several -group memberships in order to do things like play sound or access -removeable media like cdroms or USB flash drives. You can simply press -the up arrow key at this section and a list of default groups for -desktop users will magically appear. You can of course, add to or -remove groups from this listing. - - - -Now that we've demonstrated how to use the interactive -adduser program, lets look at some powerful -non-interactive tools that you may wish to use. The first is -useradd(8). -useradd is a little less friendly, but much -faster for creating users in batches. This makes it ideal for use in -shell scripts. In fact, adduser is just such -a shell script and uses useradd for most of -the heavy lifting. useradd has many options -and we can't explain them all here, so refer to its man page for the -complete details. Now, let's make a new user. - - -darkstar:~# useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan - - - -Here I have added the user "alan". I specified the user's home -directory as /data/home/alan and used -bash as my shell. Also, I specified my -default group as "users" and added myself to a number of useful groups -for dekstop use. You'll note that useradd -does not do any prompting like adduser. -Unless you want to accept the defaults for everything, you'll need to -tell useradd what to do. - - - -Now that we know how to add users, we should learn how to add groups. -As you might have guessed, the command for doing this is -groupadd(8). -groupadd works in the same way as -useradd, but with far fewer options. The -following command adds the group "slackers" to the system. - - -darkstar:~# groupadd slackers - - - -Deleting users and groups is easy as well. Simply run the -userdel(8) and -groupdel(8) commands. By default, -userdel will leave the user's home directory -on the system. You can remove this with the -r argument. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur.
-Other User and Group Tools - - -Several other tools exist for managing users and groups. Perhaps the -most important one is passwd(1). This -command changes a user account's password. Normal users may change -their own passwords only, but root can change anyone's password. Also, -root can lock a user account with the -l argument. This -doesn't actually shutout the account, but instead changes the user's -encrypted password to a value that can't be matched. - - - -Another useful tool is chsh(1) which changes a -user's default shell. Like passwd, normal -users can only change their own shell, but the root user can change -anyone's. - - - -The last tool we're going to discuss is -chfn(1). This is used to enter identifying -information on the user such as his phone number and real name. This -information is stored in the passwd(5) file and -retrieved using finger(1). - - -
- -
-Managing Users and Groups Manually - - -Like most things in Slackware Linux, users and groups are stored in -plain-text files. This means that you can edit all the details of a -user, or even create a new user or group simply by editing these files -and doing a few other tasks like creating the user's home directory. Of -course, after you see how this is done you'll appreciate just how -simple the included tools make this task. - - - -Our first stop is the /etc/passwd file. Here, all -the information about a user is stored, except for (oddly enough) the -user's password. The reason for this is rather simple. -/etc/passwd must be readable by all users on the -system, so you wouldn't want passwords stored there, even if they are -encrypted. Let's take a quick look at my entry in this file. - - - -alan:x:1000:100:,,,:/home/alan:/bin/bash - - - -Each line in this file contains a number of fields seperated by a -colon. They are, from left to right: username, password, UID, GUID, a -comment field, home directory, and shell. You'll notice that the -password field for every entry is an x. That is -because Slackware uses shadow passwords, so the actual encrypted -password is stored in /etc/shadow. Let's take a -look there. - - - -alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7::: - - - -The shadow file contains more than just the -encrypted password as you'll notice. The fields here, again from left -to right, are: username, encrypted password, last day the password was -changed, days before the password may be changed again, how many days -before the password expires, days that the account will be disabled -after expiring, when the account was disabled, and a reserved field. -You may notice on some accounts that the various "days" fields often -include very large numbers. The reason for this is that Slackware -counts time from the "Epoch" which is January 1, 1970 for historical -reasons. - - - -To create a new user account, you'll just need to open these files -using vipw(8). This will open -/etc/passwd in the editor -defined by your VISUAL variable or your EDITOR variable if VISUAL isn't -defined. If neither is present, it will fall back to -vi by default. If you pass the -s -argument, it will open /etc/shadow instead. It's -important to use vipw instead of using any -other editor, because vipw will lock the -file and prevent other programs from editing it right underneath your feet. - +Commandline Printing Tools -That isn't all you'll need to do however; you must also create the -user's home directory and change the user's password using -passwd. +Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do +eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad +minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip +ex ea commodo consequat. Duis aute irure dolor in reprehenderit in +voluptate velit esse cillum dolore eu fugiat nulla pariatur.
diff --git a/chapter_09.xml b/chapter_09.xml index a0ab4d2..a2bb4e9 100644 --- a/chapter_09.xml +++ b/chapter_09.xml @@ -3,459 +3,269 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Filesystem Permissions +Users and Groups
-Permissions Overview +What Are Users and Groups? -As we've discussed, Slackware Linux is a multi-user operating system. -Because of this, its filesystems are mutli-user as well. This means -that every file or directory has a set of permissions that can grant or -deny privileges to different users. There are three basic permissions -and three sets of permissions for each file. Let's take a look at an -example file. +Slackware Linux inherits a strong multi-user tradition from its UNIX +inspiration. This means that multiple people may use the system at +once, but it also means that each of these people may have different +permissions. This allows users to prevent others from modifying their +files, or lets system administrators explicitly define what users can +and cannot do on the system. Moreover, users need not be actual people +at all. In fact, Slackware includes several dozen pre-defined user +and group accounts that are not typically used by regular users. Rather +these accounts allow the system administrator to segment the system for +security reasons. We'll see how that's done in the next chapter on +filesystem permissions. -darkstar:~$ ls -l /bin/ls --rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls - +
+ +
+Managing Users and Groups -Recall from chapter 4 that ls -l -lists the permissions for a file or -directory along with the user and group that "own" the file. In this -case, the permissions are rwxr-xr-x, the user is root and the group is -also root. The permissions section, while grouped together, is really -three seperate pieces. The first set of three letters are the -permissions granted to the user that owns the file. The second set of -three are those granted to the group owner, and the final three are -permissions for everyone else. +The easiest way to add new users in Slackware is through the use of our +very fine adduser shell script. +adduser will prompt you to enter the details +of the new user you wish to creature and step you through the process +quickly and easily. It will even create a password for the new user. - -Permissions of /bin/ls - - - - Set - Listing - Meaning - - - - - Owner - rwx - The owner "root" may read, write, and execute - - - Group - r-x - The group "root" may read and execute - - - Others - r-x - Everyone else may read and execute - - - -
+darkstar:~# adduser - -The permissions are pretty self explainatory of course, at least for -files. Read, write, and execute allow you to read a file, write to it, -or execute it. But what do these permissions mean for directories? -Simply put, the read permissions grants the ability to list the -directory's contents (say with ls). The write -permission grants the ability to create new files in the directory as -well as delete the entire directory, even if you otherwise wouldn't be -able to delete some of the other files inside it. The execute -permission grants the ability to actually enter the directory (with the -bash built-in command cd for example). - +Login name for new user []: david - -Let's look at the permissions on a directory now. - +User ID ('UID') [ defaults to next available ]: -darkstar:~$ ls -ld /home/alan -drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/ - +Initial group [ users ]: +Additional UNIX groups: - -Here we see the permissions on my home directory and its ownership. The -directory is owned by the user alan and the group users. The user is -granted all rights (rwx), the group is granted only read and execute -permissions (r-x), and everyone else is prohibited from doing anything. - +Users can belong to additional UNIX groups on the system. +For local users using graphical desktop login managers such +as XDM/KDM, users may need to be members of additional groups +to access the full functionality of removable media devices. -
+* Security implications * +Please be aware that by adding users to additional groups may +potentially give access to the removable media of other users. -
-<application>chmod</application>, -<application>chown</application>, and -<application>chgrp</application> +If you are creating a new user for remote shell access only, +users do not need to belong to any additional groups as standard, +so you may press ENTER at the next prompt. - -So now that we know what permissions are, how do we change them? And -for that matter, how do we assign user and group ownership? The answer -is right here in this section. - +Press ENTER to continue without adding any additional groups +Or press the UP arrow to add/select/edit additional groups +: audio cdrom floppy plugdev video - -The first tool we'll discuss is the useful -chown -(1) command. Using chown, we can (you guessed -it), change the ownership of a file or -directory. chown is historically used only -to change the user ownership, but can change the group ownership as well. - +Home directory [ /home/david ] -darkstar:~# ls -l /tmp/foo -total 0 --rw-r--r-- 1 alan users 0 2008-06-06 22:29 a --rw-r--r-- 1 alan users 0 2008-06-06 22:29 b -darkstar:~# chown root /tmp/foo/a -darkstar:~# ls -l /tmp/foo -total 0 --rw-r--r-- 1 root users 0 2008-06-06 22:29 a --rw-r--r-- 1 alan users 0 2008-06-06 22:29 b - +Shell [ /bin/bash ] - -By using a colon after the user account, you may also specify a new -group account. - +Expiry date (YYYY-MM-DD) []: -darkstar:~# chown root:root /tmp/foo/b -darkstar:~# ls -l /tmp/foo -total 0 --rw-r--r-- 1 root users 0 2008-06-06 22:29 a --rw-r--r-- 1 root root 0 2008-06-06 22:29 b - +New account will be created as follows: - -chown can also be used recursively to change -the ownership of all files and directories below a target directory. -The following command would change all the files under the directory -/tmp/foo to have their ownership set to root:root. - +--------------------------------------- +Login name.......: david +UID..............: [ Next available ] +Initial group....: users +Additional groups: audio,cdrom,floppy,plugdev,video +Home directory...: /home/david +Shell............: /bin/bash +Expiry date......: [ Never ] -darkstar:~# chown -R root:root /tmp/foo/b +This is it... if you want to bail out, hit Control-C. Otherwise, press +ENTER to go ahead and make the account. - -Specifying a colon and a group name without a user name will simply -change the group for a file and leave the user ownership intact. - -darkstar:~# chown :wheel /tmp/foo/a -darkstar:~# ls -l /tmp/foo -ls -l /tmp/foo -total 0 --rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a --rw-r--r-- 1 root root 0 2008-06-06 22:29 b - +Creating new account... - -The younger brother of chown is the -slightly less useful chgrp(1). This -command works just like chown, except -it can only change the group -ownership of a file. Since chown can -already do this, why bother with -chgrp? The answer is simple. Many other -operating systems use a -different version of chown that cannot -change the group ownership, so -if you ever come across one of those, now you know how. - - -There's a reason we discussed changing ownership before changing -permissions. The first is a much easier concept to grasp. The tool for -changing permissions on a file or directory is -chmod(1). The syntax for it -is nearly identical to that for chown, but -rather than -specify a user or group, the administrator must specify either a set of -octal permissions or a set of alphabetic permissions. Neither one is -especially easy to grasp the first time. We'll begin with the less -complicated octal permissions. - +Changing the user information for david +Enter the new value, or press ENTER for the default + Full Name []: + Room Number []: + Work Phone []: + Home Phone []: + Other []: +Changing password for david +Enter the new password (minimum of 5, maximum of 127 characters) +Please use a combination of upper and lower case letters and numbers. +New password: +Re-enter new password: +Password changed. + + +Account setup complete. + -Octal permissions derive their name from being assigned by one of eight -digits, namely the numbers 0 through 7. Each permissions is assigned a -number that is a power of 2, and those numbers are added together to -get the final permissions for one of the permission sets. If this -sounds confusing, maybe this table will help. +The addition of optional groups needs a little explaining. Every user +in Slackware has a single group that it is always a member of. By +default, this is the "users" group. However, users can belong to more +than one group at a time and will inherit all the permissions of every +group they belong to. Typical desktop users will need to add several +group memberships in order to do things like play sound or access +removeable media like cdroms or USB flash drives. You can simply press +the up arrow key at this section and a list of default groups for +desktop users will magically appear. You can of course, add to or +remove groups from this listing. - -Octal Permissions - - - - Permission - Meaning - - - - - Read - 4 - - - Write - 2 - - - Execute - 1 - - - -
- -By adding these values together, we can reach any number between 0 and -7 and specify all possible permission combinations. For example, to -grant both read and write privilages while denying execute, we would -use the number 6. The number 3 would grant write and execute -permissions, but deny the ability to read the file. We must specify a -number for each of the three sets when using octal permissions. It's -not possible to specify only a set of user or group permissions this -way for example. +Now that we've demonstrated how to use the interactive +adduser program, lets look at some powerful +non-interactive tools that you may wish to use. The first is +useradd(8). +useradd is a little less friendly, but much +faster for creating users in batches. This makes it ideal for use in +shell scripts. In fact, adduser is just such +a shell script and uses useradd for most of +the heavy lifting. useradd has many options +and we can't explain them all here, so refer to its man page for the +complete details. Now, let's make a new user. -darkstar:~# ls -l /tmp/foo/a --rw-r--r-- 1 root root 0 2008-06-06 22:29 a -darkstar:~# chmod 750 /tmp/foo/a -darkstar:~# ls -l /tmp/foo/a --rwxr-x--- 1 root root 0 2008-06-06 22:29 a +darkstar:~# useradd -d /data/home/alan -s /bin/bash -g users -G audio,cdrom,floppy,plugdev,video alan -chmod can also use letter values along with -+ or - to grant or deny permissions. -While this may be easier to -remember, it's often easier to use the octal permissions. +Here I have added the user "alan". I specified the user's home +directory as /data/home/alan and used +bash as my shell. Also, I specified my +default group as "users" and added myself to a number of useful groups +for dekstop use. You'll note that useradd +does not do any prompting like adduser. +Unless you want to accept the defaults for everything, you'll need to +tell useradd what to do. - -Alphabetic Permissions - - - - Permission - Letter Value - - - - - Read - r - - - Write - w - - - Execute - x - - - -
- - -Alphabetic Users and Groups - - - - Accounts Affected - Letter Value - - - - - User/Owner - u - - - Group - g - - - Others/World - o - - - -
- -To use the letter values with chmod, you -must specify which set to use them with, either "u" for user, "g" for -group, and "o" for all others. You must also specify whether you are -adding or removing permissions with the "+" and "-" signs. Multiple -sets can be changed at once by seperating each with a comma. +Now that we know how to add users, we should learn how to add groups. +As you might have guessed, the command for doing this is +groupadd(8). +groupadd works in the same way as +useradd, but with far fewer options. The +following command adds the group "slackers" to the system. -darkstar:/tmp/foo# ls -l -total 0 --rw-r--r-- 1 alan users 0 2008-06-06 23:37 a --rw-r--r-- 1 alan users 0 2008-06-06 23:37 b --rw-r--r-- 1 alan users 0 2008-06-06 23:37 c --rw-r--r-- 1 alan users 0 2008-06-06 23:37 d -darkstar:/tmp/foo# chmod u+x a -darkstar:/tmp/foo# chmod g+w b -darkstar:/tmp/foo# chmod u+x,g+x,o-r c -darkstar:/tmp/foo# chmod u+rx-w,g+r,o-r d -darkstar:/tmp/foo# ls -l --rwxr--r-- 1 alan users 0 2008-06-06 23:37 a* --rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b --rwxr-x--- 1 alan users 0 2008-06-06 23:37 c* --r-xr----- 1 alan users 0 2008-06-06 23:37 d* +darkstar:~# groupadd slackers -Which you prefer to use is entirely up to you. There are places where -one is better than the other, so a real Slacker will know both inside -out. +Deleting users and groups is easy as well. Simply run the +userdel(8) and +groupdel(8) commands. By default, +userdel will leave the user's home directory +on the system. You can remove this with the -r argument.
-SUID, SGID, and the "Sticky" Bit +Other User and Group Tools -We're not quite done with permissions just yet. There are three other -"special" permissions in addition to those mentioned above. They are -SUID, SGID, and the sticky bit. When a file has one or more of these -permissions set, it behaves in special ways. The SUID and SGID -permissions change the way an application is run, while the sticky bit -restricts deletion of files. These permissions are applied with -chmod -like read, write, and execute, but with a twist. +Several other tools exist for managing users and groups. Perhaps the +most important one is passwd(1). This +command changes a user account's password. Normal users may change +their own passwords only, but root can change anyone's password. Also, +root can lock a user account with the -l argument. This +doesn't actually shutout the account, but instead changes the user's +encrypted password to a value that can't be matched. -SUID and SGID stand for "Set User ID" and "Set Group ID" respectively. -When an application with one of these bits is set, the application runs -with the user or group ownership permissions of that application -regardless of what user actually -executed it. Let's take a look at a common SUID application, the humble -passwd and the files it modifies. +Another useful tool is chsh(1) which changes a +user's default shell. Like passwd, normal +users can only change their own shell, but the root user can change +anyone's. -darkstar:~# ls -l /usr/bin/passwd \ - /etc/passwd \ - /etc/shadow --rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd --rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow --rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd* - - -Notice the permissions on passwd. Instead of -an x in the user's execute slot, we have an -s. This tells us that -passwd is a SUID program, and when we run -it, the process will run as the user "root" rather than as the user -that actually executed it. The reason for this is readily apparent as -soon as you look at the two files it modifies. Neither -/etc/passwd nor /etc/shadow -are writeable by anyone other than root. Since users need to change -their personal information, passwd must be -run as root in order to modify those files. +The last tool we're going to discuss is +chfn(1). This is used to enter identifying +information on the user such as his phone number and real name. This +information is stored in the passwd(5) file and +retrieved using finger(1). - -So what about the sticky bit? The sticky bit restricts the ability to -move or delete files and is only ever set on directories. Non-root -users cannot move or delete any files under a directory with the sticky -bit set unless they are the owner of that file. Normally anyone with -write permission to the file can do this, but the sticky bit prevents -it for anyone but the owner (and of course, root). Let's take a look at -a common "sticky" directory. - +
-darkstar:~# ls -ld /tmp -drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp - +
+Managing Users and Groups Manually -Naturally, being a directory for the storage of temporary files sytem -wide, /tmp needs to be readable, writeable, and -executable by anyone and everyone. Since any user is likely to have a -file or two stored here at any time, it only makes good sense to -prevent other users from deleting those files, so the sticky bit has -been set. You can see it by the presence of the t in -place of the x in the world permissions section. +Like most things in Slackware Linux, users and groups are stored in +plain-text files. This means that you can edit all the details of a +user, or even create a new user or group simply by editing these files +and doing a few other tasks like creating the user's home directory. Of +course, after you see how this is done you'll appreciate just how +simple the included tools make this task. - -SUID, SGID, and "Sticky" Permissions - - - - Permission Type - Octal Value - Letter Value - - - - - SUID - 4 - s - - - SGID - 2 - s - - - Sticky - 1 - t - - - -
- -When using octal permissions, you must specify an additional leading -octal value. For example, to recreate the permission on -/tmp, we would use 1777. To recreate those -permissions on /usr/bin/passwd, we would use 4711. -Essentially, any time this leading fourth octet isn't specified, -chmod assumes its value to be 0. +Our first stop is the /etc/passwd file. Here, all +the information about a user is stored, except for (oddly enough) the +user's password. The reason for this is rather simple. +/etc/passwd must be readable by all users on the +system, so you wouldn't want passwords stored there, even if they are +encrypted. Let's take a quick look at my entry in this file. -darkstar:~# chmod 1777 /tmp -darkstar:~# chmod 4711 /usr/bin/passwd + +alan:x:1000:100:,,,:/home/alan:/bin/bash -Using the alphabetic permission values is slightly different. Assuming -the two files above have permissions of 0000 (no permissions at all), -here is how we would set them. +Each line in this file contains a number of fields seperated by a +colon. They are, from left to right: username, password, UID, GUID, a +comment field, home directory, and shell. You'll notice that the +password field for every entry is an x. That is +because Slackware uses shadow passwords, so the actual encrypted +password is stored in /etc/shadow. Let's take a +look there. -darkstar:~# chmod ug+rwx,o+rwt /tmp -darkstar:~# chmod u+rws,go+x /usr/bin/passwd + +alan:$1$HlR?M3fkL@oeJmsdLfhsLFM*4dflPh8:14197:0:99999:7::: + +The shadow file contains more than just the +encrypted password as you'll notice. The fields here, again from left +to right, are: username, encrypted password, last day the password was +changed, days before the password may be changed again, how many days +before the password expires, days that the account will be disabled +after expiring, when the account was disabled, and a reserved field. +You may notice on some accounts that the various "days" fields often +include very large numbers. The reason for this is that Slackware +counts time from the "Epoch" which is January 1, 1970 for historical +reasons. + + +To create a new user account, you'll just need to open these files +using vipw(8). This will open +/etc/passwd in the editor +defined by your VISUAL variable or your EDITOR variable if VISUAL isn't +defined. If neither is present, it will fall back to +vi by default. If you pass the -s +argument, it will open /etc/shadow instead. It's +important to use vipw instead of using any +other editor, because vipw will lock the +file and prevent other programs from editing it right underneath your feet. + - - - + +That isn't all you'll need to do however; you must also create the +user's home directory and change the user's password using +passwd. +
diff --git a/chapter_10.xml b/chapter_10.xml index a721dfa..a0ab4d2 100644 --- a/chapter_10.xml +++ b/chapter_10.xml @@ -3,496 +3,457 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Working with Filesystems +Filesystem Permissions
-The Filesystem Hierarchy +Permissions Overview -Slackware Linux stores all of its files and directories under a single -/ directory, typically referred to as "root". This -is in stark contract to what you may be familiar with in the form of -Microsoft Windows. Different hard disk partitions, cdroms, usb flash -drives, and even floppy disks can all be mounted in directories under -/, but do not have anything like "drive letters". -The contents of these devices can be found almost anywhere, but there -are some sane defaults that Slackware sets up for you. For example, -cd-rw drives are most often found at /mnt/cd-rw. -Here are a few common directories present on nearly all Slackware Linux -installations, and what you can expect to find there. +As we've discussed, Slackware Linux is a multi-user operating system. +Because of this, its filesystems are mutli-user as well. This means +that every file or directory has a set of permissions that can grant or +deny privileges to different users. There are three basic permissions +and three sets of permissions for each file. Let's take a look at an +example file. + + +darkstar:~$ ls -l /bin/ls +-rwxr-xr-x 1 root root 81820 2007-06-08 21:12 /bin/ls + + + +Recall from chapter 4 that ls -l +lists the permissions for a file or +directory along with the user and group that "own" the file. In this +case, the permissions are rwxr-xr-x, the user is root and the group is +also root. The permissions section, while grouped together, is really +three seperate pieces. The first set of three letters are the +permissions granted to the user that owns the file. The second set of +three are those granted to the group owner, and the final three are +permissions for everyone else. -Filesystem Layout - +Permissions of /bin/ls + - Directory - Explaination - - - - / - The root directory, under which all others exist - - /bin - Minimal set of binary programs for all users - - - /boot - The kernel, initrd, and other requirements for booting Slackware - - - /etc/ - System configuration files - - - /dev - Collection of special files allowing direct access to hardware - - - /home - User directories where personal files and settings are stored - - - /media - Directory for auto-mounting features in DBUS/HAL - - - /mnt - Places to temporarily mount removable media - - - /opt - Directory where some (typicaly proprietary) software may be installed - - - /proc - Kernel exported filesystem for process information - - - /root - The root user's home directory - - - /sbin - Minimal set of system or superuser binaries - - - /srv - Site-specific data such as web pages served by this system - - - /sys - Special kernel implimentation details + Set + Listing + Meaning + + - /tmp - Directory reserved for temporary files for all users + Owner + rwx + The owner "root" may read, write, and execute - /usr - All non-essential programs, libraries, and shared files + Group + r-x + The group "root" may read and execute - /var - Regularly changing data such as log files + Others + r-x + Everyone else may read and execute
-
- -
-Local Filesystem Types + +The permissions are pretty self explainatory of course, at least for +files. Read, write, and execute allow you to read a file, write to it, +or execute it. But what do these permissions mean for directories? +Simply put, the read permissions grants the ability to list the +directory's contents (say with ls). The write +permission grants the ability to create new files in the directory as +well as delete the entire directory, even if you otherwise wouldn't be +able to delete some of the other files inside it. The execute +permission grants the ability to actually enter the directory (with the +bash built-in command cd for example). + -The Linux kernel supports a wide variety of filesystems, which allows -you to choose from a long list of features to tailor to your particular -need. Fortunately, most of the default filesystem types are adequate -for any needs you may have. Some filesystems are geared towards -particular media. For example, the iso9660 filesystem is used almost -exclusively for CD and DVD media. +Let's look at the permissions on a directory now. -
-ext2 +darkstar:~$ ls -ld /home/alan +drwxr-x--- 60 alan users 3040 2008-06-06 17:14 /home/alan/ + -ext2 is the oldest filesystem included in Slackware Linux for storing -data on hard disks. Compared to other filesystems, ext2 is simplistic. -It is faster than most others for reading and writing data, but does -not include any journaling capability. This means that after a hard -crash, the filesystem must be exhaustively checked to discover and -(hopefully) fix any errors. +Here we see the permissions on my home directory and its ownership. The +directory is owned by the user alan and the group users. The user is +granted all rights (rwx), the group is granted only read and execute +permissions (r-x), and everyone else is prohibited from doing anything.
-ext3 +<application>chmod</application>, +<application>chown</application>, and +<application>chgrp</application> + -ext3 is the younger cousin of ext2. It was designed to replace ext2 in -most situations and shares much the same code-base, but adds journaling -support. In fact, ext3 and ext2 are so much alike that it is possible -to convert one to the other on the fly without lose of data. ext3 -enjoys a lot of popularity for these reasons. There are many tools -available for recovering data from this filesystem in the event of -catastrophic hardware failure as well. ext3 is a good general purpose -filesystem with journaling support, but fails to perform as well as -other journaling filesystems in specific cases. One pitfall to ext3 is -that the filesystem must still go through this exhaustive check every -so often. This is done when the filesystem is mounted, usually when the -computer is booted, and causes an annoying delay. +So now that we know what permissions are, how do we change them? And +for that matter, how do we assign user and group ownership? The answer +is right here in this section. -
-
-reiserfs -reiserfs is one of the oldest journaling filesystems for the Linux -kernel and has been supported by Slackware for many years. It is a very -fast filesystem particularly well suited for storing, retrieving, and -writing lots of small files. Unfortunately there are few tools for -recovering data should you experience a drive failure, and reiserfs -partitions experience corruption more often than ext3. +The first tool we'll discuss is the useful +chown +(1) command. Using chown, we can (you guessed +it), change the ownership of a file or +directory. chown is historically used only +to change the user ownership, but can change the group ownership as well. -
-
-XFS +darkstar:~# ls -l /tmp/foo +total 0 +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 a +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b +darkstar:~# chown root /tmp/foo/a +darkstar:~# ls -l /tmp/foo +total 0 +-rw-r--r-- 1 root users 0 2008-06-06 22:29 a +-rw-r--r-- 1 alan users 0 2008-06-06 22:29 b + + -XFS was contributed to the Linux kernel by SGI and is one of the best -filesystems for working with large volumes and large files. XFS uses -more RAM than other filesystems, but if you need to work with large -files its performance there is well worth the penalty in memory usage. -XFS is not particularly ill-suited for desktop or laptop use, but -really shines on a server that handles medium to large size files all -day long. Like ext3, XFS is a fully journaled filesystem. +By using a colon after the user account, you may also specify a new +group account. -
-
-JFS +darkstar:~# chown root:root /tmp/foo/b +darkstar:~# ls -l /tmp/foo +total 0 +-rw-r--r-- 1 root users 0 2008-06-06 22:29 a +-rw-r--r-- 1 root root 0 2008-06-06 22:29 b + + -JFS was contributed to the Linux kernel by IBM and is well known for -its responsiveness even under extreme conditions. It can span colossal -volumes making it particularly well-suited for Network Attached Storage -(NAS) devices. JFS's long history and thorough testing make it one of -the most reliable journaling filesystems available for Linux. +chown can also be used recursively to change +the ownership of all files and directories below a target directory. +The following command would change all the files under the directory +/tmp/foo to have their ownership set to root:root. -
-
-iso9660 +darkstar:~# chown -R root:root /tmp/foo/b + -iso9660 is a filesystem specifically designed for optical media such as -CDs and DVDs. Since optical disks are read-only media, the linux kernel -does not even include write support for this filesystem. In order to -create an iso9660 filesystem, you must use user-land tools like -mkisofs(8) or -growisofs(8). +Specifying a colon and a group name without a user name will simply +change the group for a file and leave the user ownership intact. -
-
-vfat +darkstar:~# chown :wheel /tmp/foo/a +darkstar:~# ls -l /tmp/foo +ls -l /tmp/foo +total 0 +-rw-r--r-- 1 root wheel 0 2008-06-06 22:29 a +-rw-r--r-- 1 root root 0 2008-06-06 22:29 b + + -Sometimes you may need to share data between Windows and Linux -computers, but can't transfer the files over a network. Instead you -require a shared hard drive partition or a USB flash drive. The humble -vfat filesystem is the best choice here since it is supported by the -largest variety of operating systems. Unfortuantely, being a Microsoft -designed filesystem, it does not store permissions in the same way as -traditional Linux filesystems. This means that special options must be -used to allow multiple users to access data on this filesystem. +The younger brother of chown is the +slightly less useful chgrp(1). This +command works just like chown, except +it can only change the group +ownership of a file. Since chown can +already do this, why bother with +chgrp? The answer is simple. Many other +operating systems use a +different version of chown that cannot +change the group ownership, so +if you ever come across one of those, now you know how. -
-
-swap -Unlike other filesystems which hold files and directories, swap -partitions hold virtual memory. This is very useful as it prevents the -system from crashing should all your RAM be consumed. Instead, the -kernel copies portions of the RAM into swap and frees them up for other -applications to use. Think of it as adding virtual memory to your -computer, very slow virtual memory. swap is typically a fail-safe and -shouldn't be relied upon for continual use. Add more RAM to your system -if you find yourself using lots of swap. +There's a reason we discussed changing ownership before changing +permissions. The first is a much easier concept to grasp. The tool for +changing permissions on a file or directory is +chmod(1). The syntax for it +is nearly identical to that for chown, but +rather than +specify a user or group, the administrator must specify either a set of +octal permissions or a set of alphabetic permissions. Neither one is +especially easy to grasp the first time. We'll begin with the less +complicated octal permissions. -
-
+ +Octal permissions derive their name from being assigned by one of eight +digits, namely the numbers 0 through 7. Each permissions is assigned a +number that is a power of 2, and those numbers are added together to +get the final permissions for one of the permission sets. If this +sounds confusing, maybe this table will help. + -
-Using <application>mount</application> + +Octal Permissions + + + + Permission + Meaning + + + + + Read + 4 + + + Write + 2 + + + Execute + 1 + + + +
-Now that we've learned what (some of) the different filesystems -available in Linux are, it's time we looked at how to use them. In -order to read or write data on a filesystem, that filesystem must first -be mounted. To do this, we (naturally) use -mount(8). The first thing we must do is -decide where we want the filesystem located. Recall that there are no -such things are drive letters denoting filesystems in Linux. Instead, -all filesystems are mounted on directories. The base filesystem on -which you install Slackware is always located at / -and others are always located in subdirectories of -/. /mnt/hd is a common place -to temporarily locate a partition, so we'll use that in our first -example. In order to mount a filesystem's contents, we must tell mount -what kind of filesystem we have, where to mount it, and any special -options to use. +By adding these values together, we can reach any number between 0 and +7 and specify all possible permission combinations. For example, to +grant both read and write privilages while denying execute, we would +use the number 6. The number 3 would grant write and execute +permissions, but deny the ability to read the file. We must specify a +number for each of the three sets when using octal permissions. It's +not possible to specify only a set of user or group permissions this +way for example. -darkstar:~# mount -t ext3 /dev/hda3 /mnt/hd -o ro +darkstar:~# ls -l /tmp/foo/a +-rw-r--r-- 1 root root 0 2008-06-06 22:29 a +darkstar:~# chmod 750 /tmp/foo/a +darkstar:~# ls -l /tmp/foo/a +-rwxr-x--- 1 root root 0 2008-06-06 22:29 a -Let's disect this. We have an ext3 filesystem located on the third -partition of the first IDE device, and we've decided to mount its -contents on the directory /mnt/hd. Additionally, -we have mounted it read-only so no changes can be made to these -contents. The -t ext3 argument tells -mount -what type of filesystem we are using, -in this case it is ext3. This lets the kernel know which driver to use. -Often mount can determine this for itself, -but it never hurts to explicitly declare it. Second, we tell -mount -where to locate the filesystem's contents. Here we've chosen -/mnt/hd. -Finally, we must decide what options to use if any. These are declared -with the -o argument. A short-list of the most common -options follows. +chmod can also use letter values along with ++ or - to grant or deny permissions. +While this may be easier to +remember, it's often easier to use the octal permissions. -Common mount options +Alphabetic Permissions - Option - Description + + Permission + Letter Value + - ro - read-only + Read + r - rw - read-write (default) + Write + w - uid - user to own the contents of the filesystem + Execute + x + + +
+ + +Alphabetic Users and Groups + + - gid - group to own the contents of the filesystem + Accounts Affected + Letter Value + + - noexec - prevent execution of any files on the filesystem + User/Owner + u - defaults - sane defaults for most filesystems + Group + g + + + Others/World + o
-If this is your first Linux installation, the only options you -typically need to be concerned about are ro and -rw. The exception to this rule comes when you are dealing -with filesystems that don't handle traditional Linux permissions such -as vfat or NTFS. In those cases you'll need to use the uid -or gid options to allow non-root users access to these -filesystems. - - -darkstar:~# mount -t vfat /dev/hda4 /mnt/hd -o uid=alan - - - -But Alan, that's appalling! I don't want to have to tell mount what -filesystem or options to use everytime I load a CD. It should be easier -than that. Well thankfully, it is. The /etc/fstab -file contains all this information for filesystems that the installer -sets up for you, and you can make additions to it as well. -fstab(5) looks like a simple table containing the -device to mount along with its filesystem type and optional arguments. -Let's take a look. +To use the letter values with chmod, you +must specify which set to use them with, either "u" for user, "g" for +group, and "o" for all others. You must also specify whether you are +adding or removing permissions with the "+" and "-" signs. Multiple +sets can be changed at once by seperating each with a comma. -darkstar:~# cat /etc/fstab -/dev/hda1 / reiserfs defaults 1 1 -/dev/hda2 /home reiserfs defaults 1 2 -/dev/hda3 swap swap defaults 0 0 -/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0 -/dev/fd0 /mnt/floppy auto noauto,owner 0 0 -devpts /dev/pts devpts gid=5,mode=620 0 0 -proc /proc proc defaults 0 0 +darkstar:/tmp/foo# ls -l +total 0 +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 a +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 b +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 c +-rw-r--r-- 1 alan users 0 2008-06-06 23:37 d +darkstar:/tmp/foo# chmod u+x a +darkstar:/tmp/foo# chmod g+w b +darkstar:/tmp/foo# chmod u+x,g+x,o-r c +darkstar:/tmp/foo# chmod u+rx-w,g+r,o-r d +darkstar:/tmp/foo# ls -l +-rwxr--r-- 1 alan users 0 2008-06-06 23:37 a* +-rw-rw-r-- 1 alan users 0 2008-06-06 23:37 b +-rwxr-x--- 1 alan users 0 2008-06-06 23:37 c* +-r-xr----- 1 alan users 0 2008-06-06 23:37 d* -If you have an entry in fstab for your filesystem, you -need only tell mount the device node or the mount location. - - -darkstar:~# mount /dev/cdrom -darkstar:~# mount /home - - - -One final use for -mount -is to tell you what filesystems are currently mounted and with what -options. Simply run -mount -without any arguments to display these. +Which you prefer to use is entirely up to you. There are places where +one is better than the other, so a real Slacker will know both inside +out.
-Network Filesystems +SUID, SGID, and the "Sticky" Bit -In addition to local filesystems, Slackware supports a number of network -filesystems as both client and server. This allows you to share data -between multiple computers transparently. We'll discuss the two most -common: NFS and SMB. +We're not quite done with permissions just yet. There are three other +"special" permissions in addition to those mentioned above. They are +SUID, SGID, and the sticky bit. When a file has one or more of these +permissions set, it behaves in special ways. The SUID and SGID +permissions change the way an application is run, while the sticky bit +restricts deletion of files. These permissions are applied with +chmod +like read, write, and execute, but with a twist. -
-NFS - -NFS is the Network File System for Linux as well as several other common -operating systems. It has modest performance but supports the full range of -permissions for Slackware. In order to use NFS as either a client or a -server, you must run the remote procedure call daemon. This is easily -accomplished by setting the /etc/rc.d/rc.rpc file -executable and telling it to start. Once it has been set executable, it -will run automatically every time you boot into Slackware. +SUID and SGID stand for "Set User ID" and "Set Group ID" respectively. +When an application with one of these bits is set, the application runs +with the user or group ownership permissions of that application +regardless of what user actually +executed it. Let's take a look at a common SUID application, the humble +passwd and the files it modifies. -darkstar:~# chmod +x /etc/rc.d/rc.rpc -darkstar:~# /etc/rc.d/rc.rpc start +darkstar:~# ls -l /usr/bin/passwd \ + /etc/passwd \ + /etc/shadow +-rw-r--r-- 1 root root 1106 2008-06-03 22:23 /etc/passwd +-rw-r----- 1 root shadow 627 2008-06-03 22:22 /etc/shadow +-rws--x--x 1 root root 34844 2008-03-24 16:11 /usr/bin/passwd* -Mounting an NFS share is little different than mounting a local filesystem. -Rather than specifying a local device, you must tell mount the domain name -or IP address of the NFS server and the directory to mount with a colon -between them. +Notice the permissions on passwd. Instead of +an x in the user's execute slot, we have an +s. This tells us that +passwd is a SUID program, and when we run +it, the process will run as the user "root" rather than as the user +that actually executed it. The reason for this is readily apparent as +soon as you look at the two files it modifies. Neither +/etc/passwd nor /etc/shadow +are writeable by anyone other than root. Since users need to change +their personal information, passwd must be +run as root in order to modify those files. -darkstar:~# mount -t nfs darkstar.example.com:/home /home - - -Running an NFS server is a little bit different. First, you must configure -each directory to be exported in the /etc/exports -file. exports(5) contains information about what -directories will be shared, who they will be shared with, and what special -permissions to grant or deny. +So what about the sticky bit? The sticky bit restricts the ability to +move or delete files and is only ever set on directories. Non-root +users cannot move or delete any files under a directory with the sticky +bit set unless they are the owner of that file. Normally anyone with +write permission to the file can do this, but the sticky bit prevents +it for anyone but the owner (and of course, root). Let's take a look at +a common "sticky" directory. - -# See exports(5) for a description. -# This file contains a list of all directories exported to other computers. -# It is used by rpc.nfsd and rpc.mountd. - -/home/backup 192.168.1.0/24(sync,rw,no_root_squash) +darkstar:~# ls -ld /tmp +drwxrwxrwt 1 root root 34844 2008-03-24 16:11 /tmp -The first column in -exports -is a list of the files to be exported via NFS. The second column is a list -of what systems may access the export along with special permissions. You -can specify hosts via domain name, IP address, or netblock address (as I -have here). Special permissions are always a parenthetical list. For a -complete list, you'll need to read the man page. For now, the only special -option that matters is no_root_squash. Usually the root user on -an NFS client cannot read or write an exported share. Instead, the root -user is "squashed" and forced to act as the nobody user. -no_root_squash prevents this. +Naturally, being a directory for the storage of temporary files sytem +wide, /tmp needs to be readable, writeable, and +executable by anyone and everyone. Since any user is likely to have a +file or two stored here at any time, it only makes good sense to +prevent other users from deleting those files, so the sticky bit has +been set. You can see it by the presence of the t in +place of the x in the world permissions section. - -You'll also need to run the NFS daemon. Starting and stopping NFS server -support is done with the /etc/rc.d/rc.nfsd rc script. -Set it executable and run it just like we did for -rc.rpc and you are ready to go. - - -
- -
-SMB - - -SMB is the Windows network file-sharing protocol. Connecting to SMB shares -(commonly called samba shares) is fairly straight forward. Unfortuantely, -SMB isn't as strongly supported as NFS. Still, it offers higher performance -and connectivity with Windows computers. For these reasons, SMB is the most -common network file-sharing protocol deployed on local networks. Exporting -SMB shares from Slackware is done through the samba daemon and configured -in smb.conf(5). Unfortunately configuring samba as a -service is beyond the scope of this book. Check online for additional -documentation, and as always refer to the man page. - + +SUID, SGID, and "Sticky" Permissions + + + + Permission Type + Octal Value + Letter Value + + + + + SUID + 4 + s + + + SGID + 2 + s + + + Sticky + 1 + t + + + +
-Thankfully mounting an SMB share is easy and works almost exactly like -mounting an NFS share. You must tell mount where to find the server and -what share you wish to access in exactly the same way. Additionally, you -must specify a username and password. +When using octal permissions, you must specify an additional leading +octal value. For example, to recreate the permission on +/tmp, we would use 1777. To recreate those +permissions on /usr/bin/passwd, we would use 4711. +Essentially, any time this leading fourth octet isn't specified, +chmod assumes its value to be 0. -darkstar:~# mount -t cifs //darkstar/home /home -o username=alan,password=secret +darkstar:~# chmod 1777 /tmp +darkstar:~# chmod 4711 /usr/bin/passwd -You may be wondering why the filesystem type is cifs instead of smbfs. In -older versions of the Linux kernel, smbfs was used. This has been -deprecated in favor of the better performing and more secure general -purpose cifs driver. - - - -All SMB shares require the username and password -arguments. This can create a security problem if you wish to place your -samba share in fstab. You may avoid this problem by using the -credentials argument. credentials points to a file -which contains the username and password information. As long as this file -is safely guarded and readable only by root, the likelyhood that your -authentication credentials will be compromised is lessened. +Using the alphabetic permission values is slightly different. Assuming +the two files above have permissions of 0000 (no permissions at all), +here is how we would set them. -darkstar:~# echo "username=alan" > /etc/creds-home -darkstar:~# echo "password=secret" >> /etc/creds-home -darkstar:~# mount -t cifs //darkstar/home -o credentials=/etc/creds-home +darkstar:~# chmod ug+rwx,o+rwt /tmp +darkstar:~# chmod u+rws,go+x /usr/bin/passwd -
- - - - - - - diff --git a/chapter_11.xml b/chapter_11.xml index 7a507f0..a721dfa 100644 --- a/chapter_11.xml +++ b/chapter_11.xml @@ -3,331 +3,498 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -<application>vi</application> +Working with Filesystems
-What is <application>vi</application>? +The Filesystem Hierarchy -Scattered all around your computer are thousands of text files. To a -new user, this may seem inconsequential, but almost everything in -Slackware Linux uses a plain-text file for configuration. This allows -users to make changes to the system quickly, easily, and intuitively. -In chapter 5, we looked at a few commands such as -cat and less that -can be used to read these files, but what if we want to make changes to -them? For that, we need a text editor, and -vi is up to the task. +Slackware Linux stores all of its files and directories under a single +/ directory, typically referred to as "root". This +is in stark contract to what you may be familiar with in the form of +Microsoft Windows. Different hard disk partitions, cdroms, usb flash +drives, and even floppy disks can all be mounted in directories under +/, but do not have anything like "drive letters". +The contents of these devices can be found almost anywhere, but there +are some sane defaults that Slackware sets up for you. For example, +cd-rw drives are most often found at /mnt/cd-rw. +Here are a few common directories present on nearly all Slackware Linux +installations, and what you can expect to find there. - -In short, vi is one of the oldest and most -powerful text editors still used today. It's beloved by system -administrators, programmers, hobbiests, and others the world over. In -fact, nearly this entire book was written using -vi; only the next chapter on -emacs was written with that editor. - + +Filesystem Layout + + + Directory + Explaination + + + + / + The root directory, under which all others exist + + + /bin + Minimal set of binary programs for all users + + + /boot + The kernel, initrd, and other requirements for booting Slackware + + + /etc/ + System configuration files + + + /dev + Collection of special files allowing direct access to hardware + + + /home + User directories where personal files and settings are stored + + + /media + Directory for auto-mounting features in DBUS/HAL + + + /mnt + Places to temporarily mount removable media + + + /opt + Directory where some (typicaly proprietary) software may be installed + + + /proc + Kernel exported filesystem for process information + + + /root + The root user's home directory + + + /sbin + Minimal set of system or superuser binaries + + + /srv + Site-specific data such as web pages served by this system + + + /sys + Special kernel implimentation details + + + /tmp + Directory reserved for temporary files for all users + + + /usr + All non-essential programs, libraries, and shared files + + + /var + Regularly changing data such as log files + + + +
+ +
+ +
+Local Filesystem Types -A little further explanation is needed to learn exactly what -vi is today though, as Slackware Linux -technically doesn't include vi. Rather, -Slackware includes two vi "clones", elvis(1) -and vim(1). These clones add many additional -features to vi such as syntax highlighting, binary editing modes, and -network support. We won't go too deeply into all these details. By -default, if you execute vi on Slackware -Linux, you'll be using elvis, so all -examples in this chapter will assume that is what you are using. If -you've used another Linux distribution before, you may be more familiar -with vim. If so, you might wish to change -the symlink for /usr/bin/vi to point to -/usr/bin/vim, or add an alias to your shell's -startup scripts. vim is generally considered -to be more feature-rich than elvis, but -elvis is a much smaller program and contains -more features than most users will ever need. +The Linux kernel supports a wide variety of filesystems, which allows +you to choose from a long list of features to tailor to your particular +need. Fortunately, most of the default filesystem types are adequate +for any needs you may have. Some filesystems are geared towards +particular media. For example, the iso9660 filesystem is used almost +exclusively for CD and DVD media. +
+ext2 + -vi is very powerful, but also somewhat -cumbersome and challening for a new user to learn. However, mastering -vi is an important skill for any -self-respecting system administrator to learn, as -vi is included on nearly every Linux -distribution, every BSD system, and every UNIX system in existance. -It's even included in Mac OS X. -Once you've learned vi, you'll not have to -learn another text editor to work on any of these systems. In fact, -vi clones have even been ported to Microsoft Windows -systems, so you can use it there too. +ext2 is the oldest filesystem included in Slackware Linux for storing +data on hard disks. Compared to other filesystems, ext2 is simplistic. +It is faster than most others for reading and writing data, but does +not include any journaling capability. This means that after a hard +crash, the filesystem must be exhaustively checked to discover and +(hopefully) fix any errors.
-The Different Modes of <application>vi</application> - +ext3 -New users are often frustrated when using vi -for the first time. When invoked without any arguments, -vi will display a screen something like -this. +ext3 is the younger cousin of ext2. It was designed to replace ext2 in +most situations and shares much the same code-base, but adds journaling +support. In fact, ext3 and ext2 are so much alike that it is possible +to convert one to the other on the fly without lose of data. ext3 +enjoys a lot of popularity for these reasons. There are many tools +available for recovering data from this filesystem in the event of +catastrophic hardware failure as well. ext3 is a good general purpose +filesystem with journaling support, but fails to perform as well as +other journaling filesystems in specific cases. One pitfall to ext3 is +that the filesystem must still go through this exhaustive check every +so often. This is done when the filesystem is mounted, usually when the +computer is booted, and causes an annoying delay. +
- -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ - Command - - +
+reiserfs -At this point, the user will being typing and expect the keys he -presses to appear in the document. Instead, something really strange -happens. The reason for this is simple. vi -has different operation "modes". There is a command mode and an insert -mode. Command mode is the default; in this mode, each keystroke -performs a particular action such as moving the cursor around, deleting -text, yanking (copying) text, searching, etc. +reiserfs is one of the oldest journaling filesystems for the Linux +kernel and has been supported by Slackware for many years. It is a very +fast filesystem particularly well suited for storing, retrieving, and +writing lots of small files. Unfortunately there are few tools for +recovering data should you experience a drive failure, and reiserfs +partitions experience corruption more often than ext3. +
+
+XFS + +XFS was contributed to the Linux kernel by SGI and is one of the best +filesystems for working with large volumes and large files. XFS uses +more RAM than other filesystems, but if you need to work with large +files its performance there is well worth the penalty in memory usage. +XFS is not particularly ill-suited for desktop or laptop use, but +really shines on a server that handles medium to large size files all +day long. Like ext3, XFS is a fully journaled filesystem. + +
+
+JFS + +JFS was contributed to the Linux kernel by IBM and is well known for +its responsiveness even under extreme conditions. It can span colossal +volumes making it particularly well-suited for Network Attached Storage +(NAS) devices. JFS's long history and thorough testing make it one of +the most reliable journaling filesystems available for Linux. +
-Opening, Saving, and Quitting +iso9660 + +iso9660 is a filesystem specifically designed for optical media such as +CDs and DVDs. Since optical disks are read-only media, the linux kernel +does not even include write support for this filesystem. In order to +create an iso9660 filesystem, you must use user-land tools like +mkisofs(8) or +growisofs(8). + +
+
+vfat -Ok, so you've decided that you want to learn how to use -vi. The first thing to do is learn how to -open and save files. Opening files is actually pretty easy. Simply type -the filename as an argument on the command-line and -vi will happily load it for you. For -example, vi chapter_11.xml will open the file -chapter_11.xml and load its content onto the -screen, simple enough. But what if we've finished with one document and -wish to save it? We can do that in command mode using the :w -command. When in command mode, pressing the : key -temporarily positions the cursor on the very bottom line of the window -and allows you to enter special commands. (This is technically known as -ex-mode after the venerable ex application -which we will not document here.) The command to save your current work -is :w. Once this is done, vi will -write your changes to the buffer back into the file. If you wish to -open another document, simply use the :e other_document -command and vi will happily open it for you. -If you've made changes to the buffer but haven't saved it yet, -:e will fail and print a warning message on the bottom line. -You can bypass this with the :e! command. Most ex-mode -commands in vi can be "forced" by adding -! to them. This tells vi -that you want to abandon any changes you've made to the buffer and open -the other document immediately. +Sometimes you may need to share data between Windows and Linux +computers, but can't transfer the files over a network. Instead you +require a shared hard drive partition or a USB flash drive. The humble +vfat filesystem is the best choice here since it is supported by the +largest variety of operating systems. Unfortuantely, being a Microsoft +designed filesystem, it does not store permissions in the same way as +traditional Linux filesystems. This means that special options must be +used to allow multiple users to access data on this filesystem. +
+
+swap -But what if I don't like my changes and want to quit or start over? -That's easily done as well. Executing the :e! command -without any arguments will re-open the current document from the -beginning. Quitting vi is as simple as -running the :q command if you haven't made any changes to -the buffer, or :q! if you'd like to quit and abandon those -changes. +Unlike other filesystems which hold files and directories, swap +partitions hold virtual memory. This is very useful as it prevents the +system from crashing should all your RAM be consumed. Instead, the +kernel copies portions of the RAM into swap and frees them up for other +applications to use. Think of it as adding virtual memory to your +computer, very slow virtual memory. swap is typically a fail-safe and +shouldn't be relied upon for continual use. Add more RAM to your system +if you find yourself using lots of swap. +
-Moving Around +Using <application>mount</application> + + +Now that we've learned what (some of) the different filesystems +available in Linux are, it's time we looked at how to use them. In +order to read or write data on a filesystem, that filesystem must first +be mounted. To do this, we (naturally) use +mount(8). The first thing we must do is +decide where we want the filesystem located. Recall that there are no +such things are drive letters denoting filesystems in Linux. Instead, +all filesystems are mounted on directories. The base filesystem on +which you install Slackware is always located at / +and others are always located in subdirectories of +/. /mnt/hd is a common place +to temporarily locate a partition, so we'll use that in our first +example. In order to mount a filesystem's contents, we must tell mount +what kind of filesystem we have, where to mount it, and any special +options to use. + + +darkstar:~# mount -t ext3 /dev/hda3 /mnt/hd -o ro + -Moving around in vi is perhaps the hardest -thing for a new user to learn. vi does not -traditionally use the directional arrow keys for cursor movement, -although in Slackware Linux that is an option. Rather, movement is -simply another command issued in command-mode. The reason for this is -rather simple. vi actually predates the -inclusion of directional arrow keys on keyboards. Thus, -movement of the cursor had to be accomplished by using the few -keys available, so the right-hand "home row" keys of -h, j, k, and -l were chosen. These keys will move the cursor about -whenever vi is in command mode. Here's a -short table to help you remember how they work. +Let's disect this. We have an ext3 filesystem located on the third +partition of the first IDE device, and we've decided to mount its +contents on the directory /mnt/hd. Additionally, +we have mounted it read-only so no changes can be made to these +contents. The -t ext3 argument tells +mount +what type of filesystem we are using, +in this case it is ext3. This lets the kernel know which driver to use. +Often mount can determine this for itself, +but it never hurts to explicitly declare it. Second, we tell +mount +where to locate the filesystem's contents. Here we've chosen +/mnt/hd. +Finally, we must decide what options to use if any. These are declared +with the -o argument. A short-list of the most common +options follows. -vi cursor movement +Common mount options - - Command - Result - + Option + Description - h - Move the cursor one character left. + ro + read-only + + + rw + read-write (default) + + + uid + user to own the contents of the filesystem - j - Move the cursor one line down + gid + group to own the contents of the filesystem - k - Move the cursor one line up + noexec + prevent execution of any files on the filesystem - l - Move the cursor one character right + defaults + sane defaults for most filesystems
-Moving around is a little more powerful than that though. Like many -command keys, these movement keys accept numerical arguments. For -example, 10j will move the cursor down 10 lines. You -can also move to the end or beginning of the current line with -$ and ^, respectively. +If this is your first Linux installation, the only options you +typically need to be concerned about are ro and +rw. The exception to this rule comes when you are dealing +with filesystems that don't handle traditional Linux permissions such +as vfat or NTFS. In those cases you'll need to use the uid +or gid options to allow non-root users access to these +filesystems. + + +darkstar:~# mount -t vfat /dev/hda4 /mnt/hd -o uid=alan + + + +But Alan, that's appalling! I don't want to have to tell mount what +filesystem or options to use everytime I load a CD. It should be easier +than that. Well thankfully, it is. The /etc/fstab +file contains all this information for filesystems that the installer +sets up for you, and you can make additions to it as well. +fstab(5) looks like a simple table containing the +device to mount along with its filesystem type and optional arguments. +Let's take a look. + + +darkstar:~# cat /etc/fstab +/dev/hda1 / reiserfs defaults 1 1 +/dev/hda2 /home reiserfs defaults 1 2 +/dev/hda3 swap swap defaults 0 0 +/dev/cdrom /mnt/cdrom auto noauto,owner,ro,users 0 0 +/dev/fd0 /mnt/floppy auto noauto,owner 0 0 +devpts /dev/pts devpts gid=5,mode=620 0 0 +proc /proc proc defaults 0 0 + + + +If you have an entry in fstab for your filesystem, you +need only tell mount the device node or the mount location. + + +darkstar:~# mount /dev/cdrom +darkstar:~# mount /home + + + +One final use for +mount +is to tell you what filesystems are currently mounted and with what +options. Simply run +mount +without any arguments to display these.
-Editing A Document +Network Filesystems -Now that we're able to open and save documents, as well as move around -in them, it's time to learn how to edit them. The primary means of -editing is to enter insert mode using either the i or -a command keys. These either insert text at the -cursor's current location, or append it after the cursor's current -location. Once into insert mode, you can type any text normally and it -will be placed into your document. You can return to command mode in -order to save your changes by pressing the ESC key. +In addition to local filesystems, Slackware supports a number of network +filesystems as both client and server. This allows you to share data +between multiple computers transparently. We'll discuss the two most +common: NFS and SMB. + + +
+NFS + + +NFS is the Network File System for Linux as well as several other common +operating systems. It has modest performance but supports the full range of +permissions for Slackware. In order to use NFS as either a client or a +server, you must run the remote procedure call daemon. This is easily +accomplished by setting the /etc/rc.d/rc.rpc file +executable and telling it to start. Once it has been set executable, it +will run automatically every time you boot into Slackware. + + +darkstar:~# chmod +x /etc/rc.d/rc.rpc +darkstar:~# /etc/rc.d/rc.rpc start + + + +Mounting an NFS share is little different than mounting a local filesystem. +Rather than specifying a local device, you must tell mount the domain name +or IP address of the NFS server and the directory to mount with a colon +between them. + + +darkstar:~# mount -t nfs darkstar.example.com:/home /home + + + +Running an NFS server is a little bit different. First, you must configure +each directory to be exported in the /etc/exports +file. exports(5) contains information about what +directories will be shared, who they will be shared with, and what special +permissions to grant or deny. + + + +# See exports(5) for a description. +# This file contains a list of all directories exported to other computers. +# It is used by rpc.nfsd and rpc.mountd. + +/home/backup 192.168.1.0/24(sync,rw,no_root_squash) + + + +The first column in +exports +is a list of the files to be exported via NFS. The second column is a list +of what systems may access the export along with special permissions. You +can specify hosts via domain name, IP address, or netblock address (as I +have here). Special permissions are always a parenthetical list. For a +complete list, you'll need to read the man page. For now, the only special +option that matters is no_root_squash. Usually the root user on +an NFS client cannot read or write an exported share. Instead, the root +user is "squashed" and forced to act as the nobody user. +no_root_squash prevents this. + + + +You'll also need to run the NFS daemon. Starting and stopping NFS server +support is done with the /etc/rc.d/rc.nfsd rc script. +Set it executable and run it just like we did for +rc.rpc and you are ready to go.
-<application>vi</application> Cheat Sheet +SMB -Since vi can be difficult to learn, I've -prepared a short cheat sheat that should help you with the basics until -you begin to feel comfortable. +SMB is the Windows network file-sharing protocol. Connecting to SMB shares +(commonly called samba shares) is fairly straight forward. Unfortuantely, +SMB isn't as strongly supported as NFS. Still, it offers higher performance +and connectivity with Windows computers. For these reasons, SMB is the most +common network file-sharing protocol deployed on local networks. Exporting +SMB shares from Slackware is done through the samba daemon and configured +in smb.conf(5). Unfortunately configuring samba as a +service is beyond the scope of this book. Check online for additional +documentation, and as always refer to the man page. - -vi Cheat Sheet - - - - Command - Result - - - - - h - Move the cursor one character left. - - - j - Move the cursor one line down - - - k - Move the cursor one line up - - - l - Move the cursor one character right - - - 10j - Move the cursor ten lines down - - - G - Move to the end of the file - - - ^ - Move to the beginning of the line - - - $ - Move to the end of the line - - - dd - Remove a line - - - 5dd - Remove 5 lines - - - r - Replace a single character - - - R - Replace multiple characters - - - x - Delete a character - - - X - Delete the previous character - - - u - Undo the last action - - - :s'old'new'g - Replace all occurances of 'old' with 'new' - - - /asdf - Locate next occurance of asdf - - - :q - Quit (without saving) - - - :w - Save the current document - - - :w file - Save the current document as 'file' - - - :x - Save and quit - - - -
+ +Thankfully mounting an SMB share is easy and works almost exactly like +mounting an NFS share. You must tell mount where to find the server and +what share you wish to access in exactly the same way. Additionally, you +must specify a username and password. + + +darkstar:~# mount -t cifs //darkstar/home /home -o username=alan,password=secret + + + +You may be wondering why the filesystem type is cifs instead of smbfs. In +older versions of the Linux kernel, smbfs was used. This has been +deprecated in favor of the better performing and more secure general +purpose cifs driver. + + + +All SMB shares require the username and password +arguments. This can create a security problem if you wish to place your +samba share in fstab. You may avoid this problem by using the +credentials argument. credentials points to a file +which contains the username and password information. As long as this file +is safely guarded and readable only by root, the likelyhood that your +authentication credentials will be compromised is lessened. + + +darkstar:~# echo "username=alan" > /etc/creds-home +darkstar:~# echo "password=secret" >> /etc/creds-home +darkstar:~# mount -t cifs //darkstar/home -o credentials=/etc/creds-home + + + + + +
+ + + + + + + + +
diff --git a/chapter_12.xml b/chapter_12.xml index 021bcf8..7a507f0 100644 --- a/chapter_12.xml +++ b/chapter_12.xml @@ -3,10 +3,331 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Emacs +<application>vi</application>
-No Idea +What is <application>vi</application>? + + +Scattered all around your computer are thousands of text files. To a +new user, this may seem inconsequential, but almost everything in +Slackware Linux uses a plain-text file for configuration. This allows +users to make changes to the system quickly, easily, and intuitively. +In chapter 5, we looked at a few commands such as +cat and less that +can be used to read these files, but what if we want to make changes to +them? For that, we need a text editor, and +vi is up to the task. + + + +In short, vi is one of the oldest and most +powerful text editors still used today. It's beloved by system +administrators, programmers, hobbiests, and others the world over. In +fact, nearly this entire book was written using +vi; only the next chapter on +emacs was written with that editor. + + + +A little further explanation is needed to learn exactly what +vi is today though, as Slackware Linux +technically doesn't include vi. Rather, +Slackware includes two vi "clones", elvis(1) +and vim(1). These clones add many additional +features to vi such as syntax highlighting, binary editing modes, and +network support. We won't go too deeply into all these details. By +default, if you execute vi on Slackware +Linux, you'll be using elvis, so all +examples in this chapter will assume that is what you are using. If +you've used another Linux distribution before, you may be more familiar +with vim. If so, you might wish to change +the symlink for /usr/bin/vi to point to +/usr/bin/vim, or add an alias to your shell's +startup scripts. vim is generally considered +to be more feature-rich than elvis, but +elvis is a much smaller program and contains +more features than most users will ever need. + + + +vi is very powerful, but also somewhat +cumbersome and challening for a new user to learn. However, mastering +vi is an important skill for any +self-respecting system administrator to learn, as +vi is included on nearly every Linux +distribution, every BSD system, and every UNIX system in existance. +It's even included in Mac OS X. +Once you've learned vi, you'll not have to +learn another text editor to work on any of these systems. In fact, +vi clones have even been ported to Microsoft Windows +systems, so you can use it there too. + + +
+ +
+The Different Modes of <application>vi</application> + + +New users are often frustrated when using vi +for the first time. When invoked without any arguments, +vi will display a screen something like +this. + + + +~ +~ +~ +~ +~ +~ +~ +~ +~ +~ +~ + Command + + + +At this point, the user will being typing and expect the keys he +presses to appear in the document. Instead, something really strange +happens. The reason for this is simple. vi +has different operation "modes". There is a command mode and an insert +mode. Command mode is the default; in this mode, each keystroke +performs a particular action such as moving the cursor around, deleting +text, yanking (copying) text, searching, etc. + + + +
+ +
+Opening, Saving, and Quitting + + +Ok, so you've decided that you want to learn how to use +vi. The first thing to do is learn how to +open and save files. Opening files is actually pretty easy. Simply type +the filename as an argument on the command-line and +vi will happily load it for you. For +example, vi chapter_11.xml will open the file +chapter_11.xml and load its content onto the +screen, simple enough. But what if we've finished with one document and +wish to save it? We can do that in command mode using the :w +command. When in command mode, pressing the : key +temporarily positions the cursor on the very bottom line of the window +and allows you to enter special commands. (This is technically known as +ex-mode after the venerable ex application +which we will not document here.) The command to save your current work +is :w. Once this is done, vi will +write your changes to the buffer back into the file. If you wish to +open another document, simply use the :e other_document +command and vi will happily open it for you. +If you've made changes to the buffer but haven't saved it yet, +:e will fail and print a warning message on the bottom line. +You can bypass this with the :e! command. Most ex-mode +commands in vi can be "forced" by adding +! to them. This tells vi +that you want to abandon any changes you've made to the buffer and open +the other document immediately. + + + +But what if I don't like my changes and want to quit or start over? +That's easily done as well. Executing the :e! command +without any arguments will re-open the current document from the +beginning. Quitting vi is as simple as +running the :q command if you haven't made any changes to +the buffer, or :q! if you'd like to quit and abandon those +changes. + + +
+ +
+Moving Around + + +Moving around in vi is perhaps the hardest +thing for a new user to learn. vi does not +traditionally use the directional arrow keys for cursor movement, +although in Slackware Linux that is an option. Rather, movement is +simply another command issued in command-mode. The reason for this is +rather simple. vi actually predates the +inclusion of directional arrow keys on keyboards. Thus, +movement of the cursor had to be accomplished by using the few +keys available, so the right-hand "home row" keys of +h, j, k, and +l were chosen. These keys will move the cursor about +whenever vi is in command mode. Here's a +short table to help you remember how they work. + + + +vi cursor movement + + + + Command + Result + + + + + h + Move the cursor one character left. + + + j + Move the cursor one line down + + + k + Move the cursor one line up + + + l + Move the cursor one character right + + + +
+ + +Moving around is a little more powerful than that though. Like many +command keys, these movement keys accept numerical arguments. For +example, 10j will move the cursor down 10 lines. You +can also move to the end or beginning of the current line with +$ and ^, respectively. + + +
+ +
+Editing A Document + + +Now that we're able to open and save documents, as well as move around +in them, it's time to learn how to edit them. The primary means of +editing is to enter insert mode using either the i or +a command keys. These either insert text at the +cursor's current location, or append it after the cursor's current +location. Once into insert mode, you can type any text normally and it +will be placed into your document. You can return to command mode in +order to save your changes by pressing the ESC key. + + +
+ +
+<application>vi</application> Cheat Sheet + + +Since vi can be difficult to learn, I've +prepared a short cheat sheat that should help you with the basics until +you begin to feel comfortable. + + + +vi Cheat Sheet + + + + Command + Result + + + + + h + Move the cursor one character left. + + + j + Move the cursor one line down + + + k + Move the cursor one line up + + + l + Move the cursor one character right + + + 10j + Move the cursor ten lines down + + + G + Move to the end of the file + + + ^ + Move to the beginning of the line + + + $ + Move to the end of the line + + + dd + Remove a line + + + 5dd + Remove 5 lines + + + r + Replace a single character + + + R + Replace multiple characters + + + x + Delete a character + + + X + Delete the previous character + + + u + Undo the last action + + + :s'old'new'g + Replace all occurances of 'old' with 'new' + + + /asdf + Locate next occurance of asdf + + + :q + Quit (without saving) + + + :w + Save the current document + + + :w file + Save the current document as 'file' + + + :x + Save and quit + + + +
diff --git a/chapter_13.xml b/chapter_13.xml index 23eae86..021bcf8 100644 --- a/chapter_13.xml +++ b/chapter_13.xml @@ -3,400 +3,10 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Networking +Emacs
-<application>netconfig</application> - - -Computers aren't very interesting on their own. Sure, you can install -games on them, but that just turns them into glorified entertainment -consoles. Today, computers need to be able to talk to one another; they -need to be networked. Whether you're installing a business network with -hundreds or thousands of computers or just setting up a single PC for -Internet access, Slackware is simple and easy. This chapter should -teach you how to setup typical wired networks. Common wireless setup will -be thoroughly discussed in the next section, but much of what you read -here will be applicable there as well. - - - -There are many different ways to configure your computer to connect to -a network or the Internet, but they fall into two main categories: -static and dymanic. Static addresses are solid; they are set with the -understanding that they will not be changed, at least not anytime soon. -Dynamic addresses are fluid; the assumption is that the address will -change at some time in the future. Typically any sort of network server -requires a static address simply so other machines will know where to -contact it when they need services. Dynamic addresses tend to be used -for workstations, Internet clients, and any machine that doesn't -require a static address for any reason. Dynamic addresses are more -flexible, but present complications of their own. - - - -There are many different kinds of network protocols that you might -encounter, but most people will only ever need to deal with Internet -Protocol (IP). For that reason, we'll focus exclusively on IP in this -book. - - -
- -
-Manual Configuration - - -Ok, so you've installed Slackware, you've setup a desktop, but you -can't get it to connect to the Internet or your business's LAN (local -area network), what do you do? Fortunately, the answer to that question -is simple. Slackware includes a number of tools to configure your -network connection. The first we will look at today is the very -powerful ifconfig(8). -ifconfig is used to setup or modify the -configuration of a Network Interface Card (NIC or Ethernet Card), the -most common hardware for connecting to networks today. -ifconfig is an incredibly powerful tool -capable of doing much more than setting IP addresses. For a complete -introduction, you should read its man page. For now, we're just going -to use it to display and change the network addresses of some ethernet -controllers. - - -darkstar:~# ifconfig -lo Link encap:Local Loopback - inet addr:127.0.0.1 Mask:255.0.0.0 - inet6 addr: ::1/128 Scope:Host - UP LOOPBACK RUNNING MTU:16436 Metric:1 - RX packets:699 errors:0 dropped:0 overruns:0 frame:0 - TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) - -wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c - inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 - inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 - TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) - -wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) - - - - -As you can clearly see here, when run without any arguments, -ifconfig will display all the information it -has on all the ethernet cards (and wireless ethernet cards) present on -your system. The above represents a typical wireless connection from my -laptop, so don't be afraid if what you see on your system doesn't -match. If you don't see any ethX or wlanX interfaces though, the -interface may be down. To show all currently present NICs whether they are -"up" or "down", simply pass the -a argument. - - -darkstar:~# ifconfig -a -eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 - UP BROADCAST MULTICAST MTU:1500 Metric:1 - RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 - TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) - Interrupt:16 - -lo Link encap:Local Loopback - inet addr:127.0.0.1 Mask:255.0.0.0 - inet6 addr: ::1/128 Scope:Host - UP LOOPBACK RUNNING MTU:16436 Metric:1 - RX packets:699 errors:0 dropped:0 overruns:0 frame:0 - TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) - -wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c - inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 - inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 - TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) - -wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) - - -Notice that the eth0 interface is now listed among the returns. -ifconfig can also change the current -settings on a NIC. Typically, you would need to change the IP address -and subnet mask, but you can change virtually any parameters. - - -darkstar:~# ifconfig eth0 192.168.1.1 netmask 255.255.255.0 -darkstar:~# ifconfig eth0 -eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 - inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 - UP BROADCAST MULTICAST MTU:1500 Metric:1 - RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 - TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) - Interrupt:16 - - - -If you look carefully, you'll notice that the interface now has the -192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup -the basics for connecting to our network, but we still need to setup a -default gateway and our DNS servers. In order to do that, we'll need to -look at a few more tools. - - - -Next on our stop through networking land is the equally powerful -route(8). This tool is responsible for -modifying the Linux kernel's routing table which affects all data -transmission on a network. Routing tables can become immensely complex -or they can be straight-forward and simple. Most users will only ever -need to setup a default gateway, so we'll show you how to do that here. -If for some reason you need a more complex routing table, you would be -well advised to read the entire man page for -route as well as consulting other sources. -For now, let's take a look at our routing table immediately after -setting up eth0. - - -darkstar:~# route -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 -loopback * 255.0.0.0 U 0 0 0 lo - - - -I won't explain everything here, but the general information should be -easy to pick up if you're familiar with networking at all. The -Destination and Genmask fields specify a range of IP addresses to -match. If a Gateway is defined, information in the form of packets will -be sent to that host for forwarding. We also specify an interface in -the final field that the information should traverse. Right now, we can -only communicate with computers with addresses between 192.168.1.0 and -192.168.1.255 and ourselves through the loopback interface, a type of -virtual NIC that is used for routing information from this computer to -itself. In order to reach the rest of the world, we'll need to -setup a default gateway. - - -darkstar:~# route add default gw 192.168.1.254 -darkstar:~# route -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 -loopback * 255.0.0.0 U 0 0 0 lo -default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 - - - -You should immediately notice the addition of a default route. This -specifies what router should be used to reach any addresses that aren't -specified elsewhere in our routing table. Now, when we try to connect -to say, 64.57.102.34, the information will be sent to 192.168.1.254 -which is responsible for delivering the data for us. Unfortunately, -we're still not quite through. We need some way of converting domain -names like slackware.com into IP addresses that the computer can use. -For that, we need to make use of a DNS server. - - - -Fortunately, setting up your computer to use an external (or even an -internal) DNS server is very easy. You'll need to use your favorite -text editor and open the /etc/resolv.conf file. -Don't ask me what happened to the e. On my computer, -resolv.conf looks like this. - - - -# /etc/resolv.conf -search lizella.net -nameserver 192.168.1.254 - - - -Most users won't need the "search" line. This is used to map hostnames -to domain names. Basically, if I attempt to connect to "barnowl", the -computer knows to look for "barnowl.lizella.net" thanks to this search -line. We're mainly interested in the "nameserver" line. This tells -Slackware what domain name servers (DNS) to connect to. Generally -speaking, these should always be specified by IP address. If you know -what DNS servers you should use, you can just add them one at a time to -individual nameserver lines. In fact, I don't know of any practical -limit to the number of nameservers that can be specified in -resolv.conf, so add as many as you like. Once this -is done, you should be able to communicate with other hosts via their -fully qualified domain name. - - - -But Alan! That's a lot of hard work! I don't want to do this time and -again for dozens or even hundreds of machines. You're absolutely right, -and that's why smarter people than you and me created DHCP. DHCP -stands for Dynamic Host Control Protocol and is a method for -automatically configuring computers with unique IP addresses, netmasks, -gateways, and DNS servers. Most of the time, you'll want to use DHCP. -The majority of wireless routers, DSL or cable modems, even firewalls -all have DHCP servers to can make your life much easier. Slackware -includes two main tools for connecting to an exising DHCP server and -can even act as a DHCP server for other computers. For now though, -we're just going to look at DHCP clients. - - - -First on our list is dhcpcd(8), part of the -ISC DHCP utilities. Assuming your computer is physically connected to -your network, and that you have an operating DHCP server on that -network, you can configure your NIC in one shot. - - -darkstar:~# dhcpcd eth0 - - - -If everything went according to plan, your NIC should be properly -configured, and you should be able to communicate with other computers -on your network, and with the Internet at large. If for some reason, -dhcpcd fails, you may want to try -dhclient(8). -dhclient is an alternative to -dhcpcd and works in basically the same way. - - -darkstar:~# dhclient eth0 -Listening on LPF/eth0/00:1c:b3:ba:ad:4c -Sending on LPF/eth0/00:1c:b3:ba:ad:4c -Sending on Socket/fallback -DHCPREQUEST on eth0 to 255.255.255.255 port 67 -DHCPACK from 192.168.1.254 -bound to 192.168.1.198 -- renewal in 8547 seconds. - - - -So why does Slackware include two DHCP clients? Sometimes a particular -DHCP server may be broken and not respond well to either -dhcpcd or -dhclient. In those cases, you can fall back -to the other DHCP client in hopes of getting a valid response from the -server. Traditionally, Slackware uses -dhcpcd, and this works in the vast majority -of cases, but it may become necessary at some point for you to use -dhclient instead. Both are excellent DHCP -clients, so use whichever you prefer. - - -
- -
-Automatic Configuration with rc.inet1.conf - - -Manually configuring interfaces is an important skill to have, but it -can become tedious. No one wants to manually setup their Internet -connection every time the system boots. More importantly, you may not -always have physical access to the machine when it boots. Slackware -makes it easy to automatically configure ethernet (and wireless) cards -at system startup with /etc/rc.d/rc.inet1.conf. -For now, we're going to focus on traditional wired ethernet networking; -the next chapter will discuss various wireless options. - - - -rc.inet1.conf is an incredibly powerful -configuration file, capable of configuring most of your network cards -automatically when Slackware is started. The file is filled with useful -comments, but there is also a man page that more thoroughly discusses -its use. To begin, we're going to look at some of the options used on -one of my personal machines. - - - -# Config information for eth0: -IPADDR[0]="192.168.1.250" -NETMASK[0]="255.255.255.0" -USE_DHCP[0]="" -DHCP_HOSTNAME[0]="" -# Some lines ommitted. -GATEWAY="192.168.1.254" - - - -This represents most of the information necessary to configure a static -IP address on a single ethernet controller. -netconfig will usually fill in these values -for a single ethernet device for you. If you have multiple network -cards in your machine and need all of them activated automatically at -boot time, then you'll need to edit or add additional entries into this -file in the same manner as above. First, let me go over some of the -basics. - - - -As you may have already guessed, IPADDR[n] is the Internet Protocol -Address for the "n" network interface card. Typically, "n" corrosponds -to eth0, eth1, and so on, but this isn't always the case. You can -specify these values to pertain to a different network controller with -the INFAME[n] variable, but we will reserve that for the next chapter -on wireless networking, as it more commonly pertains to wireless -network controllers. Likewise, NETMASK[n] is the subnet mask to use -for the network controller. If these lines are left empty, then static -IP addresses will not be automatically assigned to this network -controller. The USE_DHCP[n] variable tells Slackware to (naturally) -use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used, -but some DHCP servers may require it. In that case, it must be set to -a valid hostname. Finally, we come to the GATEWAY variable. It is -actually set lower in the file than it appears in my example, and it -controls the default gateway to use. You may be wondering why there is -no GATEWAY[n] variable. The answer to that lies in how Internet -Protocol works. I won't go into an indepth discussion on that subject, -but suffice it to say that there is only ever one default route that a -computer can use no matter how many interfaces are attached to it. - - - -If you need to use static IP addressing, you will have to obtain a -unique static IP address and the subnet mask for the interface, as well -as the default gateway address, and enter those here. There is no place -to enter DNS information in rc.inet1.conf, so DNS -servers will have to be manually placed into -resolv.conf as we discussed above. Of course, if -you use netconfig, this will be handled for -you by that program. Now let's take a look at another interface on my -computer. - - - -# Config information for eth1: -IPADDR[1]="" -NETMASK[1]="" -USE_DHCP[1]="yes" -DHCP_HOSTNAME[1]="" - - - -Here I am telling Slackware to configure eth1 using DHCP. I do not need -to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact, -if they are set, they will be ignored). Slackware will happily contact -a DHCP server as soon as the machine begins to boot. - +No Idea
diff --git a/chapter_14.xml b/chapter_14.xml index c3b6d8a..23eae86 100644 --- a/chapter_14.xml +++ b/chapter_14.xml @@ -3,331 +3,399 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Wireless Networking +Networking
-<application>iwconfig</application> +<application>netconfig</application> -Wireless networking is somewhat more complicated than traditional wired -networking, and requires additional tools for setup. Slackware includes -a diverse collection of wireless networking tools to allow you to -configure your wireless network interface card (WNIC) at the most basic -level. We won't cover everything here, but should give you a solid -foundation to get up and running quickly. The first tool we are going -to look at is iwconfig(8). When run without -any argument, iwconfig displays the current -wireless information on any and all NICs on your computer. +Computers aren't very interesting on their own. Sure, you can install +games on them, but that just turns them into glorified entertainment +consoles. Today, computers need to be able to talk to one another; they +need to be networked. Whether you're installing a business network with +hundreds or thousands of computers or just setting up a single PC for +Internet access, Slackware is simple and easy. This chapter should +teach you how to setup typical wired networks. Common wireless setup will +be thoroughly discussed in the next section, but much of what you read +here will be applicable there as well. + +There are many different ways to configure your computer to connect to +a network or the Internet, but they fall into two main categories: +static and dymanic. Static addresses are solid; they are set with the +understanding that they will not be changed, at least not anytime soon. +Dynamic addresses are fluid; the assumption is that the address will +change at some time in the future. Typically any sort of network server +requires a static address simply so other machines will know where to +contact it when they need services. Dynamic addresses tend to be used +for workstations, Internet clients, and any machine that doesn't +require a static address for any reason. Dynamic addresses are more +flexible, but present complications of their own. + -darkstar:~# iwconfig -lo no wireless extensions. + +There are many different kinds of network protocols that you might +encounter, but most people will only ever need to deal with Internet +Protocol (IP). For that reason, we'll focus exclusively on IP in this +book. + -eth0 no wireless extensions. +
-wmaster0 no wireless extensions. +
+Manual Configuration -wlan0 IEEE 802.11abgn ESSID:"nest" - Mode:Managed Frequency:2.432 GHz Access Point: -00:13:10:EA:4E:BD - Bit Rate=54 Mb/s Tx-Power=17 dBm - Retry min limit:7 RTS thr:off Fragment thr=2352 B - Encryption key:off - Power Management:off - Link Quality=100/100 Signal level:-42 dBm - Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 - Tx excessive retries:0 Invalid misc:0 Missed beacon:0 + +Ok, so you've installed Slackware, you've setup a desktop, but you +can't get it to connect to the Internet or your business's LAN (local +area network), what do you do? Fortunately, the answer to that question +is simple. Slackware includes a number of tools to configure your +network connection. The first we will look at today is the very +powerful ifconfig(8). +ifconfig is used to setup or modify the +configuration of a Network Interface Card (NIC or Ethernet Card), the +most common hardware for connecting to networks today. +ifconfig is an incredibly powerful tool +capable of doing much more than setting IP addresses. For a complete +introduction, you should read its man page. For now, we're just going +to use it to display and change the network addresses of some ethernet +controllers. + -tun0 no wireless extensions. +darkstar:~# ifconfig +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:699 errors:0 dropped:0 overruns:0 frame:0 + TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) + +wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c + inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 + inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 + TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) + +wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + -Unlike wired networks, wireless networks are "fuzzy". Their borders are -hard to define, and multiple networks may overlap one another. In order -to avoid confusion, each wireless network has (hopefully) unique -identifiers. The two most basic identifiers are the Extended Service -Set Identifier (ESSID) and the channel or frequency for radio -transmission. The ESSID is simply a name that identifies the wireless -network in question; you may have heard it referred to as the network -name or something similar. Typical wireless networks operate on 11 -different frequencies. In order to connect to even the most basic -wireless network, you will have to setup these two pieces of -information, and possibly others, before setting up things like the -WNIC's IP address. Here you can see that my ESSID is set to "nest" and -my laptop is transmitting at 2.432 GHz. This is all that is required to -connect to an unencrypted wireless LAN. (For any of you out there -expecting to come to my house and use my unencrypted wireless, you -should know that you'll have to break a 2048-bit SSL key before the -access point will let you communicate with my LAN.) +As you can clearly see here, when run without any arguments, +ifconfig will display all the information it +has on all the ethernet cards (and wireless ethernet cards) present on +your system. The above represents a typical wireless connection from my +laptop, so don't be afraid if what you see on your system doesn't +match. If you don't see any ethX or wlanX interfaces though, the +interface may be down. To show all currently present NICs whether they are +"up" or "down", simply pass the -a argument. -darkstar:~# iwconfig wlan0 essid nest \ - freq 2.432G +darkstar:~# ifconfig -a +eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 + TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) + Interrupt:16 + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:699 errors:0 dropped:0 overruns:0 frame:0 + TX packets:699 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:39518 (38.5 KiB) TX bytes:39518 (38.5 KiB) + +wlan0 Link encap:Ethernet HWaddr 00:1c:b3:ba:ad:4c + inet addr:192.168.1.198 Bcast:192.168.1.255 Mask:255.255.255.0 + inet6 addr: fe80::21c:b3ff:feba:ad4c/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:1630677 errors:0 dropped:0 overruns:0 frame:0 + TX packets:1183224 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:1627370207 (1.5 GiB) TX bytes:163308463 (155.7 MiB) + +wmaster0 Link encap:UNSPEC HWaddr 00-1C-B3-BA-AD-4C-00-00-00-00-00-00-00-00-00-00 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + - -The freq and channel arguments control basically -the same thing. You only need to use one. If you are unsure what -frequency or channel to use, Slackware can usually figure this out for -you. +Notice that the eth0 interface is now listed among the returns. +ifconfig can also change the current +settings on a NIC. Typically, you would need to change the IP address +and subnet mask, but you can change virtually any parameters. -darkstar:~# iwconfig wlan0 essid nest \ - channel auto +darkstar:~# ifconfig eth0 192.168.1.1 netmask 255.255.255.0 +darkstar:~# ifconfig eth0 +eth0 Link encap:Ethernet HWaddr 00:19:e3:45:90:44 + inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:122780 errors:0 dropped:0 overruns:0 frame:0 + TX packets:124347 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:60495452 (57.6 MiB) TX bytes:17185220 (16.3 MiB) + Interrupt:16 + -Now Slackware will attempt to connect to the strongest access point on -the "nest" essid operating at any frequency. +If you look carefully, you'll notice that the interface now has the +192.168.1.1 IP address and a 255.255.255.0 subnet mask. We've now setup +the basics for connecting to our network, but we still need to setup a +default gateway and our DNS servers. In order to do that, we'll need to +look at a few more tools. -
- -
-Wired Equivilant Protection (or Lack Thereof) - -Wireless networking is by its very nature less secure than wired -networking. Having your information travelling on the airwaves makes it -highly susceptible to interception by third paries, so over the years a -number of methods have been devised to make wireless networking more -secure. The first was called Wired Equivilant Protection, or WEP for -short, and well far short of its goal. If you are still using WEP -today, I encourage you to consider using WPA2 or some other form of -stronger encryption. Attacks against WEP are trivial and take only -minutes to perform. Unfortunately there are still access points -configured for WEP, and you may need to connect to one from time to -time. Connecting to WEP encrypted access points is fairly simple, -particularly if you have the key in hexidecimal format. We'll need to -pass the key argument along with the password in hexidecimal -or ASCII format. If using an ASCII password, you'll need to prepend it -with "s:"; here's a couple examples. Generally speaking, hexidecimal -format is prefered. +Next on our stop through networking land is the equally powerful +route(8). This tool is responsible for +modifying the Linux kernel's routing table which affects all data +transmission on a network. Routing tables can become immensely complex +or they can be straight-forward and simple. Most users will only ever +need to setup a default gateway, so we'll show you how to do that here. +If for some reason you need a more complex routing table, you would be +well advised to read the entire man page for +route as well as consulting other sources. +For now, let's take a look at our routing table immediately after +setting up eth0. -darkstar:~# iwconfig wlan0 \ - key cf80baf8bf01a160de540bfb1c -darkstar:~# iwconfig wlan0 \ - key s:thisisapassword +darkstar:~# route +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 +loopback * 255.0.0.0 U 0 0 0 lo -
+ +I won't explain everything here, but the general information should be +easy to pick up if you're familiar with networking at all. The +Destination and Genmask fields specify a range of IP addresses to +match. If a Gateway is defined, information in the form of packets will +be sent to that host for forwarding. We also specify an interface in +the final field that the information should traverse. Right now, we can +only communicate with computers with addresses between 192.168.1.0 and +192.168.1.255 and ourselves through the loopback interface, a type of +virtual NIC that is used for routing information from this computer to +itself. In order to reach the rest of the world, we'll need to +setup a default gateway. + -
-Wifi Protected Access +darkstar:~# route add default gw 192.168.1.254 +darkstar:~# route +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 +loopback * 255.0.0.0 U 0 0 0 lo +default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 + -Wifi Protected Access (or WPA for short) was the successor for WEP that -aimed to fix several problems with wireless encryption. Unfortunately, -WPA had some flaws as well. An update called WPA2 offers even stronger -protection. At this time, WPA2 is supported by nearly all wireless -network cards and access points, but some older devices may only -support WEP. If you need to secure your wireless network traffic, WPA2 -should be considered the minimum level of protection required. -Unfortunately, iwconfig is unable to setup -WPA2 encryption on its own. For that, we need a helper daemon, -wpa_supplicant(8). +You should immediately notice the addition of a default route. This +specifies what router should be used to reach any addresses that aren't +specified elsewhere in our routing table. Now, when we try to connect +to say, 64.57.102.34, the information will be sent to 192.168.1.254 +which is responsible for delivering the data for us. Unfortunately, +we're still not quite through. We need some way of converting domain +names like slackware.com into IP addresses that the computer can use. +For that, we need to make use of a DNS server. -Unfortunately, there's no easy way to manually configure a WPA2 -protected network; you'll have to edit -/etc/wpa_supplicant.conf directly with a text -editor. Here we will discuss the simplest form of WPA2 protection, the -Pre-Shared Key, or PSK for short. For details on setting up Slackware -to connect to more complicated WPA2 encrypted networks, see the man -page for wpa_supplicant.conf. +Fortunately, setting up your computer to use an external (or even an +internal) DNS server is very easy. You'll need to use your favorite +text editor and open the /etc/resolv.conf file. +Don't ask me what happened to the e. On my computer, +resolv.conf looks like this. -# /etc/wpa_supplicant.conf -# ======================== -# This line enables the use of wpa_cli which is used by rc.wireless -# if possible (to check for successful association) -ctrl_interface=/var/run/wpa_supplicant -# By default, only root (group 0) may use wpa_cli -ctrl_interface_group=0 -eapol_version=1 -ap_scan=1 -fast_reauth=1 -#country=US - -# WPA protected network, supply your own ESSID and WPAPSK here: -network={ - scan_ssid=1 - ssid="nest" - key_mgmt=WPA-PSK - psk="secret passphrase" -} +# /etc/resolv.conf +search lizella.net +nameserver 192.168.1.254 -The block of text we're interested in is the network block enclosed by -curly braces. Here we have set the ssid for the network "nest", as well -as the PSK to use "secret passphrase". At this point, WPA2 is setup. -You can run wpa_supplicant and then obtain -an IP address via DHCP or set a static address. Of course, this is a -lot of work, there must be an easier way to do this. +Most users won't need the "search" line. This is used to map hostnames +to domain names. Basically, if I attempt to connect to "barnowl", the +computer knows to look for "barnowl.lizella.net" thanks to this search +line. We're mainly interested in the "nameserver" line. This tells +Slackware what domain name servers (DNS) to connect to. Generally +speaking, these should always be specified by IP address. If you know +what DNS servers you should use, you can just add them one at a time to +individual nameserver lines. In fact, I don't know of any practical +limit to the number of nameservers that can be specified in +resolv.conf, so add as many as you like. Once this +is done, you should be able to communicate with other hosts via their +fully qualified domain name. -
- -
-rc.inet1.conf revisited - -Welcome back to rc.inet1.conf. You're recall in -the last chapter that we used this configuration file to automatically -configure NICs whenever Slackware boots. Now, we will use it to -configure wifi as well. If you're using WPA2, you'll still need to -setup wpa_supplicant.conf properly first, however. +But Alan! That's a lot of hard work! I don't want to do this time and +again for dozens or even hundreds of machines. You're absolutely right, +and that's why smarter people than you and me created DHCP. DHCP +stands for Dynamic Host Control Protocol and is a method for +automatically configuring computers with unique IP addresses, netmasks, +gateways, and DNS servers. Most of the time, you'll want to use DHCP. +The majority of wireless routers, DSL or cable modems, even firewalls +all have DHCP servers to can make your life much easier. Slackware +includes two main tools for connecting to an exising DHCP server and +can even act as a DHCP server for other computers. For now though, +we're just going to look at DHCP clients. -Recall that each NIC had a name or number that identified the variables -that corrospond with it? The same hold true for wifi NICs, only they -have even more variables due to the added complexity of wireless -networking. +First on our list is dhcpcd(8), part of the +ISC DHCP utilities. Assuming your computer is physically connected to +your network, and that you have an operating DHCP server on that +network, you can configure your NIC in one shot. - -# rc.inet1.conf (excert) -# ====================== -## Example config information for wlan0. Uncomment the lines you need and fill -## in your info. (You may not need all of these for your wireless network) -IFNAME[4]="wlan0" -IPADDR[4]="" -NETMASK[4]="" -USE_DHCP[4]="yes" -#DHCP_HOSTNAME[4]="icculus-wireless" -#DHCP_KEEPRESOLV[4]="yes" -#DHCP_KEEPNTP[4]="yes" -#DHCP_KEEPGW[4]="yes" -#DHCP_IPADDR[4]="" -WLAN_ESSID[4]="nest" -#WLAN_MODE[4]=Managed -#WLAN_RATE[4]="54M auto" -#WLAN_CHANNEL[4]="auto" -#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" -#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ -# set EncrypType=TKIP | \ -# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" -WLAN_WPA[4]="wpa_supplicant" -#WLAN_WPADRIVER[4]="ndiswrapper" +darkstar:~# dhcpcd eth0 -When we discussed wired ethernet, each "n" in the variable corrosponded -with the "n" in ethn. Here however, that no longer holds true. Notice -that the variable IFNAME[4] has a value of "wlan0". It is common for -wireless cards to have an interface name other than "ethn" and that is -reflected here. When rc.inet1.conf is read by the -start-up scripts, Slackware knows to apply all these options to the -"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. -Many of the other options are the same. IP address information is -added in exactly the same way we discussed for wired network cards in -the previous chapter; however, we have a lot of new variables that need -some explaination. +If everything went according to plan, your NIC should be properly +configured, and you should be able to communicate with other computers +on your network, and with the Internet at large. If for some reason, +dhcpcd fails, you may want to try +dhclient(8). +dhclient is an alternative to +dhcpcd and works in basically the same way. - -To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory -by now; they refer the the essid and frequency to use. WLAN_MODE[n] is -either "managed" or "ad-hoc". Anyone connecting to an access point -will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if -you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated -variable that sets other variables inside itself. WLAN_IWPRIV[n] is -used for WPA2 networks. Here you tell Slackware what authentication -mode, encryption type, and key to use for WPA2 connections. Please -note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you -can't use both on the same interface. If you successfully configure -all this, then Slackware will attempt to connect to your wireless -network as soon as the system boots. - +darkstar:~# dhclient eth0 +Listening on LPF/eth0/00:1c:b3:ba:ad:4c +Sending on LPF/eth0/00:1c:b3:ba:ad:4c +Sending on Socket/fallback +DHCPREQUEST on eth0 to 255.255.255.255 port 67 +DHCPACK from 192.168.1.254 +bound to 192.168.1.198 -- renewal in 8547 seconds. + -But wait, that's so much work! And what if I need to connect to -multiple wireless networks? I take my laptop to work and school and -need to seemlessly setup those wireless connections as soon as one is -within range. Doing things this way is simply too much work. You're -absolutely correct. +So why does Slackware include two DHCP clients? Sometimes a particular +DHCP server may be broken and not respond well to either +dhcpcd or +dhclient. In those cases, you can fall back +to the other DHCP client in hopes of getting a valid response from the +server. Traditionally, Slackware uses +dhcpcd, and this works in the vast majority +of cases, but it may become necessary at some point for you to use +dhclient instead. Both are excellent DHCP +clients, so use whichever you prefer.
-wicd +Automatic Configuration with rc.inet1.conf -Introducing wicd(8), the premier wired and -wireless network connection manager for the laptop user on the go. -Pronounced "wicked", wicd is capable of -storing information for any number of wireless networks you need and -connecting to them with a simple command or the click of a mouse. -wicd is not part of the default Slackware -installation at this time, as it interferes somewhat with the normal -way of configuring network adapters, but you can find it in the -/extra directory of your Slackware install disks -or at your favorite mirror. wicd is both a -network connection daemon and a graphical application for configuring -networks. The CLI isn't forgotten either, as -wicd-curses(8) is every bit as powerful as -the traditional GUI front-end. In order to use -wicd, you will need to disable support for -any interfaces you have in rc.inet1.conf first. +Manually configuring interfaces is an important skill to have, but it +can become tedious. No one wants to manually setup their Internet +connection every time the system boots. More importantly, you may not +always have physical access to the machine when it boots. Slackware +makes it easy to automatically configure ethernet (and wireless) cards +at system startup with /etc/rc.d/rc.inet1.conf. +For now, we're going to focus on traditional wired ethernet networking; +the next chapter will discuss various wireless options. + + + +rc.inet1.conf is an incredibly powerful +configuration file, capable of configuring most of your network cards +automatically when Slackware is started. The file is filled with useful +comments, but there is also a man page that more thoroughly discusses +its use. To begin, we're going to look at some of the options used on +one of my personal machines. -# rc.inet1.conf -# ============= # Config information for eth0: -IPADDR[0]="" -NETMASK[0]="" -USE_DHCP[0]="no" +IPADDR[0]="192.168.1.250" +NETMASK[0]="255.255.255.0" +USE_DHCP[0]="" DHCP_HOSTNAME[0]="" -# Default gateway IP address: -GATEWAY="" +# Some lines ommitted. +GATEWAY="192.168.1.254" -Now we can install wicd, setup the daemon to -run on system boot-up, and begin using a more friendly application. +This represents most of the information necessary to configure a static +IP address on a single ethernet controller. +netconfig will usually fill in these values +for a single ethernet device for you. If you have multiple network +cards in your machine and need all of them activated automatically at +boot time, then you'll need to edit or add additional entries into this +file in the same manner as above. First, let me go over some of the +basics. -darkstar:~# installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz -darkstar:~# chmod +x /etc/rc.d/rc.wicd -darkstar:~# /etc/rc.d/rc.wicd start - + +As you may have already guessed, IPADDR[n] is the Internet Protocol +Address for the "n" network interface card. Typically, "n" corrosponds +to eth0, eth1, and so on, but this isn't always the case. You can +specify these values to pertain to a different network controller with +the INFAME[n] variable, but we will reserve that for the next chapter +on wireless networking, as it more commonly pertains to wireless +network controllers. Likewise, NETMASK[n] is the subnet mask to use +for the network controller. If these lines are left empty, then static +IP addresses will not be automatically assigned to this network +controller. The USE_DHCP[n] variable tells Slackware to (naturally) +use DHCP to configure the interface. DHCP_HOSTNAME[n] is rarely used, +but some DHCP servers may require it. In that case, it must be set to +a valid hostname. Finally, we come to the GATEWAY variable. It is +actually set lower in the file than it appears in my example, and it +controls the default gateway to use. You may be wondering why there is +no GATEWAY[n] variable. The answer to that lies in how Internet +Protocol works. I won't go into an indepth discussion on that subject, +but suffice it to say that there is only ever one default route that a +computer can use no matter how many interfaces are attached to it. + -If you're predominately using the console, simply run -wicd-curses from your command line. If -instead, you are using a graphical desktop provided by -X, you can start the graphical front-end -from either the KDE or XFCE menu. Optionally, you could manually run -wicd-client(1) from a terminal or run -dialogue. +If you need to use static IP addressing, you will have to obtain a +unique static IP address and the subnet mask for the interface, as well +as the default gateway address, and enter those here. There is no place +to enter DNS information in rc.inet1.conf, so DNS +servers will have to be manually placed into +resolv.conf as we discussed above. Of course, if +you use netconfig, this will be handled for +you by that program. Now let's take a look at another interface on my +computer. + +# Config information for eth1: +IPADDR[1]="" +NETMASK[1]="" +USE_DHCP[1]="yes" +DHCP_HOSTNAME[1]="" + + -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! -ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +Here I am telling Slackware to configure eth1 using DHCP. I do not need +to set the IPADDR[1] or NETMASK[1] variables when using DHCP (in fact, +if they are set, they will be ignored). Slackware will happily contact +a DHCP server as soon as the machine begins to boot.
diff --git a/chapter_15.xml b/chapter_15.xml index 3a16ac9..c3b6d8a 100644 --- a/chapter_15.xml +++ b/chapter_15.xml @@ -3,644 +3,333 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Basic Networking Utilities - - -So you've finally managed to setup your network connection, now what? -How do you know that it's working? How do you know that you set it up -correctly? And just what do you do now that it's setup? Well this -chapter is for you. - - -
-Network Diagnostic Tools - - -Slackware Linux includes a great many networking tools for -troubleshooting and diagnosing network connection troubles, or just for -seeing what's out there on the network. Most of these tools are -command-line tools, so you can run them from a virtual terminal or in a -console window on your graphical desktop. A few of them even have -graphical front-ends, but we're going to deal almost exclusively with -command-line tools for now. - +Wireless Networking
-ping +<application>iwconfig</application> -ping(8) is a handy tool for determining if a -computer is operational on your network or on the Internet at large. -You can think of as a type of sonar for computers. By using it, you -send out a "ping" and listen for an echo to determine if another -computer or network device is listening. By default, -ping checks for the remote computer once per -second indefinitely, but you can change the interval between checks and -the total number of checks easily, just check the man page. You can -terminate the application at any time with -CTRL-c. When -ping is finished, it displays a handy -summary of its activity. ping is very useful -for determining if a computer on your network or the Internet is -available, but some systems block the packets -ping sends, so sometimes a system may be -functioning properly, but still not send replies. +Wireless networking is somewhat more complicated than traditional wired +networking, and requires additional tools for setup. Slackware includes +a diverse collection of wireless networking tools to allow you to +configure your wireless network interface card (WNIC) at the most basic +level. We won't cover everything here, but should give you a solid +foundation to get up and running quickly. The first tool we are going +to look at is iwconfig(8). When run without +any argument, iwconfig displays the current +wireless information on any and all NICs on your computer. -darkstar:~# ping -c 3 www.slackware.com -64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms -64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms -64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms - ---- slackware.com ping statistics --- -3 packets transmitted, 3 received, 0% packet loss, time 2004ms -rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms - +darkstar:~# iwconfig +lo no wireless extensions. -
+eth0 no wireless extensions. -
-traceroute +wmaster0 no wireless extensions. - -traceroute(8) is a handy tool for determining -what route your packets take to reach some other computer. It's mainly -of use for determining which computers are "near" or "far" from you. -This distance isn't strictly geographical, as your Internet Service -Provider may route traffic from your computer in strange ways. -traceroute shows you each router between -your computer and any other machine you wish to connect to. -Unfortunately, many providers, firewalls, and routers will block -traceroute so you might not get a complete -picture when using it. Still, it remains a handy tool for network -troubleshooting. - +wlan0 IEEE 802.11abgn ESSID:"nest" + Mode:Managed Frequency:2.432 GHz Access Point: +00:13:10:EA:4E:BD + Bit Rate=54 Mb/s Tx-Power=17 dBm + Retry min limit:7 RTS thr:off Fragment thr=2352 B + Encryption key:off + Power Management:off + Link Quality=100/100 Signal level:-42 dBm + Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 + Tx excessive retries:0 Invalid misc:0 Missed beacon:0 -darkstar:~# traceroute www.slackware.com -traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte -packets - 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms - 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms - 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms - 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms - 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms -44.125 ms - 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms -58.247 ms 44.989 ms - 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms -46.110 ms 43.977 ms - 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms -76.735 ms 76.145 ms - 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms -108.328 ms 120.096 ms -10 wiltel-communications-group-inc.LosAngeles.savvis.net -(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms -11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436 -ms 85.575 ms -12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms -84.278 ms 86.922 ms -13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms -85.924 ms 86.102 ms -14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms -85.285 ms 84.148 ms -15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms -16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms -17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms -18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms +tun0 no wireless extensions. -
- -
-telnet - - -Once upon a time, telnet(1) was the greatest -thing since sliced bread. Basically, telnet -opens an unencrypted network connection between two computers and hands -control of the session to the user rather than some other application. -Using telnet, people could connect to shells -on other computers and execute commands as if they were physically -present. Due to its unencrypted nature this is no longer recommended; -however, telnet is still used for this -purpose by many devices. - -Today, telnet is put to better use as a -network diagnostic tool. Because it passes control of the session -directly to the user, it can be used for a great variety of testing -purposes. As long as you know what ASCII commands to send to the -receiving computer, you can do any number of activies, such as read web -pages or check your e-mail. Simply inform -telnet what network port to use, and you're -all set. +Unlike wired networks, wireless networks are "fuzzy". Their borders are +hard to define, and multiple networks may overlap one another. In order +to avoid confusion, each wireless network has (hopefully) unique +identifiers. The two most basic identifiers are the Extended Service +Set Identifier (ESSID) and the channel or frequency for radio +transmission. The ESSID is simply a name that identifies the wireless +network in question; you may have heard it referred to as the network +name or something similar. Typical wireless networks operate on 11 +different frequencies. In order to connect to even the most basic +wireless network, you will have to setup these two pieces of +information, and possibly others, before setting up things like the +WNIC's IP address. Here you can see that my ESSID is set to "nest" and +my laptop is transmitting at 2.432 GHz. This is all that is required to +connect to an unencrypted wireless LAN. (For any of you out there +expecting to come to my house and use my unencrypted wireless, you +should know that you'll have to break a 2048-bit SSL key before the +access point will let you communicate with my LAN.) -darkstar:~# telnet www.slackware.com 80 -Trying 64.57.102.34... -Connected to www.slackware.com. -Escape character is '^]'. -HEAD / HTTP/1.1 -Host: www.slackware.com - -HTTP/1.1 200 OK -Date: Thu, 04 Feb 2010 18:01:35 GMT -Server: Apache/1.3.27 (Unix) PHP/4.3.1 -Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT -ETag: "61dc2-5374-4a973333" -Accept-Ranges: bytes -Content-Length: 21364 -Content-Type: text/html - - -
- -
-ssh +darkstar:~# iwconfig wlan0 essid nest \ + freq 2.432G -As we mentioned, telnet may be useful as a -diagnostic tool, but its unencrypted nature makes it a security concern -for shell access. Thankfully, there's the secure shell protocol. Nearly -every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or -ssh(1) for short. It is one of the most -commonly used network tools today and makes use of the strongest -cryptographic techniques. ssh has many -features, configuration options, and neat hacks, enough to fill its own -book, so we'll only go into the basics here. Simply run -ssh with the user name and the host and -you'll be connected to it quickly and safely. If this is the first time -you are connecting to this computer, ssh -will ask you to confirm your desire, and make a local copy of the -encryption key to use. Should this key later change, -ssh will warn you and refuse to connect -because it is possible that some one is attempting to hijack the -connection using what is known as a man-in-the-middle attack. +The freq and channel arguments control basically +the same thing. You only need to use one. If you are unsure what +frequency or channel to use, Slackware can usually figure this out for +you. -darkstar:~# ssh alan@slackware.com -alan@slackware.com's password: secret -alan@slackware.com:~$ - +darkstar:~# iwconfig wlan0 essid nest \ + channel auto -The user and hostname are in the same form used by e-mail addresses. -If you leave off the username part, ssh will -use your current username when establishing the connection. +Now Slackware will attempt to connect to the strongest access point on +the "nest" essid operating at any frequency.
-tcpdump +Wired Equivilant Protection (or Lack Thereof) -So far all the tools we've looked at have focused on making connections -to other computers, but now we're going to look at the traffic itself. -tcpdump(1) (which must be run as root) -allows us to view all or part of the network traffic originating or -received by our computer. tcpdump displays -the raw data packets in a variety of ways with all the network headers -intact. Don't be alarmed if you don't understand everything it -displays, tcpdump is a tool for professional -network engineers and system administrators. By default, it probes the -first network card it finds, but if you have multiple interfaces, -simply use the -i argument to specify which one you're -interested in. You can also limit the data displayed using expressions -and change the manner in which it is displayed, but that is best -explained by the man page and other reference material. +Wireless networking is by its very nature less secure than wired +networking. Having your information travelling on the airwaves makes it +highly susceptible to interception by third paries, so over the years a +number of methods have been devised to make wireless networking more +secure. The first was called Wired Equivilant Protection, or WEP for +short, and well far short of its goal. If you are still using WEP +today, I encourage you to consider using WPA2 or some other form of +stronger encryption. Attacks against WEP are trivial and take only +minutes to perform. Unfortunately there are still access points +configured for WEP, and you may need to connect to one from time to +time. Connecting to WEP encrypted access points is fairly simple, +particularly if you have the key in hexidecimal format. We'll need to +pass the key argument along with the password in hexidecimal +or ASCII format. If using an ASCII password, you'll need to prepend it +with "s:"; here's a couple examples. Generally speaking, hexidecimal +format is prefered. -darkstar:~# tcpdump -i wlan0 -tcpdump: verbose output suppressed, use -v or -vv for full protocol -decode -listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes -13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387: -Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489 -ecr 339048583], length 164WARNING: Short packet. Try increasing the -snap length by 140 -SMB PACKET: SMBtrans2 (REPLY) - -13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds: -Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr -1382697489], length 134WARNING: Short packet. Try increasing the snap -length by 110 -SMB PACKET: SMBtrans2 (REQUEST) +darkstar:~# iwconfig wlan0 \ + key cf80baf8bf01a160de540bfb1c +darkstar:~# iwconfig wlan0 \ + key s:thisisapassword
-nmap - - -Suppose you need to know what network services are running on a -machine, or multiple machines, or you wish to determine if multiple -machines are responsive? You could ping -each one individually, telnet to each port -you're interested in, and note every detail, but that's very tedious -and time consuming. A much easier alternative is to use a port scanner, -and nmap(1) is just the tool for the job. -nmap is capable of scanning TCP and UDP -ports, determining the operating system of a network device, probing -each located service to determine its specific type, and much much -more. Perhaps the simplist way to use nmap -is to "ping" multiple computers at once. You can use network address -notation (CIDR) or specify a range of addresses and -nmap will scan every one and return the -results to you when it's finished. You can even specify host names as -you like. - +Wifi Protected Access -In order to "ping" hosts, you'll have to use the -sP -argument. The following command instructs -nmap to "ping" www.slackware.com and the 16 -IP addresses starting at 72.168.24.0 and ending at 72.168.24.15. +Wifi Protected Access (or WPA for short) was the successor for WEP that +aimed to fix several problems with wireless encryption. Unfortunately, +WPA had some flaws as well. An update called WPA2 offers even stronger +protection. At this time, WPA2 is supported by nearly all wireless +network cards and access points, but some older devices may only +support WEP. If you need to secure your wireless network traffic, WPA2 +should be considered the minimum level of protection required. +Unfortunately, iwconfig is unable to setup +WPA2 encryption on its own. For that, we need a helper daemon, +wpa_supplicant(8). -darkstar:~# nmap -sP www.slackware.com 72.168.24.0/28 - - -Should you need to perform a port scan, nmap -has many options for doing just that. When run without any arguments, -nmap performs a standard TCP port scan on all -hosts specified. There are also options to make -nmap more or less aggressive with its -scanning to return results quicker or fool intrusion detection -services. For a full discussion, you should refer to the rather -exhaustive man page. The following three commands perform a regular -port scan, a SYN scan, and a "Christmas tree" scan. +Unfortunately, there's no easy way to manually configure a WPA2 +protected network; you'll have to edit +/etc/wpa_supplicant.conf directly with a text +editor. Here we will discuss the simplest form of WPA2 protection, the +Pre-Shared Key, or PSK for short. For details on setting up Slackware +to connect to more complicated WPA2 encrypted networks, see the man +page for wpa_supplicant.conf. -darkstar:~# nmap www.example.com -darkstar:~# nmap -sS www.example.com -darkstar:~# nmap -sX www.example.com + +# /etc/wpa_supplicant.conf +# ======================== +# This line enables the use of wpa_cli which is used by rc.wireless +# if possible (to check for successful association) +ctrl_interface=/var/run/wpa_supplicant +# By default, only root (group 0) may use wpa_cli +ctrl_interface_group=0 +eapol_version=1 +ap_scan=1 +fast_reauth=1 +#country=US + +# WPA protected network, supply your own ESSID and WPAPSK here: +network={ + scan_ssid=1 + ssid="nest" + key_mgmt=WPA-PSK + psk="secret passphrase" +} -Be warned! Some Internet Service Providers frown heavily on port -scanning and may take measures to prevent you from doing it. -nmap and applications like it are best used -on your own systems for maintenance and security purposes, not as -general purpose Internet scanners. +The block of text we're interested in is the network block enclosed by +curly braces. Here we have set the ssid for the network "nest", as well +as the PSK to use "secret passphrase". At this point, WPA2 is setup. +You can run wpa_supplicant and then obtain +an IP address via DHCP or set a static address. Of course, this is a +lot of work, there must be an easier way to do this.
-
- -
Web Browsers - - -Slackware includes a variety of web browsers. If you're using a -graphical desktop, you'll find Firefox, Seamonkey, and others you may -already be familiar with, but what about console access? Fortunately, -there are a number of capable web browsers here as well. - - -
lynx - - -The oldest console-based web browser included with Slackware is -definitely lynx(1), a very capable if -somewhat limited web browser. lynx does not -support frames, javascript, or pictures; it is strictly a text web -browser. Navigation is performed using your keyboard's arrow keys and -optionally, a mouse. While it lacks many features that other browsers -support, lynx is one of the fastest web -browsers you'll ever use for gathering information. For example, the --dump argument sends the formatted web page directly to the -console, which can then be piped to other programs. - - - -PIC OF LYNX IN ACTION. -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! - - -
- -
links - - -A more feature-rich alternative is the popular -links(1), a console-based web browser that -supports frames and has better table rendering than -lynx. Like its predecessor, -links is navigated with the arrow keys, and -the use of a mouse is supported. Unlike, -lynx it also includes a handy menu (simply -click on the top line with your mouse to activate) and generally -formats web pages better. - +
+rc.inet1.conf revisited -PIC OF LINKS IN ACTION. -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! -FILL THIS IN!!!!!!! +Welcome back to rc.inet1.conf. You're recall in +the last chapter that we used this configuration file to automatically +configure NICs whenever Slackware boots. Now, we will use it to +configure wifi as well. If you're using WPA2, you'll still need to +setup wpa_supplicant.conf properly first, however. -
- -
wget - -Unlike the other browsers we've looked at, -wget(1) is non-interactive. Rather than display -HTTP content, wget downloads it. This takes -the "browsing" out of the web browser. Unlike the dump modes of other -browsers, wget does not format its -downloads; rather it copies the content in its exact form on the web -server with all tags and binary data in place. It also supports several -recursive options that can effectively mirror online content to your -local computer. wget need not operate -exclusively on HTTP content; it also supports FTP and several other -protocols. +Recall that each NIC had a name or number that identified the variables +that corrospond with it? The same hold true for wifi NICs, only they +have even more variables due to the added complexity of wireless +networking. -darkstar:~# wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt ---2010-05-01 13:51:19-- -ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt - => `ChangeLog.txt' -Resolving ftp.osuosl.org... 64.50.236.52 -Connecting to ftp.osuosl.org|64.50.236.52|:21... connected. -Logging in as anonymous ... Logged in! -==> SYST ... done. ==> PWD ... done. -==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done. -==> SIZE ChangeLog.txt ... 75306 -==> PASV ... done. ==> RETR ChangeLog.txt ... done. -Length: 75306 (74K) - -100%[======================================>] 75,306 110K/s in 0.7s - -2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306] + +# rc.inet1.conf (excert) +# ====================== +## Example config information for wlan0. Uncomment the lines you need and fill +## in your info. (You may not need all of these for your wireless network) +IFNAME[4]="wlan0" +IPADDR[4]="" +NETMASK[4]="" +USE_DHCP[4]="yes" +#DHCP_HOSTNAME[4]="icculus-wireless" +#DHCP_KEEPRESOLV[4]="yes" +#DHCP_KEEPNTP[4]="yes" +#DHCP_KEEPGW[4]="yes" +#DHCP_IPADDR[4]="" +WLAN_ESSID[4]="nest" +#WLAN_MODE[4]=Managed +#WLAN_RATE[4]="54M auto" +#WLAN_CHANNEL[4]="auto" +#WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" +#WLAN_IWPRIV[4]="set AuthMode=WPAPSK | \ +# set EncrypType=TKIP | \ +# set WPAPSK=96389dc66eaf7e6efd5b5523ae43c7925ff4df2f8b7099495192d44a774fda16" +WLAN_WPA[4]="wpa_supplicant" +#WLAN_WPADRIVER[4]="ndiswrapper" -
- -
- -
-FTP Clients - -Lots of data is stored on FTP servers the world over. In fact, -Slackware Linux was first publically offered via FTP and continues to -be distributed in this fashion today. Most open source software can be -downloaded in source code or binary form via FTP, so knowing how to -retrieve this information is a handy skill. +When we discussed wired ethernet, each "n" in the variable corrosponded +with the "n" in ethn. Here however, that no longer holds true. Notice +that the variable IFNAME[4] has a value of "wlan0". It is common for +wireless cards to have an interface name other than "ethn" and that is +reflected here. When rc.inet1.conf is read by the +start-up scripts, Slackware knows to apply all these options to the +"wlan0" wifi NIC instead of the (probably non-existant) eth4 wired NIC. +Many of the other options are the same. IP address information is +added in exactly the same way we discussed for wired network cards in +the previous chapter; however, we have a lot of new variables that need +some explaination. -
ftp - -The simplest FTP client included with Slackware is named simply, -ftp(1) and is a reliable if somewhat simple -means of sending and retrieving data. ftp -connects to an FTP server, asks for your username and password, and -then allows you to put or get data to and from that server. -ftp has fallen out of favor with more -experienced users do to a lack of features, but remains a handy tool, -and much of the documentation you see online will refer you to it. +To begin, WLAN_ESSID[n] and WLAN_CHANNEL[n] should be self-explainatory +by now; they refer the the essid and frequency to use. WLAN_MODE[n] is +either "managed" or "ad-hoc". Anyone connecting to an access point +will want to use managed mode. WLAN_KEY[n] is the WEP key to use, if +you're forced to use WEP. WLAN_IWPRIV[n] is a very complicated +variable that sets other variables inside itself. WLAN_IWPRIV[n] is +used for WPA2 networks. Here you tell Slackware what authentication +mode, encryption type, and key to use for WPA2 connections. Please +note that WLAN_KEY[n] and WLAN_IWPRIV[n] are mutually exclusive; you +can't use both on the same interface. If you successfully configure +all this, then Slackware will attempt to connect to your wireless +network as soon as the system boots. -Once an FTP session has been initialized, you'll be placed at a prompt -somewhat like a shell. From here you can change and list directories -using the "cd" and "ls" commands, just like a shell. Additionally, you -may issue the "put" command to send a file to the server, or a "get" -command to retrieve data from the server. If you're connecting to a -public FTP server, you'll want to use the "anonymous" username and -simply enter your e-mail address (or a fake one) for the password. +But wait, that's so much work! And what if I need to connect to +multiple wireless networks? I take my laptop to work and school and +need to seemlessly setup those wireless connections as soon as one is +within range. Doing things this way is simply too much work. You're +absolutely correct. -darkstar:~# ftp ftp.osuosl.org -Name (ftp.osuosl.org:alan): anonymous -331 Please specify the password. -Password: secret -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> cd pub/slackware/slackware-current/ -250 Directory successfully changed. -ftp> get ChangeLog.txt -local: ChangeLog.txt remote: ChangeLog.txt -200 PORT command successful. Consider using PASV. -150 Opening BINARY mode data connection for ChangeLog.txt (33967 -bytes). -226 File send OK. -33967 bytes received in 0.351 secs (94 Kbytes/sec) -ftp> bye -221 Goodbye. - -
-
ncftp +
+wicd -ncftp(1) (pronounced nick-f-t-p), is a more -feature rich successor to ftp, supporting -tab completion and recursive retrieval. It automatically connects to a -server as the anonymous user, unless you specify a different username -on the commandline with the -u argument. The primary -advantage over ftp is the ability to send -and retrieve multiple files at once with the "mput" and "mget" -commands. If you pass the -R argument to either of them, -they will recursively put or get data from directories. +Introducing wicd(8), the premier wired and +wireless network connection manager for the laptop user on the go. +Pronounced "wicked", wicd is capable of +storing information for any number of wireless networks you need and +connecting to them with a simple command or the click of a mouse. +wicd is not part of the default Slackware +installation at this time, as it interferes somewhat with the normal +way of configuring network adapters, but you can find it in the +/extra directory of your Slackware install disks +or at your favorite mirror. wicd is both a +network connection daemon and a graphical application for configuring +networks. The CLI isn't forgotten either, as +wicd-curses(8) is every bit as powerful as +the traditional GUI front-end. In order to use +wicd, you will need to disable support for +any interfaces you have in rc.inet1.conf first. -darkstar:~# ncftp ftp.osuosl.org -Logging in... -Login successful. -Logged in to ftp.osuosl.org. -ncftp / > cd pub/slackware/slackware-current -Directory successfully changed. -ncftp ...ware/slackware-current > mget -R isolinux -isolinux/README.TXT: 4.63 kB 16.77 kB/s -isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s -isolinux/f2.txt: 793.00 B 5.68 kB/s -isolinux/initrd.img: 13.75 MB 837.91 kB/s -isolinux/iso.sort: 50.00 B 354.50 B/s -isolinux/isolinux.bin: 14.00 kB 33.99 kB/s -isolinux/isolinux.cfg: 487.00 B 3.30 kB/s -isolinux/message.txt: 760.00 B 5.32 kB/s -isolinux/setpkg: 2.76 kB 19.11 kB/s -ncftp ...ware/slackware-current > bye + +# rc.inet1.conf +# ============= +# Config information for eth0: +IPADDR[0]="" +NETMASK[0]="" +USE_DHCP[0]="no" +DHCP_HOSTNAME[0]="" +# Default gateway IP address: +GATEWAY="" -
- -
lftp - -The last client we're going to look at is -lftp(1). Like -ncftp, it supports tab completion and -recursive activity, but has a more friendly license. Rather than user -"mget" and "mput", all recursive operations are handled with the -"mirror" command. "mirror" has many different options available, so -I'll have to refer you to the man page and the built-in "help" command -for complete details. +Now we can install wicd, setup the daemon to +run on system boot-up, and begin using a more friendly application. -darkstar:~# lftp ftp.osuosl.org -lftp ftp.osuosl.org:~> cd /pub/slackware/slackware-current -cd ok, cwd=/pub/slackware/slackware-current -lftp ftp.osuosl.org:/pub/slackware/slackware-current> mirror isolinux -Total: 2 directories, 16 files, 1 symlink -New: 16 files, 1 symlink -14636789 bytes transferred in 20 seconds (703.7K/s) -lftp ftp.osuosl.org:/pub/slackware/slackware-current> bye +darkstar:~# installpkg /path/to/extra/wicd/wicd-1.6.2.1-1.txz +darkstar:~# chmod +x /etc/rc.d/rc.wicd +darkstar:~# /etc/rc.d/rc.wicd start -
- -
- -
-NNTP Clients - -Once upon a time when the Internet was young, before the World Wide Web -was invented and no one had heard of hyperlinks, everyone retrieved -their news and information through a service known as Usenet using the -NNTP protocol. It remains today a useful knowledge base of information -on an incredible variety of subjects, but if you wish to access this -information, you're going to need a proper client. Slackware includes -a number of NNTP clients with both console and graphical interfaces, -but we'll only detail the console tools here. Popular graphical news -readers include knode and -pan. +If you're predominately using the console, simply run +wicd-curses from your command line. If +instead, you are using a graphical desktop provided by +X, you can start the graphical front-end +from either the KDE or XFCE menu. Optionally, you could manually run +wicd-client(1) from a terminal or run +dialogue. -
tin - -
- -
slrn - -
- -
- -
-rsync - -Ready to see something cool? Have you ever found yourself needing just -a handful of files from a large directory, but you're not entirely sure -which files you already have and which ones you need? You can download -the entire directory again, but that's duplicating a lot of work. You -can pick and chose, manually check everything, but that's very tedious. -Perhaps you've downloaded a large file such as an ISO, but something -went wrong with the download? It doesn't make sense that you should -have to pull down the entire file again if only a few bits have been -corrupted. Enter rsync(1), a fast and -versatile copying tool for local and remote files. +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! +ADD PICTURES OF WICD-CURSES AND WICD-CLIENT!!!! - -rsync uses a handful of simple, but very -effective techniques to determine what needs to be changed. By checking -file size and time stamps, it can determine if two files are different. -If something has changed, it can determine what bytes are different, -and simply download that handfull of data rather than an entire file. -It is truly a marvel of modern technology. - - - -In its simplist form, rsync connects to an -rsync protocol server and downloads a list of files and directories, -along with their sizes, timestamps, and other information. It then -compares this to the local files (if any) to determine what it needs to -transfer. Only files that are different will be synced. Additionally, -it breaks up large files into smaller chunks and compares those chunks -using a quick and simple hash function. Any chunks that match are not -transferred, so the amount of data that must be copied can be -dramatically reduced. rsync also supports -compression, verbose output, file deletion, permission handling, and -many other options. For a complete list, you'll need to refer to the -man page, but I've included a small table of some of the more common -options. - - - -rsync Arguments - - - Argument - Explaination - - - - -v - Increased verbosity - - - -c - Checksum all files rather than relying on file size and timestamp - - - -a - Archive mode (equivilant to -rlptgoD) - - - -e - Specify a remote shell to use - - - -r - Recursive mode - - - -u - Update - skip files that are newer on the receiving end - - - -p - Preserve permissions - - - -n - Dry-run - perform a trial run without making any changes - - - -z - Compress - handy for slow network connections - - - -
- - -Due to the power and versatility of rsync, -it can be invoked in a number of ways. The following two examples -connect to an rsync protocol server to retrieve some information and to -another server via ssh to encrypt the transmission. - - -darkstar:~# rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \ -/src/slackware-current/ -darkstar:~# rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo - -
diff --git a/chapter_16.xml b/chapter_16.xml index 4da780b..3a16ac9 100644 --- a/chapter_16.xml +++ b/chapter_16.xml @@ -3,190 +3,644 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Package Management +Basic Networking Utilities -Package management is an essential part of any Linux distribution. -Every piece of software included by Slackware, along with many -third-party tools are distributed as source code that can be compiled, -but compiling all those thousands of different applications and -libraries is tedious and time consuming. That's why many people prefer -to install pre-compiled software packages. In fact, when you installed -Slackware, the setup program primarily -worked by running package management tools on a list of packages. Here -we'll look at the various tools used for handling Slackware packages. +So you've finally managed to setup your network connection, now what? +How do you know that it's working? How do you know that you set it up +correctly? And just what do you do now that it's setup? Well this +chapter is for you.
-<application>pkgtool</application> +Network Diagnostic Tools -The simplest way to perform package maintenance tasks is to invoke -pkgtool(8), a menu-driven interface to some of -the other tools. pkgtool allows you to -install or remove packages as well as view the contents of those -packages and the list of currently installed packages in a -user-friendly ncurses interface. +Slackware Linux includes a great many networking tools for +troubleshooting and diagnosing network connection troubles, or just for +seeing what's out there on the network. Most of these tools are +command-line tools, so you can run them from a virtual terminal or in a +console window on your graphical desktop. A few of them even have +graphical front-ends, but we're going to deal almost exclusively with +command-line tools for now. +
+ping + + +ping(8) is a handy tool for determining if a +computer is operational on your network or on the Internet at large. +You can think of as a type of sonar for computers. By using it, you +send out a "ping" and listen for an echo to determine if another +computer or network device is listening. By default, +ping checks for the remote computer once per +second indefinitely, but you can change the interval between checks and +the total number of checks easily, just check the man page. You can +terminate the application at any time with +CTRL-c. When +ping is finished, it displays a handy +summary of its activity. ping is very useful +for determining if a computer on your network or the Internet is +available, but some systems block the packets +ping sends, so sometimes a system may be +functioning properly, but still not send replies. + + + +darkstar:~# ping -c 3 www.slackware.com +64 bytes from slackware.com (64.57.102.34): icmp_seq=1 ttl=47 time=87.1 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=2 ttl=47 time=86.2 ms +64 bytes from slackware.com (64.57.102.34): icmp_seq=3 ttl=47 time=86.7 ms + +--- slackware.com ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2004ms +rtt min/avg/max/mdev = 86.282/86.718/87.127/0.345 ms + + +
+ +
+traceroute + + +traceroute(8) is a handy tool for determining +what route your packets take to reach some other computer. It's mainly +of use for determining which computers are "near" or "far" from you. +This distance isn't strictly geographical, as your Internet Service +Provider may route traffic from your computer in strange ways. +traceroute shows you each router between +your computer and any other machine you wish to connect to. +Unfortunately, many providers, firewalls, and routers will block +traceroute so you might not get a complete +picture when using it. Still, it remains a handy tool for network +troubleshooting. + + +darkstar:~# traceroute www.slackware.com +traceroute to slackware.com (64.57.102.34), 30 hops max, 46 byte +packets + 1 gw.ctsmacon.com (192.168.1.254) 1.468 ms 2.045 ms 1.387 ms + 2 10.0.0.1 (10.0.0.1) 7.642 ms 8.019 ms 6.006 ms + 3 68.1.8.49 (68.1.8.49) 10.446 ms 9.739 ms 7.003 ms + 4 68.1.8.69 (68.1.8.69) 11.564 ms 6.235 ms 7.971 ms + 5 dalsbbrj01-ae0.r2.dl.cox.net (68.1.0.142) 43.859 ms 43.287 ms +44.125 ms + 6 dpr1-ge-2-0-0.dallasequinix.savvis.net (204.70.204.146) 41.927 ms +58.247 ms 44.989 ms + 7 cr2-tengige0-7-5-0.dallas.savvis.net (204.70.196.29) 42.577 ms +46.110 ms 43.977 ms + 8 cr1-pos-0-3-3-0.losangeles.savvis.net (204.70.194.53) 78.070 ms +76.735 ms 76.145 ms + 9 bpr1-ge-3-0-0.LosAngeles.savvis.net (204.70.192.222) 77.533 ms +108.328 ms 120.096 ms +10 wiltel-communications-group-inc.LosAngeles.savvis.net +(208.173.55.186) 79.607 ms 76.847 ms 75.998 ms +11 tg9-4.cr01.lsancarc.integra.net (209.63.113.57) 84.789 ms 85.436 +ms 85.575 ms +12 tg13-1.cr01.sntdcabl.integra.net (209.63.113.106) 87.608 ms +84.278 ms 86.922 ms +13 tg13-4.cr02.sntdcabl.integra.net (209.63.113.134) 87.284 ms +85.924 ms 86.102 ms +14 tg13-1.cr02.rcrdcauu.integra.net (209.63.114.169) 85.578 ms +85.285 ms 84.148 ms +15 209.63.99.166 (209.63.99.166) 84.515 ms 85.424 ms 85.956 ms +16 208.186.199.158 (208.186.199.158) 86.557 ms 85.822 ms 86.072 ms +17 sac-main.cwo.com (209.210.78.20) 88.105 ms 87.467 ms 87.526 ms +18 slackware.com (64.57.102.34) 85.682 ms 86.322 ms 85.594 ms + +
+ +
+telnet + + +Once upon a time, telnet(1) was the greatest +thing since sliced bread. Basically, telnet +opens an unencrypted network connection between two computers and hands +control of the session to the user rather than some other application. +Using telnet, people could connect to shells +on other computers and execute commands as if they were physically +present. Due to its unencrypted nature this is no longer recommended; +however, telnet is still used for this +purpose by many devices. + + + +Today, telnet is put to better use as a +network diagnostic tool. Because it passes control of the session +directly to the user, it can be used for a great variety of testing +purposes. As long as you know what ASCII commands to send to the +receiving computer, you can do any number of activies, such as read web +pages or check your e-mail. Simply inform +telnet what network port to use, and you're +all set. + + +darkstar:~# telnet www.slackware.com 80 +Trying 64.57.102.34... +Connected to www.slackware.com. +Escape character is '^]'. +HEAD / HTTP/1.1 +Host: www.slackware.com + +HTTP/1.1 200 OK +Date: Thu, 04 Feb 2010 18:01:35 GMT +Server: Apache/1.3.27 (Unix) PHP/4.3.1 +Last-Modified: Fri, 28 Aug 2009 01:30:27 GMT +ETag: "61dc2-5374-4a973333" +Accept-Ranges: bytes +Content-Length: 21364 +Content-Type: text/html + + +
+ +
+ssh + -PICTURE OF PKGTOOL MAIN SCREEN. -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! -FILL THIS IN!!!!!! +As we mentioned, telnet may be useful as a +diagnostic tool, but its unencrypted nature makes it a security concern +for shell access. Thankfully, there's the secure shell protocol. Nearly +every Linux, UNIX, and BSD distribution today makes use of OpenSSH, or +ssh(1) for short. It is one of the most +commonly used network tools today and makes use of the strongest +cryptographic techniques. ssh has many +features, configuration options, and neat hacks, enough to fill its own +book, so we'll only go into the basics here. Simply run +ssh with the user name and the host and +you'll be connected to it quickly and safely. If this is the first time +you are connecting to this computer, ssh +will ask you to confirm your desire, and make a local copy of the +encryption key to use. Should this key later change, +ssh will warn you and refuse to connect +because it is possible that some one is attempting to hijack the +connection using what is known as a man-in-the-middle attack. +darkstar:~# ssh alan@slackware.com +alan@slackware.com's password: secret +alan@slackware.com:~$ + + -pkgtool is a convenient and easy way to -perform the most basic tasks, but for more advanced work more flexible -tools are needed. +The user and hostname are in the same form used by e-mail addresses. +If you leave off the username part, ssh will +use your current username when establishing the connection.
-Installing, Removing, and Upgrading Packages - - -While pkgtool scores points for convenience, -installpkg(8) is much more capable of -handling odd tasks, such as quickly installing a single package, -installing an entire disk set of packages, or scripting an install. -installpkg takes a list of packages to -install, and simply installs them without asking any questions. Like -all Slackware package management tools, it assumes that you know what -you're doing and doesn't pretend to be smarter than you. In its -simplest form, installpkg simply takes a -list of packages to install, and does exactly what you would expect. - - -darkstar:~# installpkg blackbox-0.70.1-i486-2.txz -Verifying package blackbox-0.70.1-i486-2.txz. -Installing package blackbox-0.70.1-i486-2.txz: -PACKAGE DESCRIPTION: -# blackbox (Blackbox window manager) -# -# Blackbox is that fast, light window manager you have been looking for -# without all those annoying library dependencies. -# -# Also included in this package is the bbkeys utility for controlling -# keyboard shortcut commands from within Blackbox. -# -# The Blackbox home page is http://blackboxwm.sourceforge.net -# -Package blackbox-0.70.1-i486-2.txz installed. - - -You can of course install multiple packages at a time, and in fact use -shell wild cards. The following installs all of the "N" series -packages from a mounted CD-ROM. - - -darkstar:~# installpkg /mnt/cdrom/slackware/n/*.txz - - -Removing a package is every bit as easy as installing one. As you might -expect, the command to do this is -removepkg(8). Simply tell it which packages -to remove, and removepkg will check the -contents of the package database and remove all the files and -directories for that package with one caveat. If that file is included -in multiple installed packages, it will be skipped and if a directory -has new files in it, the directory will be left in place. Because of -this, removing packages takes a good while longer than installing them. - - -darkstar:~# removepkg blackbox-0.70.1-i486-2.txz +tcpdump + + +So far all the tools we've looked at have focused on making connections +to other computers, but now we're going to look at the traffic itself. +tcpdump(1) (which must be run as root) +allows us to view all or part of the network traffic originating or +received by our computer. tcpdump displays +the raw data packets in a variety of ways with all the network headers +intact. Don't be alarmed if you don't understand everything it +displays, tcpdump is a tool for professional +network engineers and system administrators. By default, it probes the +first network card it finds, but if you have multiple interfaces, +simply use the -i argument to specify which one you're +interested in. You can also limit the data displayed using expressions +and change the manner in which it is displayed, but that is best +explained by the man page and other reference material. + + +darkstar:~# tcpdump -i wlan0 +tcpdump: verbose output suppressed, use -v or -vv for full protocol +decode +listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes +13:22:28.221985 IP gw.ctsmacon.com.microsoft-ds > 192.168.1.198.59387: +Flags [P.], ack 838190560, win 3079, options [nop,nop,TS val 1382697489 +ecr 339048583], length 164WARNING: Short packet. Try increasing the +snap length by 140 +SMB PACKET: SMBtrans2 (REPLY) + +13:22:28.222392 IP 192.168.1.198.59387 > gw.ctsmacon.com.microsoft-ds: +Flags [P.], ack 164, win 775, options [nop,nop,TS val 339048667 ecr +1382697489], length 134WARNING: Short packet. Try increasing the snap +length by 110 +SMB PACKET: SMBtrans2 (REQUEST) + + +
+ +
+nmap + + +Suppose you need to know what network services are running on a +machine, or multiple machines, or you wish to determine if multiple +machines are responsive? You could ping +each one individually, telnet to each port +you're interested in, and note every detail, but that's very tedious +and time consuming. A much easier alternative is to use a port scanner, +and nmap(1) is just the tool for the job. +nmap is capable of scanning TCP and UDP +ports, determining the operating system of a network device, probing +each located service to determine its specific type, and much much +more. Perhaps the simplist way to use nmap +is to "ping" multiple computers at once. You can use network address +notation (CIDR) or specify a range of addresses and +nmap will scan every one and return the +results to you when it's finished. You can even specify host names as +you like. + + + +In order to "ping" hosts, you'll have to use the -sP +argument. The following command instructs +nmap to "ping" www.slackware.com and the 16 +IP addresses starting at 72.168.24.0 and ending at 72.168.24.15. + + +darkstar:~# nmap -sP www.slackware.com 72.168.24.0/28 + + + +Should you need to perform a port scan, nmap +has many options for doing just that. When run without any arguments, +nmap performs a standard TCP port scan on all +hosts specified. There are also options to make +nmap more or less aggressive with its +scanning to return results quicker or fool intrusion detection +services. For a full discussion, you should refer to the rather +exhaustive man page. The following three commands perform a regular +port scan, a SYN scan, and a "Christmas tree" scan. + + +darkstar:~# nmap www.example.com +darkstar:~# nmap -sS www.example.com +darkstar:~# nmap -sX www.example.com + + + +Be warned! Some Internet Service Providers frown heavily on port +scanning and may take measures to prevent you from doing it. +nmap and applications like it are best used +on your own systems for maintenance and security purposes, not as +general purpose Internet scanners. + + +
+ +
+ +
Web Browsers + + +Slackware includes a variety of web browsers. If you're using a +graphical desktop, you'll find Firefox, Seamonkey, and others you may +already be familiar with, but what about console access? Fortunately, +there are a number of capable web browsers here as well. + + +
lynx + + +The oldest console-based web browser included with Slackware is +definitely lynx(1), a very capable if +somewhat limited web browser. lynx does not +support frames, javascript, or pictures; it is strictly a text web +browser. Navigation is performed using your keyboard's arrow keys and +optionally, a mouse. While it lacks many features that other browsers +support, lynx is one of the fastest web +browsers you'll ever use for gathering information. For example, the +-dump argument sends the formatted web page directly to the +console, which can then be piped to other programs. + + + +PIC OF LYNX IN ACTION. +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! + + +
+ +
links + + +A more feature-rich alternative is the popular +links(1), a console-based web browser that +supports frames and has better table rendering than +lynx. Like its predecessor, +links is navigated with the arrow keys, and +the use of a mouse is supported. Unlike, +lynx it also includes a handy menu (simply +click on the top line with your mouse to activate) and generally +formats web pages better. + + + +PIC OF LINKS IN ACTION. +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! +FILL THIS IN!!!!!!! + + +
+ +
wget + + +Unlike the other browsers we've looked at, +wget(1) is non-interactive. Rather than display +HTTP content, wget downloads it. This takes +the "browsing" out of the web browser. Unlike the dump modes of other +browsers, wget does not format its +downloads; rather it copies the content in its exact form on the web +server with all tags and binary data in place. It also supports several +recursive options that can effectively mirror online content to your +local computer. wget need not operate +exclusively on HTTP content; it also supports FTP and several other +protocols. + + +darkstar:~# wget ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt +--2010-05-01 13:51:19-- +ftp://ftp.osuosl.org/pub/slackware/slackware-current/ChangeLog.txt + => `ChangeLog.txt' +Resolving ftp.osuosl.org... 64.50.236.52 +Connecting to ftp.osuosl.org|64.50.236.52|:21... connected. +Logging in as anonymous ... Logged in! +==> SYST ... done. ==> PWD ... done. +==> TYPE I ... done. ==> CWD /pub/slackware/slackware-current ... done. +==> SIZE ChangeLog.txt ... 75306 +==> PASV ... done. ==> RETR ChangeLog.txt ... done. +Length: 75306 (74K) + +100%[======================================>] 75,306 110K/s in 0.7s + +2010-05-01 13:51:22 (110 KB/s) - `ChangeLog.txt' saved [75306] +
+ +
+ +
+FTP Clients + -Finally, upgrading is just as easy with (you guessed it), -upgradepkg(8) which first installs a new -package, then removes whatever files and directories are left-over from -the old package. One important thing to remember is that -upgradepkg doesn't check to see if the -previously installed package has a higher version number than the "new" -package, so it can also be used to downgrade to older versions. +Lots of data is stored on FTP servers the world over. In fact, +Slackware Linux was first publically offered via FTP and continues to +be distributed in this fashion today. Most open source software can be +downloaded in source code or binary form via FTP, so knowing how to +retrieve this information is a handy skill. +
ftp + +The simplest FTP client included with Slackware is named simply, +ftp(1) and is a reliable if somewhat simple +means of sending and retrieving data. ftp +connects to an FTP server, asks for your username and password, and +then allows you to put or get data to and from that server. +ftp has fallen out of favor with more +experienced users do to a lack of features, but remains a handy tool, +and much of the documentation you see online will refer you to it. + -darkstar:~# upgradepkg blackbox-0.70.1-i486-2.txz + +Once an FTP session has been initialized, you'll be placed at a prompt +somewhat like a shell. From here you can change and list directories +using the "cd" and "ls" commands, just like a shell. Additionally, you +may issue the "put" command to send a file to the server, or a "get" +command to retrieve data from the server. If you're connecting to a +public FTP server, you'll want to use the "anonymous" username and +simply enter your e-mail address (or a fake one) for the password. + -+============================================================================== -| Upgrading blackbox-0.65.0-x86_64-4 package using -./blackbox-0.70.1-i486-2.txz -+============================================================================== +darkstar:~# ftp ftp.osuosl.org +Name (ftp.osuosl.org:alan): anonymous +331 Please specify the password. +Password: secret +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> cd pub/slackware/slackware-current/ +250 Directory successfully changed. +ftp> get ChangeLog.txt +local: ChangeLog.txt remote: ChangeLog.txt +200 PORT command successful. Consider using PASV. +150 Opening BINARY mode data connection for ChangeLog.txt (33967 +bytes). +226 File send OK. +33967 bytes received in 0.351 secs (94 Kbytes/sec) +ftp> bye +221 Goodbye. + -Pre-installing package blackbox-0.70.1-i486-2... +
-Removing package -/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51... - --> Deleting symlink /usr/share/blackbox/nls/POSIX - --> Deleting symlink /usr/share/blackbox/nls/US_ASCII - --> Deleting symlink /usr/share/blackbox/nls/de - --> Deleting symlink /usr/share/blackbox/nls/en - --> Deleting symlink /usr/share/blackbox/nls/en_GB -... -Package blackbox-0.65.0-x86_64-4 upgraded with new package -./blackbox-0.70.1-i486-2.txz. +
ncftp -All of these tools have useful arguments. For example, the ---root to installpkg will install -packages into an arbitrary directory. The --dry-run argument -will instruct upgradepkg to simply tell you -what it would attempt without actually making any changes to the -system. For complete details, you should (as always) refer to the man -pages. +ncftp(1) (pronounced nick-f-t-p), is a more +feature rich successor to ftp, supporting +tab completion and recursive retrieval. It automatically connects to a +server as the anonymous user, unless you specify a different username +on the commandline with the -u argument. The primary +advantage over ftp is the ability to send +and retrieve multiple files at once with the "mput" and "mget" +commands. If you pass the -R argument to either of them, +they will recursively put or get data from directories. +darkstar:~# ncftp ftp.osuosl.org +Logging in... +Login successful. +Logged in to ftp.osuosl.org. +ncftp / > cd pub/slackware/slackware-current +Directory successfully changed. +ncftp ...ware/slackware-current > mget -R isolinux +isolinux/README.TXT: 4.63 kB 16.77 kB/s +isolinux/README_SPLIT.TXT: 788.00 B 5.43 kB/s +isolinux/f2.txt: 793.00 B 5.68 kB/s +isolinux/initrd.img: 13.75 MB 837.91 kB/s +isolinux/iso.sort: 50.00 B 354.50 B/s +isolinux/isolinux.bin: 14.00 kB 33.99 kB/s +isolinux/isolinux.cfg: 487.00 B 3.30 kB/s +isolinux/message.txt: 760.00 B 5.32 kB/s +isolinux/setpkg: 2.76 kB 19.11 kB/s +ncftp ...ware/slackware-current > bye + + +
+ +
lftp + + +The last client we're going to look at is +lftp(1). Like +ncftp, it supports tab completion and +recursive activity, but has a more friendly license. Rather than user +"mget" and "mput", all recursive operations are handled with the +"mirror" command. "mirror" has many different options available, so +I'll have to refer you to the man page and the built-in "help" command +for complete details. + + +darkstar:~# lftp ftp.osuosl.org +lftp ftp.osuosl.org:~> cd /pub/slackware/slackware-current +cd ok, cwd=/pub/slackware/slackware-current +lftp ftp.osuosl.org:/pub/slackware/slackware-current> mirror isolinux +Total: 2 directories, 16 files, 1 symlink +New: 16 files, 1 symlink +14636789 bytes transferred in 20 seconds (703.7K/s) +lftp ftp.osuosl.org:/pub/slackware/slackware-current> bye + + +
+
-Package Compression Formats +NNTP Clients -We won't go in depth into the details of package formats, but a few -words should be given here. In the past, all Slackware packages were -compressed with the gzip(1) compression -utility, which was a good compromise between compression speed and -size. Recently, new compression schemes have been added and the -package management tools have been upgraded to handle these. Today, -official Slackware packages are compressed with the -xz utility and end with .txz extensions. -Older packages (and many third party packages) still use the .tgz -extension. +Once upon a time when the Internet was young, before the World Wide Web +was invented and no one had heard of hyperlinks, everyone retrieved +their news and information through a service known as Usenet using the +NNTP protocol. It remains today a useful knowledge base of information +on an incredible variety of subjects, but if you wish to access this +information, you're going to need a proper client. Slackware includes +a number of NNTP clients with both console and graphical interfaces, +but we'll only detail the console tools here. Popular graphical news +readers include knode and +pan. +
tin + +
+ +
slrn + +
+
-<application>slackpkg</application> +rsync - The slackpkg is an automated tool for -management of Slackware Linux Packages. It was in /extra for -the release of slackware-12.1, and since the release of -slackware-12.2 it is included in the ap/ series of a base -installation. +Ready to see something cool? Have you ever found yourself needing just +a handful of files from a large directory, but you're not entirely sure +which files you already have and which ones you need? You can download +the entire directory again, but that's duplicating a lot of work. You +can pick and chose, manually check everything, but that's very tedious. +Perhaps you've downloaded a large file such as an ISO, but something +went wrong with the download? It doesn't make sense that you should +have to pull down the entire file again if only a few bits have been +corrupted. Enter rsync(1), a fast and +versatile copying tool for local and remote files. + + +rsync uses a handful of simple, but very +effective techniques to determine what needs to be changed. By checking +file size and time stamps, it can determine if two files are different. +If something has changed, it can determine what bytes are different, +and simply download that handfull of data rather than an entire file. +It is truly a marvel of modern technology. + + - For more information see the man pages for -slackpkg(8) and slackpkg.conf(5). +In its simplist form, rsync connects to an +rsync protocol server and downloads a list of files and directories, +along with their sizes, timestamps, and other information. It then +compares this to the local files (if any) to determine what it needs to +transfer. Only files that are different will be synced. Additionally, +it breaks up large files into smaller chunks and compares those chunks +using a quick and simple hash function. Any chunks that match are not +transferred, so the amount of data that must be copied can be +dramatically reduced. rsync also supports +compression, verbose output, file deletion, permission handling, and +many other options. For a complete list, you'll need to refer to the +man page, but I've included a small table of some of the more common +options. + + +rsync Arguments + + + Argument + Explaination + + + + -v + Increased verbosity + + + -c + Checksum all files rather than relying on file size and timestamp + + + -a + Archive mode (equivilant to -rlptgoD) + + + -e + Specify a remote shell to use + + + -r + Recursive mode + + + -u + Update - skip files that are newer on the receiving end + + + -p + Preserve permissions + + + -n + Dry-run - perform a trial run without making any changes + + + -z + Compress - handy for slow network connections + + + +
+ -Homepage: http://www.slackpkg.org/ +Due to the power and versatility of rsync, +it can be invoked in a number of ways. The following two examples +connect to an rsync protocol server to retrieve some information and to +another server via ssh to encrypt the transmission. +darkstar:~# rsync -avz rsync://ftp.osuosl.org/pub/slackware/slackware-current/ \ +/src/slackware-current/ +darkstar:~# rsync -e ssh ftp.slackware.com:/home/alan/foo /tmp/foo + +
diff --git a/chapter_17.xml b/chapter_17.xml index ea3035c..4da780b 100644 --- a/chapter_17.xml +++ b/chapter_17.xml @@ -3,119 +3,188 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -Keeping Track of Updates +Package Management + + +Package management is an essential part of any Linux distribution. +Every piece of software included by Slackware, along with many +third-party tools are distributed as source code that can be compiled, +but compiling all those thousands of different applications and +libraries is tedious and time consuming. That's why many people prefer +to install pre-compiled software packages. In fact, when you installed +Slackware, the setup program primarily +worked by running package management tools on a list of packages. Here +we'll look at the various tools used for handling Slackware packages. +
-The -stable Branch +<application>pkgtool</application> -Whenever a new version of Slackware is released, the Slackware team will, -as needed, release updated packages to fix serious security vulnerabilities -and particularly nasty bugs. Therefore, it's important to keep up with all -of the patches for your version of Slackware, which is referred to as the -"-stable" branch. There is also a "-current" branch, which is where we do -our development work toward the next stable release (and as such, there are -often intrusive changes there), but unless you're willing to work with a -possibly broken system and are able to fix things on your own, we strongly -recommend that you stick with the "-stable" branch. +The simplest way to perform package maintenance tasks is to invoke +pkgtool(8), a menu-driven interface to some of +the other tools. pkgtool allows you to +install or remove packages as well as view the contents of those +packages and the list of currently installed packages in a +user-friendly ncurses interface. -Since -stable updates aren't distributed on the disks, you'll need to obtain -them from the Internet. Many people and organizations offer mirrors from -which you can download the entire Slackware tree (or only the -patches/ directory) in any number of ways. While some -mirrors offer web access, the most common ways of obtaining updates are via -ftp and/or rsync servers. The Slackware project maintains a small list -(organized by country) of known mirrors. If you're unsure which mirror you -should use, simply consult -http://www.slackware.com/getslack/ -for suggestions. If you have a major university near you, there's a good -chance that they offer a mirror of numerous open source projects, and -Slackware may be among them. The only real requirement for a mirror is that -it be complete, but usually it's best to use a mirror near where you live in -order to achieve the fastest transfer times and use the least amount of -Internet resources. +PICTURE OF PKGTOOL MAIN SCREEN. +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! +FILL THIS IN!!!!!! -So how do you know when there are updates? The best way is to consult the -ChangeLog.txt on any up-to-date mirror. You can always -find the latest changelogs for the "-current" and most recent "-stable" -branch on the Slackware Project's web page, but if you're running an older -version of Slackware, you'll need to check a mirror. +pkgtool is a convenient and easy way to +perform the most basic tasks, but for more advanced work more flexible +tools are needed. -darkstar:~# wget -O - \ -ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \ -| less -Sun Jan 24 20:22:46 UTC 2010 -patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. - This fixes a couple of security bugs when using mod_proxy_ftp. - For more information, see: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 - (* Security fix *) -
-Security Update Mailing List +Installing, Removing, and Upgrading Packages + + +While pkgtool scores points for convenience, +installpkg(8) is much more capable of +handling odd tasks, such as quickly installing a single package, +installing an entire disk set of packages, or scripting an install. +installpkg takes a list of packages to +install, and simply installs them without asking any questions. Like +all Slackware package management tools, it assumes that you know what +you're doing and doesn't pretend to be smarter than you. In its +simplest form, installpkg simply takes a +list of packages to install, and does exactly what you would expect. + + +darkstar:~# installpkg blackbox-0.70.1-i486-2.txz +Verifying package blackbox-0.70.1-i486-2.txz. +Installing package blackbox-0.70.1-i486-2.txz: +PACKAGE DESCRIPTION: +# blackbox (Blackbox window manager) +# +# Blackbox is that fast, light window manager you have been looking for +# without all those annoying library dependencies. +# +# Also included in this package is the bbkeys utility for controlling +# keyboard shortcut commands from within Blackbox. +# +# The Blackbox home page is http://blackboxwm.sourceforge.net +# +Package blackbox-0.70.1-i486-2.txz installed. + + +You can of course install multiple packages at a time, and in fact use +shell wild cards. The following installs all of the "N" series +packages from a mounted CD-ROM. + + +darkstar:~# installpkg /mnt/cdrom/slackware/n/*.txz + + +Removing a package is every bit as easy as installing one. As you might +expect, the command to do this is +removepkg(8). Simply tell it which packages +to remove, and removepkg will check the +contents of the package database and remove all the files and +directories for that package with one caveat. If that file is included +in multiple installed packages, it will be skipped and if a directory +has new files in it, the directory will be left in place. Because of +this, removing packages takes a good while longer than installing them. + + +darkstar:~# removepkg blackbox-0.70.1-i486-2.txz + -While the Slackware team does release updated bugfix-only packages (i.e. -not security fixes) occasionally, you're probably most interested in -security fixes for vulnerabilities discovered after the -stable release. -The Slackware Project maintains a mailing list that will notify you of any -updated packages for such serious issues. In order to subscribe to the -mailing list, send an e-mail to majordomo@slackware.com -with the words 'subscribe slackware-security' in the body of the message. -The majordomo will be happy to add your name to the list, and when new -packages are released, it will mail an advisory to you. +Finally, upgrading is just as easy with (you guessed it), +upgradepkg(8) which first installs a new +package, then removes whatever files and directories are left-over from +the old package. One important thing to remember is that +upgradepkg doesn't check to see if the +previously installed package has a higher version number than the "new" +package, so it can also be used to downgrade to older versions. + + + + +darkstar:~# upgradepkg blackbox-0.70.1-i486-2.txz + ++============================================================================== +| Upgrading blackbox-0.65.0-x86_64-4 package using +./blackbox-0.70.1-i486-2.txz ++============================================================================== + +Pre-installing package blackbox-0.70.1-i486-2... + +Removing package +/var/log/packages/blackbox-0.65.0-x86_64-4-upgraded-2010-02-23,16:50:51... + --> Deleting symlink /usr/share/blackbox/nls/POSIX + --> Deleting symlink /usr/share/blackbox/nls/US_ASCII + --> Deleting symlink /usr/share/blackbox/nls/de + --> Deleting symlink /usr/share/blackbox/nls/en + --> Deleting symlink /usr/share/blackbox/nls/en_GB +... +Package blackbox-0.65.0-x86_64-4 upgraded with new package +./blackbox-0.70.1-i486-2.txz. + + +All of these tools have useful arguments. For example, the +--root to installpkg will install +packages into an arbitrary directory. The --dry-run argument +will instruct upgradepkg to simply tell you +what it would attempt without actually making any changes to the +system. For complete details, you should (as always) refer to the man +pages.
-Upgrading Slackware Versions +Package Compression Formats -Now that we've gone this far, you should feel reasonably competent in your -ability to manage your Slackware system. But what do we do with it when -there's a new release? Updating from one release of Slackware to another -is a lot more complicated than simply updating a few packages. Each release -changes a lot of things, and while many of these changes are small, some of -them can completely break your system if you haven't prepared for them and/or -don't understand what is changing and why. While some Linux distributions -provide highly automated tools that attempt to handle every tiny detail for -you, Slackware takes a much more hands-on approach to things. +We won't go in depth into the details of package formats, but a few +words should be given here. In the past, all Slackware packages were +compressed with the gzip(1) compression +utility, which was a good compromise between compression speed and +size. Recently, new compression schemes have been added and the +package management tools have been upgraded to handle these. Today, +official Slackware packages are compressed with the +xz utility and end with .txz extensions. +Older packages (and many third party packages) still use the .tgz +extension. +
+ +
+<application>slackpkg</application> + -The very first thing you should do before attempting an upgrade is the one -that many people neglect: decide if it's really necessary to upgrade. If -the old system is stable and doing everything you want it to do, there may -be no need to do an operating system upgrade at all. Assuming you decide -to do the upgrade, then the second thing you should do is read the -CHANGES_AND_HINTS.TXT file on your upgrade discs or -a mirror. This file is updated during the development period before every -release, and it lists lots of helpful hints and tips to aid you in dealing -with the changes. Finally, read the UPGRADE.TXT file -before proceeding. After doing these things, you may decide that it's less -trouble and potential for problems to backup your configuration files and -data and do a fresh installation of the new Slackware release rather than -attempt a possibly tricky upgrade. However, if you still wish to continue, -make backups of your data and configuration files first. At a minimum, -it's good practice to backup the /etc and /home -directories. This will give you a chance to perform a reinstall if something -goes wrong with the upgrade. + The slackpkg is an automated tool for +management of Slackware Linux Packages. It was in /extra for +the release of slackware-12.1, and since the release of +slackware-12.2 it is included in the ap/ series of a base +installation. + + + For more information see the man pages for +slackpkg(8) and slackpkg.conf(5). - -Since every new version of Slackware has a few differences, giving complete -instructions here is not only futile but potentially misleading. You should -always consult the documentation included on your Slackware disks or your -favorite mirror. +Homepage: http://www.slackpkg.org/
diff --git a/chapter_18.xml b/chapter_18.xml index bc49aed..ea3035c 100644 --- a/chapter_18.xml +++ b/chapter_18.xml @@ -3,375 +3,119 @@ "/usr/share/xml/docbook/xml-dtd-4.5/docbookx.dtd"> -The Linux Kernel +Keeping Track of Updates
-What Does the Kernel Do? - - -You've probably heard people talking about compiling the kernel or -building a kernel, but what exactly is the kernel and what does it do? -The kernel is the center of your computer. It is the foundation for the -entire operating system. The kernel acts as a bridge between the -hardware and the applications. This means that the kernel is (usually) -the sole piece of software responsible for ordering around the hardware -components of your computer. It is the kernel that instructs the hard -drive to search for a certain data stream. It is the kernel that -instructs your network card to transmit rapid changes in voltage. The -kernel also listens to hardware as well. When the network card detects -a remote computer sending information, it forwards that information to -the kernel. This makes the kernel both the single most important piece -of software on your computer and the most complex. - +The -stable Branch + + +Whenever a new version of Slackware is released, the Slackware team will, +as needed, release updated packages to fix serious security vulnerabilities +and particularly nasty bugs. Therefore, it's important to keep up with all +of the patches for your version of Slackware, which is referred to as the +"-stable" branch. There is also a "-current" branch, which is where we do +our development work toward the next stable release (and as such, there are +often intrusive changes there), but unless you're willing to work with a +possibly broken system and are able to fix things on your own, we strongly +recommend that you stick with the "-stable" branch. + + + +Since -stable updates aren't distributed on the disks, you'll need to obtain +them from the Internet. Many people and organizations offer mirrors from +which you can download the entire Slackware tree (or only the +patches/ directory) in any number of ways. While some +mirrors offer web access, the most common ways of obtaining updates are via +ftp and/or rsync servers. The Slackware project maintains a small list +(organized by country) of known mirrors. If you're unsure which mirror you +should use, simply consult +http://www.slackware.com/getslack/ +for suggestions. If you have a major university near you, there's a good +chance that they offer a mirror of numerous open source projects, and +Slackware may be among them. The only real requirement for a mirror is that +it be complete, but usually it's best to use a mirror near where you live in +order to achieve the fastest transfer times and use the least amount of +Internet resources. + + + +So how do you know when there are updates? The best way is to consult the +ChangeLog.txt on any up-to-date mirror. You can always +find the latest changelogs for the "-current" and most recent "-stable" +branch on the Slackware Project's web page, but if you're running an older +version of Slackware, you'll need to check a mirror. + + +darkstar:~# wget -O - \ +ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \ +| less +Sun Jan 24 20:22:46 UTC 2010 +patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. + This fixes a couple of security bugs when using mod_proxy_ftp. + For more information, see: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 + (* Security fix *)
-Working with Modules - - -The complexity of a modern linux kernel is staggering. The source code -for the kernel weighs in at nearly 400MB uncompressed. There are -thousands of developers, hundreds of options, and if everything were -built together, the kernel would soon pass 100MB in size itself. In -order to keep the size of the kernel down (as well as the amount of RAM -needed for the kernel), most of the kernel options are built as -modules. You can think of these modules as device drivers which can be -inserted or removed from a running kernel at will. In truth, many of -them aren't device drivers at all, but contain support for things such -as network protocols, security measures, and even filesystems. In -short, nearly any piece of the linux kernel can be built as a loadable -module. - - - -It's important to realize that Slackware will automatically handle -loading most modules for you. When your system boots, -udevd(8) is started and begins to probe your -system's hardware. For each device it finds, it loads the proper module -and created a device node in /dev. This usually -means that you will not need to load any modules in order to use your -computer, but occasionally this is necessary. - - - -So what modules are currently loaded on your computer and how do we -load and unload them? Fortunately we have a full suite of tools for -handling this. As you might have guessed, the tool for listing modules -is lsmod(8). - - -darkstar:~# lsmod -Module Size Used by -nls_utf8 1952 1 -cifs 240600 2 -i915 168584 2 -drm 168128 3 i915 -i2c_algo_bit 6468 1 i915 -tun 12740 1 -... many more lines ommitted ... - - - -In addition to showing you what modules are loaded, it displays the -size of each module and tells you what other modules are using it. - - - -There are two applications for loading modules: -insmod(8) and -modprobe(8). Both will load modules and -report any errors (such as loading a module for a device that isn't -present in your system), but modprobe is -preferred because it can load any module dependencies. Using either is -straight-forward. - - -darkstar:~# insmod ext3 -darkstar:~# modprobe ext4 -darkstar:~# lsmod | grep ext -ext4 239928 1 -jbd2 59088 1 ext4 -crc16 1984 1 ext4 -ext3 139408 0 -jbd 48520 1 ext3 -mbcache 8068 2 ext4,ext3 - +Security Update Mailing List -Removing modules can be a tricky process, and once again we have two -programs for removing them: rmmod(8) and -modprobe. In order to remove a module with -modprobe, you'll need to use the -r argument. +While the Slackware team does release updated bugfix-only packages (i.e. +not security fixes) occasionally, you're probably most interested in +security fixes for vulnerabilities discovered after the -stable release. +The Slackware Project maintains a mailing list that will notify you of any +updated packages for such serious issues. In order to subscribe to the +mailing list, send an e-mail to majordomo@slackware.com +with the words 'subscribe slackware-security' in the body of the message. +The majordomo will be happy to add your name to the list, and when new +packages are released, it will mail an advisory to you. -darkstar:~# rmmod ext3 -darkstar:~# modprobe -r ext4 -darkstar:~# lsmod | grep ext - -
-Compiling A Kernel and Why to do So - - -Most Slackware users will never need to compile a kernel. The huge and -generic kernels contain virtually all the support you will need. -However, some users may need to compile a kernel. If your computer -contains bleeding edge hardware, a newer kernel may offer improved -support. Sometimes a kernel patch my be available that corrects a -problem you are experiencing. In these cases a kernel compile is -probably warranted. Users who simply want the latest and greatest -version or who believe using a custom compiled kernel will give them -greater performance can certainly upgrade, but are unlikely to notice -any major changes. If you still think compiling your own kernel is -something you want or need to do, this section should walk you through -the many steps. -Compiling and installing a kernel is not that difficult, but there are -a number of mistakes that can be made along the way, many of which can -prevent your computer from booting and cause major frustration. - - - -The first step is ensuring you have the kernel source code installed on -your system. The kernel source package is included in the "k" disk set -in the Slackware installer, or you can download another version from -http://www.kernel.org/. -Traditionally, the kernel source is located in -/usr/src/linux, a symbolic link that points to the -specific kernel release used, but this is by no means set in stone. You -can place the kernel source code virtually anywhere without -encountering any problems. - - -darkstar:~# ls -l /usr/src -lrwxrwxrwx 1 root root 14 2009-07-22 19:59 linux -> linux-2.6.29.6/ -drwxr-xr-x 23 root root 4096 2010-03-17 19:00 linux-2.6.29.6/ - - - -The most difficult part of any kernel compile is the kernel -configuration. There are hundreds of options, many of which can -optionally be compiled into modules. This means there are thousands of -ways to configure a kernel. Fortunately, there are a few handy tricks -that can keep you from running into too much trouble. The kernel -configuration file is .config. If you are very -brave, you can manually edit this file with a text editor, but I highly -recommend you use the kernel's built-in tools for manipulating -.config. - - - -Unless you are very familiar with configuring kernels, you should -always start with a solid base configuration and modify it. This -prevents you from skipping an important option that might force you to -compile the kernel again and again until you get it right. The best -kernel .config files to start with are those used -by Slackware's default kernels. You can find them on your Slackware -install disks or at your favorite mirror in the -kernels/ directory. - - -darkstar:~# mount /mnt/cdrom -darkstar:~# cd /mnt/cdrom/kernels -darkstar:/mnt/cdrom/kernels# ls -VERSIONS.TXT huge.s/ generic.s/ speakup.s/ -darkstar:/mnt/cdrom/kernels# ls genric.s -System.map.gz bzImage config - - - -You can replace the default .config file easily by -copying or downloading the config file for the -kernel you wish to use as a base. Here I am using Slackware's -recommended generic.s kernel for a base, but you may wish to use the -huge.s config file. The generic kernel builds more things as modules -and thus creates a smaller kernel image, but it usually requires the -use of an initrd. - - -darkstar:/mnt/cdrom/kernels# cp generic.s/config /usr/src/linux/.config - - - -The Slackware kernel file lacks the "dot" while the kernel -file includes it. If you forget, or simply copy the -config to /usr/src whatever -.config file was already present will be used -instead. - - - -If you want to use the configuration for the currently running kernel -as your base, you may be able to locate it at -/proc/config.gz. This is a special kernel-related -file that includes the entire kernel configuration in a compressed -format and requires that your kernel was built to support it. - - -darkstar:~# zcat /proc/config.gz > /usr/src/linux/.config - - - -Now that we've created a solid base configuration, it's time to make -any configuration changes we want. The entire kernel build process from -configuration to compilation is performed with the -make(1) command and special arguments to it. -Each argument performs a different function. - - - -If you are upgrading to a newer kernel release, you will definitely -want to use the oldconfig argument. This will step through -your base .config and look for missing elements -that usually indicates that the new kernel release contains additional -options. Since options are added at virtually every kernel release, -this is generally a good thing to do. - - -darkstar:/usr/src/linux# make oldconfig -scripts/kconfig/conf -o arch/x86/Kconfig -* -* Restart config... -* -* -* File systems -* -Second extended fs support (EXT2_FS) [M/n/y/?] m - Ext2 extended attributes (EXT2_FS_XATTR) [N/y/?] n - Ext2 execute in place support (EXT2_FS_XIP) [N/y/?] n -Ext3 journalling file system support (EXT3_FS) [M/n/y/?] m - Ext3 extended attributes (EXT3_FS_XATTR) [Y/n/?] y - Ext3 POSIX Access Control Lists (EXT3_FS_POSIX_ACL) [Y/n/?] y - Ext3 Security Labels (EXT3_FS_SECURITY) [Y/n/?] y -The Extended 4 (ext4) filesystem (EXT4_FS) [N/m/y/?] (NEW) m - - - -Here you can see that I the new kernel I am compiling has added support -for a new filesystem: ext4. oldconfig has gone through my -original configuration, kept all the old options exactly as they were -set, and prompted me on what to do with new options. Typically it is -save to choose the default option, but you may wish change this. -oldconfig is a very handy tool for presenting you with only -new configuration options, making it ideal for users who simply have to -try out the latest kernel release. - - - -For more serious configuration tasks, there are a multitude of options. -The linux kernel can be configured in three primary ways. The first is -config, which will step through each and every option one by -one and ask what you would like to do. This is so tedious that hardly -anyone ever uses it anymore. - - -darkstar:/usr/src/linux# make config -scripts/kconfig/conf arch/x86/Kconfig -* -* Linux Kernel Configuration -* -* -* General setup -* -Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] Y -Local version - append to kernel release (LOCALVERSION) [] -test -Automatically append version information to the version string (LOCALVERSION_AUTO) [N/y/?] n -Support for paging of anonymous memory (swap) (SWAP) [Y/n/?] - - - -Fortunately, there are two much easier ways to configure your kernel, -menuconfig and xconfig. Both of these create a -menu-driven program that lets you select and de-select options without -having to step through each one. menuconfig is the most -commonly used method, and the one I recommend. xconfig is -only useful if you are attempting to compile the kernel from a -graphical user interface within X. Both are -so similar however, that we are only going to document -menuconfig. - - - -Running make menuconfig from a terminal will -present you with the friendly curses-driven interface you see below. -Each kernel section is given its own submenu, and you can navigate with -the arrow keys. - - - - - -If you are compiling a kernel that is the same release as the stock -Slackware kernel, you must set the "Local version" option. This is -found on the "General setup" submenu. Failure to set this will result -in your kernel compile over-writing all the modules used by the stock -kernels. This can quickly render your system unbootable. - - - -Once you've finished configuring the kernel, it's time to begin -compiling it. There are many different methods for this, but the most -reliable is to use bzImage. When you pass this argument to -make, the kernel compilation will begin and -you will see lots of data scroll through the terminal until either the -compile process is complete or a fatal error is encountered. - - -darkstar:/usr/src/linux# make bzImage -scripts/kconfig/conf -s arch/x86/Kconfig - CHK include/linux/version.h - CHK include/linux/utsrelease.h - SYMLINK include/asm -> include/asm-x86 - CALL scripts/checksyscalls.sh - CC scripts/mod/empty.o - HOSTCC scripts/mod/mk_elfconfig - MKELF scripts/mod/elfconfig.h - HOSTCC scripts/mod/file2alias.o -... many hundreds of lines ommitted ... - - - -If the process ends in an error, you should check your kernel -configuration first. Compile errors are usually caused by a fault -.config file. Assuming everything went alright, -we're still not entirely finished, as we need to build the modules. - - -darkstar:/usr/src/linux# make modules - CHK include/linux/version.h - CHK include/linux/utsrelease.h - SYMLINK include/asm -> include/asm-x86 - CALL scripts/checksyscalls.sh - HOSTCC scripts/mod/file2alias.o -... many thousands of lines omitted ... - - - -If both the kernel and the modules compiles finished sucessfully, we're -ready to install them. The kernel image needs to be copied into a safe -location, typically the /boot directory, and you -should give it a unique name to avoid overwriting any other kernel -images located there. Traditionaly kernel images are named -vmlinuz with the kernel release and local version -appended. - - -darkstar:/usr/src/linux# cat arch/x86/boot/bzImage > /boot/vmlinuz-release_number-local_version -darkstar:/usr/src/linux# make modules_install - - - -Once these steps have been completed, you will have a new kernel image -located under /boot and a new kernel modules -directory under /lib/modules. In order to use -this new kernel, you will need to edit lilo.conf, -create an initrd for it (only if you need to load one or more of this -kernel's modules to boot), and run lilo to -update the boot loader. When you reboot, if all went according to plan, -you should have an option to boot with your newly compiled kernel. If -something went wrong, you may be spending some time fixing the problem. +Upgrading Slackware Versions + + +Now that we've gone this far, you should feel reasonably competent in your +ability to manage your Slackware system. But what do we do with it when +there's a new release? Updating from one release of Slackware to another +is a lot more complicated than simply updating a few packages. Each release +changes a lot of things, and while many of these changes are small, some of +them can completely break your system if you haven't prepared for them and/or +don't understand what is changing and why. While some Linux distributions +provide highly automated tools that attempt to handle every tiny detail for +you, Slackware takes a much more hands-on approach to things. + + + +The very first thing you should do before attempting an upgrade is the one +that many people neglect: decide if it's really necessary to upgrade. If +the old system is stable and doing everything you want it to do, there may +be no need to do an operating system upgrade at all. Assuming you decide +to do the upgrade, then the second thing you should do is read the +CHANGES_AND_HINTS.TXT file on your upgrade discs or +a mirror. This file is updated during the development period before every +release, and it lists lots of helpful hints and tips to aid you in dealing +with the changes. Finally, read the UPGRADE.TXT file +before proceeding. After doing these things, you may decide that it's less +trouble and potential for problems to backup your configuration files and +data and do a fresh installation of the new Slackware release rather than +attempt a possibly tricky upgrade. However, if you still wish to continue, +make backups of your data and configuration files first. At a minimum, +it's good practice to backup the /etc and /home +directories. This will give you a chance to perform a reinstall if something +goes wrong with the upgrade. + + + +Since every new version of Slackware has a few differences, giving complete +instructions here is not only futile but potentially misleading. You should +always consult the documentation included on your Slackware disks or your +favorite mirror.
-- cgit v1.2.3