https://wiki.archlinux.org/api.php?action=feedcontributions&user=Ajdunevent&feedformat=atomArchWiki - User contributions [en]2024-03-29T01:21:16ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=MariaDB&diff=687617MariaDB2021-07-11T16:15:21Z<p>Ajdunevent: corrected config file location from /etc/mysql/my.cnf to /etc/my.cnf.d/server.cnf in "Using a tmpfs for tmpdir" section.</p>
<hr />
<div>[[Category:Relational DBMSs]]<br />
[[de:MariaDB]]<br />
[[fr:MariaDB]]<br />
[[it:MySQL]]<br />
[[ja:MariaDB]]<br />
[[zh-hans:MariaDB]]<br />
{{Related articles start}}<br />
{{Related|phpMyAdmin}}<br />
{{Related|Adminer}}<br />
{{Related|JDBC and MySQL}}<br />
{{Related|Open Database Connectivity}}<br />
{{Related articles end}}<br />
[[Wikipedia:MariaDB|MariaDB]] is a reliable, high performance and full-featured database server which aims to be an 'always Free, backward compatible, drop-in' replacement of [[MySQL]]. Since 2013 MariaDB is Arch Linux's default implementation of MySQL.[https://archlinux.org/news/mariadb-replaces-mysql-in-repositories/]<br />
<br />
== Installation ==<br />
<br />
[https://mariadb.com/ MariaDB] is the [https://archlinux.org/news/mariadb-replaces-mysql-in-repositories/ default implementation] of MySQL in Arch Linux, provided with the {{Pkg|mariadb}} package.<br />
<br />
{{Tip|<br />
* If the database (in {{ic|/var/lib/mysql}}) resides on a [[Btrfs]] file system, you should consider disabling [[Btrfs#Copy-on-Write (CoW)|Copy-on-Write]] for the directory before creating any database.<br />
* If the database resides on a [[ZFS]] file system, you should consult [[ZFS#Databases]] before creating any database.<br />
}}<br />
<br />
Install {{Pkg|mariadb}}, and run the following command '''before starting''' the {{ic|mariadb.service}}:<br />
<br />
# mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql<br />
<br />
{{Tip|If you use something different from {{ic|/var/lib/mysql}} for your data dir, you need to set {{ic|1=datadir=''YOUR_DATADIR''}} under section {{ic|[mysqld]}} of your {{ic|/etc/my.cnf.d/server.cnf}}.}}<br />
<br />
Now {{ic|mariadb.service}} can be [[started]] and/or [[enabled]].<br />
<br />
{{Note|Before continuing, it is recommended to [[#Improve initial security|improve the initial security]] of the MySQL installation.}}<br />
<br />
To simplify administration, you might want to install a [[MySQL#Graphical tools|front-end]].<br />
<br />
== Configuration ==<br />
<br />
{{Out of date|The main /etc/my.cnf configuration file is now split into various files in /etc/my.cnf.d/ dir.}}<br />
<br />
Once you have started the MySQL server and added a root account, you may want to change the default configuration.<br />
<br />
To log in as {{ic|root}} on the MySQL server, use the following command:<br />
<br />
# mysql -u root -p<br />
<br />
{{Note|The default password is empty. Press {{ic|Enter}} to log in.}}<br />
<br />
=== Add user ===<br />
<br />
Creating a new user takes two steps: create the user; grant privileges. In the below example, the user ''monty'' with ''some_pass'' as password is being created, then granted full permissions to the database ''mydb'': <br />
<br />
{{hc|# mysql -u root -p|<br />
MariaDB> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';<br />
MariaDB> GRANT ALL PRIVILEGES ON mydb.* TO 'monty'@'localhost';<br />
MariaDB> FLUSH PRIVILEGES;<br />
MariaDB> quit<br />
}}<br />
<br />
=== Configuration files ===<br />
<br />
''MariaDB'' configuration options are read from the following files in the given order (according to {{ic|mysqld --help --verbose | tail -20}} output):<br />
<br />
/etc/my.cnf /etc/my.cnf.d/ ~/.my.cnf<br />
<br />
Depending on the scope of the changes you want to make (system-wide, user-only...), use the corresponding file. See [https://mariadb.com/kb/en/library/configuring-mariadb-with-option-files/ this entry] of the Knowledge Base for more information.<br />
<br />
=== Enable auto-completion ===<br />
<br />
{{Note|Enabling this feature can make the client initialization longer.}}<br />
<br />
The MySQL client completion feature is disabled by default. To enable it system-wide edit {{ic|/etc/my.cnf.d/mysql-clients.cnf}}, and add {{ic|auto-rehash}} under {{ic|mysql}}. Note that this must not be placed under {{ic|mysqld}}. Completion will be enabled next time you run the MySQL client.<br />
<br />
=== Using UTF8MB4 ===<br />
<br />
{{Warning|Before changing the character set be sure to create a backup first.}}<br />
<br />
{{Note|<br />
* The {{Pkg|mariadb}} package already uses {{ic|utf8mb4}} as charset and {{ic|utf8mb4_unicode_ci}} as collation. Users using the default (character) settings may want to skip this section.<br />
* UTF8MB4 is recommended over UTF-8 since it allows full Unicode support [https://mathiasbynens.be/notes/mysql-utf8mb4] [https://stackoverflow.com/questions/30074492/what-is-the-difference-between-utf8mb4-and-utf8-charsets-in-mysql].<br />
}}<br />
<br />
[[Append]] the following values to the main configuration file located at {{ic|/etc/mysql/my.cnf}}:<br />
<br />
{{bc|1=<br />
[client]<br />
default-character-set = utf8mb4<br />
<br />
[mysqld]<br />
collation_server = utf8mb4_unicode_ci<br />
character_set_server = utf8mb4<br />
<br />
[mysql]<br />
default-character-set = utf8mb4<br />
}}<br />
<br />
[[Restart]] {{ic|mariadb.service}} to apply the changes.<br />
<br />
See [[#Maintenance]] to optimize and check the database health.<br />
<br />
=== Increase character limit ===<br />
<br />
{{Out of date|As of 10.3.1 this section is no longer applicable. All 3 options are now enabled by default. {{ic|innodb_file_format}} and {{ic|innodb_large_prefix}} are deprecated and can no longer be used. The mariadb service will fail to start if either are included in {{ic|my.cnf}} ([https://mariadb.com/kb/en/library/innodb-system-variables/#innodb_file_format source])}}<br />
<br />
{{Note|The character-limit depends on the character-set in use [https://web.archive.org/web/20181229154254/http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/] [https://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html#sysvar_innodb_large_prefix] [https://easyengine.io/tutorials/mysql/enable-innodb-file-per-table/].}}<br />
<br />
For InnoDB execute the following commands to support a higher character-limit:<br />
<br />
mysql> set global innodb_file_format = BARRACUDA;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> set global innodb_file_per_table = ON;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> set global innodb_large_prefix = ON;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
[[Append]] the following lines in {{ic|/etc/mysql/my.cnf}} to always use a higher character-limit:<br />
<br />
[mysqld]<br />
innodb_file_format = barracuda<br />
innodb_file_per_table = 1<br />
innodb_large_prefix = 1<br />
<br />
[[Restart]] {{ic|mariadb.service}} to apply the changes.<br />
<br />
On table creating append the {{ic|ROW_FORMAT}} as seen in the example:<br />
<br />
mysql> create table if not exists products (<br />
-> day date not null,<br />
-> product_id int not null,<br />
-> dimension1 varchar(500) not null,<br />
-> dimension2 varchar(500) not null,<br />
-> unique index unique_index (day, product_id, dimension1, dimension2)<br />
-> ) ENGINE=InnoDB ROW_FORMAT=DYNAMIC;<br />
Query OK, 0 rows affected (0.02 sec)<br />
<br />
=== Using a tmpfs for tmpdir ===<br />
<br />
The directory used by MySQL for storing temporary files is named ''tmpdir''. For example, it is used to perform disk based large sorts, as well as for internal and explicit temporary tables.<br />
<br />
Create the directory with appropriate permissions:<br />
<br />
# mkdir -pv /var/lib/mysqltmp<br />
# chown mysql:mysql /var/lib/mysqltmp<br />
<br />
Add the following [[tmpfs]] mount to your {{ic|/etc/fstab}} file:<br />
<br />
tmpfs /var/lib/mysqltmp tmpfs rw,gid=mysql,uid=mysql,size=100M,mode=0750,noatime 0 0<br />
<br />
Add to your {{ic|/etc/my.cnf.d/server.cnf}} file under the {{ic|mysqld}} group:<br />
<br />
tmpdir = /var/lib/mysqltmp<br />
<br />
[[Stop]] {{ic|mariadb.service}}, [[mount]] {{ic|/var/lib/mysqltmp/}} and [[start]] {{ic|mariadb.service}}.<br />
<br />
=== Time zone tables ===<br />
<br />
Although time zone tables are created during the installation, they are not automatically populated. They need to be populated if you are planning on using CONVERT_TZ() in SQL queries.<br />
<br />
To populate the time zone tables with all the time zones:<br />
<br />
$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql<br />
<br />
Optionally, you may populate the table with specific time zone files:<br />
<br />
$ mysql_tzinfo_to_sql ''timezone_file'' ''timezone_name'' | mysql -u root -p mysql<br />
<br />
== Security ==<br />
<br />
=== Improve initial security ===<br />
<br />
The {{ic|mysql_secure_installation}} command will interactively guide you through a number of recommended security measures, such as removing anonymous accounts and removing the test database:<br />
<br />
# mysql_secure_installation<br />
<br />
{{Warning|After running this, please note that TCP port 3306 will still be open, but refusing connections with an error message. To prevent MySQL from listening on an external interface, see the [[#Listen only on the loopback address]] and [[#Enable access locally only via Unix sockets]] sections.}}<br />
<br />
=== Listen only on the loopback address ===<br />
<br />
By default, MySQL will listen on the 0.0.0.0 address, which includes all network interfaces. In order to restrict MySQL to listen only to the loopback address, add the following line in {{ic|/etc/my.cnf.d/server.cnf}}:<br />
<br />
[mysqld]<br />
bind-address = 127.0.0.1<br />
<br />
=== Enable access locally only via Unix sockets ===<br />
<br />
By default, MySQL is accessible via both Unix sockets and the network. If MySQL is only needed for the localhost, you can improve security by not listening on TCP port 3306, and only listening on Unix sockets instead. To do this, add the following line in {{ic|/etc/my.cnf.d/server.cnf}}:<br />
<br />
[mysqld]<br />
skip-networking<br />
<br />
You will still be able to log in locally as before, but only using Unix sockets.<br />
<br />
=== Grant remote access ===<br />
<br />
{{Warning|This is not considered as best practice and may cause security issues. Consider using [[Secure Shell]], [[VNC]] or [[VPN]], if you want to maintain the MySQL server from another host inside/outside your network.}}<br />
<br />
To allow remote access to the MySQL server, ensure that MySQL has [[#Enable access locally only via Unix sockets|networking enabled]] and is [[#Listen only on the loopback address|listening on the appropriate interface]].<br />
<br />
Grant any MySQL user remote access (example for root):<br />
<br />
# mysql -u root -p<br />
<br />
Check current users with remote access privileged:<br />
<br />
SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';<br />
<br />
Now grant remote access for your user (here root)::<br />
<br />
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.%' IDENTIFIED BY 'my_optional_remote_password' WITH GRANT OPTION;<br />
<br />
You can change the '%' wildcard to a specific host if you like. The password can be different from user's main password.<br />
<br />
=== Configure access to home directories ===<br />
<br />
For security reasons, the systemd service file contains {{ic|1=ProtectHome=true}}, which prevents MariaDB from accessing files under the {{ic|/home}}, {{ic|/root}} and {{ic|/run/user}} hierarchies. The {{ic|datadir}} has to be in an accessible location and [[chown|owned]] by the {{ic|mysql}} user and group.<br />
<br />
You can modify this behavior by creating a supplementary service file as described [https://mariadb.com/kb/en/systemd/#configuring-access-to-home-directories here].<br />
<br />
== Maintenance ==<br />
<br />
=== Upgrade databases on major releases ===<br />
<br />
Upon a major version release of {{Pkg|mariadb}} (for example mariadb-10.1.10-1 to mariadb-10.1.18-1), it is wise to upgrade databases:<br />
<br />
# mysql_upgrade -u root -p<br />
<br />
To upgrade from 10.1.x to 10.3.x:<br />
<br />
* keep the 10.1.x database daemon running<br />
* upgrade the package<br />
* run {{ic|mysql_upgrade}} (from the new package version) against the old still-running daemon. This will produce some error messages; however, the upgrade will succeed.<br />
* restart the daemon, so the 10.3.x daemon runs.<br />
<br />
Alternatively, stop the (old) daemon, run the (new) daemon in safe mode, run {{ic|mysql_upgrade}} against that, and then start the (new) daemon as described in [[#Unable to run mysql_upgrade because MySQL cannot start]].<br />
<br />
=== Checking, optimizing and repairing databases ===<br />
<br />
{{Pkg|mariadb}} ships with {{ic|mysqlcheck}} which can be used to check, repair, and optimize tables within databases from the shell. See the mysqlcheck man page for more. Several command tasks are shown:<br />
<br />
To check all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -c<br />
<br />
To analyze all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -a<br />
<br />
To repair all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -r<br />
<br />
To optimize all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -o<br />
<br />
== Backup ==<br />
<br />
There are various [https://mariadb.com/kb/en/mariadb/documentation/backing-up-and-restoring/ tools and strategies] to back up your databases.<br />
<br />
If you are using the default InnoDB storage engine, a [https://mariadb.com/kb/en/mariadb/documentation/clients-and-utilities/backup-restore-and-import/mysqldump/#examples suggested] way of backing up all your bases online while provisioning for [https://dev.mysql.com/doc/refman/5.6/en/point-in-time-recovery.html point-in-time recovery] (also known as “roll-forward,” when you need to restore an old backup and replay the changes that happened since that backup) is to execute the following command:<br />
<br />
$ mysqldump --single-transaction --flush-logs --master-data=2 --all-databases -u root -p > all_databases.sql<br />
<br />
This will prompt for '''MariaDB's''' root user's password, which was defined during database [[#Configuration]].<br />
<br />
Specifying the password on the command line is [https://dev.mysql.com/doc/refman/5.6/en/password-security-user.html strongly discouraged], as it exposes it to discovery by other users through the use of {{ic|ps aux}} or other techniques. Instead, the aforementioned command will prompt for the specified user's password, concealing it away.<br />
<br />
=== Compression ===<br />
<br />
As SQL tables can get pretty large, it is recommended to pipe the output of the aforementioned command in a compression utility like {{Pkg|gzip}}:<br />
<br />
$ mysqldump --single-transaction --flush-logs --master-data=2 --all-databases -u root -p | gzip > all_databases.sql.gz<br />
<br />
Decompressing the backup thus created and reloading it in the server is achieved by doing:<br />
<br />
$ zcat all_databases.sql.gz | mysql -u root -p<br />
<br />
This will recreate and repopulate all the databases previously backed up (see [https://stackoverflow.com/questions/23180963/restore-all-mysql-database-from-a-all-database-sql-gz-file#comment35453351_23180977 this] or [https://www.linuxquestions.org/questions/linux-server-73/how-to-restore-mysqldump-all-databases-backup-892922/ this]).<br />
<br />
=== Non-interactive ===<br />
<br />
If you want to setup non-interactive backup script for use in [[cron]] jobs or [[Systemd/cron_functionality|systemd timers]], see [https://dev.mysql.com/doc/refman/5.6/en/option-files.html option files] and [https://stackoverflow.com/a/9293090 this illustration] for ''mysqldump''.<br />
<br />
Basically you should add the following section to the relevant [[#Configuration files|configuration file]]:<br />
<br />
{{bc|1=<br />
[mysqldump]<br />
user=mysqluser<br />
password=secret<br />
}}<br />
<br />
Mentioning a user here is optional, but doing so will free you from having to mention it on the command line. If you want to set this for all tools, including {{ic|mysql}}, use the {{ic|[client]}} group.<br />
<br />
==== Example script ====<br />
<br />
The database can be dumped to a file for easy backup. The following shell script will do this for you, creating a {{ic|db_backup.gz}} file in the same directory as the script, containing your database dump:<br />
<br />
{{bc|<nowiki><br />
#!/bin/bash<br />
<br />
THISDIR=$(dirname $(readlink -f "$0"))<br />
<br />
mysqldump --single-transaction --flush-logs --master-data=2 --all-databases \<br />
| gzip > $THISDIR/db_backup.gz<br />
echo 'purge master logs before date_sub(now(), interval 7 day);' | mysql<br />
</nowiki>}}<br />
<br />
See also the official {{ic|mysqldump}} page in the [https://dev.mysql.com/doc/refman/5.6/en/mysqldump.html MySQL] and [https://mariadb.com/kb/en/mariadb/documentation/clients-and-utilities/backup-restore-and-import/mysqldump MariaDB] manuals.<br />
<br />
=== Holland Backup ===<br />
<br />
A python-based software package named [https://hollandbackup.org/ Holland Backup] is available in [[AUR]] to automate all of the backup work. It supports direct mysqldump, LVM snapshots to tar files (mysqllvm), LVM snapshots with mysqldump (mysqldump-lvm), and {{pkg|xtrabackup}} methods to extract the data. The Holland framework supports a multitude of options and is highly configurable to address almost any backup situation.<br />
<br />
The main {{AUR|holland}} and {{AUR|holland-common}} packages provide the core framework; one of the sub-packages ({{AUR|holland-mysqldump}}, {{AUR|holland-mysqllvm}} and/or {{AUR|holland-xtrabackup}} must be installed for full operation. Example configurations for each method are in the {{ic|/usr/share/doc/holland/examples/}} directory and can be copied to {{ic|/etc/holland/backupsets/}}, as well as using the {{ic|holland mk-config}} command to generate a base config for a named provider.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Unable to run mysql_upgrade because MySQL cannot start ===<br />
<br />
Try run MySQL in safemode:<br />
<br />
# mysqld_safe --datadir=/var/lib/mysql/<br />
<br />
And then run:<br />
<br />
# mysql_upgrade -u root -p<br />
<br />
=== Reset the root password ===<br />
<br />
# Stop {{ic|mariadb.service}}. <br />
# Start the mysqld server with safety features: {{bc|# mysqld_safe --skip-grant-tables --skip-networking &}}<br />
# Connect to it: {{bc|# mysql -u root}}<br />
# Change root password: {{bc|<nowiki><br />
MariaDB [(none)]> use mysql<br />
MariaDB [mysql]> flush privileges;<br />
MariaDB [mysql]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';<br />
MariaDB [mysql]> exit<br />
</nowiki>}}<br />
# Kill running mysqld* processes: {{bc|# kill $(cat /var/lib/mysql/$HOSTNAME.pid)}}<br />
# Start {{ic|mariadb.service}}.<br />
<br />
=== Check and repair all tables ===<br />
<br />
Check and auto repair all tables in all databases, [https://dev.mysql.com/doc/refman/5.7/en/mysqlcheck.html see more]:<br />
<br />
# mysqlcheck -A --auto-repair -u root -p<br />
<br />
=== Optimize all tables ===<br />
<br />
Forcefully optimize all tables, automatically fixing table errors that may come up.<br />
<br />
# mysqlcheck -A --auto-repair -f -o -u root -p<br />
<br />
=== OS error 22 when running on ZFS ===<br />
<br />
If using MySQL databases on [[ZFS]], the error {{ic|InnoDB: Operating system error number 22 in a file operation}} may occur.<br />
<br />
A workaround is to disable {{ic|aio_writes}} in {{ic|/etc/mysql/my.cnf}}:<br />
<br />
{{hc|/etc/mysql/my.cnf|2=<br />
[mysqld]<br />
innodb_use_native_aio = 0<br />
}}<br />
<br />
=== Cannot login through CLI, but phpmyadmin works well ===<br />
<br />
This may happen if you are using a long (>70-75) password. As for 5.5.36, for some reason, mysql CLI cannot handle that many characters in readline mode. So, if you are planning to use the recommended password input mode:<br />
<br />
{{hc|$ mysql -u ''user'' -p|<br />
Password:<br />
}}<br />
<br />
Consider changing the password to smaller one.<br />
<br />
{{Note|You still can log in by specifying the password as an argument to mysql command.<br />
<br />
{{Warning|This behavior is considered dangerous, because your password might leak, for example, to the logs. Use it only in case of emergency and do not forget to change password right afterwards.}}<br />
<br />
$ mysql -u ''user'' -p"''some-very-strong-password''"<br />
<br />
}}<br />
<br />
=== MySQL binary logs are taking up huge disk space ===<br />
<br />
{{Out of date|section=Mistakes in "MySQL binary logs are taking up huge disk space"}}<br />
<br />
By default, mysqld creates binary log files in {{ic|/var/lib/mysql}}. This is useful for replication master server or data recovery. But these binary logs can eat up your disk space. If you do not plan to use replication or data recovery features, you may disable binary logging by commenting out these lines in {{ic|/etc/mysql/my.cnf}}:<br />
<br />
#log-bin=mysql-bin<br />
#binlog_format=mixed<br />
<br />
Or you could limit the size of the logfile like this:<br />
<br />
expire_logs_days = 10<br />
max_binlog_size = 100M<br />
<br />
Alternatively, you can purge some binary logs in {{ic|/var/lib/mysql}} to free up disk space with this command:<br />
<br />
# mysql -u root -p"PASSWORD" -e "PURGE BINARY LOGS TO 'mysql-bin.0000xx';"<br />
<br />
{{Warning|This may decrease the chances of successful data recovery when trying to repair database tables (i.e. on database corruption).}}<br />
<br />
=== OpenRC fails to start MySQL ===<br />
<br />
To use MySQL with [[OpenRC]] you need to add the following lines to the {{ic|[mysqld]}} section in the MySQL config file, located at {{ic|/etc/mysql/my.cnf}}.<br />
<br />
user = mysql<br />
basedir = /usr<br />
datadir = /var/lib/mysql<br />
pid-file = /run/mysqld/mysql.pid<br />
<br />
You should now be able to start MySQL using:<br />
<br />
# rc-service mysql start<br />
<br />
=== Specified key was too long ===<br />
<br />
See [[#Increase character limit]].<br />
<br />
=== Changed limits warning on max_open_files/table_open_cache ===<br />
<br />
Increase the number of file descriptors by creating a [[Systemd#Drop-in_files|systemd drop-in]], e.g.:<br />
<br />
{{hc|/etc/systemd/system/mysqld.service.d/limit_nofile.conf|2=<br />
[Service]<br />
LimitNOFILE=8192<br />
}}<br />
<br />
=== 10.4 to 10.5 upgrade crash: "InnoDB: Upgrade after a crash is not supported. The redo log was created with MariaDB 10.4.x" ===<br />
<br />
Before MariaDB 10.5, redo log was unnecessarily split into multiple files.[https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/]<br />
<br />
Move the old binary logs {{ic|/var/lib/mysql/ib_logfile*}} out of the way, thus letting MariaDB 10.5 create new ones. Then [[restart]] {{ic|mariadb.service}} and upgrade your tables with {{ic|mysql_upgrade}}.<br />
<br />
=== Unable to connect from IPv6 only clients ===<br />
<br />
MariaDB in its default configuration binds to {{ic|0.0.0.0}} and is only accessible using IPv4. If you want to connect from hosts using IPv6 exclusively you have to change the servers bind accordingly. {{ic|::}} will listen on IPv6 and IPv4.<br />
<br />
{{hc|/etc/mysql/my.cnf|2=<br />
[mysqld]<br />
bind-address=::<br />
}}<br />
<br />
== See also ==<br />
<br />
* [https://mariadb.com/ MariaDB Official Website]<br />
* [https://mariadb.com/kb/en/ MariaDB knowledge Base]<br />
* [https://www.askapache.com/mysql/performance-tuning-mysql/ MySQL Performance Tuning Scripts and Know-How]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=GDM&diff=545425GDM2018-10-01T12:48:57Z<p>Ajdunevent: /* Hide user from login list */ changed "accountsservice" directory back to "AccountsService" since the 0.6.54 restores the mixed case usage (see https://bbs.archlinux.org/viewtopic.php?pid=1810480#p1810480)</p>
<hr />
<div>[[Category:Display managers]]<br />
[[Category:GNOME]]<br />
[[es:GDM]]<br />
[[ja:GDM]]<br />
[[pt:GDM]]<br />
[[zh-hans:GDM]]<br />
{{Related articles start}}<br />
{{Related|GNOME}}<br />
{{Related|Display manager}}<br />
{{Related articles end}}<br />
From [https://wiki.gnome.org/Projects/GDM GDM - GNOME Display Manager]: "The GNOME Display Manager (GDM) is a program that manages graphical display servers and handles graphical user logins."<br />
<br />
[[Display manager]]s provide [[X Window System]] and [[Wayland]] users with a graphical login prompt.<br />
<br />
== Installation ==<br />
<br />
GDM can be [[install]]ed with the {{Pkg|gdm}} package, and it is installed as part of the {{grp|gnome}} group.<br />
<br />
If you would prefer to use legacy GDM which was used in GNOME 2 and has its own configuration utility, install the {{AUR|gdm-old}} package. Note that the rest of this article discusses current GDM, not legacy GDM, unless indicated otherwise.<br />
<br />
You might also wish to install the following:<br />
* {{App|gdm3setup|An interface to configure GDM3, autologin options and change Shell theme|https://github.com/Nano77/gdm3setup|{{AUR|gdm3setup-utils}}}}<br />
<br />
== Starting ==<br />
<br />
To start GDM at boot time [[enable]] {{ic|gdm.service}}.<br />
<br />
=== Autostarting applications ===<br />
<br />
One might want to autostart certain commands, such as ''xrandr'' for instance, on login. This can be achieved by adding a command or script to a location that is sourced by the display manager. See [[Display manager#Autostarting]] for a list of supported locations. <br />
{{Note|1=The {{ic|/etc/gdm/Init}} directory is no longer a supported location, see [https://bugzilla.gnome.org/show_bug.cgi?id=751602#c2].}}<br />
<br />
== Configuration ==<br />
<br />
=== Log-in screen background image ===<br />
{{Accuracy|Configuration is not persistent and will be gone after gdm update. Needs to be rewritten to enable user-themes gnome-shell extension for gdm user and use custom theme and set gsetting to use that theme}}<br />
<br />
{{Note|<br />
* Since GNOME 3.16, GNOME Shell themes are now stored as binary files (gresource).<br />
* This change will be overwritten on subsequent updates of {{Pkg|gnome-shell}}.}}<br />
<br />
Firstly, you need to extract the existing GNOME Shell theme to a folder in your home directory. You can do this using the following script:<br />
<br />
{{hc|extractgst.sh|2=<br />
#!/bin/sh<br />
gst=/usr/share/gnome-shell/gnome-shell-theme.gresource<br />
workdir=${HOME}/shell-theme<br />
<br />
for r in `gresource list $gst`; do<br />
r=${r#\/org\/gnome\/shell/}<br />
if [ ! -d $workdir/${r%/*} ]; then<br />
mkdir -p $workdir/${r%/*}<br />
fi<br />
done<br />
<br />
for r in `gresource list $gst`; do<br />
gresource extract $gst $r >$workdir/${r#\/org\/gnome\/shell/}<br />
done}}<br />
<br />
Navigate to the created directory. You should find that the theme files have been extracted to it. Now copy your preferred background image to this directory.<br />
<br />
Next, you need to create a file in the directory with the following content:<br />
<br />
{{hc|1=gnome-shell-theme.gresource.xml|2=<br />
<?xml version="1.0" encoding="UTF-8"?><br />
<gresources><br />
<gresource prefix="/org/gnome/shell/theme"><br />
<file>calendar-arrow-left.svg</file><br />
<file>calendar-arrow-right.svg</file><br />
<file>calendar-today.svg</file><br />
<file>checkbox.svg</file><br />
<file>checkbox-focused.svg</file><br />
<file>checkbox-off.svg</file><br />
<file>checkbox-off-focused.svg</file><br />
<file>close-window.svg</file><br />
<file>close-window-active.svg</file><br />
<file>close-window-hover.svg</file><br />
<file>corner-ripple-ltr.png</file><br />
<file>corner-ripple-rtl.png</file><br />
<file>dash-placeholder.svg</file><br />
<file>gnome-shell.css</file><br />
<file>gnome-shell-high-contrast.css</file><br />
<file>icons/message-indicator-symbolic.svg</file><br />
<file>key-enter.svg</file><br />
<file>key-hide.svg</file><br />
<file>key-layout.svg</file><br />
<file>key-shift.svg</file><br />
<file>key-shift-latched-uppercase.svg</file><br />
<file>key-shift-uppercase.svg</file><br />
<file>noise-texture.png</file><br />
<file>'''filename'''</file><br />
<file>no-events.svg</file><br />
<file>no-notifications.svg</file><br />
<file>pad-osd.css</file><br />
<file>page-indicator-active.svg</file><br />
<file>page-indicator-checked.svg</file><br />
<file>page-indicator-hover.svg</file><br />
<file>page-indicator-inactive.svg</file><br />
<file>process-working.svg</file><br />
<file>toggle-off-hc.svg</file><br />
<file>toggle-off-intl.svg</file><br />
<file>toggle-off-us.svg</file><br />
<file>toggle-on-hc.svg</file><br />
<file>toggle-on-intl.svg</file><br />
<file>toggle-on-us.svg</file><br />
</gresource><br />
</gresources>}}<br />
<br />
Replace '''filename''' with the filename of your background image.<br />
<br />
Now, open the {{ic|gnome-shell.css}} file in the directory and change the {{ic|#lockDialogGroup}} definition as follows:<br />
<br />
#lockDialogGroup {<br />
background: #2e3436 url('''filename''');<br />
background-size: '''[WIDTH]'''px '''[HEIGHT]'''px;<br />
background-repeat: no-repeat;<br />
}<br />
<br />
Set {{ic|background-size}} to the resolution that GDM uses, this might not necessarily be the resolution of the image. For a list of display resolutions see [[wikipedia:Display_resolution#Computer_monitors|Display resolution]]. Again, set '''filename''' to be the name of the background image.<br />
<br />
Finally, compile the theme using the following command:<br />
$ glib-compile-resources gnome-shell-theme.gresource.xml<br />
Then copy the resulting {{ic|gnome-shell-theme.gresource}} file to the {{ic|/usr/share/gnome-shell}} directory.<br />
<br />
Then restart {{ic|gdm.service}} (note that simply logging out is not enough) and you should find that it is using your preferred background image.<br />
<br />
For more information, please see the following [https://bbs.archlinux.org/viewtopic.php?id&#61;197036 forum thread].<br />
<br />
=== DConf configuration ===<br />
<br />
Some GDM settings are stored in a DConf database. They can be configured either by adding ''keyfiles'' to the {{ic|/etc/dconf/db/gdm.d}} directory and then recompiling the GDM database by running {{ic|dconf update}} as root or by logging into the GDM user on the system and changing the setting directly using the ''gsettings'' command line tool. Note that for the former approach, a GDM profile file is required - this must be created manually as it is no longer shipped upstream, see below:<br />
{{hc|/etc/dconf/profile/gdm|<br />
user-db:user<br />
system-db:gdm<br />
file-db:/usr/share/gdm/greeter-dconf-defaults}}<br />
For the latter approach, you can log into the GDM user with the command below:<br />
# machinectl shell gdm@<br />
<br />
==== Log-in screen logo ====<br />
<br />
Either create the following keyfile<br />
{{hc|/etc/dconf/db/gdm.d/02-logo|2=<br />
[org/gnome/login-screen]<br />
logo=<nowiki>'</nowiki>''/path/to/logo.png''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.login-screen logo <nowiki>'</nowiki>''/path/to/logo.png''<nowiki>'</nowiki><br />
<br />
==== Changing the cursor theme ====<br />
<br />
GDM disregards [[GNOME]] cursor theme settings and it also ignores the cursor theme set according to the [[Cursor themes#XDG specification|XDG specification]]. To change the cursor theme used in GDM, either create the following keyfile<br />
<br />
{{hc|/etc/dconf/db/gdm.d/10-cursor-settings|<br />
<nowiki>[org/gnome/desktop/interface]<br />
cursor-theme='</nowiki>''theme-name'''<br />
}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.interface cursor-theme <nowiki>'</nowiki>''theme-name''<nowiki>'</nowiki><br />
<br />
==== Larger font for log-in screen ====<br />
<br />
Click on the accessibility icon at the top right of the screen (a white circle with the silhouette of a person in the centre) and check the ''Large Text'' option.<br />
<br />
To set a specific scaling factor, you can create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/03-scaling|2=<br />
[org/gnome/desktop/interface]<br />
text-scaling-factor=<nowiki>'</nowiki>''1.25''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.interface text-scaling-factor <nowiki>'</nowiki>''1.25''<nowiki>'</nowiki><br />
<br />
==== Turning off the sound ====<br />
<br />
This tweak disables the audible feedback heard when the system volume is adjusted (via keyboard) on the login screen.<br />
<br />
Either create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/04-sound|2=<br />
[org/gnome/desktop/sound]<br />
event-sounds='false'}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.sound event-sounds 'false'<br />
<br />
==== Configure power button behavior ====<br />
<br />
{{Note|1=<nowiki></nowiki><br />
* The [[Power management#ACPI events|logind settings]] for the power button are overriden by GNOME Settings Daemon. [https://bugzilla.gnome.org/show_bug.cgi?id=755953#c4]<br />
* As of GDM 3.18, the power button cannot be set to ''interactive''. [https://bugzilla.gnome.org/show_bug.cgi?id=753713#c6]<br />
* In some cases, this setting will be ignored and hardcoded defaults will be used. [https://bugzilla.gnome.org/show_bug.cgi?id=755953#c17]}}<br />
<br />
{{Warning|Please note that the [[acpid]] daemon also handles the "power button" and "hibernate button" events. Running both systems at the same time may lead to unexpected behaviour.}}<br />
<br />
Either create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/05-power|2=<br />
[org/gnome/settings-daemon/plugins/power]<br />
power-button-action=<nowiki>'</nowiki>''action''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.settings-daemon.plugins.power power-button-action <nowiki>'</nowiki>''action''<nowiki>'</nowiki><br />
where ''action'' can be one of {{ic|nothing}}, {{ic|suspend}} or {{ic|hibernate}}.<br />
<br />
==== Enabling tap-to-click ====<br />
<br />
Tap-to-click is disabled in GDM (and GNOME) by default, but you can easily enable it with a dconf setting.<br />
<br />
{{Note|If you want to do this under X, you have to first set up correct X server access permissions - see [[#Configure X server access permission]].}}<br />
<br />
To directly enable tap-to-click, use:<br />
<br />
{{bc|# sudo -u gdm gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true}}<br />
<br />
If you prefer to do this with a GUI, use:<br />
<br />
{{bc|# sudo -u gdm dconf-editor}}<br />
<br />
To check the if it was set correctly, use:<br />
<br />
{{bc|$ sudo -u gdm gsettings get org.gnome.desktop.peripherals.touchpad tap-to-click}}<br />
<br />
If you get the error {{ic|dconf-WARNING **: failed to commit changes to dconf: Error spawning command line}}, make sure dbus is running:<br />
<br />
{{bc|$ sudo -u gdm dbus-launch gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true}}<br />
<br />
==== Disable/Enable Accessibility Menu ====<br />
<br />
To disable or enable the Accessibility Menu, set the following key in dconf editor:<br />
<br />
{{bc|# machinectl shell gdm@<br />
# gsettings set org.gnome.desktop.interface toolkit-accessibility false<br />
# exit}}<br />
<br />
The menu is disabled when the key is false, enabled when it is true.<br />
<br />
=== Keyboard layout ===<br />
<br />
The system keyboard layout will be applied to GDM. See [[Keyboard configuration in Xorg#Using X configuration files]].<br />
<br />
{{Tip|See [[Wikipedia:ISO 3166-1]] for a list of keymaps.}}<br />
<br />
If a system has multiple users, it is possible to specify a keyboard layout for GDM to use which is different from the system keyboard layout. Firstly, ensure the package {{Pkg|gnome-control-center}} is installed. Then start ''gnome-control-center'' and navigate to ''Region & Language -> Input Sources''. In the header bar, hit the ''Login Screen'' toggle button and then choose a keyboard layout from the list. Note that the ''Login Screen'' button will not be visible in the header bar unless multiple users are present on the system [https://bugzilla.gnome.org/show_bug.cgi?id=741500].<br />
<br />
Users of GDM 2.x (legacy GDM) may need to edit {{ic|~/.dmrc}} as shown below:<br />
<br />
{{hc|~/.dmrc|2=<br />
[Desktop]<br />
Language=de_DE.UTF-8 # change to your default lang<br />
Layout=de nodeadkeys # change to your keyboard layout<br />
}}<br />
<br />
=== Change the language ===<br />
<br />
The system language will be applied to GDM. If a system has multiple users, it is possible to set a language for GDM different to the system language. In this case, firstly ensure that {{Pkg|gnome-control-center}} is installed. Then, start ''gnome-control-center'' and choose ''Region & Language''. In the header bar, check the ''Login Screen'' toggle button. Finally, click on ''Language'' and choose your language from the list. You will be prompted for your root password. Note that the ''Login Screen'' button will not be visible in the header bar unless multiple users are present on the system [https://bugzilla.gnome.org/show_bug.cgi?id=741500].<br />
<br />
{{Tip|By adding 2 different input languages, logging out then selecting your default language GDM will remember your choice once the second option is removed.}}<br />
<br />
=== Users and login ===<br />
<br />
==== Automatic login ====<br />
<br />
To enable automatic login with GDM, add the following to {{ic|/etc/gdm/custom.conf}} (replace ''username'' with your own):<br />
<br />
{{hc|1=/etc/gdm/custom.conf|<br />
2=# Enable automatic login for user<br />
[daemon]<br />
AutomaticLogin=''username''<br />
AutomaticLoginEnable=True<br />
}}<br />
<br />
{{Tip|If GDM fails after adding these lines, comment them out from a TTY.}}<br />
<br />
or for an automatic login with a delay:<br />
<br />
{{hc|1=/etc/gdm/custom.conf|<br />
2=[daemon]<br />
<br />
TimedLoginEnable=true<br />
TimedLogin=''username''<br />
TimedLoginDelay=1<br />
}}<br />
<br />
You can set the session used for automatic login (replace {{ic|gnome-xorg}} with desired session):<br />
<br />
{{hc|1=/var/lib/AccountsService/users/''username''|<br />
2=XSession=gnome-xorg<br />
}}<br />
<br />
==== Passwordless login ====<br />
<br />
If you want to bypass the password prompt in GDM then simply add the following line on the first line of {{ic|/etc/pam.d/gdm-password}}:<br />
<br />
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin<br />
<br />
Then, add the group {{ic|nopasswdlogin}} to your system. See [[Group]]s for group descriptions and group management commands.<br />
<br />
Now, add your user to the {{ic|nopasswdlogin}} group and you will only have to click on your username to login.<br />
<br />
{{Warning|<br />
<br />
* Do '''not''' do this for a '''root''' account.<br />
* You won't be able to change your session type at login with GDM anymore. If you want to change your default session type, you will first need to remove your user from the {{ic|nopasswdlogin}} group.}}<br />
<br />
==== Passwordless shutdown for multiple sessions ====<br />
<br />
GDM uses polkit and logind to gain permissions for shutdown. You can shutdown the system when multiple users are logged in by setting:<br />
<br />
{{hc|1=/etc/polkit-1/localauthority.conf.d/org.freedesktop.logind.policy|<br />
2=<?xml version="1.0" encoding="UTF-8"?><br />
<!DOCTYPE policyconfig PUBLIC<br />
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"<br />
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"><br />
<br />
<!-- <br />
Policy definitions for logind<br />
--><br />
<br />
<policyconfig><br />
<br />
<action id="org.freedesktop.login1.power-off-multiple-sessions"><br />
<description>Shutdown the system when multiple users are logged in</description><br />
<message>System policy prevents shutting down the system when other users are logged in</message><br />
<defaults><br />
<allow_inactive>yes</allow_inactive><br />
<allow_active>yes</allow_active><br />
</defaults><br />
</action><br />
<br />
</policyconfig><br />
}}<br />
You can find all available logind options (e.g. reboot-multiple-sessions) [http://www.freedesktop.org/wiki/Software/systemd/logind#Security here].<br />
<br />
==== Enable root login in GDM ====<br />
<br />
It is not advised to login as root, but if necessary you can edit {{ic|/etc/pam.d/gdm-password}} and add the following line before the line {{ic|auth required pam_deny.so}}:<br />
<br />
{{ic|/etc/pam.d/gdm-password}}<br />
<br />
auth sufficient pam_succeed_if.so uid eq 0 quiet<br />
<br />
The file should look something like this:<br />
<br />
{{ic|/etc/pam.d/gdm-password}}<br />
<br />
...<br />
auth sufficient pam_succeed_if.so uid eq 0 quiet<br />
auth sufficient pam_succeed_if.so uid >= 1000 quiet<br />
auth required pam_deny.so<br />
...<br />
<br />
You should be able to login as root after restarting GDM.<br />
<br />
==== Hide user from login list ====<br />
<br />
The users for the gdm user list are gathered by [https://www.freedesktop.org/wiki/Software/AccountsService/ AccountsService]. It will automatically hide system users (UID < 1000).<br />
To hide ordinary users from the login list create or edit a file named after the user to hide in {{ic|/var/lib/AccountsService/users/}} to contain at least:<br />
{{hc|/var/lib/AccountsService/users/''username''|<br />
[User]<br />
<nowiki>SystemAccount=true</nowiki>}}<br />
<br />
=== Setup default monitor settings ===<br />
<br />
Some [[desktop environments]] store display settings in {{ic|~/.config/monitors.xml}}. ''xrandr'' commands are then generated on the base of the file content. GDM has a similar file stored in {{ic|/var/lib/gdm/.config/monitors.xml}}. <br />
<br />
If you have your monitors setup as you like (orientation, scaling, primary and so on) in {{ic|~/.config/monitors.xml}} and want GDM to honor those settings:<br />
$ sudo cp ~/.config/monitors.xml /var/lib/gdm/.config/<br />
$ sudo chown gdm:gdm /var/lib/gdm/.config/monitors.xml<br />
<br />
The relevant parts of {{ic|monitors.xml}} for screen rotation and scaling are:<br />
<monitors version="2"><br />
<configuration><br />
<logicalmonitor><br />
...<br />
<scale>2</scale><br />
...<br />
<transform><br />
<rotation>right</rotation><br />
<flipped>no</flipped><br />
</transform><br />
...<br />
</logicalmonitor><br />
</configuration><br />
</monitors><br />
<br />
Changes will take effect on logout. This is necessary because GDM does not respect {{ic|xorg.conf}}.<br />
<br />
{{Note|1=If you use GDM under Wayland, you must also use a {{ic|monitors.xml}} that was created under Wayland. See [https://bugzilla.gnome.org/show_bug.cgi?id=748098 GNOME bug 748098] for more info. Alternatively, you can force GDM to [[#Use Xorg backend]], and use a {{ic|monitors.xml}} that was created under Xorg.}}<br />
<br />
=== Configure X server access permission ===<br />
<br />
You can use the {{ic|xhost}} command to configure X server access permissions.<br />
<br />
For instance, to grant GDM the right to access the X server, use the following command:<br />
<br />
{{bc|# xhost +SI:localuser:gdm}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Failure to use proprietary NVIDIA driver ===<br />
<br />
GDM uses the [[Wayland]] backend by default which conflicts with NVIDIA driver. Turning off the Wayland backend could enable proprietary NVIDIA driver. <br />
<br />
=== Failure on logout ===<br />
<br />
If GDM starts up properly on boot, but fails after repeated attempts on logout, try adding this line to the daemon section of {{ic|/etc/gdm/custom.conf}}:<br />
<br />
GdmXserverTimeout=60<br />
<br />
=== Rootless Xorg ===<br />
<br />
See [[Xorg#Rootless Xorg]].<br />
<br />
=== Use Xorg backend ===<br />
<br />
The [[Wayland]] backend is used by default and the [[Xorg]] backend is used only if the Wayland backend cannot be started. As the Wayland backend has been [https://bugzilla.redhat.com/show_bug.cgi?id=1199890 reported] to cause problems for some users, use of the Xorg backend may be necessary. To use the Xorg backend by default, edit the {{ic|/etc/gdm/custom.conf}} file and uncomment the following line:<br />
#WaylandEnable=false<br />
<br />
=== Incomplete removal of gdm ===<br />
<br />
After removing {{Pkg|gdm}}, [[systemd]] may report the following:<br />
<br />
user 'gdm': directory '/var/lib/gdm' does not exist<br />
<br />
To remove this warning, login as root and delete the primary user "gdm" and then delete the group "gdm":<br />
<br />
# userdel gdm<br />
# groupdel gdm<br />
<br />
Verify that gdm is successfully removed via {{ic|pwck}} and {{ic|grpck}}. To round it off, you may want to double-check no [[Pacman/Tips_and_tricks#Identify_files_not_owned_by_any_package|unowned files]] for gdm remain.<br />
<br />
=== GDM auto-suspend (GNOME 3.28) ===<br />
GDM uses a separate dconf database to control power management. You can make GDM behave the same way as user sessions by copying the user settings to GDM's dconf database.<br />
<br />
$ IFS=$'\n'; for x in $(sudo -u ''username'' gsettings list-recursively org.gnome.settings-daemon.plugins.power); do eval "sudo -u gdm dbus-launch gsettings set $x"; done; unset IFS<br />
<br />
where {{ic|''username''}} is your user's name.<br />
<br />
Or to simply disable auto-suspend (also run the command with {{ic|ac}} replaced with {{ic|battery}} to also disable it while running on battery):<br />
<br />
$ sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'<br />
<br />
== See also ==<br />
<br />
* [https://help.gnome.org/admin/gdm/stable/index.html.en GDM Reference Manual]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=GDM&diff=544797GDM2018-09-29T15:53:10Z<p>Ajdunevent: /* Hide user from login list */ Since accountsservice 0.6.53, the correct directory is "/var/lib/accountsservice" not "/var/lib/AccountsService". The old directory still exists but changes there won't be reflected on GDM.</p>
<hr />
<div>[[Category:Display managers]]<br />
[[Category:GNOME]]<br />
[[es:GDM]]<br />
[[ja:GDM]]<br />
[[pt:GDM]]<br />
[[zh-hans:GDM]]<br />
{{Related articles start}}<br />
{{Related|GNOME}}<br />
{{Related|Display manager}}<br />
{{Related articles end}}<br />
From [https://wiki.gnome.org/Projects/GDM GDM - GNOME Display Manager]: "The GNOME Display Manager (GDM) is a program that manages graphical display servers and handles graphical user logins."<br />
<br />
[[Display manager]]s provide [[X Window System]] and [[Wayland]] users with a graphical login prompt.<br />
<br />
== Installation ==<br />
<br />
GDM can be [[installed]] with the {{Pkg|gdm}} package, and it is installed as part of the {{grp|gnome}} group.<br />
<br />
If you would prefer to use legacy GDM which was used in GNOME 2 and has its own configuration utility, install the {{AUR|gdm-old}} package. Note that the rest of this article discusses current GDM, not legacy GDM, unless indicated otherwise.<br />
<br />
You might also wish to install the following:<br />
* {{App|gdm3setup|An interface to configure GDM3, autologin options and change Shell theme|https://github.com/Nano77/gdm3setup|{{AUR|gdm3setup-utils}}}}<br />
<br />
== Starting ==<br />
<br />
To start GDM at boot time [[enable]] {{ic|gdm.service}}.<br />
<br />
=== Autostarting applications ===<br />
<br />
One might want to autostart certain commands, such as ''xrandr'' for instance, on login. This can be achieved by adding a command or script to a location that is sourced by the display manager. See [[Display manager#Autostarting]] for a list of supported locations. <br />
{{Note|1=The {{ic|/etc/gdm/Init}} directory is no longer a supported location, see [https://bugzilla.gnome.org/show_bug.cgi?id=751602#c2].}}<br />
<br />
== Configuration ==<br />
<br />
=== Log-in screen background image ===<br />
{{Accuracy|Configuration is not persistent and will be gone after gdm update. Needs to be rewritten to enable user-themes gnome-shell extension for gdm user and use custom theme and set gsetting to use that theme}}<br />
<br />
{{Note|<br />
* Since GNOME 3.16, GNOME Shell themes are now stored as binary files (gresource).<br />
* This change will be overwritten on subsequent updates of {{Pkg|gnome-shell}}.}}<br />
<br />
Firstly, you need to extract the existing GNOME Shell theme to a folder in your home directory. You can do this using the following script:<br />
<br />
{{hc|extractgst.sh|2=<br />
#!/bin/sh<br />
gst=/usr/share/gnome-shell/gnome-shell-theme.gresource<br />
workdir=${HOME}/shell-theme<br />
<br />
for r in `gresource list $gst`; do<br />
r=${r#\/org\/gnome\/shell/}<br />
if [ ! -d $workdir/${r%/*} ]; then<br />
mkdir -p $workdir/${r%/*}<br />
fi<br />
done<br />
<br />
for r in `gresource list $gst`; do<br />
gresource extract $gst $r >$workdir/${r#\/org\/gnome\/shell/}<br />
done}}<br />
<br />
Navigate to the created directory. You should find that the theme files have been extracted to it. Now copy your preferred background image to this directory.<br />
<br />
Next, you need to create a file in the directory with the following content:<br />
<br />
{{hc|1=gnome-shell-theme.gresource.xml|2=<br />
<?xml version="1.0" encoding="UTF-8"?><br />
<gresources><br />
<gresource prefix="/org/gnome/shell/theme"><br />
<file>calendar-arrow-left.svg</file><br />
<file>calendar-arrow-right.svg</file><br />
<file>calendar-today.svg</file><br />
<file>checkbox.svg</file><br />
<file>checkbox-focused.svg</file><br />
<file>checkbox-off.svg</file><br />
<file>checkbox-off-focused.svg</file><br />
<file>close-window.svg</file><br />
<file>close-window-active.svg</file><br />
<file>close-window-hover.svg</file><br />
<file>corner-ripple-ltr.png</file><br />
<file>corner-ripple-rtl.png</file><br />
<file>dash-placeholder.svg</file><br />
<file>gnome-shell.css</file><br />
<file>gnome-shell-high-contrast.css</file><br />
<file>icons/message-indicator-symbolic.svg</file><br />
<file>key-enter.svg</file><br />
<file>key-hide.svg</file><br />
<file>key-layout.svg</file><br />
<file>key-shift.svg</file><br />
<file>key-shift-latched-uppercase.svg</file><br />
<file>key-shift-uppercase.svg</file><br />
<file>noise-texture.png</file><br />
<file>'''filename'''</file><br />
<file>no-events.svg</file><br />
<file>no-notifications.svg</file><br />
<file>pad-osd.css</file><br />
<file>page-indicator-active.svg</file><br />
<file>page-indicator-checked.svg</file><br />
<file>page-indicator-hover.svg</file><br />
<file>page-indicator-inactive.svg</file><br />
<file>process-working.svg</file><br />
<file>toggle-off-hc.svg</file><br />
<file>toggle-off-intl.svg</file><br />
<file>toggle-off-us.svg</file><br />
<file>toggle-on-hc.svg</file><br />
<file>toggle-on-intl.svg</file><br />
<file>toggle-on-us.svg</file><br />
</gresource><br />
</gresources>}}<br />
<br />
Replace '''filename''' with the filename of your background image.<br />
<br />
Now, open the {{ic|gnome-shell.css}} file in the directory and change the {{ic|#lockDialogGroup}} definition as follows:<br />
<br />
#lockDialogGroup {<br />
background: #2e3436 url('''filename''');<br />
background-size: '''[WIDTH]'''px '''[HEIGHT]'''px;<br />
background-repeat: no-repeat;<br />
}<br />
<br />
Set {{ic|background-size}} to the resolution that GDM uses, this might not necessarily be the resolution of the image. For a list of display resolutions see [[wikipedia:Display_resolution#Computer_monitors|Display resolution]]. Again, set '''filename''' to be the name of the background image.<br />
<br />
Finally, compile the theme using the following command:<br />
$ glib-compile-resources gnome-shell-theme.gresource.xml<br />
Then copy the resulting {{ic|gnome-shell-theme.gresource}} file to the {{ic|/usr/share/gnome-shell}} directory.<br />
<br />
Then restart {{ic|gdm.service}} (note that simply logging out is not enough) and you should find that it is using your preferred background image.<br />
<br />
For more information, please see the following [https://bbs.archlinux.org/viewtopic.php?id&#61;197036 forum thread].<br />
<br />
=== DConf configuration ===<br />
<br />
Some GDM settings are stored in a DConf database. They can be configured either by adding ''keyfiles'' to the {{ic|/etc/dconf/db/gdm.d}} directory and then recompiling the GDM database by running {{ic|dconf update}} as root or by logging into the GDM user on the system and changing the setting directly using the ''gsettings'' command line tool. Note that for the former approach, a GDM profile file is required - this must be created manually as it is no longer shipped upstream, see below:<br />
{{hc|/etc/dconf/profile/gdm|<br />
user-db:user<br />
system-db:gdm<br />
file-db:/usr/share/gdm/greeter-dconf-defaults}}<br />
For the latter approach, you can log into the GDM user with the command below:<br />
# machinectl shell gdm@<br />
<br />
==== Log-in screen logo ====<br />
<br />
Either create the following keyfile<br />
{{hc|/etc/dconf/db/gdm.d/02-logo|2=<br />
[org/gnome/login-screen]<br />
logo=<nowiki>'</nowiki>''/path/to/logo.png''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.login-screen logo <nowiki>'</nowiki>''/path/to/logo.png''<nowiki>'</nowiki><br />
<br />
==== Changing the cursor theme ====<br />
<br />
GDM disregards [[GNOME]] cursor theme settings and it also ignores the cursor theme set according to the [[Cursor themes#XDG specification|XDG specification]]. To change the cursor theme used in GDM, either create the following keyfile<br />
<br />
{{hc|/etc/dconf/db/gdm.d/10-cursor-settings|<br />
<nowiki>[org/gnome/desktop/interface]<br />
cursor-theme='</nowiki>''theme-name'''<br />
}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.interface cursor-theme <nowiki>'</nowiki>''theme-name''<nowiki>'</nowiki><br />
<br />
==== Larger font for log-in screen ====<br />
<br />
Click on the accessibility icon at the top right of the screen (a white circle with the silhouette of a person in the centre) and check the ''Large Text'' option.<br />
<br />
To set a specific scaling factor, you can create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/03-scaling|2=<br />
[org/gnome/desktop/interface]<br />
text-scaling-factor=<nowiki>'</nowiki>''1.25''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.interface text-scaling-factor <nowiki>'</nowiki>''1.25''<nowiki>'</nowiki><br />
<br />
==== Turning off the sound ====<br />
<br />
This tweak disables the audible feedback heard when the system volume is adjusted (via keyboard) on the login screen.<br />
<br />
Either create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/04-sound|2=<br />
[org/gnome/desktop/sound]<br />
event-sounds='false'}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.desktop.sound event-sounds 'false'<br />
<br />
==== Configure power button behavior ====<br />
<br />
{{Note|1=<nowiki></nowiki><br />
* The [[Power management#ACPI events|logind settings]] for the power button are overriden by GNOME Settings Daemon. [https://bugzilla.gnome.org/show_bug.cgi?id=755953#c4]<br />
* As of GDM 3.18, the power button cannot be set to ''interactive''. [https://bugzilla.gnome.org/show_bug.cgi?id=753713#c6]<br />
* In some cases, this setting will be ignored and hardcoded defaults will be used. [https://bugzilla.gnome.org/show_bug.cgi?id=755953#c17]}}<br />
<br />
{{Warning|Please note that the [[acpid]] daemon also handles the "power button" and "hibernate button" events. Running both systems at the same time may lead to unexpected behaviour.}}<br />
<br />
Either create the following keyfile:<br />
{{hc|/etc/dconf/db/gdm.d/05-power|2=<br />
[org/gnome/settings-daemon/plugins/power]<br />
power-button-action=<nowiki>'</nowiki>''action''<nowiki>'</nowiki>}}<br />
and then recompile the GDM database or alternatively log in to the GDM user and execute the following:<br />
$ gsettings set org.gnome.settings-daemon.plugins.power power-button-action <nowiki>'</nowiki>''action''<nowiki>'</nowiki><br />
where ''action'' can be one of {{ic|nothing}}, {{ic|suspend}} or {{ic|hibernate}}.<br />
<br />
==== Enabling tap-to-click ====<br />
<br />
Tap-to-click is disabled in GDM (and GNOME) by default, but you can easily enable it with a dconf setting.<br />
<br />
{{Note|If you want to do this under X, you have to first set up correct X server access permissions - see [[#Configure X server access permission]].}}<br />
<br />
To directly enable tap-to-click, use:<br />
<br />
{{bc|# sudo -u gdm gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true}}<br />
<br />
If you prefer to do this with a GUI, use:<br />
<br />
{{bc|# sudo -u gdm dconf-editor}}<br />
<br />
To check the if it was set correctly, use:<br />
<br />
{{bc|$ sudo -u gdm gsettings get org.gnome.desktop.peripherals.touchpad tap-to-click}}<br />
<br />
If you get the error {{ic|dconf-WARNING **: failed to commit changes to dconf: Error spawning command line}}, make sure dbus is running:<br />
<br />
{{bc|$ sudo -u gdm dbus-launch gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true}}<br />
<br />
==== Disable/Enable Accessibility Menu ====<br />
<br />
To disable or enable the Accessibility Menu, set the following key in dconf editor:<br />
<br />
{{bc|# machinectl shell gdm@<br />
# gsettings set org.gnome.desktop.interface toolkit-accessibility false<br />
# exit}}<br />
<br />
The menu is disabled when the key is false, enabled when it is true.<br />
<br />
=== Keyboard layout ===<br />
<br />
The system keyboard layout will be applied to GDM. See [[Keyboard configuration in Xorg#Using X configuration files]].<br />
<br />
{{Tip|See [[Wikipedia:ISO 3166-1]] for a list of keymaps.}}<br />
<br />
If a system has multiple users, it is possible to specify a keyboard layout for GDM to use which is different from the system keyboard layout. Firstly, ensure the package {{Pkg|gnome-control-center}} is installed. Then start ''gnome-control-center'' and navigate to ''Region & Language -> Input Sources''. In the header bar, hit the ''Login Screen'' toggle button and then choose a keyboard layout from the list. Note that the ''Login Screen'' button will not be visible in the header bar unless multiple users are present on the system [https://bugzilla.gnome.org/show_bug.cgi?id=741500].<br />
<br />
Users of GDM 2.x (legacy GDM) may need to edit {{ic|~/.dmrc}} as shown below:<br />
<br />
{{hc|~/.dmrc|2=<br />
[Desktop]<br />
Language=de_DE.UTF-8 # change to your default lang<br />
Layout=de nodeadkeys # change to your keyboard layout<br />
}}<br />
<br />
=== Change the language ===<br />
<br />
The system language will be applied to GDM. If a system has multiple users, it is possible to set a language for GDM different to the system language. In this case, firstly ensure that {{Pkg|gnome-control-center}} is installed. Then, start ''gnome-control-center'' and choose ''Region & Language''. In the header bar, check the ''Login Screen'' toggle button. Finally, click on ''Language'' and choose your language from the list. You will be prompted for your root password. Note that the ''Login Screen'' button will not be visible in the header bar unless multiple users are present on the system [https://bugzilla.gnome.org/show_bug.cgi?id=741500].<br />
<br />
{{Tip|By adding 2 different input languages, logging out then selecting your default language GDM will remember your choice once the second option is removed.}}<br />
<br />
=== Users and login ===<br />
<br />
==== Automatic login ====<br />
<br />
To enable automatic login with GDM, add the following to {{ic|/etc/gdm/custom.conf}} (replace ''username'' with your own):<br />
<br />
{{hc|1=/etc/gdm/custom.conf|<br />
2=# Enable automatic login for user<br />
[daemon]<br />
AutomaticLogin=''username''<br />
AutomaticLoginEnable=True<br />
}}<br />
<br />
{{Tip|If GDM fails after adding these lines, comment them out from a TTY.}}<br />
<br />
or for an automatic login with a delay:<br />
<br />
{{hc|1=/etc/gdm/custom.conf|<br />
2=[daemon]<br />
<br />
TimedLoginEnable=true<br />
TimedLogin=''username''<br />
TimedLoginDelay=1<br />
}}<br />
<br />
You can set the session used for automatic login (replace {{ic|gnome-xorg}} with desired session):<br />
<br />
{{hc|1=/var/lib/AccountsService/users/''username''|<br />
2=XSession=gnome-xorg<br />
}}<br />
<br />
==== Passwordless login ====<br />
<br />
If you want to bypass the password prompt in GDM then simply add the following line on the first line of {{ic|/etc/pam.d/gdm-password}}:<br />
<br />
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin<br />
<br />
Then, add the group {{ic|nopasswdlogin}} to your system. See [[Groups]] for group descriptions and group management commands.<br />
<br />
Now, add your user to the {{ic|nopasswdlogin}} group and you will only have to click on your username to login.<br />
<br />
{{Warning|<br />
<br />
* Do '''not''' do this for a '''root''' account.<br />
* You won't be able to change your session type at login with GDM anymore. If you want to change your default session type, you will first need to remove your user from the {{ic|nopasswdlogin}} group.}}<br />
<br />
==== Passwordless shutdown for multiple sessions ====<br />
<br />
GDM uses polkit and logind to gain permissions for shutdown. You can shutdown the system when multiple users are logged in by setting:<br />
<br />
{{hc|1=/etc/polkit-1/localauthority.conf.d/org.freedesktop.logind.policy|<br />
2=<?xml version="1.0" encoding="UTF-8"?><br />
<!DOCTYPE policyconfig PUBLIC<br />
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"<br />
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"><br />
<br />
<!-- <br />
Policy definitions for logind<br />
--><br />
<br />
<policyconfig><br />
<br />
<action id="org.freedesktop.login1.power-off-multiple-sessions"><br />
<description>Shutdown the system when multiple users are logged in</description><br />
<message>System policy prevents shutting down the system when other users are logged in</message><br />
<defaults><br />
<allow_inactive>yes</allow_inactive><br />
<allow_active>yes</allow_active><br />
</defaults><br />
</action><br />
<br />
</policyconfig><br />
}}<br />
You can find all available logind options (e.g. reboot-multiple-sessions) [http://www.freedesktop.org/wiki/Software/systemd/logind#Security here].<br />
<br />
==== Enable root login in GDM ====<br />
<br />
It is not advised to login as root, but if necessary you can edit {{ic|/etc/pam.d/gdm-password}} and add the following line before the line {{ic|auth required pam_deny.so}}:<br />
<br />
{{ic|/etc/pam.d/gdm-password}}<br />
<br />
auth sufficient pam_succeed_if.so uid eq 0 quiet<br />
<br />
The file should look something like this:<br />
<br />
{{ic|/etc/pam.d/gdm-password}}<br />
<br />
...<br />
auth sufficient pam_succeed_if.so uid eq 0 quiet<br />
auth sufficient pam_succeed_if.so uid >= 1000 quiet<br />
auth required pam_deny.so<br />
...<br />
<br />
You should be able to login as root after restarting GDM.<br />
<br />
==== Hide user from login list ====<br />
<br />
The users for the gdm user list are gathered by [https://www.freedesktop.org/wiki/Software/AccountsService/ AccountsService]. It will automatically hide system users (UID < 1000).<br />
To hide ordinary users from the login list create or edit a file named after the user to hide in {{ic|/var/lib/accountsservice/users/}} to contain at least:<br />
{{hc|/var/lib/accountsservice/users/''username''|<br />
[User]<br />
<nowiki>SystemAccount=true</nowiki>}}<br />
<br />
=== Setup default monitor settings ===<br />
<br />
Some [[desktop environments]] store display settings in {{ic|~/.config/monitors.xml}}. ''xrandr'' commands are then generated on the base of the file content. GDM has a similar file stored in {{ic|/var/lib/gdm/.config/monitors.xml}}. <br />
<br />
If you have your monitors setup as you like (orientation, scaling, primary and so on) in {{ic|~/.config/monitors.xml}} and want GDM to honor those settings:<br />
$ sudo cp ~/.config/monitors.xml /var/lib/gdm/.config/<br />
$ sudo chown gdm:gdm /var/lib/gdm/.config/monitors.xml<br />
<br />
The relevant parts of {{ic|monitors.xml}} for screen rotation and scaling are:<br />
<monitors version="2"><br />
<configuration><br />
<logicalmonitor><br />
...<br />
<scale>2</scale><br />
...<br />
<transform><br />
<rotation>right</rotation><br />
<flipped>no</flipped><br />
</transform><br />
...<br />
</logicalmonitor><br />
</configuration><br />
</monitors><br />
<br />
Changes will take effect on logout. This is necessary because GDM does not respect {{ic|xorg.conf}}.<br />
<br />
{{Note|1=If you use GDM under Wayland, you must also use a {{ic|monitors.xml}} that was created under Wayland. See [https://bugzilla.gnome.org/show_bug.cgi?id=748098 GNOME bug 748098] for more info. Alternatively, you can force GDM to [[#Use Xorg backend]], and use a {{ic|monitors.xml}} that was created under Xorg.}}<br />
<br />
=== Configure X server access permission ===<br />
<br />
You can use the {{ic|xhost}} command to configure X server access permissions.<br />
<br />
For instance, to grant GDM the right to access the X server, use the following command:<br />
<br />
{{bc|# xhost +SI:localuser:gdm}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Failure to use proprietary NVIDIA driver ===<br />
<br />
GDM uses the [[Wayland]] backend by default which conflicts with NVIDIA driver. Turning off the Wayland backend could enable proprietary NVIDIA driver. <br />
<br />
=== Failure on logout ===<br />
<br />
If GDM starts up properly on boot, but fails after repeated attempts on logout, try adding this line to the daemon section of {{ic|/etc/gdm/custom.conf}}:<br />
<br />
GdmXserverTimeout=60<br />
<br />
=== Rootless Xorg ===<br />
<br />
See [[Xorg#Rootless Xorg]].<br />
<br />
=== Use Xorg backend ===<br />
<br />
The [[Wayland]] backend is used by default and the [[Xorg]] backend is used only if the Wayland backend cannot be started. As the Wayland backend has been [https://bugzilla.redhat.com/show_bug.cgi?id=1199890 reported] to cause problems for some users, use of the Xorg backend may be necessary. To use the Xorg backend by default, edit the {{ic|/etc/gdm/custom.conf}} file and uncomment the following line:<br />
#WaylandEnable=false<br />
<br />
=== Incomplete removal of gdm ===<br />
<br />
After removing {{Pkg|gdm}}, [[systemd]] may report the following:<br />
<br />
user 'gdm': directory '/var/lib/gdm' does not exist<br />
<br />
To remove this warning, login as root and delete the primary user "gdm" and then delete the group "gdm":<br />
<br />
# userdel gdm<br />
# groupdel gdm<br />
<br />
Verify that gdm is successfully removed via {{ic|pwck}} and {{ic|grpck}}. To round it off, you may want to double-check no [[Pacman/Tips_and_tricks#Identify_files_not_owned_by_any_package|unowned files]] for gdm remain.<br />
<br />
=== GDM auto-suspend (GNOME 3.28) ===<br />
GDM uses a separate dconf database to control power management. You can make GDM behave the same way as user sessions by copying the user settings to GDM's dconf database.<br />
<br />
$ IFS=$'\n'; for x in $(sudo -u ''username'' gsettings list-recursively org.gnome.settings-daemon.plugins.power); do eval "sudo -u gdm dbus-launch gsettings set $x"; done; unset IFS<br />
<br />
where ''username'' is your user's name.<br />
<br />
Or to simply disable auto-suspend (also run the command with {{ic|ac}} replaced with {{ic|battery}} to also disable it while running on battery):<br />
<br />
$ sudo -u gdm dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'<br />
<br />
== See also ==<br />
<br />
* [https://help.gnome.org/admin/gdm/stable/index.html.en GDM Reference Manual]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=Environment_variables&diff=536709Environment variables2018-08-21T23:27:15Z<p>Ajdunevent: Add colon to TZ example and added when it should be used. Thanks to progandy on the forums for the point. See: https://bbs.archlinux.org/viewtopic.php?pid=1803587#p1803587 and https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html</p>
<hr />
<div>[[Category:System administration]]<br />
[[de:Umgebungsvariablen]]<br />
[[es:Environment variables]]<br />
[[ja:環境変数]]<br />
[[pt:Environment variables]]<br />
[[ru:Environment variables]]<br />
[[zh-hans:Environment variables]]<br />
{{Related articles start}}<br />
{{Related|Default applications}}<br />
{{Related articles end}}<br />
<br />
An environment variable is a named object that contains data used by one or more applications. In simple terms, it is a variable with a name and a value. The value of an environmental variable can for example be the location of all executable files in the file system, the default editor that should be used, or the system locale settings. Users new to Linux may often find this way of managing settings a bit unmanageable. However, environment variables provide a simple way to share configuration settings between multiple applications and processes in Linux.<br />
<br />
== Utilities ==<br />
<br />
The {{Pkg|coreutils}} package contains the programs ''printenv'' and ''env''. To list the current environmental variables with values: <br />
<br />
$ printenv<br />
<br />
{{Note|Some environment variables are user-specific. Check by comparing the outputs of ''printenv'' as an unprivileged user and as ''root''.}}<br />
<br />
The {{ic|env}} utility can be used to run a command under a modified environment. The following example will launch ''xterm'' with the environment variable {{ic|EDITOR}} set to {{ic|vim}}. This will not affect the global environment variable {{ic|EDITOR}}.<br />
<br />
$ env EDITOR=vim xterm<br />
<br />
The [[Bash]] builtin ''set'' allows you to change the values of shell options and set the positional parameters, or to display the names and values of shell variables. For more information, see [http://www.gnu.org/software/bash/manual/bash.html#The-Set-Builtin the set builtin documentation].<br />
<br />
Each process stores their environment in the {{ic|/proc/$PID/environ}} file. This file contained each key value pair delimited by a nul character ({{ic|\x0}}). A more human readable format can be obtained with [[sed]], e.g. {{ic|sed 's:\x0:\n:g' /proc/$PID/environ}}.<br />
<br />
== Defining variables ==<br />
<br />
=== Globally ===<br />
<br />
Most Linux distributions tell you to change or add environment variable definitions in {{ic|/etc/profile}} or other locations. Keep in mind that there are also package-specific configuration files containing variable settings such as {{ic|/etc/locale.conf}}. Be sure to maintain and manage the environment variables and pay attention to the numerous files that can contain environment variables. In principle, any shell script can be used for initializing environmental variables, but following traditional UNIX conventions, these statements should be only be present in some particular files. <br />
<br />
The following files should be used for defining global environment variables on your system: {{ic|/etc/environment}}, {{ic|/etc/profile}} and shell specific configuration files. Each of these files has different limitations, so you should carefully select the appropriate one for your purposes.<br />
<br />
* {{ic|/etc/environment}} is used by the pam_env module and is shell agnostic so scripting or glob expansion cannot be used. The file only accepts {{ic|1=''variable=value''}} pairs. See {{man|8|pam_env}} and {{man|5|pam_env.conf}} for details.<br />
* Global configuration files of your [[shell]], initializes variables and runs scripts. For example [[Bash#Configuration files]] or [[Zsh#Startup/Shutdown files]].<br />
* {{ic|/etc/profile}} initializes variables for login shells ''only''. It does, however, run scripts and can be used by all [[wikipedia:Bourne shell|Bourne shell]] compatible shells.<br />
<br />
In this example, we add {{ic|~/bin}} directory to the {{ic|PATH}} for respective user. To do this, just put this in your preferred global environment variable config file ({{ic|/etc/profile}} or {{ic|/etc/bash.bashrc}}):<br />
<br />
{{bc|<nowiki><br />
# If user ID is greater than or equal to 1000 & if ~/bin exists and is a directory & if ~/bin is not already in your $PATH<br />
# then export ~/bin to your $PATH.<br />
if [[ $UID -ge 1000 && -d $HOME/bin && -z $(echo $PATH | grep -o $HOME/bin) ]]<br />
then<br />
export PATH="${PATH}:$HOME/bin"<br />
fi<br />
</nowiki>}}<br />
<br />
=== Per user ===<br />
<br />
{{Note|The dbus daemon and the user instance of systemd do not inherit any of the environment variables set in places like {{ic|~/.bashrc}} etc. This means that, for example, dbus activated programs like Gnome Files will not use them by default. See [[Systemd/User#Environment variables]].}}<br />
<br />
You do not always want to define an environment variable globally. For instance, you might want to add {{ic|/home/my_user/bin}} to the {{ic|PATH}} variable but do not want all other users on your system to have that in their {{ic|PATH}} too. Local environment variables can be defined in many different files:<br />
<br />
* {{ic|~/.pam_environment}} is the user specific equivalent of {{ic|/etc/security/pam_env.conf}} [https://github.com/linux-pam/linux-pam/issues/6], used by pam_env module. See {{man|8|pam_env}} and {{man|5|pam_env.conf}} for details.<br />
* User configuration files of your [[shell]], for example [[Bash#Configuration files]] or [[Zsh#Startup/Shutdown files]].<br />
* {{ic|~/.profile}} is used by many shells as fallback, see [[wikipedia:Unix shell#Configuration files]].<br />
<br />
To add a directory to the {{ic|PATH}} for local usage, put following in {{ic|~/.bash_profile}}:<br />
<br />
export PATH="${PATH}:/home/my_user/bin"<br />
<br />
To update the variable, re-login or ''source'' the file: {{ic|$ source ~/.bash_profile}}.<br />
<br />
==== Graphical applications ====<br />
<br />
Environment variables for GUI applications can be set in [[xinitrc]], or in [[xprofile]] when using a [[display manager]], for example:<br />
<br />
{{hc|1=~/.xinitrc|2=<br />
export PATH="${PATH}:~/scripts"<br />
export GUIVAR=value<br />
}}<br />
<br />
=== Per session ===<br />
<br />
Sometimes even stricter definitions are required. One might want to temporarily run executables from a specific directory created without having to type the absolute path to each one, or editing shell configuration files for the short time needed to run them.<br />
<br />
In this case, you can define the {{ic|PATH}} variable in your current session, combined with the ''export'' command. As long as you do not log out, the {{ic|PATH}} variable will be using the temporary settings. To add a session-specific directory to {{ic|PATH}}, issue:<br />
<br />
$ export PATH="${PATH}:/home/my_user/tmp/usr/bin"<br />
<br />
== Examples ==<br />
<br />
The following section lists a number of common environment variables used by a Linux system and describes their values.<br />
<br />
* {{ic|DE}} indicates the ''D''esktop ''E''nvironment being used. [[xdg-open]] will use it to choose more user-friendly file-opener application that desktop environment provides. Some packages need to be installed to use this feature. For [[GNOME]], that would be {{AUR|libgnome}}; for [[Xfce]] this is {{pkg|exo}}. Recognised values of {{ic|DE}} variable are: {{ic|gnome}}, {{ic|kde}}, {{ic|xfce}}, {{ic|lxde}} and {{ic|mate}}.<br />
<br />
:The {{ic|DE}} environment variable needs to be exported before starting the window manager. For example:<br />
<br />
{{hc|~/.xinitrc|2=<br />
export DE="xfce"<br />
exec openbox<br />
}}<br />
<br />
:This will make ''xdg-open'' use the more user-friendly ''exo-open'', because it assumes it is running inside Xfce. Use ''exo-preferred-applications'' for configuring.<br />
<br />
* {{ic|DESKTOP_SESSION}} is similar to {{ic|DE}}, but used in [[LXDE]] desktop environment: when {{ic|DESKTOP_SESSION}} is set to {{ic|LXDE}}, ''xdg-open'' will use ''pcmanfm'' file associations.<br />
<br />
* {{ic|PATH}} contains a colon-separated list of directories in which your system looks for executable files. When a regular command (e.g., ''ls'', ''rc-update'' or ''ic|emerge'') is interpreted by the shell (e.g., ''bash'' or ''zsh''), the shell looks for an executable file with the same name as your command in the listed directories, and executes it. To run executables that are not listed in {{ic|PATH}}, the absolute path to the executable must be given: {{ic|/bin/ls}}.<br />
<br />
{{Note|It is advised not to include the current working directory ({{ic|.}}) into your {{ic|PATH}} for security reasons, as it may trick the user to execute vicious commands.}}<br />
<br />
* {{ic|HOME}} contains the path to the home directory of the current user. This variable can be used by applications to associate configuration files and such like with the user running it.<br />
<br />
* {{ic|PWD}} contains the path to your working directory.<br />
<br />
* {{ic|OLDPWD}} contains the path to your previous working directory, that is, the value of {{ic|PWD}} before last ''cd'' was executed.<br />
<br />
* {{ic|TERM}} contains the type of the running terminal, e.g. {{ic|xterm-256color}}. It is used by programs running in the terminal that wish to use terminal-specific capabilities.<br />
<br />
* {{ic|MAIL}} contains the location of incoming email. The traditional setting is {{ic|/var/spool/mail/$LOGNAME}}.<br />
<br />
* {{ic|ftp_proxy}} and {{ic|http_proxy}} contains FTP and HTTP proxy server, respectively:<br />
ftp_proxy="<nowiki>ftp://192.168.0.1:21</nowiki>"<br />
http_proxy="<nowiki>http://192.168.0.1:80</nowiki>"<br />
<br />
* {{ic|MANPATH}} contains a colon-separated list of directories in which ''man'' searches for the man pages.<br />
{{Note|In {{ic|/etc/profile}}, there is a comment that states "Man is much better than us at figuring this out", so this variable should generally be left as default, i.e. {{ic|/usr/share/man:/usr/local/share/man}}<br />
}}<br />
<br />
* {{ic|INFODIR}} contains a colon-separated list of directories in which the ''info'' command searches for the info pages, e.g., {{ic|/usr/share/info:/usr/local/share/info}}<br />
<br />
* {{ic|TZ}} can be used to to set a time zone different to the system zone for a user. The zones listed in {{ic|/usr/share/zoneinfo/}} can be used as reference, for example {{ic|1=TZ=":/usr/share/zoneinfo/Pacific/Fiji"}}. When pointing the {{ic|TZ}} variable to a zoneinfo file, it should start with a colon per [https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html the GNU manual].<br />
<br />
=== Default programs ===<br />
<br />
* {{ic|SHELL}} contains the path to the user's [http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 preferred shell]. Note that this is not necessarily the shell that is currently running, although [[Bash]] sets this variable on startup.<br />
<br />
* {{ic|PAGER}} contains command to run the program used to list the contents of files, e.g., {{ic|/bin/less}}.<br />
<br />
* {{ic|EDITOR}} contains the command to run the lightweight program used for editing files, e.g., {{ic|/usr/bin/nano}}. For example, you can write an interactive switch between ''gedit'' under [[X]] or ''nano'', in this example:<br />
<br />
export EDITOR="$(if <nowiki>[[</nowiki> -n $DISPLAY <nowiki>]]</nowiki>; then echo 'gedit'; else echo 'nano'; fi)"<br />
<br />
* {{ic|VISUAL}} contains command to run the full-fledged editor that is used for more demanding tasks, such as editing mail (e.g., {{ic|vi}}, [[vim]], [[emacs]] etc).<br />
<br />
* {{ic|BROWSER}} contains the path to the web browser. Helpful to set in an interactive shell configuration file so that it may be dynamically altered depending on the availability of a graphic environment, such as [[X]]:<br />
<br />
if <nowiki>[</nowiki> -n "$DISPLAY" <nowiki>]</nowiki>; then<br />
export BROWSER=firefox<br />
else <br />
export BROWSER=links<br />
fi<br />
<br />
=== Using pam_env ===<br />
<br />
The [[PAM]] module {{man|8|pam_env}} loads the variables to be set in the environment from the following files: {{ic|/etc/security/pam_env.conf}}, {{ic|/etc/environment}} and {{ic|~/.pam_environment}}.<br />
<br />
* {{ic|/etc/environment}} must consist of simple {{ic|1=''VARIABLE''=''value''}} pairs on separate lines, for example: {{bc|1=EDITOR=NANO}}<br />
<br />
* {{ic|/etc/security/pam_env.conf}} and {{ic|~/.pam_environment}} share the same following format: {{bc|1=VARIABLE [DEFAULT=''value''] [OVERRIDE=''value'']}} {{ic|@{HOME} }} and {{ic|@{SHELL} }} are special variables that expand to what is defined in {{ic|/etc/passwd}}. The following example illustrates how to expand the {{ic|HOME}} environment variable into another variable: {{bc|1=XDG_CONFIG_HOME DEFAULT=@{HOME}/.config}} {{Note|The variables {{ic|${HOME} }} and {{ic|${SHELL} }} are not linked to the {{ic|HOME}} and {{ic|SHELL}} environment variables, they are not set by default.}} The format also allows to expand already defined variables in the values of other variables using {{ic|${''VARIABLE''} }}, like this: {{bc|1=GNUPGHOME DEFAULT=${XDG_CONFIG_HOME}/gnupg}} {{ic|1=''VARIABLE''=''value''}} pairs are also allowed, but variable expansion is not supported in those pairs. See {{man|5|pam_env.conf}} for more information. <br />
<br />
{{Note|These files are read before other files, in particular before {{ic|~/.profile}}, {{ic|~/.bash_profile}} and {{ic|~/.zshenv}}. }}<br />
<br />
== See also ==<br />
<br />
* [https://wiki.gentoo.org/wiki/Handbook:X86/Working/EnvVar Gentoo Linux Documentation]<br />
* [https://help.ubuntu.com/community/EnvironmentVariables Ubuntu Community Wiki - Environment Variables]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=System_time&diff=536701System time2018-08-21T23:16:32Z<p>Ajdunevent: When pointing the TZ environment variable to a zonefile, it is supposed to start with a colon per https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html</p>
<hr />
<div>[[Category:Mainboards and BIOS]]<br />
[[Category:System administration]]<br />
[[es:Time]]<br />
[[fa:زمان]]<br />
[[fr:Horloge]]<br />
[[ja:時刻]]<br />
[[ru:Time]]<br />
[[zh-hans:Time]]<br />
{{Related articles start}}<br />
{{Related|Network Time Protocol daemon}}<br />
{{Related|OpenNTPD}}<br />
{{Related|Chrony}}<br />
{{Related|systemd-timesyncd}}<br />
{{Related articles end}}<br />
{{Expansion|This article mostly documents [[systemd]] ''timedatectl''; explain basic commands like ''date'' and ''hwclock'' first}}<br />
In an operating system, the time (clock) is determined by four parts: time value, time standard, time zone, and Daylight Saving Time ''(DST)'' if applicable. This article explains what they are and how to read/set them. Two clocks are present on systems: a hardware clock and a system clock which are also detailed in this article.<br />
<br />
Standard behavior of most operating systems is:<br />
<br />
* Set the system clock from the hardware clock on boot.<br />
* Keep accurate time of the system clock, see [[#Time synchronization]].<br />
* Set the hardware clock from the system clock on shutdown.<br />
<br />
== Hardware clock ==<br />
<br />
{{Expansion|How to read, set hardware clock, etc.}}<br />
<br />
The '''hardware clock''' (a.k.a. the Real Time Clock (RTC) or CMOS clock) stores the values of: Year, Month, Day, Hour, Minute, and Seconds. It does not have the ability to store the time standard (localtime or UTC), nor whether DST is used.<br />
<br />
=== Read hardware clock ===<br />
<br />
# hwclock --show<br />
<br />
=== Set hardware clock from system clock ===<br />
<br />
The following sets the hardware clock from the system clock. Additionally it updates {{ic|/etc/adjtime}} or creates it if not present. See {{man|8|hwclock}} section "The Adjtime File" for more information on this file as well as the [[#Time skew]] section.<br />
<br />
# hwclock --systohc<br />
<br />
== System clock ==<br />
<br />
The '''system clock''' (a.k.a. the software clock) keeps track of: time, time zone, and DST if applicable. It is calculated by the Linux kernel as the number of seconds since midnight January 1st 1970, UTC. The initial value of the system clock is calculated from the hardware clock, dependent on the contents of {{ic|/etc/adjtime}}. After boot-up has completed, the system clock runs independently of the hardware clock. The Linux kernel keeps track of the system clock by counting timer interrupts.<br />
<br />
=== Read clock ===<br />
<br />
To check the current system clock time (presented both in local time and UTC) as well as the RTC (hardware clock):<br />
<br />
$ timedatectl<br />
<br />
=== Set system clock ===<br />
<br />
To set the local time of the system clock directly:<br />
# timedatectl set-time "yyyy-MM-dd hh:mm:ss"<br />
<br />
For example:<br />
# timedatectl set-time "2014-05-26 11:13:54"<br />
sets the time to May 26th, year 2014, 11:13 and 54 seconds.<br />
<br />
== Time standard ==<br />
<br />
There are two time standards: '''localtime''' and [[Wikipedia:Coordinated Universal Time|Coordinated Universal Time]] ('''UTC'''). The localtime standard is dependent on the current ''time zone'', while UTC is the ''global'' time standard and is independent of time zone values. Though conceptually different, UTC is also known as GMT (Greenwich Mean Time).<br />
<br />
The standard used by the hardware clock (CMOS clock, the BIOS time) is set by the operating system. By default, ''Windows'' uses localtime, ''macOS'' uses UTC, and ''UNIX-like'' systems vary. An OS that uses the UTC standard will generally consider the hardware clock as UTC and make an adjustment to it to set the OS time at boot according to the time zone.<br />
<br />
If multiple operating systems are installed on a machine, they will all derive the current time from the same hardware clock: it is recommended to adopt a unique standard for the hardware clock to avoid conflicts across systems and set it to UTC. Otherwise, if the hardware clock is set to ''localtime'', more than one operating system may adjust it after a [[Wikipedia:Daylight_saving_time|DST]] change for example, thus resulting in an over-correction; problems may also arise when traveling between different time zones and using one of the operating systems to reset the system/hardware clock.<br />
<br />
The hardware clock can be queried and set with the {{ic|timedatectl}} command. <br />
You can see the current hardware clock time standard of the Arch system using:<br />
<br />
{{hc|$ timedatectl {{!}} grep local|RTC in local TZ: no}}<br />
<br />
To change the hardware clock time standard to localtime, use:<br />
<br />
# timedatectl set-local-rtc '''1'''<br />
<br />
To revert to the hardware clock being in UTC, type:<br />
<br />
# timedatectl set-local-rtc '''0'''<br />
<br />
These generates {{ic|/etc/adjtime}} automatically and updates the RTC accordingly; no further configuration is required.<br />
<br />
During kernel startup, at the point when the RTC driver is loaded, the system clock may be set from the hardware clock. Whether this occurs depends on the hardware platform, the version of the kernel and kernel build options. If this does occur, at this point in the boot sequence, the hardware clock time is assumed to be UTC and the value of {{ic|/sys/class/rtc/rtc''N''/hctosys}} (N=0,1,2,..) will be set to 1. <br />
<br />
Later, the system clock is set again from the hardware clock by systemd, dependent on values in {{ic|/etc/adjtime}}. Hence, having the hardware clock using localtime may cause some unexpected behavior during the boot sequence; e.g system time going backwards, which is always a bad idea ([http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html there is a lot more to it]). To avoid it systemd [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-August/026577.html will only synchronize back], if the hardware clock is set to UTC and keep the kernel uninformed about the local timezone. As a consequence timestamps on a FAT filesystem touched by the Linux system will be in UTC. <br />
<br />
{{Note|<br />
* The use of {{ic|timedatectl}} requires an active dbus. Therefore, it may not be possible to use this command under a chroot (such as during installation). In these cases, you can revert back to the hwclock command.<br />
* If {{ic|/etc/adjtime}} is not present, [[systemd]] assumes the hardware clock is set to UTC.<br />
}}<br />
<br />
=== UTC in Windows ===<br />
<br />
{{Warning|This method uses functionality that is buggy in old Windows versions (pre-7) and Microsoft recommends not to use it. See [https://support.microsoft.com/en-us/kb/2687252] for details. Another bug exists on Windows before Vista SP2 that resets the clock to ''localtime'' after resuming from the suspend/hibernation state. For ''even older'' versions of Windows, you might want to read http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html - the functionality was not even documented nor officially supported then. For these operating systems, it is recommended to use ''localtime''. If you are using newer versions of Windows, you may safely disregard this warning.}}<br />
<br />
One reason users often set the RTC in localtime is to [[dual boot with Windows]] ([http://blogs.msdn.com/b/oldnewthing/archive/2004/09/02/224672.aspx which uses localtime]). However, Windows is able to deal with the RTC being in UTC with a simple registry fix. It is recommended to configure Windows to use UTC, rather than Linux to use localtime.<br />
<br />
Using {{ic|regedit}}, add a {{ic|DWORD}} value with hexadecimal value {{ic|1}} to the registry:<br />
<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\RealTimeIsUniversal<br />
<br />
You can do this from an Administrator Command Prompt running:<br />
<br />
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation" /v RealTimeIsUniversal /d 1 /t REG_DWORD /f<br />
<br />
Alternatively, create a {{ic|*.reg}} file (on the desktop) with the following content and double-click it to import it into registry:<br />
<br />
Windows Registry Editor Version 5.00<br />
<br />
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]<br />
"RealTimeIsUniversal"=dword:00000001<br />
<br />
{{Note|If the above appears to have no effect, and a 64-bit variant of Windows is being used, using a {{ic|QWORD}} value instead of a {{ic|DWORD}} value may resolve the issue.}}<br />
<br />
Should Windows ask to update the clock due to DST changes, let it. It will leave the clock in UTC as expected, only correcting the displayed time.<br />
<br />
The [[#Hardware clock]] and [[#System clock]] time may need to be updated after setting this value.<br />
<br />
If you are having issues with the offset of the time, try reinstalling {{Pkg|tzdata}} and then setting your time zone again:<br />
<br />
# timedatectl set-timezone America/Los_Angeles<br />
<br />
=== UTC in Ubuntu ===<br />
<br />
Ubuntu and its derivatives have the hardware clock set to be interpreted as in "localtime" if Windows was detected on any disk during Ubuntu installation. This is apparently done deliberately to allow new Linux users to try out Ubuntu on their Windows computers without editing the registry.<br />
<br />
For changing this behavior, see above.<br />
<br />
== Time zone ==<br />
<br />
To check the current zone defined for the system:<br />
<br />
$ timedatectl status<br />
<br />
To list available zones:<br />
<br />
$ timedatectl list-timezones<br />
<br />
To set your time zone:<br />
<br />
# timedatectl set-timezone ''Zone''/''SubZone''<br />
<br />
Example:<br />
<br />
# timedatectl set-timezone Canada/Eastern<br />
<br />
This will create an {{ic|/etc/localtime}} symlink that points to a zoneinfo file under {{ic|/usr/share/zoneinfo/}}. In case you choose to create the link manually (for example during [[chroot]] where {{ic|timedatectl}} won't work), keep in mind that it must be a symbolic link, as specified in {{man|7|archlinux}}:<br />
<br />
# ln -sf /usr/share/zoneinfo/''Zone''/''SubZone'' /etc/localtime<br />
<br />
{{Tip|The time zone can also be selected interactively with ''tzselect''.}}<br />
<br />
See {{man|1|timedatectl}}, {{man|5|localtime}} and {{man|7|archlinux}} for details.<br />
<br />
;Setting based on geolocation<br />
To set the timezone automatically based on the IP address location, one can use a geolocation API to retrieve the timezone, for example {{ic|$ curl https://ipapi.co/timezone}}, and pass the output to {{ic|timedatectl set-timezone}} for automatic setting. Some geo-IP APIs that provide free or partly free services are listed below:<br />
* https://freegeoip.app<br />
* https://ipapi.co/<br />
* http://ip-api.com/<br />
* https://ipstack.com/<br />
* https://timezoneapi.io/<br />
* https://ipdata.co<br />
<br />
Alternatively, the tool {{aur|tzupdate}} automatically sets the timezone based on the geolocation of the IP address. This [https://medium.com/@ipdata_co/what-is-the-best-commercial-ip-geolocation-api-d8195cda7027 comparison of the most popular IP geolocation apis] may be helpful in deciding which API to use in production.<br />
<br />
== Time skew ==<br />
<br />
Every clock has a value that differs from ''real time'' (the best representation of which being [[Wikipedia:International Atomic Time|International Atomic Time]]); no clock is perfect. A quartz-based electronic clock keeps imperfect time, but maintains a consistent inaccuracy. This base 'inaccuracy' is known as 'time skew' or 'time drift'.<br />
<br />
When the hardware clock is set with {{ic|hwclock}}, a new drift value is calculated in seconds per day. The drift value is calculated by using the difference between the new value set and the hardware clock value just before the set, taking into account the value of the previous drift value and the last time the hardware clock was set. The new drift value and the time when the clock was set is written to the file {{ic|/etc/adjtime}} overwriting the previous values. The hardware clock can therefore be adjusted for drift when the command {{ic|hwclock --adjust}} is run; this also occurs on shutdown but only if the {{ic|hwclock}} daemon is enabled, hence for Arch systems which use systemd, this does not happen.<br />
<br />
{{Note|If the hwclock has been set again less than 24 hours after a previous set, the drift is not recalculated as {{ic|hwclock}} considers the elapsed time period too short to accurately calculate the drift.}}<br />
<br />
If the hardware clock keeps losing or gaining time in large increments, it is possible that an invalid drift has been recorded (but only applicable, if the hwclock daemon is running). This can happen if you have set the hardware clock time incorrectly or your [[#Time standard|time standard]] is not synchronized with a Windows or macOS install. The drift value can be removed by removing the file {{ic|/etc/adjtime}}, then set the correct hardware clock and system clock time, and check if your time standard is correct.<br />
<br />
{{Note|If wish to make use of the drift value stored in {{ic|/etc/adjtime}} even when using systemd, (i.e. perhaps you cannot or do not want to use NTP), you need to call {{ic|hwclock --adjust}} on a regular basis, perhaps by creating a [[cron]] job.}}<br />
<br />
The software clock is very accurate but like most clocks is not perfectly accurate and will drift as well. Though rarely, the system clock can lose accuracy if the kernel skips interrupts. There are some tools to improve software clock accuracy:<br />
<br />
* See [[#Time synchronization]].<br />
<br />
== Time synchronization ==<br />
<br />
The [[Wikipedia:Network Time Protocol|Network Time Protocol]] (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. The following are implementations of such protocol:<br />
<br />
* {{App|[[Network Time Protocol daemon]]|The [[Wikipedia:reference implementation|reference implementation]] of the protocol, especially recommended to be used on time servers. It can also adjust the interrupt frequency and the number of ticks per second to decrease system clock drift, and will cause the hardware clock to be re-synchronised every 11 minutes.|http://www.ntp.org/|{{Pkg|ntp}}}}<br />
* {{App|sntp|An [[wikipedia:Network Time Protocol#SNTP|SNTP]] client that comes with NTPd. It supersedes ''ntpdate'' and is recommended in non-server environments.|http://www.ntp.org/|{{Pkg|ntp}}}}<br />
* {{App|[[systemd-timesyncd]]|A simple [[wikipedia:Network Time Protocol#SNTP|SNTP]] daemon that only implements a client side, focusing only on querying time from one remote server. It should be more than appropriate for most installations.|https://www.freedesktop.org/wiki/Software/systemd/|{{Pkg|systemd}}}}<br />
* {{App|[[OpenNTPD]]|Part of the OpenBSD project and implements both a client and a server.|http://www.openntpd.org/|{{Pkg|openntpd}}}}<br />
* {{App|[[Chrony]]|A client and server that is roaming friendly and designed specifically for systems that are not online all the time.|https://chrony.tuxfamily.org/|{{Pkg|chrony}}}}<br />
* {{App|ntpclient|A simple command-line NTP client.|http://doolittle.icarus.com/ntpclient/|{{Aur|ntpclient}}}}<br />
<br />
== Per-user/session or temporary settings ==<br />
<br />
For some use cases it may be useful to change the time settings without touching the global system values. For example to test applications relying on the time during development or adjusting the system time zone when logging into a server remotely from another zone. <br />
<br />
To make an application "see" a different date/time than the system one, you can use the ''faketime'' (from {{Pkg|libfaketime}}) or the {{Pkg|datefudge}} utilities.<br />
<br />
If instead you want an application to "see" a different time zone than the system one, set the {{ic|TZ}} [[environment variable]], for example: <br />
<br />
{{hc|1=$ date && export TZ=":/usr/share/zoneinfo/Pacific/Fiji" && date|2=<br />
Tue Nov 1 14:34:51 CET 2016<br />
Wed Nov 2 01:34:51 FJT 2016<br />
}}<br />
<br />
This is different than just setting the time, as for example it allows to test the behavior of a program with positive or negative UTC offset values, or the effects of DST changes when developing on systems in a non-DST time zone.<br />
<br />
Another use case is having different time zones set for different users of the same system: this can be accomplished by setting the {{ic|TZ}} variable in the shell's configuration file, see [[Environment variables#Defining variables]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Clock shows a value that is neither UTC nor local time ===<br />
<br />
This might be caused by a number of reasons. For example, if your hardware clock is running on local time, but {{ic|timedatectl}} is set to assume it is in UTC, the result would be that your timezone's offset to UTC effectively gets applied twice, resulting in wrong values for your local time and UTC.<br />
<br />
To force your clock to the correct time, and to also write the correct UTC to your hardware clock, follow these steps:<br />
<br />
* Setup [[ntpd]] (enabling it as a service is not necessary).<br />
* Set your [[#Time zone|time zone]] correctly.<br />
* Run {{ic|ntpd -qg}} to manually synchronize your clock with the network, ignoring large deviations between local UTC and network UTC.<br />
* Run {{ic|hwclock --systohc}} to write the current software UTC time to the hardware clock.<br />
<br />
== Tips and tricks ==<br />
<br />
=== fake-hwclock ===<br />
<br />
[https://github.com/xanmanning/alarm-fake-hwclock alarm-fake-hwclock] designed especially for system without battery backed up RTC, it includes a systemd service which on shutdown saves the current time and on startup restores the saved time, thus avoiding strange time travel errors. <br />
<br />
[[Arch_User_Repository#Installing_packages|Install]] {{AUR|fake-hwclock-git}}, [[Systemd#Using_units|start and enable]] the service {{ic|fake-hwclock.service}}.<br />
<br />
== See also ==<br />
<br />
* [http://sunnyan.tistory.com/entry/Linux-Clocks-and-Time Linux Tips - Linux, Clocks, and Time]<br />
* [https://opensource.com/article/17/6/timekeeping-linux-vms An introduction to timekeeping in Linux VMs]<br />
* [http://www.twinsun.com/tz/tz-link.htm Sources for Time Zone and Daylight Saving Time Data]{{Dead link|2018|06|24}} for {{Pkg|tzdata}}<br />
* [https://www.ucolick.org/~sla/leapsecs/timescales.html Time Scales]<br />
* [[Gentoo: System time]]<br />
* [[Wikipedia:Time]]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=Tmpfs&diff=514309Tmpfs2018-03-21T15:34:39Z<p>Ajdunevent: Fixed typo in link formatting</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:File systems]]<br />
[[es:Ramdisk]]<br />
[[ja:Tmpfs]]<br />
[[ru:Tmpfs]]<br />
[[Wikipedia:Tmpfs|tmpfs]] is a temporary filesystem that resides in memory and/or swap partition(s). Mounting directories as tmpfs can be an effective way of speeding up accesses to their files, or to ensure that their contents are automatically cleared upon reboot.<br />
<br />
{{Tip|When using [[systemd]], temporary files in tmpfs directories can be recreated at boot by using [[Systemd#Temporary_files|tmpfiles.d]].}}<br />
<br />
== Usage ==<br />
<br />
Some directories where tmpfs is commonly used are [http://www.pathname.com/fhs/2.2/fhs-3.15.html /tmp], [http://www.pathname.com/fhs/2.2/fhs-5.9.html /var/lock] and [http://www.pathname.com/fhs/2.2/fhs-5.13.html /var/run]. Do '''not''' use it on [http://www.pathname.com/fhs/2.2/fhs-5.15.html /var/tmp], because that folder is meant for temporary files that are preserved across reboots.<br />
<br />
Arch uses a tmpfs {{ic|/run}} directory, with {{ic|/var/run}} and {{ic|/var/lock}} simply existing as symlinks for compatibility. It is also used for {{ic|/tmp}} by the default systemd setup and does not require an entry in [[fstab]] unless a specific configuration is needed.<br />
<br />
{{Pkg|glibc}} 2.2 and above expects tmpfs to be mounted at {{ic|/dev/shm}} for<br />
[[wikipedia:Shared memory#Support on Unix-like systems|POSIX shared memory]]. Mounting tmpfs at {{ic|/dev/shm}} is handled automatically by [[systemd]], so manual configuration in [[fstab]] is no longer necessary.<br />
<br />
Generally, I/O intensive tasks and programs that run frequent read/write operations can benefit from using a tmpfs folder. Some applications can even receive a substantial gain by offloading some (or all) of their data onto the shared memory. For example, [[Firefox on RAM|relocating the Firefox profile into RAM]] shows a significant improvement in performance.<br />
<br />
== Examples ==<br />
<br />
{{Note|The actual memory/swap consumption depends on how much is used, as tmpfs partitions do not consume any memory until it is actually needed.}}<br />
<br />
By default, a tmpfs partition has its maximum size set to half of the available RAM, however it is possible to overrule this value.<br />
<br />
To explicitly set a maximum size, in this example to override the default {{ic|/tmp}} mount, use the {{ic|size}} mount option:<br />
<br />
{{hc|/etc/fstab|2=<br />
tmpfs /tmp tmpfs rw,nodev,nosuid,size=2G 0 0}}<br />
<br />
To specify a more secure mounting, specify the following mount option:<br />
<br />
{{hc|/etc/fstab|2=<br />
tmpfs /www/cache tmpfs rw,size=1G,nr_inodes=5k,noexec,nodev,nosuid,uid=''user'',gid=''group'',mode=1700 0 0}}<br />
<br />
See the {{man|8|mount}} man page and [[Security#File systems]] for more information.<br />
<br />
Reboot for the changes to take effect. Note that although it may be tempting to simply run {{ic|mount -a}} to make the changes effective immediately, this will make any files currently residing in these directories inaccessible (this is especially problematic for running programs with lockfiles, for example). However, if all of them are empty, it should be safe to run {{ic|mount -a}} instead of rebooting (or mount them individually).<br />
<br />
After applying changes, verify that they took effect by looking at {{ic|/proc/mounts}} and using {{ic|findmnt}}:<br />
<br />
{{hc|$ findmnt --target /tmp|<br />
TARGET SOURCE FSTYPE OPTIONS<br />
/tmp tmpfs tmpfs rw,nosuid,nodev,relatime}}<br />
<br />
The tmpfs can also be temporarily resized without the need to reboot, for example when a large compile job needs to run soon. In this case, run:<br />
<br />
# mount -o remount,size=4G,noatime /tmp<br />
<br />
== Disable automatic mount ==<br />
<br />
Under [[systemd]], {{ic|/tmp}} is automatically mounted as a tmpfs even though no entry is specified in {{ic|/etc/fstab}}.<br />
<br />
To disable the automatic mount, run:<br />
<br />
# systemctl mask tmp.mount<br />
<br />
Files will no longer be stored in a tmpfs, but on the block device instead.<br />
The {{ic|/tmp}} contents will now be preserved between reboots, which might not be the desired behavior.<br />
To regain the previous behavior and clean the {{ic|/tmp}} folder automatically when restarting, consider using {{man|5|tmpfiles.d}}:<br />
<br />
{{hc|/etc/tmpfiles.d/tmp.conf|2=<br />
# see tmpfiles.d(5)<br />
# always enable /tmp folder cleaning<br />
D! /tmp 1777 root root 0<br />
<br />
# remove files in /var/tmp older than 10 days<br />
D /var/tmp 1777 root root 10d<br />
<br />
# namespace mountpoints (PrivateTmp=yes) are excluded from removal<br />
x /tmp/systemd-private-*<br />
x /var/tmp/systemd-private-*<br />
X /tmp/systemd-private-*/tmp<br />
X /var/tmp/systemd-private-*/tmp}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Opening symlinks in tmpfs as root fails ===<br />
<br />
Considering {{ic|/tmp}} is using tmpfs, change the current directory to {{ic|/tmp}}, then create a file and create a symlink to that file in the same {{ic|/tmp}} directory. Permission denied errors are to be expected when attempting to read the symlink due to {{ic|/tmp}} [https://wiki.ubuntu.com/Security/Features#Symlink_restrictions having the sticky bit set].<br />
<br />
This behavior can be controlled via {{ic|/proc/sys/fs/protected_symlinks}} or simply via sysctl: {{ic|1=sysctl -w fs.protected_symlinks=0}}. See [[Sysctl#Configuration]] to make this permanent.<br />
<br />
{{Warning|Changing this behavior can lead to security issues!}}<br />
<br />
== See also ==<br />
<br />
* [https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt Linux kernel documentation]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=Postfix&diff=424685Postfix2016-03-08T19:26:42Z<p>Ajdunevent: removed "-d" from "postconf" commands; "-d" shows default values, not actual currently set values</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:Postfix]]<br />
{{Related articles start}}<br />
{{Related|PostFix Howto With SASL}}<br />
{{Related|Amavis}}<br />
{{Related|Virtual user mail system}}<br />
{{Related|Courier MTA}}<br />
{{Related|Exim}}<br />
{{Related|OpenSMTPD}}<br />
{{Related articles end}}<br />
From [http://www.postfix.org/ Postfix's site]:<br />
:''Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.''<br />
<br />
The goal of this article is to setup Postfix and explain what the basic configuration files do. There are instructions for setting up local system user-only delivery and a link to a guide for virtual user delivery. <br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|postfix}} package.<br />
<br />
=== DNS records ===<br />
<br />
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.<br />
<br />
A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain. <br />
<br />
When an e-mail message is sent through the Internet, the sending mail transfer agent queries the Domain Name System for MX records of each recipient's domain name. This query returns a list of host names of mail exchange servers accepting incoming mail for that domain and their preferences. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made. <br />
<br />
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [[Wikipedia:List of DNS record types|Wikipedia's List of DNS Record Types]].}}<br />
<br />
== Configuration ==<br />
<br />
=== master.cf ===<br />
<br />
{{ic|/etc/postfix/master.cf}} is the master configuration file where you can specify what kinds of protocols you will serve. It is also the place where you can put your new pipes e.g. to check for Spam!<br />
<br />
It is recommended to enable secure SMTP as described in [[#Secure SMTP]].<br />
<br />
See [http://www.postfix.org/TLS_README.html this page] for more information about encrypting outgoing and incoming email.<br />
<br />
=== main.cf ===<br />
<br />
{{ic|/etc/postfix/main.cf}} is the main configuration file where everything is configured. The settings below are recommended for virtual local-only delivery.<br />
<br />
*{{ic|myhostname}} should be set if your mail server has multiple domains, and you do not want the primary domain to be the mail host. You should have both a DNS A record and an MX record point to this hostname.<br />
:{{bc|1=myhostname = mail.nospam.net}}<br />
<br />
*{{ic|mydomain}} is usually the value of {{ic|myhostname}}, minus the first part. If your domain is wonky, then just set it manually.<br />
:{{bc|1=mydomain = nospam.net}}<br />
<br />
*{{ic|myorigin}} is where the email will be seen as being sent from. I usually set this to the value of {{ic|mydomain}}. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be. <br />
:{{bc|1=myorigin = $mydomain}}<br />
<br />
*{{ic|mydestination}} is the lookup for local users.<br />
:{{bc|1=mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain}}<br />
<br />
*{{ic|mynetworks}} and {{ic|mynetworks_style}} control relaying, and whom is allowed to. We do not want any relaying.<br />
:For our sakes, we will simply set {{ic|mynetwork_style}} to host, as we are trying to make a standalone Postfix host, that people will use webmail on. No relaying, no other MTA's. Just webmail.<br />
:{{bc|1=mynetworks_style = host}}<br />
<br />
*{{ic|relaydomains}} controls the destinations that Postfix will relay TO. The default value is empty. This should be fine for now.<br />
:{{bc|1=relay_domains = }}<br />
<br />
*{{ic|home_mailbox}} or {{ic|mail_spool_directory}} control how mail is delivered/stored for the users.<br />
:If set, {{ic|mail_spool_directory}} specifies an absolute path where mail gets delivered. By default Postfix stores mails in {{ic|/var/spool/mail}}. <br />
<br />
:{{bc|1=mail_spool_directory = /home/vmailer}}<br />
<br />
:Alternatively, if set, {{ic|home_mailbox}} specifies a mailbox relative to the user's home directory where mail gets delivered (eg: /home/vmailer).<br />
<br />
:Courier-IMAP requires "Maildir" format, so you '''must''' set it like the following example with trailing slash:<br />
:{{bc|1=home_mailbox = Maildir/}}<br />
<br />
{{Warning|If you plan on implementing SSL/TLS, please respond safely to [http://disablessl3.com/ POODLE] and [https://weakdh.org/sysadmin.html FREAK/Logjam] by adding the following to your configuration:<br />
{{bc|1=<br />
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3<br />
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3<br />
smtpd_tls_protocols=!SSLv2,!SSLv3<br />
smtp_tls_protocols=!SSLv2,!SSLv3<br />
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA}}<br />
<br />
Then, generate a [https://www.openssl.org/docs/apps/dhparam.html dhparam file] by following [https://weakdh.org/sysadmin.html these instructions] and then adding the following to your configuration:<br />
{{bc|1=smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem}}<br />
}}<br />
<br />
==== Default message and mailbox size limits ====<br />
<br />
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under {{ic|/var/spool/mail}} and use postconf to check these size limits:<br />
<br />
# postconf mailbox_size_limit<br />
mailbox_size_limit = 51200000<br />
# postconf message_size_limit<br />
message_size_limit = 10240000<br />
<br />
=== aliases ===<br />
<br />
You can specify aliases (also known as forwarders) in {{ic|/etc/postfix/aliases}}.<br />
<br />
You need to map all mail addressed to ''root'' to another account since it is not a good idea to read mail as root. <br />
<br />
Uncomment the following line, and change {{ic|you}} to a real account.<br />
root: you<br />
<br />
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:<br />
postalias /etc/postfix/aliases<br />
For later changes you can use:<br />
newaliases<br />
<br />
{{Tip|Alternatively you can create the file {{ic|~/.forward}}, e.g. {{ic|/root/.forward}} for root. Specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.<br />
<br />
{{hc|/root/.forward|<br />
user@localhost<br />
}}<br />
<br />
}}<br />
<br />
== Local mail ==<br />
<br />
To only deliver mail to local system users (that are in {{ic|/etc/passwd}}), you only need to change the following lines in {{ic|/etc/postfix/main.cf}}. Uncomment them and modify them to the specifics listed below. Everything else can be left as installed.<br />
<br />
mydestination = $myhostname, localhost.$mydomain, localhost<br />
inet_interfaces = loopback-only<br />
mynetworks_style = host<br />
append_dot_mydomain = no<br />
default_transport = error: Local delivery only!<br />
<br />
== Virtual mail ==<br />
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}).<br />
<br />
See [[Virtual user mail system]] for a comprehensive guide how to set it up.<br />
<br />
== Postfix check ==<br />
<br />
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file. <br />
<br />
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.<br />
<br />
== Start and test Postfix ==<br />
<br />
[[Start/enable]] {{ic|postfix.service}}.<br />
<br />
Now lets see if Postfix is going to deliver mail for our test user.<br />
{{bc|<br />
nc servername 25<br />
helo testmail.org<br />
mail from:<test@testmail.org><br />
rcpt to:<cactus@virtualdomain.tld><br />
data<br />
This is a test email.<br />
.<br />
quit<br />
}}<br />
<br />
=== Error response ===<br />
<br />
451 4.3.0 <lisi@test.com>:Temporary lookup failure<br />
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.<br />
<br />
550 5.1.1 <email@spam.me>: Recipient address rejected: User unknown in virtual mailbox table.<br />
Double check content of mysql_virtual_mailboxes.cf and check the main.cf for mydestination<br />
<br />
=== See that you have received a email ===<br />
<br />
Now type {{ic|$ find /home/vmailer}}.<br />
<br />
You should see something like the following:<br />
{{bc|<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org<br />
}}<br />
The key is the last entry. This is an actual email, if you see that, it is working.<br />
<br />
== Extra ==<br />
<br />
=== PostfixAdmin ===<br />
<br />
To use PostfixAdmin, you need a working Apache/MySQL/PHP setup as described in [[Apache HTTP Server]].<br />
<br />
For IMAP functionality, you will need to install {{Pkg | php-imap}} and uncomment imap.so in /etc/php/php.ini<br />
<br />
Next, [[install]] {{Pkg|postfixadmin}}.<br />
<br />
{{Style|in-code comments}}<br />
<br />
Edit the PostfixAdmin configuration file:<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['configured'] = true;<br />
// correspond to dovecot maildir path /home/vmail/%d/%u <br />
$CONF['domain_path'] = 'YES';<br />
$CONF['domain_in_mailbox'] = 'NO';<br />
$CONF['database_type'] = 'mysql';<br />
$CONF['database_host'] = 'localhost';<br />
$CONF['database_user'] = 'postfix_user';<br />
$CONF['database_password'] = 'hunter2';<br />
$CONF['database_name'] = 'postfix_db';<br />
<br />
// globally change all instances of ''change-this-to-your.domain.tld'' <br />
// to an appropriate value<br />
</nowiki>}}<br />
<br />
If installing dovecot and you changed the password scheme in dovecot (to SHA512-CRYPT for example), reflect that with postfix<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';<br />
</nowiki>}}<br />
<br />
As of dovecot 2, dovecotpw has been deprecated. You will also want to ensure that your config reflects the new binary name.<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['dovecotpw'] = "/usr/sbin/doveadm pw";<br />
</nowiki>}}<br />
<br />
Create the Apache configuration file:<br />
{{hc|/etc/httpd/conf/extra/httpd-postfixadmin.conf|<nowiki><br />
Alias /postfixadmin "/usr/share/webapps/postfixAdmin"<br />
<Directory "/usr/share/webapps/postfixAdmin"><br />
DirectoryIndex index.html index.php<br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
</Directory><br />
</nowiki>}}<br />
<br />
To only allow localhost access to postfixadmin (for heightened security), add this to the previous <Directory> directive:<br />
Order Deny,Allow<br />
Deny from all<br />
Allow from 127.0.0.1<br />
<br />
Now, include httpd-postfixadmin.conf to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
# PostfixAdmin configuration<br />
Include conf/extra/httpd-postfixadmin.conf<br />
<br />
{{Note|If you go to yourdomain/postfixadmin/setup.php and it says do not find config.inc.php, add {{ic|/etc/webapps/postfixadmin}} to the {{ic|open_basedir}} line in {{ic|/etc/php/php.ini}}.}}<br />
{{Note|If you get a blank page check the syntax of the file with {{ic|php -l /etc/webapps/postfixadmin/config.inc.php}}.}}<br />
<br />
=== Secure SMTP ===<br />
For more information, see [http://www.postfix.org/TLS_README.html Postfix TLS Support].<br />
==== STARTTLS over SMTP (port 587) ====<br />
<br />
To enable STARTTLS over SMTP (port 587, the proper way of securing SMTP), add the following lines to {{ic|main.cf}}<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_tls_security_level = may<br />
smtpd_tls_cert_file = '''/path/to/cert.pem'''<br />
smtpd_tls_key_file = '''/path/to/key.pem'''<br />
}}<br />
<br />
If you need support for the deprecated SMTPS port 465, read the next section.<br />
<br />
==== SMTPS (port 465) ====<br />
<br />
The deprecated method of securing SMTP is using the '''wrapper mode''' which uses the system service '''smtps''' as a non-standard service and runs on port 465.<br />
<br />
To enable it uncomment the following lines in<br />
<br />
{{hc|/etc/postfix/master.cf|<nowiki><br />
smtps inet n - n - - smtpd<br />
-o smtpd_tls_wrappermode=yes<br />
-o smtpd_sasl_auth_enable=yes<br />
</nowiki>}}<br />
<br />
And verify that these lines are in {{ic|/etc/services}}:<br />
smtps 465/tcp # Secure SMTP<br />
smtps 465/udp # Secure SMTP<br />
<br />
If they are not there, go ahead and add them (replace the other listing for port 465). Otherwise Postfix will not start and you will get the following error:<br />
<br />
''postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype''<br />
<br />
=== SpamAssassin ===<br />
<br />
Install the {{Pkg|spamassassin}} package.<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
Update the SpamAssassin matching patterns:<br />
# sa-update<br />
<br />
{{Note|If you want to combine SpamAssassin and Dovecot Mail Filtering, ignore the next two lines and continue further down instead.}}<br />
<br />
Edit {{ic|/etc/postfix/master.cf}} and add the content filter under smtp.<br />
{{bc|1=<br />
smtp inet n - n - - smtpd<br />
-o content_filter=spamassassin<br />
}}<br />
<br />
Also add the following service entry for SpamAssassin<br />
{{bc|1=<br />
spamassassin unix - n n - - pipe<br />
flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f ${sender} ${recipient}<br />
}}<br />
<br />
Now you can [[start]] {{ic|spamassassin.service}}.<br />
<br />
==== SpamAssassin combined with Dovecot LDA / Sieve (Mailfiltering) ====<br />
Set up LDA and the Sieve-Plugin as described in [[Dovecot#Sieve]]. But ignore the last line {{ic|mailbox_command... }}.<br />
<br />
Instead add a pipe in {{ic|/etc/postfix/master.cf}}:<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}<br />
<br />
And activate it in {{ic|/etc/postfix/main.cf}}:<br />
virtual_transport = dovecot<br />
<br />
==== SpamAssassin combined with Dovecot LMTP / Sieve ====<br />
Set up the LMTP and Sieve as described in [[Dovecot#Sieve]].<br />
<br />
Edit {{ic|/etc/dovecot/conf.d/90-sieve.conf}} and add:<br />
<br />
sieve_before = /etc/dovecot/sieve.d/<br />
sieve_extensions = +vnd.dovecot.filter<br />
sieve_plugins = sieve_extprograms<br />
<br />
Create the directory:<br />
<br />
# mkdir /etc/dovecot/sieve.d/<br />
<br />
Create a new file, {{ic|/etc/dovecot/sieve.d/spamassassin.sieve}} which contains:<br />
<br />
require [ "vnd.dovecot.filter" ];<br />
filter "spamc" [ "--no-safe-fallback" ];<br />
<br />
Compile the sieve rules {{ic|spamassassin.svbin}}:<br />
<br />
# cd /etc/dovecot/sieve.d<br />
# sievec spamassassin.sieve<br />
<br />
Finally, [[restart]] {{ic|dovecot.service}}.<br />
<br />
=== Using Razor ===<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
Tell SpamAssassin about Razor, add<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
to {{ic|/etc/mail/spamassassin/local.cf}}.<br />
<br />
Tell Razor about itself, add<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
===Hide the sender's IP and user agent in the Received header===<br />
This is a privacy concern mostly, if you use Thunderbird and send an email. The received header will contain your LAN and WAN IP and info about the email client you used.<br />
(Original source: [http://askubuntu.com/questions/78163/when-sending-email-with-postfix-how-can-i-hide-the-senders-ip-and-username-in AskUbuntu])<br />
What we want to do is remove the Received header from outgoing emails. This can be done by the following steps:<br />
<br />
Add this line to main.cf<br />
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks<br />
Create /etc/postfix/smtp_header_checks with this content:<br />
/^Received: .*/ IGNORE<br />
/^User-Agent: .*/ IGNORE<br />
Finally, restart postfix.service<br />
<br />
=== Postfix in a chroot jail ===<br />
Postfix is not put in a chroot jail by default. The Postfix documentation [http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup] provides details about how to accomplish such a jail. The steps are outlined below and are based on the chroot-setup script provided in the postfix source code.<br />
<br />
First, go into the {{ic|master.cf}} file in the directory {{ic|/etc/postfix}} and change all the chroot entries to 'yes' (y) except for the services {{ic|qmgr}}, {{ic|proxymap}}, {{ic|proxywrite}}, {{ic|local}}, and {{ic|virtual}}<br />
<br />
Second, create two functions that will help us later with copying files over into the chroot jail (see last step)<br />
CP="cp -p"<br />
<br />
cond_copy() {<br />
# find files as per pattern in $1<br />
# if any, copy to directory $2<br />
dir=`dirname "$1"`<br />
pat=`basename "$1"`<br />
lr=`find "$dir" -maxdepth 1 -name "$pat"`<br />
if test ! -d "$2" ; then exit 1 ; fi<br />
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi<br />
}<br />
<br />
Next, make the new directories for the jail:<br />
set -e<br />
umask 022<br />
<br />
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}<br />
cd ${POSTFIX_DIR}<br />
<br />
mkdir -p etc lib usr/lib/zoneinfo<br />
test -d /lib64 && mkdir -p lib64<br />
<br />
Find the localtime file<br />
lt=/etc/localtime<br />
if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi<br />
rm -f etc/localtime<br />
<br />
Copy localtime and some other system files into the chroot's etc<br />
$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc<br />
$CP -f /etc/host.conf /etc/hosts /etc/passwd etc<br />
ln -s -f /etc/localtime usr/lib/zoneinfo<br />
<br />
Copy required libraries into the chroot using the previously created function {{ic|cond_copy}}<br />
cond_copy '/usr/lib/libnss_*.so*' lib<br />
cond_copy '/usr/lib/libresolv.so*' lib<br />
cond_copy '/usr/lib/libdb.so*' lib<br />
<br />
And don't forget to reload postfix.<br />
<br />
== See also ==<br />
<br />
* [http://linox.be/index.php/2005/07/13/44/ Out of Office] for Squirrelmail<br />
* [https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]<br />
* [http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP relay]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=Postfix&diff=423915Postfix2016-03-03T17:47:37Z<p>Ajdunevent: Fixed typo: mynetwork_style -> mynetworks_style</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:Postfix]]<br />
{{Related articles start}}<br />
{{Related|PostFix Howto With SASL}}<br />
{{Related|Amavis}}<br />
{{Related|Virtual user mail system}}<br />
{{Related|Courier MTA}}<br />
{{Related|Exim}}<br />
{{Related|OpenSMTPD}}<br />
{{Related articles end}}<br />
From [http://www.postfix.org/ Postfix's site]:<br />
:''Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.''<br />
<br />
The goal of this article is to setup Postfix and explain what the basic configuration files do. There are instructions for setting up local system user-only delivery and a link to a guide for virtual user delivery. <br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|postfix}} package.<br />
<br />
=== DNS records ===<br />
<br />
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.<br />
<br />
A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain. <br />
<br />
When an e-mail message is sent through the Internet, the sending mail transfer agent queries the Domain Name System for MX records of each recipient's domain name. This query returns a list of host names of mail exchange servers accepting incoming mail for that domain and their preferences. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made. <br />
<br />
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [[Wikipedia:List of DNS record types|Wikipedia's List of DNS Record Types]].}}<br />
<br />
== Configuration ==<br />
<br />
=== master.cf ===<br />
<br />
{{ic|/etc/postfix/master.cf}} is the master configuration file where you can specify what kinds of protocols you will serve. It is also the place where you can put your new pipes e.g. to check for Spam!<br />
<br />
It is recommended to enable secure SMTP as described in [[#Secure SMTP]].<br />
<br />
See [http://www.postfix.org/TLS_README.html this page] for more information about encrypting outgoing and incoming email.<br />
<br />
=== main.cf ===<br />
<br />
{{ic|/etc/postfix/main.cf}} is the main configuration file where everything is configured. The settings below are recommended for virtual local-only delivery.<br />
<br />
*{{ic|myhostname}} should be set if your mail server has multiple domains, and you do not want the primary domain to be the mail host. You should have both a DNS A record and an MX record point to this hostname.<br />
:{{bc|1=myhostname = mail.nospam.net}}<br />
<br />
*{{ic|mydomain}} is usually the value of {{ic|myhostname}}, minus the first part. If your domain is wonky, then just set it manually.<br />
:{{bc|1=mydomain = nospam.net}}<br />
<br />
*{{ic|myorigin}} is where the email will be seen as being sent from. I usually set this to the value of {{ic|mydomain}}. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be. <br />
:{{bc|1=myorigin = $mydomain}}<br />
<br />
*{{ic|mydestination}} is the lookup for local users.<br />
:{{bc|1=mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain}}<br />
<br />
*{{ic|mynetworks}} and {{ic|mynetworks_style}} control relaying, and whom is allowed to. We do not want any relaying.<br />
:For our sakes, we will simply set {{ic|mynetwork_style}} to host, as we are trying to make a standalone Postfix host, that people will use webmail on. No relaying, no other MTA's. Just webmail.<br />
:{{bc|1=mynetworks_style = host}}<br />
<br />
*{{ic|relaydomains}} controls the destinations that Postfix will relay TO. The default value is empty. This should be fine for now.<br />
:{{bc|1=relay_domains = }}<br />
<br />
*{{ic|home_mailbox}} or {{ic|mail_spool_directory}} control how mail is delivered/stored for the users.<br />
:If set, {{ic|mail_spool_directory}} specifies an absolute path where mail gets delivered. By default Postfix stores mails in {{ic|/var/spool/mail}}. <br />
<br />
:{{bc|1=mail_spool_directory = /home/vmailer}}<br />
<br />
:Alternatively, if set, {{ic|home_mailbox}} specifies a mailbox relative to the user's home directory where mail gets delivered (eg: /home/vmailer).<br />
<br />
:Courier-IMAP requires "Maildir" format, so you '''must''' set it like the following example with trailing slash:<br />
:{{bc|1=home_mailbox = Maildir/}}<br />
<br />
{{Warning|If you plan on implementing SSL/TLS, please respond safely to [http://disablessl3.com/ POODLE] and [https://weakdh.org/sysadmin.html FREAK/Logjam] by adding the following to your configuration:<br />
{{bc|1=<br />
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3<br />
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3<br />
smtpd_tls_protocols=!SSLv2,!SSLv3<br />
smtp_tls_protocols=!SSLv2,!SSLv3<br />
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA}}<br />
<br />
Then, generate a [https://www.openssl.org/docs/apps/dhparam.html dhparam file] by following [https://weakdh.org/sysadmin.html these instructions] and then adding the following to your configuration:<br />
{{bc|1=smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem}}<br />
}}<br />
<br />
==== Default message and mailbox size limits ====<br />
<br />
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under {{ic|/var/spool/mail}} and use postconf to check these size limits:<br />
<br />
# postconf -d mailbox_size_limit<br />
mailbox_size_limit = 51200000<br />
# postconf -d message_size_limit<br />
message_size_limit = 10240000<br />
<br />
=== aliases ===<br />
<br />
You can specify aliases (also known as forwarders) in {{ic|/etc/postfix/aliases}}.<br />
<br />
You need to map all mail addressed to ''root'' to another account since it is not a good idea to read mail as root. <br />
<br />
Uncomment the following line, and change {{ic|you}} to a real account.<br />
root: you<br />
<br />
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:<br />
postalias /etc/postfix/aliases<br />
For later changes you can use:<br />
newaliases<br />
<br />
{{Tip|Alternatively you can create the file {{ic|~/.forward}}, e.g. {{ic|/root/.forward}} for root. Specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.<br />
<br />
{{hc|/root/.forward|<br />
user@localhost<br />
}}<br />
<br />
}}<br />
<br />
== Local mail ==<br />
<br />
To only deliver mail to local system users (that are in {{ic|/etc/passwd}}), you only need to change the following lines in {{ic|/etc/postfix/main.cf}}. Uncomment them and modify them to the specifics listed below. Everything else can be left as installed.<br />
<br />
mydestination = $myhostname, localhost.$mydomain, localhost<br />
inet_interfaces = loopback-only<br />
mynetworks_style = host<br />
append_dot_mydomain = no<br />
default_transport = error: Local delivery only!<br />
<br />
== Virtual mail ==<br />
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}).<br />
<br />
See [[Virtual user mail system]] for a comprehensive guide how to set it up.<br />
<br />
== Postfix check ==<br />
<br />
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file. <br />
<br />
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.<br />
<br />
== Start and test Postfix ==<br />
<br />
[[Start/enable]] {{ic|postfix.service}}.<br />
<br />
Now lets see if Postfix is going to deliver mail for our test user.<br />
{{bc|<br />
nc servername 25<br />
helo testmail.org<br />
mail from:<test@testmail.org><br />
rcpt to:<cactus@virtualdomain.tld><br />
data<br />
This is a test email.<br />
.<br />
quit<br />
}}<br />
<br />
=== Error response ===<br />
<br />
451 4.3.0 <lisi@test.com>:Temporary lookup failure<br />
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.<br />
<br />
550 5.1.1 <email@spam.me>: Recipient address rejected: User unknown in virtual mailbox table.<br />
Double check content of mysql_virtual_mailboxes.cf and check the main.cf for mydestination<br />
<br />
=== See that you have received a email ===<br />
<br />
Now type {{ic|$ find /home/vmailer}}.<br />
<br />
You should see something like the following:<br />
{{bc|<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org<br />
}}<br />
The key is the last entry. This is an actual email, if you see that, it is working.<br />
<br />
== Extra ==<br />
<br />
=== PostfixAdmin ===<br />
<br />
To use PostfixAdmin, you need a working Apache/MySQL/PHP setup as described in [[Apache HTTP Server]].<br />
<br />
For IMAP functionality, you will need to install {{Pkg | php-imap}} and uncomment imap.so in /etc/php/php.ini<br />
<br />
Next, [[install]] {{Pkg|postfixadmin}}.<br />
<br />
{{Style|in-code comments}}<br />
<br />
Edit the PostfixAdmin configuration file:<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['configured'] = true;<br />
// correspond to dovecot maildir path /home/vmail/%d/%u <br />
$CONF['domain_path'] = 'YES';<br />
$CONF['domain_in_mailbox'] = 'NO';<br />
$CONF['database_type'] = 'mysql';<br />
$CONF['database_host'] = 'localhost';<br />
$CONF['database_user'] = 'postfix_user';<br />
$CONF['database_password'] = 'hunter2';<br />
$CONF['database_name'] = 'postfix_db';<br />
<br />
// globally change all instances of ''change-this-to-your.domain.tld'' <br />
// to an appropriate value<br />
</nowiki>}}<br />
<br />
If installing dovecot and you changed the password scheme in dovecot (to SHA512-CRYPT for example), reflect that with postfix<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';<br />
</nowiki>}}<br />
<br />
As of dovecot 2, dovecotpw has been deprecated. You will also want to ensure that your config reflects the new binary name.<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['dovecotpw'] = "/usr/sbin/doveadm pw";<br />
</nowiki>}}<br />
<br />
Create the Apache configuration file:<br />
{{hc|/etc/httpd/conf/extra/httpd-postfixadmin.conf|<nowiki><br />
Alias /postfixadmin "/usr/share/webapps/postfixAdmin"<br />
<Directory "/usr/share/webapps/postfixAdmin"><br />
DirectoryIndex index.html index.php<br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
</Directory><br />
</nowiki>}}<br />
<br />
To only allow localhost access to postfixadmin (for heightened security), add this to the previous <Directory> directive:<br />
Order Deny,Allow<br />
Deny from all<br />
Allow from 127.0.0.1<br />
<br />
Now, include httpd-postfixadmin.conf to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
# PostfixAdmin configuration<br />
Include conf/extra/httpd-postfixadmin.conf<br />
<br />
{{Note|If you go to yourdomain/postfixadmin/setup.php and it says do not find config.inc.php, add {{ic|/etc/webapps/postfixadmin}} to the {{ic|open_basedir}} line in {{ic|/etc/php/php.ini}}.}}<br />
{{Note|If you get a blank page check the syntax of the file with {{ic|php -l /etc/webapps/postfixadmin/config.inc.php}}.}}<br />
<br />
=== Secure SMTP ===<br />
For more information, see [http://www.postfix.org/TLS_README.html Postfix TLS Support].<br />
==== STARTTLS over SMTP (port 587) ====<br />
<br />
To enable STARTTLS over SMTP (port 587, the proper way of securing SMTP), add the following lines to {{ic|main.cf}}<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_tls_security_level = may<br />
smtpd_tls_cert_file = '''/path/to/cert.pem'''<br />
smtpd_tls_key_file = '''/path/to/key.pem'''<br />
}}<br />
<br />
If you need support for the deprecated SMTPS port 465, read the next section.<br />
<br />
==== SMTPS (port 465) ====<br />
<br />
The deprecated method of securing SMTP is using the '''wrapper mode''' which uses the system service '''smtps''' as a non-standard service and runs on port 465.<br />
<br />
To enable it uncomment the following lines in<br />
<br />
{{hc|/etc/postfix/master.cf|<nowiki><br />
smtps inet n - n - - smtpd<br />
-o smtpd_tls_wrappermode=yes<br />
-o smtpd_sasl_auth_enable=yes<br />
</nowiki>}}<br />
<br />
And verify that these lines are in {{ic|/etc/services}}:<br />
smtps 465/tcp # Secure SMTP<br />
smtps 465/udp # Secure SMTP<br />
<br />
If they are not there, go ahead and add them (replace the other listing for port 465). Otherwise Postfix will not start and you will get the following error:<br />
<br />
''postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype''<br />
<br />
=== SpamAssassin ===<br />
<br />
Install the {{Pkg|spamassassin}} package.<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
Update the SpamAssassin matching patterns:<br />
# sa-update<br />
<br />
{{Note|If you want to combine SpamAssassin and Dovecot Mail Filtering, ignore the next two lines and continue further down instead.}}<br />
<br />
Edit {{ic|/etc/postfix/master.cf}} and add the content filter under smtp.<br />
{{bc|1=<br />
smtp inet n - n - - smtpd<br />
-o content_filter=spamassassin<br />
}}<br />
<br />
Also add the following service entry for SpamAssassin<br />
{{bc|1=<br />
spamassassin unix - n n - - pipe<br />
flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f ${sender} ${recipient}<br />
}}<br />
<br />
Now you can [[start]] {{ic|spamassassin.service}}.<br />
<br />
==== SpamAssassin combined with Dovecot LDA / Sieve (Mailfiltering) ====<br />
Set up LDA and the Sieve-Plugin as described in [[Dovecot#Sieve]]. But ignore the last line {{ic|mailbox_command... }}.<br />
<br />
Instead add a pipe in {{ic|/etc/postfix/master.cf}}:<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}<br />
<br />
And activate it in {{ic|/etc/postfix/main.cf}}:<br />
virtual_transport = dovecot<br />
<br />
==== SpamAssassin combined with Dovecot LMTP / Sieve ====<br />
Set up the LMTP and Sieve as described in [[Dovecot#Sieve]].<br />
<br />
Edit {{ic|/etc/dovecot/conf.d/90-sieve.conf}} and add:<br />
<br />
sieve_before = /etc/dovecot/sieve.d/<br />
sieve_extensions = +vnd.dovecot.filter<br />
sieve_plugins = sieve_extprograms<br />
<br />
Create the directory:<br />
<br />
# mkdir /etc/dovecot/sieve.d/<br />
<br />
Create a new file, {{ic|/etc/dovecot/sieve.d/spamassassin.sieve}} which contains:<br />
<br />
require [ "vnd.dovecot.filter" ];<br />
filter "spamc" [ "--no-safe-fallback" ];<br />
<br />
Compile the sieve rules {{ic|spamassassin.svbin}}:<br />
<br />
# cd /etc/dovecot/sieve.d<br />
# sievec spamassassin.sieve<br />
<br />
Finally, [[restart]] {{ic|dovecot.service}}.<br />
<br />
=== Using Razor ===<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
Tell SpamAssassin about Razor, add<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
to {{ic|/etc/mail/spamassassin/local.cf}}.<br />
<br />
Tell Razor about itself, add<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
===Hide the sender's IP and user agent in the Received header===<br />
This is a privacy concern mostly, if you use Thunderbird and send an email. The received header will contain your LAN and WAN IP and info about the email client you used.<br />
(Original source: [http://askubuntu.com/questions/78163/when-sending-email-with-postfix-how-can-i-hide-the-senders-ip-and-username-in AskUbuntu])<br />
What we want to do is remove the Received header from outgoing emails. This can be done by the following steps:<br />
<br />
Add this line to main.cf<br />
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks<br />
Create /etc/postfix/smtp_header_checks with this content:<br />
/^Received: .*/ IGNORE<br />
/^User-Agent: .*/ IGNORE<br />
Finally, restart postfix.service<br />
<br />
=== Postfix in a chroot jail ===<br />
Postfix is not put in a chroot jail by default. The Postfix documentation [http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup] provides details about how to accomplish such a jail. The steps are outlined below and are based on the chroot-setup script provided in the postfix source code.<br />
<br />
First, go into the {{ic|master.cf}} file in the directory {{ic|/etc/postfix}} and change all the chroot entries to 'yes' (y) except for the services {{ic|qmgr}}, {{ic|proxymap}}, {{ic|proxywrite}}, {{ic|local}}, and {{ic|virtual}}<br />
<br />
Second, create two functions that will help us later with copying files over into the chroot jail (see last step)<br />
CP="cp -p"<br />
<br />
cond_copy() {<br />
# find files as per pattern in $1<br />
# if any, copy to directory $2<br />
dir=`dirname "$1"`<br />
pat=`basename "$1"`<br />
lr=`find "$dir" -maxdepth 1 -name "$pat"`<br />
if test ! -d "$2" ; then exit 1 ; fi<br />
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi<br />
}<br />
<br />
Next, make the new directories for the jail:<br />
set -e<br />
umask 022<br />
<br />
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}<br />
cd ${POSTFIX_DIR}<br />
<br />
mkdir -p etc lib usr/lib/zoneinfo<br />
test -d /lib64 && mkdir -p lib64<br />
<br />
Find the localtime file<br />
lt=/etc/localtime<br />
if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi<br />
rm -f etc/localtime<br />
<br />
Copy localtime and some other system files into the chroot's etc<br />
$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc<br />
$CP -f /etc/host.conf /etc/hosts /etc/passwd etc<br />
ln -s -f /etc/localtime usr/lib/zoneinfo<br />
<br />
Copy required libraries into the chroot using the previously created function {{ic|cond_copy}}<br />
cond_copy '/usr/lib/libnss_*.so*' lib<br />
cond_copy '/usr/lib/libresolv.so*' lib<br />
cond_copy '/usr/lib/libdb.so*' lib<br />
<br />
And don't forget to reload postfix.<br />
<br />
== See also ==<br />
<br />
* [http://linox.be/index.php/2005/07/13/44/ Out of Office] for Squirrelmail<br />
* [https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]<br />
* [http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP relay]</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=Pantheon&diff=291695Pantheon2014-01-05T14:27:17Z<p>Ajdunevent: Removed outdated "Wallpaper Drawer" section. Wallpaper is managed by Gala now.</p>
<hr />
<div>[[Category:Desktop environments]]<br />
{{Article summary start}}<br />
{{Article summary text|This article covers basic installation procedures and configuration methods for Pantheon, the default desktop environment of elementary OS.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|GNOME}}: A DE which is also based on GTK3.<br />
{{Article summary end}}<br />
<br />
[http://elementaryos.org/ Pantheon] is the default desktop environment originally created for the elementary OS distribution. It is written from scratch using Vala and the GTK3 toolkit. With regards to usability and appearance, the desktop has some similarities with GNOME Shell and Mac OS X.<br />
<br />
==Installation==<br />
<br />
Pantheon is split into several packages which are available in the [[AUR]]. To get a minimal desktop interface, you may start by installing {{AUR|pantheon-session-bzr}}. This will pull the following core components:<br />
<br />
* {{AUR|cerbere}}: Watchdog service to keep core Pantheon apps running<br />
* {{AUR|gala-bzr}}: Window Manager<br />
* {{AUR|wingpanel}}: Top panel<br />
<br />
{{Note|You will need to install at least one indicator, otherwise wingpanel will not launch.}}<br />
<br />
* {{AUR|slingshot-launcher}}: Application launcher<br />
* {{Pkg|plank}}: Dock<br />
<br />
Additionally, you may install the following packages:<br />
<br />
* {{AUR|audience-bzr}}: Video player<br />
* {{AUR|contractor-bzr}}: Service for sharing data between apps<br />
* {{AUR|dexter-contacts-bzr}}: Contacts manager (does not build)<br />
* {{AUR|eidete-bzr}}: Simple screencaster<br />
* {{Pkg|elementary-icon-theme}}: elementary icons<br />
* {{AUR|elementary-scan-bzr}}: Simple scan utility<br />
* {{AUR|gtk-theme-elementary}}: elementary GTK theme<br />
* {{AUR|feedler-bzr}}: RSS feeds reader (does not build)<br />
* {{AUR|footnote-bzr}}: Note taking app<br />
* {{Pkg|geary}}: Email client<br />
* {{AUR|indicator-pantheon-session-bzr}}: Session indicator<br />
* {{AUR|lightdm-pantheon-greeter-bzr}}: LightDM greeter<br />
* {{AUR|maya-calendar-bzr}}: Calendar<br />
* {{AUR|midori-granite}}: Web browser<br />
* {{Pkg|noise}}: Audio player<br />
* {{AUR|pantheon-calculator-bzr}}: Calculator<br />
* {{AUR|pantheon-files}}: File explorer<br />
* {{AUR|pantheon-notify-bzr}}: Notification daemon<br />
* {{AUR|pantheon-print-bzr}}: Print settings<br />
* {{AUR|pantheon-terminal}}: Terminal emulator<br />
* {{AUR|plank-theme-pantheon-bzr}}: Pantheon theme for plank<br />
* {{AUR|scratch-text-editor}}: Text editor<br />
* {{AUR|snap-photobooth-bzr}}: Webcam app<br />
* {{AUR|switchboard}}: Settings manager<br />
<br />
{{Note|You will also need to install plugs, look for "switchboard-plug-*" in the [[AUR]].}}<br />
<br />
* {{AUR|webcontracts-bzr}}: Web services contracts for use with contractor-bzr<br />
<br />
===Additional Info===<br />
<br />
====Unofficial repository====<br />
<br />
I have set up an unofficial repository for pantheon packages: http://pkgbuild.com/~alucryd/pantheon/. Add the following lines at the top of your sources in {{Ic|/etc/pacman.conf}}:<br />
<br />
[pantheon]<br />
SigLevel = Optional<br />
Server = http://pkgbuild.com/~alucryd/$repo/$arch<br />
<br />
====Github repository====<br />
<br />
All Pantheon related PKGBUILDs can be found on my GitHub repository: https://github.com/alucryd/aur-alucryd/tree/master/pantheon<br />
<br />
====Packages based on older evolution-data-server====<br />
<br />
{{AUR|dexter-contacts-bzr}} and {{AUR|feedler-bzr}} do not build because they are based on evolution-data-server 3.2. Arch Linux provides version 3.10 which uses a different Vala API.<br />
<br />
==Launching Pantheon==<br />
<br />
===Via a Display Manager===<br />
<br />
{{AUR|pantheon-session-bzr}} provides a session entry for display managers such as {{Pkg|gdm}} or {{Pkg|lightdm}}.<br />
<br />
{{Note|Either use the bzr version of ''cerbere'' or add 'gala' to the monitored processes for this to work.}}<br />
<br />
===Via .xinitrc===<br />
<br />
You can also use {{Ic|~/.xinitrc}} with {{Pkg|slim}} to launch the Pantheon shell. The following code will successfully launch a Pantheon session:<br />
<br />
#!/bin/sh<br />
<br />
if [ -d /etc/X11/xinit/xinitrc.d ]; then<br />
for f in /etc/X11/xinit/xinitrc.d/*; do<br />
[ -x "$f" ] && . "$f"<br />
done<br />
unset f<br />
fi<br />
<br />
gsettings-data-convert &<br />
xdg-user-dirs-gtk-update &<br />
/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &<br />
/usr/lib/gnome-settings-daemon/gnome-settings-daemon &<br />
/usr/lib/gnome-user-share/gnome-user-share &<br />
eval $(gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)<br />
export GNOME_KEYRING_CONTROL GNOME_KEYRING_PID GPG_AGENT_INFO SSH_AUTH_SOCK<br />
exec cerbere<br />
<br />
{{Note|Either use the bzr version of ''cerbere'' or add 'gala' to the monitored processes for this to work.}}<br />
<br />
===Autostart applications===<br />
<br />
Pantheon, when launched via {{Ic|~/.xinitrc}}, does not support XDG autostart. However, there are 2 other ways to achieve this for applications which do not provide a systemd unit:<br />
<br />
* You may add any program to your {{Ic|~/.xinitrc}}, preferably right before the ''exec cerbere'' line. This is the better choice for one-shot programs.<br />
* Or you may edit the {{Ic|org.pantheon.cerbere.monitored-processes}} key using ''dconf-editor'' and add the programs of your choice. This method is best for applications which keep running in the background.<br />
<br />
{{Note|Keep in mind that applications started via ''cerbere'' cannot be terminated, they will keep respawning.}}<br />
<br />
==Configuration==<br />
<br />
Configuring Pantheon is done via {{AUR|switchboard-bzr}} and its plugs, some of which are available in the AUR, but close to none work as intended for the moment. Instead, most pantheon settings can be altered via ''dconf'', they are located in the {{Ic|org.pantheon}} key. Use ''dconf-editor'' for easy editing. <br />
<br />
Also, part of the configuration is handled by {{Pkg|gnome-control-center}} via a dedicated plug, which unfortunately does not support GNOME 3.8. Use {{Pkg|gnome-control-center}} itself and {{Pkg|gnome-tweak-tool}} instead.</div>Ajduneventhttps://wiki.archlinux.org/index.php?title=LightDM&diff=276140LightDM2013-09-20T15:26:41Z<p>Ajdunevent: /* Troubleshooting */ corrected minor misspelling "xessions" -> "xsessions"</p>
<hr />
<div>[[Category:Display managers]]<br />
[[es:LightDM]]<br />
[[fr:LightDM]]<br />
{{Article summary start}}<br />
{{Article summary text|Provides an overview and setup of the Light Display Manager.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Display Manager}}<br />
{{Article summary wiki|GDM}}<br />
{{Article summary wiki|KDM}}<br />
{{Article summary wiki|SLiM}}<br />
{{Article summary end}}<br />
<br />
[http://www.freedesktop.org/wiki/Software/LightDM LightDM] is a cross-desktop [[Display_Manager|display manager]] that aims to be the standard display manager for the X server. Its key features are:<br />
* A lightweight codebase<br />
* Standards compliant (PAM, ConsoleKit, etc)<br />
* A well defined interface between the server and the user interface.<br />
* Cross-desktop (user interfaces can be written in any toolkit).<br />
<br />
More details about LightDM's design can be found [http://www.freedesktop.org/wiki/Software/LightDM/Design here].<br />
<br />
== Installation ==<br />
Install {{Pkg|lightdm}} from the [[official repositories]]. You can also install {{AUR|lightdm-devel}} for the development branch or {{AUR|lightdm-bzr}} from the [[AUR]].<br />
<br />
=== Greeter===<br />
You will also need to install a greeter (a user interface for LightDM). The reference greeter is ''lightdm-gtk-greeter'', which is provided by {{Pkg|lightdm-gtk3-greeter}}. KDE users can install {{Pkg|lightdm-kde-greeter}}, a greeter based on Qt.<br />
<br />
Other greeters can be installed from the [[AUR]] as well: <br />
* {{AUR|lightdm-webkit-greeter}}: A greeter that uses Webkit for theming.<br />
* {{AUR|lightdm-crowd-greeter}}: A 3D greeter that lets you select your profile from 3D characters walking around.<br />
* {{AUR|lightdm-unity-greeter}}: The greeter used by Ubuntu's [[Unity]].<br />
* {{AUR|razor-lightdm-greeter}}: A greeter for the [[Razor-qt]] desktop environment.<br />
* {{AUR|lightdm-pantheon-greeter}}: A LightDM greeter from the ElementaryOS Project.<br />
<br />
You can change the default greeter by changing the configuration file to state:<br />
{{hc|/etc/lightdm/lightdm.conf|<br />
greeter-session&#61;lightdm-yourgreeter-greeter<br />
}}<br />
<br />
== Enabling LightDM ==<br />
Make sure that the '''lightdm''' daemon is [[Systemd#Running_DMs_under_systemd|started]] at boot:<br />
<br />
# systemctl enable lightdm<br />
<br />
== Testing ==<br />
First, [[Pacman|install]] {{Pkg|xorg-server-xephyr}} from the [[official repositories]].<br />
<br />
Then, run LightDM as an X application:<br />
$ lightdm --test-mode --debug<br />
<br />
== Optional Configuration and Tweaks ==<br />
Some greeters have their own configuration files. For example, {{Pkg|lightdm-gtk3-greeter}} has:<br />
/etc/lightdm/lightdm-gtk-greeter.conf<br />
and {{Pkg|lightdm-kde-greeter}} has:<br />
/etc/lightdm/lightdm-kde-greeter.conf<br />
as well as a section in KDE's System Settings (recommended).<br />
<br />
LightDM can be configured by directly modifying its configuration script or by using the {{ic|lightdm-set-defaults}} applications<br />
that can be found in {{ic|/usr/lib/lightdm/lightdm/}}. To see some of the options available, execute:<br />
$ man lightdm-set-defaults<br />
<br />
There are, however, a lot more variables to modify in the configuration file than by using the {{ic|lightdm-set-defaults}} application.<br />
<br />
=== Changing Background Images/Colors ===<br />
Users wishing to have a flat color (no image) may simply set the '''background''' variable to a hex color.<br />
<br />
Example:<br />
background=#000000<br />
<br />
If you want to use an image instead, see below.<br />
<br />
==== GTK+ Greeter ====<br />
Users wishing to customize the wallpaper on the greeter screen need to edit {{ic|/etc/lightdm/lightdm-gtk-greeter.conf}} defining the '''background''' variable.<br />
<br />
Example:<br />
background=/usr/share/pixmaps/black_and_white_photography-wallpaper-1920x1080.jpg<br />
<br />
==== Unity Greeter ====<br />
Users using the {{AUR|lightdm-unity-greeter}} must edit the {{ic|/usr/share/glib-2.0/schemas/com.canonical.unity-greeter.gschema.xml}} file and then execute:<br />
# glib-compile-schemas /usr/share/glib-2.0/schemas/<br />
<br />
According to [https://bbs.archlinux.org/viewtopic.php?id=149945 this] page.<br />
<br />
{{Note|It is recommended to place the PNG or JPG file in {{ic|/usr/share/pixmaps}} since the LightDM user needs read access to the wallpaper file.}}<br />
<br />
==== KDE Greeter ====<br />
Go to ''System Settings > Login Screen (LightDM)'' and change the background image for your theme.<br />
<br />
=== Changing your avatar ===<br />
<br />
==== The .face way ====<br />
Users wishing to customize their image on the greeter screen need to place an image called {{ic|.face}} or {{ic|.face.icon}} in their home directory. Make sure it can be read by LightDM.<br />
<br />
==== The AccountsService way ====<br />
The .face way is known to cause issues, fortunately LightDM is able to automatically use AccountsService if it is installed. AccountsService files need to be set up as follows:<br />
<br />
* A user file named after your user in {{ic|/var/lib/AccountsService/users/johndoe}} containing:<br />
<br />
[User]<br />
Icon=/var/lib/AccountsService/icons/johndoe<br />
<br />
* A 96x96 PNG icon file in {{ic|/var/lib/AccountsService/icons/johndoe}}<br />
<br />
{{Note|As at June 2013, the PNG icon file does not get picked up and a workaround is to put the file in /usr/share/icons/hicolor/64x64/devices directory and call it from your /var/lib/AccountsService/users/johndoe user file. This directory CAN be read by lightdm and the profile avatar will be rendered correctly.<br />
Also, If using AccountsService, it is not necessary to enable the accounts-daemon.service as it's called automatically with the above configuration.}}<br />
==== Sources of Arch-centric 64x64 Icons ====<br />
The {{Pkg|archlinux-artwork}} package from the [[official repositories]] contains some nice examples that install to {{ic|/usr/share/archlinux/icons}} and that can be copied to {{ic|/usr/share/icons/hicolor/64x64/devices}} as follows:<br />
# find /usr/share/archlinux/icons -name "*64*" -exec cp {} /usr/share/icons/hicolor/64x64/devices \;<br />
<br />
After copying, the {{Pkg|archlinux-artwork}} package can be removed.<br />
<br />
=== Enabling Autologin ===<br />
Edit the LightDM configuration file and change these lines to:<br />
{{hc|/etc/lightdm/lightdm.conf|<nowiki><br />
autologin-user=<your_username><br />
autologin-user-timeout=0</nowiki><br />
}}<br />
or execute:<br />
<br />
# /usr/lib/lightdm/lightdm/lightdm-set-defaults --autologin=USERNAME<br />
<br />
LightDM goes through PAM even when {{ic|autologin}} is enabled. You must be part of the {{ic|autologin}} group to be able to login without entering your password:<br />
<br />
# groupadd autologin<br />
# gpasswd -a ''username'' autologin<br />
<br />
{{Note|GNOME users, and by extension any gnome-keyring user will have to set up a blank password to their keyring for it to be unlocked automatically.}}<br />
<br />
=== Migrating from SLiM ===<br />
Move the contents of [[xinitrc]] to [[xprofile]], removing the call to start the [[window manager]] or [[desktop environment]].<br />
<br />
=== NumLock ON ===<br />
Install the {{Pkg|numlockx}} package and the edit {{ic|/etc/lightdm/lightdm.conf}} adding the following line:<br />
greeter-setup-script=/usr/bin/numlockx on<br />
<br />
=== User switching under Xfce 4 ===<br />
With the release of Xfce 4.10, user switching is supported natively. To use it with LightDM, users need only to create a symlink:<br />
# ln -s /usr/lib/lightdm/lightdm/gdmflexiserver /usr/local/bin/gdmflexiserver<br />
<br />
Alternatively, see the [[XScreenSaver#Lightdm]] article.<br />
<br />
== Troubleshooting ==<br />
If you encounter consistent screen flashing and ultimately no lightdm on boot, ensure that you have defined the greeter correctly in lightdm's config file. And if you have correctly defined the GTK greeter, make sure the {{ic|xsessions-directory}} (default: {{ic|/usr/share/xsessions}}) exists and contains at least one .desktop file.<br />
<br />
=== Power menu (restart, poweroff etc.) not available ===<br />
If you have installed lightdm before lightdm-1:1.6.0-6, you might have been struck by this bug: [https://bugs.archlinux.org/task/36613 FS#36613], to fix it run:<br />
# chown polkitd:root /usr/share/polkit-1/rules.d<br />
<br />
== See Also ==<br />
* [https://wiki.ubuntu.com/LightDM Ubuntu Wiki article]<br />
* [http://wiki.gentoo.org/wiki/LightDM Gentoo Wiki article]<br />
* [https://launchpad.net/lightdm Launchpad Page]<br />
* [http://www.mattfischer.com/blog/?tag=lightdm LightDM blog]</div>Ajdunevent