November 25, 2003 Edition

By Jorge "whiprush" Castro (mailto:jorge@whiprush.org), Amit "Prototyped" Gurdasani (mailto:amitg@alumni.cmu.edu)

Welcome to the latest edition of Linux.Ars. This week's big feature is the long-promised SUSE 9 review, courtesy of Paul "madmanx" Ehrenreich and Charles "ctkrohn" Krohn. Stephan "windi" Windischmann discusses less, the replacement for the standard more pager. We also demonstrate Linux's pluggable authentication module system. Finally, Anders "w.anders" Widebrant introduces you to the awesome desktop animation tool vnc2swf.

 

SUSE LINUX 9

As we've promised you in the past, we've got a review of SUSE LINUX 9 for you this week. We picked up boxed sets of SUSE LINUX Personal Edition 9 containing three CD-ROMs from the local CompUSA for about US$39.95 and sacrificed a few existing Linux installations to try SUSE LINUX 9 in all of its uppercase glory. SUSE also offers a Professional Edition (five CD-ROMs and a DVD-ROM) that carries some extras (MrProject, DTP package [Scribus], development tools [KDevelop], and network services and configuration modules [web, SMB, DNS, DHCP and NFS]) as well as an administration manual for US$79.95.

SUSE does not make downloadable CD or DVD images of the distribution available freely, and they delay the availability of their RPM packages and a network installation CD image by a few weeks. As a result, early adopters of new SUSE releases need to purchase the boxed version. Those who wish to try before they buy can download a stripped-down version of the distribution that boots and runs off two CDs without the need to repartition any hard disk. They call this the Live Evaluation CD release, which is similar to Knoppix (http://www.knoppix.org/) and other "boot-from-CD" distributions. However, in the interest of fitting software on just a couple of CDs, some functionality is lost. The Live Evaluation version cannot be easily installed on a hard disk, and even if one manages to do so, some packages are missing some files.

As of this writing (November 24), the packages for SUSE LINUX 9 are available from ftp.suse.com as well as major mirrors. These also include the packages for KDevelop, Apache, Samba, etc. that the Personal Edition CDs omit. There is also a network install CD image available that enables users to do a network install off an FTP archive.

The manual

The SUSE Personal 9 retail box includes an impressive 420-page manual that is pretty comprehensive in its coverage of usage activities. Apart from the installation and system configuration process, it includes coverage of the KDE (http://www.kde.org/) and GNOME (http://www.gnome.org/) desktops. However, it really shines where it covers day-to-day tasks, such as using the productivity suite OpenOffice.org (http://www.openoffice.org/), using sound and display for multimedia applications, doing graphics manipulation with The GIMP (http://www.gimp.org/), writing CDs using K3b (http://k3b.sf.net/), setting up system devices and peripherals such as digital cameras, webcams, TV tuner cards, scanners using SANE (http://www.mostang.com/sane), and so on.

The user's manual is among the best we've seen when it comes to documentation for people who are new to Linux. The price of the retail box is worth it for the manual alone. However, experienced users who would like bare-metal descriptions may come away disappointed. It is also very KDE-centric, which is an advantage for users unfamiliar with Linux distributions since it presents an easy, consistent picture for a user to work with, but those wishing to use a different user interface may find themselves on their own.

Overall, the sheer quality and applicability of SUSE's user manual make it the standard for other distributions to aim at. It is one of the few distributions that you can buy without the need to purchase an extra book or frequently visit the web.

Installation

We tested SUSE LINUX 9 on two configurations: a Dell Inspiron 8000 (Pentium III at 900 MHz, 384MB SDRAM, 16MB ATI Mobility 4 with a Xircom network PC Card), and a Dell Latitude C840 (Pentium 4-M at 2 GHz, 512MB SDRAM, NVIDIA GeForce 2 Go with a 3Com XJACK Wi-Fi card). Unfortunately, the two laptops are very similar, so we were not able to test the flexibility of SUSE's hardware detection thoroughly.

Missing image
Yast.png
Description

YaST has well-integrated hardware configuration

SUSE's installer, YaST ("Yet another Setup Tool"), allows the user to do either a graphical or a text-mode install. The first thing it does is to probe and detect hardware. It then suggests an installation type based on the hardware profile and provides a rundown of the software to be installed. It allows the user to customize the packages to be installed easily and conveniently. There is a good selection of packages: XFree86, KDE, GNOME, help and support documentation, productivity applications (word processors, spreadsheets, PIM applications and the like), games, compilers and the like are all provided. However, the Personal edition CDs do not come with much in the way of server software; that is left for the Professional edition (of course, the packages for open-sourced servers are available in the FTP archive). The installer provides a wide choice of file systems with which to initialize Linux partitions: XFS (http://oss.sgi.com/projects/xfs/), JFS (http://www-124.ibm.com/developerworks/oss/jfs/), and ReiserFS (http://www.namesys.com/), apart from the standard ext2 and ext3 file systems. This is the widest support for Linux filesystems that we've seen in an installer for a major distribution.

The installation progress is very detailed, providing both time-based and per-megabyte progress. Oddly enough, SUSE reboots after the first CD has been installed. Afterward, the rest of the installation is completed in one run.

YaST differs from other installers in the flexibility that it offers. Whereas Fedora offers a simplified installer, and Debian offers an installer where the user deals with fine details, YaST provides the user with easy defaults, while allowing the advanced user to drill down into the detail if need be.

Also of note in the Professional Edition is the addition of an NTFS resizing tool, which dual-booting users coming from Windows are sure to appreciate. Another nice touch is the option of installing VNC as a network administration option in the installer. Our favorite part of the installer was that it immediately updated during installation, making it unnecessary to update the distribution post-installation.

Postinstallation

Missing image
Kcontrol.png
Description

SUSE integrates configuration tools into KDE admirably

Once you complete the software installation and system configuration, you can boot SUSE up for the first time. By default, the user is presented with a KDE user interface, with which SUSE's configuration and setup tools are best integrated. KDE users will appreciate that SUSE's default desktop installation easily has the best KDE desktop out of the box among all the distributions we've tried.

The user is able to choose another window manager or desktop environment, of course, but chances are that the user will find that the UI is no longer as polished or well-integrated as with KDE. Now that Novell has bought (http://www.arstechnica.com/archive/news/1067975655.html) both SUSE and Ximian (of GNOME fame), it's likely that SUSE's GNOME integration will improve in a future release.

Another thing about SUSE that we appreciated was that the distribution supports mp3 playback out-of-the-box, unlike the likes of Fedora Core 1. Red Hat appears to playing it safe with its decision not to include an mp3 decoder (since the decoding techniques are patented, and the patent holder Fraunhofer and their sole licensee Thomson are increasingly enforcing their patent), but SUSE remains unintimidated.

YaST can be configured to update the system with new software releases, bug fixes, security fixes and the like automatically. SUSE's online update tool (YOU, short for YaST Online Updater) is also a high point in the distribution. NVIDIA drivers and Microsoft's core fonts are a click away from the GUI tool a excellent touch for new users.

Final thoughts

All in all, we were very impressed with how friendly the SUSE system appears to users relatively unfamiliar with Linux. Everything from the documentation and manuals provided to their setup and configuration tools seems to be designed to make things easy for the first-time user.

After a week of using SUSE LINUX 9, here are our conclusions

However, like most things, SUSE LINUX 9 is not perfect. Here are some things we found lacking

For those who are interested in a more in-depth review of SUSE LINUX 9, Mad Penguin (http://www.madpenguin.org/) has a good one (http://madpenguin.org/modules.php?op=modload&name=News&file=article&sid=503). We must state, though, that we disagree with the reviewer about the quality of GNOME's integration with the rest of SUSE. Overall SUSE is an excellent distribution, the documentation alone is worth the cost of the box.

The playing field

We've done capsule reviews of more major distributions than not over the last month. This fall has seen some remarkable releases by many distributors. Of those, two really stand out, SUSE LINUX 9 and Fedora Core 1. If you're a new Linux user and need to make a decision, either one will work. If you've already tried Linux and are familiar with the desktop environments, your decision is a bit more polarized. We're convinced that KDE users will gravitate towards SUSE rather easily, while GNOME users will find Fedora Core 1 a better fit.

Mandrake 9.2 feels neither KDE- nor GNOME-oriented, and might be a better bet for users that dislike either of the two choices mentioned above. As for Slackware 9, well, what can we say? Slack is Slack; users wanting to get to the meat of Linux will come to enjoy this distribution. There's a Linux for every kind of user.

 

TTT: Tools, Tips and Tweaks

 

----> Do more With less <----

Some of you probably know about the utility more for paging through text. You probably also know about less, the GNU system's replacement/improvement of more. less provides improved search functions and it can be used to page through text backwards, so it's a full featured text viewer.

less can be used either as a stand-alone program for viewing files, or it can be used with pipes, allowing you to easily page through the output of programs.

windi@homer:~$ less largefile.txt
 
windi@homer:~$ ls /mnt/media/Music/Full\ Albums/* | less

Navigating forward or backward one line at a time is either done with the up and down arrow keys, or using "e" (forward) or "y" (backward). One window at a time (height of the terminal window) is done with "f" and "b", or with Page-Up and Page-Down, while half a window at a time is done with "d" (forward) or "u" (backward). You can navigate to the top of the buffer using a lowercase "g", and the bottom with an uppercase "G".

In case the displayed text is wider than the terminal being used to view the buffer, the right and left arrow keys are used to scroll horizontally.

The displayed text can also be searched using powerful regular expressions. Searching forward is done by "/searchpattern." If you're just looking for regular text, the search pattern is simply the term you're searching for. Searching backward is done in a similar way, by "?searchpattern." The search can be repeated by "n" for forward searching and "N" for backward searching. Like most other *nix programs, less is also case-sensitive.

If you invoke less with the -m option, less displays, at the bottom, how far (as a percentage) you are into the file. The -r option will cause raw control characters to be displayed, so that (e.g.) colorized output from ls --color=auto will be shown as such. (Write up by Stephan "windi" Windischmann)

 

Authentication integration: pluggable authentication modules

This issue, we introduce a powerful mechanism by which services can identify and authenticate users: pluggable authentication modules (PAM) (http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html). PAM is a highly flexible authentication and identification system that enables developers to leave the details of user authentication and session setup in the hands of the administrator, allowing him to choose how user information is stored, how users are identified and authorized, and so on. This allows, for instance, a mail server to use a directory service like LDAP or X.500 to fetch user information, or to authenticate users against a Windows NT PDC, etc. Additionally, it provides flexible means to set and get user information.

A lot of services from the login program that authenticates users at the console to an FTP or mail server that accepts virtual user logins use PAM to fetch user information, set passwords, set up a trusted communications channel and authenticate users. These services expect a configuration file to be placed in /etc/pam.d that describes what must be done in order to ensure that the user token exists, to validate their authentication token (e.g., a password), to change it, to do any session setup, to change user state, etc. Here's one for gdm, the GNOME Display Manager that provides graphical logins for GNOME 2.4, for instance:

auth    required        pam_unix.so
account required        pam_unix.so
session required        pam_unix.so

This specifies that user accounts are to be handled as regular UNIX user accounts, with authentication, account identification and management, and session creation being done using the /etc/shadow and /etc/group files. Here's an example where the Cyrus IMAP mail server uses an LDAP directory to identify and authenticate users, and can fall back on regular UNIX authentication for accounts that are not found in, or cannot be authenticated against, the LDAP directory:

authsufficientpam_ldap.so
authrequiredpam_unix.so
accountsufficientpam_ldap.so
accountrequiredpam_unix.so

It's also possible to specify optional authentication modules, to specify alternative authentication schemes, as well as to chain together more than one authentication system (e.g. joining Kerberos 5 and LDAP for Samba).

For the end user, this all may seem uninteresting. However, some useful functionality is available for the taking. For instance, the pam_limits.so module, when invoked during login, can be used to set process limits, so that the system is protected if a user mistakenly runs a command that uncontrollably starts spawning new processes (a "fork bomb"). In /etc/pam.d/login, this line, right above the regular pam_unix.so auth line, will cause user limits to be set:

sessionrequiredpam_limits.so

Like some other modules, this one is configured through a configuration file in /etc/security specifically, /etc/security/limits.conf. Here, it provides fairly fine-grained per-user or per-group control over the resources that the user or group can consume at a time, including file sizes, memory utilization, CPU utilization, number of processes, number of logged-in sessions, number of open files, whether the limit is hard or soft, etc.

*hardnproc400
@losershardmaxlogins20
@loserssoftrss1048576

The above /etc/security/limits.conf will allow all users up to a maximum of 400 concurrently running processes, and will place restrictions on members of the losers group only twenty logins at a time will be allowed, and members can only use 1 GB of physical RAM at a time.

Similarly, there are modules that can be used to check the strength of a password when it is changed (pam_cracklib.so), to provide administrator notices on login (pam_motd.so and pam_issue.so), to keep a log of logins (pam_lastlog.so), to notify a user whether there is any mail for him on login (pam_mail.so), to set up different authentication rules based on time and user account (pam_time.so), and so on. We have not seen many platforms that sport an authentication system quite as flexible or as powerful as PAM is.

 

Cool app of the week: vnc2swf

It's a familiar scenario. You've come up with this amazing new mouse gesture or the perfect procedure to reorganize your icons, but when you try to explain it in so many words, people look at you as if you're crazy. And short of pointing your web cam towards your monitor to get a blurred, grainy, unreadable picture, there's just nothing you can do to show them the undeniable genius of your invention. Or you might just, slightly more boringly realistically, want a simple animated show of "how to print a document in OpenOffice.org" to put on your support web page, saving you countless hours of hammering your index finger on a user's screen: "The File menu, yes. Then Print, just like the last time. And the time before that. No, thank you."

After all, a picture's worth a thousand words, they say, and a moving one is probably worth ten times as many. And until recently, it wasn't easy to get this done. Someone has, however, invented that better mousetrap for us.

vnc2swf (http://www.unixuser.org/~euske/vnc2swf/), miraculously, makes all this possible. It converts snippets of on-screen VNC (http://www.realvnc.com/) sessions to Macromedia Flash (.swf) movies, depicting your cursor's every move. The application is deceptively simple to use. When launched, it's just like the normal VNC viewer window, but pressing F9 will start recording the screen contents into a Flash movie. Simply resize the vnc2swf window to a suitable resolution for the final movie and record away, then throw the resulting file onto a web page, and it's for everyone to see. To really show off, you can even splice in a voice track or any other mp3 file. The possibilities are endless, especially as this can be used to record events on any computer that's capable of running a VNC session.

Missing image
Vnc2swf.png
Description

Works great for executive briefings, too

The application is still slightly buggy garbled Flash files are produced occasionally. Also, as pointed out by NTK (http://www.ntk.net/2003/11/21/#TRACKING) (whose app of the week we're shamelessly stealing), it would have been so much more awesome to have a real-time version that served screenshots through a streaming Flash animation, perhaps even with interactive access through the Flash interface. Perhaps this functionality will show up in later revisions. (Write up by Anders "w.anders" Widebrant)

 

/dev/random