https://wiki.archlinux.org/api.php?action=feedcontributions&user=Mokalan&feedformat=atomArchWiki - User contributions [en]2024-03-28T15:38:38ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=OpenLDAP&diff=455363OpenLDAP2016-10-28T20:49:04Z<p>Mokalan: the template is already in openldap-data, just need a rename</p>
<hr />
<div>[[Category:Networking]]<br />
[[ja:openLDAP]]<br />
[[ru:OpenLDAP]]<br />
[[zh-CN:OpenLDAP]]<br />
{{Related articles start}}<br />
{{Related|LDAP Authentication}}<br />
{{Related|LDAP Hosts}}<br />
{{Related articles end}}<br />
<br />
OpenLDAP is an open-source implementation of the LDAP protocol. An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data. It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or [[LDAP authentication|Linux system authentication]], where it replaces {{ic|/etc/passwd}}) and basically holds the user data.<br />
<br />
{{note|Commands related to OpenLDAP that begin with {{ic|ldap}} (like {{ic|ldapsearch}}) are client-side utilities, while commands that begin with {{ic|slap}} (like {{ic|slapcat}}) are server-side.}}<br />
<br />
This page is a starting point for a basic OpenLDAP installation and a sanity check.<br />
<br />
{{Tip|Directory services are an enormous topic. Configuration can therefore be complex. If you are totally new to those concepts, [http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html this] is an good introduction that is easy to understand and that will get you started, even if you are new to everything LDAP.}}<br />
<br />
== Installation ==<br />
<br />
OpenLDAP contains both a LDAP server and client. [[Install]] it with the package {{Pkg|openldap}}.<br />
<br />
== Configuration ==<br />
<br />
=== The server ===<br />
<br />
{{Note|If you already have an OpenLDAP database on your machine, remove it by deleting everything inside {{ic|/var/lib/openldap/openldap-data/}}.}}<br />
<br />
The server configuration file is located at {{ic|/etc/openldap/slapd.conf}}.<br />
<br />
Edit the suffix and rootdn. The suffix typically is your domain name but it does not have to be. It depends on how you use your directory. We will use ''example'' for the domain name, and ''com'' for the tld. The rootdn is your LDAP administrator's name (we will use ''root'' here).<br />
{{bc|<nowiki><br />
suffix "dc=example,dc=com"<br />
rootdn "cn=root,dc=example,dc=com"<br />
</nowiki>}}<br />
<br />
Now we delete the default root password and create a strong one:<br />
# sed -i "/rootpw/ d" /etc/openldap/slapd.conf #find the line with rootpw and delete it<br />
# echo "rootpw $(slappasswd)" >> /etc/openldap/slapd.conf #add a line which includes the hashed password output from slappasswd<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/schema.html schemas] to the top of {{ic|slapd.conf}}:<br />
<br />
{{Note|currently missing: <br />
cp /usr/share/doc/samba/examples/LDAP/samba.schema /etc/openldap/schema}}<br />
<br />
{{bc|<br />
include /etc/openldap/schema/cosine.schema<br />
include /etc/openldap/schema/inetorgperson.schema<br />
include /etc/openldap/schema/nis.schema<br />
#include /etc/openldap/schema/samba.schema<br />
}}<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/tuning.html#Indexes indexes] to the bottom of {{ic|slapd.conf}}:<br />
{{bc|<br />
index uid pres,eq<br />
index mail pres,sub,eq<br />
index cn pres,sub,eq<br />
index sn pres,sub,eq<br />
index dc eq<br />
}}<br />
<br />
Now prepare the database directory. You will need to rename the default config:<br />
# mv /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG<br />
<br />
{{Note|With OpenLDAP 2.4 the configuration of {{ic|slapd.conf}} is deprecated. From this version on all configuration settings are stored in {{ic|/etc/openldap/slapd.d/}}.}}<br />
<br />
To store the recent changes in {{ic|slapd.conf}} to the new {{ic|/etc/openldap/slapd.d/}} configuration settings, we have to delete the old configuration files first, do this every time you change the configuration:<br />
<br />
# rm -rf /etc/openldap/slapd.d/*<br />
<br />
<br />
(if you do not have a database yet, you might need to create one by starting and stopping the {{ic|slapd.service}} [[systemd#Using units|using systemd]] )<br />
<br />
Then we generate the new configuration with:<br />
<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/<br />
<br />
The above command has to be run every time you change {{ic|slapd.conf}}. Check if everything succeeded. Ignore message "bdb_monitor_db_open: monitoring disabled; configure monitor database to enable". <br />
<br />
Change ownership recursively on the new files and directory in /etc/openldap/slapd.d:<br />
<br />
# chown -R ldap:ldap /etc/openldap/slapd.d<br />
<br />
<br />
{{note|Index the directory after you populate it. You should stop slapd before doing this.<br />
# slapindex<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
or just<br />
<br />
$ sudo -u ldap slapindex<br />
}}<br />
<br />
Finally, start the slapd daemon with {{ic|slapd.service}} using systemd.<br />
<br />
=== The client ===<br />
The client config file is located at {{ic|/etc/openldap/ldap.conf}}. <br />
<br />
It is quite simple: you will only have to alter {{ic|BASE}} to reflect the suffix of the server, and {{ic|URI}} to reflect the address of the server, like:<br />
<br />
{{hc|/etc/openldap/ldap.conf|2=<br />
BASE dc=example,dc=com<br />
URI ldap://localhost<br />
}}<br />
<br />
If you decide to use SSL:<br />
<br />
* The protocol (ldap or ldaps) in the {{ic|URI}} entry has to conform with the slapd configuration<br />
* If you decide to use self-signed certificates, add a {{ic|TLS_REQCERT allow}} line to {{ic|ldap.conf}}<br />
* If you use a signed certificate from a CA, add the line {{ic|TLS_CACERTDIR /usr/share/ca-certificates/trust-source}} in {{ic|ldap.conf}}.<br />
<br />
=== Create initial entry ===<br />
Once your client is configured, you probably want to create the root entry, and an entry for the root role:<br />
<br />
$ ldapadd -x -D 'cn=root,dc=example,dc=com' -W<br />
dn: dc=example,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
dc: example<br />
o: Example<br />
description: Example directory<br />
<br />
dn: cn=root,dc=example,dc=com<br />
objectClass: organizationalRole<br />
cn: root<br />
description: Directory Manager<br />
^D<br />
<br />
The text after the first line is entered on stdin, or could be read from a file either with the -f option or a file redirect.<br />
<br />
=== Test your new OpenLDAP installation ===<br />
<br />
This is easy, just run the command below:<br />
$ ldapsearch -x '(objectclass=*)'<br />
<br />
Or authenticating as the rootdn (replacing {{ic|-x}} by {{ic|-D <user> -W}}), using the example configuration we had above:<br />
$ ldapsearch -D "cn=root,dc=example,dc=com" -W '(objectclass=*)'<br />
<br />
Now you should see some information about your database.<br />
<br />
=== OpenLDAP over TLS ===<br />
{{Note|[http://www.openldap.org/doc/admin24/ upstream documentation] is much more useful/complete than this section}}<br />
<br />
If you access the OpenLDAP server over the network and especially if you have sensitive data stored on the server you run the risk of someone sniffing your data which is sent clear-text. The next part will guide you on how to setup an SSL connection between the LDAP server and the client so the data will be sent encrypted.<br />
<br />
In order to use TLS, you must have a certificate. For testing purposes, a ''self-signed'' certificate will suffice. To learn more about certificates, see [[OpenSSL]].<br />
<br />
{{Warning|OpenLDAP cannot use a certificate that has a password associated to it.}}<br />
<br />
==== Create a self-signed certificate ====<br />
To create a ''self-signed'' certificate, type the following:<br />
$ openssl req -new -x509 -nodes -out slapdcert.pem -keyout slapdkey.pem -days 365<br />
<br />
You will be prompted for information about your LDAP server. Much of the information can be left blank. The most important information is the common name. This must be set to the DNS name of your LDAP server. If your LDAP server's IP address resolves to example.org but its server certificate shows a CN of bad.example.org, LDAP clients will reject the certificate and will be unable to negotiate TLS connections (apparently the results are wholly unpredictable).<br />
<br />
Now that the certificate files have been created copy them to {{ic|/etc/openldap/ssl/}} (create this directory if it does not exist) and secure them. <br />
{{ic|slapdcert.pem}} must be world readable because it contains the public key. {{ic|slapdkey.pem}} on the other hand should only be readable for the ldap user for security reasons:<br />
# mv slapdcert.pem slapdkey.pem /etc/openldap/ssl/<br />
# chmod -R 755 /etc/openldap/ssl/<br />
# chmod 400 /etc/openldap/ssl/slapdkey.pem<br />
# chmod 444 /etc/openldap/ssl/slapdcert.pem<br />
# chown ldap /etc/openldap/ssl/slapdkey.pem<br />
<br />
==== Configure slapd for SSL ====<br />
Edit the daemon configuration file ({{ic|/etc/openldap/slapd.conf}}) to tell LDAP where the certificate files reside by adding the following lines:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem<br />
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem<br />
}}<br />
<br />
If you are using a signed SSL Certificate from a certification authority such as [[Let’s Encrypt]], you will also need to specify the path to the root certificates database and your intermediary certificate. You will also need to change ownership of the {{ic|.pem}} files and intermediary directories to make them readable to the user {{ic|ldap}}:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/letsencrypt/live/ldap.my-domain.com/cert.pem<br />
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.my-domain.com/privkey.pem<br />
TLSCACertificateFile /etc/letsencrypt/live/ldap.my-domain.com/chain.pem<br />
TLSCACertificatePath /usr/share/ca-certificates/trust-source<br />
}}<br />
<br />
The TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose when negotiating TLS connections, in decreasing order of preference. In addition to those specific ciphers, you can use any of the wildcards supported by OpenSSL. '''NOTE:''' DEFAULT is a wildcard. See {{ic|man ciphers}} for description of ciphers, wildcards and options supported.<br />
<br />
{{Note|To see which ciphers are supported by your local OpenSSL installation, type the following: {{ic|openssl ciphers -v ALL:COMPLEMENTOFALL}}. Always test which ciphers will actually be enabled by TLSCipherSuite by providing it to OpenSSL command, like this: {{ic|openssl ciphers -v 'DEFAULT'}} }}<br />
<br />
Regenerate the configuration directory:<br />
# rm -rf /etc/openldap/slapd.d/* # erase old config settings<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ # generate new config directory from config file<br />
# chown -R ldap:ldap /etc/openldap/slapd.d # Change ownership recursively to ldap on the config directory<br />
<br />
==== Start slapd with SSL ====<br />
You will have to edit {{ic|slapd.service}} to change to protocol slapd listens on.<br />
<br />
Create the override unit:<br />
{{hc|systemctl edit slapd.service|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldaps:///"</nowiki>}}<br />
<br />
Localhost connections do not need to use SSL. So, if you want to access the server locally you should change the {{ic|ExecStart}} line to:<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldap://127.0.0.1 ldaps:///"<br />
<br />
Then [[restart]] {{ic|slapd.service}}. If it was enabled before, reenable it now.<br />
<br />
{{Note|If you created a self-signed certificate above, be sure to add {{ic|TLS_REQCERT allow}} to {{ic|/etc/openldap/ldap.conf}} on the client, or it will not be able connect to the server.}}<br />
<br />
== Next Steps ==<br />
<br />
You now have a basic LDAP installation. The next step is to design your directory. The design is heavily dependent on what you are using it for. If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory ([[PAM]], [[Postfix]], etc).<br />
<br />
A directory for system authentication is the [[LDAP authentication]] article.<br />
<br />
A nice web frontend is [[phpLDAPadmin]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Client Authentication Checking ===<br />
If you cannot connect to your server for non-secure authentication<br />
<br />
$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
and for TLS secured authentication with:<br />
<br />
$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
=== LDAP Server Stops Suddenly ===<br />
<br />
If you notice that slapd seems to start but then stops, try running:<br />
<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
to allow slapd write access to its data directory as the user "ldap".<br />
<br />
=== LDAP Server Doesn't Start ===<br />
<br />
Try starting the server from the command line with debugging output enabled:<br />
<br />
# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats<br />
<br />
== See Also ==<br />
* [http://www.openldap.org/doc/admin24/ Official OpenLDAP Software 2.4 Administrator's Guide]<br />
* [[phpLDAPadmin]] is a web interface tool in the style of phpMyAdmin.<br />
* [[LDAP authentication]]<br />
* {{AUR|apachedirectorystudio}} from the [[Arch User Repository]] is an Eclipse-based LDAP viewer. Works perfect with OpenLDAP installations.</div>Mokalanhttps://wiki.archlinux.org/index.php?title=Apple_Keyboard&diff=307995Apple Keyboard2014-04-02T09:02:20Z<p>Mokalan: /* Treating Apple Keyboards Like Regular Keyboards */</p>
<hr />
<div>[[Category:Keyboards]]<br />
<br />
== More Information ==<br />
For background information see this page: https://help.ubuntu.com/community/AppleKeyboard<br />
<br />
{{Note|Some of the settings can be made permanent with a configuration file for a [[kernel module]]. For this to work, the file hast to be added to FILES in [[mkinitcpio.conf]] cause the kernel module will be autoloaded while booting.}}<br />
<br />
{{Tip|If you want to use [[sudo]] to write into a system directory you can't use shell redirection. Use {{ic|tee}} like so<br />
$ echo 0 &#124; sudo tee /sys/module/hid_apple/parameters/iso_layout<br />
}}<br />
<br />
==Function keys do not work==<br />
<br />
If your {{ic|F<num>}} keys do not work, this is probably because the kernel driver for the keyboard has defaulted to using the media keys and requiring you to use the {{ic|Fn}} key to get to the {{ic|F<num>}} keys. To change this behaviour, you have to change the driver setting. Do the following as root:<br />
<br />
# echo 2 > /sys/module/hid_apple/parameters/fnmode<br />
<br />
If it tells you that the file doesn't exist, you probably have an older kernel and will have to do the following instead:<br />
<br />
# echo 2 > /sys/module/hid/parameters/pb_fnmode<br />
<br />
Place whatever option worked for you in {{ic|/etc/modprobe.d/hid_apple.conf}} to make the setting permanent.<br />
<br />
===If the above doesn't work for your wireless keyboard===<br />
<br />
If {{ic|hid_apple/parameters}} and/or {{ic|hid/parameters/pb_fnmode}} is missing in a recent Apple Bluetooth keyboard model and kernel 3.4.<br />
<br />
First thing: identify your keyboard. Execute as root ({{ic|hidd}} is part of package {{Pkg|bluez}} from the [[official repositories]]):<br />
# hidd --show<br />
<br />
You should see something like:<br />
40:CA:EC:32:85:AB Apple Wireless Keyboard [05ac:0255] connected <br />
<br />
So with the vendor (05ac) and device (0255) ID it's easier to find out if the current kernel has support for it.<br />
Actually, the above device is listed in the linux kernel 3.4. If you check {{ic|drivers/hid/hid-ids.h}} you should see the following line:<br />
<br />
#define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ANSI 0x0255<br />
<br />
But support for the Function Key is missing.<br />
<br />
In order to fix it rebuild your kernel from [[abs]] with the following patch:<br />
http://pastebin.com/CvFJz3Fn<br />
<br />
This bug is already reported upstream<br />
https://bugzilla.kernel.org/show_bug.cgi?id=43135<br />
and part of the vanilla kernel since 3.5<br />
<br />
==< and > have changed place with § and ½==<br />
<br />
If the '''<''' and '''>''' are switched with the '''§''' and '''½''' keys, run the following command in your graphical environment:<br />
<br />
$ setxkbmap -option apple:badmap<br />
<br />
Place that command into {{ic|~/.bashrc}} file to have it run automatically when you log in.<br />
<br />
You can also apply the change system-wide by creating (or editing) {{ic|/etc/X11/xorg.conf.d/10-keymap.conf}} as such:<br />
Section "InputClass"<br />
Identifier "keyboard catchall"<br />
MatchIsKeyboard "true"<br />
Driver "evdev"<br />
Option "XkbOptions" "apple:badmap"<br />
EndSection<br />
<br />
<br />
If the above approach doesn't seem to work, you can add these two lines to your {{ic|~/.Xmodmap}} file:<br />
<br />
keycode 49 = less greater less greater bar brokenbar<br />
keycode 94 = section degree section degree notsign notsign<br />
<br />
If you use a Canadian multilingual layout (where the "ù" and the "/" is switch) use this :<br />
<br />
keycode 94 = slash backslash slash backslash bar brokenbar<br />
keycode 49 = ugrave Ugrave ugrave Ugrave notsign notsign<br />
<br />
Then run {{Ic|xmodmap ~/.Xmodmap}}. This command can also go into {{ic|~/.bashrc}}.<br />
<br />
==< and > have changed place with ^ and °==<br />
With German layout, circumflex/degree symbol and 'smaller than'/'bigger than' are exchanged.<br />
<br />
'''The new way:'''<br />
<br />
First, try if the new method works for you (you have to be root)<br />
# echo 0 > /sys/module/hid_apple/parameters/iso_layout<br />
To make the changes permanent add the following line to {{ic|/etc/modprobe.d/hid_apple.conf}}:<br />
options hid_apple iso_layout=0<br />
<br />
'''To fix this the old way, do the following:'''<br />
$ xmodmap -e 'keycode 49 = less greater less greater bar brokenbar bar' -e 'keycode 94 = dead_circumflex degree dead_circumflex degree U2032 U2033 U2032'<br />
<br />
Now try your keys. When it works, you may want the change permanently. So execute this:<br />
$ xmodmap -pke | grep " 49" >> ~/.Xmodmap<br />
$ xmodmap -pke | grep " 94" >> ~/.Xmodmap<br />
<br />
==Media Keys==<br />
<br />
The evdev driver should produce keycodes that map to the appropriate keysyms for your media keys by default. You can confirm that by running {{Ic|xev}} in a console window and watching the console output as you press your media keys.<br />
<br />
For these keys to have any effect, you will have to assign actions to them. Refer to [[Extra Keyboard Keys in Xorg]] for more about that.<br />
<br />
<br />
If you have confirmed that your media keys are ''not'' producing the correct keycodes, create or edit the {{ic|~/.Xmodmap}} file so that it includes these lines:<br />
{{bc|1=keycode 160 = XF86AudioMute<br />
keycode 176 = XF86AudioRaiseVolume<br />
keycode 174 = XF86AudioLowerVolume<br />
<br />
keycode 144 = XF86AudioPrev<br />
keycode 162 = XF86AudioPlay<br />
keycode 153 = XF86AudioNext<br />
<br />
keycode 101 = XF86MonBrightnessDown<br />
keycode 212 = XF86MonBrightnessUp<br />
<br />
keycode 204 = XF86Eject}}<br />
and then run {{Ic|xmodmap ~/.Xmodmap}}. Place that command in the {{ic|~/.bashrc}} file to have it run automatically when you log in.<br />
<br />
==PrintScreen and SysRq==<br />
<br />
Apple Keyboards have an {{ic|F13}} key instead of a {{ic|PrintScreen}}/{{ic|SysRq}} key. This means that [[Keyboard Shortcuts#Kernel | Alt+SysRq sequences]] do not work, and application actions associated with {{ic|PrintScreen}} (such as taking screenshots in many games that work under [[Wine]]) do not work.<br />
Both issues can be addressed by installing {{AUR|keyfuzz}} from the [[Arch User Repository]].<br />
<br />
With keyfuzz installed, run the following command:<br />
echo "458856 99" | /usr/sbin/keyfuzz -s -d /dev/input/by-id/usb-Apple__Inc_Apple_keyboard-event-kbd<br />
458856 (0x070068) is the scancode of {{ic|F13}}, and 99 is the keycode of {{ic|PrintScreen}}/{{ic|SysRq}}. You can determine the scancode of a particular key with {{AUR|getscancodes}} from the [[AUR]], and the keycode from {{ic|/usr/include/linux/input.h}}.<br />
<br />
Other versions of the Apple Aluminum Keyboard may require a slightly different device path, so adjust it as needed. You can make this change permanent by putting the command in {{ic|/etc/rc.local}}.<br />
<br />
==Treating Apple Keyboards Like Regular Keyboards==<br />
<br />
If you want to use your Apple keyboard like a regular US-layout keyboard, with {{ic|Alt}} on the left side of {{ic|Meta}}, you can use the [[AUR]] package {{AUR|un-apple-keyboard}}. Currently it only works for the aluminium USB model. The package does the following things:<br />
<br />
*Adds a {{ic|/etc/modprobe.d/hid_apple.conf}} file which enables the {{ic|F}} keys by default, as above.<br />
*Uses keyfuzz to remap {{ic|F13-15}} to {{ic|PrintScreen}}/{{ic|SysRq}}, {{ic|Scroll Lock}}, and {{ic|Pause}}, respectively<br />
*Swaps the ordering of the {{ic|Alt}} and {{ic|Meta}} ({{ic|Command}}) keys to match all other keyboards, again using {{ic|/etc/modprobe.d/hid_apple.conf}}.<br />
*Applies these changes automatically when you plug in your keyboard, with a [[udev]] rule.<br />
<br />
You will need to add {{ic|/etc/modprobe.d/hid_apple.conf}} to FILES in [[mkinitcpio.conf]]. Otherwise if you boot your computer with the Apple keyboard plugged in, the F keys will not be the default.</div>Mokalanhttps://wiki.archlinux.org/index.php?title=Tmux&diff=287631Tmux2013-12-11T12:25:34Z<p>Mokalan: added binding for sending ctrl-a, which is used to go to the beginning of the line. useful for past screen users</p>
<hr />
<div>[[es:Tmux]]<br />
[[ru:Tmux]]<br />
[[tr:Tmux]]<br />
[[Category:Terminal emulators]]<br />
{{Article summary start}}<br />
{{Article summary text|This article explains how to install and configure tmux.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|GNU Screen}}<br />
{{Article summary end}}<br />
[http://tmux.sourceforge.net/ Tmux] is a "terminal multiplexer: it enables a number of terminals (or windows), each running a separate program, to be created, accessed, and controlled from a single screen. tmux may be detached from a screen and continue running in the background, then later reattached." <br />
<br />
Tmux is notable as a BSD-licensed alternative to [[Screen Tips|GNU Screen]]. Although similar, there are many differences between the programs, as noted on the [http://tmux.svn.sourceforge.net/viewvc/tmux/trunk/FAQ tmux FAQ page].<br />
<br />
==Installation==<br />
[[pacman|Install]] {{Pkg|tmux}}, available in the [[Official Repositories]].<br />
<br />
==Configuration==<br />
A user-specific configuration file should be located at {{ic|~/.tmux.conf}}, while a global configuration file should be located at {{ic|/etc/tmux.conf}}. Default configuration files can be found in {{Ic|/usr/share/tmux/}}. <br />
<br />
===Key bindings===<br />
{| style="float:right;border:1px #cccccc solid;margin:5px;padding:5px;width:200px;"<br />
|+ ''Prefix all commands with'' {{Ic|Ctrl-b}}<br />
!Cmd<br />
!Action<br />
|-<br />
|c<br />
|Create a new window<br />
|-<br />
|n<br />
|Change to next window<br />
|-<br />
|p<br />
|Change to previous window<br />
|-<br />
|"<br />
|Split pane horizontally<br />
|-<br />
|%<br />
|Split pane vertically<br />
|-<br />
|,<br />
|Rename current window<br />
|-<br />
|o<br />
|Move to next pane<br />
|}<br />
<br />
By default, command key bindings are prefixed by Ctrl-b. For example, to vertically split a window type {{Ic|Ctrl-b %}}.<br />
<br />
After splitting a window into multiple panes, you can resize a pane by the hitting prefix key (i.e. {{Ic|Ctrl-b}}) and, while continuing to hold Ctrl, press Left/Right/Up/Down. Swapping panes is achieved in the same manner, but by hitting ''o'' instead of a directional key.<br />
<br />
{{Tip|To mimic screen key bindings copy {{ic|/usr/share/tmux/screen-keys.conf}} to either of the configuration locations.}}<br />
<br />
Key bindings may be changed with the bind and unbind commands in {{ic|tmux.conf}}. For example, you can change the prefix key (i.e. {{Ic|Ctrl-b}}) to {{Ic|Ctrl-a}} by adding the following commands in your configuration file:<br />
{{bc|<br />
unbind C-b<br />
set -g prefix C-a<br />
bind a send-prefix<br />
}}<br />
<br />
Additional ways to move between windows include:<br />
Ctrl-b l (Move to the previously selected window)<br />
Ctrl-b w (List all windows / window numbers)<br />
Ctrl-b <window number> (Move to the specified window number, the default bindings are from 0 – 9)<br />
Ctrl-b q (Show pane numbers, when the numbers show up type the key to goto that pane)<br />
<br />
What if you have 10+ windows open? Tmux has a find-window option & keybinding. <br />
Ctrl-b f <window name> (Search for window name)<br />
Ctrl-b w (Select from interactive list of windows)<br />
<br />
===Browsing URL's===<br />
To browse URL's inside tmux you must have {{aur|urlview}} installed and configured.<br />
<br />
Inside a new terminal:<br />
bind-key u capture-pane \; save-buffer /tmp/tmux-buffer \; run-shell "$TERMINAL -e urlview /tmp/tmux-buffer"<br />
<br />
Or inside a new tmux window (no new terminal needed):<br />
bind-key u capture-pane \; save-buffer /tmp/tmux-buffer \; new-window -n "urlview" '$SHELL -c "urlview < /tmp/tmux-buffer"'<br />
<br />
=== Setting the correct term===<br />
If you are using a 256 colour terminal, you will need to set the correct term in tmux. You can do this in either the {{ic|tmux.conf}}:<br />
<br />
set -g default-terminal "screen-256color" <br />
<br />
or in your {{ic|.bashrc}} with a test like:<br />
<br />
# for tmux: export 256color<br />
[ -n "$TMUX" ] && export TERM=screen-256color<br />
<br />
If you enable xterm-keys in your {{ic|tmux.conf}}, then you need to build a custom terminfo to declare the new escape codes or applications will not know about them. Compile the following with {{ic|tic}} and you can use "xterm-screen-256color" as your TERM:<br />
<br />
# A screen- based TERMINFO that declares the escape sequences<br />
# enabled by the tmux config "set-window-option -g xterm-keys".<br />
#<br />
# Prefix the name with xterm- since some applications inspect<br />
# the TERM *name* in addition to the terminal capabilities advertised.<br />
xterm-screen-256color|GNU Screen with 256 colors bce and tmux xterm-keys,<br />
<br />
# As of Nov'11, the below keys are picked up by<br />
# .../tmux/blob/master/trunk/xterm-keys.c:<br />
kDC=\E[3;2~, kEND=\E[1;2F, kHOM=\E[1;2H,<br />
kIC=\E[2;2~, kLFT=\E[1;2D, kNXT=\E[6;2~, kPRV=\E[5;2~,<br />
kRIT=\E[1;2C,<br />
<br />
# Change this to screen-256color if the terminal you run tmux in<br />
# doesn't support bce:<br />
use=screen-256color-bce,<br />
<br />
=== Other Settings ===<br />
Set scrollback to 10000 lines with <br />
set -g history-limit 10000<br />
<br />
=== Autostart with systemd ===<br />
<br />
There are some notable advantages to starting a tmux server at startup.<br />
Notably, when you start a new tmux session, having the service already running reduces any delays in the startup.<br />
<br />
Furthermore, any customization attached to your tmux session will be retained and your tmux session can be made to persist even if you have never logged in, if you have some reason to do that (like a heavily scripted tmux configuration or shared user tmux sessions).<br />
<br />
The service below starts tmux for the specified user (eg. {{ic|tmux@main-user.service}})<br />
<br />
{{hc|/etc/systemd/system/tmux@.service|<nowiki><br />
[Unit]<br />
Description=Start tmux in detached session<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
KillMode=none<br />
User=%I<br />
ExecStart=/usr/bin/tmux new-session -s %u -d<br />
ExecStop=/usr/bin/tmux kill-session -t %u<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
Alternatively, you may add {{ic|<nowiki>WorkingDirectory=%h</nowiki>}} and place this file within your [[Systemd/User]] directory, as {{ic|~/.config/systemd/user/tmux.service}} for a tmux service that starts when you log in.<br />
<br />
==Session initialization==<br />
You can have tmux open a session with preloaded windows by including those details in your {{ic|~/.tmux.conf}}:<br />
<br />
new -n WindowName Command<br />
neww -n WindowName Command<br />
neww -n WindowName Command<br />
<br />
To start a session with split windows (multiple panes), include the splitw command below the neww you would like to split; thus:<br />
<br />
new -s SessionName -n WindowName Command<br />
neww -n foo/bar foo<br />
splitw -v -p 50 -t 0 bar<br />
selectw -t 1 <br />
selectp -t 0<br />
<br />
would open 2 windows, the second of which would be named foo/bar and would be split vertically in half (50%) with foo running above bar. Focus would be in window 2 (foo/bar), top pane (foo).<br />
<br />
{{Note|Numbering for sessions, windows and panes starts at zero, unless you have specified a base-index of 1 in your {{ic|.conf}} }}<br />
<br />
To manage multiple sessions, source separate session files from your conf file:<br />
<br />
# initialize sessions<br />
bind F source-file ~/.tmux/foo<br />
bind B source-file ~/.tmux/bar<br />
<br />
==Troubleshooting==<br />
===Scrolling issues===<br />
If you have issues scrolling with Shift-PageUp/Shift-PageDown in your terminal, try this:<br />
<br />
set -g terminal-overrides 'xterm*:smcup@:rmcup@'<br />
<br />
=== Shift+F6 not working in Midnight Commander ===<br />
<br />
If the {{ic|Shift+F6}} key combination is not working with either {{ic|1=TERM=screen}} or {{ic|1=TERM=screen-256color}}, then from inside tmux, run this command:<br />
infocmp > screen (or screen-256color)<br />
<br />
Open the file in a text editor, and add the following to the bottom of that file:<br />
kf16=\E[29~,<br />
<br />
Then compile the file with {{ic|tic}}. The keys should be working now.<br />
<br />
==ICCCM Selection Integration==<br />
It is possible to copy a tmux paste buffer to an ICCCM selection, and vice-versa, by defining a shell command which interfaces tmux with an X11 selection interface. The following tmux config file snippet effectively integrates {{Ic|CLIPBOARD}} with the current tmux paste buffer using xclip:<br />
<br />
{{hc|~/.tmux.conf|<br />
...<br />
##CLIPBOARD selection integration<br />
##Requires prefix key before the command key<br />
#Copy tmux paste buffer to CLIPBOARD<br />
bind C-c run "tmux show-buffer <nowiki>|</nowiki> xclip -i -selection clipboard"<br />
#Copy CLIPBOARD to tmux paste buffer and paste tmux paste buffer<br />
bind C-v run "tmux set-buffer -- \"$(xclip -o -selection clipboard)\"; tmux paste-buffer"<br />
}}<br />
<br />
If you get an output similar to {{ic| \346\227\245\346\234\254\350\252\236\343\201\247 }} when pasting utf-8 characters, try changing this line:<br />
{{bc|bind C-c run "tmux show-buffer <nowiki>|</nowiki> xclip -i -selection clipboard"}}<br />
to this:<br />
{{bc|bind C-p run "tmux save-buffer - <nowiki>|</nowiki> xclip -i -selection clipboard"}}<br />
<br />
If the above doesn't work for you, try using xsel:<br />
<br />
{{hc|~/.tmux.conf|<br />
...<br />
##CLIPBOARD selection integration<br />
##Requires prefix key before the command key<br />
#Copy tmux paste buffer to CLIPBOARD<br />
bind C-c run "tmux show-buffer <nowiki>|</nowiki> xsel -i -b"<br />
#Copy CLIPBOARD to tmux paste buffer and paste tmux paste buffer<br />
bind C-v run "tmux set-buffer -- \"$(xsel -o -b)\"; tmux paste-buffer"<br />
}}<br />
<br />
It seems <code>xclip</code> does not close <code>STDOUT</code> after it has read from <code>tmux</code>'s buffer. As such, <code>tmux</code> doesn't know that the copy task has completed, and continues to /await <code>xclip</code>'s termination, thereby rendering the window manager unresponsive. To work around this, you can execute the command via <code>run-shell -b</code> instead of <code>run</code>, you can redirect <code>STDOUT</code> of <code>xclip</code> to <code>/dev/null</code>, or you can use an alternative command like <code>xsel</code>.<br />
<br />
===Urxvt MiddleClick Solution===<br />
{{Note|To use this, you need to enable mouse support|}}<br />
There is an unofficial perl extension (mentioned in the official [http://sourceforge.net/p/tmux/tmux-code/ci/master/tree/FAQ FAQ]) to enable copying/pasting in and out of urxvt with tmux via Middle Mouse Clicking.<br />
<br />
First, you will need to download the perl script and place it into urxvts perl lib:<br />
<br />
{{bc|wget http://anti.teamidiot.de/static/nei/*/Code/urxvt/osc-xterm-clipboard<br />
mv osc-xterm-clipboard /usr/lib/urxvt/perl/|<br />
}}<br />
<br />
You will also need to enable that perl script in your .Xdefaults:<br />
{{hc|~/.Xdefaults|<br />
...<br />
*URxvt.perl-ext-common: osc-xterm-clipboard<br />
...<br />
}}<br />
<br />
Next, you want to tell tmux about the new function and enable mouse support (if you haven't already). The third option is optional, to enable scrolling and selecting inside panes with your mouse:<br />
<br />
{{hc|~/.tmux.conf|<br />
...<br />
set-option -ga terminal-override ',rxvt-uni*:XT:Ms<nowiki>=</nowiki>\E]52;%p1%s;%p2%s\007'<br />
set-window-option -g mode-mouse on<br />
set-option -g mouse-select-pane on<br />
...<br />
}}<br />
<br />
That's it. Be sure to end all instances of tmux before trying the new MiddleClick functionality.<br />
<br />
While in tmux, Shift+MiddleMouseClick will paste the clipboard selection while just MiddleMouseClick will paste your tmux buffer.<br />
Outside of tmux, just use MiddleMouseClick to paste your tmux buffer and your standard Ctrl-c to copy.<br />
<br />
{{Note|The current tmux version 1.8-1 has a bug where it sometimes might not be possible to paste tmux buffer between different panes of tmux. This behaviour is fixed in the git-version (2013.10.15) |}}<br />
<br />
==Tips and tricks==<br />
<br />
===Start tmux in urxvt===<br />
Use this command to start urxvt with a started tmux session. I use this with the exec command from my .ratpoisonrc file.<br />
{{bc|<nowiki>urxvt -e bash -c "tmux -q has-session && exec tmux attach-session -d || exec tmux new-session -n$USER -s$USER@$HOSTNAME"</nowiki>}}<br />
<br />
===Start tmux on every shell login===<br />
<br />
Simply add the following line of bash code to your .bashrc before your aliases; the code for other shells is very similar:<br />
{{bc|<nowiki>[[ -z "$TMUX" ]] && exec tmux</nowiki>}}<br />
<br />
{{hc|~/.bashrc|<nowiki><br />
# If not running interactively, do not do anything<br />
[[ $- != *i* ]] && return<br />
[[ -z "$TMUX" ]] && exec tmux</nowiki>}}<br />
<br />
{{note|This snippet ensures that tmux is not launched inside of itself (something tmux usually already checks for anyway). tmux sets $TMUX to the socket it is using whenever it runs, so if $TMUX isn't set or is length 0, we know we aren't already running tmux.}}<br />
<br />
And this snippet start only one session(unless you start some manually), on login, try attach at first, only create a session if no tmux is running.<br />
<br />
{{bc|<nowiki># TMUX<br />
if which tmux 2>&1 >/dev/null; then<br />
#if not inside a tmux session, and if no session is started, start a new session<br />
test -z "$TMUX" && (tmux attach || tmux new-session)<br />
fi</nowiki>}}<br />
<br />
This snippet does the same thing, but also checks tmux is installed before trying to launch it. It also tries to reattach you to an existing tmux session at logout, so that you can shut down every tmux session quickly from the same terminal at logout.<br />
{{bc|<nowiki># TMUX<br />
if which tmux 2>&1 >/dev/null; then<br />
# if no session is started, start a new session<br />
test -z ${TMUX} && tmux<br />
<br />
# when quitting tmux, try to attach<br />
while test -z ${TMUX}; do<br />
tmux attach || break<br />
done<br />
fi</nowiki>}}<br />
<br />
{{note|Instead of using the bashrc file, you can launch tmux when you start your terminal emulator. (i. e. urxvt -e tmux)}}<br />
<br />
===Use tmux windows like tabs===<br />
<br />
The following settings added to {{ic|~/.tmux.conf}} allow to use tmux windows like tabs, such as those provided by the reference of these hotkeys — [[rxvt-unicode#urxvtq_with_tabbing|urxvt's tabbing extensions]]. An advantage thereof is that these virtual “tabs” are independent of the terminal emulator.<br />
<br />
#urxvt tab like window switching (-n: no prior escape seq)<br />
bind -n S-down new-window<br />
bind -n S-left prev<br />
bind -n S-right next<br />
bind -n C-left swap-window -t -1<br />
bind -n C-right swap-window -t +1<br />
<br />
Of course, those should not overlap with other applications' hotkeys, such as the terminal's. Given that they substitute terminal tabbing that might as well be deactivated, though.<br />
<br />
It can also come handy to supplement the EOT hotkey {{ic|Ctrl+d}} with one for tmux's detach:<br />
<br />
bind-key -n C-j detach<br />
<br />
===Clients simultaneously interacting with various windows of a session===<br />
<br />
In “[http://mutelight.org/articles/practical-tmux Practical Tmux]”, Brandur Leach writes:<br />
<br />
{{Box||Screen and tmux's behaviour for when multiple clients are attached to one session differs slightly. In Screen, each client can be connected to the session but view different windows within it, but in tmux, all clients connected to one session must view the same window.<br />
<br />
This problem can be solved in tmux by spawning two separate sessions and synchronizing the second one to the windows of the first, then pointing a second new session to the first.}}<br />
<br />
The script “{{Ic|tmx}}” below implements this — the version here is slightly modified to execute “{{Ic|tmux new-window}}” if “1” is its second parameter. Invoked as {{Ic|tmx <base session name> [1]}} it launches the base session if necessary. Otherwise a new “client” session linked to the base, optionally add a new window and attach, setting it to kill itself once it turns “zombie”.<br />
<br />
{{hc|tmx|2=<nowiki><br />
#!/bin/bash<br />
<br />
#<br />
# Modified TMUX start script from:<br />
# http://forums.gentoo.org/viewtopic-t-836006-start-0.html<br />
#<br />
# Store it to `~/bin/tmx` and issue `chmod +x`.<br />
#<br />
<br />
# Works because bash automatically trims by assigning to variables and by <br />
# passing arguments<br />
trim() { echo $1; }<br />
<br />
if [[ -z "$1" ]]; then<br />
echo "Specify session name as the first argument"<br />
exit<br />
fi<br />
<br />
# Only because I often issue `ls` to this script by accident<br />
if [[ "$1" == "ls" ]]; then<br />
tmux ls<br />
exit<br />
fi<br />
<br />
base_session="$1"<br />
# This actually works without the trim() on all systems except OSX<br />
tmux_nb=$(trim `tmux ls | grep "^$base_session" | wc -l`)<br />
if [[ "$tmux_nb" == "0" ]]; then<br />
echo "Launching tmux base session $base_session ..."<br />
tmux new-session -s $base_session<br />
else<br />
# Make sure we are not already in a tmux session<br />
if [[ -z "$TMUX" ]]; then<br />
echo "Launching copy of base session $base_session ..."<br />
# Session is is date and time to prevent conflict<br />
session_id=`date +%Y%m%d%H%M%S`<br />
# Create a new session (without attaching it) and link to base session <br />
# to share windows<br />
tmux new-session -d -t $base_session -s $session_id<br />
if [[ "$2" == "1" ]]; then<br />
# Create a new window in that session<br />
tmux new-window<br />
fi<br />
# Attach to the new session & kill it once orphaned<br />
tmux attach-session -t $session_id \; set-option destroy-unattached<br />
fi<br />
fi<br />
</nowiki>}}<br />
<br />
A useful setting for this is<br />
<br />
setw -g aggressive-resize on<br />
<br />
added to {{ic|~/.tmux.conf}}. It causes tmux to resize a window based on the smallest client actually viewing it, not on the smallest one attached to the entire session.<br />
<br />
An alternative taken from [http://sourceforge.net/mailarchive/forum.php?thread_name=CAPBqLKEC0MAFR%2BWUYqCuyd%3DKB47HK8CFSuAf%3Dd%3DW2H3F4fpMZw%40mail.gmail.com&forum_name=tmux-users] is to put the following ~/.bashrc:<br />
<br />
{{hc|.bashrc|2=<nowiki><br />
function rsc() {<br />
CLIENTID=$1.`date +%S`<br />
tmux new-session -d -t $1 -s $CLIENTID \; set-option destroy-unattached \; attach-session -t $CLIENTID<br />
}<br />
<br />
function mksc() {<br />
tmux new-session -d -s $1<br />
rsc $1<br />
}<br />
</nowiki>}}<br />
<br />
Citing the author:<br />
{{Box||"mksc foo" creates a always detached permanent client named "foo". It also<br />
calls "rsc foo" to create a client to newly created session. "rsc foo"<br />
creates a new client grouped by "foo" name. It has destroy-unattached<br />
turned on so when I leave it, it kills client.<br />
<br />
Therefore, when my computer looses network connectivity, all<br />
"foo.something" clients are killed while "foo" remains. I can then call<br />
"rsc foo" to continue work from where I stopped.}}<br />
<br />
===Changing the configuration with tmux started===<br />
<br />
By default tmux reads {{ic|~/.tmux.conf}} only if it was not already running. To have tmux load a configuration file afterwards, execute:<br />
<br />
tmux source-file <path><br />
<br />
This can be added to {{ic|~/.tmux.conf}} as e. g.:<br />
<br />
bind r source-file <path><br />
<br />
You can also do ^: and type :<br />
source .tmux.conf<br />
<br />
===Template script to run program in new session resp. attach to existing one===<br />
<br />
This script checks for a program presumed to have been started by a previous run of itself. Unless found it creates a new tmux session and attaches to a window named after and running the program. If however the program was found it merely attaches to the session and selects the window.<br />
<br />
#!/bin/bash<br />
<br />
PID=$(pidof $1)<br />
<br />
if [ -z "$PID" ]; then<br />
tmux new-session -d -s main ;<br />
tmux new-window -t main -n $1 "$*" ;<br />
fi<br />
tmux attach-session -d -t main ;<br />
tmux select-window -t $1 ;<br />
exit 0<br />
<br />
A derived version to run ''irssi'' with the ''nicklist'' plugin can be found on [[Irssi#irssi_with_nicklist_in_tmux|its ArchWiki page]].<br />
<br />
===Terminal emulator window titles===<br />
If you SSH into a host in a tmux window, you'll notice the window title of your terminal emulator remains to be {{ic|user@localhost}} rather than {{ic|user@server}}. To allow the title bar to adapt to whatever host you connect to, set the following in {{ic|~/.tmux.conf}}<br />
<br />
set -g set-titles on<br />
set -g set-titles-string "#T"<br />
<br />
For {{ic|set-titles-string}}, {{ic|#T}} will display {{ic|user@host:~}} and change accordingly as you connect to different hosts. You can also set many more options here.<br />
<br />
===Automatic layouting===<br />
When creating new splits or destroying older ones the currently selected layout isn't applied. To fix that, add following binds which will apply the currently selected layout to new or remaining panes:<br />
<br />
bind-key -n M-c kill-pane \; select-layout<br />
bind-key -n M-n split-window \; select-layout<br />
<br />
== See also ==<br />
* [http://mutelight.org/articles/practical-tmux Practical Tmux] by Brandur Leach, providing a number of configuration tips<br />
* [http://www.openbsd.org/faq/faq7.html#tmux Tmux tutorial] section from the OpenBSD FAQ<br />
* [http://www.openbsd.org/cgi-bin/man.cgi?query=tmux OpenBSD Reference Manual for tmux]<br />
* [http://www.dayid.org/os/notes/tm.html Screen and tmux feature comparison] page by Dayid Alan<br />
* [http://blog.hawkhost.com/2010/06/28/tmux-the-terminal-multiplexer/ Tmux tutorial Part 1] & [http://blog.hawkhost.com/2010/07/02/tmux-%E2%80%93-the-terminal-multiplexer-part-2 Part 2] blog posts on Hawk Host<br />
* [https://github.com/kooothor/.dotfiles/blob/master/.tmux.conf tmux.conf] example with CPU bar and shortcut to search man pages and display them vertically<br />
* [https://github.com/Lokaltog/powerline powerline] provides a powerful, dynamic statusbar configuration for tmux<br />
<br />
'''Forum threads'''<br />
* 2009-11-06 - Arch Linux - [https://bbs.archlinux.org/viewtopic.php?id=84157&p=1 Anyone loving Tmux in place of Screen? Info/Tips etc. URLs I've found]</div>Mokalan