Книга администратора Debian

Глава 8. Базовая конфигурация: Сеть

Pdf просмотр
Размер7.63 Mb.
1   ...   8   9   10   11   12   13   14   15   ...   32
Глава 8. Базовая конфигурация: Сеть,
Аккаунты, Печать...
Компьютер с новой инсталляции, созданной с помощью debian-installerв большинстве случаев функционалены, но некоторые службы требуют определённой настройки. Более того, всегда полезно знать как поменять некоторые настройки, которые были сделаны во время установки системы.
This chapter reviews everything included in what we could call the “basic configuration”:
networking, language and locales, users and groups, printing, mount points, etc.
8.1. Configuring the System for Another
If the system was installed using French, the machine will probably already have French set as the default language. But it is good to know what the installer does to set the language, so that later, if the need arises, you can change it.
TOOL The locale command to display the current configuration
The locale command lists a summary of the current configuration of various locale parameters (date format, numbers format,
etc.), presented in the form of a group of standard environment variables dedicated to the dynamic modification of these settings.
8.1.1. Setting the Default Language
A locale is a group of regional settings. This includes not only the language for text, but also the format for displaying numbers, dates, times, and monetary sums, as well as the alphabetical comparison rules (to properly account for accented characters). Although each of these parameters can be specified independently from the others, we generally use a locale, which is a coherent set of values for these parameters corresponding to a “region” in the broadest sense.
These locales are usually indicated under the form,
, sometimes with a suffix to specify the character set and encoding to be used. This enables consideration of idiomatic or typographical differences between different regions with a common language.
CULTURE Character sets
Historically, each locale has an associated “character set” (group of known characters) and a preferred “encoding” (internal representation for characters within the computer).
The most popular encodings for latin-based languages were limited to 256 characters because they opted to use a single byte
for each character. Since 256 characters was not enough to cover all European languages, multiple encodings were needed,
and that is how we ended up with ISO-8859-1 (also known as “Latin 1”) up to ISO-8859-15 (also known as “Latin 9”),
among others.
Working with foreign languages often implied regular switches between various encodings and character sets. Furthermore,
writing multilingual documents led to further, almost intractable problems. Unicode (a super-catalog of nearly all writing systems from all of the world's languages) was created to work around this problem. One of Unicode's encodings, UTF-8,
retains all 128 ASCII symbols (7-bit codes), but handles other characters differently. Those are preceded by a specific escape sequence of a few bits, which implicitly defines the length of the character. This allows encoding all Unicode characters on a sequence of one or more bytes. Its use has been popularized by the fact that it is the default encoding in XML documents.
This is the encoding that should generally be used, and is thus the default on Debian systems.
The locales package includes all the elements required for proper functioning of “localization”
of various applications. During installation, this package will ask to select a set of supported languages. This set can be changed at any time by running dpkg-reconfigure locales as root.
The first question invites you to select “locales” to support. Selecting all English locales
(meaning those beginning with “
”) is a reasonable choice. Do not hesitate to also enable other locales if the machine will host foreign users. The list of locales enabled on the system is stored in the
/etc/locale.gen file. It is possible to edit this file by hand, but you should run
locale-gen after any modifications. It will generate the necessary files for the added locales to work, and remove any obsolete files.
The second question, entitled “Default locale for the system environment”, requests a default locale. The recommended choice in the U.S.A. is “
”. British English speakers will prefer “
”, and Canadians will prefer either “
” or, for French,

”. The
/etc/default/locale file will then be modified to store this choice.
From there, it is picked up by all user sessions since PAM will inject its content in the
environment variable.
/etc/environment file provides the login, gdm, or even ssh programs with the correct environment variables to be created.
These applications do not create these variables directly, but rather via a PAM (
) module. PAM (Pluggable
Authentication Module) is a modular library centralizing the mechanisms for authentication, session initialization, and password management. See
Раздел, «Configuring PAM»
for an example of PAM configuration.
/etc/default/locale file works in a similar manner, but contains only the
environment variable. Thanks to this split, some PAM users can inherit a complete environment without localization. Indeed, it is generally discouraged to run server programs with localization enabled; on the other hand, localization and regional settings are recommended for programs that open user sessions.
8.1.2. Configuring the Keyboard
Even if the keyboard layout is managed differently in console and graphical mode, Debian offers a single configuration interface that works for both: it is based on debconf and is implemented in the keyboard-configuration package. Thus the dpkg-reconfigure keyboard-configuration
command can be used at any time to reset the keyboard layout.

The questions are relevant to the physical keyboard layout (a standard PC keyboard in the US
will be a “Generic 104 key”), then the layout to choose (generally “US”), and then the position of the AltGr key (right Alt). Finally comes the question of the key to use for the “Compose key”,
which allows for entering special characters by combining keystrokes. Type successively
Compose ' e and produce an e-acute (“é”). All these combinations are described in the
/usr/share/X11/locale/en_US.UTF-8/Compose file (or another file, determined according to the current locale indicated by
Note that the keyboard configuration for graphical mode described here only affects the default layout; the GNOME and KDE environments, among others, provide a keyboard control panel in their preferences allowing each user to have their own configuration. Some additional options regarding the behavior of some particular keys are also available in these control panels.
8.1.3. Migrating to UTF-8
The generalization of UTF-8 encoding has been a long awaited solution to numerous difficulties with interoperability, since it facilitates international exchange and removes the arbitrary limits on characters that can be used in a document. The one drawback is that it had to go through a rather difficult transition phase. Since it could not be completely transparent (that is, it could not happen at the same time all over the world), two conversion operations were required: one on file contents, and the other on filenames. Fortunately, the bulk of this migration has been completed and we discuss it largely for reference.
CULTURE Mojibake and interpretation errors
When a text is sent (or stored) without encoding information, it is not always possible for the recipient to know with certainty what convention to use for determining the meaning of a set of bytes. You can usually get an idea by getting statistics on the distribution of values present in the text, but that doesn't always give a definite answer. When the encoding system chosen for reading differs from that used in writing the file, the bytes are mis-interpreted, and you get, at best, errors on some characters,
or, at worst, something completely illegible.
Thus, if a French text appears normal with the exception of accented letters and certain symbols which appear to be replaced with sequences of characters like “é” or è” or “ç”, it is probably a file encoded as UTF-8 but interpreted as ISO-8859-1
or ISO-8859-15. This is a sign of a local installation that has not yet been migrated to UTF-8. If, instead, you see question marks instead of accented letters — even if these question marks seem to also replace a character that should have followed the accented letter — it is likely that your installation is already configured for UTF-8 and that you have been sent a document encoded in Western ISO.
So much for “simple” cases. These cases only appear in Western culture, since Unicode (and UTF-8) was designed to maximize the common points with historical encodings for Western languages based on the Latin alphabet, which allows recognition of parts of the text even when some characters are missing.
In more complex configurations, which, for example, involve two environments corresponding to two different languages that do not use the same alphabet, you often get completely illegible results — a series of abstract symbols that have nothing to do with each other. This is especially common with Asian languages due to their numerous languages and writing systems. The
Japanese word mojibake has been adopted to describe this phenomenon. When it appears, diagnosis is more complex and the simplest solution is often to simply migrate to UTF-8 on both sides.
As far as file names are concerned, the migration can be relatively simple. The convmv tool (in the package with the same name) was created specifically for this purpose; it allows renaming
files from one encoding to another. The use of this tool is relatively simple, but we recommend doing it in two steps to avoid surprises. The following example illustrates a UTF-8 environment containing directory names encoded in ISO-8859-15, and the use of convmv to rename them.
ls travail/
Ic?nes ?l?ments graphiques Textes
convmv -r -f iso-8859-15 -t utf-8 travail/
Starting a dry run without changes...
mv "travail/
???l???ments graphiques" "travail/Éléments graphiques"
mv "travail/Ic
???nes" "travail/Icônes"
No changes to your files done. Use --notest to finally rename the files.
convmv -r --notest -f iso-8859-15 -t utf-8 travail/
mv "travail/
???l???ments graphiques" "travail/Éléments graphiques"
mv "travail/Ic
???nes" "travail/Icônes"
ls travail/
Éléments graphiques Icônes Textes
For the file content, conversion procedures are more complex due to the vast variety of existing file formats. Some file formats include encoding information that facilitates the tasks of the software used to treat them; it is sufficient, then, to open these files and re-save them specifying
UTF-8 encoding. In other cases, you have to specify the original encoding (ISO-8859-1 or
“Western”, or ISO-8859-15 or “Western (Euro)”, according to the formulations) when opening the file.
For simple text files, you can use recode (in the package of the same name) which allows automatic recoding. This tool has numerous options so you can play with its behavior. We recommend you consult the documentation, the recode(1) man page, or the recode info page
(more complete).

8.2. Настройка Сети
BACK TO BASICS Essential network concepts (Ethernet, IP address, subnet, broadcast)
Most modern local networks use the Ethernet protocol, where data is split into small blocks called frames and transmitted on the wire one frame at a time. Data speeds vary from 10 Mb/s for older Ethernet cards to 10 Gb/s in the newest cards (with the most common rate currently growing from 100 Mb/s to 1 Gb/s). The most widely used cables are called 10BASE-T,
100BASE-T, 1000BASE-T or 10GBASE-T depending on the throughput they can reliably provide (the T stands for “twisted pair”); those cables end in an RJ45 connector. There are other cable types, used mostly for speeds of 1 Gb/s and above.
An IP address is a number used to identify a network interface on a computer on a local network or the Internet. In the currently most widespread version of IP (IPv4), this number is encoded in 32 bits, and is usually represented as 4 numbers separated by periods (e.g.
), each number being between 0 and 255 (inclusive, which corresponds to 8 bits of data). The next version of the protocol, IPv6, extends this addressing space to 128 bits, and the addresses are generally represented as a series of hexadecimal numbers separated by colons (e.g., 2001:0db8:13bb:0002:0000:0000:0000:0020, or
2001:db8:13bb:2::20 for short).
A subnet mask (netmask) defines in its binary code which portion of an IP address corresponds to the network, the remainder specifying the machine. In the example of configuring a static IPv4 address given here, the subnet mask,
“1”s followed by 8 “0”s in binary representation) indicates that the first 24 bits of the IP address correspond to the network address, and the other 8 are specific to the machine. In IPv6, for readability, only the number of “1”s is expressed; the netmask for an IPv6 network could, thus, be
The network address is an IP address in which the part describing the machine's number is 0. The range of IPv4 addresses in a complete network is often indicated by the syntax, a.b.c.d/e, in which a.b.c.d is the network address and e is the number of bits affected to the network part in an IP address. The example network would thus be written:
. The syntax is similar in IPv6:
A router is a machine that connects several networks to each other. All traffic coming through a router is guided to the correct network. To do this, the router analyzes incoming packets and redirects them according to the IP address of their destination.
The router is often known as a gateway; in this configuration, it works as a machine that helps reach out beyond a local network (towards an extended network, such as the Internet).
The special broadcast address connects all the stations in a network. Almost never “routed”, it only functions on the network in question. Specifically, it means that a data packet addressed to the broadcast never passes through the router.
This chapter focuses on IPv4 addresses, since they are currently the most commonly used. The details of the IPv6 protocol are approached in
Раздел 10.5, «IPv6»
, but the concepts remain the same.
Since the network is automatically configured during the initial installation, the
/etc/network/interfaces file already contains a valid configuration. A line starting with auto gives a list of interfaces to be automatically configured on boot by ifupdown and its
/etc/init.d/networking init script. This will often be eth0
, which refers to the first Ethernet card.
ALTERNATIVE NetworkManager
If Network Manager is particularly recommended in roaming setups (see
Раздел 8.2.4, «Automatic Network Configuration for Roaming Users»
), it is also perfectly usable as the default network management tool. You can create “System connections” that are used as soon as the computer boots either manually with a
-like file in
or through a graphical tool (nm-connection-editor). Just remember to deactivate all entries in
/etc/network/interfaces if you want Network Manager to handle them.
→ https://wiki.gnome.org/Projects/NetworkManager/SystemSettings/jessie

→ https://developer.gnome.org/NetworkManager/0.9/ref-settings.html
8.2.1. Ethernet Interface
If the computer has an Ethernet card, the IP network that is associated with it must be configured by choosing from one of two methods. The simplest method is dynamic configuration with
DHCP, and it requires a DHCP server on the local network. It may indicate a desired hostname,
corresponding to the hostname setting in the example below. The DHCP server then sends configuration settings for the appropriate network.
Пример 8.1. DHCP configuration
auto eth0
iface eth0 inet dhcp hostname arrakis
A “static” configuration must indicate network settings in a fixed manner. This includes at least the IP address and subnet mask; network and broadcast addresses are also sometimes listed. A
router connecting to the exterior will be specified as a gateway.
Пример 8.2. Static configuration
auto eth0
iface eth0 inet static address
NOTE Multiple addresses
It is possible not only to associate several interfaces to a single, physical network card, but also several IP addresses to a single interface. Remember also that an IP address may correspond to any number of names via DNS, and that a name may also correspond to any number of numerical IP addresses.
As you can guess, the configurations can be rather complex, but these options are only used in very special cases. The examples cited here are typical of the usual configurations.
8.2.2. Connecting with PPP through a PSTN Modem
A point to point (PPP) connection establishes an intermittent connection; this is the most common solution for connections made with a telephone modem (“PSTN modem”, since the connection goes over the public switched telephone network).
A connection by telephone modem requires an account with an access provider, including a telephone number, username, password, and, sometimes the authentication protocol to be used.
Such a connection is configured using the pppconfig tool in the Debian package of the same
name. By default, it sets up a connection named provider
(as in Internet service provider).
When in doubt about the authentication protocol, choose PAP: it is offered by the majority of
Internet service providers.
After configuration, it is possible to connect using the pon command (giving it the name of the connection as a parameter, when the default value of provider is not appropriate). The link is disconnected with the poff command. These two commands can be executed by the root user, or by any other user, provided they are in the dip group.
8.2.3. Connecting through an ADSL Modem
The generic term “ADSL modem” covers a multitude of devices with very different functions.
The modems that are simplest to use with Linux are those that have an Ethernet interface (and not only a USB interface). These tend to be popular; most ADSL Internet service providers lend (or lease) a “box” with Ethernet interfaces. Depending on the type of modem, the configuration required can vary widely. Modems Supporting PPPOE
Some Ethernet modems work with the PPPOE protocol (Point to Point Protocol over Ethernet).
The pppoeconf tool (from the package with the same name) will configure the connection. To do so, it modifies the
/etc/ppp/peers/dsl-provider file with the settings provided and records the login information in the
/etc/ppp/pap-secrets and
/etc/ppp/chap-secrets files. It is recommended to accept all modifications that it proposes.
Once this configuration is complete, you can open the ADSL connection with the command, pon
dsl-provider and disconnect with poff dsl-provider.
TIP Starting ppp at boot
PPP connections over ADSL are, by definition, intermittent. Since they are usually not billed according to time, there are few downsides to the temptation of keeping them always open. The standard means to do so is to use the init system.
The default init system on Jessie is systemd. Adding an automatically restarting task for the ADSL connection is a simple matter of creating a “unit file” such as
, with contents such as the following:
Description=ADSL connection
ExecStart=/usr/sbin/pppd call dsl-provider
Once this unit file has been defined, it needs to be enabled with systemctl enable adsl-connection. Then the loop can be started manually with systemctl start adsl-connection; it will also be started automatically on boot.
On systems not using systemd (including Wheezy and earlier versions of Debian), the standard SystemV init works
differently. On such systems, all that is needed is to add a line such as the following at the end of the
/etc/inittab file; then,
any time the connection is disconnected, init will reconnect it.
adsl:2345:respawn:/usr/sbin/pppd call dsl-provider
For ADSL connections that auto-disconnect on a daily basis, this method reduces the duration of the interruption. Modems Supporting PPTP
The PPTP (Point-to-Point Tunneling Protocol) protocol was created by Microsoft. Deployed at the beginning of ADSL, it was quickly replaced by PPPOE. If this protocol is forced on you, see
Раздел 10.2.4, «PPTP» Modems Supporting DHCP
When a modem is connected to the computer by an Ethernet cable (crossover cable) you typically configure a network connection by DHCP on the computer; the modem automatically acts as a gateway by default and takes care of routing (meaning that it manages the network traffic between the computer and the Internet).
BACK TO BASICS Crossover cable for a direct Ethernet connection
Computer network cards expect to receive data on specific wires in the cable, and send their data on others. When you connect a computer to a local network, you usually connect a cable (straight or crossover) between the network card and a repeater or switch. However, if you want to connect two computers directly (without an intermediary switch or repeater), you must route the signal sent by one card to the receiving side of the other card, and vice-versa. This is the purpose of a crossover cable, and the reason it is used.
Note that this distinction has become almost irrelevant over time, as modern network cards are able do detect the type of cable present and adapt accordingly, so it won't be unusual that both kinds of cable will work in a given location.
Most “ADSL routers” on the market can be used like this, as do most of the ADSL modems provided by Internet services providers.
8.2.4. Automatic Network Configuration for Roaming Users
Many Falcot engineers have a laptop computer that, for professional purposes, they also use at home. The network configuration to use differs according to location. At home, it may be a wifi network (protected by a WPA key), while the workplace uses a wired network for greater security and more bandwidth.
To avoid having to manually connect or disconnect the corresponding network interfaces,
administrators installed the network-manager package on these roaming machines. This software enables a user to easily switch from one network to another using a small icon displayed in the notification area of their graphical desktop. Clicking on this icon displays a list of available networks (both wired and wireless), so they can simply choose the network they wish to use.
The program saves the configuration for the networks to which the user has already connected,
and automatically switches to the best available network when the current connection drops.

In order to do this, the program is structured in two parts: a daemon running as root handles activation and configuration of network interfaces and a user interface controls this daemon.
PolicyKit handles the required authorizations to control this program and Debian configured
PolicyKit in such a way so that members of the netdev group can add or change Network
Manager connections.
Network Manager knows how to handle various types of connections (DHCP, manual configuration, local network), but only if the configuration is set with the program itself. This is why it will systematically ignore all network interfaces in
/etc/network/interfaces for which it is not suited. Since Network Manager doesn't give details when no network connections are shown, the easy way is to delete from
/etc/network/interfaces any configuration for all interfaces that must be managed by Network Manager.
Note that this program is installed by default when the “Desktop Environment” task is chosen during initial installation.

Каталог: wp-content -> uploads -> 2016
2016 -> Государственное областное бюджетное
2016 -> В. П. Зинченко писал о том, что если человек в детстве не дополучил некую норму участия в игровом времяпрепровождении, он приобретает социально-психологическую ущербность вроде «игровой дистрофии», которую в последу
2016 -> Общешкольное родительское собрание «Об ответственности родителей за воспитание детей»
2016 -> 1 июня 2016 года Международный день защиты детей 1 июня
2016 -> «Формирование социально-нравственной позиции дошкольников посредством введения сказочных сюжетов в компьютерные дидактические игры»
2016 -> Принята Утверждена
2016 -> Конкурс по разработке компьютерных игр патриотической направленности «патриот by»

Поделитесь с Вашими друзьями:
1   ...   8   9   10   11   12   13   14   15   ...   32

База данных защищена авторским правом ©nethash.ru 2019
обратиться к администрации

войти | регистрация
    Главная страница

загрузить материал