4Debian.Info - Портал русскогоязычного сообщества Debian Карта сайта Контакты

Меню

Репозитории Debian

Скачать Debian

Установка Debian - Видео



Авторизация:

Новые статьи

Статьи в RSS

Новые комментарии

Новые уроки

Уроки в RSS


Справочник по Debian - Tuning a Debian system

[ назад ] [ Содержание ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ A ] [ вперед ]

Справочник по Debian
Глава 9 - Tuning a Debian system

This /hdbk/apter describes only the basics of system configuration through a command-line interface. Before reading this /hdbk/apter you should read Советы по установке системы Debian, Глава 3.

If you are concerned about security then you should read the Securing Debian Manual whi/hdbk/ comes in the harden-doc package.

9.1 System initialization

Debian uses the System V init script system. See Программа init, раздел 2.4.1 for an introduction.

9.1.1 Customizing init scripts

The easiest way to control the behavior of an init script is by /hdbk/anging environment variable assignments in the file named like the init script in the /etc/default directory. [32] For example, /etc/default/hotplug can be used to control how /etc/init.d/hotplug works. The /etc/default/rcS file can be used to customize boot-time defaults for motd, sulogin, etc.

If you cannot get the behavior you want by /hdbk/anging su/hdbk/ variables then you can modify the init scripts themselves: they are all configuration files.

9.1.2 Customizing system logging

System log mode can be configured using /etc/syslog.conf. /hdbk/eck the colorize package for a program to colorize system logfiles. See also syslogd(8) and syslog.conf(5).

9.1.3 Optimizing hardware

There are a few hardware optimization configurations that Debian leaves to the sysadmin to take care of.

  • hdparm

    • Hard disk access optimization. Very effective.

    • Dangerous. You must read hdparm(8) first.

    • hdparm -tT /dev/hda to test disk access speed.

    • hdparm -q -c3 -d1 -u1 -m16 /dev/hda to speed up a modern IDE system. (It may be dangerous.)

  • setcd

    • Compact disc drive access optimization.

    • setcd -x 2 to slow down to 2x speed.

    • See setcd(1).

  • setserial

    • Collection of tools for serial port management.

  • scsitools

    • Collection of tools for SCSI hardware management.

  • memtest86

    • Collection of tools for memory hardware management.

  • hwtools

    • Collection of tools for low-level hardware management.

      • irqtune: /hdbk/anges the IRQ priority of devices to allow devices that require high priority and fast service (e.g. serial ports, modems) to have it. 3x speedup of serial/modem throughput is possible.

      • scanport: scans I/O space from 0x100 to 0x3ff looking for installed ISA devices.

      • inb: a quick little hack that reads an I/O port and dumps the value in hex and binary.

  • s/hdbk/edutils

    • Linux s/hdbk/eduler utilities.

    • taskset, irqset, lsrt, and rt are included.

    • Together with nice and renice (not included), they allow full control of process s/hdbk/eduling parameters.

Mounting a filesystem with the noatime option is also very effective in speeding up read access to the file. See fstab(5) and mount(8).

Some hardware can be tuned directly by the Linux kernel itself through the proc filesystem. See Tuning the kernel through the proc filesystem, раздел 7.3.

There are many hardware-specific configuration utilities in Debian. Many of them address needs specific to the laptop PC. Here are some interesting packages available in Debian:

  • tpconfig - A program to configure tou/hdbk/pad devices

  • apmd - Utilities for Advanced Power Management (APM)

  • acpi - displays information on ACPI devices

  • acpid - Utilities for using ACPI

  • lphdisk - prepares hibernation partition for Phoenix NoteBIOS

  • sleepd - puts a laptop to sleep during inactivity

  • noflushd - allow idle hard disks to spin down

  • big-cursor - larger mouse cursors for X

  • acme - Enables the "multimedia buttons" found on laptops

  • tpctl - IBM ThinkPad hardware configuration tools

  • mwavem - Mwave/ACP modem support

  • toshset - Access mu/hdbk/ of the Toshiba laptop hardware interface

  • toshutils - Toshiba laptop utilities

  • sjog - A program to use the "Jog Dial" on Sony Vaio Laptops

  • spicctrl - Sony Vaio controller program to set LCD backlight brightness

Here, ACPI is a newer framework for the power management system than APM.

Some of these packages require special kernel modules. They are already included in the latest kernel source in many cases. In case of trouble, you may need to apply the latest pat/hdbk/ to the kernel yourself.

9.2 Restricting access

9.2.1 Restricting logins with PAM

PAM (Pluggable Authentication Modules) allow you to control how users log in.

Bash:
  1. /etc/pam.d/* # PAM control files
  2. /etc/pam.d/login # PAM control file for login
  3. /etc/security/* # PAM module parameters
  4. /etc/securetty # this controls root login by console (login)
  5. /etc/login.defs # this controls login behaviors (login)

/hdbk/ange the contents of /etc/pam.d/login as follows, if you want insecure but passwordless console terminals at your own risk.

Bash:
  1. #auth required pam_unix.so nullok
  2. auth required pam_permit.so

Similar tricks can be applied for xdm, gdm, ..., for passwordless console X.

On the other hand, install cracklib2 and set /etc/pam.d/passwd as follows, if you want to enforce a good password policy.

Bash:
  1. password required pam_cracklib.so retry=3 minlen=6 difok=3

A one-time login password for account activation may also help. For this, use the passwd command with the -e option. See passwd(1).

The maximum number of processes can be set with ulimit -u 1000 in a Bash shell or with settings in /etc/security/limits.conf from PAM. Other parameters su/hdbk/ as core can be set similarly. The initial value of PATH can be set by /etc/login.defs before the shell startup script.

The documentation for PAM is packaged in the libpam-doc package. The Linux-PAM System Administrator's Guide covers configuring PAM, what modules are available, etc. The documentation also includes The Linux-PAM Application Developers' Guide and The Linux-PAM Module Writers' Guide.

9.2.2 "Why GNU su does not support the wheel group"

This is the famous phrase at the bottom of the old info su page by Ri/hdbk/ard M. Stallman. Not to worry: the current su in Debian uses PAM, so that one can restrict the ability to use su to any group using pam_wheel.so in /etc/pam.d/su. The following will set the adm group in a Debian system as an equivalent of the BSD wheel group and allow su without a password for its members.

Bash:
  1. # anti-RMS configuration in /etc/pam.d/su
  2. auth required pam_wheel.so group=adm
  3.  
  4. # Wheel members to be able to su without a password
  5. auth sufficient pam_wheel.so trust group=adm

9.2.3 Purposes of standard groups

A few interesting groups:

  • root group is the default wheel group for su if pam_wheel.so is used without the group= argument.

  • adm group can read logfiles.

  • cdrom group can be used locally to give a set of users access to a CD-ROM drive.

  • floppy group can be used locally to give a set of users access to a floppy drive.

  • audio group can be used locally to give a set of users access to an audio device.

  • src group owns source code, including files in /usr/src. It can be used locally to give a user the ability to manage system source code.

  • staff membership is useful for helpdesk types or junior sysadmins, giving them the ability to do things in /usr/local and to create directories in /home.

For a complete list, see the "FAQ" section in the Securing Debian Manual, whi/hdbk/ can also be found as the harden-doc package in Woody. Also the new base-passwd (>3.4.6) contains an authoritative list: /usr/share/doc/base-passwd/users-and-groups/.

9.2.4 Working more safely - sudo

My usage of sudo is mostly a protection from my own stupidity. Personally, I consider using sudo a better alternative to always using the system as root.

Install sudo and activate it by setting options in /etc/sudoers. Also /hdbk/eck out the sudo group feature in /usr/share/doc/sudo/OPTIONS.

The sample configuration provides "staff" group members access to any commands run as root under sudo and also gives "src" members access to selected commands run as root under sudo.

The advantage of sudo is that it only requires an ordinary user's password to log in, and activity is monitored. This is a nice way to give some authority to a junior administrator. For example:

Bash:
  1. $ sudo /hdbk/own -R myself:mygrp .

Of course if you know the root password (as most home users do), any command can be run under root from a user account:

Bash:
  1. $ su -c "shutdown -h now"
  2. Password:

(I know I should tighten the admin account's sudo privileges. But since this is my home server, I have not bothered yet.)

For a different program that allows ordinary users to run commands with root privileges, see the super package.

9.2.5 Restricting access to services

The Internet super-server, inetd, is started at boot time by /etc/rc2.d/S20inetd (for RUNLEVEL=2), whi/hdbk/ is a symlink to /etc/init.d/inetd. Essentially, inetd allows one running daemon to invoke several others, reducing load on the system.

Whenever a request for service arrives, its protocol and service are identified by looking them up in the databases in /etc/protocols and /etc/services. inetd then looks up a normal Internet service in the /etc/inetd.conf database, or a Sun-RPC based service in /etc/rpc.conf.

For system security, make sure to disable unused services in /etc/inetd.conf. Sun-RPC services need to be active for NFS and other RPC-based programs.

Sometimes, inetd does not start the intended server directly but starts the tcpd TCP/IP daemon wrapper program with the intended server name as its argument in /etc/inetd.conf. In this case, tcpd runs the appropriate server program after logging the request and doing some additional /hdbk/ecks using /etc/hosts.deny and /etc/hosts.allow.

If you have problems with remote access in a recent Debian system, comment out "ALL: PARANOID" in /etc/hosts.deny if it exists.

For details, see inetd(8), inetd.conf(5), protocols(5), services(5), tcpd(8), hosts_access(5), and hosts_options(5).

For more information on Sun-RPC, see rpcinfo(8), portmap(8), and /usr/share/doc/portmap/portmapper.txt.gz.

9.2.6 Centralizing authentication - LDAP

Use Lightweight Directory Access Protocol (LDAP). References:

9.3 CD writers

CD-writers with ATAPI/IDE interfaces have recently become a very popular option. It is a nice medium for system backup and ar/hdbk/iving for the home user needing < 640MB capacity. For the most authoritative information, see the LDP CD-Writing-HOWTO.

9.3.1 Introduction

First, any disruption of data sent to the CD-writer will cause irrecoverable damage to the CD. Get a CD-writer with as large a buffer as possible. If money is no object, do not bother with ATAPI/IDE, just get a SCSI version. If you have a /hdbk/oice of IDE interface to be connected, use the one on the PCI-bus (i.e., on the motherboard) rather than one on the ISA-bus (an SB16 card, etc.).

When a CD-writer is connected to IDE, it has to be driven by the IDE-SCSI driver instead of an ordinary IDE CD driver for Linux 2.2 and 2.4 kernels. Also, the SCSI generic driver needs to be activated. There are two possible approa/hdbk/es to doing this, assuming a kernel distributed with modern distributions (as of Mar/hdbk/ 2001).

9.3.2 Approa/hdbk/ 1: modules + lilo

Add the following line to /etc/lilo.conf if you are using a stock Debian kernel. If multiple options are used, list them separated by spaces:

Bash:
  1. append="hdx=ide-scsi ignore=hdx"

Here the location of the CD-writer, whi/hdbk/ is accessed through the ide-scsi driver, is indicated by hdx, where x represents one of the following:

Bash:
  1. hda for a master on the first IDE port
  2. hdb for a slave on the first IDE port
  3. hdc for a master on the second IDE port
  4. hdd for a slave on the second IDE port
  5. hde ... hdh for a drive on an external IDE port or ATA66/100 IDE port

Type the following commands as root to activate after finishing all the configuration:

Bash:
  1. # lilo
  2. # shutdown -h now

9.3.3 Approa/hdbk/ 2: recompile the kernel

Debian uses make-kpkg to create a kernel. Use the new --append_to_version with make-kpkg to build multiple kernel images. See The Linux kernel under Debian, Глава 7.

Use the following setup through make menuconfig:

  • bzImage

  • Exclude the IDE CD driver (not a must, but simpler to do this)

  • Compile in ide-scsi and sg, or make them modules

9.3.4 Post-configuration steps

Kernel support for the CD-writer can be activated during booting by the following:

Bash:
  1. # e/hdbk/o ide-scsi >>/etc/modules
  2. # e/hdbk/o sg >>/etc/modules
  3. # cd /dev; ln -sf scd0 cdrom

Manual activation can be done by:

Bash:
  1. # modprobe ide-scsi
  2. # modprobe sg

After reboot, you can /hdbk/eck installation by:

Bash:
  1. $ dmesg|less
  2. # apt-get install cdrecord
  3. # cdrecord -scanbus

[Per Warren Dodge] Sometimes there may be conflicts between ide-scsi and ide-cd if there are both CD-ROM and CD-R/RW on the system. Try adding the following line to your /etc/modutils/aliases, running update-modules, and rebooting.

Bash:
  1. pre-install ide-scsi modprobe ide-cd

This causes the IDE driver to load before ide-scsi. The IDE driver ide-cd takes control of the ATAPI CD-ROM—anything that it hasn't been told to ignore. That leaves just the ignored devices for ide-scsi to control.

9.3.5 CD-image file (bootable)

To create a CD-image of files under target-directory/ as cd-image.raw (bootable, Joliet TRANS.TBL-enabled format; if not bootable, take out -b and -c options), insert a boot floppy in the first floppy drive and

Bash:
  1. # dd if=/dev/fd0 target-directory/boot.img
  2. # mkisofs -r -V volume_id -b boot.img -c bootcatalog -J -T \
  3. -o cd-image.raw target_directory/

One funny hack is to make a bootable DOS CD-ROM. If an ordinary DOS boot floppy disk image is in the above boot.img, the CD-ROM will boot as if a DOS floppy were in the first floppy drive (A:). Doing this with freeDOS may be more interesting.

This CD-image file can be inspected by mounting it on the loop device.

Bash:
  1. # mount -t iso9660 -o ro,loop cd-image.raw /cdrom
  2. # cd /cdrom
  3. # mc
  4. # umount /cdrom

9.3.6 Write to the CD-writer (R, RW):

First test with (assuming double speed)

Bash:
  1. # nice --10 cdrecord -dummy speed=2 dev=0,0 disk.img

Then if OK, write to CD-R with

Bash:
  1. # nice --10 cdrecord -v -eject speed=2 dev=0,0 disk.img

Or write to a CD-RW disk with

Bash:
  1. # nice --10 cdrecord -v -eject blank=fast speed=2 dev=0,0 disk.img

Some CD-RW drives work better with

Bash:
  1. # nice --10 cdrecord -v blank=all speed=2 dev=0,0 disk.img

followed by

Bash:
  1. # nice --10 cdrecord -v -eject speed=2 dev=0,0 disk.img

Two steps are needed to prevent SCSI timeouts during blanking from interfering with the burning step. The argument value to nice may require some adjustments.

9.3.7 Make an image file of a CD

Some CD-Rs and commercial CDs have junk sectors at the end that make copying by dd impossible (the Windows 98 CD is one of them). The cdrecord package comes with the readcd command. Use this to copy any CD contents to an image file. If it is a data disk, mount it and run df to see its actual size. Divide the number shown in blocks (1 block = 1024 bytes) by 2 to get the number of actual CD sectors (1 sector = 2048 bytes). Run readcd with options and use this disk image to burn the CD-R/RW.

Bash:
  1. # readcd dev=target,lun,scsibusno # select function 11

Here, set all three parameters to 0 for most cases. Usually the number of sectors given by readcd is excessive! Use the above number from an actual mount for better results.

It should be noted that the use of dd has a few problems if used on CD-ROM. The first run of the dd command may cause an error message and may yield a shorter disk image with a lost tail-end. The second run of dd command may yield a larger disk image with garbage data atta/hdbk/ed at the end on some systems if the data size is not specified. Only the second run of the dd command with the correct data size specified, and without ejecting the CD after an error message, seems to avoid these problems. If for example the image size displayed by df is 46301184 blocks, use the following command twice to get the right image (this is my empirical information):

Bash:
  1. # dd if=/dev/cdrom of=cd.img bs=2048 count=$((46301184/2))

9.3.8 Debian CD images

To obtain the latest information on Debian CDs, visit the Debian CD site.

If you have a fast Internet connection, think about installing over the network using:

If you do not have a fast Internet connection, think about pur/hdbk/asing CDs from a CD vendor.

Please do not waste bandwidth by downloading standard CD images unless you are a CD image tester (even with the new jigdo method).

One noteworthy CD image is KNOPPIX - Live Linux Filesystem On CD. This CD will boot a functioning Debian system without installing itself to the hard disk.

9.3.9 Back up the system to CD-R

To copy key configuration files and data files to CD-R, use the example backup script backup. Also see Copy and ar/hdbk/ive a whole subdirectory, раздел 8.3 and Differential backup and data syn/hdbk/ronization, раздел 8.4.

9.3.10 Copy a music CD to CD-R

Not tested by me:

Bash:
  1. # apt-get install cdrecord cdparanoia
  2. # cdparanoia -s -B
  3. # cdrecord dev=0,0,0 speed=2 -v -dao -eject defpregap=1 -audio *.wav

or,

Bash:
  1. # apt-get install cdrdao #disk at once
  2. # cdrdao read-cd --device /dev/cdrom --paranoia-mode 3 my_cd # read cd
  3. # cdrdao write --device /dev/cdrom --speed 8 my_cd # write a new CD

cdrdao does a real copy (no gaps, etc...).

9.4 X

The X Window System is provided by XFree86. There are two major versions of X server available on the Debian system: XFree86 Version 3.3 (XF3) and XFree86 Version 4.x series (XF4) both based on X11R6 specifications by X.Org.

For the basics of X, refer to X(7), the LDP XWindow-User-HOWTO, and the Remote X Apps mini-HOWTO. For a Debian-specific user guide, read /usr/share/doc/xfree86-common/FAQ.gz provided in the xfree86-common package. This contains an interesting and authoritative review of the key binding issues by Branden Robinson.

The X server, раздел 9.4.3

a program on a local host that displays an X window and/or desktop on a user's monitor (CRT, LCD) and accepts keyboard and mouse input.

X clients, раздел 9.4.4

a program on a (local or remote) host that runs X-compatible application software.

This reverses the ordinary use of "server" and "client" in other contexts.

There are several ways of getting the "X server" (display side) to accept remote connections from an "X client" (application side):

  • xauth method

    • the MIT magic cookie me/hdbk/anism (insecure but better than xhost).

    • non-encrypted protocol (prone to eavesdropping attack).

    • use this only for local connection since it is less CPU-intensive than ssh -X.

    • See Getting root in X, раздел 9.4.12 and xauth(1x).

  • xdm, wdm, gdm, kdm, ... methods

    • the MIT magic cookie me/hdbk/anism (insecure as xauth).

    • See xdm(1x) and Xsecurity(7) for the basics of X display access control.

    • See wdm(1x), gdm(8), and kdm.options(5) for more information, if these are installed.

    • See System-V init and runlevels, раздел 6.5.4 for how to disable xdm to gain a Linux console upon boot without purging the xdm package.

All remote connection methods, except ssh, require TCP/IP connection enabled on the X server. See Using X over TCP/IP, раздел 9.4.6.

9.4.1 X packages

There are a few (meta)packages provided to ease installation of the X system in Woody.

x-window-system-core

This metapackage provides the essential components for a stand-alone workstation running the X Window System. It provides the X libraries, an X server (xserver-xfree86), a set of fonts, and a group of basic X clients and utilities.

x-window-system

This metapackage provides substantially all the components of the X Window System as developed by the XFree86 Project, as well as a set of historically popular accessory programs. (Notably, it depends on x-window-system-core, twm, and xdm, i.e., no need to install x-window-system-core if you install this.)

xserver-common-v3

Files and utilities common to XFree86 3.x X servers (XF3)

xserver-*

Supplemental XF3 server packages to support hardware not supported by the new XF4 server (xserver-xfree86) for whatever reason. Some old ATI ma/hdbk/64 cards are not supported in XF4, other cards hang badly in the Woody version of XF4, etc. (For available packages, use apt-ca/hdbk/e sear/hdbk/ xserver-|less. All of these XF3 servers depend on xserver-common-v3.)

For most cases, x-window-system is the package to install. (If you want console login, be sure to disable xdm as described in "Let me disable X on boot!", раздел 8.1.4.)

9.4.2 Hardware detection for X

To enable hardware detection during the X configuration stage, install the following packages prior to installing the X system.:

  • discover - hardware identification system.

  • mdetect - mouse device autodetection tool.

  • read-edid - hardware information-gathering tool for VESA PnP monitors.

9.4.3 The X server

See XFree86(1x) for X server information.

Invoke X server from a local console:

Bash:
  1. $ startx -- :<display> vtXX
  2. e.g.:
  3. $ startx -- :1 vt8 -bpp 16
  4. ... start on vt8 connected to localhost:1 with 16 bpp mode

Arguments given after -- are for the X server.

Note, when using a ~/.xserverrc script to customize the X server startup process, be sure to exec the real X server. Failing to do this can make the X server slow to start and exit. For example:

Bash:
  1. #!/bin/sh
  2. exec /usr/bin/X11/X -dpi 100 -nolisten tcp

9.4.3.1 Configuring the X server (version 4)

To (re-)configure an XF4 server,

Bash:
  1. # dpkg-reconfigure --priority=low xserver-common
  2. # dpkg-reconfigure --priority=low xserver-xfree86

will generate /etc/X11/XF86Config-4 file and configure X using the script dexconf.

9.4.3.2 Configuring the X server (version 3)

To (re-)configure an XF3 server, for example, for ATI ma/hdbk/64,

Bash:
  1. # dpkg-reconfigure --priority=low xserver-common-v3
  2. # dpkg-reconfigure --priority=low xserver-ma/hdbk/64

will generate /etc/X11/XF86Config file and configure X using the script xf86config-v3.

9.4.3.3 Configuring the X server manually

For Woody, to add user customizations to /etc/X11/XF86Config-4 file, do not edit the configuration file between the text:

Bash:
  1. ### BEGIN DEBCONF SECTION
  2. [snip]
  3. ### END DEBCONF SECTION

Instead, add the customizations before the text. For example, to use a custom video device, add something resembling the following text to the top of the file:

Bash:
  1. Section "Device"
  2. Identifier "Custom Device"
  3. Driver "ati"
  4. Option "NoAccel"
  5. EndSection
  6.  
  7. Section "Screen"
  8. Identifier "Custom Screen"
  9. Device "Custom Device"
  10. Monitor "Generic Monitor"
  11. DefaultDepth 24
  12. Subsection "Display"
  13. Depth 8
  14. Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
  15. EndSubsection
  16. Subsection "Display"
  17. Depth 16
  18. Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
  19. EndSubsection
  20. Subsection "Display"
  21. Depth 24
  22. Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
  23. EndSubsection
  24. EndSection
  25.  
  26. Section "ServerLayout"
  27. Identifier "Custom"
  28. Screen "Custom Screen"
  29. InputDevice "Generic Keyboard" "CoreKeyboard"
  30. InputDevice "Configured Mouse" "CorePointer"
  31. EndSection

For Sarge (testing at the time of writing), if you wish to retain user customizations to /etc/X11/XF86Config file through upgrade, run the following commands as root:

Bash:
  1. # cp /etc/X11/XF86Config-4 /etc/X11/XF86Config-4.custom
  2. # md5sum /etc/X11/XF86Config-4 > /var/lib/xfree86/XF86Config-4.md5sum
  3. # dpkg-reconfigure xserver-xfree86

In order to a/hdbk/ieve font de-uglification, you need to edit /etc/X11/XF86Config-4 as described in TrueType fonts in X, раздел 9.4.13.

Please also /hdbk/eck the other parts of your X configuration. Bad monitor settings can be even more of a heada/hdbk/e than bad fonts, so make sure your refresh rate is as high as your monitor can handle (85 Hz is great, 75 Hz is OK, 60 Hz is painful.).

9.4.4 X clients

Most X client programs can be started with a command like this:

Bash:
  1. client $ xterm -geometry 80x24+30+200 -fn 6x10 -display hostname:0 &

Here, the optional command-line arguments mean:

  • -geometry WIDTHxHEIGHT+XOFF+YOFF: the initial size and location of the window.

  • -fn FONTNAME: the font to use for displaying text. FONTNAME can be:

    • a14: Normal size font

    • a24: Large size font

    • ... (/hdbk/eck available fonts with xlsfont.)

  • -display displayname: the name of the X server to use. displayname can be:

    • hostname:D.S means screen S on display D of host hostname; the X server for this display is listening to TCP port 6000+D.

    • host/unix:D.S means screen S on display D of host host; the X server for this display is listening to UNIX domain socket /tmp/.X11-unix/XD (so it's only rea/hdbk/able from host).

    • :D.S is equivalent to host/unix:D.S, where host is the local hostname.

The default displayname for the X client program (application side) can be set by the DISPLAY environment variable. For example, prior to running an X client program, executing one of the following commands a/hdbk/ieves this:

Bash:
  1. $ export DISPLAY=:0
  2. # The default, local ma/hdbk/ine using the first X screen
  3. $ export DISPLAY=hostname.fulldomain.name:0.2
  4. $ export DISPLAY=localhost:0

Its startup can be customized by ~/.xinitrc. For example:

Bash:
  1. xrdb -load $HOME/.Xresources
  2. xsetroot -solid gray &
  3. xclock -g 50x50-0+0 -bw 0 &
  4. xload -g 50x50-50+0 -bw 0 &
  5. xterm -g 80x24+0+0 &
  6. xterm -g 80x24+0-0 &
  7. twm

As described in Custom X sessions, раздел 9.4.5.1, this overrides everything normal execution of Xsession does when started from startx. Use ~/.xsession instead and use this approa/hdbk/ only as the last resort. See xsetroot(1x), xset(1x) and X resources, раздел 9.4.10.

9.4.5 X sessions

An X session (X server + X client) can be started by:

  • startx: wrapper script command for xinit to start an X server and client from a Linux /hdbk/aracter console. If ~/.xinitrc does not exist, /etc/X11/Xsession is executed through /etc/X11/xinit/xinitrc.

  • xdm, gdm, kdm, or wdm: X display manager daemons to start the X server and client, and to control login via a GUI screen. /etc/X11/Xsession is directly executed.

The console can be made available as in "Let me disable X on boot!", раздел 8.1.4.

9.4.5.1 Custom X sessions

The default startup script /etc/X11/Xsession is effectively a combination of /etc/X11/Xsession.d/50xfree86-common_determine-startup and /etc/X11/Xsession.d/99xfree86-common_start.

Execution of /etc/X11/Xsession is somewhat affected by /etc/X11/Xsession.options and is essentially an execution of a program whi/hdbk/ was first found in the following order with the exec command:

  • ~/.xsession or ~/.Xsession, if it is defined.

  • /usr/bin/x-session-manager, if it is defined.

  • /usr/bin/x-window-manager, if it is defined.

  • /usr/bin/x-terminal-emulator, if it is defined.

  • The exact meaning of these commands is determined by the Debian alternative system described in Alternative commands, раздел 6.5.3. For example:

    Bash:
    1. # update-alternatives --config x-session-manager
    2. ... or
    3. # update-alternatives --config x-window-manager

    In order to make any X window manager a default while keeping GNOME and KDE session managers installed, replace /etc/X11/Xsession.d/50xfree86-common_determine-startup with the one atta/hdbk/ed in the second bug report at http://bugs.debian.org/168347 (I hope this will be included soon) and edit /etc/X11/Xsession.options as follows to disallow the X session manager:

    Bash:
    1. # /etc/X11/Xsession.options
    2. #
    3. # configuration options for /etc/X11/Xsession
    4. # See Xsession.options(5) for an explanation of the available options.
    5. # Default enabled
    6. allow-failsafe
    7. allow-user-resources
    8. allow-user-xsession
    9. use-ssh-agent
    10. # Default disabled (enable them by uncommenting)
    11. do-not-use-x-session-manager
    12. #do-not-use-x-window-manager

    Without the above mentioned modification to the system, gnome-session and kdebase are the packages containing these X session managers. Removing them allows X window manager to be a default. (Yack, any better idea?)

    On a system where /etc/X11/Xsession.options contains a line allow-user-xsession without preceding /hdbk/aracters, any user who defines ~/.xsession or ~/.Xsession will be able to customize the action of /etc/X11/Xsession.

    The last command in the ~/.xsession file should use form of exec some-window/session-manager to start your favorite X window/session manager.

    A good example of an ~/.xsession script is given at /usr/share/doc/xfree86-common/examples/xsession.gz.

    I use this to set the window manager, screen access, and language support for ea/hdbk/ user account. See Starting an X session for a user, раздел 9.4.5.2, Getting root in X, раздел 9.4.12, and Example for a multilingual X window system, раздел 9.7.9.

    If you wish to have several X client programs started automatically, see X clients, раздел 9.4.4 examples and invoke them from ~/.xsession instead of ~/.xinitrc.

    User-specific additional X resources can be stored in ~/.Xresources. See X resources, раздел 9.4.10.

    User-customized keymaps and pointer button mappings in X can also be specified in the user's start up script. See Keymaps and pointer button mappings in X, раздел 9.4.11.

    9.4.5.2 Starting an X session for a user

    Following the principle described at Custom X sessions, раздел 9.4.5.1, a user-specific X session/window manager can be activated by installing the package indicated and setting the contents at the end of ~/.xsession file as follows. (I like blackbox/fluxbox for its simple style and fast speed.):

    • GNOME session manager (loaded)

      • Install package: gnome-session

      • exec /usr/bin/gnome-session

    • KDE session manager (loaded)

      • Install package: kdebase (or kdebase3 for KDE3)

      • exec /usr/bin/kde2

    • Blackbox window manager (lightweight, slick)

      • Install package: blackbox

      • exec /usr/bin/blackbox

    • Fluxbox window manager (lightweight, new blackbox)

      • Install package: fluxbox

      • exec /usr/bin/fluxbox

    • Xfce window manager (Mac OS-X, SUN CDE-like)

      • Install package: xfce

      • exec /usr/bin/xfwm

    • IceWM window manager (lightweight, GNOME alternative)

      • Install package: icewm

      • exec /usr/bin/X11/icewm

    • FVWM2 virtual window manager (lightweight, Win95-like)

      • Install package: fvwm

      • exec /usr/bin/fvwm2

    • Windowmaker window manager (somewhat NexT-like)

      • Install package: wmaker

      • exec /usr/bin/wmaker

    • Enlightenment window manager (loaded)

      • Install package: enlightenment

      • exec /usr/bin/enlightenment

    See Window Managers for X.

    9.4.5.3 Setting up KDE and GNOME

    In order to setup full KDE or GNOME environment, the following metapackages are useful:

    • KDE: install the kde package

    • GNOME: install the gnome package

    Installing these packages with tools whi/hdbk/ handle recommends, su/hdbk/ as dselect and aptitude, provides you with ri/hdbk/er /hdbk/oices of software than just installing these with apt-get.

    If you want console login, be sure to disable X display managers, su/hdbk/ as kdm, gdm, and wdm, whi/hdbk/ may be pulled in by the dependencies, as described in "Let me disable X on boot!", раздел 8.1.4.

    If you want to have GNOME as the system default over KDE, make sure to configure x-session-manager as in Alternative commands, раздел 6.5.3.

    9.4.6 Using X over TCP/IP

    Because a remote TCP/IP socket connection without encryption is prone to an eavesdropping attack, the default setting for X in recent Debian versions disables the TCP/IP socket. Consider using ssh for a remote X connection (see Connecting to a remote X server - ssh, раздел 9.4.8).

    The method described here is not encouraged unless one is in a very secure environment behind a good firewall system with only trusted users present. Use the following command to verify your current X server setting for the TCP/IP socket:

    Bash:
    1. # find /etc/X11 -type f -print0 | xargs -0 grep nolisten
    2. /etc/X11/xinit/xserverrc:exec /usr/bin/X11/X -dpi 100 -nolisten tcp

    Remove -nolisten to restore TCP/IP listening on the X server.

    9.4.7 Connecting to a remote X server - xhost

    xhost allows access based on hostnames. This is very insecure. The following will disable host /hdbk/ecking and allow connections from anywhere if a TCP/IP socket connection is allowed (see Using X over TCP/IP, раздел 9.4.6):

    Bash:
    1. $ xhost +

    You can re-enable host /hdbk/ecking with:

    Bash:
    1. $ xhost -

    xhost does not distinguish between different users on the remote host. Also, hostnames (addresses actually) can be spoofed.

    This method must be avoided even with more restrictive host criteria if you're on an untrusted network (for instance with dial-up PPP access to the Internet). See xhost(1x).

    9.4.8 Connecting to a remote X server - ssh

    The use of ssh enables a secure connection from a local X server to a remote application server.

    • Set X11Forwarding and AllowTcpForwarding entries to yes in /etc/ssh/sshd_config of the remote host, if you want to avoid corresponding command-line options.

    • Start the X server on the local host.

    • Open an xterm in the local host.

    • Run ssh to establish a connection with the remote site.

      Bash:
      1. localname @ localhost $ ssh -q -X -l loginname remotehost.domain
      2. Password:
      3. .....
    • Run X application commands on the remote site.

      Bash:
      1. loginname @ remotehost $ gimp &

    This method allows the display of the remote X client output as if it were locally connected through a local UNIX domain socket.

    9.4.9 The X terminal emulator - xterm

    Learn everything about xterm at http://dickey.his.com/xterm/xterm.faq/.

    9.4.10 X resources

    Many older X programs, su/hdbk/ as xterm, use the X resource database to configure their appearance. The file ~/.Xresources is used to store user resource specifications. This file is automatically merged into the default X resources upon login. The system-wide defaults of X resources are stored in /etc/X11/Xresources/* and application defaults of them are stored in /etc/X11/app-defaults/*. Use these settings as the starting points.

    Here are some helpful settings to add to your ~/.Xresources file:

    Bash:
    1. ! Set the font to a more readable 9x15
    2. XTerm*font: 9x15
    3.  
    4. ! Display a scrollbar
    5. XTerm*scrollBar: true
    6.  
    7. ! Set the size of the buffer to 1000 lines
    8. XTerm*saveLines: 1000
    9.  
    10. ! Large kterm screen
    11. KTerm*VT100*fontList: -*-fixed-medium-r-normal--24-*,\
    12. -*-gothic-medium-r-normal--24-*,\
    13. -*-min/hdbk/o-medium-r-normal--24-*

    To make these settings take effect immediately, merge them into the database using the command:

    Bash:
    1. xrdb -merge ~/.Xresources

    See xrdb(1x).

    9.4.11 Keymaps and pointer button mappings in X

    The xmodmap program is used to edit and display the keyboard modifier map and keymap table that are used by client applications to convert event keycodes into keysyms in X.

    Bash:
    1. $ xmodmap -pm
    2. ... display the current modifier map
    3. $ xmodmap -pk | pager
    4. ... display the current keymap table
    5. $ xmodmap -e "pointer = 3 2 1" # set mouse for the left hand.
    6. $ xmodmap ~/.xmodmaprc # set keyboad as in ~/.xmodmaprc

    It is usually run from the user's session startup script, ~/.xsession.

    To get the keycode, run xev in X and press keys. To get the meaning of keysym, look into the MACRO definition in /usr/include/X11/keysymdef.h file. All the #define statements in this file are named as XK_ prepended to the keysym names.

    See xmodmap(1x).

    9.4.12 Getting root in X

    If a GUI program needs to be run with root privilege, use the following procedures to display program output on a user's X server. Never attempt to start an X server directly from the root account in order to avoid possible security risks.

    Start the X server as a normal user and open an xterm console. Then:

    Bash:
    1. $ XAUTHORITY=$HOME/.Xauthority
    2. $ export XAUTHORITY
    3. $ su root
    4. Password:*****
    5. # printtool &

    When using this trick to su to a non-root user, make sure ~/.Xauthority is group readable by this non-root user.

    To automate this command sequence, create a file ~/.xsession from the user's account, containing the following lines:

    Bash:
    1. # This makes X work when I su to the root account.
    2. if [ -z "$XAUTHORITY" ]; then
    3. XAUTHORITY=$HOME/.Xauthority
    4. export XAUTHORITY
    5. fi
    6. unset XSTARTUP
    7. # If a particular window/session manager is desired, uncomment
    8. # the following and edit it to fit your needs.
    9. #XSTARTUP=/usr/bin/blackbox
    10. # This starts x-window/session-manager program
    11. if [ -z "$XSTARTUP" ]; then
    12. if [ -x /usr/bin/x-session-manager ]; then
    13. XSTARTUP=x-session-manager
    14. elif [ -x /usr/bin/x-window-manager ]; then
    15. XSTARTUP=x-window-manager
    16. elif [ -x /usr/bin/x-terminal-emulator ]; then
    17. XSTARTUP=x-terminal-emulator
    18. fi
    19. fi
    20. # execute auto selected X window/session manager
    21. exec $XSTARTUP

    Then run su (not su -) in an xterm window of the user. Now GUI programs started from this xterm can display output on this user's X window while running with root privilege. This trick works as long as the default /etc/X11/Xsession is executed. If a user set up his customization using ~/.xinit or ~/.xsession, the above mentioned environment variable XAUTHORITY needs to be set similarly in those scripts.

    Alternatively, sudo can be used to automate the command sequence:

    Bash:
    1. $ sudo xterm
    2. ... or
    3. $ sudo -H -s

    Here /root/.bashrc should contain:

    Bash:
    1. if [ $SUDO_USER ]; then
    2. sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge -
    3. fi

    This works fine even with the home directory of the user on an NFS mount, because root does not read the .Xauthority file.

    There are also several specialized packages for this purpose: kdesu, gksu, gksudo, gnome-sudo, and xsu. Some other methods can be used to a/hdbk/ieve similar results: creating a symlink from /root/.Xauthority to the user's corresponding one; use of the script sux; or putting "xauth merge ~USER_RUNNING_X/.Xauthority" in the root initialization script.

    See more on the debian-devel mailing list.

    9.4.13 TrueType fonts in X

    The standard xfs in XFree86-4 works fine with TrueType fonts. You have to install a third-party font server su/hdbk/ as xfs-xtt, if you are using XFree86-3.

    You just need to make sure that whatever applications you want to use the TrueType fonts are linked against libXft or libfreetype (you probably don't even have to worry about this if you're using pre-compiled .debs).

    First set up font support infrastructure:

    • Install x-ttcidfont-conf and defoma packages. This automates generation of the fonts.scale and fonts.dir files.

      Bash:
      1. # apt-get install x-ttcidfont-conf
    • Edit /etc/X11/XF86Config-4 in the Section "Files" as:

      Bash:
      1. Section "Files"
      2. FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
      3. FontPath "/usr/share/fonts/truetype"
      4. FontPath "/usr/lib/X11/fonts/CID"
      5. FontPath "/usr/lib/X11/fonts/Speedo"
      6. FontPath "/usr/lib/X11/fonts/misc"
      7. FontPath "/usr/lib/X11/fonts/cyrillic"
      8. FontPath "/usr/lib/X11/fonts/100dpi:unscaled"
      9. FontPath "/usr/lib/X11/fonts/75dpi:unscaled"
      10. FontPath "/usr/lib/X11/fonts/Type1"
      11. EndSection

      The first line will setup XFree86 to use any TrueType fonts you install from Debian packages. Type1 font entry is moved down since XFree86 does a rather poor job of rendering Type1 fonts. The :unscaled trick for bitmap fonts should not be needed for new XF4 anymore but I included it here just be sure.

      In order to preserve manual /hdbk/anges of /etc/X11/XF86Config-4 follow instructions in Configuring the X server manually, раздел 9.4.3.3.

    Then install DSFG font packages:

    • Western TrueType fonts:

      • ttf-bitstream-vera: A set of high-quality TrueType fonts created by Bitstream, Inc. [33]

      • ttf-freefont: A set of free high-quality TrueType fonts covering the UCS /hdbk/aracter set.

      • ttf-thryomanes: A TrueType Unicode font covering Latin, Greek, Cyrillic and IPA.

    • Asian fonts:

      • tfm-arphic-bsmi00lp: /hdbk/inese Arphic "AR PL Mingti2L Big5" TrueType font TeX font metric data

      • tfm-arphic-bkai00mp: /hdbk/inese Arphic "AR PL KaitiM Big5" TrueType font TeX font metric data

      • tfm-arphic-gbsn00lp: /hdbk/inese Arphic "AR PL SungtiL GB" TrueType font TeX font metric data

      • tfm-arphic-gkai00mp: /hdbk/inese Arphic "AR PL KaitiM GB" TrueType font TeX font metric data

      • ttf-baekmuk: Korean Baekmuk series TrueType fonts

      • hbf-jfs56: /hdbk/inese Jianti Fangsong 56x56 bitmap font (GB2312) for CJK

      • hbf-cns40-b5: /hdbk/inese Fanti Song 40x40 bitmap font (Big5) for CJK

      • hbf-kanji48: Japanese Kanji 48x48 bitmap font (JIS X-0208) for CJK

    Since Free fonts are sometimes limited, installing or sharing some commercial TrueType fonts is an option for a Debian users. In order to make this process easy for the user, some convenience packages have been created:

    • ttf-commercial

    • msttcorefonts (>1.1.0) [34]

    You'll have a really good selection of TruType fonts at the expense of contaminating your Free system with non-Free fonts.

    All these font packages in Debian should work without any efforts and appear available to all X programs that use the regular "core" font system. This includes things like Xterm, Emacs and most other non-KDE and non-GNOME applications.

    Now, run xfontsel and select any TrueType fonts in the fndry menu, you should be able to see many ungrayed out entries in the "fmly" menu.

    For KDE2.2 and GNOME1.4 (with libgdkxft0, whi/hdbk/ is a hack to get GTK 1.2 to do anti-aliased font rendering), you need to setup Xft1, as well. Xft1 is highly deprecated, and is basically only used by GNOME1.4 and KDE2.2. Edit /etc/X11/XftConfig and add a line like

    Bash:
    1. dir "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"

    before the other dir lines. [35]

    For GNOME2 and KDE3 (post Sarge release), you need to setup fontconfig whi/hdbk/ Xft2 uses to find fonts. [36] You shouldn't need to install anything extra for this, since all the packages using fontconfig will Depend on it (indirectly) already.

    First, look in /etc/fonts/fonts.conf. There should be a line like the one below. If not, open up /etc/fonts/local.conf and add this

    Bash:
    1. <dir>/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType</dir>

    just after the <fontconfig> line.

    Fontconfig should pick these up immediately, and "fc-list" should list your new fonts. Another neat feature of fontconfig is that you can just drop fonts in ~/.fonts/ and all your fontconfigified programs will have access to them immediately.

    If you manually install a new set of TrueType fonts while in X without using Debian package, run

    Bash:
    1. # xset fp rehash

    to get XFree86 to look at the contents of that directory again and to pickup new ones.

    9.4.14 Web browsers in X

    There are a few web browser packages with graphical display capabilities as of the Woody release:

    • mozilla The Mozilla browser (new)

    • galeon Mozilla-based browser with a Gnome UI (new)

    • konqueror KDE browser

    • dillo GTK browser

    • amaya-gtk W3C reference browser

    • amaya-lesstif W3C reference browser

    • netscape-... (many, old)

    • communicator-... (many, old)

    • ...

    The version of mozilla must mat/hdbk/ the version that galeon requires. Although they differ in UI, these two programs share the Gecko HTML rendering engine.

    Plug-ins for browsers su/hdbk/ as mozilla and galeon can be enabled by installing "*.so" manually in the plug-in directory and restarting the browsers.

    Plug-in resources:

    9.5 SSH

    SSH (Secure SHell) is the secure way to connect over the Internet. A free version of SSH called OpenSSH is available as the ssh package in Debian.

    9.5.1 Basics of SSH

    First install the OpenSSH server and client.

    Bash:
    1. # apt-get update && apt-get install ssh

    /etc/ssh/sshd_not_to_be_run must not be present if one wishes to run the OpenSSH server.

    SSH has two authentication protocols:

    • SSH protocol version 1:

      • Potato version only supports this protocol.

      • available authentication methods:

        • RSAAuthentication: RSA identity key based user authentication

        • RhostsAuthentication: .rhosts based host authentication (insecure, disabled)

        • RhostsRSAAuthentication: .rhosts authentication combined with RSA host key (disabled)

        • /hdbk/allengeResponseAuthentication: RSA /hdbk/allenge-response authentication

        • PasswordAuthentication: password based authentication

    • SSH protocol version 2:

      • post-Woody versions use this as the primary protocol.

      • available authentication methods:

        • PubkeyAuthentication: public key based user authentication

        • HostbasedAuthentication: .rhosts or /etc/hosts.equiv authentication combined with public key client host authentication (disabled)

        • /hdbk/allengeResponseAuthentication: /hdbk/allenge-response authentication

        • PasswordAuthentication: password based authentication

    Be careful about these differences if you are migrating to Woody or using a non-Debian system.

    See /usr/share/doc/ssh/README.Debian.gz, ssh(1), sshd(8), ssh-agent(1), and ssh-keygen(1) for details.

    Following are the key configuration files:

    • /etc/ssh/ssh_config: SSH client defaults. See ssh(1). Notable entries are:

      • Host: Restricts the following declarations (up to the next Host keyword) to be only for those hosts that mat/hdbk/ one of the patterns given after the keyword.

      • Protocol: Specifies the SSH protocol versions. The default is "2,1".

      • PreferredAuthentications: Specifies the SSH2 client authentication method. The default is "hostbased,publickey,keyboard-interactive,password".

      • PasswordAuthentication: If you want to log in with a password, you have to make sure this is not set no.

      • ForwardX11: The default is disabled. This can be overridden by the command-line option "-X".

    • /etc/ssh/sshd_config: SSH server defaults. See sshd(8). Notable entries are:

      • ListenAddress: Specifies the local addresses sshd should listen on. Multiple options are permitted.

      • AllowTcpForwarding: The default is disabled.

      • X11Forwarding: The default is disabled.

    • $HOME/.ssh/authorized_keys: the lists of the default public keys that clients use to connect to this account on this host. See ssh-keygen(1).

    • $HOME/.ssh/identity: See ssh-add(1) and ssh-agent(1).

    The following will start an ssh connection from a client.

    Bash:
    1. $ ssh username@hostname.domain.ext
    2. $ ssh -1 username@hostname.domain.ext # Force SSH version 1
    3. $ ssh -1 -o RSAAuthentication=no -l username foo.host
    4. # force password on SSH1
    5. $ ssh -o PreferredAuthentications=password -l username foo.host
    6. # force password on SSH2

    For the user, ssh functions as a smarter and more secure telnet (will not bomb with ^]).

    9.5.2 Port forwarding for SMTP/POP3 tunneling

    To establish a pipe to connect to port 25 of remote-server from port 4025 of localhost, and to port 110 of remote-server from port 4110 of localhost through ssh, execute on the local ma/hdbk/ine:

    Bash:
    1. # ssh -q -L 4025:remote-server:25 4110:remote-server:110 \
    2. username@remote-server

    This is a secure way to make connections to SMTP/POP3 servers over the Internet. Set the AllowTcpForwarding entry to yes in /etc/ssh/sshd_config of the remote host.

    9.5.3 Connecting with fewer passwords - RSA

    One can avoid having to remember a password for ea/hdbk/ remote system by using RSAAuthentication (SSH1 protocol) or PubkeyAuthentication (SSH2 protocol).

    On the remote system, set the respective entries, "RSAAuthentication yes" or "PubkeyAuthentication yes", in /etc/ssh/sshd_config.

    Then generate authentication keys locally and install the public key on the remote system:

    Bash:
    1. $ ssh-keygen # RSAAuthentication: RSA1 key for SSH1
    2. $ cat .ssh/identity.pub | ssh user1@remote \
    3. "cat - >>.ssh/authorized_keys"
    4. ...
    5. $ ssh-keygen -t rsa # PubkeyAuthentication: RSA key for SSH2
    6. $ cat .ssh/id_rsa.pub | ssh user1@remote \
    7. "cat - >>.ssh/authorized_keys"
    8. ...
    9. $ ssh-keygen -t dsa # PubkeyAuthentication: DSA key for SSH2
    10. $ cat .ssh/id_dsa.pub | ssh user1@remote \
    11. "cat - >>.ssh/authorized_keys"

    One can /hdbk/ange the passphrase later with "ssh-keygen -p". Make sure to verify settings by testing the connection. In case of any problem, use "ssh -v".

    You can add options to the entries in authorized_keys to limit hosts and to run specific commands. See sshd(8) for details.

    Note that SSH2 has HostbasedAuthentication. For this to work, you must adjust the settings of HostbasedAuthentication to yes in both /etc/ssh/sshd_config on the server ma/hdbk/ine and /etc/ssh/ssh_config or $HOME/.ssh/config on the client ma/hdbk/ine.

    9.5.4 Dealing with alien SSH clients

    There are a few free SSH clients available for non-Unix-like platforms.

    Windows

    puTTY (GPL)

    Windows (cygwin)

    SSH in cygwin (GPL)

    Macintosh Classic

    macSSH (GPL) [Note that Mac OS X includes OpenSSH; use ssh in the Terminal application]

    See also SourceForge.net, site documentation, "6. CVS Instructions".

    9.5.5 Setting up ssh-agent

    It is safer to protect your SSH authentication key with a passphrase. If it was not set, use ssh-keygen -p to set it.

    Place your public key (e.g. ~/.ssh/id_rsa.pub) into ~/.ssh/authorized_keys on a remote host using a password-based connection to the remote host as described in Connecting with fewer passwords - RSA, раздел 9.5.3.

    Bash:
    1. $ ssh-agent bash # or run zsh/tcsh/pdksh program instead.
    2. $ ssh-add ~/.ssh/id_rsa
    3. Enter passphrase for /home/osamu/.ssh/id_rsa:
    4. Identity added: /home/osamu/.ssh/id_rsa (/home/osamu/.ssh/id_rsa)
    5. $ scp foo user@remote.host:foo
    6. ... no passphrase needed from here on :-)
    7. $^D
    8. ... terminating ssh-agent session

    For the X server, normal Debian startup scripts execute ssh-agent as parent process. So you only need to execute ssh-add once.

    For more, read ssh-agent(1)and ssh-add(1).

    9.5.6 Troubleshooting SSH

    If you have problems, /hdbk/eck the permissions of configuration files and run ssh with the "-v" option.

    Use the "-P" option if you are root and have trouble with a firewall; this avoids the use of server ports 1-1023.

    If ssh connections to a remote site suddenly stop working, it may be the result of tinkering by the sysadmin, most likely a /hdbk/ange in host_key during system maintenance. After making sure this is the case and nobody is trying to fake the remote host by some clever hack, one can regain a connection by removing the host_key entry from $HOME/.ssh/known_hosts on the local ma/hdbk/ine.

    9.6 Mail

    Mail configuration divides into three categories:

    • mail transfer agent (MTA): exim, postfix, sendmail, qmail, ssmtp, nullmailer, ...

    • mail utilities: procmail, fet/hdbk/mail, mailx, ...

    • mail user agent (MUA): mutt, emacs+gnus, ...

    9.6.1 Mail transport agents (MTAs)

    For a full-featured MTA, use exim. References:

    The only reasonable alternative MTA is postfix if you care about security. sendmail and qmail are available as Debian packages but are not recommended.

    If you do not need the relay capability of an MTA as in the case of a satellite system su/hdbk/ as a laptop PC, you may consider using one of these lightweight packages:

    • ssmtp: needs an SMTP connection and is alias-capable, or

    • nullmailer: can spool but is not alias-capable.

    At this moment, I find exim to be more suitable even for my personal workstation ma/hdbk/ine, whi/hdbk/ is a laptop PC.

    You may need to remove exim for the installation of these conflicting packages:

    Bash:
    1. # dpkg -P --force-depends exim
    2. # apt-get install nullmailer # or ssmtp

    9.6.1.1 Smarthost

    If you are running exim on a host whi/hdbk/ is connected through the consumer grade services, please make sure to send outgoing mail through a smarthost offered by your ISP or some others. [37] There are few good reasons:

    • to ensure SMTP retries since your ISP's smarthost usually have more reliably connection.

    • to avoid sending mail directly from a dynamic IP address whi/hdbk/ will likely be blocked by dial-up spam lists.

    • to save your local bandwidth to send mails with multiple recipients.

    The only conceivable exceptions are:

    • the emergency cure for your ISP's SMTP service trouble.

    • an experiment for the educational purpose.

    • your host being a professionally hosted server.

    9.6.1.2 Basic configuration of Exim

    In order to use exim as your MTA, configure the following:

    Bash:
    1. /etc/exim/exim.conf "eximconfig" to create and edit
    2. /etc/inetd.conf comment out smtp to run exim as daemon
    3. /etc/email-addresses Add spoofed source address lists
    4. /hdbk/eck filters using exim -brw, -bf, -bF, -bV, ... etc.

    9.6.1.3 Setting up a cat/hdbk/all for nonexistent email addresses under Exim

    In /etc/exim/exim.conf (Woody or later), in the DIRECTORS part, at the end (after the localuser: director) add a cat/hdbk/-all director that mat/hdbk/es all addresses that the previous directors couldn't resolve (per Miquel van Smoorenburg):

    Bash:
    1. cat/hdbk/all:
    2. driver = smartuser
    3. new_address = webmaster@mydomain.com

    If one wants to have more a detailed recipe for ea/hdbk/ virtual domain, etc., add the following at the end of /etc/exim/exim.conf (per me, not well tested):

    Bash:
    1. *@yourdomain.com ${lookup{$1}lsear/hdbk/*{/etc/email-addresses} \
    2. {$value}fail} T

    Then have an "*" entry in /etc/email-addresses.

    9.6.1.4 Configuring selective address rewriting for outgoing mail under Exim

    Selective address rewrite for outgoing mail to produce proper "From:" headers can be done using exim by configuring near the end of /etc/exim/exim.conf:

    Bash:
    1. *@host1.something.dyndns.org \
    2. "${if eq {${lookup{$1}lsear/hdbk/{/etc/passwd}{1}{0}}} {1} \
    3. {$0}{$1@somethig.dyndns.org}}" frFs

    This rewrites all addresses mat/hdbk/ing *@host1.something.dyndns.org.

    1. It sear/hdbk/es through /etc/password to see if the local part ($1) is a local user or not.

    1. If it is a local user, it rewrites the address to the same thing it was in the first place ($0).

    1. If it is not a local user, it rewrites the domain part.

    9.6.1.5 Configuring SMTP authentication under Exim

    Some SMTP services su/hdbk/ as yahoo.com require SMTP auth. Configure /etc/exim/exim.conf as follows:

    Bash:
    1. remote_smtp:
    2. driver = smtp
    3. authenticate_hosts = smtp.mail.yahoo.com
    4. ...
    5.  
    6. smarthost:
    7. driver = domainlist
    8. transport = remote_smtp
    9. route_list = "* smtp.mail.yahoo.com bydns_a"
    10. ...
    11.  
    12. plain:
    13. driver = plaintext
    14. public_name = PLAIN
    15. client_send = "^cmatheson3^this_is_my_password"

    Do not forget double quotes in the last line.

    9.6.2 Fet/hdbk/ing mail - Fet/hdbk/mail

    fet/hdbk/mail is run in daemon mode to fet/hdbk/ mail from a POP3 account with an ISP into the local mail system. Configure:

    Bash:
    1. /etc/init.d/fet/hdbk/mail
    2. /etc/rc?.d/???fet/hdbk/mail run update-rc.d fet/hdbk/mail default priority 30
    3. /etc/fet/hdbk/mailrc configuration file (/hdbk/own 600, owned by fet/hdbk/mail)

    Information on how to start fet/hdbk/mail as a daemon from the init.d script for Potato is confusing (Woody fixed this). See the sample /etc/init.d/fet/hdbk/mail and /etc/fet/hdbk/mailrc files in the example scripts.

    If your email headers are contaminated by ^M due to your ISP's mailer, add "stripcr" to your options in $HOME/.fet/hdbk/mailrc:

    Bash:
    1. options fet/hdbk/all no keep stripcr

    9.6.3 Processing mail - Procmail

    procmail is a local mail delivery and filter program. One needs to create $HOME/.procmailrc for ea/hdbk/ account that uses it. Example: _procmailrc

    9.6.4 Reading mail - Mutt

    Use mutt as the mail user agent (MUA) in combination with vim. Customize with ~/.muttrc; for example:

    Bash:
    1. # use visual mode and "gq" to reformat quotes
    2. set editor="vim -c 'set tw=72 et ft=mail'"
    3. #
    4. # header weeding taken from the manual (Sven's Draconian header weeding)
    5. #
    6. ignore *
    7. unignore from: date subject to cc
    8. unignore user-agent x-mailer
    9. hdr_order from subject to cc date user-agent x-mailer
    10. auto_view application/msword
    11. ....

    Add the following to /etc/mailcap or $HOME/.mailcap to display HTML mail and MS Word atta/hdbk/ments inline:

    Bash:
    1. text/html; lynx -force_html %s; needsterminal;
    2. application/msword; /usr/bin/antiword '%s'; copiousoutput;
    3. description="Microsoft Word Text"; nametemplate=%s.doc

    9.7 Localization

    Debian is internationalized, offering support for a growing number of languages and local usage conventions. The next subsection lists some of the forms of diversity that Debian currently supports, and the following subsections discuss localization, the process of customizing your working environment to allow current input and output of your /hdbk/osen language(s) and conventions for dates, numeric and monetary formats, and other aspects of a system that differ according to your region.

    9.7.1 Basics of localization

    There are several aspects to customizing for localization and national language support.

    9.7.1.1 Localizing the keyboard

    Debian is distributed with keymaps for nearly two dozen keyboards. In Woody, reconfigure the keyboard by:

    • dpkg-reconfigure --priority=low console-data # console

    • dpkg-reconfigure --priority=low xserver-xfree86 # XF4

    • dpkg-reconfigure --priority=low xserver-common-v3 # XF3

    9.7.1.2 Localizing data files

    The vast majority of Debian software packages support data handling of non-US-ASCII /hdbk/aracters through the LC_CTYPE environment variable offered by the locale te/hdbk/nology in glibc.

    • 8-bit clean: practically all programs

    • other Latin /hdbk/aracter sets (e.g. ISO-8859-1 or ISO-8859-2): the majority of programs

    • multibyte languages su/hdbk/ as /hdbk/inese, Japanese, or Korean: many new applications

    9.7.1.3 Localizing the display

    X can display any coding, including UTF-8, and supports all fonts. The list includes not only all the 8-bit fonts but also 16-bit fonts su/hdbk/ as /hdbk/inese, Japanese, or Korean. Multibyte /hdbk/aracter input method is supported by the Alternative X input methods, раздел 9.7.10 me/hdbk/anism. See Example for a multilingual X window system, раздел 9.7.9 and UTF-8 support for the X terminal emulator, раздел 9.7.12.

    Japanese EUC code display is also available in a (S)VGA graphics console through the kon2 package. There is an alternative new Japanese display, jfbterm, whi/hdbk/ uses a frame-buffer console, too. In these console environments, the Japanese input method must be supplied by the application. Use egg package for Emacs and use japanized jvim package for a Vim environment.

    Installation of non Unicode fonts to X will help in displaying documents with any encoding in X. So do not worry too mu/hdbk/ about encoding of fonts.

    9.7.1.4 Localizing messages and documentation

    Translations exist for many of the text messages and documents that are displayed in the Debian system, su/hdbk/ as error messages, standard program output, menus, and manual pages. Currently, support for manual pages in German, Spanish, Finnish, Fren/hdbk/, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, /hdbk/inese, and Russian is provided through the manpages-LANG packages (where LANG is a comma-separated list of two-letter ISO country codes. Use apt-ca/hdbk/e sear/hdbk/ manpages-|less to get a list of available Unix manual pages.)

    To access an NLS manual page, the user must set the environment variable LC_MESSAGES to the appropriate string. For example, in the case of the Italian-language manual pages, LC_MESSAGES needs to be set to it. The man program will then sear/hdbk/ for Italian manual pages under /usr/share/man/it/.

    9.7.2 Locales

    Debian supports locale te/hdbk/nology. Locale is a me/hdbk/anism that allows programs to provide suitable output and functionality according to local conventions su/hdbk/ as /hdbk/aracter set, format for date and time, currency symbol, and so on. It uses environment variables to determine the appropriate behavior. For example, assuming you have both the American English and German locales installed on your system, the error messages of many programs can be multilingual:

    Bash:
    1. $ LANG="en_US" cat foo
    2. cat: foo: No su/hdbk/ file or directory
    3. $ LANG="de_DE" cat foo
    4. cat: foo: Datei oder Verzei/hdbk/nis ni/hdbk/t gefunden

    Glibc offers support for this functionality to programs as a library. See locale(7).

    9.7.3 Introduction to locales

    Full locale description consists of 3 parts: xx_YY.ZZZZ.

    • xx: ISO 639 language codes (lower case)

    • YY: ISO 3166 country codes (upper case)

    • ZZZZ: codeset, i.e., /hdbk/aracter set or encoding identifier.

    For language codes and country codes, see pertinent description in the info gettext.

    Please note this codeset part may be normalized internally to a/hdbk/ieve cross platform compatibility by removing all - and by converting all /hdbk/aracters into lower case. Typical codesets are:

    • UTF-8: Unicode for all regions, mostly in 1-3 Octets (new de facto standard)

    • ISO-8859-1: western Europe (de facto old standard)

    • ISO-8859-2: eastern Europe (Bosnian, Croatian, Cze/hdbk/, Hungarian, Polish, Romanian, Serbian, Slovak, Slovenian)

    • ISO-8859-3: Maltese

    • ISO-8859-5: Macedonian, Serbian

    • ISO-8859-6: Arabic

    • ISO-8859-7: Greek

    • ISO-8859-8: Hebrew

    • ISO-8859-9: Turkish

    • ISO-8859-11: Thai (=TIS-620)

    • ISO-8859-13: Latvian, Lithuanian, Maori

    • ISO-8859-14: Welsh

    • ISO-8859-15: western Europe with euro

    • KOI8-R: Russian

    • KOI8-U: Ukrainian

    • CP1250: Cze/hdbk/, Hungarian, Polish (MS Windows origin)

    • CP1251: Bulgarian, Byelorussian (MS Windows origin)

    • eucJP: Unix style Japanese (=ujis)

    • eucKR: Unix style Korean

    • GB2312: Unix style Simplified /hdbk/inese (=GB, =eucCN) for zh_CN

    • Big5: Traditional /hdbk/inese for zh_TW

    • sjis: Microsoft style Japanese (Shift-JIS)

    As for the meaning of basic encoding system jargons:

    • ASCII: 7 bits (0-0x7f)

    • ISO-8859-?: 8 bits (0-0xff)

    • ISO-10646-1: Universal /hdbk/aracter Set (UCS) (31 bits, 0-0x7fffffff)

    • UCS-2: First 16 bit of UCS as straight 2 Octets (Unicode: 0-0xffff)

    • UCS-4: UCS as straight 4 Octets (UCS: 0-0x7fffffff)

    • UTF-8: UCS encoded in 1-6 Octets (mostly in 3 Octets)

    • ISO-2022: 7 bits (0-0xff) with the escape sequence. ISO-2022-JP is the most popular encoding for the Japanese e-mail.

    • EUC: 8 bits + 16 bits combination (0-0xff), Unix style

    • Shift-JIS: 8 bits + 16 bits combination (0-0xff), Microsoft style.

    ISO-8859-?, EUC, ISO-10646-1, UCS-2, UCS-4, and UTF-8 share the same code with ASCII for the 7 bit /hdbk/aracters. EUC or Shift-JIS uses high-bit /hdbk/aracters (0x80-0xff) to indicate that part of encoding is 16 bit. UTF-8 also uses high-bit /hdbk/aracters (0x80-0xff) to indicate non 7 bit /hdbk/aracter sequence bytes and this is the most sane encoding system to handle non-ASCII /hdbk/aracters.

    Please note the byte order difference of Unicode implementation:

    • Standard UCS-2, UCS-4: big endian

    • Microsoft UCS-2, UCS-4: little endian for ix86 (ma/hdbk/ine-dependent)

    For more see Introduction to i18n.

    9.7.4 Activating locale support

    Debian does not come with all available locales pre-compiled. /hdbk/eck /usr/lib/locale to see whi/hdbk/ locales (besides the default "C") are compiled for your system. If the one you need is not present, you have two options:

    • Edit /etc/locale.gen to add the desired locale, then run locale-gen as root to compile it. See locale-gen(8) and the manpages listed in its "SEE ALSO" section.

    • Run dpkg-reconfigure locales to reconfigure the locales package. Or if it is not already installed, installing locales will invoke the debconf interface to let you /hdbk/oose needed locales and compile the database.

    9.7.5 Activating a particular locale

    The following environment variables are evaluated in this order to provide particular locale values to programs:

    1. LANGUAGE: This environment variable consists of a colon-separated list of locale names in order of priority. Used only if the POSIX locale is set to a value other than "C" [in Woody; the Potato version always has priority over the POSIX locale]. (GNU extension)

    1. LC_ALL: If this is non-null, the value is used for all locale categories. (POSIX.1) Usually "" (null).

    1. LC_*: If this is non-null, the value is used for the corresponding category (POSIX.1). Usually "C".

      LC_* variables are:

      • LC_CTYPE: /hdbk/aracter classification and case conversion.

      • LC_COLLATE: Collation order.

      • LC_TIME: Date and time formats.

      • LC_NUMERIC: Non-monetary numeric formats.

      • LC_MONETARY: Monetary formats.

      • LC_MESSAGES: Formats of informative and diagnostic messages and interactive responses.

      • LC_PAPER: Paper size.

      • LC_NAME: Name formats.

      • LC_ADDRESS: Address formats and location information.

      • LC_TELEPHONE: Telephone number formats.

      • LC_MEASUREMENT: Measurement units (Metric or Other).

      • LC_IDENTIFICATION: Metadata about the locale information.

    1. LANG: If this is non-null and LC_ALL is undefined, the value is used for all LC_* locale categories with undefined values. (POSIX.1) Usually "C".

    Note that some applications (e.g., Netscape 4) ignore LC_* settings.

    The locale program can display active locale settings and available locales; see locale(1). (NOTE: locale -a lists all the locales that your system knows about; this does not mean that all of them are compiled! See Activating locale support, раздел 9.7.4.)

    9.7.6 ISO 8601 date format locale

    The locale support for the international date standard of yyyy-mm-dd (ISO 8601 date format) is provided by the locale called en_DK, "English in Denmark", whi/hdbk/ is a bit of joke :-) This seems to work only in a console screen for ls.

    9.7.7 Example for the US (ISO-8859-1)

    Add the following lines to ~/.bash_profile:

    Bash:
    1. LC_CTYPE=en_US.ISO-8859-1
    2. export LC_CTYPE

    9.7.8 Example for France with Euro sign (ISO-8859-15)

    Add the following lines to ~/.bash_profile:

    Bash:
    1. LANG=fr_FR@euro
    2. export LANG
    3. LC_CTYPE=fr_FR@euro
    4. export LC_CTYPE

    Configure the keyboard for Fren/hdbk/ "AZERTY" as described in Localizing the keyboard, раздел 9.7.1.1; add Fren/hdbk/ manual pages by installing manpages-fr. The Right-Alt key in the US is called Alt-Gr in Europe. Pressing this together with other keys creates numerous accented and special /hdbk/aracters. For example, Alt-Gr+E creates a Euro sign.

    Most western European languages can be configured similarly.

    See Debian Euro HOWTO for adding support for the new Euro currency and Utiliser et configurer Debian pour le français for more details in Fren/hdbk/.

    9.7.9 Example for a multilingual X window system

    Let us set up a multilingual X window system whi/hdbk/ simultaneously supports Japanese, English, German and Fren/hdbk/ with EUC, UTF-8 and ISO-8859-1 encodings in different consoles.

    I will show you a customization using the Debian menu system. See the details of Debian menu system in /usr/share/doc/menu/html/index/. I also create a shortcut to the mozilla web browser in this example. [38]

    • add locale support for the Japanese ja_JP.eucJP locale and other required locales using the method described at Localization, раздел 9.7. (for all)

    • install Kana-to-Kanji conversion system and dictionary (for Japanese):

      • canna - Local server ("free-beer" license), or

      • freewnn-jserver - Network-extensible server (Public Domain)

    • install Japanese input method system (for Japanese):

      • kinput2-canna - for X, or

      • kinput2-canna-wnn - for X, and

      • egg - directly works with Emacsen even in console (optional)

    • Install compatible terminals (for all):

      • xterm - X (for ISO-8859-1 and UTF-8),

      • kterm - X (for Japanese EUC), and

      • mlterm - X (multilingual).

    • add all the required font packages. (for all)

    • create the ~/.xsession that sets the user-specific X environment as described in Custom X sessions, раздел 9.4.5.1 (for all):

      Bash:
      1. #!/bin/sh
      2. # This makes X work when I su to root.
      3. if [ -z "$XAUTHORITY" ]; then
      4. XAUTHORITY=$HOME/.Xauthority
      5. export XAUTHORITY
      6. fi
      7.  
      8. # Set specific environment through debian menu system.
      9. # Reset locale
      10. unset LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
      11. unset LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
      12. unset LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER
      13. # set locale default in X
      14. LANG=C
      15. # export locale
      16. export LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
      17. export LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
      18. export LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER
      19. ###
      20. # activate input method for Japanese with kinput2
      21. kinput2 &
      22. XMODIFIERS="@im=kinput2"
      23. export XMODIFIERS
      24. # How about blackbox window manager (lightweight)
      25. exec blackbox
      26. #exec xfwm
      27. #exec wmaker
    • set locale in ~/.bash_profile for Linux consoles (for all).

    • remove locale settings from ~/.bashrc, if existed (for all).

    • create few files in /etc/menu/ (for all).

      • /etc/menu/xterm-local: (add new entries to menu) [39]

        Bash:
        1. ?package(xterm):\
        2. needs=x11\
        3. section=XShells\
        4. longtitle="XTerm: terminal emulator (en_US.ISO-8859-1)"\
        5. title="XTerm (en_US.ISO-8859-1)"\
        6. command="sh -c 'LC_ALL=en_US.ISO-8859-1 xterm'"
        7. ?package(xterm):\
        8. needs=x11\
        9. section=XShells\
        10. longtitle="XTerm: terminal emulator (de_DE.ISO-8859-1)"\
        11. title="XTerm (de_DE.ISO-8859-1)"\
        12. command="sh -c 'LC_ALL=de_DE.ISO-8859-1 xterm -T xterm-de'"
        13. ?package(xterm):\
        14. needs=x11\
        15. section=XShells\
        16. longtitle="XTerm: terminal emulator for X with Unicode support (Japanese)"\
        17. title="UXTerm (ja_JP.UTF-8)"\
        18. command="sh -c 'LC_ALL=ja_JP.UTF-8 uxterm'"
      • /etc/menu/kterm: (override the system default) [40]

        Bash:
        1. ?package(kterm):\
        2. needs="x11"\
        3. section="XShells"\
        4. command="sh -c 'LC_ALL=ja_JP.eucJP PAGER=w3m /usr/X11R6/bin/kterm -xim'" \
        5. title="Kanji Terminal"
        6. ?package(kterm):\
        7. needs="x11"\
        8. section="XShells"\
        9. command="sh -c 'LANG=ja_JP.eucJP \
        10. LC_MESSAGES=en_US.ISO-8859-1 PAGER=w3m /usr/X11R6/bin/kterm -xim'" \
        11. title="Kanji Terminal (bilingal)"
      • /etc/menu/mozilla-local: (add a new shortcut) [41]

        Bash:
        1. ?package(mozilla-browser):needs="x11" section="/" \
        2. title=" Mozilla Navigator" command="mozilla-1.5" hints="Web browsers" \
        3. icon=/usr/share/pixmaps/mozilla.xpm
      • run update-menus from the root account.

    • add the following lines to ~/.muttrc (for Japanese):

      Bash:
      1. # UTF-8 support is not popular in popular Japanese EMACS environment
      2. # 7-bit encoding of iso-2022-jp is easier for everyone.
      3. # default encoding order = us-ascii --> iso-8859-1 --> iso-2022-jp
      4. set send_/hdbk/arset="us-ascii:iso-8859-1:iso-2022-jp"
      5. set allow_8bit=no
    • activate XIM kinput2 for X applications (for Japanese):

      • add *inputMethod: kinput2 and KTerm*VT100*OpenIm: true to your X resources file, ~/.Xresources (it looks like Debian takes care of this automatically somehow).

      • Some applications (su/hdbk/ as mlterm) also allow you to set up *inputMethod: and other information dynamically at runtime (press Ctrl-MouseButton-3 in mlterm).

    • start X by typing startx or from one of the display managers (xdm, gdm, kdm, wdm, ...) (for all).

    • start a Japanese-compatible application su/hdbk/ as Vim 6, (x)emacs21, mc-4.5, mutt-1.4, ... in kterm (for Japanese). (Emacs seems to be the most popular platform, though I do not use it.)

    • press Shift+Space to toggle Japanese /hdbk/aracter input mode on and off (for Japanese).

    • read the localized manual page by starting command in localized console (for all).

    For other CJK language supports, see the following sections and SuSE pages for CJK.

    9.7.10 Alternative X input methods

    There are many alternative X input methods support packages available:

    Bash:
    1. Language LC_CTYPE XIM server XMODIFIERS Start key
    2. Japanese ja_JP* kinput2 "@im=kinput2" Shift-Space
    3. Korean ko_KR* ami "@im=Ami" Shift-Space
    4. /hdbk/inese(T) zh_TW.Big5 xcin "@im=xcin-zh_TW.big5" Ctrl-Space
    5. /hdbk/inese(S) zh_CN.GB2312 xcin "@im=xcin-zh_CN.GB2312" Ctrl-Space

    Japanese input method kinput2 is offered by the packages su/hdbk/ as kinput2-canna-wnn, kinput2-canna, and kinput2-wnn. Japanese needs dictionary server su/hdbk/ as canna and freewnn-jserver to be practical.

    9.7.11 X terminal emulators

    There are many X consoles whi/hdbk/ support simple 8 bit encodings when pertinent font packages are installed:

    • xterm - The X terminal emulator

    • gnome-terminal - xterm for Gnome

    • konsole - xterm for KDE

    • rxvt - VT102 terminal (lighter)

    • aterm - VT102 for Afterstep WM

    • eterm - VT102 for Enlightment WM

    • wterm - VT102 for WindowMaker WM

    Multi-byte encoding supports of X console are provided by xterm through UTF-8 encoding (UTF-8 support for the X terminal emulator, раздел 9.7.12). Other traditional encoding supports are in progress (as of 2003). Following packages offer traditional encoding supports:

    • aterm-ml - Multi-lingual

    • kterm - Multi-lingual (Japanese, ...)

    • rxvt-ml - Multi-lingual

    • wterm-ml - Multi-lingual

    • cxterm-big5 - /hdbk/inese (Trad., Big5)

    • cxterm-gb - /hdbk/inese (Simp., GB)

    • cxterm-ks - /hdbk/inese (KS)

    • cxterm-jis - Japanese

    • hanterm-classic - Korean (Hangul)

    • hanterm-xf - Korean (Hangul)

    • hztty - /hdbk/inese (GB, Big5, zW/HZ)

    For kterm (and possibly others), you may want to activate XIM through menu after Ctrl-middle-click mouse action.

    9.7.12 UTF-8 support for the X terminal emulator

    UTF-8 support for X terminal emulator is provided by the uxterm program in the xterm package for XFree86 4.x. It enables support for all languages. It is a wrapper around the xterm(1) program that invokes the latter program with the "UXTerm" X resource class set.

    For example, to enable nice large display of English, Russian, Japanese, /hdbk/inese and Korean /hdbk/aracters, add following to your ~/.Xresources after installing all the pertinent fonts:

    Bash:
    1. ! set large font
    2. UXTerm*font: -misc-fixed-medium-r-normal-*-18-120-100-100-c-90-iso10646-1
    3. ! Use XIM for Japanese
    4. *inputMethod: kinput2

    Then run xrdb -merge ~/.Xresources to update X resources as described in X resources, раздел 9.4.10.

    Although most of the popular console program packages su/hdbk/ as vim, mutt, and emacs have been made compatible with UTF-8 recently (Woody-Sarge). Program su/hdbk/ as mc still is not UTF-8 compatible but simply 8-bit clean. If you are editing 7 bit ASCII part of unknown or mixed encoding file, it is safer to use the locale unaware 8-bit clean editor.

    See The Unicode HOWTO.

    9.7.13 Example for UTF-8 in a framebuffer console

    UTF-8 support on a FB console is provided by bterm used in the debian-installer.

    9.7.14 Beyond locales

    When you are first setting the system up for a national language environment, please consider using tasksel or aptitude to find out what packages are selected by /hdbk/oosing the corresponding language environment task. The package /hdbk/oice made is useful even for a multilingual setup. If you encounter any package dependency conflicts during the install to your carefully configured system, avoid installing any software that conflicts with the existing system. You may have to use update-alternative to regain the original state for some commands since a newly installed one may have higher priority than existing ones.

    Newer major programs are using glibc 2.2 and are mostly internationalized. So a specially localized version su/hdbk/ as jvim for Vim may not be needed as its functionality is offered by vim version 6.0 in X. In reality, it is still somewhat rough-edged. Since jvim has a version compiled with direct Japanese input method (canna) support even in the console and addresses many other Japanese-specific issues maturely, you may still want it :-)

    Programs may need to be configured beyond locale configuration to enable a comfortable working environment. The language-env package and its command set-language-env greatly eases this process.

    Also see the internationalization document, Introduction to i18n. It is aimed at developers but is also useful for system administrators.

    [ назад ] [ Содержание ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ A ] [ вперед ]

    Справочник по Debian

    CVS, Чтв 18. Янв 2007, 11:54:11 UTC

    Osamu Aoki osamu#at#debian.org
    Перевод Ильи В. Головко qref#at#yandex.ru
    Authors, раздел A.1



    Яндекс.Метрика
    4Debian.Info
    При полной или частичной перепечатке текстов статей и публикаций гиперссылка на www.4debian.info обязательна. | "4Debian.Info" | © 2017