09_unix-services.po

#
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
"Project-Id-Version: 0\n"
"POT-Creation-Date: 2013-12-30 17:37+0100\n"
"PO-Revision-Date: 2015-02-21 22:40+0100\n"
"Last-Translator: Anna Fałek <annldz@onet.eu>\n"
"Language-Team: \n"
"Language: pl_PL\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.7.4\n"

#. Tag: keyword
#, no-c-format
msgid "System boot"
msgstr "Bootowanie systemu"

#. Tag: keyword
#, no-c-format
msgid "Initscripts"
msgstr "Initscripts"

#. Tag: keyword
#, no-c-format
msgid "SSH"
msgstr "SSH"

#. Tag: keyword
#, no-c-format
msgid "Telnet"
msgstr "Telnet"

#. Tag: keyword
#, no-c-format
msgid "Rights"
msgstr "Prawa"

#. Tag: keyword
#, no-c-format
msgid "Permissions"
msgstr "Uprawnienia"

#. Tag: keyword
#, no-c-format
msgid "Supervision"
msgstr "Nadzór"

#. Tag: keyword
#, no-c-format
msgid "Inetd"
msgstr "Inetd"

#. Tag: keyword
#, no-c-format
msgid "Cron"
msgstr "Cron"

#. Tag: keyword
#, no-c-format
msgid "Backup"
msgstr "Kopia bezpieczeństwa"

#. Tag: keyword
#, no-c-format
msgid "Hotplug"
msgstr "Hotplug"

#. Tag: keyword
#, no-c-format
msgid "PCMCIA"
msgstr "PCMCIA"

#. Tag: keyword
#, no-c-format
msgid "APM"
msgstr "APM"

#. Tag: keyword
#, no-c-format
msgid "ACPI"
msgstr "ACPI"

#. Tag: title
#, no-c-format
msgid "Unix Services"
msgstr "Usługi Uniksa"

#. Tag: para
#, no-c-format
msgid "This chapter covers a number of basic services that are common to many Unix systems. All administrators should be familiar with them."
msgstr "Ten rozdział opisuje kilka podstawowych usług, które są dostępne w wielu systemach Unix. Wszyscy administratorzy powinni je znać."

#. Tag: title
#, no-c-format
msgid "System Boot"
msgstr "Bootowanie systemu"

#. Tag: indexterm
#, no-c-format
msgid "<primary>booting</primary><secondary>the system</secondary>"
msgstr "<primary>bootowanie</primary><secondary>systemu</secondary>"

#. Tag: para
#, no-c-format
msgid "When you boot the computer, the many messages scrolling by on the console display many automatic initializations and configurations that are being executed. Sometimes you may wish to slightly alter how this stage works, which means that you need to understand it well. That is the purpose of this section."
msgstr "Kiedy bootujesz komputer, masa wiadomości przewijających się przez konsole ukazuje wykonywane automatyczne inicjalizacje i konfiguracje. Czasami chcesz nieco wpłynąć na działanie tego etapu, co oznacza, ze musisz go dobrze zrozumieć. To jest właśnie celem tej części książki."

#. Tag: para
#, no-c-format
msgid "First, the BIOS takes control of the computer, detects the disks, loads the <emphasis>Master Boot Record</emphasis>, and executes the bootloader. The bootloader takes over, finds the kernel on the disk, loads and executes it. The kernel is then initialized, and starts to search for and mount the partition containing the root filesystem, and finally executes the first program — <command>init</command>. Frequently, this “root partition” and this <command>init</command> are, in fact, located in a virtual filesystem that only exists in RAM (hence its name, “initramfs”, formerly called “initrd” for “initialization RAM disk”). This filesystem is loaded in memory by the bootloader, often from a file on a hard drive or from the network. It contains the bare minimum required by the kernel to load the “true” root filesystem: this may be driver modules for the hard drive, or other devices without which the system can not boot, or, more frequently, initialization scripts and modules for assembling RAID arrays, opening encrypted partitions, activating LVM volumes, etc. Once the root partition is mounted, the initramfs hands over control to the real init, and the machine goes back to the standard boot process."
msgstr "Po pierwsze, BIOS kontroluje komputer, wykrywa dyski, ładuje <emphasis>główny sektor rozruchowy</emphasis> i uruchamia bootloader. Bootloader przejmuje kontrole, znajduje jądro systemu na dysku, ładuje i uruchamia je. Jądro systemu jest następnie inicjalizowane i rozpoczyna poszukiwanie i montowanie partycji zawierającej główny system plików i w końcu uruchamia pierwszy program-<command>init</command>. Często, ta główna partycja i <command>init</command> są, tak naprawdę, ulokowane w wirtualnym systemie plików, który istnieje tylko w pamięci RAM(stąd jego nazwa,“initramfs”, dawniej zwany “initrd” lub \"inicjalizacja dysku RAM\").Ten system plików jest ładowany do pamięci przez bootloader, często z pliku na dysku twardym lub z sieci. Zawiera absolutne minimum wymagane przez jądro systemu do wczytania \"prawdziwego\" głównego systemu plików: mogą to być moduły sterowników dla dysku twardego lub inne programy, bez których system nie może się zbootować albo jeszcze częściej skrypty inicjalizacyjne  i moduły do kompletacji RAID, tworzenia zaszyfrowanych partycji, aktywacji LVM itd. Kiedy główna partycja jest już zamontowana, initramfs oddaje kontrolę rzeczywistemu initowi i maszyna wraca do standardowego procesu bootwania. "

#. Tag: para
#, no-c-format
msgid "The “real init” is currently provided by <emphasis role=\"pkg\">sysv-rc</emphasis> (“System V”) and this section documents this init system."
msgstr "\"Rzeczywisty init \" jest obecnie dostarczany przez <emphasis role=\"pkg\">sysv-rc</emphasis> (“System V”) i ten fragment stanowi jego dokumentację."

#. Tag: title
#, no-c-format
msgid "<emphasis>SPECIFIC CASE</emphasis> Booting from the network"
msgstr "<emphasis>SPECYFICZNY PRZYPADEK</emphasis> Bootowanie z sieci"

#. Tag: para
#, no-c-format
msgid "In some configurations, the BIOS may be configured not to execute the MBR, but to seek its equivalent on the network, making it possible to build computers without a hard drive, or which are completely reinstalled on each boot. This option is not available on all hardware and it generally requires an appropriate combination of BIOS and network card."
msgstr "W niektórych konfiguracjach, BIOS może być ustawiony tak, aby nie uruchamiać głównego sektora rozruchowego, ale szukać jego równoważności w sieci, stwarzając możliwość działania komputerów bez dysków twardych, albo takie, które będą całkowicie reinstalowane po każdej inicjalizacji systemu."

#. Tag: para
#, no-c-format
msgid "Booting from the network can be used to launch the <command>debian-installer</command> or FAI (see <xref linkend=\"sect.installation-methods\" />)."
msgstr "Bootowanie z sieci może być używane do uruchomienia <command>debian-installer</command> lub FAI (zobacz <xref linkend=\"sect.installation-methods\" />)."

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> The process, a program instance"
msgstr "<emphasis>POWRÓT DO PODSTAW</emphasis> Proces, instancja programu"

#. Tag: indexterm
#, no-c-format
msgid "<primary>process</primary>"
msgstr "<primary>proces</primary>"

#. Tag: para
#, no-c-format
msgid "A process is the representation in memory of a running program. It includes all of the information necessary for the proper execution of the software (the code itself, but also the data that it has in memory, the list of files that it has opened, the network connections it has established, etc.). A single program may be instantiated into several processes, not necessarily running under different user IDs."
msgstr "Proces jest reprezentacją uruchomionego programu w pamięci komputera. Zawiera wszystkie informacje niezbędne do poprawnego uruchomienia oprogramowania(kod sam w sobie, ale także dane, które ma w pamięci, listę otwartych plików, ustanowionych połączeń w sieci itd.). Pojedynczy program może zapoczątkować kilka procesów, niekoniecznie uruchamianych po różnymi identyfikatorami użytkowników."

#. Tag: para
#, no-c-format
msgid "Init executes several processes, following instructions from the <filename>/etc/inittab</filename> file. The first program that is executed (which corresponds to the <emphasis>sysinit</emphasis> step) is <command>/etc/init.d/rcS</command>, a script that executes all of the programs in the <filename>/etc/rcS.d/</filename> directory. <indexterm><primary><filename>/etc/init.d/rcS</filename></primary></indexterm> <indexterm><primary><filename>rcS</filename></primary></indexterm> <indexterm><primary><filename>/etc/init.d/rcS.d/</filename></primary></indexterm> <indexterm><primary><filename>rcS.d</filename></primary></indexterm>"
msgstr "Init uruchamia kilka procesów, następujące polecenia z pliku <filename>/etc/inittab</filename>. Pierwszy uruchamiany program(który nawiązuje do kroku <emphasis>sysinit</emphasis> ) jest to  <command>/etc/init.d/rcS</command>, skrypt, który uruchamia wszystkie programy w <filename>/etc/rcS.d/</filename>. <indexterm><primary><filename>/etc/init.d/rcS</filename></primary></indexterm> <indexterm><primary><filename>rcS</filename></primary></indexterm> <indexterm><primary><filename>/etc/init.d/rcS.d/</filename></primary></indexterm> <indexterm><primary><filename>rcS.d</filename></primary></indexterm>"

#. Tag: para
#, no-c-format
msgid "Among these, you will find successively programs in charge of:"
msgstr "Wśród nich możesz znaleźć kolejno programy odpowiedzialne za:  "

#. Tag: para
#, no-c-format
msgid "configuring the console's keyboard;"
msgstr "konfigurowanie klawiatury konsoli; "

#. Tag: para
#, no-c-format
msgid "loading drivers: most of the kernel modules are loaded by the kernel itself as the hardware is detected; extra drivers are then loaded automatically when the corresponding modules are listed in <filename>/etc/modules</filename>;"
msgstr "wczytywanie sterowników: większość modułów jądra systemu jest wyczytywana przez nie samodzielnie jak przy wykryciu dysku twardego; następnie automatycznie wczytywane są dodatkowe sterowniki, a lista nawiązujących modułów tworzona jest w <filename>/etc/modules</filename>; "

#. Tag: para
#, no-c-format
msgid "checking the integrity of filesystems;"
msgstr "sprawdzanie integralności systemu plików;"

#. Tag: para
#, no-c-format
msgid "mounting local partitions;"
msgstr "montowanie lokalnych partycji;"

#. Tag: para
#, no-c-format
msgid "configuring the network;"
msgstr "konfigurowanie sieci;"

#. Tag: para
#, no-c-format
msgid "mounting network filesystems (NFS)."
msgstr "montowanie sieciowego systemu plików(NFS)."

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> Using a shell as <command>init</command> to gain root rights"
msgstr "<emphasis>BEZPIECZEŃSTWO</emphasis> Używanie powłoki jako <command>init</command>aby zyskać prawa roota"

#. Tag: para
#, no-c-format
msgid "By convention, the first process that is booted is the <command>init</command> program. However, it is possible to pass an <literal>init</literal> option to the kernel indicating a different program."
msgstr "Umownie, pierwszy proces, który jest bootowany to program <command>init</command>. Jednakże, możliwe jest pominąć opcję  <literal>init</literal> w jądrze systemu, wskazując inny program."

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>init</command></primary>"
msgstr "<primary><command>init</command></primary>"

#. Tag: para
#, no-c-format
msgid "Any person who is able to access the computer can press the <keycap>Reset</keycap> button, and thus reboot it. Then, at the bootloader's prompt, it is possible to pass the <literal>init=/bin/sh</literal> option to the kernel to gain root access without knowing the administrator's password."
msgstr "Każdy człowiek, który ma bezpośredni dostęp do komputera może wcisnąć klawisz <keycap>Reset</keycap> i spowodować ponowny rozruch systemu. Następnie przy zgłoszeniu się bootloadera, możliwe jest pominięcie opcji  <literal>init=/bin/sh</literal>w jądrze systemu, aby zdobyć dostęp do roota bez znajomości hasła administratora systemu."

#. Tag: para
#, no-c-format
msgid "To prevent this, you can protect the bootloader itself with a password. You might also think about protecting access to the BIOS (a password protection mechanism is almost always available), without which a malicious intruder could still boot the machine on a removable media containing its own Linux system, which they could then use to access data on the computer's hard drives."
msgstr "Aby temu zapobiec, możesz zabezpieczyć sam bootloader hasłem. Możesz także pomyśleć by zabezpieczyć BIOS(prawie zawsze istnieje możliwość utworzenia hasła), bez którego złośliwy intruz może nadal zbootować system na nośniku wymiennym zawierającym swojego własnego Linuxa, którego może użyć by dostać się do danych na Twoim dysku."

#. Tag: para
#, no-c-format
msgid "Finally, be aware that most BIOS have a generic password available. Initially intended for troubleshooting for those who have forgotten their password, these passwords are now public and available on the Internet (see for yourself by searching for “generic BIOS passwords” in a search engine). All of these protections will thus impede unauthorized access to the machine without being able to completely prevent it. There's no reliable way to protect a computer if the attacker can physically access it; they could dismount the hard drives to connect them to a computer under their own control anyway, or even steal the entire machine, or erase the BIOS memory to reset the password…"
msgstr "Ostatecznie, bądź świadomy, ze BIOS zazwyczaj ma dostępne standardowe hasło. Początkowo przeznaczone by rozwiązać problem ludzi zapominających hasła, obecnie te hasła są dostępne w Internecie(zobacz swoje poprzez wpisanie “generic BIOS passwords” w wyszukiwarkę). Wszystkie te zabezpieczenia będą więc utrudniać dostęp do komputera nieupoważnionym, jednak nie będą w stanie zabezpieczyć go całkowicie. Nie ma niezawodnego sposobu aby ochronić komputer jeżeli niezaufana osoba ma do niego fizyczny dostęp; może wyjąć dyski i dołączyć je do swojego komputera, lub nawet ukraść cały sprzęt, lub wyczyścić pamięć BIOSa, aby zresetować hasło..."

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> Kernel modules and options"
msgstr "<emphasis>POWRTÓT DO PODSTAW</emphasis> Moduły i opcje jądra systemu"

#. Tag: indexterm
#, no-c-format
msgid "<primary>modules</primary><secondary>kernel modules</secondary>"
msgstr "<primary>moduły</primary><secondary>moduły jądra systemu</secondary>"

#. Tag: para
#, no-c-format
msgid "Kernel modules also have options that can be configured by putting some files in <filename>/etc/modprobe.d/</filename>. These options are defined with directives like this: <literal>options <replaceable>module-name</replaceable> <replaceable>option-name</replaceable>=<replaceable>option-value</replaceable></literal>. Several options can be specified with a single directive if necessary."
msgstr "Moduły jądra systemu maja także opcje, które mogą być konfigurowane poprzez dodanie jakiś plików do <filename>/etc/modprobe.d/</filename>. Te opcje są zdefiniowane dyrektywami takimi jak: <literal>options <replaceable>module-name</replaceable> <replaceable>option-name</replaceable>=<replaceable>option-value</replaceable></literal>. Jeśli zajdzie taka potrzeba kilka opcji może być określonych przez pojedynczą dyrektywę. "

#. Tag: para
#, no-c-format
msgid "These configuration files are intended for <command>modprobe</command> — the program that loads a kernel module with its dependencies (modules can indeed call other modules). This program is provided by the <emphasis role=\"pkg\">kmod</emphasis> package."
msgstr "Te pliki konfiguracyjne są przeznaczone dla <command>modprobe</command>-program, który ładuje moduł jądra systemu z jego zależnościami (moduły mogą wszak powoływać inne moduły). Ten program jest dostarczany przez pakiet <emphasis role=\"pkg\">kmod</emphasis>."

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>modprobe</command></primary>"
msgstr "<primary><command>modprobe</command></primary>"

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">kmod</emphasis></primary>"
msgstr "<primary><emphasis role=\"pkg\">kmod</emphasis></primary>"

#. Tag: para
#, no-c-format
msgid "After this stage, <command>init</command> takes over and starts the programs enabled in the default runlevel (which is usually runlevel 2). It executes <command>/etc/init.d/rc 2</command>, a script that starts all services which are listed in <filename>/etc/rc2.d/</filename> and whose name start with the “S” letter. The two-figures number that follows had historically been used to define the order in which services had to be started, but nowadays the default boot system uses <command>insserv</command>, which schedules everything automatically based on the scripts' dependencies. Each boot script thus declares the conditions that must be met to start or stop the service (for example, if it must start before or after another service); <command>init</command> then launches them in the order that meets these conditions. The static numbering of scripts is therefore no longer taken into consideration (but they must always have a name beginning with “S” followed by two digits and the actual name of the script used for the dependencies). Generally, base services (such as logging with <command>rsyslog</command>, or port assignment with <command>portmap</command>) are started first, followed by standard services and the graphical interface (<command>gdm</command>)."
msgstr "Po tym etapie, <command>init</command> przejmuje kontrolę i uruchamia programy włączone w domyślny poziom działania(którym jest zazwyczaj poziom 2). Uruchamia  <command>/etc/init.d/rc 2</command>, skrypt, który włącza wszystkie usługi wymienione w <filename>/etc/rc2.d/</filename> i których nazwa zaczyna się na literę \"S\". Dwucyfrowy numer, który wystąpił, był kiedyś używany do definiowania kolejności, w której usługi muszą być uruchomione, ale obecnie domyślny system bootujący używa <command>insserv</command>, który planuje wszystko automatycznie bazując na zależnościach skryptów. Tak więc każdy butujący skrypt deklaruje warunki, które muszą być spełnione aby uruchomić bądź zatrzymać usługę(na przykład, czy musi być uruchamiana przed lub po innej usłudze); następnie <command>init</command> uruchamia je w kolejności, która spełnia podane warunki. Statyczne numerowanie skryptów nie jest już dlatego brane pod uwagę(ale zawsze muszą zaczynać się na literę \"S\", po której następują 2 cyfry i prawdziwa nazwa skryptu używanego do określenia zależności). Ogólnie, podstawowe usługi(takie jak przetwarzanie logów przez <command>rsyslog</command> lub przypisywanie portów przez  <command>portmap</command>) są uruchamiane pierwsze, a po nich włączane są standardowe usługi i środowisko graficzne (<command>gdm</command>)."

#. Tag: para
#, no-c-format
msgid "This dependency-based boot system makes it possible to automate re-numbering, which could be rather tedious if it had to be done manually, and it limits the risks of human error, since scheduling is conducted according to the parameters that are indicated. Another benefit is that services can be started in parallel when they are independent from one another, which can accelerate the boot process."
msgstr "System bootowania oparty na zależnościach sprawia, że możliwe jest zautomatyzowanie ponownego numerowania, które potrafi być uciążliwe, jeśli trzeba je przeprowadzić ręcznie, oraz zmniejsza prawdopodobieństwo ludzkiego błędu, ponieważ planowanie odbywa się według wskazanych parametrów. Inną korzyścią jest to, że usługi mogą być uruchomione równolegle, jeśli są od siebie niezależne, co przyśpiesza proces bootowania. "

#. Tag: title
#, no-c-format
msgid "<emphasis>ALTERNATIVE</emphasis> Other boot systems"
msgstr "<emphasis>ALTERNATYWA</emphasis> Inne systemy bootujące"

#. Tag: para
#, no-c-format
msgid "This book describes the boot system used by default in Debian (as implemented by the <emphasis role=\"pkg\">sysvinit</emphasis> package), which is derived and inherited from <emphasis>System V</emphasis> Unix systems, but there are others. <emphasis role=\"distribution\">Jessie</emphasis> will likely come with another init system by default since the current one is no longer suited to the dynamic nature of computing."
msgstr "Ta książka opisuje system bootujący domyślnie używany przez Debiana(ponieważ jest zaimplementowany przez pakiet <emphasis role=\"pkg\">sysvinit</emphasis>), który zaczerpnął i odziedziczył z  systemów uniksowych <emphasis>System V</emphasis>, istnieją jednak także inne. <emphasis role=\"distribution\">Jessie</emphasis> niedługo przedstawi inny domyślny system init ponieważ obecny nie pasuje do dynamicznej natury informatyki."

#. Tag: para
#, no-c-format
msgid "<emphasis role=\"pkg\">file-rc</emphasis> is a boot system with a very simple process. It keeps the principle of runlevels, but replaces the directories and symbolic links with a configuration file, which indicates to <command>init</command> the processes that must be started and their launch order."
msgstr "<emphasis role=\"pkg\">file-rc</emphasis> jest systemem bootującym z bardzo prostym procesem. Podtrzymuje zasadę poziomów działania, ale zamienia słownikowe i symboliczne dowiązania do pliku konfiguracyjnego, który wskazuje na procesy  <command>init</command>, które muszą zostać wykonane i ustanawia ich kolejność."

#. Tag: para
#, no-c-format
msgid "The <command>upstart</command> system is still not perfectly tested on Debian. It is event based: init scripts are no longer executed in a sequential order but in response to events such as the completion of another script upon which they are dependent. This system, started by Ubuntu, is present in Debian <emphasis role=\"distribution\">Wheezy</emphasis>, but is not the default; it comes, in fact, as a replacement for <emphasis role=\"pkg\">sysvinit</emphasis>, and one of the tasks launched by <command>upstart</command> is to launch the scripts written for traditional systems, especially those from the <emphasis role=\"pkg\">sysv-rc</emphasis> package."
msgstr "System <command>upstart</command> nadal nie jest jeszcze dobrze przetestowany na Debianie. Skrypty inicjujące nie są już uruchamiane po kolei ale w odpowiedzi na zdarzenia, takie jak ukończenie innego skryptu, od którego są zależne. Ten system, zapoczątkowany przez Ubuntu, jest obecny na Debianie  <emphasis role=\"distribution\">Wheezy</emphasis>, ale nie jest domyślny; w rzeczywistości, pojawił się jako zastępstwo dla <emphasis role=\"pkg\">sysvinit</emphasis> i jedno z zadań wykonywanych przez <command>upstart</command>, którym jest uruchomienie skryptów pisanych dla tradycyjnych systemów, w szczególności z pakietu <emphasis role=\"pkg\">sysv-rc</emphasis>."

#. Tag: para
#, no-c-format
msgid "Another new option that is gaining a lot of traction is <command>systemd</command>. Its approach is opposite to the previous systems; instead of preemptively launching all services, and having to deal with the question of scheduling, <command>systemd</command> chooses to start services on demand, somewhat along the principle of <command>inetd</command>. But this means that the boot system must be able to know how services are made available (it could be through a socket, a filesystem, or others), and thus requires small modifications of those services. It also provides backwards compatibility to System V init scripts."
msgstr "Inną nową opcją, która zyskała dużą siłę przebicia jest <command>systemd</command>. Jej sposób podejścia jest odwrotny do poprzednich systemów; zamiast zapobiegawczo uruchamiać wszystkie usługi i musieć sobie radzić z rozplanowaniem ich,<command>systemd</command> wybiera uruchamianie usług na żądanie, nieco podobnie do zasady  <command>inetd</command>. Ale to oznacza, że system bootujący musi wiedzieć jak usługi są udostępniane (przez złącze, system plików lub inne), tak więc wymagane są małe modyfikacje tych usług. Zapewniona jest wsteczna spójność ze skryptami inicjującymi Systemu V."

#. Tag: para
#, no-c-format
msgid "There are also other systems and other operating modes, such as <command>runit</command>, <command>minit</command>, or <command>initng</command>, but they are relatively specialized and not widespread."
msgstr "Są także inne systemy i tryby pracy, takie jak <command>runit</command>, <command>minit</command>, lub <command>initng</command>, ale są one specjalistyczne i  nierozpowszechnione. "

#. Tag: indexterm
#, no-c-format
msgid "<primary>runlevel</primary>"
msgstr "<primary>poziom działania</primary>"

#. Tag: indexterm
#, no-c-format
msgid "<primary>level, runlevel</primary>"
msgstr "<primary>poziom, poziom działania</primary>"

#. Tag: para
#, no-c-format
msgid "<command>init</command> distinguishes several runlevels, so it can switch from one to another with the <command>telinit <replaceable>new-level</replaceable></command> command. Immediately, <command>init</command> executes <command>/etc/init.d/rc</command> again with the new runlevel. This script will then start the missing services and stop those that are no longer desired. To do this, it refers to the content of the <filename>/etc/rc<replaceable>X</replaceable>.d</filename> (where <replaceable>X</replaceable> represents the new runlevel). Scripts starting with “S” (as in “Start”) are services to be started; those starting with “K” (as in “Kill”) are the services to be stopped. The script does not start any service that was already active in the previous runlevel."
msgstr "<command>init</command> wyróżnia kilka poziomów działania, więc może przełączać się między nimi komendą <command>telinit <replaceable>new-level</replaceable></command>. <command>init</command> natychmiastowo uruchamia<command>/etc/init.d/rc</command> z nowym poziomem działania. Następnie ten skrypt uruchamia brakujące usługi i zatrzymuje te, które nie są już pożądane. Aby to zrobić, wskazuje na zawartość <filename>/etc/rc<replaceable>X</replaceable>.d</filename> (gdzie <replaceable>X</replaceable> reprezentuje nowy poziom działania). Skrypty zaczynające się na \"S\"(jak \"Start\") są usługami do uruchomienia; te zaczynające się na \"K\"(jak \"Kill\") są usługami, które należy zatrzymać. Skrypt nie uruchomi żadnej usługi, która jest już aktywna w poprzednim poziomie działania."

#. Tag: para
#, no-c-format
msgid "By default, Debian uses four different runlevels:"
msgstr "Domyślnie, Debian korzysta z czterech różnych poziomów działania:"

#. Tag: para
#, no-c-format
msgid "Level 0 is only used temporarily, while the computer is powering down. As such, it only contains many “K” scripts."
msgstr "Poziom 0 jest używanym tylko tymczasowo, podczas wyłączania się komputera. Dlatego zawiera wiele skryptów \"K\"."

#. Tag: para
#, no-c-format
msgid "Level 1, also known as single-user mode, corresponds to the system in degraded mode; it includes only basic services, and is intended for maintenance operations where interactions with ordinary users are not desired."
msgstr "Poziom 1, znany także jako tryb dla pojedynczego użytkownika( single-user mode), odpowiada systemowi w trybie awaryjnym; zawiera tylko podstawowe usługi i powstał do wykonywania konserwacji, tak więc interakcje ze zwykłym użytkownikiem nie są pożądane."

#. Tag: para
#, no-c-format
msgid "Level 2 is the level for normal operation, which includes networking services, a graphical interface, user logins, etc."
msgstr "Poziom 2 służy do wykonywania zwyczajnych operacji, w skład których wchodzą usługi sieciowe, środowisko graficzne, loginy itd."

#. Tag: para
#, no-c-format
msgid "Level 6 is similar to level 0, except that it is used during the shutdown phase that precedes a reboot."
msgstr "Poziom 6 jest podobny do poziomu 0, pomijając to, że jest używany podczas fazy zamykania, która poprzedza ponowne uruchomienie."

#. Tag: para
#, no-c-format
msgid "Other levels exist, especially 3 to 5. By default they are configured to operate the same way as level 2, but the administrator can modify them (by adding or deleting scripts in the corresponding <filename>/etc/rc<replaceable>X</replaceable>.d</filename> directories) to adapt them to particular needs."
msgstr "Istnieją inne poziomy, szczególnie od 3 do 5. Domyślnie są skonfigurowane tak, by działać identycznie jak poziom 2, ale administrator może je zmodyfikować(dodając lub usuwając skrypty w <filename>/etc/rc<replaceable>X</replaceable>.d</filename>) aby przystosować je do szczególnych potrzeb."

#. Tag: title
#, no-c-format
msgid "Boot sequence of a computer running Linux"
msgstr "Sekwencja ładowania z komputera systemu Linux"

#. Tag: indexterm
#, no-c-format
msgid "<primary>initialization script</primary>"
msgstr "<primary>skrypt inicjujący</primary>"

#. Tag: para
#, no-c-format
msgid "All the scripts contained in the various <filename>/etc/rc<replaceable>X</replaceable>.d</filename> directories are really only symbolic links — created upon package installation by the <command>update-rc.d</command> program — pointing to the actual scripts which are stored in <filename>/etc/init.d/</filename>. The administrator can fine tune the services available in each runlevel by re-running <command>update-rc.d</command> with adjusted parameters. The <citerefentry><refentrytitle>update-rc.d</refentrytitle><manvolnum>1</manvolnum></citerefentry> manual page describes the syntax in detail. Please note that removing all symbolic links (with the <literal>remove</literal> parameter) is not a good method to disable a service. Instead you should simply configure it to not start in the desired runlevel (while preserving the corresponding calls to stop it in the event that the service runs in the previous runlevel). Since <command>update-rc.d</command> has a somewhat convoluted interface, you may prefer using <command>rcconf</command> (from the <emphasis role=\"pkg\">rcconf</emphasis> package) which provides a more user-friendly interface."
msgstr "Wszystkie skrypty zawierające się w różnych <filename>/etc/rc<replaceable>X</replaceable>.d</filename> directories are really only symbolic links — created upon package installation by the <command>update-rc.d</command> program — pointing to the actual scripts which are stored in <filename>/etc/init.d/</filename>. The administrator can fine tune the services available in each runlevel by re-running <command>update-rc.d</command> with adjusted parameters. The <citerefentry><refentrytitle>update-rc.d</refentrytitle><manvolnum>1</manvolnum></citerefentry> manual page describes the syntax in detail. Please note that removing all symbolic links (with the <literal>remove</literal> parameter) is not a good method to disable a service. Instead you should simply configure it to not start in the desired runlevel (while preserving the corresponding calls to stop it in the event that the service runs in the previous runlevel). Since <command>update-rc.d</command> has a somewhat convoluted interface, you may prefer using <command>rcconf</command> (from the <emphasis role=\"pkg\">rcconf</emphasis> package) which provides a more user-friendly interface."

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>update-rc.d</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>DEBIAN POLICY</emphasis> Restarting services"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>invoke-rc.d</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>service</primary><secondary>restart</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>restarting services</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The maintainer scripts for Debian packages will sometimes restart certain services to ensure their availability or get them to take certain options into account. The command that controls a service — <command>/etc/init.d/<replaceable>service</replaceable> <replaceable>operation</replaceable></command> — doesn't take runlevel into consideration, assumes (wrongly) that the service is currently being used, and may thus initiate incorrect operations (starting a service that was deliberately stopped, or stopping a service that is already stopped, etc.). Debian therefore introduced the <command>invoke-rc.d</command> program: this program must be used by maintainer scripts to run services initialization scripts and it will only execute the necessary commands. Note that, contrary to common usage, the <filename>.d</filename> suffix is used here in a program name, and not in a directory."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Finally, <command>init</command> starts control programs for various virtual consoles (<command>getty</command>). It displays a prompt, waiting for a username, then executes <command>login <replaceable>user</replaceable></command> to initiate a session."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>getty</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>VOCABULARY</emphasis> Console and terminal"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The first computers were usually separated into several, very large parts: the storage enclosure and the central processing unit were separate from the peripheral devices used by the operators to control them. These were part of a separate furniture, the “console”. This term was retained, but its meaning has changed. It has become more or less synonymous with “terminal”, being a keyboard and a screen."
msgstr ""

#. Tag: para
#, no-c-format
msgid "With the development of computers, operating systems have offered several virtual consoles to allow for several independent sessions at the same time, even if there is only one keyboard and screen. Most GNU/Linux systems offer six virtual consoles (in text mode), accessible by typing the key combinations <keycombo action=\"simul\"> <keycap>Control</keycap> <keycap>Alt</keycap> <keycap>F1</keycap> </keycombo> through <keycombo action=\"simul\"> <keycap>Control</keycap> <keycap>Alt</keycap> <keycap>F6</keycap> </keycombo>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "By extension, the terms “console” and “terminal” can also refer to a terminal emulator in a graphical X11 session (such as <command>xterm</command>, <command>gnome-terminal</command> or <command>konsole</command>)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Remote Login"
msgstr ""

#. Tag: para
#, no-c-format
msgid "It is essential for an administrator to be able to connect to a computer remotely. Servers, confined in their own room, are rarely equipped with permanent keyboards and monitors — but they are connected to the network."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> Client, server"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>client</primary><secondary>client/server architecture</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>server</primary><secondary>client/server architecture</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "A system where several processes communicate with each other is often described with the “client/server” metaphor. The server is the program that takes requests coming from a client and executes them. It is the client that controls operations, the server doesn't take any initiative of its own."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>login</primary><secondary>remote login</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>remote login</primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Secure Remote Login: SSH"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>SSH</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Secure Shell</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <emphasis>SSH</emphasis> (Secure SHell) protocol was designed with security and reliability in mind. Connections using SSH are secure: the partner is authenticated and all data exchanges are encrypted."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>CULTURE</emphasis> Telnet and RSH are obsolete"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>telnet</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>rsh</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Before SSH, <emphasis>Telnet</emphasis> and <emphasis>RSH</emphasis> were the main tools used to login remotely. They are now largely obsolete and should no longer be used even if Debian still provides them."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>VOCABULARY</emphasis> Authentication, encryption"
msgstr ""

#. Tag: para
#, no-c-format
msgid "When you need to give a client the ability to conduct or trigger actions on a server, security is important. You must ensure the identity of the client; this is authentication. This identity usually consists of a password that must be kept secret, or any other client could get the password. This is the purpose of encryption, which is a form of encoding that allows two systems to communicate confidential information on a public channel while protecting it from being readable to others."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Authentication and encryption are often mentioned together, both because they are frequently used together, and because they are usually implemented with similar mathematical concepts."
msgstr ""

#. Tag: para
#, no-c-format
msgid "SSH also offers two file transfer services. <command>scp</command> is a command line tool that can be used like <command>cp</command>, except that any path to another machine is prefixed with the machine's name, followed by a colon."
msgstr ""

#. Tag: screen
#, no-c-format
msgid "<computeroutput>$ </computeroutput><userinput>scp file machine:/tmp/</userinput>\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>sftp</command> is an interactive command, similar to <command>ftp</command>. In a single session, <command>sftp</command> can transfer several files, and it is possible to manipulate remote files with it (delete, rename, change permissions, etc.)."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>scp</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>sftp</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Debian uses OpenSSH, a free version of SSH maintained by the <command>OpenBSD</command> project (a free operating system based on the BSD kernel, focused on security) and fork of the original SSH software developed by the SSH Communications Security Corp company, of Finland. This company initially developed SSH as free software, but eventually decided to continue its development under a proprietary license. The OpenBSD project then created OpenSSH to maintain a free version of SSH."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>OpenSSH</primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> <foreignphrase>Fork</foreignphrase>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>fork</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "A “fork”, in the software field, means a new project that starts as a clone of an existing project, and that will compete with it. From there on, both software will usually quickly diverge in terms of new developments. A fork is often the result of disagreements within the development team."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The option to fork a project is a direct result of the very nature of free software; a fork is a healthy event when it enables the continuation of a project as free software (for example in case of license changes). A fork arising from technical or personal disagreements is often a waste of human resources; another resolution would be preferable. Mergers of two projects that previously went through a prior fork are not unheard of."
msgstr ""

#. Tag: para
#, no-c-format
msgid "OpenSSH is split into two packages: the client part is in the <emphasis role=\"pkg\">openssh-client</emphasis> package, and the server is in the <emphasis role=\"pkg\">openssh-server</emphasis> package. The <emphasis role=\"pkg\">ssh</emphasis> meta-package depends on both parts and facilitates installation of both (<command>apt-get install ssh</command>)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Key-Based Authentication"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each time someone logs in over SSH, the remote server asks for a password to authenticate the user. This can be problematic if you want to automate a connection, or if you use a tool that requires frequent connections over SSH. This is why SSH offers a key-based authentication system."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The user generates a key pair on the client machine with <command>ssh-keygen -t rsa</command>; the public key is stored in <filename>~/.ssh/id_rsa.pub</filename>, while the corresponding private key is stored in <filename>~/.ssh/id_rsa</filename>. The user then uses <command>ssh-copy-id <replaceable>server</replaceable></command> to add their public key to the <filename>~/.ssh/authorized_keys</filename> file on the server. If the private key was not protected with a “passphrase” at the time of its creation, all subsequent logins on the server will work without a password. Otherwise, the private key must be decrypted each time by entering the passphrase. Fortunately, <command>ssh-agent</command> allows us to keep private keys in memory to not have to regularly re-enter the password. For this, you simply use <command>ssh-add</command> (once per work session) provided that the session is already associated with a functional instance of <command>ssh-agent</command>. Debian activates it by default in graphical sessions, but this can be deactivated by changing <filename>/etc/X11/Xsession.options</filename>. For a console session, you can manually start it with <command>eval $(ssh-agent)</command>."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> Protection of the private key"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Whoever has the private key can login on the account thus configured. This is why access to the private key is protected by a “passphrase”. Someone who acquires a copy of a private key file (for example, <filename>~/.ssh/id_rsa</filename>) still has to know this phrase in order to be able to use it. This additional protection is not, however, impregnable, and if you think that this file has been compromised, it is best to disable that key on the computers in which it has been installed (by removing it from the <filename>authorized_keys</filename> files) and replacing it with a newly generated key."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>CULTURE</emphasis> OpenSSL flaw in Debian <emphasis role=\"distribution\">Etch</emphasis>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The OpenSSL library, as initially provided in Debian <emphasis role=\"distribution\">Etch</emphasis>, had a serious problem in its random number generator (RNG). Indeed, the Debian maintainer had made a change so that applications using it would no longer generate warnings when analyzed by memory testing tools like <command>valgrind</command>. Unfortunately, this change also meant that the RNG was employing only one source of entropy corresponding to the process number (PID) whose 32,000 possible values do not offer enough randomness. <ulink type=\"block\" url=\"http://www.debian.org/security/2008/dsa-1571\" />"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Specifically, whenever OpenSSL was used to generate a key, it always produced a key within a known set of hundreds of thousands of keys (32,000 multiplied by a small number of key lengths). This affected SSH keys, SSL keys, and X.509 certificates used by numerous applications, such as OpenVPN. A cracker had only to try all of the keys to gain unauthorized access. To reduce the impact of the problem, the SSH daemon was modified to refuse problematic keys that are listed in the <emphasis role=\"pkg\">openssh-blacklist</emphasis> and <emphasis role=\"pkg\">openssh-blacklist-extra</emphasis> packages. Additionally, the <command>ssh-vulnkey</command> command allows identification of possibly compromised keys in the system."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A more thorough analysis of this incident brings to light that it is the result of multiple (small) problems, both at the OpenSSL project, as well as with the Debian package maintainer. A widely used library like OpenSSL should — without modifications — not generate warnings when tested by <command>valgrind</command>. Furthermore, the code (especially the parts as sensitive as the RNG) should be better commented to prevent such errors. The Debian maintainer, for his part, wanting to validate his modifications with the OpenSSL developers, simply explained his modifications without providing them the corresponding patch to review. He also did not clearly identify himself as the maintainer of the corresponding Debian package. Finally, in his maintenance choices, the maintainer did not clearly document the changes made to the original code; all the modifications are effectively stored in a Subversion repository, but they ended up all lumped into one single patch during creation of the source package."
msgstr ""

#. Tag: para
#, no-c-format
msgid "It is difficult under such conditions to find the corrective measures to prevent such incidents from recurring. The lesson to be learned here is that every divergence Debian introduces to upstream software must be justified, documented, submitted to the upstream project when possible, and widely publicized. It is from this perspective that the new source package format (“3.0 (quilt)”) and the Debian patch tracker were developed. <ulink type=\"block\" url=\"http://patch-tracker.debian.org\" />"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Using Remote X11 Applications"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The SSH protocol allows forwarding of graphical data (“X11” session, from the name of the most widespread graphical system in Unix); the server then keeps a dedicated channel for those data. Specifically, a graphical program executed remotely can be displayed on the X.org server of the local screen, and the whole session (input and display) will be secure. Since this feature allows remote applications to interfere with the local system, it is disabled by default. You can enable it by specifying <literal>X11Forwarding yes</literal> in the server configuration file (<filename>/etc/ssh/sshd_config</filename>). Finally, the user must also request it by adding the <literal>-X</literal> option to the <command>ssh</command> command-line."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Creating Encrypted Tunnels with Port Forwarding"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>port forwarding</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Its <literal>-R</literal> and <literal>-L</literal> options allow <command>ssh</command> to create “encrypted tunnels” between two machines, securely forwarding a local TCP port (see sidebar <xref linkend=\"sidebar.tcp-udp\" />) to a remote machine or vice versa."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>VOCABULARY</emphasis> Tunnel"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>tunnel (SSH)</primary><seealso>VPN</seealso>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>SSH tunnel</primary><seealso>VPN</seealso>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Internet, and most LANs that are connected to it, operate in packet mode and not in connected mode, meaning that a packet issued from one computer to another is going to be stopped at several intermediary routers to find its way to its destination. You can still simulate a connected operation where the stream is encapsulated in normal IP packets. These packets follow their usual route, but the stream is reconstructed unchanged at the destination. We call this a “tunnel”, analogous to a road tunnel in which vehicles drive directly from the entrance (input) to the exit (output) without encountering any intersections, as opposed to a path on the surface that would involve intersections and changing direction."
msgstr ""

#. Tag: para
#, no-c-format
msgid "You can use this opportunity to add encryption to the tunnel: the stream that flows through it is then unrecognizable from the outside, but it is returned in decrypted form at the exit of the tunnel."
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>ssh -L 8000:server:25 intermediary</command> establishes an SSH session with the <replaceable>intermediary</replaceable> host and listens to local port 8000 (see <xref linkend=\"figure.ssh-L\" />). For any connection established on this port, <command>ssh</command> will initiate a connection from the <replaceable>intermediary</replaceable> computer to port 25 on the <replaceable>server</replaceable>, and will bind both connections together."
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>ssh -R 8000:server:25 intermediary</command> also establishes an SSH session to the <replaceable>intermediary</replaceable> computer, but it is on this machine that <command>ssh</command> listens to port 8000 (see <xref linkend=\"figure.ssh-R\" />). Any connection established on this port will cause <command>ssh</command> to open a connection from the local machine on to port 25 of the <replaceable>server</replaceable>, and to bind both connections together."
msgstr ""

#. Tag: para
#, no-c-format
msgid "In both cases, connections are made to port 25 on the <replaceable>server</replaceable> host, which pass through the SSH tunnel established between the local machine and the <replaceable>intermediary</replaceable> machine. In the first case, the entrance to the tunnel is local port 8000, and the data move towards the <replaceable>intermediary</replaceable> machine before being directed to the <replaceable>server</replaceable> on the “public” network. In the second case, the input and output in the tunnel are reversed; the entrance is port 8000 on the <replaceable>intermediary</replaceable> machine, the output is on the local host, and the data are then directed to the <replaceable>server</replaceable>. In practice, the server is usually either the local machine or the intermediary. That way SSH secures the connection from one end to the other."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Forwarding a local port with SSH"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Forwarding a remote port with SSH"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Using Remote Graphical Desktops"
msgstr ""

#. Tag: para
#, no-c-format
msgid "VNC (Virtual Network Computing) allows remote access to graphical desktops."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>VNC</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Virtual Network Computing</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>graphical desktop</primary><secondary>remote</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>remote graphical desktop</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>desktop, remote graphical desktop</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "This tool is mostly used for technical assistance; the administrator can see the errors that the user is facing, and show them the correct course of action without having to stand by them."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">vino</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">krfb</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">x11vnc</emphasis></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "First, the user must authorize sharing their session. The GNOME and KDE graphical desktop environments include, respectively, <command>vino</command> and <command>krfb</command>, which provide a graphical interface that allows sharing an existing session over VNC (both are identified as <emphasis>Desktop Sharing</emphasis> either in the GNOME application list or in the KDE menu). For other graphical desktop environments, the <command>x11vnc</command> command (from the Debian package of the same name) serves the same purpose; you can make it available to the user with an explicit icon."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">vinagre</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">tsclient</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">krdc</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">xvnc4viewer</emphasis></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "When the graphical session is made available by VNC, the administrator must connect to it with a VNC client. GNOME has <command>vinagre</command> and <command>remmina</command> for that, while KDE includes <command>krdc</command> (in the menu at <menuchoice> <guimenu>K</guimenu> <guisubmenu>Internet</guisubmenu> <guimenuitem>Remote Desktop Client</guimenuitem></menuchoice>). There are other VNC clients that use the command line, such as <command>xvnc4viewer</command> in the Debian package of the same name. Once connected, the administrator can see what's going on, work on the machine remotely, and show the user how to proceed."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> VNC over SSH"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>SSH tunnel</primary><secondary>VNC</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "If you want to connect by VNC, and you don't want your data sent in clear text on the network, it is possible to encapsulate the data in an SSH tunnel (see <xref linkend=\"sect.ssh-port-forwarding\" />). You simply have to know that VNC uses port 5900 by default for the first screen (called “localhost:0”), 5901 for the second (called “localhost:1”), etc."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>ssh -L localhost:5901:localhost:5900 -N -T <replaceable>machine</replaceable></command> command creates a tunnel between local port 5901 in the localhost interface and port 5900 of the <replaceable>machine</replaceable> host. The first “localhost” restricts SSH to listening to only that interface on the local machine. The second “localhost” indicates the interface on the remote machine which will receive the network traffic entering in “localhost:5901”. Thus <command>vncviewer localhost:1</command> will connect the VNC client to the remote screen, even though you indicate the name of the local machine."
msgstr ""

#. Tag: para
#, no-c-format
msgid "When the VNC session is closed, remember to close the tunnel by also quitting the corresponding SSH session."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> Display manager"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>gdm</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>kdm</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>xdm</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>lightdm</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>manager</primary><secondary>display manager</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>display manager</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>gdm</command>, <command>kdm</command>, <command>lightdm</command>, and <command>xdm</command> are Display Managers. They take control of the graphical interface shortly after boot in order to provide the user a login screen. Once the user has logged in, they execute the programs needed to start a graphical work session."
msgstr ""

#. Tag: para
#, no-c-format
msgid "VNC also works for mobile users, or company executives, who occasionally need to login from their home to access a remote desktop similar to the one they use at work. The configuration of such a service is more complicated: you first install the <emphasis role=\"pkg\">vnc4server</emphasis> package, change the configuration of the display manager to accept <literal>XDMCP Query</literal> requests (for <command>gdm3</command>, this can be done by adding <literal>Enable=true</literal> in the “xdmcp” section of <filename>/etc/gdm3/daemon.conf</filename>), and finally, start the VNC server with <command>inetd</command> so that a session is automatically started when a user tries to login. For example, you may add this line to <filename>/etc/inetd.conf</filename>:"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid "5950  stream  tcp  nowait  nobody.tty  /usr/bin/Xvnc Xvnc -inetd -query localhost -once -geometry 1024x768 -depth 16 securitytypes=none\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Redirecting incoming connections to the display manager solves the problem of authentication, because only users with local accounts will pass the <command>gdm</command> login screen (or equivalent <command>kdm</command>, <command>xdm</command>, etc.). As this operation allows multiple simultaneous logins without any problem (provided the server is powerful enough), it can even be used to provide complete desktops for mobile users (or for less powerful desktop systems, configured as thin clients). Users simply login to the server's screen with <command>vncviewer <replaceable>server</replaceable>:50</command>, because the port used is 5950."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">vnc4server</emphasis></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Managing Rights"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Linux is definitely a multi-user system, so it is necessary to provide a permission system to control the set of authorized operations on files and directories, which includes all the system resources and devices (on a Unix system, any device is represented by a file or directory). This principle is common to all Unix systems, but a reminder is always useful, especially as there are some interesting and relatively unknown advanced uses."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>rights</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>permissions</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>user</primary><secondary>owner</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>group</primary><secondary>owner</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>owner</primary><secondary>user</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>owner</primary><secondary>group</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each file or directory has specific permissions for three categories of users:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "its owner (symbolized by <literal>u</literal> as in “user”);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "its owner group (symbolized by <literal>g</literal> as in “group”), representing all the members of the group;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the others (symbolized by <literal>o</literal> as in “other”)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Three types of rights can be combined:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "reading (symbolized by <literal>r</literal> as in “read”);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "writing (or modifying, symbolized by <literal>w</literal> as in “write”);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "executing (symbolized by <literal>x</literal> as in “eXecute”)."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>read, right</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>write, right</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>modification, right</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>execution, right</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "In the case of a file, these rights are easily understood: read access allows reading the content (including copying), write access allows changing it, and execute access allows you to run it (which will only work if it's a program)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> <literal>setuid</literal> and <literal>setgid</literal> executables"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Two particular rights are relevant to executable files: <literal>setuid</literal> and <literal>setgid</literal> (symbolized with the letter “s”). Note that we frequently speak of “bit”, since each of these boolean values can be represented by a 0 or a 1. These two rights allow any user to execute the program with the rights of the owner or the group, respectively. This mechanism grants access to features requiring higher level permissions than those you would usually have."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><literal>setuid</literal>, right</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><literal>setgid</literal>, right</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Since a <literal>setuid</literal> root program is systematically run under the super-user identity, it is very important to ensure it is secure and reliable. Indeed, a user who would manage to subvert it to call a command of their choice could then impersonate the root user and have all rights on the system."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A directory is handled differently. Read access gives the right to consult the list of its entries (files and directories), write access allows creating or deleting files, and execute access allows crossing through it (especially to go there with the <command>cd</command> command). Being able to cross through a directory without being able to read it gives permission to access the entries therein that are known by name, but not to find them if you do not know their existence or their exact name."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> <literal>setgid</literal> directory and <emphasis>sticky bit</emphasis>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><literal>setgid</literal> directory</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <literal>setgid</literal> bit also applies to directories. Any newly-created item in such directories is automatically assigned the owner group of the parent directory, instead of inheriting the creator's main group as usual. This setup avoids the user having to change its main group (with the <command>newgrp</command> command) when working in a file tree shared between several users of the same dedicated group."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>sticky bit</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The “sticky” bit (symbolized by the letter “t”) is a permission that is only useful in directories. It is especially used for temporary directories where everybody has write access (such as <filename>/tmp/</filename>): it restricts deletion of files so that only their owner (or the owner of the parent directory) can do it. Lacking this, everyone could delete other users' files in <filename>/tmp/</filename>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Three commands control the permissions associated with a file:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>chown <replaceable>user</replaceable> <replaceable>file</replaceable></command> changes the owner of the file;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>chgrp <replaceable>group</replaceable> <replaceable>file</replaceable></command> alters the owner group;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>chmod <replaceable>rights</replaceable> <replaceable>file</replaceable></command> changes the permissions for the file."
msgstr ""

#. Tag: para
#, no-c-format
msgid "There are two ways of presenting rights. Among them, the symbolic representation is probably the easiest to understand and remember. It involves the letter symbols mentioned above. You can define rights for each category of users (<literal>u</literal>/<literal>g</literal>/<literal>o</literal>), by setting them explicitly (with <literal>=</literal>), by adding (<literal>+</literal>), or subtracting (<literal>-</literal>). Thus the <literal>u=rwx,g+rw,o-r</literal> formula gives the owner read, write, and execute rights, adds read and write rights for the owner group, and removes read rights for other users. Rights not altered by the addition or subtraction in such a command remain unmodified. The letter <literal>a</literal>, for “all”, covers all three categories of users, so that <literal>a=rx</literal> grants all three categories the same rights (read and execute, but not write)."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>chmod</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>chown</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>chgrp</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>octal representation of rights</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>rights</primary><secondary>octal representation</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The (octal) numeric representation associates each right with a value: 4 for read, 2 for write, and 1 for execute. We associate each combination of rights with the sum of the figures. Each value is then assigned to different categories of users by putting them end to end in the usual order (owner, group, others)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "For instance, the <command>chmod 754 <replaceable>file</replaceable></command> command will set the following rights: read, write and execute for the owner (since 7 = 4 + 2 + 1); read and execute for the group (since 5 = 4 + 1); read-only for others. The <literal>0</literal> means no rights; thus <command>chmod 600 <replaceable>file</replaceable></command> allows for read/write rights for the owner, and no rights for anyone else. The most frequent right combinations are <literal>755</literal> for executable files and directories, and <literal>644</literal> for data files."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To represent special rights, you can prefix a fourth digit to this number according to the same principle, where the <literal>setuid</literal>, <literal>setgid</literal> and <literal>sticky</literal> bits are 4, 2 and 1, respectively. <command>chmod 4754</command> will associate the <literal>setuid</literal> bit with the previously described rights."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Note that the use of octal notation only allows to set all the rights at once on a file; you can not use it to simply add a new right, such as read access for the group owner, since you must take into account the existing rights and compute the new corresponding numerical value."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>TIP</emphasis> Recursive operation"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Sometimes we have to change rights for an entire file tree. All the commands above have a <literal>-R</literal> option to operate recursively in sub-directories."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The distinction between directories and files sometimes causes problems with recursive operations. That's why the “X” letter has been introduced in the symbolic representation of rights. It represents a right to execute which applies only to directories (and not to files lacking this right). Thus, <command>chmod -R a+X <replaceable>directory</replaceable></command> will only add execute rights for all categories of users (<literal>a</literal>) for all of the sub-directories and files for which at least one category of user (even if their sole owner) already has execute rights."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>TIP</emphasis> Changing the user and group"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Frequently you want to change the group of a file at the same time that you change the owner. The <command>chown</command> command has a special syntax for that: <command>chown <replaceable>user</replaceable>:<replaceable>group</replaceable></command>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>GOING FURTHER</emphasis> <command>umask</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "When an application creates a file, it assigns indicative permissions, knowing that the system automatically removes certain rights, given by the command <command>umask</command>. Enter <command>umask</command> in a shell; you will see a mask such as <computeroutput>0022</computeroutput>. This is simply an octal representation of the rights to be systematically removed (in this case, the write right for the group and other users)."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>umask</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>rights</primary><secondary>mask</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>mask</primary><secondary>rights mask</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "If you give it a new octal value, the <command>umask</command> command modifies the mask. Used in a shell initialization file (for example, <filename>~/.bash_profile</filename>), it will effectively change the default mask for your work sessions."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Administration Interfaces"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>interface</primary><secondary>administration interface</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>administration, interfaces</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Using a graphical interface for administration is interesting in various circumstances. An administrator does not necessarily know all the configuration details for all their services, and doesn't always have the time to go seeking out the documentation on the matter. A graphical interface for administration can thus accelerate the deployment of a new service. It can also simplify the setup of services which are hard to configure."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Such an interface is only an aid, and not an end in itself. In all cases, the administrator must master its behavior in order to understand and work around any potential problem."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Since no interface is perfect, you may be tempted to try several solutions. This is to be avoided as much as possible, since different tools are sometimes incompatible in their work methods. Even if they all target to be very flexible and try to adopt the configuration file as a single reference, they are not always able to integrate external changes."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Administrating on a Web Interface: <command>webmin</command>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis>webmin</emphasis></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "This is, without a doubt, one of the most successful administration interfaces. It is a modular system managed through a web browser, covering a wide array of areas and tools. Furthermore, it is internationalized and available in many languages."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Sadly, <command>webmin</command> is no longer part of Debian. Its Debian maintainer — Jaldhar H. Vyas — removed the packages he created because he no longer had the time required to maintain them at an acceptable quality level. Nobody has officially taken over, so <emphasis role=\"distribution\">Wheezy</emphasis> does not have the <command>webmin</command> package."
msgstr ""

#. Tag: para
#, no-c-format
msgid "There is, however, an unofficial package distributed on the <literal>webmin.com</literal> website. Contrary to the original Debian packages, this package is monolithic; all of its configuration modules are installed and activated by default, even if the corresponding service is not installed on the machine."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> Changing the root password"
msgstr ""

#. Tag: para
#, no-c-format
msgid "On first login, identification is conduced with the root username and its usual password. It is recommended to change the password used for <command>webmin</command> as soon as possible, so that if it is compromised, the root password for the server will not be involved, even if this confers important administrative rights to the machine."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Beware! Since <command>webmin</command> has so many features, a malicious user accessing it could compromise the security of the entire system. In general, interfaces of this kind are not recommended for important systems with strong security constraints (firewall, sensitive servers, etc.)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Webmin is used through a web interface, but it does not require Apache to be installed. Essentially, this software has its own integrated mini web server. This server listens by default on port 10000 and accepts secure HTTP connections."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Included modules cover a wide variety of services, among which:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "all base services: creation of users and groups, management of <filename>crontab</filename> files, init scripts, viewing of logs, etc."
msgstr ""

#. Tag: para
#, no-c-format
msgid "bind: DNS server configuration (name service);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "postfix: SMTP server configuration (e-mail);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "inetd: configuration of the <command>inetd</command> super-server;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "quota: user quota management;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "dhcpd: DHCP server configuration;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "proftpd: FTP server configuration;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "samba: Samba file server configuration;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "software: installation or removal of software from Debian packages and system updates."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The administration interface is available in a web browser at <literal>https://localhost:10000</literal>. Beware! Not all the modules are directly usable. Sometimes they must be configured by specifying the locations of the corresponding configuration files and some executable files (program). Frequently the system will politely prompt you when it fails to activate a requested module."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>ALTERNATIVE</emphasis> GNOME control center"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">gnome-control-center</emphasis></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The GNOME project also provides multiple administration interfaces that are usually accessible via the “Settings” entry in the user menu on the top right. <command>gnome-control-center</command> is the main program that brings them all together but many of the system wide configuration tools are effectively provided by other packages (<emphasis role=\"pkg\">accountsservice</emphasis>, <emphasis role=\"pkg\">system-config-printer</emphasis>, etc.). Easy to use, these applications cover only a limited number of base services: user management, time configuration, network configuration, printer configuration, and so on."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Configuring Packages: <command>debconf</command>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>debconf</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>dpkg-reconfigure</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Many packages are automatically configured after asking a few questions during installation through the Debconf tool. These packages can be reconfigured by running <command>dpkg-reconfigure <replaceable>package</replaceable></command>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "For most cases, these settings are very simple; only a few important variables in the configuration file are changed. These variables are often grouped between two “demarcation” lines so that reconfiguration of the package only impacts the enclosed area. In other cases, reconfiguration will not change anything if the script detects a manual modification of the configuration file, in order to preserve these human interventions (because the script can't ensure that its own modifications will not disrupt the existing settings)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>DEBIAN POLICY</emphasis> Preserving changes"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Debian Policy expressly stipulates that everything should be done to preserve manual changes made to a configuration file, so more and more scripts take precautions when editing configuration files. The general principle is simple: the script will only make changes if it knows the status of the configuration file, which is verified by comparing the checksum of the file against that of the last automatically generated file. If they are the same, the script is authorized to change the configuration file. Otherwise, it determines that the file has been changed and asks what action it should take (install the new file, save the old file, or try to integrate the new changes with the existing file). This precautionary principle has long been unique to Debian, but other distributions have gradually begun to embrace it."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>ucf</command> program (from the Debian package of the same name) can be used to implement such a behavior."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>ucf</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<command>syslog</command> System Events"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>rsyslogd</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>files</primary><secondary>log files</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>logs</primary><secondary>dispatching</secondary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Principle and Mechanism"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>rsyslogd</command> daemon is responsible for collecting service messages coming from applications and the kernel, then dispatching them into log files (usually stored in the <filename>/var/log/</filename> directory). It obeys the <filename>/etc/rsyslog.conf</filename> configuration file."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each log message is associated with an application subsystem (called “facility” in the documentation):"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>auth</literal> and <literal>authpriv</literal>: for authentication;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>cron</literal>: comes from task scheduling services, <command>cron</command> and <command>atd</command>;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>daemon</literal>: affects a daemon without any special classification (DNS, NTP, etc.);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>ftp</literal>: concerns the FTP server;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>kern</literal>: message coming from the kernel;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>lpr</literal>: comes from the printing subsystem;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>mail</literal>: comes from the e-mail subsystem;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>news</literal>: Usenet subsystem message (especially from an NNTP — Network News Transfer Protocol — server that manages newsgroups);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>syslog</literal>: messages from the <command>syslogd</command> server, itself;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>user</literal>: user messages (generic);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>uucp</literal>: messages from the UUCP server (Unix to Unix Copy Program, an old protocol notably used to distribute e-mail messages);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>local0</literal> to <literal>local7</literal>: reserved for local use."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each message is also associated with a priority level. Here is the list in decreasing order:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>emerg</literal>: “Help!” There's an emergency, the system is probably unusable."
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>alert</literal>: hurry up, any delay can be dangerous, action must be taken immediately;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>crit</literal>: conditions are critical;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>err</literal>: error;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>warn</literal>: warning (potential error);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>notice</literal>: conditions are normal, but the message is important;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>info</literal>: informative message;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>debug</literal>: debugging message."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Configuration File"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The syntax of the <filename>/etc/rsyslog.conf</filename> file is detailed in the <citerefentry><refentrytitle>rsyslog.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> manual page, but there is also HTML documentation available in the <emphasis role=\"pkg\">rsyslog-doc</emphasis> package (<filename>/usr/share/doc/rsyslog-doc/html/index.html</filename>). The overall principle is to write “selector” and “action” pairs. The selector defines all relevant messages, and the actions describes how to deal with them."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Syntax of the Selector"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The selector is a semicolon-separated list of <literal><replaceable>subsystem</replaceable>.<replaceable>priority</replaceable></literal> pairs (example: <literal>auth.notice;mail.info</literal>). An asterisk may represent all subsystems or all priorities (examples: <literal>*.alert</literal> or <literal>mail.*</literal>). Several subsystems can be grouped, by separating them with a comma (example: <literal>auth,mail.info</literal>). The priority indicated also covers messages of equal or higher priority; thus <literal>auth.alert</literal> indicates the <literal>auth</literal> subsystem messages of <literal>alert</literal> or <literal>emerg</literal> priority. Prefixed with an exclamation point (!), it indicates the opposite, in other words the strictly lower priorities; <literal>auth.!notice</literal>, thus, indicates messages issued from <literal>auth</literal>, with <literal>info</literal> or <literal>debug</literal> priority. Prefixed with an equal sign (=), it corresponds to precisely and only the priority indicated (<literal>auth.=notice</literal> only concerns messages from <literal>auth</literal> with <literal>notice</literal> priority)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each element in the list on the selector overrides previous elements. It is thus possible to restrict a set or to exclude certain elements from it. For example, <literal>kern.info;kern.!err</literal> means messages from the kernel with priority between <literal>info</literal> and <literal>warn</literal>. The <literal>none</literal> priority indicates the empty set (no priorities), and may serve to exclude a subsystem from a set of messages. Thus, <literal>*.crit;kern.none</literal> indicates all the messages of priority equal to or higher than <literal>crit</literal> not coming from the kernel."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Syntax of Actions"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> The named pipe, a persistent pipe"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>named pipe</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>pipe, named pipe</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "A named pipe is a particular type of file that operates like a traditional pipe (the pipe that you make with the “|” symbol on the command line), but via a file. This mechanism has the advantage of being able to relate two unrelated processes. Anything written to a named pipe blocks the process that writes until another process attempts to read the data written. This second process reads the data written by the first, which can then resume execution."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Such a file is created with the <command>mkfifo</command> command."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The various possible actions are:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "add the message to a file (example: <filename>/var/log/messages</filename>);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "send the message to a remote <command>syslog</command> server (example: <literal>@log.falcot.com</literal>);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "send the message to an existing named pipe (example: <literal>|/dev/xconsole</literal>);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "send the message to one or more users, if they are logged in (example: <literal>root,rhertzog</literal>);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "send the message to all logged in users (example: <literal>*</literal>);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "write the message in a text console (example: <literal>/dev/tty8</literal>)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> Forwarding logs"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>log</primary><secondary>forwarding</secondary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "It is a good idea to record the most important logs on a separate machine (perhaps dedicated for this purpose), since this will prevent any possible intruder from removing traces of their intrusion (unless, of course, they also compromise this other server). Furthermore, in the event of a major problem (such as a kernel crash), you have the logs available on another machine, which increases your chances of determining the sequence of events that caused the crash."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To accept log messages sent by other machines, you must reconfigure <emphasis>rsyslog</emphasis>: in practice, it is sufficient to activate the ready-for-use entries in <filename>/etc/rsyslog.conf</filename> (<literal>$ModLoad imudp</literal> and <literal>$UDPServerRun 514</literal>)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The <command>inetd</command> Super-Server"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Inetd (often called “Internet super-server”) is a server of servers. It executes rarely used servers on demand, so that they do not have to run continuously."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>inetd</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>super-server</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <filename>/etc/inetd.conf</filename> file lists these servers and their usual ports. The <command>inetd</command> command listens to all of them; when it detects a connection to any such port, it executes the corresponding server program."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>DEBIAN POLICY</emphasis> Register a server in <filename>inetd.conf</filename>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Packages frequently want to register a new server in the <filename>/etc/inetd.conf</filename> file, but Debian Policy prohibits any package from modifying a configuration file that it doesn't own. This is why the <command>updated-inetd</command> script (in the package with the same name) was created: It manages the configuration file, and other packages can thus use it to register a new server to the super-server's configuration."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each significant line of the <filename>/etc/inetd.conf</filename> file describes a server through seven fields (separated by spaces):"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The TCP or UDP port number, or the service name (which is mapped to a standard port number with the information contained in the <filename>/etc/services</filename> file)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The socket type: <literal>stream</literal> for a TCP connection, <literal>dgram</literal> for UDP datagrams."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The protocol: <literal>tcp</literal> or <literal>udp</literal>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The options: two possible values: <literal>wait</literal> or <literal>nowait</literal>, to tell <command>inetd</command> whether it should wait or not for the end of the launched process before accepting another connection. For TCP connections, easily multiplexable, you can usually use <literal>nowait</literal>. For programs responding over UDP, you should use <literal>nowait</literal> only if the server is capable of managing several connections in parallel. You can suffix this field with a period, followed by the maximum number of connections authorized per minute (the default limit is 256)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The user name of the user under whose identity the server will run."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The full path to the server program to execute."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The arguments: this is a complete list of the program's arguments, including its own name (<literal>argv[0]</literal> in C)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The following example illustrates the most common cases:"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Excerpt from <filename>/etc/inetd.conf</filename>"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid ""
"talk   dgram  udp wait    nobody.tty /usr/sbin/in.talkd in.talkd\n"
"finger stream tcp nowait  nobody     /usr/sbin/tcpd     in.fingerd\n"
"ident  stream tcp nowait  nobody     /usr/sbin/identd   identd -i\n"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>tcpd</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>tcpd</command> program is frequently used in the <filename>/etc/inetd.conf</filename> file. It allows limiting incoming connections by applying access control rules, documented in the <citerefentry><refentrytitle>hosts_access</refentrytitle><manvolnum>5</manvolnum></citerefentry> manual page, and which are configured in the <filename>/etc/hosts.allow</filename> and <filename>/etc/hosts.deny</filename> files. Once it has been determined that the connection is authorized, <command>tcpd</command> executes the real server (like <command>in.fingerd</command> in our example). It is worth noting that <command>tcpd</command> relies on the name under which it was invoked (that is the first argument, <literal>argv[0]</literal>) to identify the real program to run. So you should not start the arguments list with <literal>tcpd</literal> but with the program that must be wrapped."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>COMMUNITY</emphasis> Wietse Venema"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Wietse Venema</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Venema, Wietse</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Wietse Venema, whose expertise in security has made him a renowned programmer, is the author of the <command>tcpd</command> program. He is also the main creator of Postfix, the modular e-mail server (SMTP, Simple Mail Transfer Protocol), designed to be safer and more reliable than <command>sendmail</command>, which features a long history of security vulnerabilities."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>ALTERNATIVE</emphasis> Other <command>inetd</command> commands"
msgstr ""

#. Tag: para
#, no-c-format
msgid "While Debian installs <emphasis role=\"pkg\">openbsd-inetd</emphasis> by default, there is no lack of alternatives: we can mention <emphasis role=\"pkg\">inetutils-inetd</emphasis>, <emphasis role=\"pkg\">micro-inetd</emphasis>, <emphasis role=\"pkg\">rlinetd</emphasis> and <emphasis role=\"pkg\">xinetd</emphasis>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "This last incarnation of a super-server offers very interesting possibilities. Most notably, its configuration can be split into several files (stored, of course, in the <filename>/etc/xinetd.d/</filename> directory), which can make an administrator's life easier."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Scheduling Tasks with <command>cron</command> and <command>atd</command>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>cron</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>atd</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>scheduled commands</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>command scheduling</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>cron</command> is the daemon responsible for executing scheduled and recurring commands (every day, every week, etc.); <command>atd</command> is that which deals with commands to be executed a single time, but at a specific moment in the future."
msgstr ""

#. Tag: para
#, no-c-format
msgid "In a Unix system, many tasks are scheduled for regular execution:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "rotating the logs;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "updating the database for the <command>locate</command> program;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "back-ups;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "maintenance scripts (such as cleaning out temporary files)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "By default, all users can schedule the execution of tasks. Each user has thus their own <emphasis>crontab</emphasis> in which they can record scheduled commands. It can be edited by running <command>crontab -e</command> (its content is stored in the <filename>/var/spool/cron/crontabs/<replaceable>user</replaceable></filename> file)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SECURITY</emphasis> Restricting <command>cron</command> or <command>atd</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "You can restrict access to <command>cron</command> by creating an explicit authorization file (whitelist) in <filename>/etc/cron.allow</filename>, in which you indicate the only users authorized to schedule commands. All others will automatically be deprived of this feature. Conversely, to only block one or two troublemakers, you could write their username in the explicit prohibition file (blacklist), <filename>/etc/cron.deny</filename>. This same feature is available for <command>atd</command>, with the <filename>/etc/at.allow</filename> and <filename>/etc/at.deny</filename> files."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The root user has their own <emphasis>crontab</emphasis>, but can also use the <filename>/etc/crontab</filename> file, or write additional <emphasis>crontab</emphasis> files in the <filename>/etc/cron.d</filename> directory. These last two solutions have the advantage of being able to specify the user identity to use when executing the command."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <emphasis>cron</emphasis> package includes by default some scheduled commands that execute:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "programs in the <filename>/etc/cron.hourly/</filename> directory once per hour;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "programs in <filename>/etc/cron.daily/</filename> once per day;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "programs in <filename>/etc/cron.weekly/</filename> once per week;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "programs in <filename>/etc/cron.monthly/</filename> once per month."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Many Debian packages rely on this service: by putting maintenance scripts in these directories, they ensure optimal operation of their services."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Format of a <filename>crontab</filename> File"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><filename>crontab</filename></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>TIP</emphasis> Text shortcuts for <command>cron</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>cron</command> recognizes some abbreviations which replace the first five fields in a <filename>crontab</filename> entry. They correspond to the most classic scheduling options:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>@yearly</literal>: once per year (January 1, at 00:00);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>@monthly</literal>: once per month (the 1st of the month, at 00:00);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>@weekly</literal>: once per week (Sunday at 00:00);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>@daily</literal>: once per day (at 00:00);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>@hourly</literal>: once per hour (at the beginning of each hour)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>SPECIAL CASE</emphasis> <command>cron</command> and daylight savings time."
msgstr ""

#. Tag: para
#, no-c-format
msgid "In Debian, <command>cron</command> takes the time change (for Daylight Savings Time, or in fact for any significant change in the local time) into account as best as it can. Thus, the commands that should have been executed during an hour that never existed (for example, tasks scheduled at 2:30 am during the Spring time change in France, since at 2:00 am the clock jumps directly to 3:00 am) are executed shortly after the time change (thus around 3:00 am DST). On the other hand, in autumn, when commands would be executed several times (2:30 am DST, then an hour later at 2:30 am standard time, since at 3:00 am DST the clock turns back to 2:00 am) are only executed once."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Be careful, however, if the order in which the different scheduled tasks and the delay between their respective executions matters, you should check the compatibility of these constraints with <command>cron</command>'s behavior; if necessary, you can prepare a special schedule for the two problematic nights per year."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each significant line of a <emphasis>crontab</emphasis> describes a scheduled command with the six (or seven) following fields:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the value for the minute (number from 0 to 59);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the value for the hour (from 0 to 23);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the value for the day of the month (from 1 to 31);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the value for the month (from 1 to 12);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the value for the day of the week (from 0 to 7, 1 corresponding to Monday, Sunday being represented by both 0 and 7; it is also possible to use the first three letters of the name of the day of the week in English, such as <literal>Sun</literal>, <literal>Mon</literal>, etc.);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the user name under whose identity the command must be executed (in the <filename>/etc/crontab</filename> file and in the fragments located in <filename>/etc/cron.d/</filename>, but not in the users' own crontab files);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "the command to execute (when the conditions defined by the first five columns are met)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "All these details are documented in the <citerefentry><refentrytitle>crontab</refentrytitle> <manvolnum>5</manvolnum></citerefentry> man page."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Each value can be expressed in the form of a list of possible values (separated by commas). The syntax <literal>a-b</literal> describes the interval of all the values between <literal>a</literal> and <literal>b</literal>. The syntax <literal>a-b/c</literal> describes the interval with an increment of <literal>c</literal> (example: <literal>0-10/2</literal> means <literal>0,2,4,6,8,10</literal>). An asterisk <literal>*</literal> is a wildcard, representing all possible values."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Sample <filename>crontab</filename> file"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid ""
"#Format\n"
"#min hour day mon dow  command\n"
"\n"
"# Download data every night at 7:25 pm\n"
" 25  19   *   *   *    $HOME/bin/get.pl\n"
"\n"
"# 8:00 am, on weekdays (Monday through Friday)\n"
" 00  08   *   *   1-5  $HOME/bin/dosomething\n"
"\n"
"# Restart the IRC proxy after each reboot\n"
"@reboot /usr/bin/dircproxy\n"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>TIP</emphasis> Executing a command on boot"
msgstr ""

#. Tag: para
#, no-c-format
msgid "To execute a command a single time, just after booting the computer, you can use the <literal>@reboot</literal> macro (a simple restart of <command>cron</command> does not trigger a command scheduled with <literal>@reboot</literal>). This macro replaces the first five fields of an entry in the <emphasis>crontab</emphasis>."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Using the <command>at</command> Command"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>at</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>at</command> executes a command at a specified moment in the future. It takes the desired time and date as command-line parameters, and the command to be executed in its standard input. The command will be executed as if it had been entered in the current shell. <command>at</command> even takes care to retain the current environment, in order to reproduce the same conditions when it executes the command. The time is indicated by following the usual conventions: <literal>16:12</literal> or <literal>4:12pm</literal> represents 4:12 pm. The date can be specified in several European and Western formats, including <literal>DD.MM.YY</literal> (<literal>27.07.12</literal> thus representing 27 July 2012), <literal>YYYY-MM-DD</literal> (this same date being expressed as <literal>2012-07-27</literal>), <literal>MM/DD/[CC]YY</literal> (ie., <literal>12/25/12</literal> or <literal>12/25/2012</literal> will be December 25, 2012), or simple <literal>MMDD[CC]YY</literal> (so that <literal>122512</literal> or <literal>12252012</literal> will, likewise, represent December 25, 2012). Without it, the command will be executed as soon as the clock reaches the time indicated (the same day, or tomorrow if that time has already passed on the same day). You can also simply write “today” or “tomorrow”, which is self-explanatory."
msgstr ""

#. Tag: screen
#, no-c-format
msgid ""
"\n"
"<computeroutput>$ </computeroutput><userinput>at 09:00 27.07.14 &lt;&lt;END</userinput>\n"
"<computeroutput>&gt; </computeroutput><userinput>echo \"Don't forget to wish a Happy Birthday to Raphaël!\" \\</userinput>\n"
"<computeroutput>&gt; </computeroutput><userinput>  | mail lolando@debian.org</userinput>\n"
"<computeroutput>&gt; </computeroutput><userinput>END</userinput>\n"
"<computeroutput>warning: commands will be executed using /bin/sh\n"
"job 31 at Fri Jul 27 09:00:00 2012</computeroutput>\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "An alternative syntax postpones the execution for a given duration: <command>at now + <replaceable>number</replaceable> <replaceable>period</replaceable></command>. The <replaceable>period</replaceable> can be <literal>minutes</literal>, <literal>hours</literal>, <literal>days</literal>, or <literal>weeks</literal>. The <replaceable>number</replaceable> simply indicates the number of said units that must elapse before execution of the command."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To cancel a task scheduled by <command>cron</command>, simply run <command>crontab -e</command> and delete the corresponding line in the <emphasis>crontab</emphasis> file. For <command>at</command> tasks, it is almost as easy: run <command>atrm <replaceable>task-number</replaceable></command>. The task number is indicated by the <command>at</command> command when you scheduled it, but you can find it again with the <command>atq</command> command, which gives the current list of scheduled tasks."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>atrm</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>atq</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Scheduling Asynchronous Tasks: <command>anacron</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>anacron</command> is the daemon that completes <command>cron</command> for computers that are not on at all times. Since regular tasks are usually scheduled for the middle of the night, they will never be executed if the computer is off at that time. The purpose of <command>anacron</command> is to execute them, taking into account periods in which the computer is not working."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>anacron</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Please note that <command>anacron</command> will frequently execute such activity a few minutes after booting the machine, which can render the computer less responsive. This is why the tasks in the <filename>/etc/anacrontab</filename> file are started with the <command>nice</command> command, which reduces their execution priority and thus limits their impact on the rest of the system. Beware, the format of this file is not the same as that of <filename>/etc/crontab</filename>; if you have particular needs for <command>anacron</command>, see the <citerefentry><refentrytitle>anacrontab</refentrytitle> <manvolnum>5</manvolnum></citerefentry> manual page."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> Priorities and <command>nice</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Unix systems (and thus Linux) are multi-tasking and multi-user systems. Indeed, several processes can run in parallel, and be owned by different users: the kernel mediates access to the resources between the different processes. As a part of this task, it has a concept of priority, which allows it to favor certain processes over others, as needed. When you know that a process can run in low priority, you can indicate so by running it with <command>nice <replaceable>program</replaceable></command>. The program will then have a smaller share of the CPU, and will have a smaller impact on other running processes. Of course, if no other processes needs to run, the program will not be artificially held back."
msgstr ""

#. Tag: para
#, no-c-format
msgid "<command>nice</command> works with levels of “niceness”: the positive levels (from 1 to 19) progressively lower the priority, while the negative levels (from -1 to -20) will increase it — but only root can use these negative levels. Unless otherwise indicated (see the <citerefentry><refentrytitle>nice</refentrytitle> <manvolnum>1</manvolnum></citerefentry> manual page), <command>nice</command> increases the current level by 10."
msgstr ""

#. Tag: para
#, no-c-format
msgid "If you discover that an already running task should have been started with <command>nice</command> it is not too late to fix it; the <command>renice</command> command changes the priority of an already running process, in either direction (but reducing the “niceness” of a process is reserved to the root user)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Installation of the <emphasis role=\"pkg\">anacron</emphasis> package deactivates execution by <command>cron</command> of the scripts in the <filename>/etc/cron.hourly/</filename>, <filename>/etc/cron.daily/</filename>, <filename>/etc/cron.weekly/</filename>, and <filename>/etc/cron.monthly/</filename> directories. This avoids their double execution by <command>anacron</command> and <command>cron</command>. The <command>cron</command> command remains active and will continue to handle the other scheduled tasks (especially those scheduled by users)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Quotas"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>quota</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The quota system allows limiting disk space allocated to a user or group of users. To set it up, you must have a kernel that supports it (compiled with the <varname>CONFIG_QUOTA</varname> option) — as is the case of Debian kernels. The quota management software is found in the <emphasis role=\"pkg\">quota</emphasis> Debian package."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To activate them in a filesystem, you have to indicate the <literal>usrquota</literal> and <literal>grpquota</literal> options in <filename>/etc/fstab</filename> for the user and group quotas, respectively. Rebooting the computer will then update the quotas in the absence of disk activity (a necessary condition for proper accounting of already used disk space)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>edquota <replaceable>user</replaceable></command> (or <command>edquota -g <replaceable>group</replaceable></command>) command allows you to change the limits while examining current disk space usage."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>edquota</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>GOING FURTHER</emphasis> Defining quotas with a script"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>setquota</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <command>setquota</command> program can be used in a script to automatically change many quotas. Its <citerefentry><refentrytitle>setquota</refentrytitle> <manvolnum>8</manvolnum></citerefentry> manual page details the syntax to use."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The quota system allows you to set four limits:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "two limits (called “soft” and “hard”) refer to the number of blocks consumed. If the filesystem was created with a block-size of 1 kibibyte, a block contains 1024 bytes from the same file. Unsaturated blocks thus induce losses of disk space. A quota of 100 blocks, which theoretically allows storage of 102,400 bytes, will however be saturated with just 100 files of 500 bytes each, only representing 50,000 bytes in total."
msgstr ""

#. Tag: para
#, no-c-format
msgid "two limits (soft and hard) refer to the number of inodes used. Each file occupies at least one inode to store information about it (permissions, owner, timestamp of last access, etc.). It is thus a limit on the number of user files."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A “soft” limit can be temporarily exceeded; the user will simply be warned that they are exceeding the quota by the <command>warnquota</command> command, which is usually invoked by <command>cron</command>. A “hard” limit can never be exceeded: the system will refuse any operation that will cause a hard quota to be exceeded."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>VOCABULARY</emphasis> Blocks and inodes"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>block (disk)</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>inode</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The filesystem divides the hard drive into blocks — small contiguous areas. The size of these blocks is defined during creation of the filesystem, and generally varies between 1 and 8 kibibytes."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A block can be used either to store the real data of a file, or for meta-data used by the filesystem. Among this meta-data, you will especially find the inodes. An inode uses a block on the hard drive (but this block is not taken into consideration in the block quota, only in the inode quota), and contains both the information on the file to which it corresponds (name, owner, permissions, etc.) and the pointers to the data blocks that are actually used. For very large files that occupy more blocks than it is possible to reference in a single inode, there is an indirect block system; the inode references a list of blocks that do not directly contain data, but another list of blocks."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>warnquota</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "With the <command>edquota -t</command> command, you can define a maximum authorized “grace period” within which a soft limit may be exceeded. After this period, the soft limit will be treated like a hard limit, and the user will have to reduce their disk space usage to within this limit in order to be able to write anything to the hard drive."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>GOING FURTHER</emphasis> Setting up a default quota for new users"
msgstr ""

#. Tag: para
#, no-c-format
msgid "To automatically setup a quota for new users, you have to configure a template user (with <command>edquota</command> or <command>setquota</command>) and indicate their user name in the <varname>QUOTAUSER</varname> variable in the <filename>/etc/adduser.conf</filename> file. This quota configuration will then be automatically applied to each new user created with the <command>adduser</command> command."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Making backups is one of the main responsibilities of any administrator, but it is a complex subject, involving powerful tools which are often difficult to master."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>backup</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>restoration</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Many programs exist, such as <command>amanda</command>, <command>bacula</command>, <command>BackupPC</command>. Those are client/server system featuring many options, whose configuration is rather difficult. Some of them provide user-friendly web interfaces to mitigate this. But Debian contains dozens of other backup software covering all possible use cases, as you can easily confirm with <command>apt-cache search backup</command>."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>amanda</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>bacula</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>BackupPC</command></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Rather than detailing some of them, this section will present the thoughts of the Falcot Corp administrators when they defined their backup strategy."
msgstr ""

#. Tag: para
#, no-c-format
msgid "At Falcot Corp, backups have two goals: recovering erroneously deleted files, and quickly restoring any computer (server or desktop) whose hard drive has failed."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Backing Up with <command>rsync</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Backups on tape having been deemed too slow and costly, data will be backed up on hard drives on a dedicated server, on which the use of software RAID (see <xref linkend=\"sect.raid-soft\" />) will protect the data from hard drive failure. Desktop computers are not backed up individually, but users are advised that their personal account on their department's file server will be backed up. The <command>rsync</command> command (from the package of the same name) is used daily to back up these different servers."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>rsync</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BACK TO BASICS</emphasis> The hard link, a second name for the file"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>link</primary><secondary>hard link</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>hard link</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "A hard link, as opposed to a symbolic link, can not be differentiated from the linked file. Creating a hard link is essentially the same as giving an existing file a second name. This is why the deletion of a hard link only removes one of the names associated with the file. As long as another name is still assigned to the file, the data therein remain present on the filesystem. It is interesting to note that, unlike a copy, the hard link does not take up additional space on the hard drive."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A hard link is created with the <command>ln <replaceable>target</replaceable> <replaceable>link</replaceable></command> command. The <replaceable>link</replaceable> file is then a new name for the <replaceable>target</replaceable> file. Hard links can only be created on the same filesystem, while symbolic links are not subject to this limitation."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The available hard drive space prohibits implementation of a complete daily backup. As such, the <command>rsync</command> command is preceded by a duplication of the content of the previous backup with hard links, which prevents usage of too much hard drive space. The <command>rsync</command> process then only replaces files that have been modified since the last backup. With this mechanism a great number of backups can be kept in a small amount of space. Since all backups are immediately available and accessible (for example, in different directories of a given share on the network), you can quickly make comparisons between two given dates."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>copy, backup copy</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>backup</primary><secondary>copy</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis role=\"pkg\">dirvish</emphasis></primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "This backup mechanism is easily implemented with the <command>dirvish</command> program. It uses a backup storage space (“bank” in its vocabulary) in which it places timestamped copies of sets of backup files (these sets are called “vaults” in the dirvish documentation)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The main configuration is in the <filename>/etc/dirvish/master.conf</filename> file. It defines the location of the backup storage space, the list of “vaults” to manage, and default values for expiration of the backups. The rest of the configuration is located in the <filename><replaceable>bank</replaceable>/<replaceable>vault</replaceable>/dirvish/default.conf</filename> files and contains the specific configuration for the corresponding set of files."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The <filename>/etc/dirvish/master.conf</filename> file"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid ""
"bank:\n"
"    /backup\n"
"exclude:\n"
"    lost+found/\n"
"    core\n"
"    *~\n"
"Runall:\n"
"    root    22:00\n"
"expire-default: +15 days\n"
"expire-rule:\n"
"#   MIN HR    DOM MON       DOW  STRFTIME_FMT\n"
"    *   *     *   *         1    +3 months\n"
"    *   *     1-7 *         1    +1 year\n"
"    *   *     1-7 1,4,7,10  1\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <literal>bank</literal> setting indicates the directory in which the backups are stored. The <literal>exclude</literal> setting allows you to indicate files (or file types) to exclude from the backup. The <literal>Runall</literal> is a list of file sets to backup with a time-stamp for each set, which allows you to assign the correct date to the copy, in case the backup is not triggered at precisely the assigned time. You have to indicate a time just before the actual execution time (which is, by default, 10:04 pm in Debian, according to <filename>/etc/cron.d/dirvish</filename>). Finally, the <literal>expire-default</literal> and <literal>expire-rule</literal> settings define the expiration policy for backups. The above example keeps forever backups that are generated on the first Sunday of each quarter, deletes after one year those from the first Sunday of each month, and after 3 months those from other Sundays. Other daily backups are kept for 15 days. The order of the rules does matter, Dirvish uses the last matching rule, or the <literal>expire-default</literal> one if no other <literal>expire-rule</literal> matches."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>IN PRACTICE</emphasis> Scheduled expiration"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The expiration rules are not used by <command>dirvish-expire</command> to do its job. In reality, the expiration rules are applied when creating a new backup copy to define the expiration date associated with that copy. <command>dirvish-expire</command> simply peruses the stored copies and deletes those for which the expiration date has passed."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The <filename>/backup/root/dirvish/default.conf</filename> file"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid ""
"client: rivendell.falcot.com\n"
"tree: /\n"
"xdev: 1\n"
"index: gzip\n"
"image-default: %Y%m%d\n"
"exclude:\n"
"    /var/cache/apt/archives/*.deb\n"
"    /var/cache/man/**\n"
"    /tmp/**\n"
"    /var/tmp/**\n"
"    *.bak\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The above example specifies the set of files to back up: these are files on the machine <emphasis>rivendell.falcot.com</emphasis> (for local data backup, simply specify the name of the local machine as indicated by <command>hostname</command>), especially those in the root tree (<literal>tree: /</literal>), except those listed in <literal>exclude</literal>. The backup will be limited to the contents of one filesystem (<literal>xdev: 1</literal>). It will not include files from other mount points. An index of saved files will be generated (<literal>index: gzip</literal>), and the image will be named according to the current date (<literal>image-default: %Y%m%d</literal>)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "There are many options available, all documented in the <citerefentry><refentrytitle>dirvish.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> manual page. Once these configuration files are setup, you have to initialize each file set with the <command>dirvish --vault <replaceable>vault</replaceable> --init</command> command. From there on the daily invocation of <command>dirvish-runall</command> will automatically create a new backup copy just after having deleted those that expired."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>IN PRACTICE</emphasis> Remote backup over SSH"
msgstr ""

#. Tag: para
#, no-c-format
msgid "When dirvish needs to save data to a remote machine, it will use <command>ssh</command> to connect to it, and will start <command>rsync</command> as a server. This requires the root user to be able to automatically connect to it. The use of an SSH authentication key allows precisely that (see <xref linkend=\"sect.ssh-key-based-auth\" />)."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Restoring Machines without Backups"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Desktop computers, which are not backed up, will be easy to reinstall from custom DVD-ROMs prepared with <emphasis>Simple-CDD</emphasis> (see <xref linkend=\"sect.simple-cdd\" />). Since this performs an installation from scratch, it loses any customization that can have been made after the initial installation. This is fine since the systems are all hooked to a central LDAP directory for accounts and most desktop applications are preconfigured thanks to dconf (see <xref linkend=\"sect.gnome-desktop\" /> for more information about this)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Falcot Corp administrators are aware of the limits in their backup policy. Since they can't protect the backup server as well as a tape in a fireproof safe, they have installed it in a separate room so that a disaster such as a fire in the server room won't destroy backups along with everything else. Furthermore, they do an incremental backup on DVD-ROM once per week — only files that have been modified since the last backup are included."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>GOING FURTHER</emphasis> Backing up SQL and LDAP services"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Many services (such as SQL or LDAP databases) can not be backed up by simply copying their files (unless they are properly interrupted during creation of the backups, which is frequently problematic, since they are intended to be available at all times). As such, it is necessary to use an “export” mechanism to create a “data dump” that can be safely backed up. These are often quite large, but they compress well. To reduce the storage space required, you will only store a complete text file per week, and a <command>diff</command> each day, which is created with a command of the type <command>diff <replaceable>file_from_yesterday</replaceable> <replaceable>file_from_today</replaceable></command>. The <command>xdelta</command> program produces incremental differences from binary dumps."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>xdelta</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>diff</command></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>dump</primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>CULTURE</emphasis> <emphasis>TAR</emphasis>, the standard for tape backups"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>backup</primary><secondary>on tape</secondary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>tape, backup</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>TAR</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Historically, the simplest means of making a backup on Unix was to store a <emphasis>TAR</emphasis> archive on a tape. The <command>tar</command> command even got its name from “Tape ARchive”."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Hot Plugging: <emphasis>hotplug</emphasis>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "Introduction"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The <emphasis>hotplug</emphasis> kernel subsystem dynamically handles the addition and removal of devices, by loading the appropriate drivers and by creating the corresponding device files (with the help of <command>udevd</command>). With modern hardware and virtualization, almost everything can be hotplugged: from the usual USB/PCMCIA/IEEE 1394 peripherals to SATA hard drives, but also the CPU and the memory."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The kernel has a database that associates each device ID with the required driver. This database is used during boot to load all the drivers for the peripheral devices detected on the different buses, but also when an additional hotplug device is connected. Once the device is ready for use, a message is sent to <command>udevd</command> so it will be able to create the corresponding entry in <filename>/dev/</filename>."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><emphasis>hotplug</emphasis></primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>hotplug</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>USB</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>IEEE 1394</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>PCMCIA</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>SATA</primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Naming Problem"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Before the appearance of hotplug connections, it was easy to assign a fixed name to a device. It was based simply on the position of the devices on their respective bus. But this is not possible when such devices can come and go on the bus. The typical case is the use of a digital camera and a USB key, both of which appear to the computer as disk drives. The first one connected may be <filename>/dev/sdb</filename> and the second <filename>/dev/sdc</filename> (with <filename>/dev/sda</filename> representing the computer's own hard drive). The device name is not fixed; it depends on the order in which devices are connected."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Additionally, more and more drivers use dynamic values for devices' major/minor numbers, which makes it impossible to have static entries for the given devices, since these essential characteristics may vary after a reboot."
msgstr ""

#. Tag: para
#, no-c-format
msgid "<emphasis>udev</emphasis> was created precisely to solve this problem."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>IN PRACTICE</emphasis> Network card management"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Many computers have multiple network cards (sometimes two wired interfaces and a wifi interface), and with <emphasis>hotplug</emphasis> support on most bus types, the 2.6 kernel no longer guarantees fixed naming of network interfaces. But a user who wants to configure their network in <filename>/etc/network/interfaces</filename> needs a fixed name!"
msgstr ""

#. Tag: para
#, no-c-format
msgid "It would be difficult to ask every user to create their own <emphasis>udev</emphasis> rules to address this problem. This is why <emphasis>udev</emphasis> was configured in a rather peculiar manner; on first boot (and, more generally, each time that a new network card appears) it uses the name of the network interface and its MAC address to create new rules that will reassign the same name on subsequent boots. These rules are stored in <filename>/etc/udev/rules.d/70-persistent-net.rules</filename>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "This mechanism has some side effects that you should know about. Let's consider the case of computer that has only one PCI network card. The network interface is named <literal>eth0</literal>, logically. Now say the card breaks down, and the administrator replaces it; the new card will have a new MAC address. Since the old card was assigned the name, <literal>eth0</literal>, the new one will be assigned <literal>eth1</literal>, even though the <literal>eth0</literal> card is gone for good (and the network will not be functional because <filename>/etc/network/interfaces</filename> likely configures an <literal>eth0</literal> interface). In this case, it is enough to simply delete the <filename>/etc/udev/rules.d/70-persistent-net.rules</filename> file before rebooting the computer. The new card will then be given the expected <literal>eth0</literal> name."
msgstr ""

#. Tag: title
#, no-c-format
msgid "How <emphasis>udev</emphasis> Works"
msgstr ""

#. Tag: para
#, no-c-format
msgid "When <emphasis>udev</emphasis> is notified by the kernel of the appearance of a new device, it collects various information on the given device by consulting the corresponding entries in <filename>/sys/</filename>, especially those that uniquely identify it (MAC address for a network card, serial number for some USB devices, etc.)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Armed with all of this information, <emphasis>udev</emphasis> then consults all of the rules contained in <filename>/etc/udev/rules.d/</filename> and <filename>/lib/udev/rules.d/</filename>. In this process it decides how to name the device, what symbolic links to create (to give it alternative names), and what commands to execute. All of these files are consulted, and the rules are all evaluated sequentially (except when a file uses “GOTO” directives). Thus, there may be several rules that correspond to a given event."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The syntax of rules files is quite simple: each row contains selection criteria and variable assignments. The former are used to select events for which there is a need to react, and the latter defines the action to take. They are all simply separated with commas, and the operator implicitly differentiates between a selection criterion (with comparison operators, such as <literal>==</literal> or <literal>!=</literal>) or an assignment directive (with operators such as <literal>=</literal>, <literal>+=</literal> or <literal>:=</literal>)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Comparison operators are used on the following variables:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>KERNEL</literal>: the name that the kernel assigns to the device;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>ACTION</literal>: the action corresponding to the event (“add” when a device has been added, “remove” when it has been removed);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>DEVPATH</literal>: the path of the device's <filename>/sys/</filename> entry;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>SUBSYSTEM</literal>: the kernel subsystem which generated the request (there are many, but a few examples are “usb”, “ide”, “net”, “firmware”, etc.);"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>ATTR{<replaceable>attribut</replaceable>}</literal>: file contents of the <replaceable>attribute</replaceable> file in the <filename>/sys/<replaceable>$devpath</replaceable>/</filename> directory of the device. This is where you find the MAC address and other bus specific identifiers;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>KERNELS</literal>, <literal>SUBSYSTEMS</literal> and <literal>ATTRS{<replaceable>attributes</replaceable>}</literal> are variations that will try to match the different options on one of the parent devices of the current device;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>PROGRAM</literal>: delegates the test to the indicated program (true if it returns 0, false if not). The content of the program's standard output is stored so that it can be reused by the <literal>RESULT</literal> test;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>RESULT</literal>: execute tests on the standard output stored during the last call to <literal>PROGRAM</literal>."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The right operands can use pattern expressions to match several values at the same time. For instance, <literal>*</literal> matches any string (even an empty one); <literal>?</literal> matches any character, and <literal>[]</literal> matches the set of characters listed between the square brackets (or the opposite thereof if the first character is an exclamation point, and contiguous ranges of characters are indicated like <literal>a-z</literal>)."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Regarding the assignment operators, <literal>=</literal> assigns a value (and replaces the current value); in the case of a list, it is emptied and contains only the value assigned. <literal>:=</literal> does the same, but prevents later changes to the same variable. As for <literal>+=</literal>, it adds an item to a list. The following variables can be changed:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>NAME</literal>: the device filename to be created in <filename>/dev/</filename>. Only the first assignment counts; the others are ignored;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>SYMLINK</literal>: the list of symbolic links that will point to the same device;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>OWNER</literal>, <literal>GROUP</literal> and <literal>MODE</literal> define the user and group that owns the device, as well as the associated permission;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>RUN</literal>: the list of programs to execute in response to this event."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The values assigned to these variables may use a number of substitutions:"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$kernel</literal> or <literal>%k</literal>: equivalent to <literal>KERNEL</literal>;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$number</literal> or <literal>%n</literal>: the order number of the device, for example, for <literal>sda3</literal>, it would be “3”;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$devpath</literal> or <literal>%p</literal>: equivalent to <literal>DEVPATH</literal>;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$attr{<replaceable>attribute</replaceable>}</literal> or <literal>%s{<replaceable>attribute</replaceable>}</literal>: equivalent to <literal>ATTRS{<replaceable>attribute</replaceable>}</literal>;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$major</literal> or <literal>%M</literal>: the kernel major number of the device;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$minor</literal> or <literal>%m</literal>: the kernel minor number of the device;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "<literal>$result</literal> or <literal>%c</literal>: the string output by the last program invoked by <literal>PROGRAM</literal>;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "and, finally, <literal>%%</literal> and <literal>$$</literal> for the percent and dollar sign, respectively."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The above lists are not complete (they include only the most important parameters), but the <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> manual page should be."
msgstr ""

#. Tag: title
#, no-c-format
msgid "A concrete example"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Let us consider the case of a simple USB key and try to assign it a fixed name. First, you must find the elements that will identify it in a unique manner. For this, plug it in and run <command>udevadm info -a -n /dev/sdc</command> (replacing <replaceable>/dev/sdc</replaceable> with the actual name assigned to the key)."
msgstr ""

#. Tag: screen
#, no-c-format
msgid ""
"<computeroutput># </computeroutput><userinput>udevadm info -a -n /dev/sdc</userinput>\n"
"<computeroutput>[...]\n"
"  looking at device '/devices/pci0000:00/0000:00:10.3/usb1/1-2/1-2.2/1-2.2:1.0/host9/target9:0:0/9:0:0:0/block/sdc':\n"
"    KERNEL==\"sdc\"\n"
"    SUBSYSTEM==\"block\"\n"
"    DRIVER==\"\"\n"
"    ATTR{range}==\"16\"\n"
"    ATTR{ext_range}==\"256\"\n"
"    ATTR{removable}==\"1\"\n"
"    ATTR{ro}==\"0\"\n"
"    ATTR{size}==\"126976\"\n"
"    ATTR{alignment_offset}==\"0\"\n"
"    ATTR{capability}==\"53\"\n"
"    ATTR{stat}==\"      51      100     1208      256        0        0        0        0        0      192      25        6\"\n"
"    ATTR{inflight}==\"       0        0\"\n"
"[...]\n"
"  looking at parent device '/devices/pci0000:00/0000:00:10.3/usb1/1-2/1-2.2/1-2.2:1.0/host9/target9:0:0/9:0:0:0':\n"
"    KERNELS==\"9:0:0:0\"\n"
"    SUBSYSTEMS==\"scsi\"\n"
"    DRIVERS==\"sd\"\n"
"    ATTRS{device_blocked}==\"0\"\n"
"    ATTRS{type}==\"0\"\n"
"    ATTRS{scsi_level}==\"3\"\n"
"    ATTRS{vendor}==\"I0MEGA  \"\n"
"    ATTRS{model}==\"UMni64MB*IOM2C4 \"\n"
"    ATTRS{rev}==\"    \"\n"
"    ATTRS{state}==\"running\"\n"
"[...]\n"
"    ATTRS{max_sectors}==\"240\"\n"
"[...]\n"
"  looking at parent device '/devices/pci0000:00/0000:00:10.3/usb1/1-2/1-2.2':\n"
"    KERNELS==\"9:0:0:0\"\n"
"    SUBSYSTEMS==\"usb\"\n"
"    DRIVERS==\"usb\"\n"
"    ATTRS{configuration}==\"iCfg\"\n"
"    ATTRS{bNumInterfaces}==\" 1\"\n"
"    ATTRS{bConfigurationValue}==\"1\"\n"
"    ATTRS{bmAttributes}==\"80\"\n"
"    ATTRS{bMaxPower}==\"100mA\"\n"
"    ATTRS{urbnum}==\"398\"\n"
"    ATTRS{idVendor}==\"4146\"\n"
"    ATTRS{idProduct}==\"4146\"\n"
"    ATTRS{bcdDevice}==\"0100\"\n"
"[...]\n"
"    ATTRS{manufacturer}==\"USB Disk\"\n"
"    ATTRS{product}==\"USB Mass Storage Device\"\n"
"    ATTRS{serial}==\"M004021000001\"\n"
"[...]\n"
"</computeroutput>\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "To create a new rule, you can use tests on the device's variables, as well as those of one of the parent devices. The above case allows us to create two rules like these:"
msgstr ""

#. Tag: programlisting
#, no-c-format
msgid ""
"KERNEL==\"sd?\", SUBSYSTEM==\"block\", ATTRS{serial}==\"M004021000001\", SYMLINK+=\"usb_key/disk\"\n"
"KERNEL==\"sd?[0-9]\", SUBSYSTEM==\"block\", ATTRS{serial}==\"M004021000001\", SYMLINK+=\"usb_key/part%n\"\n"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Once these rules are set in a file, named for example <filename>/etc/udev/rules.d/010_local.rules</filename>, you can simply remove and reconnect the USB key. You can then see that <filename>/dev/usb_key/disk</filename> represents the disk associated with the USB key, and <filename>/dev/usb_key/part1</filename> is its first partition."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>GOING FURTHER</emphasis> Debugging <emphasis>udev</emphasis>'s configuration"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Like many daemons, <command>udevd</command> stores logs in <filename>/var/log/daemon.log</filename>. But it is not very verbose by default, and it's usually not enough to understand what's happening. The <command>udevadm control --log-priority=info</command> command increases the verbosity level and solves this problem. <command>udevadm control --log-priority=err</command> returns to the default verbosity level."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Power Management: Advanced Configuration and Power Interface (ACPI)"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>power management</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>management, power management</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The topic of power management is often problematic. Indeed, properly suspending the computer requires that all the computer's device drivers know how to put them to standby, and that they properly reconfigure the devices upon waking. Unfortunately, there are still a few devices unable to sleep well under Linux, because their manufacturers have not provided the required specifications."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Linux supports ACPI (Advanced Configuration and Power Interface) — the most recent standard in power management. The <emphasis role=\"pkg\">acpid</emphasis> package provides a daemon that looks for power management related events (switching between AC and battery power on a laptop, etc.) and that can execute various commands in response."
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>ACPI</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Advanced Configuration and Power Interface</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary><command>acpid</command></primary>"
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>CULTURE</emphasis> Advanced Power Management (APM)"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>APM</primary>"
msgstr ""

#. Tag: indexterm
#, no-c-format
msgid "<primary>Advanced Power Management</primary>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "APM (Advanced Power Management) is the ancestor of ACPI in the power management world. While Debian still provides <command>apmd</command> (the counterpart to <command>acpid</command> for the APM standard), the official Debian kernel no longer supports APM so you'll have to run a custom kernel if you really need it for some old computer."
msgstr ""

#. Tag: title
#, no-c-format
msgid "<emphasis>BEWARE</emphasis> Graphics card and standby"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The graphics card driver is often the culprit when standby doesn't work properly. In that case, it is a good idea to test the latest version of the X.org graphics server."
msgstr ""

#. Tag: para
#, no-c-format
msgid "After this overview of basic services common to many Unix systems, we will focus on the environment of the administered machines: the network. Many services are required for the network to work properly. They will be discussed in the next chapter."
msgstr ""