Linux
Review: Debian 3.1
Friday June 10, 2005 (07:01 PM GMT)
By:
Bruce Byfield
As the first Debian release to use the new installer,
version 3.1, a.k.a. Sarge, goes a long way to detonating the myth that
Debian is hard to install. Moreover, because it includes -- for the
most part -- up-to-the-moment software while conforming to strict free
software guidelines and offering better than average security, 3.1 is
easily the most accessible version of Debian ever released.
On one hand, the June
6 release of Debian 3.1 matters far less than a new version of another
distribution, because many Debian users have already upgraded
individual packages from the Debian test, unstable, or even
experimental distributions. For them, the official release (a.k.a.
Debian stable) matters only for security updates. On the other hand,
stable is the Debian version of choice for networks and servers, or
those for whom dependability matters more than the latest software.
Installation
The steps in the new text-based Debian installer
should be familiar to anyone who has installed Linux before: language
and keyboard selections, partitioning, installation of the core system
and boot manager, the selection of other packages, the creation of
users, and the fine-tuning of the system environment. However, the new
Debian installer also has features that those used to Red Hat's
Anaconda or other installation programs may find unusual.
To start with, while Debian can be installed from
CDs, the preferred method is a net install, in which a base system is
installed from CD and the rest of the system is installed using the
apt-get package manager over the Internet. Early in the installation,
the installer establishes a DHCP network connection. Once the base
system is installed, users can set up HTTP, FTP, hard drive, network,
or even CD sources for the rest of the installation.
Another unusual feature is the extensive use of
installation schemes, which are sets of options that users can select
rather making manual selections. Installation schemes, of course, are
common in other installation programs, especially for packages. What is
unusual in Debian 3.1, though, is the extension of installation schemes
into other areas.
For example, the installer's instructions recommend
a single partition for new users, as well as several schemes based on
how the computer will be used. The desktop scheme, for example,
consists of a root and /home partitions, while the workstation scheme consists of a root, /usr, /var, /tmp and /home partition. The size of each partition in a scheme also varies from
scheme to scheme. While the install program doesn't explain why each
scheme is appropriate to a particular type of use, in many cases,
anyone who is not a complete newcomer should be able to make some
intelligent guesses. At the very least, they can see some alternatives
to help them develop their own schemes.
Similarly, once the core system is installed and you reboot the computer, you can select packages individually using aptitude,
or choose a scheme for a particular type of server or a desktop
environment. The server choices are especially numerous, no doubt
reflecting the market for official Debian releases.
The installer does have a few rough edges. Some
users might want a middle ground between
individual package selection and all 1.7GB of the KDE and GNOME
desktops. Nor is aptitude a particularly easy program to use if you're
unfamiliar with it.
More seriously, while video cards are supposed to be
auto-detected, detection seems either unreliable or limited. The
installer detected neither of the two commonplace cards on the test
systems, falling back instead on the default vesa xserver. While this
default gives a graphical desktop on most systems, it is unlikely to
give an optimized one. As a result, a new user would either need to
install a new package and edit the configuration file or -- more likely
-- restart the installation from scratch. Some provision for testing
the xserver during installation would alleviate such difficulties.
Still, overall the new installer gets far more right
than it does wrong. Version 3.1 is the first Debian release to include
support for the ReiserFS, JFS, and XFS file systems during
installation. Obviously, too, the developers of the new installer have
taken considerable care to make the instructions clear without dumbing
down the choices to be made. The discussion of the consequences of
installing the GRUB boot loader, for example, is one of the clearest
I've seen. Most important of all, the new installer manages to balance
presenting novices choices they can live with while giving advanced
users the chance to tweak as much as they like. In fact, the installer
is so detailed that it even allows users who are partitioning manually
to choose the mount options listed for each partition in /etc/fstab
-- something I've seen on no other installer. While a few improvements
would be welcome, overall the new installer should manage the difficult
trick of pleasing almost everyone.
Desktop and software selection
Debian 3.1 boots from GRUB using either the
installed kernel or the installed kernel in single-user mode for
maintenance. If you chose the desktop environment package scheme, KDE
3.3 and GNOME 2.8 are both installed. Both are largely unaltered,
except for branding wallpaper and login images and the addition of the
Debian menu structure to the main menus.
Official Debian releases have a reputation for
having older software versions. Given that the last official release
was four years ago, and point releases are often eight to 10 months
apart, this reputation is often deserved. However, at this point in
version 3.1's life cycle, the available software is relatively current.
It includes Mozilla 1.7.8, OpenOffice.org 1.1.3, Samba 3.0.14, Python
2.3.5 and 2.4.1 (two versions are presumably included to accommodate
programs with different dependencies), and Perl 5.8.4. All these
selections are comparable to those available in other major
distributions. Some versions are slightly behind, others slightly
ahead. Mostly, the differences between these version numbers are minor.
Two notable exceptions exist. First, Debian 3.1 is
still using the last free version of XFree86 while most distributions
have switched to x.org. However, since the switch was caused by a
change in licensing, rather than by any improvements, the different is
trivial.
Second, Debian 3.1 uses the 2.4.27 kernel, rather
than a more recent 2.6 version. While no doubt disappointing to many,
this conservative kernel choice is in keeping with the stable
distribution's emphasis on reliability. The 2.4.27 kernel is at the end
of a line of development and is therefore likely to be more thoroughly
debugged than the rapidly evolving 2.6 line. Although the choice may
sacrifice some speed, users not caught up in the arms race of version
numbers will probably never notice the difference. For those who do, Debian's kernel compilation method offers a quick solution.
Administrative tools and package installation
Like earlier versions of Debian, 3.1 lacks an
administration center like SUSE's YAST. Historically, this lack may
reflect the geekiness of the user base -- in the past, perhaps, most
Debian users would rather edit a configuration file directly than use a
GUI tool. However, at this stage in the development of GNU/Linux, the
lack is less important than it used to be. The KDE Control Center has
many of the tools needed for everyday administration, and any that are
missing can probably be found on either the KDE or GNOME menus.
Package installation is based on apt-get, Debian's
venerable but highly serviceable program that automatically determines
and installs dependencies. Besides apt-get itself, version 3.1 also
installs aptitude, KPackage, and Synaptic. All these graphical
interfaces for apt-get have their supporters, but apt-get itself is
quick enough to learn that they are hardly needed. Apt-get is also more
convenient if you want to do a quick installation by opening a root
command line while in an ordinary user's account.
Whatever your choice of package manager, don't be
surprised if only packages from the main Debian repositories are
available. Many Debian developers dislike the contrib (free but
dependent on non-free programs) and non-free repositories. Over the
last few years,
the project has had several discussions about removing them altogether.
Perhaps as a result, the archives added during installation do not
include the contrib and non-free repositories. This decision means that
an install of Debian 3.1 contains only free software. If you want
packages like Acrobat Reader or RealPlayer, you'll have to add the
other repositories to the /etc/apt/sources.list.
Security
Debian 3.1 is noticeably more security-conscious
than other major distributions. You need the root password to mount
removable drives or shut down the system. Similarly, as a minor
obstacle to script kiddies, the root user cannot log in to a desktop.
Nor are any unnecessary daemons configured, with the possible exception
of atd.
Groups are also carefully organized. Debian 3.1
defines separate groups for basic system functions such as exim,
crontab, and message bus, and membership in all groups is tightly
controlled. The user account created during installation is added only
to the video and plugdev groups. Users added after installation are not
even added to those groups by default. Nor is any user included in the
user or games groups, as they are in many distributions. The result is
a system in which the security principle of least privilege is tightly
observed. In other words, no user has more access to the system than is
absolutely required unless it is deliberately added.
Strangely, Debian 3.1 omits enabling a firewall
during installation. However, this lapse can be quickly remedied by
running Bastille immediately after installation -- a step that anyone
interested in security should consider anyway.
Users of Windows or commercial GNU/Linux
distributions may find the security-consciousness of Debian 3.1
irksome. However, the inconveniences are small compared to the
potential benefits. And, frankly, it's refreshing to see security
chosen over convenience for once -- if only as a counter-example.
Conclusion
To say that Debian is no longer just for geeks would
be an exaggeration. All the same, if version 3.1 is any indication,
that's the way the distribution is heading.
True, it's still not a distribution to give a
newcomer. Defects such as the lack of video card testing during
installation or of an utomatically installed firewall still assume a
knowledgeable, hands-on user who can readily overcome them.
But neither is it a distribution that should baffle
any except the most inexperienced. If you've been down the install path
a couple of times and always wanted to try Debian, there's never been a
better time. Combining ease of use, security-consciousness, and a
strict adherence to principle with a mostly current selection of
well-tested software, in many ways Debian 3.1 is free software at its
best.
Bruce Byfield is a course designer and
instructor, and a computer journalist who writes regularly for
Newsforge and the Linux Journal Web site.
