https://wiki.archlinux.org/api.php?action=feedcontributions&user=Medhefgo&feedformat=atomArchWiki - User contributions [en]2024-03-29T09:59:18ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=TrueCrypt&diff=326217TrueCrypt2014-07-22T17:57:06Z<p>Medhefgo: /* Automounting using /etc/crypttab */ That bug has been fixed</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:File systems]]<br />
[[de:TrueCrypt]]<br />
{{Related articles start}}<br />
{{Related|Disk encryption}}<br />
{{Related|Tcplay}}<br />
{{Related|Tomb}}<br />
{{Related articles end}}<br />
{{Warning|As of May 2014, development on TrueCrypt is discontinued and [http://truecrypt.sourceforge.net/ will no longer receive updates and fixes]. Consider alternatives such as [[dm-crypt]] or [[tcplay]]. However, a [http://truecrypt.ch/ Truecrypt fork] seems to be in the works. See also [https://www.grc.com/misc/truecrypt/truecrypt.htm] for an overview of the situation.}}<br />
'''TrueCrypt''' is a free open source on-the-fly encryption (OTFE) program. Some of its features are:<br />
* Virtual encrypted disks within files that can be mounted as real disks.<br />
* Encryption of an entire hard disk partition or a storage device/medium.<br />
* All encryption algorithms use the LRW mode of operation, which is more secure than CBC mode with predictable initialization vectors for storage encryption.<br />
* "Hidden volumes" within a normal "outer" encrypted volume. A hidden volume can not be distinguished from random data without access to a passphrase and/or keyfile.<br />
<br />
For more details on how TrueCrypt compares to other disk encryption solution, see [[Disk encryption#Comparison table]].<br />
<br />
== Installation ==<br />
<br />
{{Note|For opening and accessing an existing TrueCrypt container [[#Accessing a TrueCrypt container using cryptsetup|cryptsetup]] is the preferred way, since it is well integrated with the rest of the system. Creating a new TrueCrypt container can be done using {{ic|truecrypt}}, after which it can be opened using {{ic|cryptsetup}}.}}<br />
<br />
[[pacman|Install]] {{Pkg|truecrypt}} from the [[official repositories]].<br />
If you use any kernel other than {{Pkg|linux}} install the corresponding kernel module.<br />
<br />
If you are using truecrypt to encrypt a virtual filesystem (e.g. a file), the module will be automatically loaded whenever you run the ''truecrypt'' command.<br />
<br />
If you are using truecrypt to encrypt a physical device (e.g. a hard disk or usb drive), you will likely want to load the module during the boot sequence:<br />
<br />
Add the module to {{ic|/etc/modules-load.d/}}:<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "truecrypt"<br />
<br />
{{Note|<br />
* This didn't work for me (module truecrypt seems to be non-existent now), but adding "loop" module worked<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
# modprobe loop<br />
* It does not appear that loading a module applies with TrueCrypt 7.1a, the current version in Arch as of 4/19/2013. The above advice may be outdated with respect to the module, however it is still important to enable '''FUSE''', '''loop''' and your encryption algorithm (e.g. '''AES''', '''XTS''', '''SHA512''') in custom kernels.<br />
If you only want to open and access an existing truecrypt container, this can also be done with {{ic|cryptsetup}} i.e. without installing Truecrypt.<br />
}}<br />
<br />
== Accessing a TrueCrypt container using cryptsetup ==<br />
<br />
Since version 1.6, {{Pkg|cryptsetup}} supports opening TrueCrypt containers natively, without the need of the {{Pkg|truecrypt}} package. To do so, execute the following command:<br />
$ cryptsetup --type tcrypt open container-to-mount container-name<br />
<br />
Replace {{ic|container-to-mount}} with the device file under {{ic|/dev}} or the path to the file you wish to open. Upon successful opening, the plaintext device will appear as {{ic|/dev/mapper/container-name}}, which you can {{ic|mount}} like any normal device.<br />
<br />
If you are using key files, supply them using the {{ic|--key-file}} option, to open a hidden volume, supply the {{ic|--tcrypt-hidden}} option and for a partition or whole drive that is encrypted in system mode use the {{ic|--tcrypt-system}} option.<br />
<br />
See {{ic|man cryptsetup}} for more details and all supported options.<br />
<br />
=== Automounting using /etc/crypttab ===<br />
<br />
Since version 206, [[systemd]] supports (auto)mounting TrueCrypt containers at boot or runtime using {{ic|/etc/crypttab}}.<br />
<br />
The following example setup will mount {{ic|/dev/sda2}} in system encryption mode as soon as {{ic|/mnt/truecrypt-volume}} is accessed using systemd's automounting logic. The passphrase to open the volume is given in {{ic|/etc/volume.password}}. Note that the device file given in {{ic|/etc/fstab}} needs to be the one from {{ic|/dev/mapper/}} and not, for example, from {{ic|/dev/disk/by-uuid/}} for automounting logic to kick in. Other than that you can still reliably identify the encrypted volume itself inside of {{ic|/etc/crypttab}} using device file names from {{ic|/dev/disk/}}.<br />
<br />
{{hc|/etc/crypttab|<nowiki><br />
truecrypt-volume /dev/sda2 /etc/volume.password tcrypt-system,noauto</nowiki><br />
}}<br />
<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt-volume /mnt/truecrypt-volume auto noauto,x-systemd.automount 0 0</nowiki><br />
}}<br />
<br />
See {{ic|man crypttab}} for more details and options supported.<br />
<br />
== Encrypting a file as a virtual volume ==<br />
<br />
The following instructions will create a file that will act as a virtual filesystem, allowing you to mount it and store files within the encrypted file. This is a convenient way to store sensitive information, such as financial data or passwords, in a single file that can be accessed from Linux, Windows, or Macs.<br />
<br />
To create a new truecrypt file interactively, type the following in a terminal:<br />
$ truecrypt -t -c<br />
<br />
Follow the instructions, choosing the default values unless you know what you are doing:<br />
<br />
Volume type:<br />
1) Normal<br />
2) Hidden<br />
Select [1]: 1<br />
<br />
Enter file or device path for new volume: /home/user/''EncryptedFile''.tc<br />
<br />
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 32M<br />
<br />
Encryption algorithm:<br />
1) AES<br />
2) Blowfish<br />
3) CAST5<br />
4) Serpent<br />
5) Triple DES<br />
6) Twofish<br />
7) AES-Twofish<br />
8) AES-Twofish-Serpent<br />
9) Serpent-AES<br />
10) Serpent-Twofish-AES<br />
11) Twofish-Serpent<br />
Select [1]: 1<br />
<br />
Hash algorithm:<br />
1) RIPEMD-160<br />
2) SHA-1<br />
3) Whirlpool<br />
Select [1]: 1 <br />
<br />
Filesystem:<br />
1) None<br />
2) FAT<br />
3) Linux Ext2<br />
4) Linux Ext3<br />
5) Linux Ext4<br />
Select [2]: <br />
<br />
Enter password for new volume '/home/user/''EncryptedFile''.tc': *****************************<br />
Re-enter password: *****************************<br />
<br />
Enter keyfile path [none]: <br />
<br />
Please type at least 320 randomly chosen characters and then press Enter:<br />
<br />
Done: 32.00 MB Speed: 10.76 MB/s Left: 0:00:00 <br />
Volume created.<br />
<br />
You can now mount the new encrypted file to a previously-created directory:<br />
$ truecrypt -t /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
{{Note|Truecrypt requires root privileges and as such, running the above command as a user will attempt to use '''sudo''' for authentication. To work with files as a regular user, please see[[#Mount volumes as a normal user|Mount volumes as a normal user]].}}<br />
<br />
Once mounted, you can copy or create new files within the encrypted directory as if it was any normal directory. When you are you ready to re-encrypt the contents and unmount the directory, run:<br />
$ truecrypt -t -d<br />
<br />
Again, this will require administrator privileges through the use of '''sudo'''. After running it check if the files that are to be encrypted are indeed no longer in the directory. (might want to try unimportant data first) If they are still there, note that ''rm'' doesn't make the data unrecoverable.<br />
<br />
For more information about truecrypt in general, run:<br />
$ man truecrypt<br />
{{Note|As of 1:7.1a-1 dont see a man or info page.}}<br />
<br />
Several options can be passed at the command line, making automated access and creation a simple task. The man page is highly recommended reading.<br />
<br />
== Encrypting a physical volume ==<br />
<br />
{{Note|1= If you are having problems with the graphical interface, you can run in CLI mode with the -t flag.}}<br />
<br />
If you want to use a keyfile, create one with this command:<br />
truecrypt --create-keyfile /etc/disk.key<br />
By default both passphrase and key will be needed to unlock the volume.<br />
<br />
Create a new volume in the device {{ic|/dev/sda1}}:<br />
# truecrypt --volume-type=normal -c /dev/sda1<br />
<br />
Map the volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
If this command does not for you try this to map the volume:<br />
# truecrypt --filesystem=none --slot=1 /dev/sda1<br />
<br />
Simply format the disk like you normally would choosing your favourite [[File systems|file system]], except use the path {{ic|/dev/mapper/truecrypt1}}. E.g. for ext4 use:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
<br />
Mount the volume:<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount a volume:<br />
# truecrypt /dev/sda1 /media/disk<br />
<br />
Unmount and unmap a volume:<br />
# truecrypt -d /dev/sda1<br />
<br />
== Creating a hidden volume ==<br />
<br />
First, create a normal outer volume as described in [[#Encrypting a physical volume]].<br />
<br />
Map the outer volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
Create a hidden truecrypt volume in the free space of the outer volume:<br />
# truecrypt --type hidden -c /dev/sda1<br />
You need to use another passphrase and/or keyfile here than the one you used for the outer volume.<br />
<br />
Unmap the outer truecrypt volume and map the hidden one:<br />
# truecrypt -d /dev/sda1<br />
# truecrypt -N 1 /dev/sda1<br />
Just use the passphrase you chose for the hidden volume and TrueCrypt will automatically choose it before the outer.<br />
<br />
Create a file system on it (if you have not already) and mount it:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount the outer volume with the hidden write-protected:<br />
truecrypt -P /dev/sda1 /media/disk<br />
<br />
== Mount a special filesystem ==<br />
<br />
{{Note|Current Versions of truecrypt seem to support NTFS write support by default so the {{ic|--filesystem}} flag no longer seems to be necessary.}}<br />
<br />
In the following example I want to mount a ntfs-volume, but TrueCrypt does not use ''ntfs-3g by'' default (so there is no write access; checked in version 6.1).<br />
The following command works for me:<br />
truecrypt --filesystem=ntfs-3g --mount /file/you/want/to/mount<br />
You may also want to mount ntfs volume without execute flag on all files<br />
truecrypt --filesystem=ntfs-3g --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002<br />
<br />
== Mount volumes via fstab ==<br />
<br />
First of all, we need to write a script which will handle the way mounting via fstab is done. Place the following in {{ic|/usr/bin/mount.truecrypt}}:<br />
{{bc|<nowiki><br />
#!/bin/sh<br />
DEV="$1"<br />
MNTPT="$2"<br />
OPTIONS=""<br />
TCOPTIONS=""<br />
<br />
shift 3<br />
IFS=','<br />
for arg in $*; do<br />
case "$arg" in<br />
system) TCOPTIONS=(${TCOPTIONS[*]} --m=system);;<br />
fs*) TCOPTIONS=(${TCOPTIONS[*]} --filesystem=${arg#*=});;<br />
keyfiles*) TCOPTIONS=(${TCOPTIONS[*]} --keyfiles=${arg#*=});;<br />
password*) TCOPTIONS=(${TCOPTIONS[*]} --password=${arg#*=}) && echo "password triggered" ;;<br />
protect-hidden*) TCOPTIONS=(${TCOPTIONS[*]} --protect-hidden=${arg#*=});;<br />
*) OPTIONS="${OPTIONS}${arg},";;<br />
<br />
esac<br />
done<br />
<br />
/bin/truecrypt --text --non-interactive ${DEV} ${MNTPT} ${TCOPTIONS[*]} --fs-options="${OPTIONS%,*}"<br />
</nowiki>}}<br />
Also do not forget to make the file executable:<br />
<br />
# chmod +x /usr/bin/mount.truecrypt<br />
<br />
Finally, add the device to fstab somewhat like this:<br />
<br />
/dev/sdb3 /mnt truecrypt fs=vfat,defaults 0 0<br />
<br />
{{Tip|This script is also provided by the {{AUR|truecrypt-mount}} package.}}<br />
<br />
== Mount volumes as a normal user ==<br />
<br />
TrueCrypt needs root privileges to work: this procedure will allow normal users to use it, also giving writing permissions to mounted volumes.<br />
<br />
Both methods below require [[Sudo]]. Make sure it is configured before proceeding.<br />
<br />
=== Method 1: add a truecrypt group ===<br />
<br />
Create a new group called truecrypt and give it the necessary permissions. Any users that belongs to that group, will be able to use TrueCrypt.<br />
# groupadd truecrypt<br />
<br />
Edit the sudo configuration:<br />
# visudo<br />
<br />
Append the following lines at the bottom of the sudo configuration file:<br />
# Users in the truecrypt group are allowed to run TrueCrypt as root.<br />
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
You can now add your users to the truecrypt group:<br />
# gpasswd -M first_user,second_user,etc truecrypt<br />
<br />
{{Note|In order to make these changes active, any user that has been added to the truecrypt group have to logout.}}<br />
<br />
After that, you can mount your device by<br />
<br />
# truecrypt --mount ''/path/to/device'' ''/path/to/mountpoint''<br />
<br />
Default mountpoint is {{ic|/media/truecrypt1}}. Normally, it is not necessary to explicitly specify the filesystem of your device using the {{ic|--filesystem}} flag.<br />
<br />
It is definitely reasonable to give truecrypt some permission masks. Otherwise, every file on your mounted device will be executable. So instead of the above, you can use<br />
<br />
# truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
and add this line to your bash configuration file, {{ic|~/.bashrc}} as an alias:<br />
<br />
alias tc1='truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount ''/path/to/device"" ''/path/to/mountpoint'<br />
<br />
To mount this specific device, use<br />
<br />
# tc1<br />
<br />
as a normal user.<br />
<br />
=== Method 2: sudo simplified ===<br />
<br />
Simply enable desired user to run truecrypt without a password:<br />
# visudo<br />
<br />
Append the following:<br />
USERNAME ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
alternatively, if you make use of the wheel group:<br />
%wheel ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
If you have any difficulties with permissions as a normal user, just add the {{ic|-u}} flag to the truecrypt mount command, for example:<br />
$ truecrypt -u /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
=== Automatic mount on login ===<br />
<br />
Simply add:<br />
{{bc|<br />
$ truecrypt /home/user/''Encrypted File''.tc /home/user/''Encrypted File Folder'' <<EOF<br />
''password''<br />
EOF<br />
}}<br />
to your startup procedure. Do not use the {{ic|-p}} switch, this method is more secure. Otherwise everyone can just look up the password via ''ps'' and similar tools, as it is in the process name! [http://thoughtyblog.wordpress.com/2009/07/05/truecrypt-linux-hide-password-from-ps/ source]<br />
<br />
The most recent truecrypt has a couple of followup questions. If you have expect installed, this will work (assuming no keyfile and no desire to protect hidden volume), saved to a file with root-only perms called from /etc/rc.local:<br />
<br />
{{bc|<nowiki><br />
#! /bin/bash<br />
expect << EOF<br />
spawn /usr/bin/truecrypt ''/path/to/EncryptedFile'' ''/mount/point''<br />
expect "Enter password"<br />
send "volume password\n"<br />
expect "Enter keyfile"<br />
send "\n"<br />
expect "Protect hidden volume"<br />
send "\n"<br />
expect eof;<br />
EOF<br />
</nowiki>}}<br />
<br />
Of course, this isn't as secure as entering your password manually. But for some use cases, such as when your TrueCrypt filesystem is in a file on shared storage, it's better than being unencrypted.<br />
<br />
== Safely unmount and unmap volumes (on shutdown) ==<br />
<br />
You can unmount a specific device by<br />
<br />
# truecrypt -d ''/path/to/mountpoint''<br />
<br />
or leave away the path to unmount all truecrypt volumes.<br />
<br />
If you want your truecrypt device to be unmounted automatically at shutdown, add the following to the file {{ic|/etc/rc.local.shutdown}}:<br />
<br />
if (/usr/bin/truecrypt --text --list)<br />
then {<br />
/usr/bin/truecrypt -d<br />
sleep 3<br />
}<br />
fi<br />
You can also leave away the ''sleep'' command, it is just to give the unmounting some time to complete before the actual shutdown.<br />
<br />
If you're using [[systemd]], there is a service trying to unmount truecrypt-encrypted filesystems at shutdown automatically on the [[systemd/Services]] page.<br />
<br />
== Errors ==<br />
<br />
=== TrueCrypt is already running ===<br />
<br />
If a messagebox ''TrueCrypt is already running'' appears when starting TrueCrypt, check for a hidden file in the home directory of the concerned user called ''.TrueCrypt-lock-username''. Substitute ''username'' with the individual username. Delete the file and start TrueCrypt again.<br />
<br />
=== Deleted stale lockfile ===<br />
<br />
If you always get a message "Delete stale lockfile [....]" after starting Truecrypt, the Truecrypt process with the lowest ID has to be killed during Gnome log out. Edit {{ic|/etc/gdm/PostSession/Default}} and add the following line before exit 0:<br />
kill $(ps -ef | grep truecrypt | tr -s ' ' | cut -d ' ' -f 2)<br />
<br />
=== Issues with Unicode file/folder names ===<br />
<br />
==== NTFS ====<br />
<br />
Should files resp. folders containing Unicode characters in their names be incorrectly or not at all displayed on TrueCrypt NTFS volumes (while e. g. being correctly handled on non-encrypted NTFS partitions), first verify that you have the [[NTFS-3G]] driver installed and then create the following symlink as root:<br />
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs<br />
That will cause TrueCrypt to automatically use this driver for NTFS volumes, having the same effect as the explicit use of<br />
truecrypt --filesystem=ntfs-3g /path/to/volume<br />
via the console.<br />
<br />
One may also consider setting e.g.:<br />
rw,noatime<br />
amongst other options in the TrueCrypt GUI (''Settings > Preferences > Mount Options'').<br />
<br />
==== FAT ====<br />
<br />
Similarly, FAT32 volumes created using Windows may use Unicode rather than ISO 8859-1. In order to use UTF-8, set the mount option:<br />
iocharset=utf8<br />
when mounting such volumes, or globally as described above.<br />
<br />
=== Unmount error (device mapper) ===<br />
<br />
If you always get a message "device-mapper: remove ioctl failed: Device or resource busy" when attempting to dismount your truecrypt volume, the solution is to goto: Setting > Preferences > System Integration > Kernel Service and check the box<br />
Do not use kernel cryptographic services<br />
<br />
=== Mount error (device mapper, truecrypt partition) ===<br />
<br />
When attempting to mount your truecrypt volume, a message like this one may appear:<br />
<br />
Error: device-mapper: create ioctl failed: Device or resource busy<br />
Command failed<br />
If so, run:<br />
# cryptsetup remove /dev/mapper/truecrypt1<br />
<br />
=== Failed to set up a loop device ===<br />
<br />
If you get a message "Failed to set up a loop device" when trying to create/mount a TrueCrypt volume, it may be because you updated your kernel recently without rebooting.<br />
Rebooting should fix this error.<br />
<br />
Otherwise, check if ''loop'' has been loaded as kernel module:<br />
<br />
$ lsmod | grep loop<br />
<br />
If not listed, retry the TrueCrypt command after {{ic|modprobe loop}}. Should it work, consider to add ''loop'' to the modules in {{ic|/etc/modules-load.d}}:<br />
<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
<br />
{{Note|As of udev 181-5, the loop device module is no longer auto-loaded, and the procedure described here is necessary.}}<br />
<br />
With newer kernel versions there are no loop devices created at startup. If there are no loop devices the first time mounting a container file, TrueCrypt fails ("Failed to set up a loop device") but also creates the maximum number of loop devices (usually 256), mounting should now work.<br />
<br />
To avoid this you can create a loop device before mounting a file:<br />
<br />
# mknod -m 0660 /dev/loop8 b 7 8<br />
<br />
This creates {{ic|/dev/loop8}}. Or create some loop devices at startup:<br />
<br />
# echo "options loop max_loop=8" > /etc/modprobe.d/eightloop.conf<br />
<br />
Change {{ic|1=max_loop=8}} to the number of devices you need.<br />
<br />
=== System partition passwords need en_US keymap ===<br />
If you are using Xorg (which you most likely are, should you not know what that is), use the following command to use US keymap until restart:<br />
<br />
# setxkbmap us<br />
<br />
=== Permission denied on NTFS volume ===<br />
If you cannot modify the filesystem, although permissions seem to be correct, this can be a result of not having [[NTFS-3G]] installed, see [[#NTFS|NTFS]].<br />
<br />
== See also ==<br />
<br />
* [http://www.truecrypt.org/ TrueCrypt homepage]<br />
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]<br />
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt tutorial on HowToForge]<br />
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])</div>Medhefgohttps://wiki.archlinux.org/index.php?title=PulseAudio&diff=298931PulseAudio2014-02-19T14:54:38Z<p>Medhefgo: Mention that KDE's system notifications volume is likely the cause for jumping volumes in flat-volumes mode</p>
<hr />
<div>[[Category:Audio/Video]]<br />
[[Category:Sound]]<br />
[[cs:PulseAudio]]<br />
[[es:PulseAudio]]<br />
[[fr:PulseAudio]]<br />
[[it:PulseAudio]]<br />
[[ja:PulseAudio]]<br />
[[pt:PulseAudio]]<br />
[[ru:PulseAudio]]<br />
[[tr:PulseAudio]]<br />
{{Related articles start}}<br />
{{Related|PulseAudio/Examples}}<br />
{{Related articles end}}<br />
[[Wikipedia:PulseAudio|PulseAudio]] is a sound server commonly used by desktop environments like [[GNOME]] or [[KDE]]. It serves as a proxy to sound applications using existing kernel sound components like [[ALSA]] or [[OSS]]. Since [[ALSA]] is included in Arch Linux by default, the most common deployment scenarios include PulseAudio with [[ALSA]].<br />
<br />
== Installation ==<br />
* Required package: {{Pkg|pulseaudio}}<br />
* Optional GTK GUIs: {{Pkg|paprefs}} and {{Pkg|pavucontrol}}<br />
* Optional volume control via mapped keyboard keys: {{AUR|pulseaudio-ctl}}<br />
* Optional console (CLI) mixers: {{Pkg|ponymix}} and {{AUR|pamixer-git}}<br />
* Optional web volume control: [https://github.com/Siot/PaWebControl PaWebControl]<br />
* Optional system tray icon: {{AUR|pasystray-git}}<br />
* Optional KDE plasma applet: {{Pkg|kdemultimedia-kmix}} and {{AUR|kdeplasma-applets-veromix}}<br />
<br />
== Running ==<br />
{{Warning|If you have per-user copies of configuration files (such as {{ic|client.conf}}, {{ic|daemon.conf}} or {{ic|default.pa}}) in {{ic|~/.config/pulse/}} or {{ic|~/.pulse/}}, make sure you keep them in sync with changes to the packaged files in {{ic|/etc/pulse/}}. Otherwise, PulseAudio may refuse to start due to configuration errors.}}<br />
<br />
{{Note|<br />
* PulseAudio requires [[D-Bus]] to function.<br />
* Most X11 environments start PulseAudio automatically with the X11 session.<br />
}}<br />
<br />
In the unlikely event that PulseAudio is not automatically started upon entering X, it can can be started with:<br />
$ pulseaudio --start<br />
<br />
PulseAudio can be stopped with:<br />
$ pulseaudio -k<br />
<br />
== Equalizer ==<br />
Newer PulseAudio versions have an integrated 10-band equalizer system. In order to use the equalizer do the following:<br />
<br />
=== Load equalizer sink and dbus-protocol module ===<br />
$ pactl load-module module-equalizer-sink<br />
$ pactl load-module module-dbus-protocol<br />
<br />
=== Install and run the GUI front-end ===<br />
Install {{Pkg|python-pyqt4}} and execute:<br />
<br />
$ qpaeq<br />
<br />
{{Note|If qpaeq has no effect, install {{pkg|pavucontrol}} and change "ALSA Playback on" to "FFT based equalizer on ..." while the media player is running.}}<br />
<br />
=== Load equalizer and dbus module on every boot ===<br />
Edit the file {{ic|/etc/pulse/default.pa}} with your favorite editor and append the following lines:<br />
<br />
### Load the integrated PulseAudio equalizer and D-Bus module<br />
load-module module-equalizer-sink<br />
load-module module-dbus-protocol<br />
<br />
== Back-end configuration ==<br />
=== ALSA ===<br />
* Recommended package: {{Pkg|pulseaudio-alsa}}<br />
* Optional packages: {{Pkg|lib32-libpulse}} and {{Pkg|lib32-alsa-plugins}}<br />
<br />
{{Note|Optional packages are needed only if running x86_64 and wanting to have sound for 32-bit programs (like Wine).}}<br />
<br />
For the applications that do not support PulseAudio and support ALSA it is '''recommended''' to install the PulseAudio plugin for ALSA. This package also contains the necessary {{ic|/etc/asound.conf}} for configuring ALSA to use PulseAudio.<br />
<br />
To prevent applications from using ALSA's OSS emulation and bypassing PulseAudio (thereby preventing other applications from playing sound), make sure the module {{ic|snd_pcm_oss}} is not being loaded at boot. If it is currently loaded ({{ic|1=lsmod | grep oss}}), disable it by executing:<br />
# rmmod snd_pcm_oss<br />
<br />
=== ALSA/dmix without grabbing hardware device ===<br />
{{Note|This section describes alternative configuration, which is generally '''not''' recommended.}}<br />
<br />
You may want to use ALSA directly in most of your applications and to be able to use other applications, which constantly require PulseAudio at the same time. The following steps allow you to make PulseAudio use dmix instead of grabbing ALSA hardware device.<br />
<br />
* Remove package {{Pkg|pulseaudio-alsa}}, which provides compatibility layer between ALSA applications and PulseAudio. After this your ALSA apps will use ALSA directly without being hooked by Pulse.<br />
<br />
* Edit {{ic|/etc/pulse/default.pa}}.<br />
:Find and uncomment lines which load back-end drivers. Add '''device''' parameters as follows. Then find and comment lines which load autodetect modules.<br />
load-module module-alsa-sink '''device=dmix'''<br />
load-module module-alsa-source '''device=dsnoop'''<br />
# load-module module-udev-detect<br />
# load-module module-detect<br />
<br />
* ''Optional:'' If you use {{Pkg|kdemultimedia-kmix}} you may want to control ALSA volume instead of PulseAudio volume:<br />
$ echo export KMIX_PULSEAUDIO_DISABLE=1 > ~/.kde4/env/kmix_disable_pulse.sh<br />
$ chmod +x ~/.kde4/env/kmix_disable_pulse.sh<br />
<br />
* Now, reboot your computer and try running ALSA and PulseAudio applications at the same time. They both should produce sound simultaneously.<br />
:Use {{Pkg|pavucontrol}} to control PulseAudio volume if needed.<br />
<br />
=== OSS ===<br />
There are multiple ways of making OSS-only programs play to PulseAudio:<br />
<br />
==== ossp ====<br />
Install {{Pkg|ossp}} package and start '''osspd''' service.<br />
<br />
==== padsp wrapper (part of PulseAudio) ====<br />
Programs using OSS can work with PulseAudio by starting it with padsp:<br />
<br />
$ padsp OSSprogram<br />
A few examples:<br />
$ padsp aumix<br />
$ padsp sox foo.wav -t ossdsp /dev/dsp<br />
<br />
You can also add a custom wrapper script like this: <br />
{{hc|/usr/local/bin/OSSProgram|<nowiki><br />
#!/bin/sh<br />
exec padsp /usr/bin/OSSprogram "$@"<br />
</nowiki>}}<br />
Make sure {{ic|/usr/local/bin}} comes before {{ic|/usr/bin}} in your '''PATH'''.<br />
<br />
=== GStreamer ===<br />
To make [[GStreamer]] use PulseAudio, you need to install {{Pkg|gst-plugins-good}} or {{Pkg|gstreamer0.10-good-plugins}}.<br />
<br />
=== OpenAL ===<br />
OpenAL Soft should use PulseAudio by default, but can be explicitly configured to do so: {{hc|/etc/openal/alsoft.conf|2=drivers=pulse,alsa}}<br />
<br />
=== libao ===<br />
Edit the libao configuration file:<br />
{{hc|# /etc/libao.conf|2=default_driver=pulse}}<br />
Be sure to remove the {{ic|1=dev=default}} option of the alsa driver or adjust it to specify a specific Pulse sink name or number. <br />
<br />
{{Note|You could possibly also keep the libao standard of outputting to the ''alsa'' driver and its default device if you install {{pkg|pulseaudio-alsa}} since the ALSA default device then '''is''' PulseAudio.}}<br />
<br />
=== ESD ===<br />
PulseAudio is a drop-in replacement for the enlightened sound daemon (ESD). While PulseAudio is running, ESD clients should be able to output to it without configuration.<br />
<br />
== Desktop environments ==<br />
=== General X11 ===<br />
{{Note|As mentioned previously, PulseAudio is very likely launched automatically via either {{ic|/etc/X11/xinit/xinitrc.d/pulseaudio}} or the files in {{ic|/etc/xdg/autostart/}} if users have some DE installed.}}<br />
<br />
Check to see if PulseAudio is running:<br />
<br />
{{hc|<nowiki>$ ps aux | grep pulse</nowiki>|<br />
facade 1794 0.0 0.0 360464 6532 ? S<l 15:33 0:00 /usr/bin/pulseaudio --start<br />
facade 1827 0.0 0.0 68888 2608 ? S 15:33 0:00 /usr/lib/pulse/gconf-helper<br />
}}<br />
<br />
If PulseAudio is not running and users are using X, the following will start PulseAudio with the needed the X11 plugins manually:<br />
$ start-pulseaudio-x11<br />
<br />
If you are not running GNOME, KDE, or Xfce, and your {{ic|~/.xinitrc}} does not source the scripts in {{ic|/etc/X11/xinit/xinitrc.d}} (such as is done in the example file {{ic|/etc/skel/.xinitrc}}), then you can launch PulseAudio on boot with:<br />
{{hc|~/.xinitrc|<br />
/usr/bin/start-pulseaudio-x11<br />
}}<br />
<br />
=== GNOME ===<br />
As of GNOME 3, GNOME fully integrates with PulseAudio and no extra configuration is needed.<br />
<br />
=== KDE 3 ===<br />
PulseAudio is ''not'' a drop-in replacement for aRts. Users of KDE 3 cannot use PulseAudio. However note, recent versions of PulseAudio may have eliminated the prohibition:<br />
<br />
See: http://www.pulseaudio.org/wiki/PerfectSetup KDE 3 uses the artsd sound server by default. However, artsd itself can be configured to use an Esound backend. Edit {{ic|kcmartsrc}} (either in {{ic|/etc/kde}} or {{ic|/usr/share/config}} for global configuration or {{ic|.kde/share/config}} to configure only one user) like this:<br />
<br />
[Arts]<br />
Arguments=\s-F 10 -S 4096 -a esd -n -s 1 -m artsmessage -c drkonqi -l 3 -f<br />
NetworkTransparent=true<br />
SuspendTime=1<br />
<br />
=== KDE Plasma Workspaces and Qt4 ===<br />
PulseAudio, it will be used by KDE/Qt4 applications. For more information see the [http://www.pulseaudio.org/wiki/KDE KDE page in the PulseAudio wiki].<br />
<br />
PulseAudio support has been merged into KMix, the default KDE sound mixer.<br />
<br />
If the phonon-gstreamer backend is used for Phonon, GStreamer should also be [[PulseAudio#GStreamer|configured]] to use PulseAudio by installing {{Pkg|gstreamer0.10-good-plugins}}.<br />
<br />
One useful tidbit from that page is to add {{ic|load-module module-device-manager}} to {{ic|/etc/pulse/default.pa}}.<br />
<br />
Additionally, the {{AUR|kdeplasma-applets-veromix}} is available in the [[AUR]] as a KDE alternative to KMix or pavucontrol.<br />
<br />
If KMix/Veromix fail to connect to PulseAudio at boot you may need to edit {{ic|/etc/pulse/client.conf}} to include {{ic|autospawn &#61; yes}} instead of {{ic|autospawn &#61; no}}.<br />
<br />
=== Xfce ===<br />
Applications running under Xfce can take advantage of PulseAudio. To manage PulseAudio settings, you can use {{Pkg|pavucontrol}}.<br />
<br />
== Applications ==<br />
=== Audacious ===<br />
[[Audacious]] natively supports PulseAudio. In order to use it, set Audacious Preferences -> Audio -> Current output plugin to 'PulseAudio Output Plugin'.<br />
<br />
=== Java/OpenJDK 6 ===<br />
Create a wrapper for the Java executable using padsp as seen on the [[Java#Java_sound_with_PulseAudio|Java sound with PulseAudio]] page.<br />
<br />
=== Music Player Daemon (MPD) ===<br />
[http://mpd.wikia.com/wiki/PulseAudio configure] [[MPD]] to use PulseAudio. See also [[MPD/Tips and Tricks#MPD and PulseAudio]].<br />
<br />
=== MPlayer ===<br />
[[MPlayer]] natively supports PulseAudio output with the {{ic|-ao pulse}} option. It can also be configured to default to PulseAudio output, in {{ic|~/.mplayer/config}} for per-user, or {{ic|/etc/mplayer/mplayer.conf}} for system-wide:<br />
{{hc|/etc/mplayer/mplayer.conf|2=ao=pulse}}<br />
<br />
=== Skype (x86_64 only) ===<br />
Install {{Pkg|lib32-libpulse}}, otherwise the following error will occur when trying to initiate a call: "Problem with Audio Playback".<br />
<br />
== Troubleshooting ==<br />
=== No sound after install ===<br />
==== Muted audio device ====<br />
If one experiences no audio output via any means while using ALSA, attempt to unmute the sound card. To do this, launch {{ic|alsamixer}} and make sure each column has a green 00 under it (this can be toggled by pressing {{ic|m}}):<br />
$ alsamixer -c 0<br />
<br />
{{Note|alsamixer will not tell you which output device is set as the default. One possible cause of no sound after install is that PulseAudio detects the wrong output device as a default. Install {{Pkg|pavucontrol}} and check if there is any output on the pavucontrol panel when playing a ''.wav'' file.}}<br />
<br />
==== Auto-Mute Mode ====<br />
Auto-Mute Mode may be enabled. It can be disabled using {{ic|alsamixer}}.<br />
<br />
See http://superuser.com/questions/431079/how-to-disable-auto-mute-mode for more.<br />
<br />
==== Bad configuration files ====<br />
After starting PulseAudio, if the system outputs no sound, it may be necessary to delete the contents of {{ic|~/.pulse}}. PulseAudio will automatically create new configuration files on its next start.<br />
<br />
==== Flash content ====<br />
Since Adobe Flash does not directly support PulseAudio, the recommended way is to [https://wiki.archlinux.org/index.php/PulseAudio#ALSA configure ALSA to use the virtual PulseAudio sound card].<br />
<br />
Alternatively you may try out {{AUR|libflashsupport-pulse}} from the [[AUR]].<br />
{{Note|This may invariably crash the Flash plugin.}}<br />
<br />
==== No cards ====<br />
If PulseAudio starts, run {{ic|pacmd list}}. If no cards are reported, make sure that the ALSA devices are not in use:<br />
$ fuser -v /dev/snd/*<br />
$ fuser -v /dev/dsp<br />
<br />
Make sure any applications using the pcm or dsp files are shut down before restarting PulseAudio.<br />
<br />
==== The only device shown is "dummy output" ====<br />
This may be caused by different reasons, one of them being the {{ic|.asoundrc}} file in $HOME is taking precedence over the systemwide {{ic|/etc/asound.conf}}.<br />
<br />
The user file is modified also by the tool {{ic|asoundconf}} or by its graphical variant {{ic|asoundconf-gtk}} (the latter is named "Default sound card" in the menu) as soon as it runs. Prevent the effects of {{ic|.asoundrc}} altogether by commenting the last line like this:<br />
{{hc|.asoundrc|<br />
# </home/''yourusername''/.asoundrc.asoundconf><br />
}}<br />
<br />
Maybe some program is monopolizing the audio device:<br />
{{hc|# fuser -v /dev/snd/*|<br />
USER PID ACCESS COMMAND<br />
/dev/snd/controlC0: root 931 F.... timidity<br />
bob 1195 F.... panel-6-mixer<br />
/dev/snd/controlC1: bob 1195 F.... panel-6-mixer<br />
bob 1215 F.... pulseaudio<br />
/dev/snd/pcmC0D0p: root 931 F...m timidity<br />
/dev/snd/seq: root 931 F.... timidity<br />
/dev/snd/timer: root 931 f.... timidity<br />
}}<br />
<br />
That means timidity blocks PulseAudio from accessing the audio devices. Just killing timidity will make the sound work again.<br />
<br />
Another reason is [[FluidSynth]] conflicting with PulseAudio as discussed in [https://bbs.archlinux.org/viewtopic.php?id=154002 this thread]. The solution is to remove FluidSynth:<br />
<br />
# pacman -Rnsc fluidsynth<br />
<br />
==== KDE Plasma Workspaces ====<br />
It may be that another output device set as preferred in phonon. Make sure that every setting reflects the preferred output device at the top, and check the playback streams tab in {{ic|kmix}} to make sure that applications are using the device for output.<br />
<br />
To see your default audio device, you can run:<br />
<br />
pactl stat<br />
<br />
To see available audio devices:<br />
<br />
pactl list<br />
<br />
To set your default audio device, use "pacmd" or add to {{ic|/etc/pulse/default.pa}}:<br />
set-default-sink alsa_output.analog-stereo<br />
<br />
==== Failed to create sink input: sink is suspended ====<br />
If you do not have any output sound and receive dozens of errors related to a suspended sink in your {{ic|journalctl -b}} log, then backup first and then delete your user-specific pulse folders:<br />
<br />
$ rm -r ~/.pulse ~/.pulse-cookie<br />
<br />
=== No HDMI sound output after some time with the monitor turned off ===<br />
The monitor is connected via HDMI/DisplayPort, and the audio jack is plugged in the headphone jack of the monitor, but PulseAudio insists that it is unplugged:<br />
{{hc|pactl list sinks|<br />
...<br />
hdmi-output-0: HDMI / DisplayPort (priority: 5900, not available)<br />
...<br />
}}<br />
<br />
This leads to no sound coming from HDMI output. A workaround for this is to switch to another TTY and back again. This problem has been reported by ATI/Nvidia/Intel users.<br />
<br />
=== Can't update configuration of sound device in pavucontrol ===<br />
{{Pkg|pavucontrol}} is a handy GUI utility for configuring PulseAudio. Under its 'Configuration' tab, you can select different profiles for each of your sound devices e.g. analogue stereo, digital output (IEC958), HDMI 5.1 Surround etc.<br />
<br />
However, you may run into an instance where selecting a different profile for a card results in the pulse daemon crashing and auto restarting without the new selection "sticking". If this occurs, use the other useful GUI tool, {{Pkg|paprefs}}, to check under the "Simultaneous Output" tab for a virtual simultaneous device. If this setting is active (checked), it will prevent you changing any card's profile in pavucontrol. Uncheck this setting, then adjust your profile in pavucontrol prior to re-enabling simultaneous output in paprefs.<br />
<br />
=== Simultaneous output to multiple sound cards / devices ===<br />
Simultaneous output to two different devices can be very useful. For example, being able to send audio to your A/V receiver via your graphics card's HDMI output, while also sending the same audio through the analogue output of your motherboard's built-in audio. This is much less hassle than it used to be (in this example, we are using GNOME desktop).<br />
<br />
Using {{Pkg|paprefs}}, simply select "Add virtual output device for simultaneous output on all local sound cards" from under the "Simultaneous Output" tab. Then, under GNOME's "sound settings", select the simultaneous output you have just created.<br />
<br />
If this doesn't work, try adding the following to {{ic|~/.asoundrc}}:<br />
<br />
pcm.dsp {<br />
type plug<br />
slave.pcm "dmix"<br />
}<br />
<br />
=== Simultaneous output to multiple sinks on the same sound card not working===<br />
This can be useful for users who have multiple sound sources and want to play them on different sinks/outputs. <br />
An example use-case for this would be if you play music and also voice chat and want to output music to speakers (in this case Digital S/PDIF) and voice to headphones. (Analog)<br />
<br />
This is sometimes auto detected by PulseAudio but not always. If you know that your sound card can output to both Analog and S/PDIF at the same time and PulseAudio does not have this option in it's profiles in pavucontrol, or veromix then you probably need to create a configuration file for your sound card.<br />
<br />
More in detail you need to create a profile-set for your specific sound card.<br />
This is done in two steps mostly.<br />
* Create udev rule to make PulseAudio choose your PulseAudio configuration file specific to the sound card.<br />
* Create the actual configuration.<br />
<br />
Create a pulseadio udev rule.<br />
{{Note| This is only an example for Asus Xonar Essence STX.<br />
Read [[udev]] to find out the correct values.}}<br />
{{Note| Your configuration file should have lower number than the original PulseAudio rule to take effect.}}<br />
{{hc|/usr/lib/udev/rules.d/90-pulseaudio-Xonar-STX.rules|<br />
ACTION&#61;&#61;"change", SUBSYSTEM&#61;&#61;"sound", KERNEL&#61;&#61;"card*", \<br />
ATTRS&#123;subsystem_vendor&#125;&#61;&#61;"0x1043", ATTRS&#123;subsystem_device&#125;&#61;&#61;"0x835c", ENV&#123;PULSE_PROFILE_SET&#125;&#61;"asus-xonar-essence-stx.conf" <br />
}}<br />
<br />
Now, create a configuration file. If you bother, you can start from scratch and make it saucy. However you can also use the default configuration file, rename it, and then add your profile there that you know works. Less pretty but also faster.<br />
<br />
To enable multiple sinks for Asus Xonar Essence STX you need only to add this in.<br />
{{Note|{{ic|asus-xonar-essence-stx.conf}} also includes all code/mappings from {{ic|default.conf}}.}}<br />
{{hc|/usr/share/pulseaudio/alsa-mixer/profile-sets/asus-xonar-essence-stx.conf|<br />
[Profile analog-stereo+iec958-stereo]<br />
description &#61; Analog Stereo Duplex + Digital Stereo Output<br />
input-mappings &#61; analog-stereo<br />
output-mappings &#61; analog-stereo iec958-stereo<br />
skip-probe &#61; yes<br />
}}<br />
<br />
This will auto-profile your Asus Xonar Essence STX with default profiles and add your own profile so you can have multiple sinks.<br />
<br />
You need to create another profile in the configuration file if you want to have the same functionality with AC3 Digital 5.1 output.<br />
<br />
[https://www.freedesktop.org/wiki/Software/PulseAudio/Backends/ALSA/Profiles/ See PulseAudio article about profiles]<br />
<br />
=== Disable Bluetooth support ===<br />
If you do not use Bluetooth, you may experience the following error in your journal:<br />
<br />
bluez5-util.c: GetManagedObjects() failed: org.freedesktop.DBus.Error.ServiceUnknown: The name org.bluez was not provided by any .service files<br />
<br />
To disable Bluetooth support in PulseAudio, make sure that the following lines are commented out in the configuration file in use ({{ic|~/.config/pulse/default.pa}} or {{ic|/etc/pulse/default.pa}}):<br />
<br />
{{hc|~/.config/pulse/default.pa|<br />
### Automatically load driver modules for Bluetooth hardware<br />
#.ifexists module-bluetooth-policy.so<br />
#load-module module-bluetooth-policy<br />
#.endif<br />
<br />
#.ifexists module-bluetooth-discover.so<br />
#load-module module-bluetooth-discover<br />
#.endif<br />
}}<br />
<br />
=== Bluetooth headset replay problems ===<br />
Some user [https://bbs.archlinux.org/viewtopic.php?id=117420 reports] huge delays or even no sound when the Bluetooth connection does not send any data. This is due to the {{ic|module-suspend-on-idle}} module, which automatically suspends sinks/sources on idle. As this can cause problems with headset, the responsible module can be deactivated.<br />
<br />
To disable loading of the {{ic|module-suspend-on-idle}} module, comment out the following line in the configuration file in use ({{ic|~/.config/pulse/default.pa}} or {{ic|/etc/pulse/default.pa}}):<br />
<br />
{{hc|~/.config/pulse/default.pa|<br />
### Automatically suspend sinks/sources that become idle for too long<br />
#load-module module-suspend-on-idle<br />
}}<br />
<br />
Finally restart PulseAudio to apply the changes.<br />
<br />
=== Automatically switch to Bluetooth or USB headset ===<br />
Add the following:<br />
{{hc|/etc/pulse/default.pa|<br />
# automatically switch to newly-connected devices<br />
load-module module-switch-on-connect<br />
}}<br />
<br />
=== Pulse overwrites ALSA settings ===<br />
PulseAudio usually overwrites the ALSA settings&#8202;&mdash;&#8202;for example set with alsamixer&#8202;&mdash;&#8202;at start up, even when the ALSA daemon is loaded. Since there seems to be no other way to restrict this behaviour, a workaround is to restore the ALSA settings again after PulseAudio has started. Add the following command to {{ic|.xinitrc}} or {{ic|.bash_profile}} or any other [[Autostarting|autostart]] file:<br />
<br />
restore_alsa() {<br />
while [ -z "$(pidof pulseaudio)" ]; do<br />
sleep 0.5<br />
done<br />
alsactl -f /var/lib/alsa/asound.state restore <br />
}<br />
restore_alsa &<br />
<br />
=== Prevent Pulse from restarting after being killed ===<br />
Sometimes you may wish to temporarily disable Pulse. In order to do so you will have to prevent Pulse from restarting after being killed.<br />
<br />
{{hc|~/.config/pulse/client.conf|2=<br />
# Disable autospawning the PulseAudio daemon<br />
autospawn = no<br />
}}<br />
<br />
=== Daemon startup failed ===<br />
Try resetting PulseAudio:<br />
$ rm -rf /tmp/pulse* ~/.pulse*<br />
$ pulseaudio -k<br />
$ pulseaudio --start<br />
<br />
If there is no server running but PulseAudio fails to start with an error message "User-configured server at ... refusing to start/autospawn", the issue may be with PulseAudio settings from a previous login. Check to see if there are any stale properties attached to the X11 root window with {{ic|pax11publish -d}}, and if there are, remove them with {{ic|pax11publish -r}} before trying to start the server. This manual cleanup is always required when using LXDM because it does not restart the X server on logout; see [[LXDM#PulseAudio]].<br />
<br />
==== inotify issue ====<br />
If the previous fix doesn't work, see if you get an error like this:<br />
{{hc|$ pulseaudio -vvvv|<br />
E: [pulseaudio] module-udev-detect.c: You apparently ran out of inotify watches, probably because Tracker/Beagle took them all away. I wished people would do their homework first and fix inotify before using it for watching whole directory trees which is something the current inotify is certainly not useful for. Please make sure to drop the Tracker/Beagle guys a line complaining about their broken use of inotify.<br />
}}<br />
<br />
In which case you have run out of inotify watches. <br />
<br />
This can quickly be resolved by:<br />
# echo 100000 > /proc/sys/fs/inotify/max_user_watches<br />
<br />
To have it permanently changed, use:<br />
{{hc|/etc/sysctl.d/99-sysctl.conf|2=<br />
# Increase inotify max watchs per user<br />
fs.inotify.max_user_watches = 100000<br />
}}<br />
<br />
=== Glitches, skips or crackling ===<br />
The newer implementation of the PulseAudio sound server uses timer-based audio scheduling instead of the traditional, interrupt-driven approach. <br />
<br />
Timer-based scheduling may expose issues in some ALSA drivers. On the other hand, other drivers might be glitchy without it on, so check to see what works on your system. <br />
<br />
To turn timer-based scheduling off add {{ic|1=tsched=0}} in {{ic|/etc/pulse/default.pa}}:<br />
{{hc|/etc/pulse/default.pa|<nowiki><br />
load-module module-udev-detect tsched=0<br />
</nowiki>}}<br />
<br />
Then restart the PulseAudio server:<br />
$ pulseaudio -k<br />
$ pulseaudio --start<br />
<br />
Do the reverse to enable timer-based scheduling, if not already enabled by default.<br />
<br />
Please report any such cards to [http://pulseaudio.org/wiki/BrokenSoundDrivers PulseAudio Broken Sound Driver page]<br />
<br />
=== Setting the default fragment number and buffer size in PulseAudio ===<br />
[http://forums.linuxmint.com/viewtopic.php?f=42&t=44862 More Information]<br />
<br />
==== Finding out your audio device parameters (1/4) ====<br />
To find your sound card buffering settings:<br />
$ echo autospawn = no >> ~/.pulse/client.conf<br />
$ pulseaudio -k<br />
$ LANG=C timeout --foreground -k 10 -s kill 10 pulseaudio -vvvv 2>&1 | grep device.buffering -B 10<br />
$ sed -i '$d' ~/.pulse/client.conf<br />
<br />
For each sound card detected by PulseAudio, you will see output similar to this:<br />
I: [pulseaudio] source.c: alsa.long_card_name = "HDA Intel at 0xfa200000 irq 46"<br />
I: [pulseaudio] source.c: alsa.driver_name = "snd_hda_intel"<br />
I: [pulseaudio] source.c: device.bus_path = "pci-0000:00:1b.0"<br />
I: [pulseaudio] source.c: sysfs.path = "/devices/pci0000:00/0000:00:1b.0/sound/card0"<br />
I: [pulseaudio] source.c: device.bus = "pci"<br />
I: [pulseaudio] source.c: device.vendor.id = "8086"<br />
I: [pulseaudio] source.c: device.vendor.name = "Intel Corporation"<br />
I: [pulseaudio] source.c: device.product.name = "82801I (ICH9 Family) HD Audio Controller"<br />
I: [pulseaudio] source.c: device.form_factor = "internal"<br />
I: [pulseaudio] source.c: device.string = "front:0"<br />
I: [pulseaudio] source.c: device.buffering.buffer_size = "768000"<br />
I: [pulseaudio] source.c: device.buffering.fragment_size = "384000"<br />
<br />
Take note the buffer_size and fragment_size values for the relevant sound card.<br />
<br />
==== Calculate your fragment size in msecs and number of fragments (2/4) ====<br />
PulseAudio's default sampling rate and bit depth are set to {{ic|44100Hz}} @ {{ic|16 bits}}.<br />
<br />
With this configuration, the bit rate we need is {{ic|44100}}*{{ic|16}} = {{ic|705600}} bits per second. That's {{ic|1411200 bps}} for stereo.<br />
<br />
Let's take a look at the parameters we have found in the previous step:<br />
<br />
device.buffering.buffer_size = "768000" => 768000/1411200 = 0.544217687075s = 544 msecs<br />
device.buffering.fragment_size = "384000" => 384000/1411200 = 0.272108843537s = 272 msecs<br />
<br />
==== Modify PulseAudio's configuration file (3/4) ====<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
; default-fragments = X<br />
; default-fragment-size-msec = Y<br />
</nowiki>}}<br />
<br />
In the previous step, we calculated the fragment size parameter.<br />
The number of fragments is simply buffer_size/fragment_size, which in this case ({{ic|544/272}}) is {{ic|2}}:<br />
<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
; default-fragments = '''272'''<br />
; default-fragment-size-msec = '''2'''<br />
</nowiki>}}<br />
<br />
==== Restart the PulseAudio daemon (4/4) ====<br />
$ pulseaudio -k<br />
$ pulseaudio --start<br />
<br />
For more information, see: [http://forums.linuxmint.com/viewtopic.php?f=42&t=44862 Linux Mint topic]<br />
<br />
=== Laggy sound ===<br />
This issue is due to incorrect buffer sizes.<br />
<br />
Either disable any modifications (if any) to these entries, or, if issue still exists, uncomment:<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
default-fragments = 8<br />
default-fragment-size-msec = 5<br />
</nowiki>}}<br />
<br />
=== Choppy, overdriven sound ===<br />
Choppy sound in PulseAudio can result from wrong settings for the sample rate. Try:<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
default-sample-rate = 48000<br />
</nowiki>}}<br />
and restart the PulseAudio server.<br />
<br />
If one experiences choppy sound in applications using openAL, change the sample rate in {{ic|/etc/openal/alsoft.conf}}:<br />
frequency = 48000<br />
<br />
Setting the PCM volume above 0 dB can cause clipping of the audio signal. Running {{ic|alsamixer -c0}} will allow you to see if this is the problem and if so fix it.<br />
<br />
=== Volume adjustment does not work properly ===<br />
Check:<br />
{{ic|/usr/share/pulseaudio/alsa-mixer/paths/analog-output.conf.common}}<br />
<br />
If the volume does not appear to increment/decrement properly using {{ic|alsamixer}} or {{ic|amixer}}, it may be due to PulseAudio having a larger number of increments (65537 to be exact). Try using larger values when changing volume (e.g. {{ic|amixer set Master 655+}}).<br />
<br />
=== Volume gets louder every time a new application is started ===<br />
Per default, it seems as if changing the volume in an application sets the global system volume to that level instead of only affecting the respective application. Applications setting their volume on startup will therefore cause the system volume to "jump".<br />
<br />
Fix this by:<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
flat-volumes = no<br />
</nowiki>}}<br />
and then restarting PulseAudio by executing<br />
$ pulseaudio -k && pulseaudio --start<br />
<br />
When Pulse comes back after a few seconds, applications will not alter the global system volume anymore but have their own volume level again.<br />
<br />
{{Note|A previously installed and removed pulseaudio-equalizer may leave behind remnants of the setup in {{ic|~/.pulse/default.pa}} which can also cause maximized volume trouble. Comment that out as needed.}}<br />
<br />
=== No microphone on ThinkPad T400/T500/T420 ===<br />
Run:<br />
alsamixer -c 0<br />
Unmute and maximize the volume of the "Internal Mic".<br />
<br />
Once you see the device with:<br />
arecord -l<br />
you might still need to adjust the settings. The microphone and the audio jack are duplexed. Set the configuration of the internal audio in pavucontrol to ''Analog Stereo Duplex''.<br />
<br />
=== No microphone input on Acer Aspire One ===<br />
Install pavucontrol, unlink the microphone channels and turn down the left one to 0.<br />
Reference: http://getsatisfaction.com/jolicloud/topics/deaf_internal_mic_on_acer_aspire_one#reply_2108048<br />
<br />
=== Sound output is only mono on M-Audio Audiophile 2496 sound card ===<br />
Add the following:<br />
{{hc|/etc/pulseaudio/default.pa|<nowiki><br />
load-module module-alsa-sink sink_name=delta_out device=hw:M2496 format=s24le channels=10 channel_map=left,right,aux0,aux1,aux2,aux3,aux4,aux5,aux6,aux7<br />
load-module module-alsa-source source_name=delta_in device=hw:M2496 format=s24le channels=12 channel_map=left,right,aux0,aux1,aux2,aux3,aux4,aux5,aux6,aux7,aux8,aux9<br />
set-default-sink delta_out<br />
set-default-source delta_in<br />
</nowiki>}}<br />
<br />
=== Static noise in microphone recording ===<br />
If we are getting static noise in Skype, gnome-sound-recorder, arecord, etc.'s recordings, then the sound card sample rate is incorrect. That is why there is static noise in Linux microphone recordings. To fix this, we need to set the sampling rate in {{ic|/etc/pulse/daemon.conf}} for the sound hardware.<br />
<br />
==== Determine sound cards in the system (1/5) ====<br />
This requires {{Pkg|alsa-utils}} and related packages to be installed:<br />
{{hc|$ arecord --list-devices|<br />
**** List of CAPTURE Hardware Devices ****<br />
card 0: Intel [HDA Intel], device 0: ALC888 Analog [ALC888 Analog]<br />
Subdevices: 1/1<br />
Subdevice #0: subdevice #0<br />
card 0: Intel [HDA Intel], device 2: ALC888 Analog [ALC888 Analog]<br />
Subdevices: 1/1<br />
Subdevice #0: subdevice #0<br />
}}<br />
<br />
Sound card is {{ic|hw:0,0}}.<br />
<br />
==== Determine sampling rate of the sound card (2/5) ====<br />
{{hc|1=arecord -f dat -r 60000 -D hw:0,0 -d 5 test.wav|2=<br />
"Recording WAVE 'test.wav' : Signed 16 bit Little Endian, Rate 60000 Hz, Stereo<br />
Warning: rate is not accurate (requested = 60000Hz, '''got = 96000Hz''')<br />
please, try the plug plugin<br />
}}<br />
<br />
observe, the {{ic|1=got = 96000Hz}}. This is the maximum sampling rate of our card.<br />
<br />
==== Setting the sound card's sampling rate into PulseAudio configuration (3/5) ====<br />
The default sampling rate in PulseAudio:<br />
{{hc|1=$ grep "default-sample-rate" /etc/pulse/daemon.conf|2=<br />
; default-sample-rate = 44100<br />
}}<br />
<br />
{{ic|44100}} is disabled and needs to be changed to {{ic|96000}}:<br />
# sed 's/; default-sample-rate = 44100/default-sample-rate = 96000/g' -i /etc/pulse/daemon.conf<br />
<br />
==== Restart PulseAudio to apply the new settings (4/5) ====<br />
$ pulseaudio -k<br />
$ pulseaudio --start<br />
<br />
==== Finally check by recording and playing it back (5/5) ====<br />
Let us record some voice using a microphone for, say, 10 seconds. Make sure the microphone is not muted and all<br />
$ arecord -f cd -d 10 test-mic.wav<br />
<br />
After 10 seconds, let us play the recording...<br />
$ aplay test-mic.wav<br />
<br />
Now hopefully, there is no static noise in microphone recording anymore.<br />
<br />
=== My Bluetooth device is paired but does not play any sound ===<br />
[[Bluetooth#My_device_is_paired_but_no_sound_is_played_from_it|See the article in Bluetooth section]]<br />
<br />
Starting from PulseAudio 2.99 and bluez 4.101 you should '''avoid''' using Socket interface. Do NOT use:<br />
{{hc|/etc/bluetooth/audio.conf|<nowiki><br />
[General]<br />
Enable=Socket<br />
</nowiki>}}<br />
If you face problems with A2DP and PA 2.99 make sure you have {{Pkg|sbc}} library.<br />
<br />
=== Subwoofer stops working after end of every song ===<br />
Known issue: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/494099<br />
<br />
To fix this, must edit: {{ic|/etc/pulse/daemon.conf}} and enable {{ic|enable-lfe-remixing}} :<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
enable-lfe-remixing = yes<br />
</nowiki>}}<br />
<br />
=== PulseAudio uses wrong microphone ===<br />
If PulseAudio uses the wrong microphone, and changing the Input Device with Pavucontrol did not help, take a look at alsamixer. It seems that Pavucontrol does not always set the input source correctly.<br />
<br />
$ alsamixer<br />
<br />
Press {{ic|F6}} and choose your sound card, e.g. HDA Intel. Now press {{ic|F5}} to display all items. Try to find the item: {{ic|Input Source}}. With the up/down arrow keys you are able to change the input source.<br />
<br />
Now try if the correct microphone is used for recording.<br />
<br />
=== Choppy sound with analog surround sound setup ===<br />
The low-frequency effects (LFE) channel is not remixed per default. To enable it the following needs to be set in {{ic|/etc/pulse/daemon.conf}} :<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
enable-lfe-remixing = yes<br />
</nowiki>}}<br />
<br />
=== No sound below a volume cutoff ===<br />
Known issue (won't fix): https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/223133<br />
<br />
If sound does not play when PulseAudio's volume is set below a certain level, try setting {{ic|1=ignore_dB=1}} in {{ic|/etc/pulse/default.pa}}:<br />
{{hc|/etc/pulse/default.pa|<nowiki><br />
load-module module-udev-detect ignore_dB=1<br />
</nowiki>}}<br />
<br />
However, be aware that it may cause another bug preventing PulseAudio to unmute speakers when headphones or other audio devices are unplugged.<br />
<br />
=== Low volume for internal microphone ===<br />
If you experience low volume on internal notebook microphone, try setting:<br />
{{hc|/etc/pulse/default.pa|<nowiki><br />
set-source-volume 1 300000<br />
</nowiki>}}<br />
<br />
=== Clients alter master output volume (a.k.a. volume jumps to 100% after running application) ===<br />
If changing the volume in specific applications or simply running an application changes the master output volume this is likely due to flat volumes mode of pulseaudio. Before disabling it, KDE users should try lowering their system notifications volume in ''System Settings -> Application and System Notifications -> Manage Notifications'' under the ''Player Settings'' tab to something reasonable. Changing the ''Event Sounds'' volume in KMix or another volume mixer application will not help here. This should make the flat-volumes mode work out as intended, if it does not work, some other application is likely requesting 100% volume when its playing something. If all else fails, you can try to disable flat-volumes:<br />
{{hc|/etc/pulse/daemon.conf|<nowiki><br />
flat-volumes = no<br />
</nowiki>}}<br />
Then restart PulseAudio daemon:<br />
# pulseaudio -k<br />
# pulseaudio --start<br />
<br />
===Realtime scheduling===<br />
If rtkit does not work, you can manually set up your system to run PulseAudio with real-time scheduling, which can help performance. To do this, add the following lines to {{ic|/etc/security/limits.conf}}:<br />
@pulse-rt - rtprio 9<br />
@pulse-rt - nice -11<br />
<br />
Afterwards, you need to add your user to the {{ic|pulse-rt}} group:<br />
# gpasswd -a <user> pulse-rt<br />
<br />
=== No sound after resume from suspend ===<br />
If audio generally works, but stops after resume from suspend, try "reloading" PulseAudio by executing:<br />
$ /usr/bin/pasuspender /bin/true<br />
<br />
This is better than completely killing and restarting it ({{ic|pulseaudio -k && pulseaudio --start`}}), because it doesn't break already running applications.<br />
<br />
If the above fixes your problem, you may wish to automate it, by creating a systemd service file.<br />
<br />
1. Create the template service file in {{ic|/etc/systemd/system/resume-fix-pulseaudio@.service}}:<br />
<br />
[Unit]<br />
Description=Fix PulseAudio after resume from suspend<br />
After=suspend.target<br />
<br />
[Service]<br />
User=%I<br />
Type=oneshot<br />
Environment="XDG_RUNTIME_DIR=/run/user/%U"<br />
ExecStart=/usr/bin/pasuspender /bin/true<br />
<br />
[Install]<br />
WantedBy=suspend.target<br />
<br />
2. Enable it for your user account<br />
<br />
# systemctl enable resume-fix-pulseaudio@YOUR_USERNAME_HERE.service<br />
<br />
3. Reload systemd<br />
<br />
# systemctl --system daemon-reload<br />
<br />
=== ALSA channels mute when headphones are plugged/unplugged improperly ===<br />
If when you unplug your headphones or plug them in the audio remains muted in alsamixer on the wrong channel due to it being set to 0%, you may be able to fix it by opening {{ic|/etc/pulse/default.pa}} and commenting out the line:<br />
load-module module-switch-on-port-available<br />
<br />
=== pactl "invalid option" error with negative percentage arguments ===<br />
{{ic|pactl}} commands that take negative percentage arguments will fail with an 'invalid option' error. Use the standard shell '--' pseudo argument<br />
to disable argument parsing before the negative argument. ''e.g.'' {{ic|pactl set-sink-volume 1 -- -5%}}.<br />
<br />
===Daemon already running===<br />
On some systems, PulseAudio may be started multiple times. journalctl will report:<br />
<br />
[pulseaudio] pid.c: Daemon already running.<br />
<br />
Make sure to use only one method of autostarting applications. {{Pkg|pulseaudio}} includes these files:<br />
<br />
* {{ic|/etc/X11/xinit/xinitrc.d/pulseaudio}}<br />
* {{ic|/etc/xdg/autostart/pulseaudio.desktop}}<br />
* {{ic|/etc/xdg/autostart/pulseaudio-kde.desktop}}<br />
<br />
Also check user autostart files and directories, such as [[xinitrc]], {{ic|~/.config/autostart/}} etc.<br />
<br />
== See also ==<br />
* [http://www.alsa-project.org/main/index.php/Asoundrc http://www.alsa-project.org/main/index.php/Asoundrc] - ALSA wiki on .asoundrc<br />
* [http://www.pulseaudio.org/ http://www.pulseaudio.org/] - PulseAudio official site<br />
* [http://www.pulseaudio.org/wiki/FAQ http://www.pulseaudio.org/wiki/FAQ] - PulseAudio FAQ</div>Medhefgohttps://wiki.archlinux.org/index.php?title=TrueCrypt&diff=296399TrueCrypt2014-02-06T17:41:45Z<p>Medhefgo: cryptsetup can now use the partition file itself in system mode</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:File systems]]<br />
[[de:TrueCrypt]]<br />
{{Related articles start}}<br />
{{Related|Disk Encryption}}<br />
{{Related|Tcplay}}<br />
{{Related articles end}}<br />
'''TrueCrypt''' is a free open source on-the-fly encryption (OTFE) program. Some of its features are:<br />
* Virtual encrypted disks within files that can be mounted as real disks.<br />
* Encryption of an entire hard disk partition or a storage device/medium.<br />
* All encryption algorithms use the LRW mode of operation, which is more secure than CBC mode with predictable initialization vectors for storage encryption.<br />
* "Hidden volumes" within a normal "outer" encrypted volume. A hidden volume can not be distinguished from random data without access to a passphrase and/or keyfile.<br />
<br />
For more details on how TrueCrypt compares to other disk encryption solution, see [[Disk Encryption#Comparison table]].<br />
<br />
== Installation ==<br />
<br />
{{Note|For opening and accessing an existing TrueCrypt container [[#Accessing a TrueCrypt container using cryptsetup|cryptsetup]] is the preferred way, since it is well integrated with the rest of the system. Creating a new TrueCrypt container can be done using {{ic|truecrypt}}, after which it can be opened using {{ic|cryptsetup}}.}}<br />
<br />
[[pacman|Install]] {{Pkg|truecrypt}} from the [[official repositories]].<br />
If you use any kernel other than {{Pkg|linux}} install the corresponding kernel module.<br />
<br />
If you are using truecrypt to encrypt a virtual filesystem (e.g. a file), the module will be automatically loaded whenever you run the ''truecrypt'' command.<br />
<br />
If you are using truecrypt to encrypt a physical device (e.g. a hard disk or usb drive), you will likely want to load the module during the boot sequence:<br />
<br />
Add the module to {{ic|/etc/modules-load.d/}}:<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "truecrypt"<br />
<br />
{{Note|<br />
* This didn't work for me (module truecrypt seems to be non-existent now), but adding "loop" module worked<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
# modprobe loop<br />
* It does not appear that loading a module applies with TrueCrypt 7.1a, the current version in Arch as of 4/19/2013. The above advice may be outdated with respect to the module, however it is still important to enable '''FUSE''', '''loop''' and your encryption algorithm (e.g. '''AES''', '''XTS''', '''SHA512''') in custom kernels.<br />
If you only want to open and access an existing truecrypt container, this can also be done with {{ic|cryptsetup}} i.e. without installing Truecrypt.<br />
}}<br />
<br />
== Accessing a TrueCrypt container using cryptsetup ==<br />
<br />
Since version 1.6, {{Pkg|cryptsetup}} supports opening TrueCrypt containers natively, without the need of the {{Pkg|truecrypt}} package. To do so, execute the following command:<br />
$ cryptsetup --type tcrypt open container-to-mount container-name<br />
<br />
Replace {{ic|container-to-mount}} with the device file under {{ic|/dev}} or the path to the file you wish to open. Upon successful opening, the plaintext device will appear as {{ic|/dev/mapper/container-name}}, which you can {{ic|mount}} like any normal device.<br />
<br />
If you are using key files, supply them using the {{ic|--key-file}} option, to open a hidden volume, supply the {{ic|--tcrypt-hidden}} option and for a partition or whole drive that is encrypted in system mode use the {{ic|--tcrypt-system}} option.<br />
<br />
See {{ic|man cryptsetup}} for more details and all supported options.<br />
<br />
=== Automounting using /etc/crypttab ===<br />
<br />
Since version 206, [[systemd]] supports (auto)mounting TrueCrypt containers at boot or runtime using {{ic|/etc/crypttab}}.<br />
<br />
The following example setup will mount {{ic|/dev/sda2}} in system encryption mode as soon as {{ic|/mnt/truecrypt-volume}} is accessed using systemd's automounting logic. The passphrase to open the volume is given in {{ic|/etc/volume.password}}. Note that the device file given in {{ic|/etc/fstab}} needs to be the one from {{ic|/dev/mapper/}} and not, for example, from {{ic|/dev/disk/by-uuid/}} for automounting logic to kick in. Other than that you can still reliably identify the encrypted volume itself inside of {{ic|/etc/crypttab}} using device file names from {{ic|/dev/disk/}}.<br />
<br />
{{hc|/etc/crypttab|<nowiki><br />
truecrypt-volume /dev/sda2 /etc/volume.password tcrypt-system,noauto</nowiki><br />
}}<br />
<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt-volume /mnt/truecrypt-volume auto noauto,x-systemd.automount 0 0</nowiki><br />
}}<br />
<br />
See {{ic|man crypttab}} for more details and options supported.<br />
<br />
== Encrypting a file as a virtual volume ==<br />
<br />
The following instructions will create a file that will act as a virtual filesystem, allowing you to mount it and store files within the encrypted file. This is a convenient way to store sensitive information, such as financial data or passwords, in a single file that can be accessed from Linux, Windows, or Macs.<br />
<br />
To create a new truecrypt file interactively, type the following in a terminal:<br />
$ truecrypt -t -c<br />
<br />
Follow the instructions, choosing the default values unless you know what you are doing:<br />
<br />
Volume type:<br />
1) Normal<br />
2) Hidden<br />
Select [1]: 1<br />
<br />
Enter file or device path for new volume: /home/user/''EncryptedFile''.tc<br />
<br />
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 32M<br />
<br />
Encryption algorithm:<br />
1) AES<br />
2) Blowfish<br />
3) CAST5<br />
4) Serpent<br />
5) Triple DES<br />
6) Twofish<br />
7) AES-Twofish<br />
8) AES-Twofish-Serpent<br />
9) Serpent-AES<br />
10) Serpent-Twofish-AES<br />
11) Twofish-Serpent<br />
Select [1]: 1<br />
<br />
Hash algorithm:<br />
1) RIPEMD-160<br />
2) SHA-1<br />
3) Whirlpool<br />
Select [1]: 1 <br />
<br />
Filesystem:<br />
1) None<br />
2) FAT<br />
3) Linux Ext2<br />
4) Linux Ext3<br />
5) Linux Ext4<br />
Select [2]: <br />
<br />
Enter password for new volume '/home/user/''EncryptedFile''.tc': *****************************<br />
Re-enter password: *****************************<br />
<br />
Enter keyfile path [none]: <br />
<br />
Please type at least 320 randomly chosen characters and then press Enter:<br />
<br />
Done: 32.00 MB Speed: 10.76 MB/s Left: 0:00:00 <br />
Volume created.<br />
<br />
You can now mount the new encrypted file to a previously-created directory:<br />
$ truecrypt -t /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
{{Note|Truecrypt requires root privileges and as such, running the above command as a user will attempt to use '''sudo''' for authentication. To work with files as a regular user, please see[[#Mount volumes as a normal user|Mount volumes as a normal user]].}}<br />
<br />
Once mounted, you can copy or create new files within the encrypted directory as if it was any normal directory. When you are you ready to re-encrypt the contents and unmount the directory, run:<br />
$ truecrypt -t -d<br />
<br />
Again, this will require administrator privileges through the use of '''sudo'''. After running it check if the files that are to be encrypted are indeed no longer in the directory. (might want to try unimportant data first) If they are still there, note that ''rm'' doesn't make the data unrecoverable.<br />
<br />
For more information about truecrypt in general, run:<br />
$ man truecrypt<br />
{{Note|As of 1:7.1a-1 dont see a man or info page.}}<br />
<br />
Several options can be passed at the command line, making automated access and creation a simple task. The man page is highly recommended reading.<br />
<br />
== Encrypting a physical volume ==<br />
<br />
{{Note|1= If you are having problems with the graphical interface, you can run in CLI mode with the -t flag.}}<br />
<br />
If you want to use a keyfile, create one with this command:<br />
truecrypt --create-keyfile /etc/disk.key<br />
By default both passphrase and key will be needed to unlock the volume.<br />
<br />
Create a new volume in the device {{ic|/dev/sda1}}:<br />
# truecrypt --volume-type=normal -c /dev/sda1<br />
<br />
Map the volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
If this command does not for you try this to map the volume:<br />
# truecrypt --filesystem=none --slot=1 /dev/sda1<br />
<br />
Simply format the disk like you normally would choosing your favourite [[File Systems|file system]], except use the path {{ic|/dev/mapper/truecrypt1}}. E.g. for ext4 use:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
<br />
Mount the volume:<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount a volume:<br />
# truecrypt /dev/sda1 /media/disk<br />
<br />
Unmount and unmap a volume:<br />
# truecrypt -d /dev/sda1<br />
<br />
== Creating a hidden volume ==<br />
<br />
First, create a normal outer volume as described in [[#Encrypting a physical volume]].<br />
<br />
Map the outer volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
Create a hidden truecrypt volume in the free space of the outer volume:<br />
# truecrypt --type hidden -c /dev/sda1<br />
You need to use another passphrase and/or keyfile here than the one you used for the outer volume.<br />
<br />
Unmap the outer truecrypt volume and map the hidden one:<br />
# truecrypt -d /dev/sda1<br />
# truecrypt -N 1 /dev/sda1<br />
Just use the passphrase you chose for the hidden volume and TrueCrypt will automatically choose it before the outer.<br />
<br />
Create a file system on it (if you have not already) and mount it:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount the outer volume with the hidden write-protected:<br />
truecrypt -P /dev/sda1 /media/disk<br />
<br />
== Mount a special filesystem ==<br />
<br />
{{Note|Current Versions of truecrypt seem to support NTFS write support by default so the {{ic|--filesystem}} flag no longer seems to be necessary.}}<br />
<br />
In the following example I want to mount a ntfs-volume, but TrueCrypt does not use ''ntfs-3g by'' default (so there is no write access; checked in version 6.1).<br />
The following command works for me:<br />
truecrypt --filesystem=ntfs-3g --mount /file/you/want/to/mount<br />
You may also want to mount ntfs volume without execute flag on all files<br />
truecrypt --filesystem=ntfs-3g --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002<br />
<br />
== Mount volumes via fstab ==<br />
<br />
First of all, we need to write a script which will handle the way mounting via fstab is done. Place the following in {{ic|/usr/bin/mount.truecrypt}}:<br />
{{bc|<nowiki><br />
#!/usr/bin/env sh <br />
DEV="$1"<br />
MNTPT="$2"<br />
OPTIONS=""<br />
TCOPTIONS=""<br />
shift 3<br />
IFS=','<br />
for arg in $*; do<br />
if [ "${arg}" == "system" ]; then<br />
TCOPTIONS="${TCOPTIONS}-m=system "<br />
elif [[ "${arg}" == fs=* ]]; then<br />
FS=${arg#*=}<br />
TCOPTIONS="${TCOPTIONS}--filesystem=${FS} "<br />
else<br />
OPTIONS="${OPTIONS}${arg},"<br />
fi<br />
done<br />
truecrypt ${DEV} ${MNTPT} ${TCOPTIONS% *} --fs-options="${OPTIONS%,*}"<br />
</nowiki>}}<br />
Also do not forget to make the file executable:<br />
<br />
# chmod +x /usr/bin/mount.truecrypt<br />
<br />
Finally, add the device to fstab somewhat like this:<br />
<br />
/dev/sdb3 /mnt truecrypt fs=vfat,defaults 0 0<br />
<br />
{{Tip|This script is also provided by the {{AUR|truecrypt-mount}} package.}}<br />
<br />
== Mount volumes as a normal user ==<br />
<br />
TrueCrypt needs root privileges to work: this procedure will allow normal users to use it, also giving writing permissions to mounted volumes.<br />
<br />
Both methods below require [[Sudo]]. Make sure it is configured before proceeding.<br />
<br />
=== Method 1: add a truecrypt group ===<br />
<br />
Create a new group called truecrypt and give it the necessary permissions. Any users that belongs to that group, will be able to use TrueCrypt.<br />
# groupadd truecrypt<br />
<br />
Edit the sudo configuration:<br />
# visudo<br />
<br />
Append the following lines at the bottom of the sudo configuration file:<br />
# Users in the truecrypt group are allowed to run TrueCrypt as root.<br />
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
You can now add your users to the truecrypt group:<br />
# gpasswd -M first_user,second_user,etc truecrypt<br />
<br />
{{Note|In order to make these changes active, any user that has been added to the truecrypt group have to logout.}}<br />
<br />
After that, you can mount your device by<br />
<br />
# truecrypt --mount ''/path/to/device'' ''/path/to/mountpoint''<br />
<br />
Default mountpoint is {{ic|/media/truecrypt1}}. Normally, it is not necessary to explicitly specify the filesystem of your device using the {{ic|--filesystem}} flag.<br />
<br />
It is definitely reasonable to give truecrypt some permission masks. Otherwise, every file on your mounted device will be executable. So instead of the above, you can use<br />
<br />
# truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
and add this line to your bash configuration file, {{ic|~/.bashrc}} as an alias:<br />
<br />
alias tc1='truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount ''/path/to/device"" ''/path/to/mountpoint''<br />
<br />
To mount this specific device, use<br />
<br />
# tc1<br />
<br />
as a normal user.<br />
<br />
=== Method 2: sudo simplified ===<br />
<br />
Simply enable desired user to run truecrypt without a password:<br />
# visudo<br />
<br />
Append the following:<br />
USERNAME ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
alternatively, if you make use of the wheel group:<br />
%wheel ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
If you have any difficulties with permissions as a normal user, just add the {{ic|-u}} flag to the truecrypt mount command, for example:<br />
$ truecrypt -u /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
=== Automatic mount on login ===<br />
<br />
Simply add:<br />
{{bc|<br />
$ truecrypt /home/user/''Encrypted File''.tc /home/user/''Encrypted File Folder'' <<EOF<br />
''password''<br />
EOF<br />
}}<br />
to your startup procedure. Do not use the {{ic|-p}} switch, this method is more secure. Otherwise everyone can just look up the password via ''ps'' and similar tools, as it is in the process name! [http://thoughtyblog.wordpress.com/2009/07/05/truecrypt-linux-hide-password-from-ps/ source]<br />
<br />
The most recent truecrypt has a couple of followup questions. If you have expect installed, this will work (assuming no keyfile and no desire to protect hidden volume), saved to a file with root-only perms called from /etc/rc.local:<br />
<br />
{{bc|<nowiki><br />
#! /bin/bash<br />
expect << EOF<br />
spawn /usr/bin/truecrypt ''/path/to/EncryptedFile'' ''/mount/point''<br />
expect "Enter password"<br />
send "volume password\n"<br />
expect "Enter keyfile"<br />
send "\n"<br />
expect "Protect hidden volume"<br />
send "\n"<br />
expect eof;<br />
EOF<br />
</nowiki>}}<br />
<br />
Of course, this isn't as secure as entering your password manually. But for some use cases, such as when your TrueCrypt filesystem is in a file on shared storage, it's better than being unencrypted.<br />
<br />
== Safely unmount and unmap volumes (on shutdown) ==<br />
<br />
You can unmount a specific device by<br />
<br />
# truecrypt -d ''/path/to/mountpoint''<br />
<br />
or leave away the path to unmount all truecrypt volumes.<br />
<br />
If you want your truecrypt device to be unmounted automatically at shutdown, add the following to the file {{ic|/etc/rc.local.shutdown}}:<br />
<br />
if (/usr/bin/truecrypt --text --list)<br />
then {<br />
/usr/bin/truecrypt -d<br />
sleep 3<br />
}<br />
fi<br />
You can also leave away the ''sleep'' command, it is just to give the unmounting some time to complete before the actual shutdown.<br />
<br />
If you're using [[systemd]], there is a service trying to unmount truecrypt-encrypted filesystems at shutdown automatically on the [[systemd/Services]] page.<br />
<br />
== Errors ==<br />
<br />
=== TrueCrypt is already running ===<br />
<br />
If a messagebox ''TrueCrypt is already running'' appears when starting TrueCrypt, check for a hidden file in the home directory of the concerned user called ''.TrueCrypt-lock-username''. Substitute ''username'' with the individual username. Delete the file and start TrueCrypt again.<br />
<br />
=== Deleted stale lockfile ===<br />
<br />
If you always get a message "Delete stale lockfile [....]" after starting Truecrypt, the Truecrypt process with the lowest ID has to be killed during Gnome log out. Edit {{ic|/etc/gdm/PostSession/Default}} and add the following line before exit 0:<br />
kill $(ps -ef | grep truecrypt | tr -s ' ' | cut -d ' ' -f 2)<br />
<br />
=== Issues with Unicode file/folder names ===<br />
<br />
==== NTFS ====<br />
<br />
Should files resp. folders containing Unicode characters in their names be incorrectly or not at all displayed on TrueCrypt NTFS volumes (while e. g. being correctly handled on non-encrypted NTFS partitions), first verify that you have the [[NTFS-3G]] driver installed and then create the following symlink as root:<br />
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs<br />
That will cause TrueCrypt to automatically use this driver for NTFS volumes, having the same effect as the explicit use of<br />
truecrypt --filesystem=ntfs-3g /path/to/volume<br />
via the console.<br />
<br />
One may also consider setting e.g.:<br />
rw,noatime<br />
amongst other options in the TrueCrypt GUI (''Settings > Preferences > Mount Options'').<br />
<br />
==== FAT ====<br />
<br />
Similarly, FAT32 volumes created using Windows may use Unicode rather than ISO 8859-1. In order to use UTF-8, set the mount option:<br />
iocharset=utf8<br />
when mounting such volumes, or globally as described above.<br />
<br />
=== Unmount error (device mapper) ===<br />
<br />
If you always get a message "device-mapper: remove ioctl failed: Device or resource busy" when attempting to dismount your truecrypt volume, the solution is to goto: Setting > Preferences > System Integration > Kernel Service and check the box<br />
Do not use kernel cryptographic services<br />
<br />
=== Mount error (device mapper, truecrypt partition) ===<br />
<br />
When attempting to mount your truecrypt volume, a message like this one may appear:<br />
<br />
Error: device-mapper: create ioctl failed: Device or resource busy<br />
Command failed<br />
If so, run:<br />
# cryptsetup remove /dev/mapper/truecrypt1<br />
<br />
=== Failed to set up a loop device ===<br />
<br />
If you get a message "Failed to set up a loop device" when trying to create/mount a TrueCrypt volume, it may be because you updated your kernel recently without rebooting.<br />
Rebooting should fix this error.<br />
<br />
Otherwise, check if ''loop'' has been loaded as kernel module:<br />
<br />
$ lsmod | grep loop<br />
<br />
If not listed, retry the TrueCrypt command after {{ic|modprobe loop}}. Should it work, consider to add ''loop'' to the modules in {{ic|/etc/modules-load.d}}:<br />
<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
<br />
{{Note|As of udev 181-5, the loop device module is no longer auto-loaded, and the procedure described here is necessary.}}<br />
<br />
<br />
=== System partition passwords need en_US keymap ===<br />
If you are using Xorg (which you most likely are, should you not know what that is), use the following command to use US keymap until restart:<br />
<br />
# setxkbmap us<br />
<br />
== See also ==<br />
<br />
* [http://www.truecrypt.org/ TrueCrypt homepage]<br />
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]<br />
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt tutorial on HowToForge]<br />
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])</div>Medhefgohttps://wiki.archlinux.org/index.php?title=TrueCrypt&diff=293714TrueCrypt2014-01-20T12:41:13Z<p>Medhefgo: Undo revision 289011 by ZeroBit (talk) If it doesn't work it's a bug that needs reporting. Also, the text says mounting a system-encrypted volume, using only tcrypt would be wrong</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:File systems]]<br />
[[de:TrueCrypt]]<br />
{{Related articles start}}<br />
{{Related|Disk Encryption}}<br />
{{Related|Tcplay}}<br />
{{Related articles end}}<br />
'''TrueCrypt''' is a free open source on-the-fly encryption (OTFE) program. Some of its features are:<br />
* Virtual encrypted disks within files that can be mounted as real disks.<br />
* Encryption of an entire hard disk partition or a storage device/medium.<br />
* All encryption algorithms use the LRW mode of operation, which is more secure than CBC mode with predictable initialization vectors for storage encryption.<br />
* "Hidden volumes" within a normal "outer" encrypted volume. A hidden volume can not be distinguished from random data without access to a passphrase and/or keyfile.<br />
<br />
For more details on how TrueCrypt compares to other disk encryption solution, see [[Disk Encryption#Comparison table]].<br />
<br />
== Installation ==<br />
<br />
{{Note|For opening and accessing an existing TrueCrypt container [[#Accessing a TrueCrypt container using cryptsetup|cryptsetup]] is the preferred way, since it is well integrated with the rest of the system. Creating a new TrueCrypt container can be done using {{ic|truecrypt}}, after which it can be opened using {{ic|cryptsetup}}.}}<br />
<br />
[[pacman|Install]] {{Pkg|truecrypt}} from the [[official repositories]].<br />
If you use any kernel other than {{Pkg|linux}} install the corresponding kernel module.<br />
<br />
If you are using truecrypt to encrypt a virtual filesystem (e.g. a file), the module will be automatically loaded whenever you run the ''truecrypt'' command.<br />
<br />
If you are using truecrypt to encrypt a physical device (e.g. a hard disk or usb drive), you will likely want to load the module during the boot sequence:<br />
<br />
Add the module to {{ic|/etc/modules-load.d/}}:<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "truecrypt"<br />
<br />
{{Note|<br />
* This didn't work for me (module truecrypt seems to be non-existent now), but adding "loop" module worked<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
# modprobe loop<br />
* It does not appear that loading a module applies with TrueCrypt 7.1a, the current version in Arch as of 4/19/2013. The above advice may be outdated with respect to the module, however it is still important to enable '''FUSE''', '''loop''' and your encryption algorithm (e.g. '''AES''', '''XTS''', '''SHA512''') in custom kernels.<br />
If you only want to open and access an existing truecrypt container, this can also be done with {{ic|cryptsetup}} i.e. without installing Truecrypt.<br />
}}<br />
<br />
== Accessing a TrueCrypt container using cryptsetup ==<br />
<br />
Since version 1.6, {{Pkg|cryptsetup}} supports opening TrueCrypt containers natively, without the need of the {{Pkg|truecrypt}} package. To do so, execute the following command:<br />
$ cryptsetup --type tcrypt open container-to-mount container-name<br />
<br />
Replace {{ic|container-to-mount}} with the device file under {{ic|/dev}} or the path to the file you wish to open. Upon successful opening, the plaintext device will appear as {{ic|/dev/mapper/container-name}}, which you can {{ic|mount}} like any normal device.<br />
<br />
If you are using key files, supply them using the {{ic|--key-file}} option. To open a hidden volume, supply the {{ic|--tcrypt-hidden}} option.<br />
<br />
Opening a partition that has been encrypted in system mode is done using the {{ic|--tcrypt-system}} option. Note that you will have to supply the whole device to cryptsetup in this case. For example, if your system encrypted partition is {{ic|/dev/sda2}}, you have to open it using {{ic|/dev/sda}} as the device:<br />
$ cryptsetup --tcrypt-system --type tcrypt open /dev/sda truecrypt-volume<br />
<br />
See {{ic|man cryptsetup}} for more details and all supported options.<br />
<br />
=== Automounting using /etc/crypttab ===<br />
<br />
Since version 206, [[systemd]] supports (auto)mounting TrueCrypt containers at boot or runtime using {{ic|/etc/crypttab}}.<br />
<br />
The following example setup will mount {{ic|/dev/sda2}} in system encryption mode as soon as {{ic|/mnt/truecrypt-volume}} is accessed using systemd's automounting logic. The passphrase to open the volume is given in /etc/volume.password.<br />
<br />
{{hc|/etc/crypttab|<nowiki><br />
truecrypt-volume /dev/sda2 /etc/volume.password tcrypt-system,noauto</nowiki><br />
}}<br />
<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt-volume /mnt/truecrypt-volume auto noauto,x-systemd.automount 0 0</nowiki><br />
}}<br />
<br />
See {{ic|man crypttab}} for more details and options supported.<br />
<br />
== Encrypting a file as a virtual volume ==<br />
<br />
The following instructions will create a file that will act as a virtual filesystem, allowing you to mount it and store files within the encrypted file. This is a convenient way to store sensitive information, such as financial data or passwords, in a single file that can be accessed from Linux, Windows, or Macs.<br />
<br />
To create a new truecrypt file interactively, type the following in a terminal:<br />
$ truecrypt -t -c<br />
<br />
Follow the instructions, choosing the default values unless you know what you are doing:<br />
<br />
Volume type:<br />
1) Normal<br />
2) Hidden<br />
Select [1]: 1<br />
<br />
Enter file or device path for new volume: /home/user/''EncryptedFile''.tc<br />
<br />
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 32M<br />
<br />
Encryption algorithm:<br />
1) AES<br />
2) Blowfish<br />
3) CAST5<br />
4) Serpent<br />
5) Triple DES<br />
6) Twofish<br />
7) AES-Twofish<br />
8) AES-Twofish-Serpent<br />
9) Serpent-AES<br />
10) Serpent-Twofish-AES<br />
11) Twofish-Serpent<br />
Select [1]: 1<br />
<br />
Hash algorithm:<br />
1) RIPEMD-160<br />
2) SHA-1<br />
3) Whirlpool<br />
Select [1]: 1 <br />
<br />
Filesystem:<br />
1) None<br />
2) FAT<br />
3) Linux Ext2<br />
4) Linux Ext3<br />
5) Linux Ext4<br />
Select [2]: <br />
<br />
Enter password for new volume '/home/user/''EncryptedFile''.tc': *****************************<br />
Re-enter password: *****************************<br />
<br />
Enter keyfile path [none]: <br />
<br />
Please type at least 320 randomly chosen characters and then press Enter:<br />
<br />
Done: 32.00 MB Speed: 10.76 MB/s Left: 0:00:00 <br />
Volume created.<br />
<br />
You can now mount the new encrypted file to a previously-created directory:<br />
$ truecrypt -t /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
{{Note|Truecrypt requires root privileges and as such, running the above command as a user will attempt to use '''sudo''' for authentication. To work with files as a regular user, please see[[#Mount volumes as a normal user|Mount volumes as a normal user]].}}<br />
<br />
Once mounted, you can copy or create new files within the encrypted directory as if it was any normal directory. When you are you ready to re-encrypt the contents and unmount the directory, run:<br />
$ truecrypt -t -d<br />
<br />
Again, this will require administrator privileges through the use of '''sudo'''. After running it check if the files that are to be encrypted are indeed no longer in the directory. (might want to try unimportant data first) If they are still there, note that ''rm'' doesn't make the data unrecoverable.<br />
<br />
For more information about truecrypt in general, run:<br />
$ man truecrypt<br />
{{Note|As of 1:7.1a-1 dont see a man or info page.}}<br />
<br />
Several options can be passed at the command line, making automated access and creation a simple task. The man page is highly recommended reading.<br />
<br />
== Encrypting a physical volume ==<br />
<br />
{{Note|1= If you are having problems with the graphical interface, you can run in CLI mode with the -t flag.}}<br />
<br />
If you want to use a keyfile, create one with this command:<br />
truecrypt --create-keyfile /etc/disk.key<br />
By default both passphrase and key will be needed to unlock the volume.<br />
<br />
Create a new volume in the device {{ic|/dev/sda1}}:<br />
# truecrypt --volume-type=normal -c /dev/sda1<br />
<br />
Map the volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
If this command does not for you try this to map the volume:<br />
# truecrypt --filesystem=none --slot=1 /dev/sda1<br />
<br />
Simply format the disk like you normally would choosing your favourite [[File Systems|file system]], except use the path {{ic|/dev/mapper/truecrypt1}}. E.g. for ext4 use:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
<br />
Mount the volume:<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount a volume:<br />
# truecrypt /dev/sda1 /media/disk<br />
<br />
Unmount and unmap a volume:<br />
# truecrypt -d /dev/sda1<br />
<br />
== Creating a hidden volume ==<br />
<br />
First, create a normal outer volume as described in [[#Encrypting a physical volume]].<br />
<br />
Map the outer volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
Create a hidden truecrypt volume in the free space of the outer volume:<br />
# truecrypt --type hidden -c /dev/sda1<br />
You need to use another passphrase and/or keyfile here than the one you used for the outer volume.<br />
<br />
Unmap the outer truecrypt volume and map the hidden one:<br />
# truecrypt -d /dev/sda1<br />
# truecrypt -N 1 /dev/sda1<br />
Just use the passphrase you chose for the hidden volume and TrueCrypt will automatically choose it before the outer.<br />
<br />
Create a file system on it (if you have not already) and mount it:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount the outer volume with the hidden write-protected:<br />
truecrypt -P /dev/sda1 /media/disk<br />
<br />
== Mount a special filesystem ==<br />
<br />
{{Note|Current Versions of truecrypt seem to support NTFS write support by default so the {{ic|--filesystem}} flag no longer seems to be necessary.}}<br />
<br />
In the following example I want to mount a ntfs-volume, but TrueCrypt does not use ''ntfs-3g by'' default (so there is no write access; checked in version 6.1).<br />
The following command works for me:<br />
truecrypt --filesystem=ntfs-3g --mount /file/you/want/to/mount<br />
You may also want to mount ntfs volume without execute flag on all files<br />
truecrypt --filesystem=ntfs-3g --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002<br />
<br />
== Mount volumes via fstab ==<br />
<br />
First of all, we need to write a script which will handle the way mounting via fstab is done. Place the following in {{ic|/usr/bin/mount.truecrypt}}:<br />
{{bc|<nowiki><br />
#!/usr/bin/env sh <br />
DEV="$1"<br />
MNTPT="$2"<br />
OPTIONS=""<br />
TCOPTIONS=""<br />
shift 3<br />
IFS=','<br />
for arg in $*; do<br />
if [ "${arg}" == "system" ]; then<br />
TCOPTIONS="${TCOPTIONS}-m=system "<br />
elif [[ "${arg}" == fs=* ]]; then<br />
FS=${arg#*=}<br />
TCOPTIONS="${TCOPTIONS}--filesystem=${FS} "<br />
else<br />
OPTIONS="${OPTIONS}${arg},"<br />
fi<br />
done<br />
truecrypt ${DEV} ${MNTPT} ${TCOPTIONS% *} --fs-options="${OPTIONS%,*}"<br />
</nowiki>}}<br />
Also do not forget to make the file executable:<br />
<br />
# chmod +x /usr/bin/mount.truecrypt<br />
<br />
Finally, add the device to fstab somewhat like this:<br />
<br />
/dev/sdb3 /mnt truecrypt fs=vfat,defaults 0 0<br />
<br />
{{Tip|This script is also provided by the {{AUR|truecrypt-mount}} package.}}<br />
<br />
== Mount volumes as a normal user ==<br />
<br />
TrueCrypt needs root privileges to work: this procedure will allow normal users to use it, also giving writing permissions to mounted volumes.<br />
<br />
Both methods below require [[Sudo]]. Make sure it is configured before proceeding.<br />
<br />
=== Method 1: add a truecrypt group ===<br />
<br />
Create a new group called truecrypt and give it the necessary permissions. Any users that belongs to that group, will be able to use TrueCrypt.<br />
# groupadd truecrypt<br />
<br />
Edit the sudo configuration:<br />
# visudo<br />
<br />
Append the following lines at the bottom of the sudo configuration file:<br />
# Users in the truecrypt group are allowed to run TrueCrypt as root.<br />
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
You can now add your users to the truecrypt group:<br />
# gpasswd -M first_user,second_user,etc truecrypt<br />
<br />
{{Note|In order to make these changes active, any user that has been added to the truecrypt group have to logout.}}<br />
<br />
After that, you can mount your device by<br />
<br />
# truecrypt --mount ''/path/to/device'' ''/path/to/mountpoint''<br />
<br />
Default mountpoint is {{ic|/media/truecrypt1}}. Normally, it is not necessary to explicitly specify the filesystem of your device using the {{ic|--filesystem}} flag.<br />
<br />
It is definitely reasonable to give truecrypt some permission masks. Otherwise, every file on your mounted device will be executable. So instead of the above, you can use<br />
<br />
# truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
and add this line to your bash configuration file, {{ic|~/.bashrc}} as an alias:<br />
<br />
alias tc1='truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount ''/path/to/device"" ''/path/to/mountpoint''<br />
<br />
To mount this specific device, use<br />
<br />
# tc1<br />
<br />
as a normal user.<br />
<br />
=== Method 2: sudo simplified ===<br />
<br />
Simply enable desired user to run truecrypt without a password:<br />
# visudo<br />
<br />
Append the following:<br />
USERNAME ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
alternatively, if you make use of the wheel group:<br />
%wheel ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
If you have any difficulties with permissions as a normal user, just add the {{ic|-u}} flag to the truecrypt mount command, for example:<br />
$ truecrypt -u /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
=== Automatic mount on login ===<br />
<br />
Simply add:<br />
{{bc|<br />
$ truecrypt /home/user/''Encrypted File''.tc /home/user/''Encrypted File Folder'' <<EOF<br />
''password''<br />
EOF<br />
}}<br />
to your startup procedure. Do not use the {{ic|-p}} switch, this method is more secure. Otherwise everyone can just look up the password via ''ps'' and similar tools, as it is in the process name! [http://thoughtyblog.wordpress.com/2009/07/05/truecrypt-linux-hide-password-from-ps/ source]<br />
<br />
The most recent truecrypt has a couple of followup questions. If you have expect installed, this will work (assuming no keyfile and no desire to protect hidden volume), saved to a file with root-only perms called from /etc/rc.local:<br />
<br />
{{bc|<nowiki><br />
#! /bin/bash<br />
expect << EOF<br />
spawn /usr/bin/truecrypt ''/path/to/EncryptedFile'' ''/mount/point''<br />
expect "Enter password"<br />
send "volume password\n"<br />
expect "Enter keyfile"<br />
send "\n"<br />
expect "Protect hidden volume"<br />
send "\n"<br />
expect eof;<br />
EOF<br />
</nowiki>}}<br />
<br />
Of course, this isn't as secure as entering your password manually. But for some use cases, such as when your TrueCrypt filesystem is in a file on shared storage, it's better than being unencrypted.<br />
<br />
== Safely unmount and unmap volumes (on shutdown) ==<br />
<br />
You can unmount a specific device by<br />
<br />
# truecrypt -d ''/path/to/mountpoint''<br />
<br />
or leave away the path to unmount all truecrypt volumes.<br />
<br />
If you want your truecrypt device to be unmounted automatically at shutdown, add the following to the file {{ic|/etc/rc.local.shutdown}}:<br />
<br />
if (/usr/bin/truecrypt --text --list)<br />
then {<br />
/usr/bin/truecrypt -d<br />
sleep 3<br />
}<br />
fi<br />
You can also leave away the ''sleep'' command, it is just to give the unmounting some time to complete before the actual shutdown.<br />
<br />
If you're using [[systemd]], there is a service trying to unmount truecrypt-encrypted filesystems at shutdown automatically on the [[systemd/Services]] page.<br />
<br />
== Errors ==<br />
<br />
=== TrueCrypt is already running ===<br />
<br />
If a messagebox ''TrueCrypt is already running'' appears when starting TrueCrypt, check for a hidden file in the home directory of the concerned user called ''.TrueCrypt-lock-username''. Substitute ''username'' with the individual username. Delete the file and start TrueCrypt again.<br />
<br />
=== Deleted stale lockfile ===<br />
<br />
If you always get a message "Delete stale lockfile [....]" after starting Truecrypt, the Truecrypt process with the lowest ID has to be killed during Gnome log out. Edit {{ic|/etc/gdm/PostSession/Default}} and add the following line before exit 0:<br />
kill $(ps -ef | grep truecrypt | tr -s ' ' | cut -d ' ' -f 2)<br />
<br />
=== Issues with Unicode file/folder names ===<br />
<br />
==== NTFS ====<br />
<br />
Should files resp. folders containing Unicode characters in their names be incorrectly or not at all displayed on TrueCrypt NTFS volumes (while e. g. being correctly handled on non-encrypted NTFS partitions), first verify that you have the [[NTFS-3G]] driver installed and then create the following symlink as root:<br />
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs<br />
That will cause TrueCrypt to automatically use this driver for NTFS volumes, having the same effect as the explicit use of<br />
truecrypt --filesystem=ntfs-3g /path/to/volume<br />
via the console.<br />
<br />
One may also consider setting e.g.:<br />
rw,noatime<br />
amongst other options in the TrueCrypt GUI (''Settings > Preferences > Mount Options'').<br />
<br />
==== FAT ====<br />
<br />
Similarly, FAT32 volumes created using Windows may use Unicode rather than ISO 8859-1. In order to use UTF-8, set the mount option:<br />
iocharset=utf8<br />
when mounting such volumes, or globally as described above.<br />
<br />
=== Unmount error (device mapper) ===<br />
<br />
If you always get a message "device-mapper: remove ioctl failed: Device or resource busy" when attempting to dismount your truecrypt volume, the solution is to goto: Setting > Preferences > System Integration > Kernel Service and check the box<br />
Do not use kernel cryptographic services<br />
<br />
=== Mount error (device mapper, truecrypt partition) ===<br />
<br />
When attempting to mount your truecrypt volume, a message like this one may appear:<br />
<br />
Error: device-mapper: create ioctl failed: Device or resource busy<br />
Command failed<br />
If so, run:<br />
# cryptsetup remove /dev/mapper/truecrypt1<br />
<br />
=== Failed to set up a loop device ===<br />
<br />
If you get a message "Failed to set up a loop device" when trying to create/mount a TrueCrypt volume, it may be because you updated your kernel recently without rebooting.<br />
Rebooting should fix this error.<br />
<br />
Otherwise, check if ''loop'' has been loaded as kernel module:<br />
<br />
$ lsmod | grep loop<br />
<br />
If not listed, retry the TrueCrypt command after {{ic|modprobe loop}}. Should it work, consider to add ''loop'' to the modules in {{ic|/etc/modules-load.d}}:<br />
<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
<br />
{{Note|As of udev 181-5, the loop device module is no longer auto-loaded, and the procedure described here is necessary.}}<br />
<br />
<br />
=== System partition passwords need en_US keymap ===<br />
If you are using Xorg (which you most likely are, should you not know what that is), use the following command to use US keymap until restart:<br />
<br />
# setxkbmap us<br />
<br />
== See also ==<br />
<br />
* [http://www.truecrypt.org/ TrueCrypt homepage]<br />
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]<br />
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt tutorial on HowToForge]<br />
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])</div>Medhefgohttps://wiki.archlinux.org/index.php?title=TrueCrypt&diff=267045TrueCrypt2013-07-19T11:48:57Z<p>Medhefgo: Provide instructions about TrueCrypt support in cryptsetup and mention the upcoming support for it in systemd too</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:File systems]]<br />
[[de:TrueCrypt]]<br />
{{Article summary start}}<br />
{{Article summary text|Setup and usage of TrueCrypt.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Disk Encryption}}<br />
{{Article summary wiki|Tcplay}}<br />
{{Article summary end}}<br />
'''TrueCrypt''' is a free open source on-the-fly encryption (OTFE) program. Some of its features are:<br />
* Virtual encrypted disks within files that can be mounted as real disks.<br />
* Encryption of an entire hard disk partition or a storage device/medium.<br />
* All encryption algorithms use the LRW mode of operation, which is more secure than CBC mode with predictable initialization vectors for storage encryption.<br />
* "Hidden volumes" within a normal "outer" encrypted volume. A hidden volume can not be distinguished from random data without access to a passphrase and/or keyfile.<br />
<br />
For more details on how TrueCrypt compares to other disk encryption solution, see [[Disk Encryption#Comparison table]].<br />
<br />
== Installation ==<br />
<br />
{{Note|For opening and accessing an existing TrueCrypt container [[#Accessing a TrueCrypt container using cryptsetup|cryptsetup]] is the preferred way, since it is well integrated with the rest of the system. Creating a new TrueCrypt container can be done using {{ic|truecrypt}}, after which it can be opened using {{ic|cryptsetup}}.}}<br />
<br />
[[pacman|Install]] {{Pkg|truecrypt}} from the [[official repositories]].<br />
If you use any kernel other than {{Pkg|linux}} install the corresponding kernel module.<br />
<br />
If you are using truecrypt to encrypt a virtual filesystem (e.g. a file), the module will be automatically loaded whenever you run the ''truecrypt'' command.<br />
<br />
If you are using truecrypt to encrypt a physical device (e.g. a hard disk or usb drive), you will likely want to load the module during the boot sequence:<br />
<br />
Add the module to /etc/modules-load.d/:<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "truecrypt"<br />
<br />
{{Note|<br />
* This didn't work for me (module truecrypt seems to be non-existent now), but adding "loop" module worked<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
# modprobe loop<br />
* It does not appear that loading a module applies with TrueCrypt 7.1a, the current version in Arch as of 4/19/2013. The above advice may be outdated with respect to the module, however it is still important to enable '''FUSE''', '''loop''' and your encryption algorithm (e.g. '''AES''', '''XTS''', '''SHA512''') in custom kernels.<br />
If you only want to open and access an existing truecrypt container, this can also be done with {{ic|cryptsetup}} i.e. without installing Truecrypt.<br />
}}<br />
<br />
== Accessing a TrueCrypt container using cryptsetup ==<br />
<br />
Since version 1.6, {{Pkg|cryptsetup}} supports opening TrueCrypt containers natively, without the need of the {{Pkg|truecrypt}} package. Do do so, execute the following command:<br />
$ cryptsetup --type tcrypt open container-to-mount container-name<br />
<br />
Replace {{ic|container-to-mount}} with the device file under {{ic|/dev}} or the path to the file you wish to open. Upon successful opening, the plaintext device will appear as {{ic|/dev/mapper/container-name}}, which you can {{ic|mount}} like any normal device.<br />
<br />
If you are using key files, supply them using the {{ic|--key-file}} option. To open a hidden volume, supply the {{ic|--tcrypt-hidden}} option.<br />
<br />
Opening a partition that has been encrypted in system mode is done using the {{ic|--tcrypt-system}} option. Note that you will have to supply the whole device to cryptsetup in this case. For example, if your system encrypted partition is {{ic|/dev/sda2}}, you have to open it using {{ic|/dev/sda}} as the device:<br />
$ cryptsetup --tcrypt-system --type tcrypt open /dev/sda truecrypt-volume<br />
<br />
See {{ic|man cryptsetup}} for more details and all supported options.<br />
<br />
=== Automounting using /etc/crypttab ===<br />
<br />
Since version 206, [[systemd]] supports (auto)mounting TrueCrypt containers at boot or runtime using {{ic|/etc/crypttab}}.<br />
<br />
The following example setup will mount {{ic|/dev/sda2}} in system encryption mode as soon as {{ic|/mnt/truecrypt-volume}} is accessed using systemd's automounting logic. The passphrase to open the volume is given in /etc/volume.password.<br />
<br />
{{hc|/etc/crypttab|<nowiki><br />
truecrypt-volume /dev/sda2 /etc/volume.password tcrypt-system,noauto</nowiki><br />
}}<br />
<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt-volume /mnt/truecrypt-volume auto noauto,x-systemd.automount 0 0</nowiki><br />
}}<br />
<br />
See {{ic|man crypttab}} for more details and options supported.<br />
<br />
== Encrypting a file as a virtual volume ==<br />
<br />
The following instructions will create a file that will act as a virtual filesystem, allowing you to mount it and store files within the encrypted file. This is a convenient way to store sensitive information, such as financial data or passwords, in a single file that can be accessed from Linux, Windows, or Macs.<br />
<br />
To create a new truecrypt file interactively, type the following in a terminal:<br />
$ truecrypt -t -c<br />
<br />
Follow the instructions, choosing the default values unless you know what you are doing:<br />
<br />
Volume type:<br />
1) Normal<br />
2) Hidden<br />
Select [1]: 1<br />
<br />
Enter file or device path for new volume: /home/user/''EncryptedFile''.tc<br />
<br />
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 32M<br />
<br />
Encryption algorithm:<br />
1) AES<br />
2) Blowfish<br />
3) CAST5<br />
4) Serpent<br />
5) Triple DES<br />
6) Twofish<br />
7) AES-Twofish<br />
8) AES-Twofish-Serpent<br />
9) Serpent-AES<br />
10) Serpent-Twofish-AES<br />
11) Twofish-Serpent<br />
Select [1]: 1<br />
<br />
Hash algorithm:<br />
1) RIPEMD-160<br />
2) SHA-1<br />
3) Whirlpool<br />
Select [1]: 1 <br />
<br />
Filesystem:<br />
1) None<br />
2) FAT<br />
3) Linux Ext2<br />
4) Linux Ext3<br />
5) Linux Ext4<br />
Select [2]: <br />
<br />
Enter password for new volume '/home/user/''EncryptedFile''.tc': *****************************<br />
Re-enter password: *****************************<br />
<br />
Enter keyfile path [none]: <br />
<br />
Please type at least 320 randomly chosen characters and then press Enter:<br />
<br />
Done: 32.00 MB Speed: 10.76 MB/s Left: 0:00:00 <br />
Volume created.<br />
<br />
You can now mount the new encrypted file to a previously-created directory:<br />
$ truecrypt -t /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
{{Note|Truecrypt requires root privileges and as such, running the above command as a user will attempt to use '''sudo''' for authentication. To work with files as a regular user, please see[[#Mount volumes as a normal user|Mount volumes as a normal user]].}}<br />
<br />
Once mounted, you can copy or create new files within the encrypted directory as if it was any normal directory. When you are you ready to re-encrypt the contents and unmount the directory, run:<br />
$ truecrypt -t -d<br />
<br />
Again, this will require administrator privileges through the use of '''sudo'''. After running it check if the files that are to be encrypted are indeed no longer in the directory. (might want to try unimportant data first) If they are still there, note that ''rm'' doesn't make the data unrecoverable.<br />
<br />
For more information about truecrypt in general, run:<br />
$ man truecrypt<br />
{{Note|As of 1:7.1a-1 dont see a man or info page.}}<br />
<br />
Several options can be passed at the command line, making automated access and creation a simple task. The man page is highly recommended reading.<br />
<br />
== Encrypting a physical volume ==<br />
<br />
{{Note|1= If you are having problems with the graphical interface, you can run in CLI mode with the -t flag.}}<br />
<br />
If you want to use a keyfile, create one with this command:<br />
truecrypt --create-keyfile /etc/disk.key<br />
By default both passphrase and key will be needed to unlock the volume.<br />
<br />
Create a new volume in the device {{ic|/dev/sda1}}:<br />
# truecrypt --volume-type=normal -c /dev/sda1<br />
<br />
Map the volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
If this command does not for you try this to map the volume:<br />
# truecrypt --filesystem=none --slot=1 /dev/sda1<br />
<br />
Simply format the disk like you normally would choosing your favourite [[File systems|file system]], except use the path {{ic|/dev/mapper/truecrypt1}}. E.g. for ext4 use:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
<br />
Mount the volume:<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount a volume:<br />
# truecrypt /dev/sda1 /media/disk<br />
<br />
Unmount and unmap a volume:<br />
# truecrypt -d /dev/sda1<br />
<br />
== Creating a hidden volume ==<br />
<br />
First, create a normal outer volume as described in [[#Encrypting a physical volume]].<br />
<br />
Map the outer volume to {{ic|/dev/mapper/truecrypt1}}:<br />
# truecrypt -N 1 /dev/sda1<br />
<br />
Create a hidden truecrypt volume in the free space of the outer volume:<br />
# truecrypt --type hidden -c /dev/sda1<br />
You need to use another passphrase and/or keyfile here than the one you used for the outer volume.<br />
<br />
Unmap the outer truecrypt volume and map the hidden one:<br />
# truecrypt -d /dev/sda1<br />
# truecrypt -N 1 /dev/sda1<br />
Just use the passphrase you chose for the hidden volume and TrueCrypt will automatically choose it before the outer.<br />
<br />
Create a file system on it (if you have not already) and mount it:<br />
# mkfs.ext4 /dev/mapper/truecrypt1<br />
# mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount the outer volume with the hidden write-protected:<br />
truecrypt -P /dev/sda1 /media/disk<br />
<br />
== Mount a special filesystem ==<br />
<br />
{{Note|Current Versions of truecrypt seem to support NTFS write support by default so the {{ic|--filesystem}} flag no longer seems to be necessary.}}<br />
<br />
In the following example I want to mount a ntfs-volume, but TrueCrypt does not use ''ntfs-3g by'' default (so there is no write access; checked in version 6.1).<br />
The following command works for me:<br />
truecrypt --filesystem=ntfs-3g --mount /file/you/want/to/mount<br />
You may also want to mount ntfs volume without execute flag on all files<br />
truecrypt --filesystem=ntfs-3g --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002<br />
<br />
== Mount volumes via fstab ==<br />
<br />
First of all, we need to write a script which will handle the way mounting via fstab is done. Place the following in {{ic|/usr/bin/mount.truecrypt}}:<br />
{{bc|<nowiki><br />
#!/usr/bin/env sh <br />
DEV="$1"<br />
MNTPT="$2"<br />
OPTIONS=""<br />
TCOPTIONS=""<br />
shift 3<br />
IFS=','<br />
for arg in $*; do<br />
if [ "${arg}" == "system" ]; then<br />
TCOPTIONS="${TCOPTIONS}-m=system "<br />
elif [[ "${arg}" == fs=* ]]; then<br />
FS=${arg#*=}<br />
TCOPTIONS="${TCOPTIONS}--filesystem=${FS} "<br />
else<br />
OPTIONS="${OPTIONS}${arg},"<br />
fi<br />
done<br />
truecrypt ${DEV} ${MNTPT} ${TCOPTIONS% *} --fs-options="${OPTIONS%,*}"<br />
</nowiki>}}<br />
Also do not forget to make the file executable:<br />
<br />
# chmod +x /usr/bin/mount.truecrypt<br />
<br />
Finally, add the device to fstab somewhat like this:<br />
<br />
/dev/sdb3 /mnt truecrypt fs=vfat,defaults 0 0<br />
<br />
== Mount volumes using a systemd service ==<br />
<br />
To use Truecrypt with systemd, it is advised to use truecrypt as decryptor and mapper and fstab to do the mounting of encrypted volumes.<br />
<br />
First, create this service [[systemd/Services#truecrypt_volume_setup]] in {{ic|/usr/lib/systemd/system}}. Enable it with (assuming your encrypted volume is {{ic|/dev/sda2}}):<br />
# systemctl enable truecrypt@dev-sda2.service<br />
<br />
Secondly, create a line similar to that one in your fstab (the {{ic|2}} means your fs will be fscked regularly):<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt1 /home/ ext4 defaults 0 2</nowiki><br />
}}<br />
<br />
And you should be set.<br />
<br />
== Mount volumes as a normal user ==<br />
<br />
TrueCrypt needs root privileges to work: this procedure will allow normal users to use it, also giving writing permissions to mounted volumes.<br />
<br />
Both methods below require [[Sudo]]. Make sure it is configured before proceeding.<br />
<br />
=== Method 1: add a truecrypt group ===<br />
<br />
Create a new group called truecrypt and give it the necessary permissions. Any users that belongs to that group, will be able to use TrueCrypt.<br />
# groupadd truecrypt<br />
<br />
Edit the sudo configuration:<br />
# visudo<br />
<br />
Append the following lines at the bottom of the sudo configuration file:<br />
# Users in the truecrypt group are allowed to run TrueCrypt as root.<br />
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
You can now add your users to the truecrypt group:<br />
# gpasswd -M first_user,second_user,etc truecrypt<br />
<br />
{{Note|In order to make these changes active, any user that has been added to the truecrypt group have to logout.}}<br />
<br />
After that, you can mount your device by<br />
<br />
# truecrypt --mount ''/path/to/device'' ''/path/to/mountpoint''<br />
<br />
Default mountpoint is {{ic|/media/truecrypt1}}. Normally, it is not necessary to explicitly specify the filesystem of your device using the {{ic|--filesystem}} flag.<br />
<br />
It is definitely reasonable to give truecrypt some permission masks. Otherwise, every file on your mounted device will be executable. So instead of the above, you can use<br />
<br />
# truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
and add this line to your bash configuration file, {{ic|~/.bashrc}} as an alias:<br />
<br />
alias tc1='truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount ''/path/to/device"" ''/path/to/mountpoint''<br />
<br />
To mount this specific device, use<br />
<br />
# tc1<br />
<br />
as a normal user.<br />
<br />
=== Method 2: sudo simplified ===<br />
<br />
Simply enable desired user to run truecrypt without a password:<br />
# visudo<br />
<br />
Append the following:<br />
USERNAME ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
alternatively, if you make use of the wheel group:<br />
%wheel ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
If you have any difficulties with permissions as a normal user, just add the {{ic|-u}} flag to the truecrypt mount command, for example:<br />
$ truecrypt -u /home/user/''EncryptedFile''.tc /home/user/''EncryptedFileFolder''<br />
<br />
=== Automatic mount on login ===<br />
<br />
Simply add:<br />
{{bc|<br />
$ truecrypt /home/user/''Encrypted File''.tc /home/user/''Encrypted File Folder'' <<EOF<br />
''password''<br />
EOF<br />
}}<br />
to your startup procedure. Do not use the {{ic|-p}} switch, this method is more secure. Otherwise everyone can just look up the password via ''ps'' and similar tools, as it is in the process name! [http://thoughtyblog.wordpress.com/2009/07/05/truecrypt-linux-hide-password-from-ps/ source]<br />
<br />
The most recent truecrypt has a couple of followup questions. If you have expect installed, this will work (assuming no keyfile and no desire to protect hidden volume), saved to a file with root-only perms called from /etc/rc.local:<br />
<br />
{{bc|<nowiki><br />
#! /bin/bash<br />
expect << EOF<br />
spawn /usr/bin/truecrypt ''/path/to/EncryptedFile'' ''/mount/point''<br />
expect "Enter password"<br />
send "volume password\n"<br />
expect "Enter keyfile"<br />
send "\n"<br />
expect "Protect hidden volume"<br />
send "\n"<br />
expect eof;<br />
EOF<br />
</nowiki>}}<br />
<br />
Of course, this isn't as secure as entering your password manually. But for some use cases, such as when your TrueCrypt filesystem is in a file on shared storage, it's better than being unencrypted.<br />
<br />
== Safely unmount and unmap volumes (on shutdown) ==<br />
<br />
You can unmount a specific device by<br />
<br />
# truecrypt -d ''/path/to/mountpoint''<br />
<br />
or leave away the path to unmount all truecrypt volumes.<br />
<br />
If you want your truecrypt device to be unmounted automatically at shutdown, add the following to the file {{ic|/etc/rc.local.shutdown}}:<br />
<br />
if (/usr/bin/truecrypt --text --list)<br />
then {<br />
/usr/bin/truecrypt -d<br />
sleep 3<br />
}<br />
fi<br />
You can also leave away the ''sleep'' command, it is just to give the unmounting some time to complete before the actual shutdown.<br />
<br />
If you're using [[systemd]], there is a service trying to unmount truecrypt-encrypted filesystems at shutdown automatically on the [[systemd/Services]] page.<br />
<br />
== Errors ==<br />
<br />
=== TrueCrypt is already running ===<br />
<br />
If a messagebox ''TrueCrypt is already running'' appears when starting TrueCrypt, check for a hidden file in the home directory of the concerned user called ''.TrueCrypt-lock-username''. Substitute ''username'' with the individual username. Delete the file and start TrueCrypt again.<br />
<br />
=== Deleted stale lockfile ===<br />
<br />
If you always get a message "Delete stale lockfile [....]" after starting Truecrypt, the Truecrypt process with the lowest ID has to be killed during Gnome log out. Edit {{ic|/etc/gdm/PostSession/Default}} and add the following line before exit 0:<br />
kill $(ps -ef | grep truecrypt | tr -s ' ' | cut -d ' ' -f 2)<br />
<br />
=== Issues with Unicode file/folder names ===<br />
<br />
==== NTFS ====<br />
<br />
Should files resp. folders containing Unicode characters in their names be incorrectly or not at all displayed on TrueCrypt NTFS volumes (while e. g. being correctly handled on non-encrypted NTFS partitions), first verify that you have the [[NTFS-3G]] driver installed and then create the following symlink as root:<br />
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs<br />
That will cause TrueCrypt to automatically use this driver for NTFS volumes, having the same effect as the explicit use of<br />
truecrypt --filesystem=ntfs-3g /path/to/volume<br />
via the console.<br />
<br />
One may also consider setting e.g.:<br />
rw,noatime<br />
amongst other options in the TrueCrypt GUI (''Settings > Preferences > Mount Options'').<br />
<br />
==== FAT ====<br />
<br />
Similarly, FAT32 volumes created using Windows may use Unicode rather than ISO 8859-1. In order to use UTF-8, set the mount option:<br />
iocharset=utf8<br />
when mounting such volumes, or globally as described above.<br />
<br />
=== Unmount error (device mapper) ===<br />
<br />
If you always get a message "device-mapper: remove ioctl failed: Device or resource busy" when attempting to dismount your truecrypt volume, the solution is to goto: Setting > Preferences > System Integration > Kernel Service and check the box<br />
Do not use kernel cryptographic services<br />
{{Note|I have only seen this with a truecrypt partition. Not with a truecrypt file.}}<br />
<br />
=== Mount error (device mapper, truecrypt partition) ===<br />
<br />
When attempting to mount your truecrypt volume, a message like this one may appear:<br />
<br />
Error: device-mapper: create ioctl failed: Device or resource busy<br />
Command failed<br />
If so, run:<br />
# cryptsetup remove /dev/mapper/truecrypt1<br />
<br />
=== Failed to set up a loop device ===<br />
<br />
If you get a message "Failed to set up a loop device" when trying to create/mount a TrueCrypt volume, it may be because you updated your kernel recently without rebooting.<br />
Rebooting should fix this error.<br />
<br />
Otherwise, check if ''loop'' has been loaded as kernel module:<br />
<br />
$ lsmod | grep loop<br />
<br />
If not listed, retry the TrueCrypt command after {{ic|modprobe loop}}. Should it work, consider to add ''loop'' to the modules in {{ic|/etc/modules-load.d}}:<br />
<br />
# tee /etc/modules-load.d/truecrypt.conf <<< "loop"<br />
<br />
{{Note|As of udev 181-5, the loop device module is no longer auto-loaded, and the procedure described here is necessary.}}<br />
<br />
== See also ==<br />
<br />
* [http://www.truecrypt.org/ TrueCrypt homepage]<br />
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]<br />
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt tutorial on HowToForge]<br />
* [http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ There is a good chance the CIA has a backdoor?] (via [https://secure.wikimedia.org/wikipedia/en/wiki/Truecrypt wp])</div>Medhefgohttps://wiki.archlinux.org/index.php?title=Disable_PC_speaker_beep&diff=226919Disable PC speaker beep2012-10-05T09:26:23Z<p>Medhefgo: GTK+</p>
<hr />
<div>[[Category:Sound]]<br />
[[bg:Disable PC Speaker Beep]]<br />
[[cs:Disable PC Speaker Beep]]<br />
[[es:Disable PC Speaker Beep]]<br />
[[ko:Disable PC Speaker Beep]]<br />
[[ru:Disable PC Speaker Beep]]<br />
[[uk:Disable PC Speaker Beep]]<br />
[[zh-CN:Disable PC Speaker Beep]]<br />
== Introduction ==<br />
<br />
The computer often seems to make beep noises or other sounds at various times, whether we want them or not. They come from various sources, and as such, you may be able to configure if or when they occur.<br />
<br />
Further, the sounds from the computer can be heard from the built-in case speaker, or the speakers which are plugged into the sound card. This article deals primarily with the former.<br />
<br />
The sounds are caused by the BIOS (Basic Input/Output System), the OS (Operating System), the DE (Desktop Environment), or various software programs. The BIOS is a particularly troublesome problem because it is kept inside an EPROM chip on the motherboard, and the only direct control the user has is by turning the power on or off. Unless the BIOS setup has a setting you can adjust or you wish to attempt to reprogram that chip with the proper light source, it is not likely you will be able to change it at all. BIOS-generated beep sounds are not addressed here, except to say that unplugging your computer case speaker will stop all such sounds from being heard. (Do so at your own risk.)<br />
<br />
However, everything else which can cause a sound to come out of the computer case speaker can be handled with the suggestions listed below.<br />
<br />
One should also note that the option of turning off a particular instance of a sound, while leaving the others operational, is possible if one can identify which portion of the environment is the source of the particular sound generation. This can make a very customized selection of attention-getting sounds possible. Please feel free to add your findings to this wiki page when you find particular examples of settings combinations which may be useful for other users.<br />
<br />
==Globally==<br />
The PC speaker can be disabled by [[Kernel modules#Removal|unloading]] the {{ic|pcspkr}} module:<br />
# rmmod pcspkr<br />
<br />
[[Kernel modules#Blacklisting|Blacklisting]] the {{ic|pcspkr}} module will prevent [[udev]] from loading it at boot.<br />
<br />
== Locally ==<br />
<br />
=== In X ===<br />
<br />
$ xset -b<br />
<br />
You can add this command to a startup file, such as [[xprofile]] to make it permanent.<br />
<br />
=== In console ===<br />
<br />
You can add this command in {{ic|/etc/profile}} or a dedicated file like {{ic|/etc/profile.d/disable-beep.sh}} (must be executable):<br />
setterm -blength 0<br />
<br />
Another way is to add or uncomment this line in {{ic|/etc/inputrc}} or {{ic|~/.inputrc}}:<br />
set bell-style none<br />
<br />
=== Using ALSA ===<br />
<br />
Try muting the PC Speaker:<br />
$ amixer set 'PC Speaker' 0% mute<br />
<br />
For certain sound cards, it is the PC Beep:<br />
$ amixer set 'PC Beep' 0% mute<br />
<br />
Or merely Beep:<br />
$ amixer set 'Beep' 0% mute<br />
<br />
You can also use alsamixer for a console GUI<br />
$ alsamixer<br />
<br />
Scroll to PC beep and press 'M' to mute. Save your alsa settings:<br />
# alsactl store<br />
<br />
In order for this method to work, {{ic|alsa}} must be in your [[rc.conf#Daemons|{{ic|DAEMONS}} array]] in {{ic|/etc/rc.conf}}.<br />
<br />
{{Note|Not every sound card creates a PC Speaker or PC Beep slider control in alsamixer.}}<br />
<br />
=== In GNOME/Metacity ===<br />
<br />
In Gconf set '''{{ic|/apps/metacity/general/audible_bell}}''' to '''{{ic|false}}:'''<br />
$ gconftool-2 -s -t string /apps/metacity/general/audible_bell false<br />
<br />
=== GTK+ ===<br />
<br />
Append this line to your .gtkrc-2.0 and to the [Settings] section of $XDG_CONFIG_HOME/gtk-3.0/settings.ini:<br />
gtk-error-bell = 0<br />
<br />
==See also==<br />
* Have a look at these {{ic|man}} pages for further information: {{ic|xset(1)}}, {{ic|setterm(1)}}, {{ic|readline(3)}}.<br />
* [[Kernel modules]]</div>Medhefgohttps://wiki.archlinux.org/index.php?title=Systemd&diff=225665Systemd2012-09-27T15:24:52Z<p>Medhefgo: /* Time zone */</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Daemons and system services]]<br />
[[Category:Boot process]]<br />
[[es:Systemd]]<br />
[[fr:Systemd]]<br />
[[it:Systemd]]<br />
[[ru:Systemd]]<br />
[[zh-CN:Systemd]]<br />
{{Article summary start}}<br />
{{Article summary text|Covers how to install and configure systemd.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Systemd/Services}}<br />
{{Article summary wiki|Init to systemd cheatsheet}}<br />
{{Article summary wiki|udev}} - systemd and udev have been merged upstream.<br />
{{Article summary end}}<br />
From the [http://freedesktop.org/wiki/Software/systemd project web page]:<br />
<br />
''"'''systemd''' is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and [[D-Bus]] activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux [[cgroups|control groups]], supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit."''<br />
<br />
{{Note|For a detailed explanation as to why Arch is switching to systemd, see: [https://bbs.archlinux.org/viewtopic.php?pid&#61;1149530#p1149530 this forum post].}}<br />
<br />
See also the [[Wikipedia:Systemd|Wikipedia article]].<br />
<br />
== Things to consider before you switch ==<br />
<br />
* It is highly recommended to switch to the new '''initscripts''' configuration system described in the [[rc.conf|rc.conf article]]. Once you have this configuration established, you will have done most of the work needed to make the switch to systemd.<br />
* Do [http://freedesktop.org/wiki/Software/systemd/ some reading] about systemd.<br />
* Note the fact that systemd has a '''journal''' system that replaces '''syslog''', although the two can co-exist. See the [[#Journald_in_conjunction_with_a_classic_syslog_daemon|section on the journal]] below.<br />
* Do not worry about systemd's plans to replace the functionality of '''cron''', '''acpid''', or '''xinetd'''. These are not things you need to worry about just yet. For now, you can continue to use your traditional daemons for these tasks.<br />
<br />
== Installation ==<br />
systemd can be installed side-by-side with the regular Arch Linux {{pkg|initscripts}} package, and they can be toggled by adding/removing the {{Ic|1=init=/bin/systemd}} [[kernel parameters|kernel parameter]].<br />
<br />
=== A pure systemd installation ===<br />
<br />
# Install {{Pkg|systemd}} from the [[Official Repositories|official repositories]].<br />
# Add {{ic|1=init=/bin/systemd}} to the [[Kernel parameters|kernel parameters]] in your bootloader.<br />
# Create [[#Native systemd configuration files|systemd configuration files]].<br />
# [[#Using_Units|Enable daemons]] formerly listed in {{ic|/etc/rc.conf}} with {{ic|systemctl enable ''daemonname.'''service''' ''}}. For a translation of the daemons from {{ic|/etc/rc.conf}} to systemd services, see: [[Daemon#List_of_Daemons|List of Daemons]] and [[Systemd/Services|Services]]<br />
# Reboot and remove the {{ic|1=init=...}} entry.<br />
# Manually remove {{pkg|initscripts}}, and then install {{Pkg|systemd-sysvcompat}}.<br />
<br />
=== A mixed systemd installation ===<br />
<br />
# Install {{Pkg|systemd}} from the [[Official Repositories|official repositories]]<br />
# Add {{ic|1=init=/bin/systemd}} to the [[Kernel parameters|kernel parameters]] in your bootloader.<br />
# We recommend that you use [[#Native systemd configuration files|native systemd configuration files]] instead of Arch's classic configuration files. You can still use {{ic|/etc/rc.conf}} to configure a few variables if the native configuration files do not exist, but support will be dropped in the future.<br />
# If you want to keep using syslog log files alongside the systemd journal, follow the instructions described in the [[#Journald_in_conjunction_with_a_classic_syslog_daemon|section on the journal]], below.<br />
<br />
=== Supplementary information ===<br />
{{Note|1=In a pure systemd installation, installing {{pkg|systemd-sysvcompat}} replaces {{pkg|sysvinit}} and creates symlinks to halt, reboot, etc. You must manually remove {{pkg|initscripts}} to install {{pkg|systemd-sysvcompat}} [https://bbs.archlinux.org/viewtopic.php?id=148042].}}<br />
{{Tip|If you have {{ic|quiet}} in your kernel parameters, you should remove it for your first couple of systemd boots, to assist with identifying any issues during boot.}}<br />
{{Warning|{{ic|/usr}} must be mounted and available at bootup (this is not particular to systemd). If your {{ic|/usr}} is on a separate partition, you will need to make accommodations to mount it from the initramfs and unmount it from a pivoted root on shutdown. See [[Mkinitcpio#/usr_as_a_separate_partition|the mkinitcpio wiki page]] and [http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken freedesktop.org#separate-usr-is-broken].}}<br />
<br />
== Native systemd configuration files ==<br />
{{Note|You may need to create these files.}}<br />
{{Pkg|systemd}} will use {{ic|/etc/rc.conf}} if these files are absent. Note this is temporary and not a long-term solution. It is strongly advised to use the systemd configuration files on any system.<br />
=== Hostname ===<br />
{{hc|/etc/hostname|myhostname}}<br />
<br />
=== Console and keymap ===<br />
The {{ic|/etc/vconsole.conf}} file configures the virtual console, i.e. keyboard mapping and console font.<br />
{{hc|/etc/vconsole.conf|<nowiki><br />
KEYMAP=us<br />
FONT=lat9w-16<br />
FONT_MAP=8859-1_to_uni</nowiki>}}<br />
<br />
For more info see [[Fonts#Console_fonts|Console fonts]] and [[KEYMAP#Keyboard_layouts|Keymap]].<br />
<br />
=== Locale ===<br />
Read {{ic|man locale.conf}} for more options:<br />
{{hc|/etc/locale.conf|<nowiki><br />
LANG=en_US.UTF-8<br />
LC_COLLATE=C</nowiki>}}<br />
For more info see [[Locale]].<br />
<br />
=== Time zone ===<br />
Read {{ic|man 5 localtime}} for more options.<br />
# ln -sf ../usr/share/zoneinfo/America/Chicago /etc/localtime<br />
{{Note|{{ic|/etc/timezone}} has been deprecated in {{ic|systemd-190}} and should be deleted.}}<br />
<br />
=== Hardware clock time ===<br />
Systemd will use UTC for the hardware clock by default and this is recommended. Dealing with daylight saving time is messy. If the DST changes when your computer is off, your clock will be wrong on next boot ([http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html there is a lot more to it]). Recent kernels set the system time from the RTC directly on boot without using {{ic|hwclock}}, the kernel will always assume that the RTC is in UTC. This means that if the RTC is in local time, then the system time will first be set up wrongly and then corrected shortly afterwards on every boot. This is possibly the reason for certain weird bugs (time going backwards is rarely a good thing).<br />
<br />
The reason for allowing the RTC to be in local time is to allow dual boot with Windows ([http://blogs.msdn.com/b/oldnewthing/archive/2004/09/02/224672.aspx which uses localtime]). Windows is able to deal with the RTC being in UTC with a simple [[Time#UTC_in_Windows|registry fix]]. If you run into issues on dual boot with Windows, you can set the hardware clock to local time. Contrary to popular belief, systemd supports this:<br />
<br />
{{hc|/etc/adjtime|<br />
0.0 0.0 0.0<br />
0<br />
LOCAL}}<br />
<br />
The other parameters are still needed but are ignored by systemd.<br />
<br />
It is generally advised to have a [[NTP|Network Time Protocol daemon]] running to keep the hardware clock synchronized with the system time.<br />
<br />
=== Kernel modules loaded during boot ===<br />
systemd uses {{ic|/etc/modules-load.d/}} to configure kernel modules to load during boot in a static list. Each configuration file is named in the style of {{ic|/etc/modules-load.d/<program>.conf}}. The configuration files should simply contain a list of kernel module names to load, separated by newlines. Empty lines and lines whose first non-whitespace character is {{ic|#}} or {{ic|;}} are ignored. Example:<br />
{{hc|/etc/modules-load.d/virtio-net.conf|<nowiki><br />
# Load virtio-net.ko at boot<br />
virtio-net</nowiki>}}<br />
See also [[Modprobe#Options]].<br />
<br />
=== Kernel modules blacklist ===<br />
Module blacklisting works the same way as with {{Pkg|initscripts}} since it is actually handled by {{Pkg|kmod}}. See [[Kernel_modules#Blacklisting|Module Blacklisting]] for details.<br />
<br />
=== Temporary files ===<br />
Systemd-tmpfiles uses the configuration files in {{ic|/usr/lib/tmpfiles.d/}} and {{ic|/etc/tmpfiles.d/}} to describe the creation, cleaning and removal of volatile and temporary files and directories which usually reside in directories such as {{ic|/run}} or {{ic|/tmp}}. Each configuration file is named in the style of {{ic|/etc/tmpfiles.d/<program>.conf}}. This will also override any files in {{ic|/usr/lib/tmpfiles.d/}} with the same name.<br />
<br />
tmpfiles are usually provided together with service files to create directories which are expected to exist by certain daemons. For example the [[Samba]] daemon expects the directory {{ic|/var/run/samba}} to exist and to have the correct permissions. The corresponding tmpfile looks like this:<br />
{{hc|/usr/lib/tmpfiles.d/samba.conf|<br />
D /var/run/samba 0755 root root<br />
}}<br />
<br />
However, tmpfiles may also be used to write values into certain files on boot. For example, if you use {{ic|/etc/rc.local}} to disable wakeup from USB devices with {{ic|echo USBE > /proc/acpi/wakeup}}, you may use the following tmpfile instead:<br />
{{hc|/etc/tmpfiles.d/disable-usb-wake.conf|<br />
w /proc/acpi/wakeup - - - - USBE<br />
}}<br />
The tmpfiles method is recommended in this case since systemd doesn't actually support {{ic|/etc/rc.local}}.<br />
<br />
See {{ic|man tmpfiles.d}} for details.<br />
<br />
=== Remote filesystem mounts ===<br />
systemd automatically makes sure that remote filesystem mounts like [[NFS]] or [[Samba]] are only started after the network has been set up. Therefore remote filesystem mounts specified in {{ic|/etc/fstab}} should work out of the box.<br />
<br />
You may however want to use [[#Automount|Automount]] for remote filesystem mounts to mount them only upon access. Furthermore you can use the {{ic|1=x-systemd.device-timeout=#}} option in {{ic|/etc/fstab}} to specify a timeout in case the network resource is not available.<br />
<br />
See {{ic|man systemd.mount}} for details.<br />
<br />
=== Replacing acpid with systemd ===<br />
Systemd can handle some power-related ACPI events. This is configured via the following options in {{ic|/etc/systemd/logind.conf}}:<br />
* {{ic|HandlePowerKey}}: specifies which action is invoked when the power key is pressed<br />
* {{ic|HandleSuspendKey}}: specifies which action is invoked when the suspend key is pressed<br />
* {{ic|HandleHibernateKey}}: specifies which action is invoked when the hibernate key is pressed<br />
* {{ic|HandleLidSwitch}}: specifies which action is invoked when the lid is closed<br />
<br />
The specified action can be one of {{ic|ignore}}, {{ic|poweroff}}, {{ic|reboot}}, {{ic|halt}}, {{ic|suspend}}, {{ic|hibernate}} or {{ic|kexec}}. See {{ic|man logind.conf}} for details.<br />
<br />
These options should not be used on desktop environments like [[GNOME]] and [[Xfce]] since these handle ACPI events by themselves. However, on systems which run no graphical setup or only a simple window manager like [[i3]] or [[awesome]], this may replace the [[acpid]] daemon which is usually used to react to these ACPI events.<br />
<br />
=== Sleep hooks ===<br />
<br />
Systemd does not use [[pm-utils]] to put the machine to sleep when using {{ic|systemctl suspend}} or {{ic|systemctl hibernate}}, therefore [[pm-utils]] hooks including any [[Pm-utils#Creating_your_own_hooks|custom hooks]] created will not be run. However, systemd provides a similar mechanism to run custom scripts on these events. Systemd runs all executables in {{ic|/usr/lib/systemd/system-sleep/}} and passes two arguments to each of them:<br />
<br />
* Argument 1: either {{ic|pre}} or {{ic|post}}, depending on whether the machine is going to sleep or waking up<br />
* Argument 2: either {{ic|suspend}} or {{ic|hibernate}}, depending on what has been invoked<br />
<br />
In contrast to [[pm-utils]], systemd will run these scripts in parallel and not one after another.<br />
<br />
The output of your script will be logged by {{ic|systemd-suspend.service}} or {{ic|systemd-hibernate.service}} so you can see its output in the [[Systemd#Systemd Journal|journal]].<br />
<br />
Note that you can also use {{ic|sleep.target}}, {{ic|suspend.target}} or {{ic|hibernate.target}} to hook units into the sleep state logic instead of using scripts.<br />
<br />
See {{ic|man systemd.special}} and {{ic|man systemd-sleep}} for more information.<br />
<br />
==== Example ====<br />
{{hc|/usr/lib/systemd/system-sleep/example.sh|<nowiki><br />
#!/bin/sh<br />
<br />
case "$1" in<br />
pre )<br />
echo going to $2 ...<br />
;;<br />
post )<br />
echo waking up from $2 ...<br />
;;<br />
esac</nowiki>}}<br />
<br />
=== Unit ===<br />
A unit configuration file encodes information about a service, a socket, a device, a mount point, an automount point, a swap file or partition, a start-up target, a file system path or a timer controlled and supervised by systemd. The syntax is inspired by XDG Desktop Entry Specification .desktop files, which are in turn inspired by Microsoft Windows .ini files. See {{ic|man systemd.unit}} for more info.<br />
<br />
== Systemd commands ==<br />
<br />
*{{ic|systemctl}}: used to introspect and control the state of the systemd system and service manager.<br />
*{{ic|systemd-cgls}}: recursively shows the contents of the selected Linux control group hierarchy in a tree<br />
*{{ic|systemadm}}: a graphical frontend for the systemd system and service manager that allows introspection and control of systemd (available via the {{AUR|systemd-ui-git}} package from the [[AUR]]).<br />
<br />
View the man pages for more details. <br />
<br />
{{Tip|You can use all of the following {{ic|systemctl}} commands with the {{ic|-H <user>@<host>}} switch to control a systemd instance on a remote machine. This will use [[SSH]] to connect to the remote systemd instance.}}<br />
<br />
=== Analyzing the system state ===<br />
<br />
List running units:<br />
<br />
{{bc|$ systemctl}}<br />
<br />
or:<br />
<br />
{{bc|$ systemctl list-units}}<br />
<br />
List failed units:<br />
<br />
{{bc|$ systemctl --failed}}<br />
<br />
The available unit files can be seen in {{ic|/usr/lib/systemd/system/}} and {{ic|/etc/systemd/system/}} (the latter takes precedence). You can see list installed unit files by:<br />
{{bc|$ systemctl list-unit-files}}<br />
<br />
=== Using Units ===<br />
<br />
Units can be, for example, services ({{ic|.service}}), mount points ({{ic|.mount}}), devices ({{ic|.device}}) or sockets ({{ic|.socket}}).<br />
When using {{ic|systemctl}}, you generally have to specify the complete name of the unit file, including its suffix, for example {{ic|sshd.socket}}. There are however a few shortforms when specifying the unit in the following {{ic|systemctl}} commands:<br />
* If you don't specify the suffix, systemctl will assume {{ic|.service}}. For example, {{ic|netcfg}} and {{ic|netcfg.service}} are treated equivalent. {{Note|This currently does not work with the commands {{ic|enable}} and {{ic|disable}}.}}<br />
* Mount points will automatically be translated into the appropriate {{ic|.mount}} unit. For example, specifying {{ic|/home}} is equivalent to {{ic|home.mount}}.<br />
* Similiar to mount points, devices are automatically translated into the appropriate {{ic|.device}} unit, therefore specifying {{ic|/dev/sda2}} is equivalent to {{ic|dev-sda2.device}}.<br />
<br />
See {{ic|man systemd.unit}} for details.<br />
<br />
Activate a unit immediately:<br />
<br />
{{bc|# systemctl start <unit>}}<br />
<br />
Deactivate a unit immediately:<br />
<br />
{{bc|# systemctl stop <unit>}}<br />
<br />
Restart a unit:<br />
<br />
{{bc|# systemctl restart <unit>}}<br />
<br />
Ask a unit to reload its configuration:<br />
<br />
{{bc|# systemctl reload <unit>}}<br />
<br />
Show the status of a unit, including whether it is running or not:<br />
<br />
{{bc|$ systemctl status <unit>}}<br />
<br />
Check whether a unit is already enabled or not:<br />
<br />
{{bc|$ systemctl is-enabled <unit>}}<br />
<br />
Enable a unit to be started on bootup:<br />
<br />
{{bc|# systemctl enable <unit>}}<br />
<br />
{{Note| If services do not have an Install section, it usually means they are called automatically by other services. But if you need to install them manually, use the following command, replacing ''foo'' with the name of the service.<br />
<br />
{{bc|# ln -s /usr/lib/systemd/system/''foo''.service /etc/systemd/system/graphical.target.wants/}}<br />
<br />
}}<br />
<br />
Disable a unit to not start during bootup:<br />
<br />
{{bc|# systemctl disable <unit>}}<br />
<br />
Show the manual page associated with a unit (this has to be supported by the unit file):<br />
<br />
{{bc|$ systemctl help <unit>}}<br />
<br />
=== Power Management ===<br />
<br />
If you are in a local {{ic|systemd-logind}} or [[ConsoleKit]] user session and no other session is active, the following commands will work without root privileges. If not (for example, because another user is logged into a tty), systemd will automatically ask you for the root password (see also [[#Replacing_ConsoleKit_with_systemd-logind|Replacing ConsoleKit with systemd-logind]]).<br />
<br />
Shut down and reboot the system:<br />
<br />
{{bc|$ systemctl reboot}}<br />
<br />
Shut down and power-off the system:<br />
<br />
{{bc|$ systemctl poweroff}}<br />
<br />
Shut down and halt the system:<br />
<br />
{{bc|$ systemctl halt}}<br />
<br />
Suspend the system:<br />
<br />
{{bc|$ systemctl suspend}}<br />
<br />
Hibernate the system:<br />
<br />
{{bc|$ systemctl hibernate}}<br />
<br />
== Runlevels/targets ==<br />
Runlevels is a legacy concept in systemd. Systemd uses ''targets'' which serve a similar purpose as runlevels but act a little different. Each ''target'' is named instead of numbered and is intended to serve a specific purpose with the possibility of having multiple ones active at the same time. Some ''targets'' are implemented by inheriting all of the services of another ''target'' and adding additional services to it. There are systemd ''target''s that mimic the common SystemVinit runlevels so you can still switch ''target''s using the familiar {{ic|telinit RUNLEVEL}} command. <br />
<br />
=== Get current runlevel/targets ===<br />
The following should be used under systemd instead of {{ic|runlevel}}:<br />
{{bc|1=# systemctl list-units --type=target}}<br />
<br />
=== Create custom target ===<br />
The runlevels that are assigned a specific purpose on vanilla Fedora installs; 0, 1, 3, 5, and 6; have a 1:1 mapping with a specific systemd ''target''. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd ''target'' as {{ic|/etc/systemd/system/<your target>}} that takes one of the existing runlevels as a base (you can look at {{ic|/usr/lib/systemd/system/graphical.target}} as an example), make a directory {{ic|/etc/systemd/system/<your target>.wants}}, and then symlink the additional services from {{ic|/usr/lib/systemd/system/}} that you wish to enable.<br />
<br />
=== Targets table ===<br />
{| border="1"<br />
!SysV Runlevel!!Systemd Target!!Notes<br />
|-<br />
| 0 || runlevel0.target, poweroff.target || Halt the system.<br />
|-<br />
| 1, s, single || runlevel1.target, rescue.target || Single user mode.<br />
|-<br />
| 2, 4 || runlevel2.target, runlevel4.target, multi-user.target || User-defined/Site-specific runlevels. By default, identical to 3.<br />
|-<br />
| 3 || runlevel3.target, multi-user.target || Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.<br />
|-<br />
| 5 || runlevel5.target, graphical.target || Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.<br />
|-<br />
| 6 || runlevel6.target, reboot.target || Reboot<br />
|-<br />
| emergency || emergency.target || Emergency shell<br />
|-<br />
|}<br />
<br />
=== Change current runlevels ===<br />
In systemd runlevels are exposed via "target units". You can change them like this:<br />
{{bc|# systemctl isolate graphical.target}}<br />
This will only change the current runlevel, and has no effect on the next boot. This is equivalent to commands such as {{ic|telinit 3}} or {{ic|telinit 5}} in Sysvinit.<br />
<br />
=== Change default runlevel/target to boot into ===<br />
The standard target is {{ic|default.target}}, which is aliased by default to {{ic|graphical.target}} (which roughly corresponds to the old runlevel 5). To change the default target at boot-time, append one of the following kernel parameters to your bootloader:<br />
* {{ic|1=systemd.unit=multi-user.target}} (which roughly corresponds to the old runlevel 3),<br />
* {{ic|1=systemd.unit=rescue.target}} (which roughly corresponds to the old runlevel 1).<br />
<br />
Alternatively, you may leave the bootloader alone and change {{ic|default.target}}. This can be done using {{ic|systemctl}}:<br />
{{bc|# systemctl enable multi-user.target}}<br />
<br />
The effect of this command is outputted by {{ic|systemctl}}; a symlink to the new default target is made at {{ic|/etc/systemd/system/default.target}}. This works if, and only if:<br />
[Install]<br />
Alias=default.target<br />
is in the target's configuration file. Currently, {{ic|multi-user.target}} and {{ic|graphical.target}} both have it.<br />
<br />
== Running DEs under systemd ==<br />
<br />
=== Using display manager ===<br />
To enable graphical login, run your preferred [[Display Manager]] daemon (e.g. [[KDM]]). At the moment, service files exist for [[GDM]], [[KDM]], [[SLiM]], [[XDM]] and [[LXDM]].<br />
<br />
{{bc|# systemctl enable kdm.service}}<br />
<br />
This should work out of the box. If not, you might have a {{ic|default.target}} set manually or from a older install:<br />
<br />
{{hc|# ls -l /etc/systemd/system/default.target|/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target}}<br />
<br />
Simply delete the symlink and systemd will use its stock {{ic|default.target}} (i.e. {{ic|graphical.target}}).<br />
<br />
{{bc|# rm /etc/systemd/system/default.target}}<br />
<br />
=== Using service file ===<br />
{{Note|Using this method there will be no PAM session created for your user. Therefore ConsoleKit (which gives you access to shutdown/reboot, audio devices etc.) will not work properly. For the recommended way, see: [[#Replacing_ConsoleKit_with_systemd-logind|Replacing ConsoleKit with systemd-logind]] and [[Automatic_login_to_virtual_console#With_systemd]].}}<br />
If you are only looking for a simple way to start X directly without a display manager, you can create a service file similar to this:<br />
<br />
{{hc|/etc/systemd/system/graphical.target.wants/xinit.service|<nowiki><br />
[Unit]<br />
Description=Direct login to X<br />
After=systemd-user-sessions.service<br />
<br />
[Service]<br />
ExecStart=/bin/su <username> -l -c "/bin/bash --login -c xinit"<br />
<br />
[Install]<br />
WantedBy=graphical.target<br />
</nowiki>}}<br />
<br />
== Systemd Journal ==<br />
Since version 38 systemd has an own logging system, the journal.<br />
<br />
By default, running a syslog daemon is no longer required. To read the log, use:<br />
{{bc|# journalctl}}<br />
The journal writes to {{ic|/run/systemd/journal}}, meaning logs will be lost on reboot. For non-volatile logs, create {{ic|/var/log/journal/}}:<br />
{{bc|# mkdir /var/log/journal/}}<br />
<br />
=== Filtering output ===<br />
<br />
{{ic|journalctl}} allows you to filter the output by specific fields.<br />
<br />
Examples:<br />
<br />
Show all messages by a specific executable:<br />
{{bc|# journalctl /usr/lib/systemd/systemd}}<br />
<br />
Show all messages by a specific process:<br />
{{bc|1=# journalctl _PID=1}}<br />
<br />
Show all messages by a specific unit:<br />
{{bc|1=# journalctl _SYSTEMD_UNIT=netcfg.service}}<br />
<br />
See {{ic|man journalctl}} and {{ic|systemd.journal-fields}} for details.<br />
<br />
=== Journal size limit ===<br />
<br />
If the journal is made non-volatile, its size limit is set to a default value of 10% of the size of the respective file system. E.g. with {{ic|/var/log/journal}} located on a 50 GiB root partition this would lead to 5 GiB of journal data. The maximum size of the persistent journal can be controlled by {{ic|SystemMaxUse}} in {{ic|/etc/systemd/journald.conf}}, so to limit it for example to 50 MiB uncomment and edit the corresponding line to:<br />
{{bc|1=SystemMaxUse=50M}}<br />
Refer to {{ic|man journald.conf}} for more info.<br />
<br />
===Journald in conjunction with a classic syslog daemon===<br />
Compatibility with classic syslog implementations is provided via a<br />
socket {{ic|/run/systemd/journal/syslog}}, to which all messages are forwarded.<br />
To make the syslog daemon work with the journal, it has to bind to this socket instead of {{ic|/dev/log}} ([http://lwn.net/Articles/474968/ official announcement]). For syslog-ng, change the {{ic|source src}} section in {{ic|/etc/syslog-ng/syslog-ng.conf}} to:<br />
{{bc|<nowiki><br />
source src {<br />
unix-dgram("/run/systemd/journal/syslog");<br />
internal();<br />
file("/proc/kmsg");<br />
};</nowiki>}}<br />
<br />
and enable syslog-ng:<br />
{{bc|# systemctl enable syslog-ng.service}}<br />
<br />
== Network ==<br />
=== Dynamic (DHCP) with dhcpcd ===<br />
If you simply want to use DHCP for your Ethernet connection, you can use {{ic|dhcpcd@.service}} (provided by the {{Pkg|dhcpcd}} package).<br />
To enable DHCP for {{ic|eth0}}, simply use:<br />
# systemctl start dhcpcd@eth0.service<br />
<br />
You can enable the service to automatically start at boot with:<br />
# systemctl enable dhcpcd@eth0.service<br />
<br />
=== Other configurations ===<br />
For static, wireless or advanced network configuration like bridging you can use [[Netcfg#systemd_support|netcfg]] or [[NetworkManager#Enable_NetworkManager_under_Native_systemd_system|NetworkManager]] which both provide systemd service files.<br />
{{Note|If you want to use netcfg, networkmanager or another software for managing the network you don't need to start/enable dhcpcd as seen on the previous paragraph.}}<br />
<br />
If you need a static Ethernet configuration, but don't want to use [[netcfg]], there is a custom service file available on the [[Systemd/Services#Network|Systemd/Services page]].<br />
<br />
== Arch integration ==<br />
=== Initscripts emulation ===<br />
Integration with Arch's classic configuration is provided by the {{Pkg|initscripts}} package. This is simply meant as a transitional measure to ease users' move to systemd.<br />
<br />
{{Note|{{ic|/etc/inittab}} is not used at all.}}<br />
<br />
If you disabled {{keypress|Ctrl+Alt+Del}} to reboot in {{ic|/etc/inittab}}, you will have to reconfigure this setting for systemd by running {{ic|systemctl mask ctrl-alt-del.target}} as root.<br />
<br />
==== rc.conf ====<br />
Some variables in {{ic|/etc/rc.conf}} are respected by this glue work. For a pure systemd setup, it is recommended to use the [[Systemd#Native_systemd_configuration_files|native systemd configuration files]] which will take precedence over {{ic|/etc/rc.conf}}.<br />
<br />
Supported variables:<br />
* {{ic|LOCALE}}<br />
* {{ic|KEYMAP}}<br />
* {{ic|CONSOLEFONT}}<br />
* {{ic|CONSOLEMAP}}<br />
* {{ic|HOSTNAME}}<br />
* {{ic|DAEMONS}}<br />
<br />
Not supported variables and systemd configuration:<br />
* {{ic|TIMEZONE}}: Please symlink {{Ic|/etc/localtime}} to your zoneinfo file manually.<br />
* {{ic|HARDWARECLOCK}}: See [[Systemd#Hardware clock time|Hardware clock time]].<br />
* {{ic|USELVM}}: use {{ic|lvm.service}} provided by {{Pkg|lvm2}} instead.<br />
* {{ic|USECOLOR}}<br />
* {{ic|MODULES}}<br />
<br />
=== Total conversion to native systemd ===<br />
{{Note|This is the preferred method, where the system does not rely on {{ic|rc.conf}} centralised configuration anymore, but uses native systemd configuration files.}}<br />
<br />
Follow system configuration as explained in [[#Native_systemd_configuration_files]]. Each file replaces one section of {{ic|/etc/rc.conf}} as shown in that table:<br />
{| class="wikitable"<br />
|-<br />
! scope="col"| Configuration<br />
! scope="col"| Configuration file(s)<br />
! scope="col"| Legacy {{ic|/etc/rc.conf}} section<br />
|-<br />
| align="center"|Hostname<br />
| align="left"|{{ic|/etc/hostname}}<br />
{{ic|/etc/hosts}}<br />
| align="center"|{{ic|NETWORKING}}<br />
|-<br />
| align="center"|Console fonts and Keymap<br />
| align="left"|{{ic|/etc/vconsole.conf}}<br />
| align="center"|{{ic|LOCALIZATION}}<br />
|-<br />
| align="center"|Locale<br />
| align="left"|{{ic|/etc/locale.conf}}<br />
{{ic|/etc/locale.gen}}<br />
| align="center"|{{ic|LOCALIZATION}}<br />
|-<br />
| align="center"|Time zone<br />
| align="left"|{{ic|/etc/timezone}}<br />
{{ic|/etc/localtime}}<br />
| align="center"|{{ic|LOCALIZATION}}<br />
|-<br />
| align="center"|Hardware clock<br />
| align="left"|{{ic|/etc/adjtime}}<br />
| align="center"|{{ic|LOCALIZATION}}<br />
|-<br />
| align="center"|Kernel modules<br />
| align="left"|{{ic|/etc/modules-load.d/}}<br />
| align="center"|{{ic|HARDWARE}}<br />
|}<br />
<br />
For legacy purposes, the '''DAEMONS''' section in {{ic|/etc/rc.conf}} is still compatible with systemd and can be used to start services at boot, even with a "pure" systemd service management. Alternatively, you may remove the {{ic|/etc/rc.conf}} file entirely and enable services in systemd. For each {{ic|<service_name>}} in the '''DAEMONS''' array in {{ic|/etc/rc.conf}}, type:<br />
# systemctl enable <service_name>.service<br />
{{Tip|For a list of commonly used daemons with their initscripts and systemd equivalents, see [[Daemon#List_of_Daemons|this table]].}}<br />
<br />
If {{ic|<service_name>.service}} does not exist:<br />
* the service file may not be available for systemd. In that case, you'll need to keep {{ic|rc.conf}} to start the service during boot up.<br />
* systemd may name services differently, e.g. {{ic|cronie.service}} replaces {{ic|crond}} init daemon; {{ic|alsa-store.service}} and {{ic|alsa-restore.service}} replace the {{ic|alsa}} init daemon. Another important instance is the {{ic|network}} daemon, which is replaced with another set of service files (see [[#Network]] for more details.)<br />
{{Tip|You may look inside a package that contains daemon start scripts for service names. For instance:<br />
$ pacman -Ql cronie<br />
[...]<br />
cronie /etc/rc.d/crond #<-- daemon initscript listed in the DAEMONS array (unused in a "pure" systemd configuration)<br />
[...]<br />
cronie /usr/lib/systemd/system/cronie.service #<-- corresponding systemd daemon service<br />
[...]<br />
}}<br />
* systemd will automatically handle the start order of these daemons.<br />
* some services do not need to be explicitly enabled by the user. For instance, {{ic|dbus.service}} will automatically be enabled when {{ic|dbus-core}} is installed. Check the list of available services and their state using the {{ic|systemctl}} command.<br />
<br />
==Writing custom .service files==<br />
===Handling dependencies===<br />
With systemd, dependencies can be resolved by designing the unit files correctly. The most typical case is that the unit {{ic|A}} requires the unit {{ic|B}} to be running before {{ic|A}} is started. In that case add {{ic|1=Requires=B}} and {{ic|1=After=B}} to the {{ic|[Unit]}} section of {{ic|A}}. If the dependency is optional, add {{ic|1=Wants=B}} and {{ic|1=After=B}} instead. Note that {{ic|1=Wants=}} and {{ic|1=Requires=}} do not imply {{ic|1=After=}}, meaning that if {{ic|1=After=}} is not specified, the two units will be started in parallel.<br />
<br />
Dependencies are typically placed on services and not on targets. For example, {{ic|network.target}} is pulled in by whatever service configures your network interfaces, therefore ordering your custom unit after it is sufficient since {{ic|network.target}} is started anyway.<br />
<br />
===Type===<br />
There are several different start-up types to consider when writing a custom service file. This is set with the {{ic|1=Type=}} parameter in the {{ic|[Service]}} section. See {{ic|man systemd.service}} for a more detailed explanation.<br />
* {{ic|1=Type=simple}}: systemd considers the service to be started up immediately. The process must not fork. Do not use this type if other services need to be ordered on this service, unless it is socket activated.<br />
* {{ic|1=Type=forking}}: systemd considers the service started up once the process forks and the parent has exited. For classic daemons use this type unless you know that it is not necessary. You should specify {{ic|1=PIDFile=}} as well so systemd can keep track of the main process.<br />
* {{ic|1=Type=oneshot}}: This is useful for scripts that do a single job and then exit. You may want to set {{ic|1=RemainAfterExit=}} as well so that systemd still considers the service as active after the process has exited.<br />
* {{ic|1=Type=notify}}: Identical to {{ic|1=Type=simple}}, but with the stipulation that the daemon will send a signal to systemd when it is ready. The reference implementation for this notification is provided by {{ic|libsystemd-daemon.so}}.<br />
* {{ic|1=Type=dbus}}: The service is considered ready when the specified {{ic|BusName}} appears on DBus's system bus.<br />
<br />
===Replacing provided unit files===<br />
The unit files in {{ic|/etc/systemd/system/}} take precedence over the ones in {{ic|/usr/lib/systemd/system/}}.<br />
To make your own version of a unit (which will not be destroyed by an upgrade), copy the old unit file from {{ic|/usr/lib/}} to {{ic|/etc/}} and make your changes there. Alternatively you can use {{ic|.include}} to parse an existing service file and then override or add new options. For example, if you simply want to add an additional dependency to a service file, you may use:<br />
{{hc|/etc/systemd/system/<service-name>.service|<br />
<nowiki><br />
.include /usr/lib/systemd/system/<service-name>.service<br />
<br />
[Unit]<br />
Requires=<new dependency><br />
After=<new dependency><br />
</nowiki>}}<br />
Then run the following for your changes to take effect:<br />
# systemctl reenable <unit><br />
# systemctl restart <unit><br />
{{Tip|You can use {{ic|systemd-delta}} to see which unit files have been overridden and what exactly has been changed.}}<br />
<br />
===Syntax highlighting for systemd unit files within Vim===<br />
Syntax highlighting for systemd unit files within [[Vim]] can be enabled by installing {{AUR|vim-systemd}} from the [[Arch User Repository|AUR]].<br />
<br />
== FAQ ==<br />
For an up-to-date list of known issues, look at the upstream [http://cgit.freedesktop.org/systemd/systemd/tree/TODO TODO].<br />
<br />
{{FAQ<br />
|question=Why are my console fonts ugly?<br />
|answer=If no font is set in {{ic|/etc/vconsole.conf}} (or alternatively {{ic|/etc/rc.conf}}), then a standard font will be used. The standard font is chosen due to it supporting a wide range of character sets. Set your preferred font to fix the issue.}}<br />
<br />
{{FAQ<br />
|question=Why do I get log messages on my console?<br />
|answer=You must set the kernel loglevel yourself. Historically, {{ic|/etc/rc.sysinit}} did this for us and set dmesg loglevel to {{ic|3}}, which was a reasonably quiet loglevel. Either add {{ic|1=loglevel=3}} or {{ic|quiet}} to your [[kernel parameters]].}}<br />
<br />
{{FAQ<br />
|question=How do I change the number of gettys running by default?<br />
|answer=To add another getty, simply place another symlink for instantiating another getty in the {{ic|/etc/systemd/system/getty.target.wants/}} directory:<br />
<br />
{{bc|<nowiki># ln -sf /usr/lib/systemd/system/getty@.service /etc/systemd/system/getty.target.wants/getty@tty9.service<br />
# systemctl daemon-reload<br />
# systemctl start getty@tty9.service</nowiki>}}<br />
<br />
To remove a getty, simply remove the getty symlinks you want to get rid of in the {{ic|/etc/systemd/system/getty.target.wants/}} directory:<br />
<br />
{{bc|<nowiki># rm /etc/systemd/system/getty.target.wants/getty@tty5.service /etc/systemd/system/getty.target.wants/getty@tty6.service<br />
# systemctl daemon-reload<br />
# systemctl stop getty@tty5.service getty@tty6.service</nowiki>}}<br />
<br />
systemd does not use the {{ic|/etc/inittab}} file.<br />
<br />
{{Note|As of systemd 30, only 1 getty will be launched by default. If you switch to another tty, a getty will be launched there (socket-activation style). You can still force additional agetty processes to start using the above methods.}}}}<br />
<br />
{{FAQ<br />
|question=How do I get more verbose output during boot?<br />
|answer=If you see no output at all in console after the initram message, this means you have the {{ic|quiet}} parameter in your kernel line. It's best to remove it, at least the first time you boot with systemd, to see if everything is ok. Then, You will see a list {{ic|[ OK ]}} in green or {{ic|[ FAILED ]}} in red.<br />
<br />
Any messages are logged to the system log and if you want to find out about the status of your system run {{ic|systemctl}} (no root privileges required) or look at the boot/system log with {{ic|journalctl}}.<br />
}}<br />
<br />
{{FAQ<br />
|question=How do I avoid clearing the console after boot?<br />
|answer=Create a custom {{ic|getty@tty1.service}} file by copying {{ic|/usr/lib/systemd/system/getty@.service}} to {{ic|/etc/systemd/system/getty.target.wants/getty@tty1.service}} and change {{ic|TTYVTDisallocate}} to {{ic|no}}.<br />
}}<br />
<br />
{{FAQ<br />
|question=What kernel options do I need to enable in my kernel in case I do not use the official Arch kernel?<br />
|answer=Kernels prior to 2.6.39 are unsupported.<br />
<br />
This is a partial list of required/recommended options, there might be more:<br />
<br />
{{bc|<nowiki><br />
CONFIG_AUDIT=y (recommended)<br />
CONFIG_AUDIT_LOGINUID_IMMUTABLE=y (not required, may break sysvinit compat)<br />
CONFIG_CGROUPS=y<br />
CONFIG_IPV6=[y|m] (highly recommended)<br />
CONFIG_UEVENT_HELPER_PATH=""<br />
CONFIG_DEVTMPFS=y<br />
CONFIG_DEVTMPFS_MOUNT=y (required if you don't use an initramfs)<br />
CONFIG_RTC_DRV_CMOS=y (highly recommended)<br />
CONFIG_FANOTIFY=y (required for readahead)<br />
CONFIG_AUTOFS4_FS=[y|m]<br />
CONFIG_TMPFS_POSIX_ACL=y (recommended, if you want to use pam_systemd.so)<br />
CONFIG_NAMESPACES=y (for Private*=yes)<br />
CONFIG_NET_NS=y (for PrivateNetwork=yes)<br />
CONFIG_FHANDLE=y<br />
</nowiki>}}}}<br />
<br />
{{FAQ<br />
|question=What other units does a unit depend on?<br />
|answer=For example, if you want to figure out which services a target like {{ic|multi-user.target}} pulls in, use something like this: <br />
{{hc|$ systemctl show -p "Wants" multi-user.target|2=Wants=rc-local.service avahi-daemon.service rpcbind.service NetworkManager.service acpid.service dbus.service atd.service crond.service auditd.service ntpd.service udisks.service bluetooth.service cups.service wpa_supplicant.service getty.target modem-manager.service portreserve.service abrtd.service yum-updatesd.service upowerd.service test-first.service pcscd.service rsyslog.service haldaemon.service remote-fs.target plymouth-quit.service systemd-update-utmp-runlevel.service sendmail.service lvm2-monitor.service cpuspeed.service udev-post.service mdmonitor.service iscsid.service livesys.service livesys-late.service irqbalance.service iscsi.service}}<br />
<br />
Instead of {{ic|Wants}} you might also try {{ic|WantedBy}}, {{ic|Requires}}, {{ic|RequiredBy}}, {{ic|Conflicts}}, {{ic|ConflictedBy}}, {{ic|Before}}, {{ic|After}} for the respective types of dependencies and their inverse.}}<br />
<br />
{{FAQ<br />
|question=My computer shuts down, but the power stays on.<br />
|answer=Use:<br />
$ systemctl poweroff<br />
Instead of {{ic|systemctl halt}}.}}<br />
<br />
{{FAQ<br />
|question=After migrating to systemd, why won't my fakeRAID mount?<br />
|answer=Be sure you use {{bc|# systemctl enable dmraid.service}}<br />
}}<br />
<br />
{{FAQ<br />
|question=How can I make a script start during the boot process?<br />
|answer=Create a new file in {{ic|/etc/systemd/system}} (e.g. ''myscript''.service) and add the following contents:<br />
{{bc|<nowiki><br />
[Unit]<br />
Description=My script<br />
<br />
[Service]<br />
ExecStart=/usr/bin/my-script<br />
<br />
[Install]<br />
WantedBy=multi-user.target <br />
</nowiki>}}<br />
Then<br />
{{bc|# systemctl enable ''myscript''.service}}<br />
This example assumes you want your script to start up when the target multi-user is launched.<br />
}}<br />
<br />
{{FAQ<br />
|question=Status of .service says "active (exited)" in green. (e.g. iptables)<br />
|answer=This is perfectly normal.<br />
In the case with iptables it is because there is no daemon to run, it is controlled in the kernel. Therefore it exits after the rules have been loaded.<br />
<br />
To check if your iptables rules have been loaded properly:<br />
{{bc|iptables --list}}<br />
}}<br />
<br />
== Optimization ==<br />
=== systemd-analyze ===<br />
Systemd provides a tool called {{ic|systemd-analyze}} that allows you to analyze your boot process so you can see which unit files are causing your boot process to slow down. You can then optimize your system accordingly. You have to install {{Pkg|python2-dbus}} and {{Pkg|python2-cairo}} to use it.<br />
<br />
To see how much time was spent in kernel-/userspace on boot, simply use:<br />
{{bc|$ systemd-analyze}}<br />
{{Tip|If you add the {{ic|timestamp}} hook to your {{ic|HOOKS}} array in {{ic|/etc/mkinitcpio.conf}} and rebuild your initramfs, {{ic|systemd-analyze}} will also be able to show you how much time was spent in the initramfs.}}<br />
<br />
To list the started unit files, sorted by the time each of them took to start up:<br />
{{bc|$ systemd-analyze blame}}<br />
<br />
You can also create a SVG file which describes your boot process grapically, similiar to [[Bootchart]]:<br />
{{bc|$ systemd-analyze plot > plot.svg}}<br />
<br />
====Enabling bootchart in conjunction with systemd====<br />
You can use a version of bootchart to visualize the boot sequence.<br />
Since you are not able to put a second init into the kernel command line you won't be able to use any of the standard bootchart setups. However the {{AUR|bootchart2}} package from [[AUR]] comes with an undocumented systemd service. After you've installed bootchart2 do:<br />
{{bc|# systemctl enable bootchart.service}}<br />
Read the [https://github.com/mmeeks/bootchart bootchart documentation] for further details on using this version of bootchart.<br />
<br />
=== Shell Shortcuts ===<br />
systemd daemon management requires a bit more text entry to accomplish tasks such as start, stopped, enabling, checking status, etc. The following functions can be added to one's {{ic|~/.bashrc}} file to help streamline interactions with systemd and to improve the overall experience.<br />
<br />
{{bc|<nowiki>if ! systemd-notify --booted; then # not using systemd<br />
start() {<br />
sudo rc.d start $1<br />
}<br />
<br />
restart() {<br />
sudo rc.d restart $1<br />
}<br />
<br />
stop() {<br />
sudo rc.d stop $1<br />
}<br />
else<br />
start() {<br />
sudo systemctl start $1<br />
}<br />
<br />
restart() {<br />
sudo systemctl restart $1<br />
}<br />
<br />
stop() {<br />
sudo systemctl stop $1<br />
}<br />
<br />
enable() {<br />
sudo systemctl enable $1<br />
}<br />
<br />
status() {<br />
sudo systemctl status $1<br />
}<br />
<br />
disable() {<br />
sudo systemctl disable $1<br />
}<br />
fi<br />
</nowiki>}}<br />
<br />
=== Less output ===<br />
Change {{ic|verbose}} to {{ic|quiet}} on the bootloader's kernel line. For some systems, particularly those with an SSD, the slow performance of the TTY is actually a bottleneck, and so less output means faster booting.<br />
<br />
=== Early start ===<br />
One central feature of systemd is [[D-Bus]] and socket activation, this causes services to be started when they are first accessed, and is generally a good thing. However, if you know that a service (like [[ConsoleKit]]) will always be started during boot, then the overall boot time might be reduced by starting it as early as possible. This can be achieved (if the service file is set up for it, which in most cases it is) by issuing:<br />
<br />
{{bc|# systemctl enable console-kit-daemon.service}}<br />
<br />
This will cause systemd to start ConsoleKit as soon as possible, without causing races with the socket or D-Bus activation.<br />
<br />
=== Automount ===<br />
The default setup will fsck and mount all filesystems before starting most daemons and services. If you have a large {{ic|/home}} partition, it might be better to allow services that do not depend on {{ic|/home}} to start while {{ic|/home}} is being fsck'ed. This can be achieved by adding the following options to the fstab entry of your {{ic|/home}} partition:<br />
<br />
noauto,x-systemd.automount<br />
<br />
This will fsck and mount {{ic|/home}} when it is first accessed, and the kernel will buffer all file access to {{ic|/home}} until it is ready.<br />
<br />
If you have encrypted filesystems with keyfiles, you can also add the {{ic|noauto}} parameter to the corresponding entries in {{ic|/etc/crypttab}}. systemd will then not open the encrypted device on boot, but instead wait until it is actually accessed and then automatically open it with the specified keyfile before mounting it. This might save a few seconds on boot if you are using an encrypted RAID device for example, because systemd doesn't have to wait for the device to become available. For example:<br />
{{hc|/etc/crypttab|data /dev/md0 /root/key noauto}}<br />
<br />
=== Readahead ===<br />
systemd comes with its own readahead implementation, this should in principle improve boot time. However, depending on your kernel version and the type of your hard drive, your mileage may vary (i.e. it might be slower). To enable, do:<br />
<br />
{{bc|<nowiki># systemctl enable systemd-readahead-collect.service systemd-readahead-replay.service</nowiki>}}<br />
<br />
Remember that in order for the readahead to work its magic, you should reboot a couple of times.<br />
<br />
=== Replacing ConsoleKit with systemd-logind ===<br />
Starting with {{Pkg|polkit}} 0.107 (currently in [testing]), [[ConsoleKit]] can be completely replaced by {{ic|systemd-logind}}. However, there is currently no Display Manager in the Arch Linux repositories which natively supports {{ic|systemd-logind}} without still depending on [[ConsoleKit]]. The easiest method to be able to remove [[ConsoleKit]] is to [[Automatic_login_to_virtual_console#With_systemd|automatically login to a virtual console]] and [[Start_X_at_Boot|start X from there]]. It is important that, as mentioned in the latter article, the X server is started on the same virtual console that you log in to, otherwise systemd can not keep track of the user session. You can then simply remove {{ic|ck-launch-session}} from your {{ic|~/.xinitrc}}.<br />
<br />
In order to check the status of your user session, you can use {{ic|loginctl}}. To see if your user session is properly set up, check if the following command contains {{ic|1=Active=yes}}. All {{Pkg|polkit}} actions like suspending the system or mounting external drives with [[Udisks]] should then work automatically.<br />
$ loginctl show-session <session-id><br />
<br />
{{Note|If you use [[NetworkManager]], you have to recompile it with systemd support from the [[ABS]] by setting {{ic|1=--with-session-tracking=systemd}} in the [[PKGBUILD]].}}<br />
<br />
== Troubleshooting ==<br />
=== Shutdown/Reboot takes terribly long ===<br />
If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. systemd waits some time for each service to exit before trying to kill it.<br />
To find out if you are affected see [http://freedesktop.org/wiki/Software/systemd/Debugging#Shutdown_Completes_Eventually this article].<br />
==== SLiM and xfce-session ====<br />
One setup that can produce a shutdown freeze is Xfce in conjunction with SLiM: Shutting down/rebooting using xfce-session will cause slim.service to hang for half a minute until systemd kills it the hard way.<br />
One workaround is to create a modified {{ic|slim.service}}:<br />
{{hc|/etc/systemd/system/slim.service|<nowiki><br />
[Unit]<br />
Description=SLiM Simple Login Manager<br />
After=systemd-user-sessions.service<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/lock/slim.lock<br />
ExecStart=/usr/bin/slim -d<br />
ExecStop=/bin/kill -9 $MAINPID<br />
ExecStopPost=/bin/rm /var/lock/slim.lock<br />
<br />
[Install]<br />
WantedBy=graphical.target</nowiki>}}<br />
This causes SLiM to be terminated using SIGKILL. Since the lock file is also removed this does not cause a problem.<br />
<br />
=== If some services are failing to start ===<br />
<br />
If your {{ic|/var/tmp}} is a symbolic link to {{ic|/tmp}}, expect some services to fail when started via systemd. In these cases, the failure status of the processes (via {{ic|systemctl status <service>}}) will be "226/NAMESPACE". To overcome this blocker, simply remove your {{ic|/var/tmp}} symlink and reinstall the {{pkg|filesystem}} package.<br />
<br />
=== Disable warning bell ===<br />
Add command {{ic|xset -b}} to the {{ic|.xinitrc}} file.<br />
Discussion on [https://bbs.archlinux.org/viewtopic.php?pid=1148781 this] forum topic.<br />
<br />
== See also==<br />
*[http://www.freedesktop.org/wiki/Software/systemd Official Web Site]<br />
*[http://0pointer.de/public/systemd-man/ Manual Pages]<br />
*[http://freedesktop.org/wiki/Software/systemd/Optimizations systemd Optimizations]<br />
*[http://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions FAQ]<br />
*[http://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks Tips And Tricks]<br />
*[http://0pointer.de/public/systemd-ebook-psankar.pdf systemd for Administrators (PDF)]<br />
*[http://fedoraproject.org/wiki/Systemd About systemd on Fedora Project]<br />
*[http://fedoraproject.org/wiki/How_to_debug_Systemd_problems How to debug Systemd problems]<br />
*[http://www.h-online.com/open/features/Booting-up-Tools-and-tips-for-systemd-1570630.html Booting up: Tools and tips for systemd, a Linux init tool. In The H]<br />
*[http://0pointer.de/blog/projects/systemd.html Lennart's blog story]<br />
*[http://0pointer.de/blog/projects/systemd-update.html status update]<br />
*[http://0pointer.de/blog/projects/systemd-update-2.html status update2]<br />
*[http://0pointer.de/blog/projects/systemd-update-3.html status update3]<br />
*[http://0pointer.de/blog/projects/why.html most recent summary]</div>Medhefgohttps://wiki.archlinux.org/index.php?title=Systemd&diff=211727Systemd2012-07-01T12:44:21Z<p>Medhefgo: Document hardware clock in local time (yes, systemd does support it!)</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Daemons and system services]]<br />
[[Category:Boot process]]<br />
[[fr:Systemd]]<br />
[[it:Systemd]]<br />
[[ru:Systemd]]<br />
[[zh-CN:Systemd]]<br />
{{Article summary start}}<br />
{{Article summary text|'''systemd''' is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and [[D-Bus]] activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux [[cgroups]], supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit.}}<br />
<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Systemd/Services}}<br />
{{Article summary end}}<br />
<br />
See [http://0pointer.de/blog/projects/systemd.html Lennart's blog story] for a longer introduction, the two [http://0pointer.de/blog/projects/systemd-update.html status] [http://0pointer.de/blog/projects/systemd-update-2.html updates] since then, and the [http://0pointer.de/blog/projects/why.html most recent summary]. Also see the [http://en.wikipedia.org/wiki/Systemd Wikipedia article] and the [http://freedesktop.org/wiki/Software/systemd project web page].<br />
<br />
== Installation ==<br />
To try out systemd on Arch you need to:<br />
<br />
* install {{Pkg|systemd}} (and its dependencies) from [core]<br />
* add {{Ic|1=init=/bin/systemd}} to your kernel cmdline in your bootloader<br />
<br />
systemd can be installed side-by-side with the regular Arch Linux initscripts, and they can be toggled by adding/removing the {{Ic|1=init=/bin/systemd}} kernel parameter. If you want a pure systemd setup you can remove {{Pkg|initscripts}} and install {{Pkg|systemd-sysvcompat}} which provides symlinks for {{ic|init}}, {{ic|reboot}} etc. You will then not have to specify the {{ic|1=init=}} parameter on your kernel cmdline.<br />
<br />
To take advantage of the systemd way of starting services, you might also want to install the {{Pkg|systemd-arch-units}} package.<br />
<br />
{{Warning|udev and many other pieces of software expect {{ic|/usr}} to be mounted and available at bootup. If your {{Ic|/usr}} is on a separate partition, you will need to make accommodations to mount it from the initramfs and unmount it from a pivoted root on shutdown. See [[Mkinitcpio#/usr_as_a_separate_partition|the mkinitcpio wiki page]] and [http://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken freedesktop.org#separate-usr-is-broken]}}<br />
<br />
{{Note|systemd will not automatically start all services from your old rc.conf/DAEMONS array. For example the Cron daemon will not be started automatically. You need to register it with systemd:<br />
systemctl enable cronie.service #when using cronie, which is the default in Arch<br />
}}<br />
<br />
== Native systemd configuration files ==<br />
{{Pkg|systemd}} will use {{ic|/etc/rc.conf}} if these files are absent.<br />
{{Note|You may need to create these files.}}<br />
=== Add a hostname ===<br />
{{hc|/etc/hostname|myhostname}}<br />
<br />
=== Console and keymap settings ===<br />
The {{ic|/etc/vconsole.conf}} file configures the virtual console, i.e. keyboard mapping and console font.<br />
{{hc|/etc/vconsole.conf|<nowiki><br />
KEYMAP=us<br />
FONT=lat9w-16<br />
FONT_MAP=8859-1_to_uni</nowiki>}}<br />
<br />
=== Locale settings ===<br />
Read {{ic|man locale.conf}} for more options <br />
{{hc|/etc/locale.conf|<nowiki><br />
LANG=en_US.UTF-8<br />
LC_COLLATE=C</nowiki>}}<br />
<br />
=== Timezone ===<br />
Read {{ic|man 5 timezone}} for more options <br />
{{hc|/etc/timezone|Europe/Minsk}}<br />
{{Note|This file does not obviate the need for /etc/localtime.}}<br />
<br />
=== Hardware clock time ===<br />
Systemd will use UTC for the hardware clock by default and this is recommended. Dealing with daylight saving time is messy. If the DST changes when your computer is off, your clock will be wrong on next boot ([http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html there is a lot more to it]). Recent kernels set the system time from the RTC directly on boot without using {{ic|hwclock}}, the kernel will always assume that the RTC is in UTC. This means that if the RTC is in local time, the the system time will first be set up wrongly and then corrected shortly afterwards on every boot. This is possibly the reason for certain weird bugs (time going backwards is rarely a good thing).<br />
<br />
The reason for allowing the RTC to be in local time is to allow dual boot with Windows ([http://blogs.msdn.com/b/oldnewthing/archive/2004/09/02/224672.aspx who uses localtime]). Windows is able to deal with the RTC being in UTC by setting the following DWORD registry key to 1:<br />
{{bc|HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\RealTimeIsUniversal}}<br />
<br />
{{Warning|On recent systems (Windows 7, Vista SP2) this setting prevents Windows from being able to update the system clock at all, and earlier versions do not work correctly when [http://social.msdn.microsoft.com/forums/en-US/tabletandtouch/thread/0b872d8a-69e9-40a6-a71f-45de90c6e243/ resuming from suspend or hibernate]. In addition, recent systems [http://support.microsoft.com/kb/2687252 may become unresponsive during Daylight Saving Time (DST) changeover] if RealTimeIsUniversal is set.}}<br />
<br />
If you run into issues on dual boot with Windows, you can set the hardware clock to local time. Contrary to popular belief, systemd supports this:<br />
{{hc|/etc/adjtime|<nowiki> <br />
0.0 0.0 0.0<br />
0<br />
LOCAL</nowiki>}}<br />
{{Note|The other parameters are still needed but are ignored by systemd.}}<br />
{{Note|It is generally advised to have a [[NTP|Network Time Protocol daemon]] running to keep the hardware clock synchronized with the system time.}}<br />
<br />
=== Configure kernel modules to load during boot ===<br />
systemd uses {{ic|/etc/modules-load.d/}} to configure kernel modules to load during boot in a static list. Each configuration file is named in the style of {{ic|/etc/modules-load.d/<program>.conf}}. The configuration files should simply contain a list of kernel module names to load, separated by newlines. Empty lines and lines whose first non-whitespace character is {{ic|#}} or {{ic|;}} are ignored. Example:<br />
{{hc|/etc/modules-load.d/virtio-net.conf|<nowiki><br />
# Load virtio-net.ko at boot<br />
virtio-net</nowiki>}}<br />
See also [[Modprobe#Options]]<br />
<br />
=== Configure kernel modules blacklist ===<br />
Module blacklisting works the same way as with {{Pkg|initscripts}} since it is actually handled by {{Pkg|kmod}}, see [[Kernel_modules#Blacklisting|Module Blacklisting]] for details.<br />
<br />
=== Describe temporary files ===<br />
Systemd-tmpfiles uses the configuration files in {{ic|/etc/tmpfiles.d/}} to describe the creation, cleaning and removal of volatile and temporary files and directories which usually reside in directories such as {{ic|/run}} or {{ic|/tmp}}. Each configuration file is named in the style of {{ic|/etc/tmpfiles.d/<program>.conf}}. This will also override any files in {{ic|/usr/lib/tmpfiles.d/}} with the same name.<br />
<br />
tmpfiles are usually provided together with service files to create directories which are expected to exist by certain daemons. For example the [[Samba]] daemon expects the directory {{ic|/var/run/samba}} to exist and to have the correct permissions. The corresponding tmpfile looks like this:<br />
{{hc|/usr/lib/tmpfiles.d/samba.conf|<br />
D /var/run/samba 0755 root root<br />
}}<br />
<br />
However, tmpfiles may also be used to write values into certain files on boot. For example, if you use {{ic|/etc/rc.local}} to disable wakeup from USB devices with {{ic|echo USBE > /proc/acpi/wakeup}}, you may use the following tmpfile instead:<br />
{{hc|/etc/tmpfiles.d/disable-usb-wake.conf|<br />
w /proc/acpi/wakeup - - - - USBE<br />
}}<br />
The tmpfiles method is recommended in this case since systemd doesn't actually support {{ic|/etc/rc.local}}.<br />
<br />
See {{ic|man tmpfiles.d}} for details.<br />
<br />
=== Systemd Journal ===<br />
Since version 38 systemd has an own logging system, the journal.<br />
<br />
By default, running a syslog daemon is no longer required. To read the log, use:<br />
{{bc|# journalctl}}<br />
The journal writes to {{ic|/run/systemd/journal}}, meaning logs will poof on reboot. For non-volatile logs, create {{ic|/var/log/journal/}}:<br />
{{bc|# mkdir /var/log/journal/}}<br />
<br />
==== journal size limit ====<br />
<br />
If the journal is made non-volatile, its size limit is set to a default value of 10% of the size of the respective file system. E.g. with {{ic|/var/log/journal}} located on a 50GiB root partition this would lead to 5GiB of journal data. The maximum size of the persistent journal can be controlled by {{ic|SystemMaxUse}} in {{ic|/etc/systemd/journald.conf}}, so to limit it for example to 50MiB uncomment and edit the corresponding line to:<br />
{{bc|1=SystemMaxUse=50M}}<br />
Look at {{ic|man journald.conf}} for more info.<br />
<br />
====Journald in conjunction with a classic syslog daemon====<br />
Compatibility with classic syslog implementations is provided via a<br />
socket {{ic|/run/systemd/journal/syslog}}, to which all messages are forwarded.<br />
To make the syslog daemon work with the journal, it has to bind to this socket instead of {{ic|/dev/log}} ([http://lwn.net/Articles/474968/ official announcement]). For syslog-ng change {{ic|/etc/syslog-ng/syslog-ng.conf}} source section to:<br />
{{bc|<nowiki><br />
source src {<br />
unix-dgram("/run/systemd/journal/syslog");<br />
internal();<br />
file("/proc/kmsg");<br />
};</nowiki>}}<br />
<br />
and enable (or reenable) syslog-ng:<br />
{{bc|# systemctl enable syslog-ng.service}}<br />
<br />
By default, journald is configured to read from {{ic|/proc/kmsg}}, but this will collide with a syslog implementation doing the same ([http://lists.freedesktop.org/archives/systemd-devel/2012-January/004310.html systemd-devel post]). Disable reading {{ic|/proc/kmsg}} by {{ic|systemd-journald}} in {{ic|/etc/systemd/journald.conf}}:<br />
ImportKernel=no<br />
<br />
=== Network ===<br />
==== Dynamic (DHCP) ====<br />
If you simply want to use DHCP for your ethernet connection, you can use {{ic|dhcpcd@.service}} from the {{Pkg|systemd-arch-units}} package.<br />
To enable DHCP for {{ic|eth0}}, simply use:<br />
# systemctl start dhcpcd@eth0.service<br />
<br />
You can enable the service to automatically start at boot with:<br />
# systemctl enable dhcpcd@.service<br />
Note that this will enable the service for {{ic|eth0}} by default. If you want to use another interface, you have to create the symlink manually, e.g.:<br />
# ln -s '/usr/lib/systemd/system/dhcpcd@.service' '/etc/systemd/system/multi-user.target.wants/dhcpcd@eth1.service'<br />
<br />
==== Other configurations ====<br />
For static, wireless or advanced network configuration like bridging you can use [[netcfg]] or [[NetworkManager]] which both provide systemd service files.<br />
<br />
If you need a static ethernet configuration, but don't want to use [[netcfg]], there is a custom service file available on the [[Systemd/Services#Network|Systemd/Services page]].<br />
<br />
=== Remote filesystem mounts ===<br />
If you have NFS mounts listed in {{ic|/etc/fstab}} then systemd will attempt to mount them but will typically do so too early (before networking has been configured). To get the timing correct we need to tell systemd explicitly that the mount depends on networking and {{ic|rpc.statd}}. To do this, create the following file:<br />
{{hc|/etc/systemd/system/<mount-unit-name>.mount|<nowiki><br />
[Unit]<br />
Description=<mountpoint><br />
Wants=rpc-statd.service<br />
After=network.target rpc-statd.service <br />
<br />
[Mount]<br />
What=<server>:<share><br />
Where=<mountpoint><br />
Type=nfs<br />
</nowiki>}}<br />
<br />
In the above:<br />
*{{ic|mount-unit-name}} is the full path to the mountpoint in an escaped format. For example, a mount unit for {{ic|/usr/local}} must be named {{ic|usr-local.mount}}.<br />
*{{ic|mountpoint}} is the local mountpoint<br />
*{{ic|server:share}} specifies the remote filesystem in the same manner as for {{ic|/etc/fstab}}<br />
<br />
See {{ic|systemd.unit(5)}} and {{ic|systemd.mount(5)}} for further details.<br />
<br />
A similar approach will probably be required for other remote filesystem types such as nfs4 and cifs.<br />
<br />
Alternatively, you can mark these entries in {{ic|/etc/fstab}} with the {{ic|1=x-systemd.automount}} and {{ic|1=x-systemd.device-timeout=#}} options (see {{ic|systemd.mount(5)}}). Make sure that if you also include {{ic|defaults}} as a mount option, that you override the implicit {{ic|auto}} with {{ic|noauto}}. This will cause the device to be mounted on first access, similar to [[Autofs]].<br />
<br />
== Using systemd ==<br />
<br />
*{{ic|systemctl}}: used to introspect and control the state of the systemd system and service manager.<br />
*{{ic|systemd-cgls}}: recursively shows the contents of the selected Linux control group hierarchy in a tree<br />
*{{ic|systemadm}}: a graphical frontend for the systemd system and service manager that allows introspection and control of systemd (avaiable via the {{AUR|systemd-ui-git}} package from the [[AUR]]).<br />
<br />
View the man pages for more details. <br />
<br />
{{Tip|You can use all of the following {{ic|systemctl}} commands with the {{ic|-H <user>@<host>}} switch to control a systemd instance on a remote machine. This will use [[SSH]] to connect to the remote systemd instance.}}<br />
<br />
=== Analyzing the system state ===<br />
<br />
List running units:<br />
<br />
{{bc|$ systemctl}}<br />
<br />
or:<br />
<br />
{{bc|$ systemctl list-units}}<br />
<br />
List failed units:<br />
<br />
{{bc|$ systemctl --failed}}<br />
<br />
The available unit files can be seen in {{ic|/usr/lib/systemd/system/}} and {{ic|/etc/systemd/system/}} (the latter takes precedence).<br />
<br />
=== Using Units ===<br />
<br />
Units can be services ({{ic|.service}}), mount points ({{ic|.mount}}) or sockets ({{ic|.sockets}}). When using {{ic|systemctl}}, you always have to specify the complete name of the unit file, including its suffix, for example {{ic|netcfg.service}}. See {{ic|man systemd.unit}} for details.<br />
<br />
Activate a unit immediately:<br />
<br />
{{bc|# systemctl start <unit>}}<br />
<br />
Deactivate a unit immediately:<br />
<br />
{{bc|# systemctl stop <unit>}}<br />
<br />
Restart a unit:<br />
<br />
{{bc|# systemctl restart <unit>}}<br />
<br />
Ask a unit to reload its configuration:<br />
<br />
{{bc|# systemctl reload <unit>}}<br />
<br />
Show the status of a unit, including whether it is running or not:<br />
<br />
{{bc|$ systemctl status <unit>}}<br />
<br />
Check whether a unit is already enabled or not:<br />
<br />
{{bc|$ systemctl is-enabled <unit>}}<br />
<br />
Enable a unit to be started on bootup:<br />
<br />
{{bc|# systemctl enable <unit>}}<br />
<br />
Disable a unit to not start during bootup:<br />
<br />
{{bc|# systemctl disable <unit>}}<br />
<br />
=== Power Management ===<br />
<br />
If you are in a local user session and no other session is active, the following commands will work without root privileges. If not, systemd will automatically ask you for the root password.<br />
<br />
Shut down and reboot the system:<br />
<br />
{{bc|$ systemctl reboot}}<br />
<br />
Shut down and power-off the system:<br />
<br />
{{bc|$ systemctl poweroff}}<br />
<br />
Shut down and halt the system:<br />
<br />
{{bc|$ systemctl halt}}<br />
<br />
Suspend the system:<br />
<br />
{{bc|$ systemctl suspend}}<br />
<br />
Hibernate the system:<br />
<br />
{{bc|$ systemctl hibernate}}<br />
<br />
== Runlevels/targets ==<br />
Runlevels is a legacy concept in systemd. Systemd uses ''targets'' which serve a similar purpose as runlevels but act a little different. Each ''target'' is named instead of numbered and is intended to serve a specific purpose with the possibility of having multiple ones active at the same time. Some ''targets'' are implemented by inheriting all of the services of another ''target'' and adding additional services to it. There are systemd ''target''s that mimic the common SystemVinit runlevels so you can still switch ''target''s using the familiar {{ic|telinit RUNLEVEL}} command. <br />
<br />
=== Get current runlevel/targets ===<br />
The following should be used under systemd instead of {{ic|runlevel}}:<br />
{{bc|1=# systemctl list-units --type=target}}<br />
<br />
=== Create custom target ===<br />
The runlevels that are assigned a specific purpose on vanilla Fedora installs; 0, 1, 3, 5, and 6; have a 1:1 mapping with a specific systemd ''target''. Unfortunately, there is no good way to do the same for the user-defined runlevels like 2 and 4. If you make use of those it is suggested that you make a new named systemd ''target'' as {{ic|/etc/systemd/system/<your target>}} that takes one of the existing runlevels as a base (you can look at {{ic|/usr/lib/systemd/system/graphical.target}} as an example), make a directory {{ic|/etc/systemd/system/<your target>.wants}}, and then symlink the additional services from {{ic|/usr/lib/systemd/system/}} that you wish to enable.<br />
<br />
=== Targets table ===<br />
{| border="1"<br />
!SysV Runlevel!!Systemd Target!!Notes<br />
|-<br />
| 0 || runlevel0.target, poweroff.target || Halt the system.<br />
|-<br />
| 1, s, single || runlevel1.target, rescue.target || Single user mode.<br />
|-<br />
| 2, 4 || runlevel2.target, runlevel4.target, multi-user.target || User-defined/Site-specific runlevels. By default, identical to 3.<br />
|-<br />
| 3 || runlevel3.target, multi-user.target || Multi-user, non-graphical. Users can usually login via multiple consoles or via the network.<br />
|-<br />
| 5 || runlevel5.target, graphical.target || Multi-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.<br />
|-<br />
| 6 || runlevel6.target, reboot.target || Reboot<br />
|-<br />
| emergency || emergency.target || Emergency shell<br />
|-<br />
|}<br />
<br />
=== Change current runlevels ===<br />
In systemd runlevels are exposed via "target units". You can change them like this:<br />
{{bc|# systemctl isolate graphical.target}}<br />
This will only change the current runlevel, and has no effect on the next boot.<br />
<br />
=== Change default runlevel/target to boot into ===<br />
The standard target is {{ic|default.target}}, which is aliased by default to {{ic|graphical.target}} (which roughly corresponds to the old runlevel 5). To change the default target at boot-time, append one of the following kernel parameters to your bootloader:<br />
* {{ic|1=systemd.unit=multi-user.target}} (which roughly corresponds to the old runlevel 3),<br />
* {{ic|1=systemd.unit=rescue.target}} (which roughly corresponds to the old runlevel 1).<br />
<br />
Alternatively, you may leave the bootloader alone and change {{ic|default.target}}. This can be done using {{ic|systemctl}}:<br />
{{bc|# systemctl enable multi-user.target}}<br />
<br />
The effect of this command is outputted by {{ic|systemctl}}; a symlink to the new default target is made at {{ic|/etc/systemd/system/default.target}}. This works if, and only if:<br />
[Install]<br />
Alias=default.target<br />
is in the target's configuration file. Currently, {{ic|multi-user.target}} and {{ic|graphical.target}} both have it.<br />
<br />
== Running DEs under systemd ==<br />
<br />
=== Using display manager ===<br />
To enable graphical login, run your preferred [[Display Manager]] daemon (e.g. [[KDM]]). At the moment, service files exist for [[GDM]], [[KDM]], [[SLiM]], [[XDM]] and [[LXDM]].<br />
<br />
{{bc|# systemctl enable kdm.service}}<br />
<br />
This should work out of the box. If not, you might have a {{ic|default.target}} set manually or from a older install:<br />
<br />
{{hc|# ls -l /etc/systemd/system/default.target|/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target}}<br />
<br />
Simply delete the symlink and systemd will use its stock {{ic|default.target}} (i.e. {{ic|graphical.target}}).<br />
<br />
{{bc|# rm /etc/systemd/system/default.target}}<br />
<br />
If {{ic|/etc/locale.conf}} is used for setting the locale, add an entry to {{ic|/etc/environment}}:<br />
{{hc|/etc/environment|<nowiki><br />
LANG=en_US.utf8</nowiki>}}<br />
<br />
=== Using service file ===<br />
{{Note|Using this method there will be no PAM session created for your user. Therefore ConsoleKit (which gives you access to shutdown/reboot, audio devices etc.) will not work properly. For the recommended way, see: [[Automatic_login_to_virtual_console#With_systemd]].}}<br />
If you are only looking for a simple way to start X directly without a display manager, you can create a service file similar to this:<br />
<br />
{{hc|/etc/systemd/system/graphical.target.wants/xinit.service|<nowiki><br />
[Unit]<br />
Description=Direct login to X<br />
After=systemd-user-sessions.service<br />
<br />
[Service]<br />
ExecStart=/bin/su <username> -l -c "/bin/bash --login -c xinit"<br />
<br />
[Install]<br />
WantedBy=graphical.target<br />
</nowiki>}}<br />
<br />
== Arch integration ==<br />
<br />
Integration with Arch's classic configuration is accomplished via the {{Pkg|initscripts-systemd}} package. This is an optional package containing unit files and scripts needed to emulate Arch's initscripts, which can be used to ease the transition from sysVinit to systemd.<br />
<br />
{{ic|/etc/inittab}} is not used at all.<br />
<br />
{{ic|/etc/rc.local}} and {{ic|/etc/rc.local.shutdown}} can be run at startup and shutdown by enabling {{ic|rc-local.service}} and {{ic|rc-local-shutdown.service}}.<br />
<br />
{{warning|Usage of this package is not recommended. In particular, {{ic|arch-load-modules.service}} and {{ic|arch-daemons.target}} are unsupported as a long-term solution and will be removed in the future. When ever possible, use native systemd configuration files instead.}}<br />
<br />
Most people will not need all (if any) of these units, and they can be easily disabled with:<br />
{{bc|# systemctl disable <unitfile>}}<br />
<br />
The plan is to remove most of the functionality from this package as soon as it is handled elsewhere (mostly in udev/systemd/kernel).<br />
<br />
=== rc.conf ===<br />
Some variables in {{ic|/etc/rc.conf}} are respected by this glue work. For a pure systemd setup it is recommended to use the [[Systemd#Native_systemd_configuration_files|native systemd configuration files]] which will take precedence over {{ic|/etc/rc.conf}}.<br />
<br />
Supported variables:<br />
* LOCALE<br />
* KEYMAP<br />
* CONSOLEFONT<br />
* CONSOLEMAP<br />
* HOSTNAME<br />
* MODULES<br />
* DAEMONS: Ordering and blacklisting is respected, if a native systemd service file by the same name as a daemon exists, it will take precedence, this logic can be disabled by {{ic|systemctl disable arch-daemons.target}}<br />
<br />
Not supported variables and systemd configuration:<br />
* TIMEZONE: Please symlink {{Ic|/etc/localtime}} to your zoneinfo file manually.<br />
* HARDWARECLOCK: See [[Systemd#Hardware clock time|Hardware clock time]].<br />
* USELVM: use {{ic|lvm.service}} provided by {{Pkg|systemd-arch-units}} instead.<br />
* USECOLOR<br />
<br />
The following is a brief description of the functionality of each of them. Alternative solutions are provided as a migration plan away from the functionality provided by this package.<br />
<br />
==== rc-local.service / rc-local-shutdown.service ====<br />
Runs {{ic|/etc/rc.local}} (resp., {{ic|/etc/rc.local.shutdown}}) on boot (resp., shutdown).<br />
<br />
==== arch-daemons.target ====<br />
Parses the {{ic|DAEMONS}} array in {{ic|/etc/rc.conf}} and starts the services. If a native systemd unit exists (by the same name) for a given daemon, this is used; otherwise, the script in {{ic|/etc/rc.d/}} is used to control the unit.<br />
<br />
Alternative: use native unit files from the {{Pkg|systemd-arch-units}} package.<br />
<br />
==== arch-modules-load.service ====<br />
Creates a list of modules to be loaded based on {{ic|/etc/rc.conf}} (see {{ic|/etc/modules-load.d/rc.conf}}). <br />
<br />
Alternative: create a {{ic|*.conf}} for your modules in [[Systemd#Configure_kernel_modules_to_load_during_boot|/etc/modules-load.d/]].<br />
<br />
== Helping out ==<br />
Currently, systemd is mostly at feature parity with Arch's initscripts. However, a lot more testing is needed. If you would like to help out, you can create service files and submit them upstream, or if this fails, directly to the [https://bugs.archlinux.org/ Arch Linux Bugtracker].<br />
<br />
== FAQ ==<br />
For an up-to-date list of known issues, look at the upstream [http://cgit.freedesktop.org/systemd/systemd/tree/TODO TODO].<br />
<br />
{{FAQ<br />
|question=Why are my console fonts ugly?<br />
|answer=If no font is set in {{ic|/etc/vconsole.conf}} (or alternatively {{ic|/etc/rc.conf}}), then a standard font will be used. The standard font is chosen due to it supporting a wide range of character sets. Set your preferred font to fix the issue.}}<br />
<br />
{{FAQ<br />
|question=Why do I get log messages on my console?<br />
|answer=You must set the kernel loglevel yourself. Historically, {{ic|/etc/rc.sysinit}} did this for us and set dmesg loglevel to {{ic|3}}, which was a reasonably quiet loglevel. Either add {{ic|1=loglevel=3}} or {{ic|quiet}} to your kernel cmdline.}}<br />
<br />
{{FAQ<br />
|question=How do I make a custom unit file?<br />
|answer=The unit files in {{ic|/etc/systemd/system/}} take precedence over the ones in {{ic|/usr/lib/systemd/system/}}. To make your own version of a unit (which will not be destroyed by an upgrade), copy the old unit file from {{ic|/usr/lib/}} to {{ic|/etc/}} and make your changes there. Alternatively you can use {{ic|.include}} to parse an existing service file and then add new options. For example, if you simply want to add an additional dependency to a service file, you may use:<br />
{{hc|/etc/systemd/system/<service-name>.service|<br />
<nowiki><br />
.include /usr/lib/systemd/system/<service-name>.service<br />
<br />
[Unit]<br />
Requires=<new dependency><br />
After=<new dependency><br />
</nowiki>}}<br />
}}<br />
{{FAQ<br />
|question=How do I change the number of gettys running by default?<br />
|answer=To add another getty:<br />
<br />
Simply place another symlink for instantiating another getty in the {{ic|/etc/systemd/system/getty.target.wants/}} directory:<br />
<br />
{{bc|<nowiki># ln -sf /usr/lib/systemd/system/getty@.service /etc/systemd/system/getty.target.wants/getty@tty9.service<br />
# systemctl daemon-reload<br />
# systemctl start getty@tty9.service</nowiki>}}<br />
<br />
To remove a getty:<br />
<br />
Simply remove the getty symlinks you want to get rid of in the {{ic|/etc/systemd/system/getty.target.wants/}} directory:<br />
<br />
{{bc|<nowiki># rm /etc/systemd/system/getty.target.wants/getty@tty5.service /etc/systemd/system/getty.target.wants/getty@tty6.service<br />
# systemctl daemon-reload<br />
# systemctl stop getty@tty5.service getty@tty6.service</nowiki>}}<br />
<br />
systemd does not use the {{ic|/etc/inittab}} file.<br />
<br />
{{Note|As of systemd 30, only 1 getty will be launched by default. If you switch to another tty, a getty will be launched there (socket-activation style). You can still force additional agetty processes to start using the above methods.}}}}<br />
<br />
{{FAQ<br />
|question=How do I get more verbose output during boot?<br />
|answer=If you see no output at all in console after the initram message, this means you have the {{ic|quiet}} parameter in your kernel line. It's best to remove it, at least the first time you boot with systemd, to see if everythin is ok. Then, You will see a list [ OK ] in green or [ FAILED ] in red.<br />
<br />
Any messages are logged to the system log and if you want to find out about the status of your system run {{ic|$ systemctl}} or look at the boot/system log with {{ic|journalctl}}.<br />
}}<br />
<br />
{{FAQ<br />
|question=How to avoid the console to be cleared after boot ?<br />
|answer=Create a custom getty@tty1.service file<br />
<br />
Copy /usr/lib/systemd/system/getty@.service to /etc/systemd/system/getty.target.wants/getty@tty1.service, and then edit the file:<br />
* add --noclear to the ExecStart line after agetty<br />
* switch TTYVTDisallocate to no<br />
}}<br />
<br />
{{FAQ<br />
|question=What kernel options do I need to enable in my kernel in case I do not use the official Arch kernel?<br />
|answer=Kernels prior to 2.6.39 are unsupported.<br />
<br />
This is a partial list of required/recommended options, there might be more:<br />
<br />
{{bc|<nowiki><br />
CONFIG_AUDIT=y (recommended)<br />
CONFIG_AUDIT_LOGINUID_IMMUTABLE=y (not required, may break sysvinit compat)<br />
CONFIG_CGROUPS=y<br />
CONFIG_IPV6=[y|m] (highly recommended)<br />
CONFIG_UEVENT_HELPER_PATH="" (if you don't use an initramfs)<br />
CONFIG_DEVTMPFS=y<br />
CONFIG_DEVTMPFS_MOUNT=y (recommended, if you don't use an initramfs)<br />
CONFIG_RTC_DRV_CMOS=y (highly recommended)<br />
CONFIG_FANOTIFY=y (required for readahead)<br />
CONFIG_AUTOFS4_FS=[y|m]<br />
CONFIG_TMPFS_POSIX_ACL=y (recommended, if you want to use pam_systemd.so)<br />
</nowiki>}}}}<br />
<br />
{{FAQ<br />
|question=What other units does a unit depend on?<br />
|answer=For example, if you want to figure out which services a target like {{ic|multi-user.target}} pulls in, use something like this: <br />
{{hc|$ systemctl show -p "Wants" multi-user.target|2=Wants=rc-local.service avahi-daemon.service rpcbind.service NetworkManager.service acpid.service dbus.service atd.service crond.service auditd.service ntpd.service udisks.service bluetooth.service cups.service wpa_supplicant.service getty.target modem-manager.service portreserve.service abrtd.service yum-updatesd.service upowerd.service test-first.service pcscd.service rsyslog.service haldaemon.service remote-fs.target plymouth-quit.service systemd-update-utmp-runlevel.service sendmail.service lvm2-monitor.service cpuspeed.service udev-post.service mdmonitor.service iscsid.service livesys.service livesys-late.service irqbalance.service iscsi.service netfs.service}}<br />
<br />
Instead of {{ic|Wants}} you might also try {{ic|WantedBy}}, {{ic|Requires}}, {{ic|RequiredBy}}, {{ic|Conflicts}}, {{ic|ConflictedBy}}, {{ic|Before}}, {{ic|After}} for the respective types of dependencies and their inverse.}}<br />
<br />
== Optimization ==<br />
=== systemd-analyze ===<br />
Systemd provides a tool called {{ic|systemd-analyze}} that allows you to analyze your boot process so you can see which unit files are causing your boot process to slow down. You can then optimize your system accordingly. You have to install {{Pkg|python2-dbus}} to use it.<br />
<br />
To see how much time was spent in kernel-/userspace on boot, simply use:<br />
systemd-analyze<br />
{{Tip|If you add the {{ic|timestamp}} hook to your {{ic|HOOKS}} array in {{ic|/etc/mkinitcpio.conf}} and rebuild your initramfs, {{ic|systemd-analyze}} will also be able to show you how much time was spent in the intramfs.}}<br />
<br />
To list the started unit files, sorted by the time each of them took to start up:<br />
systemd-analyze blame<br />
<br />
You can also create a SVG file which describes your boot process grapically, similiar to [[Bootchart]]:<br />
systemd-analyze plot > plot.svg<br />
<br />
====Enabling bootchart in conjunction with systemd====<br />
You can use a version of bootchart to visualize the boot sequence.<br />
Since you are not able to put a second init into the kernel cmdline you won't be able to use any of the standard bootchart setups. However the {{AUR|bootchart2}} package from [[AUR]] comes with an undocumented systemd service. After you've installed bootchart2 do:<br />
{{bc|# systemctl enable bootchart.service}}<br />
Read the [https://github.com/mmeeks/bootchart bootchart documentation] for further details on using this version of bootchart.<br />
<br />
=== Replacing acpid with systemd ===<br />
Systemd can handle some power-related ACPI events. This is configured via the following options in {{ic|/etc/systemd/logind.conf}}:<br />
* {{ic|HandlePowerKey}} : Power off the system when the power button is pressed<br />
* {{ic|HandleSleepKey}} : Suspend the system when the sleep key is pressed<br />
* {{ic|HandleLidSwitch}} : Suspend the system when the laptop lid is closed<br />
Depending on the value of these options, these events may for example only be triggered when no user is logged in ({{ic|no-session}}) or when only a single user session is active ({{ic|any-session}}). See {{ic|man logind.conf}} for details.<br />
<br />
These options should not be used on desktop environments like [[Gnome]] and [[XFCE]] since these handle ACPI events by themselves. However, on systems which run no graphical setup or only a simple window manager like [[i3]] or [[awesome]], this may replace the [[acpid]] daemon which is usually used to react to these ACPI events.<br />
<br />
=== Shell Shortcuts ===<br />
Systemd daemon management requires a bit more text entry to accomplish tasks such as start, stopped, enabling, checking status, etc. The following functions can be added one's {{ic|~/.bashrc}} to help streamline interactions with systemd and to improve the overall experience.<br />
<br />
<pre>if ! systemd-notify --booted; then # not using systemd<br />
start() {<br />
sudo rc.d start $1<br />
}<br />
<br />
restart() {<br />
sudo rc.d restart $1<br />
}<br />
<br />
stop() {<br />
sudo rc.d stop $1<br />
}<br />
else<br />
start() {<br />
sudo systemctl start $1.service<br />
}<br />
<br />
restart() {<br />
sudo systemctl restart $1.service<br />
}<br />
<br />
stop() {<br />
sudo systemctl stop $1.service<br />
}<br />
<br />
enable() {<br />
sudo systemctl enable $1.service<br />
}<br />
<br />
status() {<br />
sudo systemctl status $1.service<br />
}<br />
<br />
disable() {<br />
sudo systemctl disable $1.service<br />
}<br />
fi<br />
</pre><br />
<br />
=== Less output ===<br />
Change {{ic|verbose}} to {{ic|quiet}} on the kernel line in GRUB. For some systems, particularly those with an SSD, the slow performance of the TTY is actually a bottleneck, and so less output means faster booting.<br />
<br />
=== Early start ===<br />
One central feature of systemd is dbus and socket activation, this causes services to be started when they are first accessed, and is generally a good thing. However, if you know that a service (like console-kit) will always be started during boot, then the overall boot time might be reduced by starting it as early as possible. This can be achieved (if the service file is set up for it, which in most cases it is) by issuing:<br />
<br />
{{bc|# systemctl enable console-kit-daemon.service}}<br />
<br />
This will cause systemd to start console-kit as soon as possible, without causing races with the socket or dbus activation.<br />
<br />
=== Automount ===<br />
The default setup will fsck and mount all filesystems before starting most daemons and services. If you have a large {{ic|/home}} partition, it might be better to allow services that do not depend on {{ic|/home}} to start while {{ic|/home}} is being fsck'ed. This can be achieved by adding the following options to the fstab entry of your {{ic|/home}} partition:<br />
<br />
noauto,x-systemd.automount<br />
<br />
This will fsck and mount {{ic|/home}} when it is first accessed, and the kernel will buffer all file access to {{ic|/home}} until it is ready.<br />
<br />
If you have encrypted filesystems with keyfiles, you can also add the {{ic|noauto}} parameter to the corresponding entries in {{ic|/etc/crypttab}}. systemd will then not open the encrypted device on boot, but instead wait until it is actually accessed and then automatically open it with the specified keyfile before mounting it. This might save a few seconds on boot if you are using an encrypted RAID device for example, because systemd doesn't have to wait for the device to become available. For example:<br />
{{hc|/etc/crypttab|data /dev/md0 /root/key noauto}}<br />
<br />
=== Readahead ===<br />
systemd comes with its own readahead implementation, this should in principle improve boot time. However, depending on your kernel version and the type of your hard drive, your mileage may vary (i.e. it might be slower). To enable, do:<br />
<br />
{{bc|<nowiki># systemctl enable systemd-readahead-collect.service<br />
# systemctl enable systemd-readahead-replay.service</nowiki>}}<br />
<br />
Remember that in order for the readahead to work its magic, you should reboot a couple of times.<br />
<br />
=== User sessions ===<br />
systemd can divide user sessions into cgroups. Add {{ic|session optional pam_systemd.so}} to your relevant {{ic|/etc/pam.d/}} files (e.g., {{ic|login}} for tty logins, {{ic|sshd}} for remote access, {{ic|kde}} for password kdm logins, {{ic|kde-np}} for automatic kdm logins).<br />
<br />
Before:<br />
{{hc|$ systemd-cgls systemd:/system/getty@.service|<br />
systemd:/system/getty@.service:<br />
├ tty5<br />
│ └ 904 /sbin/agetty tty5 38400<br />
├ tty2<br />
│ ├ 13312 /bin/login --<br />
│ └ 15765 -zsh<br />
[…]}}<br />
After:<br />
{{hc|$ systemd-cgls systemd:/user/example/|<br />
systemd:/user/example/:<br />
├ 4<br />
│ ├ 902 /bin/login --<br />
│ └ 16016 -zsh<br />
[…]}}<br />
<br />
Further, you can replace [[ConsoleKit]]'s functionality with systemd. Be sure to do the above, then build polkit from [[ABS]] with systemd enabled, and stuffs like USB automounting will work without consolekit. Compiling dbus from Git is also needed for the DBus at_console policy checks, otherwise you'll have to create /var/run/console/$USER (and delete) manually.<br />
<br />
== Troubleshooting ==<br />
=== Shutdown/Reboot takes terribly long ===<br />
If the shutdown process takes a very long time (or seems to freeze) most likely a service not exiting is to blame. systemd waits some time for each service to exit before trying to kill it.<br />
To find out if you are affected see [http://fedoraproject.org/wiki/How_to_debug_Systemd_problems#Diagnosing_shutdown_problems this article] in the fedora wiki.<br />
==== SLiM and xfce-session ====<br />
One setup that can produce a shutdown freeze is Xfce in conjunction with SLiM: Shutting down/rebooting using xfce-session will cause slim.service to hang for half a minute until systemd kills it the hard way.<br />
One workaround is to create a modified slim.service:<br />
{{hc|/etc/systemd/system/slim.service|<nowiki><br />
[Unit]<br />
Description=SLiM Simple Login Manager<br />
After=systemd-user-sessions.service<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/lock/slim.lock<br />
ExecStart=/usr/bin/slim -d<br />
ExecStop=/bin/kill -9 $MAINPID<br />
ExecStopPost=/bin/rm /var/lock/slim.lock<br />
<br />
[Install]<br />
WantedBy=graphical.target</nowiki>}}<br />
This causes SLiM to be terminated using SIGKILL. Since the lock file is also removed this does not cause a problem.<br />
== See also==<br />
*[http://www.freedesktop.org/wiki/Software/systemd Official Web Site]<br />
*[http://0pointer.de/public/systemd-man/ Manual Pages]<br />
*[http://freedesktop.org/wiki/Software/systemd/Optimizations systemd Optimizations]<br />
*[http://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions FAQ]<br />
*[http://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks Tips And Tricks]<br />
*[http://0pointer.de/public/systemd-ebook-psankar.pdf systemd for Administrators (PDF)]<br />
*[http://bbs.archlinux.org/viewtopic.php?pid=792280 Discussion on the bbs.archlinux.org]<br />
*[http://en.gentoo-wiki.com/wiki/Systemd About systemd in Gentoo Wiki]<br />
*[http://fedoraproject.org/wiki/Systemd About systemd on Fedora Project]<br />
*[http://fedoraproject.org/wiki/How_to_debug_Systemd_problems How to debug Systemd problems]<br />
*[https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs Background information about systemd journal]<br />
*[http://www.h-online.com/open/features/Booting-up-Tools-and-tips-for-systemd-1570630.html Booting up: Tools and tips for systemd, a Linux init tool. In The H]</div>Medhefgohttps://wiki.archlinux.org/index.php?title=Lostfiles&diff=171426Lostfiles2011-11-28T12:10:53Z<p>Medhefgo: </p>
<hr />
<div>[[Category:Scripts (English)]]<br />
__NOTOC__<br />
'''Lostfiles''' is a script for detecting orphaned files (files which are not owned by any Arch Linux packages).<br />
<br />
The script ignores by default a series of directories where packages should not install files. Some files might appear as removed if they're placed in those directories which are not checked.<br />
<br />
== Script source ==<br />
<br />
#!/bin/bash<br />
<br />
# LostFiles v0.2<br />
# License: GPL v2.0 http://www.gnu.org/licenses/gpl.html<br />
<br />
# Initially scripted by the Arch Linux Community<br />
# Mircea Bardac (dev AT mircea.bardac.net)<br />
# http://mircea.bardac.net/<br />
# Modified by Jan Janssen<br />
<br />
# Description:<br />
# Search for files which are not part of installed Arch Linux packages<br />
<br />
# Usage:<br />
# lostfiles > changes<br />
# changes is a file containing a list of added/removed files<br />
<br />
if [ $UID != "0" ]; then<br />
echo "You must run this script as root." 1>&2<br />
exit<br />
fi<br />
comm -3 \<br />
<(pacman -Qlq | sed -e 's|/$||' | sort -u) \<br />
<(find / -not \( \<br />
-wholename '/dev' -prune -o \<br />
-wholename '/etc/ssl' -prune -o \<br />
-wholename '/home' -prune -o \<br />
-wholename '/lost+found' -prune -o \<br />
-wholename '/media' -prune -o \<br />
-wholename '/mnt' -prune -o \<br />
-wholename '/proc' -prune -o \<br />
-wholename '/root' -prune -o \<br />
-wholename '/run' -prune -o \<br />
-wholename '/sys' -prune -o \<br />
-wholename '/tmp' -prune -o \<br />
-wholename '/usr/share/mime/application' -prune -o \<br />
-wholename '/usr/share/mime/audio' -prune -o \<br />
-wholename '/usr/share/mime/image' -prune -o \<br />
-wholename '/usr/share/mime/inode' -prune -o \<br />
-wholename '/usr/share/mime/interface' -prune -o \<br />
-wholename '/usr/share/mime/message' -prune -o \<br />
-wholename '/usr/share/mime/multipart' -prune -o \<br />
-wholename '/usr/share/mime/text' -prune -o \<br />
-wholename '/usr/share/mime/uri' -prune -o \<br />
-wholename '/usr/share/mime/video' -prune -o \<br />
-wholename '/usr/share/mime/x-content' -prune -o \<br />
-wholename '/var/abs' -prune -o \<br />
-wholename '/var/cache' -prune -o \<br />
-wholename '/var/lock' -prune -o \<br />
-wholename '/var/lib/pacman' -prune -o \<br />
-wholename '/var/run' -prune -o \<br />
-wholename '/var/tmp' -prune \) | sort -u \<br />
) | sed -e 's|^\t||;'</div>Medhefgo