這一章節主要是說明如何在指令介面下設定系統組態。 Debian 系統安裝提示, 第 3 章.
如果您關心系統安全性,請閱讀 Securing Debian
Manual 來建構系統的安全性,該文件也可以安裝 harden-doc
套件取得。
Debian 使用 System V 的 init 系統與流程,先閱讀 init 程式, 第 2.4.1 節
了解大概內容。
最簡單控管 init script
的方法是設定在/etc/default下的檔案中的系統環境變數。 [40]
舉例來說,/etc/default/hotplug就能控制/etc/init.d/hotplug的行為。可以自行編輯
motd,sulogin 等服務命令稿並放置在 /etc/init.d/rcS
讓系統開機時即可啟動。
系統日誌是由 syslogd 這支程式控制,編輯 /etc/syslog.conf
設定日誌輸出型態。 透過 colorize 這個套件可以讓日誌檔更容易辨識。
查看 syslogd(8) 和 syslog.conf(5)
可以得到更多的訊息。
Debian 保留了部份硬體最佳化的設定,系統管理者可以在安裝之後進行設定。
hdparm
hdparm(8) 再嚐試。
setcd
setcd(1) 可以得到更多資訊。
setserial
scsitools
memtest86
hwtools
irqtune: 改變硬體的 IRQ
優先權,使快速的裝置或服務可以擁有較高的優先權,比如加速串列埠數據機的產量達 3
倍等。
scanport: 掃描 ISA 裝置從 0x100 到 0x3ff 的輸入輸出位置。
inb: 從輸出輸入埠傾印資料並轉換成二進制和十六進制。
schedutils
taskset, irqset, lsrt 以及
rt 。
nice and
renice(不包括),可以全盤控制程序的排程參數。
掛載檔案系統時加上 noatime 這個參數能提昇檔案讀寫的效率。 閱讀
fstab(5) 以及 mount(8)。
部份的硬體裝置可以藉由 Linux Kernel 設定 proc 檔案系統來直接設定及最佳化。 閱讀 透過 proc 檔案系統調整核心, 第 7.3 節。
Debian 納入了許多設定硬體特性的軟體。大部分的軟體都是針對筆記型電腦設計。底下是 Debian 中比較有趣的軟體:
tpconfig - 觸碰版設定軟體
apmd - 進階電源管理程式
acpi - 檢視 ACPI 裝置資訊的工具
acpid - 使用 ACPI 的工具集
lphdisk - 提供 Phoenix NoteBIOS 的硬體磁區休眠功能
sleepd - 設定筆記型電腦休眠狀態的軟體
noflushd - 讓閒置的硬碟可以停止運轉以節省電源
big-cursor - 提供 X 更大的滑鼠指標
acme - 啟動筆記型電腦上的多媒體功能鍵
tpctl - IBM ThinkPad 硬體裝置設定工具
mwavem - Mwave/ACP 數據機支援
toshset - Toshiba 筆記型電腦的硬體設定程式
toshutils - Toshiba 筆記型電腦相關工具
sjog - 支援 Sony Vaio 筆記型電腦上的 "Jog Dial" 的軟體
spicctrl - 調整 Sony Vaio 液晶螢幕亮度的軟體
ACPI 是一個全新的架構是且比 APM 要來的新且完整。
部份的套件需要特定的 Kernel 模組且已經納入最新的 Kernel Source 之中。如果硬體依然不支援,只好自行抓取修正檔並重新編譯 Kernel。
PAM (Pluggable Authentication Modules) 允許管理者控管使用者登入的方式。
/etc/pam.d/* # PAM 控制檔案的位置
/etc/pam.d/login # PAM 控制登入的設定檔
/etc/security/* # PAM 模組參數的設定檔
/etc/securetty # 限制 root 從 console 模式下登入的設定檔
/etc/login.defs # 登入系統之後的環境變數設定檔
如果想允許空白密碼的使用者登入系統,可以編輯 /etc/pam.d/login
並加入以下的訊息,此動作的風險很大,請管理者斟酌。
#auth required pam_unix.so nullok
auth required pam_permit.so
xdm,
gdm...等軟體透過這樣的步驟也能允許空白密碼的使用者登入。
另一方面,使用 cracklib2 可以加強密碼安全機制,設定
/etc/pam.d/passwd 並加入以下的敘述。
password required pam_cracklib.so retry=3 minlen=6 difok=3
使用 passwd 並加入 -e
這個參數會強迫使用者在下一次登入時必須修改密碼。 閱讀 passwd(1)
以取得更多的資訊。
在 Bash shell 的環境中,可以執行 ulimit -u 1000
來設定執行程序的最大值,或者直接編輯 /etc/security/limits.conf。
在該檔案中可以找到類似 core 的參數,試著編輯它即可。
PATH 的設定可以藉由 /etc/login.defs 的內容來初始化。
PAM 的文件被包裝在 libpam-doc
之中。在這個套件包裝的文件有:Linux-PAM System Administrator's
Guide,涵蓋了如何設定 PAM 以及相關模組的說明。The Linux-PAM
Application Developers' Guide 以及 The Linux-PAM Module Writers'
Guide。
su 不支援 wheel 群組"
這是 Richard M. Stallman 的慣用語,可以在舊式的 info su
頁面底下找到。請不要擔心,目前 Debian 中的 su 程式是使用
PAM的,所以編輯 /etc/pam.d/su 並加入 pam_wheel.so
的敘述就可以限定那些使用者可以執行 su。底下以 Debian 中的
adm 群組當作範例;如何實現 BSD 中的 wheel
群組直接執行 su 且不需輸入密碼就能切換成 root。
# anti-RMS configuration in /etc/pam.d/su
auth required pam_wheel.so group=adm
# Wheel members to be able to su without a password
auth sufficient pam_wheel.so trust group=adm
比較特殊的群組:
pam_wheel.so 不加上 group= 參數指定群組名稱,則
root 群組便是 su 所定義的預設 wheel 群組。
/usr/src
下的檔案存取。
/usr/local 以及 /home 的讀寫權。
想要了解更多的資料,請閱讀 Securing Debian
Manual 的 "FAQ"。Debian Woody 可以安裝
harden-doc 套件取得該文件。base-passwd (>3.4.6)
更納入了權限的列表。
sudo
對我而言,sudo 絕大部分是防止我做出愚笨的行為,使用
sudo 會是比直接切換成 root 更好的辦法。
安裝 sudo 之後,編輯好 /etc/sudoers/usr/share/doc/sudo/OPTIONS 中的 sudo 群組參數。
這個例子是說明 "staff" 群組透過 sudo 的設定之後便能以
root 身份執行任何程式;同樣地,"src" 群組透過 sudo
設定之後便能以 root 身份執行部份程式。
使用 sudo 的好處在於一般 user
只要輸入自己的密碼就能登入並被系統監視。
且能提供部份權限給予新上手的管理者練習。舉例來說:
$ sudo chown -R myself:mygrp .
如果你擁有 root 密碼,那麼你能以 root 權限來執行任何命令:
$ su -c "shutdown -h now"
Password:
(我知道我應該要加強管理者帳號的 sudo
權限。但這是我自家使用的伺服器,所以不用去煩惱這個問題。)
安裝 super 這個套件能夠讓一般使用者以 root 權限執行特定指令。
super-server, inetd, 在開機時被
/etc/rc2.d/S20inetd (for RUNLEVEL=2)呼叫並啟動,而這個檔案是
/etc/init.d/inetd 的一個 soft link。基本上,inetd
能啟動和控制其他的服務,減低系統負載度。
當一個服務對 inetd 送出需求時,它的通訊協定與服務可以從
/etc/protocols 以及 /etc/services 中找到,然後
inetd 便會搜尋 /etc/inetd.conf
找到適合的網際網路服務來對應,如果是 Sun-RPC 類型的服務,便會搜尋
/etc/rpc.conf 這一個設定檔。
由於系統安全上的考量,請取消 /etc/inetd.conf
中不必要或是不使用的服務。Sun-RPC 服務需要啟動 NFS 以及其他 RPC 為主的程式。
有些時候,inetd 並不會直接啟動,而是透過 tcpd 這個
TCP/IP 服務控制程式並以 /etc/inetd.conf
中已定義的伺服器服務名稱來啟動。這個情況下,tcpd
在登入以及請求時必須使用 /etc/hosts.deny 以及
/etc/hosts.allow 進行附加的檢查,然後在執行相對應的服務程序。
如果您在新版的 Debian 上無法進行遠端登入,請將 /etc/hosts.deny
中的 "ALL: PARANOID" 給註解掉。
想要得知更多的資訊,請閱讀 inetd(8), inetd.conf(5),
protocols(5), services(5), tcpd(8),
hosts_access(5), 以及 hosts_options(5).
有關 Sun-RPC 更多的訊息,請參閱 rpcinfo(8),
portmap(8), 以及
/usr/share/doc/portmap/portmapper.txt.gz.
請使用 Use Lightweight Directory Access Protocol (LDAP)。 請參考:
OpenLDAP
openldap-guide 套件
LDAP Linux
HOWTO
LDAP
Implementation HOWTO
OpenLDAP,
extensive use reports
Open LDAP
with Courier IMAP and Postfix
ATAPI/IDE 介面的燒錄器是越來越流行了。對於系統備份或是文件容量 < 640MB
的家用戶來說可是不錯的選擇。閱讀 LDP CD-Writing-HOWTO
能夠得到更進階的資訊喔。
首先,對於光碟片來說,燒錄器將資料寫入光碟片之後,已經無法回覆光碟上的資料。如果預算不是問題,建議直接購買 SCSI 介面的燒錄器來取代 ATAPI/IDE 介面的。如果要連接 IDE 裝置,請使用 PCI 匯流排(例如,在主機板上)而不要使用 ISA 匯流排( SB16 音效卡就是使用它)
如果您的燒錄器是 IDE 介面且 Kernel 為 2.2 或是 2.4 時,則需要 IDE-SCSI 來驅動燒錄功能。所以必須使用 SCSI 泛型驅動程式。底下有兩種方法可以達成上述功能,假設使用的是較新版本的 Kernel(如 2001 年三月的版本)。
Kernel 2.6 能使用原本的 IDE 驅動程式來取代 IDE-SCSI 並直接使用
/dev/hdx 來存取 CD-RW 裝置。搭配 DMA 會更好。
lilo
如果您使用的是 Debian 所包裝的 kernel-image,請在 /etc/lilo.conf
中加入以下的字串。如果有多個選項請用空白分開:
append="hdx=ide-scsi ignore=hdx"
燒錄器的裝置代號標示法為 hdx,其中的 x 代表以下的任一種硬體裝置:
hda for a master on the first IDE port
hdb for a slave on the first IDE port
hdc for a master on the second IDE port
hdd for a slave on the second IDE port
hde ... hdh for a drive on an external IDE port or ATA66/100 IDE port
完成上述設定之後,以 root 權限執行以下的命令:
# lilo
# shutdown -h now
Debian 使用 make-kpkg 來產生 kernel image。執行
make-kpkg 並加入 --append_to_version
的參數能夠建立多種 kernel images。請參閱 Debian下的Linux核心, 第 7 章。
執行 make menuconfig 加入底下的 kernel 參數與設定:
以下的步驟可讓系統在開機時啟動燒錄器:
# echo ide-scsi >>/etc/modules
# echo sg >>/etc/modules
# cd /dev; ln -sf scd0 cdrom
手動啟動可以這樣做:
# modprobe ide-scsi
# modprobe sg
重新開機之後,您可以用下列方式檢查:
$ dmesg|less
# apt-get install cdrecord
# cdrecord -scanbus
[Per Warren Dodge] 如果系統同時存在 CD-ROM 以及 CD-R/RW 的話,有時會造成
ide-scsi 和 ide-cd 的衝突。試著增加底下的設定到
/etc/modutils/aliases 並執行 update-modules
和重新開機:
pre-install ide-scsi modprobe ide-cd
這會使得 IDE 驅動程式比 ide-scsi 更早載入到核心。ide-cd 管理所有的 ATAPI CD-ROM—被指明忽略的裝置除外。剩下的裝置才由 ide-scsi 來控制。
如何產生一個 target-directory/
下所有資料的光碟映像檔:cd-image.raw (可開機, Joliet
TRANS.TBL-enabled format; 如果不需要光碟開機,拿掉 -b 和
-c 參數)?先將一片開機磁片放入軟碟機中並執行
# dd if=/dev/fd0 target-directory/boot.img
# mkisofs -r -V volume_id -b boot.img -c bootcatalog -J -T \
-o cd-image.raw target_directory/
另一個方法是產生一個開機 DOS 映像檔。假設一個開機片映像檔放在
boot.img 之下,則當軟碟開機時,CD-ROM
也會被驅動。您可以藉由 freeDOS 來達成這些動作。
光碟映像檔可以當成 loop 裝置來掛載。
# mount -t iso9660 -o ro,loop cd-image.raw /cdrom
# cd /cdrom
# mc
# umount /cdrom
先測試看看 (假設燒錄速度為兩倍)
# nice --10 cdrecord -dummy speed=2 dev=0,0 disk.img
如果無誤,則燒錄到 CD-R 只需執行以下指令
# nice --10 cdrecord -v -eject speed=2 dev=0,0 disk.img
或是燒錄到 CD-RW 的片子上
# nice --10 cdrecord -v -eject blank=fast speed=2 dev=0,0 disk.img
對於某些 CD-RW 來說,陸續的指令會好
# nice --10 cdrecord -v blank=all speed=2 dev=0,0 disk.img
接續如下
# nice --10 cdrecord -v -eject speed=2 dev=0,0 disk.img
為了預防清除 CD-RW 光碟片時出現 SCSI timeouts,則以上兩個步驟是必須的。而
nice 的值需要特別注意。
有些版權光碟具有防拷的保護使得在使用 dd 時無法正確拷貝 ( Windows
98 便是其中之一 )。 您可以試用 readcd
這個指令來拷貝,readcd 包含在 cdrecord
套件之中。利用該軟體來複製光碟大綱以產生映像檔。如果是資料光碟,請先掛載它,並執行
df 來查詢光碟大小。將得到的 blocks (1 block = 1024 bytes) 數目除以
2 來取得 sector 數目 (1 sector = 2048)。 執行 readcd
並加入以下參數來建立映像檔並燒錄到 CD-R/RW。
# readcd dev=target,lun,scsibusno # select function 11
大部分來說,只要將以上三個參數皆設為 0 就可以了。通常 readcd
所檢查出來的 sectors 數目都會過多!所以改用掛載時所產生的 block,sector
數目會比較好。
dd 對於光碟複製上可能會有些小問題。第一次執行 dd
時可能會產生錯誤訊息且映像檔會失去最末端的資料。第二次執行 dd
時如果沒指定大小,可能會產生過大的映像檔,當然,這些過多的資料都是無用的。目前解決的辦法是在執行第二次
dd 時指定正確的大小,第一次有錯誤時也不要退出光碟。假設由
df 查出來的大小為 46301184
blocks,則執行以下指令兩次來取得正確的映像檔大小。(以我的經驗來說)
# dd if=/dev/cdrom of=cd.img bs=2048 count=$((46301184/2))
您可以在 Debian CD site
取得最新的 Debian 光碟訊息。
如果您有高速網路,則可以考慮網路安裝:
如果您的網路不夠快,則可以考慮從 CD vendor 來購買 Debian
光碟。
除非您是映像檔測試者,否者請不要浪費頻寬來下載光碟映像檔(即使是使用 jigdo)。
另一個值得注意的光碟映像檔為 KNOPPIX - Live Linux
Filesystem On CD。 您可以在光碟開機之後馬上擁有 Debian
系統而不需安裝到硬碟內。
如何備份重要的資料到 CD-R 呢?您可以採用備份 script "backup"
我沒有測試過喔:
# apt-get install cdrecord cdparanoia
# cdparanoia -s -B
# cdrecord dev=0,0,0 speed=2 -v -dao -eject defpregap=1 -audio *.wav
或是
# apt-get install cdrdao #disk at once
# cdrdao read-cd --device /dev/cdrom --paranoia-mode 3 my_cd # read cd
# cdrdao write --device /dev/cdrom --speed 8 my_cd # write a new CD
cdrdao 能夠完整複製光碟(沒有音軌空隙,等...)。
燒錄 DVD 光碟有兩種方式:
growisofs 並搭配 mkisofs。
/usr/share/doc/cdrecord/README.DVD.Debian 的說明重新編譯
cdrecord 並加入 dvd 支援來產生本地端建立的套件。
X Window 系統是由 Xfree86
所提供的。 在 Debian 上有兩個主要版本的 X 伺服器: XFree86 版本 3.3(XF3) 以及
XFree86 版本 4.x(XF4);兩者皆是以 X11R6 為基礎並由 X.Org 所建構。
了解 X 的基本概念,您可以閱讀 X(7), LDP XWindow-User-HOWTO,
以及 Remote X
Apps mini-HOWTO。 您可以閱讀 xfree86-common 套件中的
/usr/share/doc/xfree86-common/FAQ.gz,這是專對於 Debian
的設計的使用者指南。其中 Branden Robinson 有一些有趣並且有權威的對 key binding
的討論。
這些正好與一般的 "server" 和 "client" 的觀念相反。
有幾種方法可以讓 "X server" (顯示端) 接受遠端連線的 "X client" (程式端):
xhost 方式
xhost, 第 9.4.7 節 以及 xhost(1x)。
xauth 方式
xhost 安全多)。
ssh -X 更省資源。
xauth(1x)。
xdm, wdm, gdm, kdm, ...
方式
xauth 安全多)。
xdm(1x) 以及 Xsecurity(7)
來建立簡單的存取權限控制。
wdm(1x), gdm(8), 和
kdm.options(5) 了解更多資訊。
xdm 套件時取消 xdm
並回到系統啟動的終端機畫面。
ssh -X 方式
ssh, 第 9.4.8 節。
以上所有遠地端連接 X 的方式,除了 ssh 之外,都需要設定 X server
啟動 TCP/IP 連線,請閱讀 Using X over TCP/IP, 第 9.4.6
節。
目前在 woody 上已經有許多 meta 套件能降低您安裝 X 系統的難度。
x-window-system-corexserver-xfree86),以及一些字型和基本的 X clients 與工具。
x-window-systemx-window-system-core、twm和xdm等組件,故安裝了它就不用再安裝x-window-system-core了)
xserver-common-v3xserver-*xserver-xfree86)不支援的硬體。如X4不支援某些老舊的ATI
mach64卡,某些顯示卡在Woody版的X4中無法工作等等。(要獲得可用的套件,可執行
apt-cache search
xserver-|less。所有這些X3伺服器均是基於xserver-common-v3的。)
大多數情況下,應該安裝x-window-system(如果要使用終端模式登入,需停用xdm,詳細方法參閱
「我不想直接啟動到 X!」, 第 8.1.4
節。)
在安裝系統之前只要先安裝以下軟體就能在配置 X 時偵測週邊硬體:
discover – 硬體偵測系統。
mdetect – 滑鼠自動偵測工具。
read-edid – VESA PnP 的硬體訊息監督器。
請參閱 XFree86(1x) 了解更多 X 伺服器的資訊。
從本地的終端機開啟 X 伺服器的方式:
$ startx -- :<display> vtXX
e.g.:
$ startx -- :1 vt8 -bpp 16
... start on vt8 connected to localhost:1 with 16 bpp mode
--後面接的是 X 伺服器的參數。
注意,在使用~/.xserverrc script 來自訂 X
伺服器啟動時所開啟的軟體時,請確定 執行 的是真正的 X
伺服器。如果沒這麼做會導致 X 伺服器啟動過慢以及退出。例如:
#!/bin/sh
exec /usr/bin/X11/X -dpi 100 -nolisten tcp
(重新)設定 XF4 伺服器,
# dpkg-reconfigure --priority=low xserver-common
# dpkg-reconfigure --priority=low xserver-xfree86
將會產生 /etc/X11/XF86Config-4 文件並使用 dexconf
script 來設定 X。
(重新)設定 XF3 伺服器,
# dpkg-reconfigure --priority=low xserver-common-v3
# dpkg-reconfigure --priority=low xserver-mach64
將會產生 /etc/X11/XF86Config 文件並使用 xf86config-3
script 來設定 X。
在 Woody
系統上,修改/etc/X11/XF86Config-4時,請不要修改以下文字間的設定
### BEGIN DEBCONF SECTION
[snip]
### END DEBCONF SECTION
正確的作法是 將自訂的內容加在定義段落之前。例如,新增顯示卡,可在設定檔開頭增加類似下面的內容:
Section "Device"
Identifier "Custom Device"
Driver "ati"
Option "NoAccel"
EndSection
Section "Screen"
Identifier "Custom Screen"
Device "Custom Device"
Monitor "Generic Monitor"
DefaultDepth 24
Subsection "Display"
Depth 8
Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
EndSubsection
Subsection "Display"
Depth 16
Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
EndSubsection
Subsection "Display"
Depth 24
Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480"
EndSubsection
EndSection
Section "ServerLayout"
Identifier "Custom"
Screen "Custom Screen"
InputDevice "Generic Keyboard" "CoreKeyboard"
InputDevice "Configured Mouse" "CorePointer"
EndSection
在 Sarge (本文撰寫時為testing
)系統上,如果您想再升級時保留使用者自訂/etc/X11/XF86Config的設定,請用
root 執行下列命令:
# cp /etc/X11/XF86Config-4 /etc/X11/XF86Config-4.custom
# md5sum /etc/X11/XF86Config-4 > /var/lib/xfree86/XF86Config-4.md5sum
# dpkg-reconfigure xserver-xfree86
如果想美化字體,請依照 TrueType fonts in X, 第 9.4.13
節 的說明來修改/etc/X11/XF86Config-4。
並檢查其餘的 X 設定。不良的螢幕設定可能會造成更多比難看字型的問題,所以請調高您的螢幕更新頻率(85 Hz 不錯,75 Hz 還可以,60 Hz 就很糟了)。
絕大多數的 X client 軟體都能用類似下面的命令啟動:
client $ xterm -geometry 80x24+30+200 -fn 6x10 -display hostname:0 &
命令行中個參數的意義如下:
/tmp/.X11-unix/XD (所以只能從主機
host 登入。
預設的 X client 程式(應用端)的 displayname 可透過 DISPLAY 環境變數來設定。例如,在執行某 X client 軟體之前,執行下列命令之一就可以完成設定工作:
$ export DISPLAY=:0
# 預設情況下,本地主機使用第一個 X screen
$ export DISPLAY=hostname.fulldomain.name:0.2
$ export DISPLAY=localhost:0
軟體啟動程序可以在 ~/.xinitrc 中自定。例如:
xrdb -load $HOME/.Xresources
xsetroot -solid gray &
xclock -g 50x50-0+0 -bw 0 &
xload -g 50x50-50+0 -bw 0 &
xterm -g 80x24+0+0 &
xterm -g 80x24+0-0 &
twm
如 自定 X sessions, 第 9.4.5.1
節所提到的,startx 不理會 Xsession
所有的常規操作。通常使用 ~/.xsession 僅做為最後的辦法。
請參閱xsetroot(1x),xset(1x)以及X resource, 第 9.4.10 節。
啟動 X session (X server + X client) 的方式如下:
startx:文字介面下用來啟動 X server 與 client 的
xinit 指令集。如果 ~/.xinitrc
不存在,擇/etc/X11/Xsession 會透過執行
/etc/X11/xinit/xinitrc 時呼叫。
xdm, gdm, kdm, or wdm:X
顯示管理程式,用來啟動 X server 與 X client 且直接在 X
下控管帳號的登入。/etc/X11/Xsession 也會被呼叫。
請參閱 「我不想直接啟動到 X!」, 第 8.1.4 節 了解從終端機啟動 X 的資訊。
預設的啟動 script
/etc/X11/Xsession是/etc/X11/Xsession.d/50xfree86-common_determine-startup
以及/etc/X11/Xsession.d/99xfree86-common_start 的組合。
/etc/X11/Xsession的執行會受到/etc/X11/Xsession.options的影響,基本上,它使用exec命令執行系統中的程式,讀取的順序如下:
~/.xsession or ~/.Xsession,如果它被定義的話。
/usr/bin/x-session-manager,如果它被定義的話。
/usr/bin/x-window-manager,如果它被定義的話。
/usr/bin/x-terminal-emulator,如果它被定義的話。
Debian alternative 系統對這些命令有詳細的說明,請參閱 Alternative 指令, 第 6.5.3 節。 例如:
# update-alternatives --config x-session-manager
... or
# update-alternatives --config x-window-manager
如果想定義某 X
視窗管理程式為預設,同時保留已安裝的GNOME和KDE的session管理程式,可用http://bugs.debian.org/168347
中第二個錯誤報告所附的檔案替換/etc/X11/Xsession.d/50xfree86-common_determine-startup(我希望它能早日加到發行版中),然後按下面的方法編輯/etc/X11/Xsession.options取消Xsession管理程式:
# /etc/X11/Xsession.options
#
# configuration options for /etc/X11/Xsession
# See Xsession.options(5) for an explanation of the available options.
# Default enabled
allow-failsafe
allow-user-resources
allow-user-xsession
use-ssh-agent
# Default disabled (enable them by uncommenting)
do-not-use-x-session-manager
#do-not-use-x-window-manager
如果不想按照上述的方法修改系統,則gnome-session 以及
kdebase 所附的 X session 管理程式就變成預設的了。移除掉他們的話,X
視窗管理程式就變成預設的視窗管理程式。(廢話,還有更好的主意嗎?)
對於那些 /etc/X11/Xsession.options 只包含一行
allow-user-xsession 的系統而言,任何定義了~/.xsession
或
~/.Xsession的使用者均可以自行定義/etc/X11/Xsession的行為。
~/.xsession 檔案中的最後一行命令,其格式應該為exec
some-window/session-manager,用來啟動您喜歡的 X 視窗/session
管理程式。
/usr/share/doc/xfree86-common/examples/xsession.gz
提供了一個相當不錯的/usr/share/doc/xfree86-common/examples/xsession.gz
範例。
我使用它來設定每一個使用者的視窗管理員,screen 存取以及語言支援。請參閱針對使用者啟動 X Session, 第 9.4.5.2 節、Getting root in X, 第 9.4.12 節、Example for a multilingual X window system, 第 9.7.9 節。
如果您希望某些 X client 軟體可以自動啟動,請參閱X clients,
第 9.4.4 節
的範例並寫到~/.xsession來取代~/.xinitrc。
使用者新增的 X 資源(resources)可以儲存在~/.Xresources,請參閱X resource, 第 9.4.10 節。
使用者自訂的鍵盤與滑鼠按鍵配置檔是存放在~/.xmodmaprc。請參閱 Keymaps and pointer button mappings in X, 第 9.4.11 節。
依照 自定 X sessions, 第 9.4.5.1 節
這一節所描述的,要啟動使用者自訂的 X session/window manager
可透過安裝相對應的軟體並在 ~/.xsession 的最後加入以下內容 (我偏好
blackbox/fluxbox 因為簡潔快速。):
gnome-session
kdebase (or kdebase3 for KDE3)
blackbox
fluxbox
xfce
icewm
fvwm
wmaker
enlightenment
要建立完整的 KDE/GNOME 桌面環境,下列的綜合套件是很有用的:
kde 套件
gnome 套件
使用能夠額外安裝 Recommends 的套件管理程式,如
dselect and aptitude,將會提供比 apt-get
更豐富的軟體供您選擇。
如果想從 console 登入,請確定先取消 X display managers,例如
kdm,gdm以及wdm,這會影響「我不想直接啟動到 X!」, 第 8.1.4
節 這一節中所提及的關聯性問題。
如果您想使用 GNOME 取代 KDE 來當視窗管理程式的話,請參閱 Alternative 指令, 第 6.5.3 節
的方法來設定 x-session-manager。
Because a remote TCP/IP socket connection without encryption is prone to an
eavesdropping attack, the default setting for X in recent Debian versions
disables the TCP/IP socket. Consider using ssh for a remote X
connection (see Connecting to a remote X server –
ssh, 第 9.4.8 節).
The method described here is not encouraged unless one is in a very secure environment behind a good firewall system with only trusted users present. Use the following command to verify your current X server setting for the TCP/IP socket:
# find /etc/X11 -type f -print0 | xargs -0 grep nolisten
/etc/X11/xinit/xserverrc:exec /usr/bin/X11/X -dpi 100 -nolisten tcp
Remove -nolisten to restore TCP/IP listening on the X server.
xhost
xhost allows access based on hostnames. This is very insecure.
The following will disable host checking and allow connections from anywhere if
a TCP/IP socket connection is allowed (see Using X over
TCP/IP, 第 9.4.6 節):
$ xhost +
You can re-enable host checking with:
$ xhost -
xhost does not distinguish between different users on the remote
host. Also, hostnames (addresses actually) can be spoofed.
This method must be avoided even with more restrictive host criteria if you're
on an untrusted network (for instance with dial-up PPP access to the Internet).
參閱 xhost(1x).
ssh
The use of ssh enables a secure connection from a local X server
to a remote application server.
/etc/ssh/sshd_config of the remote host, if
you want to avoid corresponding command-line options.
xterm in the local host.
ssh to establish a connection with the remote site.
localname @ localhost $ ssh -q -X -l loginname remotehost.domain
Password:
.....
loginname @ remotehost $ gimp &
This method allows the display of the remote X client output as if it were locally connected through a local UNIX domain socket.
xterm
Learn everything about xterm at http://dickey.his.com/xterm/xterm.faq.html.
Many older X programs, such as xterm, use the X resource database
to configure their appearance. The file ~/.Xresources is used to
store user resource specifications. This file is automatically merged into the
default X resources upon login. The system-wide defaults of X resources are
stored in /etc/X11/Xresources/* and application defaults of them
are stored in /etc/X11/app-defaults/*. Use these settings as the
starting points.
Here are some helpful settings to add to your ~/.Xresources file:
! Set the font to a more readable 9x15
XTerm*font: 9x15
! Display a scrollbar
XTerm*scrollBar: true
! Set the size of the buffer to 1000 lines
XTerm*saveLines: 1000
! Large kterm screen
KTerm*VT100*fontList: -*-fixed-medium-r-normal--24-*,\
-*-gothic-medium-r-normal--24-*,\
-*-mincho-medium-r-normal--24-*
To make these settings take effect immediately, merge them into the database using the command:
xrdb -merge ~/.Xresources
See xrdb(1x).
The xmodmap program is used to edit and display the keyboard
modifier map and keymap table that are used by client applications to convert
event keycodes into keysyms in X.
$ xmodmap -pm
... display the current modifier map
$ xmodmap -pk | pager
... display the current keymap table
$ xmodmap -e "pointer = 3 2 1" # set mouse for the left hand.
$ xmodmap ~/.xmodmaprc # set keyboad as in ~/.xmodmaprc
It is usually run from the user's session startup script,
~/.xsession.
To get the keycode, run xev in X and press keys. To
get the meaning of keysym, look into the MACRO definition in
/usr/include/X11/keysymdef.h file. All the #define
statements in this file are named as XK_ prepended to the
keysym names.
See xmodmap(1x).
If a GUI program needs to be run with root privilege, use the following procedures to display program output on a user's X server. Never attempt to start an X server directly from the root account in order to avoid possible security risks.
Start the X server as a normal user and open an xterm console.
Then:
$ XAUTHORITY=$HOME/.Xauthority
$ export XAUTHORITY
$ su root
Password:*****
# printtool &
When using this trick to su to a non-root user, make sure
~/.Xauthority is group readable by this non-root user.
To automate this command sequence, create a file ~/.xsession from
the user's account, containing the following lines:
# This makes X work when I su to the root account.
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=$HOME/.Xauthority
export XAUTHORITY
fi
unset XSTARTUP
# If a particular window/session manager is desired, uncomment
# the following and edit it to fit your needs.
#XSTARTUP=/usr/bin/blackbox
# This starts x-window/session-manager program
if [ -z "$XSTARTUP" ]; then
if [ -x /usr/bin/x-session-manager ]; then
XSTARTUP=x-session-manager
elif [ -x /usr/bin/x-window-manager ]; then
XSTARTUP=x-window-manager
elif [ -x /usr/bin/x-terminal-emulator ]; then
XSTARTUP=x-terminal-emulator
fi
fi
# execute auto selected X window/session manager
exec $XSTARTUP
Then run su (not su -) in an xterm
window of the user. Now GUI programs started from this xterm can
display output on this user's X window while running with root privilege. This
trick works as long as the default /etc/X11/Xsession is executed.
If a user set up his customization using ~/.xinitrc or
~/.xsession, the above mentioned environment variable
XAUTHORITY needs to be set similarly in those scripts.
Alternatively, sudo can be used to automate the command sequence:
$ sudo xterm
... or
$ sudo -H -s
Here /root/.bashrc should contain:
if [ $SUDO_USER ]; then
sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge -
fi
This works fine even with the home directory of the user on an NFS mount,
because root does not read the .Xauthority file.
There are also several specialized packages for this purpose:
kdesu, gksu, gksudo,
gnome-sudo, and xsu. Some other methods can be used
to achieve similar results: creating a symlink from
/root/.Xauthority to the user's corresponding one; use of the
script sux; or putting
"xauth merge ~USER_RUNNING_X/.Xauthority" in
the root initialization script.
See more on the debian-devel
mailing list.
The standard xfs in XFree86-4 works fine with TrueType fonts. You
have to install a third-party font server such as xfs-xtt, if you
are using XFree86-3.
You just need to make sure that whatever applications you want to use the TrueType fonts are linked against libXft or libfreetype (you probably don't even have to worry about this if you're using pre-compiled .debs).
First set up font support infrastructure:
x-ttcidfont-conf and defoma packages. This
automates generation of the fonts.scale and fonts.dir
files.
# apt-get install x-ttcidfont-conf
/etc/X11/XF86Config-4 in the Section
"Files" as:
Section "Files"
FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
FontPath "/usr/share/fonts/truetype"
FontPath "/usr/lib/X11/fonts/CID"
FontPath "/usr/lib/X11/fonts/Speedo"
FontPath "/usr/lib/X11/fonts/misc"
FontPath "/usr/lib/X11/fonts/cyrillic"
FontPath "/usr/lib/X11/fonts/100dpi:unscaled"
FontPath "/usr/lib/X11/fonts/75dpi:unscaled"
FontPath "/usr/lib/X11/fonts/Type1"
EndSection
The first line will setup XFree86 to use any TrueType fonts you install from Debian packages. Type1 font entry is moved down since XFree86 does a rather poor job of rendering Type1 fonts. The :unscaled trick for bitmap fonts should not be needed for new XF4 anymore but I included it here just be sure.
In order to preserve manual changes of /etc/X11/XF86Config-4
follow instructions in 手動設定 X 伺服器, 第
9.4.3.3 節.
Then install DFSG font packages:
ttf-bitstream-vera: A set of high-quality TrueType fonts created
by Bitstream, Inc. [41]
ttf-freefont: A set of free high-quality TrueType fonts covering
the UCS character set.
ttf-thryomanes: A TrueType Unicode font covering Latin, Greek,
Cyrillic, and IPA.
tfm-arphic-bsmi00lp: Chinese Arphic "AR PL Mingti2L
Big5" TrueType font TeX font metric data
tfm-arphic-bkai00mp: Chinese Arphic "AR PL KaitiM Big5"
TrueType font TeX font metric data
tfm-arphic-gbsn00lp: Chinese Arphic "AR PL SungtiL GB"
TrueType font TeX font metric data
tfm-arphic-gkai00mp: Chinese Arphic "AR PL KaitiM GB"
TrueType font TeX font metric data
ttf-baekmuk: Korean Baekmuk series TrueType fonts
hbf-jfs56: Chinese Jianti Fangsong 56x56 bitmap font (GB2312) for
CJK
hbf-cns40-b5: Chinese Fanti Song 40x40 bitmap font (Big5) for CJK
hbf-kanji48: Japanese Kanji 48x48 bitmap font (JIS X-0208) for CJK
Since Free fonts are sometimes limited, installing or sharing some commercial TrueType fonts is an option for a Debian users. In order to make this process easy for the user, some convenience packages have been created:
ttf-commercial
msttcorefonts (>1.1.0) [42]
You'll have a really good selection of TrueType fonts at the expense of contaminating your Free system with non-Free fonts.
All these font packages in Debian should work without any efforts and appear available to all X programs that use the regular "core" font system. This includes things like Xterm, Emacs, and most other non-KDE and non-GNOME applications.
Now, run xfontsel and select any TrueType fonts in the fndry menu,
you should be able to see many ungrayed out entries in the "fmly"
menu.
For KDE2.2 and GNOME1.4 (with libgdkxft0, which is a hack to get GTK 1.2 to do
anti-aliased font rendering), you need to setup Xft1, as well. Xft1 is highly
deprecated, and is basically only used by GNOME1.4 and KDE2.2. Edit
/etc/X11/XftConfig and add a line like
dir "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
before the other dir lines. [43]
For GNOME2 and KDE3 (post Sarge release), you need to setup
fontconfig which Xft2 uses to find fonts. [44] You shouldn't need to
install anything extra for this because every package using
fontconfig Depends on it (indirectly) already.
First, look in /etc/fonts/fonts.conf. There should be a line like
the one below. If not, open up /etc/fonts/local.conf and add this
<dir>/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType</dir>
just after the <fontconfig> line.
Fontconfig should pick these up immediately, and
"fc-list" should list your new fonts. Another neat feature of
fontconfig is that you can just drop fonts in
~/.fonts/ and all your fontconfigified programs will have access
to them immediately.
If you manually install a new set of TrueType fonts while in X without using Debian package, run
# xset fp rehash
to get XFree86 to look at the contents of that directory again and to pickup new ones.
There are a few web browser packages with graphical display capabilities as of the Woody release:
mozilla The Mozilla browser (new)
galeon Mozilla-based browser with a Gnome UI (new)
konqueror KDE browser
dillo GTK browser
amaya-gtk W3C reference browser
amaya-lesstif W3C reference browser
netscape-... (many, old)
communicator-... (many, old)
The version of mozilla must match the version that
galeon requires. Although they differ in UI, these two programs
share the Gecko HTML rendering engine.
Plug-ins for browsers such as mozilla and galeon can
be enabled by installing "*.so" manually in the plug-in
directory and restarting the browsers.
Plug-in resources:
http://java.sun.com.
http://www.macromedia.com/software/flashplayer/.
freewrl: VRML browser and Netscape plug-in
SSH (Secure SHell) is the secure way to connect over the Internet. A free
version of SSH called OpenSSH is available as the ssh package in
Debian.
First install the OpenSSH server and client.
# apt-get update && apt-get install ssh
The non-US entry in the /etc/apt/source.list is required.
/etc/ssh/sshd_not_to_be_run must not be present if one wishes to
run the OpenSSH server.
SSH has two authentication protocols:
.rhosts or /etc/hosts.equiv
authentication combined with public key client host authentication (disabled)
Be careful about these differences if you are migrating to Woody or using a non-Debian system.
參閱 /usr/share/doc/ssh/README.Debian.gz, ssh(1),
sshd(8), ssh-agent(1), and ssh-keygen(1)
for details.
Following are the key configuration files:
/etc/ssh/ssh_config: SSH client defaults. 參閱
ssh(1). Notable entries are:
/etc/ssh/sshd_config: SSH server defaults. 參閱
sshd(8). Notable entries are:
sshd
should listen on. Multiple options are permitted.
$HOME/.ssh/authorized_keys: the lists of the default public keys
that clients use to connect to this account on this host. 參閱
ssh-keygen(1).
$HOME/.ssh/identity: 參閱 ssh-add(1) and
ssh-agent(1).
The following will start an ssh connection from a client.
$ ssh username@hostname.domain.ext
$ ssh -1 username@hostname.domain.ext # Force SSH version 1
$ ssh -1 -o RSAAuthentication=no -l username foo.host
# force password on SSH1
$ ssh -o PreferredAuthentications=password -l username foo.host
# force password on SSH2
For the user, ssh functions as a smarter and more secure
telnet (will not bomb with ^]).
To establish a pipe to connect to port 25 of remote-server from port
4025 of localhost, and to port 110 of remote-server from port 4110
of localhost through ssh, execute on the local machine:
# ssh -q -L 4025:remote-server:25 4110:remote-server:110 \
username@remote-server
This is a secure way to make connections to SMTP/POP3 servers over the
Internet. Set the AllowTcpForwarding entry to yes in
/etc/ssh/sshd_config of the remote host.
One can avoid having to remember a password for each remote system by using RSAAuthentication (SSH1 protocol) or PubkeyAuthentication (SSH2 protocol).
On the remote system, set the respective entries, "RSAAuthentication
yes" or "PubkeyAuthentication yes", in
/etc/ssh/sshd_config.
Then generate authentication keys locally and install the public key on the remote system:
$ ssh-keygen # RSAAuthentication: RSA1 key for SSH1
$ cat .ssh/identity.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
...
$ ssh-keygen -t rsa # PubkeyAuthentication: RSA key for SSH2
$ cat .ssh/id_rsa.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
...
$ ssh-keygen -t dsa # PubkeyAuthentication: DSA key for SSH2
$ cat .ssh/id_dsa.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
One can change the passphrase later with "ssh-keygen -p". Make sure to verify settings by testing the connection. In case of any problem, use "ssh -v".
You can add options to the entries in authorized_keys to limit
hosts and to run specific commands. 參閱 sshd(8) for details.
Note that SSH2 has HostbasedAuthentication. For this to work, you
must adjust the settings of HostbasedAuthentication to
yes in both /etc/ssh/sshd_config on the server
machine and /etc/ssh/ssh_config or $HOME/.ssh/config
on the client machine.
There are a few free SSH clients available for non-Unix-like platforms.
puTTY
(GPL)
cygwin (GPL)
macSSH (GPL) [Note that Mac
OS X includes OpenSSH; use ssh in the Terminal application]
See also SourceForge.net, site
documentation, "6. CVS Instructions".
ssh-agentIt is safer to protect your SSH authentication key with a passphrase. If it was not set, use ssh-keygen -p to set it.
Place your public key (e.g. ~/.ssh/id_rsa.pub) into
~/.ssh/authorized_keys on a remote host using a password-based
connection to the remote host as described in Connecting
with fewer passwords – RSA, 第 9.5.3 節.
$ ssh-agent bash # or run zsh/tcsh/pdksh program instead.
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/osamu/.ssh/id_rsa:
Identity added: /home/osamu/.ssh/id_rsa (/home/osamu/.ssh/id_rsa)
$ scp foo user@remote.host:foo
... no passphrase needed from here on :-)
$^D
... terminating ssh-agent session
For the X server, normal Debian startup scripts execute ssh-agent
as parent process. So you only need to execute ssh-add once.
For more, read ssh-agent(1)and ssh-add(1).
If you have problems, check the permissions of configuration files and run
ssh with the "-v" option.
Use the "-P" option if you are root and have trouble with a firewall; this avoids the use of server ports 1–1023.
If ssh connections to a remote site suddenly stop working, it may
be the result of tinkering by the sysadmin, most likely a change in
host_key during system maintenance. After making sure this is the
case and nobody is trying to fake the remote host by some clever hack, one can
regain a connection by removing the host_key entry from
$HOME/.ssh/known_hosts on the local machine.
Mail configuration divides into three categories:
exim4, exim,
postfix, sendmail, qmail,
ssmtp, nullmailer, ...
procmail, fetchmail,
mailx, crm114, ...
mutt, emacs+gnus,
...
For a full-featured MTA, use exim in Woody and use
exim4 in Sarge. [45] References:
exim-doc and exim-doc-html packages for
exim
exim4-doc-info and exim4-doc-html packages for
exim4
http://www.exim.org/
The only reasonable alternative MTA is postfix if you care about
security. sendmail and qmail are available as Debian
packages but are not recommended.
If you do not need the relay capability of an MTA as in the case of a satellite system such as a laptop PC, you may consider using one of these lightweight packages:
ssmtp: needs an SMTP connection and is alias-capable, or
nullmailer: can spool but is not alias-capable.
At this moment, I find exim to be more suitable even for my
personal workstation machine, which is a laptop PC.
You may need to remove exim for the installation of these
conflicting packages:
# dpkg -P --force-depends exim
# apt-get install nullmailer # or ssmtp
If you are running exim4 or exim on a host which is
connected through the consumer grade services, please make sure to send
outgoing mail through a smarthost offered by your ISP or some others. [46] There are few good reasons:
The only conceivable exceptions are:
In order to use exim4 or exim as your MTA, configure
the following:
/etc/exim/exim.conf "eximconfig" to create and edit (exim)
/etc/exim4/* "dpkg-reconfigure exim4" to create and edit (exim4)
/etc/inetd.conf comment out smtp to run exim as daemon
/etc/email-addresses Add spoofed source address lists
check filters using exim4 or exim with -brw,
-bf, -bF, -bV, ... etc.
In /etc/exim/exim.conf (Woody or later), in the DIRECTORS part, at
the end (after the localuser: director) add a catch-all director that matches
all addresses that the previous directors couldn't resolve (per Miquel van
Smoorenburg):
catchall:
driver = smartuser
new_address = webmaster@mydomain.com
If one wants to have more a detailed recipe for each virtual domain, etc., add
the following at the end of /etc/exim/exim.conf (per me, not well
tested):
*@yourdomain.com ${lookup{$1}lsearch*{/etc/email-addresses} \
{$value}fail} T
Then have an "*" entry in /etc/email-addresses.
Selective address rewrite for outgoing mail to produce proper "From:"
headers can be done using exim by configuring near the end of
/etc/exim/exim.conf:
*@host1.something.dyndns.org \
"${if eq {${lookup{$1}lsearch{/etc/passwd}{1}{0}}} {1} \
{$0}{$1@somethig.dyndns.org}}" frFs
This rewrites all addresses matching *@host1.something.dyndns.org.
/etc/password to see if the local part ($1) is
a local user or not.
Some SMTP services such as yahoo.com require SMTP auth. Configure
/etc/exim/exim.conf as follows:
remote_smtp:
driver = smtp
authenticate_hosts = smtp.mail.yahoo.com
...
smarthost:
driver = domainlist
transport = remote_smtp
route_list = "* smtp.mail.yahoo.com bydns_a"
...
plain:
driver = plaintext
public_name = PLAIN
client_send = "^cmatheson3^this_is_my_password"
Do not forget double quotes in the last line.
fetchmail is run in daemon mode to fetch mail from a POP3 account
with an ISP into the local mail system. Configure:
/etc/init.d/fetchmail
/etc/rc?.d/???fetchmail run update-rc.d fetchmail default priority 30
/etc/fetchmailrc configuration file (chown 600, owned by fetchmail)
Information on how to start fetchmail as a daemon from the
init.d script for Potato is confusing (Woody fixed this). See the
sample /etc/init.d/fetchmail and /etc/fetchmailrc
files in the example scripts.
If your email headers are contaminated by ^M due to your ISP's mailer, add
"stripcr" to your options in $HOME/.fetchmailrc:
options fetchall no keep stripcr
procmail is a local mail delivery and filter program. One needs
to create $HOME/.procmailrc for each account that uses it.
Example: _procmailrc
crm114
crm114 package provides
/usr/share/crm114/mailfilter.crm script which is written in
CRM114. This script provides a very effective spam filter which can be trained
by feeding the spam and the ham.
CRM114 is a small language designed to write filters in; consider it to be a
version of grep with super powers. See crm(1).
Use mutt as the mail user agent (MUA) in combination with
vim. Customize with ~/.muttrc; for example:
# use visual mode and "gq" to reformat quotes
set editor="vim -c 'set tw=72 et ft=mail'"
#
# header weeding taken from the manual (Sven's Draconian header weeding)
#
ignore *
unignore from: date subject to cc
unignore user-agent x-mailer
hdr_order from subject to cc date user-agent x-mailer
auto_view application/msword
....
Add the following to /etc/mailcap or $HOME/.mailcap
to display HTML mail and MS Word attachments inline:
text/html; lynx -force_html %s; needsterminal;
application/msword; /usr/bin/antiword '%s'; copiousoutput;
description="Microsoft Word Text"; nametemplate=%s.doc
Debian is internationalized, offering support for a growing number of languages and local usage conventions. The next subsection lists some of the forms of diversity that Debian currently supports, and the following subsections discuss localization, the process of customizing your working environment to allow current input and output of your chosen language(s) and conventions for dates, numeric and monetary formats, and other aspects of a system that differ according to your region.
There are several aspects to customizing for localization and national language support.
Debian is distributed with keymaps for nearly two dozen keyboards. In Woody, reconfigure the keyboard by:
The vast majority of Debian software packages support data handling of non-US-ASCII characters through the LC_CTYPE environment variable offered by the locale technology in glibc.
X can display any coding, including UTF-8, and supports all fonts. The list includes not only all the 8-bit fonts but also 16-bit fonts such as Chinese, Japanese, or Korean. Multibyte character input method is supported by the Alternative X input methods, 第 9.7.10 節 mechanism. See Example for a multilingual X window system, 第 9.7.9 節 and UTF-8 support for the X terminal emulator, 第 9.7.12 節.
Japanese EUC code display is also available in a (S)VGA graphics console
through the kon2 package. There is an alternative new Japanese
display, jfbterm, which uses a frame-buffer console, too. In
these console environments, the Japanese input method must be supplied by the
application. Use egg package for Emacs and use japanized
jvim package for a Vim environment.
Installation of non Unicode fonts to X will help in displaying documents with any encoding in X. So do not worry too much about encoding of fonts.
Translations exist for many of the text messages and documents that are displayed in the Debian system, such as error messages, standard program output, menus, and manual pages. Currently, support for manual pages in German, Spanish, Finnish, French, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Chinese, and Russian is provided through the manpages-LANG packages (where LANG is a comma-separated list of two-letter ISO country codes. Use apt-cache search manpages-|less to get a list of available Unix manual pages.)
To access an NLS manual page, the user must set the environment variable
LC_MESSAGES to the appropriate string. For example, in the case of the
Italian-language manual pages, LC_MESSAGES needs to be set to it.
The man program will then search for Italian manual pages under
/usr/share/man/it/.
Debian supports locale technology. Locale is a mechanism that allows programs to provide suitable output and functionality according to local conventions such as character set, format for date and time, currency symbol, and so on. It uses environment variables to determine the appropriate behavior. For example, assuming you have both the American English and German locales installed on your system, the error messages of many programs can be multilingual:
$ LANG="en_US" cat foo
cat: foo: No such file or directory
$ LANG="de_DE" cat foo
cat: foo: Datei oder Verzeichnis nicht gefunden
Glibc offers support for this functionality to programs as a library. See
locale(7).
Full locale description consists of 3 parts: xx_YY.ZZZZ.
For language codes and country codes, see pertinent description in the info gettext.
Please note this codeset part may be normalized internally to achieve cross platform compatibility by removing all - and by converting all characters into lower case. Typical codesets are:
As for the meaning of basic encoding system jargons:
ISO-8859-?, EUC, ISO-10646-1, UCS-2, UCS-4, and UTF-8 share the same code with ASCII for the 7 bit characters. EUC or Shift-JIS uses high-bit characters (0x80-0xff) to indicate that part of encoding is 16 bit. UTF-8 also uses high-bit characters (0x80-0xff) to indicate non 7 bit character sequence bytes and this is the most sane encoding system to handle non-ASCII characters.
Please note the byte order difference of Unicode implementation:
See 利用 recode
來轉換文字檔, 第 8.6.12 節 for conversion between various character sets.
For more see Introduction to
i18n.
Debian does not come with all available locales pre-compiled.
Check /usr/lib/locale to see which locales (besides the default
"C") are compiled for your system. If the one you need is not
present, you have two options:
/etc/locale.gen to add the desired locale, then run
locale-gen as root to compile it. 參閱 locale-gen(8)
and the manpages listed in its "SEE ALSO" section.
locales package. Or if it is not already installed, installing
locales will invoke the debconf interface to let you choose needed
locales and compile the database.
The following environment variables are evaluated in this order to provide particular locale values to programs:
LC_* variables are:
Note that some applications (e.g., Netscape 4) ignore LC_* settings.
The locale program can display active locale settings and
available locales; see locale(1). (NOTE: locale -a
lists all the locales that your system knows about; this does not mean
that all of them are compiled! See Activating
locale support, 第 9.7.4 節.)
The locale support for the international date standard of
yyyy-mm-dd (ISO 8601 date format) is provided by the locale called
en_DK, "English in Denmark", which is a bit of joke :-)
This seems to work only in a console screen for ls.
Add the following lines to ~/.bash_profile:
LC_CTYPE=en_US.ISO-8859-1
export LC_CTYPE
Add the following lines to ~/.bash_profile:
LANG=fr_FR@euro
export LANG
LC_CTYPE=fr_FR@euro
export LC_CTYPE
Configure the keyboard for French "AZERTY" as described in Localizing the keyboard, 第 9.7.1.1 節; add French
manual pages by installing manpages-fr. The Right-Alt key in the
US is called Alt-Gr in Europe. Pressing this together with other keys creates
numerous accented and special characters. For example, Alt-Gr+E creates a Euro
sign.
Most western European languages can be configured similarly.
參閱 Debian Euro
HOWTO for adding support for the new Euro currency and Utiliser et
configurer Debian pour le français for more details in French.
Let us set up a multilingual X window system which simultaneously supports Japanese, English, German, and French with EUC, UTF-8, and ISO-8859-1 encodings in different consoles.
I will show you a customization using the Debian menu system. See the details
of Debian menu system in /usr/share/doc/menu/html/index.html.
I also create a shortcut to the mozilla web browser in this
example. [47]
canna – Local server ("free-beer" license), or
freewnn-jserver – Network-extensible server (Public Domain)
kinput2-canna – for X, or
kinput2-canna-wnn – for X, and
egg – directly works with Emacsen even in console (optional)
xterm – X (for ISO-8859-1 and UTF-8),
kterm – X (for Japanese EUC), and
mlterm – X (multilingual).
~/.xsession that sets the user-specific X environment
as described in 自定 X sessions, 第 9.4.5.1 節 (for
all):
#!/bin/sh
# This makes X work when I su to root.
if [ -z "$XAUTHORITY" ]; then
XAUTHORITY=$HOME/.Xauthority
export XAUTHORITY
fi
# Set specific environment through debian menu system.
# Reset locale
unset LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
unset LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
unset LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER
# set locale default in X
LANG=C
# export locale
export LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
export LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
export LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER
###
# activate input method for Japanese with kinput2
kinput2 &
XMODIFIERS="@im=kinput2"
export XMODIFIERS
# How about blackbox window manager (lightweight)
exec blackbox
#exec xfwm
#exec wmaker
~/.bash_profile for Linux consoles (for all).
~/.bashrc, if existed (for all).
/etc/menu/ (for all).
/etc/menu/xterm-local: (add new entries to menu) [48]
?package(xterm):\
needs=x11\
section=XShells\
longtitle="XTerm: terminal emulator (en_US.ISO-8859-1)"\
title="XTerm (en_US.ISO-8859-1)"\
command="sh -c 'LC_ALL=en_US.ISO-8859-1 xterm'"
?package(xterm):\
needs=x11\
section=XShells\
longtitle="XTerm: terminal emulator (de_DE.ISO-8859-1)"\
title="XTerm (de_DE.ISO-8859-1)"\
command="sh -c 'LC_ALL=de_DE.ISO-8859-1 xterm -T xterm-de'"
?package(xterm):\
needs=x11\
section=XShells\
longtitle="XTerm: terminal emulator for X with Unicode support (Japanese)"\
title="UXTerm (ja_JP.UTF-8)"\
command="sh -c 'LC_ALL=ja_JP.UTF-8 uxterm'"
/etc/menu/kterm: (override the system default) [49]
?package(kterm):\
needs="x11"\
section="XShells"\
command="sh -c 'LC_ALL=ja_JP.eucJP PAGER=w3m /usr/X11R6/bin/kterm -xim'" \
title="Kanji Terminal"
?package(kterm):\
needs="x11"\
section="XShells"\
command="sh -c 'LANG=ja_JP.eucJP \
LC_MESSAGES=en_US.ISO-8859-1 PAGER=w3m /usr/X11R6/bin/kterm -xim'" \
title="Kanji Terminal (bilingal)"
/etc/menu/mozilla-local: (add a new shortcut) [50]
?package(mozilla-browser):needs="x11" section="/" \
title=" Mozilla Navigator" command="mozilla-1.5" hints="Web browsers" \
icon=/usr/share/pixmaps/mozilla.xpm
update-menus from the root account.
~/.muttrc (for Japanese):
# UTF-8 support is not popular in popular Japanese EMACS environment
# 7-bit encoding of iso-2022-jp is easier for everyone.
# default encoding order = us-ascii --> iso-8859-1 --> iso-2022-jp
set send_charset="us-ascii:iso-8859-1:iso-2022-jp"
set allow_8bit=no
kinput2 for X applications (for Japanese):
~/.Xresources (it looks like
Debian takes care of this automatically somehow).
mlterm) also allow you to set up
*inputMethod: and other information dynamically at runtime (press
Ctrl-MouseButton-3 in mlterm).
xdm, gdm, kdm, wdm, ...)
(for all).
kterm (for Japanese). (Emacs seems to be the
most popular platform, though I do not use it.)
For other CJK language supports, see the following sections and SuSE pages for
CJK.
There are many alternative X input methods support packages available:
Language LC_CTYPE XIM server XMODIFIERS Start key
Japanese ja_JP* kinput2 "@im=kinput2" Shift-Space
Korean ko_KR* ami "@im=Ami" Shift-Space
Chinese(T) zh_TW.Big5 xcin "@im=xcin-zh_TW.big5" Ctrl-Space
Chinese(S) zh_CN.GB2312 xcin "@im=xcin-zh_CN.GB2312" Ctrl-Space
Japanese input method kinput2 is offered by the packages such as
kinput2-canna-wnn, kinput2-canna, and
kinput2-wnn. Japanese needs dictionary server such as
canna and freewnn-jserver to be practical.
There are many X consoles which support simple 8 bit encodings when pertinent font packages are installed:
xterm – The X terminal emulator
gnome-terminal – xterm for Gnome
konsole – xterm for KDE
rxvt – VT102 terminal (lighter)
aterm – VT102 for Afterstep WM
eterm – VT102 for Enlightment WM
wterm – VT102 for WindowMaker WM
Multi-byte encoding supports of X console are provided by xterm
through UTF-8 encoding (UTF-8 support for the X terminal
emulator, 第 9.7.12 節). Other traditional encoding supports are in
progress (as of 2003). Following packages offer traditional encoding supports:
aterm-ml – Multi-lingual
kterm – Multi-lingual (Japanese, ...)
rxvt-ml – Multi-lingual
wterm-ml – Multi-lingual
cxterm-big5 – Chinese (Trad., Big5)
cxterm-gb – Chinese (Simp., GB)
cxterm-ks – Chinese (KS)
cxterm-jis – Japanese
hanterm-classic – Korean (Hangul)
hanterm-xf – Korean (Hangul)
hztty – Chinese (GB, Big5, zW/HZ)
For kterm (and possibly others), you may want to activate XIM
through menu after Ctrl-middle-click mouse action.
UTF-8 support for X terminal emulator is provided by the uxterm
program in the xterm package for XFree86 4.x. It enables support
for all languages. It is a wrapper around the xterm(1) program
that invokes the latter program with the "UXTerm" X resource class
set.
For example, to enable nice large display of English, Russian, Japanese,
Chinese, and Korean characters, add following to your
~/.Xresources after installing all the pertinent fonts:
! set large font
UXTerm*font: -misc-fixed-medium-r-normal-*-18-120-100-100-c-90-iso10646-1
! Use XIM for Japanese
*inputMethod: kinput2
Then run xrdb -merge ~/.Xresources to update X resources as described in X resource, 第 9.4.10 節.
Although most of the popular console program packages such as vim,
mutt, and emacs have been made compatible with UTF-8
recently (Woody-Sarge). Program such as mc still is not UTF-8
compatible but simply 8-bit clean. If you are editing 7 bit ASCII part of
unknown or mixed encoding file, it is safer to use the locale unaware 8-bit
clean editor.
Everyone will need this in the future. 參閱 The Unicode
HOWTO.
UTF-8 support on a FB console is provided by bterm used in the
debian-installer.
When you are first setting the system up for a national language
environment, please consider using tasksel or
aptitude to find out what packages are selected by choosing the
corresponding language environment task. The package choice made is useful
even for a multilingual setup. If you encounter any package dependency
conflicts during the install to your carefully configured system, avoid
installing any software that conflicts with the existing system. You may have
to use update-alternative to regain the original state for some
commands since a newly installed one may have higher priority than existing
ones.
Newer major programs are using glibc 2.2 and are mostly internationalized. So
a specially localized version such as jvim for Vim may not be
needed as its functionality is offered by vim version 6.0 in X.
In reality, it is still somewhat rough-edged. Since jvim has a
version compiled with direct Japanese input method (canna) support
even in the console and addresses many other Japanese-specific issues maturely,
you may still want it :-)
Programs may need to be configured beyond locale configuration to
enable a comfortable working environment. The language-env
package and its command set-language-env greatly eases this
process.
Also see the internationalization document, Introduction to
i18n. It is aimed at developers but is also useful for system
administrators.
Debian 參考手冊
CVS, 週一 四月 3 22:58:37 UTC 2005osamu@debian.orgasho@debian.org.tw