back to main page txt version============= configuration =============
Index: * display - resolution - setterm - cursor * kernel messages * security and user separation * sound * font - choosing font - building unifont - finding UTF-8 codesdisplay =======
resolution ----------
Resolution can be changed during boot-time by providing below kernel parameters. You can set multiple 'video' values for different screens. Documentation for this is located here: video=1920x1080M@60m # set resolution on all displays video=DP-1:1920x1080M@70m # set resolution on display DP-1 video=LVDS-1:d # disable laptop display To list available displays look for directories with a prefix cardN- in output of this command: $ ls /sys/class/drm/setterm -------
Setterm is useful for configuring your console. Be sure to run it in tty i.e. outside of tmux. Power off display after 3 minutes (doesn't work when xorg is running): $ setterm -blank 3 Change background to blue and font to red: $ setterm --background blue --store # can use '4' instead of "blue" $ setterm --foreground red --store # can use '1' instead of "red" All 16 console colors are defined in 'man 4 console_codes' along with other useful information about console configuration.cursor ------
To disable cursor blinking run this somewhere in your boot process: $ echo 0 > /sys/devices/virtual/graphics/fbcon/cursor_blink To have a block cursor you can use 'tput cvvis' or 'tput cnorm' for underline as a cursor. This doesn't work in tmux though as tmux sets the cursor independently, overwriting console settings. To change it in tmux add one of these lines to '.tmux.conf': set -g terminal-overrides "linux:cnorm=\e[?25h\e[?8c" # cvvis set -g terminal-overrides "linux:cnorm=\e[?25h\e[?0c" # cnorm default Other possible parameters for tput are described in 'man 5 terminfo'. If you'd like to see the escape sequences for console manipulation - they are supposed to be described in 'man 4 console_codes', but it's pretty hard there to find a sequence you are after. It's easier to get a tput parameter from 'man 5 terminfo', redirect stdout from tput to a file 'tput cvvis > cvvis.bin' and to read the escape sequence with vi, od -c, xd -c or sed -n 'l', but obviously not with cat -v.kernel messages ===============
By default kernel will print log messages to the console. I like this functionality as it allows me to see what just happened on my system in real time and the messages are not really that frequent and if they were that would mean I have to fix something in my system. Plus when using tmux it's easy to redraw the screen and get rid of the messages by pressing <prefix><r>. You can see setting for this functionality in the output of $ cat /proc/sys/kernel/printk # or $ sysctl kernel.printk 'man 2 syslog' shows what each position and value means. Basically value 7 means all messages and 1 means only critical messages. Each position's meaning is respectively: - console_loglevel: messages with a higher priority than this will be printed to the console - default_message_loglevel: messages without an explicit priority will be printed with this priority - minimum_console_loglevel: minimum (highest) value to which console_loglevel can be set - default_console_loglevel: default value for console_loglevel The first number is the most important one. I like to see everything so I do: $ echo '7 4 1 4' > /proc/sys/kernel/printk # or $ sysctl kernel.printk='7 4 1 4' To make this persistent do: $ echo 'kernel.printk = 7 4 1 4' > /etc/sysctl.d/kernel_msgs.confsecurity and user separation ============================
To be able to play videos in your Linux console and listen to audio you'll need to add a user doing those things to 'audio' and 'video' groups. Using different users to run different programs is in general a great idea, but be aware that in Linux console this separation has a hole in a shape of the framebuffer. User in a video group have access to the framebuffer device. That means that even if you use tmux to run a program as an unprivileged user in one window and then switch to another window with root logged in, that unprivileged user can see everything what root is doing on the screen. If the user gets compromised this can become a problem. A workaround for that is to use only dedicated windows in tmux for doing sensitive work and disabling access to framebuffer as soon as you activate these windows. It can be done with tmux hooks in ~/tmux.conf like this: set -g session-window-changed "if -F '#{<=:#{window_index},1}' 'run-shell \"sudo /bin/chmod 600 /dev/fb0 \"'" set -g -a session-window-changed "if -F '#{>=:#{window_index},2}' 'run-shell \"sudo /bin/chmod 660 /dev/fb0 \"'" Now the framebuffer device will not be available even for users in video group when window index is less then 2. Required /etc/sudoers entry for the above to work: user1 ALL=(root) SETENV: NOPASSWD: /bin/chmod 660 /dev/fb0, /bin/chmod 600 /dev/fb0 The user that started the tmux session shouldn't be running any programs that are a possible attack vectors (like browsers, e-mail clients, even baroque text editors) - these should be run by separate users within tmux.sound =====
Disable the damn beep on keypress: '$ setterm -blength 0' or unload and blacklist the pcspkr module completely.font ====
choosing font -------------
One of the most important choices one can make when living in the console is the choice of a font. I've spent many hours testing different ones and what I have found to be the best is unifont. Every now and then I was questioning my choice until I found this page containing a screenshot of a terminal with something like a unifont. Since then I'm convinced I've made the right choice. Cool thing about unifont is that you can put whatever glyphs (meaning characters) you need there. This is important as you are limited with the amount of glyphs console can display to 512. So if you happen to often see question marks on white background instead of a character it means it would be a good idea to include that character in your console font. Check out the build instructions further below. Console fonts are located in /usr/share/kbd/consolefonts or in /usr/share/consolefonts. You can try out other fonts by typing 'setfont /path/to/font.psf.gz' or 'setfont ter-u16n' as an example. To get back to default font type 'setfont' with no arguments. For persistence it's good to add 'setfont' command in initramfs or/and to change default console font in /etc: gentoo: /etc/conf.d/consolefont consolefont=Unifont-APL8x16 arch: /etc/vconsole.conf FONT=Unifont-APL8x16 debian: /etc/default/console-setup FONTFACE=Unifont-APL8x16building unifont ----------------
Steps to build unifont: 1. Download font source code and verify gpg signature. $ wget http://ftp.gnu.org/gnu/unifont/unifont-12.1.03/unifont-12.1.03.tar.gz $ wget http://ftp.gnu.org/gnu/unifont/unifont-12.1.03/unifont-12.1.03.tar.gz.sig $ wget ftp://ftp.gnu.org/gnu/gnu-keyring.gpg $ gpg --keyring ./gnu-keyring.gpg --verify ./unifont-12.1.03.tar.gz.sig 2. Double check if the key from the last command is the same on gpg server. $ gpg --keyserver https://keys.gnupg.net \ --search-keys 95D2E9AB8740D8046387FD151A09227B1F435A33` 3. Untar and cd. $ tar xf unifont-12.1.03.tar.gz $ cd unifont-12.1.03 4. Edit the character set. File ./font/psf/unifont-apl.txt contains UTF-8 codes that are going to be compiled. If you want to add a character you need to comment out something from the existing table that you won't use and add the UTF-8 code for the symbol you'd like to see in the font. Order doesn't matter, but the number of uncommented lines should be 512. To see actual glyphs in this file you can use a little bit of a shell script: #!/bin/ksh set -eu unifont='./font/psf/unifont-apl.txt' list=$(grep -v '^#' $unifont | sort -u) echo "$list" | while read -r line; do unicode=$(echo "$line" | cut -d'#' -f1 | sed 's|U+|\\u|') desc=$(echo "$line" | cut -d'#' -f2) echo -nE "$unicode" echo -ne "\t" $unicode "\t" $desc "\n" done Of course you'll need a font with these glyphs already compiled in to view them. It's actually best to do it in xorg environment, as there's usually pretty good support for UTF-8 charsets out of the box there. To find other UTF-8 codes look at the section below. 5. Make sure you have standard build tools installed (gentoo has them by default) and bdf2psf: $ emerge -a app-text/bdf2psf # or $ apt install gcc make bdf2psf On arch linux you need to get the bdf2psf from AUR: $ pacman -S gcc make gawk sed file git fakeroot $ git clone https://aur.archlinux.org/bdf2psf.git $ cd bdf2psf && makepkg $ pacman -U ./bdf2psf-*-any.pkg.tar.xz 6. Compile. $ make bindir $ cd font/ $ make psf 7. Check out your new font. $ showconsolefont $ setfont compiled/Unifont-APL8x16-12.1.03.psf.gz $ showconsolefont 8. It's also good to make sure that you have UTF set in locales: $ cat /etc/locale.genfinding UTF-8 codes -------------------
If you see this character on the console � (U+FFFD) it means that you are missing a glyph in your font. To find the code for this glyph copy it to the below echo command instead of the square: $ echo ▓ | iconv -f utf-8 -t UNICODEBIG | xxd This will show you the hex value of the code you need to put into your font. You can also copy the missing character to a file via tmux buffer and cat the file to iconv. I couldn't find a single UTF-8 table on my system large enough to include all glyphs I'd be interested to find, so I compiled one from a few sources. It is located here. Some other locations of files with UTF-8 codes on Linux systems are listed below. File /usr/share/consoletrans/utflist from kbd package: $ emerge -a sys-apps/kbd # or $ pacman -S kbd I couldn't find this file in debian in any package, but you can also get it from source: $ git clone git://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git $ less ./kbd/docs/doc/utf/utflist To supplement it you can use /usr/share/X11/locale/en_US.UTF-8/Compose or other UTF-8 files located there from libX11 package for a more complete code table: $ emerge -a x11-libs/libX11 # or $ pacman -S libx11 # or $ apt install libx11-data Vim also has a pretty cool UTF-8 table in /usr/share/vim/vim81/doc/digraph.txt.