Documentation/crux-wiki/Handbook3-7-Configuration

313 lines
12 KiB
Plaintext

! Configuration
!! Initialization Scripts
!!! Runlevels
The following runlevels are used in CRUX (defined in %fn%/etc/inittab%%).
||cellpadding="3" rules="all" frame="box"
||! Runlevel ||! Description
||0 ||Halt
||1 (S) ||Single-user Mode
||2 ||Multi-user Mode
||3-5 ||(Not used)
||6 ||Reboot
!!! Layout
The initialization scripts used in CRUX follow the BSD-style (as opposed to the
SysV-style) and have the following layout.
||cellpadding="3" rules="all" frame="box"
||! File ||! Description
||%fn%/etc/rc%% ||System boot script
||%fn%/etc/rc.single%% ||Single-user startup script
||%fn%/etc/rc.modules%% ||Module initialization script
||%fn%/etc/rc.multi%% ||Multi-user startup script
||%fn%/etc/rc.local%% ||Local multi-user startup script (empty by default)
||%fn%/etc/rc.shutdown%% ||System shutdown script
||%fn%/etc/rc.conf%% ||System configuration
||%fn%/etc/rc.d/%% ||Service start/stop script directory
Modify %fn%/etc/rc.modules%%, %fn%/etc/rc.local%% and %fn%/etc/rc.conf%%
according to your needs.
!!! [[#ConfigurationVariables]] Configuration Variables in /etc/rc.conf
The following configuration variables are found in %fn%/etc/rc.conf%%.
(:table cellpadding="3" rules="all" frame="box":)
(:cell align=center:)'''Variable'''
(:cell align=center:)'''Description'''
(:cellnr valign=center:)FONT
(:cell:)
Specifies which console font to load at system startup. The contents of this
variable will be passed as argument to '''setfont(1)'''. The available fonts are
located in %fn%/usr/share/kbd/consolefonts/%%.
[-Example:-] @@FONT=default@@
(:cellnr valign=center:)KEYMAP
(:cell:)
Specifies which console keyboard map to load at system startup. The contents of
this variable will be passed as argument to '''loadkeys(1)'''. The available
keyboard maps are located in %fn%/usr/share/kbd/keymaps/%%.
[-Example:-] @@KEYMAP=sv-latin1@@
(:cellnr valign=center:)TIMEZONE
(:cell:)
Specifies the timezone used by the system. The available zone description files
are located in %fn%/usr/share/zoneinfo/%%.
[-Example:-] @@TIMEZONE=Europe/Stockholm@@
(:cellnr valign=center:)HOSTNAME
(:cell:)
Specifies the hostname.
[-Example:-] @@HOSTNAME=pluto@@
(:cellnr valign=center:)SYSLOG
(:cell:)
Specifies the system logging daemon(s) to run at startup.
[-Example:-] @@SYSLOG=sysklogd@@
(:cellnr valign=center:)SERVICES
(:cell:)
Specifies which services to start at system startup. The services specified in
this array must have a matching start/stop script in %fn%/etc/rc.d/%%. When
entering multi-user mode the specified scripts will be called in the specified
order with the argument '''start'''. At system shutdown or when entering
single-user mode these scripts will be called in the reverse order with the
argument '''stop'''.
[-Example:-] @@SERVICES=(crond lo net sshd)@@
(:tableend:)
!!! [[#LocaleGeneration]] Generating locales
Starting with CRUX 2.5, glibc does not contain all possible locales anymore,
thus you'll have to generate the locales you need/use. To ensure proper
operation of '''pkgmk''', the locale C.UTF-8 is generated as part of the CRUX
installation. Any other desired locales must be created by the administrator. A
typical setup for swedish users would use the following commands, so replace
@@sv_SE*@@ with the locale you want:
# localedef -i sv_SE -f ISO-8859-1 sv_SE
# localedef -i sv_SE -f ISO-8859-1 sv_SE.ISO-8859-1
# localedef -i sv_SE -f UTF-8 sv_SE.UTF-8
!!! Network Configuration
The network configuration is found in the service script %fn%/etc/rc.d/net%%. To
enable this service you need to add net to the SERVICES array in
%fn%/etc/rc.conf%%. By default this service script configures a dynamic IP
address. Example:
[@
#!/bin/sh
#
# /etc/rc.d/net: start/stop network interface
#
# Connection type: "DHCP" or "static"
TYPE="DHCP"
# For "static" connections, specify your settings here:
# To see your available devices run "ip link".
DEV=enp11s0
ADDR=192.168.1.100
MASK=24
GW=192.168.1.1
# Optional settings:
DHCPOPTS="-h `/bin/hostname` -t 10"
case $1 in
start)
if [ "${TYPE}" = "DHCP" ]; then
/sbin/dhcpcd ${DHCPOPTS}
else
/sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
/sbin/ip link set ${DEV} up
/sbin/ip route add default via ${GW}
fi
;;
stop)
if [ "${TYPE}" = "DHCP" ]; then
/sbin/dhcpcd -x
else
/sbin/ip route del default
/sbin/ip link set ${DEV} down
/sbin/ip addr del ${ADDR}/${MASK} dev ${DEV}
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 [start|stop|restart]"
;;
esac
# End of file
@]
If you want to configure your system to use a static IP address, specify
TYPE=static and the correct interface. You will also need to configure DNS
settings in /etc/resolv.conf. Example:
[@
#!/bin/sh
#
# /etc/rc.d/net: start/stop network interface
#
# Connection type: "DHCP" or "static"
TYPE="static"
# For "static" connections, specify your settings here:
# To see your available devices run "ip link".
DEV=enp11s0
ADDR=192.168.1.100
MASK=24
GW=192.168.1.1
# Optional settings:
DHCPOPTS="-h `/bin/hostname` -t 10"
case $1 in
start)
if [ "${TYPE}" == "DHCP" ]; then
/sbin/dhcpcd ${DHCPOPTS}
else
/sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
/sbin/ip link set ${DEV} up
/sbin/ip route add default via ${GW}
fi
;;
stop)
if [ "${TYPE}" == "DHCP" ]; then
/sbin/dhcpcd -x
else
/sbin/ip route del default
/sbin/ip link set ${DEV} down
/sbin/ip addr del ${ADDR}/${MASK} dev ${DEV}
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 [start|stop|restart]"
;;
esac
# End of file
@]
[@
#
# /etc/resolv.conf: resolver configuration file
#
search your internal domain>
nameserver your DNS server>
# End of file
@]
To associate with a WPA2-protected wireless network, you should first create a
configuration file for %fn%wpa_supplicant%% to use, then launch wpa_supplicant
on that interface.
$ wpa_passphrase MYNETWORK MYPASS > /etc/wpa_supplicant-wlan0.conf
$ wpa_supplicant -i wlan0 -c /etc/wpa_supplicant-wlan0.conf
-> Replace '''MYNETWORK''' with the ssid of your network, '''MYPASS''' with its
passphrase, and '''wlan0''' with the name of your actual network interface. Run
@@ip link@@ to see the list of all available interfaces.
If the %fn%wpa_supplicant%% output indicates a successful authentication, you
can background the process and run @@dhcpcd wlan0@@ to request an address from
the DHCP server.
The '''wpa_supplicant''' package provides two startup scripts in
%fn%/etc/rc.d%%. You might choose to put '''wlan''' in the SERVICES array of
%fn%/etc/rc.conf%% (replacing '''net'''), which will let '''wpa_supplicant'''
manage all your network interfaces. Another option is to let the '''net'''
startup script call '''wpa_supplicant''' as needed, by copying into
%fn%/lib/dhcpcd/dhcpcd-hooks/%% the example file
%fn%/usr/share/dhcpcd/hooks/10-wpa_supplicant%%.
!! Passwords and User Environment
CRUX uses SHA512 passwords by default. To change the password encryption method
set the ENCRYPT_METHOD variable in %fn%/etc/login.defs%% to DES, MD5 or SHA256.
Furthermore, when compiling programs that use the @@crypt(3)@@ function to
authenticate users you should make sure that these programs are linked against
the %fn%libcrypt%% library (i.e. use '''-lcrypt''' when linking) which contains
the SHA512 version of the crypt function (this version is backwards compatible
and understands DES passwords as well).
Also configurable in %fn%/etc/login.defs%% are the settings that govern how
@@useradd(8)@@ behaves when you create a new non-root user, such as CREATE_HOME
and USERGROUPS_ENAB. First-time CRUX administrators might be surprised to learn
that creating a new user via @@useradd -m@@ will not automatically populate
the home directory with a basic shell startup file, as happens on other Linux
distributions whose %fn%/etc/skel/%% contains their idea of an initial home
directory.
A new default in CRUX 3.7 is that the value of PATH, for shells that rely on
%fn%/etc/profile%% to set this variable, will be the same regardless of UID.
This change allows non-root users easy access to any administrative command
without having to type its full path (provided they use '''bash''' as their
shell and are given the appropriate '''doas/sudo''' permissions). Users are
always free to choose a different shell and manage PATH themselves, but the
default behaviour is now less likely to cause confusion.
The core packages '''linux-pam''' and '''dumb_runtime_dir''', and the contrib
package '''pam_xdg''', provide a variety of modules that can be loaded upon
logging in. The files in %fn%/etc/pam.d%% govern the association between
the type of login (eg., tty, SSH, su, X Display Manager) and the modules that
get loaded (eg., pam_env, pam_exec, pam_limits). Some typical situations that
can be handled cleanly with PAM modules are listed in the table below.
||cellpadding="3" rules="all" frame="box"
||! file in /etc/pam.d ||! Typical usage
||%fn%pam_dumb_runtime_dir.so%% || create an XDG_RUNTIME_DIR for applications that conform to the freedesktop.org specification
||%fn%pam_env.so%% || export some common environment variables, no matter what login shell the user has chosen
||%fn%pam_xdg.so%% || export the XDG environment variables defined in the freedesktop.org specification
||%fn%pam_limits.so%% || increase the allowed number of opened files, to ensure proper operation of some games
||%fn%pam_xauth.so%% || grant another user access to the X display of the logged-in user, so that programs invoked with ''su'' can work properly
||%fn%pam_mount.so%% || automatically mount a LUKS-encrypted home partition after successful authentication
->%lfloat% http://crux.nu/doc/images/note.png
'''Note'''[[]]
-> The existence of a writable XDG_RUNTIME_DIR is required for proper operation of
many desktop applications. A ''clean'' CRUX 3.7 installation will place a line
in %fn%/etc/pam.d/common-session%% that loads the module fn%pam_dumb_runtime_dir.so%%
to satisfy this requirement. An ''upgrade'' to CRUX 3.7 might not do so,
depending on your UPGRADE directives in %%fn%/etc/pkgadd.conf%%. But any
configuration that allows desktop applications to run smoothly on CRUX 3.6 will
probably continue working after an upgrade to 3.7.
-> While '''pam_dumb_runtime_dir''' has a simple design and restricts itself to
the creation of the runtime dir, the 'contrib' collection offers an alternative,
'''pam_xdg''', which exports all the environment variables defined in the
freedesktop.org specification. You should choose ONE of these two options and
edit %fn%/etc/pam.d/common-session%% accordingly.
If you find yourself in one of the other situations in the table above, read the man
page for the corresponding PAM module to learn how to accomplish the desired
configuration.
!! Upgrading the Kernel
The kernel source, which is found in %fn%/usr/src/linux-5.15.x/%% is not
installed using '''pkgadd'''. If you decide to upgrade your kernel you can
safely do so by manually replacing the kernel source with a newer version (or
unpack the newer source tree somewhere else). This will not make the package
database inconsistent (since it's not installed with '''pkgadd''') nor will it
affect the kernel headers found in %fn%/usr/include/linux%% and
%fn%/usr/include/asm%% since these are not symlinks to the kernel source, but
instead contain copies of the headers.