Page 1 SUSE Linux Enterprise Desktop www.novell.com Administration Guide March 17, 2009...
Page 2 That this manual, specifically for the printed format, is reproduced and/or distributed for noncommercial use only. The express authorization of Novell, Inc must be obtained prior to any other use of any manual or part thereof. http://www.novell For Novell trademarks, see the Novell Trademark and Service Mark list .com/company/legal/trademarks/tmlist.html.
Page 3: Table Of Contents
2 Gathering System Information for Support Novell Support Link Overview ....Using Supportconfig ......
Page 4 Managing Profiles Using Sabayon ....Adding Document Templates ....Desktop Lock Down Features .
Page 5 1 0 The Boot Loader GRUB 10.1 Booting with GRUB ......10.2 Configuring the Boot Loader with YaST ....10.3 Uninstalling the Linux Boot Loader .
Page 6 1 5 Accessing File Systems with FUSE 15.1 Configuring FUSE ......15.2 Mounting an NTFS Partition ....15.3 Mounting Remote File System with SSHFS .
Page 7 19.4 Configuring a Network Connection with YaST ... . 19.5 NetworkManager ......19.6 Configuring a Network Connection Manually .
Page 8 2 5 Sharing File Systems with NFS 25.1 Installing the Required Software ....25.2 Importing File Systems with YaST ....25.3 Importing File Systems Manually .
Page 9: About This Guide
About This Guide This guide is intended for use by professional network and system administrators during the operation of SUSE® Linux Enterprise. As such, it is solely concerned with ensuring that SUSE Linux Enterprise is properly configured and that the required services on the network are available to allow it to function properly as initially installed.
Page 10 Introduces basic concepts of system security, covering both local and network se- curity aspects. Shows how to make use of the product inherent security software like Novell AppArmor (which lets you specify per program which files the program Administration Guide...
Page 11 Novell AppArmor Quick Start Helps you understand the main concepts behind Novell® AppArmor. Find HTML versions of most SUSE Linux Enterprise Desktop manuals in your installed system under /usr/share/doc/manual or in the help centers of your desktop.
Page 12: Documentation Conventions
• To report bugs for a product component or to submit enhancements requests, please use https://bugzilla.novell.com/. If you are new to Bugzilla, you might find the Bug Writing FAQs helpful, available from the Novell Bugzilla home page. • We want to hear your comments and suggestions about this manual and the other documentation included with this product.
Page 13: Part I Support And Common Tasks
Part I. Support and Common Tasks...
Page 15: Yast Online Update
YaST Online Update Novell offers a continuous stream of software security updates for your product. By default openSUSE Updater is used to keep your system up-to-date. Refer to Sec- tion “Keeping the System Up-to-date” (Chapter 6, Installing or Removing Software, ↑Deployment Guide) for further information on openSUSE Updater.
Page 16: Installing Patches Manually Using The Qt Interface
The Novell Customer Center is available at .com/center/. provides updates with different relevance levels. Security updates fix severe security hazards and should definitely be installed. Recommended updates fix issues that could compromise your computer, whereas Optional updates fix non-security relevant issues or provide enhancements.
Page 17 Figure 1.1 YaST Online Update The patch display lists the available patches for SUSE Linux Enterprise Desktop. The patches are sorted by security relevance (security, recommended, and optional). There are three different views on patches. Use Show Patch Category to toggle the views: Needed Patches (default view) Non-installed patches that apply to packages installed on your system.
Page 18: Installing Patches Manually Using The Gtk Interface
If you install an up-to-date package from a repository other than the update repository, the requirements of a patch for this package may be fulfilled with this installation. In this case a check mark is displayed in front of the patch summary. The patch will be visible in the list until you mark it for installation.
Page 19: Automatic Online Update
Patch List Filters Available Non-installed patches that apply to packages installed on your system. Installed Patches that are already installed. Patches that are either already installed or available. Severity Only show Optional, Recommended, or Security patches. By default, All patches are shown.
Page 21: Gathering System Information For Support
Center find your problem. 2.1 Novell Support Link Overview Novell Support Link (NSL) is new to SUSE Linux Enterprise Desktop. It is a tool that gathers system information and allows you to upload that information to another server for further analysis. Novell Support Center uses Novell Support Link to gather system information from problematic servers and sends the information to Novell's public FTP server.
Page 22: Using Supportconfig
6 Enter your contact information. Use your service request number from Step 1 (page 10) and enter it into the text field labeled Novell 11 digit service request number. Proceed with Next. 7 The information gathering begins. After the process is finished, continue with Next.
Page 23 2.2.2 Using Supportconfig Directly to Collect Information To use supportconfig from the the commandline, proceed as follows: 1 Open a shell and become root. 2 Run supportconfig without any options. This gathers the default system information. 3 Wait for the tool to complete the operation. 4 The default archive location is /var/log with the filename format nts_HOST _DATE_TIME.tbz 2.2.3 Common Supportconfig Options...
Page 24: Submitting Information To Novell
You can use the YaST Support module or the supportconfig command line utility to submit system information to Novell. When you experience a server issue and would like Novell's assistance, you will need to open a service request and submit your server information to Novell. Both YaST and command line methods are described.
Page 25 Novell. Continue with Next. 7 By default, a copy of the tarball will be saved in /root. Confirm you are using one of the Novell upload targets described above and the Upload log files tarball into URL is activated. Finish with Next.
Page 26: For More Information
4c You can also attach the tarball to your service request using the service re- quest URL: http://www.novell.com/center/eservice. 5 Once the tarball is in the ftp://ftp.novell.com/incoming directory, it becomes automatically attached to your service request. 2.4 For More Information Find more information about gathering system information in the following documents: •...
Page 27: Yast In Text Mode
YaST in Text Mode This section is intended for system administrators and experts who do not run an X server on their systems and depend on the text-based installation tool. It provides basic information about starting and operating YaST in text mode. YaST in text mode uses the ncurses library to provide an easy pseudo-graphical user interface.
Page 28: Navigation In Modules
active category is indicated by a colored background. The right frame, which is sur- rounded by a thin white border, provides an overview of the modules available in the active category. The bottom frame contains the buttons for Help and Quit. When the YaST Control Center is started, the category Software is selected automati- cally.
Page 29: Restriction Of Key Combinations
confirm with Enter . If you navigate to an item with Tab , press Enter to execute the selected action or activate the respective menu item. Function Keys The F keys ( F1 through F12 ) enable quick access to the various buttons. Available F key shortcuts are shown in the bottom line of the YaST screen.
Page 30: Yast Command Line Options
Replacing Alt with Esc Alt shortcuts can be executed with Esc instead of Alt . For example, Esc – H replaces Alt + H . (First press Esc , then press H .) Backward and Forward Navigation with Ctrl + F and Ctrl + B If the Alt and Shift combinations are occupied by the window manager or the ter- minal, use the combinations Ctrl + F (forward) and Ctrl + B (backward) instead.
Page 31 yast --install <package_name> package_name can be a single short package name, for example gvim, which is installed with dependency checking, or the full path to an rpm package, which is installed without dependency checking. If you need a command-line based software management utility with functionality be- yond what YaST provides, consider using zypper.
Page 33: Gnome Configuration For Administrators
GNOME Configuration for Administrators This chapter discusses GNOME configuration options Administrators can adjust system- wide, such as customizing menus, installing themes, configuring fonts, changing pre- ferred applications, and locking down capabilities. These configuration options are stored in the GConf system. Access the GConf system with tools such as the gconftool-2 command line interface or the gconf-editor GUI.
Page 34 Unexperienced users who want to adjust some common desktop features only, are recommended to use the GNOME Control Center configuration dialogs. To start the GNOME Control Center, click Computer > Control Center. For more information, see Section “The Control Center” (Chapter 3, Customizing Your Settings, ↑GNOME User Guide).
Page 35 4.1.2 The gconftool-2 Command Line Interface To change settings from the command line or within scripts, use gconftool-2. Here are a some examples: As root, use the following command to list the values of all keys: gconftool-2 --recursive-list / If you are interested in a subset only, specify an access path such as /desktop/gnome/typing_break: gconftool-2 --recursive-list /desktop/gnome/typing_break To list mandatory settings:...
Page 36: Customizing Main Menu, Panel, And Application Browser
4.2 Customizing Main Menu, Panel, and Application Browser Control the default items shown in various sections of the main menu (Computer) by customizing the following files: • /usr/share/gnome-main-menu/applications.xbel: List of default favorite ap- plications. • /usr/share/gnome-main-menu/documents.xbel: List of default favorite docu- ments.
Page 37: Automounting And Managing Media Devices
• To run applications for every user: Put .desktop files in /usr/share/ gnome/autostart. • To run applications for an individual user: Put .desktop files in ~/ .config/autostart. To disable an application that starts automatically, add X-Autostart-enabled=false to the .desktop file. 4.4 Automounting and Managing Media Devices Nautilus (nautilus) monitors volume-related events and responds with a user-spec-...
Page 38: Creating A Profile
be applied to either individual users or groups of users. Sabayon lets you edit GConf defaults and mandatory keys using a graphical tool. Profile definition is done through a graphical session similar to the one a user would be running, only inside a desktop window. You can change properties (such as the desktop background, toolbars, and available applets) in the usual way.
Page 39 1 Click Computer > More Applications > System > User Profile Editor. 2 If you are not logged in as root, type the root password, then click Continue. 3 Click Add. 4 Specify a name for the profile, then click Add. 5 Select the profile, then click Edit.
Page 40 6 In the Xnest window, make the changes to the settings that you want. Each setting you change appears in the Xnest window. You can choose to make each setting mandatory (click Edit > Enforce Mandatory), to ignore a setting (click Edit > Changes > Ignore), or make a setting default (do not selecting either Ignore or Mandatory).
Page 41 Lets you hide the menu bar, make the window full Epiphany Web Browser: screen, and disable quit, arbitrary URLs, bookmark and toolbar editing, and unsafe protocols. 8 To save the profile, click Profile > Save. The profile is saved in /etc/desktop-profiles. 9 Click Profile >...
Page 42: Adding Document Templates
4.7 Adding Document Templates To add document templates for users, fill in the Templates directory in a user's home directory. You can do this manually for each user by copying the files into ~/ Templates, or system-wide by adding a Templates directory with documents to /etc/skel before the user is created.
Page 43: For More Information
4.9 For More Information For more information, see http://library.gnome.org/admin/. GNOME Configuration for Administrators...
Page 45: Managing Software With Command Line Tools
Managing Software with Command Line Tools This chapter describes Zypper and RPM, two command line tools for managing software. 5.1 Using Zypper Zypper is a command line tool for installing and updating packages. Zypper's syntax is similar to that of rug. In contrast to rug, zypper does not require the zmd daemon to run behind the scenes.
Page 46 Additionally, you can choose from one or more global options by typing them just before the command. For example, --non-interactive means, run the command without asking anything, decide on your own: zypper --non-interactive patch To use the options specific to a particular command, type them right after the command. For example, --auto-agree-with-licenses means, apply all needed patches to the system without asking to confirm any licenses—all of them were read in advance: zypper patch --auto-agree-with-licenses...
Page 47 To remove an installed package, use: zypper remove package_name To install and remove packages simultaneously use the +/- or ~/! modifiers: zypper install emacs -vim zypper remove emacs +vim Or, if you choose to use - with the first package you specify, you must write -- before it to prevent its interpretation as a command option: zypper install -- -vim emacs WARNING: Do not Remove Mandatory System Packages...
Page 48 If an error occurs during installation, or anytime you feel the need, verify whether all dependencies are still fulfilled: zypper verify 5.1.3 Updating Software with Zypper There are two different ways to update software using Zypper. To integrate all officially released patches into your system, just run: zypper patch In this case, all patches available in your repositories are checked for relevance and...
Page 49 The result will look similar to the following output: # | Alias | Name | Enabled | Refresh --+-----------------------------------+-----------------------------------+---------+-------- 1 | SUSE-Linux-Enterprise-Server 11-0 | SUSE-Linux-Enterprise-Server 11-0 | Yes | No 2 | SLES-11-Updates | SLES 11 Online Updates | Yes | Yes 3 | broadcomdrv | Broadcom Drivers...
Page 50: Rpm-The Package Manager
search works on package names or, optionally, on package summaries and descrip- tions, and displays status (S) information in the first column of the list of found packages. info with a package name as an argument displays detailed information about a package.
Page 51 TIP: Software Development Packages For a number of packages, the components needed for software development (libraries, headers, include files, etc.) have been put into separate packages. These development packages are only needed if you want to compile software yourself (for example, the most recent GNOME packages). They can be identified by the name extension -devel, such as the packages alsa-devel, gimp-devel, and kdelibs3-devel.
Page 52 of the old version and immediately installs the new files. The difference between the two versions is that -U installs packages that previously did not exist in the system, but -F merely updates previously installed packages. When updating, rpm updates confi- guration files carefully using the following strategy: •...
Page 53 (even if no additional dependencies exist), it may be helpful to rebuild the RPM database using the option --rebuilddb. 5.2.3 RPM and Patches To guarantee the operational security of a system, update packages must be installed in the system from time to time. Previously, a bug in a package could only be eliminated by replacing the entire package.
Page 54 /etc/pine.conf.fixed /usr/bin/pine How can a patch RPM be installed in the system? Patch RPMs are used just like normal RPMs. The only difference is that a suitable RPM must already be installed. Which patches are already installed in the system and for which package versions? A list of all patches installed in the system can be displayed with the command rpm -qPa.
Page 55 xdelta delta -0 old.cpio new.cpio delta writedeltarpm new.rpm delta info new.delta.rpm Finally, remove the temporary working files old.cpio, new.cpio, and delta. Using applydeltarpm, you can reconstruct the new RPM from the file system if the old package is already installed: applydeltarpm new.delta.rpm new.rpm To derive it from the old RPM without accessing the file system, use the -r option: applydeltarpm -r old.rpm new.delta.rpm new.rpm...
Page 56 --provides List features of the package that another package can re- quest with --requires --requires, -R Capabilities the package requires --scripts Installation scripts (preinstall, postinstall, uninstall) For example, the command rpm -q -i wget displays the information shown in Example 5.1, “rpm -q -i wget” (page 44).
Page 57 Example 5.2 Script to Search for Packages #! /bin/sh for i in $(rpm -q -a -l | grep $1); do echo "\"$i\" is in package:" rpm -q -f $i echo "" done The command rpm -q --changelog rpm displays a detailed list of change infor- mation about a specific package, sorted by date.
Page 58 The files of the RPM database are placed in /var/lib/rpm. If the partition /usr has a size of 1 GB, this database can occupy nearly 30 MB, especially after a complete update. If the database is much larger than expected, it is useful to rebuild the database with the option --rebuilddb.
Page 59 RPMS where the completed binary packages are stored SRPMS here are the source RPMs When you install a source package with YaST, all the necessary components are installed in /usr/src/packages: the sources and the adjustments in SOURCES and the relevant .spec file in SPECS. WARNING Do not experiment with system components (glibc, rpm, sysvinit, etc.), because this endangers the stability of your system.
Page 60 Do the same as -bi, but with the additional creation of the binary package. If the compile was successful, the binary should be in /usr/src/packages/RPMS. Do the same as -bb, but with the additional creation of the source RPM. If the compilation was successful, the binary should be in /usr/src/packages/ SRPMS.
Page 61 5.2.8 Tools for RPM Archives and the RPM Database Midnight Commander (mc) can display the contents of RPM archives and copy parts of them. It represents archives as virtual file systems, offering all usual menu options of Midnight Commander. Display the HEADER with F3 . View the archive structure with the cursor keys and Enter .
Page 63: Accessing Remote Desktops With Nomad
Accessing Remote Desktops with Nomad Nomad (Novell Open Mobile Agile Desktop) ships with SUSE® Linux Enterprise Desktop and allows you to run desktop sessions detached from any graphics hardware. It consists of the following core components: Proxy X Server Supports modern X extensions like Composite, XVideo and RANDR.
Page 64: Nomad Prerequisites
Compositing Manager Extensions Compositing allows for advanced visual effects of application windows, such as transparency, fading, scaling, contorting, shuffling and redirecting. Nomad lets you remotely access desktops from different physical locations. For example, you can access the same session from home or from work. After an interruption of your work session, just move to another terminal and resume work there.
Page 65: Installation And Set-Up
• compiz-plugins-dmx • compiz-fusion-plugins-main • libcompizconfig • python-compizconfig • compiz-manager • simple-ccsm 6.2 Installation and Set-Up The local machine acting as host does not need any special configuration. As soon as the rdesktop package is installed, you can use the rdesktop command line tool to connect to the remote machine that provides the desktop.
Page 66: Using Nomad
NOTE: Desktop Effects If you intend to use desktop effects on the remote desktop, make sure the compiz-plugins-dmx package is installed on both systems: the system that provides the remote desktop as well as the local system accessing the remote desktop.
Page 67: For More Information
Is the xrdp Server Up and Running on the Remote Machine? 1. Check if the xrdp package is installed on the remote machine providing the desktop. 2. Check if the xrdp service is running. 3. If not, start or restart it manually by executing the following command as root: /etc/init.d/xrdp start or /etc/init.d/xrdp restart.
Page 69: Bash And Bash Scripts
Bash and Bash Scripts These days many people use computers with a graphical user interface (GUI) like KDE or GNOME. Although they offer lots of features, their use is limited when it comes to the execution of automatical tasks. Shells are a good addition to GUIs and this chapter gives you an overview of some aspects of shells, in this case Bash.
Page 70 Depending on which type of shell you use, different configuration files are being read. The following tables show the login and non-login shell configuration files. Table 7.1 Bash Configuration Files for Login Shells File Description /etc/profile Do not modify this file, otherwise your modifica- tions can be destroyed during your next update! /etc/profile.local use this file if you extent /etc/profile...
Page 71 7.1.2 The Directory Structure The following table provides a short overview of the most important higher-level direc- tories you find on a Linux system. Find more detailed information about the directories and important subdirectories in the following list. Table 7.4 Overview of a Standard Directory Tree Directory Contents...
Page 72 Directory Contents /srv Data for services provided by the system. /tmp Temporary files. /usr Secondary hierarchy with read-only data. /var Variable data such as log files. /windows Only available if you have both Microsoft Windows* and Linux installed on your system. Contains the Windows data.
Page 73 guration data for their desktop in .kde or .kde4 respectively, GNOME users find it in .gconf. NOTE: Home Directory in a Network Environment If you are working in a network environment, your home directory may be mapped to a directory in the file system other than /home. /lib Contains essential shared libraries needed to boot the system and to run the com- mands in the root file system.
Page 74 /tmp This directory is used by programs that require temporary storage of files. /usr /usr has nothing to do with users, but is the acronym for UNIX system resources. The data in /usr is static, read-only data that can be shared among various hosts compliant to the Filesystem Hierarchy Standard (FHS).
Page 75: Writing Shell Scripts
example, the log files of your system are in /var/log/messages (only acces- sible for root). /windows Only available if you have both Microsoft Windows and Linux installed on your system. Contains the Windows data available on the Windows partition of your system.
Page 76: Redirecting Command Events
3. The script needs executable permissions. Set the permissions with the following command: chmod +x ~/bin/hello.sh If you have fullfilled all of the above prerequisites, you can execute the script with either ~/bin/hello.sh or hello.sh. The first call uses an absolute path whereas the second one searches for the command in each directory given by the PATH environment variable.
Page 77: Using Aliases
Command1 | Command2 Redirects the output of the left command as input for the right command. Every channel has a file descriptor: 0 (zero) for standard input, 1 for standard output and 2 for standard error. It is allowed to insert this file descriptor before a < or > char- acter.
Page 78 Do not insert spaces around the equal sign, otherwise you get an error. To set a environ- ment variable, use export: export NAME="tux" To remove a variable, use unset: unset NAME The following table contains some common environment variables which can be used in you shell scripts: Table 7.5 Useful Environment Variables...
Page 79 To access all the arguments which are passed to your script, you need positional param- eters. These are $1 for the first argument, $2 for the second, and so on. You can have up to nine parameters. To get the script name, use $0. The following script foo.sh prints all arguments from 1 to 4: #!/bin/sh echo \"$1\"...
Page 80: Grouping And Combining Commands
7.6 Grouping And Combining Commands Shells allow0.0 you to concatenate and group commands for conditional execution. Each command returns an exit code which determines the success or failure of its oper- ation. If it is 0 (zero) the command was successful, everything else marks an error which is specific to the command.
Page 81: Working With Common Flow Constructs
which prints: Hello Tux 7.7 Working with Common Flow Constructs To control the flow of your script, a shell has while, if, for and case constructs. 7.7.1 The if Control Command The if is used to check expressions. For example, the following code tests whether the current user is Tux: if test $USER = "tux"...
Page 82: For More Information
7.8 For More Information Important information about Bash is provided in the man pages man sh. More about this topic can be found in the following list: • http://tldp.org/LDP/Bash-Beginners-Guide/html/index .html—Bash Guide for Beginners • http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html—BASH Programming - Introduction HOW-TO • http://tldp.org/LDP/abs/html/index.html—Advanced Bash- Scripting Guide •...
Page 83: Part Ii System
Part II. System...
Page 85: 32-Bit And 64-Bit Applications In A 64-Bit System Environment
32-Bit and 64-Bit Applications in a 64-Bit System Environment SUSE® Linux Enterprise Desktop is available for 64-bit platforms. This does not nec- essarily mean that all the applications included have already been ported to 64-bit platforms. SUSE Linux Enterprise Desktop supports the use of 32-bit applications in a 64-bit system environment.
Page 86: Software Development
An exception to this rule is PAM (pluggable authentication modules). SUSE Linux Enterprise Desktop uses PAM in the authentication process as a layer that mediates between user and application. On a 64-Bit operating system that also runs 32-Bit applications it is necessary to always install both versions of a PAM module.
Page 87: Software Compilation On Biarch Platforms
8.3 Software Compilation on Biarch Platforms To develop binaries for the other architecture on a biarch architecture, the respective libraries for the second architecture must additionally be installed. These packages are called rpmname-32bit. You also need the respective headers and libraries from the rpmname-devel packages and the development libraries for the second architecture from rpmname-devel-32bit.
Page 88: Kernel Specifications
Some applications require separate kernel-loadable modules. If you intend to use such a 32-bit application in a 64-bit system environment, contact the provider of this application and Novell to make sure that the 64-bit version of the kernel-loadable module and the 32-bit compiled version of the kernel API are available for this module.
Page 89: Booting And Configuring A Linux System
Booting and Configuring a Linux System Booting a Linux system involves different components. The hardware itself is initialized by the BIOS, which starts the kernel by means of a boot loader. After this point, the boot process with init and the runlevels is completely controlled by the operating system. The runlevel concept enables you to maintain setups for everyday usage as well as to perform maintenance tasks on the system.
Page 90 information about GRUB, the Linux boot loader, can be found in Chapter 10, The Boot Loader GRUB (page 93). 3. Kernel and initramfs To pass system control, the boot loader loads both the kernel and an initial RAM–based file system (initramfs) into memory. The contents of the initramfs can be used by the kernel directly.
Page 91 changing the root file system, it is necessary to regenerate the devices. This is done by boot.udev with the command udevtrigger. If you need to change hardware (e.g. hard disks) in an installed system and this hardware requires different drivers to be present in the kernel at boot time, you must update initramfs.
Page 92 Providing Block Special Files For each loaded module, the kernel generates device events. udev handles these events and generates the required block special files on a RAM file system in /dev. Without those special files, the file system and other devices would not be accessi- ble.
Page 93: The Init Process
Loading the Installation System or Rescue System As soon as the hardware has been properly recognized, the appropriate drivers have been loaded, and udev has created the device special files, init starts the installation system, which contains the actual YaST installer, or the rescue system. Starting YaST Finally, init starts YaST, which starts package installation and system configuration.
Page 94 evaluated by the kernel itself are passed to init. To boot into runlevel 3, just add a the single number 3 to the boot prompt. Table 9.1 Available Runlevels Runlevel Description System halt S or 1 Single user mode Local multiuser mode without remote network (NFS, etc.) Full multiuser mode with network User Defined, this is not used unless the administrator config- ures this runlevel.
Page 95 telinit 3 All essential programs and services (including network) are started and regular users are allowed to log in and work with the system without a graphical environ- ment. telinit 5 The graphical environment is enabled. Usually a display manager like XDM, GDM or KDM is started.
Page 96 2. init checks the current runlevel (runlevel) and determines it should start /etc/ init.d/rc with the new runlevel as a parameter. 3. Now rc calls the stop scripts of the current runlevel for which there is no start script in the new runlevel. In this example, these are all the scripts that reside in /etc/init.d/rc3.d (old runlevel was 3) and start with a K.
Page 97 force-reload, and status options. These different options are explained in ble 9.2, “Possible init Script Options” (page 85). Scripts that are run directly by init do not have these links. They are run independently from the runlevel when needed. Table 9.2 Possible init Script Options Option Description...
Page 98 is booted for the first time after an update or an installation, the initial system con- figuration is started. The blogd daemon is a service started by boot and rc before any other one. It is stopped after the actions triggered by these scripts (running a number of subscripts, for example, making block special files available) are completed.
Page 99 WARNING: Faulty init Scripts May Halt Your System Faulty init scripts may hang your machine up. Edit such scripts with great care and, if possible, subject them to heavy testing in the multiuser environment. Find useful information about init scripts in Section 9.2.1, “Runlevels”...
Page 100 a graphical tool to create such links, use the runlevel editor provided by YaST, as de- scribed in Section 9.2.3, “Configuring System Services (Runlevel) with YaST” (page 88). If a script already present in /etc/init.d/ should be integrated into the existing runlevel scheme, create the links in the runlevel directories right away with insserv or by enabling the corresponding service in the runlevel editor of YaST.
Page 101 in which the selected service or daemon should be running. Runlevel 4 is undefined to allow creation of a custom runlevel. A brief description of the currently selected service or daemon is provided below the table overview. WARNING: Faulty Runlevel Settings May Damage Your System Faulty runlevel settings may make your system unusable.
Page 102: System Configuration Via /Etc/Sysconfig
9.3 System Configuration via /etc/sysconfig The main configuration of SUSE Linux Enterprise Desktop is controlled by the confi- guration files in /etc/sysconfig. The individual files in /etc/sysconfig are only read by the scripts to which they are relevant. This ensures that network settings, for example, only need to be parsed by network-related scripts.
Page 103 Figure 9.2 System Configuration Using the sysconfig Editor The YaST sysconfig dialog is split into three parts. The left part of the dialog shows a tree view of all configurable variables. When you select a variable, the right part displays both the current selection and the current setting of this variable.
Page 104 9.3.2 Changing the System Configuration Manually To manually change the system configuration, proceed as follows 1 Become root. 2 Bring the system into single user mode (runlevel 1) with telinit 1. 3 Change the configuration files as needed with an editor of your choice. If you do not use YaST to change the configuration files in /etc/sysconfig, make sure that empty variable values are represented by two quotation marks (KEYTABLE="") and that values with blanks in them are enclosed in quotation...
Page 105: 0 The Boot Loader Grub
The Boot Loader GRUB This chapter describes how to configure GRUB, the boot loader used in SUSE® Linux Enterprise Desktop. A special YaST module is available for configuring all settings. If you are not familiar with the subject of booting in Linux, read the following sections to acquire some background information.
Page 106: Booting With Grub
part of a boot loader program or an operating system selector. The next 64 bytes provide space for a partition table of up to four entries. The partition table contains information about the partitioning of the hard disk and the file system types. The operating system needs this table for handling the hard disk.
Page 107 GRUB configuration file (menu.lst) do not require a new installation of the boot manager. When the system is booted, GRUB reloads the menu file with the valid paths and partition data of the kernel or the initial RAM disk (initrd) and locates these files.
Page 108 10.1.1 The GRUB Boot Menu The graphical splash screen with the boot menu is based on the GRUB configuration file /boot/grub/menu.lst, which contains all information about all partitions or operating systems that can be booted by the menu. Every time the system is booted, GRUB loads the menu file from the file system. For this reason, GRUB does not need to be reinstalled after every change to the file.
Page 109 The command root simplifies the specification of kernel and initrd files. The only argument of root is a device or a partition. This device is used for all kernel, initrd, or other file paths for which no device is explicitly specified until the next root com- mand.
Page 110 the file device.map, which can be edited if necessary. Information about the file device.map is available in Section 10.1.2, “The File device.map” (page 101). A complete GRUB path consists of a device name written in parentheses and the path to the file in the file system in the specified partition. The path begins with a slash. For example, the bootable kernel could be specified as follows on a system with a single IDE hard disk containing Linux in its first partition: (hd0,0)/boot/vmlinuz...
Page 111 color white/blue black/light-gray Color scheme: white (foreground), blue (background), black (selection) and light gray (background of the selection). The color scheme has no effect on the splash screen, only on the customizable GRUB menu that you can access by exiting the splash screen with Esc .
Page 112 Editing Menu Entries during the Boot Procedure In the graphical boot menu, select the operating system to boot with the arrow keys. If you select a Linux system, you can enter additional boot parameters at the boot prompt. To edit individual menu entries directly, press Esc to exit the splash screen and get to the GRUB text-based menu then press E .
Page 113 10.1.2 The File device.map The file device.map maps GRUB and BIOS device names to Linux device names. In a mixed system containing IDE and SCSI hard disks, GRUB must try to determine the boot sequence by a special procedure, because GRUB may not have access to the BIOS information on the boot sequence.
Page 114: Setting A Boot Password
from a mounted file system. Some BIOSes have a faulty LBA support implementation, --force-lba provides a solution to ignore them. 10.1.4 Setting a Boot Password Even before the operating system is booted, GRUB enables access to file systems. Users without root permissions can access files in your Linux system to which they have no access once the system is booted.
Page 115: Configuring The Boot Loader With Yast
After rebooting the system and selecting the Linux entry from the boot menu, the following error message is displayed: Error 32: Must be authenticated Press Enter to enter the menu. Then press P to get a password prompt. After en- tering the password and pressing Enter , the selected operating system (Linux in this case) should boot.
Page 116 existing option, select it with the mouse and click Edit. To remove an existing entry, select it and click Delete. If you are not familiar with boot loader options, read Sec- tion 10.1, “Booting with GRUB” (page 94) first. Use the Boot Loader Installation tab to view and change settings related to type, location and advanced loader settings.
Page 117 Boot from Boot Partition The boot sector of the /boot partition. Boot from Extended Partition This installs the boot loader in the extended partition container. Boot from Master Boot Record This installs the boot loader in the MBR of the first disk (according to the boot sequence preset in the BIOS).
Page 118 10.2.4 Setting a Boot Password Using this YaST module, you can also set a password to protect booting. This gives you an additional level of security. Procedure 10.4 Setting a Boot Loader Password 1 Open the Boot Loader Installation tab. 2 Click Boot Loader Options.
Page 119: Configuring Advanced Options
10.2.6 Configuring Advanced Options Advanced boot options can be configured via Boot Loader Installation > Boot Loader Options. Normally, it should not be necessary to change the default settings. Set Active Flag in Partition Table for Boot Partition Activates the partition that contains the boot loader. Some legacy operating systems (such as Windows 98) can only boot from an active partition.
Page 120 Procedure 10.6 Changing the Boot Loader Type 1 Select the Boot Loader Installation tab. 2 For Boot Loader, select LILO. 3 In the dialog box that opens, select one of the following actions: Propose New Configuration Have YaST propose a new configuration. Convert Current Configuration Have YaST convert the current configuration.
Page 121: Uninstalling The Linux Boot Loader
10.3 Uninstalling the Linux Boot Loader YaST can be used to uninstall the Linux boot loader and restore the MBR to the state it had prior to the installation of Linux. During the installation, YaST automatically creates a backup copy of the original MBR and restores it upon request. To uninstall GRUB, start the YaST boot loader module (System >...
Page 122: The Graphical Suse Screen
4 Adjust the path entries in boot/grub/menu.lst to make them point to a CD-ROM device. Do this by replacing the device name of the hard disks, listed in the format (hdx,y), in the pathnames with (cd), the device name of the CD-ROM drive.
Page 123: Troubleshooting
This section lists some of the problems frequently encountered when booting with GRUB and a short description of possible solutions. Some of the problems are covered in articles in the Knowledge base at http://support.novell.com/. Use the search dialog to search for keywords like GRUB, boot and boot loader.
Page 124: For More Information
10.7 For More Information http://www.gnu.org/ Extensive information about GRUB is available at software/grub/. Also refer to the grub info page. You can also search for the http://www.novell keyword “GRUB” in the Technical Information Search at .com/support to get information about special issues.
Page 125: 1 Special System Features
Special System Features This chapter starts with information about various software packages, the virtual consoles and the keyboard layout. We talk about software components like bash, cron and logrotate, because they were changed or enhanced during the last release cycles. Even if they are small or considered of minor importance, users may want to change their default behavior, because these components are often closely coupled with the system.
Page 126 1. /etc/profile 2. ~/.profile 3. /etc/bash.bashrc 4. ~/.bashrc Make custom settings in ~/.profile or ~/.bashrc. To ensure the correct process- ing of these files, it is necessary to copy the basic settings from /etc/skel/ .profile or /etc/skel/.bashrc into the home directory of the user. It is rec- ommended to copy the settings from /etc/skel after an update.
Page 127 A number of packages install shell scripts to the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly, whose execution is controlled by /usr/lib/cron/run-crons. /usr/lib/cron/ run-crons is run every 15 minutes from the main table (/etc/crontab). This guarantees that processes that may have been neglected can be run at the proper time. To run the hourly, daily or other periodic maintenance scripts at custom times, remove the time stamp files regularly using /etc/crontab entries (see Example 11.2,...
Page 128 Configure logrotate with the file /etc/logrotate.conf. In particular, the include specification primarily configures the additional files to read. Programs that produce log files install individual configuration files in /etc/logrotate.d. For example, such files ship with the packages, e.g. apache2 (/etc/logrotate.d/ apache2) and syslogd (/etc/logrotate.d/syslog).
Page 129 11.1.4 The locate Command locate, a command for quickly finding files, is not included in the standard scope of installed software. If desired, install the package findutils-locate. The updatedb process is started automatically every night or about 15 minutes after booting the system. 11.1.5 The ulimit Command With the ulimit (user limits) command, it is possible to set limits for the use of system resources and to have these displayed.
Page 130 Example 11.4 ulimit: Settings in ~/.bashrc # Limits maximum resident set size (physical memory): ulimit -m 98304 # Limits of virtual memory: ulimit -v 98304 Memory allocations must be specified in KB. For more detailed information, see man bash. IMPORTANT Not all shells support ulimit directives.
Page 131 11.1.7 Man Pages and Info Pages For some GNU applications (such as tar), the man pages are no longer maintained. For these commands, use the --help option to get a quick overview of the info pages, which provide more in-depth instructions. Info is GNU's hypertext system. Read an introduction to this system by entering info info.
Page 132: Virtual Consoles
.gnu-emacs defines the file ~/.gnu-emacs-custom as custom-file. If users make settings with the customize options in Emacs, the settings are saved to ~/ .gnu-emacs-custom. With SUSE Linux Enterprise Desktop, the emacs package installs the file site-start.el in the directory /usr/share/emacs/site-lisp. The file site-start.el is loaded before the initialization file ~/.emacs.
Page 133: Keyboard Mapping
is reserved for X and the tenth console shows kernel messages. More or fewer consoles can be assigned by modifying the file /etc/inittab. To switch to a console from X without shutting it down, use Ctrl + Alt + F1 to Ctrl + Alt + F6 .
Page 134: Language And Country-Specific Settings
11.4 Language and Country-Specific Settings The system is, to a very large extent, internationalized and can be flexibly modified for local needs. In other words, internationalization (I18N) allows specific localizations (L10N). The abbreviations I18N and L10N are derived from the first and last letters of the words and, in between, the number of letters omitted.
Page 135 11.4.1 Some Examples You should always set the language and country codes together. Language settings http://www.evertype.com/ follow the standard ISO 639 available at standards/iso639/iso639-en.html http://www.loc.gov/ standards/iso639-2/. Country codes are listed in ISO 3166 available at http:// www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/en_listp1 .html. It only makes sense to set values for which usable description files can be found in /usr/lib/locale.
Page 136 profile. /etc/SuSEconfig/csh.cshrc is sourced by /etc/csh.cshrc. This makes the settings available systemwide. Users can override the system defaults by editing their ~/.bashrc accordingly. For instance, if you do not want to use the systemwide en_US for program messages, include LC_MESSAGES=es_ES so that messages are displayed in Spanish instead. 11.4.2 Locale Settings in ~/.i18n If you are not satisfied with locale system defaults, change the settings in ~/.i18n according to the Bash scripting syntax.
Page 137 LANG="nb_NO" LANGUAGE="nb_NO:nn_NO:no" Note that in Norwegian, LC_TIME is also treated differently. One problem that can arise is a separator used to delimit groups of digits not being recognized properly. This occurs if LANG is set to only a two-letter language code like de, but the definition file glibc uses is located in /usr/share/lib/de_DE/LC _NUMERIC.
Page 139: 2 Printer Operation
Printer Operation SUSE® Linux Enterprise Desktop supports printing with many types of printers, includ- ing remote network printers. Printers can be configured manually or with YaST. For configuration instructions, refer to Section “Setting Up a Printer” (Chapter 5, Setting Up Hardware Components with YaST, ↑Deployment Guide). Both graphical and com- mand line utilities are available for starting and managing print jobs.
Page 140 Standard Printers (Languages Like PCL and ESC/P) Although these printer languages are quite old, they are still undergoing expansion to address new features in printers. In the case of known printer languages, the print system can convert PostScript jobs to the respective printer language with the help of Ghostscript.
Page 141: The Workflow Of The Printing System
12.1 The Workflow of the Printing System The user creates a print job. The print job consists of the data to print plus information for the spooler, such as the name of the printer or the name of the printer queue, and optionally, information for the filter, such as printer-specific options.
Page 142: Installing The Software
WARNING: Changing Cable Connections in a Running System When connecting the printer to the machine, do not forget that only USB de- vices can be plugged in or unplugged during operation. To avoid damaging your system or printer, shut down the system before changing any connections that are not USB.
Page 143: Network Printers
12.4 Network Printers A network printer can support various protocols, some of them even concurrently. Al- though most of the supported protocols are standardized, some manufacturers expand (modify) the standard because they test systems that have not implemented the standard correctly or because they want to provide certain functions that are not available in the standard.
Page 144 SMB (Windows Share) CUPS also supports printing on printers connected to Windows shares. The protocol used for this purpose is SMB. SMB uses the port numbers 137, 138 and 139. Example device URIs are smb://user:password@workgroup/smb.example.com/printer, smb://user:password@smb.example.com/printer, and smb://smb.example.com/printer. The protocol supported by the printer must be determined before configuration. If the manufacturer does not provide the needed information, the command nmap (which comes with the nmap package) can be used to ascertain the protocol.
Page 145: Graphical Printing Interfaces
lpadmin -p ps -v parallel:/dev/lp0 -P \ /usr/share/cups/model/Postscript.ppd.gz -E The following example configures a network printer: lpadmin -p ps -v socket://192.168.2.202:9100/ -P \ /usr/share/cups/model/Postscript-level1.ppd.gz -E For more options of lpadmin, see the man page of lpadmin(1). During printer setup, certain options are set as default. These options can be modified for every print job (depending on the print tool used).
Page 146: Printing From The Command Line
either kprinter or kprinter --stdin as the print command. The command to use depends on how the application transmits the data—just try which one works. If set up correctly, the application should open the KPrinter dialog whenever a print job is issued from it, so you can use the dialog to select a queue and set other printing op- tions.
Page 147 CUPS Client Normally, a CUPS client runs on a regular workstation located in a trusted network environment behind a firewall. In this case it is recommended to configure the network interface to be in the Internal Zone, so the workstation is reachable from within the network.
Page 148 CUPS PPD Files in the cups Package The generic PPD files in the cups package have been complemented with adapted Foomatic PPD files for PostScript level 1 and level 2 printers: • /usr/share/cups/model/Postscript-level1.ppd.gz • /usr/share/cups/model/Postscript-level2.ppd.gz PPD Files in the cups-drivers Package Normally, the Foomatic printer filter foomatic-rip is used together with Ghostscript for non-PostScript printers.
Page 149: Troubleshooting
manufacturer-PPDs. YaST cannot use any PPD file from the manufacturer-PPDs package if the model name does not match. This may happen if the manufacturer-PPDs package contains only one PPD file for similar models, like Funprinter 12xx series. In this case, select the respective PPD file manually in YaST.
Page 150: Parallel Ports
printers that support a standard printer language do not depend on a special print system version or a special hardware platform. Instead of spending time trying to make a proprietary Linux driver work, it may be more cost-effective to purchase a supported printer. This would solve the driver problem once and for all, eliminating the need to install and configure special driver software and obtain driver updates that may be required due to new developments in the print system.
Page 151 If the printer cannot be addressed on the parallel port despite these settings, enter the I/O address explicitly in accordance with the setting in the BIOS in the form 0x378 in /etc/modprobe.conf. If there are two parallel ports that are set to the I/O ad- dresses 378 and 278 (hexadecimal), enter these in the form 0x378,0x278.
Page 152 echo -e "\004queue" \ | netcat -w 2 -p 722 host 515 If lpd does not respond, it may not be active or there may be basic network prob- lems. If lpd responds, the response should show why printing is not possible on the queue on host.
Page 153 echo -en "\r" \ | lp -d queue -h host Troubleshooting a Network Printer or Print Server Box Spoolers running in a print server box sometimes cause problems when they have to deal with multiple print jobs. Since this is caused by the spooler in the print server box, there no way to resolve this issue.
Page 154 12.8.5 Defective Printouts without Error Message For the print system, the print job is completed when the CUPS back-end completes the data transfer to the recipient (printer). If further processing on the recipient fails (for example, if the printer is not able to print the printer-specific data) the print system does not notice this.
Page 155 12.8.8 Defective Print Jobs and Data Transfer Errors if you switch the printer off or shut down the computer during the printing process, print jobs remain in the queue. Printing resumes when the computer (or the printer) is switched back on. Defective print jobs must be removed from the queue with cancel. If a print job is defective or an error occurs in the communication between the host and the printer, the printer prints numerous sheets of paper with unintelligible characters, because it is unable to process the data correctly.
Page 156 6 Check the messages in /var/log/cups/error_log* to identify the cause of the problem. 12.8.10 For More Information Solutions to many specific problems are presented in the Novell Knowledgebase (http://support.novell.com/). Locate the relevant articles with a text search for CUPS. Administration Guide...
Page 157: 3 Dynamic Kernel Device Management With Udev
Dynamic Kernel Device Management with udev The kernel can add or remove almost any device in a running system. Changes in the device state (whether a device is plugged in or removed) need to be propagated to userspace. Devices need to be configured as soon as they are plugged in and recognized. Users of a certain device need to be informed about any changes in this device's recog- nized state.
Page 158: Kernel Uevents And Udev
13.2 Kernel uevents and udev The required device information is exported by the sysfs file system. For every device the kernel has detected and initialized, a directory with the device name is created. It contains attribute files with device-specific properties. Every time a device is added or removed, the kernel sends a uevent to notify udev of the change.
Page 159: Booting And Initial Device Setup
calling modprobe for every event that carries a MODALIAS key. If modprobe $MODALIAS is called, it matches the device alias composed for the device with the aliases provided by the modules. If a matching entry is found, that module is loaded. All this is automatically triggered by udev.
Page 160 UEVENT[1185238505.279527] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UDEV [1185238505.285573] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0 (usb) UEVENT[1185238505.298878] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10 (input) UDEV [1185238505.305026] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10 (input) UEVENT[1185238505.305442] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10/mouse2 (input) UEVENT[1185238505.306440] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10/event4 (input) UDEV [1185238505.325384] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10/event4 (input) UDEV [1185238505.342257] add /devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.0/input/input10/mouse2 (input) The UEVENT lines show the events the kernel has sent over netlink. The UDEV lines show the finished udev event handlers.
Page 161: Influencing Kernel Device Event Handling With Udev Rules
13.6 Influencing Kernel Device Event Handling with udev Rules A udev rule can match any property the kernel adds to the event itself or any information that the kernel exports to sysfs. The rule can also request additional information from external programs.
Page 162 The serial devices rule is not available in 50-udev-default.rules any- more, but it is still worth considering. It consists of two match keys (KERNEL and ATTRS) and one assign key (SYMLINK). The KERNEL key searches for all devices of the ttyUSB type. Using the * wild card, this key matches several of these devices. The second match key, ATTRS, checks whether the product attribute file in sysfs for any ttyUSB device contains a certain string.
Page 163 • udev rules support substitutions. 13.6.1 Using Operators in udev Rules Creating keys you can choose from several different operators, depending on the type of key you want to create. Match keys will normally just be used to find a value that either matches or explicitly mismatches the search value.
Page 164 %p, $devpath The value of DEVPATH. %k, $kernel The value of KERNEL or the internal device name. %n, $number The device number. %N, $tempnode The temporary name of the device file. %M, $major The major number of the device. %m, $minor The minor number of the device.
Page 165 ACTION The name of the event action, for example, add or remove when adding or remov- ing a device. DEVPATH The device path of the event device, for example, DEVPATH=/bus/pci/drivers/ipw3945 to search for all events related to the ipw3945 driver. KERNEL The internal (kernel) name of the event device.
Page 166 PROGRAM Let udev execute an external program. To be successful, the program must return with exit code zero. The program's output, printed to stdout, is available to the RESULT key. RESULT Match the output string of the last PROGRAM call. Either include this key in the same rule as the PROGRAM key or in a later one.
Page 167 Tell udev to add a program to the list of programs to be executed for this device. Keep in mind to restrict this to very short tasks to avoid blocking further events for this device. LABEL Add a label where a GOTO can jump to. GOTO Tell udev to skip a number of rules and continue with the one that carries the label referenced by the GOTO key.
Page 168: Persistent Device Naming
13.7 Persistent Device Naming The dynamic device directory and the udev rules infrastructure make it possible to provide stable names for all disk devices—regardless of their order of recognition or the connection used for the device. Every appropriate block device the kernel creates is examined by tools with special knowledge about certain buses, drive types or file systems.
Page 169: For More Information
The following files and directories contain the crucial elements of the udev infrastructure: /etc/udev/udev.conf Main udev configuration file. /etc/udev/rules.d/* udev event matching rules. /lib/udev/devices/* Static /dev content. /lib/udev/* Helper programs called from udev rules. 13.9 For More Information For more information about the udev infrastructure, refer to the following man pages: udev General information about udev, keys, rules and other important configuration is- sues.
Page 171: 4 The X Window System
The X Window System The X Window System (X11) is the de facto standard for graphical user interfaces in UNIX. X is network-based, enabling applications started on one host to be displayed on another host connected over any kind of network (LAN or Internet). This chapter describes the setup and optimization of the X Window System environment, and provides background information about the use of fonts in SUSE®...
Page 172 The command sax2 creates the /etc/X11/xorg.conf file. This is the primary configuration file of the X Window System. Find all the settings here concerning your graphics card, mouse and monitor. IMPORTANT: Using X -configure Use X -configure to configure your X setup if previous tries with SUSE Linux Enterprise Desktop's SaX2 have failed.
Page 173 Type Meaning Monitor The monitor used. Important elements of this section are the Identifier, which is referred to later in the Screen defini- tion, the refresh rate VertRefresh and the synchronization frequency limits (HorizSync and VertRefresh). Settings are given in MHz, kHz and Hz. Normally, the server refuses any modeline that does not correspond with the specification of the monitor.
Page 174: Screen Section
Type Meaning ample, if you use a laptop and want to use an external monitor that is bigger than the internal LCD, it might be necessary to add a bigger resolution than supported by the internal LCD at the end of the Modes line. ServerLayout The layout of a single or multihead configuration.
Page 175 Example 14.1 Screen Section of the File /etc/X11/xorg.conf Section "Screen" DefaultDepth SubSection "Display" Depth Modes "1152x864" "1024x768" "800x600" Virtual 1152x864 EndSubSection SubSection "Display" Depth Modes "1280x1024" EndSubSection SubSection "Display" Depth Modes "640x480" EndSubSection SubSection "Display" Depth Modes "1280x1024" EndSubSection Device "Device[0]"...
Page 176: Device Section
The last line of the Display subsection with Depth 16 refers to the size of the virtual screen. The maximum possible size of a virtual screen depends on the amount of memory installed on the graphics card and the desired color depth, not on the maximum resolution of the monitor.
Page 177 in decimal form, but lspci displays these in hexadecimal form. The value of BusID is automatically detected by SaX2. The value of Driver is automatically set by SaX2 and specifies which driver to use for your graphics card. If the card is a Matrox Millennium, the driver module is called mga.
Page 178: Installing And Configuring Fonts
WARNING Unless you have in-depth knowledge of monitor and graphics card functions, do not change the modelines, because this could severely damage your monitor. Those who try to develop their own monitor descriptions should be very familiar with the documentation in /usr/share/X11/doc. Install the package xorg-x11-doc to find PDFs and HTML pages.
Page 179 /etc/fonts/suse-font-dirs.conf is automatically generated to pull in fonts that ship with (mostly third party) applications like OpenOffice.org, Java or Adobe Acrobat Reader. Some typical entries of /etc/fonts/suse-font-dirs.conf would look like the following: <dir>/usr/lib64/ooo-2.0/share/fonts</dir> <dir>/usr/lib/jvm/java-1_4_2-sun-1.4.2.11/jre/lib/fonts</dir> <dir>/usr/lib64/jvm/java-1.5.0-sun-1.5.0_07/jre/lib/fonts</dir> <dir>/usr/X11R6/lib/Acrobat7/Resource/Font</dir> <dir>/usr/X11R6/lib/Acrobat7/Resource/Font/PFM</dir> To install additional fonts systemwide, manually copy the font files to a suitable direc- tory (as root), such as /usr/share/fonts/truetype.
Page 180 The X11 core font system has a few inherent weaknesses. It is outdated and can no longer be extended in any meaningful way. Although it must be retained for reasons of backward compatibility, the more modern Xft and fontconfig system should be used if at all possible.
Page 181 languages. Direct access to the font files is very useful for embedding fonts for printing to make sure that the printout looks the same as the screen output. In SUSE Linux Enterprise Desktop, the two desktop environments (KDE and GNOME), Mozilla and many other applications already use Xft by default.
Page 182 </edit> </match> to disable antialiasing for specific fonts. By default, most applications use the font names sans-serif (or the equivalent sans), serif, or monospace. These are not real fonts but only aliases that are re- solved to a suitable font, depending on the language setting. Users can easily add rules to ~/.fonts.conf to resolve these aliases to their favorite fonts: <alias>...
Page 183 Lucida Sans Typewriter:style=Bold:weight=200 FreeSerif:style=Bold,polkrepko:weight=200 FreeSerif:style=Italic,ležeče:weight=80 FreeSans:style=Medium,navadno:weight=80 DejaVu Sans:style=Oblique:weight=80 FreeSans:style=Oblique,ležeče:weight=80 Important parameters that can be queried with fc-list: Table 14.2 Parameters of fc-list Parameter Meaning and Possible Values family Name of the font family, for example, FreeSans. foundry The manufacturer of the font, for example, urw. style The font style, such as Medium, Regular, Bold, Italic or Heavy.
Page 184: For More Information
14.3 For More Information Install the packages xorg-x11-doc and howtoenh to get more in-depth information about X11. More information on the X11 development can be found on the project's home page at http://www.x.org. Many of the drivers delivered with the package xorg-x11-driver-video are described in detail in a manual page.
Page 185: 5 Accessing File Systems With Fuse
Accessing File Systems with FUSE FUSE is the acronym for file system in userspace. This means you can configure and mount a file system as an unprivileged user. Normally, you have to be root for this task. FUSE alone is a kernel module. Combined with plug-ins, it allows you to extend FUSE to access almost all file systems like remote SSH connections, ISO images, and more 15.1 Configuring FUSE...
Page 186: Mounting Remote File System With Sshfs
1 Become root and install the package ntfs-3g. 2 Create the directory /media/windows. 3 Find out which Window partition you need. Use YaST and start the partitioner module to see which partition belongs to Windows, but do not modify anything. Alternatively, become root and execute /sbin/fdisk -l.
Page 187: Mounting An Iso File System
2 Create a directory, where you want to access the remote computer. A good idea is to use ~/mounts/HOST. Replace HOST with the name of your remote computer. 3 Mount the remote file system: sshfs USER:HOST ~/mounts/HOST Replace USER and HOST with your respective values. 4 Enter your password for the remote computer.
Page 188: For More Information
wdfs mount WebDAV file systems 15.6 For More Information http://fuse.sourceforge.net See the homepage of FUSE for more informa- tion. Administration Guide...
Page 189: Part Iii Mobile Computers
Part III. Mobile Computers...
Page 191: 6 Mobile Computing With Linux
Mobile Computing with Linux Mobile computing is mostly associated with laptops, PDAs and cellular phones (and the data exchange between them). Mobile hardware components, such as external hard disks, flash drives, or digital cameras, can be connected to laptops or desktop systems. A number of software components are involved in mobile computing scenarios and some applications are tailor-made for mobile use.
Page 192 16.1.1 Power Conservation The inclusion of energy-optimized system components during laptop manufacturing contributes to their suitability for use without access to the electrical power grid. Their contribution towards conservation of power is at least as important as that of the oper- ating system.
Page 193 16.1.2 Integration in Changing Operating Environments Your system needs to adapt to changing operating environments when used for mobile computing. Many services depend on the environment and the underlying clients must be reconfigured. SUSE Linux Enterprise Desktop handles this task for you. Figure 16.1 Integrating a Mobile Computer in an Existing Environment Printing Mail...
Page 194 E-Mail and Proxies As with printing, the list of the corresponding servers must be current. X (Graphical Environment) If your laptop is temporarily connected to a projector or an external monitor, the different display configurations must be available. SUSE Linux Enterprise Desktop offers several ways of integrating laptops into existing operating environments: NetworkManager NetworkManager is especially tailored for mobile networking on laptops.
Page 195 to switch between profiles. To get SCPM up and running on your system, install the package kscpm, add the Profile Chooser KDE applet to your panel, enable SCPM using the YaST Profile Management module and configure the users that should be allowed to switch profiles without the need of entering the root pass- word.
Page 196: Software Options
16.1.3 Software Options There are various special task areas in mobile use that are covered by dedicated software: system monitoring (especially the battery charge), data synchronization and wireless communication with peripherals and the Internet. The following sections cover the most important applications that SUSE Linux Enterprise Desktop provides for each task.
Page 197 and individual files that need to be present for work on the road as well as at the office. The solution in both cases is as follows: Synchronizing E-Mail Use an IMAP account for storing your e-mails in the office network. Then access the e-mails from the workstation using any disconnected IMAP–enabled e-mail client, like Mozilla Thunderbird Mail, Evolution, or KMail as described in GNOME User Guide (↑GNOME User Guide) and KDE User Guide (↑KDE User Guide).
Page 198: Data Security
Bluetooth is also used to connect wireless system components, like a keyboard or mouse. The range of this technology is, however, not sufficient to connect remote systems to a network. WLAN is the technology of choice for communicating through physical obstacles like walls. IrDA IrDA is the wireless technology with the shortest range.
Page 199: Mobile Hardware
IMPORTANT: Data Security and Suspend to Disk Encrypted partitions are not unmounted during a suspend to disk event. Thus, all data on these partitions is available to any party who manages to steal the hardware and issue a resume of the hard disk. Network Security Any transfer of data should be secured, no matter how it takes place.
Page 200: Cellular Phones And Pdas
Digital Cameras (USB and FireWire) Digital cameras recognized by the system also appear as external drives in the overview of the file manager. KDE allows reading and accessing the pictures at camera:/ the URL . The images can then be processed using digiKam or f-spot. For advanced photo processing use The GIMP.
Page 201 http://tuxmobil.org/ http://www A similar approach to that of is made by .linux-on-laptops.com/. Information about laptops and handhelds can be found here. SUSE maintains a mailing list in German dedicated to the subject of laptops. See http://lists.opensuse.org/opensuse-mobile-de/. On this list, users and developers discuss all aspects of mobile computing with SUSE Linux Enterprise Desktop.
Page 203: 7 Power Management
Power Management Power management is especially important on laptop computers, but is also useful on other systems. ACPI (advanced configuration and power interface) is available on all modern computers (laptops, desktops, and servers). Power management technologies require suitable hardware and BIOS routines. Most laptops and many modern desktops and servers meet these requirements.
Page 204: Acpi
Hibernation (suspend to disk) In this operating mode, the entire system state is written to the hard disk and the system is powered off. There must be a swap partition at least as big as the RAM to write all the active data. Reactivation from this state takes about 30 to 90 seconds. The state prior to the suspend is restored.
Page 205 17.2.1 Controlling the CPU Performance The CPU can save energy in three ways. Depending on the operating mode of the computer, these methods can be combined. Saving energy also means that the system heats up less and the fans are activated less frequently. Frequency and Voltage Scaling PowerNow! and Speedstep are the designations AMD and Intel use for this tech- nology.
Page 206 performance governor The cpu frequency is statically set to the highest possible. Throttling the Clock Frequency This technology omits a certain percentage of the clock signal impulses for the CPU. At 25% throttling, every fourth impulse is omitted. At 87.5%, only every eighth impulse reaches the processor.
Page 207 monitoring changes (akpi, acpiw, gtkacpiw) and tools for editing the ACPI tables in the BIOS (package pmtools). 17.2.3 Troubleshooting There are two different types of problems. On one hand, the ACPI code of the kernel may contain bugs that were not detected in time. In this case, a solution will be made available for download.
Page 208: Rest For The Hard Disk
BIOS is ignored. The procedure is described in Section 17.4, “Troubleshooting” (page 198). In the kernel configuration, there is a switch for activating ACPI debug messages. If a kernel with ACPI debugging is compiled and installed, experts searching for an error can be supported with detailed information.
Page 209 Values from 1 to 240 are multiplied by 5 seconds. Values from 241 to 251 correspond to 1 to 11 times 30 minutes. Internal power saving options of the hard disk can be controlled with the option -B. Select a value from 0 to 255 for maximum saving to maximum throughput. The result depends on the hard disk used and is difficult to assess.
Page 210: Troubleshooting
down. To avoid this, a special kernel extension has been developed for mobile devices. See /usr/src/linux/Documentation/laptop-mode.txt for details. Another important factor is the way active programs behave. For example, good editors regularly write hidden backups of the currently modified file to the hard disk, causing the disk to wake up.
Page 211 shown by the file extension .aml (ACPI machine language). If this is the case, continue with step 3. 2 If the file extension of the downloaded table is .asl (ACPI source language), compile it with iasl (package pmtools). Enter the command iasl -sa file.asl.
Page 212: For More Information
17.5 For More Information • http://www.opensuse.org/S2ram—How to get Suspend to RAM working • http://www.opensuse.org/Pm-utils—How to modify the general sus- pend framework Administration Guide...
Page 213: 8 Using Tablet Pcs
Using Tablet PCs SUSE® Linux Enterprise Desktop comes with support for Tablet PCs. In the following, learn how to install and configure your Tablet PC and discover some useful Linux* applications which accept input from digital pens. The following Tablet PCs are supported: •...
Page 214: Installing Tablet Pc Packages
After you have installed the Tablet PC packages and configured your digitizer correctly, input with the pen (also called a stylus) can be used for the following actions and appli- cations: • Logging in to KDM or GDM • Unlocking your screen on the KDE and GNOME desktops •...
Page 215: Configuring Your Tablet Device
• xournal: an application for note taking and sketching • xstroke: a gesture recognition program for the X Window System • xvkbd: a virtual keyboard for the X Window System • x11-input-fujitsu: the X input module for Fujitsu P-Series tablets •...
Page 216: Using The Virtual Keyboard
4 Switch to the Electronic Pens tab and make sure the following options are acti- vated: Add Pen and Add Eraser. If you have a Tablet PC with touch screen, also activate Add Touch. 5 Click OK to save the changes. After finishing the X Window System configuration, restart your X server by logging out.
Page 217: Rotating Your Display
18.4 Rotating Your Display Use KRandRTray (KDE) or gnome-display-properties (GNOME) to rotate or resize your display manually on the fly. Both KRandRTray and gnome-display-properties are applets for the RANDR extension of the X server. Start KRandRTray or gnome-display-properties from the main menu, or enter krandrtray or gnome-display-properties to start the applet from a shell.
Page 218 Procedure 18.1 Training CellWriter 1 Start CellWriter from the main menu or with cellwriter from the command line. On the first start, CellWriter automatically starts in the training mode. In training mode it shows a set of characters of the currently chosen key map. 2 Enter the gesture you would like to use for a character into the respective charac- ter's cell.
Page 219 Figure 18.2 Gesture Recognition with CellWriter If you click the Keys button in CellWriter, you get a virtual keyboard that can be used instead of the handwriting recognition. To hide CellWriter, close the CellWriter window. The application now appears as icon in your system tray.
Page 220: Taking Notes And Sketching With The Pen
18.6 Taking Notes and Sketching with the Pen To create drawings with the pen, you can use a professional graphics editor like The GIMP or try one of the note-taking applications, Xournal or Jarnal. With both Xournal and Jarnal, you can take notes, create drawings or comment PDF files with the pen. As a Java-based application available for several platforms, Jarnal also offers basic collab- http://www.dklevine.com/ oration features.
Page 221 of text using only the pen (or other input devices—it can even be driven with an eye tracker). Start Dasher from the main menu or with dasher from a shell. Move your pen in one direction and the application starts to zoom into the letters on the right side. From the letters passing the cross hairs in the middle, the text is created or predicted and is printed to the upper part of the window.
Page 222: Troubleshooting
18.7 Troubleshooting Virtual Keyboard Does Not Appear on Login Screen Occasionally, the virtual keyboard is not displayed on the login screen. To solve this, restart the X server by pressing Ctrl + Alt + <— or press the appropriate key on your Tablet PC (if you use a slate model without integrated keyboard).
Page 223: For More Information
use your fingers on the tablet to move the cursor), you need to rotate also the touch device. 18.8 For More Information Some of the applications mentioned here do not offer integrated online help, but you can find some useful information about usage and configuration in your installed system in /usr/share/doc/package/packagename or on the Web: •...
Page 225: Part Iv Services
Part IV. Services...
Page 227: 9 Basic Networking
Basic Networking Linux offers the necessary networking tools and features for integration into all types of network structures. The customary Linux protocol (TCP/IP) has various services and special features, which are discussed here. Network access using a network card, modem or other device can be configured with YaST. Manual configuration is also possible.
Page 228 Table 19.1 Several Protocols in the TCP/IP Protocol Family Protocol Description Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system. The data arrives at the respective application on the destination host in the original data stream format it was initially sent.
Page 229 Figure 19.1 Simplified Layer Model for TCP/IP Host sun Host earth Application Layer Applications Application Layer Transport Layer TCP, UDP Transport Layer Network Layer Network Layer Data Link Layer Ethernet, FDDI, ISDN Data Link Layer Physical Layer Physical Layer Cable, Fiberglass Data Transfer The diagram provides one or two examples for each layer.
Page 230: Ip Addresses And Routing
located at the end of the packet, not at the beginning. This simplifies things for the network hardware. Figure 19.2 TCP/IP Ethernet Packet Usage Data (maximum 1460 bytes) TCP (Layer 4) Protocol Header (approx. 20 bytes) IP (Layer 3) Protocol Header (approx. 20 bytes) Ethernet (Layer 2) Protocol Header (approx.
Page 231 19.1.1 IP Addresses Every computer on the Internet has a unique 32-bit address. These 32 bits (or 4 bytes) are normally written as illustrated in the second row in Example 19.1, “Writing IP Addresses” (page 219). Example 19.1 Writing IP Addresses IP Address (binary): 11000000 10101000 00000000 00010100 IP Address (decimal):...
Page 232 Example 19.2 Linking IP Addresses to the Netmask IP address (192.168.0.20): 11000000 10101000 00000000 00010100 Netmask (255.255.255.0): 11111111 11111111 11111111 00000000 --------------------------------------------------------------- Result of the link: 11000000 10101000 00000000 00000000 In the decimal system: 192. 168. IP address (213.95.15.200): 11010101 10111111 00001111 11001000 Netmask (255.255.255.0): 11111111 11111111 11111111 00000000 ---------------------------------------------------------------...
Page 233: Ipv6-The Next Generation Internet
Address Type Description ample therefore results in 192.168.0.255. This address cannot be assigned to any hosts. Local Host The address 127.0.0.1 is assigned to the “loopback device” on each host. A connection can be set up to your own machine with this address.
Page 234 number of addresses available in your subnet is two to the power of the number of bits, minus two. A subnetwork has, for example, 2, 6, or 14 addresses available. To connect 128 hosts to the Internet, for example, you need a subnetwork with 256 IP addresses, from which only 254 are usable, because two IP addresses are needed for the structure of the subnetwork itself: the broadcast and the base network address.
Page 235 any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server. Mobility IPv6 makes it possible to assign several addresses to one network interface at the same time.
Page 236 19.2.2 Address Types and Structure As mentioned, the current IP protocol is lacking in two important aspects: there is an increasing shortage of IP addresses and configuring the network and maintaining the routing tables is becoming a more complex and burdensome task. IPv6 solves the first problem by expanding the address space to 128 bits.
Page 237 shorthand notation is shown in Example 19.3, “Sample IPv6 Address” (page 225), where all three lines represent the same address. Example 19.3 Sample IPv6 Address fe80 : 0000 : 0000 : 0000 : 0000 : 10 : 1000 : 1a4 fe80 : 0 : 10 : 1000 : 1a4 fe80 :...
Page 238 Prefix (hex) Definition fe80::/10 Link-local addresses. Addresses with this prefix should not be routed and should therefore only be reachable from within the same subnetwork. fec0::/10 Site-local addresses. These may be routed, but only within the network of the organization to which they belong. In effect, they are the IPv6 equivalent of the current private network address space, such as 10.x.x.x.
Page 239 :: (unspecified) This address is used by the host as its source address when the interface is initialized for the first time—when the address cannot yet be determined by other means. ::1 (loopback) The address of the loopback device. IPv4 Compatible Addresses The IPv6 address is formed by the IPv4 address and a prefix consisting of 96 zero bits.
Page 240 the MAC forming part of it, any IP address used in the world is unique. The only variable parts of the address are those specifying the site topology and the public topology, de- pending on the actual network in which the host is currently operating. For a host to go back and forth between different networks, it needs at least two address- es.
Page 241 However, the configuration and maintenance of static tunnels is often too labor-intensive to use them for daily communication needs. Therefore, IPv6 provides for three different methods of dynamic tunneling: 6over4 IPv6 packets are automatically encapsulated as IPv4 packets and sent over an IPv4 network capable of multicasting.
Page 242: Name Resolution
tions which prefix to use for the IPv6 addresses and which routers. Alternatively, use zebra/quagga for automatic configuration of both addresses and routing. Consult the ifcfg-tunnel (5) man page to get information about how to set up various types of tunnels using the /etc/sysconfig/network files. 19.2.5 For More Information The above overview does not cover the topic of IPv6 comprehensively.
Page 243 Consider a complete name, such as jupiter.example.com, written in the format hostname.domain. A full name, referred to as a fully qualified domain name (FQDN), consists of a hostname and a domain name (example.com). The latter also includes the top level domain or TLD (com). TLD assignment has become quite confusing for historical reasons.
Page 244: Configuring A Network Connection With Yast
quests. If you already use the .local domain in your nameserver configuration, you must switch this option off in /etc/host.conf. Also read the host .conf manual page. If you want to switch off MDNS during installation, use nomdns=1 as a boot parameter.
Page 245 The Overview tab contains information about installed network interfaces and configu- rations. Any properly detected network card is listed with its name. You can manually configure new cards, remove or change their configuration in this dialog. If you want to manually configure a card that was not automatically detected, see Section “Config- uring an Undetected Network Card”...
Page 246 In the Network Setup Method choose the way network connections are managed. If you want a NetworkManager desktop applet to manage connections for all interfaces, choose User Controlled with NetworkManager. This option is well suited for switching between multiple wired and wireless networks. If you do not run a desktop environment (GNOME or KDE), or if your computer is a Xen server, virtual system, or provides network ser- vices such as DHCP or DNS in your network, use the Traditional Method with ifup.
Page 247 and Hardware tabs. For information about wireless card configuration, see Sec- tion 20.1.2, “Configuration with YaST” (page 275). Configuring IP Addresses You can set the IP address of the network card or the way its IP address is determined in the Address tab of the Network Card Setup dialog. Both IPv4 and IPv6 addresses are supported.
Page 248 Optionally, you can enter a fully qualified Hostname for this address, which will be written to the /etc/hosts configuration file. 4 Click Next. 5 To activate the configuration, click OK. If you use the static address, the name servers and default gateway are not configured automatically.
Page 249 2 Go to the Hardware tab. The current device name is shown in Udev Rules. Click Change. 3 Select whether udev should identify the card by its MAC Address or Bus ID. The current MAC address and bus ID of the card are shown in the dialog. 4 To change the device name, check the Change Device Name option and edit the name.
Page 250 1 In YaST select a card from the list of detected cards in Network Devices > Network Settings and click Edit. 2 In the General tab, select the desired entry from Device Activation. Choose At Boot Time to start the device during the system boot. With On Cable Connection, the interface is watched for any existing physical connection.
Page 251 Configuring the Firewall Without having to enter the detailed firewall setup as described in Section “Configuring the Firewall with YaST” (Chapter 15, Masquerading and Firewalls, ↑Security Guide), you can determine the basic firewall setup for your device as part of the device setup. Proceed as follows: 1 Open the YaST Network Devices >...
Page 252 4 Click Next. 5 Activate the configuration by clicking OK. Configuring an Undetected Network Card Your card may not be detected correctly. In this case, the card is not included in the list of detected cards. If you are sure that your system includes a driver for your card, you can configure it manually.
Page 253 Configuring Hostname and DNS If you did not change the network configuration during installation and the wired card was already available, a hostname was automatically generated for your computer and DHCP was activated. The same applies to the name service information your host needs to integrate into a network environment.
Page 254 If the Custom Policy option is selected, a Custom Policy Rule string defining the merge policy should be specified. The string consists of a comma-separated list of interface names to be considered a valid source of settings. Except for complete interface names, basic wildcards to match multiple interfaces are allowed, as well.
Page 255 device). To omit any of these values, use the minus sign -. To enter a default gateway into the table, use default in the Destination field. NOTE If more default routes are used, it is possible to specify the metric option to determine which route has a higher priority.
Page 256 Figure 19.4 Modem Configuration If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone.
Page 257 In the last dialog, specify additional connection options: Dial on Demand If you enable Dial on Demand, set at least one name server. Use this feature only if your Internet connection is inexpensive, because there are programs that period- ically request data from the Internet. Modify DNS when Connected This option is enabled by default, with the effect that the name server address is updated each time you connect to the Internet.
Page 258 19.4.3 ISDN Use this module to configure one or several ISDN cards for your system. If YaST did not detect your ISDN card, click on Add in the ISDN Devices tab and manually select your card. Multiple interfaces are possible, but several ISPs can be configured for one interface.
Page 259 for PCMCIA or USB devices, loads the driver after the device is plugged in. When finished with these settings, select OK. In the next dialog, specify the interface type for your ISDN card and add ISPs to an existing interface. Interfaces may be either the SyncPPP or the RawIP type, but most ISPs operate in the SyncPPP mode, which is described below.
Page 260 Use one of the internal numbers as your MSN. You should be able to use at least one of the exchange's MSNs that have been enabled for direct outward dialing. If this does not work, try a single zero. For further information, consult the documentation delivered with your phone exchange.
Page 261 desired, specify a time-out for the connection—the period of network inactivity (in seconds) after which the connection should be automatically terminated. Confirm your settings with Next. YaST displays a summary of the configured interfaces. To activate these settings, select OK. 19.4.4 Cable Modem In some countries it is quite common to access the Internet through the TV cable net- work.
Page 262 In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device. The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way.
Page 263 Figure 19.7 DSL Configuration To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99.
Page 264: Networkmanager
19.5 NetworkManager NetworkManager is the ideal solution for a mobile workstation. With NetworkManager, you do not need to worry about configuring network interfaces and switching between networks when you are moving. NetworkManager can automatically connect to known WLAN networks. If you have two or more connection possibilities, it can connect to the faster one.
Page 265: Configuring A Network Connection Manually
NetworkManager tries to keep your computer connected at all times using the best connection available. If the network cable is accidentally disconnected, it tries to reconnect. It can find the network with the best signal strength from the list of your wireless connections and automatically use it to connect.
Page 266: Configuration Files
Table 19.5 Manual Network Configuration Scripts Command Function if{up,down,status} The if* scripts start, stop network interfaces or return the status of the specified interface. More information is available in the manual page of ifup. rcnetwork The rcnetwork script can be used to start, stop or restart all network interfaces (or just a specified one).
Page 267 /etc/sysconfig/network/{config, dhcp, wireless} The file config contains general settings for the behavior of ifup, ifdown and ifstatus. dhcp contains settings for DHCP and wireless for wireless LAN cards. The variables in all three configuration files are commented. Some of the variables from /etc/sysconfig/network/config can also be used in ifcfg-* files, where they are given a higher priority.
Page 268 An (optional) fifth column can be used to specify the type of a route. Columns that are not needed should contain a minus sign - to ensure that the parser correctly interprets the command. For details, refer to the routes(5) man page. /etc/resolv.conf The domain to which the host belongs is specified in this file (keyword search).
Page 269 netconfig recognizes three main actions. The netconfig modify and netconfig remove commands are used by daemons such as dhcp or ppp to provide or remove settings to netconfig. Only the netconfig update command is available for the user: modify The netconfig modify command modifies the current interface and service specific dynamic settings and updates the network configuration.
Page 270 /etc/hosts In this file, shown in Example 19.6, “/etc/hosts” (page 258), IP addresses are as- signed to hostnames. If no name server is implemented, all hosts to which an IP connec- tion will be set up must be listed here. For each host, enter a line consisting of the IP address, the fully qualified hostname, and the hostname into the file.
Page 271 hosts: searches the /etc/hosts file bind: accesses a name server nis: uses NIS multi on/off Defines if a host entered in /etc/hosts can have multiple IP addresses. nospoof on These parameters influence the name server spoofing but do spoofalert on/off not exert any influence on the network configuration.
Page 272 Example 19.9 /etc/nsswitch.conf passwd: compat group: compat hosts: files dns networks: files dns services: db files protocols: db files netgroup: files automount: files nis The “databases” available over NSS are listed in Table 19.7, “Databases Available via (page 260). In addition, automount, bootparams, netmasks /etc/nsswitch.conf”...
Page 273 protocols Network protocols, used by getprotoent; see the protocols(5) man page. Remote procedure call names and addresses, used by getrpcbyname and similar functions. services Network services, used by getservent. shadow Shadow passwords of users, used by getspnam; see the shadow(5) man page. Table 19.8 Configuration Options for NSS “Databases”...
Page 274 If the caching for passwd is activated, it usually takes about fifteen seconds until a newly added local user is recognized. Reduce this waiting time by restarting nscd with the command rcnscd restart. /etc/HOSTNAME This contains the hostname without the domain name attached. This file is read by several scripts while the machine is booting.
Page 275 route This object represents the routing table entry. rule This object represents a rule in the routing policy database. maddress This object represents a multicast address. mroute This object represents a multicast routing cache entry. tunnel This object represents a tunnel over IP. If no command is given, the default command is used (usually list).
Page 276 for ip addr, enter ip addr help. Find the ip manual in /usr/share/doc/ packages/iproute2/ip-cref.pdf. Testing a Connection with ping The ping command is the standard tool for testing whether a TCP/IP connection works. It uses the ICMP protocol to send a small data packet, ECHO_REQUEST datagram, to the destination host, requesting an immediate reply.
Page 277 In a system with multiple network devices, it is sometimes useful to send the ping through a specific interface address. To do so, use the -I option with the name of the selected device, for example, ping -I wlan1 example.com. For more options and information about using ping, enter ping -h or see the ping (8) man page.
Page 278 Example 19.11 Output of the ifconfig Command eth0 Link encap:Ethernet HWaddr 00:08:74:98:ED:51 inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:634735 errors:0 dropped:0 overruns:4 frame:0 TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:162531992 (155.0 Mb) TX bytes:49575995 (47.2 Mb) Interrupt:11 Base address:0xec80 Link encap:Local Loopback inet addr:127.0.0.1...
Page 279 Example 19.12 Output of the route -n Command route -n Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.20.0.0 255.255.248.0 0 eth0 link-local 255.255.0.0 0 eth0 loopback 255.0.0.0 0 lo default styx.exam.com 0.0.0.0 0 eth0 For more options and information about using route, enter route -h or see the route (8) man page.
Page 280: Smpppd As Dial-Up Assistant
/etc/init.d/ypbind Starts the NIS client. 19.7 smpppd as Dial-up Assistant Some home users do not have a dedicated line connecting them to the Internet. Instead, they use dial-up connections. Depending on the dial-up method (ISDN or DSL), the connection is controlled by ipppd or pppd. Basically, all that needs to be done to go online is to start these programs correctly.
Page 281 bind-address = ip address If a host has several IP addresses, use this parameter to determine at which IP ad- dress smpppd should accept connections. The default is to listen at all addresses. host-range = min ipmax ip The parameter host-range defines a network range. Hosts whose IP addresses are within this range are granted access to smpppd.
Page 282 server = server Specify the host on which smpppd runs. port = port Specify the port on which smpppd runs. password = password Insert the password selected for smpppd. If smpppd is active, you can now try to access it. For example, with cinternet --verbose --interface-list.
Page 283: 0 Wireless Communication
Wireless Communication There are several possibilities for using your Linux system to communicate with other computers, cellular phones, or peripheral devices. WLAN (wireless LAN) can be used to network laptops. Bluetooth can be used to connect individual system components (mouse, keyboard), peripheral devices, cellular phones, PDAs and individual computers with each other.
Page 284 Table 20.1 Overview of Various WLAN Standards Name Band (GHz) Maximum Note Transmission Rate (Mbit/s) 802.11 Legacy Outdated; virtually no end devices available 802.11a Less interference-prone 802.11b Less common 802.11g Widespread, backwards- compatible with 11b 802.11n draft 2.4 and/or 5 Common 802.11 Legacy cards are not supported by SUSE®...
Page 285 is usually used. It is even possible to use a WLAN card as an access point. Some cards support this functionality. Authentication Because a wireless network is much easier to intercept and compromise than a wired network, the various standards include authentication and encryption methods. In the original version of the IEEE 802.11 standard, these are described under the term WEP.
Page 286 does not need a complex key management like WPA-EAP and is more suitable for private use. Therefore, WPA-PSK is sometimes referred to as WPA “Home”. WPA-EAP (according to IEEE 802.1x) Actually, WPA-EAP is not an authentication system but a protocol for transporting authentication information.
Page 287 Some vendors have implemented the non-standard “Dynamic WEP”. It works ex- actly as WEP and shares the same weaknesses, except the fact that the key is peri- odically changed by a key management service. TKIP (defined in WPA/IEEE 802.11i) This key management protocol defined in the WPA standard uses the same encryp- tion algorithm as WEP, but eliminates its weakness.
Page 288 Figure 20.1 YaST: Configuring the Wireless Network Card Operating Mode A station can be integrated in a WLAN in three different modes. The suitable mode depends on the network in which to communicate: Ad-hoc (peer-to-peer network without access point), Managed (network is managed by an access point), or Master (your network card should be used as the access point).
Page 289 WEP Keys Either enter the default key here or click WEP Keys to enter the advanced key configuration dialog. Set the length of the key to 128 bit or 64 bit. The default setting is 128 bit. In the list area at the bottom of the dialog, up to four different keys can be specified for your station to use for the encryption.
Page 290 Access Point In an environment with several access points, one of them can be preselected by specifying the MAC address. Use Power Management When you are on the road, use power saving technologies to maximize the operating time of your battery. More information about power management is available in Chapter 17, Power Management (page 191).
Page 291 20.1.4 Tips and Tricks for Setting Up a WLAN These tips can help tweak speed and stability as well as security aspects of your WLAN. Stability and Speed The performance and reliability of a wireless network mainly depend on whether the participating stations receive a clean signal from the other stations.
Page 292 20.1.5 Troubleshooting If your WLAN card fails to respond, check if you have downloaded the needed firmware. Refer to /usr/share/doc/packages/wireless-tools/README.firmware for more information. Multiple Network Devices Modern laptops usually have a network card and a WLAN card. If you configured both devices with DHCP (automatic address assignment), you may encounter problems with the name resolution and the default gateway.
Page 293: 1 Slp Services In The Network
SLP Services in the Network The service location protocol (SLP) was developed to simplify the configuration of networked clients within a local network. To configure a network client, including all required services, the administrator traditionally needs detailed knowledge of the servers available in the network.
Page 294: Activating Slp
21.2 Activating SLP slpd must run on your system to offer services with SLP. If the machine should only operate as client, and does not offer services, it is not necessary to run slpd. Like most system services in SUSE Linux Enterprise Desktop, the slpd daemon is controlled by means of a separate init script.
Page 295: Providing Services Via Slp
21.4 Providing Services via SLP Many applications in SUSE Linux Enterprise Desktop have integrated SLP support through the use of the libslp library. If a service has not been compiled with SLP support, use one of the following methods to make it available via SLP: Static Registration with /etc/slp.reg.d Create a separate registration file for each new service.
Page 296: For More Information
Dynamic Registration with slptool If a service should be registerd dynamically without the need of configuration files, use the slptool command line utility. The same utility can also be used to deregister an existing service offering without restarting slpd. 21.5 For More Information The following sources provide further information about SLP: RFC 2608, 2609, 2610 RFC 2608 generally deals with the definition of SLP.
Page 297: 2 Time Synchronization With Ntp
Time Synchronization with The NTP (network time protocol) mechanism is a protocol for synchronizing the system time over the network. First, a machine can obtain the time from a server that is a reliable time source. Second, a machine can itself act as a time source for other computers in the network.
Page 298: Configuring An Ntp Client With Yast
22.1 Configuring an NTP Client with YaST ntp is preset to use the local computer clock as a time reference. Using the (BIOS) clock, however, only serves as a fallback for the case that no time source of greater precision is available. YaST facilitates the configuration of an NTP client. For a system that is not running a firewall, use either the quick or advanced configuration.
Page 299 logging feature) of your NTP daemon. Using these restrictions is recommended for servers out of your control (for example, on the Internet). Refer to /usr/share/doc/packages/ntp-doc (part of the ntp-doc package) for detailed information. Peer A peer is a machine to which a symmetric relationship is established: it acts both as a time server and as a client.
Page 300 Figure 22.1 Advanced NTP Configuration: Security Settings In the Security Settings tab, determine whether ntpd should be started in a chroot jail. By default, Run NTP Daemon in Chroot Jail is activated. This increases the security in the event of an attack over ntpd, because it prevents the attacker from compromising the entire system.
Page 301: Manually Configuring Ntp In The Network
22.2 Manually Configuring ntp in the Network The easiest way to use a time server in the network is to set server parameters. For ex- ample, if a time server called ntp.example.com is reachable from the network, add its name to the file /etc/ntp.conf by adding the following line: server ntp.example.com To add more time servers, insert additional lines with the keyword server.
Page 302 work. For this purpose, they are assigned special IP addresses in the form 127.127.t.u. Here, t stands for the type of the clock and determines which driver is used and u for the unit, which determines the interface used. Normally, the individual drivers have special parameters that describe configuration details.
Page 303: 3 Using Networkmanager
Using NetworkManager NetworkManager is the ideal solution for laptops and other portable computers. With NetworkManager, you do not need to worry about configuring network interfaces and switching between wired or wireless networks when you are moving. NetworkManager can automatically connect to known wireless networks. It can also manage several network connections in parallel, the fastest connection is then used as default.
Page 304: Enabling Networkmanager
• You want to use SCPM for network configuration management. To use SCPM and NetworkManager at the same time, disable the network resource in SCPM configu- ration. 23.2 Enabling NetworkManager If you want to manage your network connection with NetworkManager, enable Net- workManager in the YaST Network Settings module.
Page 305: Configuring Network Connections
23.3 Configuring Network Connections After having enabled NetworkManager in YaST, configure your network connections in a dialog available from the GNOME Control Center or from the Personal Settings in KDE 4. If you use GNOME, start the GNOME Control Center from the main menu, then select System >...
Page 306: Using Kde Networkmanager Widget
to confirm your settings. The newly configured network connection now appears in the list of available networks you get by left-clicking the NetworkManager applet or widget. NOTE: Hidden Networks To connect to a “hidden” network (a network that does not broadcast its ser- vice) you have to know the Extended Service Set Identifier (ESSID) of the net- work because it cannot be detected automatically.
Page 307: Using Gnome Networkmanager Applet
Left-click any of the connection applets to choose another network connection at any time. Such a choice takes priority over automatically selected networks. The chosen network is used as long as it is available, meaning that plugging a network cable in does not switch to a wired network connection automatically.
Page 308 Procedure 23.1 Connecting to a Wireless Network 1 To connect to a wireless network, left-click the applet icon and choose en entry from the list of available wireless networks. 2 If the network is encrypted, a dialog opens. Choose the type of Wireless Security the network uses and enter the appropriate Password.
Page 309: Networkmanager And Vpn
2 Add the network name and set the encryption in the Wireless Security dialog. IMPORTANT: Unprotected Wireless Networks Are a Security Risk If you set Wireless Security to None, everybody can connect to your network, reuse your connectivity and intercept your network connection. To restrict access to your access point and to secure your connection, use encryption.
Page 310: Networkmanager And Security
PPTP support for KDE is not available yet, but is being worked on. For GNOME, choose one of the following: • NovellVPN support for GNOME NetworkManager applet—package NetworkManager-novellvpn-gnome • OpenVPN support for GNOME NetworkManager applet—package NetworkManager-openvpn-gnome • vpnc (Cisco) support for GNOME NetworkManager applet—package NetworkManager-vpnc-gnome •...
Page 311: Frequently Asked Questions
Chapter 12, Certificate Store (↑Security Guide). Another option is to use single sign-on with Novell CASA. Single Sign-on is a method of access control that enables users to authenticate once and thus gain access to the re- sources of multiple software systems.
Page 312 ernet cards), you can tie a connection to a certain device by explicitly specifying the hardware address (or MAC address) of the device. Look up the MAC address of your device either in the Connection Information, available from the applet/widget, or use the output of command line tools like nm-tool or ifconfig.
Page 313: Troubleshooting
2. As the DCHP server uses port 67, make sure that it is not blocked by the firewall: On the machine sharing the connections, start YaST and select Security and Users > Firewall. Switch to the Allowed Services category. If DCHP Server is not already shown as Allowed Service, select DCHP Server from Services to Allow and click Add.
Page 314: For More Information
If your KDE 4 system tray does not show any icon for network connections (as might be the case after switching from a static network configuration to user-con- trolled with NetworkManager in YaST), add the NetworkManager widget to the panel: right-click an empty patch on the panel, and select Panel Options > Add Widgets.
Page 315 • Also check out the information in the following directories for the latest information about NetworkManager and the GNOME NetworkManager applet and the KDE NetworkManager widget: /usr/share/doc/packages/NetworkManager/, /usr/share/doc/packages/NetworkManager-kde4/ and /usr/ share/doc/packages/NetworkManager-gnome/ Using NetworkManager...
Page 317: 4 Samba
Samba Using Samba, a Unix machine can be configured as a file and print server for Mac OS X, Windows, and OS/2 machines. Samba has developed into a fully-fledged and rather complex product. Configure Samba with YaST, SWAT (a Web interface), or by editing the configuration file manually.
Page 318 An implementation that works relatively closely with network hardware is called NetBEUI, but this is often referred to as NetBIOS. Network protocols imple- mented with NetBIOS are IPX from Novell (NetBIOS via TCP/IP) and TCP/IP. The NetBIOS names sent via TCP/IP have nothing in common with the names used in /etc/hosts or those defined by DNS.
Page 319: Configuring A Samba Server
24.2 Configuring a Samba Server For configuring a Samba server, see the SUSE Linux Enterprise Server documentation. 24.3 Configuring Clients Clients can only access the Samba server via TCP/IP. NetBEUI and NetBIOS via IPX cannot be used with Samba. 24.3.1 Configuring a Samba Client with YaST Configure a Samba client to access resources (files or printers) on the Samba server.
Page 320: For More Information
necessary to prepare user accounts and passwords in an encryption format that conforms with Windows. Do this with the command smbpasswd -a name. Create the domain account for the computers, required by the Windows domain concept, with the following commands: Example 24.2 Setting Up a Machine Account useradd hostname\$ smbpasswd -a -m hostname...
Page 321 The Samba HOWTO Collection provided by the Samba team includes a section about troubleshooting. In addition to that, Part V of the document provides a step-by-step guide to checking your configuration. You can find Samba HOWTO Collection in /usr/share/doc/packages/samba/Samba-HOWTO-Collection.pdf after installing the package samba-doc. http://en.openSUSE.org/ Also read the Samba page in the openSUSE wiki at Samba.
Page 323: 5 Sharing File Systems With Nfs
Sharing File Systems with NFS Distributing and sharing file systems over a network is a common task in corporate environments. NFS is a proven system that also works together with the yellow pages protocol NIS. For a more secure protocol that works together with LDAP and may also be kerberized, check NFSv4.
Page 324: Importing File Systems Manually
In the NFS Settings tab, click Open Port in Firewall to open the firewall to allow access to the service from remote computers. The firewall status is displayed next to the check box. When using NFSv4, make sure that the checkbox Enable NFSv4 is enabled, and that the NFSv4 Domain Name contains the same value as used by the NFSv4 server.
Page 325 mounted in the file system just like local hard disks using the mount command in the following manner: mount host:remote-path local-path If user directories from the machine nfs.example.com, for example, should be imported, use the following command: mount nfs.example.com:/home /home 25.3.1 Using the Automount Service As well as the regular local device mounts, the autofs daemon can be used to mount remote file systems automatically too.
Page 326: Nfs With Kerberos
NFSv4 mounts may also be added to the /etc/fstab file manually. For these mounts, use nfs4 instead of nfs in the third column and make sure that the remote file system is given as / after the nfs.example.com: in the first column. A sample line for an NFSv4 mount in /etc/fstab looks like this: nfs.example.com:/ /local/pathv4 nfs4 rw,noauto 0 0 The noauto option prevents the file system from being mounted automatically at start...
Page 327: For More Information
25.5 For More Information As well as the man pages of exports, nfs, and mount, information about configuring an NFS server and client is available in /usr/share/doc/packages/nfsidmap/ README. Online documentation can be found at the following Web documents: • Find the detailed technical documentation online at SourceForge [http://nfs .sourceforge.net/].
Page 329: 6 File Synchronization
File Synchronization Today, many people use several computers—one computer at home, one or several computers at the workplace, and possibly a laptop or PDA on the road. Many files are needed on all these computers. You may want to be able to work with all computers and modify the files and subsequently have the latest version of the data available on all computers.
Page 330 WARNING: Risk of Data Loss Before you start managing your data with a synchronization system, you should be well acquainted with the program used and test its functionality. A backup is indispensable for important files. The time-consuming and error-prone task of manually synchronizing data can be avoided by using one of the programs that use various methods to automate this job.
Page 331: Determining Factors For Selecting A Program
26.2 Determining Factors for Selecting a Program There are some important factors to consider when deciding which program to use. 26.2.1 Client-Server versus Peer-to-Peer Two different models are commonly used for distributing data. In the first model, all clients synchronize their files with a central server. The server must be accessible by all clients at least occasionally.
Page 332 There is no conflict handling in rsync. The user is responsible for not accidentally overwriting files and manually resolving all possible conflicts. To be on safe side, a versioning system like RCS can be additionally employed. 26.2.5 Selecting and Adding Files In CVS, new directories and files must be added explicitly using the command cvs add.
Page 333 26.2.9 User Friendliness rsync is rather easy to use and is also suitable for newcomers. CVS is somewhat more difficult to operate. Users should understand the interaction between the repository and local data. Changes to the data should first be merged locally with the repository. This is done with the command cvs update.
Page 334: Introduction To Cvs
rsync File Sel. Sel./file, dir. Dir. History Hard Disk Space Difficulty Attacks + (ssh) +(ssh) Data Loss 26.3 Introduction to CVS CVS is suitable for synchronization purposes if individual files are edited frequently and are stored in a file format, such as ASCII text or program source text. The use of CVS for synchronizing data in other formats, such as JPEG files, is possible, but leads to large amounts of data, because all variants of a file are stored permanently on the CVS server.
Page 335 CVS_RSH=ssh CVSROOT=tux@server:/serverdir The command cvs init can be used to initialize the CVS server from the client side. This needs to be done only once. Finally, the synchronization must be assigned a name. Select or create a directory on the client exclusively to contain files to manage with CVS (the directory can also be empty).
Page 336: Introduction To Rsync
Start the synchronization with the server with cvs update. Update individual files or directories as in cvs update file1 directory1. To see the difference between the current files and the versions stored on the server, use the command cvs diff or cvs diff file1 directory1.
Page 337: Configuration And Operation
application concerns staging servers. These are servers that store complete directory trees of Web servers that are regularly mirrored onto a Web server in a DMZ. 26.4.1 Configuration and Operation rsync can be operated in two different modes. It can be used to archive or copy data. To accomplish this, only a remote shell, like ssh, is required on the target system.
Page 338: For More Information
can alternatively be started by xinetd. This is, however, only recommended for servers that rarely use rsyncd. The example also creates a log file listing all connections. This file is stored in /var/ log/rsyncd.log. It is then possible to test the transfer from a client system. Do this with the following command: rsync -avz sun::FTP This command lists all files present in the directory /srv/ftp of the server.

This manual is also suitable for:

Suse linux enterprise desktop 11

Novell LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009 Administration Manual

About this Guide

Part I Support and Common Tasks

1 Yast Online Update

2 Gathering System Information for Support

3 Yast in Text Mode

4 GNOME Configuration for Administrators

5 Managing Software with Command Line Tools

6 Accessing Remote Desktops with Nomad

7 Bash and Bash Scripts

Part II System

32 Bit and 64-Bit Applications in a 64-Bit System Environment

9 Booting and Configuring a Linux System

10 The Boot Loader GRUB

1 Special System Features

2 Printer Operation

3 Dynamic Kernel Device Management with Udev

4 The X Window System

5 Accessing File Systems with FUSE

Part III Mobile Computers

6 Mobile Computing with Linux

7 Power Management

8 Using Tablet Pcs

Part IV Services

9 Basic Networking

20 Wireless Communication

1 SLP Services in the Network

2 Time Synchronization with NTP

3 Using Networkmanager

4 Samba

5 Sharing File Systems with NFS

6 File Synchronization

Quick Links

Troubleshooting

Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009

Summary of Contents for Novell LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009