BasicSystemConfiguration

From HerzbubeWiki

Contents 1 tasksel 2 base-config 3 Locales 4 Keyboard configuration 5 /etc/motd 6 Time zone 7 Shell environment 7.1 /etc/profile.d 7.2 /etc/bash.bashrc 7.3 Automatically display compressed files with less 7.4 Automatically display compressed files with vi 8 User/group management 8.1 Add/remove users and groups 8.2 Disable an account 9 Log file rotation 10 Manage SysV services 11 Partitioning and file system management 11.1 Partitioning and formatting 11.2 File system management 11.3 File system layout 12 cron 13 Init scripts

tasksel

Debian package: tasksel

Let's the user choose from a task-oriented list what she wants to do with the system (examples: "desktop environment", "web server", "mail server", etc.). Each entry in the list corresponds to an entire collection of Debian packages that is installed when the user selects that entry.

It is probably not a very good idea to run tasksel after the system has been customized to some extent.

base-config

Debian package: base-config

From the man page:

base-config is the program that was run when you first rebooted into your newly installed debian system. It walks you through setting up the system and down-loading additional software, and so forth. The program can be run at any later date to walk you through essentially the same process again.

Locales

Having the proper locales is very important for working on the command line. An UTF-8 locale is especially important so that umlaut ("ä") and other non-ASCII characters are handled properly. Entering an umlaut without a locale simply does not work!

The locales present on a system also determine which languages are supported in gettext-based PHP applications. For instance, Gallery requires that one of the various "de_DE" locales is installed before the German language can be used in the web interface.

The package

locales

is responsible for managing locales. Add/remove locales and define a default locale using the following command:

dpkg-reconfigure locales

To see which locales currently are present on the system:

locale -a

Currently installed on my system are:

• en_US.UTF-8 (the default)
• de_DE.UTF-8 (for PHP applications such as Gallery)
• de_CH.UTF-8 (to complement de_DE, just in case I need my real locale)

Setting a default locale causes the environment variable LANG to be set to that locale upon login. The default locale is written to

/etc/default/locale

In a quick test I tried to manually change this file. This seemed to work: When I did my next login, the LANG envvar was properly set to the new value. However, I would still recommend setting the default locale by running dpkg-reconfigure - I simply don't know enough about the system,

Keyboard configuration

Use loadkeys to load the kernel keymap for the console. Available keymaps can be found in /usr/share/keymaps.

At boot-time the script /etc/init.d/keymap.sh loads the keymap file /etc/console/boottime.kmap.gz.

In theory it should be possible to change this setting by issuing the command dpkg-reconfigure console-common and answering the subsequent debconf questions. On my machine, though, nothing changes, so I have to manually copy the keymap to /etc/console.

Note: It is possible that the boot-time keymap file includes another file that is not yet available when booting reaches the keymap-loading stage, because the /usr filesystem has not yet been mounted. A solution for this is to create a specific keymap loader script in /etc/init.d that will be executed at a later time when /usr has become mounted.

/etc/motd

Basically the content of /etc/motd is printed to the console after a user logs in. In earlier versions of Debian one could simply edit the file and that was it. Somewhere in between Sid and Etch this changed. Nowadays you have to edit /etc/motd.tail. The reason is that /etc/motd is now a temporary file:

pelargir:/etc# l motd
lrwxrwxrwx 1 root root 13 2007-03-15 13:12 motd -> /var/run/motd

On reboot, the script /etc/init.d/booglogs does the following:

uname -snrvm > /var/run/motd
[ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd

Time zone

Change the system's time zone with this command

tzselect

(the old command tzconfig seems to have disappeared sometime in the past).

Time zone data is maintained in the Debian package tzdata. An alternative way to change the system's time zone is

dpkg-reconfigure tzdata

Data for the currently selected timezone is stored in the file

/etc/localtime

(the old file /etc/timezone seems to have disappeared sometime in the past).

Shell environment

/etc/profile.d

Files present in the folder

/etc/profile.d

are sourced by the system-wide /etc/profile. This happens for all users when they log in.

/etc/bash.bashrc

This file is sourced by /etc/profile when the user logs in. It is also read by each new invocation of bash, as long as the new sub-shell is interactive (i.e. the file is not read when a script is run).

Currently I have added the following stuff:

# ------------------------------------------------------------
# BEGIN pelargir
# ------------------------------------------------------------
if [ -x /usr/bin/dircolors ]; then
  test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
  alias ls='ls --color=auto'
fi
alias l="ls -la"
# ------------------------------------------------------------
# END pelargir
# ------------------------------------------------------------

Automatically display compressed files with less

The Debian package less provides two useful shell scripts /usr/bin/lesspipe (this is the one I prefer) and /usr/bin/lessfile. As advised in /usr/share/doc/less/LESSOPEN:

You just need to put the following in your .zlogin/.login/.bash_profile/whatever:

eval $(lesspipe)
 or
eval $(lessfile)

and from now on you can directly open any compressed text file with less as if the program itself were able to read the compressed file. For instance:

less /usr/share/doc/less/changelog.Debian.gz

Note: I put the "eval" above command into

/etc/profile.d/pelargir_lesspipe.sh

Automatically display compressed files with vi

See VimStuff.

User/group management

Add/remove users and groups

The following are low-level tools to manage users and groups. They are present on any Linux system.

useradd
userdel
usermod
groupadd
groupdel
groupmod

The following are Debian specific front-ends to the above low-level tools. They should be used on Debian systems because they conform to Debian policies.

adduser
deluser
addgroup
delgroup

Note: Both the low-level tools and their Debian specific front ends manipulate system files (/etc/passwd, /etc/group, /etc/shadow). If the user database is located in an LDAP directory, they cannot be used anymore.

Disable an account

To disable an account so that the user can no longer log in:

passwd -l

This changes the password hash in /etc/shadow to a value that is not possible to generate by entering any password. In other words, the account still exists and the user can try to log in, but she will never succeed.

Log file rotation

Log file rotation is done by the Debian package

logrotate

The package's configuration file is /etc/logrotate.conf, which in turn includes all the package specific files located in

/etc/logrotate.d

The configuration file format is explained in

man logrotate

logrotate is usually executed periodically by cron (by default it is part of /etc/cron.daily), although it can be manually called like this

logrotate /etc/logrotate.conf

Possible options are:

• -f: force log rotation even if logrotate doesn't think it needs to actually rotate a file
• -d: print debug output to stderr

logrotate stores its current state in

/var/lib/logrotate

I store my server specific stuff in /etc/logrotate.d/pelargir:

/var/backups/mysql/all-databases.sql
/var/backups/postgresql/all-databases.sql
/var/backups/ldap/database-1.ldif
/var/backups/git/*.tar
/var/backups/etc/etc.tar
/var/backups/usr.local/usr.local.tar {
   daily
   missingok
   rotate 60
   compress
   nocreate
}

/var/backups/var.lib/*.tar
/var/backups/var.samba/*.tar
/var/backups/var.www/*.tar {
   daily
   missingok
   rotate 30
   compress
   nocreate
}

/var/backups/home/home.tar {
   weekly
   missingok
   rotate 3
   compress
   nocreate
}

/var/backups/boot/boot.tar {
   monthly
   missingok
   rotate 24
   compress
   nocreate
}

/var/log/apache2/herzbube.ch/*.log
/var/log/apache2/moser-naef.ch/*.log
/var/log/apache2/francescamoser.ch/*.log
/var/log/apache2/pelargir/*.log
/var/log/apache2/unknown/*.log
/var/log/apache2/grunzwanzling.ch/*.log
/var/log/apache2/cal.herzbube.ch/*.log {
   weekly
   missingok
   rotate 52
   compress
   delaycompress
   notifempty
   create 640 root adm
   sharedscripts
   postrotate
      if [ -f /var/run/apache2.pid ]; then
         /etc/init.d/apache2 restart > /dev/null
      fi
   endscript
}

/var/log/remote/*.log {
  size 1000k
  missingok
  rotate 10
  compress
  nocreate
  postrotate
    invoke-rc.d rsyslog rotate > /dev/null
  endscript
}

/var/log/named/*.log
/var/log/dhcpd/*.log
/var/log/slapd/*.log
/var/log/imapd/*.log
/var/log/spamd/*.log
/var/log/collectd/*.log {
  size 1000k
  missingok
  rotate 10
  compress
  nocreate
  postrotate
    invoke-rc.d rsyslog rotate > /dev/null
  endscript
}

Manage SysV services

An interactive front-end to enable/disable SysV services on the terminal is

sysv-rc-conf

A command line utility to do the same, but with more control over when exactly a service is started or stopped (i.e. the sequence number can be specified):

update-rc.d

The latter is especially useful if the rc script contains an LSB-style header. In this case, it should be sufficient to say

update-rc.d <myservice> defaults

Partitioning and file system management

Partitioning and formatting

Interactively create/modify partitions:

fdisk /dev/hda

Important: Specify the device that represents the entire hard disk drive.

Once partitions have been created, they need to be formatted. The following example formats the first partition on /dev/hda using the ext3 file system:

mke2fs -j /dev/hda1

File system management

Parameters of an existing ext[234] file system can be changed. The file system must be unmounted for this to work. Use the following command:

tune2fs

For instance, to optimize lookups in large directories with many files:

tune2fs -O dir_index /dev/hda7
e2fsck -D /dev/hda7

(the second command changes existing directories to use the hashed b-tree that were enabled by tune2fs)

File system layout

Mount point	Size	In use	Remark
/	2 GB	250 MB	The current size seems to be grossly oversized, but on the other hand we really want to be on the safe side.
/tmp	4 GB	150 MB	Exists so that an out-of-control program does not crash the system by filling up the root file system.
/usr	20 GB	2.7 GB	Contains the main system installation, including /usr/local. Very stable, not much fluctuation.
/home	20 GB	1.4 GB	Contains the user home directories (excluding the directory of the super user). At the moment does not contain much data except mail.
/var	20 GB	2.5 GB	Contains data and all kinds of stuff that is variable and volatile. Things that use up a lot of space have been "outsourced" to their own file systems.
/var/backups	100 GB	194 MB	Has been separated from /var so that a rampaging backup script does not crash the system by filling up /var.
/var/cache	50 GB	14 GB	Mainly exists as a separate file system because BitTorrent files require a lot of space.
/var/samba/daten	100 GB	7.0 GB	File server #1, contains files that are not media.
/var/samba/media	450 GB	377 GB	File server #2, contains media files that require a lot of space (e.g. music, images, movies).
swap	4 GB	-	Ditched the old rule "swap = double the RAM size" - same as RAM size should be sufficient.

cron

The Debian package for running the cron service is, unsurprisingly,

cron

The cron daemon looks for things to execute in the following places

/var/spool/cron/crontabs 

The traditional user-based crontab files which can be managed using the crontab command line utility

/etc/crontab 

A single file that lists commands to execute by user. The format of the file is similar to the traditional crontab format, with the addition of a "user" field that indicates the username that each command should be executed as. The cron daemon monitors /etc/crontab for changes.

/etc/cron.d 

An entire directory that may contain many files, in the same format as /etc/crontab. The cron daemon monitors /etc/cron.d for changes. The man page discourages using this directory.

It gets interesting if we look at the default content of /etc/crontab:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user	command
17 *	* * *	root    cd / && run-parts --report /etc/cron.hourly
25 6	* * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6	* * 7	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6	1 * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )

This illustrates that there are a number of directories where we can drop scripts that are then run at specific times, either hourly, daily, weekly or monthly.

Init scripts

An init script is a script that should be executed during system boot, or when a switch to a different run level occurs. Init scripts must be placed into the folder

/etc/init.d

The classic way to enable an init script is to create a symlink in one of the runlevel specific folders (e.g. /etc/rc2.d). The number used in the symlink name determined the order in which scripts where executed. Debian used to create these symlinks with the command update-rc.d, however since Debian Squeeze the new command to enable a script is

insserv foobar

insserv parses the LSB headers of an init script and then calculates the proper start sequence by resolving the dependency list found in all init scripts. The symlinks in the runlevel specific folders are then (re)created as necessary. For this to work, init scripts must be LSB compliant and contain LSB headers so that they can specify their dependencies.

For details see

• This status page with details about the initiative to migrate Debian to dependency-based booting
• How to LSBize an Init Script
• /etc/init.d/skeleton which might serve as a template for a completely new init script (the template contains useful Debian-specific stuff for starting/stopping a daemon process)

This is how the LSB header of my script /etc/init.d/pelargir looks like:

#! /bin/bash

### BEGIN INIT INFO
# Provides:          pelargir
# Required-Start:    $network
# Required-Stop:     $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Host specific small stuff
# Description:       Currently this script only manages a few (important!)
#                    iptables rules.
### END INIT INFO

# Notes
# - See http://wiki.debian.org/LSBInitScripts for a primer on LSB compliance
# - "Provides" is set to the script name, as recommended in the primer
# - Currently this script only manages iptables rules, and iptables is in /sbin,
#   so there is no need to depend on either $local_fs or $remote_fs

[...]