7.3. Debian Post-Boot (Base) Configuration

After booting, you will be prompted to complete the configuration of your basic system, and then to select what additional packages you wish to install. The application which guides you through this process is called base-config. Its concept is very similar to the debian-installer from the first stage. Indeed, base-config consists of a number of specialized components, where each component handles one configuration task, contains “hidden menu in the background” and also uses the same navigation system.

If you wish to re-run the base-config at any point after installation is complete, as root run base-config.

7.3.1. Configuring Your Time Zone

You will first be prompted to configure your time zone. After selecting local vs. GMT hardware clock setting, you will select a region and then a city within that region which is in the same time zone you are. When making selections in these lists, you can type a single letter to take you to the section of the list beginning with that letter.

7.3.2. Setting Up Users And Passwords

7.3.2.1. Shadow Passwords

Depending on a given priority, the system may ask whether you want to enable shadow passwords. This is a system in which your GNU/Linux system is made to be a bit more secure. In a system without shadow passwords, passwords are stored (encrypted) in a world-readable file, /etc/passwd. This file has to be readable to anyone who can log in because it contains vital user information, for instance, how to map between numeric user identifiers and login names. Therefore, someone could conceivably grab your /etc/passwd file and run a brute force attack (i.e. run an automated test of all possible password combinations) against it to try to determine passwords.

If you have shadow passwords enabled, passwords are instead stored in /etc/shadow, which is readable and writable only by root, and readable by group shadow. Therefore, we recommend that you enable shadow passwords.

Reconfiguration of the shadow password system can be done at any time with the shadowconfig program. After installation, see /usr/share/doc/passwd/README.debian.gz for more information.

7.3.2.2. Set the Root Password

The root account is also called the super-user; it is a login that bypasses all security protection on your system. The root account should only be used to perform system administration, and only used for as short a time as possible.

Any password you create should contain at least 6 characters, and should contain both upper- and lower-case characters, as well as punctuation characters. Take extra care when setting your root password, since it is such a powerful account. Avoid dictionary words or use of any personal information which could be guessed.

If anyone ever tells you they need your root password, be extremely wary. You should normally never give your root account out, unless you are administering a machine with more than one system administrator.

7.3.2.3. Create an Ordinary User

The system will ask you whether you wish to create an ordinary user account at this point. This account should be your main personal log-in. You should not use the root account for daily use or as your personal login.

Why not? Well, one reason to avoid using root's privileges is that it is very easy to do irreparable damage as root. Another reason is that you might be tricked into running a Trojan-horse program — that is a program that takes advantage of your super-user powers to compromise the security of your system behind your back. Any good book on Unix system administration will cover this topic in more detail — consider reading one if it is new to you.

Name the user account anything you like. If your name is John Smith, you might use smith, john, jsmith or js. You will also be prompted for the full name of the user, and, like before, a password.

If at any point after installation you would like to create another account, use the adduser command.

7.3.3. Setting Up PPP

You will next be asked whether you wish to install the rest of the system using PPP. If you are installing from CD-ROM and/or are connected directly to the network, you can safely say No and skip this section.

If you do choose to configure PPP at this point, a program named pppconfig will be run. This program helps you configure your PPP connection. Make sure, when it asks you for the name of your dialup connection, that you name it provider.

Hopefully, the pppconfig program will walk you through a pain-free PPP connection setup. However, if it does not work for you, see below for detailed instructions.

In order to setup PPP, you'll need to know the basics of file viewing and editing in GNU/Linux. To view files, you should use more, and zmore for compressed files with a .gz extension. For example, to view README.debian.gz, type zmore README.debian.gz. The base system comes with an editor named nano, which is very simple to use, but does not have a lot of features. You will probably want to install more full-featured editors and viewers later, such as jed, nvi, less, and emacs.

Edit /etc/ppp/peers/provider and replace /dev/modem with /dev/ttyS# where # stands for the number of your serial port. In Linux, serial ports are counted from 0; your first serial port (i.e., COM1) is /dev/ttyS0 under Linux. The next step is to edit /etc/chatscripts/provider and insert your provider's phone number, your user-name and password. Please do not delete the “\q” that precedes the password. It hides the password from appearing in your log files.

Many providers use PAP or CHAP for login sequence instead of text mode authentication. Others use both. If your provider requires PAP or CHAP, you'll need to follow a different procedure. Comment out everything below the dialing string (the one that starts with “ATDT”) in /etc/chatscripts/provider, modify /etc/ppp/peers/provider as described above, and add user name where name stands for your user-name for the provider you are trying to connect to. Next, edit /etc/ppp/pap-secrets or /etc/ppp/chap-secrets and enter your password there.

You will also need to edit /etc/resolv.conf and add your provider's name server (DNS) IP addresses. The lines in /etc/resolv.conf are in the following format: nameserver xxx.xxx.xxx.xxx where the xs stand for numbers in your IP address. Optionally, you could add the usepeerdns option to the /etc/ppp/peers/provider file, which will enable automatic choosing of appropriate DNS servers, using settings the remote host usually provides.

Unless your provider has a login sequence different from the majority of ISPs, you are done! Start the PPP connection by typing pon as root, and monitor the process using plog command. To disconnect, use poff, again, as root.

Read /usr/share/doc/ppp/README.Debian.gz file for more information on using PPP on Debian.

For static SLIP connections, you will need to add the slattach command (from the net-tools package) into /etc/init.d/network. Dynamic SLIP will require the gnudip package.

7.3.4. Configuring APT

The main means that people use to install packages on their system is via a program called apt-get, from the apt package.[5] APT must be configured, however, so that it knows where to retrieve packages from. The helper application which assists in this task is called apt-setup.

The next step in your configuration process is to tell APT where other Debian packages can be found. Note that you can re-run this tool at any point after installation by running apt-setup, or by manually editing /etc/apt/sources.list.

If you are booting from an official CD-ROM, then that CD-ROM should automatically be configured as an apt source without prompting. You will notice this because you will see the CD-ROM being scanned, and then asked if you want to configure another CD-ROM. If you have a multiple CD-ROM set — and most people will — then you should go ahead and scan each of them one by one.

For users without an official CD-ROM, you will be offered an array of choices for how Debian packages are accessed: FTP, HTTP, CD-ROM, or a local file system. For CD-ROM users, you can get to this step by specifically asking to add another source.

You should know that it's perfectly acceptable to have a number of different APT sources, even for the same Debian archive. apt-get will automatically pick the package with the highest version number given all the available versions. Or, for instance, if you have both an HTTP and a CD-ROM APT source, apt-get should automatically use the local CD-ROM when possible, and only resort to HTTP if a newer version is available there. However, it is not a good idea to add unnecessary APT sources, since this will tend to slow down the process of checking the network archives for new versions.

7.3.4.1. Configuring Network Package Sources

If you plan on installing the rest of your system via the network, the most common option is to select the http source. The ftp source is also acceptable, but tends to be a little slower making connections.

The next step during the configuration of network packages sources is to tell apt-setup which country you live in. This configures which of the official Debian Internet mirror network you connect to. Depending on which country you select, you will be given a list of possible machines. Its generally fine to pick the one on the top of the list, but any of them should work.

If you are installing via HTTP, you will be asked to configure your proxy server. This is sometimes required by people behind firewalls, on corporate networks, etc.

Finally, your new network package source will be tested. If all goes well, you will be prompted whether you want to do it all over again with another network source.

7.3.5. Package Installation: Simple or Advanced

You will next be presented with a list of programs you can use to select packages you wish to install. You can choose between the simple way of selecting packages, or the more fine-grained, advanced way. We recommend you start with the simple way, since you can always run the more advanced way at any time.

You should know that for simple installation, base-config is merely invoking the tasksel program. For advanced package installation, the dselect or aptitude program is being run. Any of these can be run at any time after installation to install (or remove) more packages. If you are looking for a specific single package, after installation is complete, simply run apt-get install package, where package is the name of the package you are looking for.

7.3.5.1. Simple Package Selection — The Task Installer

If you chose “simple” installation with tasksel, you will next be thrown into the Task Installer. This technique offers you a number of pre-rolled software configurations offered by Debian. You could always choose, package by package, what you want to install on your new machine. This is the purpose of the dselect program, described below. But this can be a long task with around 12800 packages available in Debian!

So, you have the ability to choose tasks first, and then add on more individual packages later. These tasks loosely represent a number of different jobs or things you want to do with your computer, such as “desktop environment”, “development in C”, or “file server”.

For each task, you can highlight that task and select Task Info to see more information on that task. This will show you an extended description and the list of packages which will be installed for that task. A table showing approximate sizes of the various tasks for planning purposes is in Section B.2, “Disk Space Needed for Tasks”.

Once you've selected your tasks, select Finish. At this point, apt-get will install the packages you've selected. Note, if you did not select any tasks at all, any standard, important, or required priority packages that are not yet present on your system will be installed. This functionality is the same as running tasksel -s at the command line, and currently involves a download of about 37M of archives. You will be shown the number of packages to be installed, and how many kilobytes of packages, if any, need to be downloaded.

Of the 12800 packages available in Debian, only a small minority are covered by tasks offered in the Task Installer. To see information on more packages, either use apt-cache search search-string for some given search string (see the apt-cache(8) man page), or run dselect or aptitude as described below.

7.3.5.2. Advanced Package Selection with dselect

If you are conservative user you'll probably choose the dselect program. The dselect Tutorial is required reading before you run dselect. dselect allows you to select individual packages to be installed on your system. (You have to be the super-user (root) when you run dselect.)

7.3.5.3. Advanced Package Selection with aptitude

Aptitude is a modern program for managing packages. Its gui and keyboard commands somewhat resemble the famous dselect, but it has more bells and whistles attached, so it should not scare new users so much. (You have to try the integrated minesweeper!) aptitude allows you to select individual packages, set of packages matching given criteria (for advanced users), or whole tasks.

The most basic keybindings are:

Key Action
Up, Down Move selection up or down.
Enter Open/collapse/activate item.
+ Mark package for installation.
- Mark package for removal.
d Show package dependencies.
g Actually download/install/remove packages.
q Quit current view.
F10 Activate menu.

For more commands see the online help under the ? key.

Although aptitude is meant to be familiar to the dselect users, it provides much more features and can be customized to a great degree. (You can define you own keybindings, colors and package views). After installation you can explore aptitude capabilities by reading /usr/share/doc/aptitude/README.

7.3.6. Prompts During Software Installation

Each package you selected with either tasksel, aptitude and/or dselect is downloaded, unpacked and then installed in turn by the apt-get and dpkg programs. If a particular program needs more information from the user, it will prompt you during this process. You might also want to keep an eye on the output during the process, to watch for any installation errors (although you will be asked to acknowledge errors which prevented a package's installation).

7.3.7. Configuring Your Mail Transport Agent

Today, email is a very important part of many people's life, so it's no surprise Debian lets you configure your mail system right as a part of the installation process. The standard mail transport agent in Debian is exim4, which is relatively small, flexible, and easy to learn.

You may ask if this is needed even if your computer is not connected to any network. The short answer is: Yes. The longer explanation: Some system utilities (like cron, quota, aide, …) may send you important notices via email.

So on the first screen you will be presented with several common mail scenarios. Choose the one that most closely resembles your needs:

internet site

Your system is connected to a network and your mail is sent and received directly using SMTP. On the following screens you will be asked a few basic questions, like your machine's mail name, or a list of domains for which you accept or relay mail.

mail sent by smarthost

In this scenario is your outgoing mail forwarded to another machine, called a “smarthost”, which does the actual job for you. Smarthost also usually stores incoming mail addresed to your computer, so you don't need to be permanently online. That also means you have to download your mail from the smarthost via programs like fetchmail. This option is suitable for dial-up users.

local delivery only

Your system is not on a network and mail is sent or received only between local users. Even if you don't plan to send any messages, this option is highly recommended, because some system utilities may send you various alerts from time to time (e.g. beloved “Disk quota exceeded”). This option is also convenient for new users, because it doesn't ask any further questions.

no configuration at this time

Choose this if you are absolutely convinced you know what you are doing. This will leave you with an unconfigured mail system — until you configure it, you won't be able to send or receive any mail and you may miss some important messages from your system utilities.

If none of these scenarios suits your needs, or if you need a finer setup, you will need to edit configuration files under the /etc/exim4 directory after the installation is complete. More information about exim4 may be found under /usr/share/doc/exim4.



[5] Note that the actual program that installs packages is called dpkg. However, this package is more of a low-level tool. apt-get will invoke dpkg as appropriate; it is a higher-level too, however, because it knows to install other packages which are required for the package you're trying to install, as well as how to retrieve the package from your CD, the network, or wherever.