June 10, 2005

Review: Debian 3.1

Author: Bruce Byfield

As the first Debian release to use the new installer, version 3.1, a.k.a. Sarge, goes a long way to detonating the myth that Debian is hard to install. Moreover, because it includes -- for the most part -- up-to-the-moment software while conforming to strict free software guidelines and offering better than average security, 3.1 is easily the most accessible version of Debian ever released.

On one hand, the June 6 release of Debian 3.1 matters far less than a new version of another distribution, because many Debian users have already upgraded individual packages from the Debian test, unstable, or even experimental distributions. For them, the official release (a.k.a. Debian stable) matters only for security updates. On the other hand, stable is the Debian version of choice for networks and servers, or those for whom dependability matters more than the latest software.

Installation

The steps in the new text-based Debian installer should be familiar to anyone who has installed Linux before: language and keyboard selections, partitioning, installation of the core system and boot manager, the selection of other packages, the creation of users, and the fine-tuning of the system environment. However, the new Debian installer also has features that those used to Red Hat's Anaconda or other installation programs may find unusual.

To start with, while Debian can be installed from CDs, the preferred method is a net install, in which a base system is installed from CD and the rest of the system is installed using the apt-get package manager over the Internet. Early in the installation, the installer establishes a DHCP network connection. Once the base system is installed, users can set up HTTP, FTP, hard drive, network, or even CD sources for the rest of the installation.

Another unusual feature is the extensive use of installation schemes, which are sets of options that users can select rather making manual selections. Installation schemes, of course, are common in other installation programs, especially for packages. What is unusual in Debian 3.1, though, is the extension of installation schemes into other areas.

For example, the installer's instructions recommend a single partition for new users, as well as several schemes based on how the computer will be used. The desktop scheme, for example, consists of a root and/home partitions, while the workstation scheme consists of a root,/usr,/var,/tmp and/home partition. The size of each partition in a scheme also varies from scheme to scheme. While the install program doesn't explain why each scheme is appropriate to a particular type of use, in many cases, anyone who is not a complete newcomer should be able to make some intelligent guesses. At the very least, they can see some alternatives to help them develop their own schemes.

Similarly, once the core system is installed and you reboot the computer, you can select packages individually using aptitude, or choose a scheme for a particular type of server or a desktop environment. The server choices are especially numerous, no doubt reflecting the market for official Debian releases.

The installer does have a few rough edges. Some users might want a middle ground between
individual package selection and all 1.7GB of the KDE and GNOME desktops. Nor is aptitude a particularly easy program to use if you're unfamiliar with it.

More seriously, while video cards are supposed to be auto-detected, detection seems either unreliable or limited. The installer detected neither of the two commonplace cards on the test systems, falling back instead on the default vesa xserver. While this default gives a graphical desktop on most systems, it is unlikely to give an optimized one. As a result, a new user would either need to install a new package and edit the configuration file or -- more likely -- restart the installation from scratch. Some provision for testing the xserver during installation would alleviate such difficulties.

Still, overall the new installer gets far more right than it does wrong. Version 3.1 is the first Debian release to include support for the ReiserFS, JFS, and XFS file systems during installation. Obviously, too, the developers of the new installer have taken considerable care to make the instructions clear without dumbing down the choices to be made. The discussion of the consequences of installing the GRUB boot loader, for example, is one of the clearest I've seen. Most important of all, the new installer manages to balance presenting novices choices they can live with while giving advanced users the chance to tweak as much as they like. In fact, the installer is so detailed that it even allows users who are partitioning manually to choose the mount options listed for each partition in/etc/fstab -- something I've seen on no other installer. While a few improvements would be welcome, overall the new installer should manage the difficult trick of pleasing almost everyone.

Desktop and software selection

Debian 3.1 boots from GRUB using either the installed kernel or the installed kernel in single-user mode for maintenance. If you chose the desktop environment package scheme, KDE 3.3 and GNOME 2.8 are both installed. Both are largely unaltered, except for branding wallpaper and login images and the addition of the Debian menu structure to the main menus.

Official Debian releases have a reputation for having older software versions. Given that the last official release was four years ago, and point releases are often eight to 10 months apart, this reputation is often deserved. However, at this point in version 3.1's life cycle, the available software is relatively current. It includes Mozilla 1.7.8, OpenOffice.org 1.1.3, Samba 3.0.14, Python 2.3.5 and 2.4.1 (two versions are presumably included to accommodate programs with different dependencies), and Perl 5.8.4. All these selections are comparable to those available in other major distributions. Some versions are slightly behind, others slightly ahead. Mostly, the differences between these version numbers are minor.

Two notable exceptions exist. First, Debian 3.1 is still using the last free version of XFree86 while most distributions have switched to x.org. However, since the switch was caused by a change in licensing, rather than by any improvements, the different is trivial.

Second, Debian 3.1 uses the 2.4.27 kernel, rather than a more recent 2.6 version. While no doubt disappointing to many, this conservative kernel choice is in keeping with the stable distribution's emphasis on reliability. The 2.4.27 kernel is at the end of a line of development and is therefore likely to be more thoroughly debugged than the rapidly evolving 2.6 line. Although the choice may sacrifice some speed, users not caught up in the arms race of version numbers will probably never notice the difference. For those who do, Debian's kernel compilation method offers a quick solution.

Administrative tools and package installation

Like earlier versions of Debian, 3.1 lacks an administration center like SUSE's YAST. Historically, this lack may reflect the geekiness of the user base -- in the past, perhaps, most Debian users would rather edit a configuration file directly than use a GUI tool. However, at this stage in the development of GNU/Linux, the lack is less important than it used to be. The KDE Control Center has many of the tools needed for everyday administration, and any that are missing can probably be found on either the KDE or GNOME menus.

Package installation is based on apt-get, Debian's venerable but highly serviceable program that automatically determines and installs dependencies. Besides apt-get itself, version 3.1 also installs aptitude, KPackage, and Synaptic. All these graphical interfaces for apt-get have their supporters, but apt-get itself is quick enough to learn that they are hardly needed. Apt-get is also more convenient if you want to do a quick installation by opening a root command line while in an ordinary user's account.

Whatever your choice of package manager, don't be surprised if only packages from the main Debian repositories are available. Many Debian developers dislike the contrib (free but dependent on non-free programs) and non-free repositories. Over the last few years,
the project has had several discussions about removing them altogether. Perhaps as a result, the archives added during installation do not include the contrib and non-free repositories. This decision means that an install of Debian 3.1 contains only free software. If you want packages like Acrobat Reader or RealPlayer, you'll have to add the other repositories to the/etc/apt/sources.list.

Security

Debian 3.1 is noticeably more security-conscious than other major distributions. You need the root password to mount removable drives or shut down the system. Similarly, as a minor obstacle to script kiddies, the root user cannot log in to a desktop. Nor are any unnecessary daemons configured, with the possible exception of atd.

Groups are also carefully organized. Debian 3.1 defines separate groups for basic system functions such as exim, crontab, and message bus, and membership in all groups is tightly controlled. The user account created during installation is added only to the video and plugdev groups. Users added after installation are not even added to those groups by default. Nor is any user included in the user or games groups, as they are in many distributions. The result is a system in which the security principle of least privilege is tightly observed. In other words, no user has more access to the system than is absolutely required unless it is deliberately added.

Strangely, Debian 3.1 omits enabling a firewall during installation. However, this lapse can be quickly remedied by running Bastille immediately after installation -- a step that anyone interested in security should consider anyway.

Users of Windows or commercial GNU/Linux distributions may find the security-consciousness of Debian 3.1 irksome. However, the inconveniences are small compared to the potential benefits. And, frankly, it's refreshing to see security chosen over convenience for once -- if only as a counter-example.

Conclusion

To say that Debian is no longer just for geeks would be an exaggeration. All the same, if version 3.1 is any indication, that's the way the distribution is heading.

True, it's still not a distribution to give a newcomer. Defects such as the lack of video card testing during installation or of an utomatically installed firewall still assume a knowledgeable, hands-on user who can readily overcome them.

But neither is it a distribution that should baffle any except the most inexperienced. If you've been down the install path a couple of times and always wanted to try Debian, there's never been a better time. Combining ease of use, security-consciousness, and a strict adherence to principle with a mostly current selection of well-tested software, in many ways Debian 3.1 is free software at its best.

Bruce Byfield is a course designer and instructor, and a computer journalist who writes regularly for Newsforge and the Linux Journal Web site.

Category:

  • Linux
Click Here!