The following sections describe the configuration of some packages.

1. amavisd-new

For the first initial setup you may want to use our amavisconf utility.

From amavisd-new-2.5.2-1 we no longer use a random uid/gid, but dedicated ones. Because of this amavis service will not start if you have it installed before, so you have to correct this by issuing these commands:

groupmod -g 40 amavis
usermod -u 40 -g 40 amavis
chown -R amavis:amavis /var/lib/amavis
chown -R amavis:amavis /var/lock/amavis

You should chown any other amavis-owned stuff you may have lying around, these are only the default ones.

2. android-sdk

Setting up Android SDK :

# repoman upd
# repoman merge android-sdk
# pacman-g2 -A android-sdk-r11-1-i686.fpm

You should open a new shell to have android-sdk/tools/ in the path. After that, just type "adb" (not "./adb") as mentionned in following links.

If you want to use your Android phone as a proxy, see these pages :

3. apache

3.1. How to configure Apache

  1. These steps require root privileges, so use su - to get a root shell.

  2. The Apache server isn’t started by default. You can change this with the 

    # service httpd add

    command.

  3. We don’t want to reboot, so start it manually: 

    # service httpd start
Starting Apache web server (no SSL)                                      [ OK ]

You have finished if you don’t need SSL support.

3.2. Setting up SSL support for Apache

  1. Creating the certifications: 

    # cd /etc/httpd/conf/
# sh mkcert.sh

Signature Algorithm ((R)SA or (D)SA) [R]:

     Here we can accept the default RSA signature algorithm first. Then
     we have to fill out some fields. There are quite a few fields but
     you can leave most of them blank. If you enter '.', the field will
     be left blank.
       1) Country Name (2 letter code) [XY]:

          Give the 2-letter code of our contry (for example US)

       2) State or Province Name (full name) [Snake Desert]:

          We type our state.

       3) Locality Name (eg, city) [Snake Town]:

         The name of our city.

       4) Organization Name (eg, company) [Snake Oil, Ltd]:

          Our organization's name.

       5) Organizational Unit Name (eg, section) [Webserver Team]:

          Our section's name.

       6) Common Name (eg, FQDN) [www.snakeoil.com]:

          Important: Give a real address here, otherwise you'll get
          warnings in your browser!

       7) Email Address (eg, `name@FQDN') [`www@snakeoil.com']:

          I usually give the email address of the webmaster here.
          (webmaster@domain.com)

       8) Certificate Validity (days) [365]:

          In most cases, one year will be good.

          Then, we should choose the version of our certificate:

          Certificate Version (1 or 3) [3]:

          The default 3 will be good, so just hit enter. In the next
          step we can  encrypt our private key:

          Encrypt the private key now? [Y/n]:

          The keys will not be readable by users, so we can leave this
          step out.

    So the following files are created:

    /etc/httpd/conf/ssl.key/server.key (keep this file private!)
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.csr/server.csr

  2. Enable SSL in /etc/httpd/conf/httpd.conf: Open the file with your favorite editor, and search the followings at about line 1040: 

    # Uncomment this if you want SSL support!
#<IfModule mod_ssl.c>
#       Include /etc/httpd/conf/ssl.conf
#</IfModule>

    Uncomment them.

  3. Now we should restart Apache: 

    # service httpd restart

  4. Then we can check if the task was successful: 

    $ elinks https://localhost/

    This should show the default homapage, received via SSL :)

3.3. Self-signed Apache certificate

This must be done as root.

# openssl genrsa -des3 -out server.key 1024

Enter "foobar" twice as passphrase.

# openssl req -new -key server.key -out server.csr

Enter "foobar" when asked for passphrase, answer the questions. Leave "challenge password" "and optional company name" empty.

# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key

Enter "foobar" when asked for passphrase.

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# cp server.crt /etc/httpd/conf/ssl.crt/
# cp server.key /etc/httpd/conf/ssl.key/
# service httpd stop
# vi /etc/httpd/conf/httpd.conf

Uncomment the marked three lines around line 1044 (look for "SSL support").

# service httpd restart

Don’t forget to open port 443 on your firewall, if any. (Based on How to create a self-signed SSL Certificate…, tested on frugalware-current 2007-02-14.)

4. asciidoc

Asciidoc has a number of configuration files under /etc/asciidoc and it’s easy to get lost in that directory.

Regarding pdf (dblatex) generation, here are some options you can set:

  • If you want to avoid the "PDF by dblatex" picture on the front page, edit /etc/asciidoc/dblatex/asciidoc-dblatex.xsl: 

<xsl:param name="doc.publisher.show">0</xsl:param>

  • If you want to avoid the "Revision History" page, add: 

<xsl:param name="latex.output.revhistory">0</xsl:param>

  • If you want to avoid the "Contents" page, add: 

<xsl:param name="doc.toc.show">0</xsl:param>

  • If you want to avoid the front page, sadly you can’t do it from a configuration file, but for now you can edit /usr/share/dblatex/latex/style/docbook.sty. Change the \maketitle macro to: 

\def\maketitle{
  \def\edhead{}
  \DBKdomitete
}

5. autojump

5.1. AUTOJUMP

5.1.1. A cd command that learns

Please read the official README or the manual.

5.1.2. Installation

Add the line :

source /etc/profile

to ~/.bashrc or ~/.zshrc if it isn’t already there.

6. avahi

Warning
 If you have rlocate installed on your system, Avahi will not run and therefore Zeroconf functionality in programs will be disabled. If you want this functionality, then please uninstall rlocate.

Also, If you are using iptables, please uncomment this line in /etc/sysconfig/firewall:

#-A INPUT -p udp -m udp --dport 5353 -j ACCEPT

After that do not forget to restart iptables with:

# service firewall restart

7. b43-fwcutter

Since version 2.6.24, the bcm43xx driver is deprecated, replaced by the b43 and b43legacy modules.

The module should be loaded automatically, in case it isn’t, you can load it manually:

# modprobe b43

or:

# modprobe b43legacy

You must bring the device up with ifconfig before doing any other configuration steps.

# ifconfig ethX up

Since the channel must be set manually, first do a scan:

# iwlist ethX scan

Then you can set it:

# iwconfig ethX channel Y

Finally set your essid:

# iwconfig ethX essid "myessid"

Ready!

8. ccache

After you installed ccache, it won’t be enabled by default.

First, you need to determine who is allowed to use ccache. You have to add each user to the ccache group. If you want to allow using ccache from chrooted builds, then you need to add the fst user:

# usermod -a -G ccache fst

Second, you need to somehow let the build system to use ccache, and not the compiler directly. If you use makepkg, this is enabled by default (you can disable it with the -B option). If you build manually, then you are on your own, though usually there are two ways to do so:

  • Tell the configure script to use a different compiler: 

$ CC=/usr/bin/ccache ./configure

  • Modify path to use the fake compiler provided by ccache: 

export PATH=/usr/lib/ccache/bin:$PATH

9. cryptsetup-luks

Follow these steps to when using cryptsetup-luks:

9.1. Creating

# cryptsetup luksFormat /dev/partition
# cryptsetup luksOpen /dev/partition label
# mke2fs -j /dev/mapper/label
# mount /dev/mapper/label /mnt/label

9.2. Mounting

Of course later you don’t have to use luksFormat and mke2fs:

# cryptsetup luksOpen /dev/partition label
# mount /dev/mapper/label /mnt/label

9.3. Umounting

# umount /mnt/label
# cryptsetup luksClose label

9.4. Encrypting your home partition

Note
 You have need to install the sharutils package to do the followings!

  • List these modules in /etc/sysconfig/modules: 

aes
aes-i586
sha256
dm-crypt

  • Move all data from /home to a secure place (in this example /media/sda1/home) 

# cp -arvx /home /media/sda1/

  • Umount /home (in this example /dev/hda6) and fill it with random numbers: 

# umount /home
# dd if=/dev/urandom of=/dev/hda6

  • Create the encrypted partition: 

# cryptsetup -y luksFormat /dev/hda6

Here we will be asked for a password which will be necessary to access /home at boot time.

  • Open the encrypted partition and create its file system (ext3 in this example): 

# cryptsetup luksOpen /dev/hda6 home
# mkfs.ext3 /dev/mapper/home

  • Mount the home partition and copy the contents of original home: 

# mount /dev/mapper/home /home
# cp -arvx /media/sda1/home /home

  • Edit the home related line in /etc/fstab: 

/dev/mapper/home        /home   ext3    noatime 0       0

  • Create /etc/rc.d/rc.crypt script with the following content: 

#!/bin/sh

/usr/sbin/cryptsetup luksOpen /dev/hda6 home
/bin/mount /dev/mapper/home /home

  • Enable it: 

# ln -s /etc/rc.d/rc.crypt /etc/rc.d/rcS.d/S15rc.crypt

You have to delay the splash screen, so that you can type your password before the splash appears:

# mv /etc/rc.d/rcS.d/S03rc.splash /etc/rc.d/rcS.d/S15rc.splash

(It will ask the password between the lvm and the splash service.)

Now the system can be restarted and the password will be asked to access home partition boot-time.

Note
 The English keyboard map will be used at that point of the boot process.

10. cyrus-sasl

10.1. Configuring

This mini-howto helps you to install the saslauthd server using postfix which will authenticate using users and passwords from /etc/{passwd,shadow}.

First install the necessary packages:

# pacman-g2 -S postfix saslauthd

Enable sasl in postfix’s config by appending the following lines to /etc/postfix/main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

You may want to append

broken_sasl_auth_clients = yes

as well.

Put the following lines to /usr/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Edit /etc/sysconfig/saslauthd by changing the following lines:

options=""

to

options="-a shadow"

Now you can start saslauthd by

service saslauthd start

as well as enabled in by default on startup:

service saslauthd add

Issue id postfix and see if the daemon group is listed. If not, then add postfix to the daemon group:

usermod -G daemon postfix

Finally restart postfix:

service postfix restart

Compeleted!

10.2. Verifying

We test it using telnet. We need perl to generate the string for the SASL authentication:

$ perl -MMIME::Base64 -e 'print encode_base64("vmiklos\0vmiklos\0secret");'
dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==

Then use telnet:

$ telnet host.com 25
Trying ip...
Connected to host.com.
Escape character is '^]'.
220 host.com ESMTP Postfix
ehlo my.dhcp
250-host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

11. dante

11.1. Configuration

In most cases you have a socks server (you can create one easily using ssh, see the documentation of the openssh package), and you want to route all traffic through it. Here is the config you need:

route {
        from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 8080
        proxyprotocol: socks_v4
}

11.2. Testing it

Try for example:

$ socksify irssi

When you connect to a server, others will see that you’re connecting from the server, not from your own host.

12. ddclient

Please configure /etc/ddclient/ddclient.conf before running ddclient!

Samples for common configurations can be found in: /usr/share/doc/ddclient-$package_version/sample*

Additional details and instructions can be found in: /usr/share/doc/ddclient-$package_version/README

Once you have finished configuring the ddclient.conf file, you can start ddclient as a daemon by running as root, the following command:

# service ddclient start

13. dhcp

If you are in trouble setting up your dhclient, use the following options. These are quite good defaults:

request subnet-mask, broadcast-address, time-offset, \
        routers, domain-name, domain-name-servers, \
        host-name, netbios-name-servers, netbios-scope;
timeout 20;
script "/sbin/dhclient-script";

14. dspam

To populate the DSPAM database, you need to follow several steps.

  1. First create a database. Login to the mysql command prompt. 

    $ mysql -u root -p
mysql> CREATE database dspam;

  2. Next, you need to create a dspam user. At the same MySQL prompt: 

    mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';

    Replacing passwd with your chosen password.

  3. Optimizing the datebase:

    If you want a space optimized db do:

    $ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql

    If you want a speed optimized db do:

    $ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql

    Enter the password you set in the previous step, and the database should be populated.

  4. Remember to edit /etc/dspam/dspam.conf accordenly

If you want to use the postgresql, sqlite3 or Berekely DB4 backends you can find instructions in the dspam documentation.

15. fuse

Fuse is a virtual filesystem "helper" which makes possible to mount unusual things as a filesystem. It is achieved by using a simple program, which runs in user space, to provide data that can be represented by the fuse kernel module as a filesystem. The interpreter program is a less complex one than a kernel-space module, which is much harder to write. In Frugalware, regular users of a given box can mount filesystems by fuse. First as root, let’s install the tools needed:

# pacman-g2 -S fuse

Now, having the base of fuse, we need to install the programs for each specific filesystem type. To get a hint on what is available, you can issue the following command:

$ pacman-g2 -Ss fuse

The two most used (ftp, ssh) plugins can be installed by running the following command. Beware, the ftp fs is a perl module, and it seems a bit memory hungry / buggy / slow so therefore it might be replaced by CurlFtpFS in the future.

# pacman-g2 -S fuseftp sshfs-fuse

Then, you can mount a remote dir with sftp access as a regular user doing:

$ /sbin/mount.fuse  sshfs#YOURUSERNAME@SERVER:/REMOTEDIR /LOCALDIR -o rw,OTHEROPTIONS

You can also unmount it as a regular user doing:

$ fusermount -u /LOCALDIR

16. gammu

16.1. Configuring

You need to create your ~/.gammurc:

[gammu]
port = /dev/ttyUSB0
connection = fbus

Replace /dev/ttyUSB0 with your serial port device and fbus with the appropriate protocol name if you are not a Nokia user. Check if you have write access to the device, you need to be a member of the uucp group.

Once you think you’re done, check your setup:

$ gnokii --identify

It should print your IMEI number so that you’ll be able to check if gammu really found your phone or there is a problem.

16.2. Creating a backup

You probably use gammu to make a backup of your phone.

This involves two steps:

  • Backing up your SMSes 

    $ gammu --backupsms backupsms.txt

  • The rest of your phone. 

    $ gammu --backup backup.txt

You may find an alternative format more human-readable for SMSes:

$ gammu --geteachsms > eachsms.txt

See the manual page for more tricks!

17. git

17.1. gitweb

If you want to set up a web interface for your git repositories, then:

  • install the gitweb package

  • edit /etc/gitweb.conf so that $projectroot will point to the repository directory

  • restart apache so that the gitweb configuration will be included.

18. gnome-bluetooth

For have a full bluetooth support with gnome install obex-data-server # pacman-g2 -S obex-data-server

19. grub2

It is no longer acceptable to edit your grub configuration manually since upgrading to grub2. Instead, it is advised to insert any customizations you require in /etc/sysconfig/grub-config and /etc/sysconfig/grub-custom.

20. help2man

The most common usage of this applications is something like this:

$ help2man -n "<oneliner description>" -S Frugalware -N ./<binary> |sed 's/\\(co/(c)/' ><binary>.1

21. hostapd

Configuration examples can be found in /etc/hostapd. You must edit the following files located in /etc/hostapd to configure hostapd:

hostapd.allow hostapd.conf hostapd.deny

22. kexec-tools

Warning
 kexec works just like reboot, so please save your data before using it!

Loading the new kernel:

# kexec -l /boot/vmlinuz-2.6.18-fw1 --append="ro root=/dev/hda3 quiet resume=/dev/hda2"

Booting it:

# kexec -e

23. keychain

First of all, we have to install package called keychain. (pacman-g2 -S keychain)

In the next step we have to create a new key. A key stands from two parts, a public and a private part. It means two different files in your ~/.ssh/ directory.

Your key is generated by a program called ssh-keygen. It’s a part of openssh package. Run ssh-keygen -t dsa! You’ll see something like this:

voroskoi@kavics~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/voroskoi/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/voroskoi/.ssh/id_dsa.
Your public key has been saved in /home/voroskoi/.ssh/id_dsa.pub.
The key fingerprint is:
ac:47:93:29:d2:c4:e1:85:47:5c:c1:36:93:74:e9:08 voroskoi@kavics

It’ll generate for us the two parts of the key. The program asks where do you want to save the keys, it’s good to simply push an enter. After that You have to type in the passphrase of the key two times. It’s really important to chose a hard passphrase. It should contain lower-/uppercase characters, digits, possibly special characters too. The length must be at least 10 characters! We have to type in this passphrase only once after every restart we shouldn’t choose an easy one.

If everything works fine, then we have an id_dsa and an id_dsa.pub file in our ~/.ssh/ directory.

voroskoi@kavics~/.ssh $ ls -la
drwx------   2 voroskoi users   5 2005-04-13 13:39 ./
drwx--x--x  38 voroskoi users  67 2005-04-13 13:24 ../
-rw-------   1 voroskoi users 736 2005-03-01 21:25 id_dsa
-rw-r--r--   1 voroskoi users 605 2005-04-11 04:18 id_dsa.pub
-rw-r--r--   1 voroskoi users 230 2005-04-11 04:26 known_hosts

Now, we would like to use our newly generated key. We have to do the following:

$ scp ~/.ssh/id_dsa.pub username@remote_machine:
$ ssh username@remote_machine
$ cat id_dsa.pub >> ~/.ssh/authorized_keys
$ rm id_dsa.pub
$ exit

Good to know, that this time(I mean when we run scp and ssh commands) we can’t use our key’s passphrase, so we have to use our password on the remore_machine. If it’s done without any mistake on next login the remote_machine will ask for our key’s passphrase.

And here comes keychain. In openssh package there is a program called ssh-agent. You can store keys in ssh-agent. Keychain just makes easier using of ssh-agent and adds some new features.

This time i assume that we use bash. If we would like to use keychain with an other shell, then we can use man keychain:-) So, let’s take out favourite editor and add the following lines to ~/.bash_profile file:

keychain -q id_dsa
[ -f $HOME/.keychain/$HOSTNAME-sh ] && source $HOME/.keychain/$HOSTNAME-sh

24. ksplice

ksplice is handy in case there is a serious security fix and you don’t want or can’t afford rebooting your system immediately.

Let’s pick an example, the kernel-2.6.28-6anacreon3 update, which added CVE-2009-2692.patch.

First update FST so that you will have the patch:

# repoman upd

Now create a working dir:

$ cp -a /usr/src/linux/ ~/linux-source
$ cd ~/linux-source
$ mkdir ksplice
$ cp /boot/config ksplice/.config
$ cp /boot/System.map ksplice/
$ ln -s ~/linux-source ksplice/build
$ cp /var/fst/stable/source/base/kernel/CVE-2009-2692.patch .

Now create the ksplice update:

$ ksplice-create --patch=CVE-2009-2692.patch ~/linux-source

Then apply it:

# ksplice-apply ksplice-st4dt4bg.tar.gz

To view all applies updates, or a specific one:

# ksplice-view
# ksplice-view --id=st4dt4bg

To revert one:

# ksplice-undo st4dt4bg

25. lesspipe

For syntax highlighting support in less via the lesspipe wrapper, you must install the source-highlight package.

26. lmsensors

lmsensors is a hardware monitoring tool which is able to read thermal and voltage values and fan speeds from the sensor chips of your motherboard. Before running sensors you have to run sensors-detect as root to initialize them. It will autodetect your hardware and define which kernel modules you need to get it working properly, and tell you how to autoload them during boot.

So if you want to use lmsensors run :

sensors-detect

and say YES at end of sensors-detect to write /etc/sysconfig/lm_sensors and run :

systemctl enable lmsensors systemctl start lmsensors

27. lvm2

27.1. Creating

Here is a mini-HOWTO, a longer one is available here.

First if you are on a setup cd, you need to

modprobe dm-mod

and

vgchange -a y

The first loads the device-mapper support for the kernel, the later enables the existing volume groups. This is automatically done for you on an installed Frugalware system.

You need to decide what physical partitions to use for LVM. In this mini-HOWTO / is /dev/hda1 and we create a big /home partition using /dev/hda2 and /dev/hdc1.

Let’s initialize them for use by LVM:

pvcreate /dev/hda2 /dev/hdc1

Create a volume group titled vg:

vgcreate vg /dev/hda2

Extend it with /dev/hdb1:

vgextend vg /dev/hdc1

Then we can create a logical volume with a size of 400G titled home:

lvcreate -L400G -nhome vg

Create a filesystem on it as usual, ie. for ext3:

mke2fs -j /dev/vg/home

And now the only task is to mount it as usual, ie:

mount /dev/vg/home /mnt/target/home

27.2. Extending

You already saw how to extend a volume group. Extending a logical volume is a bit more complex, but still easy.

If you use ext3:

umount /mnt/target/home
lvextend -L+900M /dev/vg/home
resize2fs /dev/vg/home
mount /dev/vg/home /mnt/target/home
Note
 According to the manpage of resize2fs, it would have support resizing without umounting, but this does not seem to work.

If you use reiserfs:

lvextend -L+900M /dev/vg/home
resize_reiserfs /dev/vg/home

27.3. Removing

To remove a logical volume:

lvremove /dev/vg/home

To remove a physical volume from a volume group:

vgreduce vg /dev/hdc1

To remove a volume group:

vgremove vg

That’s it.

28. mailman

There is no any kind of http server in mailman’s depends. It’s because they are not needed to get a working mailman. Of cource if you want to provide archives and so don’t forget to install a http server.

29. man-db

If you like coloured man-pages then you can enable that feature by issuing

# chmod +x /etc/profile.d/man-colors.sh

It is handled as a configuration file, so feel free to edit the colors in that file if you want.

30. monit

You may want to forge a config file for yourself as /etc/monit/monitrc to be able to properly use Monit. Consult the online docs for details:

http://mmonit.com/monit/documentation/monit.html

After doing so you should issue a systemctl enable monit.service command to make use of this service.

31. munin

From munin-1.2.5-2 we no longer use a random uid/gid, but dedicated ones. Because of this munin service will not start if you have it installed before, so you have to correct this by issuing these commands:

groupmod -g 47 munin
usermod -u 47 -g 47 munin
chown -R munin:munin /var/lib/munin
chown -R munin:munin /var/www/html/munin
chown -R munin:munin /var/log/munin
chown -R munin:munin /var/run/munin

You should chown any other munin-owned stuff you may have lying around, these are only the default ones.

32. nss-mdns

To enable IPv4 multicast DNS lookups, append mdns4 to the hosts line in /etc/nsswitch.conf. Use mdns6 for IPv6 or mdns for both.

33. openssh

33.1. Forwarding ports

# ssh -L 8000:localhost:80 server.com

After this you can access server.com:80 at localhost:8000 even if server.com:80 is not accessible from your machine.

33.2. Socks proxy

Many mobile users have the following problem: they have to use an unencrypted wireless lan and they want to access webservers which does not support https. There is an easy solution for this: you transfer data to a server in an ssh tunnel then the data can be transferred to the server unencrypted in a wired network. This is much more secure. Set up the socks proxy on localhost:8080:

$ ssh -D 8080 server.com

Then configure your webbrowser to use the proxy, for example in firefox, select Manual proxy configuration and then set SOCKS Host to localhost, Port to 8080.

Note
 Don’t forget to clear other proxy fields! (HTTP, SSL, FTP, etc.)

34. pdns

If you wish to use the gmysql or gpgsql backends with a local server, then follow these instructions.

For gmysql, install mysql package.

pacman-g2 -Sy mysql

For gpgsql, install postgresql package.

pacman-g2 -Sy postgresql

Now, copy /lib/systemd/system/pdns.service to /etc/systemd/system/pdns.service.

cp -f /lib/systemd/system/pdns.service /etc/systemd/system/pdns.service

Uncomment the lines appropriate for your selected backend. The comments in the file will guide you. After all this, you must still ensure the specific database backend you are wanting to use is properly configured. This means both the pdns configuration and the setup for the mysql or postgresql daemon. Refer to pdns, mysql, and/or postgresql documentation for more information.

35. php

You should set

cgi.fix_pathinfo=1

in /etc/php.ini in order to use php-cgi.

36. pm-radeon

Before you can use this package, you must edit the configuration for it in the file /etc/sysconfig/pm-radeon. After you are done, run this command to enable it at startup.

systemctl enable pm-radeon.service

37. pootle

In most cases you want to use pootle with mysql and apache. See here on how to configure them:

Also read these pages if you’re upgrading from Pootle 1.x:

38. postfix

38.1. Using a relay host

These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.

Set up a password maps file (/etc/postfix/sasl_passwd) as follows:

mail.ispserver.com    username:password
# chown root:root /etc/postfix/sasl_passwd
# chmod 600 /etc/postfix/sasl_passwd
# postmap /etc/postfix/sasl_passwd

Append the following lines to /etc/postfix/main.cf:

relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Finally reload postfix:

# postfix reload

That should do it!

39. postfixadmin

This package relies on correct install of postfix’s virtual tables and it needs to be configured before usage. Be sure to read upstream’s /var/www/postfixadmin/INSTALL.TXT in order to accomplish the setup or upgrade. You should also take care of configuring apache to be able to use the web-based interface.

40. postgrey

To use postgrey, put something along the lines of

    smtpd_recipient_restrictions =
        ...
        reject_unauth_destination
        check_policy_service inet:127.0.0.1:60000

in your /etc/postfix/main.cf (postfix 2.1 or newer is required.)

41. pptpd

  1. Preface

    I was asked to set up VPN using PPTP. A much secure way to setup it up is using IPSec, more details here. Also you could use ssh+pppd, but that’s rather problematic on platforms other than Unix.

  2. Setting up the server

    The big problem here is that most outdated HOWTO starts with patching your kernel and ppp. This is no longer needed!

    Requiements: You need kernel>=2.6.15 or newer (Frugalware 0.4 or higher is OK). Also you need ppp>=2.4.2.

    Also probably these are already installed on your system, let’s see the new package: pptpd. Install it with the usual

    # pacman-g2 -S pptpd

    Probably this is done if you’re reading this HOWTO :-)

    Here comes my /etc/pptp.conf:

    $ grep -v '^\(#\|$\)' /etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 10.0.0.88
remoteip 10.0.0.89-127

    10.0.0.88 is the internal address of the server, 10.0.0.89-127 is the range that can be used by the pptp clients.

    Then let’s see that referred /etc/ppp/options.pptpd:

    $ grep -v '^\(#\|$\)' /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd

    After everything works fine, you can remove the "debug" line from the config.

    Then add at least one user:

    # cat /etc/ppp/chap-secrets
## client        server  secret                  IP addresses
mylogin           *      stupidpassword          *

    The rest is about to allow pptp on the firewall (I’m assuming that you use the default Frugalware configuration: INPUT is on DROP by default, but FORWARD is allowed, OUTPUT too.)

    Add the following 2 lines to the filter section of /etc/sysconfig/firewall:

    -A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

    If you want to allow a client to access Internet via this pptp server, add the following line to the nat section of the same file (change ethX to the correct network interface):

    -A POSTROUTING -o ethX -j MASQUERADE

    Then check if you have PPP support in the kernel enabled:

    # lsmod | grep ppp_generic

    If there is no output, enable it:

    # modprobe ppp_generic
# echo "ppp_generic" >> /etc/sysconfig/modules

    Now we’re ready to start:

    # pptpd -f -o /etc/ppp/options.pptpd

    If no error messages are reported, omit the -f option so it will go background.

    Later you can put this to your /etc/rc.d/rc.local. Debug messages will appear in /var/log/messages if you’re interested in them.

  3. Client side

    Install the necessary "pptp" package:

    # pacman-g2 -S pptp

    Most howto suggets the pptpconfig (http://pptpclient.sourceforge.net/) tool, it’s written in PHP and uses GTK+2. You don’t want to use graphical tools locally (and install XOrg) for administrating your machine, do you?

    We can do it by hand, not too complicated.

    You can name every tunnel you create, I’ll use here the "mytunnel" name.

    Fire up your favorite editor and create the /etc/ppp/peers/mytunnel file with the following contents:

    $ grep -v '^\(#\|$\)' /etc/ppp/peers/mytunnel
name mylogin
remotename PPTP
file /etc/ppp/options.pptp
pty "pptp IP_OF_THE_SERVER --nolaunchpppd "
require-mppe

    Your /etc/ppp/chap-secrets should contain the following line:

    mylogin  PPTP    secret  *

    We’re ready to start the client:

    # pppd pty 'pptp server --nolaunchpppd' call mytunnel debug dump logfd 2 nodetach

    A lot of debug messages will be printed, check on an other console if you got a new pppx interface or not:

    # ifconfig ppp0
ppp0    Link encap:Point-to-Point Protocol
        inet addr:10.0.0.89  P-t-P:10.0.0.88  Mask:255.255.255.255
        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:996  Metric:1
        RX packets:7 errors:0 dropped:0 overruns:0 frame:0
        TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:3
        RX bytes:70 (70.0 b)  TX bytes:76 (76.0 b)

    If it seems to be ok, you no longer need the debug messages and pppd can go backround:

    # pppd pty 'pptp server --nolaunchpppd' call mytunnel

    That was all. Not so simple but anyone can do it :-)

  4. Resources

42. pulseaudio

Because PulseAudio can be used as drop-in replacement for ESD you can fool GNOME into loading the PulseAudio daemon just like the traditional ESD daemon. To achieve this use the esdcompat script shipped with PulseAudio. Install pulseaudio-esd : pacman-g2 -S pulseaudio-esd Create a symlink from /usr/bin/esd to /usr/bin/esdcompat For more information on pulseaudio, please refer to http://www.pulseaudio.org/wiki/PerfectSetup

43. qemu

43.1. QuickStart

If you are completely new to qemu, you may find the big list of switches a bit confusing. Most users want to install an operating system from a cdrom image to a virtual harddisk. Here is what you need:

$ qemu-img create foo.img 8G
$ wget http://server.com/bar.iso
$ qemu -hda foo.img -cdrom bar.iso

43.2. Guest-agent

The guest agent service is started automatically, as long as the qemu-guest subpackage is installed. See here for setup instructions.

43.3. Tricks

It worth to read the full documentation at /usr/share/doc/qemu-*/qemu-doc.html, it really worth to do so.

To demonstrate how powerful qemu is, here are a few cheap tricks:

If you want to be able to ssh to the machine, you can use port redirection. For example using the -redir tcp:1022::22 option, qemu:22 will be available at localhost:1022.

Note
 This requires root privileges.

You can create a unix socket to control your virtual machine. For example if you are not able to ssh to the machine, you can still properly shut it down:

Use the -monitor unix:/tmp/qemu,server,nowait option, then send the sendkey ctrl-alt-delete string to the socket, for example using python:

python -c "import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); \
sock.connect('/tmp/qemu'); \
sock.send('sendkey ctrl-alt-delete\n')"

Finally a trick about vnc: using for example the -vnc 0 option, it’s possible to reach qemu’s display via vnc. This is quite handy if you run qemu on a server (for example in screen), then you can freely attach to and detach from it whenever you want to do so.

Really, read the full documentation! :)

44. quota-tools

To really activate quotas, you’ll need to add usrquota to the appropriate partitions as listed in /etc/fstab. Here’s an example:

/dev/hda2   /home   ext2   defaults,usrquota    1   1

When you want quota support for a given partition, some special files have to be created boot-time. This is not done by default. To do so, you need to

# touch /var/lib/quota/new

then, reboot to create those files.

To edit user quotas, use edquota. See man edquota.

45. rss2email

45.1. Configure:

Create a new feed database:

$ r2e new you@yourdomain.com

Subscribe to some feeds:

$ r2e add http://www.aaronsw.com/2002/rss2email/updates.rss

(That’s the feed to be notified when there’s a new version of rss2email.) Repeat this for each feed you want to subscribe to.

When you run rss2email, it emails you about every story it hasn’t seen before. But the first time you run it, that will be every story. To avoid this, you can ask rss2email not to send you any stories the first time you run it:

$ r2e run --no-send

Then later, you can ask it to email you new stories:

$ r2e run

You probably want to set this up as a cron job or something.

45.2. Customize:

There are a few options, described at the top of rss2email.py. If you want to change something, add it to config.py. For example, to be notified every time a post changes, instead of just once per post:

$ echo "TRUST_GUID = 0" >>~/.rss2email/config.py

And you can ask rss2email to make the emails look as if they were sent when the item was actually posted:

$ echo "DATE_HEADER = 1" >>~/.rss2email/config.py

46. screen

46.1. Keeping your screen running across reboots

You may want to restart your screen session automatically after a reboot. This is the case, for example, when we seed the Frugalware ISOs using a torrent client. Here is what you need:

  • Set up your ~/.screenrc so that it’ll start your application when screen starts up: 

screen -t seed 0 /bin/sh -c 'cd $HOME/frugalware-torrents; rtorrent'

  • Run crontab -e and append the following line to your crontab: 

@reboot screen -d -m

You’re ready!

47. squirrelmail

Please start the configure script in the /var/www/squirrelmail directory!

48. squirrelmail-check_quota

You have to install this plugin with squirrelmail’s own ./configure tool.

49. squirrelmail-login_notes

You have to install this plugin with squirrelmail’s own ./configure tool.

50. stunnel

You need some additional configuration before stunnel will be functional:

Adjust the configuration file:

# cp /etc/stunnel/stunnel.conf-sample /etc/stunnel/stunnel.conf
# vi /etc/stunnel/stunnel.conf
Note
 If something goes wrong, try setting sslVersion to all.

Generate your certificate:

# openssl req -new -x509 -days 365 -nodes -config /etc/stunnel/stunnel.cnf -out \
/etc/stunnel/mail.pem -keyout /etc/stunnel/mail.pem

Hide the certificate from users:

# chmod 600 /etc/stunnel/mail.pem

Now you can enable and start the service:

# systemctl enable stunnel.service
# systemctl start stunnel.service

51. syslinux

All the configurable defaults in SYSLINUX can be changed by putting a file called syslinux.cfg.

SYSLINUX searches for the SYSLINUX.CFG file in the following order:

/boot/syslinux/syslinux.cfg /syslinux/syslinux.cfg /syslinux.cfg

Here is a simple example syslinux.cfg file, with one entry to boot a Linux kernel:

DEFAULT linux LABEL linux SAY Now booting the kernel from SYSLINUX… KERNEL vmlinuz.img APPEND ro root=/dev/sda1

see http://syslinux.zytor.com/wiki/index.php/SYSLINUX for the complete documentation.

52. trac

After installing trac you need a few steps to set it up. First of all do not forget to install postgresql/mysql/sqlite according to which database backend you want to use.

To create a new trac project, just use the command:

$ trac-admin /path/to/myproject initenv

You can check the result with:

tracd --port 8000 /path/to/myproject

Then, fire up a browser and visit http://localhost:8000

For further documentation on trac, how to set up with different HTTP daemons see TracGuide

53. uget

If you want to use aria2-plugin, first install aria2 package: pacman-g2 -S aria2 == util-linux

53.1. Using tmpfs for /tmp

Frugalware does not use tmpfs for /tmp by default. However on servers this can cause problems: if you do not reboot for months, then cleaning /tmp can take some time. Using tmpfs can solve your problem: it’s a ramdisk so its content not preserved during a reboot. All you need is to add the following line to your /etc/fstab:

tmpfs            /tmp             tmpfs       defaults         0   0
Note
 You need util-linux >= 2.12-31 for this, otherwise X may not start.

54. vim

If you want to enable spell check support, you need to:

  • install the spell files for your language: 

# pacman-g2 -S vim-spell-xx

where xx is code of the requested language.

  • enable the spell check support for your language (type in vim): 

:setlocal spell spelllang=xx_yy

Some languages need correctly set encoding. If you get a message like:

Warning: Cannot find word list "hu.latin1.spl" or "hu.ascii.spl"

then you need to set your encoding as well:

:set encoding=latin2

The incorrect words are coloured red by default. You can reach a list of suggested words by pressing z= when the cursor is at the given word.

If you want to disable the spell check support, type:

:setlocal nospell

It may be handy to have map function keys in ~/.vimrc to enable / disable the spell check support:

set encoding=latin2
map <F5> <Esc>:setlocal spell spelllang=en_gb<CR>
map <F6> <Esc>:setlocal spell spelllang=hu<CR>
map <F7> <Esc>:setlocal nospell<CR>
Note
 The language code is sometimes in an xx and sometimes is in an xx_yy form. This is something you need to figure out for your language.

See the upstream documentation for more info about spell check support:

:help spell

55. x11vnc

Running x11vnc without a password is not recommended. To create one, type:

vncpasswd ~/.vnc/passwd

Then you can start the VNC server using

x11vnc -display :0 -rfbauth ~/.vnc/passwd -forever

if are logged in on :0.

56. xcache

56.1. Installing As PHP Extension?

  1. Check /etc/php.ini 

    # cat /usr/share/doc/xcache-$pkgver/xcache.ini >> /etc/php.ini

  2. Modify php.ini for your needs: 

    # $EDITOR /etc/php.ini

  3. Restart php

Warning
 Use >> with cat, not simply >

Please take a look on xcache wiki.