|Historical||Using Knoppix||Network addressing|
|General information||Debian information||Local network design|
|Further information||Installing Debian||Local project|
|Distributions||What now?||Main site home page|
This is my suggested learning sequence using information already available on a basic Debian system, but please explore the much more comprehensive documentation available on the Debian website.
Important Do close all files after use. Removable storage devices, such as CDs, drives, and USB memory sticks, should be unmounted (umount, or using the desktop GUI) before they are removed.
Debian provides original plus debian-specific package defaults, with documentation in both /usr/share/doc/ and man pages. Some packages, and their original documentation, are large, but debian-specific documentation may be provided to help with initial configuration. Package updates will often include updated documentation.
Do consider saving copies of all the original unmodified configuration files in /etc as suggested in the installation page.
If you are running in a Graphical User Environment (GUI) you may find various links to individual packages to do specific control tasks, but usually the quickest and best way is to use a textual interface known as a virtual terminal or console which presents one of the simple programmable environments, known as a shell
Log in to a virtual terminal, also known as console, as root and try some of the following commands, followed by Return. If you log in as an ordinary user and try to use a command restricted to the administrator, you are likely to be told that the command does not exist, instead of "you need root privileges to run the command". To give yourself administrator status enter
and you will then need to enter the administrator (root) password (which may not be visible as you type). To obtain full access to administrator commands you may now require "su -" instead of just "su".
Every directory and file has its own access permissions as set by the owner. These allow or deny access for reading, writing, and running a file, for the owner, a group specified by the owner, and others. The defaults for creation of sub-directory and file ownerships (modes) can be set for any individual directory.
If enough of a directory or file name has been entered to uniquely specify it, the TAB key can be used to auto-complete it.
If you need to quit from any facility, try ":q" or "exit" or Control+c (but note that Control+c may not do a tidy close. In the very rare case that a process goes totally out of control, it is possible to find the process ID and issue a kill command).
Move backwards and forwards through the commands you have entered on a text terminal using the up and down arrow keys, then you can modify the command if required and press enter.
Most commands can be used in their simplest form, but have many other options available.
The "*" character can often be used as a "wildcard" replacing part of a name to include a number of alternatives.
For any directory ./ refers to itself, ../ its parent directory, so absolute or relative locations can be used as convenient.
ls on its own means list the contents of the current working directory
ls -l /
~/ is my home directory, so
ls ~/ means ls my home directory
ls -a ~/ will also show "hidden" files which have names starting with "."
ls -al ~/ will list all the files in greater detail
If there are too many items to display on one screen you can pipe the output into either "more" or, if available, "less"
ls -al /usr/share/doc | more
(where | is often available via the key to the left of z on a UK keyboard or near backspace on a US keyboard) or
ls -al /usr/share/doc | less
ls -al /etc | more
Some log files can be huge and still growing, yet you may only be interested in the last few lines, see
but do you need to use "cp -r" or "cp -R"?
Note that files and directories are renamed by moving them
rm on its own without the recursive option will only remove single files and empty directories
Note that the option -s can be used to link any part of the directory structure to another location, and individual items can be listed in all locations where they may be relevant, so a document could be indexed under multiple classifications, or a complete directory could be created in another location such as a website while still appearing to be local and remaining under the control of the owner.
The vi file editor leaves the original file in place and creates an edit file. Open a file using "vi filename", then place the cursor at the point you wish to begin editing. Enter the edit mode before (i) or after (a) the cursor, then Escape from edit mode before you try to change the current cursor position. Use ":w" to complete the write, and ":q" to quit. It may take a short time to get used to editing with vi but it is almost always available in a Unix-compatible system. Note that Debian supplies vim, vi-improved, listed as an alternative to vi. You may need to install the extra documentation available listed as vim-doc.
User names do not usually contain upper case (capital) letters, while one that begins with a numeral can cause unexpected problems. Each user will be allocated a numerical uid, and the same user and uid combination should be valid throughout a local network. The first user created by the installation procedure is assumed to be the ordinary username of the administrator and will be given a standard uid and membership to some standard groups, but other users must be allocated group memberships by the administrator (root), editing /etc/group using vigr with reference to the defaults applied for the first. Group memberships should be allocated only as required to
allow selected users access to necessary facilities.
A new user is created using useradd, but Debian provides adduser which includes features from other commands, see
You may wish to assume that the first user and all relevant files are just a test or guide, and may need to be removed by the administrator (root) to match network-wide uid, usernames, and group memberships, soon after the initial installation using
deluser --remove-all-files username
(replacing username with the actual username). The home directory for the user may then need to be deleted by root.
man chown (change the ownership of a file or directory)
man chgrp (change the group details of a file or directory)
man chmod (change the access restrictions rwxXst for a file or directory)
man su (you may now need to use "su -" when you need to have full administrator permissions)
Note that separate additional passwords may be required for other packages including databases and samba
You may wish to try
du --max-depth=1 -hx /
Recovery of deleted files is not normally possible, so before you attempt to edit, move, or modify any file, display the filename using "ls filename" to check that it is entered correctly, then re-select that command using the "up" arrow key and change just the command. It may seem long-winded, but it can be much easier than deleting the wrong file and then sorting the mess.
Create backups by copying the original file with a serial number or date appended to the end of the filename. Note that while some terminals use colour coding, ls does not always distinguish between a file and a sub-directory, but ls -l will give full details of each, including the owner and group. If you enter enough of a filename to make it unique, you can press the Tab key which will complete the name for you, then add Enter.
If you edit a file, do add comments to remind yourself (and perhaps others) about what you have done, and perhaps what was the original default, just in case you hit an unexpected problem. Part of a line preceded by "#" or sometimes ";" is usually a comment, and anything following on the same line will be ignored, although some packages restrict this to whole lines only.
Important Note also the original owner, group, and access permissions, as they can be changed to match those of the current user (perhaps the root user) when re-saved. The original owner and group may be denied access to changed files or copies until reverted using "chgrp" or "chown".
You can usually mark text on screen using the left mouse button, then copy the marked text to another position on screen (even another desktop screen) using the middle mouse button.
Edit the following files as appropriate (suggest using vi, which may be an alias for vi-improved, vim, or some other more recent package as listed in /etc/alternatives, although it is possible to use other editors if they are available).
/etc/group (use vigr, see man vigr)
/etc/passwd (use vipw, see man vipw)
Another popular editor is emacs, which is self documenting, all inclusive, all enabled, etc. Most people seem polarised in favour of vi or emacs, while there are now several simple text editors available.
The original Debian installer offers a small selection of general "tasks" to be included, you can re-run "tasksel" when logged in as root to add others.
There are so many individual packages available that the easiest way to choose from those available is to use the package search facility on the Debian website, follow the link from the front page. Some main packages list particular versions of additional packages which are recommended for easier integration.
The standard Debian package manager is apt, use apt-get install package_name, but "aptitude" is a user-friendly front-end. Run aptitude or apt-get frequently to keep up with security updates.
See the top of the aptitude screen for a list of commands, including help. Use the arrow keys to navigate to the intended package, and press enter(return) to see brief details, including a list of required, recommended, and suggested additional packages, and you can select any of these to see further details. Return to the main list using "q" and mark packages for addition (+) or removal (-).
Aptitude standard commands are
Packages may not have been written specifically for Debian, but may be modified by the Debian team so that the default configuration will be easier to use for most situations. The original documentation will be available, but there may be important information provided by a README.Debian file. There may be relevant man pages as well as information in /usr/share/doc/.
There is a full list of Debian distribution mirror sites on the Debian website, edit /etc/apt/sources.list to add other mirrors. The sources may be listed for a particular generic distribution such as testing or stable, which are symlinks to the real name such as jessie, stretch, or buster. Use the real name to prevent complications if it tries to upgrade immediately a new distribution replaces the old, then or aptitude to perform the upgrade.
The installer assumes that the first user created is the administrator, so configures /etc/aliases so that emailed reports addressed to root are redirected to that user. Edit the file to ensure that all mail is redirected to the correct users. Mail is normally directed to a mailbox at /var/mail/username or a maildir in each user's home directory.
Debian version 9, codename stretch, has introduced another management layer called systemd. The first problem I discovered was that packages may be configured to start immediately by default but do not, although they can be started manually. They require to be enabled by systemd using the command
systemctl enable servicename
Then started using
systemctl start servicename
But this does not guarantee that it is actually running correctly, so use
systemctl status servicename
If that shows an error, it may be just the first encountered, giving a file name and line number, so sort it, then repeat the start and status commands until no errors remain. Beware that the line number provided could be where an error was discovered, but it could be related to a previous line which contained the actual configuration error.
There various manual pages available,
In the past, network and DNS configuration used a few simple files, but network addressing and routing configuration can be complicated by the need for either manual or automatic configuration for a mobile device depending on the connections available, and there have been many attempts to provide simple configuration methods rather than editing basic files in /etc.
Several auto-configuration packages are available, including Avahi, DHCP, IP, NetworkManager, and Systemd, and may have been included in the initial installation. It is not always obvious which was used as the primary method, and configured during initial installation, and which should be re-configured as required. The various packages may require multiple configuration options such as DNS nameservers on the same line or each on a separate line.
The computer will attempt to discover DNS data as configured in /etc/resolv.conf which may be auto-configured by other packages, see any notes at the top of the file. Basic configuration usually accepts up to three DNS sources.
I have found that the "Raspbian" version of Debian for the RaspberryPi defaults to using /etc/dhcpcd.conf which works well if the fallback option is used to set all the normal static options, with multiple choices such as DNS on the same line, (all except the last of any multiple lines will be ignored).
Debian Stretch provides the "ip" system with a large range of commands for monitoring and configuration, see
but systemd configuration can take over if it is installed, see
There have been several printer control packages, but CUPS, developed by Apple, is becoming the standard. Open the localhost web page at port 631, initially http://127.0.0.1:631 where you should find the relevant documentation.
There is a search facility plus a full list of available packages on the Debian website which is often easier to read and select additional or replacement packages. Some software operates as a server-and-client system, in which the server part is often called a daemon, and has a "d" as the last character in the name.
Some suggestions for additional packages if not already installed:
Many larger packages contain just the more important facilities, but with other facilities available as additional packages, including file format and encoding/decoding facilities not specific or vital to the main package. Some, but not all, are tailored to match a particular main package, others are general purpose packages, but may have specific configuration options.
Clam antivirus, developed by CISCO, is available, and you can use firewall configuration software such as ufw or shorewall on each individual computer, giving distributed protection rather than just a single firewall at the perimeter interface.
If you wish to install software that is not supplied as part of the Debian distribution, it should be placed in the relevant ..../local directories which can be searched by the system as it attempts to use those facilities but will be ignored by the usual automatic upgrade and maintenance procedures. The administrator is expected to maintain the local options and software.
It is assumed that any computer will be accessed by several users at the same time, both locally via multiple virtual terminals and via a network connection, it may also be providing various services to the network, so it is normal to leave the computer always switched on. It can look after its housekeeping when not busy or overnight, checking the HDD, etc. Some less urgent disc writes may be delayed, ensure that these are completed before removing power or resetting the computer. When you do need to re-boot or stop the computer, you can use the "shutdown" command, options include
Some distributions restrict users allowed to give the command to shut down to root or any that have been given permission through the sudo command; others provide a graphical method as standard, or you may be able to use
to do an emergency crash exit.
The option to log in from a remote terminal as root is normally blocked, so log in (ssh or telnet) as a normal user and either use sudo or su to attain root privileges. A text command can be entered from Microsoft Windows using
You will be asked for your username and password. Ensure that your Microsoft box does not have any security problems such as spyware or keyloggers that could collect your passwords.
Access from a Microsoft box is normally restricted because Microsoft is unable to handle the Unix style security. The methods available include
Install an ftp server on the Linux box,
Install a webserver on the Linux box and use http,
Install Samba on the linux box with the full pedantic details in its configuration file of exactly which users are allowed to log in to access which parts of the filing system with which permissions, and set the smbpasswd for each user (see man samba). Samba uses an independent password system, and Samba user passwords must be set or changed separately. Set or change your standard password first using passwd then set or change your samba password using smbpasswd
Install PuTTY on the Microsoft box which can cope with full access to a system running Linux, see http://www.chiark.greenend.org.uk/~sgtatham/putty/.
You can even do a remote recovery or shutdown via a network connection after a total loss of control from the local keyboard. (Note that plugging a keyboard or mouse into a running PC may damage the motherboard, and USB connectors are easily broken with a risk of power supply damage, so use a network connection instead).
The option to access an X-windows desktop from a remote terminal is normally blocked during the initial installation, and can be enabled using xauth by the administrator (root) if required. The local screen can even be viewed from a remote terminal by running "screen" from the local terminal.
Some commands that are normally restricted to the administrator, such as shutdown, can be enabled for selected users via "sudo" (see "man sudo" and use "visudo" to edit the configuration).
If you would like to know what is slowing your computer, run "top" in a terminal, "q" to quit.
"tail" can display the last few lines of a file, useful for monitoring progress through an open log file
You may be able to use FSView to see how much disc space is actually being used by each part of the system, although it takes some time to do a full search, and then a pop-up information label appears when you park a mouse over an area of the display. It may be run from the KDE filer index through Debian - apps - system - FSView, it may be different from Gnome or any other window manager.
An alternative text command is du.
You may wish to change the configurations of some packages. If you installed using the default auto-configuration using debconf, there is a series of commands such as
Exim is capable of handling emails for a very large organisation, with many options available if required. The Debian default installation of exim4 uses a single "simple" configuration system, and you may see a request to instead use
Spam and virus protection such as spamassassin and clamav can be added, and there is a growing number of packages which provide email services.
There is a list of default packages to be started during the initial boot procedure, but you may need to restart a package to input any changes if you edit any relevant configuration file in /etc perhaps by using
Packages that are re-configured using dpkg-reconfigure will normally be re-started automatically.
Some commands require both the source and destination locations, other commands assume "standard input" and/or "standard output" and can be linked together to form a chain of commands to be run as one. Other commands always place the output in the current working directory, so you must change directory (cd) to where you require the output before running the command.
If you decide to set up a local DNS server, the default package is now bind9. This provides a huge range of options, including IPv6 and restricted access to data. FQDN is Fully Qualified Domain Name (full name and address).
There are different types of service offered by Domain Name servers, please see
look for the very comprehensive arm (administrator reference manual)
You may wish to save the original default files, then edit and add as required:
/etc/bind/db. files for both networks by network name, and numerical reverse lookup
db files in /etc/bind9 are 0644 (rw-r--r--) with root as both owner and group.
IMPORTANT: After all changes do tests using
named-checkzone zonename filename
then force a reload using
then check using
host (hostname only or FQDN)
You would normally use the DNS servers provided by your ISP, but there are Open alternative DNS servers for emergency use at 22.214.171.124 126.96.36.199 and 188.8.131.52
Although any network interface should be able to respond to multiple IPv6 addresses I have found that configuration can be a problem, and only the last will be accepted. More can be added using
ip address add [address]/[address-mask] dev [interface-name]
but they disappear on reboot, so I have started using "crontab -e" as root to add
@reboot root ip addr add [address]/[address-mask] dev [interface-name]
@reboot root ip route add [destination-address]/[address-mask] dev [interface-name]
There is a Unix tutorial for new users at http://www.ee.surrey.ac.uk/Teaching/Unix
Return to foss index
Return to Chrisbell home page
There are too many options and configurations possible to be more specific, please let me know if you think I should change anything above.
webmaster at chrisbell.org.uk