Historical Using Knoppix Network addressing
General information Debian information Local network design
Further information Installing Debian Local project
Distributions What now? Main site home page

What do I do now?

This is my suggested learning sequence using information already available on a basic Debian system, but please explore the much more comprehensive documentation available on the Debian website.

Important Do close all files after use. Removable storage devices, such as CDs, drives, and USB memory sticks, should be unmounted (umount, or using the desktop GUI) before they are removed.

Debian provides original plus debian-specific package defaults, with documentation in both /usr/share/doc/ and man pages. Some packages, and their original documentation, are large, but debian-specific documentation may be provided to help with initial configuration. Package updates will often include updated documentation.

Do consider saving copies of all the original unmodified configuration files in /etc as suggested in the installation page.

If you are running in a Graphical User Environment (GUI) you may find various links to individual packages to do specific control tasks, but usually the quickest and best way is to use a textual interface known as a virtual terminal or console which presents one of the simple programmable environments, known as a shell

Log in to a virtual terminal, also known as console, as root and try some of the following commands, followed by Return. If you log in as an ordinary user and try to use a command restricted to the administrator, you are likely to be told that the command does not exist, instead of "you need root privileges to run the command". To give yourself administrator status enter
and you will then need to enter the administrator (root) password (which may not be visible as you type). To obtain full access to administrator commands you may now require "su -" instead of just "su".

Every directory and file has its own access permissions as set by the owner. These allow or deny access for reading, writing, and running a file, for the owner, a group specified by the owner, and others. The defaults for creation of sub-directory and file ownerships (modes) can be set for any individual directory.

If enough of a directory or file name has been entered to uniquely specify it, the TAB key can be used to auto-complete it.

If you need to quit from any facility, try ":q" or "exit" or Control+c (but note that Control+c may not do a tidy close. In the very rare case that a process goes totally out of control, it is possible to find the process ID and issue a kill command).
Move backwards and forwards through the commands you have entered on a text terminal using the up and down arrow keys, then you can modify the command if required and press enter.

Most commands can be used in their simplest form, but have many other options available.

man man
man info
man more
man less
man zless
man ls

The "*" character can often be used as a "wildcard" replacing part of a name to include a number of alternatives.
man pwd
For any directory ./ refers to itself, ../ its parent directory, so absolute or relative locations can be used as convenient.
man cd
ls on its own means list the contents of the current working directory
ls /
ls -l /
~/ is my home directory, so
ls ~/ means ls my home directory
ls -a ~/ will also show "hidden" files which have names starting with "."
ls -al ~/ will list all the files in greater detail
If there are too many items to display on one screen you can pipe the output into either "more" or, if available, "less"
ls -al /usr/share/doc | more
(where | is often available via the key to the left of z on a UK keyboard or near backspace on a US keyboard) or
ls -al /usr/share/doc | less
ls -al /etc | more
ls /var/log
Some log files can be huge and still growing, yet you may only be interested in the last few lines, see
man tail
man cat
man grep
man cp
but do you need to use "cp -r" or "cp -R"?
man mv
Note that files and directories are renamed by moving them
man rm
rm on its own without the recursive option will only remove single files and empty directories
apropos del
man ln
Note that the option -s can be used to link any part of the directory structure to another location, and individual items can be listed in all locations where they may be relevant, so a document could be indexed under multiple classifications, or a complete directory could be created in another location such as a website while still appearing to be local and remaining under the control of the owner.

man vi
The vi file editor leaves the original file in place and creates an edit file. Open a file using "vi filename", then place the cursor at the point you wish to begin editing. Enter the edit mode before (i) or after (a) the cursor, then Escape from edit mode before you try to change the current cursor position. Use ":w" to complete the write, and ":q" to quit. It may take a short time to get used to editing with vi but it is almost always available in a Unix-compatible system. Note that Debian supplies vim, vi-improved, listed as an alternative to vi. You may need to install the extra documentation available listed as vim-doc.

User names do not usually contain upper case (capital) letters, while one that begins with a numeral can cause unexpected problems. Each user will be allocated a numerical uid, and the same user and uid combination should be valid throughout a local network. The first user created by the installation procedure is assumed to be the ordinary username of the administrator and will be given a standard uid and membership to some standard groups, but other users must be allocated group memberships by the administrator (root), editing /etc/group using vigr with reference to the defaults applied for the first. Group memberships should be allocated only as required to allow selected users access to necessary facilities.
A new user is created using useradd, but Debian provides adduser which includes features from other commands, see

man adduser

You may wish to assume that the first user and all relevant files are just a test or guide, and may need to be removed by the administrator (root) to match network-wide uid, usernames, and group memberships, soon after the initial installation using

deluser --remove-all-files username

(replacing username with the actual username). The home directory for the user may then need to be deleted by root.

man vipw
man vigr
apropos group
man chown (change the ownership of a file or directory)
man chgrp (change the group details of a file or directory)
man chmod (change the access restrictions rwxXst for a file or directory)
man access
apropos access
man sudo
man su (you may now need to use "su -" when you need to have full administrator permissions)
man passwd
Note that separate additional passwords may be required for other packages including databases and samba

man df
man du
man free
man top
You may wish to try
du --max-depth=1 -hx /

Recovery of deleted files is not normally possible, so before you attempt to edit, move, or modify any file, display the filename using "ls filename" to check that it is entered correctly, then re-select that command using the "up" arrow key and change just the command. It may seem long-winded, but it can be much easier than deleting the wrong file and then sorting the mess.

Create backups by copying the original file with a serial number or date appended to the end of the filename. Note that while some terminals use colour coding, ls does not always distinguish between a file and a sub-directory, but ls -l will give full details of each, including the owner and group. If you enter enough of a filename to make it unique, you can press the Tab key which will complete the name for you, then add Enter.

If you edit a file, do add comments to remind yourself (and perhaps others) about what you have done, and perhaps what was the original default, just in case you hit an unexpected problem. Part of a line preceded by "#" or sometimes ";" is usually a comment, and anything following on the same line will be ignored, although some packages restrict this to whole lines only.

Important Note also the original owner, group, and access permissions, as they can be changed to match those of the current user (perhaps the root user) when re-saved. The original owner and group may be denied access to changed files or copies until reverted using "chgrp" or "chown".

You can usually mark text on screen using the left mouse button, then copy the marked text to another position on screen (even another desktop screen) using the middle mouse button.

Edit the following files as appropriate (suggest using vi, which may be an alias for vi-improved, vim, or some other more recent package as listed in /etc/alternatives, although it is possible to use other editors if they are available).
/etc/group (use vigr, see man vigr)
/etc/passwd (use vipw, see man vipw)

Another popular editor is emacs, which is self documenting, all inclusive, all enabled, etc. Most people seem polarised in favour of vi or emacs, while there are now several simple text editors available.

The original Debian installer offers a small selection of general "tasks" to be included, you can re-run "tasksel" when logged in as root to add others.

There are so many individual packages available that the easiest way to choose from those available is to use the package search facility on the Debian website, follow the link from the front page. Some main packages list particular versions of additional packages which are recommended for easier integration.

The standard Debian package manager is apt, use apt-get install package_name, but "aptitude" is a user-friendly front-end. Run aptitude or apt-get frequently to keep up with security updates.

See the top of the aptitude screen for a list of commands, including help. Use the arrow keys to navigate to the intended package, and press enter(return) to see brief details, including a list of required, recommended, and suggested additional packages, and you can select any of these to see further details. Return to the main list using "q" and mark packages for addition (+) or removal (-).

Aptitude standard commands are

update list of available packages including security updates
mark all packages that have updates available to be updated
get the list of requested and dependent changes, scroll down to see any recommended extras.
get on with it
Beware that although you may see a "continue" or "close" option on screen, it may not be active until you highlight it using the Tab key.

Packages may not have been written specifically for Debian, but may be modified by the Debian team so that the default configuration will be easier to use for most situations. The original documentation will be available, but there may be important information provided by a README.Debian file. There may be relevant man pages as well as information in /usr/share/doc/.

There is a full list of Debian distribution mirror sites on the Debian website, edit /etc/apt/sources.list to add other mirrors. The sources may be listed for a particular generic distribution such as testing or stable, which are symlinks to the real name such as jessie, stretch, or buster. Use the real name to prevent complications if it tries to upgrade immediately a new distribution replaces the old, then or aptitude to perform the upgrade.

The installer assumes that the first user created is the administrator, so configures /etc/aliases so that emailed reports addressed to root are redirected to that user. Edit the file to ensure that all mail is redirected to the correct users. Mail is normally directed to a mailbox at /var/mail/username or a maildir in each user's home directory.

Debian version 9, codename stretch, has introduced another management layer called systemd. The first problem I discovered was that packages may be configured to start immediately by default but do not, although they can be started manually. They require to be enabled by systemd using the command
systemctl enable servicename
Then started using
systemctl start servicename
But this does not guarantee that it is actually running correctly, so use
systemctl status servicename
If that shows an error, it may be just the first encountered, giving a file name and line number, so sort it, then repeat the start and status commands until no errors remain. Beware that the line number provided could be where an error was discovered, but it could be related to a previous line which contained the actual configuration error.
There various manual pages available,
apropos systemd
man systemd.index

In the past, network and DNS configuration used a few simple files, but network addressing and routing configuration can be complicated by the need for either manual or automatic configuration for a mobile device depending on the connections available, and there have been many attempts to provide simple configuration methods rather than editing basic files in /etc.
Several auto-configuration packages are available, including Avahi, DHCP, IP, NetworkManager, and Systemd, and may have been included in the initial installation. It is not always obvious which was used as the primary method, and configured during initial installation, and which should be re-configured as required. The various packages may require multiple configuration options such as DNS nameservers on the same line or each on a separate line.
The computer will attempt to discover DNS data as configured in /etc/resolv.conf which may be auto-configured by other packages, see any notes at the top of the file. Basic configuration usually accepts up to three DNS sources.
I have found that the "Raspbian" version of Debian for the RaspberryPi defaults to using /etc/dhcpcd.conf which works well if the fallback option is used to set all the normal static options, with multiple choices such as DNS on the same line, (all except the last of any multiple lines will be ignored).

Debian Stretch provides the "ip" system with a large range of commands for monitoring and configuration, see
man ip
apropos ip
but systemd configuration can take over if it is installed, see
man systemd.network

There have been several printer control packages, but CUPS, developed by Apple, is becoming the standard. Open the localhost web page at port 631, initially where you should find the relevant documentation.

There is a search facility plus a full list of available packages on the Debian website which is often easier to read and select additional or replacement packages. Some software operates as a server-and-client system, in which the server part is often called a daemon, and has a "d" as the last character in the name.

Some suggestions for additional packages if not already installed:

(encrypted where possible) to replace telnet (security risk, note that telnet may not be installed by default)
(encrypted where possible) to replace telnetd (security risk)
openssh-client and openssh-server
secure remote login via SSH from openssh-client to an openssh-server
ntp and/or ntpdate, or chrony
to keep to the correct time, visit http://www.ntp.org to find a pool of public ntp servers for your location.
extra documentation for new users
(encrypted where possible) instead of fetchmail
makes regular checks for some known exploits
proftpd or wu-ftpd
recommended FTP servers
fast file and directory copying and updating package which can update just the altered sections of a previous copy

Many larger packages contain just the more important facilities, but with other facilities available as additional packages, including file format and encoding/decoding facilities not specific or vital to the main package. Some, but not all, are tailored to match a particular main package, others are general purpose packages, but may have specific configuration options.

Clam antivirus, developed by CISCO, is available, and you can use firewall configuration software such as ufw or shorewall on each individual computer, giving distributed protection rather than just a single firewall at the perimeter interface.

If you wish to install software that is not supplied as part of the Debian distribution, it should be placed in the relevant ..../local directories which can be searched by the system as it attempts to use those facilities but will be ignored by the usual automatic upgrade and maintenance procedures. The administrator is expected to maintain the local options and software.

It is assumed that any computer will be accessed by several users at the same time, both locally via multiple virtual terminals and via a network connection, it may also be providing various services to the network, so it is normal to leave the computer always switched on. It can look after its housekeeping when not busy or overnight, checking the HDD, etc. Some less urgent disc writes may be delayed, ensure that these are completed before removing power or resetting the computer. When you do need to re-boot or stop the computer, you can use the "shutdown" command, options include

immediately start shutdown procedure (it may still take a while to close everything safely)
delay in minutes before shutdown, information messages are sent to users so they can finish before the shutdown begins
Do not remove power until the shutdown procedure has finished.
man shutdown

Some distributions restrict users allowed to give the command to shut down to root or any that have been given permission through the sudo command; others provide a graphical method as standard, or you may be able to use
to do an emergency crash exit.

The option to log in from a remote terminal as root is normally blocked, so log in (ssh or telnet) as a normal user and either use sudo or su to attain root privileges. A text command can be entered from Microsoft Windows using
"Start" "Run"
ssh numerical_ip_address
ssh box_name.domain_name
telnet numerical_ip_address
telnet box_name.domain_name
You will be asked for your username and password. Ensure that your Microsoft box does not have any security problems such as spyware or keyloggers that could collect your passwords.

Access from a Microsoft box is normally restricted because Microsoft is unable to handle the Unix style security. The methods available include
   Install an ftp server on the Linux box,
   Install a webserver on the Linux box and use http,
   Install Samba on the linux box with the full pedantic details in its configuration file of exactly which users are allowed to log in to access which parts of the filing system with which permissions, and set the smbpasswd for each user (see man samba). Samba uses an independent password system, and Samba user passwords must be set or changed separately. Set or change your standard password first using passwd then set or change your samba password using smbpasswd
   Install PuTTY on the Microsoft box which can cope with full access to a system running Linux, see http://www.chiark.greenend.org.uk/~sgtatham/putty/.

You can even do a remote recovery or shutdown via a network connection after a total loss of control from the local keyboard. (Note that plugging a keyboard or mouse into a running PC may damage the motherboard, and USB connectors are easily broken with a risk of power supply damage, so use a network connection instead).

The option to access an X-windows desktop from a remote terminal is normally blocked during the initial installation, and can be enabled using xauth by the administrator (root) if required. The local screen can even be viewed from a remote terminal by running "screen" from the local terminal.

Some commands that are normally restricted to the administrator, such as shutdown, can be enabled for selected users via "sudo" (see "man sudo" and use "visudo" to edit the configuration).

If you would like to know what is slowing your computer, run "top" in a terminal, "q" to quit.

"tail" can display the last few lines of a file, useful for monitoring progress through an open log file

You may be able to use FSView to see how much disc space is actually being used by each part of the system, although it takes some time to do a full search, and then a pop-up information label appears when you park a mouse over an area of the display. It may be run from the KDE filer index through Debian - apps - system - FSView, it may be different from Gnome or any other window manager.
An alternative text command is du.

You may wish to change the configurations of some packages. If you installed using the default auto-configuration using debconf, there is a series of commands such as

dpkg-reconfigure base-config
the complete initial setup
dpkg-reconfigure xserver-xorg
for X-windows configuration
dpkg-reconfigure exim4-config
the default mail transport system

Exim is capable of handling emails for a very large organisation, with many options available if required. The Debian default installation of exim4 uses a single "simple" configuration system, and you may see a request to instead use
dpkg-reconfigure exim4-config.config

Spam and virus protection such as spamassassin and clamav can be added, and there is a growing number of packages which provide email services.

There is a list of default packages to be started during the initial boot procedure, but you may need to restart a package to input any changes if you edit any relevant configuration file in /etc perhaps by using
/etc/init.d/packagename restart
Packages that are re-configured using dpkg-reconfigure will normally be re-started automatically.

Some commands require both the source and destination locations, other commands assume "standard input" and/or "standard output" and can be linked together to form a chain of commands to be run as one. Other commands always place the output in the current working directory, so you must change directory (cd) to where you require the output before running the command.

If you decide to set up a local DNS server, the default package is now bind9. This provides a huge range of options, including IPv6 and restricted access to data. FQDN is Fully Qualified Domain Name (full name and address).

There are different types of service offered by Domain Name servers, please see
look for the very comprehensive arm (administrator reference manual)
You may wish to save the original default files, then edit and add as required:
/etc/bind/db. files for both networks by network name, and numerical reverse lookup

resource record
record type
official (canonical) name to IPv4 address
official (canonical) name to IPv6 address
alias to official (canonical) name
start of authority
the domain name by itself
The addresses listed are assumed to be incomplete, and will be completed by default unless followed by a ".".
A name server can be shown as an IP address or its full local address, while one from another zone may be shown using a pair of "glue" records: NS to FQDN, plus an "A" or "AAAA" record

db files in /etc/bind9 are 0644 (rw-r--r--) with root as both owner and group.

IMPORTANT: After all changes do tests using
named-checkzone zonename filename
then force a reload using
rndc reload
then check using
host (hostname only or FQDN)

You would normally use the DNS servers provided by your ISP, but there are Open alternative DNS servers for emergency use at and

Although any network interface should be able to respond to multiple IPv6 addresses I have found that configuration can be a problem, and only the last will be accepted. More can be added using

ip address add [address]/[address-mask] dev [interface-name]

but they disappear on reboot, so I have started using "crontab -e" as root to add

@reboot root ip addr add [address]/[address-mask] dev [interface-name]
@reboot root ip route add [destination-address]/[address-mask] dev [interface-name]

There is a Unix tutorial for new users at http://www.ee.surrey.ac.uk/Teaching/Unix

Network addressing

Return to foss index
Return to Chrisbell home page

There are too many options and configurations possible to be more specific, please let me know if you think I should change anything above.

webmaster at chrisbell.org.uk