2012年8月31日 星期五

syslinux(isolinux) menu

在isdolinux資料夾中

isolinux.cfg:

# D-I config version 2.0
#include menu.cfg
#default vesamenu.c32
#prompt 0
#timeout 100
PROMPT 0
#菜單停留時間,計時單位1/10秒(必填項)
TIMEOUT 0 
#菜單窗口
DEFAULT vesamenu.c32
#指定背景圖大小
#MENU RESOLUTION 800 600
#運行窗口背景圖片(640x480)(必填項)
MENU BACKGROUND splash.png
#字體
FONT myfont.psf    
#菜單欄寬度
MENU WIDTH 60     
#子菜單水平位置,數字越大越往右移 
MENU MARGIN 16    
#幫助文字的垂直位置
MENU HELPMSGROW 11
#菜單條數   這個數值要小於HELPMSGROW TABMSGROW CMDLINEROW TIMEOUTROW 等的數值,否則菜單條不能完全顯示
MENU ROWS 5
#[TAB] 的高度
MENU TABMSGROW     12
#命令行高度
MENU CMDLINEROW 13
#倒計時高度
MENU TIMEOUTROW 14
#方框向右移動
MENU HSHIFT 10
#方框向下移動
MENU VSHIFT 15

#菜單邊框
menu color border           30;44      #FFFFFFdd #00000000 std
#頂部標題文字顏色 其中#FFFFFFFF為前景色,後六位為白色的16進制代碼FFFFFF #00000000為背景色,透明
menu color title            1;36;44    #FFFFFFFF #00000000 none  
#選定子菜單顏色     綠色
menu color sel              30;37      #FF00FF00 #00000000 none
#未選定子菜單顏色   白色
menu color unsel            37;44      #FFFFFFFF #00000000 none
#菜單註釋文字顏色   白色
menu color help             37;40      #FFFFFFFF #00000000 none
#TAB命令行顏色      紅色
menu color cmdline          37;40      #FFFF0000 #00000000 none
#F1顯示顏色         黃
menu color msg07            37;40      #FFFFFF00 #00000000 none
#剩餘時間秒數顏色   紅色
menu color timeout          37;40      #FFFF0000 #00000000 none
#剩餘時間字體顏色   黃
menu color timeout_msg      37;40      #FFFFFF00 #00000000 none
#快捷鍵顏色         黃
menu color hotkey           1;37;44    #ffffff00 #00000000 none
#選定快捷鍵顏色     綠色
menu color hotsel           1;7;37;40  #FF00FF00 #00000000 none
#---------------------------------------------------------------
#設定倒計時 
MENU AUTOBOOT
#設定TAB提示
MENU TABMSG Press Tab can edit comand
#設定頂部標題
MENU TITLE This is whole title     
#---------------------------------------------------------------
LABEL hd0 
#^定義快捷鍵 ...1為快捷鍵
MENU LABEL [^1] Go
#向右縮進2
MENU INDENT 2                 
kernel chain.c32 hd0,1
#默認啟動菜單
MENU DEFAULT  
#---------------------------------------------------------------
LABEL pe
MENU LABEL [^2] Go2
MENU INDENT 10
kernel /boot/bin/H3_LNXXP.BIN
#設定幫助提示,此文字的位置和顯示的效果一樣
TEXT HELP
                  PE 831grldr            
                  NANOPE_V2008  pe.bin
                            
ENDTEXT
#---------------------------------------------------------------
LABEL GHOST
MENU LABEL [^3] GHOST
MENU INDENT 2
kernel /boot/syslinux/memdisk
append initrd=/boot/img/ghostc.img
#---------------------------------------------------------------

2012年8月29日 星期三

xauth (使sudo 可以先導出可forwarding X11)

在一般使用者帳號下打 xauth list 看到 "主機名"/unix:編號 如(hostname/unix:10)

1 先導出可forwarding X11的使用者cookie ($HOME/.Xauthority)

xauth extract outputfile hostname/unix:10
chmod a+r outputfile

其中outputfile就是cookie

2 再把此cookie導入root使用者(/home/root/.Xauthority)

sudo xauth merge outputfile

這樣就可以用sudo process forwarding X11的

(轉)STLinux 平台報告

一、 開發板介紹
Sti7109 開發板是一款參考STB7100設計的,用於機頂盒的開發板。開發板的標識為mb442,網絡接口包含一個名為STMMAC的MAC以及STE100P的 PHY,串口部分包括2個ASC類型的串口,設備名分別為/dev/ttyAS0和/dev/ttyAS1,存儲設備包括一個8MB的flash和一個 32MB的DRAM,內存地址分配如下表所示:
FLASH (1)
RAM (2)
boot code
boot env
memory start
boot  base
0xA0000000-0xA001FFFF
0xA0020000-0xA002FFFF
0x84000000
0x85F00000
boot 代碼保存於flash的零地址開始處,boot環境變量保存於0xa0040000開始處,開發板上電後,將從flash零地址處開始啟動,將代碼解壓至 0x85f00000處,然後再跳至0x85f00000處繼續運行,因此在燒寫內核時,最好把內核燒寫在0xa0030000地址以外。
二、 軟件安裝
1、下載軟件包
從網站上下載STLinux-2.3-sh4_uclibc.iso,網址為
ftp://ftp.stlinux.com/pub/stlinux/2.3ear/iso/
2、掛載ISO文件
命令如下:
mount -o loop,ro -t iso9660 -r /home/hsy/STLinux-2.3-sh4_uclibc.iso /media/cdrom
將文件STLinux-2.3-sh4_uclibc.iso掛載至/media/cdrom
3、安裝
以root用戶安裝
[root@pc007 ~]#cd /media/cdrom
[root@pc007 cdrom]# ./install all-sh4_uclibc
ST軟件將被安裝至/opt/STM/STLinux-2.3
4、stlinux源代碼
安裝完成後,stlinux源代碼位於
/opt/STM/STLinux-2.3/devkit/sources/kernel/linux-sh4-2.6.23.1_stm23_0102
5、交叉編譯器
軟 件安裝好後,在/opt/STM/STLinux-2.3/devkit/sh4_uclibc/bin目錄裡,會有很多交叉編譯器,諸如: sh4-linux-uclibc-ar、sh4-linux-uclibc-gcc、sh4-linux-uclibc-as、sh4-linux- uclibc-nm、sh4-linux-uclibc-objcopy、sh4-linux-uclibc-ld等等。
需要在主機上對環境變量進行設置,命令如下:
export PATH=$PATH: /opt/STM/STLinux-2.3/devkit/sh4_uclibc/bin
三、 源文件修改
1、boot源代碼修改
/lib_sh4/sh4_linux.c中的函數do_boot_linux中,param = 84001000
修改param的目的是為了使得cmdline在boot中加載地址和linux中讀取cmdline的地址一致
2、stlinux修改
/driver/serial/stasc.c中asc_init_port函數,將rate置為100000000;
/driver/net/stmmac/stmmac_main.c 中增加函數static int set_mac_addr(struct net_device *dev, void *addr);增加此函數是為了dev->set_mac_address = &set_mac_addr時有意義,以備其他函數調用dev->set_mac_address;
/driver/net/stmmac/stmmac_main.c中stmmac_associate_phy函數,裡將plat_dat->phy_addr = 2; 此值與硬件設計相關
四、 編譯步驟
1、編譯內核
進入內核源代碼的根目錄下,並在此目錄下進行編譯
第一步清除所有的配置信息
#make mrproper
第二步生成配置文件
#make ARCH=sh mb442_defconfig
第三步修改配置文件
打開配置文件 vi .config
修改配置文件,註釋掉CONFIG_SMS91x,將CONFIG_STMMAC_ETH設置為所支持的設備,內容如下:
# CONFIG_STNIC is not set
# CONFIG_SMSC911x is not set
# CONFIG_SMC91X is not set
CONFIG_NETDEV_1000=y
CONFIG_STMMAC_ETH=y
第四步編譯內核
#make ARCH=sh CROSS_COMPILE=sh4-linux-uclibc- V=1
第五步製作image文件
該步驟完成之後,會在arch/sh/boot下生成zImage
利用zImage來製作可以運行在開發板的image文件
#cp –a arch/sh/boot/zImage /tftpboot
#cd tftpboot
#gzip -9 zImage
#mkimage -A sh4 -O linux -T kernel -C gzip -a 0x84800000 -e 0x84800000 -n 「 linux2.6」 -d zImage.gz vmlinux.ub
參數說明
-A
設置體系結構類型
-O
設置操作系統類型
-T
設置image類型
-C
[i]設置壓縮類型
-a
設置加載地址
-e
設置入口地址
-n
Image命名設置
-d
Image數據來源
2、編譯iboot
#cd iboot/build
#iConfig.exe cosmic668
#cd compile.cosmic668
#make depend
#make
完成之後,在iboot/build/compile.cosmic668目錄下生成iboot.bin
五、 boot介紹
給sti7109板上電後,在控制台上出現命令提示符。sti7109 板的標準輸
入、標準輸出重定位到串口。串口連接到調試主機(Host)上,調試主機是
windows 工作台,採用Windows 超級終端(如果調試主機是Linux 服務器,採用
MiniCOM)。串口的連接設置為:波特率115200,數據位8,奇偶校驗無,停止位
流控無。
1、boot的啟動
供電後,iboot將自動啟動,在其終端輸出如下內容:
Boot 0.1.0 (May 18 2008 - 19:36:10)
DRAM: 32 MB
CFI:20:22fd:800000
In: serial
Out: serial
Err: serial
Net: Using MAC Address 48:59:48:45:FF:FF
phy[2:1c04:11]: STE100P found
Hit any key to stop autoboot: 2
2、進入boot模式
若在boot啟動2秒鐘之內按任意鍵,將終止自動啟動,串口輸出如下內容:
=== boot menu (NET) ===
b) update boot
k) update kernel
d) update data
s) switch between NET and CON
q) quit to iBoot mode
r) reset
Please input:
輸入q,將進入iboot模式,串口輸出如下所示:
Boot#
3、boot常用命令
在boot模式下,輸入help或者字符『?』,再輸入回車後,boot將打印出所有的命令,以及個命令的含義。
4、boot的升級
如果需要升級boot,首先將編譯好的boot.bin文件複製到tftp服務器的目錄中,然後將開發板復位,進入boot menu模式,按照選項提示,輸入字符』b',並按回車鍵即可完成升級。
六、 NFS文件系統
1、NFS配置文件
修改NFS的配置文件,位於根目錄下 /etc 目錄中,文件名為exports。
打開文件exports:
#vi /etc/exports
輸入如下語句:
/tmp/target *(rw,no_root_squash,async)
意思是將本機上的/tmp/target文件夾設置為nfs的根目錄,*代表所有客戶,()裡面是配置選項,保存並退出,然後重新啟動nfs即可。
2、啟動NFS服務器
啟動nfs服務器,命令語句如下:
#service portmap start
#service nfs start
#service nfslock start
若要重新啟動,命令語句如下:
#service portmap restart
#service nfs restart
#service nfslock restart
七、 加載linux內核
下面的幾步,需要在iboot運行於開發板後,在iboot的終端界面下做:
1、設置環境變量
#set serverip 192.168.88.107
#set ipaddr 172.16.88.97
#set gatewayip 192.168.88.1
#set netmask 255.255.255.0
#set ethaddr 48:59:48:45:FF:FF
2、加載linux至ram
#tftp 84001000 vmlinux.ub
加載vmlinux.ub至84001000 地址,此地址為ram地址
3、加載linux至flash
#tftp a0080000 vmlinux.ub
加載vmlinux.ub至84001000 地址,此地址為flash地址
4、保存環境變量
#saveenv
八、 運行linux
在boot控制終端上進行設置如下:
1、設置cmdline
#set bootargs 『console ttyAS0,115200 root=/dev/nfs nfsroot=/tmp/target rw ip=172.16.88.97:192.168.88.107:172.16.0.1:255.255.0.0:STi7109:eth0:off mem=64m bigphysarea=6000 coprocessor_mem=4m@0x10000000,4m@0x10400000 nwhwconf=device:eth0,hwaddr:48:59:48:45:aa:bb'
此cmdline僅用於設置內核通過nfs方式啟動
2、環境變量
#bootcmd=bootm A0080000
保存環境變量
#Saveenv
3、啟動linux
若將linux內燒寫至flash,地址與bootcmd的地址一致,在少些完成後,可以直接執行下面的命令啟動linux:
#boot
若將linux內載入至ram中,假設載入的地址為84001000,或者燒寫內核至flash的其他地址中,假設為a0060000,則需要輸入如下名令來啟動linux:
#bootm 84001000
或者
#bootm a0060000

(轉)Linux-開機流程介紹1-boot loader與kernel 載入

開機不是只要按一下電源鈕而關機只要關掉電源鈕就可以了嗎?有何大學問?話是這樣沒錯啦,但是由於 Linux 是一套多人多工的作業系統,你難保你在關機時沒有人在線上,如果你關機的時候碰巧一大群人在線上工作, 那會讓當時在線上工作的人馬上斷線的!那不是害死人了!一些資料可是無價之寶哩!
  另外,與 DOS 環境不同的是, Linux 在執行的時候,雖然你在畫面上只會看到黑壓壓的一片,完全沒有任何畫面, 但其實他是有很多的程式在背景底下執行的,例如登錄檔管控程式、前面兩章提到的例行性命令, 當然還有一大堆網路服務,如郵件伺服器、WWW伺服器等等。你如果隨便關機的話, 是很容易傷害硬碟及資料傳輸的動作的!所以在 Linux 下關機可是一門大學問喔。
  既然開機是很嚴肅的一件事,呵呵,那我們來瞭解一下整個開機的過程吧! 好讓大家比較容易發現開機過程裡面發生錯誤的地方,與解決之道!不過,由於開機的過程中,那個開機管理程式 ( Boot Loader ) 使用的軟體可能不一樣,例如目前各大 Linux distributions 的主流為 grub, 但早期 Linux 預設是使用 LILO ,台灣地區則很多朋友喜歡使用 spfdisk 。 但無論如何,我們總是得要瞭解整個 boot loader 的工作情況,才能瞭解為何進行多重開機的設定時, 為何老是聽人家講要先安裝 Windows 再安裝 Linux 的原因~
  我們先來想一想, Linux 整個開機的程序是怎樣呢?還記得我們提過,開機時要載入核心, 讓核心來驅動整個硬體,這樣才能算是一個最陽春、最基礎的作業系統吧?然後才能夠執行各種程式的運作。 同樣的,開機的流程也是需要先載入核心的。不過,載入核心前,卻需要一些前置作業,才能夠正確無誤的載入核心嘛! 所以,整個開機的程序是這樣的:
  1. 載入 BIOS 的硬體資訊,並取得第一個開機裝置的代號;
  2. 讀取第一個開機裝置的 MBR 的 boot Loader (亦即是 lilo, grub, spfdisk 等等) 的開機資訊;
  3. 載入 Kernel 作業系統核心資訊, Kernel 開始解壓縮,並且嘗試驅動所有硬體裝置;
  4. Kernel 執行 init 程式並取得 run-level 資訊;
  5. init 執行 /etc/rc.d/rc.sysinit 檔案;
  6. 啟動核心的外掛模組 (/etc/modprobe.conf);
  7. init 執行 run-level 的各個批次檔( Scripts );
  8. init 執行 /etc/rc.d/rc.local 檔案;
  9. 執行 /bin/login 程式,並等待使用者登入;
  10. 登入之後開始以 Shell 控管主機。
(評論:linux開機順序,第一先讀bios,讀取硬件信息,然後根據bios的設定讀取第一個硬盤的master boot record即MBR。MBR中安裝有boot loader,boot loader解釋核心的文件系統並且指向系統核心的文件。通過boot loader解壓縮系統核心,並將系統核心加載到內存中。總之,系統先讀bios,再根據bios讀取硬盤的MBR,再根據MBR中的boot loader分析系統核心的文件系統。並指向系統核心。
雖然以上分析很複雜,但是管理員接觸就只是grub和lilo等開機程序而已。grub是安裝在MBR內一個小程序,這個小程序能夠認識核心的文件系統。

  大概的流程就是上面寫的那個樣子啦,而每一個程序的內容主要是在幹嘛呢?底下就分別來談一談吧!
  boot loader 與 kernel 載入
  由第一篇裡面談到的一些基礎的主機硬體概念當中,我們知道整個主機在開機的時候,第一個被讀取的地方, 就是 BIOS ( Basic Input Output System ) 啦,這個 BIOS 裡面記錄了主機板的晶片組與相關的設定, 例如 CPU 與周邊設備的溝通時脈啊、開機裝置的搜尋順序啊、硬碟的大小與類型啊、 系統時間啊、各周邊匯流排的是否啟動 Plug and Play (PnP, 隨插即用裝置) 啊、 各周邊設備的 I/O 位址啊、以及與 CPU 溝通的 IRQ 岔斷等等的資訊都記錄在此, 所以囉,系統要順利的開機,首先就是要去讀取 BIOS 的相關設定值了。
  讀取了 BIOS 設定值之後,系統會根據 BIOS 的資料,進行開機自我測試 (power on self test, POST), 然後開始執行硬體偵測的初始化,並設定 PnP 裝置,之後再定義出可開機的裝置, 之後就會開始進行開機裝置的資料讀取了 (MBR 相關的任務開始)。
  讀完了 BIOS 並且瞭解了主要的主機硬體相關資訊後,主機便會開始嘗試由儲存媒體載入作業系統了。 我們剛剛提到 BIOS 會記錄『可用來開機的裝置搜尋順序』對吧!所以,系統會開始去第一個開機裝置上面進行開機程序。 我們在第二篇的 磁碟檔案系統(filesystem) 當中提到過整個儲存裝置的特性, 如果以硬碟來看,那麼開機流程讀到硬碟的過程中,第一個要讀取的就是該硬碟的主要開機磁區 (Master Boot Record, MBR) 了,而系統可以由主要開機區所安裝的開機管理程式 (boot loader) 開始執行核心辨識的工作。
  
Tips:
  我們知道每顆硬碟的第一個磁區稱為 MBR ,那麼如果我的主機上面有兩顆硬碟的話, 系統會去哪顆硬碟的 MBR 讀取資料呢?這個就得要看 BIOS 的設定了。 基本上,我們常常講的『系統的 MBR'其實指的是 第一個開機裝置的 MBR 才對! 所以,改天如果您要將開機管理程式安裝到某顆硬碟的 MBR 時, 要特別注意當時系統的『第一個開機裝置』是那個,否則會安裝到錯誤的硬碟上面喔!重要重要!   
  那麼為什麼要在 MBR 安裝 boot loader 呢?而這個 boot loader 有什麼功能呢? 還記得我們在第二篇提到的 磁碟檔案系統 吧? 我們的作業系統核心必須要認識磁碟檔案系統才能讀取裡面的資料啊, 但是整個系統才剛剛到開機起頭的地方而已,要如何認識磁碟檔案格式呢? 那就得要藉由 boot loader 來輔助啦!所以囉,當然必須要有 boot loader 才有辦法載入 Linux 的核心 (kernel) 啊!由於 boot loader 的特殊功能,因此,想要載入 Linux 核心時, 當然得使用支援 Linux filesystem 的 boot loader 了,目前主流的 grub 這套開機管理程式, 不但可以支援 Linux ,同時也支援 Windows 相關的核心系統呢!
  好了,先再來回憶一下,如果你是以 grub 程式開機的話,那麼在開機的時候會顯示什麼資料呢?呵呵! 會顯示蠻多的開機選單,沒錯~就是『選單』,然後選擇了你的選擇項目之後, 系統就會跑到該磁區去讀取該作業系統的核心囉!呵呵!所以一個好的 boot loader 會具有兩個功能,就是:
  * 選單功能 (menu)
  * 指向功能 (pointer)
作業系統的核心在硬盤上,管理員通過grub這個小程序操作核心系統的文件,開啟整個操作系統。
一個boot loader引導一個操作系統,如果是windows和linux並存,則是兩個boot loader引導兩個操作系統,開機管理程式boot loader除了可以安裝在MBR之外, 還可以安裝在每個分割槽的開機磁區(boot sector),通過MBR內boot loader的選項,管理員可以選擇指向另一個分區的boot loader,這另一個boot loader在另一個分區的boot sector內,這就是多重開機原理。
  再來強調一下,因為 Windows 與 Linux 的檔案格式不一樣?! 為了載入系統核心,所以必須要安裝認識我們作業系統的 loader, 而 Linux 的 loader ( lilo 或 grub ) 是可以認識 windows 的核心檔案的,但是 Windows 的 loader 卻不認識 Linux 的核心檔案,因此,作為一個多重開機的設定 loader ,就無法使用 Windows 所提供的 loader 囉!由於需要讓系統認識你的 kernel ,因此,就需要 boot loader 啦!這樣想就對啦!
安裝windows操作系統時,windows操作系統的boot loader會將MBR中的內容全部覆蓋掉,所以在安裝多重操作系統時,最好先安裝windows,再安裝linux,如果先安裝linux,則 windows會把linux的boot loader覆蓋掉,導致linux無法開機。
  好了,當我們藉由 boot loader 的管理而開始讀取核心檔案後,接下來, Linux 就會將核心解壓縮到主記憶體當中, 並且利用核心的功能,開始測試與驅動各個周邊裝置,包括儲存裝置、CPU、網路卡、音效卡等等。 那麼核心檔案在哪裡啊?一般來說,他會被放置到 /boot 裡面, 並且取名為 /boot/vmlinuz 才對!
  在載入核心的過程當中,我們必須要知道的是,系統只會『掛載根目錄』而已,而且是以唯讀的方式掛載的。 此外,有時為了讓某些功能可以用檔案的方式來讀取,因此,有的系統在開機的時候, 會製作所謂的虛擬硬碟 (RAM Disk) 來輔助的,那就是 initrd 以及 linuxrc 的功用了。 利用 boot loader 的功能,可以在載入核心的時候,一起載入 initrd 的映像檔 (/boot/initrd-xxxx.img), Linux 系統會主動的以 initrd (man 4 initrd) 來進行虛擬硬碟的建置, 並且利用 linuxrc (包含在 initrd 的映像檔內) 這個程式的功能來進行載入模組的動作。 linuxrc 主要的特性是:
  * 必須是 linuxrc 這個檔名;
  * 必須放置在 initrd 所建立的虛擬磁碟的最頂層目錄;
  * 必須要可以被核心所執行。
  在核心驅動周邊硬體的工作完成之後, initrd 所建立的虛擬磁碟就會被移除了! 不過您要注意的是, initrd 並非必要的,是可有可無的,要看您當初建立該核心的時候, 整個編譯的角度與過程。一般來說,各大 Linux distributions 在建立核心時, 都會一起建立出這個 initrd 的映像檔,輔助開機的順利進行。
  總之,在這個過程當中, boot loader 可以找到 Linux 的核心檔案並且將他載入到主記憶體當中, 同時可能可以藉由 initrd 建立起虛擬硬碟 (RAM Disk) 輔助開機的進行, 最後,將讀自 BIOS 的主機硬體資料交由 Linux 核心來進行偵測並且載入適當的驅動程式 (driver) ,就讓整個主機硬體準備系統的要求了。整個流程有點像這樣:


在核心完整的載入後,您的主機應該就開始正確的運作了,接下來,就是要開始執行系統的第一支程式: init。

init是Linux系統操作中不可缺少的程序之一。 是一個由內核啟動的用戶級進程。

  內核啟動(已經被載入內存,開始運行,並已初始化所有的設備驅動程序和數據結構等)之後,就通過啟動一個用戶級程序init的方式來啟動其他用戶級的進程或服務。所以,init始終是第一個進程(其PID始終為1)。

  內核會在過去曾使用過init的幾個地方查找它,它的正確位置(對Linux系統來說)是/sbin/init.如果內核找不到init,它就會試著運行/bin/sh,如果運行失敗,系統的啟動也會失
敗。
====================
  在核心載入完畢之後,此時系統應該就已經準備妥當,等待程式的執行了。而整個 Linux 系統當中第一支被執行的程式就是『 /sbin/init 』囉~這也是我們在前一章使用 ps aux |more 時, 看到第一行所顯示的程序內容 (PID 為 1 的那行啦) ! init 這支程式所做的工作相當的多, 他除了利用設定檔『 /etc/inittab 』來取得開機的等級 ( Run level ) 之外,還會經由這個 run level 的設定值來進行不同的開機服務項目的啟動。
  那麼什麼是 run level 呢?他有什麼功用啊?其實很簡單啦, Linux 就是藉由設定 run level 來規定系統使用不同的服務來啟動,讓 Linux 的使用環境不同。基本上,依據有無網路與有無 X Window 而將 run level 分為六個等級,分別是:
  * 0 - halt (系統直接關機)
  * 1 - single user mode (單人維護模式,用在系統出問題時的維護)
  * 2 - Multi-user, without NFS (類似底下的 runlevel 3,但無 NFS 服務)
  * 3 - Full multi-user mode (完整的含有網路功能的純文字模式)
  * 4 - unused (系統保留功能)
  * 5 - X11 (與 runlevel 3 類似,但使用 X Window)
  * 6 - reboot (重新開機)
  由於 run level 0, 4, 6 不是關機、重新開機就是系統保留的,所以:『 您當然不能將預設的 run level 設定為這三個值 』, 否則系統就會不斷的自動關機或自動重新開機....
  好了,那麼我們開機時,到底是如何取得系統的 run level 的?呵呵!當然是 /etc/inittab 所設定的囉! 那麼 /etc/inittab 到底有什麼資訊呢?我們先來看看這個檔案的內容好了:
  [root@linux ~]# vi /etc/inittab
  # 設定系統開機預設的 run level 設定項目:
  id:3:initdefault:
  # 開始進行 run level 的服務啟動前,使用來偵測與初始化系統環境的設定檔:
  si::sysinit:/etc/rc.d/rc.sysinit
  # 7 個不同 run level 的,需要啟動的服務的 scripts 放置路徑:
  l0:0:wait:/etc/rc.d/rc 0
  l1:1:wait:/etc/rc.d/rc 1
  l2:2:wait:/etc/rc.d/rc 2
  l3:3:wait:/etc/rc.d/rc 3
  l4:4:wait:/etc/rc.d/rc 4
  l5:5:wait:/etc/rc.d/rc 5
  l6:6:wait:/etc/rc.d/rc 6
  # 是否允許按下 [ctrl]+[alt]+[del] 就重新開機的設定項目:
  ca::ctrlaltdel:/sbin/shutdown -t3 -r now
  # 本機端終端機啟動的個數:
  1:2345:respawn:/sbin/mingetty tty1
  2:2345:respawn:/sbin/mingetty tty2
  3:2345:respawn:/sbin/mingetty tty3
  4:2345:respawn:/sbin/mingetty tty4
  5:2345:respawn:/sbin/mingetty tty5
  6:2345:respawn:/sbin/mingetty tty6
  # 在 X Window (run level 5) 環境下的啟動 script 設定項目:
  x:5:on
ce:/etc/X11/prefdm -nodaemon
  這個檔案的語法是這樣的:
  [設定項目]:[run level]:[init 的動作行為]:[指令項目]
  1. 設定項目:
  最多四個字元,代表 init 的主要工作項目,只是一個簡單的代表說明。
  2. run level:
  該項目在哪些 run level 底下進行的意思。如果是 35 則代表 runlevel 3 與
  5 都會執行。
  3. init 的動作項目:
  主要可以進行的動作項目意義有:
 
   respawn:表示init應該監視這個進程,即使其結束後也應該被重新啟動。

  wait:init應該運行這個進程一次,並等待其結束後再進行下一步操作。

  once:init需要運行這個進程一次。

  boot:隨系統啟動運行,所以runlevel值對其無效。

  bootwait:隨系統啟動運行,並且init應該等待其結束。

  off:沒有任何意義。

  initdefault:系統啟動後的默認運行級別;由於進入相應的運行級別會激活對應級別的進程,所以對其指定process字段沒有任何意義。如果inittab文件內不存在這一條記錄,系統啟動時在控制台上詢問進入的運行級。

  sysinit:系統啟動時準備運行的命令。比如說,這個命令將清除/tmp.可以查看/etc/rc.d/rc.sysinit腳本瞭解其運行了那些操作。

  powerwait:允許init在電源被切斷時,關閉系統。當然前提是有U P S和監視U P S並通知init電源已被切斷的軟件。RH linux默認沒有列出該選項。

  powerfail:同powerwait,但init不會等待正在運行的進程結束。RH linux默認沒有列出該選項。

  powerokwait:當電源監視軟件報告「電源恢復」時,init要執行的操作。

  powerfailnow:檢測到ups電源即將耗盡時,init要執行的操作,和powerwait/powerfail不同的喲。

   ctrlaltdel:允許init在用戶於控制台鍵盤上按下Ctrl + Alt + Del組合鍵時,重新啟動系統。注意,如果該系統放在一個公共場所,系統管理員可將Ctrl + Alt + Del組合鍵配置為別的行為,比如忽略等。我是設置成打印一句罵人的話了^o^. kbrequest:監視到特定的鍵盤組合鍵被按下時採取的動作,現在還不完善。

  ondemand:A process marked with an ondemand runlevel will be executed whenever the specified ondemand runlevel is called. However, no runlevel change will occur (ondemand runlevels are 『a', 『b',and 『c'),(英語太菜,那個however不知道該怎麼翻譯才好。慚愧!)


  4. 指令項目:
  亦即應該可以進行的指令,通常是一些 script 囉。
  所以我們可以得到這樣的結論:
  * 如果不想讓使用者利用 [crtl]+[alt]+[del] 來重新啟動系統,可以將底下這一行註解掉:
  ca::ctrlaltdel:/sbin/shutdown -t3 -r now
  * 規定開機的預設 run level 是純文字 (3) 或者是具有圖形介面 (X Window, 5) ,可經由 『 id:3:initdefault: 』那個數字來決定! 以鳥哥自己這個檔案為例,我是使用純文字喔!
  所以說,你現在會自行修改登入時的預設 run level 設定值了嗎?夠簡單的吧? 一般來說,我們預設都是 3 或者是 5 來作為預設的 run level 的。但有時後可能需要進入 run level 1, 也就是單人維護模式的環境當中。這個 run level 1 有點像是 Windows 系統當中的『安全模式』啦, 專門用來處理當系統有問題時的操作環境。此外,當系統發現有問題時,舉例來說,不正常關機造成 filesystem 的不一致現象時,系統會主動的進入單人維護模式呢!
  好了, init 在取得 run level 之後,接下來要幹嘛? 上面 /etc/inittab 檔案內容不是有提到 sysinit 嗎?嘿嘿!準備初始化系統了吧!
 
init 處理系統初始化流程 (/etc/rc.d/rc.sysinit)
  還記得上面提到 /etc/inittab 裡頭有這一句『 si::sysinit:/etc/rc.d/rc.sysinit 』吧? 這表示:『我開始載入各項系統服務之前,得先做好整個系統環境,我主要利用 /etc/rc.d/rc.sysinit 這個 shell script 來設定好我的系統環境的。』夠清楚了吧? 所以,我想要知道到底 FC4 開機的過程當中幫我進行了什麼動作, 就得要仔細的分析 /etc/rc.d/rc.sysinit 囉。
  Tips:
  老實說,這個檔案的檔名在各不同的 distributions 當中都不相同, 例如 SuSE server 9 就使用 /etc/init.d/boot 與 /etc/init.d/rc 來進行的。 所以,你最好還是自行到該檔案去察看一下系統的工作喔! ^_^ 
  
  /etc/rc.d/rc.sysinit 主要的工作大抵有這幾項:
  1. 取得網路環境與主機類型:
  首先讀取網路設定檔 /etc/sysconfig/network ,取得主機名稱與預設通訊閘 (gateway) 等網路環境。
  2. 測試與掛載記憶體裝置 /proc 及 USB 裝置 /sys:
  除掛載記憶體裝置 /proc 之外,還會主動偵測系統上是否具有 usb 的裝置, 若有則會主動載入 usb 的驅動程式,並且嘗試掛載 usb 的檔案系統。
  3. 決定是否啟動 SELinux :
  近期以來,很多 distributions 都加入了美國國家安全局發展的 Security Enhance Linux 套件, 這個 SELinux 可以更加強化 Linux 操作環境的安全性,不過,由於安全掛帥, 對於新手來說,不是很容易上手。因此,我們才會建議大家先不要啟動啊。無論如何, 在這個階段我們可以分析 SELinux 是否要啟動。
  4. 周邊設備的偵測與 Plug and Play (PnP) 參數的測試:
  根據核心在開機時偵測的結果 (/proc/sys/kernel/modprobe ) 開始進行 ide / scsi / 網路 / 音效 等周邊設備的偵測,以及利用以載入的核心模組進行 PnP 裝置的參數測試。
  5. 使用者自訂模組的載入
  使用者可以在 /etc/sysconfig/modules/*.modules 加入自訂的模組, 則此時會被載入到系統當中喔!
  6. 載入核心的相關設定:
  系統會主動去讀取 /etc/sysctl.conf 這個檔案的設定值,使核心功能成為我們想要的樣子。
  7. 設定系統時間 (clock):
  8. 設定終端機 (console) 字形:
  9. 設定 RAID 與 LVM 等硬碟功能:
  10. 以 fsck 檢驗磁碟檔案系統:
  11. 進行磁碟配額 quota 的轉換 (非必要):
  12. 重新以可讀取模式掛載系統磁碟:
  13. 啟動 quota 功能:
  14. 啟動系統亂數裝置 (產生亂數功能):
  15. 清除開機過程當中的暫存檔案:
  16. 將開機相關資訊載入 /var/log/dmesg 檔案中。
  如此一來,在 /etc/rc.d/rc.sysinit 就已經將基本的系統設定資料都寫好了,也將系統的資料設定完整! 而如果你想要知道到底開機的過程中發生了什麼事情呢?那麼就使用 dmesg 就可以知道囉。 另外,基本上,在這個檔案當中所進行的很多工作的預設設定檔,其實都在 /etc/sysconfig 當中呢! 所以,請記得將 /etc/sysconfig 內的檔案好好的瞧一瞧喔! ^_^
  在這個過程當中,比較值得注意的是自訂模組的載入!在 FC4 當中,如果我們想要載入核心模組的話, 可以將整個模組寫入到 /etc/sysconfig/modules/*.modules 當中,在該目錄下, 只要記得檔名最後是以 .modules 結尾即可。 這個過程是非必要的,因為我們目前的預設模組實在已經很夠用了,除非是您的主機硬體實在太新了, 非要自己載入新的模組不可,否則,在經過 /etc/rc.d/rc.sysinit 的處理後, 你的主機系統應該是已經跑得很順暢了啦!就等著你將系統相關的服務與網路服務啟動囉!
 
啟動系統服務與相關啟動設定檔 (/etc/rc.d/rc.n & /etc/sysconfig)
  載入核心讓整個系統準備接受指令來工作,然後再經過 /etc/rc.d/rc.sysinit 的系統模組與相關硬體資訊的初始化後,你的 FC4 系統應該已經順利工作了。 只是,我們還得要啟動系統所需要的各項『服務』啊!這樣主機才能提供我們相關的網路或者是主機功能嘛! 這個時候,依據我們在 /etc/inittab 裡面提到的 run level 設定值,就可以來決定啟動的服務項目了。 舉例來說,使用 run level 3 當然就不需要啟動 X Window 的相關服務囉,您說是吧?
  那麼各個不同的 run level 服務啟動的各個 shell script 放在哪?還記得 /etc/inittab 裡面提到的:
  l0:0:wait:/etc/rc.d/rc 0
  l1:1:wait:/etc/rc.d/rc 1
  l2:2:wait:/etc/rc.d/rc 2
  l3:3:wait:/etc/rc.d/rc 3
  l4:4:wait:/etc/rc.d/rc 4
  l5:5:wait:/etc/rc.d/rc 5
  l6:6:wait:/etc/rc.d/rc 6
  上面提到的就是各不同 run level 放置的目錄啦!舉例來說, run level 3 的啟動目錄就是放在 /etc/rc.d/rc3.d 目錄當中囉~當然啦,不同的 distributions 這個目錄可能會有差異, 所以,您還是得要自行到 /etc/inittab 裡面瞧一瞧先!那麼在這個目錄當中有什麼咚咚啊? 我們先以鳥哥自己的宿舍的 FC4 主機裡頭的 run level 3 的啟動目錄瞧一瞧:
  [root@linux ~]# ls -l /etc/rc.d/rc3.d
  lrwxrwxrwx  1 root root 13 Jun 29 01:05 K01yum -> ../init.d/yum
  lrwxrwxrwx  1 root root 19 Jun 29 01:05 K02haldaemon -> ../init.d/haldaemon
  .....中間省略......
  lrwxrwxrwx  1 root root 17 Sep 16 14:09 S01sysstat -> ../init.d/sysstat
  lrwxrwxrwx  1 root root 17 Jun 29 01:05 S10network -> ../init.d/network
  lrwxrwxrwx  1 root root 16 Jun 29 01:05 S12syslog -> ../init.d/syslog
  .....中間省略......
  lrwxrwxrwx  1 root root 11 Jun 25 08:27 S99local -> ../rc.local
  在這個目錄下的檔案很有趣,全部都是以 S 或者是 K 為開頭的檔案,而且全部都是連結檔, 連結到 /etc/rc.d/init.d 裡面的 shell script 呢!而在 /etc/rc.d/init.d 這個目錄其實與 /etc/init.d 是一樣的,因為這兩個目錄是連結檔啊!要注意的是,在 /etc/rc.d/init.d/ 底下的 shell scripts 都使用 case.....esac 的語法,而且支援的變數 ($1) 主要有 start 及 stop , 相關的 shell script 請您回到第三篇去複習。所以,一般來說,如果我們想要啟動一些系統服務,例如啟動 atd , 需要使用:
  /etc/rc.d/init.d/atd start (也可以用 /etc/init.d/atd start)
  如果是關閉該服務,就是使用:
  /etc/rc.d/init.d/atd stop
  瞭解鳥哥想要表達的東西了嗎?是的~如果我想要在 run level 3 的環境下執行某個服務, 當然就得要將該服務寫入 /etc/rc.d/rc3.d 裡面去,而既然我們的服務已經在 /etc/rc.d/init.d 裡面建立好了, 自然可以使用連結的方式連結到 /etc/rc.d/init.d/ 內的相關的 shell script 啦。不過,為瞭解決 start 或 stop 這個變數,因此就有了 S 與 K 開頭的檔名了。
  另外,各不同的服務其實還是互有關係的,舉例來說,如果要啟動 WWW 服務,總是得要有網路吧? 所以囉, /etc/rc.d/init.d/network 就會比較先被啟動啦!那麼您就會知道在 S 或者是 K 後面接的數字是啥意思了吧?嘿嘿,那就是執行的順序啦!所以說:
  * 在 /etc/rc.d/rc3.d 內的,以 S 為開頭的檔案,為開機時,需要『啟動, start'的服務;
  * 在該目錄內的 K 為開頭的檔案,為『關機時需要關閉的服務, stop'的檔案連結;
  * 在 S 與 K 後面接的數字,代表該檔案被執行的順序。
  舉例來說,在上表當中, S10network 指向 ../init.d/network ,代表:開機時,執行『 /etc/rc.d/init.d/network start 』的意思,而 S12syslog 則代表開機時執行『 /etc/rc.d/init.d/syslog start 』的意思,且 S10network 要比 S12syslog 還要早執行喔! 所以囉,看到最後一個被執行的項目是啥?呵呵!沒錯,就是 S99local ,亦即是: /etc/rc.d/rc.local 這個檔案啦!
  好了,那麼問題來了,我要如何建立 /etc/rc.d/init.d 裡面的檔案呢? 很簡單啊,看一下 /etc/rc.d/init.d/atd 的內容就知道了,而更多的 services 啟動與相關說明,我們會在後續的 認識系統服務 詳談。 而將 /etc/rc.d/init.d/ 連結到 /etc/rc.d/rc3.d 的方法,除了手動建立外, 其實我們都是以 chkconfig 這個程式來進行管理的呢!更多的 chkconfig 請參考認識系統服務那一章。

 
 

samba server

1. 安装samba
$ sudo apt-get install samba
$ sudo apt-get install smbfs

2. 配置samba
$ sudo vi /etc/samba/smb.conf 在「#   security = user」這行的下面添加:
security = user
username map = /etc/samba/smbusers

把「workgroup = WORKGROUP」這行修改為:
workgroup =你的家目錄
在下面添加如下三行:
display charset = UTF-8
unix charset = UTF-8
dos charset = cp936
在文件的最後添加如下幾行(中文要替換):
[Share]
comment = Shared Folder with username and password
path = /home/用戶名/share
public = yes
writable = yes
valid users = 允許訪問的用戶名
create mask = 0700
directory mask = 0700
force user = nobody
force group = nogroup
available = yes
browseable = yes

3. 設置訪問權限
sudo smbpasswd -a 允許訪問的用戶名
如果「允許訪問的用戶名」不存在,需要先添加這個用戶:
sudo useradd 允許訪問的用戶名

$ sudo vi /etc/samba/smbusers
添加這一行:
new = 「network username」

4. 重啟samba
sudo smbd restart
sudo nmbd restart


Samba 可以用 smbclient -L //127.0.0.1 -U 使用者 來查詢

用mount方式來掛上檔案
sudo mount //位置/目錄 /mnt/samba -o username=使用者,password=密碼,uid=使用者,gid=群組,rw

smbstatus可以知道有什麼人連入你的samba server

Linux常用指令

系統
# uname -a               # 查看內核/操作系統/CPU信息
# head -n 1 /etc/issue   # 查看操作系統版本
# cat /proc/cpuinfo      # 查看CPU信息
# hostname               # 查看計算機名
# lspci -tv              # 列出所有PCI設備
# lsusb -tv              # 列出所有USB設備
# lsmod                  # 列出加載的內核模塊
# env                    # 查看環境變量
資源
# free -m                # 查看內存使用量和交換區使用量
# df -h                  # 查看各分區使用情況
# du -sh <目錄名>        # 查看指定目錄的大小
# grep MemTotal /proc/meminfo   # 查看內存總量
# grep MemFree /proc/meminfo    # 查看空閒內存量
# uptime                 # 查看系統運行時間、用戶數、負載
# cat /proc/loadavg      # 查看系統負載
磁盤和分區
# mount | column -t      # 查看掛接的分區狀態
# fdisk -l               # 查看所有分區
# swapon -s              # 查看所有交換分區
# hdparm -i /dev/hda     # 查看磁盤參數(僅適用於IDE設備)
# dmesg | grep IDE       # 查看啟動時IDE設備檢測狀況
網絡
# ifconfig               # 查看所有網絡接口的屬性
# iptables -L            # 查看防火牆設置
# route -n               # 查看路由表
# netstat -lntp          # 查看所有監聽端口
# netstat -antp          # 查看所有已經建立的連接
# netstat -s             # 查看網絡統計信息
進程
# ps -ef                 # 查看所有進程
# top                    # 實時顯示進程狀態
用戶
# w                      # 查看活動用戶
# id <用戶名>            # 查看指定用戶信息
# last                   # 查看用戶登錄日誌
# cut -d: -f1 /etc/passwd   # 查看系統所有用戶
# cut -d: -f1 /etc/group    # 查看系統所有組
# crontab -l             # 查看當前用戶的計劃任務

2012年8月28日 星期二

pure-ftpd argument

Here are the recognized switches:

- '-0': when a file is uploaded and there is already a previous version of the
file with the same name, the old file will neither get removed nor truncated.
Upload will take place in a temporary file and once the upload is complete,
the switch to the new version will be atomic. For instance, when a large PHP
script is being uploaded, the web server will still serve the old version and
immediatly switch to the new one as soon as the full file will have been
transfered.

- '-1': log the PID of each session in syslog output.

- '-4': only listen to IPv4 connections.

- '-6': don't listen to IPv4, only listen to IPv6.

- '-a <gid>': Authenticated users will be granted access to their home
directory and nothing else (chroot) . This is especially useful for users
without shell access, for instance, WWW-hosting services shared by several
customers. Only member of group number <gid> will have unrestricted access
to the whole filesystem. So add a "staff", "admin" or "ftpadmin" group and
put your trusted users in. <gid> is a NUMERIC group number, not a group name.
This feature is mainly designed for system users, not for virtual ones.

Note: 'root' (uid 0) always has full filesystem access.

If you want to chroot() everyone, but root, use the following flag:

- '-A': chroot() everyone, but root. There's no such thing as a trusted
group. '-A' and '-a <gid>' are mutually exclusive.

- '-b': Ignore parts of RFC standards in order to deal with some totally
broken FTP clients, or broken firewalls/NAT boxes. Also, non-dangling
symoblic links are shown as real files/directories.

- '-B': Have the standalone server start in background (daemonization).

- '-c <number of clients>': Allow a maximum of clients to be connected. For
instance '-c 42' will limit access to simultaneous 42 clients. There is a
50 client limit by default.

- '-C <max connection per ip>': Limit the number of simultanous connections
coming from the same IP address. This is yet another very effective way to
prevent stupid denial of services and bandwidth starvation by a single user.
It works only when the server is launched in standalone mode (if you use a
super-server, it is supposed to do that) . If the server is launched with
'-C 2', it doesn't mean that the total number of connections is limited to 2.
But the same client, coming from the same machine (or at least the same IP),
can't have more than two simultaneous connections. This feature needs some
memory to track IP addresses, but it's recommended to use it.

- '-d': Send various debugging messages to the syslog. Don't use this
unless you really want to debug Pure-FTPd. Passwords aren't logged.
Duplicate '-d' to log responses, too.

- '-D': List files beginning with a dot ('.') even when the client doesn't
append the '-a' option to the list command. A workaround for badly
configured FTP clients. If you are a purist, don't enable this. If you
provide hosting services and if you have lousy customers, enable this.

- '-e': Only allow anonymous users. Use this on a public FTP site with no
remote FTP access to real accounts.

- '-E': Only allow authenticated users. Anonymous logins are prohibited.

- '-f <facility>': Use that facility for syslog logging. It defaults to
'ftp' (or 'local2' if you got an obsolete libc without that facility).
Logging can be disabled with '-f none' .

- '-F <fortune file>': Display a fortune cookie on login. The sentence is
a random extract from the text file <fortune file>. This text file should be
formatted like standard "fortune" files (fortunes are separated by a '%'
sign on a single line) . Pure-FTPd has to be compiled with support for
cookies (--with-cookie). If you just want a simple banner displayed before
the login prompt, add the name of any text file here.

- '-g <pid file>': Change the location of the pid file when the server is
run in standalone mode. The default is /var/run/pure-ftpd.pid .

- '-G': Disallow renaming.

- '-H': By default, fully-qualified host names are logged. To achieve this,
DNS lookups are mandatory. The '-H' flag avoids host names resolution.
("213.41.14.252" will be logged instead of "www.toolinux.com") . It can
significantly speed up connections and reduce bandwidth usage on busy
servers. Use it especially on public FTP sites. Also, please note that
without -H, host names are informative but shouldn't be trusted: no reverse
mapping check is done to save DNS queries.

- '-i': Disallow upload for anonymous users, whatever directory permissions
are. This option is especially useful for virtual hosting, to avoid your
users creating warez sites in their account.

- '-I <timeout>': Change the maximum idle time. The timeout is in minutes
and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts
by sending fake commands at regular interval. We disconnect these clients
when they are idle for twice (because they are active anyway) the normal
timeout.

- '-j': If the home directory of a user doesn't exist, automatically create
it. The newly created home directory belongs to the user and permissions are
set according to the current directory mask. Only the home directory can be
created (so /home/john/./public_html won't work, but /home/john will) . To
avoid local attacks, the parent directory should never belong to an untrusted
user. Also note that you must trust whoever manages the users databases,
because with that feature, he'll be able to create/chown directories anywhere
on the server's filesystem.

- '-J <ciphers>': Sets the list of ciphers that will be accepted for
SSL/TLS connections.
For example: -J HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
Prefixing the list with -S: totally disables SSLv3.

- '-k <percentage>': Don't allow uploads if the partition is more than
<percentage>% full. For instance, "-k 95" will ensure your disks will never
get filled more than 95% by FTP. No need for the "percent" sign after the
number.

- '-K': Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (--autorename) .

- '-l <authentication>' or '-l <authentication>:<config file>': Adds a new
rule to the authentication chain. Please read the "Authentication" section,
later in this README file. It's an important section.

- '-L <max files>:<max depth>': To avoid stupid denial-of-service attacks
(or just CPU hogs), Pure-FTPd never displays more than 10000 files in response
to an 'ls' command. Also, a recursive 'ls' (-R) never goes further than 5
subdirectories. You can increase/decrease those limits with the '-L' option.

- '-m <cpu load>': Don't allow anonymous download if the load is above <cpu
load> . A very efficient way to prevent overloading your server. Upload is
still allowed, though.

- '-M': Allow anonymous users to create directories.

- '-n <max files>:<max size>': If the server has been compiled with support
for virtual quotas, enforce these quota settings for all users (except
members of the 'trusted' group) . <max size> is in Megabytes. See the
"virtual quotas" section later in this document.

- '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
that doesn't support applicative FTP proxying, or if you use port
redirection without a transparent FTP proxy, use this. Well... the previous
sentence isn't very clear. Okay: if your network looks like this:
(FTP server)-------(NAT/masquerading gateway/router)------(Internet)
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can
connect without any problem, your NAT gateway rulez. If Netscape doesn't
display directory listings, your NAT gateway sucks. Use '-N' as a workaround.

- '-o': Write all uploaded files to '/var/run/pure-ftpd.upload.pipe' so
that the 'pure-uploadscript' program can run. Don't enable that option if
you don't actually use 'pure-uploadscript' otherwise pure-ftpd will hang
waiting for pure-uploadscript to start.

- '-O <format>:<log file>': Record all file transfers into a specific log
file, in an alternative format. Currently, four formats are supported: CLF
(Apache-like), Stats, W3C and xferlog.

If you add '-O clf:/var/log/pureftpd.log' to your starting options,
Pure-FTPd will log transfers in /var/log/pureftpd.log in a format similar to
the Apache web server in default configuration. 

If you use '-O stats:/var/log/pureftpd.log' to your starting options,
Pure-FTPd will create log files in a special format, designed for statistical
reports. The Stats format is compact, more efficient and more accurate that
CLF and the old broken "xferlog" format.

The Stats format is:
<date> <session id> <user> <ip> <U or D> <size> <duration> <file>

<date> is a GMT timestamp (time()) and <session id> identifies the current
session. <file> is unquoted, but it's always the last element of a log line.
"U" means "Upload" and "D" means "Download".

Warning: the session id is only designed for statistics purposes. While it's
always an unique string in the real world, it's theoretically possible to have
it non unique in very rare conditions. So don't rely on it for critical
missions.

A command called "pure-statsdecode" can be used to convert timestamps into
human-readable dates.

The W3C format is enabled with '-O w3c:/var/log/pureftpd.log' .

For security purposes, the path must be absolute (eg. /var/log/pureftpd.log
, not ../log/pureftpd.log) . If this log file is stored on a NFS volume, don't
forget to start the lock manager (often called "lockd" or "rpc.lockd").

- '-p <first port>:<last port>': Use only ports in the range <first port>
to <last port> inclusive for passive-mode downloads. This is especially
useful if the server is behind a firewall without FTP connection tracking.
Use high ports (40000-50000 for instance), where no regular server should be
listening.

- '-P <ip address or host name>': Force the specified IP address in reply to
a PASV/EPSV/SPSV command. If the server is behind a masquerading (NAT) box
that doesn't properly handle stateful FTP masquerading, put the ip address
of that box here. If you have a dynamic IP address, you can put the public
host name of your gateway, that will be resolved every time a new client will
connect.

- '-q <upload ratio>:<download ratio>': Enable ratios for anonymous users.

- '-Q <upload ratio>:<download ratio>': Enable ratios for everybody
(anonymous and non-anonymous). Members of the root (0, something called
'wheel') have no ratio.

- '-r': Never overwrite existing files. Uploading a file whose name
already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2,
xyz.3, etc.

Tip: if you compile with 'make AUTORENAME_REVERSE_ORDER=1' , the naming
convention will be reversed. Files will be called xyz, 1.xyz, 2.xyz, 3.xyz,
etc.

- '-R': Disallow users (even non-anonymous ones) usage of the CHMOD
command. On hosting services, it may prevent newbies from making mistakes,
like setting bad permissions on their home directory. Only root can use
CHMOD when -R is enabled.

- '-s': The "waReZ protection". Don't allow anonymous users to download
files owned by "ftp" (generally, files uploaded by other anonymous users) .
So that uploads have to be validated by a system administrator (chown to
another user) before being available for download.

- '-S [<ip address>,|<hostname>,] [<port>|<service name>]'. This option is
only effective when the server is launched as a standalone server.
Connections are accepted on the specified IP and port. IPv4 and IPv6 are
supported. Numeric and fully-qualified host names are accepted. A service
name (see /etc/services) can be used instead of a numeric port number.

- '-T <bandwidth>' and '-t <bandwidth>': Enable bandwidth limitation (see
below) . <bandwidth> is specified in kilobytes/seconds. To set up separate
upload/download bandwidth, the [<upload>]:[<download>] syntax is supported.

- '-u <uid>': Don't allow uids below <uid> to log in. '-u 1' denies access
to root (safe), '-u 100' denies access to virtual accounts on most Linux
distros.

- '-U <umask for files>:<umask for dirs>': Change the file creation mask.
The default is 133:022. If you want a new file uploaded by a user to only be
readable by that user, use '-U 177:077'. If you want uploaded files to be
executable, use 022:022 (files will be readable -but not writable- by other
users) or 077:077 (files will only be executable and readable by their
owner) . Please note that Pure-FTPd support the SITE CHMOD extension, so a
user can change the permissions of his own files.

- '-V <ip address>': Allow non-anonymous FTP access only on this specific
local IP address. All other IP addresses are only anonymous. With that
option, you can have routed IPs for public access and a local IP (like
10.x.x.x) for administration. You can also have a routable trusted IP
protected by firewall rules and only that IP can be used to login as a
non-anonymous user.

- '-v <name>': Set the service name for Apple's Bonjour. Only available on
MacOS X when Bonjour support is compiled in.

- '-w': Support the FXP protocol only for authenticated users. FXP works
with IPv4 and IPv6 addresses.

- '-W': Support the FXP protocol. FXP allows transfers between two remote
servers without any file data going to the client asking for the transfer.

However:

****************************************************************************

   *FXP IS AN INSECURE PROTOCOL* (third-party hosts can steal the current
connection) . In Pure-FTPd, specific precautions have been taken to reduce
FXP insertion attacks. But if your FTP server serves private data:
   NEVER ALLOW FXP ACCESS TO UNTRUSTED HOSTS. YOU CAN PLAY WITH IT ON AN
INTERNAL SERVER, BUT _DON'T_ GIVE FXP ACCESS TO ANONYMOUS INTERNET USERS.

****************************************************************************

        It's why FXP is disabled by default on Pure-FTPd unless you
explicitely enable it with '-W' or '-w'.

- '-x': In normal operation mode, authenticated users can read/write files
beginning with a dot ('.') . Anonymous users can't, for security reasons
(like changing banners or a forgotten .rhosts) . When '-x' is used,
authenticated users can download dot-files, but not overwrite/create them,
even if they own them. That way, you can prevent hosted users from messing
.qmail files. If you want to give user access to a special dot-file, create a
symbolic link to the dot-file with a file name that has no dot in it and the
client will be able to retrieve the file through that link.

- '-X': This flag is identical to the previous one (writing dot-files is
prohibited), but in addition, users can't even *read* files and directories
beginning with a dot (like "cd .ssh") .

****************************************************************************

When used in conjunction with "-a", members of the trusted group can bypass
'-x'/'-X' restrictions.

****************************************************************************

- '-y <max user logins>:<max anonymous logins>': This option only
works if the server has been compiled with --with-peruserlimits. It
restricts the number of concurrent sessions the same user can have.
  A null value ('0') means 'unlimited'.

Here's a concrete example:

/usr/local/sbin/pure-ftpd -y 3:20 -c 15 -C 5 -B

Here, we allow:
  * A max total of 15 sessions.
  * 5 connections max coming from the same IP address.
  * 3 connections max with the same user name.
  * 20 anonymous users max.
  
With such a setup, a single user can't easily fill all slots.  

- '-Y 0': Disable the SSL/TLS encryption layer (default).
  '-Y 1': Accept both standard and encrypted sessions.
  '-Y 2': Refuse connections that aren't using SSL/TLS security mechanisms,
including anonymous sessions. The server must have been compiled with
--with-tls and a valid certificate must be in place to get this feature.
See the README.TLS file for more info about SSL/TLS.
  '-Y 3': Cleartext sessions are refused and only SSL/TLS compatible 
clients are accepted. Clear data connections are also refused, so private 
data connections are enforced.

- '-z': Allow anonymous users to read files and directories starting with a
dot ('.') .

- '-Z': Try to protect customers against common mistakes to avoid your
technical support being busy with stupid issues. Right now, the '-Z' switch
prevents your users against making bad 'chmod' commands, that would deny
access to files/directories to themselves. The switch may turn on other
features in the future. If you are a hosting provider, turn this on.

If you prefer long options (GNU-style) over standard ones, the following
aliases are available. You can get this list at any time by typing
'pure-ftpd --help' .


--(switches sorted by ##standard switches## lexical order)--

-0  --notruncate
-1  --logpid                <file>
-4  --ipv4only
-6  --ipv6only
-8  --fscharset             <charset>
-9  --clientcharset         <charset>
-a  --trustedgid            <gid>
-A  --chrooteveryone    
-b  --brokenclientscompatibility    
-B  --daemonize 
-c  --maxclientsnumber      <number>
-C  --maxclientsperip       <number>
-d  --verboselog    
-D  --displaydotfiles   
-e  --anonymousonly 
-E  --noanonymous   
-f  --syslogfacility        <facility>
-F  --fortunesfile          <file>
-g  --pidfile               <path to pid file>
-G  --norename
-h  --help  
-H  --dontresolve   
-i  --anonymouscantupload
-I  --maxidletime           <time (min)>
-j  --createhomedir
-J  --tlsciphersuite        <ciphers>
-k  --maxdiskusagepct       <percentage>
-K  --keepallfiles
-l  --login                 <auth> or <auth>:<config file>
-L  --limitrecursion        <number:number>
-m  --maxload               <load>
-M  --anonymouscancreatedirs    
-N  --natmode
-o  --uploadscript
-O  --altlog                <format>:<log file>
-p  --passiveportrange      <minport:maxport>
-P  --forcepassiveip        <ip address>
-q  --anonymousratio        <upload ratio>:<download ratio>
-Q  --userratio             <upload ratio>:<download ratio>
-r  --autorename
-R  --nochmod
-s  --antiwarez 
-S  --bind                  <ip address,port>
-t  --anonymousbandwidth    <bandwidth (KB/s)>
-T  --userbandwidth         <bandwidth (KB/s)> or [<up bw>]:[<down bw>]
-u  --minuid                <uid>
-U  --umask                 <mask>
-v  --bonjour               <name>
-V  --trustedip             <ip address>
-w  --allowuserfxp  
-W  --allowanonymousfxp
-x  --prohibitdotfileswrite 
-X  --prohibitdotfilesread  
-y  --peruserlimits         <per user max>:<max anonymous sessions>
-Y  --tls                   <0:no TLS | 1:TLS+cleartext | 2:enforce TLS |
                             3: enforce encrypted data channel as well>
-z  --allowdotfiles
-Z  --customerproof



--(switches sorted by ##GNU-style long switches## lexical order)--

-W  --allowanonymousfxp
-z  --allowdotfiles
-w  --allowuserfxp  
-O  --altlog                <format>:<log file>
-t  --anonymousbandwidth    <bandwidth (KB/s)>
-M  --anonymouscancreatedirs    
-i  --anonymouscantupload
-e  --anonymousonly 
-q  --anonymousratio        <upload ratio>:<download ratio>
-s  --antiwarez 
-r  --autorename

-S  --bind                  <ip address,port>
-b  --brokenclientscompatibility    

-A  --chrooteveryone
-9  --clientcharset         <charset>
-j  --createhomedir
-Z  --customerproof

-B  --daemonize 
-D  --displaydotfiles   
-H  --dontresolve   

-Y  --tls                   <0:no TLS | 1:TLS+cleartext | 2:enforce TLS |
                             3:enforce encrypted data channel as well>

-P  --forcepassiveip        <ip address>
-F  --fortunesfile          <file>
-8  --fscharset             <charset>

-h  --help  

-4  --ipv4only
-6  --ipv6only

-K  --keepallfiles

-l  --login                 <auth> or <auth>:<config file>
-1  --logpid                <file>
-L  --limitrecursion        <number:number>

-c  --maxclientsnumber      <number>
-C  --maxclientsperip       <number>
-k  --maxdiskusagepct       <percentage>
-I  --maxidletime           <time (min)>
-m  --maxload               <load>
-u  --minuid                <uid>

-N  --natmode
-E  --noanonymous   
-R  --nochmod
-G  --norename
-0  --notruncate

-v  --bonjour               <name>

-p  --passiveportrange      <minport:maxport>
-y  --peruserlimits         <per user max>:<max anonymous sessions>
-g  --pidfile               <path to pid file>
-X  --prohibitdotfilesread  
-x  --prohibitdotfileswrite 

-f  --syslogfacility        <facility>

-J  --tlsciphersuite        <ciphers>
-a  --trustedgid            <gid>
-V  --trustedip             <ip address>

-U  --umask                 <mask>
-o  --uploadscript
-T  --userbandwidth         <bandwidth (KB/s)> or [<up bw>]:[<down bw>]
-Q  --userratio             <upload ratio>:<download ratio>

-d  --verboselog    


------------------------ SETTING UP AN ANONYMOUS FTP ------------------------
    
    
If a 'ftp' user exists and its home directory is reachable, Pure-FTPd will
accept anonymous login, as 'ftp' or 'anonymous'. Files have to be located in
the home FTP directory. There's no need for 'bin', 'lib', 'etc' and 'dev'
directories, nor any external program. Don't chown the public files to
'ftp', just writable directories ('incoming') .


    ------------------------ DISPLAYING BANNERS ------------------------
    

If a '.banner' file is located in the 'ftp' user home directory (or in the
root directory of a virtual server, see below), it will be printed when the
client logs in. Put a nice ASCII-art logo with your name in that file.

This file shouldn't be larger than 4000 bytes, or it won't be displayed.

In each directory, you may also have a '.message' file. Its content will be
printed when a client enters the directory. Such a file can contain important
information ("Don't download version 1.7, it's broken!") .


    ------------------------ DISPLAYING A COOKIE ------------------------


A funny random message can be displayed in the initial login banner. The
random cookies are extracted from a text file, in the standard "fortune"
format. If you installed the "fortune" package, you should have a directory
(usually /usr/share/fortune) with binary files (xxxx.dat) and text files
(without the .dat extension) . To use Pure-FTPd cookies, just add the name
of a text file to the '-F' option. For instance:

/usr/local/sbin/pure-ftpd -F /usr/share/fortune/zippy

If you want to have your own fortune files, just create a text file with the
following structure.

Hello... this is the first fortune...
%
Welcome to the real world.
%
Follow the white rabbit.
%
Have fun...
Well... lotsa fun!
%
Yop is good for you.

Goddit? Fortunes are delimited by a '%' sign on a single line. But a
fortune itself can be multi-line (see the fourth example) .

For security paranoia, the text file has to be readable by everybody (chmod
644 the file if necessary), or the server will ignore it.

Of course, the fortune file can contain a single message.


  ------------------------ PER-USER CHROOT() RULES ------------------------


Apart from the "-a" flag, Pure-FTPd has another way to fine-tune chroot()
rules. Let's take an /etc/passwd entry:

mimi:x:501:100:Mimi:/home/mimi:/bin/zsh

Without any special rule, mimi will be able to log in and to retrieve any
public-readable file in the filesystem. Now, let's change a bit of its home
directory:

mimi:x:501:100:Mimi:/home/mimi/./:/bin/zsh

So what? Mimi's home directory is still the same and common applications
shouldn't notice any difference. But Pure-FTPd understands "chroot() until
/./". So when mimi next carries out a FTP log in, only the /home/mimi
directory will be reachable, not the whole filesystem. If you don't like the
"-a" and its trusted gid thing, this is a good way to only chroot() some
users. Another trick is to add something after "/./":

mimi:x:501:100:Mimi:/home/mimi/./public_html:/bin/zsh

When Mimi will log in, two things will happen:
- chroot("/home/mimi") so that Mimi can't see anything but her home directory.
- chdir("public_html") so the session will start in the public_html
directory. "cd .." is still allowed, though.
That "url-style" handling is especially handy for FTP-only users (ie.
without shell access) .

If a user is chrooted with the /./ trick *and* belongs to the trusted group
(-a) he *will* be chrooted, but he will have no ratio and will be allowed to
access dot files.


         ------------------------ RATIOS ------------------------


If you want to force people to upload new files before being able to
download other files, ratios are for you. It's a very good way to get lotsa
fresh stuff on a public FTP server and a must for warez traders. I don't
like that kind of business, but well... Pure-FTPd has to be designed to
please everybody.

To enable ratios, just use the '-q' option, followed by the upload:download
ratio:

                                   -q 2:5
                                   
...means that an anonymous user has to upload at least 2 Mb of goodies to be
able to download 5 Mb.

If ratios should apply to everyone (anon and non-anon), use the '-Q' option
the same way.

Note: 'root' never has ratios. Neither have users of the trusted group when
'-Q' in used with the '-a' or '-A' option.


   ------------------------ BANDWIDTH THROTTLING ------------------------


Pure-FTPd has an interesting built-in feature: simple bandwidth throttling.

* You want to limit FTP throughput so that uploading and downloading files
through that protocol can't fill up your network bandwidth.

-> Compile Pure-FTPd with --with-throttling
-> Run it with the '-T' flag, followed by a number. That number is the
maximum bandwidth a user can use in a session, in kilobytes/seconds.

* You want to allow less bandwidth to your anonymous users than your
authenticated ones. So that during a bandwidth starvation, real users can
still upload/download properly.

-> Compile Pure-FTPd with --with-throttling
-> Run it with the '-t' flag, followed by a number.

Example:

/usr/local/sbin/pure-ftpd -t 64

And uploading/downloading files can't take more than 64 KB/sec whatever real
bandwidth you have.

* It is possible to have different bandwidth limits for uploads and for
downloads. '-t' and '-T' can indeed be followed by two numbers delimited by
a column (':') . The first number is the upload bandwidth and the next one
applies only to downloads. One of them can be left blank which means infinity.

Example 1: 256 KB/s for uploads, 64 KB/s for downloads

/usr/local/sbin/pure-ftpd -t 256:64

Example 2: 256 KB/s for uploads, no limit for downloads

/usr/local/sbin/pure-ftpd -t 256:

Example 3: no limit for uploads, 64 KB/s for downloads

/usr/local/sbin/pure-ftpd -t:64

With no column, the value applies to both, so '-t 64' is an alias for 
'-t 64:64' .

* When Pure-FTPd serves a session with restricted bandwidth, it decreases
its process priority to 10. So, '-t 0' makes sense: during a CPU
starvation, authenticated sessions may be more responsible than anonymous
ones. '-T 0' is quite useless, but it also works and it will always be nice to
the server process.

* If you need advanced bandwidth management, have a look at your kernel
Q.O.S. abilities.


      ------------------------ VIRTUAL SERVERS ------------------------


Using Virtual servers is a convenient way of hosting several FTP sites on the same
computer. Let's say, you got two customers. The former owns the 'cgx.org'
domain name, while the latter owns the 'example.com' domain name. Both are
hosted on the same computer, but they don't want to share the same files.
ftp://ftp.cgx.org/ should show different content than ftp://ftp.example.com/
.

The FTP protocol doesn't allow name-based selection. So, if you want to host
<N> different virtual FTP servers on the same host and keep the standard port,
you need <N> different IP addresses. Yes, Sir. Or use HTTP.

Assign the needed IP adresses to your network adapter (with "ifconfig eth0:x
..." or "ip addr add dev eth0 a.b.c.d").

Now, create a /etc/pure-ftpd directory if it doesn't exist:

mkdir /etc/pure-ftpd

To add a virtual FTP server, you only need to create a symbolic link in
/etc/pure-ftpd/ from the virtual host IP to the directory that contains the
file for that virtual host.

Example:

ln -s /home/customers/example.com/ftp /etc/pure-ftpd/216.226.17.77
ln -s /home/customers/cgx.org/ftp    /etc/pure-ftpd/212.73.209.252

Done! Put the CGX files in /home/customers/cgx.org/ftp/ and the Example
files in /home/customers/example.com/ftp/ .

With that feature, every account on the server can have its own public
anonymous FTP area. If you are providing hosting services, this is a nice
feature for your customers.

* WARNING *: it also means that your customers can create "incoming"
directories with 1777 permissions. It can be nice, but it can also fill up
your disk with warez. You can stop uploads for anonymous users with the
'-i' (or --anonymouscantupload) option.

By default, all IP addresses assigned to your server can be accessed by real
or anonymous users. You can restrict this with -e (only anonymous) or -E
(only real) .

A more flexible way is to use '-V <ip address>' to define a "trusted" IP
address. When a client connects to that trusted IP, anonymous and real
logins are permitted. But on all other IP, only anonymous users are permitted.

If you are a hosting service provider and if each customer has its own IP
address, it may be a nice idea to have a trusted IP you give to all your
customers, so that they can manage the files in their account. That IP is
the same for all customers. You can easily restrict access to that IP with
firewall rules if your customers have static IP addresses.
Use '-V <trusted ip>' and link /etc/pure-ftpd/<customer ip> to
~customer/ftp . Every customer will have his own *anonymous only* FTP
server and hackers will have to find the trusted IP to get in.


       ------------------------ IPv6 SUPPORT ------------------------


Pure-FTPd has full IPv6 support (native IPv6 addresses and 4-in-6
addresses). But use a super-server that also understands the IPv6 protocol,
like Rlinetd or Xinetd. Recent versions of Inetd should also be ok
(unverified). IPv6 is supported everywhere: logging, configuration
switches, virtual hosts, protocol (EPSV/EPRT support), name resolution...


             --------------------- LOGGING ---------------------


Log messages are sent to the syslog daemon. You can disable logging with
'-f none'.
If you want all FTP messages to be redirected to a file, say /var/log/ftp,
add this line to your /etc/syslog.conf file:

ftp.*   /var/log/ftp

Then restart your syslogd daemon:

killall -HUP syslogd

You can also drop your old "syslogd" and "klogd" programs for Metalog, an
efficient alternative: http://metalog.sourceforge.net/

Names of uploaded/downloaded files are logged with paths like this:

                           /home/ftp//pub/bla.jpg
                           
The double-slash ('//') is the chroot limit.


    --------------------- WATCHING CURRENT SESSIONS ---------------------


Since 0.97.7, you can type 'pure-ftpwho' at any time to watch current active
sessions.

If typing 'pure-ftpwho' answers 'Command not found', you have to add
/usr/local/sbin in your PATH environment variable.

The default output looks like this:

+------+---------+-------+------+-------------------------------------------+
| PID  |  Login  |For/Spd| What |                 File/IP                   |
+------+---------+-------+------+-------------------------------------------+
| 2239 | jedi    | 00:17 |  D/L | XFree86-clients-4.0.3.tar.gz              |
|  ''  |    ''   |  41K/s|  33% | ->                     nestea.funboard.de |
+------+---------+-------+------+-------------------------------------------+
| 2385 | ftp     | 00:02 | IDLE |                                           |
|  ''  |    ''   |       |      | ->                     gw2.crn.kjop.co.uk |
+------+---------+-------+------+-------------------------------------------+

'D/L' means that the client is downloading and 'U/L' means he's uploading
some file whose name is shown in the next column. '33%' is the real-time
completion of the current operation. '41K/s' is the bandwidth used by the
client. You can track down who's starving your bandwidth with this.

The 'pureftp-who' command accepts interesting options:

'-c': the program is called via a web server (CGI interface) . Output is a
full HTML page with the initial content-type header. This option is
automatically enabled if an environment variable called GATEWAY_INTERFACE is
found. This is the default if you can access the program from a CGI-enabled web
server (Apache, Roxen, Caudium, WN, ...) .

'-h': show command-line options summary.

'-n': don't resolve host names and only show IP addresses (faster).

'-s': output an easily parsable format for shell scripts (but not very user
friendly) . 
There's only one line per client, with only numeric data, delimited by a '|'
character. It's not very human-readable, but it's designed for easy parsing by
shell scripts (cut/sed) . '|' characters in user names or file names are
quoted ('|' becomes '\|') .

Type 'pure-ftpwho -h' to check the format. 

'-w': output a complete HTML page (web mode).

'-W': output an HTML page with no header and no footer. This is an embedded
mode, suitable for inline calls from CGI, SSI or PHP scripts.

'-x': output well-formed XML data for post-processing. This is the most
acurate mode. Time is in seconds and file sizes are in bytes (in other
output formats, sizes are in kbytes for easier readability) .

'-v': verbose output in text mode. Additional info includes the size of
files being downloaded/uploaded, the local IP or local host name and the
connection port. This is especially useful for virtual hosts. Here's a
sample output of 'pure-ftpwho -v':

+------+---------+-------+------+-------------------------------------------+
| PID  |  Login  |For/Spd| What |     File/Remote IP/Size(Kb)/Local IP      |
+------+---------+-------+------+-------------------------------------------+
| 9086 | j       | 00:04 |  DL  | linux-2.4.4.tar.bz2                       |
|  ''  |    ''   |  22K/s|  27% | ->                              localhost |
|  ''  |    ''   |       |      | Total size:    20859 Transfered:     5632 |
|  ''  |    ''   |       |      | <-                        localhost:21    |
+------+---------+-------+------+-------------------------------------------+


      ------------------------ AFTER AN UPLOAD ------------------------


After an upload, any external program or shell script can be spawned with the
name of the newly uploaded file as an argument. You can use that feature to
automatically send a mail when a new file arrives. Or you can pass it to a
moderation system, an anti-virus, a MD5 signature generator or whatever you
decide can be done with a file.

To support this, the server has to be configured --with-uploadscript at
compilation time. Upload scripts won't be spawned on unreadable directories.
So it's highly recommended to use upload scripts with the --customerproof
run-time option and without unreadable parent directories.
To tell the FTP server to use upload scripts, it has to be launched with the
'-o' option. Finally, you have to run another daemon called 'pure-uploadscript'
provided by this package.

IMPORTANT:

YOU MUST START PURE-FTPD _FIRST_ and _THEN_ START PURE-UPLOADSCRIPT.
THE REVERSE ORDER WON'T WORK.

For security purposes, the server never launches any external program. It's
why there is a separate daemon, that reads new uploads pushed into a named
pipe by the server. Uploads are processed synchronously and sequencially.
It's why on loaded or untrusted servers, it might be a bad idea to use
pure-uploadscript with lenghty or cpu-intensive scripts.

The easiest way to run pure-uploadscript is 'pure-uploadscript -r <script>':

/usr/local/sbin/pure-uploadscript -r /bin/antivirus.sh

The absolute path of the newly uploaded file is passed as a first argument.
Some environment variables are also filled with interesting values:

- UPLOAD_SIZE  : the size of the file, in bytes.
- UPLOAD_PERMS : the permissions, as an octal value.
- UPLOAD_UID   : the uid of the owner.
- UPLOAD_GID   : the group the file belongs to.
- UPLOAD_USER  : the name of the owner.
- UPLOAD_GROUP : the group name the file belongs to.
- UPLOAD_VUSER : the full user name, or the virtual user name. (127 chars max)

There are also some options to "pure-uploadscript":

- '-u <uid>' and '-g <gid>' to switch the account pure-uploadscript will run
as. The script will be spawned with the same identity.

- '-B' to fork in background.

Please have a look at the man page ('man pure-uploadscript') for additional
info.


    ------------------------ LISTING DIRECTORIES ------------------------


The built-in 'ls' supports all common options of a regular 'ls' command.
Here are the ones you should know for a better life with FTP:

- '-l': verbose listing, reporting dates, owners, perms and sizes.
- '-a': also lists files and directories beginning with a dot.
- '-F': adds a '/' after directory names.
- '-d': list the directory itself, not its content.
- '-R': recursive listing.
- '-S': sort by size.
- '-t': sort by date.
- '-r': reverse the sorting order.

If you aren't very familiar with Unix, log in to your FTP server and try
these variants:

ls
ls -F
ls -l
ls -la
ls -lR
ls -Sl
ls -Slr
ls -tl
ls -tlr

Globbing is also supported. So if you are looking for a GNOME RPM in
<I don't know the directory name>/gnome-xxxxxxxx.rpm , you can find it that
way:

ls */gnome*.rpm


      ------------------------ VIRTUAL QUOTAS ------------------------


With virtual quotas, you can restrict the maximum number of files and the
total size of a user directory.

These quotas are "virtual" because they aren't handled at kernel-level, but
by the FTP server itself. There are some advantages over kernel quotas:

- Virtual quotas are specific to the FTP server. You can have different
system quotas to handle other files (eg. mail) on the same partition.

- You can have different virtual quotas for every user, even if they share
the same system uid.

- Virtual quotas are working even on filesystems that don't support system
quotas.

However, virtual quotas are slower and can't be as reliable as kernel quotas,
so don't trust them ultimately, they are probably races allowing to bypass
them. Also the filesystem users directories are on must properly support file
locking.

Virtual quotas are implemented in Pure-FTPd as simple files called
".ftpquota", located in the home directory of chrooted users. This file only
contains two numbers: the current number of files for this user and the
total size of the directory (+ its subdirectories), in bytes. When a new
file is uploaded, these numbers grow. When a file is deleted, these numbers
get smaller. Simple. Of course, when virtual quotas are enabled for one
user, that user must be 1) chrooted, 2) not allowed to write quota files, 3)
not allowed to forbid access to some directories to fool the counter.

Quotas can be enabled for all users for the -n (--quotas) option. This
option is followed by the max number of files and the max size (in Megabytes)
. Every user will have the same quota. Exception: members of the trusted
group, if -a is enabled.

You can also have different quotas for every user if you use PureDB or SQL
databases. See the "README.Virtual-Users" file for more info about PureDB
databases.

So, if you want 1000 files max and 10 Mb max for all your customers, run
the server like this:

/usr/local/sbin/pure-ftpd -n 1000:10

".ftpquota" files are created on demand when they are missing. However, when
they are created, the server assumes that the account was empty. If this is
not the case, you must run the "pure-quotacheck" utility to create an
initial ".ftpquota" file.

"pure-quotacheck" is a tool that computes the size and the number of files
in a directory and create a ".ftpquota" file with this info.

The syntax is:

pure-quotacheck -u username/uid -d home directory [-g group/gid]

For instance, if you want to summarize usage for the /home/ftpusers/john
directory, whose files are owned by the "ftpusers" system account, just run:

pure-quotacheck -u ftpusers -d /home/ftpusers/john

You can run pure-quotacheck whenever you want, even when ".ftpquota" files
are already there. This is even a good idea to run this for all users in
crontab, so that stored quotas are always exact, even if something went wrong
(server bug, filesystem corruption, savagely killed server, etc) .


      ------------------------ AUTHENTICATION ------------------------


Pure-FTPd supports multiple methods of authentication. To use a method, you
must have it compiled in (check the ./configure options) .

- To use Unix authentication (the traditional /etc/passwd file), add the
following option when you run the server:

                                   -l unix


- To use PAM authentication, add this:

                                   -l pam
                                   
                                   
- To use PureDB (virtual users), add this:

                     -l puredb:/path/to/puredb_database

(read README.Virtual-Users for more info about PureDB indexed files)


- To use LDAP directories, add this:

                      -l ldap:/path/to/ldap_config_file

(read README.LDAP for more info about LDAP directories)


- To use MySQL databases, add this:

                     -l mysql:/path/to/mysql_config_file

(read README.MySQL for more info about MySQL databases)

- To use Postgres databases, add this:

                     -l pgsql:/path/to/postgres_config_file

(read README.PGSQL for more info about Postgres databases)

- To use external authentication handlers (with pure-authd), use:

                     -l extauth:/path/to/authd/socket

(read README.Authentication-Modules for more info about external
authentication)


Multiple authentication methods can be chained. For instance, you can run the
server like this:

/usr/local/sbin/pure-ftpd -lldap:/etc/pureftpd-ldap.conf      \
                          -lpuredb:/etc/pureftpd.pdb -lunix

Every method is tried in order. With the previous command line, an LDAP
directory is probed first. If a user isn't found in the directory, a
PureDB database is scanned for the same user name. If that user is still not
found, /etc/passwd is scanned.

If the user is found in the LDAP directory, but the given password is wrong,
further authentication methods are skipped.

If you don't specify any -l option, PAM is assumed by default if the server
is compiled with PAM support and Unix is assumed by default otherwise.


     ------------------------ DIRECTORY ALIASES ------------------------


Directory aliases provides "shortcuts" for the "cd" command. For instance,
if you define an alias called "pictures" for "/usr/misc/pictures", when an
user will type "cd pictures" and if no real "pictures" directory exists, he
will be automatically redirected to "/usr/misc/pictures". Unlike symbolic
links, "cd pictures" will work from any directory. Tildes are *not* expanded.

a user can get the list of available aliases with the following command:

SITE ALIAS

To support that feature, the server must be compiled with --with-diraliases
passed to ./configure .

To define alias/directory pairs, you must create a file called
/etc/pureftpd-dir-aliases, whose format is:

Alternating lines of alias and dir
(this enables embeded whitespace in dir and alias without quoting rules)
Optional blank lines
Optional lines beginning with '#' as comments
(no you can't put a '#' just anywhere)

Example:

pictures
/usr/misc/pictures

sources
/usr/src

# This is for the OpenBSD port tree
pureftpd-port
/usr/ports/net/pure-ftpd


    ------------------------ PRIVILEGE SEPARATION ------------------------


When privilege separation is enabled, each session will spawn two processes :
a "privileged" process running as root, but that can only do very basic
and trusted actions (binding a port and remove the ftpwho scoreboard) and
the "client" process. The "client" process definitely revokes all privileges
after authentication and chroot() and punctually communicates with the
parent over a private channel.

Privilege separation decreases performance of loaded servers, but it
increases security and reliability. Enabling it is recommended.

Some old broken operating systems may allow the ptrace() system call on
processes that revoked privileges. On these platforms, enabling privilege
separation is a bad idea if untrusted users also have shell access. Use the
src/ptracetest program to check this. At least Solaris, ISOS, MirBSD,
OpenBSD, DragonflyBSD, FreeBSD and Linux are known to be safe.


    ------------------------ CHARSETS (RFC2640) ------------------------
        

Since version 1.0.21, pure-ftpd has *experimental* support for charsets
conversion. The server filesystem can use a different charset than the
charset assumed by clients, and pure-ftpd translates file names through the
iconv library.

Some modern clients like lftp will also try to use UTF-8 if the server
supports it.

Thus, charsets conversion can be very useful when dealing with file names
containing non-english characters.

In order to support this, pure-ftpd has to be compiled with:

./configure ... --with-rfc2640

This is not supported by default because it requires libiconv.

Then the server has to be started with --fscharset=<charset>. Replace
<charset> with the charset of the server's filesystem. For instance:

/usr/local/sbin/pure-ftpd --fscharset=ISO-8859-15

This is often enough to properly work with UTF-8 capable clients.

But optionnally, you can specify the default charset for clients, with
--clientcharset:

/usr/local/sbin/pure-ftpd --fscharset=iso-8859-15 --clientcharset=big5


 ------------------------ OPTIMIZING FOR HIGH LOAD ------------------------


If you are going to use Pure-FTPd on a highly loaded server, here are some
hints to get the best performances:

- Compile with:

env CFLAGS="-O2 -fomit-frame-pointer -fgcse -Os" ./configure --with-minimal --without-inetd --without-pam
make install-strip

- Run it in standalone mode. Don't use -C, don't enable pure-ftpwho nor
pure-uploadscript (-o), nor per-user limits (-y) .

- Increase your system max descriptors number and local port range. On a
Linux kernel, you can try:

echo 2000 > /proc/sys/fs/super-max
echo 60000 > /proc/sys/fs/file-max
ulimit -n 60000
echo 30000 65534 > /proc/sys/net/ipv4/ip_local_port_range

- On a Linux kernel, disable syncookies, ecn, timestamps and window scaling:

echo 0 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/tcp_ecn
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

- Disable access time update on your mounted filesystems. On a Linux system,
just add 'noatime,nodiratime' for each mount point in your /etc/fstab file.

- Disable syslog output and DNS lookups. Run it with:

/usr/local/sbin/pure-ftpd -f none -H


For FreeBSD, DJ_Oggy recommends the following setting:

>>> QUOTE:

Drop into single user mode (do a shutdown now or boot -s) and enter

tunefs -n enable <filesystem>

i sugest / /usr /var

In /etc/fstab add ",noatime" to the options of all filesystems.

In /boot/loader.conf add the following:

hw.ata.wc="1"
kern.ipc.nmbclusters="60000"

In /etc/sysctl.conf add the following:

vfs.vmiodirenable=1
kern.ipc.maxsockbuf=2097152
kern.ipc.somaxconn=8192
kern.ipc.maxsockets=16424
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535

give it two asprin, a reboot and call me in the morning!!!!! 

<<< END OF QUOTE

2012年8月27日 星期一

Linux 各種壓縮與解壓縮指令

壓縮是c解壓縮是x

tar => tar xvf 

tar.bz, tar.bz2 => tar jxvf

tar.gz, tar.tgz => tar zxvf

tar.Z =>tar Zxvf

 

.tar

  • 套件:tar
  • 打包:tar cvf FileName.tar DirName
  • 解包: tar xvf FileName.tar

.gz

  • 套件:gzip
  • 壓縮:gzip FileName
  • 解壓1:gunzip FileName.gz
  • 解壓2:gzip -d FileName.gz

.tar.gz

  • 套件:gzip
  • 壓縮:tar zcvf FileName.tar.gz DirName
  • 解壓:tar zxvf FileName.tar.gz

.bz2

  •  套件:bzip2
  • 壓縮: bzip2 -z FileName
  • 解壓1:bzip2 -d FileName.bz2
  • 解壓2:bunzip2 FileName.bz2

.tar.bz2

  • 套件:bzip2
  • 壓縮:tar jcvf FileName.tar.bz2 DirName
  • 解壓:tar jxvf FileName.tar.bz2

bz

  • 壓縮:unkown
  • 解壓1:bzip2 -d FileName.bz
  • 解壓2:bunzip2 FileName.bz

.tar.bz

  • 壓縮:unkown
  • 解壓:tar jxvf FileName.tar.bz

.Z

  • 壓縮:compress FileName
  • 解壓:uncompress FileName.Z

.tar.Z

  • 壓縮:tar Zcvf FileName.tar.Z DirName
  • 解壓:tar Zxvf FileName.tar.Z

.tgz

  • 壓縮:unkown
  • 解壓:tar zxvf FileName.tgz

.tar.tgz

  • 壓縮:tar zcvf FileName.tar.tgz FileName
  • 解壓:tar zxvf FileName.tar.tgz

.zip

  • 套件:zip
  • 壓縮:zip FileName.zip DirName
  • 解壓:unzip FileName.zip

.rar

  • 套件:rar, unrar
  • 壓縮:rar a FileName.rar DirName
  • 解壓1:rar e FileName.rar
  • 解壓2:unrar e FileName.rar

.lha

  • 套件:lha
  • 壓縮:lha -a FileName.lha FileName
  • 解壓:lha -e FileName.lha

.7z

  • 套件:p7zip-full
  • 壓縮:7zr a FileName
  • 解壓:7zr x FileName.7z

~/.bashrc

# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# User specific aliases and functions
PATH="/bin:/sbin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
PATH="$PATH":/usr/X11R6/bin
export PATH
export LANG=zh_TW.UTF-8
#export LANGUAGE=zh_TW:zh
umask 022

alias   rm='rm -i'
alias   cp='cp -i'
alias   mv='mv -i'
alias   ll='ls -al'
alias   lm='ls -al|more'
alias   h='history'



export GTK_IM_MODULE=gcin
export QT_IM_MODULE=gcin 


中文輸入法記得切換成Alt+Space
echo 2 > ~/.gcin/config/gcin-im-toggle-keys

GRUB.CFG(/boot/grub/)

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  load_env
fi
set default="0"
if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  insmod vbe
  insmod vga
  insmod video_bochs
  insmod video_cirrus
}

insmod part_msdos
insmod ext2
set root='(hd0,msdos5)'
search --no-floppy --fs-uuid --set 67b06e67-9acf-40d8-93df-dd16f82ee101
if loadfont /usr/share/grub/unicode.pf2 ; then
  set gfxmode=640x480
  load_video
  insmod gfxterm
fi
terminal_output gfxterm
insmod part_msdos
insmod ext2
set root='(hd0,msdos5)'
search --no-floppy --fs-uuid --set 67b06e67-9acf-40d8-93df-dd16f82ee101
set locale_dir=($root)/boot/grub/locale
set lang=zh
insmod gettext
set timeout=5
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-686' --class debian --class gnu-linux --class gnu --class os {
    insmod part_msdos
    insmod ext2
    set root='(hd0,msdos5)'
    search --no-floppy --fs-uuid --set 67b06e67-9acf-40d8-93df-dd16f82ee101
    echo    'Loading Linux 2.6.32-5-686 ...'
    linux    /boot/vmlinuz-2.6.32-5-686 root=UUID=67b06e67-9acf-40d8-93df-dd16f82ee101 ro  quiet
    echo    'Loading initial ramdisk ...'
    initrd    /boot/initrd.img-2.6.32-5-686
}
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-686 (recovery mode)' --class debian --class gnu-linux --class gnu --class os {
    insmod part_msdos
    insmod ext2
    set root='(hd0,msdos5)'
    search --no-floppy --fs-uuid --set 67b06e67-9acf-40d8-93df-dd16f82ee101
    echo    'Loading Linux 2.6.32-5-686 ...'
    linux    /boot/vmlinuz-2.6.32-5-686 root=UUID=67b06e67-9acf-40d8-93df-dd16f82ee101 ro single
    echo    'Loading initial ramdisk ...'
    initrd    /boot/initrd.img-2.6.32-5-686
}
### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_otheros ###

# This entry automatically added by the Debian installer for a non-linux OS
# on /dev/sda1
menuentry "Windows Vista (loader)" {
    set root=(hd0,msdos1)
    search --no-floppy --fs-uuid --set 3c9086bd90867ce0
    chainloader +1
}
### END /etc/grub.d/30_otheros ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

2012年8月26日 星期日

網樂通

網樂通是PDK7105的架構
在 Linux環境裡面套件管理分兩大陣營
分別是Debian的dpkg/apt-get與RedHat的rpm/yum 
而很多無線AP裡面跟JB過的iPhone是Debian的dpkg/apt-get
網樂通裡面跑的STLinux屬於RedHat的rpm/yum 
 
Kernel:
2.6.23.17_stm23_A18B 
or
2.6.23.17_stm23_A18B-PDK7105-32BITS-A18B
Modules:
rt3070sta

進入root的方法:
拔掉插頭,插上usb碟,按住reset插上電源燈閃3下開機之後更新韌體失敗就會進入root
但是要先確定ip位置才能用telnet連接 
 
 
/dev/sda1 這個是 recovery 的分割區(按住 reset 插上電源燈閃3下開機就會進來這區) 
 
/dev/sda2 這個是系統正常開機在用的分割區(開機會去執行etc/init.d/rc 和 rcS rcSBB)
 
 /dev/sda3 用來放系統更新檔及備份的分割區
掛在/mnt/usb上記得在根目錄(/dev/sda3)放TARGET.ENC和GB620.SVF可升級韌體 
 
/dev/sda4 似乎是拿來放 p2p 暫存檔用的
 
/dev/sdb1 USB隨身碟的位置 可用 mount /dev/sdb1 /tmp/usb 掛載
用dd if=/dev/sda1 of=/tmp/usb/sda1_backup.img備份


正常開機會掛 rootfs on / type rootfs(rw)和 /dev/root  on ./ type ext3 (rw,data=jounal)
其實就是把/dev/sda2掛在 / 上
掛好之後開機會去執行/etc/init.d/rc
rc會去找 /etc/rc.d/rc3.d/S* 開頭所有檔案
所以建立一個S90neo並更名S90fdtv成@S90fdtv即可
注意給755權限才會執行 
echo "/sbin/udhcpc&" >> S90neo 
echo "/bin/busybox telnetd -l /bin/sh" >> S90neo 
若不要自動登入root就用(要記得先用passwd設好root密碼)
echo "/bin/busybox telnetd -l /bin/login" >> S90neo 
就能開啟telnetd 
PS:
若要自訂IP則
/sbin/udhcpc& 換成
 
/bin/busybox ifconfig eth0 192.168.1.100 netmask 255.255.255.0
/bin/busybox route add default gw 192.168.1.1
 
網路安裝STLinux 2.3 on debian 
sudo apt-get install bash (通常已有) 
sudo dpkg-reconfigure dash (進入選'否'/bin/sh就會換成bash,debian預設是dash)
sudo apt-get install rpm
wget http://www.stlinux.com/sites/default/files/stlinux23-host-STLinux_deps-0.1-5.i386.rpm  
sudo rpm -ivh --force-debian stlinux23-host-STLinux_deps-0.1-5.i386.rpm
wget ftp://ftp.stlinux.com/pub/stlinux/2.3/install
install檔案屬性設定成777
sudo ./install --debian all-sh4-glibc
會下載 664個套件802 MB大小的檔案 
跑完後切到 /opt/STM/STLinux-2.3/host/bin目錄  
sudo ./stmyum update 
將現有的套件再做更新
設定PATH路徑
~/.bashrc 檔案的PATH變數中加/opt/STM/STLinux-2.3/devkit/sh4/bin  
試試sh4-linux-gcc有沒有反應
有的話就成功了  
 
離線安裝STLinux 2.3 on ubuntu 
下載ftp://ftp.stlinux.com/pub/stlinux/2.3/iso/STLinux-2.3-sh4-03-11-07.iso 
sudo dpkg-reconfigure dash 選no 
sudo apt-get install rpm yum
sudo apt-get install python-urlgrabber python-rpm python-sqlitecachec
 
wget http://www.stlinux.com/sites/default/files/stlinux23-host-STLinux_deps-0.1-5.i386.rpm
sudo rpm -ivh stlinux23-host-STLinux_deps-0.1-5.i386.rpm
sudo ./install all-sh4-glibc    
 
跑完後切到 /opt/STM/STLinux-2.3/host/bin目錄 
sudo ./stmyum update 將現有的套件再做更新 
設定PATH路徑~/.bashrc 檔案的PATH變數中加/opt/STM/STLinux-2.3/devkit/sh4/bin
PATH="$PATH":/opt/STM/STLinux-2.3/devkit/sh4/bin 
export PATH 
試試sh4-linux-gcc有沒有反應
 
------------------------------------------------------
         Tool          | Native Name | STLinux       |  
------------------------------------------------------ 
GNU C Compiler         | gcc         | sh4-linux-gcc |
------------------------------------------------------
GNU C++ Compiler       | g++         | sh4-linux-g++ |
------------------------------------------------------ 
GNU C++ Pre-processor  | cpp         | sh4-linux-cpp | 
------------------------------------------------------ 
GNU Linker             | ld          | sh4-linux-ld  |
------------------------------------------------------ 
GNU Assembler          | as          | sh4-linux-as  | 
------------------------------------------------------ 
GNU Librarian          | ar          | sh4-linux-ar  |
------------------------------------------------------ 
 
 
以編譯pureftpd為例
下載source code
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz
tar -zxvf pure-ftpd-1.0.36.tar.gz
 
對於一個有 configure 文件的軟件來說, 生成Makefile很簡單,只需要指定 --host CC=""  CXX="" 即可。
具體為:
./configure --host=neo-stlinux23-sh4 CC="sh4-linux-gcc" CXX="sh4-linux-g++"
下來 make 就可以了。
 
./configure --prefix=/usr/local/pureftpd CC=sh4-linux-gcc --host=neo-linux-gcc --with-everything --with-rfc2640 


注意make會用到ar檔
所以增加link
ln -s /opt/STM/STLinux-2.3/devkit/sh4-linux-ar /usr/local/bin/ar

make
make install

--prefix指的是編譯完目的目錄,etc/pureftpd.passwd和etc/pureftpd.pdb都會在底下
CC為交叉編譯的編譯器
--host給一個ID
--with-everything指所有都要安裝
--with-rfc2640支援中文


完成後會有bin,sbin,share都copy到機子上

其中bin/pure-pw可增加帳號
bin/pure-pw useradd -u ftp -d /var/ftp
注意目錄/usr/local/pureftpd/etc/要存在因為pureftpd.passwd會建立
/usr/local/pureftpd/etc/pureftpd.passwd
完成後bin/pure-pw mkdb會建立pureftpd.pdb
/usr/local/pureftpd/etc/pureftpd.pdb

啟動程序
pure-ftpd -E -B -l puredb:/usr/local/pureftpd/etc/pureftpd.pdb

其中-E是禁止匿名登入-B是背景執行-l puredb:讀pdb帳號
/root/pureftpd/sbin/pure-ftpd -E -B -l puredb:/usr/local/pureftpd/etc/pureftpd.pdb 
 
 
以編譯HelloWorld為例
(sudo mount //位置/目錄 /mnt/samba -o username=使用者,password=密碼,uid=使用者,gid=群組,rw
)
(用samba方式較快) 
HelloWorld.c

#include<stdio.h>
#include<stdlib.h>
int main(void){
    puts("Hello world");
    return EXIT_SUCCESS; 
}
 
用以下指令編譯 
sh4-linux-gcc -Wall -fmessage-length=0 -O0 -g3 -MMD -MP -MF"hello.d" -MT"hello.d" hello.c  -o hello
到網樂通內執行hello

其中include部分:
/opt/STM/STLinux-2.3/devkit/sh4/lib/gcc/sh4-linux/4.2.4/include
/opt/STM/STLinux-2.3/devkit/sh4/sh4-linux/include
/opt/STM/STLinux-2.3/devkit/sh4/target/usr/include

Makefile部分
//-----------------------------------------------------------
BIN_NAME :=hello

C_SRCS :=./hello.c

OBJS :=hello.o

C_DEPS :=hello.d

OUTPUT :=./bin

TMP :=./tmp

USER_OBJS :=$(TMP)/$(OBJS)

LIBS :=

RM = rm -rf
MKDIR = mkdir -p

all: $(BIN_NAME)

$(TMP):
 $(MKDIR) $(TMP)
$(OUTPUT):
 $(MKDIR) $(OUTPUT)

$(TMP)/$(OBJS): $(TMP) $(C_SRCS)
 sh4-linux-gcc -Wall -c -fmessage-length=0 -O0 -g3 -MMD -MP -MF"$(TMP)/$(C_DEPS)" -MT"$(TMP)/$(C_DEPS)" $(C_SRCS) -o $(TMP)/$(OBJS)

$(BIN_NAME): $(OUTPUT) $(TMP)/$(OBJS) $(USER_OBJS)
 sh4-linux-gcc -o $(OUTPUT)/$(BIN_NAME) $(USER_OBJS) $(LIBS)
 
clean: 
 -$(RM) $(TMP)/$(OBJS) $(TMP)/$(C_DEPS) $(OUTPUT)/$(BIN_NAME) 
//-----------------------------------------------------------
 
 較常見的做法:

//-----------------------------------------------------------
CROSSPATH=/opt/STM/STLinux-2.3/devkit/sh4
SHPREFIX=sh4-linux-
CC = ${SHPREFIX}gcc  
CXX = ${SHPREFIX}g++
CFLAGS = -Wall -c -pipe -D_FILE_OFFSET_BITS=64 -D_DEBUG -DDEBUG -fmessage-length=0 -O0 -g3 -MMD -MP -MF"temp.d" -MT"temp.d"
LIBPATH=/opt/STM/STLinux-2.3/devkit/sh4/target/usr/lib
LDFLAGS = -ldl ${LIBPATH}/libpthread.a ${LIBPATH}/libc.a 
MODULE_INC = -I$(CROSSPATH)/target/usr/include 
MODULE_LIB = -L${CROSSPATH}/target/usr/lib
CFLAGS  += $(MODULE_INC)
LDFLAGS += $(MODULE_LIB) 

LIBOBJS = hello.o
TARGET = hello
all: $(TARGET)  
$(TARGET): $(LIBOBJS)
 $(CC) -o $@ $^ $(LDFLAGS)
 rm -fr *.o
 rm -fr temp.d
clean:   
 rm -f *.o
 rm -f $(TARGET)
rebuild:
 make clean
 make all
# make rule  
%.o : %.c  
 $(CC) $(CFLAGS) -c $^ -o $@  
%.o : %.cpp  
 $(CXX) $(CFLAGS) -c $^ -o $@   
//----------------------------------------------------------- 
編譯QT 4.6.0 範例 
1:先安裝qt-everywhere-opensource-src-4.6.0.tar.gz
簡單範例qt.cpp
#include <QtGui/QPushButton>
#include <QtGui/QWidget>
#include <QtGui/QLabel>
#include <QtCore/QTextCodec>

 int main(int argc, char *argv[])
 {
     //QTextCodec::setCodecForCStrings(QTextCodec::codecForName("utf8"));   
     QTextCodec::setCodecForCStrings(QTextCodec::codecForName("Big5-ETen"));
     QApplication app(argc, argv);
  
     QWidget window;
     window.setGeometry(300,100,700,500);
     QLabel label(&window);
     label.setFont(QFont("Times", 60, QFont::Bold));
     label.setText("<center><h1>這是標籤</h1></center>");
     label.setGeometry(0,0,500, 150);
     label.show();
  
     QPushButton quit("這是按鈕", &window);
     quit.setFont(QFont("Times", 40, QFont::Bold));
     quit.setGeometry(100, 200, 200, 100);
     QObject::connect(&quit, SIGNAL(clicked()), &app, SLOT(quit()));

     window.show();
     return app.exec();
 }
 
編譯
sh4-linux-g++ qt.cpp -o qt_sample -I../qt46/usr/include  -lQtGui -lQtCore -lQtNetwork -L.
記得目錄下要有libQtCore.so, libQtGui.so, libQtNetwork.so
之後在開發板執行
qt_sample -qws  
 
//------------------------------------------------------------------------------
編譯DirectFB範例1

/opt/STM/STLinux-2.3/devkit/sh4/bin/sh4-linux-gcc db.c -I../directfb10/include  -ldirectfb -L.
記得放libdirectfb.so在目錄
 
#include <directfb.h>
static IDirectFB *dfb = NULL;
//primary為dfb主要Surface
static IDirectFBSurface *primary = NULL;
int main(int argc, char **argv)
{
   //定義表面描述dsc
   DFBSurfaceDescription dsc;
   //定義圖片資訊提供容器provider
   IDirectFBImageProvider *provider;
   //初始化
   DirectFBInit( &argc, &argv );
   DirectFBCreate( &dfb );
   dfb->SetCooperativeLevel( dfb, DFSCL_FULLSCREEN );
   dsc.flags = DSDESC_CAPS; 
   dsc.caps = DSCAPS_PRIMARY; 
   //建立primary
   dfb->CreateSurface( dfb, &dsc, &primary );
   //建立一個provider收集1.jpg圖片資訊
   dfb->CreateImageProvider( dfb, "./1.jpg", &provider );
   //把provider渲染給到primary
   provider->RenderTo(provider, primary, NULL);
   provider->Release( provider );
   sleep (5);
   primary->Release( primary );
   dfb->Release( dfb );
   return 0;
}
編譯DirectFB範例2 
 
#include <directfb.h>
#include <stdio.h>  
static IDirectFB *dfb = NULL;
//primary畫滿screen
static IDirectFBSurface *primary = NULL;
//把logo畫在priary上
static IDirectFBSurface *logo = NULL;
static int screen_width = 0;
static int screen_height = 0;
int main(int argc, char **argv)
{
   DFBSurfaceDescription dsc;
   //IDirectFBImageProvider收集圖片資訊,並將圖片提供給IDirectFBSurface
   IDirectFBImageProvider *provider;
   //初始化DirectFB
   DirectFBInit(&argc, &argv);
   DirectFBCreate(&dfb);
   dfb->SetCooperativeLevel(dfb, DFSCL_FULLSCREEN);
   //定義表面描述
   dsc.flags = DSDESC_CAPS;
   dsc.caps = DSCAPS_PRIMARY | DSCAPS_FLIPPING;
   //利用表面描述(dsc)來創建一個表面(primary)
   dfb->CreateSurface(dfb, &dsc, &primary);
   //取得screen大小
   primary->GetSize(primary, &screen_width, &screen_height);
   //建立一個IDirectFBImageProviderg收集1.jpg圖片資訊
   dfb->CreateImageProvider(dfb, "./1.jpg", &provider);
   provider->GetSurfaceDescription(provider, &dsc);
   //利用表面描述(dsc)來創建一個表面(logo)
   dfb->CreateSurface(dfb, &dsc, &logo);
   //把IDirectFBImageProvider(provider)渲染給IDirectFBSurface(logo)
   provider->RenderTo(provider, logo, NULL);
   //釋放不需要的provider
   provider->Release(provider);

   primary->FillRectangle(primary, 0, 0, screen_width - 1, screen_height - 1);
   //把logo秀在primary上
   primary->Blit(primary, logo, NULL, 0, 0);
   primary->Flip(primary, NULL, DSFLIP_WAITFORSYNC);   
   
   //while(1){}  
 
   logo->Release(logo);
   primary->Release(primary);
   dfb->Release(dfb);
   return 0;
}
 
#-------------------------------------------------------------------------
LIRC commands 
 
begin remote
  name fdremote1
  bits 16
  flags SPACE_ENC|CONST_LENGTH
  eps 30
  aeps 100
  header 8957 4477
  one 550 1695
  zero 550 565
  ptrail 551
  repeat 8958 2231
  pre_data_bits 16
  pre_data 0xCE94
  gap 107359
  toggle_bit_mask 0x0
      begin codes
          mute 0x40BF
          power 0xB847
          home 0x7887
          red 0x1AE5
          blue 0x02FD
          volUp 0x906F
          volDown 0x807F
          chUp 0x10EF
          chDown 0x50AF
          up 0x8679
          down 0x46B9
          left 0xC639
          right 0x26D9
          play 0xD02F
          green 0x00FF
          yellow 0xC03F
          D1 0x708F
          D2 0xF00F
          D3 0x30CF
          D4 0x48B7
          D5 0xC837
          D6 0x08F7
          D7 0x6897
          D8 0xE817
          D9 0x28D7
          D0 0xD827
          asterisk 0x12ED
          number 0x8877
          info 0x22DD
          search 0x06F9
          favor 0x9867
          backspace 0xA857
          lang 0xB04F
          input 0x0AF5
          trigger 0x32CD
      end codes
end remote
//------------------------------------------------------------------------------ 
編譯kernel(記得要先打好補丁且uboot要先編譯出mkimage)
 
export PATH=$PATH:/opt/STM/STLinux-2.3/devkit/sh4/bin
make distclean
rm vmlinux.bin.gz
rm vmlinux.ub 
make ARCH=sh CROSS_COMPILE=sh4-linux- pdk7105se_defconfig
make ARCH=sh CROSS_COMPILE=sh4-linux- menuconfig
make -j4 ARCH=sh CROSS_COMPILE=sh4-linux- vmlinux
sh4-linux-objcopy -O binary vmlinux vmlinux.bin
gzip --best --force vmlinux.bin 
./mkimage -A sh -O linux -T kernel -C gzip -a 0x80800000 -e 0x80801000 -n "Linux 2.6" -d vmlinux.bin.gz vmlinux.ub
 
(-a ==> set load address to addr, -e ==> set entry point to 'ep')
架好TFTP
setenv ipaddr 192.168.1.116    
setenv serverip 192.168.1.100
seveenv 

tftp 80000000 vmlinux.ub      
bootm