LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue36/issue36.txt

14331 lines
642 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Linux Gazette... making Linux just a little more fun!
Copyright © 1996-98 Specialized Systems Consultants, Inc.
_________________________________________________________________
Welcome to Linux Gazette! (tm)
_________________________________________________________________
Published by:
Linux Journal
_________________________________________________________________
Sponsored by:
InfoMagic
S.u.S.E.
Red Hat
LinuxMall
Linux Resources
cyclades
stalker
LinuxToday
Our sponsors make financial contributions toward the costs of
publishing Linux Gazette. If you would like to become a sponsor of LG,
e-mail us at sponsor@ssc.com.
Linux Gazette is a non-commercial, freely available publication and
will remain that way. Show your support by using the products of our
sponsors and publisher.
_________________________________________________________________
Table of Contents
January 1999 Issue #36
_________________________________________________________________
* The Front Page
* The MailBag
+ Help Wanted--Article Ideas
+ General Mail
* More 2 Cent Tips
* News Bytes
+ News in General
+ Software Announcements
* The Answer Guy, by James T. Dennis
* Booting Linux with the NT Loader, by Gustavo Larriera
* Defining a Linux-based Production System, by Jurgen Defurne
* EMACSulation, by Eric Marsden
* Evaluating postgreSQL for a Production Environment, by Jurgen
Defurne
* Introducing Samba, by John Blair
* Linux Installation Primer, Part 5, by Ron Jenkins
* Linux on a Shoestring, by Vivek Haldar
* The Linux User, by Bryan Patrick Coleman
* New Release Reviews, by Larry Ayers
+ Kernel 2.2's Frame-buffer Option
* Running Your Own Domain Over a Part Time Dialup, by Joe Merlino
* Setting Up a PPP/POP Dial-in Server USING Red Hat Linux 5.1, by
Hassan Ali
* Touchpad Cures Inflammation, by Bill Bennet
* Through the Looking Glass: Finding Evidence of Your Cracker, by
Chris Kuethe
* USENIX LISA Vendor Exhibit Trip Report, by Paul L. Lussier
* X Windows versus Windows 95/98/NT: No Contest, by Paul Gregory
Cooper
* Announcements by Sun and Troll Tech by Marjorie Richardson
* The Back Page
+ About This Month's Authors
+ Not Linux
The Answer Guy
The Graphics Muse will return next month.
_________________________________________________________________
TWDT 1 (text)
TWDT 2 (HTML)
are files containing the entire issue: one in text format, one in
HTML. They are provided strictly as a way to save the contents as one
file for later printing in the format of your choice; there is no
guarantee of working links in the HTML version.
_________________________________________________________________
Got any great ideas for improvements? Send your comments, criticisms,
suggestions and ideas.
_________________________________________________________________
This page written and maintained by the Editor of Linux Gazette,
gazette@ssc.com
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
The Mailbag!
Write the Gazette at gazette@ssc.com
Contents:
* Help Wanted -- Article Ideas
* General Mail
_________________________________________________________________
Help Wanted -- Article Ideas
_________________________________________________________________
Date: Wed, 30 Dec 1998 05:04:56 -0800
From: "Fields, Aubrey", Aubrey.Fields@PSS.Boeing.com
Subject: I have two ideas for articles.
I am a new user to the Linux community. I have two ideas for articles
that I would read, print, and distribute to the other Linux newbees
that I know.
1. PPP using minicom. I have read several articles on using PPP, pppd,
minicom and other dialup and networking issues. Being a new, however,
I would find it very valuable to read "the definitive new users guide
to configuring PPP on Linux". I've gotten a lot of pointers and some
advanced tips, but what I'd like to see is how to setup a stand alone
Linux 2.0.x machine (Red Hat v4 in my case) for dialing up via PPP
using minicom with dhcp and dns provided by an ISP.
2. basic xfree86 / fvwm95 config tricks. For example, how to change
the word "start" on the menu button at the bottom of fvwm95 to
ANYTHING else! I kick Bill Gate off my PC for a reason! I don't find
it cute, funny, nor reassuring to see the "I want to be windows95
'Start'" button on my Linux machine.
also, how to use icons, get rid of the "virtual" desktop so that I can
see my entire window without scrolling.
Thank you very much, the Linux Gazette has proven to be a valuable
resource!
--
Aubrey
_________________________________________________________________
Date: Wed, 02 Dec 1998 13:33:11 PST
From: David Camara, cpdj2@hotmail.com
Subject: connecting to novell 3.12 servers...
Hi, I'm trying to connect to netware 3.12 servers. I am using the IPX
module and ncpfs 2.2.0.7-1 (for Debian 2.0). Now, I don't use the
auto_primary and auto_interface since a number of old posts recommend
adding the ipx interface manually.
I use:
ipx_interface add -p eth0 802.3 xxxxxxxx
When I cat /proc/net/ipx_interface:
Network Node_Address Primary Device Frame_Type
xxxxxxxx yyyyyyyyyyyy Yes eth0 802.3
When I try to slist, I get:
slist: No server found in ncp_open
When I try to mount a Novell volume using:
ncpmount -S server_name -U user_name -V sys /mnt/ncp
I get:
ncpmount: No server found when trying to find server_name
All this as su root... Any ideas? Thanks!
--
David
_________________________________________________________________
Date: Tue, 8 Dec 1998 12:16:20 -0500
From: Blazek, Daniel, blazek@globalserve.net
Subject: Ethernet
Which Ethernet cards are compatible with Linux with minimum ease of
installation, also does the make/model of the hub matter?
--
Dan
_________________________________________________________________
Date: Tue, 15 Dec 1998 12:29:37 +0000
From: Tomos Llewelyn, tml@aber.ac.uk
Subject: "Unable to open console..." Why?
Can anyone tell me why I'm getting this message?
Trying to boot a 2.0.36 kernel on a PII350 with an ATI Xpert@Play 8Mb
AGP card. Should I be tweaking the video mode?
--
Tom Llewelyn
_________________________________________________________________
Date: Mon, 14 Dec 1998 12:46:57 -0500
From: Michael Bright mabright@us.ibm.com
Subject: Token Ring Errors with SuSE 5.3
Hi, I would seriously appreciate any help you can give. I had the
evaluation copy of SuSE 5.3 running fine on this machine. I loaded the
full version of SuSE 5.3 and the Token ring went south. During install
everything went fine, including loading the token ring module. I have
replaced the ibmtr.o module file from a working machine with _no_
change in the error. I also checked the /etc/conf.modules file to make
sure the alias is defined right ( alias tr0 ibmtr.o ) and the options
line is right ( options ibmtr io=0xa20 ). At this point I see two
options, reload the machine with the eval copy and do an upgrade or
recompile the kernel and hope for the best.
initialising tr0
general protection: 0000
CPU: 0
EIP: 0010:[]
EFLAGS: 00010212
eax: 00000003 ebx: 0009e658 ecx: fffffff7 edx: 00000000
esi: f000f84d edi: 00000003 ebp: 00000000 esp: 019b7e0c
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process insmod (pid: 66, process nr: 16, stackpage=019b7000)
Stack: 0009e658 00000000 00000003 019b7e4c 00000008 0010ca1c 00000003
00000000
019b7e4c 019b7e4c 00000003 00000000 0009e658 0010bae1 00000003
019b7e4c
001f9b7c fffffff7 00108e00 00000003 00000000 0009e658 ffffff50
00000018
Call Trace: [] [] [] []
[] [] []
[] [] [] [] []
[] [] []
[] [] [] [] []
[] [] []
[]
Code: 0f b6 56 2f 83 fa 01 0f 84 9e 07 00 00 83 fa 02 0f 85 a9 07
Aiee, killing interrupt handler
OS: SuSE 5.3 Hardware: IBM ISA Auto 16/4 Tokenring adapter.
Thanks,
--
Michael
_________________________________________________________________
Date: Wed, 16 Dec 1998 14:33:55 -0600
From: David Caliguire, djc@sgi.com
Subject: Driver for Netflex III card on Linux
I noticed a question posed to the Gazette about drivers for Netflex 3
cards on Compaq on Linux. I have a Compaq with this card and would
like to know where I could get a driver for this card for Linux.......
Thanks
--
Dave
_________________________________________________________________
Date: Wed, 16 Dec 1998 16:06:42 -0300
From: Saltiel, Hernan Claudio, hsaltiel@infovia.com.ar
Subject: Help Wanted!!!
I have a Linux box, with S.u.S.E., and a Lotus Notes server. I want to
e-mail the status of my workstation to another user that belongs to
the Notes Network. Does anybody know how to do that, or just the
concepts to do this?
--
Hern´n Claudio Saltiel
_________________________________________________________________
Date: Sun, 13 Dec 1998 14:35:20 -0500
From: John, john@maxom.com
Subject: Accounting
I am looking for some inexpensive Accounting w/Inventory Software that
will run on Linux . If you could point me in the right direction I
would be greatly thankful
Thank You
--
John Nelson
_________________________________________________________________
Date: Thu, 24 Dec 1998 14:47:09 +0200
From: "tdk001", tdk001@mweb.co.za
Subject: Linux and UNIX
I am a 2nd year computer science student. I have looked everywhere for
the answer and found only basic answers. My question is what exactly
is the difference between Linux and UNIX, excluding size and speed. I
would appreciate it if you could just send me a few of the
differences.
Thank you
--
Frans
_________________________________________________________________
Date: Tue, 22 Dec 1998 12:33:42 -0000
From: "James Jackson", james.jackson@3f.co.uk
Subject: Intellimouse
Does anybody know how to enable the wheel on an Intellimouse under
Linux? (Red Hat 5.2)
--
James
_________________________________________________________________
Date: Sat, 19 Dec 1998 13:53:33 PST
From: "Thomas Smith", highminded015@hotmail.com
Subject: Upgrading Red Hat
I just installed Red Hat 5.0 and I hear about the newer versions out
there and I want to upgrade but I don't want to buy a brand new CD or
download everything and then re-install. I have been to a couple of
sites and I have found no real help for this at any of them, so could
you please help me out. Thank you.
--
Thomas
_________________________________________________________________
Date: Fri, 18 Dec 1998 23:20:12 -0800
From: Taro Fukunaga, tarozax@earthlink.net
Subject: How to get CPU info
I am writing a Tcl/Tk program that prints info about the CPU, memory
usage, processes, and disk usage of a Linux computer. On problem I
have is in getting info about the CPU. Because the contents (ie field
names) of /proc/cpuinfo may vary from one machine (perhaps kernel
build is the right answer) to the next, I decided to use the program
uname. However, this also doesn't work well, and simply lists my
processor as "unknown". I looked at the source code, and "unknown" is
the default value for the CPU!
So my question is, is there any way to write a program that can get
the type of CPU on any Linux computer?
Thank you, anyone.
--
Taro
_________________________________________________________________
Date: Thu, 31 Dec 1998 21:19:48 -0600
From: dcramer@midusa.net
Subject: Does Linux have multimedia support?
I just finished reading Marjorie Richardson's comments about Linux in
the January '99 issue of Computer Shopper, and I was wondering if
Linux now has, or will support any of the multimedia formats supported
by Windows, such as AVI, JPG, WAV, MOV, etc? I have looked into some
of the basics of the OS, but I have not tried to install it. Thank
you.
--
Don Cramer
_________________________________________________________________
Date: Wed, 30 Dec 1998 14:03:42 -0500
From: Soraia Paz, spaz@rens.com
Subject: LILO Problems
I originally had Windows NT on my PC with some room left for Linux. I
installed Linux and I set up LILO to boot both operating systems. I
got into Linux fine but when I tried to get into NT it kept on
crashing. I tried using DOS's fdisk to get rid of Linux but LILO is
still there. How can I get rid of it?
--
Soraia
_________________________________________________________________
Date: Wed, 30 Dec 1998 09:42:23 -0600
From: Bill McConnaughey, mcconnau@biochem.wustl.edu
Subject: DB9 serial port
I degraded my floppy disk drive, apparently by doing fdformat with
inappropriate parameters and/or media. In order to back up my work, I
want to use minicom or seyon to transfer files over the DB-9 serial
port. I can get the computers to type to each other, but file transfer
protocols (xmodem and ymodem) don't work. There is no Kermit in my
installation and I don't know where to get it. What is the correct
wiring for a direct connection of the DB-9 com ports on two pc's? How
can I transfer files?
--
Bill
_________________________________________________________________
Date: Tue, 29 Dec 1998 10:40:15 -0500 (EST)
From: ive.db@usa.com
Subject: HELP
I have a jamicon 36X cd player.
It doesn't work under Linux. I tried to install Linux but I failed.
Could you please help me with this. I also need to say that you can
set my cd-player master,slave and CSEL with a jumper.
_________________________________________________________________
Date: Mon, 28 Dec 1998 03:49:21 -0500
From: "david marcelle", marcelle@avana.net
Subject: Audio-Only CDRs
Do you have for sale or do you know where I can purchase audio-only
blank CDRs (for my phillips CD recorder) for $4.00 each or less?
Thanks
--
David
_________________________________________________________________
Date: Mon, 28 Dec 1998 02:15:26 -0500
From: "Clayton J. Ramseyer", cyberzard@earthlink.net
Subject: IP Masquerading and related
I am writing this message to you, because I am new to Linux. (I love
it by the way) Anyway, I have a small LAN setup at home and would like
to provide access to the Internet for my other machine.
The HOWTO is a bit confusing when it comes to setting this up.
If someone could write me with a possible offer for help, I'd surely
appreciate it.
The commands I have are probably correct. Yet the HOWTOs don't mention
which machine these commands are entered on.
I assume it would be the machine connected to the net.
By the way, I connect with a USR 56K v.90 compatible modem. My service
provider is earthlink.
I look forward to your responses.
Thanks,
--
CJ
_________________________________________________________________
Date: Sat, 2 Jan 1999 23:05:13 +0530
From: "L.V.Gandhi", lvgandhi@vsnl.com
Subject: Netscape help
I have installed NC4.5 for Linux. I could edit preferences both as
root and an user. Once closed and then restarted I am unable to do
that. I am not sure from when it happened. It may be due improper
shutdown due to power outage or hanging of nc after many windows are
open. I have system PII with 780MB partition for Linux with 64 MB swap
space, 32 MB ram. Is there any easy way to remove an installed
software and reinstall it in Linux?
--
L.V.Gandhi
_________________________________________________________________
Date: Sat, 2 Jan 1999 23:03:35 +0530
From: "L.V.Gandhi", lvgandhi@vsnl.com
Subject: help for microsoft intellimouse
I have installed RH5.0 and upgraded to 5.1. I have Microsoft
intellimouse and logitech super mouse. when I configure mi, the same
is not recognized by Linux and xserver. The same is recognized in
win98. But logi mouse is recognized in both. Any solutions welcome.
--
L.V.Gandhi
_________________________________________________________________
General Mail
_________________________________________________________________
Date: Tue, 1 Dec 1998 13:39:58 -0500
From: Brad Gerrard, bradgerrard@x-stream.co.uk
Subject: The Future Of Artificial Intelligence and Linux
Can you imagine, 'eureka' you've done it, you're going to make
millions neigh billions, you've created a programme that gives a
computer the seeming ability to think.
There it is flashing away 'walking the walk', bezazz it thinks.
Hold on a moment the operating system, no the skeleton of this
thinking machine has crashed.
What say you, shall we change the operating system? Not arf we will.
How about something a little more stable, how about an operating
system that will go for at least a year. Is that to much to ask? One
might well wonder were we not acquainted with the genie in the bottle,
yes 'Linux'.
Linux is gaining in popularity, that makes it commercial, that means
money, and money means more thinkers are turning their attention
towards it as a viable alternative to some of it's less exciting
competition. Linux is a stable operating system, freely available, an
operating system for Man All Born Equal as written in the American
constitution, yes could this operating system level out the playing
field.
Artificial Intelligence requires a very stable platform, and I believe
that given the limitations of present day hardware, AI requires an
operating system with a small foot print in order to possibly tackle
the problem of achieving any potential of new thought, which could
possibly be termed artificial intelligence in it's true sense. Linux
is a Unix operating system, it can be and usually is networked, this
is a plus when it comes to composing an AI operating programme.
The very makeup and variable structure lends it's self to AI.
Yes I believe that Linux is an operating system with a bright future.
--
Brad
_________________________________________________________________
Date: Tue, 1 Dec 1998 13:39:58 -0500
From: "Serge E. Hallyn", hallyn@CS.WM.EDU
Subject: happy hacking keyboard
wow. $140 for a keyboard because it has fewer keys? I simply don't
think the arguments in favor make sense - namely that you don't have
to reach for any keys, because you should never need to with other
normal keyboards either. Let's see:
* control not being next to A should never be a problem for anyone
who'd dare call him/herself a hacker, happy or otherwise - if you
can't figure out how to remap caps lock,...
* escape should not be a problem, since any self-respecting vi user
uses ctrl-[ anyway
* backspace: ctrl-h (well, OK, emacs users are out of luck :)
* tab, if it's a really weird keyboard, ctrl-i, though i seldom do
that
$140. ridiculous.
--
serge
_________________________________________________________________
Date: Tue, 01 Dec 1998 12:28:06 -0600
From: Tim Kelley, tpkelley@winkinc.com
Subject: Jeremy Dinsel's review of keyboard ...
He did not mention something which many people would be very
interested in knowing - is it a clicking, spring action style keyboard
or a membrane (mushy) style keyboard?
At that price (~$150), I can't believe it's one of those cheap
membrane things, but one can never be sure. Actually, at that price, I
can't believe anyone would buy it, but whatever.
--
Tim
_________________________________________________________________
Date: Wed, 2 Dec 1998 01:32:06 +1000 (GMT)
From: Norman Widders winspace@paladincorp.com.au
Subject: Linux Gazette
I just read David Jao's article in Linux Gazette #35 and enjoyed it.
He had one fact wrong though, he mentioned:
Currently, a limitation of the UW IMAP server is that a folder
cannot contain both messages and subfolders.
This is not a limitation of the UOW server. It is a limitation of the
default UNIX mail files... There are other available mailbox types
available on the UNIX platform that will allow UOW to create
subfolders... see the release notes with UOW for more info :)
--
Norman
_________________________________________________________________
Date: Tue, 1 Dec 1998 08:24:43 -0500 (EST)
From: Walt Taninatz, waldo@voicenet.com
Subject: Re: Linux Gazette #35
Thank you for the reminders and for making such a great magazine. The
content is always useful, interesting and well written.
Best Regards,
--
Walter
_________________________________________________________________
Date: Thu, 03 Dec 1998 13:52:14 -0800
From: Jauder Ho, jauderho@transmeta.com
Subject: Re: IMAP on Linux: A Practical Guide
I have some comments on the article written by David Jao. There are
some inaccuracies that I need to correct. We use IMAP here and it is
indeed excellent technology.
* NS 4.08 is out. NS 4.5 is actually pretty stable when it comes to
IMAP based mail, we have no problems using it.
* By default, imapd uses UNIX spool. This is horrendously
inefficient. So I am not surprised by it crashing over 1000
messages. HOWEVER, if you change the mailbox format to something
like mbx (Modify the Makefile, change unixproto to mbxproto), it
can easily handle much more messages and allow concurrent access.
I have users with 8000 messages in their in box with not problem.
* Netscape is now beta testing Linux versions of their Messaging and
Directory servers.
* There is one more way to do IMAP securely and that is to use
stunnel under IMAP.
More information about what we do site specific can be found at
http://www.carumba.com/imap/
--
Jauder
_________________________________________________________________
Date: Wed, 02 Dec 1998 08:46:18 +0100
From: "Thomas Diehl", th.diehl@dtp-service.com
Subject: Editor's Choice Awards: Most Desired Port?
This is on your "Editor's Choice Awards", esp. the following from your
article "Most Desired Port--QuarkXPress":
For layout, we must have an MS Windows 95 machine in order to run
QuarkXPress... We are more than ready to be rid of this albatross
and have a total Linux shop. Next, like everyone else, we'd like
Adobe to port all its products to Linux.
I'm a professional DTPer and a Linux user myself. So I would certainly
like to see the whole Acrobat suite for Linux as well as good font and
printing solutions from Adobe. And, of course, I don't have anything
against porting PM, Frame, PShop, Illustrator, or XPress to the
penguin platform. No doubt about it.
I find it problematic, however, that hardly anybody in the DTP area
seems to do justice to the fact that there is a complete suite for our
kind of work coming up just NOW: Corel promised repeatedly to port
_all_ their DTP programs to Linux: Ventura, Draw, PhotoPaint as well
as a lot of helpful apps like WordPerfect and their whole Office
suite. (See eg www.zdnet.co.uk/news/1998/45/ns-6073.html)
This would be an incredible step forward for Linux -- but somehow
nobody in DTP seems to care. I wonder why?
Of course, I'm fully aware of the bad reputation Corel software has
among DTPers (and also how much of this they deserved). But I can
assure you and everybody from daily, first hand experience that the
situation has incredibly improved over the last years. Today the Corel
DTP apps brings a wealth of functionality to the users that, as a
whole, is unmatched by anything I know in this area.
I'm also aware that this will not be enough to make XPress users
really consider a switch and that they have perfectly good reasons for
this attitude. But, nevertheless, I would appreciate it VERY much if
the Corel announcements would at least be taken into account when
talking about this area. If Corel keep their promise there will be a
complete publishing suite for Linux very soon. And I would ask
everybody to spread the good news, esp. those who may be held "opinion
leaders" by many people out there. I'm sure it would be a real loss
for everybody if Corel would get second thoughts about their plans
because of apparent "lack of demand" among professional DTPers.
Just in case you are prepared to look a little more at this I'm
attaching some more material on the aptness of Corel DTP software.
Kind regards,
--
Thomas
We use many of Corel's products including Ventura (for book
layout). Editor's choice is after all my opinion only, but I do
know that many magazines besides Linux Journal use QuarkXPress for
layout. --Editor
_________________________________________________________________
Date: Tue, 8 Dec 1998 16:30:53 -0500
From: "Adams, Ranald", Ranald.Adams@ctny.com
Subject: Compaq
There's a lot of this sort of thing on Compaq's forum. Please publish
to interested parties so that they can become subject to the
appropriate level of ridicule (in a caring, motivationally productive
kind of way).
Topic: Servers - Banyan-Unix Subject: Linux and Compaq Servers
From: COMPAQ - Robert G 05/11/98 09:10:13 Compaq now or in the
future will not be providing Linux drivers. This is because the
Linux operating system is a public domain OS. There is not a single
source of ownership to go to when trying to resolve OS issues like
there is for SCO Unix and other versions of Unix on the market.
Because there is no single source for the compiled binary code
required to install and run the OS there is no way to guarantee
driver compatibility with all the flavors of Linux.
Compaq Engineering has decided that they will not provide or
release hardware drivers unless they can be fully certified and
supported. Since Linux does not have a single source manufacture,
this is not possible with Linux. But you can by all means make a
formal request in writing to Compaq Engineering concerning your
need for Linux drivers. The address is:
Compaq Computer Corp.
Attn. Engineering Dept.
MS. 050702
20555 State Hwy. 249
Houston, TX 77070 b4
_________________________________________________________________
Date: Sat, 5 Dec 1998 10:53:00 -0800
From: Mike Wiley, npg@integrityonline.com
Subject: Corel Ventura would be best DTP port
I agree that Linux needs a DTP program, but the one which should be
desired is Corel Ventura Publisher, not Quark. CVP version 8 is at
least one generation ahead of Quark and include many features which we
use regularly =97 features which are completely absent from Quark. It
is more powerful and easier to use. From my perspective, Quark shows
all the signs of product arrogance which arises from having a
monopoly, or near monopoly, in a field.
Another point: Corel Corp has made a commitment to Linux. Adobe and
Quark, to my knowledge have not. Why not support those who support
you, especially when those who support you have the best product?
Just a couple of thoughts...
Sincerely,
--
Mike
We support Corel in every way we can, but Quark is more suited for
our purposes in printing the magazine than is Ventura. Corel's
NetWinder will be featured on the April Linux Journal cover.
--Editor
_________________________________________________________________
Date: Fri, 11 Dec 1998 14:19:43 -0500
From: "Nils Lohner", lohner@debian.org
Subject: Debian Powers 512 Node Cluster into Book of Records
Over 512 computers were assembled for the CLOWN (CLuster Of Working
Nodes) system that ran on the night of December 5-6. This cluster used
a modified version of the Debian GNU/Linux distribution (reduced in
size to a mere 16 MB, and boot script modifications) to run a
combination of PVM (Parallel Virtual Machine) and several application
programs. These programs included povray (a ray tracing program used
to calculate frames for a film), Cactus, a program that solves the
Einstein Equations, which are ten non-linear joint
hyperbolic-elliptical partial differential equations. These are used
to describe Black Holes, Neutron Stars, etc. and are among the most
complex in the field of mathematical Physics.
For more information, please visit the following sites (mostly in
German):
http://www.ccnacht.de/
http://www.linux-magazin.de/cluster/
http://www.heise.de/ix/artikel/1999/01/010/
http://europium.oc2.uni-duesseldorf.de/cluster/tech.html
--
Nils
_________________________________________________________________
Date: Fri, 11 Dec 1998 02:31:14 -0500
From: Paul Iadonisi, iadonisi@colltech.com
Subject: Re: USENIX LISA Vendor Exhibit trip report
There were a lot of what I call "Want-Ad" booths to. Collective
Technologies (formerly Pencom System Administration), Sprint
Paranet, Fidelity, and several other companies there for sole
reason of trying to recruit people.
Hmmm. I take exception to this. We (Collective Technologies) have many
reasons for being at LISA. Like any business, we work to get name
recognition. We want people to know who we are. But we also seek to
educate our members (look in the rear of the Attendee List for the
list by company and you will see how many of us went -- I think we
have the largest number of attendees) and give back to the System
Administration community at large. Take a look at the Technical Talks
and BoFs and you will find four events each sponsored by a Collective
Technologies member. Five of our members also wrote summaries for SANS
in the August issue of ;login:.
I hope no one sees this as a marketing message and my intention is not
to try to sell my company on a Linux mailing list. The point is that
we do all of this without tootin' our own horn that much. I think
reducing our booth to a "Want-Ad" type booth is a little unfair. I
normally wouldn't post a message like this on this list, but couldn't
let the '...there for sole reason of trying to recruit people...'
comment pass, especially since we were the first company listed. No
ill will, I just wanted to clear that up.
--
Paul Iadonisi
You must be clairvoyant! :-) That article is just being posted in
this issue. Of course, it's on Paul's web site, but to know to send
a copy of your letter to me. Wow! --Editor
_________________________________________________________________
Date: Fri, 11 Dec 1998 20:09:57 -0500
From: Kevin Forge, forgeltd@usa.net
Subject: Quark
Most Desired Port--QuarkXPress
Hate to say it but "BUY A MAC". Mind you I don't like the Mac. I don't
use a Mac. I don't even like the few occasions when I must attempt to
repair a Mac ( often it's cheaper to ditch it than buy parts ).
All this considered even Microsoft uses Quark on a Mac to do it's
manuals and stuff. As far as I know a Mac used in this post may never
crash. Sure Mac OS isn't Linux quality in terms of stability but it
beets NT.
In the mean time whine for a port ... It may never happen though since
even the windows port is 1/2 harted, unstable and not quite what the
printers want ( they all use Macs. )
--
Kevin
We started out with a Mac but at that time it wasn't as easy to
network a Mac with Linux as it now is with Netatalk. So the
decision was made to go with Windows. It happens. --Editor
_________________________________________________________________
Date: Tue, 22 Dec 1998 21:13:56 -0600
From: Sam, myoldkh@earthlink.net
Subject: Sponsorship
gts global >>myoldkh<< 12-22-98 09:15:32 PM:
You will be very pleased to know that yesterday I made a credit card
order on the Web for a copy of the Linux OS from one of your sponsors
- Red Hat Software.
I support quality web sites and their sponsors! (I am also sick and
tired of MS Windows crashing my computer all of the time - I think
that Microsoft writes software about the same way that GM builds cars
- I know cause I drive a Pontiac lemon!)
--
Sam
_________________________________________________________________
Date: Thu, 17 Dec 1998 19:46:04 -0600 (EST)
From: "Michael J. Hammel", mjhammel@graphics-muse.org
Subject: Logo
From LG Editor:
I get at least one letter a month asking that we change the quote
in the logo to be attributed directly to Gandhi rather than a movie
actor, as well as ones requesting that the graphic be made smaller.
What do you think? Is it time to make either of these changes?
I'll look at making the image smaller, but it may not be till next
month. I'm still getting things back together at home.
As to the quote, I'll stick to the attribution until someone provides
a definitive resource that attributes it to Gandhi. I'm fairly certain
he would have said it, but I don't want to give him the attribution
unless I can find some other resource to back it up. After all, I only
know about it because of a movie.
I have no objection to changing it - I just need some other definitive
attribution to do so.
--
Michael
_________________________________________________________________
Date: Mon, 28 Dec 1998 16:46:13 -0800
From: Randy Herrick, HERRICK@PACBELL.NET
Subject: graphics on title page
Great site, just one thing, I think Tux needs to look like, well, the
real Tux, in real Tux colors. In the beginning there were several
kinds of birds from seagulls to penguins, but I think nowadays most
everyone has adopted the standard Tux penguin that is siting down
(looking happy from eating herring-as Linus Torvald's put it )in the
black and white and yellow colors. We need to have a standard logo for
Linux, don't you think? Thanks for your time. :)
--
Randy
As far as graphics go, I trust Michael's judgment in all
things--even the way Tux is drawn. --Editor
_________________________________________________________________
Date: Sun, 27 Dec 1998 13:38:52 -0600
From: Lyno Sullivan, lls@freedomain.org
Subject: MPDN - Minnesota Public Digital Network
I would appreciate your support of the following initiative.
Specifically, I will need the help of the free software community
during discussions of item 4 and the excerpt listed below: December
27, 1998
The full MPDN announcement may be viewed at:
http://www.freedomain.org/^lls/free-mn/19981222-mpdn.html
This post constitutes an invitation to join discussions concerning the
MPDN. Beginning in January, 1999, I will present each goal of the MPDN
for discussion within the MN-NETGOV listserv. If you are a stake
holder to these goals, please join the listserv.
Anyone can join that listserv by sending an email to
mailto:mn-netgov-subscribe@egroups.com
Members may view past messages, calendars, and other group features
at:
http://www.egroups.com/list/mn-netgov/
ABSTRACT
In preparation for my requesting Legislative hearings in 1999, this
article explains my vision of the Minnesota Public Digital Network
(MPDN), which is:
1) to provide every Minnesota citizen with a secure and authenticated
email address within the mn.us hierarchy,
2) to assure that every citizen can use email to dialogue with the
elected and the appointed offices of government,
3) to assure that every local community has a high speed digital
network and a repository for the creative works and letters of the
Minnesota people, and
4) to collect the free software tools necessary to attain these goals,
within the Government Information Freedom Toolbox (the GIFT), which
will be created as a byproduct of Minnesota State government's
conversion to free software.
EXCERPT
GOAL 1) Effective immediately, freeze (at current levels or lower) all
spending for non-free, closed source, software. Establish a
Legislative audit to determine the Total Cost of Operation (TCO) costs
of non-free server and desktop software. Establish a cost reduction
plan that will result in the elimination of spending on non-free
software. Collect all those monies, identified by the TCO analysis,
together into a revolving Software Freedom Fund, to be administered by
the Office of Technology. Require that all further purchases and
upgrades of non-free, closed source server and desktop software must
be approved by the Minnesota Office of Technology's, Information
Policy Council (IPC). The IPC will be charged to develop a statewide
model of the MPDN. The IPC will be charged to connect every public
sector worker in Minnesota to the MPDN. Savings within the Software
Freedom Fund may be spent on writing free software. Revenues of the
Software Freedom Fund must be spent, to endow the creation of free
software and free content, all of which, must be licensed under the
GNU General Public License (GPL) or a suitable copyleft license.
--
Lyno Sullivan
_________________________________________________________________
Published in Linux Gazette Issue 36, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Next
This page written and maintained by the Editor of Linux Gazette,
gazette@ssc.com
Copyright © 1999 Specialized Systems Consultants, Inc.
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
More 2¢ Tips!
Send Linux Tips and Tricks to gazette@ssc.com
_________________________________________________________________
Contents:
* Forcing fsck on Red Hat 5.1
* Personal Listserver
* Re: Back Ups
* ANSWER: Your Supra Internal Modem Problems
* ANSWER: Single Floppy Linux
* ANSWER: Re: scsi + ide; boot ide
* ANSWER: Numlock at startup
* ANSWER: Re: graphics for disabled
* ANSWER: BTS: GNU wget for updating web site
* ANSWER: Linux Boot-Root
* Replies to My Questions in Nov. 98 Linux Gazette
_________________________________________________________________
Forcing fsck on Red Hat 5.1
Date: Tue, 08 Dec 1998 18:20:28 -0500
From: James Dahlgren, jdahlgren@netreach.net
I don't know if this is a 2 cent tip or what, and since it's
distribution specific, it's applicability is limited, but I still
thought it was worth sharing.
The shutdown command accepts a -F switch to force a fsck when the
system is rebooted. This switch just writes a flag file /forcefsck, it
is up to the initialization scripts do do something about it. In Red
Hat 5.1 ( I don't know about 5.2 ) the rc.sysinit script uses a
different method to force a fsck.
It checks for the existence of /fsckoptions and if it exists uses it's
contents as a switch when calling fsck. The command "echo -n '-f' >
/fsckoptions" will create a file, /fsckoptions, with "-f" in it and
will force a fsck the next time the system is booted. The rc.sysinit
script removes the /fsckoptions file after remounting the drive
read-write, so that the fsck won't be forced every time the system is
booted.
If you want the -F switch from the shutdown command to work, a little
editing of the /etc/rc.d/rc.sysinit file will do it.
near the beginning of the rc.sysinit file is the following:
if [ -f /fsckoptions ]; then
fsckoptions=`cat /fsckoptions`
else
fsckoptions=''
fi
This is where it checks for the /fsckoptions file and reads its
contents into a variable for later use. We add an elif to check for
the /forcefsck file and set the variable accordingly:
if [ -f /fsckoptions ]; then
fsckoptions=`cat /fsckoptions`
elif [ -f /forcefsck ]; then
fsckoptions='-f'
else
fsckoptions=''
fi
Now the /forcefsck flag file created by using the -F switch with
shutdown will force a fsck on reboot. Now we need to get rid of the
/forcefsck file, or it will force the check every time the system is
started. Further down in the rc.sysinit file, after the disk is
remounted read-write, is the following line which removes any existing
/fsckoptions file:
rm -f /etc/mtab~ /fastboot /fsckoptions
We just add /forcefsck to the list of files to delete:
rm -f /etc/mtab~ /fastboot /fsckoptions /forcefsck
Now we have two ways to force the fsck, we can use the -F switch when
running shutdown, or we can put specific flags in a /fsckoptions file.
CAUTION!
The rc.sysinit file is critical to system startup. A silly typo in it
can make the system hang when it boots. ( I've been there! ) Make a
backup before you edit it. Edit it carefully. If you do blotch it, you
can recover by rebooting and using the -b switch after the image name
on the lilo command line. This brings you up in maintenance mode
without running the rc.sysininit script. The disk is in read-only
mode.
mount -n -o remount,rw /
will get you to read-write mode so you can fix the problem.
mount -n -o remount,ro /
after fixing the problem to prepare the system for continuing startup.
exit or ctl-d to exit the maintenance shell and continue on to the
default runlevel.
Hope this is of some use to someone.
--
Jim
_________________________________________________________________
Personal Listserver
Date: Mon, 07 Dec 1998 01:59:48 +0100
From: "Soenke J. Peters", peters@simprovement.com
An often unused feature of "sendmail" is it's "plussed user feature"
which makes mails to "user+testlist@localhost" match "user@localhost".
I will show you how to use this to implement personal mailing lists.
First, you have to set up "procmail" to act as a filter on your
incoming mails. This could be done inside sendmail by setting it up as
your local mailer, or simply via your "~/.forward" file.
Now, you should get a mailing list program. I prefer BeroList, because
it's easy to configure. Compile it (don't forget to adjust the paths!)
and install it somewhere in your home directory.
Done that, you have to tell procmail what mails are to be passed to
the mailing list program. This is done inside "~/.procmailrc" and
should contain something like the following for every list (in this
example, the list is called "testlist", the mailname of the user is
"username"):
:0
* ^To:.*username\+testlist
| path/to/the/listprogram testlist
The last step is to prepare the configuration files for the mailing
list. As this is specific to the program you use, I can't tell you
here.
For a german description see:
http://www.simprovement.com/linux/listserver.html
--
Soenke Jan Peters
_________________________________________________________________
Re: Back Ups
Date: Tue, 1 Dec 1998 10:07:46 -0500 (EST)
From: Jim Buchanan, c22jrb@koptsv01.delcoelect.com
From: Anthony Baldwin:
Disk space is relatively cheap, so why not buy a small drive say
500Meg which is used for holding just the root /lib /bin /sbin
directories. Then setup a job to automatically back this up to
another drive using "cp -ax" (and possibly pipe it through gzip and
tar). This way when the unthinkable happens and you loose something
vital, all you have to do is boot from floppy mount the 2 drives
and do a copy. This has just saved my bacon while installing
gnu-libc2
A good idea as far as it goes, but there is one gotcha. If lightning
or some other power surge takes out one drive, it might take out the
on-line backup as well.
I use a very similar method where each night, on each machine, I have
a cron job back up vital information to another HD in another machine
on my home network.
In addition to the nightly back-ups, I do a weekly backup to removable
media, which I keep in a separate building (my workshop at the back of
my lot). That way if lightning takes out everything on the network, I
have lost a weeks or less work. The separate building part might be
paranoia, but I really recommend at least weekly off-line back ups.
--
Jim Buchanan
_________________________________________________________________
Tips in the following section are answers to questions printed in the Mail
Bag column of previous issues.
_________________________________________________________________
ANSWER: Your Supra Internal Modem Problems
Date: Tue, 1 Dec 1998 09:48:10 -0500 From: "Brower, William"
wbrower@indiana.edu
Richard wrote:
I have a PII (350MHz) running with an AGP ATI 3DRage graphics card
(which works fine) and a Sound Blaster 16 PnP (which also works
fine). But, I can't get my internal SupraExpress 56k modem to work.
Your modem sounded familiar from a past search I had done, so I went
to Red Hat's www site (http://www.redhat.com/) and followed the
support | hardware link. You will find this reference in the modem
category:
Modems that require software drivers for compression, error
correction, high-speed operation, etc.
PCI Memory Mapped Modems (these do not act like serial ports)
Internal SupraExpress 56k & also the Internal SupraSonic 56k
It appears that your modem is inherently not compatible with Linux. I
use an inexpensive clone modem called the E-Tech Bullet, pc336rvp
model - paid $28 for it and it operates with no problems at all. Good
luck in finding a compatible modem!
--
Bill
_________________________________________________________________
ANSWER: Single Floppy Linux
Date: Tue, 01 Dec 1998 22:05:59 -0800
From: Ken Leyba, kleyba@pacbell.net
To: roberto.urban@uk.symbol.com
There are a few choices for a single floppy Linux (O.K. some are more
than one floppy). I haven't tried them, but I will be doing a Unix
presentation next month and plan to demo and handout a single or
double floppy sets for hands-on.
muLinux (micro linux):
http://www4.pisoft.it/~andreoli/mulinux.html
tomsrtbt:
http://www.toms.net/rb/
Linux Router Project:
http://www.linuxrouter.org/
Trinux:
http://www.trinux.org/
Good Luck,
--
Ken
_________________________________________________________________
ANSWER: Re: scsi + ide; boot ide
Date: Sun, 29 Nov 1998 07:42:29 -0800 (PST)
From: Phil Hughes, fyl@ssc.com
The amazing Al Goldstein wrote:
I have only linux on a scsi disk. I want to add an ide disk and
want to continue to boot from the scsi which has scsi id=0. Redhat
installation says this is possible. Is that true? If so how is it
done?
First, you should be able to tell your BIOS where to boot from. Just
set it to SCSI first and all should be ok.
If that isn't an option, just configure LILO (/etc/lilo.conf) so that
it resides on the MBR of the IDE disk (probably /dev/hda) but boots
Linux from where it lives on the SCSI disk.
--
Phil
_________________________________________________________________
ANSWER: Numlock at startup
Date: Thu, 03 Dec 1998 21:51:08 -0800
From: "D. Cooper Stevenson", coopers@proaxis.com
To: bmtrapp@acsu.buffalo.edu
Here's a bit of code I found while searching the documentation for
"numlock" It turns numlock on for all terminals at startup! The bolded
code is the added code in the /etc/rc.d/rc file of my Redhat 5.1
Linux:
Is there an rc directory for this new runlevel?
if [ -d /etc/rc.d/rc$runlevel.d ]; then
# First, run the KILL scripts.
for i in /etc/rc.d/rc$runlevel.d/K*; do
# Check if the script is there.
[ ! -f $i ] && continue
# Check if the subsystem is already up.
subsys=${i#/etc/rc.d/rc$runlevel.d/K??}
[ ! -f /var/lock/subsys/$subsys ] && \
[ ! -f /var/lock/subsys/${subsys}.init ] && continue
# Bring the subsystem down.
$i stop
done
# Now run the START scripts.
for i in /etc/rc.d/rc$runlevel.d/S*; do
# Check if the script is there.
[ ! -f $i ] && continue
# Check if the subsystem is already up.
subsys=${i#/etc/rc.d/rc$runlevel.d/S??}
[ -f /var/lock/subsys/$subsys ] || \
[ -f /var/lock/subsys/${subsys}.init ] && continue
# Bring the subsystem up.
$i start
done
# Turn the NumLock key on at startup
INITTY=/dev/tty[1-8]
for tty in $INITTY; do
setleds -D +num < $tty
done
fi
_________________________________________________________________
ANSWER: Re: graphics for disabled
Date: Wed, 16 Dec 1998 00:13:19 GMT
From: Enrique I.R., esoft@arrakis.es
In a previous message, Pierre LAURIER says: - control of the
pointer device with the keyboard
You can do it with any windowmanager. It's a XFree86 feature (v3.2,
don't know of older versions). You only have to use the XKB extension.
You enable it hiting the Control+Shift+NumLock. You should hear a beep
here. Now you use the numerical keypad to:
Numbers (cursors) -> Move pointer.
/,*,- -> l,r&m buttons.
5 -> Click selected button.
+ -> Doubleclick selected button.
0(ins) -> Click&Hold selected button.
.(del) -> Release holded button.
Read the XFree86 docs to get details.
--
Enrique I.R.
_________________________________________________________________
ANSWER: BTS: GNU wget for updating web site
Date: Thu, 24 Dec 1998 03:15:16 -0500
From: "J. Milgram", milgram@cgpp.com
Re. the question "Updating Web Site" in the Jan 1999 Linux Journal,
p. 61 ...
Haven't tried the mirror package - might be good, but you can also use
GNU wget (prep.ai.mit.edu). Below is the script I use to keep the
University of Maryland LUG's Slackware mirror up-to-date. "Crude but
effective".
#!/bin/bash
#
# Update slackware
#
# JM 7/1998
# usage: slackware.wget [anything]
# any argument at all skips mirroring, moves right to cleanup.
site=ftp://sunsite.unc.edu
sitedir=pub/Linux/distributions/slackware-3.6; cutdirs=3
localdir=`basename $sitedir`
log=slackware.log
excludes=""
for exclude in bootdsks.12 source slaktest live kernels; do
[ "$excludes" ] && excludes="${excludes},"
excludes="${excludes}${sitedir}/${exclude}"
done
# Do the mirroring:
if [ ! "$*" ]; then
echo -n "Mirroring from $site (see $log) ... "
wget -w 5 --mirror $site/$sitedir -o $log -nH --cut-dirs=$cutdirs -X"$excludes
"
echo "done."
fi
# Remove old stuff
# (important, but wipes out extra stuff you might have added)
echo "Removing old stuff ..."
for d in `find $localdir -depth -type d`; do
pushd $d > /dev/null
for f in *; do
grep -q "$f" .listing || { rm -rf "$f" && echo $d/$f; }
done
popd > /dev/null
done
echo "Done."
--
Judah
_________________________________________________________________
ANSWER: Linux Boot-Root
Date: Mon, 7 Dec 1998 12:57:34 +0100
From: Ian Carr-de Avelon, ian@emit.pl
This is an answer to one of the letters in the December '98 issue.
Date: Wed, 04 Nov 1998 19:01:02 +0000 From: Roberto Urban,
roberto.urban@uk.symbol.com Subject: Help Wanted - Installation On
Single Floppy
My problem seems to be very simple yet I am struggling to solve it.
I am trying to have a very basic installation of Linux on a single
1.44MB floppy disk and I cannot find any documents on how to do
that. My goal is to have just one floppy with the kernel, TCP/IP,
network driver for 3COM PCMCIA card, Telnet daemon, so I could
demonstrate our RF products (which have a wireless Ethernet
interface - 802.11 in case you are interested) with just a laptop
PC and this floppy. I have found several suggestions on how to
create a compressed image on a diskette but the problem is how to
create and install a _working_ system on the same diskette, either
through a RAM disk or an unused partition. The distribution I am
currently using is Slackware 3.5.
Making a "boot-root" disk is not too difficult and there is
information and and examples available:
http://metalab.unc.edu/LDP/HOWTO/Bootdisk-HOWTO.html
http://www.linuxrouter.org/
Maybe the new LDP site should have a link from every page of Linux
Gazett: http://metalab.unc.edu/LDP/
I build boot-root disks quite regularly and they have lots of uses Eg:
1. change an old PC into a dial on demand router for a net.
2. Give clients and emergency disk which will ring in to us so we can
log in and fix things. (Even if the main OS on the machine is not
Linux)
3. Turn any Windows PC on the net into a terminal, or testbed for
network hardware.
4. Clients often bring laptops for installations with no easy way of
connecting them to the net. A bootroot disk and a PLIP cable gives
me a simple way to get the laptop to let me telnet to it and ftp
files across.
Basicly it is just a matter of reducing what you are trying to
something which will fit on the floppy and following the HOWTO. If you
are short of space you can usually gain a little by using older
versions.
Having said that you are putting yourself up against some additional
problems here. Laptops are notorious for being only PC compatable with
drivers which are only available for Windows. Even here there is some
support: http://www.cs.utexas.edu/users/kharker/linux-laptop/ but you
should realise that not all PCMCIA chip sets are supported and that is
before you get onto support for the card itself. Obvioulsy if the card
is your own product you have some advantages as far as getting access
to technical information :-) but in general if the laptop and card
manufacturers are unwilling to give information you can end up wasting
a lot of time on reverse engineering and sometimes still fail.
--
Ian
_________________________________________________________________
Replies to My Questions in Nov. 98 Linux Gazette
Date: Tue, 15 Dec 1998 20:23:48 -0800
From: Sergio Martinez, sergiomart@csi.com
Last month, Ms. Richardson published a short letter I wrote that asked
some questions about the differences among the terminology of GUIs,
window managers, desktops, interfaces, and a bit about the differences
among GNOME, KDE, and Windows. These matters came to mind as I
switched from Windows 95 to Linux, with its multiple choices of window
managers.
Several people were kind enough to send long replies. I'm forwarding
them to you in case you would like to consider using one as an
article, or editing them into one. I suppose the title could be
something like "A Vocabulary Primer to GUI's, Window Managers,
Desktops, Interfaces, and All That".
I'm leaving all this to your judgment. It would be an article for
newbies, but I found most of the replies very informative for this
migrant from Windows 95.
--
Sergio E. Martinez
--------------------------------------------------------------
Date: Tue, 1 Dec 1998 13:44:20 -0500
From: Moore, Tim, Tim.Moore@ThomsonConsulting.com
I don't have time to write a full article, but I can answer your
questions. Unfortunately, I'm using MS Outlook to do so (I'm at work
and I have to )-: ) so sorry if this comes out formatted funny in your
mailer.
Terminology: The differences (if any) among a GUI, a window
manager, a desktop, and an interface. How do they differ from X
windows?
In the X world, things tend to be split up into multiple components,
whereas in other systems, everything is just part of the "OS". Here
are some definitions:
Interface is a general term which really just means a connection
between two somewhat independent components -- a bridge. It is often
used to mean "user interface" which is just the component of a
computer system which interacts with the user.
GUI is another general term, and stands for graphical user interface.
It's pretty much just what it sounds like; a user interface that is
primarily graphical in nature. Mac OS and Windows are both GUIs. In
fact, pretty much everything intended for desktop machines is these
days.
On Mac OS and Windows, capabilities for building a graphical interface
are built into the OS, and you just use those. It's pretty simple that
way, but not very flexible. Unix and Unix-like OSes don't have these
built in capabilities -- to use a GUI, you have to have a "windowing
system." X is one of them -- the only one that sees much use these
days.
All X provides is a way to make boxes on the screen (windows) and draw
stuff in them. It doesn't provide a) ways to move windows around,
resize them, or close them, b) standard controls like buttons and
menus, c) standards or guidelines for designing user interfaces for
programs, or for interoperating between programs (e.g., via drag and
drop or a standard help system).
A window manager is a program which lets you move windows around and
resize them. It also usually provides a way to shrink a window into an
icon or a taskbar, and often has some kind of a program launcher. The
user can use any window manager that he or she wants -- any X
application is supposed to work with any window manager, but you can
only run one at a time. That is, you can switch between window
managers as much as you want, but at most one can be running at a
time, and all programs on screen are managed by whichever one is
running (if any).
A widget set is a library of routines that programmers can use to make
standard controls like buttons and menus (which are called widgets by
X programmers). The widget set that an application uses is chosen by
the *programmer* (not the user). Most people have multiple widget sets
installed, and can run multiple programs using different widget sets
at the same time.
Finally, there's the desktop environment. This is the newest and most
nebulous X term. It basically means "the things that the Mac OS and
Windows GUIs have that X doesn't but should" which generally consists
a set of interacting applications with a common look and feel, and
libraries and guidelines for creating new applications that "fit in"
with the rest of the environment. For example, all KDE applications
use the same widget set (Qt) and help program, and you can drag and
drop between them. You can have multiple desktop environments
installed at the same time, and you can run programs written for a
different environment than the one you're running without having to
switch, as long as you have it installed. That is, if you use GNOME,
but like the KDE word processor KLyX, you can run KLyX without running
any other KDE programs, but it won't necessarily interoperate well
with your GNOME programs. You can even run the GNOME core programs and
the KDE core programs at the same time, thought it doesn't really make
much sense to, as you would just end up with two file managers, two
panels, etc.
Do all window managers (like GNOME or KDE or FVWM95) run on top of
X windows?
Yes, though GNOME and KDE aren't window managers (they're desktop
environments). KDE comes with a windowmanager (called KWM). GNOME
doesn't come with a window manager -- you can use whichever one you
want, though some have been specifically written to interoperate well
with GNOME programs (Enlightenment being the furthest along). But yes,
they all require X to be running.
What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
It just means that it was written using the GNOME or KDE libraries.
This means a few things: 1) programs will probably *not* be both GNOME
*and* KDE aware, 2) you have to have the GNOME libraries installed to
run GNOME-aware applications, 3) you can run GNOME applications and
KDE applications side-by-side, and to answer your question, 4) you can
always run non-aware applications if you use either environment.
What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
GTK+ and Qt (which is the name of the product by Troll Tech that KDE
uses) are both widget sets. That is, they provide buttons, menus,
scrollbars, and that sort of thing to application developers. Note
that applications can use GTK+ or Qt without being GNOME or KDE aware,
but *all* GNOME apps use GTK+ and *all* KDE apps use Qt.
How does the history of Linux (or UNIX) window managers compare to
that of say, the desktop given to Win98/95 users? How,
specifically, does Microsoft limit consumer's choices by giving
them just one kind of desktop, supposedly one designed for ease of
use?
This is a much more complicated question. In essence, Windows provides
a built in windowing system, window manager, widget set, and desktop
environment, so everybody uses those instead of being able to chose
the one they like.
What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a
resource hog, or not open source?
Yes. Also, it costs a lot of money. You can get it from Red Hat,
though.
--
Tim
--------------------------------------------------------------
Date: Wed, 2 Dec 1998 00:34:46 +0100 (AMT)
From: Hans Nieuwenhuis, niha@ing.hj.se
I read your mail today in the Linux Gazette and decided to answer (or
try to) your questions.
Here it goes:
X-Windows is designed as a client-server system. Advantage is that you
can run the server on another machine then the machine your monitor is
connected to. Then you need a client. This can be a program or a
window manager. A window manager communicates with the server by
asking it to create a window. When the server fullfilled the requests
the windowmanager ads a nice titlebar to it and lets the application
create its interface. Basicly the window manager stand between the
server and the application, but that is not necessary. It is possible
to run an application on a X server without a window manager but the
only thing you are able to do is run that specific application, close
it and kill the X server.
A GUI is a Graphical User Interface, which means all of the
information presented on the screen is done by windows, menus, buttons
etc... Just like Windows. Also all the interaction, the interface is
based upon those windows and buttons. The main goal of a GUI is to
provide a uniform system of presenting windows and gathering
information. A good example in MS Windows is the Alt+F4 keystroke,
with this keystroke you can close any window on your screen. A window
manager can be part of this system. This is what happens with KDE and
CDE. They both feature their own window manager and then you are able
to bring this same uniformity to your desktop. Basicly what I see as a
desktop is the set of applications which are availeble on a certain
system. A uniform GUI can bring also features like drag and drop and
"point and shoot", associate applications to a certain filetype. One
question you ask about the awareness for GNOME or KDE, this means,
that a program that is designed for those environment is (or should
be) able to communicate with other programs that are designed for
those environments. This brings you for example drag and drop. Some
programs can indeed not run without the desktop environment for which
they are designed, but some can. For example I use KDE programs, but I
do not like their window manager so I use Window Maker, which is not
designed for use in the KDE environment, therefore I have to lack some
features.
The libraries: GTK+ and Qt (Troll, as you mentioned it) are toolkits.
What they basicly do is draw windows, buttons and menus. These are
tour Legos with which you build your interface. And yes, if you want
to run applications designed for a specif environment, say GNOME, you
need atleast the GNOME libaries, like GTK+ and a few others.
As I mentioned before, the client-server design of X-Windows gives the
user the flexibility to choose a window manager they like, but basicly
they do the same as the win95/98 system. Win95/98 limits you to one
look and feel (yeah you can change the color of your background, but
that is about it), but manages also windows. But it does not give the
user the freedom to experiment with other looks and feels. Most modern
window managers permits you to define other keybindings and such. And
if you don't like GNOME you can use KDE and vice versa (there are a
few others btw).
All I know about CDE is that it is based on the Motif toolkit (compare
GTK+ and Qt) and this toolkit is not free (better say GPLed software)
like GTK+. I think that is the main reason why it is not used very
much on Linux. But if it is a resource hog I do not know. Personally
the main reason why I will not use it is because it looks ugly :-)
Well that is about it, I hope this information is a bit usefull. If
you have questions, do not hesitate...
--
Hans Nieuwenhuis
--------------------------------------------------------------
Date: Sat, 05 Dec 1998 00:29:34 -0500
From: sottek, sottek@quiknet.com
I thought I would take the time to send you some information about the
questions you have posted on Linux Gazette. From your question I can
tell that even though you are new to Linux you have seen some of the
fundamental differences in the interface workings. I currently work
for Intel where I administrate Unix Cad tools, and am having to
explain these differences to management everyday... I think you will
understand far better than they do :)
1.Terminology: The differences (if any) among a GUI, a window
manager, a desktop, and an interface. How do they differ from X
windows?
X windows is a method by which things get drawn on your screen. All x
windows clients (the part drawing in front of you) have to know how to
respond to certain commands, like 'draw a green box', 'Draw a pixel'
allocate memory for client images... This in itself is NOT what you
think of as "Windows". All applications send these commands to your
client. This is done through tcp/ip, even if your application and your
client are both on the machine in front of you. This is VERY VERY
important. The #1 design flaw in MS Windows is the lack of this
network layer in the windows system. Every X application (any
window... xterm netscape xclock) looks at your "DISPLAY" environment
variable to find out who it should tell to draw itself. IF your
DISPLAY is set to computer1:0.0 and you are on computer2 and you type
'xterm' it will pop up on computer1's screen (Provided you have
permission) This is why on my computer at work I have windows open
from HP's RS6000's Sun's... Linux(when I'm sneeky) and they all work
just fine together.
2.Do all window managers (like GNOME or KDE or FVWM95) run on top
of X windows?
Well, yes. Given the above you should now know that X is the thing
that draws. Anything that needs to draw has to run "on" X.
BUT, we need to get a better understanding of the window manager
because I didn't tel you about that yet. In MS Windows when a program
hangs it sits on your screen until you can kill it. There is usually
no way to move it, or minimize it. This is design flaw #2 in windows.
Every MS Windows program has to have some code for the title bar,
close, maximize, and minimize buttons. This code is in shared libs so
you don't have to write it yourself but never the less it IS there. In
X windows the program knows nothing about its titlebar, or the buttons
on it. The program just keeps telling X to draw whatever it needs.
Another program, the window manager does those things (It 'Manages
windows') The window manager draws the title bars and the buttons. The
window manager also 'hides' a window from you when it is minimized and
replaces it with an icon. The program has NO say so in the matter.
This means that even is a program is totally locked up it can be
moved, minimized, and killed. (Sometimes not killed unless you window
manager is set to send a kill -9)
That being said here is the bad news. KDE and gnome and NOT window
managers. They do not draw title bars, allow you to resize windows and
stuff like that. They are just a program that does things like provide
a button bar (which some window managers do too) and the stuff like
telling programs how they should look.
3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
gnome aware applications do what I was just about to mention. They pay
attention to gnome when it tells them how to look and act. If gnome
says 'you should have a red background' they do it. Also there will be
some advanced things like an app can ask gnome if it can have a spell
checker and gnome can supply it with one (See CORBA stuff) KDE is the
same way minus the CORBA (I think)
4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
This is a hidden layer called widgets. It allows you do say 'draw a
button' rather than 'draw a box, draw an edge on that box so it looks
3d, put some text in that box, make sure this box looks for mouse
clicks, if a click happens remove that 3d stuff and put it back pretty
quick'. It would not be a good idea to try to program complex things
without a widget set.
5.How does the history of Linux (or UNIX) window managers compare
to that of say, the desktop given to Win98/95 users? How,
specifically, does Microsoft limit consumer's choices by giving
them just one kind of desktop, supposedly one designed for ease of
use?
I think you can get this from the other answers. really the limit
are...
1. You have to run the program on the same machine where you want to
see it.
2. You can't choose another window manager if you don't like the way
windows works.
3. No matter how configurable windows is, if there is just 1 thing
you need that it doesn't have built in , there is no way to get
it. With X you just use a different wm,desktop,widget set,
whatever.
6.What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a
resource hog, or not open source?
CDE what a thing driven by big Unix verdors for their own needs.
Things that start that way get re-invented to suit everyones needs,
hence Gnome and KDE.
Well, when I get going I can sure waste some time. I hope I haven't
taken up too much of you time with this. I'll leave you with just 1
thing.
I know hundreds of world class programmers, and administrators who are
gods on BOTH NT and Unix. I know not a single one who prefers NT. Keep
learning until you agree, I know you will.
--
SOTTEK
--------------------------------------------------------------
Date: Sat, 5 Dec 1998 09:48:43 -0600
From: Dustin Puryear, dpuryear@usa.net
desktop, and an interface. How do they differ from X windows?
X windows is what sits behind it all. More or less, it controls the
access to your hardware and provides the basic functionality that is
needed by the wm. The wm controls windows, and how the user interacts
with them. A desktop, such as KDE or GNOME, provides more services
than a wm. For instance, drag 'n drop is a feature of a desktop, not a
wm.
Do all window managers (like GNOME or KDE or FVWM95) run on top of
X windows?
Yes.
What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
They use the functions provided by GNOME or KDE, not just X.
What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
GTK+ and Qt (KDE) provide the basic foundation for the desktops. For
instance, Qt provides the code to actually create a ListBox (a list of
items a user can choose). KDE just uses this code to do it's thing.
Note that Qt can be used for console apps just as well as for X apps.
I'm not familiar with GTK+, so I can't comment.
What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a
resource hog, or not open source?
Well, Red Hat used CDE for a while (I think). However, they could not
actually fix anything with it since it's was closed source. They have
since moved to GNOME. However, there are some CDE clones out there.
--
Dustin
--------------------------------------------------------------
Date: Sat, 05 Dec 1998 19:45:34 +0000
From: "Richard J. Moore", moorer@cs.man.ac.uk
Hope this helps:
1.Terminology: The differences (if any) among a GUI, a window
manager, a desktop, and an interface. How do they differ from X
windows?
A GUI (Graphical User Interface) is a general term that refers to the
basic idea of using a graphical representation to communicate with the
user (as opposed to a text based interface such as the command line).
A window manager is an idea that is really specific to X windows. In X
windows the policy for how windows are arranged and controlled is
separated from the core system, the window manager is a special
program that does this. This allows people to choose a window manager
that has a policy that is good for them, and allows new window
managers to be created that have different policies. The window
manager draws window borders, minimise/maximise buttons etc. You can
mix and match window managers, but most GUI toolkits for UNIX will
provide one as standard.
A desktop is a metaphor used by many GUIs it is basically an attempt
to make computers fit in with the way people would work in an office.
The hope is that this will make it easy for people to operate the
system. The term is also used more generally to refer to a combination
of window manager, toolkit (the box of parts used by the programmers
of the system), and other 'standard' applications. If a set of tools
is referred to as a desktop, it generally means that it will provide
all of these things, and that they will be designed to work together
in an integrated fashion. An example would be KDE
(http://www.kde.org/).
An 'interface' is just an abbreviation for a user interface. This is
the view that a program presents to the user, and (for a graphical
user interface) is usually composed of widgets such as menus,
checkboxes, push buttons etc.
Finally X windows is a toolkit for actually getting all of the widgets
etc. onto your screen. It provides routines for drawing lines, circles
etc. and these are used to draw everything you see. X windows is a lot
more complicated and powerful than this really, but it would take a
book to explain why. If you want this level of detail then look at the
O'Reilly X windows programming series.
2.Do all window managers (like GNOME or KDE or FVWM95) run on top
of X windows?
Yes, though neither Gnome nor KDE is a window manager. Both of these
are complete desktops and though they provide window managers, there
is much more to them than just that. The window manager in KDE is
called kwm.
3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
It means the app will talk to the window manager to get support for
special features of that environment, and that it will use the
standard look and feel of the desktop. If the app is not compliant
then it should still work fine, but the special features will be
unavailable. The other situation is using a compliant app with a
nonstandard window manager, in this case too the app should work fine
(but some feature may be unavailable). It is possible for window
managers other than the standard ones to be compliant, for example
there is now a KDE-Compliant version of the BlackBox WM.
4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
They provide tools such as edit widgets, menus etc. in a form that
makes them easy to reuse. The library used by KDE (called Qt, see
http://www.troll.no/qt) is written in a language called C++ and also
provides tools for programmers such as routines for platform
independent access to files and directories etc. GTK+ is similar
though it has narrower scope and is written in C.
5.How does the history of Linux (or UNIX) window managers compare
to that of say, the desktop given to Win98/95 users?
Badly :-(
How, specifically, does Microsoft limit consumer's choices by
giving them just one kind of desktop, supposedly one designed for
ease of use?
They restrict the system to a single view which may not be the best
one for the job. Allowing people the choice means people can choose
the best for them, even if it is nonstandard. The downside of this is
that if everyone uses a different window manager then supporting and
managing the system becomes difficult. In between these two options is
the choice made by most UNIX toolkits - have a standard window window
manager, but allow people to use another if they want.
6.What's happening with Common Desktop Environment? Is it correct
that it's not widely adopted among Linux users because it's a
resource hog, or not open source?
CDE is based on Motif which is an old C toolkit that is (IMHO) looking
rather dated. Motif is very slow, and as you say is very resource
hungry. In the past linux versions have often been buggy, though this
situation may have improved. I found CDE itself to be quite poor, it
works fine if you spend all your time in a single application (such as
emacs), but using the drag and drop, and some of the built in tools
was generally problematic. IMHO It is unlikely to take off on linux
because it it pricey and of lower quality than the free alternatives.
--
Rich
_________________________________________________________________
Published in Linux Gazette Issue 36, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
This page maintained by the Editor of Linux Gazette, gazette@ssc.com
Copyright © 1999 Specialized Systems Consultants, Inc.
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
News Bytes
Contents:
* News in General
* Software Announcements
_________________________________________________________________
News in General
_________________________________________________________________
February 1999 Linux Journal
The February issue of Linux Journal will be hitting the newsstands
January 11. This issue focuses on Cutting Edge Linux with an article
on wearable computers by Dr. Steve Mann. Also, featured are articles
on COAS, Csound, VNC, KDE and GNOME. Check out the Table of Contents
at http://www.linuxjournal.com/issue58/index.html. To subscribe to
Linux Journal, go to http://www.linuxjournal.com/ljsubsorder.html.
_________________________________________________________________
Open Source Petition
Date: Sat, 05 Dec 1998 15:20:19 -0500
A petition has recently been launched asking the General Services
Administration of the US Government to evaluate Open Source software
(OSS) alongside commercial software whenever it buys or upgrades
computers. The goal of the petition, written by Prof. Clay Shirky and
sponsored by the Open Source Iniative and O'Reilly and Associates, and
hosted on www.e-thepeople.com, is to point out that OSS has reached a
level of quality, reliability and support that makes it competitive
with existing commercial products.
The ultimate hope is to get vendors of Open Source software included
in contract bids for Federal Government work.
If you are interested in this petition, there are three things you can
do:
* Sign it:
http://www.ethepeople.com/etp/affiliates/national/fullview.cfm?ETP
ID=0&PETID=74386&ETPDIR=affiliates/national/
* Post the press release URL on sites or in other forums whose
members might be interested in such a thing:
http://www.shirky.com/opensource/petition.html
* Pass this message on.
For more information:
Clay Shirky, clay@shirky.com
_________________________________________________________________
LinuxWorld Conference & Expo - March 1999
IDG World Expo, the world's leading producer of IT-focused conferences
and expositions, will produce LinuxWorld Conference & Expo, the first
international exposition addressing the business and technology issues
of the Linux operating environment.
Addressing the needs of both the Linux business and development
communities, LinuxWorld Conference and Expo, headed by Charles Greco,
President of IDG World Expo, features a high-level, technical
conference program led by industry luminaries offering advice and
solutions on the industry's fastest growing operating systems
technology. An exhibit floor highlighting leading service providers,
solutions integrators, and development organizations -- Pacific
HiTech, Enchanced Software, Linux Journal, Knock Software, and Oracle
among others -- will also include customized event areas such as
Start-up City, Developer Central and Developer Greenhouse, which will
spotlight the latest developments and emerging companies in the Linux
arena.
The first LinuxWorld Conference and Expo will be held March 1-4, 1999
in San Jose, California at the San Jose Convention Center. The target
audience includes Linux developers, Fortune 1000 business leaders,
enterprise managers, CIOs, service providers, system administrators,
software solution providers, computer consultants, and solutions
integrators.
Dr. Michael Cowpland, President and CEO, Corel Corporation, Mark
Jarvis, Senior Vice President of World Wide Marketing, Oracle and
Linus Torvalds, Creator of Linux, the open source operating system,
will be the featured keynote speakers on Tuesday, March 2. Keynotes
are open to all registered attendees.
For more information:
http://www.linuxworldexpo.com/
_________________________________________________________________
Debian Project Adopts a Constitution
December 14, 1998
The Debian Project adopted a constitution which can be viewed at
http://www.debian.org/devel/constitution/. The highlights of the
constitution include the creation of the Technical Committee, the
Project Leader postion, the Project Secretary position, Leader
Delegate positions and a voting proceedure. The constitution was
proposed in September 1998, and after a discussion period the vote
took place in December 1998. It was virtually unanimously in favor
with 86 valid votes.
The discussion about the constitution began in early 1998 and was
carried out on the Debian mailing lists. Most of the discussion can be
found in the archives of the debian-devel mailing list at
http://www.debian.org/Lists-Ar chives/. Details of the vote can be
found at http://www.debian.org/vote/19 99/vote_0000.
The constitution describes the organisational structure for formal
decisionmaking within the Debian Project. As Debian continues to grow,
this will be a valuable document to ensure that Debian continues to
evolve and grow with the input and contributions from its membership.
For more information:
http://www.debian.org/
_________________________________________________________________
Linux Links
Linux is the cover story of December Network Magazine:
http://www.networkmagazine.com/
Perl Web site at The Mining Co.: http://perl.miningco.com/
LinuxCAD review: http://pw2.netcom.com/~rwuest/linuxcadreview.html
Comdex and the Linux pavilion: http://marc.merlins.org/linux/comdex98/
Tea Party: http://marc.merlins.org/linux/teaparty/
The Internet an International Public Treasure: A Proposal:
http://firstmonday.dk/issues/issue3_10/hauben/index.html
Linux and Apple: http://www.techweb.com/wire/story/TWB19981215S0011
"The money's too good":
http://www.salonmagazine.com/21st/rose/1998/10/23straight.html
_________________________________________________________________
Software Announcements
_________________________________________________________________
Applix Adds Applixware for Linux On Compaq Alpha
Date: Fri, 4 Dec 1998 18:28:28 -0500
WESTBORO, Mass.--Dec. 1, 1998--Applix, Inc. announced today the
release of Applixware 4.4.1 for Linux running on COMPAQ's Alpha
processor.
Applixware includes Applix Words, Spreadsheets, Graphics, Presents,
HTML Author and Applix Data which provides database connectivity to
Oracle, Informix, Sybase and other Linux databases. Applix Builder, a
graphical, object oriented development tool with CORBA connectivity is
also included in the suite. Microsoft Office 97 document interchange
is provided through an Applix developed set of filters for Word, Excel
and PowerPoint.
For more information:
Applix, Inc., Richard Manly, rmanly@applix.com
http://linux.applixware.com/
_________________________________________________________________
NetBeans Announces Support for the Java Development Kit 1.2
New York, Java Business Expo, December 8, 1998 - NetBeans today
announced that its Java(tm) IDE, NetBeans DeveloperX2, supports and
runs on Sun Microsystems, Inc.'s Java Development Kit (JDK version
1.2). This latest release of the JDK provides a rich feature set of
new class libraries and tools, making it easier than ever for
developers to create portable, distributed, enterprise-class
applications. Sun's announcement of the availability of the next
version of the JDK was made today during the Java Business Expo in New
York. NetBeans Developer X2 2.1 (beta) supports JDK 1.2 and uses it
internally. It is available to NetBeans' Early Access Program
participants.
In addition to overall performance improvements, Sun's new version of
the JDK enhances the NetBeans IDE by offering features such as drag 'n
drop, Beans enhancements, collections, JDBC 2.0, and Swing 1.1. Among
other new features, NetBeans DeveloperX2 will utilize the new APIs for
grouping and manipulating objects of different types and for extending
server functionality. JDK 1.2 will also strengthen NetBeans users'
ability to design more user-friendly interfaces, process images,
address multilingual requirements, use stylized text, and print.
The final release of NetBeans DeveloperX2 2.1 will be available in
January, 1999. NetBeans Developer will also be available in a
concurrent version, which will continue to support JDK 1.1.x. NetBeans
Enterprise, a multi-user edition of the IDE due in Beta version in
January, 1999, will support JDK 1.2. The full release of this edition
of the IDE is due in Spring, '99.
For more information:
http://www.netbeans.com/
Helena Stolka, helena.stolka@netbeans.com
_________________________________________________________________
Zope Goes Open Source
Date: Sat, 5 Dec 1998 06:19:32 -0500 (EST)
Just in case you missed this in LWN, http://www.zope.org/ just went
online. It's a really nice product for developing web sites. The
company that created it gave a talk at the DCLUG meeting a few months
back. They dropped are strong Linux supporters. It's there principal
platform in house.
For more information:
http://www.zope.org/
_________________________________________________________________
KDE on Corel's Netwinder
Ottawa, Canada--November 25, 1998--
Corel Computer and the KDE project today announced a technology
relationship that will bring the K Desktop Environment (KDE), a
sophisticated graphical user environment for Linux and UNIX, to future
desktop versions of the NetWinder family of Linux-based thin-clients
and thin-servers. A graphical user interface is a necessary element
for Corel Computer to create a family of highly reliable, easy-to-use,
easy-to-manage desktop computers. The alliance between Corel Computer
and KDE, a non-commercial association of Open Source programmers,
provides NetWinder users a sophisticated front-end to Linux, a stable
and robust Unix-like operating system.
Corel Computer has shipped a number of NetWinder DM, or development
machines, to KDE developers who are helping to port the desktop
environment. Additionally, NetWinder.Org developers, Raffaele Saena
and John Olson, were responsible for championing development of KDE on
the NetWinder. Corel Computer plans to announce the availability of
desktop versions of the NetWinder running KDE beginning in early 1999.
Early demonstrations of the port, such as the one shown at the Open
Systems fair in Wiesbaden, Germany, in September, have been
enthusiastically received by potential customers.
Based on the Open Source model, Corel Computer is devoting internal
development resources to the improvement of the KDE project including
rigorous testing of the environment on the NetWinder. As a developing
partner, Corel Computer will release its work back to the KDE
development community.
For more information:
http://www.corelcomputer.com/
htt://www.kde.org/
_________________________________________________________________
New Perl Module Enables Application Developers to Use XML
Date: Wed, 25 Nov 1998 06:36:08 -0800 (PST)
Sebastopol, CA--Perl is the language operating behind the scenes of
most dynamic Web sites. XML (Extensible Markup Language) is emerging
as a core standard for Web development. Now a new Perl module (or
extension) known as XML::Parser allows Perl programmers building
applications to use XML, and provides an efficient, easy way to parse
(break down and process) XML document parts.
Perl is renowned for its superior text processing capabilities; XML is
text that contains markup tags and structures. Thus Perl's support for
XML offers a natural expansion of the capabilities of both.
XML::Parser is built upon a C library, expat, that is very fast and
robust. Perl, expat and XML::Parser are all Unicode-aware; that is,
they read encoding declarations and perform necessary conversions into
Unicode, a system for "the interchange, processing, and display of the
written texts of the diverse languages of the modern world"
(http://www.unicode.org/). Thus a single XML document written in Perl
can now contain Greek, Hebrew, Chinese and Russian in their proper
scripts. Expat was authored by James Clark, a highly respected leader
in the SGML/XML community.
For more information:
http://www.perl.com/
http://www.oreilly.com/
http://perl.oreilly.com/
_________________________________________________________________
QLM for IT Reduces Cost & Guarantees Certainty of Application Development
Newton, Mass., December 9, 1998 - Kalman Saffran Associates, Inc.
(KSA), a leading developer of state-of-the-art products and complex IT
systems for data communications, telecommunications, financial, and
interactive/CATV industries, today announced the availability of its
new Quantum Leap Methodology (QLM(tm) ) for IT. QLM for IT is an
innovative process for information technology organizations looking to
decrease expense and speed application development. Using QLM for IT,
KSA increases productivity and certainty by pre-empting the mistakes
that have historically created barriers to IT project success.
Successful application of QLM for IT allows upper management to
refocus on strategic planning and IT objectives, and away from budget
and schedule overruns. At the same time the methodology sharpens an
organization's focus on assessment, implementation, verification,
customization and quantification. This approach allows KSA to
guarantee speedy results and high quality.
The QLM for IT offering is available starting at $20,000. Companies
interested in QLM for IT analysis and recommendations or learning more
about KSA's comprehensive training program should call 1.888.597.9284
For more information:
kalsaf@email.msn.com
_________________________________________________________________
Spectra Logic Announces Alex 4.50, Has Linux Support
BOULDER, Colo., Dec. 15, 1998 - Spectra Logic Corp. today announced
the availability of Version 4.50 of its award winning Alexandria
Backup and Archival Librarian software. Alexandria 4.50 adds a number
of significant new features to provide users with greater
functionality, reliability, and ease-of-use for backup and recovery of
large distributed databases and data center applications.
Alexandria 4.50 has been ported to Red Hat and Slackware Linux OSes,
and additional ports are being developed for Linux OSes from SuSE,
Caldera, and TurboLinux. Alexandria Linux support is available on the
Red Hat distribution CD or from Spectra Logic's website at
www.spectralogic.com/linux/index.htm
http://www.spectralogic.com/linux/index.htm.
For more information:
http://www.spectralogic.com/
_________________________________________________________________
WebMaker
Date: Thu, 10 Dec 1998 21:22:25 GMT
WebMaker, an HTML Editor for UNIX, version 0.6 is out now. (Copyright
- GPL)
Main features:
* nice GUI interface;
* menus, toolbar and dialogs for tag editing - like HomeSite and
asWedit;
* HTML 4.0 support;
* preview for <IMG> tag (see screenshot);
* color selectors for bgcolor and other color attributes;
* color syntax highlighting;
* preview with external browser (Netscape);
* ability to filter editor content through any external program that
support stdin/stdout interface;
* KDE integration.
For more information:
http://www.services.ru/linux/webmaker/
_________________________________________________________________
Published in Linux Gazette Issue 36, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
This page written and maintained by the Editor of Linux Gazette,
gazette@ssc.com
Copyright © 1999 Specialized Systems Consultants, Inc.
"The Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
(?) The Answer Guy (!)
By James T. Dennis, linux-questions-only@ssc.com
Starshine Technical Services, http://www.starshine.org/
_________________________________________________________________
Contents:
(!)Greetings From Jim Dennis
(?)Routing and Subnetting 101
(?)No STREAMS Error while Installing Netware for Linux
(?)More than 8 loopfs Mounts?
(?)eql dual line ppp --or--
EQL Serial Line "Load Balancing"
(?)who to report gcc bug to? --or--
Where to Report Bugs and Send Patches
(?)RedHat Linux (5.1) and Brand X --or--
How to "get into" an Linux system from a Microsoft client
(?)Linux File System recommendations --or--
Where to Put New and Supplemental Packages
(?)Your book --or--
Book: Linux Systems Administration
(?)FTP Site... --or--
'ls' Doesn't work for FTP Site
(?)very general process question --or--
An Anthropologist Asks About the Linux "Process"
(?)Locating AV Research --or--
Looking for a Hardware Vendor: In all the Wrong Places
(?)question for answerguy --or--
Letting Those Transfers Run Unattended
(?)where can i find information about LOFS, TFS --or--
Translucent, Overlay, Loop, and Union Filesystems
(?)Modem dial out
(?)Linux Gazette --or--
Mea Culpea
(?)PAM & chroot (fwd) --or--
'chroot()' Jails or Cardboard Boxes
(?)The Linux Swap File --or--
Swap file on a RAM Disk
(?)RedHat Linux (5.1) and Brand X --or--
How to "get into" an Linux system from a Microsoft client
(?)Dynamic IP Address Publishing Hack
(?)Why 40-second delay in sending mail to SMTP server?
(?)how to install two ethernet cards for proxy server for red hat
linux --or--
Linux as Router and Proxy Server: HOWTO?
(?)ey answer guy! answer this! --or--
PostScript to GIF
(?)troubleshooting
(?)More on: "Remote Login as root"
(?)Thank You --or--
Kudos
(?)Question --or--
Linux Support for Intel Pentium II Xeon CPU's and Chipsets
(?)isp --or--
Linux Friendly ISP's: SF Bay Area
(?)Hello I need some help --or--
Eight Character login Name Limit
(?)Locked Out of His Mailserver
(?)Changing the color depth for your x-server? --or--
Changing the X Server's Default Color Depth
(?)Num Lock and X apps --or--
NumLock and X Problems
(?)NE2000 "clones" --- not "cloney" enough! --or--
Expansion on NE-2000 Cards: Some PCI models "okay"
(?)MySql --or--
Finding info on MySqL?
(?)read please very important --or--
Spying: (AOL Instant Messenger or ICQ): No Joy!
(?)Tuning monitors for use with X --or--
Fraser Valley LUG's Monitor DB
(?)chattr =u and then what? --or--
ext2fs "Undeletable" Attribute
(?)How to Install Linux on an RS6000?
(?)Real PS Printing --or--
Advanced Printer Support: 800x600 dpi + 11x17" Paper
(?)TAG suggestions
(?)password change --or--
CGI Driven Password Changes
(?)ifconfig reports TX errors on v2.1.x kernels
(?)Trident 9685 tv --or--
Support for Trident Video/Television Adapter
(?)Looking for info on BIOS setup --or--
Plug and Pray Problems
(?)Mount linux drives from win9x/nt? password encryption seems to be a
problem... --or--
Sharing/Exporting Linux Directories to Windows '9x/NT
(?)Mail processing
(?)Printing question --or--
Extra Formfeed from Windows '95
(?)Root password --or--
Can't Login in as Root
(?)Alternate root-password recovery option --or--
Alternative Method for Recovering from Root Password Loss
(?)Journal File Support and Tarantella? --or--
SCOldies Bragging Rights
(?)Remote tape access, using local CPU --or--
Application Direct Access to Remote Tape Drive
(?)Mounting CD Drives from SoundCard --or--
Mounting multiple CD's
(?)Re: leafnode-1.7 -- news server for small sites --or--
More on Multi-Feed Netnews (leafnode)
(?)rsh config --or--
Getting 'rsh' to work
(?)update on your answer - netware clients --or--
Linux as a Netware Client
(?)LILO Default
(?)uninstall help --or--
Uninstalling Linux
(?)Compiling kernel --or--
Making a Kernel Requires 'make'
(?)memory usage --or--
Using only 64Mb out of 128Mb Available
(?)Manipulating Clusters on a Floppy ...
(?)Setting up ircd
(?)Sendmail on private net with UUCP link to Internet
(?)Linux in general --or--
Complaint Department:
(?)A Dual Modem configuration... how do I get it to work? --or--
eql Not Working
(?)HELP: fetchmail dies after RH 5.2 upgrade --or--
Upgrade Kills Name Server
(?)Question (what else?) --or--
MS Applications Support For Linux
(?)Linux as a Home Internet Gateway and Server
(?)lilo --or--
Persistent Boot Sector
(?)preference=20 --or--
Secondary MX Records: How and Why
(?)LPD forks and hangs/Linux --or--
'lpd' Bug: "restricted service" option; Hangs Printer Daemon
(?)Dual booting NT or Win9x with Linux (Red Hat 5.2) --or--
Dual Boot Configurations
(?)Can you give me a Suggestion?/ --or--
Microtek Scanner Support: Alejandro's Tale
(?)Offer to make available Winmodem interface spec --or--
Modem HOWTO Author Gets Offer RE: WinModems
(?)I do know i am boring (ma windows fa veramente cagare) --or--
Condolences to Another Victim of the "LoseModem" Conspiracy
(?)Kai Makisara: Re: audio-DAT on SCSI streamer? --or--
More on: Reading Audio Tapes using HP-DAT Drive
(?)Just a sugestion... --or--
Best of Answer Guy: A Volunteer?
(?)more on keybindings --or--
termcap/terminfo Oddities to Remotely Run SCO App
(?)Arabic? --or--
Arabic BiDi Support for Linux
(?)Updates: Risks and rewards --or--
Automated Updates
(?)Liam Greenwood: Your XDM question
(?)rsh on 2.0.34 --or--
'rsh' as 'root' Denied
____________________________________________________
(!) Greetings from Jim Dennis
Happy New Year everybody. I would say more, but I think I've said
enough for this month...
____________________________________________________
(?) Routing and Subnetting 101
From pashah on Wed, 18 Nov 1998 on the L.U.S.T List
Hullo list,
what is the way to devide a net into subnets according to bits
bourder?
(!) This is a very large subject --- and your question isn't
sufficiently detailed to offer much of a clue as to how much
background you really need.
However, I'm writing a book on Linux Systems Administration, and I
have to put some discussion of this somewhere in around chapter 12,
so I might as well try here.
"subnetting" is a means of dividing a block of IP addresses into
separately routable groups. If you are assigned a class C address
block (255 addresses) it often makes sense to subnet those in some
way that's appropriate to your LAN layout.
(!) [Paul Anderson] Also known as a /24, IIRC. TTYL!
Paul Anderson - Self-employed Megalomaniac
Member of the Sarnia Linux User's Group http://www.sar-net.com/slug
For example you might split the block (lets say it's 192.168.200.*)
into two subnets of 126 hosts each. We might assign half of them to
an "external" or "perimeter" segment (an ethernet segment that
contains all of our Internet visible hosts) while we assign the
other addresses to our "internal" LAN.
(Actually there are better ways to do that --- where we use
"private net" (RFC1918) addresses on all of our internal LAN's ---
and masquerading and/or proxying for all Internet access and
internetwork routing. However, we'll ignore those methods for now).
To do this we use a "netmask" option on the 'ifconfig' commands for
each of the interfaces on our network. We'll have to put a router
between our two segments. Conventionally primary routers are
assigned the first available address on their subnets. So we'd
assume that we're using a Linux system with two ethernet cards as
our router. This would use the following commands to configure
those two addresses:
ifconfig eth0 192.168.200.1 \
netmask 255.255.255.128 \
broadcast 192.168.200.127
ifconfig eth1 192.168.200.129 \
netmask 255.255.255.128 \
broadcast 192.168.200.255
... note that the 129 address in our original block becomes the
first address in our upper subnet. We have subnetted into two
blocks. (None of this makes sense unless you look at these numbers
in binary).
For this to work we'll also have to configure corresponding routes.
In the 2.0 kernels and earlier it is/was necessary to do this as a
separate operation. In the 2.1 kernel a route is automatically
added for each 'ifconfig' command. For our example the routes would
look like:
route add -net 192.168.200.0 eth0
route add -net 192.168.200.120 eth1
... I'm assuming, in this case, that we also have an ISP that has
assigned this address block. Actually my examples are using
addresses from RFC1918, these are reserved for "private" or
"non-Internet" use --- and would never actually be issued by an
ISP. However, they'll serve for our purposes. Let's assume that you
had a simple PPP link to your ISP (or to some external ISDN, xDSL,
CSU/DSU or other ISP provided device which is your connection point
to them). They might have assigned one of their addresses to your
border router, or they might expect that you'll assign your .1
address to it. Somewhere on their end they'll have a route that
looks something like:
route add -net 192.168.200.0 gw 192.168.200.1
This says that your router (.1) is the gateway (gw) for that
network (192.168.200.*). Note that their netmask for you is
255.255.255.0 --- their's differs from your idea of your netmask.
That's because your router will handle the routing internal to your
LAN.
It might be the case that you have to assign your .1 address to
your ppp0 interface, and perhaps your .2 address to eth0. That
won't affect any of what I've said so far (other than the one digit
in one of our 'ifconfig' commands). All of our routes are the same.
In any event we'll want a default route to be active on our router
anytime our connection to the Internet is up. The hosts on either
of our subnets can all declare our router as their default route.
Thus all of the hosts on the 192.168.200 subnet (2 through 126) can
use a command like:
route add default gw 102.168.200.1
... while all of the hosts on our upper subnet (192.168.200.128 ---
129 through 254) would use:
route add default gw 102.168.200.1
Note that we can't use hosts numbered ...127 and ...255 in this
example. For each subnet we create we "lose" two IP addresses. One
is for the "network number" (offset zero from our subnet) and the
other is for the broadcast address (the last offset from our
network number for our subnet).
We can have routes to gateways other than our "default." For
example if I had a more complicated internetwork with a set of
machines with addresses of the form 172.16.*.* (another RFC1918
reserved block) I could use a command like:
route add -net 172.16.0.0 gw 192.168.200.5
... to declare my local system (....5) as the gateway to that whole
block of Class B addresses. Locally I don't care how the 172.16.*.*
addresses are subnetted on their end. I just send all of their
packets to their routers and those routers figure out the details.
Of course if our .1/.129 router (from our earlier examples) has
this route, than all of our other client systems on both
192.168.200 subnets could just use their default route. This might
result in an extra hope for the systems on the 192.168.200.0 lower
network (one to the .1 router, and another from there to the .5
router). However, it does centralize the administration of our
locate routing tables.
All of the routing that I've been describing is "static" (I've
using the 'route' command to establish all of the routes). Another
option for larger and more complicated networks is to use a dynamic
routing protocol, such as RIP. To do that, we have to run the
'routed' or (better) the 'gated' command on each of our routers.
In a typical leaf site (a LAN with only one router, therefore only
one route in or out) we only run 'routed' or 'gated' on the router.
All nonlocal traffic has to go to that one router anyway. In many
cases we want our routers to be "quiet" (to listen to our routes,
but not advertise any of their own). There are options to the
'routed' and 'gated' commands to do this. As you get into the
intricacies of routing in larger environments, and of dynamically
maintaining routes (like ISP's must do for their customers) you
enter into some pretty specialized and rarefied territory (and will
fly past my level of expertise).
Routing on the Internet is currently managed through the BGP4
protocols, as implemented in 'gated' and various dedicated router
products like Cisco's IOS.
More about ' gated 'can be found at the Merit site:
http://www.gated.merit.edu/~gated
In order to participate in routing on the Internet (to be a first
tier ISP like UUNet, PSInet, etc) or to be a truly "multi-homed"
site (to optimally use feeds from multiple ISP's concurrently)
you'd have get an AS (autonomous systems) number and "peer" with
your ISP's. Because any mistake on your part can propaget bogus
routes to your peers --- which can cause considerable disruption
across the net --- this is all way beyond the typical network
administrator.
* (I'm told that the routing infrastructure
has been tightened up quite a bit in the last of years. Some of the
great Internet "blackouts" from '96 and '97 were caused by
erroneous route propations across the backbone peers. So now most
of these sites have configured their routers to only accept
appropriate routes from each peer.)
The subnet I've been describing is a "1-bit" subnet. That is that
we're only masking off one extra bit from the default for our
addressing class. In other words, the default mask for a Class C
network block is 255.255.255.0 --- which is a decimal
representation of a 32-bit field where the first 24 bits are set to
"1" our subnet mask, represented in binary, would have the first 25
bits set. The next legal subnet would have the first 26 bits set
(which divides a Class C into four subnets of 62 hosts each).
Beyond that we can subnet to 27 bits (eight subnets of 30 hosts
each), 28 bits (16 subnets of 14 hosts each), 29 bits (32 subnets
of 6 each) and even 30 bits (64 subnets of 2 each).
So far as I know a 31 bit mask is useless. A 32 bit mask defines a
point-to-point route.
Ultimately all these masks and subnets are used for all routing
decisions. In a typical host with only one interface the subnet
mask is used only to distinguish between "local" and "non-local"
addresses.
For any destination IP address the host "masks off" the trailing
bits, and then compares the result to the "masked off" versions of
each local interface address. If the the masks match then the
address is local, and the kernel (or other routing code) looks for
a MAC (media access control) or lower level (framing) address. If
one isn't found an ARP (address resolution protocol) transaction is
performed where the host broadcasts a message to the local LAN to
ask where it should set a locally destined packet.
If you have a bad subnet set on a host one of two things can
happen. It might be unable to communicate with the hosts on any
other subnets (it thinks those are local addresses and tries to do
ARP's to find them --- then it figures they must be down since
there's now response to the ARP requests). It might also send
locally destined packets to the router (which should bounce them
back to the local net --- if the router is properly configured). Of
course that might only work if the bad subnet mask doesn't
interfere with the host's ability to get packets to it's
gateway/router. Obviously it's better to have your subnet masks
properly defined throughout.
If the address isn't local to any interface than the routing code
searches through its list of routes to look for the "most specific"
or "best" match. If there is a default route (pointing to a
gateway) then anything with no other match will get sent to that.
Obviously one of the constraints posed by this classic routing and
subnetting model is that you can only subnet to a few even sized
blocks. We can't define one block of 14 or 30 addresses (for our
perimeter net) have all of the rest routed to our larger internal
LAN segment. Actually it is possible, with some equipment, to do
this. That's called "variable length subnetting" or VLSN sometimes
called VLSM's for VLS "masks").
RIP and the other old routing protocols (EGP, IGRP, etc) don't
support VLSN (from what I've read in the Cisco FAQ). However, the
modern OSPF, BGP4, and EIGRP protocols do. Each routing table entry
has it's own independent mask or "prefix" number.
It appears that Linux can handle VLSN by simply over-riding the
netmask for a given network when defining static routes. Presumably
packages like 'gated' can also provide the appropriate arguments
when updating the kernel's routing table, so long as the route
exchange protocol can provide it with the requisite extra
information.
Thus, going back to our example, you might configure your
192.168.200 network into a block of 30 addresses for the perimeter
network (one eth0 in our example) and put the rest unto the
interior net (using eth0). I'm just guesing here --- since I
haven't actually done this, but I guess that you'd define the
netmasks in the ifconfig command to be "255.255.255.0" (24 bit),
while over-riding it in the routes with commands like:
route add -net 192.168.200.0 \
netmask 255.255.255.224 eth0
route add -net 192.168.200.0 \
netmask 255.255.255.0 eth1
At a glance this would appear to be ambiguous. There would seem to
be two possible routes for some addresses. However, the routing
rules handle it just find. One of the masks is longer than the
other --- and the "most specific" (longest mask) wins.
That's why we can have a host route (one without the "-net" option)
that over-rides any of our network routes. (It's mask is 32 bits
long). Note: although I've shown these in order, most specific
towards least so --- it shouldn't matter what order you add the
routes in.
It's also possible for us to have these two subnets separated from
one another by intervening networks. I should be able to define a
gateway to a subnet with a command like:
route add -net 192.168.200.0 \
netmask 255.255.255.0 gw 172.17.2.1
... where 172.17.2.1 is some host, somewhere, to which I do have a
valid route.
In any event I did hit Yahoo! to try and confirm that Linux
supports VLSN's. I found a message from a frustrated network
manager who had prototyped a whole network, testing it with Linux
and depending on VLSN support --- and then finding that Solaris 2.5
didn't support them. (That was in early '97 --- allegedly 2.6 has
added this support and presumably the new Solaris 7 also supports
them). I also know that the route commands will actually add
entries to your routing table (I created some bogus routes on
another VC while I was writing this). However, I don't have time to
set up a proper experiment to prove the point. It appears that
Linux has supported VLSN's for some time.
Throughout this message I've talked about "classes" of addresses.
These were classic categories into which IPv4 addresses are cast
which define the default netmasks and addressing blocks for them.
For example 10.*.*.* is a Class A network. (In fact it is the one
Class A address block that is reserved for private network use in
RFC1918 et al). 56.*.*.* is the Class A network assigned to the
United States Postal Service, and 17.*.*.* is reserved for Apple
Computing Inc. However, these classes are being phased out of the
Internet routing infrastructure through a process called
"supernetting" or CIDR (classless Internet domain routing). Support
for VLSN is a requirement for CIDR. (That's a matter for your ISP
or your ISP's NAP -- network access point --- to worry about).
In the old days if you got a block of addresses and you changed
ISP's you'd take your addresses with you. You new ISP would add
your block of addresses to his routing tables and propagate this
route to his peers and so on through the Internet routing chain.
The problem was that this isn't scaleable. The routing tables were
getting so big that the first tier routers couldn't handle them.
So we started using CIDR. CIDR block is a large chunk of addresses
(32 Class C's minimum). These are given to NAP's and ISP's, and a
single route, for the whole block, is added to the top level
routers. The ISP then subnets those and handles the routing
locally. Although addresses are now routed in a "classless" manner
--- we still talk about the addressing classes in networking
discussions. It's convenient, though sometimes not technically
precise.
The main implication of this for most of us is that you don't get
"take your addresses with you" if you change ISP's. You can keep
your domain name, of course. That's completely independent of the
routing. (Theoretically it's always been possible to have a block
of addresses with no associated DNS at all. I don't know anyone
that does that --- but there isn't any rule against it).
I said earlier that the "better" solution to your internal network
addressing is to use private network addresses (per RFC1918) and
use IP masquerading, NAT (network address translation) or
applications level proxies at your borders for all of your client
Internet access.
In this model you only assign "real" IP addresses to your publicly
accessible servers.
This is "better" for several reasons. First, you conserve
addresses. You can have thousands of hosts on your network and they
can all access the Internet using only one or a few "real" IP
addresses.
This is particularly handy these days since ISP's (feeling a bit of
an addressing crunch themselves) often charge premium rates for
larger subnets. In the "old days" you got a Class C or larger
address block for any dedicated Internet connection that you
established. Now you usually get a subnet. For the xDSL line I just
got into my office/home I got a subnet of 30 addresses
(255.255.255.224, or 27 bits for the netmask).
So, you can use 192.168.x.* addresses for all/most of your clients
and reserve your "real" IP's for your router, and your mail, web,
FTP, DNS, proxy and other servers (including any old-fashioned
virtual web hosting; newer HTTP 1.1 style web hosting doesn't
require an extra IP address and IP aliasing but "virtual hosting"
for most other protocols and services does).
If you're really ambitous you could probably configure a server
with 'ipportfw' and/or 'ipautofw' (or 'ipmasqadm') to redirect each
service on this list through a masquerade to its own dedicated
server(s). I've heard that there's even a "load balancing" patch to
one of these port forwarders. That would conserve more addresses by
making one system appear to be running many services --- while
allowing you to isolate those services on their own systems for
security or load management reasons.
Another advantage of this model is that you can change ISP's more
readily. For any network of more than about five IP hosts, address
renumbering is difficult and expensive. You want to avoid it. Of
course you can use DHCP to make that easier --- but then you have
to carry around your DHCP infrasture, and you can only imagine the
disruption that this might still cause for your internal servers.
I've known companies that were very unhappy with their ISP but not
quite mad enough to shutdown their network for a week to renumber
(large novice userbase, small IS staff, mostly Windows clients ---
it's a real concern).
Yet another advantage relates to your network security. It is
easier to enforce your network policies and protect your internal
systems if you prevent direct routing into your internal LAN. It is
much easier to ensure that a few machines (your routers, proxy
servers, and publicly accessible hosts) are secure from known
attacks (source routing, "ping of death" and various things like
nestea, boink, land/latierra, etc) than to apply those patches to
every host on your network. (Indeed in many cases it is not
possible to apply necessary patches to some of those hosts because
they are running proprietary, or "closed source" operating systems
--- and you have to wait for your vendor to make correct patches or
"service packs" available).
It is folly to think that no new attacks of this sort will be
discovered. It is also usually futile to have an unenforced policy
that no insecure services be allowed on internal systems.
So you should use IP masquerading and/or applications proxying for
most hosts on most networks. Of course you can use "real" IP
addresses and still "hide" them behind a firewall (any combination
of packet filters, and proxying can be called a 'firewall').
However, there's no reason (at that point) to do so.
It should be noted that use of masquerading and/or proxying will
not inherently improve your security overall security. These are
not a panacea. If an attacker can gain sufficient access to any of
the hosts that do have a valid route into your internal LAN (such
as the interior routers and/or proxy hosts) or trick any such
system into routing packets for them (with source routing, for
example) or embed hostile code into any of the data streams that
will be executed by any of your systems ... if they can do any of
that then the firewall will just be a minor nuisance to their other
mischief.
Indeed using masquerading and proxying is a bit of a nuisance. It's
an extra step in configuring your systems, and you'll probably
still occasionally bump into some new or obscure protocol that
can't be easily proxied or masqueraded. Luckily, as the number of
sites that must use firewalls increases (the percentage of
"directly routable clients" decreases) the programmers and groups
that design these protocols and tools becomes more aware of the
problem and less likely to implement them in problematic ways.
One aspect of this that is a bit confusing is that you can put
multiple subnets and IP address blocks on a single ethernet
segment.
For example, a few years ago I was the admin of a large site which
had established permanent connections to three ISP's. They had not
yet applied for an AS number and were not "peering" with those
ISP's. So they were assigning addresses to different groups of
computers from all three ISP's (about eight different Class C
addresses). However, they used a VLAN architecture internally.
(That --- and the fact that they were using direct routing to
clients --- was counter to my recommendations; but I was just a
lowly "junior" netadmin, so they didn't listen, until much later
--- after I'd left).
So they had a flat internal topology and some routing problems
(their senior netadmin didn't know how to trick the Ciscos into
this using static routes and we didn't use IP RIP or anything like
internally). I used IP aliases on a Linux box and defined the
static routes there. Under current versions of Linux you can use IP
aliases in your route commands:
ifconfig eth0 192.168.200.1 \
netmask 255.255.255.0
ifconfig eth0:1 192.168.100.1 \
netmask 255.255.255.0
route add -net 192.168.200.0 eth0
route add -net 192.168.100.0 eth0:1
... here I've route the 200 net to eth0, the 100 net to eth0:1 (a
"sub-interface" or IP alias), and added routes to each.
Under the newer (2.1.x) kernels this works a little differently ---
you just use the device name without the aliasing suffix in the
route command. In other words the ifconfig commands would the be
same, the first route command would be unecessary (its added
automatically) and the second route command would just refer to
eth0 --- not eth0:1.
This may look a bit odd. (It certainly did to me at the time). You
clients on the 100 network are sending their 200-net destined
packets to this host which is then resending them over the same LAN
segments back to destinations on the 200 net and vice versa. I
still think its a stupid way to do it --- but it worked. I
personally think that VLAN's are a bad idea --- and they seem to
have been a kludge to deal with overgrown clusters of
NetBIOS/NetBEUI (MS Windows) boxes that were too braindead to talk
IP.
One thing I haven't covered in this (extremely long) discussion is
"proxyarp." This is a technique to allow one system to accept IP
packets for other systems without changing the subnet masks and/or
routes for the rest of the segment. It's most often used with PPP
or SLIP dial-up lines --- though I've seen examples posted to
newsgroups that were done between ethernet segments.
Basically, the proxyarp host will respond to ARP requests IP
addresses that are not assigned to any of it's interfaces, and. The
proxyarp host needs a valid route to the proxied IP address --- but
other systems will consider it to be a "local" address (local to
their LAN segment). Obviously the address to be proxied must be
valid for one of the subnet masks on the "local side."
I'm sure this is all very confusing. So I'll give a simple example:
I might have a host on 192.168.200 net with its own address of
192.168.200.13 (eth0). I might also have a system connected to that
system's ppp0 port --- and that might be configured to use
192.168.200.44. When any of the systems on my LAN (eth0) have
packets for 192.168.200.44 (which is local to them according to
their subnet masks and routing tables) they perform an ARP (or
search their ARP cache, of cours). My system (listening on
192.168.200.13) responds with its ethernet MAC address. So the
localhost hosts and routers send those packets to me. (So far as
they are concerned that's just another IP alias of mine).
When I (.13) get this packet I find that it is NOT an alias of
mine, but I have a valid route to it (over my ppp0 interface) so I
forward it. The .44 system presumably has it's ppp0 interface
configured as the default route and certainly has 192.168.200.0
routed to it's ppp0 --- so any packets to my (.13's) ethernet LAN
get routed, too. Note that I (the .13 host) don't have to publish
routes to .44. The routers and other hosts on the 200 LAN don't
know or care whether I really am .44 --- just that IP packets for
.44 can be encapsulated in data frames addressed to my ethernet
card, where I'll deal with them as though it were my address (so
far as they know).
I realize it's a bit confusing. I've probably over-simplified in a
few areas and probably gotten some of this completely wrong
(corrections gratefully accepted). However, that's the basics of
routing and subnetting.
One of these days I really should read Comer's "Internetworking
With Tcp/Ip : Principles, Protocols, and Architecture Vol 1" which
I've heard is essentially the TCP/IP bible. However, I've had
Christian Huitema's "Routing in the Internet" (a 300 page text book
on routing) sitting next to my desk for about a year --- and
Comer's book is much larger and not to hand.
So, in answer to your original question:
You divide a group of systems into subnets by assigning them
addresses that lie within valid groupings of your address blocks,
and creating routes to those blocks. Most of this is done with the
'ifconfig' command's "netmask" option and with appropriate 'route'
commands (if you're using static routes).
(Any other readers want to tell me how 'routed' and 'gated' get
their routes? I guess that you still add static routes for your
local nets and the local daemon picks them up and
publishes/propagates them via broadcasts and their own router
discovery mechanisms).
____________________________
(?) Subnetting and Routing 101 (continued)
Some examples and tables
From Pavel Plankov on Fri, 20 Nov 1998 L.U.S.T List
(?) Thank you, that was very informative, but could you be more
specific about "masking off" For example I have a 62.200.34 net, how
can I subnet it?
...the only thing I am sure about is that 62.200.34.0/24 - is the C
subnet. the quote at the bottom sounds rather vague %)
(!) The subnet I've been describing is a "1-bit" subnet. That is
that we're only masking off one extra bit from the default for our
addressing class. In other words, the default mask for a Class C
network block is 255.255.255.0 --- which is a decimal
representation of a 32-bit field where the first 24 bits are set to
"1" our subnet mask, represented in binary, would have the first 25
bits set. The next legal subnet would have the first 26 bits set
(which divides a Class C into four subnets of 62 hosts each).
Beyond that we can subnet to 27 bits (eight subnets of 30 hosts
each), 28 bits (16 subnets of 14 hosts each), 29 bits (32 subnets
of 6 each) and even 30 bits (64 subnets of 2 each).
Any Class C (or 8 bit network) can be subnet into the following
combinations:
1 subnetwork of 254 hosts (255.255.255.0)/24
2 subnetworks of 126 hosts each (255.255.255.128)/25
4 subnetworks of 62 hosts each (255.255.255.192)/26
8 subnetworks of 30 hosts each (255.255.255.224)/27
16 subnetworks of 14 hosts each (255.255.255.240)/28
32 subnetworks of 6 hosts each (255.255.255.248)/29
64 subnetworks of 2 hosts each (255.255.255.252)/30
... or (from what I gather) it can be treated as a set of 254
separate point-to-point links. A subnet consisting of a network
number and a broadcast address is absurd -- so we don't have "128
nets of 0 hosts each" with a mask ending it 254).
Notice that I've specified the netmask and the number of network
bits in the last column of this table.
So. Let's say I didn't have this table. (I didn't when I started
this message). So I want to find all of the valid netmasks on an
eight bit network. I start the 'bc' command (big calculator ---
it's a multi-precision "calculations shell" and scripting language
that's included with most versions of Unix and Linux). I issue the
following commands:
ibase=2
10000000
11000000
11100000
11110000
11111000
11111100
This sets the input base to 2 (binary), leaving the output base at
the default (decimal). Then, entering each of these binary numbers
(note that this is every combination of 8 bits with anywhere from
one to six leading one's and a corresponding number of trailing
zeros. All (modern) legal netmasks have this property. As each of
these numbers is entered, 'bc' spits out the decimal equivalent:
128 192 224 240 248 252
... which matches my table -- these are the valid ways to subnet on
8 bits. (Actually I memorized those along time ago --- but
hopefully this makes it clear where they came from).
For "classic" subnetting, you pick any one of these entries. You
then divide your network that number of segments (2, 4, 8, etc)
with up to the corresponding hosts per segment (126, 62, 30, etc),
and you use the corresponding netmask in the 'ifconfig' commands
for all hosts on that network. 'route add -net' commands will
default to following the chosen netmask.
VSLN (variable length subnetting) is a little more confusing, so we
won't cover it at this point.
Given that we've chosen a subnetting paradigm (one line from this
table) we now have to figure out what the valid network number,
broadcast addresses, and range of host IP addresses are within each
subnet.
We could have a table for each of these. This would take too much
space (actually it's about 128 lines long plus headers, etc). So,
I'll give an example of the .224 netmask used to created 8 subnets.
For all of these the netmask would be 255.255.255.224 (as listed in
our previous table). The three prefix octets would be same in all
cases (62.200.34 in your example).
Here's our networks:
8 subnetworks of 30 hosts each (255.255.255.224)
net# broadcast Hosts: low high
0 31 1 30
32 63 33 62
64 95 65 94
96 127 97 126
128 159 129 158
160 191 161 190
192 223 193 222
224 255 225 254
... I think I got all those right (I just made up that table). It
should be fairly obvious that the networks begin every 32 IP's
between 0 and 256. The rest of the table is constructed by adding
or subtracting one from the current or next network number or the
by subtracting one from the broacast address.
The lowest permitted host number in every subnet is that network's
number plus one.
The broadcast address for any subnet is the network number of the
NEXT network minus one.
The highest allowed host address on a subnet is the broadcast
number minus one.
So, your fourth subnet on this table would be 62.200.34.96/27.
You're netmask would be 255.255.255.224 (as I said before), and the
broadcast for this subnet would be 62.200.34.127.
In other words, all of the hosts from 62.200.34.97 through
62.200.34.126 would use the 62.200.34.127 address for ARP requests
and other broadcasts. Those from ...161 to ...190 would use the
.191 address for their broadcasts. They'd be on the ...160 subnet.
I'll do another one for comparison:
16 subnetworks of 14 hosts each (255.255.255.240)/28
net# broadcast Hosts: low high
0 15 1 14
16 31 17 30
32 47 33 46
48 63 49 62
64 79 65 78
80 95 81 94
96 111 97 110
112 127 113 126
128 143 129 142
144 159 145 158
160 175 161 174
176 191 177 190
192 207 193 206
208 223 209 222
224 239 225 238
240 255 241 254
... That table is twice as long (obviously) and the number is it
"look weird" However, it should be obvious where these number came
from. Start with zero can keep adding 16 until we get to 256 to get
the first column. Those are the network numbers. 256 can't be a
network number. To get the second column we add fifteen to the
network number (or we subtract one from the next network's number
-- which is the network number on the next line). To get the third
column we add one to the network number. To get the last column we
subtract one from the broadcast number (the second column).
I'll include one last table because it's shorter than the others:
4 subnetworks of 62 hosts each (255.255.255.192)/26
net# broadcast Hosts: low high
0 63 1 62
64 127 65 126
128 191 129 190
192 255 193 254
... I really hope this one comes as no surprise.
From here I would hope that you'd be able to generate the larger
tables of 32 and 64 subnets if you were insane enough to use those.
(The only organizations I know of that subnet that way are ISP's).
I could write a perl script to generate subnet tables like these in
far less time than this message took to write.
Now, if you wanted to use VLSN, to create one small subnet and one
larger one, I guess you'd pick a block of addresses, suitable for
any of these subnets --- reserving the whole block (from the
network# through the broadcast) and only assigning those in the
range (from the low to high numbers). Those would be a subnet.
You'd construct your route for that subnet, and put one of those
addresses (the low or the high usually) unto one of your
interfaces, and point your route (with its netmask override) to
that interface. You'd put the rest of your network unto another
interface with a broader route (one with fewer network bits in the
netmask) to that.
Example:
Let's put a 14 host subnet on our perimeter and hide the rest of
our hosts behind our router (with packet filters):
We'll arbitrarily choose the first available 14 host subnet (from
our table above). This should make it easier to remember which
hosts are "outside" and which ones are available for assignment
"inside"
So we assign eth1 an address of 14 (the highest available address
in this block --- I'm assuming that .1 is already in use by another
router on that subnet, and we give eth0 (the interface to our
internal network) an address of .17 (the first available address
that's after our subnet). Then we set that up like so:
ifconfig eth1 62.200.34.14 \
netmask 255.255.255.240 broadcast 62.200.34.15
route add -net 62.200.34.0 \
netmask 255.255.255.240 eth1
ifconfig eth0 62.200.34.17 \
netmask 255.255.255.0 broadcast 62.200.34.255
route add -net 62.200.34.0 \
netmask 255.255.255.0 eth0
I haven't actually done VLSN. However I think this would work. One
important consideration about this would be that every internal
system would have to know about this first route (the one with the
.240 netmask).
They could have this as a static route, or it could be propagated
to them via some routing protocol (I'm not sure if RIP can handle
that --- I think there was a RIPv2 that could --- while RIP would
have to propagate this as a list of 14 host routes rather than a
subnet route --- or some silly thing like that).
The other thing that we'd have to be sure of is that we didn't use
any of these subnet addresses inside of our domain. That includes
the network number and the broadcast address. By choosing the first
subnet for my example I cheated. You'd never try to assign the .0
address anyway. However, if you'd picked a subnet from somewhere in
the middle of your address range --- everything should work. It
would just be more confusing.
Notice that I also skipped .16 (which would be the "next" network
number if we were to use two of these subnets --- while leaving the
rest on one segment. This should be unnecessary. However, I'd avoid
assigning it an address just in case I need to add the additional
small subnet later.
Actually if you wanted to use a sophisticated address allocation
strategy, to minimize the disruption that would be caused by most
future subnetting strategies you could limit yourself to assigning
addresses from the following groups:
1-14, 17-30, 33-46, 49-62, 65-78, 81-94, 97-110, 113-126, 129-142,
145-158, 161-174, 177-190, 193-206, 209-222, 225-238, 241-254
... or better yet:
2-13, 18-29, 34-45, 50-61, 66-77, 82-93, 98-109, etc
... so that you're not issuing the possible network numbers,
broadcast numbers, and first or last addresses in each of your
possible subnets.
Using this strategy you could start with a flat topology and later
break it into anywhere from two to sixteen classic subnets or split
off VLSN's (and add/propagate appropriate routes to them).
As I've said, this sort of obtuse allocation strategy isn't
necessary for most of us these days because we can use private net
(RFC1918) addresses for our internal networks.
However, if you're going to use direct routable addresses in your
domain --- following this allocation schedule might actually help
(and can't really hurt if you simply prepare the list ahead of
time).
It's possible to define some netmasks that aren't on even octet
boundaries. For example the RFC1918 group of Class B addresses is
172.16.*.* through 172.31.*.*. That can be described with the
address/mask 172.16.0.0/12 (which you could then then subnet into
various ways).
Most sane people reduce that ugliness to a "known" problem for
which we've already described a solution. They treat these as a
large group of Class C addresses and do all their network design
based on those. The RFC1918 addresses: 192.168.x.* (for x from 0 to
255) is usually described as 255 contiguous class C address blocks.
However, there is nothing prevent us from using this as a single
16-bit network (192.168.0.0/16).
The only case where I've used these notations is when I'm writing a
set of packet filters. I customary add the following four address
masks to the source deny lists on perimeter routers:
10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16
These are denied in both directions.
The outbound denials are "anti-leakage." We shouldn't be sending
any packets onto the Internet which claim to be from these IP
addresses. They are "non-routable" on the open Internet. So, any
that "try" to get out are either a mistake (they were supposed to
go through masquerading or network address translations --- NAT),
or they are hostile actions possibly by users on our networks or by
some subverted services or hosts (something's been "tricked" into
it).
The inbound denials are part of an anti-spoofing screen. No legal
packet should get to us from any of these addresses (there should
be no legal route back to any such host over the Internet).
The 127.* filtering is also interesting. If I actually allowed
packets through my router that claimed to be from "localhost" I
might find that some services on some hosts could be exploited
using it.
I've heard of such packets being referred to as "martians."
However, I'm not sure if the term is supposed to apply just to
packets that claim a 127.* source address or to any of these "bad
boys."
To complete our anti-spoofing we also want to deny any inbound
packets that claim to be from any of our real IP addresses. Thus
you'd want to add a rule to deny 62.200.34.0/24. All of the hosts
which are legitimately assigned any of those IP addresses should
already be inside your network perimeter --- none should be
traversing the inbound interface on any of your border routers. I
might add a rule to block: 214.185.47.32/27 if I was given the
second 30 host subnet on the 214.185.47.0 network (for example).
Anti-spoofing gives us considerable protection from a variety of
exploits. It really doesn't leave us "secure" --- IP ADDRESSES AND
DNS HOSTNAMES ARE NOT AUTHENTICATION CREDENTIALS! However it limits
the exploits that can be mounted from outside of our network.
That's why you should ideal have sets of anti-spoofing packet
filters at your border (between the Internet and your perimeter
network) and at your interior router (between your internal and
your permimeter networks).
In some organizations you may also want to have anti-spoofing
between your internal client networks and your "sanctum" of
servers.
In addition to the anti-spoofing rules it's a good idea to add a
couple of rules to limit some known-to-be-bogus destinations (Thus
far we've only been discussing packet filtering policies based on
source addresses).
I suggest that any of your local "real" IP addresses that translate
into network or broadcast numbers for your network topology should
be forbidden as destinations. These extra rules may seem
unnecessary --- but there have been "denial of service" exploits
that used these sorts of addresses to create packet storms and
disrupt your networks. (A few broadcast packets that get in can
cause reponses from all or most of your active hosts).
So you should at least add: $YOURNET.0 and $YOURNET.255 to your
denied destinations list (where these are the network number and
broadcast for your block of assigned addresses.
No one outside your domain has any business addressing packets to
your whole network. If you are subnetted in other ways --- you'd
face the possibility that some attacker might try sending to
$YOURSUBNET.31, etc. However, this is probably just not such a big
problem. If you use IP masquerading and/or proxying for all or most
of your client hosts (as I recommended in my last post) you won't
see any of that anyway. Meanwhile, how much do you need to subnet
your banks of servers (in most cases, not much).
(?) Thanx in advance.
Pavel Piankov
(!) Gosh I hope that helps. I also hope I haven't bored the rest of
the list too much with this. I simply don't know of a way to
describe subnetting and routing more concisely than this. If you
really understand what I've written in these two messages --- you
can probably get a job as a junior netadmin.
____________________________________________________
(?) No STREAMS Error while Installing Netware for Linux
From Sean McMurray on Tue, 17 Nov 1998
I'm trying to install Caldera Netware for Linux on Redhat 5.1.
Following the instructions from
ftp://ftp.caldea.com/pub/netware/INSTALL.redhat, I get to Step 5 under
"Downloading the Files."
(!) Well, I haven't played with this yet, since I don't have any
Netware client systems around here. (Maybe one of these days I'll
fire up one of my old XT's to use for clients).
(?) When I type in rpm -i kernel-2_0_35-1nw_i386.rpm, I get the
following error:
ln: boot/vmlinuz-2.0.35-1nw-streams: No such file or directory
Can you tell me why? More importantly, can you tell me how to fix it?
(!) Well, the Netware for Linux requires a kernel with STREAMS and
IPX patches built into it.
STREAMS is an alternative to BSD sockets. It's a programming model
for communications within a Unix or other kernel --- between the
applications interfaces and the devices. The Linux kernel core team
has soundly reject suggestions that Linux adopt a STREAMS
networking model for its native internal interfaces and we won't go
into their reasoning here. (I'm inclined to agree with them on this
issue in any event.)
So, this error suggests that the 'ln' command (creates hard and
symbolic links) can't find the '/boot/vmlinuz...' files to which it
refers.
One trick to try is to view the contents of the rpm file using 'mc'
(Midnight Commander). Just bring up 'mc', select the RPM file with
your cursor keys and highlight bar, and hit [Enter]. That will
treat the RPM file as a "virtual directory" and allow you to view
and manually extract the contents. Look in RPM:/boot for the kernel
file --- also look for the README files.
I've occasionally manually extracted the files from an RPM and just
put them in place myself. Then I read through any scripts that and
docs contained therein to see what should have been done by the rpm
system. (Usually this sort of dodge is only necessary when doing
piecemeal upgrades to the rpm package itself).
There are other times when I have to resort to 'rpm -i --force
--nodeps ...' to get things to work.
Note that this kernel may not support you hardware configuration
(that's one reason why many Linux users build custom kernels). So
you may have to find and install the kernel source patches and
build your own --- or at least build a set of modules that match
that version.
Probably your best bet would be to subscribe to the caldera-netware
mailing list. Look to Liszt to help find specific mailing lists and
newsgroups:
Liszt: caldera-netware
http://www.liszt.com/cgi-bin\
/start.lcgi?list=caldera-netware&server=majordomo@rim.caldera.com
____________________________
(?) No STREAMS Error while Installing Netware for Linux
From Sean McMurray on Wed, 18 Nov 1998
Jim Dennis wrote:
>When I type in rpm -i kernel-2_0_35-1nw_i386.rpm, I get the
>following error:
>ln: boot/vmlinuz-2.0.35-1nw-streams: No such file or directory
>Can you tell me why? More importantly, can you tell me how to fix it?
Well, the Netware for Linux requires a kernel with STREAMS and IPX
patches built into it.
Shouldn't it be included in Caldera's RPMs then. It seems that the
first they their install does is try to build a new kernel.Also, does
the fact that ncpfs is built in indicate that the STREAMS and IPX
patches already exist - the IPX patches, anyway?<clipped>
(!) It is. That's what that kernel is saying. However it seems that
the /boot directory isn't there (my to 'mkdir' that) and, for some
reason, your 'rpm' command isn't or can't make it. (If you do have
a /boot directory --- maybe you've used 'chattr +i' to make it
immutable. Maybe you have a file named /boot so that a directory
can't be made by that name. Who knows?).
(?) Midnight Commander won't open the RPMs on my system, but I
executed rpm -qpl kernel-2_0_35-1nw_i386.rpm > dump.txt to get a
listing. The /boot files are: /boot/WHATSIN-2.0.35-1nw
/boot/vmlinuz-2.0.35-1nw
The only files with the word stream in the title is
/lib/modules/2.0.35-1nw/misc/streams.o
(!) ... that would be the STREAMS loadable kernel module. The other
support and IPX patches are compiled into that kernel, and the FAQ
tells you how to build a kernel to match the shipping one (close
enough to load the requisite modules and route/utilize the IPX
protocols anyway).
(?) There are other times when I have to resort to 'rpm -i --force
--nodeps ...' to get things to work.
I tried to rpm -e kernel-2_0_35-1nw_i386.rpm, but rpm says that it
isn't installed.
(!) That tries to "erase" (uninstall) that package --- except that
you have to use the package's name not the package *file's* name.
kernel-2.0.35-1nw is probably the package name. The filename is
independent of that, though it is conventionally similar.
You can use the 'rpm -qpi' command to extract information about the
RPM file including the package name.
In general the -i and -p options to 'rpm' refer to file while
others refer to "packages."
If you issued the command 'rpm -ql foo-1.2.3-bang' RPM would list
all of the files that are "owned by" the foo-1.2.3-bang package. If
you issue the command 'rpm -qpl foo-1.2.3-bang.i386.rpm' then the
command would list all of the file in that package file. If (by
some chance) you had a different implementation of the same package
these two lists might differ.
(That's a minor problem with the RPM system --- there's no central
naming authority on package naming and versioning so you can have
differences between, for example, the S.u.S.E. and Red Hat
packages, with some differences in dependencies --- etc. Actually
it's a rather major pain in the patootie when you're a S.u.S.E.
user and you keep getting packages that are contributed to the Red
Hat site. However, it's still usually easier than building them
from tarballs and the "right" answer for me is probably for me to
learn enough about building my own RPM's that I can grap the source
RPM packages and modify them to fit. The "right" answer for Red Hat
and S.u.S.E. and Caldera is to make their packages as compatable
with one another as possible --- particularly with regards to
dependences and provision identification).
(?) So I tried to rpm -e kernel-2_0_35-1nw_i386.rpm again, but rpm
says it's already installed
(!) That sounds wrong. Are you sure you typed exactly that?
(?) I don't know rpm (or Linux) well enough to trust not hosing my
kernel. I guess it's not that big of deal. I can just re-install RH5.1
from scratch.
(!) After awhile building and installing new kernels will seem as
routine and editing an old DOS CONFIG.SYS file (though you probably
won't do anywhere near as often.
(?) Probably your best bet would be to subscribe to the
caldera-netware mailing list.
I'm subscribed, but impatient. Thank you for your help.
(!) I'd manually extract the kernel file from that RPM file, put it
in the /boot/ directory, edit your /etc/lilo.conf file, run the
/sbin/lilo command and try to reboot. Search through the old back
issues of LG to read many messages about how LILO works -- or just
read the HOWTO at:
http://www.ssc.com/linux/LDP/HOWTO/mini/LILO.html
(... and other LDP mirrors all over).
Naturally you'll want to leave an entry for your existing (working)
kernel so that you can reboot into that if this Caldera supplied
kernel is inappropriate for your system. You'll also want to
prepare a boot/root (rescue) diskette. Although one (image) comes
with each Red Hat distribution I personally prefer Tom Oehser's
"rtbt" (a full mini distribution on a single floppy --- with a
suite of Unix tools sufficient to do most networking and rescue
operations). You can find that at:
http://www.toms.net/rb
____________________________________________________
(?) More than 8 loopfs Mounts?
From Philippe Thibault on Fri, 20 Nov 1998
I've setup an image easily enough and mounted it with the iso9660 file
system and asigned it to one of my loop devices. It works fine. What I
was wondering was, can I add more than the eight loops devices in my
dev directory and how so. What I'm trying to do is share these CD
images through SMB services to a group of Win 95 machines. Is what I'm
trying to do feasable or possible.
(!) Good question. You probably need to patch the kernel in
addition to making the additional block device nodes. So my first
stab is, look in:
/usr/src/linux/drivers/block/loop.c
There I find a #define around line 50 that looks like:
#define MAX_LOOP 8
.... (lucky guess, with filename completion to help).
So, the obvious first experiment is to bump that up, recompile,
make some additional loop* nodes under the /dev/ directory and try
to use them.
To make the additional nodes just use:
for i in 8 9 10 11 12 13 14 15; do
mknod /dev/loop$i b 7 $i; done
I don't know if there are any interdependencies between the
MAX_LOOP limit and any other kernel structures or variables.
However, it's fairly unlikely (Ted T'so, the author of 'loop.c'
hopefully would have commented on such a thing). It's easier to do
the experiment than to fuss over the possibility.
In any event I doubt you'd want to push that value much beyond 16
or 32 (I don't know what the 'mount' maximums are --- and I don't
feel like digging those up too). However, doing a test with that
set to 60 or 100 is still a pretty low-risk and inexpensive affair
(on a non-production server, or over a weekend when you're sure you
have a good backup and plenty of time).
So, try that and let us know how it goes. (Ain't open source (tm)
great!)
Of course you might find that a couple of SCSI controllers and
about 15 or 30 SCSI CD-ROM drives (mostly in external SCSI cases)
could be built for about what you'd be spending in the 16 Gig of
diskspace that you're devoting to this. (Especially if you can find
a cachet of old 2X CD drives for sale somewhere).
____________________________________________________
(?) EQL Serial Line "Load Balancing"
From Jim Kjorlaug on Mon, 30 Nov 1998
(?) I live in an area where ISDN services have been promised but no
delivered. I had read a howto for EQL but can no longer find the
documention on this method of ganging two modems together. Can you
please let me know where I can find the source for this and the howto.
Thanks for any help you can offer.
Jim Kjorlaug
(!) The README.eql (EQL Driver: Serial IP Load Balancing HOWTO) by
Simon "Guru Aleph-Null" Janes (simon@ncm.com) doesn't seem to be in
the LDP HOWTO Index. However it is included with the Linux kernel
sources under
.../drivers/net/README.eql
... so that's probably your best bet. Naturally the sources to the
driver are also included therein. This README doesn't appear to
have been updated since 1995.
Note that this requires support from your ISP. In other words, to
use EQL to effectively double you bandwidth, you need support for
the same version of EQL load balancing at each end of the
connection. Most ISP's are likely to be somewhat averse to this
prospect (or to charge extra) since you'll be taking up two of
their modems while connected over EQL.
Another thing to consider is the difference between latency and
bandwidth. Bandwidth refers to the amount of data that can be
transmitted over a communications channel in a given amount of
time. Latency refers to the propagation delay --- the amount of
time before the first bits get to one end or the other of the
channel.
EQL can provide more bandwidth. However modem latency is pretty
high and nothing can improve that within the constraints of the
current standards.
____________________________________________________
(?) Where to Report Bugs and Send Patches
From Elwood C. Downey on Mon, 30 Nov 1998
(?) Hello,
I have found (and believe fixed) a bug in gcc libc, version 2.7.2.3
related to handling of daylight savings time and timezones. I would
like to know exactly to whom I should send the report so it gets into
the correct hands asap. Part of my confusion is gcc vs the new egcs
(or whatever the new one is). I happen to be running Red Hat 5.1 if
that matters.
Thanks,
Elwood Downey
President/Chief Programmer
Clear Sky Institute, Inc.
(!) One of the "dirty little secrets" of FSF/GNU documentation is
that "they" have an official bias against 'man' pages. If you look
at the 'gcc' man pages you'll find that they refer you to the
"Info" (or "Texinfo" pages) and list the man pages as
non-authoritative, deprecated, unmaintained etc.
'Info' is a hypertext documentation system which is nothing like
HTML. The easiest way to access them for this case would be to
issue the command:
info gcc
There we'll find a node/link labeled "Bugs::" and following that
will provide us with some guidelines for reporting problems. I'll
refer you to those pages so that you'll get the full details rather
than just an @ddress.
Since 2.8.1 is the current version from the Free Software
Foundation (http://www.gnu.org) you might encounter some resistance
to accepting patches for 2.7.x at this point. Their maintainers may
refer you to the more recent version. You might want to try the
Debian package, which might include patches that update the GNU
version.
According to the Debian site (http://www.debian.org) the maintainer
for the Debian GCC package is Galen Hazelwood. You can use 'alien'
to to convert among RPM (Red Hat et al), Debian, SLP (Stampede
Linux Packages) and Slackage package formats.
Note that egcs is a spinoff of the GCC development.
____________________________________________________
(?) How to "get into" an Linux system from a Microsoft client
From WRB on Mon, 30 Nov 1998
(?) I know you don't like questions concerning Brand X (w95 and nt40),
however, I am a NEWBEEEEE to RedHat Linux (5.1) and I don't know where
to go for this answer. Over my internal network, when I try to get
into the RedHat (5.1) machine using Brand X (nt40 SP4), I get the
message "\\computer4 is not accessible" "the account is not authorized
to log in from this station" I don't have a problem with the other
Brand X product (W95 OSR2.1), it goes right in. I have no problems
with FTP or TELNET with either of the Brand X machines. Without
getting tooooo condescending, is this a Brand X problem or is it a
RedHat (5.1) issue?
Thanks for your help
Ron Botzen
(!) The big problem here is with the phrase "get into."
By this you seem to mean "share files on my Red Hat (Linux) system
from on of my MS Windows clients" or "make my Linux system a file
server to my MS Windows clients."
My clue that this is your intent is from the syntax "\\computer4"
is an SMB UNC (so-called "universal naming convention") designation
which is used for file and print services over the SMB protocols
(server message block).
Samba is the Unix/Linux package that provides SMB services to your
MS Windows, OS/2, and similar clients. Also Linux supports an
'smbfs' module and 'smbmount' command to allow it to act as a
client in an SMB network.
So, install the Samba package from your RH CD set, and read the
docs therefrom. For the latest information on Samba go to:
http://samba.anu.edu.au/samba/samba.html
(or one of its mirrors).
____________________________________________________
(?) Where to Put New and Supplemental Packages
From Lew Pitcher on Tue, 01 Dec 1998
(?) Hello from the Great White North.
A few months ago, I installed the Slackware 3.3 distribution on a
second-hand 486 system, and upgraded the kernel to the (then current)
2.0.35 level.
I've been slowly accumulating packages (like Smail and iBCS) that I'd
like to put up on this machine, and have a question about the
placement of package installs. Given that I've acquired a system-level
package with source code, where in the file system should I install
it?
From inspection, it looks like I've got several alternatives...
/usr/src looks like the obvious place to start, but /usr/local also
looks good. Do the Linux FileSystem Standards specify a place to put
packages? If not, do you have a recommendation in this regard?
(!) The Linux FHS (File Hierarchy Standard --- the descendent of
the FSSTND --- filesystem standard) does have guidelines for system
administrators and distribution developers and maintainers.
I would say that the latter groups (those who produce and maintain
general purpose distributions and packages) should be strongly
encouraged (nigh on required) to follow these conventions.
Sysadmins should be encouraged to follow them to the degree that
makes sense for their site. Home users can do whatever the heck
they like.
I suggest '/usr/local/' for normal freeware packages that I install
from tarball and compile myself. For commercial packages that are
distributed as binaries I recommend '/opt' (which is, in my case, a
link to '/usr/local/opt').
One of my continuing gripes about Red Hat and Debian is that there
is no easy way for me to "partition" my packages such that all
packages installed or updated after the initial OS/program load
(IPL) default to installation on '/usr/local'. This, and the fact
that I sometimes have a perfectly legitimate reason for
concurrently maintaining two or more versions of a given package
are my main gripes about those package management tools.
The canonical home of the FHS seems to be:
Filesystem Hierarchy Standard
http://www.pathname.com/fhs
(?) Thanks in advance for the advice.
(!) You're welcome.
(?) Lew Pitcher
Joat-in-training
If everyone has an angle, why are most of them so obtuse?
(!) Shouldn't that be JOAT (jack of all trades)?
____________________________________________________
(?) Book: Linux Systems Administration
From Jim Buchanan on Tue, 01 Dec 1998
(?) I hope to finish my book real soon now.
Let us know when it's done. I'll surely order a copy.
(!) I'll do my best to promote it without getting crass.
(?) Aeleen Frisch's Essential System Administration
Unix System Administrator's Handbook by Evi Nemeth et al
Some real competition. I certainly wish you well, such a book would be
a valuable addition to the many other Linux books available.
(!) I'm focusing a bit more on "soft skills" like requirements
analysis, recovery and capacity planning, the view that security
considerations permeate all aspects of professional systems
administration, and the design of whole networks rather than
isolated hosts.
These are elements that seem to be missing from the existing
literature.
(?) Macmillan Computer Publishing:
The Macmillan folks are really nice people. They host our local LUG,
INLUC (Indiana Linux Users Consortium, http://inluc.tctc.com)
(!) My editor mentioned something along those lines.
(?) If you ever make a trip to the Indiana Macmillan offices, maybe we
can arrange the date so that you can come to one of our meetings,
which are usually held on the third Wednesday of the month.
Jim Buchanan
(!) If I can afford it I'll do a full tour.
Thanks for your supportive comments. Now all I have to do is get
the thing done!
____________________________________________________
(?) 'ls' Doesn't work for FTP Site
From Reuel Q. Salamatin on Tue, 01 Dec 1998
(?) Mr. James T. Dennis,
I am so happy to have known that you are available to anwer Linux
questions. I have tried emailing persons I found from how-to files and
documentations about ftp, but as of yet, got no answers.
Here's my problem. Our ftp site doesn't seem to support the ls
command.
Usually, upon log-in, or with a browser it should display directory
listings. Now it worked just like that before. But now, it doesn't. I
don't actually remember how it came about to be like that.
I have followed instructions listed on the ftpd man page, about making
a copy of the ls command on the bin directory of ftp home. I did just
that but still no directory listing output. I was wondering what else
could have gone wrong.
Thank you even now in anticipation of your response.
Sincerely yours,
Mr. Roland Reuel Q. Salamatin
(!) Assuming that you're using one of the traditional FTP servers
(daemons) such as the BSD derived one, or WU-FTPD (which has been
the default on most Linux distributions for several years), this
probably relates to one of three problems. All have to do with the
'chroot' jail in which anonymous FTP (and the "guestgroups" from
WU-FTP) operate.
The idea here is that we've tried to minimize the risks to your
system that are associated with having untrusted parties (anonymous
and guest FTP users) accessing your directories. So we set up a
psuedo "root" directory and issue the 'chroot()' system call to
"lock the process into a directory."
On problem with this approach is that most Unix/Linux programs need
access to files like '/etc/passwd' and '/etc/group' (to map the
numeric ownership codes that are stored in the inodes of file and
directories to the associated names and groups. Also most modern
programs (dynamically linked ELF binaries) require access to
'/dev/zero' (a psuedo-device) for fairly obtuse reasons that amount
to "because that's the way they work."
So we need to build a skeletal copy/shadow of the system's
directory structure to support this. That must contain at least the
following files:
* 'ls' binary in the [chroot]/usr/bin
* Fake 'passwd' and 'group' files for [chroot]/etc
* A copy of (or hard link to) /dev/zero and /dev/null under
[chroot]/dev/
* (Possibly) copies of any shared libraries to which your copy of
'ls' is linked.
(You can compile a statically linked 'ls' or you can use the 'ldd'
command to get a list of the required shared libraries).
Another option is to replace the BSD or WU ftp daemon with Mike
Gleason's 'ncftpd', or with ProFTPD which both have built-in static
'ls' support.
'ncftpd' is not free. It is shareware and can be registered for
about $200 for a high volume server (more than 50 concurrent users)
or ~$40 for a smaller server. Mike Gleason continues to support and
release the best FTP client for free. There is also a free
"personal use" option (upto 3 concurrent users). You can find out
more:
http://www.ncftp.com
Of the FTP daemons that I've tried, 'ncftpd' was the easiest to set
up and definitely the easiest to configure. It also supports
"virtual FTP hosting" (where one host appears to be several
different FTP servers, each with different directory structures and
separate user lists). My only complaint was that this server
doesn't seem to like being dynamically loaded from 'inetd' (unlike
the normal ftp daemons --- but more like 'sendmail' and most web
servers).
ProFTPD is under the GPL. I know know the author's name and it may
be a whole team that's worked on it.
http://www.proftpd.org
I have yet to try this one. However it looks very ambitious --- and
might appeal to Apache webmasters in particular. The configuration
files and directives are intentionally set to match or resemble
Apache configuration options wherever possible.
From what I've read the original author started working on a
security audit and patch set to WU-FTPD and gave up. He then wrote
the whole thing from scratch.
So, I hope that helps. Naturally you could just fuss with the
existing ftp daemon and "get it to work." Alternatively either of
these replacements might be much better for your needs --- and
considerably easier, as well.
If not then there are a few other choices:
BeroFTPD:
ftp://ftp.aachen.linux.de/pub/BeroFTPD
This is a WU-FTPD derivative.
Troll Tech FTP Daemon:
http://www.troll.no/freebies/ftpd.html
Troll Tech is the publisher of the Qt libraries on which KDE is
built.
anonftpd
ftp://koobera.math.uic.edu/www/anonftpd.html
by D.J Bernstein (author of qmail) --- very lightweight FTP
daemon, purely for read-only anonymous access. (Doesn't support
normal user or "guest" accounts). Main focus is on security and
low memory footprint.
... and I'm sure we could find many others.
____________________________________________________
(?) An Anthropologist Asks About the Linux "Process"
From donald.braman on Mon, 23 Nov 1998
(?) I don't know if you cover non-technical questions, but here
goes...
(!) Then you haven't read enough of the back issues.
I babble about all sorts of things and have even been know to
respond to questions that have NOTHING to do with Linux. (Usually
those responses are less than cordial --- but hey, you can have
answers that are good, courteous, quick, and/or free (pick any
three)).
(?) I'm interested in finding a summary of the process by which LINUX
is maintained and updated.
Where is Linus in the LINUX community and loose organizational
structure, and how does he decide what to do with all of the stuff he
get? (I always see "Linus just released kernel 2.xxx" messages.)
(!) Linus "owns" the kernel. He primarily focuses his work on the
developmental kernels (2.1.x right now --- will probably be 2.3.x
within a month or so). The stable kernels (2.0 currently) are
largely maintained by Alan Cox, though they are still sent to Linus
for final approval and official release.
When Linus decides that the work is complete on the 2.1 series
he'll declare it to be "2.2" --- then he'll start a 2.3 series (and
there will be a quick flood of patches posted to that, since we've
been in "feature freeze" for a couple of months and there are
people who have been privately working on some new features in
anticipation of the next development cycle.
I've heard that Linus plans to turn the maintenance of 2.2
immediately over to Alan and Stephen Tweedie. That will allow him
to focus on the next version exclusively.
Although there has been some effort to minimize the number of bugs
that will be in the 2.2 release --- it is almost certain that we'll
have at least a few 2.2.x releases within the first few months.
Many of these will account for bugs that only affect a small subset
of the available hardware configurations (one user in 10,000 or
less). For the 1.0 series we had about nine releases to the stable
kernel set. For the 1.2 series we had about 13 or so. In 2.0 we
have had 36 (the versioning skipped from 1.3 to 2.x due major
structural changes in the kernel). Don't just graph that to project
an estimate --- unless you also scale the graph over the time
frames involved. Even than you'd find some anomalies --- the
differences between 1.2 and 2.0 are as great as the versions
numbers suggest.
As for how Linus decides what to incorporate and what to ignore or
kick back ... that's one of the mysteries to which mere acolytes
and initiates such as myself are not privvy.
Linus is swamped. He gets direct e-mailed patches from countless
programmers and programming students around the world. (The Savvy
ones actually read the FAQ at http://www.tux.org/lkml before trying
to contribute to the Linux kernel).
See below for more on that.
(?) What if, no offense intended, Linus died tomorrow?
(!) This class of events has been discussed (usually in less morbid
terms --- using the term "retiring" rather than references to
"expiriing").
This would be a great loss to the Linux community.
However, the sources are out there under a license that ensure that
they will remain freely available and "alive" (able and likely to
be upgraded, ported to new platforms, and generally improved upon).
The great advantage that Linux has had over FreeBSD, (and it's
brethren) has been Linus. He focuses on the kernel, and on code and
quality, and almost completely eschews politics. He let's others
deal with "user space" issues (libraries, compilers, and all of the
suites of utilities and applications that go into any Linux
distribution).
We've benefitted immensely from our "benign dictactor" model --- we
accepted Linus as "the Linux kernel God" (we hold none before him
and we're monotheistic in this regard).
When Linus eventually retires, moves on to other conquests, or
whatever (may it happen long after my own demise), then the hope
among the Linux kernel developers is that we'll be able to adopt,
appoint, agree upon a successor --- a new benign dictator. That
might be someone like Alan Cox, or Stephen Tweedie, or it might be
just about anyone who's name appears regularly enough on the
Linux-kernel mailing list (I don't know enough to say).
Linus as jokingly referred to his daughters and Linus 2.0 and 3.0
(we could make it a heriditary oligarchy, if they take the interest
and aquire the proficiency). Check back in with us in about 15
years on that.
(?) Further, I'd like to find a place where (tentative) plans for
future releases are discussed, and even a vague timeline is given. In
short, is there a project management site/organization that contains a
summary of (debates about) where LINUX is going and how it's going to
get there?
(!) Here's the real fun question. Anyone who's seriously involved
in Linux kernel development is subscribed to the Linux-kernel
mailing list hosted by Rutgers University (Read the FAQ listed
above for exact instructions on how to subscribe, where to find
archives and how to search through them).
linux-kernel is a very busy mailing list. I've received well over
nine thousand pieces of e-mail on that list in just the last few
months. It gets close to a hundred items per day. (The only
Internet mailing list that I've been on that seemed busier was the
old cypherpunks list when it was hosted at Toad Hall --- and maybe
the Firewalls list that was started by Brent Chapman at Great
Circle Associates).
With that volume of traffic, you can be sure that many busy
developers (such as Linus) don't get to read everything. (Linus has
a family life and a full-time job --- mostly in addition to his
kernel work; although Transmeta apparently does provide him with
some work time to devote to Linux --- as per his contract with
them).
Of course, the best way for you to learn about the social dynamics
of the Linux kernel developers is to immerse yourself in it for
awhile. Start with some research (read the FAQ, and a month or
two's worth of the archives), then subscribe to the list and lurk
(read and don't post) for a month.
If you're doing research on us --- please let us know where we can
read any papers that you put together. We have one participant
(esr, or Eric S. Raymond who has referred to himself as the Linux
community's "anthropologist" but it might be interested to have an
alternative set of opinions from a more "objective" source).
(Eric has been a hacker since before Linux was developed. He helped
to compile and publish the "New Hacker's Dictionary" --- which is
also a pretty good source of background if you want to understand
the Linux community as a subculture. Take it with a grain of salt,
of course --- but read it anyway).
(?) Donald Braman
Yale Anthropology
____________________________________________________
(?) Looking for a Hardware Vendor: In all the Wrong Places
From Scott Tubbesing on Thu, 03 Dec 1998
(?) Mr. Dennis,
My name is Scott Tubbesing and I am just starting to support Linux on
my new job. I read "The Answer Guy" in The Linux Gazette for the first
time.
My employer is in the process of purchasing a Linux server. You
mentioned AV Research as a possible and recommended vendor. I couldn't
find a WEB page on this company and wonder how to contact them.
Appreciate your article and your assistance.
Have a good day.
Communication is the secret to success...Pass it on.
Scott Tubbesing
(!) That's VA Research (initials VAR, as in value-added reseller).
They're at http://www.varesearch.com
You can find a whole list of other Linux friendly hardware vendors
at Linux International:
http://www.linux.org/hardware
Hope that helps.
____________________________________________________
(?) Letting Those Transfers Run Unattended
From Terry Singleton on Wed, 02 Dec 1998
(?) While at home, dialed into work with my 56Kb modem, I sometimes
run across very large interesting looking applications. I often wish
that there were a way for me to telnet to my Linux box at work and
start the download. When I got to work the next day the download would
have hopefully completed.
Question: Is there a way for me to start my download remotely,
disconnect from the Linux server and have the server continue to
download the file(s)??
(!) Yes. The most obvious is to use 'screen' - this will let you
start interactive processes over a dialup or telnet connect (or
within an xterm, on a VC), then you can "multiplex" multiple
interactive programs and you can "detach" the whole session from
your terminal/connection.
Later, when you reconnect you can re-attach to your 'screen'
session using the command:
screen -r
... assuming that you only have one of them going. If you've
started multiple 'screen' sessions you can select the one to which
you want to re-attach using additional command switches (read the
man page for that).
I routinely use 'screen' (I'm using from a virtual console right
now). If I leave this session like this and connect from my
terminal in the living from (to watch a little CNN or "Law & Order"
as I work) I just use the command:
screen -r -d
... to simultaneously detach and reattach my screen session --- to
effectively "yank it over to my terminal."
Another advantage of using 'screen' is that my session is preserved
if I get disconnected. (There's an "auto-detach" feature). So, you
can leave the same session saving state in up to ten programs for
weeks, even months at a time. (I have three copies of xemacs, a
copy of lynx and a couple of shell prompts to the local and some of
the other hosts on my net open as I type this).
I do try to force myself to drop out of my screen session at least
once a month.
If you're using FTP to get these files you can also use the 'ncftp'
command line features, including a "re-dial" which will keep trying
to get to that busy FTP site until it gets your files. There's also
a program called 'lftp' that is a "command line driven, script
friendly" FTP client.
Another approach would be to use 'expect' and/or Kermit scripts
which you start at the remote and run "asynchronously" (in the
background by slapping an '&' ampersand on the end of the command
or by hitting [Ctrl]+[Z] to "suspend" the job and issuing the 'bg'
command to restart it as though you'd put the '&' on it to begin
with.
Note that this "job control" feature (the [Ctrl]+[Z] and 'bg'
stuff) only works with non-interactive programs. Interactive
programs are likely to stop with a "waiting on terminal input"
message. 'screen' and any properly written 'expect' script will
cope with those because they set up a Unix domain socket as a sort
of "virtual" terminal to control the interactive software.
(?) Regards,
Terry Singleton
Canadore College, Network Analyst
____________________________
(?) Letting Those Transfers Run Unattended
From Terry Singleton on Fri, 25 Dec 1998
(?) Where do I find screen I searched my system and www.freshmeat.net
but could not find the app you mentioned. I am running RedHat 5.1 and
I believe installed almost everything.
thanks.
(!) That's odd. When I use freshmeat's "Quickfinder" it's the first
entry that shows up. (Maybe the older version wasn't listed. A new
version was just released recently --- after you sent me this
message I think).
Here's the Freshmeat "AppIndex" URL:
( freshmeat ) - ( details of "screen" )
http://appindex.freshmeat.net/view/913939067
... and here's the main web page:
screen - GNU Project - Free Software Foundation (FSF)
http://www.gnu.org/software/screen
It's also easy to find at the Filewatcher site
(http://filewatcher.org formerly lfw.linuxhq.com) and at the Linux
Archive Search (http://las.ml.org).
However, Freshmeat returned the most recent version and the
canonical web site, while the others showed dozens of links to
older versions and other packages (with the string 'screen' in
their names) and no information about the package. So Freshmeat's
my first choice at this point.
____________________________________________________
(?) Translucent, Overlay, Loop, and Union Filesystems
From c17h21no4 on Wed, 02 Dec 1998
(?) Where can i find information/documentation about the loopback
filesystem and the translucent file sytstem under linux. From what i
see on the mail lists there is support but the links are old or
outdated (Ben's link) and i seem to not be finding any info on it.
(!) According to an old version of the CD-ROM Howto:
Once upon a time there was an IFS (inheriting filesystem). This was
written by Werner Almesberger for Linux version 0.99p11 was similar
in principle to the "translucent fs" from Sun. This was a
"copy-on-write" system, sometimes referred to as an "overlay" or
"union" fs.
All of these are different terms for the same concept, you mount
two (or possibly more) filesystems on the same point. Accessing
files under these mount points is presents files from one of the
underlying filesystems.
The most common case would be to lay a CD-ROM fs over a normal
(ext2, minix, xiafs) filesystem. Any files on the "normal"
(read-write) fs take precedence over any file with a colliding name
on the CD-ROM. Any write attempt of a file results in a copy (or
possibly a "diff" on a log-structured fs). Later access to such
files will refer to the copy rather than the original.
An early version of the Yggdrasil Plug-n-Play Linux (*)
distribution supported this (IFS) as an installation method, if I
recall correctly.
* (the first CD-ROM distribution ever released as far as I know)
As far as I know Werner's IFS hasn't been updated in years and
there isn't any support for any of these union/translucent etc fs
variants in the standard kernel. I did find on pretty obscure set
of patches that appear to provide "overlay" filesystem support for
2.0.31 kernels at:
LOFS Patches for Linux:
http://www.kvack.org/~blah/lofs
... this has no README files or other documentation so my guess
about their intent is purely from reading the patches. I think
"Blah" in this URL refers to Mr. Benjamin LaHaise who apparently
wrote the following to the Linux-Kernel mailing list in May of
1997:
> Now is a very good time to tell me if
> someone else has already got a working lofs :-)
I wrote one quite some time ago, and finally made patches against
2.0.30 last week. They're at
ftp://dot.superaje.com/pub/linux/lofs-2.0.30.diff It's not perfect,
but it works. (I do have a fancier 2.1.x version, but it'll be a
while before i get anymore work done on it.)
This was in response to a Mr. Jon Peatfield's query. (The ftp link
therein does not work). He mentioned some additional work on his
'lofs' as late as August of '97 --- quoted in a response by Linus
regarding some VFS semantics.
I presume this is the "Ben" to which you are referring. I've blind
copied his last known @ddresses. (Sorry if you get three copies of
this).
There's a similar concept called a "cachefs" and there's a couple
somewhat different concepts called "loop" filesystems.
A Linux "loop" or "loopback" filesystem allows one to mount a
regular file as a filesystem. This only works if the file is an
image of a supported filesystem. Thus, if you have a boot diskette
image you can mount it on /dev/loop0, 'cd' into the mount point and
view the contents.
I've leard of another interpretation of the phrase "loop back
filesystem" that involves remounting the same filesystem with
different option at different mount points. Thus you might mount
one at /usr with "read-only" options and somewhere else with
read-write and no-exec" However, I don't know which versions of
Unix use this and it doesn't seem to match the Linux implemtation
at all.
It is possible to enable encryption on your loop devices using the
'losetup' command (see the man page in section 8). However, this is
more of a proof of concept than a real utility. See my column last
month for pointers to some real cryptography packages, or look at
the "privacy protected disk driver" (ppdd) which is one I forgot to
mention last month.
'cachefs' and 'tmpfs' are filesystems that are supported by
Solaris.
The CODA project at http://coda.cs.cmu.edu also has some
interesting replication and caching features.
Obviously when we start talking about specialized filesystems we
see myriad terminology collisions and ambiguities.
For now I'd say that Linux LOFS/Translucent filesystems are not
"ready for prime time." However, if you're interested in working on
the code --- go for it!
____________________________________________________
(?) Modem dial out
From Infinite Loop on Wed, 02 Dec 1998
Hi Jim,
How are you? I'm want to write a program that enables my Linux system
to dial a page to my beeper, this function to be activated upon
certain events. I am learning C. I came across a system call ioctl
that is supposed to let me control the devices, but I cannot find
further information on it's usage. Or is there other
programs/functions that you can advise me to work on to achieve the
result?
Thanks.
(!) You might want to try the Linux Gazette "Search" feature. I
wrote a fairly extensive piece on this back in May.
Using the search phrase "pager software" at
http://www.linuxgazette.com the following was the fourth hit:
The Answer Guy 28: Email Alpha-Paging software
http://www.ssc.com/lg/issue28/tag_paging.html
Granted I wasn't able to find it so easily using Yahoo! and Alta
Vista. When I elaborated on the phrase to include:
pager software linux source code
... I got a surprise:
Debian Package - hylafax-doc 4.0.2-5
http://cgi.debian.org/www-master/debian.org/Packages/stable/comm/hylaf
ax-client.html
HylaFAX support [sic] the sending and receiving of
facsimiles, the polled retrieval of facsimiles and
the send [sic] of alphanumeric pages.
^^^^^^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~
(emphasis mine).
(?) Regards, Joseph Ang
(!) I'd get those packages and read through their sources a bit.
____________________________
(?) Promptness: It's Just a Lucky Shot
From Infinite Loop on Fri, 04 Dec 1998
(?) Hi Jim,
Thanks for your prompt reply! I'm very surprised to receive your reply
in just a day! Really, really appreciate that :)
Best regards, Joseph Ang
(!) You were just lucky. The question was easy and appealed to me.
Unfortunately there are many questions that I just don't "get to."
Especially since I'm getting about five times more TAG traffic this
month then last.
____________________________________________________
(?) 'chroot()' Jails or Cardboard Boxes
From Clifton Flynt sometime before Wed, 02 Dec 1998
Hi, You recently stated:
You can set up inetd.conf to call simple chroot call to a jail before
launching ftpd -- which will automatically use the /etc/passwd that's
relative to the chroot directory. The You can even use shadow
passwords in the chroot.
It does take a bit of tweaking -- but it can be done.
Could you point me to a FAQ or HowTo for this?
I'm upgrading a 4.2 based firewall system to 5.1, and already tried
the obvious tricks of copying the /lib/security and /etc/pam.d
directories to the playground/jail directory.
Thanks,
Clif
(!) I don't know of an FAQ or HOWTO on this. I haven't had time to
write one myself.
One trick is to use the 'ldd' command extensively to identify
shared libraries that must be copied into the 'chroot()' jail.
Another is to use 'strace' to capture system call traces of each
program (particularly those that fail to run properly in the jail)
and compare the calls to 'open()' between the version run in the
jail and the one that works normally within your normal
environment.
The brute force method is to simply install a whole distribution
unto another filesystem. Mount that as the jail and trim out
everything you don't need.
It should be noted that 'chroot()' jails are not "root safe" under
normal implementations of Unix and Linux. If an attacker does
successfully gain 'root' privileges with the jail it is a simple
matter to "break out."
'securelevel' is a set of features in BSD (Free|Net|Open and
BSDI/OS) to minimize the persistence of such compromise. These try
to prevent root from exercising various privileges while the system
is in "server" or "production" or "secure" mode.
There were some patches for 'securelevel' that were under
development for Linux. However, Linus rejected them and has
accepted an alternative that may offer more flexibility, finer
grained control and still allow for relatively easy "securelevel
emulation."
These features (what POSIX.1e refers to as "capabilities lists" but
which are better described as "VMS like privileges") are built in
the 2.1.x kernels and will almost certainly be part of 2.2. In
addition to the possibility that these will allow us to "emulate
'securelevel'" these may also prevent many forms of process
subversion that lead to 'root' compromise.
Normal 'securelevel' does nothing to prevent the attacker from
gaining root. It doesn't very little to limit what the attacker can
do with that privilege during the session in which it is obtained.
In other words the successful attacker still has control of the
system. 'securelevel' primarily prevents persistent changes to the
filesystems (no changing immutable flags to mutable and
"append-only" files to random access read/write, no remounting
read-only filesystems in read/write mode, etc). Some other
securelevel features prevent loading of kernel modules and access
to /dev/kmem (/proc/kmem for Linux users).
This doesn't address the mechanism by which the attacker gained
'root' and only places relatively minor limitations on what 'root'
can do to the state of the system. Those limitations mostly prevent
sniffing on other processes, hiding the attacker tracks, and
leaving 'rootkits' laying around.
With the "privs" features the Linux kernel add more fine-grained
delegation and limitation semantics. One can provide a process (and
its descendents) with the ability to open a "privileged" TCP port
(below the conventional Unix 1024 watermark) and/or with just
read-only access to all files, without allowing that process to
write to, change the ownership or permissions/mode or filesystem
dependent attributes/flags on them, etc).
Basically these "privileges" split the implications of "SUID root"
into separately maskable and delegateable items. Instead of one
"god flag" we have a whole pantheon of them, each with its own
sphere of influence.
The kernel support for this is just the tip of the iceberg.
Consequently we probably won't see effective use of this for
several month after Linux ships and it will be much longer until we
have "full" support for this security model.
Currently the only way to use these features with 2.1 kernels would
be to write wrapper programs that set/mask the privilege sets
(there are "allowed, effective, and inheritable" sets; the
"inheritable" set is a mask which strips these privs from
children). These wrapper/launchers could then start processes with
small lists of required privileges and some (small?) assurance that
these processes couldn't perform some forms of mischief directly.
To emulate 'securelevel' you'd write wrappers that started 'init'
and/or 'inetd' and various daemons like 'sendmail' and your web
server with a set of privileges masked off. These processes and
their children would be unable to exercise certain sorts of system
calls (possibly including the equivalent of 'chroot(..)' to
chdir/chroot out of a jail) and file operations. They would not be
able to inherit these privileges even from an SUID 'root' program
--- such programs would only be able to exercise the subset of
privileges that were inherited and allowed. (*)
* (The attack vector would then have to be via subversion of some
running process that retained its privileges i.e. via some form of
interprocess communication rather than by direct execution. If
'init' was stripped of its "chatter +i" priv then no process on
the system could make immutable files mutable. Naturally you'd
construct the wrapper or patches to 'init' such that these
features would be enabled at specific runlevels or disabled with
certain boot-time parameters).
Later it will be possible to store these privilege sets as
attributes of executable files. Thus the 'rsh' and 'rlogin'
commands would have their "bind to privileged IP port" bit set, and
all others would be unset. (Note we're not masking off the other
privs, we're merely not granting them). Thus the reason why these
two command are "SUID 'root'" is accounted for, without giving
these programs a host of other system privileges that are not
required for their proper operation.
The filesystem support for these features will presumably be added
in the 2.3 kernel series.
It looks like Linux 2.3 will mostly be about filesystems, "large"
file support, ACL's, logging/journaling, b-tree directory
structuring, and other features of that sort.
It's not clear whether these will be rolled into ext2 or whether
they will be incorporated into a new ext3.
If this whole "privs" security model seems complex and difficult to
administer and audit, then you're reading me loud and clear.
Determining the precise set of requisite flags for each program and
process will be a monumental pain. It is unclear how effective
these efforts will eventually be. VMS has had these sorts of
features since its inception, and they are similar to features in
MLS/CMW (multi-level security for compartmented mode workstations)
versions of Unix (usually billed/sold as the B2 Security Package,
Option, or Version --- and generally only used by the U.S. military
or similar organizations).
Personally I would like to see a "true capabilities" subsystem
implemented. This is a completely different security model that is
so much unlike Unix, NT, and other identity/ACL based systems that
you may have to spend a year or two unlearning what you know about
operating systems design before you "get it." (It took me about two
--- but I'm unusually stubborn).
I've talked about this security model in this column before. Do a
keyword search on EROS (extremely reliable OS) and/or KeyKOS to
find some links about it. Ironically I've never used a system that
incorporated "capabilities." However, I've grudgingly come to the
conclusion that they represent a better security model than the
ones we use in all major software today.
The catch is that programs would have to be significantly retooled
to work under such a system. There's also been almost no interest
in this from the programmers that I've talked to. (That would
suggest that I'm just a ranting crackpot --- since I'm not a
programmer myself).
In any event, hopefully these "privileges" will make your system
somewhat more secure and make a chroot() jail more than just a
cardboard box.
If security is not your primary concern -- if all you want is to
provide virtual FTP hosting, just look at ncftpd and or ProFTPD.
____________________________________________________
"The Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
(?) The Answer Guy (!)
By James T. Dennis, linux-questions-only@ssc.com
Starshine Technical Services, http://www.starshine.org/
_________________________________________________________________
(?) Swap file on a RAM Disk
From Mathieu Bouchard on Wed, 02 Dec 1998
(?) Hi,
Some have even reported that using 100 or 200K RAM disk with a swap
file on it will dramatically improve the performance over using all of
your memory as straight RAM.
Do you have any rational explication to this? I'm not a kernel expert,
but it makes no sense -- especially because AFAIK, Linux RAM disks are
swappable (and lazily-allocated), and mutual containment (in this
context) makes no sense;
(!) No. I don't have a rational explication or explanation for
this.
(?) but in the event that a RAM disk wouldn't be swappable, then,
swapping from RAM to RAM isn't anything more than a CPU hog and
unnecessary complexity -- it's a kind of Alice in Wonderland to me. It
would make sense if some compression was done while swapping, which
would look like a Macintosh RAMdoubler. But Linux has no such feature
-- six months ago I asked the Linux guys and they said that they
didn't like the idea.
Is it possible that such a report would be gibberish? in which case I
would like you to get the precise facts and publish them. I think that
even though it is a detail, the Linux community doesn't deserve to
have anything done wrong. I'm not [bf]laming, I just want to correct a
situation.
matju
(!) However, I can make a guess. Many of the memory management code
paths may have to special case the situation where no swap/paging
space is available. The routines invoked to handle this special
case may result in a slow down when no swap is available.
You're welcome to search the Linux-Kernel mailing list archives
yourself. You can also just try it (run some tests with no swap
space "mounted" and then run them again with just a small swap file
located on a small RAM disk. I haven't actually tried this
experiment, so I made an effort to identify my statement as
hearsay.
If you'd like to so some research on it --- you could publish your
results (probably in LG --- perhaps as a 2-cent tip or as a full
article).
____________________________________________________
(?) How to "get into" an Linux system from a Microsoft client
From WRB on Wed, 02 Dec 1998
(?) Jim, thanks for the samba reference, I'm going to spend some time
there.
By the way, it appears I did not give you enough information the first
time around. When I mentioned "get into" I meant from the NT40
explorer window, network neighborhood. I can see the Linux machine
(computer4) shown there, but when I try to "click" on it and log in
(YYYYYYYY4 with password XXXXXXX), that's when I get the message. This
happens with NT40 only.
(!) That is what I'd guessed. You're trying to share files that are
on the Linux system. Those must be exported/published to you via
Samba.
By the way, I've blotted out the computer name and password that
you included in your text. Please don't include any password or
other private information in posting to any stranger on the net.
Particularly one like me, that publishes such messages in a widely
read monthly webazine.
(?) When I do the same thing with W95 explorer window, network
neighborhood (click on computer4), I go right to the directory I
assigned to the W95 computer (/home/computer1). I set up a link from
there (/home/computer1) to / and now I can browse all over the Linux
machine - using W95.
I just can't find the right "trick" to do the same thing with NT40.
(!) You'll want to read the Samba FAQ. This is one of the
situations they cover therein. Basically there is a difference
between the way that your Win '9x and NT 4.0 clients are attempting
to authenticate to the Linux system.
Samba FAQ
http://us1.samba.org/samba/docs/FAQ
Search on the string "nt4" to jump to the first relevant paragraph.
However, I'd suggest reading the whole FAQ. Then you'll know more
about Samba then I currently do. (I hardly ever use it).
(?) Thanks again for your time
Ron Botzen
____________________________________________________
(?) Dynamic IP Address Publishing Hack
From Ronald Kuetemeier on Sat, 05 Dec 1998
(?) Here is an expect script that you might find useful for your
article. It keeps a connection to the internet up and running with a
dynamically assigned ip address. It updates html file(s) with the
assigned ip address and ftps it to a well known server on the
internet. Ronald
> =====================================================================
#!/usr/bin/expect -f
#expect script to keep a www server connected to the internet over
#dynamically assigned ip address
#Ronald Kuetemeier 11/1/1998 dket@mail.saber.net
#Replace all xxxx with your values
#initial ppp server address to see if we are already up
#change this to your ftp server ip addr.
set server xxx.xxx.xxx.xxx
#use of ppp script to make sure ppp is down and can be restarted
#change this to your local ppp up/down script
proc logon {} {
system xxxx stop
close
wait
sleep 10
system xxxx start
close
wait
sleep 35
ping 1
}
#get ip's from ifconfig
proc getip {} {
spawn ifconfig
expect -re "P-t-P:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+"
close
wait
setip $expect_out(buffer)
}
}
#find local ip and remote server ip address from ifconfig
proc setip {out} {
global server
set ips [string range $out [string first "Point-to-Point" $out]
[string length $out]]
regexp P-t-P:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+ $ips server_1
regexp addr:\[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9]+ $ips client_1
regexp \[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9\]+ $server_1 server
regexp \[0-9\]+.\[0-9\]+.\[0-9\]+.\[0-9\]+ $client_1 client
changeaddr $client
}
#ping to see if connection is still up
proc ping {i} {
global server
while {1} {
if {$i == 6} {
logon
getip
set $i 0
}
spawn ping -c 1 -n $server
expect {
"bytes from" break
"100% packet loss" close
ret=-1 close
}
wait
incr i
puts $i
sleep 3
}
close
wait
}
#change to your local userid and passwd and file transfer
proc ftp {} {
#change to your ftp server
spawn ftp xxx.xxx.xxx
expect "Name*:"
send "xxxx\r"
expect "Password:"
send "xxxx\r"
expect "ftp>"
#change to your ftp server directory,i.e public_html
send "cd xxxxx\r"
expect {
#change file to transfer [file]
"2*ftp>" [send "put xxxx.xxxx\r"]
"550*ftp>" ftp_error
}
expect {
#change or delete file 2 transfer [file 2]
"2*ftp>" [send "put xxxx.xxxx\r"]
"No such file" ftp_error
}
close
wait
}
proc ftp_error {} {
puts "FTP ERROR\n"
close
wait
}
# use sed to replace unique name with ip addr in a file
proc changeaddr {client} {
#change file names and local dns name
# [DNS] [in.file] [out file]
system sed 's/xxxx.xxxxxxx.xxx/$client/' xxx.xxxx > xxxx.xxxx
close
wait
#change file names and local dns name or delete this
# [DNS] [in.file] [out file]
system sed 's/xxxx.xxxxxx.xxxx/$client/' xxxx.xxxx > xxxx.xxxx
close
wait
ftp
}
ping 6
while {1} {
puts "Main loop\n"
ping 1
sleep 9
}
(!) I'll just leave this as is. However, I'd suggest that the
'pppup' script documented in the 'pppd' man pages would provide
some of the IP addresses that you are laboriously extracting from
spawn command outputs using regexes.
Also It would make a lot of sense to write up an article around
this script and publish that in LG yourself.
____________________________________________________
(?) Why 40-second delay in sending mail to SMTP server?
From Steve Snyder on Sat, 05 Dec 1998
(?) On my LAN, when my (Win95- and OS/2-based) mail clients retrieve
mail from my (RedHat v4.2) Linux server, it is all but instant. When
sending mail to the server, there is a 40 - 45 second delay before the
sent mail is accepted. Mail retrieval by the clients are done via
POP3; mail is sent via SMTP.
(!) Sounds like attempts at reverse DNS and/or 'ident'
(?) These are the relevant lines from my /var/log/maillog. These lines
are the result of sending mail from mercury.snyder.net (client running
OS/2) to solar.snyder.net (server running Linux). Note that the second
line contains the text "delay=00:00:40". Hmm.
> Dec 2 09:12:05 solar sendmail[21694]: JAA21694:\
> from=<steve@solar.snyder.net>, size=403, class=0, pri=30403,\
> nrcpts=1, msgid=<199812021411.JAA21694@solar.snyder.net>,\
> proto=SMTP, relay=mercury [192.168.0.2]
> Dec 2 09:12:05 solar sendmail[21724]: JAA21694:\
> to=<steve@solar.snyder.net>, ctladdr=<steve@solar.snyder.net>\
> (500/500), delay=00:00:40, xdelay=00:00:00,
> mailer=local, stat=Sent
I should also note that I don't use DNS on my LAN. Name resolution is
done via a hosts file on each machine.
I haven't done any tweaking of (version 8.8.5) sendmail. It is pretty
much as-is from the RedHat installation. In case it isn't already
obvious, I'm a newbie at mail configuration issues.
Any advice on how to eliminate this delay in sending mail from my
client machines?
Thank you.
*** Steve Snyder ***
(!) Newer versions of 'sendmail' have features that are intended to
minimize abuse by spammers and miscreants. Some of these involve
doing doubled reverse DNS lookups to check that the forward and
reverse names are consistent.
Sendmail normally will not use the /etc/hosts file to map host
names to IP addresses. This is because the standards call for it to
look up DNS MX records in preference to other types of address
records.
In other issues I've described how I get around that on my private
LAN (which also doesn't use DNS for mail routing or internal host
resolution).
[ Jim has at several points in the past revealed fragments of our
main control file, sendmail.cf, so the Linux Gazette search box
should be able to reveal it pretty easily if you use that filename
as a keyword. -- Heather ]
____________________________________________________
(?) Linux as Router and Proxy Server: HOWTO?
From kdeshpande on Sat, 05 Dec 1998
(?) we want to setup linux server as a proxy server with two ethernet
cards. kindly guide me for installtion process.
i am ms win 95 user and does not know any thing about unix / linus pl.
reply on [another mail address].
(!) You'll want to start with the "Linux Installation and Getting
Started." That's an LDP guide that's often included with Linux
distributions in the /usr/doc directory and is available on-line at
any mirror of the LDP. That covers the basics of Linux (although it
is getting a bit long in the tooth).
Configuring a proxy server and router is a fairly advanced process
and will involve a considerable understanding of Unix and of TCP/IP
concepts. It sounds like your skills in English may make some of my
explanation inaccessible to you. Hopefully the guide to routing
that I've also written for this month's LG article (should appear
for the January 1999 issue) will help.
There are a couple of other HOW-TO documents written on using Linux
as a "Firewall" (proxies are often a component in a firewall). Many
of these have been translated into various languages. You'll want
to see if there's one in your native language.
Personally I'd suggest that you get a consultant to come in and
configure it for you. That is likely to be far easier and less of a
hassle than trying to do it yourself.
Now, with all of those disclaimers out of the way here's a simple
configuration:
_________
192.168.1.x -------| proxy |------ the Internet
^^^^^^^^^
In order to have a proxy system, you have to have a "multi-homed
host" (a system with two interfaces in it).
In this case you've specified that you want to have two ethernet
cards. So, first you install those. Be sure to set their IRQ's and
I/O base address settings to non-conflicting values. The exact
process varies greatly from one card to another. With the 3c5x9 and
3c900 cards you use a program to set them (3C5X9CFG.EXE under
MS-DOS, or the appropriate utility that was written for Linux --- I
found a copy at the VAResearch ftp site: ftp.varesearch.com under a
relatively obvious name).
Let's say that you have one of them set to IRQ 10, I/O 300 and the
other set to IRQ 11, I/O 330 (make sure that these don't conflict
with any SCSI, sound or other cards that you have installed).
Typically you'll also want to disable any "Plug & Play" support on
your motherboard since these features may change the settings on
your ethernet card while you boot, causing you no end of
consternation later.
You'll also have to make sure that the appropriate driver is linked
into your kernel, or that you've built the appropriate modules.
It is also common for the Linux kernel to require that you provide
it with a hint that there are multiple ethernet cards to
initialize. You just provide the kernel with a boot parameter (read
the 'bootparam(7)' man page and/or the "Boot Parameter HOWTO" for
details). The HOWTO has an example at:
http://metalab.unc.edu/LDP/HOWTO/BootPrompt-HOWTO-7.html#ss7.1
... showing the command case using:
ether=0,0,ether1
... (no spaces --- and don't change the case of any letters).
This option is passed to the kernel by typing it in at the LILO
boot prompt, or adding an append directive to your /etc/lilo.conf
like:
append="ether=0,0,ether1"
...(the double quotes are required).
This option forces the kernel to look for a second ethernet adapter
(the first ethernet adapter is labelled as 'ether0' and will
normally be detected automatically). The 0,0 forces it to search
for the IRQ and I/O base addresses automatically. If that's not
successful, or you want to be conservative, you can just provide
the information manually.
This is extensively documented in the "Ethernet HOWTO" at:
http://metalab.unc.edu/LDP/HOWTO/Ethernet-HOWTO-10.html#ss10.1
You should see boot time message indicated that the ethernet cards
have been found. You can use the 'dmesg' command to review those
after the system is finished booting and you've logged in.
The last step in the hardware/driver layer is to issue 'ifconfig'
command for each of these interfaces.
Let's say your ISP router (cable modem, ISDN or DSL gizmo,
whatever) is using address 172.17.100.1 on your ethernet (that's a
private net address from RFC1918 --- but let's pretend is was your
real address).
Let's fill in our diagram a bit more:
_________ __________
192.168.1.x -------| proxy |------| router | -- Internet
^^^^^^^^^ ^^^^^^^^^^
eth0 eth1 ^-------- 172.17.100.1
192.168.1.1 172.17.100.2
Here we see a private network (all of 192.168.1.*), our proxy
servier with two ethernet interfaces, with eth0 on our "inside LAN"
(taking up the conventional .1 address for a router --- it is the
router to the outside/perimeter segment. eth1 is the proxy host's
interface on the "perimeter" or "exposed" segment (outside of our
LAN).
There is a small perimeter segment in this case. In many
organizations it will be populated with web servers, DNS and mail
servers and other systems that are intended to be publicly visible.
Obviously each of the systems that are shown on this segment (the
proxy and the router) need their own IP address. I've assigned
172...2 to the proxy since I said that 172...1 was the border
router's inside address. The border router would also have some
sort of link (usually a point-to-point (PPP) link over a modem,
ISDN, frame relay FRAD, CSU/DSU codec, DSL ATM or other device ---
the telephony is not my specialty they hand me a "black box" and I
plug the wires into the little tabs where they fit).
For our example we don't care what the IP addresses over the PPP
link are. all we care about is that our ISP gets packets to and
from the 172...* network or subnet. They have to have routes to us.
This example will work with any subnet mask --- we'll assume that
we have a whole class C range, from 172.17.100.1 through
172.17.100.254 for simplicity's sake (read all about subnetting and
proxyarp for gory details on those scenarios).
So, on our Linux proxy server we use the following commands to
configure our interfaces:
ifconfig eth0 192.168.1.1 netmask 255.255.255.0
ifconfig eth1 172.17.100.2 netmask 255.255.255.0
... we could leave the netmask option off the first command since
it will default to this mask due to the address class. With most
modern ISP's we'll have to use some other netmask for the second
case --- unless we're paying for a whole Class C block. We might
need to anyway (our ISP might have a Class B address block and be
subnetting it into Class C chunks). We'll just assume that we need
it on both of them.
We can optionally specify the broadcast addresses for these ---
however it shouldn't be necessary if we're following normal
conventions. It will default to the last valid number in the
address range (192.168.1.255 for the first case and 172.17.100.255
in the other).
* (If we'd had a netmask of 255.255.255.240 in the first case then
our broadcast address would be 172.17.100.15, if our addresses had
been 172...33 and 172...34 with that netmask our broadcast would
have been 172...47 --- again these are just examples; the
explanation is a bit involved.)
So we have IP addresses on each interface. Now we need routes. In
the newer 2.1.x kernels (and presumably in the 2.2 kernels and
later) the 'ifconfig' operation automatically results in an
addition to the routing table. This is more like the way Solaris
works. Under earlier kernels you have to add routes with commands
like:
route add -net 192.168.1.0 eth0
route add -net 172.17.100.0 eth1
... this defines routes to the two local segments (one on the
inside, and one on the outside). Again, newer kernels may not
require this entry.
Now, for our proxy to reach the Internet we'll have to set a
"default route" like:
route add default gw 172.17.100.1
If we have other networks that must be accessed through our LAN
(something like a 10.*.*.* network in the back office or for our
server room) we may also want to add other "static" routes to this
list. Let's say that 192.168.1.17 was a router between our desktop
LAN and our 10-net server segment. We'd add a command like:
route add 10.0.0.0 gw 192.168.1.17
Notice that we are not forwarding packets between our interior LAN
and the outside world. If we did the routers on the Internet will
not have any valid routes back to us (that's what these 192.168.*.*
and 10.*.*.* addresses are all about. Read RFC 1918 for details on
that). 172.16.*.* through 172.31.*.* addresses (16 Class B blocks)
are also reserved for this use --- but we're "pretending" that
172.17.100.* is a "real address" for these examples.
So now we need to enable our interior systems to access the outside
world. We can use IP Masquerading and/or proxying to accomplish
this. Masquerading is a bit easier than proxying under Linux since
the support is compiled into most kernels.
Masquerading is a process by which we make a group of systems (our
internal clients) look like one very busy system (our proxy). We do
this by re-writing the "source" addresses on each package as we
route it --- and by patching the TCP port numbers.
TCP "port" numbers allow a host to determine which process on a
system is to receive a given packet. This is why two users on one
system can telnet to another system without there being ambiguity.
Using masquerading all of the connections that are being handled at
any given modem essentially look like "processes" or "sockets" on
the proxy server.
Thus IP masquerading is "network layer proxying."
Do do this under Linux 2.0.x and earlier (back to the 1.3.x series)
we could simply use a command like:
ipfwadm -F -m -a accept -S 192.168.0.0/16 -D 0.0.0.0/0
... which adds (-a) a masquerading (-m) rule to accept packets from
any source address matching 192.168.*.* (16 bits of the address are
the "network part" --- that's equivalent to a netmask of
255.255.0.0) and whose destination is "anywhere." This rule must be
added to the "forwarding" (-F) set of packet filters.
The Linux 2.0.x IP packet filtering subsystem (kernel features)
maintain four sets of rules (tables): Accounting, Input,
Forwarding, Output
... we only care about the "forwarding" rule in this case.
With all recent Linux kernels we also have to issue a command like:
echo 1 > /proc/sys/net/ipv4/ip_forward
... to enable the kernel's forwarding code. These kernels default
to ignoring packets that aren't destined to them for security
reasons (this and a TCP/IP "option" called "source routing" have
been used to trick systems into providing inappropriate access to
systems --- so it is better for systems to leave these features
disabled by default). Older versions of Unix and Linux were more
"promiscuous" -- they would forward any packet that "landed on
them" so long as the could find a valid route.
Lastly we'd just configure our client systems with IP addresses in
the range 192.168.1.2 through 192...254 and cofigure them to treat
192.168.1 as their default route. Packets will get to the proxy
from any of these, be re-written to look like they came from some
socket on the 172...2 interface and forwarded out to the Internet.
Returning packets will come in on the socket which will provide the
kernel with an index into a table that stores the 192.168.*.* owner
of this connection, and the return packet will be re-written and
forwarded accordingly (back into the internal network).
That's how masquerading works.
Applications layer proxying is actually a bit easier than this. You
install packages like SOCKS, Delegate, the FWTK (firewall toolkit),
and a Squid or Apache caching web server unto the proxy system.
These listen for connections on the inside interface (192.168.1.1).
Proxy aware software (or users) on the internal system direct their
connections to the proxy server (on port 1080 for SOCKS and
Delegate) and then relay the real destination address and service
to the proxy server. The proxy server, in turn, opens up its own
connection to the intended server, makes the requests (according to
the type of service requested, and relays the information back to
the client).
In addition to the basically relaying a good proxy server can
provide caching (some multiple requests for the same static
resource are handled locally --- saving time and conserving
bandwidthy), additional logging (so big brother can tell who's been
bad), and can enforce various access control policies (no FTP to
popular mirror sites in the middle of the day, all users must be
Kerberos authenticated in order to access the Internet, whatever).
The main disadvantage to applications layer proxying is that the
proxy clients must be "socksified" or proxy aware. Either that, or
with some of them (FWTK and optionally DeleGate) the user of a
normal client (such as FTP) can manually connect to the proxy
server and use some special command (login sequence) to provide the
proxy with the information about the real destination and
user/account info. (Almost needless to say that a compromised proxy
host is a great place to put password grabbing trojan horses!)
However, one of the major advantages of the proxy system is that it
can support strange protocols --- like "active FTP" which involves
two co-ordinated IP connections, one outbound control connection
and one inbound data channel. There are other protocols that
connection pass information "in band" and make masquerading more
difficult and sometimes unreliable.
It's possible to use both, even concurrently with just one host
acting in both roles.
So far my favorite applications proxy package is "DeleGate" by
Yutaka Sato, of the Electrotechnical Laboratory (ETL) in Japan. You
can find it at:
http://wall.etl.go.jp/delegate
... it's easy to compile and configure and it's available under a
very liberal license (very BSD'ish but less wordy).
DeleGate can be used as a SOCKS compatible server (i.e. SOCKSified
client software will work with DeleGate); and it can be "manually
operated" as well.
My only complaint about DeleGate is that the English documentation
can be a bit sparse (and my paltry studies of Japanese are nowhere
near the task of reading the native docs).
The easiest way to install SOCKS clients on your Linux systems is
to just grab the RPM's from any Red Hat "contrib" mirror. That's
also the easiest way to install a SOCKS server.
To configure the clients for use with the SOCKS5 libraries you have
to create a file, /etc/libsocks5.conf, to contain something like:
socks5 - - - - 192.168.1.1
noproxy - 192.168.1. -
... note that the "noproxy" line ends with a "." to specify that
this apples to the whole 192.168.1.* address range.
configuring the socks server you need to create a file,
/etc/socks5.conf and put it at least something like:
route 192.168.1. - eth1
permit - - - - - -
... and you might have to change that inferface for our example (I
don't remember but I think it's "destination addresses and target
interface).
Naturally the docs on these are abysmal. However, I did eventually
get this setup working when I last tried it.
____________________________________________________
(?) PostScript to GIF
From Jamie Orzechowski on Fri, 05 Jun 1998
(?) Hi There .. I am trying to convert a .PS to .GIF .... no luck so
far ... I got the progrma ppmtogif but it WILL NOT compile ... can;t
get it working at all ... I was wondering if you had the binary to
ppmtogif (linux redhat) or know where I can get a source distribution
that will compile ... or any other program that will convert ps to gif
... thanks!
(!) You could use the pstogif perl script by Nikos Drakos of Leeds
University. It apparently accompanies the LaTeX2HTML package.
I discovered that by simply switching to a shell prompt and typing
"ps{TAB}{TAB}" and looking that the list of utilities that bash'
command completion offered me. Then I look for a man page and then
just looked that the file itself.
Running the 'rpm -qf' command to see which package included this
'pstogif' file I found that it came with "l2h-96.1.h-5.rpm" on the
'Canopus' and with "xemacs-19.15p2-2.rpm" on 'Antares' (A couple of
my machines here).
There are a dizzying array of pbm, ppm, and pgm conversion filters.
The three formats seem to be very similar (for "portable bitmap,"
"portable pixmap," and "portable graymap" respectively). So, like
you, my first thought would have been to use one of them.
In all honesty I avoid graphics files as much as possible so I
don't have an easy answer to this.
(Incidentally this is an old message. I'm trying to clear out my
old drafts folder by the end of the year).
____________________________________________________
(?) troubleshooting
From Matthew Easton on Wed, 06 May 1998
(?) One thing I notice as I try to learn more about Linux, is that
much of the information I come across is very specific to a particular
situation or a particular piece of software. I'd like to get away from
the 'step by step instructions for software x' and construct a "bag of
tricks" that will allow me to solve problems myself.
To explain: In my job I troubleshoot Macintosh hardware and software.
If you had a problem with a Mac I could tell you some things to check
and several procedures to try-- and even if I was unfamiliar with the
particular application that was failing you, chances are pretty good
that things would be functioning in the end.
(!) That is why we have professional technical support, system
administration, help desk, repair technicians etc.
The issue is similar for a number of trades and professions.
Even the Mac for all its vaunted "easy of use" and consistency
really requires a significant acculturation to a large number of
assumptions. I know this from very recent first hand experience
since I gave my mother her very first computer earlier this year
--- it was a Mac Performa.
(?) Granted the user interface is greatly simplified under Macintosh
compared to Linux, but are there any general principles or things to
look for, or standard procedures for troubleshooting software under
Linux, or tools?
(!) The simplicity of Macs and Windows can largely be summed up as:
If you don't see a menu option, button or dialog for it --- you
probably can't do it.
(I realize this is a bit of an over simplication --- there are
whole books of Mac and Windows "tricks" that are slowly gleaned
over time).
These system make a reasonable subset of their functionality
available on their face (through full-screen menu driven user
interfaces). That whole issue of "icons" and "GUI's" is completely
a red herring since they really are just menus under all the hype.
I have a friend who said that the easiest system she'd ever worked
on was an AS/400 (running OS/400 naturally enough). She described
(even showed me, once) the interface and it did sound pretty handy.
Unix is usually described as a "toolbox." The analogy is
reasonable. If I handed you a real box full of hammers,
screwdrivers, nail guns, pliers, drills, saws, wrenches sockets,
and similar physical tools it wouldn't help you build or rewire
your house, fix your car or anything --- until you learned the
appropriate construction and mechanical trades that use these
tools.
Similarly we find that some programmers under Unix can be just as
confused and incapacitated when faced with system or technical
administrative issues as an auto mechanic might be when faced with
a plumbing problem. Naturally a plumber or mechanic is more likely
to successfully take on other "handyperson" repairs than someone
with no related experience.
Another way of thinking about these OS' is in terms of culture and
language. Natural language (including idiom) is entwined with many
cultural assumptions. Unix/Linux conventions can be seen as a
"language" for expressing demands of your computer (via the shell,
through myriad configuration files, even in the Motif, KDE,
OpenLook and other GUI's that we encounter).
The advantage of this "linguistic" point of view is that it
approaches the level of complexity of a Unix system. When I was an
electrician I doubt I encountered more than two hundred different
tools, and probably less than two thousand different components
(connectors, fittings, brackets, etc). (Thousands of sizes and
minor differences --- but not different in terms of usage
semantics).
On this Linux box if I switch to a bash shell prompt and double tap
on the "Tab" key on a blank line (forcing it to try command
completion) it warns me that I have over 2300 commands available to
me. Many of these are full programming languages or environments
like awk, perl, and emacs (elisp). Similarly I once determined that
my copy of emacs (or was it xemacs) had about 1500 interactively
accessible functions built into it. (If I installed the emacs
'calc' (a large mathematics package) that would probably double.
So there's quite a bit of depth and breadth available.
(?) For example: How do I deal with a segmentation fault? Or, if an
application installs broken and reinstalling the RPM package still
does not work, is there a way to get Linux to tell me what is missing
or corrupted? And what can I do about a program that (under X windows)
briefly appears and then dies without error messages?
(!) In many cases these can be tracked down using 'strace' (the
system call tracer).
Any segmentation fault is a bug in the program (or corruption in
its binaries or libraries). Robust programs should handle bad data,
corrupted configuration files, etc, gracefully.
Packages that fail to operate as expected might be buggy, or they
migh have inadequate documentation. I personally like to see
programs that have some sort of "diagnostics" or "check option" to
help me track down problems with them.
('sendmail' and 'named' are notable culprits in this case).
(?) Thanks for any clarification on these or any other mysteries. . .
Matt Easton
(!) That will take an entire book.
(Incidentally I found this message languishing in an old drafts
folder and decided to finish it up and send it off. I really wanted
to say much more on this topic --- but I decided to write a book
instead.
____________________________________________________
(?) More on: "Remote Login as root"
From Eric Freden on Fri, 04 Dec 1998
(?) Here is a legitimate use for remote login as root:
My kid plays some svga game on my console and locks the keyboard (for
instance). I want to telnet in and /sbin/shutdown -r now
(!) Actually you can often recover from this without a shutdown.
But its a trick. Eventually we might have something like KGI/GGI to
provide more robust SVGAlib support.
(The trick is to start X from your telnet/terminal session. This
usually does a complete video system reset as a side effect.
WARNING!: This might hang the system --- so close any running text
mode apps, save any accessible documents and issue a few calls to
'sync' before trying it).
(?) For RedHat 5.0 (and all other RedHat versions I've used) only root
can do this. Changing to su and executing shutdown won't reboot!
Perhaps you could find a workaraound for this scenario?
Eric Freden
(!) If that's your experience then something is wrong with your
'su' command!
Did you issue 'su -' (the dash is pretty important --- as it forces
the 'su' command to run your .login/.profile scripts and initialize
root environment (and shell variables, etc).
Another approach is to tweak the permissions on 'shutdown' Here's
the recommended method:
Create a group such as "shutdown" or use the "wheel" group.
Add your regular user account (and mom's?) to that group.
Issue a command like:
chown root.$GROUP $(which shutdown)
... to set the file group association appropriately. You could also
use 'chown' then 'chgrp' seperately, of course.
Make it SUID with a command like:
chgrp 4550 $(which shutdown)
N.B. I set the execute bit for owner and group but not for
"other/world"
This allows people in the associated group to issue the 'shutdown'
command. That command will run with root' privileges. The 0
permissions for "other" prevent "others" from executing this
command at all. (Other users have no valid reason to issue a
shutdown command).
Setting binaries to be SUID always has implications for system
security. However, it is one of the primary forms of authority
delegation available in Unix/Linux.
In this case we minimize the risk by limiting the number of
accounts that can access the command.
This technique is generally useful and should be considered for all
Unix/Linux SUID commands.
____________________________________________________
(?) Kudos
From Gray, Robert C on Fri, 04 Dec 1998
(?) Answer Guy I have been reading your column in the Linux Gazette
for four months (I've also gone to the archives and read several past
articles). I am very new to Linux, I installed Redhat 5.0 in July '98'
and built a new Kernel on 2.0.34 after that. In any one column that
you have written I find more information than I can possibly absorb.
Though I can't give a specific example the information you provide has
helped me through some small problems and increased my knowledge of
how Linux works by an unbelievable amount. Despite the fact I
generally suffer from information overload before I finish your column
or the Gazette THANK YOU and the Gazette for that information and
please keep it up.
Robert Gray
Novice Linux user.
"The word bipartisan usually means some larger-than-usual deception is
being carried out" George Carlin
(!) Thanks for the kudos and encouragement.
I like the .sig quote.
____________________________________________________
(?) Linux Support for Intel Pentium II Xeon CPU's and Chipsets
From mpasadas on Fri, 04 Dec 1998
(?) Hello!
I have a little technical question, because revising the information
about the subject it is not clear at all if the several versions of
Linux disponible at this moment can run without problems on the very
new Pentium II Xeon microprocessor of Intel.
If you have the answer to this question, please send it to me via
e-mail, at the following address [snipped for privacy]
(!) VA Research (http://www.varesearch.com), a fairly well-known
Linux friendly hardware vendor, offers Xeon based systems with
Linux pre-installed. PenguinComputing
(http://www.penguincomputing.com) also offers quad and dual Xeon
based Linux systems and I'm sure other HW vendors do as well.
(Disclaimer, the principles of VA Research and PenguinComputing are
friends of mine --- though I get no compensation for mentioning
them. Darn!).
If I recall correctly VA Research demonstrated a 4-way SMP Xeon
system "The Future of Linux" meeting that was jointly sponsored and
organized by SVLUG (http://www.svlug.org) and Taos Mountain
(http://www.taos.com) last summer.
That event was reviewed in LG:
http://www.linuxgazette.com/issue31/roelofs.html
So, I don't know of any problem with this, and a quick
Yahoo!/AltaVista search didn't reveal any problems either.
____________________________________________________
(?) Linux Friendly ISP's: SF Bay Area
From Cdoutri on Fri, 04 Dec 1998
(?) Hi,
I'm looking for some Internet Service Providers in San Francisco that
would have a connection software working under Linux, can you help me
with that ?
Many thanks, C.
(!) Many ISP's are "Linux" and "Unix" friendly. I personally have
accounts with a2i (http://www.rahul.net) and Idiom
(http://www.idiom.com run by David Muir Sharnoff).
I also know people at Best (http://www.best.com).
a2i uses Solaris, the other two use FreeBSD. However, all are
friendly to Linux users.
This is one nice thing about the Silicon Valley and SF Bay areas
--- they are such strongholds of Unix that most of the local
businesses and techies speak the same language. I hear that life it
somewhat harder in other parts of the country. Many ISP's that run
Unix or Linux on their own servers (over 70% run some form of Unix
on most of their customer server systems) will refuse to support
its use by the customers.
The only reasonable response to that is "vote with your feet."
There are plenty of ISP's out there, pick one that meets your needs
rather than dictates your software choices.
The whole point to standardized protocols (particularly networking
protocols) is to allow customers and users choice (FREEDOM) in
selecting their clients and their servers. That's what the
client/server paradigm is all about!
The best resource I ever found for comparison shopping of ISP's is
at:
http://thelist.iworld.com
... (which I guess used to be run by Boardwatch Magazine, which is
now owned by Mecklermedia).
Oddly enough a2i Communications (operated by Rahul Dhesi) is not on
this list.
Hope that helps.
____________________________________________________
(?) Eight Character login Name Limit
From CHOSICA on Fri, 04 Dec 1998
(?) My name is Felix. I am new using linux. I just saw your web pages
after making a search on altavista. I have set up my mail server on
Linux 2.0.29 and I am only able to create accounts with a maximun of 8
character. I was trying to create an account call webmaster@myname.com
and it does not make it . The server only creates accounts with 8
character or less than 8 characters. Do you know a way to increase the
characters, so I can create account with 9 or 10 characters. There
should be a way I do not know how? If you can help me I would really
appreciate. Thanks in advance.
Felix
(!) This is a common limitation in many versions of Unix. It is
determined by the libraries (primarily 'libc' the set of libraries
that are compiled into virtually all Unix programs).
Using glibc 2.x (a.k.a. Linux libc 6) it is possible to create
longer login names (up to 31 characters). So, you could just
install a newer copy of Red Hat, Mandrake, Debian or any other
glibc based Linux distribution.
However, you should consider the issue carefully before using this
feature. You'll want to ensure that all of your binaries are able
to cope with the longer login names. Also if there's any chance
that you'll want or have to share account information across
multiple versions of Unix it's a bad idea to take this chance. (I
think that newer versions of Solaris and HP-UX support longer login
names as well. I don't know about AIX, SCO ODT, or any others).
I'd suggest using the name: 'webman' or 'www' for your "webmaster"
or "web manager" account. You can easily configure your mail system
to route mail addressed to "webmaster" to 'webman' (just us an
aliase) and you can even configure your 'sendmail' to re-write
outgoing mail from 'webman' such that it appears to come from
"webmaster" (that would be in the generics, virtuser, or userdb
FEATURES() in your sendmail .mc file).
So, if the only reason you want the long name is for e-mail
addressing --- just use a short name and let the MTA (mail
transport agent) do the work.
____________________________________________________
(?) Locked Out of His Mailserver
From Henry A. Lee on Fri, 04 Dec 1998
(?) I am having trouble logging into my Linux mailserver, as any of my
users or as ROOT. All passwords are incorrect. I had to bring all my
users up on WinNT / Exchange box yesterday to get the email rolling
again. Do you know of ANY way to hack the box?
I have about 15 hours of mail that I need to get off the box, and
without being able to login, I can't forward it to the new server.
I can't login at the server itself, can't telnet into it, but I can
FTP SOME files from it and can maybe get some files back to it.
Looking at the PASSWD and PASSWD- files in a text editor, seem fine.
Any suggestions would be immensely appreciated.
Thanks for your time,
Henry
(!) I don't know what's caused your inability to log in. It sounds
like your /etc/passwd file might have been converted to shadow
format ('pwconv' or similar utility) while your authenticating
utilities and services aren't shadow capable. However that is only
one of several possibilities (the passwd file could be corrupt,
it's permissions could be wrong, you might have missing or corrupt
PAM modules, etc).
[ I've seen corrupted shadow-passwd files prevent logins before; in
both cases, there was the wrong number of colons (:) on a line, and
everyone after that couldn't get in. If you managed to break the
first line, that would prevent root getting in. -- Heather ]
As for fixing the problem or "hacking the box" as you put it. If
you have physical access to the system it is trivial to "hack into"
it. Normally this can be done by using the [Ctrl]+[Alt]+[Del] (PC
"nerve pinch" or "three finger salute"), to reboot the system (most
Linux systems have an entry in their /etc/inittab that looks
something like:
# what to do when CTRL-ALT-DEL is pressed
ca::ctrlaltdel:/sbin/shutdown -r -t 4 now
... which allows the 'init' process (the grandfather of all
processes) to respond to this console event.
Failing that you can wait for a bit while there is minimal disk
activity and reset or power cycle the system.
As you reboot you wait until the LILO boot load prompt is display
and type in a command like:
linux init=/bin/sh
... (assuming that you have a boot stanza named "linux" --- hit the
[Tab] key at that prompt for a list of those).
This passes a parameter to the kernel which forces it to use an
alternative to the 'init' program (a copy of the shell in this
case). From there you might need to mount the /usr filesystem
(assuming that the system follows professional conventions rather
than common Linux installation defaults). Then you can issue the
'/usr/bin/passwd' command to set a new root password.
If that doesn't solve the problem you can edit the passwd file. if
necessary remove everything but the entry for root --- don't put
any comments or blank lines in this file! (Obviously you should
save a copy if you're going to try that).
If that still doesn't work, and if there are no clues in your logs
(look at /var/log/messages for hints), then you have some other
troubleshooting to do.
At that point it might be best to just call a consultant for some
voice support. You don't provide enough information for me to
explain the next troubleshooting without writing a whole book (and
I'm already working on one).
I can do phone support or you can look for anyone in the
Consultants HOWTO. (Considering that you have data on this system
that you don't want to lose, and that it sounds like you don't have
any backups, I wouldn't suggest too much experimentation and
learning curve climbing while trying to recover from this
situation).
If you have another Linux or Unix system anywhere else on your
network --- one with 'sendmail' properly installed (assuming that
the affected system was also running 'sendmail') it's possible to
copy all of the files from /var/spool/mqueue to some arbitrary
directory on the working system (from the ailing one, obviously).
Then you can run a command like:
/usr/lib/sendmail -v -q -O QueueDirectory=/tmp/q
... to tell sendmail to verbosely (-v) make a processing pass
through the queue (-q) with the option (-O) to over-ride the
QueueDirectory set to some place like /tmp/q (or where ever you
ftp'd those df and qf files to).
As for the user mail that's already been delivered to "mbox" files
under /var/spool/mail, you can copy those to another system and
append them to file under the /var/spool/mail on the new system. To
avoid possible corruption you'd want to disable the sendmail and
popd (etc) processing on the new system before trying this.
The easiest way to do that is to shut the system down to single
user mode after you've copied (ftp'd) all of the mbox files (inbox
folders) to the system.
Naturally you'll need to create user accounts that correspond to
each of these users from the old system, and you'll need to ensure
that the ownership and permissions of each mbox file are set
properly.
There are other ways to do this. However they depend on the
situation and/or involve some more complicated command lines then
I'd want you to try without a thorough understanding of how they
work.
In the 'procmail' man pages there is an example of a script to
"postprocess" an mbox. It would be possible to use something like
that to "break apart" each mbox file and resend it to the original
recipient.
If your users were using MH, 'elm' or 'pine' (or most any
Unix/Linux mail reading package) they could copy an mbox file to
any convenient place and either treat it as a folder ('elm -f') or
"incorporate" it into their MH folders using the 'inc' command.
These users should either know how to do that, or read the man
pages for their favorite mail user agent for details.
If you do hire a consultant, look for one that will provide you
with some good tutorial/mentorship on Linux and consider having him
or her help you prepare a comprehensive "Recovery Plan and Disaster
Procedures" package. This will be vital to your company's IS/IT
regardless of what OS or platform you choose for your future needs.
My phone number can be found on my web pages:
Starshine Technical Services
http://www.starshine.org
... I normally don't advertise my consulting services in this
column, and I don't plan to do so often. However, there are
situations where the most prudent advice I can give is: "Call
someone to walk you through this."
As I say, you are encouraged to find a Linux consultant that is
local to you. Look in the Consultant's HOWTO at:
http://metalab.unc.edu/LDP/HOWTO/Consultants-HOWTO.html
... You can also find a wealth of help at any Linux Users Group
(LUG) and there are a couple of "Lists of LUG's" that I've listed
in previous columns. There's even a Users Group HOWTO at:
http://metalab.unc.edu/LDP/HOWTO/User-Group-HOWTO.html
... which includes links to the three biggest lists of LUG's.
I wish I could say: "Look for the union label" when considering
entrusting your system's integrity to a consultant or volunteer.
However, there is no widely recognized certification for sysadmin's
yet. There isn't even a "better business bureau" of sysadmins
and/or consultants. As a member of SAGE (the SysAdmin's Guild) I'm
involved in an ongoing effort to provide some such process. However
it's a contentious issues, and Unix sysadmins are a contentious
lot(*). I'll be continuing this work while I'm in Boston next week
at the annual LISA conference.
* (Certainly your chances of getting a competent and experienced
sysadmin are better if you find someone who went to the effort to
join SAGE, or at least has cogent reasons for not doing so; and
they are drastically diminished if you're talking about someone
who's never heard of USENIX or SAGE).
Good luck.
____________________________________________________
(?) Changing the X Server's Default Color Depth
From Peter Waltman on Wed, 02 Dec 1998
(?) I'm using redhat v.5.1 and have just installed it, so I have not
made too many modifications yet. The default window manager rh 5.1
uses is fvwm2. I have been trying to figure out how to configure these
window managers (fvwm and fvwm2) for some time now, when I realized I
guess that rh 5.1 is using FvwmM4 to parse the rc files. I've looked
through those, as well as the FvwmM4 man page to figure out how to
change the color depth. I think it has to do with the Color PANEL
setting or the RGB_PIXELS setting, but I'm not sure where or how to
set it. In the XF86Config file? One of the of the fvwm2rc.* files
provided by rh?. The FvwmM4 man page says that you can define these
settings, but have I tried to do this without much success. Any help
or links to info on how to modify rh window manager would be GREATLY
appreciated.
(!) Window Managers have nothing to do with setting your X server's
color depth. A window manager is an X client --- it talks to the
server. By the time any clients are being loaded and issuing X
protocol requests of the server (to draw windows on your display,
or recieve mouse and keyboard events, for example) it is too late
to change the color depth.
You are correct regarding M4. Some window managers use 'cpp' or
'm4' (macro preprocessor utilitiies) to expand your configuration
files into their internal configuration language.
I pointed out in my other response that you can change this setting
in your XF86Config file. In my discussion of modifying the xdm
Xservers file I forgot to mention that any error can cause your
system to appear hung. (You might have to log in via telnet or a
serial terminal to kill the X server if you make a syntactical
mistake in that file).
As for broader advice on X Windows configuration, read the XFree86
FAQ (as I listed in my other response) and browse through some
resources that are devoted to X. Some very extensive link lists are
at:
Kenton Lee's:
Technical X Window System and Motif WWW Sites
http://www.rahul.net/kenton/xsites.html
... and one of my favorites listed there is:
Brandon Harris':
X: End of Story
http://www.gaijin.com/X
____________________________
(?) Changing color depth for xdm?
From Peter Waltman on Wed, 02 Dec 1998
(?) I just checked out the 2 cent tips, which have a page describing
how to change and set up multiple x servers for differing color
depths. the only thing is that this describes how to change the startx
script, whereas I am using xdm when I boot up. I don't think modifying
the strartx script would have any effect for xdm. Am I wrong in this?
If not, how/what would I modify to change the color depth for xdm?
(!) Add the following entry to the active "Screen" section of your
XF86Config file:
DefaultColorDepth XX
... where XX is the desired depth (8, 16, 24, or 32).
Another way to do this is to edit the
'/usr/X11R6/lib/X11/xdm/Xservers' file and add the -bpp parameter
to the :0 (and possibly any :1 and other similar lines) therein.
xdm reads the 'Xservers' file to find the command line with which
it can invoke an X server. There should a a line something like:
:0 local /usr/X11R6/bin/X :0 vt07 -quiet
... in there. You can change that to something like:
:0 local /usr/X11R6/bin/X :0 vt07 -quiet -bpp 16
(?) again, thank you very much
Peter Waltman
(!) That should do the trick. Oddly enough this is not in the FAQ
at http://www.XFree86.org, though I've copied the maintainer of
that document since I've seen the question several times.
Hopefully he'll add it. Meanwhile, remember to check in the XFree86
FAQ for questions about that package.
____________________________________________________
(?) NumLock and X Problems
From Alan Shutko on Thu, 26 Nov 1998
More Expansions and Corrections:
(?) Re Victor J. McCoy message on 11 Oct 1998, here's a possible
explanation.
It seems that Victor is using an X button to start up PPP. And the
button (and lots of other things) don't work when the numlock key is
on. That's because somewhere along the line (X11R6 I think), the
handling of numlock changed from a server-handled thing to acting as a
modifier.
Many programs which don't handle this new modifier will fail to
display menus, let buttons work, etc, when numlock is on. Certain key
bindings won't work. The solution is to turn off numlock. If that
doesn't work, it's a different problem.
Alan Shutko
(!) I'll let this speak for itself. Maybe the new XFree86 3.3.3
fixes this.
____________________________________________________
(?) Expansion on NE-2000 Cards: Some PCI models "okay"
From Kenneth.Scharf on Thu, 26 Nov 1998
(?) In general your answer is correct. There are however a breed of
PCI ne-2000 cards based on the Real-Tek chip that do work fine under
Linux. I bought two of these cards for less that $15. They came with
drivers for Windows (3.1, 95), os2, even sco unix. I tried to get
these cards to work under windows 95 and failed! Both and early
version on win95, and osr2B failed to work with these cards. The Linux
ne2k driver (both the old isa driver and the new pci specific driver)
work very well with these cards and required no special parameters.
They autodetected just fine. I did have to re-set the bios in my
computer to perform a fresh pnp cycle in order to get the interrupts
correct, but after a single re-boot all was well forever. My computer
is a K6-233 on an Intel TX (triton2) chipset based motherboard (made
by AZZA).
I agree that there are much better ethernet cards than these Real-Tek
ne2000 el-cheapos, but they work fine in my home lan with one linux
machine and two windows machines. (the windows machines have 3c509 isa
cards in them). The network is thin-net coax, and is used to share the
internet connection with the modem on the linux machine. It will also
provide shared printer service and file backup.
(!) It sounds like damning with faint praise here. I wish the DEC
Tulip chipset was staying in production --- since the $29(US)
Netgear cards using those are rock solid 10/100Mbps PCI adapters.
They are my favorite and I only have a couple left unopened.
The newer Netgear cards (same model) seem to be "okay" as well
(actually much better than these Real-Teks that you're talking
bout).
[ What I miss about those marvelous DEC Tulip chips is that the
drivers just plain work - both in Linux, and in Windows... because
there is only one MS Windows driver for them! With some other "plug
and play" cards there are several drivers available, and if you
pick the wrong one, your net is flaky or worse. But, enough said
about Brand X for now. -- Heather ]
____________________________________________________
(?) Finding info on MySqL?
From Minh La on Thu, 26 Nov 1998
(?) Where can I get more info on MySqL? Thanks.
(!) I guess the publisher is from Sweden:
MySQL by T.c.X. DataKonsultAB
http://www.tcx.se
____________________________________________________
(?) Spying: (AOL Instant Messenger or ICQ): No Joy!
From ONeillDD on Thu, 26 Nov 1998
(?) hey I really need to know if you could tell me how I could go
about reading instant messages from and by other people. If you know
what I mean some people call it spying. This is very important so if
you please contact me A.S.A.P.
THANK YOU
(!) I presume this question was about AOL or ICQ messaging. I know
nothing about these protocols though I suspect that a straight
network sniffer strategic place on some multiple access medium
(ethernet) between the person on whom you are trying to spy would
do the trick.
Sorry to take so long on the response. I've been pretty busy so
Turkey Day has been my first chance to really clean out my inbox in
a few months.
____________________________________________________
(?) Fraser Valley LUG's Monitor DB
From Ruth Milne on Thu, 26 Nov 1998
This is more of a "2-cent Tips" entry but here's a reader comment:
(?) The Fraser Valley LUG at http://www.netmaster.ca/LUG have a
monitor database that accepts a monitor make and model and spits out a
working descriptor text for X setup.
Dave Stevens
____________________________________________________
(?) ext2fs "Undeletable" Attribute
From J.S. Moore on Wed, 26 Aug 1998
(An old AG that I never answered)
(?) Hello.
The manpages indicate that a file with the u option set is
undeleteable, but it doesn't say how.
Any ideas? J.S. Moore
(!) I think this bit was reserved for future use and that it
would/will require a userspace program (or use of an API by
programs like 'mc' and other file managers) to actually browse and
recover "deleted" files.
I think the current feeling in the development community is to
implement a new filesystem or some new extensions to ext2 that
would allow full versioning support. However, I don't know the real
skinny on it.
____________________________________________________
(?) How to Install Linux on an RS6000?
From ESPEJEL GOMEZ ERIKA PAOLA on Thu, 26 Nov 1998
(?) My question is How install linux in a workstation (RS6000)? Thank
you for your help.
(!) Newer RS/6000's are built around PowerPC CPU's. I've heard of
some people running LinuxPPC and MkLinux on some RS/6000 systems,
but I'm not sure that there's enough support (device drivers, etc)
to make this more than a curiosity.
The place to start looking for answers to these questions would be
at the LinuxPPC and MkLinux web sites:
LinuxPPC: Linux for PowerPC Systems
http://www.linuxppc.org
MkLinux: Mach Microkernel with a Linux Server/Personality
http://www.mklinux.apple.com
... There's recently been alot more activity on the Linux-PPC
mailing lists so I know that active development is going on. In
fact they have recently released BootX which is a package for MacOS
that allows one to boot LinuxPPC without adjusting the OpenFirmware
settings on your system. This is akin to LOADLIN.EXE for MS-DOS,
but more important since Apple and the MacOS clone manufacturers
didn't quite "get it" when it comes to implementing
OpenFirmware/OpenBoot support. (Many models of PowerMac and their
clones don't support manual console operation of the OF command
prompt and many options don't seem to be supported or documented).
When I talked to a couple of IBM researchers at ONE ISPCon a few
months ago one of them expressed some interest in porting mkLinux
or LinuxPPC in house, and having some of his team contribute some
drivers to it. So, this may get some support "from the source" at
some point.
However, for now, it would be a hacker's project. It's not suitable
for immediate production deployment from what I've heard.
____________________________________________________
(?) Advanced Printer Support: 800x600 dpi + 11x17" Paper
From Karl Raffelsieper on Thu, 26 Nov 1998
>I am running Caldera 1.3 on my small networked P75 with 40MB Ram and
>Several SCSI drives and Scanner, attached to the Parallel port is my
>Xerox 4520 PostScript printer. I wish to have the P75 act as a print
>server to the other PCs (running S.u.S.E. 5.1) This all works find,
Here's
>the problem.
Is this a real PostScript printer, with a PostScript interpreter and a
full CPU built into it?
Is your print server passing the raw print jobs to the printer or is
it passing them through it's own 'gs' (ghostscript), aps, nenscript,
or other filters?
_______
Yes this is a genuine Adobe Level 2 PostScript 20 Megs of RAM built in
-- RISC processor, 24 page/min screamer of a network printer, (less
the network card) and you can drop the raw PS data to it without
ghostscript or other filters. (This is Xerox's answer to the HP 5si)
This is were I am having my trouble. The driver installed is a generic
Post Script driver, and it does not seem to make all the printer
capabilities available. Even locally on the server. How can I make
configuration modifications to all workstations so when Star Office
5.0 (as an example) is aware of the printers paper sizes. My limited
understanding of the Post Script language is all the page definition,
font info, formatting, etc. is actually written into the document.
Thus so long as the data is sent raw to the server and it will send it
raw to the PS printer the Adobe chips in the printer will do the rest.
But I suspect I must report the printer capabilities to the OS some
place. I started at /etc/printcap but it didn't seem obvious to me
where to make the changes.
(!) What applications are you running? (In other words, what
applications are generating the PostScript).
If they only use a subset of the PostScript supported by your
printer then they have to be updated to generate more advanced
PostScript. If you are dropping/sending raw PostScript to your
printer then Linux isn't involved at all. It's between your
applications and your printer.
If you have Something like apsfilter (ASCII/text to PostScript) or
nenscript (New "enscripting") listed in your /etc/printcap entry to
transform text into PostScript that that's where you'd need to make
the changes (though that should affect pages produced through
Applixware, StarOffice, xfig, TeX/LaTeX/LyX etc since those are
producing their own PostScript or their own .dvi or raw printer
files).
In the cases where TeX/LaTeX and/or LyX are involved the
applications generate a .dvi file. This can be converted to
PostScript using the 'dvips' command, or they can be used directly
by any of the printer specific dvi drivers (called "dviware" by
TeXnophiles).
That's why I suggested calling Xerox to ask if they have or know of
dviware for your printer.
____________________________________________________
(?) TAG suggestions
From john on Thu, 26 Nov 1998
(?) I think that the way you are laying out TAG right now makes it a
little hard to navigate. It would almost be better if you ran them all
together on one big page, a la $.02 tips. The one word descriptions of
other solutions at the bottom of each page are also pretty tough to
figure out. How about an onMouseOver window.status() description for
each, or something to the same effect? Great job, by the way!
--
John
(!) Heather (my wife) does all of the markup.
She's spent many hours, for the last several months refining a
script that does the bulk of the conversion from e-mail (adjusted
for the quirks of how I format my responses) to HTML.
However, one of the things that we both refuse to do is to rely
about non-standard, browser dependent, and particularly upon
JavaScript, features.
[ Actually, this is not specifically because I have anything
against javascript, though the abuse of certain features on the
open web does annoy me considerably; nor because I don't write
usable javascript code, for there's certainly a world of tested
scripts at http://www.developer.com/ to go with the old Gamelon
archives of Java applets; but rather, because I have no interest in
making the folks with "modern" browsers lose more memory to a
feature that they probably won't use.
and the very idea of shipping someone 90+ full titles of messages,
every time they read one of them, is insane. Don't even go there.
I'm getting off this soapbox before I scorch it. -- Heather ]
Originally all I wanted was for the URL's that I embed in my text
to be wrapped with anchors. However, Heather and Marjorie (my
editors) like to have the TAG messages split and like to over some
navigation between them. Heather doesn't like sites that only offer
"up, next, previous" options in their page footers, so she's
implemented the scheme that you're describing.
[ Also, at least one querent begged to be able to go to seperate
messages without having to go back up to the index. Others thanked
us for switching to an indexed format, as it was much easier to
read the index alone and decide what messages they wanted to read.
As for the "tough little words"... I thought it would be nicer than
numbers, which is what my script actually generates. The good thing
is that they can be figured out at all. They are short so that I
can format the table at the bottom so it doesn't look lame and cost
more space than the message bodies. As it is, there's so many this
time, they're staying numbers. They'll probably go back to words
next month, but I won't say for sure. -- Heather ]
One problem I used encounter when TAG was "all one big page" was
with search engines. I'd get a new question that correlated a
couple of different concepts (IMAP plus Netscape
Navigator/Communicator) and I'd get all sorts of spurious hits
pointing to my own previous TAG articles.
So I'm glad that we don't still smash all my articles into one
page.
[ However, masochists are encouraged to read 'The Whole Damn
Thing'... the streamed version of the Linux Gazette. And if I see
more than this one request, I may link 'The Whole Damn Answer Guy'
(that is, the version I turn in to our Overseer for inclusion to
TWDT) as an option off the Answer Guy index. But we're certainly
not going back to the old format. Too many people like it, and I've
put too much effort into the scripts I use to convert it, to go
back. -- Heather ]
However, Heather and Marjorie will see this message (along with
other LG readers). I leave the details of formatting for
publication entire up to them. Indeed when I first started answer
these questions I didn't even know that they'd be published. (I
just offered to take on technical questions that were misdirected
to the editors). So, I'll focus on providing technical answers and
commentary.
[ I make a sincere effort to keep the resulting message looking as
close as HTML allows to what the email looks like. When you only
see it on the web, it could be hard to recall that it was a plain
slice of mail. I feel it's important to keep that feeling. Real
people use this software, real people have ordinary problems with
it, and real people give a shot at answering them.
Which is the last tack in the coffin of using browser-specific
features... real people aren't going to change browsers just to
read a webazine, and they're not gonna be happy if it crashes their
browser because someone went a bit overboard on the HTML.
So, I've kept changes minimal. I did all the graphics you see here,
but except for color, and the split messages, I feel it's still
pretty close to the original effort. (The astute reader, or
especially the reader without color support, will note that I use
EM and STRONG to support color usage, so the color is gratuitous,
but does make for more comfortable reading if you have it and
there's a lot of quoting.) You can look at the older Gazettes if
you'd like to see what they used to look like... I think they look
a lot better, but I'm biased ;) Still, if Jim keeps getting
messages about the formatting that I'm really responsible for, I'm
gonna have to draw my own speak bubble. I still have the blank
bubble so it'll be easy. Gimp is cool, when it doesn't crash. Maybe
some month when the load isn't too high I'll write an article about
the script and how I did the gifs. -- Heather ]
(Personally when I'm browsing through a series of related pages I
prefer to bounce back up to the upper/dispatch page and then down
to the next. This keeps my current "depth" a bit shorter when I
want to back out of my browser completely. (Since I get interrupted
and sidetracked frequently while browsing I like to make sure that
I'm "done" with each page that's still on the "stack" by backing
completely out to the "first document").
____________________________________________________
(?) CGI Driven Password Changes
From Terry Singleton on Sat, 05 Dec 1998
(?) Hi there,
We recently installed a LINUX box that runs sendmail 8.9.1, we need
someway for a user to be able to change their own password, most ISP's
have a html form that allows them to do this.
I know this can be done with CGI and Perl, question is does anyone
have anything or know of anywhere I can find something that will do
the trick..
I just bought a perl/cgi so I am working in that direction, we need
something asap though. I would even pay for something.
Regards,
Terry Singleton
Network Analyst
(!) I once wrote a prototype for such a CGI script. It wasn't fancy
but it used the following basic method:
The form has the following fields:
userid (login name):
current/old password:
(repeated):
new password:
(repeasted):
... and the script does the following:
* Check the consistency between the current password and the repeat
(and issue a retry screen if that fails).
* start an expect (or Perl comm.pl) script that:
+ telnet to localhost
+ waits for a "login:" prompt
+ sends the userid
+ waits for a "password:" prompt
+ send the current password
+ waits for one of:
o a shell prompt (sends passwd command)
o the passwd prompt (if the user shell is set to
/usr/bin/passwd).
o a "login incorrect" message (aborts and returns HTML
error form).
* if the process gets to .../bin/passwd's prompt:
+ send the old password
+ wait for new password prompt
+ send the new password
+ wait for repeat prompt
+ sent the new password again
+ wait for O.K. message
+ returns HTML success page.
So mostly it's a matter of writing the expect or comm.pl script.
Unfortunately I don't have the real script handy. It looked
something like:
#!/usr/bin/expect -f
## by Jim Dennis (jimd@starshine.org)
## This should check a username/password
## pair by opening a telnet to localhost
## and trying to use that to login
## -- you might have to adjust the last
## expect block to account for your
## system shell prompts, and error messsages
## It returns 0 on success and various non-zero
## values for various modes of failure
set timeout 5
log_user 0
gets stdin name
gets stdin pw
spawn "/usr/bin/telnet" "localhost"
expect {
-- "ogin: $" { send -- "$name\r" }
timeout { send -- "\r\r" }
eof { exit 253 }
}
expect {
"ssword: $" { send -- "$pw\r" }
}
expect {
"ast login: " { exit 0 }
"(\\\$|%)" { exit 0 }
"ogin incorrect" { exit 1 }
timeout { exit 254 }
eof { exit 253 }
}
... so you'd replace the "exit 0" clauses with something like the
following to have it change the password instead of merely checking
the password as the example above does.
set password [lindex $argv 1]
send "/bin/passwd\r"
expect "password:"
send "$password\r"
expect "password:"
send "$password\r"
... this assumes that you got to a shell prompt. If you use the old
trick of setting the users' login shell to /bin/passwd then you'd
add another expect close to the original script to respond to the
prompt for "Old password" --- which you'd get in lieue of a shell
prompt.
Obviously in that case you wouldn't be "send"-ing the /bin/passwd
command to the shell prompt as I've done in the second line of this
second code example.
There's a package that purports to do this at:
Linux Admin CGI Package Docu (English)
http://www.daemon.de/doc_en.html
... so you can try that.
You can also look at the Linux-admin mailing list archives where
I'm sure I've seen Glynn Clements point people to some utility he
wrote (I think I've seen this about a dozen times).
A quick trip to the Linux-Admin FAQ
(http://www.kalug.lug.net/linux-admin-FAQ) led me to a list of list
archives, which lead me to one with search features. Searching on
"web password change" got me to a message that refers to:
ftp://win.co.nz/web-pwd
... I'm sure there are others out there.
____________________________________________________
(?) ifconfig reports TX errors on v2.1.x kernels
From Peter Bruley on Tue, 15 Dec 1998
(?) Answer Guy:
I have tried various 2.1x kernels every - once and a while to see how
the new version is coming along. What I have noticed is errors being
reported by "ifconfig" on the TX only (both ppp & eth). Do you know
why ?
TX Error
(!) That's a good question. On the ethernet, I'd expect that most
of them would be due to frame collisions. Basically they'd happen
whenever any two cards on your segment tried to send dataframes at
close to the same time. On the PPP link I'd expect them to be due
to line noise.
However, I'm not sure and I don't know why you wouldn't see any RX
errors. Are you saying that you only see these under the 2.1.xxx
kernels? I can assure you that some errors are perfectly normal
(under any kernel). Too many may indicate a flaky card (yours, or
any other on your network segment), bad cabling (thinnet/coax is
particularly bad --- also using cat 3 UTP and/or running any sort
of cable too close to flourescent light ballasts and other sorts of
transformers and "noisy" RF generating equipment).
On one of my systems (a 486 router, two 3c509 ISA ethernet cards,
each on relatively short quiet cat 5 UTP segments, running 2.0.36)
I have 0 errors in both the TX and RX segments out of about 200,000
packets routed. This is over an uptime of about 20 days. I picked
that systems uptime and stats more or less at random (I'm using
it's console as a telnet/terminal to get to my 'screen' session as
I type this).
On another system (a 386DX33 with on 3c509 adapter, running 2.0.30)
I see six million packets received and 26 thousand RX errors (no TX
errors out of about 3 million packets transmitted). That's been up
for 71 days.
I supposed we could commission a study to see if different ethernet
cards, kernels and other factors produce wildly different
statistics. But that sounds too much like a graduate project.
____________________________
(?) 'ifconfig': TX errors
From Peter Bruley on Fri, 25 Dec 1998
(?) Hi: Jim
Thanks for your reply, sorry I'm slow getting back.
Here is a print out of my "ifconfig" after about 5 min. on the ppp
connection to my ISP:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:0.0.0.0 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:166 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:24679 dropped:166 overruns:0 carrier:0 coll:0
eth0 Link encap:Ethernet HWaddr 00:40:05:60:71:DD
inet addr:10.40.150.1 Bcast:10.40.150.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:288 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:74789 dropped:507 overruns:0 carrier:0 coll:0
Interrupt:10 Base address:0x7000
ppp0 Link encap:Point-to-Point Protocol
inet addr:226.186.100.56 P-t-P:226.186.100.249 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:576 Metric:1
RX packets:156 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:14836 dropped:135 overruns:0 carrier:0 coll:0
Here is are some of my software versions:
Kernel is 2.1.128
libc.so.5 => libc.so.5.4.44
depmod (Linux modutils) 2.1.121
ppp-2.3.5
net-tools 1.432
Things seem to work properly. (all network services) except for some
utilities that report modem activity ie/ xmodemlights
(http://www.netpci.com/~dwtharp/xmodemlights)
Note that my ethernet card is also reporting errors.
Now assuming that these are real errors; how come when I boot up into
a v2.0.34 kernel all the errors go away (on both ethnet & ppp) and my
xmodemlights utility works flawlessly ?
I have tried the v2.1.(85-131) kernel on apx 3-4 different boxes and I
have observed the same problems.
I'm alone on this issue or do you know of others reporting the same
problems ?
Peter
(!) I don't know if there's any problem here. However, I would
check the kernel mailing archives and possibly (after downloading,
installing and testing the 2.1.132 or later kernel) post a message
to the kernel developers list to inquire about it.
I might be that the old 2.0.x driver wasn't reporting errors for
your cards. They may have been buggy. It's also possible that they
may have been driving your hardware slower, causing fewer errors,
or fewer detections of errors. Of course it could be bugs in the
latest drivers which we'd like fixed before we go to 2.2.
So, check with the kernel developers and possibly get onto the
comp.os.linux.* newsgroups (networking or hardware) with this
question to poll other users for their results.
[ In the "late breaking news" department, the kernels are starting
to be called 2.2.pre so now is the time to start trying them out if
you've been interested but afraid to go for a beta kernel.
-- Heather ]
____________________________________________________
(?) Support for Trident Video/Television Adapter
From Daniel Robidoux on Mon, 14 Dec 1998
(?) Looking for a manual for a trident 9685 with tv. I'm trying to get
output to my tv but nothing works. Can you offer any suggestions.
(!) Call Trident?
I answered a question about the Providia 9685 chipset back in issue
31 --- but that had no mention of a TV tuner.
There is a "video4linux" project that supports at least the BTTV
(Hauppage et al) chipsets. I've never used it but you can feel free
to hit Yahoo! and browse through the 2200 hits that you'll get with
a search string like:
"video4linux 9685"
... see what that nets you.
____________________________________________________
(?) Plug and Pray Problems
From Tony Grant on Mon, 14 Dec 1998
(?) Hi,
Problem: USR Sportster ISDN TA will not work on AMD K-6/II machine.
Solution: Force D-Link Ethernet card to use IRQ 5 and ioports in the
0300 - 031f range so as not to interfere with the ioports needed by
the Sportster.
Question: How do I force the Ethernet card to behave? On bootup my
kernel (2.0.36) tells me that IRQ / io etc are being set by BIOS. I
want to set them myself.
TIA for pointers to the correct doc.
Cheers
Tony Grant
(!) My first guess would be that you're encountering a problem with
some "ISA Plug and Play" adapters. The first option would be to see
if there's a setting to disable "plug and pray" on one or both of
these boards, and manually set them (possibly using an MS-DOS or
Windows) utility).
Failing that you can look for a Linux package called 'isapnptools'
--- I've never used it --- but it seems to have helped a few people
out there.
I've read many messages from people who've resorted to booting DOS,
running the configuration utilities from there and then loading
their Linux kernel via LOADLIN.EXE.
This is more of a workaround than a real solution --- but it seems
to be effective for most and I don't know of any downside for
normal operation (just that mild distaste that running MS-DOS to
configure you hardware every time you boot might leave in your
mouth). Console yourself with the fact that you rarely have to
reboot Linux.
____________________________
(?) Plug and Pray Problems
From Tony Grant on Mon, 14 Dec 1998
Jim Dennis wrote:
..snip
This is more of a workaround than a real solution --- but it seems to
be effective for most and I don't know of any downside for normal
operation (just that mild distaste that running MS-DOS to configure
you hardware every time you boot might leave in your mouth). Console
yourself with the fact that you rarely have to reboot Linux.
(!) Jim,
Thanks for your prompt reply if only M$ offered such aftersales
support =;-)
Loadlin looks like a last resort solution that I will have to turn
to. I really didn't want to install W$ or DOS on this machine (it
is a headless server) so booting is no problem, the machine is up
all of the time, only SW upgrades will imply rebooting.
Cheers and thanks again
Tony Grant
____________________________________________________
(?) Sharing/Exporting Linux Directories to Windows '9x/NT
From markr on Mon, 14 Dec 1998
(?) I have a 5 system LAN at home with 2 linux, 2 win98, and 1 NT
machine. From any of the 98/NT machines, I can see the linux boxes in
Network Neighborhood. However, I am unable to connect to shares on the
linux boxes. I have logged out of windows and back in as both 'root'
and 'mark', both valid users on the linux systems, but when I try to
access a share I'm prompted for a password which, although correct, is
promptly rejected. I can go from Linux to win, and Linux to Linux, but
I need to be able to go the other way as well....
Any advice?
thanks,
Mark Rolen
(!) Have you read through the Samba man pages (smbd(8), nmbd(8),
smb.conf(5), samba(7), smbstatus(1), etc), and the Samba FAQ and
web site (http://www.samba.org)?
Start there and make sure that you have 'smbd' and 'nmbd' running
in the correct order, and that you have a valid 'smb.conf.'
The best place to ask this sort of question is the
comp.protocols.smb newsgroup. This is where the most avid Samba
users exchange notes and commiserate over the latest MS CIFS
machinations.
When you ask them a question, be sure to include the simplest
version of your smb.conf that you've tried and representative
samples of any relevant syslog messages from /var/log/messages.
Read their FAQ thoroughly for more details about the sorts of
information to include in your support queries.
[ Actually, your conf files are probably fine, since you see the
share announced, and actually get a dialog back... except that
you're missing one. Win98 and NT use encrypted passwords (or Win95
since one of the OSR packs) which a new enough version of SaMBa can
answer, but it needs to be fed the passwords your win boxes will be
using. Go into the FAQ and search for 'smbpasswd' and you should
find the rest of the details. -- Heather ]
____________________________________________________
(?) Mail processing
From Juan Cuervo on Mon, 14 Dec 1998
(?) Hello Answerguy, My name is Juan Cuervo and I was wondering if you
could help me with this:
I need all the incoming mail of my mail server users to be send to
their mailboxes (as usual), but also to be processed by an external
program (I mean , not a MTA). So, I need so send a copy of the mail to
this external program if the mail user has a file in their home
directory (called, lets say, ~/.myprog ) wich indicates that the mail
messages for that user should be parsed by this external program too.
Thank you for your help.
Juan Cuervo
(!) You can create an '/etc/procmailrc' and define 'procmail' as
your local delivery agent. This is the most straightforward way to
do this. However, it is pretty dangerous (the called program will
be called as 'root') and it might result in unacceptable levels of
overhead (depending on your number of users and their mail
volumes).
In any event the contents of /etc/procmailrc would look something
like:
:0c
| /root/bin/mailfilter/.myprog
.... to send a copy of each mail item through a program as you
described.
Personally, I don't recommend this, as it sounds like several
disasters just begging to happen. However, you're welcome to
experiment with this on a test system for a little bit to learn how
it works.
Many Linux distributions include 'sendmail' configured to use
'procmail' as their LDA by default. Look for a group of lines in
your /etc/sendmail.cf that looks like:
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
... to see if this is the case. If not, either replace the Mlocal
clause that's in your /etc/sendmail.cf (yuck!), or add an entry
like:
MAILER(`procmail')dnl
... to your ".mc" (M4 configuration file) and regenerate your .cf
file with the appropriate m4 command like:
m4 < foo.mc > /etc/sendmail.cf
Note that sendmail involves quite a bit more than this --- so you
may want to get more detailed advice before trying this on a
production mail server. There's a 900 page book from O'Reilly
that's probably the best reference to 'sendmail' available.
Arguments that we should also switch to 'qmail' or Wietse Venema's
'PostFix' (formerly known as 'Vmailer') may not help in your case.
____________________________________________________
(?) Extra Formfeed from Windows '95
From Jerry W Youngblood on Mon, 14 Dec 1998
(?) Is there a way to supress the extra formfeed when I print on my
Linux HP540 printer from Windows95 on the network. Everything prints
great, however there is an extra page that always comes out after the
print job. How do I supress this?
(!) I think there is a Win '9x control panel setting that can be
tweaked to prevent this. However, I do as little with Win '9x as I
can, so I don't know precisely where in that morass of dialogs and
menus you might find this setting.
(I suppose another option would be to set a special printcap entry
for your Win '95 system to use, and have that use one of the
settings for supressing formfeeds or use a special filter or
something).
I should warn that I also do as little printing as I can get away
with.
____________________________________________________
(?) Can't Login in as Root
From David Stebbins on Mon, 14 Dec 1998
(?) Hey Jim, After reading the letters to you and your responses I
feel kind of silly writting to you with my little problem, but here it
is. I am a very, very new linux 5.2 redhat (Macmillan) user and after
installing the OS and establishing a user account for myself I have
not been able to login as the root user. I type the same exact
password that I used when I set the system up (as the root uesr), but
cannot get back in (...very frustrating). perhaps you have a solution
for me? I was logging in as "root" (w/o the " marks) and then just
entering my password. What am I doing wrong? Thanks David
(!) Is this at the console?
If not, it's probably just securetty (read the man page in section
5).
Can you login as a normal user and then use the 'su' command to
attain 'root' status?
If not then you probably have lost or forgotten the password or
corrupted your /etc/passwd file. In those cases you can boot from a
floppy diskette or boot and issue the 'init=/bin/sh' LILO option
(as I described last month) to get into the system in single user
mode without requiring any password (requires console access,
obviously).
Keep in mind that the passwords are case sensitive. You must
remember which letters you typed in [Shift]-ed mode and in lower
case. Also, if you look at you /etc/passwd file you shouldn't seen
any blank lines, any comments, and any "junk" characters (control
characters, etc). Read the passwd(5) on any working system to get
the details of proper 'passwd' file formatting --- or just copy one
from your boot floppy and recreate the accounts as necessary.
Note, if you create a new passwd file you may create "orphan" files
in this process, as your new account names might have mismatches to
the old numeric UID's and GID's under which these files were
created. The easiest way to fix that on a small system is to look
at the numeric UID's of the files (any "orphan" file will show up
with a numeric owner during an 'ls -l' and you can use the command
'find / -nouser -ls' to list all of them) --- then using your
personal knowlege of who these files belong to, set their
/etc/passwd account to match those numerics.
Unfortunately the full details of all of this are far to
complicated to describe in detail at this hour (it's 3:00am my
time, I just got back from Boston, Massachusetts from the
USENIX/SAGE LISA Conference).
Once you get your system straightened out, make a backup copy of
your /etc/passwd and /etc/group files --- just mount a floppy and
copy them to it. That will make restores much easier in the future
(even if you you have a full backup system in place it's often
handy to restore these files before trying the rest of your restore
--- some versions of 'tar' and 'cpio' for example don't restore
files under numeric UID's and GID's -- they'll "quash" the
ownership to root.root for all of them!
If you really get stuck, call my number (800) 938-4078 to leave
voice mail. It would make more sense to walk you through the
recover than to type up every possible recovery technique in this
message.
____________________________________________________
(?) Alternative Method for Recovering from Root Password Loss
From David C. Winters on Mon, 14 Dec 1998
(?) Just discovered the LG, and your column, today. I sent you a
message a few minutes ago asking a question; here's a submission.
You finish up your "No Echo During Password Entry" answer in your
Issue #35 column with a method for recovering from losing root's
password. I've used another method, using LILO.
During boot, when the "LILO boot:" prompt appears, hitting the <TAB>
key will give you a list of all of the kernels (by label) that LILO
knows about. On my system, I'd see
> LILO boot:
> 2.0.30 2.0.30-orig
> boot:
("2.0.30-orig" is the default Red Hat 2.0.30-3 kernel on 4.2; "2.0.30"
is the label for the kernel I compiled.)
If I append " single" to a kernel label, eg, "2.0.30 single", it'll
boot using that kernel but come up in single-user mode. Just calling
passwd() will let you change root's password. You then want to use
exit() to continue bringing yourself back up to your normal runlevel
(3 on my machine).
(!) I'm well aware of this technique. However, using 'init=/bin/sh'
will work in cases where 'single' won't.
Some systems have their 'single user' mode entries in /etc/inittab
set to call an 'sulogin' command --- which requires a root
password. Ooops!
I glossed over the details due to my own time constraints.
(?) Useful, but a large security hole. Unless you secure it, anyone
sitting down on console can reboot the machine and come up as root. To
close this hole off, chmod() /etc/lilo.conf to 600 (or 660 if it's
owned root:root) and add the "restricted" and
"password=<some_password>" lines, like the following example
/etc/lilo.conf file:
(!) Quite right.
(?)
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
restricted
password=AnswerGuy
image=/boot/vmlinuz
label=2.0.30
root=/dev/sda2
initrd=/boot/initrd
read-only
image=/boot/vmlinuz-2.0.30-orig
label=orig
root=/dev/sda2
initrd=/boot/initrd
read-only
Run lilo(), then reboot. Entering "2.0.30 single" will get you to a
password prompt. When you enter "AnswerGuy", the LILO password won't
be echod to the screen as per normal for entering passwords, and LILO
will bring you up as root.
This obviously requires remembering yet another password, but it's
something to look into because, by default, LILO isn't
password-protected on the Debian or Red Hat distributions I've used.
(!) Also quite right.
The principle problem with this is that it doesn't prevent the user
from booting from a floppy (such as a Tom's Root/Boot
(http://www.toms.net/rb) or even just an MS-DOS diskette with a
disk/hex editor).
Some PC's have the ability to "lock out" the floppy drive and
protect the CMOS with a password. That helps. However, it isn't
much help. Many (possibly most) BIOS/CMOS sets have "backdoors"
such that their support technicians can help customers "get back
into" their systems. This is a bad idea --- but seems to be pretty
common. In addition it's possible to open the system case and
temporarily remove or short (with a resistor) the battery on the
motherboard, or remove the clock chip (where the CMOS data,
including the password, is stored).
So, to achieve any semblence of console security you must at least
do the following:
* Lock the PC in a cabinet, closet or case (or install one or more
locking bolts in the case.)
* Verify that the BIOS has no back door (how?) or replace the BIOS
with a custom one or one that has been audited and verified by
some trusted party as having no back doors.
* Disable floppy and CD-ROM boot.
* Enable CMOS password protection to prevent changes to the boot and
other CMOS settings.
(?) Debian: Whatever version was current two years ago; we switched to
RH. Red Hat: 4.2
D.
(!) Thanks for the prompting.
I personally like the design of the Corel Netwinder (StrongARM/RISC
based "thin clients" or "network computers" with embedded Red Hat
Linux and KDE), and the Igel "Etherterm/Ethermulation" (PC based X
Terminal, thin client, and character mode ethernet terminals, with
custom embedded Linux --- and Java, Netscape and other optional
tools on solid state disks).
Corel Computing, a division of Corel Software, Inc:
http://www.corelcomputer.com
Igel USA:
http://www.igelusa.com
These systems are specifically designed with no support for
removable media. This makes this much better suited to deployment
in hostile user environments (such as libraries, kiosks, Internet
cafes, public access and college computing labs).
It is unfortunate that these systems are currently a bit more
expensive than similarly powered PC's. Since they are currently
produced in somewhat volumes and they are currently niche markets,
they command a higher margin and don't benefit from the full
economies of scale.
However, that's the main reason I don't own any of these.
(Another advantage to these systems, over and above security, is
that they offer much less power draw and much quieter operation
than standard PC's with that incessant fan and disk noise).
____________________________________________________
(?) SCOldies Bragging Rights
From David C. Winters on Mon, 14 Dec 1998
(?) In your response to Anthony's second message (re: a coworker
teasing him about SCO's capabilities), you say:
I figured. About the only things the SCOldies can hold over us right
now are "journal file support" and "Tarantella."
Abject curiosity makes me ask: What are these two capabilities?
D.
(!) "Journaling Filesystems" and "Logging Filesystems" are those
which store and utilize transaction logs (journals) of file
operations until those changes are "committed" (synchronized).
Thus a set of small data structures on your filesystems are
automatically synchronized (like in a "write-through cache") while
the rest of the fs benefits from normal write caching.
The net effect is that filesystems can be quickly checked and
repaired after a castastrophic shutdown. In other words, you don't
have to wait for hours for 'fsck' to finish fixing your filesystems
after someone kicks the plug on your server (or the power supply
fails, etc).
This is likely to be added to Linux by version 2.4 or 3.x. Some
preliminary work as already been done.
Many versions of Unix (such as SCO, Novell/SCO Unixware, and AIX)
have their own implementations of these features. In addition there
is a company called Veritas *
(http://www.veritas.com/corporate/index.htm).
You can get some similar effect from Linux, at considerable
performance cost, by selectively mounting your important
filesystems with the 'sync' option (mount -o sync ....).
"Tarantella" is a unique feature of SCO's. It provides Java/Web
based access to your Linux desktop. The closest match is the VNC
package (virtual network computer) from the Olivetti/Oracle (Joint)
Research Laboratory * (http://www.orl.co.uk/vnc/index.html).
VNC is a network windowing system (like X Windows, but more
"lightweight") which allows you to connect to your systems remotely
via an MS Windows (Win '95/'98/NT), MacOS, or Java client. VNC also
allows you to remotely connect to Win '9x/NT system from it's X
Windows (or other Win/MacOS/Java) clients.
Actually VNC might be close enough in features that SCO couldn't
get much mileage out of touting it over Linux with VNC. VNC is
under the GPL.
____________________________________________________
(?) Application Direct Access to Remote Tape Drive
From Yves Larochelle on Mon, 14 Dec 1998
(?) Hello,
I have a simple problem. I run a FORTRAN program that makes calls to a
C library to read data from a DLT SCSI tape drive. Everything is fine
when I run from a drive on my host machine.
(!) Oddly enough I was just writing in my book about how the tape
drives under Unix (and Linux) are available for general purpose
spooling of applications data sets (like the old mainframe spooling
and job control model) but are rarely used in this fashion. It's
amusing to see that someone is doing this.
(?) But I haven't been able to open/read the tape drive on a remote
host. I have read your previous answers on remote tape access:
http://www.ssc.com/lg/issue31/tag_backup.html
and http://www.ssc.com/lg/issue29/tag_betterbak.html
but it doesn't solve my problem.
I want to use local memory and CPU, so "rsh" is not an option. In my C
library I have tried to change:
> fd = open ("/dev/st0", flag, 0);
> ... to:
> fd = open ("remotehost:/dev/st0", flag, 0);
> or even:
> fd = open ("operator@remotehost:/dev/st0", flag, 0);
without success:
Open failed on tape No such file or directory
(!) Yep. That's right. Inspection of the code for 'tar' and 'cpio'
would reveal that these do use an implicity 'rsh' to the remote
host, and pipe their data streams over TCP connections thereto.
This ability to access devices remotely is not built into the C
libraries, it is built by your program through the native network
mechanisms (or at least via judicious use of the 'system()' library
call).
(?) I do have setup /etc/hosts.equiv (and /$HOME/.rhosts) so I can
access my account on the remote host without password
I have been told to use "rmt", but how to do it within the C library
??
(!) I don't know much about 'rmt' but you can pick up the 'dump'
package in which it is included and read the man page therefrom.
I'd pick up the sources to that package so you can read some sample
source code to understand how 'dump' uses it.
(Obviously if you want to actually cut and paste the source code
for use in your project, you'll want to read and comply with the
license --- probably GPL. This may be of no consequence if you
won't be redistributing your program --- and should be know problem
if you're willing to release your sources under a compatible
license. It should also be no problem if you read these sources to
gain and understanding of the API's and code your own functions.
However, read the license for yourself).
(?) Can you help me with this one ???
(!) Since I'm not a programmer --- not much directly. However, as
I've said, you can study examples of this sort of code in the
'tar', 'cpio', and 'dump' sources.
(?) If at all possible,
(!) ... (e-mail ellided)
I always respond via e-mail whenever I respond at all. The mark-up
to HTML is done at the end of each month by my lovely assistant
(and wife), Heather.
____________________________________________________
(?) Mounting multiple CD's
From ali on Mon, 14 Dec 1998
(?) HI
I've just recently purchased a copy of Red Hat Linux 5.0 and a new CD
drive(ie. I now have 2 CD drives) and I need to know how to mount
them.
The 2 drives are connected to the IDE on my soundblaster AWE-64 sound
card and I need to know how to mount the drives from there. (I
previously had one drive and mounted it using /dev/cdrom but now what
do I use?)
(!) /dev/cdrom is normally a symbolic link (sometimes a hard link)
to some other device node such as /dev/hdc (first device on the
second IDE channel) or /dev/scd0 (first CD device on the first SCSI
channel).
(?) The two drives are:
1) Samsung SCR-2030
2) HP CD-Writer Plus 8100
(!) These (and the fact that you refer to your Sound card) sound
like SCSI devices. You'd simply find out which of these your
/dev/cdrom is linked to (by mounting it as normal or inspecting the
'ls -il' output of your /dev/ directory).
[ And, you could tell which one it was since its light will flash
when you mount the disc. -- Heather ]
For the other you'd use a command like:
mount -t iso9660 -o ro /dev/scd1 /mnt/cdrom1
... where the -t specifies the filesystem type (ISO 9660 is the
standard for normal CD's), -o is a set of options (read-only in
this case) and the next two parameters are a device name (second
SCSI CD drive), and an arbitrary mount point (usually an empty
directory under the /mnt tree --- or an empty directory in any
other convenient location).
You could name that mountpoint anything that your filesystem will
allow (just about anything). I use /mnt/cd* or /mnt/cdrom* as
prefixes to these names for obvious reasons.
If this new drive is on an IDE interface its likely that you'd use
something like /dev/hdc or /dev/hdd for the device name.
(?) Any help will be appreciated.
Thanks Ali
____________________________________________________
(?) More on Multi-Feed Netnews (leafnode)
Some additional comments by one of the authors/maintainers of
leafnode(?).
From The Answer Guy on Mon, 14 Dec 1998
(?) Jim,
I have a question in the "Answer Guy's" inbox regarding multi-feed
leaf netnews. I don't remember which package my querent was using
(leafnode, suck?, ???) but his question regarded whether it's possible
using any of these packages to download news from multiple sites and
upload/ feed them back selectively).
(!) It is possible with suck/INN, of course. (Everything is
possible with this combination, I suppose :-) .
It is also possible with leafnode, starting from 1.7.
The config file should look like this:
server = news.a.org
supplement = news.b.com
expire = 14 # expire messages after that many days
create_all_links = no # optional, saves disk space
Leafnode should be able to figure out everything else on its own.
If you need usernames and passwords for servers, it becomes a bit
more complicated, but leafnode can handle this as well:
server = news.a.org
username = user_at_a
password = password_at_a
supplement = news.b.com
username = user_at_b
password = password_at_b
expire = 14
create_all_links = no
HTH, - --Cornelius.
/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher
Str. 9 */
____________________________________________________
"The Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
(?) The Answer Guy (!)
By James T. Dennis, linux-questions-only@ssc.com
Starshine Technical Services, http://www.starshine.org/
_________________________________________________________________
(?) Getting 'rsh' to work
From Anthony Howe on Mon, 14 Dec 1998
(?) Oh hum. I'm having trouble with getting rsh to work between two
machines for a specific task. I've read the rsh, tcpd, and hosts.allow
man pages and I still can't get it to work.
1. the same user "joe" with the same password exists on both "client"
and "server" machines.
2. server's hosts.deny:
ALL:ALL
3. server's hosts.allow:
in.rshd:1.2.3.4
4. server's inetd.conf:
"shell" line uncommented
5. I have an A record for:
client A 1.2.3.4
6. and I have a PTR record for:
4.3.2.1.in-addr.arpa PTR client
Now every time I try and do something as simple as:
joe@client$ rsh server '/bin/ls /home/joe'
I get "Permission denied". The logs on neither client nor server
provide no reason for the "Permission denied".
Maybe I just over-tired, but I can't figure out what I'm overlooking.
Can anyone please tell me what I'm missing?
(!) What is the precise line in your /etc/inetd.conf?
Some versions of in.rshd and in.rlogind have options which force
the daemon to ignore .rhosts files (-l) allow 'superuser' access
(-h), syslog all access attempts (-L), and perform "double reverse
lookups" (-a).
It looks like your forward and reverse records are alright
(assuming that the client's /etc/resolv.conf is pointing at a name
server that recognized the authority for the zones you're using).
Note: If you are going through IP Masquerading at some point (some
sort of proxy/firewall package) then there's also the remote chance
that your source port is being remapped to some unprivileged
(>1024) port as the packets are re-written by your masquerading/NAT
router.
I did complain to the Linux/GNU maintainers of the rshd/rlogind
package about the fact that their syslog messages don't provide
more detailed errors on denial. However, I'm not enough of a coder
to supply patches.
To test this without TCP Wrappers at all try commenting out the
line that looks something like:
shell stream tcp nowait root /usr/sbin/tcpd in.rshd -a
... and replacing it with something like:
shell stream tcp nowait root /usr/sbin/in.rshd in.rshd -L
(note: we just changed the tcpd to refer to rshd).
____________________________________________________
(!) Linux as a Netware Client
From Jedd on Sat, 05 Dec 1998
(?) Howdi,
In the December issue of LG, you answered someone's query regarding
accessing their netware servers from Linux, by pointing him at Caldera
or the ncpfs package.
The caldera system is quite fine, albeit based on Redhat, and between
the two companies they seem to have not only ignored the old FSSTND,
but positively danced on its grave. <hug Debian> Trying to get the
Caldera Netware client working under Debian, btw, was a right pain
(I've still not done it), so it may not be feasible. Looking at their
archives, it appears that even getting it to work under pure Redhat is
a bit, uhm, 'challenging'.
However, for your info, the ncpfs package does support NDS (Netware 4
& 5) connections - and has done for the last two minor releases. I'm
still experiencing some problems with this feature - when trying to
concurrently authenticate to two servers in the same tree - but I
hope/ suspect that's me doing something funny.
Cheers,
Jedd.
(!) Some more feedback that I'll just present on its own merits.
____________________________________________________
(?) LILO Default
From Steven W.Cline on Mon, 07 Dec 1998
(?) Answerguy,
I've been searching for this but can't find it. I would like to change
the default OS that lilo loads. Right now it is Linux. How can I
change the default to DOS?
This is because I am the only one using Linux and the rest of the
family uses DOS.
Steven W.Cline
San Bruno, Ca.
(!) The default is the first "stanza" (boot image) listed in the
/etc/lilo.conf.
So, just edit that file and move the block for your Windows stanza
to place it after any global directives and before any other OSes
that you have listed.
Alternatively you can just use the default= directive to specify
the label of the image that you want to use.
(Hint: searching the lilo.conf(5) man page on the term "default"
leads us to the answer within a few shots.
[ I should only comment on layout stuff, but here, I just gotta.
Once upon a time when antares was a multi-boot machine, I had it
set up so that CTRL-ALT-DEL would always reboot you into "the other
OS". For a while it was so handy, I'd even forgotten how we did
it... so I wasn't able to tell Jim! But here's a trick that should
work:
Add a line to /etc/inittab that reads:
ms::boot:/sbin/lilo -R dos
(assuming you've named your stanzas linux and dos). The 'ms' is a
gratuitous identifier; it could really be anything, as long as the
other inittab lines have a different first value. The '-R' stores a
LILO command choice for only one session, so on the next reboot
(from DOS, which isn't saying anything special to LILO) you'll go
back to the other OS... unless sometime during your linux session,
you run another lilo -R command that mentions a different command
line to default to. However, you leave the lilo default to linux
this way. I suppose you could use this to run /sbin/lilo -R linux
so that reboots from Linux will tend to stay in Linux, with the
default set as Jim described to dos so that power-on, and reboots
in DOS, will tend to stay in DOS.
I don't know if there's a LILO control program for DOS these days,
but with LOADLIN and a copy of the kernel stored in DOS-accessible
space, you could even create a script that would let you add
"Linux" to your DOS or Windows menu system. If you prefer to go
that way, you could even uninstall LILO and put back a plain DOS
master boot record, so it would never ask anymore. Or, you can set
LILO to delay forever, so you can always choose which OS ... though
this loses the benefit of being able to ignore the system while it
boots. -- Heather ]
____________________________________________________
(?) Uninstalling Linux
From Tom Monaghan on Fri, 18 Dec 1998
(?) i cannot find any info on the best way to uninstall Red Hat Linux
5.2.
I must reinstall DOS as linux does not support my video driver (yet).
Any help would be appreciated. Thanks.
(!) When you installed Linux, you probably created a set of
partitions on one of your hard disks. You can just go into the
Linux 'fdisk' (using your installation diskette or CD) and delete
all of your Linux parititions (including swap and "native" (ext2)).
Once you done that then DOS/Windows should be "willing" to create
new partitions in the unallocated portions of disk space that
you've created by deleting your Linux partitions.
If the whole disk was devoted to Linux and you want to trick MSDOS
into believing that this whole drive is "fresh from the factory"
you can use the following trick:
WARNING! THIS WILL WIPE OUT ALL DATA ON YOUR DISK!
Boot into Linux (on a rescue diskette or into the working copy that
you have installed)
Login as root.
Issue a command like the following:
dd if=/dev/zero count=1 of=/dev/hda
... NOTE: The "of" parameter should point at the device node for
your disk. If are doing this to the first or only IDE drive on your
system (the most likely case) you'd use /dev/hda as I've shown. If
you're doing this to the first SCSI drive it would be /dev/sda, if
you were doing it to a second IDE or SCSI drive that would be
/dev/hdb or /dev/sdb respectively, and so on.
To get some idea of which drives and partitions you have Linux
installed on you could use the command:
fdisk -l | less
... to look at the partitions on all drives that Linux can see.
Note that you'll see partitions like /dev/hda1 and /dev/hda5, etc.
These are partitions on the first IDE drive (/dev/hda).
When we zero out the first sector of the drive, operating systems
will consider the whole drive to be blank and will install just as
you would on a brand new hard drive. (Technically under MS-DOS you
could just wipe out the two bytes at the end of the first sector
--- which is a signature value that MS-DOS FDISK.COM (or FDISK.EXE)
uses to detect a partiton table or MBR. Naturally you could also
delete the partitions (as described earlier) and then boot from a
DOS floppy and issue the command:
FDISK /MBR
... this will work on MS-DOS 5.0 and later. Otherwise use the 'dd'
method from Linux.
Incidentally I rather doubt that Linux doesn't support your video
card.
It is probably more formally correct to say that XFree86 doesn't
support your video card. You don't need to run a GUI to use most of
Linux (I rarely go into X Windows).
[ They just released XFree86 3.3.3 recently, so maybe you should
check again with a fresh X package from http://www.xfree86.org/ and
see if it has your card in it now. -- Heather ]
As I point out in other messages there are a couple of alternatives
to XFree86 including some freely distributed binary X servers
(source code unavailable) which can be found at the Red Hat contrib
site and other mirrors and software archives, and there are a
couple of commercial X Windows System packages for Linux (from Xi
Graphics: http://www.xig.com, and MetroLink:
http://www.metrolink.com).
____________________________
(?) Uninstalling Linux
From Tom Monaghan on Fri, 18 Dec 1998
Thanks. Since I was in a hurry, I just ran the install and deleted all
my linux partitions via Disk Druid (coincidentally the same tack you
suggest) and booted out of the install. So now I am back to DOS :(
I have RH 5.2 at home, so deleting linux here at work does not end my
experimentation with this OS. The thing I am stuck on at home is
getting my modem to connect to my ISP. This is so freaking frustrating
I had to step away for a day or so...Will continue to bang on linux
until I get it right. It's funny, I have a decent amount of UNIX
experience under my belt (I am ashamedly a Software Developer), but
when it comes to configging stuff I am a moron!
Super L/User
____________________________________________________
(?) Making a Kernel Requires 'make'
From Mohd. Faizal Nordin on Fri, 18 Dec 1998
(?) Hai everybody....
I am having problem to compile my kernel in order to set my ppp and
diald. The problem is when I want to compile kernel for RedHat 5.1 I
got error msg: " make : bash command not found ".
Can someone pls help me on this problem.
Cheers...
fiber...
(!) It sounds like you need to install 'make' (the package that
interprets "makefiles" and traverses the sources resolving
dependencies by compiling, linking and otherwise manipulating the
sources, object files, etc). (Either you need to install the
package or make sure that it and your other development tools are
properly on your PATH).
You also need gcc (the GNU C compiler) and the 'binutils' package
(which contains 'ar' 'ld' and the assemblers and other tools that
are needed to build most C programs).
It seems odd that you need to recompile your kernel for PPP
support. Most distributions ship with that built in or with a
modular kernel and a selection of pre-compiled modules.
____________________________________________________
(?) Using only 64Mb out of 128Mb Available
From Terry Singleton on Thu, 17 Dec 1998
(?) When I run the admin tool "top" it appears as if my system is only
using 64MB of memory.
11:00am up 4 days, 23:39, 2 users, load average: 0.07, 0.03, 0.00
40 processes: 39 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 0.3% user, 0.1% system, 0.0% nice, 99.6% idle
Mem: 64168K av, 57420K used, 6748K free, 19820K shrd, 19816K buff
Swap: 104384K av, 24K used, 104360K free 23932K cached
The results show 64168K av which indicates 64168K of available memory
yet our system has 128MB RAM? I have the same results on 2 other Linux
servers with more than 64MB RAM.
I am running RedHat 5.1, is there anything special I have to do to
tell the system I have more than 64MB, recompile the kernel..?
(!) This is a classic FAQ. The BIOS standards for memory query (Int
12h?) don't support the return of more than 64Mb of RAM. There are
a number of different mechanisms for doing this on different
chipsets, and some were "dangerous" (in the sense that they might
hang some systems with a different API/BIOS). So, Linux didn't
support automatic detection of more than 64Mb on most systems until
very recently (2.0.36?).
You've always been able to over-ride this with a kernel parameter.
As you may know from my earlier articles or from the LILO man pages
you can pass parameters to the Linux kernel using an append=
directive in your /etc/lilo.conf file (and subsequently runing
/sbin/lilo, of course) or by manually appending the parameters on
the command line at the LILO prompt (or on the LOADLIN.EXE command
line).
To do this with lilo.conf you add lines of the form:
append="mem=128M"
... to each of the Linux stanzas to which you want this to apply.
(I'd leave one of them without it for the first try so you have a
working configuration into which you can boot in case there's a
problem with your system. I've heard of some cases where users had
to reduce their memory configuration by 1Mb for odd reasons).
With the newer 2.0.36 and 2.1.x kernels you shouldn't need to do
this (they have new autodetection code that should handle all of
the common chipsets).
One trick for programmers --- if you want to ensure that your code
or distribution will run in limited memory constraints you can do a
quick test using a smaller mem= parameter to force the kernel to
run in less space than it normally would.
WARNING: If you forget the trailing 'M' the kernel load will fail
when it tries to allocate the specified amount of RAM in bytes.
(Don't do that!).
In any event you might want to check out some of the FAQ's on Linux
since I'm sure this is in a couple of them.
____________________________
(?) Using only 64Mb out of 128Mb Available
From Terry Singleton on Fri, 18 Dec 1998
(?) Thanks Jim.I added the line as you suggested, however it did not
seem to take am I supposed to be it under the boot image section
itself? Memory is still 64000av.
(!) Sorry, I should have been more detailed. You need to add this
append= directive to each of the stanzas to which it applies. (You
could have a couple of stanzas that referred to reduced memory
configuration if you were a software developer, tester or reviewer
so that you could test a package's behaviour under varying memory
constraints).
(?) This is what I have:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
append="mem=128M"
image=/boot/vmlinuz-2.0.34-0.6
label=linux
root=/dev/sda1
initrd=/boot/initrd-2.0.34-0.6.img
read-only
should it be:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
image=/boot/vmlinuz-2.0.34-0.6
label=linux
root=/dev/sda1
initrd=/boot/initrd-2.0.34-0.6.img
read-only
append="mem=128M"
(!) Yes.
(Also remember to re-run /sbin/lilo to read this config file and
build the new boot blocks and maps therefrom).
Incidentally it would have been quicker and reasonably safe (in
this case) to just try the experiement. It should have worked and
you'd have gotten your answer much quicker.
I can understand a degree of hesitation about experimenting with
the boot blocks and partition tables (a data structure that's
stored in the the same block as the MBR first stage boot block).
Obviously a mistake means that you can't boot at all.
However, it's wise to have a backup and a working rescue floppy and
to practice using them before you make any changes to your
/etc/lilo.conf.
____________________________________________________
(?) Manipulating Clusters on a Floppy ...
From Padma Kumar on Thu, 17 Dec 1998
Sir,
I'am basically want to write an application which needs to mark a
particular predefined cluster as bad, and also need to change
dynamically the value contained in the specific cluster. Is there any
way by which we can write some data into a cluster, mark that cluster
as bad, again i need to mark that bad cluster as usable and update the
data in the cluster and then mark it as bad again.
I would be greatful if you could help me out with this task or tell me
where i can find some information regarding this.
Thanking you for your consideration.
With Regards
Padma Kumar
(!) This is a rather dubious request.
You'd have to write you're own custom programs to do this (for each
filesystem type that you wanted to support --- since different
filesystems have different mechanisms for marking clusters as bad).
I've heard of MS-DOS virus writers, and some copy protection
schemes, that used similar techniques to covertly write keying
information on people's systems back when software copy-protection
seemed feasible. The demise of this technique has two major
dimensions:
There were chronic technical problems caused to legitimate users
(thus decreasing customer satisfaction while increasing support
costs). (Problems resulting from restoration of user programs and
data after a hardware failure or upgrade are one example). A
moderately skilled cracker could easily reverse engineer and bypass
these measures (often by "NOP-ing" out the portions of code that
performed the objectional hackery).
Many users/customer simply rejected the whole adversarial stance of
software companies employing these techniques. We still see tacit
acceptance of "dongles" (hardware keys, typically attached to
parallel or serial ports which are queried by a program to enable
its operation, typically with some sort of challenge response
protocol). However, those are only used for a small number of high
end packages.
To write your own code, just look at the examples in the programs:
badblocks, mke2fs, and e2fsck. These all manipulate the badblocks
lists on Linux' ext2 filesystems.
Naturally you can look at the sources for similar programs for each
other fs which you intend to support. Note that most of these
programs are under the GPL. While studying them and writing your
own code is probably a fair use, if you intend to "cut and paste"
code from them you must read and respect their licenses (which
would be in conflict with any copy-protection applications which
you might have in mind).
I realize I'm reading a lot into your question. I don't know of any
other rational uses for bogus "bad blocks."
____________________________
(?) Manipulating clusters on a floppy ...
From Padma Kumar on Sun, 20 Dec 1998
(?) Sir,
Thanks for spending time for answering my question ...
Basically i'm trying to write the code in Delphi (Assembly code in
Delphi) for Windows 95 stand-alone PC.
I hope this clarifies ur doubt in short.
(!) It clarifies things just fine. This is the Linux Gazette. I
answer questions that relate to Linux.
If you have programming questions that related to Win '95 and/or
Delphi --- please go to Yahoo! and look for a Win '95 or Delphi
"Answer Guy" (or other support forum).
You paid money for that commercial software --- with the stated or
implied benefit of technical support. It's really a pity that the
companies that sold you these packages aren't delivering on that
promise.
As I said, you can look at the Linux sources for many examples of
manipulating many types of filesystems (including MS-DOS/Win '95)
-- those examples are mostly in C.
(?) Thanking you once more for ur consideration
Expecting a reply soon
(!) Have you ever read any of my other answers? How did you find my
address without getting any indication of the focus of my work? Is
it just that using all that vendorware has left you desparately
seeking support from anyone you can find?
____________________________________________________
(?) Setting up ircd
From paul maney on Thu, 17 Dec 1998
(?) hi there i cant set up ircd on redhat Linux i haveing big pog what
can i do to get it to work a.s.p pls from paul marney
you can get me on [phone omitted] or [email omitted]
(!) I'm afraid this question is below the literacy threshold.
I think this translates to:
I can't set up 'ircd' on my Red Hat Linux system. I'm having "big
problems" (with it). What can I do to get it to work? Please reply
ASAP.
First, I've never set up an IRC server. I've only used IRC as a
client on a few occasions (less than ten in the last ten years). I
presume that I could set on up if I tried (and I know some of the
people who created Undernet -- one of the larger IRC networks, so
I'm sure I could get help if I needed it).
However, your question shows a remarkable lack of motivation. You
don't provide any information about what version of Red Hat you are
using, where you got the your IRC (Internet Relay Chat) daemon
package (I've never seen one included with Red Hat Linux CD's ---
though admittedly I wasn't looking for it). More importantly you
don't give any indication of what you've tried or what sort of
problems you've encountered.
Based on your message it doesn't appear that you've even read
whatever man pages, README files, and other documentation came with
your ircd package.
Glancing around I found an ircd21002.tgz in the Slackware contrib
directory on ftp.cdrom.com (Walnut Creek, manufacturers of many
fine collections of free software --- including the Slackware Linux
distribution and FreeBSD).
Grabbing that I find a set of documents and an example ircd.conf
file that give some hints as to how you'd use this particular
version of IRC. It turns out that this one is the "UnderNet"
version of ircd (I'd heard that they'd written their own, but
coming across here it was just by chance).
You could look at the UnderNet web site (http://www.undernet.org)
but that doesn't seem to lead to any technical documentation of the
sort that you'd need to set up your own server or join one of the
relay networks. You'd have to know to look at
http://www.undernet.org/documents (since there don't seem to be any
links from the index page down to this page). However that doesn't
include anything that you need either.
My next stop would be Yahoo!:
Computers and Internet:Internet:Chat:IRC:Networks
http://dir.yahoo.com/Computers_and_Internet/Internet/Chat/IRC/
... and I'll leave it to you to search through those links.
Naturally you could also hunt through the IRC channels and ask the
regulars in those that are appropriate. I suspect that some of the
people who install, configure and maintain these servers are also
IRC users. I think there's also a couple of news groups that are
appropriate (search your local lists of newsgroups for the string
"irc").
If you ask for help from any other parties, I'd suggest putting
some careful thought into crafting your questions --- most people
won't spend nearly the time that I just have on answer a question
that's presented as badly as this.
____________________________________________________
(?) Sendmail on private net with UUCP link to Internet
From rkblum on Tue, 15 Dec 1998
Hello Answer Guy!
Thanks for all of your excellent advice. I really enjoy your columns.
In your December issue, you had an answer for RoLillack for using
Sendmail on a local private network. You mentioned that your network
is connected to the Internet via a UUCP hub for mail purposes. I would
like to follow-up on that comment.
I do volunteer work at a local K-6 school and we were looking for a
similar mail solution. Your answer got the wheels rolling and we think
we have a good, inexpensive e-mail solution for the school. The only
piece that we are missing is the sendmail.cf file for the UUCP hub. We
have not been able to find a good example of how to configure the hub
to route all outbound mail to the ISP UUCP host, as well as not do DNS
lookups for our clients running Eudora. Unfortunately, we have not
been able to find the SendMail book in our local bookstores. We would
appreciate any help you could give us in this direction.
(!) I don't know how you'd convince Eudora and other mail user
agents not to do DNS queries for MX records. I use a trick with
sendmail (specifying an IP address of the form '[192.168.1.x]' ---
note the square brackets --- in my nullclient.mc file).
In my case I have an "all Linux" network. The rare occasions when I
try to run some MS or Apple based OS around generally don't involve
setting them up with access to the Internet and certainly don't
involve my trying to read my mail on them.
You might be able to do the same, or you might have to create a DNS
server that "claims" to be authoritative for the root domain (then
one called ".").
I've heard of people setting up these sorts of disconnected DNS
zone but I don't have an example handy. I'd suggest grabbing the
DNS HOWTO and searching through the archives of the Linux-admin
list for some suggestions on that.
Incidentally I hear there are some pretty good Linux Users' Groups
in Indiana. Sadly I note that there is no SAGE (SysAdmin's Guild)
chapter for your area. USENIX/SAGE is hoping to greatly expand the
number of SAGE local chapters around the world and across the
country in the near future. All it takes are a few professional
system administrators to get together (SAGE is OS neutral, though
the membership shows a decided preference for Unix-like systems).
As for my particular setup, here's the M4 config file from one of
my clients:
divert(0)dnl
VERSIONID(`@(#)clientproto.mc 8.7 (Berkeley) 3/23/96')
OSTYPE(linux)
FEATURE(nullclient, `[192.168.1.3]')
... that's all you need. You can then use m4 to generate a
/etc/sendmail.cf file from this (as I've described in past columns.
Newer versions of sendmail provide a 'makefile' to make this
generation step even easier.
The effect of this .mc file is to forward all mail to my mail hub
(which is the mail store for my LAN and is the gateway to the rest
of the world).
On my client workstations I retrieve mail using 'fetchmail' (via
POP-3). Thus if I mail 'star' (my wife) the mail gets sent to
'antares' (the hub) even though she has an account on the local
host. This means that she, my father, and others with accounts on
my workstation, don't need to maintain .forward files on 'canopus'
or any of the other workstations around the house. All of their
mail (and mine for that matter) gets sent to antares.
My mail gateway's .mc file looks like:
divert(-1)
divert(0)dnl
include(`../m4/cf.m4')dnl
VERSIONID(`$Id: issue36.txt,v 1.2 2003/02/03 21:50:25 lg Exp $ by James T
. Dennis, Starshine.org $Date: 2003/02/03 21:50:25 $')
OSTYPE(`linux')
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`nodns')dnl
FEATURE(`nocanonify')dnl
FEATURE(`local_procmail')dnl
FEATURE(`uucpdomain')dnl
MAILER(`smtp')dnl
MAILER(`uucp')dnl
MAILER(`procmail')dnl
MAILER(`uucp')dnl
MASQUERADE_AS(`starshine.org')dnl
undefine(`BITNET_RELAY')dnl
define(`confDEF_USER_ID',"8:12")dnl
define(`SMART_HOST', `uucp-dom:XXXX')dnl
On this last line I have the name of my UUCP provider listed in
place of those X's. By defining a mailer and host pair for my
SMART_HOST I force 'sendmail' to deliver all of my non-local mail
to my UUCP provider through the "uucp-dom" mailer. "uucp-dom" is a
mailer that delivers mail via uucp even though it uses "domain
style" (DNS) address syntax.
This last file is probably a bit more elaborate than you actually
need --- and it's simplified a bit for this example.
(I actually use the "mailertable" FEATURE to trick the system into
deliver mail that appears to be to one of my LAN hosts into
delivering it to a virtual hosted mail server that's really
maintained by my ISP).
(?) Thanks again for all of your great answers!
Rich Blum
Trader's Point Christian Schools
Indianapolis, Indiana
(!) I'm glad I could help. You are right, UUCP is still a good way
to get e-mail and netnews without getting a full Internet
connection and without having the connection used by web browsing
or other protocols which you might prefer not to run into your
site. (Conversely it's also a great way to preserve your PPP
bandwidth to interactive uses while your mail and/or news gets
spooled quietly away for other times).
____________________________
(?) Re(2): Sendmail on private net with UUCP link to Internet
From rkblum on Wed, 16 Dec 1998
Jim -
Thanks for your quick response and acurate answers! The sendmail.cf
sample you sent was exactly what we needed. I think that I
unneccessarilty muddied the waters with my Eudora question. It turned
out that it was not a DNS problem with Eudora, it was my mistake of
not having the IP addresses in the ip_allow. The Eudora clients work
fine now. I have asked our local bookstore to order the SendMail book
for me - I think I need it!
Thanks again for your help - keep up the good work!
Rich Blum
____________________________________________________
(?) Complaint Department:
From T Elliot on Sun, 20 Dec 1998
(?) Having worked with Unix (1983-1989) and (gasp) MS-DOS (from DOS
2.11) and Windows (from Win 3.0 to NT Server 4.0 - I once installed
the NT5 beta, but decided it was too risky) and occasionally been
tempted into trashing my spare PC to install Linux, one of the biggest
problems I find with Linux is the lack of coherent tools and user
interfaces.
If I install a package under Windows, I get a shortcut to the
program(s) via a menu or window (program group).
(!) So don't use it.
(?) Do the same under Linux and then I have to write down the main
program name or remember it (after examining the files to be installed
so I can figure out what the actual command is) - sure it will
probably be installed in the path, but I'm getting old and the memory
is failing.
(!) Yep. I know. Tough isn't it?
(?) My spare PC is currently running RedHat 5.2 and this afternoon I
downloaded Code Crusader et al and therein lies the tale... NOT
ccrusader, NOT codecrusader or variations thereof, but "jcc" - no
additions to the "start menu" if using Fvwm2 or any other window
manager, in fact, no indication that the system had new software
except that the disk free space had decreased.
Until this type of thing is resolved, then Linux will only gain the
support of the lab-coats or the enthusiast.
(!) ... and professionally administered sites where a sysadmin or
delegate evaluates packages before installing them --- figures out
what is going where and deploys them according to their needs.
This is a rather boring message. I'm not the Linux complaint
department. You can send your suggestions to Red Hat Inc.,
S.u.S.E., Caldera, and many others.
Incidentally, S.u.S.E. does have some scripts that maintain your
system default window manager menus when you install new packages.
As for the implied suggestion --- I know that some people at Red
Hat are working on something like this. However, since there is no
central authority over Linux development and there are no "code and
interface police" to enforce your notion of "how things should be
done" --- there are practical limits to what can be accomplished.
For those that care, the usual technique I use when installing
RPM's is to list and/or browse the contents of the package before I
install it. You can list them with a command like:
rpm -qpl <package.file.name>
... and you can narrow that do just the docs using:
rpm -qpd <package.file.name>
You can browse through an RPM file interactive using Midnight
Commander ('mc'). Just highlight the file using mc's "Norton
Commander inspired" interface and hit [Enter]. This will traverse
down into the RPM file as though it were a directory tree --- and
you can browse through and view the file contents to your heart's
content.
When you use mc's [F3] key to view a file, it can interpret several
types of files. Thus you can view the man pages from inside of an
RPM file without installing anything.
Since many of the most useful programs available under Linux and
other forms of Unix are designed as filters, or intended to be run
as services (possibly as dynamically launched 'inetd' based
daemons) or cron jobs --- or are otherwise non-interactive --- it
often doesn't make sense to add menu options for them.
However, I've suggestion to Red Hat and S.u.S.E that RPM
maintainers and builders be encouraged to add entries for programs
that constitute "user interfaces" (for character mode and/or X
Windows --- and for any other interfaces that might arise in the
future --- such as Berlin). One of Red Hat's senior people
disagreed with the whole notion, though that may be more a
deficiency in my presentation than anything.
(?) PS. My main PC runs NT server 4.0 sp4 with sql server, iis, etc,
etc. I use it for software development using DevStudio (c++) and even
though I have to reboot the &^^% thing every time I touch something in
its config, I'd rather that than guessing at what I've installed and
what the comand line is.
(!) Great. More power to you. So, do a Yahoo! search to see if you
can find the "complaintguy" somewhere. Let me know if you find him
(or her) and I'll bounce mail like this to the appropriate venue.
The problem here is that you seem to have confused me with some
Linux advocate. I use Linux and I prefer it to other systems that
I've used (although FreeBSD is a very close second).
I've espoused the opinion, on several occasions in this column,
that the selection of any tools (software or otherwise) should be
done through a process of requirements analysis. Some requirements
can be met with a number of solutions. So, after we've found a
basic list of possible solutions that meet the requirements we can
narrow down that list by measuring them against our constraints and
make final selections (if choices still remain) based on
preferences.
The time is rapidly approaching when you can run a complete KDE or
GNOME system and never see a command line. Developers of KDE,
GNOME, and eventually GNUStep applications will be free to
integrate their interfaces in the ways that are appropriate to each
of those systems.
The KDE developers have already shown an amazing predilection for
generating KDE interfaces to existing programs. Once nice thing
about Linux and Unix is that it's relatively easy to design an
application in a client/server model --- and to provide multiple
front ends (clients) which each provide unique forms of access to
the same application functions. This is just good programming
design.
Another nice thing is that we can concurrently run programs from
many GUI's under the same desktop. Thus I can run a GNOME
application under KDE and vice versa. Indeed using VNC and XNest I
can run whole X sessions within a window under one of my X
sessions.
Of course, people who just stick with the front ends will be
constrained from access many of those powerful filters and tools
that I described earlier. It's unlikely that front ends will be
built for all of them.
However, most people only use a few applications, anyway.
(?) PPS. The main gripe is - USER TOOLS and EASE OF CONFIGURATION.
(!) So find someone to gripe to. I'm here to answer questions.
(P.S. the various "advocacy" newsgroups are perfect for this sort
of message).
____________________________
(?) More on "Complaint Department"
From T Elliot on Fri, 25 Dec 1998
(?) Thank you for your comments and suggestions. I appreciate that I
have probably wasted your time, but you have answered most of my
questions (including to whom to gripe).
(!) If I was worried about "wasting my time" I wouldn't have signed
up for this.
However, one of the few rights I reserve for myself in this column
is the right to be a curmudgeon.
____________________________________________________
(?) eql Not Working
From Brett on Thu, 24 Dec 1998
(?) I have had absolutely no luck with eql getting my two USR 56k
modems working in sync. I can get both of them connected, but only one
uses bandwidth... and if I disconnect #1 then #2 takes over the
bandwidth job... I am just wondering if I can get this working and
somewhere that you could point me to get it working... any reply would
be much appreciated...
(!) If you read the eql docs carefully I'm pretty sure it points
out that you must establish both connections to a
server/router/terminal server that supports this mode of operation.
Essentially you must be connected to two modems on a single other
system running something that is like and compatible with eql.
If ISP isn't specifically working with you on this --- then you
won't be able to get it working. So call your ISP and explain your
needs to them. According to the README.eql file Linux eql driver is
compatible with the load balancing (round robin routing) on some
Livingston (CommOS?) router/terminal servers.
I suggest a careful re-reading of
/usr/src/linux/drivers/net/README.eql
... and perhaps a follow up of that FTP link to see if there are
any updates are additional notes available on that site. There are
a couple of e-mail reports from users appended to this file ---
perhaps one of them can help more. I've never used the eql drivers
since speed was never my problem with online access --- it's just
the latency and dial time delays that used to drive me crazy.
____________________________________________________
(?) Upgrade Kills Name Server
From Anonymous on Fri, 25 Dec 1998
(?) I just upgraded"= to Red Hat 5.2 and set up everything as I had it
before and now I get the following:
fetchmail: POP3 connection to mail.nashville.com failed: temporary name server
error
Netscape can't recognize mail.nashville.com either. I am having to
send this from Windows email.
My etc/hosts file looks the same as it did before. What other files do
I need to check and/or post?
Thanks!!
(!) I'm just going to guess that the upgrade renamed some of your
files (probably your DNS zone files, possible even your
/etc/resolve.conf) to add the 'rpmorig' extension.
So, search for rpmorig files and look for the files that were put
in place of them. You'll have to manually resolve the differences.
(Use the 'diff' program).
I've complained to them before about their penchant for moving your
files out of the way when they to a upgrades. Their concern is that
the old configuration files may be incompatible with the new ones.
I've said that the disruption caused by users doing an upgrade when
they never realized or tracked which files there changed and
"configured" tends to outweigh the chances that a new package
upgrade will completely fail when presented with an older format of
its own configuration file.
One problem to consider is that you old version of Linux may have
been running BIND 4.9.x or earlier (I'm guessing that your system
is providing it's own DNS services). The new version (5.2) might be
installing BIND 8.1.2. These do have incompatible file formats for
the base configuration file --- however the name has chagned too.
The old one used named.boot. The new version uses /etc/named.conf.
There is a utility with the package to convert a named.boot file to
named.conf format. Actually the new format is much easier to set
up.
Anyway it is almost certain that you need to configure your 'named'
(BIND).
Unix mail doesn't normally refer to your /etc/hosts file since that
can't convey information about MX records and preferences. SMTP
mail routing is done via MX records --- not by host address (A)
records. So it doesn't matter what your /etc/hosts file look like
for this.
____________________________________________________
(?) MS Applications Support For Linux
From Marty Bluestein on Fri, 25 Dec 1998
(?) Is there a mechanism that enables MS apps to run under Linux? Is
anyone working on an autoloader for Linux?
(!) There are a few projects. The most prominent is WINE
(http://www.winehq.com). The goal of WINE is a complete
re-implementation of the Windows API's to achieve full binary
compatibility under any x86 Unix with X Windows (Linux is the
predominant platform but any other modern x86 Unix should be a
reasonable platform for WINE).
Another is Bochs (which has recently moved it's web pages to
http://www.bochs.com). Bochs is a package which emulates an x86 CPU
and PC chipset (similar to Connectix' "Virtual PC"). It runs on any
platform that can compile its C sources. I've heard that it works
reasonably well but is to slow for production use (for running Win
95 or 98 on a PC). Considering that you're using a PC to emulate a
full PC CPU and chipset this is not a surprising limitation.
For older MS Windows applications (3.1 and earlier) you might try
WABI --- a commercial Windows Applications Binary Interface which
is available for Linux from Caldera (http://www.caldera.com). This
is not be updated and is unlikely to ever support Windows '95 or
later applications.
For DOS (non-Windows) you can run a copy of MS-DOS, DR-DOS FreeDOS
or just about any other "real mode" x86 OS under the Linux
'dosemu'. (Just search for it in Yahoo! using "+linux +dosemu").
[ Its home page is hosted by SuSE ... http://www.suse.com/dosemu/
... I use it to run dBase stuff and it works pretty well at this
point. -- Heather ]
The DOS support is pretty good these days, though I don't use any
MS-DOS applications any more so I don't have much first hand
experience with it. The WABI support was pretty fast (it felt
faster running typical Windows 3.x programs under Linux than it did
under native MS-DOS on similar hardware --- probably do to Linux
more efficient filesystem and memory management).
When thinking about the limitations of Linux support Win '9x and NT
applications support (Win 32S) it is helpful to keep in mind that
these limitations are almost certainly a key design goal at
Microsoft. Although Linux was not on thier "radar" during the
design of Windows '95 and NT --- OS/2 certainly was.
Enmeshing the interfaces at various levels to make applications
difficult or impossible to support under competing operating
systems is one of the key strategies that Microsoft employs. The
current DoJ case against them is only a tip of the backlash that
consumers are now directing to this monopoly. The fact that Linux
installation tripled in the last year --- and that many
organizations are now considering Linux for their desktop
applications platform is ample evidence of that.
* (personally I think it's still a bit premature to be touting
Linux as typical workers desktop system --- though the introduction
of Corel's WordPerfect for Linux, and the release of an updated
Wingz Professional for the platform do certainly bode well for the
coming year. I've heard that Applixware 4.4.1 is also greatly
improved and the next version of StarOffice 5.x should stabilize
and mature that suite. Meanwhile GNOME, KDE, LyX, and GNUStep are
plodding along towards "prime time" availability).
So that fact that there is only limited support for MS apps under
Linux is a testimony to the skills of Microsoft's programmers. We
can surmise that preventing these applications from running on
non-Microsoft operating systems was given higher priority than
robustness, security, stability, integrity, or performance.
Probably the only features that were given priority over "trap the
user" were those that would enable magazine writers, and corporate
purchasing agents to "review" the products and feel that they had
evaluated them with about 15 minutes to an hour of actual work time
exposure. This forces the application programmer to put all sorts
of "features" onto menus, button bars, toolbars, icon ribbons, and
otherwise clutter the screens and windows. This is an endemic
problem in commercial software --- it's written to get reviews and
make sales, not to satisfy long term users.
Of course an alternative to direct MS Applications support is
support for their document formats. However this is another of
those key "customer trapping" opportunities. They do everything
short of strong (non-exportable) encryption to lock your data into
.DOC, .XLS, and .PPT formats. The latest Linux applications suites
and word processors are making some headway in this --- and I can
often extract contents from Word '97 files without too much fuss.
Earlier versions of Word are pretty well supported at this point.
You can bet that the next version of Office will egregiously break
format compatability. MS can't allow its customers any freedom of
choice or portability of documents to "other" platforms. That's
much too dangerous to their upgrade revenue scheme.
I've talked about MS Windows support and the evils of proprietary
document formats before. I personally think that the only rational
remedy for Microsoft's monopolistic practices would be for the DoJ
to impose a rule that MS produce freely available (open source)
"reference implementations" of standards C source code to peform a
reasonable suite of conversions and manipulations on all
"documents" produces by their applications (including .EXE and .DLL
"documents" produced by their programming "applications"). Under
this plan any upgrade to any MS product that failed compatibility
test suites with there freely available reference implementation
(converters, tools and filters) would result in an immediate
injunction on distribution until the reference implementation as
updated and vetted as compatible.
(Note that I didn't say that MS has to release any of the sources
to any of their products. Only that they must release some
reference implementation that is compatible with the file formats,
and freely usable in competing products --- free and commercial.
Their contention is that their products enjoy superior market share
as a result of superior interface and integration with one another
--- this would give them a unique opportunity to prove that).
I have no idea what you mean by an "autoloader for Linux."
(?) Thanks.
Marty Bluestein
____________________________
(?) Automount/autoloader
From Marty Bluestein on Fri, 25 Dec 1998
(?) OK. Guess I should have fully read your message before I
responded. By the term "autoloader" I mean a self installing function
- you stick in the CD and Linux (or some other OS) sets itself up. I
wasn't aware that MS was already loading their user's work (.DOC,.
XLS, etc.) with gotchas. I wonder if the DoJ is aware of and pursuing
this?
Marty
(!) There are several packages that will automatically mount CD's
(and floppies, NFS directories etc) for Linux. This is referred to
generically (under Unix) as "volume management" or "automounting"
(the latter term is more often used with regards to network file
systems while the former is exclusively used for local media).
Under Solaris there is a daemon called 'vold' that manages CD's.
Under Linux you can use the 'amd' (automount daemon) or an old
program called "Supermount" (Stephen Tweedie, if I recall
correctly). Under newer Linux kernels you can look for a module
called "autofs".
I haven't played with these much so I can't give real advice on
using them. However, you now have some key words to search on. If
you get one of them working in a way that seems like it would meet
a typical requirements scenario --- write it up as a mini-HOWTO and
solicit people to contribute sample configurations and descripts
for other common usage scenarios (or at least write up an
"unmaintained" mini-HOWTO and encourage the readers to adopt and
maintain it.
____________________________
(?) More on: MS Apps Support
From Marty Bluestein on Fri, 25 Dec 1998
(?) Although my ire against Gates, et al would like to see a good
platform running his apps that will probably be a moving target.
Better, I think, to develop a good set of apps that can work on the
docs that MS apps produce. MSs response would have to be to encumber a
user's work with junk to make it incompatible with any other apps. The
result of that could very well be disaster for MS. Could you imagine
having your work suddenly become incomprehensible because of the cute
little things your app put in it?
Marty
(!) I don't have to imagine this scenario. I've seen it happen many
times.
____________________________
(?) MS Applications Support For Linux
From Marty Bluestein on Fri, 25 Dec 1998
You are right on. My appreciation of MS coincides with yours. I wish I
had the time and the money to pursue that emulation of 95 and NT. Even
better would be a good, competitive set of apps. Corel's latest
release for Linux may indicate some movement in that direction. TNX
for your response. Happy Xmas.
Marty Bluestein
____________________________
(?) More on: MS Apps Support
From Marty Bluestein on Sat, 26 Dec 1998
(?) I've just installed Redhat. It is "auto loading". I now have a
problem which Redhat and I must resolve. I'll write it up and post it
when it's corrected. To whit.. WIN95 now crawls along as if it had a
bigger bag of sand on it's back. Re MS: I'd rather see MS broken up
into two separate companies. One doing APPS and the other doing OS.
TNX for responses. HAPPY XMAS, MERRY CHANUKAH, SWINGING KWANZA and
JOYFUL RAMADAN.
(!) I can't help with the Win '95 problem. It's probably confused
about WINS (Windows Naming System) or some other networking issue.
Re: Breaking up MS. Historically this has done NO GOOD with other
monopolies. Go read a decent historical account and business
analysis on JP Morgan (and wash that down with some Noam Chomsky).
I'd recommend a book for you --- but I'd have to refer to my father
to find one. My knowlege is definitely second-hand on this --- but
I've discussed it with a couple people whose background in the
fields of finance and history I respect.
Breaking them up is a fundamentally flawed approach. The
controlling interests -- the OWNERS will still be the same. The
resulting companies would clearly have mutual interests,
complementary product lines, and interlocking boards of directors.
Unfortunately this approach would "appease" the masses and actually
work in Bill G's favor (as it did with JP Morgan). It will allow
the DoJ to appear competent and be touted as a "tough on
(corporate) crime" victory. So, it's the most likely outcome.
It's also just about the worst way to deal with the problem. (It's
even worse than sitting back and doing nothing) since it sets
another bad precedent.
____________________________________________________
(?) Linux as a Home Internet Gateway and Server
From Nilesh M. on Thu, 24 Dec 1998
(?) Hi,
I just have some questions about setting up linux to run as a server
for my home computer and to share an internet connection and also to
setup as a server for the internet.
(!) O.K. That is three different roles:
1. Network Server (which services)
2. Internet Gateway (proxy and/or masquerading)
3. Internet Host/Server (which services)
It is possible for Linux to concurrently handle all three roles ---
though having all of your "eggs in one basket" may be not be a good
idea with regards to security and risk assessment.
Traditionally your concerns would also have encompassed the
capacity planning --- but a typical modern PC with 200+ Pentium
processor, 32Mb to 256Mb of RAM and 4Gb to 12Gb if disk space has
quite a bit of capacity compared to the Unix hosts of even 5 to 10
years ago.
(?) Do you know if I can setup a linux box with one 10mbs ethernet for
a modem and a 100mbs ethernet for a network in my house? Where do I
start and how would I do it.
(!) I presume you're referring to a 10Mbps ethernet for a cable
modem, ISDN router (like the Trancell/WebRamp, or the Ascend
Pipeline series), or a DSL router. These usually provide 10Mbps
interfaces and act as routers to the cable, ISDN or xDSL services
to which you're subscribed.
It's certainly possible for you to install two or three ethernet
cards into a Linux system. Any decent modern 100Mbps ethernet card
will also automatically handle 10Mbps if you plug them into such a
LAN. So you'd just put two of these cards into your system, plug
one into your router and the other into your highspeed hub.
You often have to add the following line to your /etc/lilo.conf to
get kernel to recognize the second ethernet card:
append="ether=0,0,eth1"
... the 0,0, is a hint to autoprobe for the IRQ and I/O base
address for this driver. Alternatively you might have to specify
the particulars for your cards with a line like:
append="ether=10,0x300,eth0 ether=11,0x280,eth1"
... instead. This line must be present in each of the Linux
"stanzas" (groups of lines which refer to different Linux kernels
with their corresponding root filesystem pointers and other
settings).
Of course you must run the /sbin/lilo command to read any changes
in your /etc/lilo.conf file and "compile" them into a new set of
boot blocks and maps.
If you have a normal modem connected to the system --- it's
possible to use that as well. You can use PPP (the pppd program) to
establish Internet connection over normal phone lines. There are
also internal ISDN, T1 "FRADs" (frame relay access devices) and
CSU/DSU (or Codecs --- coder decoder units) that can be installed
into your PC and controlled by Linux drivers.
I've seen references to the ipppd to control some sorts of internal
ISDN cards. I think most of the others have drivers that make them
'look like' a modem or ethernet driver to Linux.
(?) I just want to buy two 100mbs ethernet cards to hook up to each
other... so I don't think I'd need a hub do I? I only want two
computers hooked up to this makeshift network.
(!) You either need a hub, or you need a "crossover" ethernet patch
cord. A normal cat 5 ethernet patch cord isn't wired correctly to
directly connect two ethernet cards.
(?) Any help would be appreciated, especially something like a link to
a document which would give me a step by step setup.
(!) I don't have such a link. As you may have realized there are a
couple of hundred HOWTO documents on Linux and many of them relate
to configuring various services.
Let's go back to our list of different roles:
Network Server (which services) Internet Gateway (proxy and/or
masquerading) Internet Host/Server (which services)
Starting at the top. You have a small network that is not normally
connected to the Internet (there isn't a permanent dedicated
Internet connection). So, you probably want to use "private net"
addresses for your own systems. These are IP addresses that are
reserved --- they'll never be issued to any host on the Internet
(so you won't create any localized routing ambiguities by using
them on your systems).
There are three sets of these number:
192.168.*.* 255 Class C nets 172.16.*.* through 172.31.*.* 15 Class
B nets 10.*.*.* 1 Class A net
... I use 192.168.42.* for my systems at home.
... These addresses can also be used behind firewalls and Internet
gateways. The classic difference between a router and a gateways is
that a router just routes package between networks (operating at
the "transport" layer of the ISO OSI reference model) while a
gateway does translation between protocols (operating at the
applications or other upper layers of the reference model).
In the case of Linux we can configure our one Linux system to act
as local server and as an Internet gateway. Our gateway can operate
through "proxying" (using SOCKS or other applications layer
utilities to relay connections between our private network and the
rest of the world), or through IP masquerading (using network
address translation code built into the kernel to rewrite packets
as they are forwarded --- sort of a network layer transparent
proxying method).
However, we're getting ahead of ourselves.
First we need to setup our Linux LAN server. So we install Linux
and configure its internal ethernet card with an IP address like
192.168.5.1. This should have a route that points to our internal
network, something like:
route add -net 192.168.5.0 eth0
... to tell the kernel that all of the 192.168.5.* hosts will be on
the eth0 segment.
Now, what services do you want to make accessible to your other
systems.
By default a Linux installation makes a common set of services
(telnet, NFS, FTP, rsh, rlogin, sendmail/SMTP, web, samba/SMB, POP
and IMAP etc) available to any system which can reach you. Most of
these are accessible via the "internet service dispatcher" called
'inetd'. The list of these services is in the /etc/inetd.conf file.
Some other services, such as mail transport and relaying
(sendmail), and web (Apache httpd) are started in "standalone" mode
-- that is they are started by /etc/rc.d/*/S* scripts. NFS is a
special service which involves several different daemons --- the
portmapper and mountd in particular. That's because NFS is an "RPC"
based service.
The fact that any system that can route packets to you can request
any service your system offers, and the fact that most Unix and
Linux systems offer a full suite of services "right out of the box"
has classically been a major security problem. Any bug in any
service's daemon could result in a full system compromise which
could be exploited from anywhere in the world. This is what led to
the creation of TCP Wrappers (which is installed in all major Linux
distribution by default --- but is configured to be completely
permissive by default). It is also why we have "firewalls" and
"packet filters."
It's tempting to think that you'll be too obscure for anyone to
break into. However, these days there are many crackers and 'script
kiddies' who spend an inordinate amount of time "portscanning" ---
looking for systems that are vulnerable --- taking them over and
using them for further portscanning sniffing, password cracking,
spamming, warez distribution and other activities.
I recently had a DSL line installed. So, I'm now connected to the
Internet full time. I've had it in for less than a month and there
are no DNS records that point to my IP addresses yet. I've already
had at least three scans for a common set IMAP bugs and one for a
'mountd' bug. So, I can guarantee you that you aren't too obscure
to worry about.
You are also at risk when you use dial-up PPP over ISDN or POTS
(plain old telephone service) lines. The probabilities are still
reasonably on your side when you do this. However, it's worth
configuring your system to prevent these problems.
So, you'll want to edit two files as follows:
/etc/hosts.allow
ALL:LOCAL
/etc/hosts.deny
ALL:ALL
... that's the absolute minimum you should consider. This
configuration means that the tcpd program (TCP Wrappers) will allow
access to "local" systems (those with no "dots" in their host
names, relative to your domain), and will deny access to all
services by all other parties.
For this to work properly you'll have to make sure that all of your
local hosts are given proper entries in your /etc/hosts file and/or
that you've properly set up your own DNS servers with forward and
reverse zones. You'll also want to make sure that your
/etc/host.conf (libc5) and/or /etc/nsswitch.conf (glibc2, aka
libc6) are configured to give precedence to your hosts files.
My host.conf file looks like:
# /etc/host.conf
order hosts bind
multi on
and my /etc/nsswitch.conf looks like:
passwd: db files nis
shadow: db files nis
group: db files nis
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
glibc2 has hooks to allow extensible lookup for each of these
features through modular service libraries. Thus we'll soon be
seeing options to put 'LDAP' in this services switch file --- so
that hosts, user and group info, etc could be served by an nss_ldap
module which would talk to some LDAP server. We could see some user
and group information served by "Hesiod" records (over DNS or
secure DNS protocols) using some sort of nss_hesiod module. We
might even see NDS (Novell/Netware directory services) served via
an nss_nds module.
But I'm straying from the point.
Once you've done this, you should be able to provide normal
services to your LAN. Precisely how you set up your client system
depends on what OS they run and which services you want to access.
For example. If you want to share files over NFS with your Linux or
other Unix clients, you'd edit the /etc/exports file on your Linux
server to specify which directory trees should be accessible to
which client systems.
Here's an exports file from one of my systems:
# / *.starshine.org(ro,insecure,no_root_squash)
# / 192.168.5.*(ro,insecure,no_root_squash)
/etc/ (noaccess)
/root/ (noaccess)
/mnt/cdrom 192.168.5.*(insecure,ro,no_root_squash)
... note I've marked two directories as "noaccess" which I use when
I'm exporting my root directory to my LAN. I do this to prevent any
system in the rest of my network from being able to read my
configuration and passwd/shadow files. I only export my root
directory in read-only mode, and I only do that occasionally and
temporarily (which is why these or commented out at the moment). My
CDROM I leave available since I'm just not worried about anyone in
the house reading data off of any CD's I have around.
Keep in mind that NFS stands for "no flippin' security" --- anyone
in control of any system on your network can pose as any non root
user and access any NFS share "as" that user (so far as all
filesystem security permissions are concerned. NFS was designed for
a time when sites only had a few host systems and all of those were
connected and tightly controlled in locked rooms. NFS was never
intended for use in modern environments where people can carry a
Linux, FreeBSD, or even Solaris x86 system into your office under
one arm (installed on a laptop) and connect it to the nearest
ethernet jack (now scattered throughout every corner of modern
offices --- I've seen them in the reception areas of some sites).
To do filesharing for your Windows boxes you'd configure Samba by
editing /etc/smb.conf. To act as a fileserver for your MacOS
systems you'd install and configure 'netatalk'. To emulate a
Netware fileserver you'd install Mars_nwe, and/or buy a copy of the
Netware Server for Linux from Caldera (http://www.caldera.com).
There are ways to configure your system as a printer server for any
of these constituencies as well.
Beyond file and print services we move to the "commodity internet
services" like FTP, telnet, and HTTP (WWW). There's generally no
special configuration necessary for these (if you've installed any
of the general purpose Linux distributions).
If you create an FTP account in your /etc/passwd file then
anonymous FTP will be allowed to access a limited subdirectory of
files. If you rename this account to "noftp" or to "ftpx" or to
anything other than "ftp" and/or if you remove the account entirely
than you system will not allow anonymous FTP at all. If you allow
anonymous FTP you can simply put any file that you want made public
into the ~ftp/pub directory --- and make sure that they are
readable. By default the FTP services are run through tcpd so they
will respect your hosts.allow/hosts.deny settings.
If you're going to set up a "real" FTP site for public mirroring or
professional "extranet" applications you'd want to use ncftpd,
proftpd, or beroftpd instead of the now aging WU-ftpd or the old
BSD FTP daemon (in.ftpd). These alternative FTP daemons have their
own configuration files and can support virtual hosting and other
features. In some of them you can create "virtual users ---
accounts that are only valid for FTP access to specific FTP
subtrees and/or virtually hosted services --- accounts that can be
used to access any other service on the system.
Web services are controlled with their own configuration files.
There are a couple of whole books just on the configuration of
Apache servers. By default they let anyone view any web pages that
you put into the 'magic' directories (/home/httpd/docs or something
like that).
It's possible to limit access to specific directories according the
the IP addresses (or reverse DNS names) of the clients. As with TCP
Wrappers this should not be considered to be a form
"authentication" --- but it can be used to distinguish between
"local" and "non-local" systems IF YOU HAVE ANTI-SPOOFING PACKET
FILTERS in place (a part of any good firewall).
telnet, rlogin, rsh, and other forms of interactive shell access
are generally pretty easy to setup. Like many Unix/Linux services
it is harder to disable or to limit access to these services than
it is to allow it.
Under Red Hat Linux access to these and other "authenticating"
services can be controlled by editing PAM configuration files under
/etc/pam.d/
So, the short answer to the question "How do I set up Linux as a
server?" is you install it, setup its address and routing, then you
install and configure the services that you want to provide.
Now, when we we want to use Linux as a gateway to the Internet (or
any other network --- to connect you home network to your office or
to a friend's network) you first resolve the addressing and routing
issues (set up your second interface and add the appropriate
routes). Then you use IP masquerading or proxy services (SOCKS) to
allow your systems (using the non-routable "private net" addresses)
to access services on the Internet.
To use IP masquerading with the old ipfwadm code (as present in the
standard 2.0.x kernels you just issue a command like:
ipfwadm -F -a accept -m -D 0.0.0.0/0 -S 192.168.5.0/24
... which adds (-a) a rule to the forwarding (-F) table to "accept"
for "masquerading" (-m) any packets that are "destined for" (-D)
anywhere (0.0.0.0/0) and are from source IP addresses (-S) that
match the pattern 192.168.5.0/24 (an address mask that specifies
the first 24 bits, or three octets as the "network portion" of the
address --- and therefore covers that whole class C network).
You should definitely use a modular kernel and almost certainly
should have 'kerneld' loaded when you use this masquerading
technique. That's because there are several common protocols
(especially FTP) which require special handling for masquerading
(in the case of FTP there's a data connection that comes back from
the server to the client, while the data connection when in the
usual direction from the client to the server.
For this reason I actually prefer applications proxying. To use
that you go to the "contrib" directory at any Red Hat site and
download the SOCKS server and client packages. You install the
server on your Linux gateway then you install the clients on any of
your Linux clients.
On the SOCKS gateway you create a file: /etc/socks5.conf with
something like this for its contents:
route 192.168.5. - eth0
permit - - - - - -
... there are many options that you can use to limit access to the
socks gateway --- but this is the simplest working example.
On the Linux clients you create a file named /etc/libsocks5.conf
with an entry in it that looks something like:
socks5 - - - - 192.168.5.2
noproxy - 192.168.5. -
... where the ".2" address is the one on which I was running this
SOCKS server.
For the non Linux clients you have various different configuration
methods. Most Windows TCP/IP utility suites (other than
Microsoft's) support SOCKS proxies. There are replacement
WINSOCK.DLL's that support this proxying protocol transparently for
most/all other Windows services. The MacOS applications also seem
to support SOCKS pretty widely.
There are a few alternatives to NEC's SOCKS servers. I've found
"DeleGate" to be a pretty good one (search for it on Freshmeat).
DeleGate as the advantage that you can use it as a "manually
traversed" proxy as well as a "SOCKS" compatible one. The SOCKS
proxying protocol allows the client software to communicate with
the proxy server to relay information about the request to it, so
that it can, in turn, relay that to a process that runs on the
external servers. This is called "traversal."
Non-SOCKS proxies have to have some other traversal mechanism. Many
of them are "manually traversed" --- I telnet or ftp to the TIS
FWTK proxies (for example) and I log in as
"myname@myrealtarget.org." --- in other words I encode additional
account and destination information into the prompts where I'd
normally just put my account name.
DeleGate allows you do use this manual traversal mechanism when you
are stuck with a non-SOCKSified client.
I've also seen reference to another SOCKS server package called
"Dante" --- that's also listed at Freshmeat
(http://www.freshmeat.net).
There are also a few other types of proxies for special services.
For example the Apache web server, and the CERN web server and a
few others can be used as "caching web proxies." Squid can proxy
and cache for web and FTP.
Some services, such as mail and DNS are inherently "proxy" capable
by design. I can't adequately cover DNS or e-mail services in this
message. There are full-sized books on each of these.
So that's the very basics of using Linux as a gateway between a
private LAN and the Internet. If you get a set of "real" IP
addresses, and you insist on using these to allow "DRIP" (directly
routed IP) into your LAN you don't have to do any of this IP
masquerading or proxying --- but you should do some packet
filtering to protect your client systems and servers.
Good packet filtering is difficult. I alluded to one of the problem
when I pointed out that FTP involves two different connections ---
an outgoing control connection and an incoming data connection.
There's also a "PASV" or "passive" mode which can help with that
--- but it still involves two connections. This wreaks havoc with
simple packet filtering plans since we can't just blindly deny
"incoming" connection requests (based on the states of the "SYN"
and "ACK" flags in the TCP packet headers. One of the "advantages"
(or complications) of "stateful inspection" is that it tracks these
constituent connections (and the TCP sequencing of all connections)
to ensure consistency.
A decent set of packet filters will involve much more code than the
set of proxying and masquerading examples I've shown here. I
personally don't like DRIP configurations. I think they represent
too much risk for typical home and small business networks.
However, here's a sample
# Flush the packet filtering tables
/root/bin/flushfw
# Set default policy to deny
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -O -p deny
# Some anti-martian rules -- and log them
## eth1 is outside interface
/sbin/ipfwadm -I -o -W eth1 -a deny -S 192.168.0.0/16
/sbin/ipfwadm -I -o -W eth1 -a deny -S 172.16.0.0/12
/sbin/ipfwadm -I -o -W eth1 -a deny -S 10.0.0.0/8
/sbin/ipfwadm -I -o -W eth1 -a deny -S 127.0.0.0/8
# Some anti-leakage rules -- with logging
## eth1 is outside interface
/sbin/ipfwadm -O -o -W eth1 -a deny -S 192.168.0.0/16
/sbin/ipfwadm -O -o -W eth1 -a deny -S 172.16.0.0/12
/sbin/ipfwadm -O -o -W eth1 -a deny -S 10.0.0.0/8
/sbin/ipfwadm -O -o -W eth1 -a deny -S 127.0.0.0/8
## these are taken from RFC1918 --- plus
## the 127.* which is reserved for loopback interfaces
# An anti-spoofing rule -- with logging
/sbin/ipfwadm -I -o -W eth1 -a deny -S 222.250.185.16/28
# No talking to our fw machine directly
## (all packets are destined for forwarding to elsewhere)
/sbin/ipfwadm -I -o -a deny -D 222.250.185.14/32
/sbin/ipfwadm -I -o -a deny -D 222.250.185.30/32
# An anti-broadcast Rules
## (block broadcasts)
/sbin/ipfwadm -F -o -a deny -D 222.250.185.15/32
/sbin/ipfwadm -F -o -a deny -D 222.250.185.31/32
# Allow DNS
## only from the servers listed in my caching server's
## /etc/resolv.conf
/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp -S 192.155.183.72/32
/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp -S 192.174.82.4/32
/sbin/ipfwadm -F -a acc -D 222.250.185.18/32 -P udp -S 192.174.82.12/32
# anti-reserved ports rules
## block incoming access to all services
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 1:1026 -P tcp
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 1:1026 -P udp
# Diode
## (block incoming SYN/-ACK connection requests)
## breaks FTP
/sbin/ipfwadm -F -o -a deny -D 222.250.185.16/28 -y
## /sbin/ipfwadm -F -o -i acc \
## -S 0.0.0.0/0 20 -D 222.250.185.16/28 1026:65535 -y
## simplistic FTP allow grr!
# Allow client side access:
## (allow packets that are part of existing connections)
/sbin/ipfwadm -F -o -a acc -D 222.250.185.16/28 -k
There are bugs in that filter set. Reading the comments you'll see
where I know of a rule that handles most FTP --- but opens risks
any services that run on ports above 1024 --- like X windows
(6000+) etc. This would simply require the attacker to have control
of their system (be root on their own Linux or other Unix system
--- not too tough) and for them to create package that appeared to
come from their TCP port 20 (the ftp data port). That's also
trivial for anyone with a copy of 'spak' (send packet).
So, I have this rule commented out and I don't show a set of rules
to allow localhost systems to connect to a proxy FTP system.
Note that these addresses are bogus. They don't point to anything
that I know of.
The only parts of this set of filters that I feel confident about
are the parts where I deny access for incoming spoofed packets (the
ones that claim to be from my own addresses or from non-routable or
"martian" addresses like localhost). I also have rules to prevent
my system from "leaking" any stray private net and/or martian
packets out into the Internet. This is a courtesy --- and it has
the practical benefit that I'm much less likely to "leak" any
confidential data that I'm sharing between "private net" system on
my LAN --- even if I screw up my routing tables and try to send
them out.
I've read a bit about ipfil (Darren Reed's IP Filtering package ---
which is the de facto standard on FreeBSD and other BSD systems and
which can be compiled and run on Linux. This seems to offer some
"stateful" features that might allow one to more safely allow
non-passive FTP. However, I don't know the details.
The 2.2 kernels will include revamped kernel packet filtering which
will be controlled by the 'ipchains' command. This is also
available as a set of unofficial patches to the 2.0 series of
kernels. This doesn't seem to offer any "stateful inspection"
features but it does have a number of enhancents over the existing
ifpwadm controlled tables.
Your last question was about configuring Linux as an Internet
server (presumably for public web pages, FTP or other common
Internet services.
As you might have gathered by now; that is the same as providing
these service to your own LAN. Under Linux (and other forms of
Unix) any service default to world-wide availability (which is why
we have firewalls).
I've spent some time describing how Linux and other Unix systems
need to be specially configured in order to limit access to
services to specific networks. Otherwise someone in Brazil can as
easily print document on your printer as you.
To be an Internet server all you have to do is have a static IP
address (or regularly update your address record at
http://www.ml.org). Once people know how to route requests to your
server --- assuming you haven't taken steps to block those requests
--- Linux will serve them.
Most of the challenges in setting up networks relate to addressing,
routing, naming and security. Most of us still use "static" routing
for our own networks --- just manually assigning IP addresses when
we first deploy our new systems. Most of us with dial-in PPP get
dynamic IP addresses from our ISP's. Some sites now use DHCP to
provide dynamic addresses to desktop systems (servers still need
consistent addresses --- and using DHCP for those just introduced
additional opportunities for failure).
For routing, subnetting, and LAN segmentation issues --- read my
posting on routing from last month (I think Heather is publishing
it this month). That's about 30 pages long!
(The one thing I glossed over in that was "proxyarp" on ethernet.
It's covered in another message this month so glance at it if you'd
like to learn more.)
I hope I've imparted some hint on the importance of considering
your systems security. Even if you have nothing of value on your
systems --- if the thought of some cracker vandalizing your files
for kicks is of no concern to you --- it is irresponsible to
connect a poorly secured system to the Internet (since your
compromised system may be used to harass other networks).
(?) I would like to write a faq about this after I'm done... hopefully
I can help other after a bit of exprimenting myself.
(!) While the offer is appreciated --- it would be more of a book
than an FAQ. However, I would like to see some "Case Studies" ---
descriptions of typical SOHO (small office, home office),
departmental, and enterprise Linux (and heterogenous)
installations.
These would include network maps, "sanitized" examples of the
addresses, routing tables and configuration files for all services
that are deployed in the network, on all of the clients and servers
present. Company, domain and other names, and IP addresses would be
"anonymized" to discourage any abuse and minimize any risk
represented by exposure. (E-mail addresses of the contributors
could be "blind" aliased through my domain or hotmail, or
whatever).
The important thing here is to define the precise mixture of
services that you intend to provide and the list of users and
groups to which you intend to provide them. This is a process that
I've harped on before -- requirements analysis.
You need to know who you are serving and what services they need.
(?) Thanks
Nilesh.
____________________________________________________
(?) Persistent Boot Sector
From Hummingbird Designs on Thu, 24 Dec 1998
(?) Hi,
I installed Linux on my PC at work and had everything working with
System commander, I have to use NT for some apps we use at work.
anyway, I was trying to get the nic card working so I tried using the
setup tool to install the kernel from the Cdrom that is used to
install linux off a network. Now everytime I turn on the machine it
gives me the screen as if I had installed a bootdsk like when you
first install Linux. I have done EVERYTHING I know of to get that out
of there . . .I used a zerofill utility that goes over each and every
sector of every track and fills it with 0's including the MBR. and
that damn message still comes up everytime I boot. . . I was thinking
of removing my Hard drive and seeing if it flashed my BIOS or
something cause according to Quantum9its a quantum drive) their
utility is almost like a low level format.
(!) "the setup tool..." (what setup tool?) "the screen as if I had
installed a bootdsk[sic]" (what screen?) "EVERYTHING" (what is
"everything?"). "zerofill utility" (what utility?) "that damn
message" (what damn message?).
You do seem to be a bit sketchy on the specifics so I'll have to
guess.
You had (some distribution of) Linux installed on your system in a
dual boot configuration with NT. You were using System Commander as
your primary boot manager. Presumably you installed LILO (the Linux
loader) into the "logical boot record" (the "superblock") of one of
your Linux filesystems (presumably the root fs). While trying to
configure or troubleshoot some problem with a network card (NIC)
you used some sort of "setup" utility which somehow configured your
system to bypass System Commander's boot record (presumably by
overwriting it with a copy of LILO). You've tried some ways to
restore your System Commander installation, and/or to build a new
MBR, and those have been unsuccessful.
O.K. Given that guess work I have a hypothesis. You may have run
something like 'FDISK /MBR' from your NT boot disk. This may have
enabled the active partition in your MBR. The DOS MBR code would
load the logical boot record of the active partition. If your Linux
partition (with its copy of LILO in the superblock" ) just happened
to be the active partition at the time --- you might see that copy
of LILO (one of two that had been installed on your disk, one on
the MBR and the other in the LBR/superblock) as the first screen on
boot up.
(I'm not sure this scenario accounts for all of your symptoms since
this is all based on guesswork).
I have no idea what your "zero fill" utility is doing --- but it
almost certainly is not zero'ing out track zero of your hard drive
(including the MBR). That would render the system unbootable and
would destroy the primary copy of your partition table (the last 50
bytes or so of the MBR). The Linux/Unix command to do this is very
simple:
dd if=/dev/zero of=/dev/hda bs=512 count=63
... where /dev/hda is the first IDE drive, 512 is the bytes per
sector and count is the number of sectors in a typical track. DON'T
DO THIS! (If you insist on doing this, first double check which
device you want to use, the first IDE is /dev/hda and the first
SCSI is /dev/sda, then check the number of sectors per track ---
which should be listed in your CMOS setup for an IDE drive and
would be listed in your vendor documentation and possibly by your
SCSI adapter diagnostics firmware).
You could save a copy of your MBR and partition table using dd with
a command like:
dd if=/dev/hda bs=512 count=1 of=/root/mbr.bin
... which you can use in scripts to compare and replace your MBR in
future mishaps.
It's possible that System Commander's boot loader is still in the
MBR --- but that it's been configured to skip it's opening
menu/selection prompting and boot directly off of your Linux
partition.
Of course it's also possible that Linux as completely taken over
your system; that's it's run amok and overwritten every partition
and drive on the system. In my experience that would only happen if
you (or someone) told it do do this. I've never seen Linux touch
any part of a hard drive unless it was "told" to do so. (Unlike
MS-DOS, OS/2, and Windows which periodically trash the MBR when
they hang --- apparently scribbling register or random memory
contents over track zero, sector zero when those zero's just happen
to be in the the register during the dying spasms of those
systems).
There is virtually no chance that Linux touched your flash BIOS ---
so this is not a bug in your firmware. I'd say that this "zerofill"
utility is highly suspect. Obviously Linux users just use the 'dd'
command for this sort of thing.
As for how to fix you problem. You could try re-installing System
Commander. I've never used it --- but it seems that it can find
most types of partitions during installation --- so it should be
able to find your NT and Linux filesystems and install a new copy
of it's boot loader code to start either of these systems. I've
never used System Commander --- but it is commercial software ---
so it SHOULD come with some technical support. Perhaps they can
walk you through the re-installation.
Keep in mind that LILO can still be installed on your MBR, your
superblock, or both, so it might still show up after you have
System Commander or NT's boot manager installed. It should then
only come up after you've selected an option from your primary boot
loader. This can be a bit confusing --- so you can reconfigure lilo
to bypass any prompts or delays when you're calling it in this
fashion.
Keep in mind that you can also find, download, and install
LOADLIN.EXE into a DOS directory somewhere on your system. You can
use that instead of LILO (it's a DOS program that loads linux
kernels). I've heard a rumor that there is an NT native console
application (an NT .EXE that you'd run under a CMD.EXE shell) to
load Linux. I've never seen it.
If you end up having to re-install Linux and NT (probably
unnecessary --- but it might be the easiest way) you can configure
Linux to boot from floppy and never touch the boot records on your
hard disk. It's also possible to configure Linux to use some other
hard disk on your system --- and not have it touch your primary
drive at all.
Read through back issues of this column and go through the various
multi-boot HOWTO's and mini-HOWTO's at the LDP site
(http://metalab.unc.edu/LDP) and it's mirrors. There are many
options.
(?) C's from home and a nic card I know to install linux over the
network and see if that gets rif of it.
(!) I don't get this at all. How would you expect installing Linux
(over a network or otherwise) to get rid of a Linux boot loader.
(?) any help would be appreciated
Brian Korsund
____________________________________________________
(?) Secondary MX Records: How and Why
From Craig Capodilupo on Thu, 24 Dec 1998
(?) Some domains have multiple MX records. Sometimes the MX record of
lower preference, say 20, is an off-site domain. Does this off-site
server have to be configured to hold mail until the primary exchanger
is back online?
I am going to use my UNIX server as a secondary mail exchanger but I
am not sure if it has to be configured.
(!) In the good old days there was no special tricks to providing
secondary MX for your friends. They would just add you mail server
to their DNS records, listing you as a "less preferred" mail
exchanger (an MX record with a higher value than any of yours).
Mail would be relayed automatically.
This was in the days of "promiscuous mail relaying" --- it was
easier to just let anyone relay mail though anyone else. However,
just as venereal disease contributed to the demise of the "free
love" promiscuity of the '60's --- the blight of spam as spelled
the end of open e-mail relaying in our decade.
The problem was that spammers would dump their e-mail on any open
relay --- one piece of mail that might be addressed to thousands of
happless recipients (and with the return addresses forged on top of
that).
When you install 'sendmail' version 8.9.x and later the open relay
to which early versions defaulted are now closed. You'll have to
create a relay map (default location in /etc/mail/relay-domains) to
enable relaying for your sites).
There are some questions that relate to this in the 'sendmail' FAQ
at:
http://www.sendmail.org/faq/section3.html#3.27
... although you could disable this feature and allow promiscuous
relaying --- I'd not suggest this.
You'd eventually get hit by a spammer and then you'll probably end
up on Paul Vixie's "Real-time blackhole list" (the RPL) or on
"DorkSlayer's" ORBS (open relay blocking system). There are many
sites these days that subscribe to these free DNS lookup services
in their "check_relay" macros --- and deny any mail access
whatsoever from any site listed on one or either of these.
However, that should be all there is to it. Normally your mail
would just get tossed into the queue at your MX secondary's site
where it will languish until your site is back up (or less busy, or
whatever). In other words whatever connectivity problem the
original sender's site had in getting to your primary MX host will
probably go away within a few hours --- and your secondary MX will
relay your mail during its normal queue runs. The orginal sender
will get delay notifications (4 hours, 4 days, etc) according to
the settings in your secondary's configuration files.
Some people use these features in their firewall configuration ---
they place a higher MX host outside their main network (on the
exposed network segment) --- and all outside mail has to hit it
first (since they can never connect to the preferred hosts inside
due to the packet filters). The packet filters then allow that
exposed host (and only that exposed host) to transfer files into
the domain. Thus the potential attacker can't attempt to directly
exploit bugs in the internal SMTP daemon (especially if the
"exposed" host is behind an anti-spoofing screen, and has "source
routing" disabled, which all Linux systems default to).
A more elegant approach is to use "split DNS" --- so that the
external/exposed MX host appears (to the outside world) to be the
preferred mail destination while the real preferred system (to your
internal systems, and to your exposed host itself) is sequestered
on your internal network using non-routable "private net"
addresses. The advantage to this is that your potential attackers
don't have any information about your internal structure --- and
they can't route packets to your internal hosts at all (those don't
have "real" IP addresses). Thus the outside attacker has to resort
to high wizardry to get packets to your hosts, before any exploits
can even be attempted.
(I should note that any attacks that can be carried through the
mail contents will still get delivered to you. The bugs this
protects you from are those in the TCP connection handling of the
daemons --- not in the parsing of headers and message contents).
I've heard of some sites that maintain separate queues for their
relay neighbors. I don't know exactly how that works --- but its
similar to the way that ISP's maintain queues for their SMTP
customers. Basically they create a rule (probably an entry in their
mailertable) that calls the relay mailer with an extra parameter.
Thus all the queue items end up in special, separate directories.
Then the SMTP ETRN command can be used (by customers) to force a
queue delivery (something like: 'sendmail -q -O
QueueDirectory=/var/spool/mqueue.customerX') when the customer's
connection comes up.
Then there are sites that deliver all mail to a given site into a
single mail spool (mbox) file. Hopefully they are adding the
"X-envelope-To:" headers as they do this. Then their clients use
'fetchmail' to grab these messages, split them back out and
dispatch them according to the delivery policies at the
disconnected site.
Personally I still prefer UUCP for handling mail to disconnected
sites. However, it is getting increasingly difficult for new users
to find people who understand UUCP. (Oddly one study showed that
the use of UUCP hasn't decreased at all -- it's grown at a slow,
steady couple of percent all along. However, compared to the
explosive growth of the Internet it as seemed, by comparison to
completely disappeared. I think UUCP is still a very good option
for emerging countries and for anyone that isn't maintaining
dedicated connections to the Internet --- though I'd say that a bit
of work should be done on simple configuration tools and examples.
It's easy enough to use UUCP as a transport for DNS/Internet
"domain" style addresses. So we don't need to ever return to the
bad old days of "bang paths").
(?) TIA,
Craig
____________________________________________________
(?) 'lpd' Bug: "restricted service" option; Hangs Printer Daemon
From Michael Martinez on Thu, 24 Dec 1998
(?) The lpd that RedHat linux supplies has a problem. If you send it a
print job across the network, and you do not have an account on the
print serve, lpd forks a child, creates an entry for you in the queue,
then hangs because it can't find your user id. Do you know a remedy
for this?
Michael Martinez
System Administrator, C.S. Dept, New Mexico Tech
(!) I think I read about this in the security mailing lists
recently. It seems to be related to the "restricted service" (rs)
option in your /etc/printcap.
One option would be to remove the rs option from the printcap and
use packet filtering and hosts_access (TCP_Wrappers) to restrict
access to your print server(s).
Then look for updates to the packqage itself.
The first thing to do is to report this to Red Hat Inc. after
checking their web site and for any updates to this package. First
find the package name using rpm -q /usr/sbin/lpd. This will tell
you which RPM package included the lpd command.
Then connect to ftp://updates.redhat.com (or one of its mirror
sites). I don't see one there yet. If you aren't already using the
most current Red Hat version (5.2 at this point) then check for
that package in the RPMS directory for the latest. Red Hat Inc
normally embeds the version in the package and file names.
My S.u.S.E. system (which uses RPM format but uses a different
suite of RPM files) reports lprold-3.0.1-14 as the package name
that owns '/bin/sbin/lpd' --- so I'd look for a S.u.S.E. RPM that
was later than that.
Failing that look for a Debian package (an update) and try using
"alien" to convert that into an RPM. Look up the Debian maintainer
for that package at the http://www.debian.org web site.
If that doesn't work, look for a canonical "home" site for the
package (lpr/lpd is a classic BSD subsystem --- so looking at the
FreeBSD NetBSD and/or OpenBSD sites for a later version of the
"tarball" (sources in .tar format) might work. Look in the man
pages and run 'strings' on the lpd binary --- and look through
other docs (use rpm -ql <packagename> for a list of all files in
that package) to see if an author or maintainer for the base
package is listed. Then you can look at that maintainer's web site
or FTP server, and/or possibly e-mail them.
(The BSD sites are http://www.freebsd.org, http://www.netbsd.org,
http://www.openbsd.org, in case you needed them.)
If you have a competent programmer on hand (I'm am not a competent
programmer) you could have them look through the sources and apply
a fix. Then you'd e-mail the diffs to your patches to the
maintainer of the package (possibly copying Red Hat Inc as well).
If you also looked at the Debian site for an update you can copy
their maintainer on your fix as well.
They may not accept your patches --- but they will certainly
appreciate the effort and it may help them focus on the right part
of the code.
This is how Linux got where it is today. (I've sent patches in on
'sendmail', 'md5sum' and 'tripwire' in the past --- and I'm not a
programmer. So anyone who does feel competent in the art should not
be intimidated by the notion, and won't have to spend nearly as
long poring over the sources as I did for my pathetic little
suggestions).
I'd like to suggest one modest "New Year's Resolution" to every
Linux user:
Find one bug or typo. Fix it.
... hunt through the man pages, docs, sources, etc of a few of your
favorite packages. Find one thing that's wrong or missing, correct
it (or find someone to do it with you) and submit the patch to the
appropriate parties.
Last year was the first year Linux was taken "seriously." Let's
make this the year that we prove that the "open source" (TM)
process is maintainable and yields truly superior and mature
results.
____________________________
(?) LPD forks and hangs/Linux
From Michael Martinez on Sat, 26 Dec 1998
Thanks a bunch for your great, documented help. Just so you know, RH
5.2 ships with this problem. So, I'll check out the other resources
you gave me. I've considered writing a patch for it - I might just do
it!
Merry Christmas,
Michael Martinez
System Administrator, C.S. Dept, New Mexico Tech
____________________________________________________
(?) Dual Boot Configurations
From Justin Jenkins on Thu, 24 Dec 1998
(?) I'm ashamed to ask this but I don't know how! i got a copy at
work, and installed it on an old 166 I would like to install it on my
450 can you help me?? -thanks Justin
(!) Have you tried the HOWTO?
http://metalab.unc.edu/LDP/HOWTO/mini/Linux+DOS+Win95+OS2.html
____________________________________________________
(?) Microtek Scanner Support: Alejandro's Tale
From AmericanPride88 on Sat, 26 Dec 1998
(?) Hello Alejandro, I'm pretty annoyed that when I went to download
the file at Microtek Ibelieve it was this?/ epp 264 exe.
They didn't have it available , They should at least include some info
about their hardware on a CD so that my Hardware Wizard can setup the
right driver for the Damn Scanner, someone suggested. I try a HP
scanner. I believe I will
Return the C3 tomorrow. It was my Christmas present it's been nothing
but a Dissapointment to me. Thank you...
If you can suggest a compatible Driver or anything else please do.
Thanks again!1
Sincerely, Rebecca
(!) Who is Alejandro?
Rebecca, it looks like you have sent this message astray. First I'm
not Alejandro, I'm Jim Dennis. You sent this to "linux-questions-only@ssc.com"
which is the access point to the Linux Gazette "Answer Guy" column
--- providing free technical support (and a bit of spleen venting
and curmudgeonly commentary) for users of Linux.
Your message doesn't relate to Linux as far as I can see. We don't
often use ".exe" files and Linux doesn't need a "Hardware Wizard"
to find and use any of its devices (except for the guy at the
keyboard, perhaps).
The primary resource for supporting scanners under Linux would be
SANE (Scanner Access is Now Easy) at: http://www.mostang.com/sane
____________________________________________________
(?) Modem HOWTO Author Gets Offer RE: WinModems
From bf347 on Sat, 26 Dec 1998
(?) I'm the author of the new Modem-HOWTO. Someone sent me email
saying that he could put me in touch with someone who might release
the info needed to write a driver for Lucent LT Winmodems. Is anyone
interested? Is the first line of this message truncated? It is on my
dumb terminal. I'm writing this from a BBS that allows no editing of
this message.
Dave Lawyer
bf347@lafn.org
(!) Ironically I was just answering another correspondent who got
burned by one of these things.
As I said there, I'll never purchase any internal modem.
However, I'll post this message to my editor (it should appear in
the February LG if at all). Maybe someone else will be interested.
[ February when you got it in December? I sometimes defer by one
month, but not short messages like this one. Get more coffee. BTW
the other querent has a Lucent WinModem, so I'm sure there's at
least one interested reader. Contrary to usual, I've left his
address available in case any readers want to make contact to take
on the task. -- Heather ]
You could also send a message to the SVLUG (Silicon Valley Linux
Users Group) list --- since you appear to be in Los Angeles. I
realize that L.A. doesn't have as large and active a LUG as the SF
Bay and Silicon Valley areas --- thought I've heard that you're
working on it.
Look at http://www.svlug.org and http://www.balug.org for a couple
of Linux users groups up in Northern Cal that might have some
interested programmers. Also be sure to shop it around at your
local UG's and in the newsgroups and mailing lists. I'm sure that
someone will pick off the job --- if the people at Lucent, or
wherever, aren't too onerous.
The message came through fine.
____________________________________________________
(?) Condolences to Another Victim of the "LoseModem" Conspiracy
From simone on Sat, 26 Dec 1998
(?) I think I allready know th answer...
Well I have a Lucent modem 56K (it has been a mistake i didn't know
winmodems existance I was so happy with my old 14400)
It doesn't work with linux or solaris (so sad)
Do you have any suggestions?
(!) Return the modem. Complain bitterly to the retailer and get
their assurances that they will stop ripping off their customers
with these pieces of garbage posing as computer peripherals.
Then get an external modem. So far I've never heard of an external
"winmodem" --- and I've heard that it's not feasible to design one.
Sticking with external modems has always been a good idea. They are
more expensive but they've always been better products. Generally
they are more reliable (probably less power fluctuation and
electronic crosstalk from the other components inside the PC). It's
also safer and better for the rest of the PC (less crosstalk with
the internal modem, less heat in the case, virtually no chance that
a modem that gets zapped by a phone line power surge will destroy
your CPU or memory chips in the computer, etc). Finally it's much
more convenient for most users (you have status lights; you can
move the modem to other systems easily and replace it with an old
"test" modem easily).
I personally will not ever buy an internal modem. Not ever!
(?) thanks for reading
sorry for bad English
waitig for an answer
(!) No problem. I still have some other messages in Spanish,
Portugese, and maybe some in Italian that I haven't answered yet. I
haven't had the time to cut and paste them into Babelfish for the
"rough" translation.
(?) Un cordiale saluto Montanari
____________________________________________________
(?) Reading Audio Tapes using HP-DAT Drive
From Thomas Kruse on Fri, 25 Dec 1998
(?) Hi! I wonder, if you can help me with the following issue: I
bought a brand new SCSI HP-DAT streamer. In the manual it is described
to treat audio-dat tapes as if they were read-only. I tried to fetch
the data from the tape, but I get always i/o erorrs. (I tried "cat
/dev/st0" "dd if=/dev/st0...") Do I need special software or is it
impossible to "read" audio tapes with Linux? (I heard rumors, that
this is possible with special Win95 software)
Regards, Thomas
(!) That's an excellent question. I have absolutely no idea. I
guess you could look at the Linux st driver sources and see if they
need to be changed. I guess you might even write to the author or
maintainer of the st driver to ask for advice.
Looking under /usr/src/linux I find, in .../drivers/scsi/st.c that
the 2.0.36 sources list Kai Makisara as the author. I've blind
copied his addresses on this response.
Kai, thanks for the work on the 'st' driver. What would prevent one
from reading audio tapes using /dev/stX under Linux?
I'm sorry if you're getting two copies of this I wasn't sure which
address from the st.c file to use.
(Note: this message is in response to a Linux Gazette "Answer Guy"
question. I'll be happy to post any response --- which may end up
prevent future questions on this topic. If this is buried in an
FAQ, HOWTO, or man page somewhere, please point us at it and
forgive us for not finding it).
____________________________
(?) More on: Reading Audio Tapes using HP-DAT Drive
From Kai Makisara on Sat, 26 Dec 1998
(?) There are (at least) two issues when using audio DAT tapes in a
computer DAT drive:
1. You may or may not be successful in using audio media to record
digital data. The tape cartridge does not contain the MRS (Media
Recognition System) identification data that most of the digital
tapes nowadays have. The drive uses this data to determine the
tape length, etc. By default, the HP drives I have seen treat any
non-MRS tapes read-only. You can change this with a switch. I
assume this is what the HP manual means but not what you are
interested in.
2. You may be able to read audio data using a computer DAT. This
depends on the firmware of the DAT driver. As far as I know, most
computer DAT drives are unable to read audio data. There have been
some drives from Silicon Graphics that were able to read audio
data. As far as I know, they were ordinary Archive DATs with
special firmware. You needed special SCSI commands to read audio
data (I don't know the commands).
The Linux SCSI tape driver does not currently have any support for
reading audio data.
Kai
(!) Thanks Kai.
I presume this is a result of the music industry's lobbying. The
big record companies (Sony, Columbia, et al) have been interferring
with the digital electronics industry for years in a misguided
effort to discourage bootlegging.
Oh well. We're already at the stage where some people are providing
free writing --- the beginnings of an "open content" movement. This
will probably encompassing music and literature much as the "open
source (TM)" movement has made an impact on software.
I don't object to spending money on a good book or a decent CD. I'd
just like to see more of it go to the artist and I'd like some
assurance that corporate politics and big business aren't exerting
undue control over the contents. However, I'll leave it at that
before this becomes overly political (and overtly subversive).
____________________________________________________
(?) Best of Answer Guy: A Volunteer?
From EvilEd on Fri, 25 Dec 1998
(?) Hi,
I've been reading "Answer Guy" for a while now. I have to say, it's
really informative and cool. Would'nt it be great to have an archive
or a separate page for "Best of Answer Guy 1998"?
Thanks and more power, EVILed
(!) Wow! That sounds like a great News Year's project. Would you
like to do it? Would anywhere like to do it?
If y'all put together your favorite 50 or 100 questions, answers
and rants from me --- I'll annotate them with updated links and
comments. So you'll get a retrospective on how things have changed
since I wrote some of those messages. (In many cases I've learned
more after that fact --- often from reader comments and
corrections. In other cases things have just changed since I wrote
my responses).
However, I can't do this myself. I wrote all that stuff and the
thought of reading back through all of it is mind numbing. So, if
someone wants to volunteer on this --- let me know.
____________________________________________________
(?) termcap/terminfo Oddities to Remotely Run SCO App
From Eric Freden on Fri, 25 Dec 1998
(?) Dear Answer Guy,
I managed to solve my keybinding problem without your help (thanks
anyway). Here is a synopsis: I needed to run proprietary software (in
Cobol, no less) on a PPro running SCO Unixware via telnet from a PII
running RedHat 5.0. The SCO box had a limited termcap file, none of
which matched type linux (Linux console) or xterm (for Linux X).
Changing TERM in Linux does not alter function key bindings! The only
way I could change keybindings was to mess with /usr/lib/kbd/keytables
which changes bindings at boot or /usr/X11/lib/X11/xkb which alters
bindings upon startx. Both of these methods are global in nature and
will "break" existing applications like emacs. I read the man pages on
xterm where there is an option to change to Sun style function keys
bindings (which was not SCO compatible either).
Then I noticed that xterm and nxterm (i.e. color xterm) bind F1--F4
differently!?!?! By sheer luck, SCO has a termcap entry called coxterm
that is compatible with nxterm keybindings. There is no termcap or
terminfo entry for nxterm in Linux. Why not? For that matter, I see no
effect in function keymappings after changing existing termcap
entries, compiling with tic, and rebooting . Why not?
Eric Freden
(!) Last I heard Eric S. Raymond was still maintaining the termcap
file. He's also listed in the author's section in the 'terminfo'
man page. So perhaps he'd be the best person to address these
issues?
(I've copied him on this. Hi Eric! Missed you at LISA. Hope to see
you at LinuxWorld Expo next March).
____________________________________________________
(?) Arabic BiDi Support for Linux
From Anas Nashif on Fri, 25 Dec 1998
(?) Hi, I was wondering if its possible in one way or another to use
arabic on linux.. Is there anything being done in this field? and how
difficult it is to implement it?
thanks,
anas
Anas Nashif Universitaet Mannheim
(!) Sorry it took me so long to answer this question. I finally did
get around to doing a Yahoo! search on "+Linux +Arabic" and found
this reference:
Linux in Turkey
http://www.slashdot.org/articles/98/09/05/1624256.shtml
... the references to Arabic ensued from the thread discussion
after the main article. So far as I know there is no direct BiDi
(bidirectional text) support for Linux yet. Some applications such
as emacs/xemacs with MULE (multi language extensions) do provide
some support for this. However I don't know much about the details.
Happy Ramadan, and good luck.
____________________________________________________
(?) Automated Updates
From Josh on Fri, 25 Dec 1998
(?) A quick suggestion for the updates question.
A student at georgia tech has written two excellent scripts, autorpm
and logwatch. Autorpm will automatically keep your system up to date
with the current redhat updates. Autorpm can be found at
ftp.kaybee.org. It saves a lot of work on the system admins part.
He was going to add them to the LSM, but I'm not sure if he has yet.
Josh
(!) There's also an 'autoup.sh' script for Debian systems.
I'd suggest that these systems be used with considerable
trepidation (if at all). However, they do make sense for some
cases. For example I'm pretty sure you can configure these to watch
some internal server.
So, as the sysadmin for a medium to large installation you could
manually grab and test updates --- or set up a "sacrificial" system
to automatically grab them. Then, when you've vetted the updates
you can post the RPM or .deb files to your internal server where
you're client systems would pick it up.
There's also a package called 'cfengine' by Mark Burgess which can
help with various configuration details that might need to be tuned
after any sort of automated update or software/configuration file
distribution. (The old fashioned Unix way to automate updates to
client systems is to use 'rdist' --- preferably over 'ssh' for
better security).
'cfengine' is the "awk of configuration management." Basically a
'cfengine' script is a series of class descriptions, assertions and
corrective actions. So you can express policies like: All Red Hat
Linux systems running 2.0.30 kernel in this DNS subdomain and in
this NIS netgroup, on any Tuesday (a series of class
specifications) should have less than 100Mb of log files under
/var/log (an assertion) and should have more that 40Mb of free
space thereunder (another assertion) OR we should rotate the logs,
removing the really old ones and compressing the other non-current
ones (a corrective action).
'cfengine' is an interesting project I'd like to see the security
features beefed up considerably and I'd like to see it undergo a
comprehensive security audit (by the OpenBSD and/or Linux SecAudit
teams).
Naturally 'cfengine' is one of those tools with which you can shoot
off your foot, at about the HIP! So you should be very careful when
you first start playing with it.
More info on that package can be found at its canonical home page:
http://www.iu.hioslo.no/cfengine
Kirk Bauer (autorpm's author) doesn't seem to maintain a web page
touting it's features. So you'll have to grab the file via FTP.
There's also a package called 'rpmwatch' which is listed at:
http://www.iaehv.nl/users/grimaldo/info/scripts
More info on autoup.sh can be found in the Debian FAQ:
http://www.debian.org/doc/FAQ/debian-faq-10.html
... or directly at these sites:
http://www.taz.net.au/autoup http://csanders.vicnet.net.au/autoup
____________________________________________________
(!) Liam Greenwood: Your XDM question
From Liam Greenwood on Fri, 25 Dec 1998
Here's a suggestion that I'll just pass along.
(!) To run XDM and not run have XDM start an Xserver on your local
host:
telinit 3 # go to runlevel 3 (no xdm)
edit the file /etc/X11/xdm/Xservers and comment out the line which
looks like this:
:0 local /usr/X11R6/bin/X
...by putting a # at the start.
telinit 5 # go to runlevel 5 to start xdm
(on a Red hat system... others may have the config file in another
place).
Cheers, Liam
_______
Don't tell my Mother I'm a programmer... ...she thinks I'm a piano
player in a brothel.
____________________________________________________
(?) 'rsh' as 'root' Denied
From Walt Smith on Thu, 24 Dec 1998
(?) hi,
I can run a program using rsh as 'user' on the same pc. i.e. rsh
pcname ls (or thereabouts) It won't run as 'root'.
There is one file that is supposed to be used as a config if running
as root. It makes no difference. Do I need to recompile rsh wil a
particular option?
(!) You probably won't need to recompile it.
The most common version of 'in.rshd' that's included with Linux
will allow you to invoke it with the -h option (added to the
appropriate line in the target system's /etc/inetd.conf file) to
over-ride this restriction. If you're using Red Hat with PAM then
you'll have to consider reconfiguring the appropriate file under
/etc/pam.d/ to remove the option that prevent root access therein
(I don't have that configuration file handy since I'm not using PAM
on any of my boxes at home, at this point).
All of this is in the man pages (in.rshd for the daemon).
I'll go on record to recommand that you ban 'rsh' and 'rlogin' from
your networks completely --- using 'ssh' instead. Later, when we
have ubiquitous deployment of IPSec (transport layer security for
TCP/IP) and Secure DNS (the ability to digitally sign and
authenticate hostname/IP records) it may be acceptable to
re-introduce these protocols.... maybe.
(?) regards,
Walt...in Baltimore respond to XXXXXXX@bcplXXXXXX
(!) Did you ever program in BCPL?
_________________________________________________________________
Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 36 January 1999
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Booting Linux with the NT Loader
By Gustavo Larriera
_________________________________________________________________
On these days technical professionals like you and me often must deal
with the following scenario: To make Linux and NT peacefully coexist
on the same machine. Many HOW-TOs have been written -and it's a good
advice to give them a look- about how to configure LILO (The Linux
Loader) to do the task. Unfortunately, classic documentation have
little references about the NT Loader. Yes, I know for some people
there's some kind of religious war between Linux and NT out there :-)
But from the point of view of a IT professional, the main objective is
to have the job well done.
In many real-life situations we must tackle with a installation where
it is not desirable to alter the NT boot process. May be it is your
machine's boss and he/she prefers to keep on booting the same way for
ever ;-) In this article I will focus on how to configure the NT
Loader so as to boot Linux (and continue booting NT also!).
I hope these tips will help Linux users to successfully boot Linux
through the NT Loader the easiest way. The procedure I will explain
works for NT Server 4 and NT Workstation 4 running on Intel-compatible
PC.
The Scenario
After long conversation you have convinced your boss to put Linux on
her computer machine. She is a happy NT user, she loves Word and Excel
and such. She also is a clever person and has decided to give Linux a
try. So she wants to have Linux installed. Just a moment: She prefers
to keep booting with her familiar loading menu, from where she can
choose to boot NT or DOS. Her wishes are your wishes, so you decide
not to use LILO to dual-boot her computer.
The MBR considered useful
The most important thing you must always remember is that many
software products sit on your unique precious hard disk's Master Boot
Record (MBR). So does NT without asking and so optionally does LILO if
you want to. The machine's BIOS executes code stored on the active
partition to initiate your preferred OS.
When NT is installed, the MBR is modified to load a program called
NTLDR from the active partition's root directory. The original MBR is
saved on a small file called BOOTSECT.DOS. After a NT installation, be
careful never overwrite the MBR, because the NT will no longer boot.
To fix this problem, a NT user needs the NT's Emergency Repair Disk
(ERD).
With those things in mind, take note you must be careful to configure
LILO *not* to install on MBR. Instead you will need to configure LILO
on the root partition of Linux. That's safe for NT and Linux can live
without the MBR.
NT loading process
Once the NTLDR program launchs the NT user watch the "OS Loader V4.xx"
message. Then NTLDR shifts the processor to 386 mode and starts a very
simple file system. After that, it reads the file BOOT.INI to find out
if there are other operating systems and prompts the user with a menu.
A typical BOOT.INI looks like this:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT="NT V4 is here"
multi(0)disk(0)rdisk(0)partition(2)\WINNT="NT V4 VGAMODE" /basevideo /sos
C:\="DOS is here"
The BOOT.INI file has two sections. The "boot loader section"
specifies how long in seconds will be the menu on screen and the
default menu choice. The "opearating systems section" specifies the
different OSs the user can choose. We can read the machine boots NT
(either in normal mode or in VGA diagnosing mode) and also can boot
DOS. We can deduce from this example that DOS boots from the partition
C: (first partition on first disk) and NT boots from the second
partition. Typical installations have a C: partition formatted with
DOS's FAT file system and NT on another partition formatted with its
NTFS (NT File System).
If the user chooses to load NT, another program NTDETECT.COM runs to
check the existent hardware. If everything was okay, the NT kernel is
loaded and that's all we need to know.
Let's examine what happens if the user decide to choose other OS
rather than NT. In this situation, NTLDR needs to know which is the
boot sector required to load the non-NT OS. The appropiate boot sector
image must exists on a small 512-byte file. For instance, to load DOS,
NTLDR searches for a boot sector image file called BOOTSECT.DOS. This
image was created by the NT installation.
So, what if I want to load Linux? It's quite simple, all we need is a
boot sector image file, let's name it BOOTSECT.LIN (later we'll see
how to obtain this file). You must put BOOTSECT.LIN on C: and edit
BOOT.INI, the "operating systems section" now looking something like
this:
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT="NT V4 is here"
multi(0)disk(0)rdisk(0)partition(2)\WINNT="NT V4 VGAMODE" /basevideo /sos
C:\="DOS is here"
C:\BOOTSECT.LIN="Now Linux is here"
The BOOT.INI can be edited with any plain ASCII text editor. Normally
this file has system-hidden-readonly attributes, so you must change
them using the 'attrib' DOS command or within NT, from the file's
property dialogbox.
The Linux side of the story
Now let's concentrate on the Linux shore. We need to install Linux,
configure LILO and create the BOOTSECT.LIN file.
The first step is to have Linux installed. We all know how to do that:
Choose appropiate partitions for Linux system, swap and user's stuff,
run installation program, etc. Easy cake, first step is completed okay
in less than 45 minutes.
Then we must configure LILO. We also know how to do that, but be
careful *not* to install LILO on the MBR (unless you hate NT too much
:-)) When configuring LILO, choose to install it on your Linux root
partition. If you don't know how to configure LILO, spend some minutes
reading the HOW-TOs or use some of the useful setup programs most
modern Linux distributions have. My installation is S.u.S.E., so I use
the 'yast' (Yet Another Setup Tool).
Once LILO is configured (let's asume the Linux root partition is
/dev/hda3) we must use 'dd' to create the boot record image. Login as
root and do the following:
# dd if=/dev/hda3 bs=512 count=1 of=/dosc/bootsect.lin
Prior you have mounted the FAT C: partition as /dosc. Just in case you
cannot access to this partition, for instance if it's formatted with
NTFS, just write BOOTSECT.LIN to a DOS-formatted diskette or some
partition where NT can read from. If you put BOOTSECT.LIN in a place
othet than C:\ remember to modify the BOOT.INI file accordingly.
Now your boss can choose Linux from her NT Loader's menu. The NTLDR
will load the BOOTSECT.INI and she'll see the LILO prompt. Then she'll
plunge into her new Linux box. Finally, if you configured LILO to load
Linux and also the DOS on C: when LILO prompts, your boss will reload
from the active C: partition, again into NT Loader. The procedure
described may be repeated if you wish to boot several Linuxes, you
must just create appropiated boot sector image files for each of your
Linuxes.
_________________________________________________________________
Copyright © 1999, Gustavo Larriera
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Defining a Linux-based Production System
By Jurgen Defurne
_________________________________________________________________
Introduction
In a previous article ("Thoughts About Linux", LG, October) I browsed
upon several topics to use Linux in business, not only for networking
and communication, but also for real production systems. There are
several conditions which need to be fulfilled, but it should be
possible to define a basic database system, which is rapidly deployed
and has everything that is needed in such a system.
The past two months I have been increasing my knowledge about Linux
and available tools on Linux. There are several points which need
further elaboration, but I have a fairly good idea of what is needed.
Goal
The goal is to have a look at the parts which are needed to implement
a reliable production database system, together with the tools needed
to provide for (rapid) (inhouse) development, but for a fairly lower
cost than is needed with traditional platforms. It must be reliable,
in the sense that all necessary procedures for a minimum downtime are
available, with the emphasis that a little downtime can be tolerated.
I do need to place a remark here. I worked on several projects, where
people tried to save time by asking for rapid development, or trying
to save money by reusing parts which lay around, or by converting
systems. What happened in all cases was that both money and time were
lost, the main reason being not understanding all aspects of the
problems.
This is a mistake I don't want to make. I think that I now have enough
experience to show a way to achieve the above defined goal, describing
a Linux-based production platform which has lower deployment and
exploitation costs.
Basic recommendations
These are general guidelines. The first part in creating and
exploiting a successful production system is in constraining the
amount of tools that are needed on the platform. This leads to the
second part of success, understanding and knowing your tools.
Experience is still the most valuable tool, but depending on the
amount and complexity of tools, much time can be wasted trying to get
to know the tools that are at hand. Good handbooks with clear examples
and thorough cross-references are a great help, as are courses on the
subjects that matter.
Hardware
At the moment I won't go very deep into hardware. The base platform
should be a standard PC with an IDE harddrive on a PCI controller
which is fast back-to-back capable. I tested the basic data rate of a
Compaq Despro system (166 MHz, Triton II chipset) and got a raw
data-speed (unbuffered, using write()) of 2.5 MB (megabytes)/s. I
suppose that for a small entry platform this is fairly reasonable.
Further tests should be developed to test the loading of the machine
under production circumstances.
The most important part , however, is that all machines running Linux
with production data, should be equipped with a UPS. This is because
the e2fs file system (as most Un*x filesystems) is very vulnerable in
the case of an unexpected system shutdown. For this reason, a tape
drive is also indispensable, with good backup and restore procedures
which must be run from day 0.
Production tools
Our main engine is the database management system. For production
purposes, the following features must be available :
* Fast query capability
* Batch job entry
* Printing
* Telecommunication
* Transaction monitoring
* Journaling
* User interfacing
Fast query capability
This feature is especially necessary for interactive applications.
Your clients shouldn't wait half a minute before the requested
operation is fulfilled. This capability can be enhanced by buffering,
faster CPU's, faster disk-drives, faster bus-systems and RAID.
Batch job entry
This is a very valuable production tool. There are much jobs which
depend on the daily production changes, but which need much processing
time afterwards. These are mostly run at night, always on the same
points of time, daily, weekly, monthly or yearly.
Printing
Printing is a very important action in every production system and
should be looked after from the design phase. This is because many
companies have several documents that are official. Not only printing
on laser- or inkjet printers should be supported, but also printing
with heavy duty printing equipment for invoices, multi-sheet paper,
etc.
Telecommunication
Telecommunication is not only about the Internet. There are still many
systems out there that work with direct lines between them. The main
reason is that this gives the people who are responsible for the
services, a much greater degree of control over access and
implementation. In addition to TCP/IP; e-mail and fax, support for
X.25 should also be an option in this area.
People should also have control over the messages and/or faxes they
send. A queue of messages should be available, where everybody can see
all messages globally (dest, time, etc) and where they have access to
their own messages.
Transaction monitoring
With transaction monitoring, I mean the ability to rollback pending
updates on database tables. This feature is especially needed when one
modification concerns several tables. These modifications must all be
committed at the same time, or be rolled back into the previous state.
Journaling
This capability is needed to repair files and filesystems which got
corrupted due to a system failure. After restarting the system, a
special program is used to undo all changes which couldn't be
committed. In this sense, journaling stands very close to transaction
monitoring.
User interfacing
This is a tricky part, because it is part development and part
production. On the production side, the interface system should give
users rapid access to their applications and also partition all
applications between departments. Most production systems I have seen
do this with menu's. There are several reasons. The main reason is
that most production systems still work with character-based
applications. There are many GUI's out there, but production systems
will still be solely character based (except for graphics and
printing, but I consider these niche markets), even on a GUI. The
second reson is that a production system usually has lots and lots of
large and little program's. You just can't iconify them all and put
them in maps. Then you would only have a graphical menu, with all
icons adding more to confusion than clarity.
What's available ?
Note : When I name or specify products, I will only specify those with
which I am already familiar. I presume that any one of you will have
his/her own choices. They serve as basic examples, and do not imply
any preferences on my side.
The only database system on Linux I personally know for the moment, is
PostgreSQL. It supports SQL and transaction monitoring. Is it fast ? I
don't know. One should have a backup of a complete production
database, which can then be used to test against the real production
machine, with interactive, background and batch jobs running like they
do in the real world.
For batch jobs, crond should always be started. In addition to this,
the at and batch commands can be used to have a more structured
implementation of business processes.
For printing, I know (and use) the standard Linux tools lpd,
Ghostscript and TeTeX. There might be a catch however. In some places
you need to merge documents with data. The main reason for this is
that a wordprocessing package offers more control over the format and
contents of the document, instead of printing the document with a
simple reporting application. On my current workplace, a migration to
HP is busy. The solution there is WordPerfect. In the past, I have
used this solution under DOS, to automatically start WP and produce a
merged document. Is this possible too with StarOffice ?
Are there other print solutions which offer more interactive control
over the printing process than lpd ? Users should have more easy
access to their printjobs and the printing process.
Telecommunication is a real strong point of Linux. I won't enumerate
them all. Even if it doesn't support X.25, it is still possible to use
direct dial-up lines using SLIP or PPP.
Journaling is the weakest point of Linux. I have worked with the
following filesystems : FAT, HPFS, NTFS, e2fs, the Novell filesystem
and the filesystem of the WANG VS minicomputer system. With all these
systems, I have had power-failures or crashes, but the only
file-system that gives trouble after this is e2fs. In all other cases,
a filesystem check repairs all damage and the computer continues. On
WANG VS, index-sequential files are available. When a crash occurs,
the physical integrity of an indexed file can be compromised. To
defend against this, there are two solutions. The first is
reorganizing the file. This is copying the file on a record-by-record
basis. This rebuilds the complete file and its indices, and inserts or
deletes which were not committed are rejected. The second option is
using the built in transaction system. A file can flagged as belonging
to a database. Every modification to these files is logged until the
transaction is completely committed. After a failure has occurred, the
files can be restored in their original states using the existing
journals. This is a matter of minutes.
I think that the only filesystem on PC which offers comparable
functionality is that of Novell.
The e2fs file system check works, but it does offer not enough
explanation. When there is a really bad crash, the filesystem is just
a mess.
Development tools
I will describe here the kind of tools that I needed when I was
maintaining a production database in a previous job. The main theme
here is that programmers in a production environment should be
productive. This means that they should be offered a complete package,
with all tools and documentation necessary to start immediately (or in
a relatively short time). This means that for every package there
should be a short, practical tutorial available.
I will divide this section into two parts, the first being necessary
tools, the second being optional tools. Also necessary for development
is a methodology. This methodology should be equal through all
delivered tools. The easiest way to do this is through an integrated
development environment.
Compulsory development tools
Which tools are the minimum needed to start coding without much hassle
? I found these tools to be invaluable on several platforms :
* An integrated development environment
* A powerful editor
* An interactive screen development package
* A data dictionary
* A high-level language with DBMS preprocessor support
* A scripting language
Integrated development environment
Your IDE should give access to all your tools in an easy and
consistent manner. It should be highly customisable, but be delivered
with in a configuration which gives direct access to all installed
tools.
Editor
If you have a real good editor, it can act as an integrated
development environment. Features which enhance productivity are
powerful search-and-replace capabilities and macro features (even a
simple record-only macro feature is better than no macro features).
Syntax colouring is nice, but one can live easy without it. Syntax
completion can be nice, but you have to learn to live with it.
Besides, the editor cannot know which parts of statement you don't
need, so ultimately you will have more clutter in your source, or you
waste your time erasing unnecessary source code.
Screen development
This is an area where big savings can be done. For powerful screen
development you need the following parts in the development package :
1. Standard screens which are drawn upon information in the data
dictionary
2. Easy passing of variables between screens and applications
3. A standard way of activating a screen in an application
The savings are on several places. If you create a new screen, then
you should immediately get a default screen with all fields from the
requested table. After this, only some repositioning and formatting to
local business standards needs to be done. I worked with two such
systems, FoxPro and WANG PACE, and the savings are tremendous in all
parts of the software cycle (prototyping, implementation and
maintenance).
Data dictionary
A data dictionary is a powerful tool, from which much information can
be extracted for all parts of the development process. The screen
builder and the HL preprocessor should be able to extract their
information from the data dictionary. The ability to define field- and
record-checking functions in the data dictionary instead of the
application program, eliminates the need to propagate changes in this
code through all applications. With the proper reports, one should
also be able to look at different angles into the structure of the
database.
High level language with DBMS preprocessor support
You can't do complete development without a high-level language. There
are always functions needed which can't be implemented through the
database system. To make development easier, it should be possible to
embed database control statements in the source program. The compiler
should be invoked automatically.
Scripting language
A scripting language is very useful in several aspects. Preparing
batch jobs is part of it. I also found out that a business system
consists of several reusable pieces, which can be easily strung
together using a scripting language. Also, the overall steering and
maintenance of the system can be greatly simplified.
Optional development tools
These are tools that were avalailable on several platforms, which can
come in handy, but aren't necessarily usable to deliver production
environment applications. I found out that these are little used.
* Interactive query system
* Report editor
Interactive query system
This is often designed to be used by people which are not programmers.
Experience has thaught me however that people who are not programmers
in a business, don't have the time to learn these tools. It is a
useful tool for a programmer to test queries and views, but it isn't
really useful as a production tool. Only in some cases, for real quick
and dirty work, is it worth using.
Report editor
This is even a more overestimated tool. I shared thoughts about this
with other programmers, and our conclusion was : bosses always ask
reports which are much more complicated than a simple report editor
can handle. It would be far better to use a programming language
specifically designed for reporting (any one know of such a thing ?
Any experiences with Perl for extraction and reporting ?).
What's available ?
Note : I will direct my attention only at the compulsory development
tools. The rest of the environment will be centered around the
features of PostgreSQL.
As an integrated development environment, EMACS is probably the first
which comes to mind. It integrates even with my second subject, a
powerful editor. Is it even at all possible to draw a line between the
two ? Is EMACS a powerful editor which serves as a development
environment, or is it a development environment which is tightly
integrated with its editor?
The data dictionary, the screen development package and the DBMS
preprocessor are more thightly bound than other parts of the package.
The screen editor and the DBMS preprocessor should get their
information from the data dictionary, and the DBMS HL statements
should also provide for interaction with screens. It should be both
possible to develop screens for X-windows, as well for character-based
terminals.
In the field of high level languages, there are several options, but a
business oriented language is still missing. Yes, I am talking COBOL
here, although an xBase dialect is also great for such applications. I
have programmed for eight years in several languages, only the last
two year in COBOL, and it IS better for expressing business programs
than C/C++. If anyone would ask me now to write business programs in
C/C++, I think the first thing I would do was write a preprocessor so
that I could express my programs with COBOL-like syntax.
I don't know how ADA goes for business programs, but a combination of
GNAT, with a provision to copy embedded SQL statements to the
translated C-source and then through the SQL preprocessor would maybe
work.
I only had a small look at Perl, and from Tcl and Python I know
absolutely nothing, but while interactive languages are fine for
interactive programs, you should also bear in mind that some programs
must process much data, and that therefore access to a native code
compiler is essential.
There is another point in which only COBOL is good. This is in
financial mathematics. This is due to the use of packed decimal
numbers up to 18 digits long where the decimal point can be in any
place. You should have compiler support for that too. On the x86
platform this capability exists in the numerical processor, which is
capable of loading and storing 18 digit packed decimal numbers.
Computations are carried out in the internal 80-bit floating point
format of the co-processor.
When you have a Linux system, the first scripting language you run
into is probably that of the bash shell. This should be sufficient for
most purposes, although my experiences with scripting languages is
that they benefit greatly from statements for simple interaction
(prompting and simple field entry).
What should be delivered ?
As I said before, this list doesn't present any endorsement from me
towards any of these products or programs. This list should be
expanded with all products which fit in either one of these
categories, so all hints all wellcome.
Another weak point in some areas of Linux is documentation. For a
production environment, the Linux documentation project is probably a
must, preprinted from the Postscript sources. For the commercial
products, good documentation is also not a problem. For other parts of
Linux tools, the books from O'Reilly & Associates are very valuable.
HOWTO's are NOT suited for a production environment, but since they
are more about implementation, they are suitable for the people who
put the system together. The catch is this : when a system is
delivered, all necessary documentation should be prepared and
delivered too. I worked with several on-line documentation systems,
but when in a production environment, nothing beats printed
documentation.
Production system
DBMS
- Fast query/update
- Transaction processing
- Journaling postgreSQL
mySQL
mSQL
Adabas
c-tree Plus/Faircom Server
...
Communication ppp
slip
efax
...
Batch job entry crond
at
batch
Printing lpd
User interfacing ?
Development system
IDE EMACS
Editor EMACS
vi
Screen development Depends on DBMS
Data dictionary Depends on DBMS
Application language C
C++
Cobol ?
Perl
Tcl(/Tk)
Python
Java
Scripting language bash
Summary
I am still trying to drag Linux into business. If you want to do
business using Linux, you should be able to deliver a complete system
to the customer. In this article I outlined the components of such a
system and some weaknesses which should be overcome. As a result, I
created a table enumerating the needed components for such a system.
This table is absolutely not finished. I welcome all references to
programs and products to update this table. It should be possible to
publish an update once a month. What I also should do, is extend the
table with references to available documentation.
Another part which needs more attention is developing tests to assess
the power of the database system, ie. what can be expected in terms of
throughput and response under several load scenarios.
_________________________________________________________________
Copyright © 1999, Jurgen Defurne
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
EMACSulation
By Eric Marsden
_________________________________________________________________
This column is devoted to getting more out of Emacs, text editor
extraordinaire. Each issue I plan to present an Emacs extension
which can improve your productivity, make the sun shine more
brightly and the grass greener.
_________________________________________________________________
Why is the word abbreviate so long?
Time saving
You've probably noticed that Emacs goes to a fair bit of trouble to
save you typing. The minibuffer offers a history mechanism which
allows you to recall and edit previous commands, and many minibuffer
entry prompts try to complete whatever you're typing when you hit TAB.
This behaviour was the inspiration for the readline and history
libraries, which are used in several shells and commandline
interpreters.
This column is dedicated to another of these keystroke-saving features
in Emacs: the abbreviation facility. Do you get sick of typing in
repetitive phrases such as your company's name, or your phone number?
Abbreviations are here to save your fingers. For example, you could
ask Emacs to expand LAAS to Laboratoire d'Analyse et d'Architecture
des Systèmes. The expansion happens once you type a non
word-constituent character after the abbreviation (a space, for
instance, though the exact definition of a word separation depends on
the mode you are using).
This is the Emacs abbrev mechanism. You can either use a minor mode
called abbrev-mode, which will cause abbrevs to expand automatically
(you enable the minor-mode by saying M-x abbrev-mode), or you can
expand them on demand by saying C-x a e with the cursor positioned
after the abbreviation. Your abbreviations can be saved to a file when
you quit Emacs and reloaded automatically when you launch it:
;; if there is an abbrev file, read it in
(if (file-exists-p abbrev-file-name)
(read-abbrev-file))
Defining an abbrev
To create an abbrev definition, type the abbreviation (LAAS in the
example above) in a buffer, say C-x a i g, then enter the text you
would like it to expand to in the minibuffer. This slightly arcane
sequence creates a global abbrev, which will apply in all modes. Try
it out by entering the abbreviation and saying C-x a e (e for expand).
Emacs also allows you to create abbreviations which will be active
only in a specific mode by saying C-x a i l instead (in a buffer which
is already in the appropriate mode). M-x list-abbrevs displays a list
of all currently defined abbrevs.
Mail abbrevs
Since the dawn of time, Unix mail programs have used the ~/.mailrc
file to allow users to create their own email aliases. The
mail-abbrevs mechanism reads in the contents of this file and defines
abbreviations which will be expanded in the To: and Cc: fields of any
email you compose in Emacs. Here is an example of the ~/.mailrc alias
syntax:
alias dsssl dssslist@mulberrytech.com
alias cohorts rabah jarboui almeida behnia
alias bond "James Bond <bond@guerilla.net>"
There are other more sophisticated addressbook systems around, such as
Jamie Zawinski's BBDB, but they won't allow you to share aliases with
other mailers. You can have mail-abbrev minor mode activated whenever
you compose an email in Emacs using the following line in your
~/.emacs:
;; unnecessary if you use XEmacs
(add-hook 'message-setup-hook 'mail-abbrevs-setup)
Dynamic abbrevs
The standard abbreviation facility requires you explicitly to register
your abbrevs, which is fine for things you type every week, but is a
hassle for expressions which only occur in one document. Emacs also
supports dynamic abbrevs, which try to guess the word you are
currently typing from the surrounding text. This is very useful for
programming in languages which encourage VeryLongVariableNames: you
only need type the variable name once, after which it suffices to type
the first few letters followed by M-/, and Emacs will try to complete
the variable name.
To be very precise, dabbrev searches for the least distant word of
which the word under the cursor is a prefix, starting by examining
words in the current buffer before the cursor position, then words
after the cursor, and finally in all the other buffers in your Emacs.
If there are several possible expansions (ie the text you have typed
isn't a unique prefix), pressing M-/ cycles though the successive
possibilities. Saying SPC M-/ lets you complete phrases which contain
several words.
Diehard vi users might be interested to read the tribulations of a
user who tried to implement a limited version of dabbrevs in vi.
Completion
The Completion package, by Jim Salem, is similar in function to
dynamic abbrevs, but uses a different keybinding (M-RET) and a subtly
different algorithm. Rather than searching for a completion which is
close in the buffer, it starts by searching through words which you
have typed in recently (falling back to searching open buffers if this
fails). The history of recently used words is saved automatically when
you quit Emacs. To enable completion (you can use it instead of, or as
well as, dabbrevs), put the following in your ~/.emacs:
(require 'completion)
(initialize-completions)
Hippie Expand
Filename completion in the minibuffer is a truly wonderful keystroke
saver, and you might find yourself wishing you could use it when
entering a filename in a regular buffer. Wish no longer: this is one
of the features offered by the fabulous hippie-expand package.
Hippie-expand, by Anders Holst, is a singing and dancing abbrev
mechanism, which is capable of many different types of dynamic
abbrevs. It can expand according to:
* file name: if you type /usr/X then hit the expansion key, it will
expand to /usr/X11R6/;
* exact line match: searches for a line in the buffer which has the
current line as a prefix;
* the contents of the current buffer, and other buffers on failure,
just like dabbrev;
* the contents of the kill-ring (which is where Emacs stores text
that you have killed, or ``cut'' in MacOS terminology, in a
circular buffer). Rather than typing M-y to cycle through
positions in the kill-ring, you can hippie-expand on the first
word in the killed text.
Hippie-expand is not active by default, so you need to bind it to a
key. Here's what I use:
(define-key global-map (read-kbd-macro "M-RET") 'hippie-expand)
Go forth and save keystrokes.
Feedback
Glenn Barry sent me a comment on the EMACSulation on
gnuclient/gnuserv:
Just read and enjoyed your article on gnuserv/gnuclient in the
Linux Gazette.
But you forgot the use of gnuserv/gnuclient that makes it
incredibly useful; one can access their full running emacs session
by logging-in via a tty remotely (rlogin/telnet) and running
"gnuclient -nw" ... makes working from home a breeze (even over low
speed (28.8) links).
Note you do have to rlogin to the system running the emacs
w/gnuserv, as the gnuclient -nw does not work over the net (at
least that's what the man page says). It took me awhile to figure
this out so it would be nice to make sure folks know about this
great capability.
The -nw switch asks Emacs to start up in console mode, which makes it
much more useable over a slow connection than using a remote display
with X11. Note that XEmacs is able to use ANSI colors on the console
or in an xterm, while GNU Emacs currently can't do color but does
offer a text-mode menubar.
Glenn also gave an illustration of the power of ffap: he has
customized it to recognize Sun bug numbers under the cursor and
dispatch a dynamically generated URL to a web front end for their bug
tracking system.
Next time ...
Next month I'll look at skeleton insertion and templating mechanisms
in Emacs. Don't hesitate to contact me at <emarsden@mail.dotcom.fr>
with comments, corrections or suggestions (what's your favorite
couldn't-do-without Emacs extension package?). C-u 1000 M-x hail-emacs
!
PS: Emacs isn't in any way limited to Linux, since implementations
exist for many other operating systems (and some systems which only
halfway operate). However, as one of the leading bits of free
software, one of the most powerful, complex and customizable, I feel
it has its place in the Linux Gazette.
_________________________________________________________________
EMACSulation #1, February 1998
EMACSulation #2, March 1998
EMACSulation #3, April 1998
EMACSulation #4, June 1998
EMACSulation #5, August 1998
_________________________________________________________________
Copyright © 1999, Eric Marsden
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Evaluating postgreSQL for a Production Environment
By Jurgen Defurne
_________________________________________________________________
Introduction
With the advent of relatively powerful, free and/or cheap software, I
wanted to see if I was able to create a production environment around
Linux and a DBMS. In the past I have worked with several DBMS products
in several environments. My goal was to evaluate the Linux/postgreSQL
against the several environments I am familiar with. Out of these
environments I will pick the aspects which I think are important in a
production environment.
Past production environments
I have worked in three stages of production environment. These were
the unconnected PC environment, the connected PC environment
(file/print server networking), and multi-user/multi-tasking
environment (minicomputer). I will introduce the several tools in
order of this complexity.
Some terms will need to be explicitly defined, because the xBase
terminology is sometimes confusing. The term 'database' here means the
collection of several related tables which are needed to store
organised data. The term 'table' is used to define one collection of
identical data, a set. This is because in the original xBase
languages, 'database' was used as to mean 'table'.
FoxBase
Effectively being a much faster clone of dBase III, FoxBase contained
the minimum necessary to define the tables of a database and a
programming language which contained all necessary to write
applications very quickly.
A database consisted of several tables and their indexes. The
association of tables and their indexes must explicitly be done using
commands.
The programming language used is completely procedural. It contains
statements to create menu's, open and close tables, filter tables
(querying), insert, update and delete records, view records through
screens and a browse statement. Defining all these things in a program
is quite straightforward. Records are manipulated as program
variables. All data is stored in ASCII format.
One special feature which originated in dBase, are 'macro's'. These
macro's are text strings, which could be compiled and interpreted at
run-time. This was a necessary feature, because most statements took
string arguments without quotes, e.g. OPEN MY_TABLE. If you wanted to
define a statement with a parameter, you could not directly refer to a
variable. Trying to execute OPEN ARG_TABLE, the program would search
for the file 'ARG_TABL'. To circumvent this problem you need to code
the following :
ARG_TABLE = "MY_TABLE"
OPEN &ARG_TABLE
Clipper
Clipper originated as a dBase compiler, but added soon after powerful
extensions to the language. I have also worked with the Summer '87 and
the 5.0 version. At the database level, nothing changed very much from
FoxBase, but at the user interface level and the programming level,
several advanced features offered faster development turn-around times
and advanced user interfacing. The macro feature was still available,
but Clipper expanded it through code blocks. In the original
implementation, a macro needed to be evaluated every time it was used.
In cases where macro's where used to filter data, this amounted to
waste of computing time. The introduction of the code block made it
possible to compile a macro just once and then use the compiled
version.
Other features where the introduction of some object-oriented classes
for user interfacing, a powerful multi-dimensional array type,
declarations for static and local variables and a plethora of
functions to manipulate arrays and tables. The flipside of all this
was that learning to effectively use the language took some more time.
I have two books about Clipper 5.0 and they are quite large.
FoxPro 2.0
FoxPro was the successor of FoxBase. It added GUI-features to the
text-interface, making it possible to work with overlapping windows.
FoxPro 2.0 also added embedded SQL statements. It was only a subset
with SELECT, INSERT, UPDATE and DELETE, but this offered already a
substantial advantage over the standard query statements. It also
offered a better integration between tables and their indexes, and one
of the most powerful query optimizers ever developed. They also
provided some development tools, of which the most important where the
screen development and the source documentation tools.
Clipper and FoxPro made it also possible to program for networks and
thus enable multi-user database systems.
WANG PACE
WANG PACE is a fully integrated DBMS development system which runs on
the WANG VS minicomputers. It offers an extended data dictionary with
field- and record-level validation, HL-language triggers and
view-definitions. All defined objects contain a version count. When an
object is modified and subsequent programs are not, then a runtime
error is generated when compiled versions don't match DD versions. It
also offers a powerful screen editor, a report editor and a
query-by-example system. Access through COBOL, COBOL85 or RPGII is
available with a pre-processor which compiles embedded statements into
API-calls.
Summary of important features
If I look in retrospect to these systems, what were the important
features which made programming more productive ? This reference must
be made against postgreSQL and the available libraries for interfacing
to the back-end. It must also be made from the point of the production
programmer, who must be able to write applications without being
bothered by irrelevant details.
* Field names translate to native variable names
Defining a field name for a table makes it available under the
same name to the program which can then use it as an ordinary,
native variable.
* Uniform memory allocation system
The xBase systems have a dynamic memory allocation scheme, which
is completely handled by the runtime library. COBOL is fully
statically allocated. In none of these languages the programmer
needs to be concerned with tracking allocated memory.
* Direct update through the current record
The manipulated record is available to update the table through
one or another UPDATE statement.
* Database statements have the same format as the application
language
When programming in xBase, the statements to extract and
manipulate data from the database tables formed an integral part
of the procedure language.
In COBOL, the statements where embedded and processed by a
preprocessor. The syntax of the available statements was made to
resemble COBOL syntax, with its strong and weak points.
* Simple definition and usage of screens
In xBase, there are simple yet powerful statements available for
defining screens. Screens are called through only one or two
statements.
In WANG PACE, screens can only be defined through the screen
editor. There are three statements available : one to use menu's,
one to process one record in a cursor and an iterative version to
process all records in a cursor. Most screen processing is handled
through the run-time libraries.
Features available when installing postgreSQL
The four first features can be installed using the ecpg preprocessor.
This makes it possible to use native program variables, you don't have
to worry about memory allocation, because the run-time library takes
care of it, and updates can also take place using the selected
program-variables.
What is missing, is a special form of include statement. Now you need
to know which fields are in a table if you want to use a 'exec sql
declare' statement. It would be better if there was something like
'exec sql copy fields from <tablename>'. If the tabledefinition then
changes, recompiling the program will adjust to the new definitions.
Using the pgaccess program (under X-windows) provides access to the
data dictionary in a more elegant manner.
Summary
I started out to write a critique on postgreSQL because of the summary
documentation which is delivered in the package. This made it rather
hard to find and use all the components which provide additional
functions.
I started describing my experiences on other platforms to get an
insight in what a production environment should deliver to the
programmer. Then I started to look closely at the delivered
documentation and to my surprise all components that I needed where in
fact in the package.
The following critique still remains however. The documentation of the
package is too much fragmented, and most parts of the documentation
are centered around technical aspects which do not bother the
production programmer. This is understandable however. The
documentation is written by the same people that implement them. I
know of my own experience that writing a user manual is very hard and
it is easy to get lost in the technical details of the implementation
that you know about.
The following parts of postgreSQL are important for the production
programmer, and their documentation should be better integrated.
* The psql processor
This is a nice tool to define all necessary objects in a database,
to get acquainted with SQL and to test ideas and verify joins and
queries.
* The ecpg preprocessor
This is the main production tool to write applications which use
database manipulation statements. This capacity should probably be
extended to other languages too. Since all bindings from the
selected cursor are made to program variables, records can be
processed without the hassle of converting them from and to ASCII,
and updates can be made through the 'exec sql update' statement.
* The pgaccess package
The pgaccess package provides access to all parts of the database
and offers the ability to design screens and reports. It is still
in a development phase. I hope it will be extended in the future,
because the basic idea is excellent and the first implementations
are worthwile.
The libpq library is of no real value to a production programmer. It
should be mainly a tool to be used in implementing integrated
environments and database access languages. It could e.g. be used to
create an xBase like environment (for those who wish to use this).
Further research
In the following weeks (months) I hope to setup a complete database
system over a network, with one server and several types of clients
(workstation, terminal, remote computer) through several interfaces
(Ethernet, serial connections). I will investigate the several
platforms for application development. I intend to have a closer look
at the provided tools in the postgreSQL package (developing a simple
database for my strip book collection), but I will also look at the
possibilities that Java offers a development platform with JDBC,
screen design and application programming.
One last note : for the moment I concentrate on using tools that I
don't need to pay for, because I need the money for my hardware
platforms and for my house. This does not mean that I am a die-hard
'software should be gratis' advocate. A production environment favors
to pay for software, because then it knows that it has a complete tool
with support and warranty (horror stories about bad support not
withstanding).
_________________________________________________________________
Copyright © 1999, Jurgen Defurne
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
A Linux Journal Review: This article appeared first in the July 1998
issue of Linux Journal.
_________________________________________________________________
Introducing Samba
By John Blair
_________________________________________________________________
The whole point of networking is to allow computers to easily share
information. Sharing information with other Linux boxes, or any UNIX
host, is easy--tools such as FTP and NFS are readily available and
frequently set up easily ``out of the box''. Unfortunately, even the
most die-hard Linux fanatic has to admit the operating system most of
the PCs in the world are running is one of the various types of
Windows. Unless you use your Linux box in a particularly isolated
environment, you will almost certainly need to exchange information
with machines running Windows. Assuming you're not planning on moving
all of your files using floppy disks, the tool you need is Samba.
Samba is a suite of programs that gives your Linux box the ability to
speak SMB (Server Message Block). SMB is the protocol used to
implement file sharing and printer services between computers running
OS/2, Windows NT, Windows 95 and Windows for Workgroups. The protocol
is analogous to a combination of NFS (Network File System), lpd (the
standard UNIX printer server) and a distributed authentication
framework such as NIS or Kerberos. If you are familiar with Netatalk,
Samba does for Windows what Netatalk does for the Macintosh. While
running the Samba server programs, your Linux box appears in the
``Network Neighborhood'' as if it were just another Windows machine.
Users of Windows machines can ``log into'' your Linux server and,
depending on the rights they are granted, copy files to and from parts
of the UNIX file system, submit print jobs and even send you WinPopup
messages. If you use your Linux box in an environment that consists
almost completely of Windows NT and Windows 95 machines, Samba is an
invaluable tool.
[INLINE]
Figure 1. The Network Neighborhood, Showing the Samba Server
Samba also has the ability to do things that normally require the
Windows NT Server to act as a WINS server and process ``network
logons'' from Windows 95 machines. A PAM module derived from Samba
code allows you to authenticate UNIX logins using a Windows NT Server.
A current Samba project seeks to reverse engineer the proprietary
Windows NT domain-controller protocol and re-implement it as a
component of Samba. This code, while still very experimental, can
already successfully process a logon request from a Windows NT
Workstation computer. It shouldn't be long before it will act as a
full-fledged Primary Domain Controller (PDC), storing user account
information and establishing trust relationships with other NT
domains. Best of all, Samba is freely available under the GNU public
license, just as Linux is. In many environments the Windows NT Server
is required only to provide file services, printer spools and access
control to a collection of Windows 95 machines. The combination of
Linux and Samba provides a powerful low-cost alternative to the
typical Microsoft solution.
Windows Networking
Understanding how Samba does its job is easier if you know a little
about how Windows networking works. Windows clients use file and
printer resources on a server by transmitting ``Server Message Block''
over a NetBIOS session. NetBIOS was originally developed by IBM to
define a networking interface for software running on MS-DOS or
PC-DOS. It defines a set of networking services and the software
interface for accessing those services, but does not specify the
actual protocol used to move bits on the network.
Three major flavors of NetBIOS have emerged since it was first
implemented, each differing in the transport protocol used. The
original implementation was referred to as NetBEUI (NetBIOS Extended
User Interface), which is a low-overhead transport protocol designed
for single segment networks. NetBIOS over IPX, the protocol used by
Novell, is also popular. Samba uses NetBIOS over TCP/IP, which has
multiple advantages.
TCP/IP is already implemented on every operating system worth its
salt, so it has been relatively easy to port Samba to virtually every
flavor of UNIX, as well as OS/2, VMS, AmigaOS, Apple's Rhapsody (which
is really NextSTEP) and (amazingly) mainframe operating systems like
CMS. Samba is also used in embedded systems, such as stand-alone
printer servers and Whistle's InterJet Internet appliance. Using
TCP/IP also means that Samba fits in nicely on large TCP/IP networks,
such as the Internet. Recognizing these advantages, Microsoft has
renamed the combination of SMB and NetBIOS over TCP/IP the Common
Internet Filesystem (CIFS). Microsoft is currently working to have
CIFS accepted as an Internet standard for file transfer.
[INLINE]
Figure 2. SMB's Network View compared to OSI Networking Reference Model
Samba's Components
A Samba server actually consists of two server programs: smbd and
nmbd. smbd is the core of Samba. It establishes sessions,
authenticates clients and provides access to the file system and
printers. nmbd implements the ``network browser''. Its role is to
advertise the services that the Samba server has to offer. nmbd causes
the Samba server to appear in the ``Network Neighborhood'' of Windows
NT and Windows 95 machines and allows users to browse the list of
available resources. It would be possible to run a Samba server
without nmbd, but users would need to know ahead of time the NetBIOS
name of the server and the resource on it they wish to access. nmbd
implements the Microsoft network browser protocol, which means it
participates in browser elections (sometimes called ``browser wars''),
and can act as a master or back-up browser. nmbd can also function as
a WINS (Windows Internet Name Service) server, which is necessary if
your network spans more than one TCP/IP subnet.
Samba also includes a collection of other tools. smbclient is an SMB
client with a shell-based user interface, similar to FTP, that allows
you to copy files to and from other SMB servers, as well as allowing
you to access SMB printer resources and send WinPopup messages. For
users of Linux, there is also an SMB file system that allows you to
attach a directory shared from a Windows machine into your Linux file
system. smbtar is a shell script that uses smbclient to store a remote
Windows file share to, or restore a Windows file share from a standard
UNIX tar file.
The testparm command, which parses and describes the contents of your
smb.conf file, is particularly useful since it provides an easy way to
detect configuration mistakes. Other commands are used to administer
Samba's encrypted password file, configure alternate character sets
for international use and diagnose problems.
Configuring Samba
As usual, the best way to explain what a program can do is to show
some examples. For two reasons, these examples assume that you already
have Samba installed. First, explaining how to build and install Samba
would be enough material for an article of its own. Second, since
Samba is available as Red Hat and Debian packages shortly after each
new stable release is announced, installation under Linux is a snap.
Further, most ``base'' installations of popular distributions already
automatically install Samba.
Before Samba version 1.9.18 it was necessary to compile Samba yourself
if you wished to use encrypted password authentication. This was true
because Samba used a DES library to implement encryption, making it
technically classified as a munition by the U.S. government. Binary
versions of Samba with encrypted password support could not be legally
exported from the United States, which led mirror sites to avoid
distributing pre-compiled copies of Samba with encryption enabled.
Starting with version 1.9.18, Samba uses a modified DES algorithm not
subject to export restrictions. Now the only reason to build Samba
yourself is if you like to test the latest alpha releases or you wish
to build Samba with non-standard features.
Since SMB is a large and complex protocol, configuring Samba can be
daunting. Over 170 different configuration options can appear in the
smb.conf file, Samba's configuration file. In spite of this, have no
fear. Like nearly all aspects of UNIX, it is pretty easy to get a
simple configuration up and running. You can then refine this
configuration over time as you learn the function of each parameter.
Last, the latest version of Samba, when this article was written in
late January, was 1.9.18p1. It is possible that the behavior of some
of these options will have changed by the time this is printed. As
usual, the documentation included with the Samba distribution
(especially the README file) is the definitive source of information.
The smb.conf file is stored by the Red Hat and Debian distributions in
the /etc directory. If you have built Samba yourself and haven't
modified any of the installation paths, it is probably stored in
/usr/local/samba/lib/smb.conf. All of the programs in the Samba suite
read this one file, which is structured like a Windows *.INI file, for
configuration information. Each section in the file begins with a name
surrounded by square brackets and either the name of a service or one
of the special sections: [global], [homes] or [printers].
Each configuration parameter is either a global parameter, which means
it controls something that affects the entire server, or a service
parameter, which means it controls something specific to each service.
The [global] section is used to set all the global configuration
options, as well as the default service settings. The [homes] section
is a special service section dynamically mapped to each user's home
directory. The [printers] section provides an easy way to share every
printer defined in the system's printcap file.
A Simple Configuration
The following smb.conf file describes a simple and useful Samba
configuration that makes every user's home directory on my Linux box
available over the network.
[global]
netbios name = FRODO
workgroup = UAB-TUCC
server string = John Blair's Linux Box
security = user
printing = lprng
[homes]
comment = Home Directory
browseable = no
read only = no
The settings in the [global] section set the name of the host, the
workgroup of the host and the string that appears next to the host in
the browse list. The security parameter tells Samba to use ``user
level'' security. SMB has two modes of security: share, which
associates passwords with specific resources, and user, which assigns
access rights to specific users. There isn't enough space here to
describe the subtleties of the two modes, but in nearly every case you
will want to use user-level security.
The printing command describes the local printing system type, which
tells Samba exactly how to submit print jobs, display the print queue,
delete print jobs and other operations. If your printing system is one
that Samba doesn't already know how to use, you can specify the
commands to invoke for each print operation.
Since no encryption mode is specified, Samba will default to using
plaintext password authentication to verify every connection using the
standard UNIX password utilities. Remember, if your Linux
distributions uses PAM, the PAM configuration must be modified to
allow Samba to authenticate against the password database. The Red Hat
package handles this automatically. Obviously, in many situations,
using plaintext authentication is foolish. Configuring Samba to
support encrypted passwords is outside the scope of this article, but
is not difficult. See the file ENCRYPTION.txt in the /docs directory
of the Samba distribution for details.
The settings in the [homes] section control the behavior of each
user's home directory share. The comment parameter sets the string
that appears next to the resource in the browse list. The browseable
parameter controls whether or not a service will appear in the browse
list. Something non-intuitive about the [homes] section is that
setting browseable = no still means that a user's home directory will
appear as a directory with its name set to the authenticated user's
username. For example, with browseable = no, when I browse this Samba
server I will see a share called jdblair. If browseable = yes, both a
share called homes and jdblair would appear in the browse list.
Setting read only = no means that users should be able to write to
their home directory if they are properly authenticated. They would
not, however, be able to write to their home directory if the UNIX
access rights on their home directory prevented them from doing so.
Setting read only = yes would mean that the user would not be able to
write to their home directory regardless of the actual UNIX
permissions.
The following configuration section would grant access to every
printer that appears in the printcap file to any user that can log
into the Samba server. Note that the guest ok = yes normally doesn't
grant access to every user when the server is using user-level
security. Every print service must define printable = yes.
[printers]
browseable = no
guest ok = yes
printable = yes
This last configuration snippet adds a server share called public that
grants read-only access to the anonymous ftp directory. You will have
to set up the printer driver on the client machine. You can use the
printer name and printer driver commands to automate the process of
setting up the printer client on Windows 95 and Windows NT clients.
[public]
comment = Public FTP Directory
path = /home/ftp/pub
browseable = yes
read only = yes
guest ok = yes
[INLINE]
Figure 3. Appearance of Samba Configuration in Windows Explorer
Be aware that this description doesn't explain some subtle issues,
such as the difference between user and share level security and other
authentication issues. It also barely scratches the surface of what
Samba can do. On the other hand, it's a good example of how easy it
can be to create a simple but working smb.conf file.
Conclusions
Samba is the tool of choice for bridging the gap between UNIX and
Windows systems. This article discussed using Samba on Linux in
particular, but it is also an excellent tool for providing access to
more traditional UNIX systems like Sun and RS/6000 servers. Further,
Samba exemplifies the best features of free software, especially when
compared to commercial offerings. Samba is powerful, well supported
and under continuous active improvement by the Samba Team.
Resources
The Samba home page, at http://samba.anu.edu.au/samba/, is the
definitive source for news and information about Samba. The
documentation distributed with Samba is relatively unorganized, but
covers every aspect of server configuration. If you have questions
about Samba, first consult the FAQ, then try the Samba Mailing List.
The location of both can be found on the Samba home page.
The book Samba: Integrating UNIX and Windows, by John Blair and
published by SSC, covers all aspects of installation, configuration
and maintenance of a Samba server.
_________________________________________________________________
Copyright © 1999, John Blair
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Linux Installation Primer, Part 5
By Ron Jenkins
_________________________________________________________________
Copyright Ó 1998 by Ron Jenkins. This work is provided on an "as is"
basis. The author provides no warranty whatsoever, either express or
implied, regarding the work, including warranties with respect to its
merchantability or fitness for any particular purpose.
The author welcomes corrections and suggestions. He can be reached by
electronic mail at rjenkins@qni.com, or at his personal homepage:
http://www.qni.com/~rjenkins/.
Corrections, as well as updated versions of all of the author's works
may be found at the URL listed above.
NOTE: As you can see, I am moving to a new ISP. Please bear with me as
I get everything in working order. The e-mail address is functional;
the web site will be operational hopefully around mid December or
early January.
SPECIAL NOTE: Due to the quantity of correspondence I receive, if you
are submitting a question or request for problem resolution, please
see my homepage listed above for suggestions on information to
provide.
I only test my columns on the operating systems specified. I don't
have access to a MAC, I don't use Windows 95, and have no plans to use
Windows 98. If someone would care to provide equivalent instructions
for any of the above operating systems, I will be happy to include
them in my documents.
ADDENDUM TO LAST MONTH'S COLUMN:
I neglected to mention that you should consider purchasing some cable
ties, coaxial clips, or other devices to dress your cabling properly.
These should be available at your local computer store, or a large
selection can be found on page # 163 of the Radio Shack 1999 Catalog.
(Space limitations preclude listing them all.)
This will allow you to bundle the cable or cables neatly together,
attach them firmly to the baseboard or whatever area in which you are
installing them, and make troubleshooting and maintenance of cabling
problems much easier.
Finally, consider marking each end of your cables in some way so you
know which ends go together. There are a variety of ways to do this,
including simply writing on the cable itself with a sharpie or white
pen, noting the location or machine it is intended for, or my
favorite, using color coded tape wrapped at each end.
Also, each connection on a 10BASE2 coaxial bus network will require a
BNC "tee" connector. This should be included with your network card.
If not go to Radio Shack and get some (PN# 278-112.) They are cheaper
than buying them at a computer store. Finally, don't forget the
termination devices. You will need two. These are available either at
your local computer store, or at Radio Shack (PN# 278-270.)
Part Five: Deploying a home network
This month we will utilize the home networking plan we prepared last
month, and bring it to fruition.
This is going to involve several steps, and I will present them in the
order I recommend, but ultimately it will be up to you to choose your
deployment method.
Additionally, I will offer step by step instructions on the
configuration of the networking components and protocols. This will
give you the basic functionality upon which you will add to as this
series continues.
The goal of this installment will be to get the networking hardware
and software installed, provide basic connectivity, and simple name
resolution and file sharing services.
The more advanced services, such as sendmail, DNS, routing, ftp, web,
print services, and gateway service will be covered in the next
installment.
As with each installment of this series, there will be some operations
required by each distribution that may or may not be different in
another. I will diverge from the generalized information when
necessary, as always.
In this installment, I will cover the following topics:
* Pre-installation planning.
* Preparing the cabling.
* Preparing the file server.
* Preparing the workstations.
* Installing the cabling.
* Installing the hardware.
* Installing the software.
* Configuration of the file server.
* Configuration of the work stations.
* Testing the installation.
* Troubleshooting the installation.
* References.
* Resources for further information.
* Preview of next months installment.
* About the Author.
Assumptions that apply to the following installation instructions:
To keep this installment to a manageable size, as well maintaining an
acceptable level of simplicity, the following things will be assumed.
We will be installing a three node network, consisting of a file
server, one Windows NT client, and one Linux client. Physically, all
three machines are on a single table. The Linux client is at the
extreme left, the Linux fileserver is in the center, and the NT client
is at the extreme right.
In the 10BASE2 (coaxial or bus configuration,) the cabling will be run
along the rear edge of the table and fastened by clips available for
this purpose either from a computer store or at Radio Shack as
previously mentioned.
In the 10BASET or star configuration, the hub will be placed alongside
the file server, and the cabling will emanate from the hub to the
various machines, The three cables will be bundled together with cable
ties, forming one larger diameter group of cables that can be treated
as a single cable. This will be attached to the back of the table
using clips as described above.
The NICs I will use are NE2000 ISA bus combo cards, with both a BNC
and a RJ-45 interface. The cards will be Plug and Play cards which
require you to use a utility diskette under DOS, provided with the
card, to configure it. This utility diskette also contains the NT
drivers for the card.
I use FREE DOS, available at http://sunsite.unc.edu to create the DOS
boot disk. You may or may not have to create your own DOS boot disk,
depending on what kind of NIC you have.
Two of our NE2000 NICs will be set to the following:
IO = 0x320 (320), IRQ = 10
The third one will be configured by NT.
These are by far the most common cards people usually start out with.
If you are using something different, the instructions should be
similar. Just make sure you can turn off the Plug and Play feature
(bug?) for the Linux machines, if necessary. This usually only applies
to ISA NICs, as kernels => 2.0.34 usually do a pretty good job of
snagging PCI NICs.
This should provide the information required for most any size
network, the steps will just need to be duplicated for the extra
clients and/or servers.
I will use the terms UNIX and Linux somewhat interchangeably, except
where I am explicitly referring to something unique to a particular
flavor of UNIX, in which case I will note the difference.
If you will be integrating Novell or MAC clients, you're on your own.
I have not touched Novell since 3.1, and I don't have access to a MAC
machine. The AppleTalk and IPX HOW-TOs may be of some assistance to
you.
Further, it will be assumed you are using "reserved" IP addresses for
your home network. We will use the Class C reserved network
192.168.1.0. The netmask for our network, thus will be 255.255.255.0.
We will give the file server the IP 192.168.1.2, and the hostname
fileserver01. The Linux client's IP will be 192.168.1.3, with the
hostname linux01. Finally, the NT client's IP will be 192.168.1.4,
with a hostname of nt01. I am keeping the 192.168.1.1 address and the
hostname gateway01 for the gateway machine we will build next month.
The domain name of this network will be home.net.
The NT domain (not to be confused with the actual domain) name will be
HOME.
The NT client will access the file services using SAMBA, and the Linux
client will access file services using the native Network File System
(NFS.)
Name resolution will be accomplished using common hosts and
resolv.conf files, and a little trick for the NT box.
When finished you should be able to ping all machines both by IP
address, and hostname.
Additionally, you should be able to access the disk storage on the
file server from either client, with both read and write access.
Pre-installation planning:
Review of the network plan: Look over the network plan ONE LAST TIME.
Make sure you have acquired all the necessary hardware, software, and
cabling, as well as a hub or termination devices, if required.
Preparing the common files: Since we will not be using DNS for name
resolution at this point, we will rely on primarily three files for
the UNIX machines, and one file for the NT box.
Unique to the UNIX machines will be:
/etc/hosts.conf
/etc/resolv.conf
These two files will be propagated throughout the Linux portion of the
network, along with the hosts file described below.
The first file, hosts.conf, simply tells the Linux box what means to
use to resolve IP addresses to hostnames, and the order in which it
should use them.
There are basically two methods utilized for name resolution. The
hosts file (see below for more information,) which we will use in this
installation, and a DNS server, usually another UNIX box running a
program called the Berkeley Internet Name Daemon (BIND.)
First, cd to etc/, then open the hosts.conf file, or create it if
necessary, and edit it to contain the line:
order hosts,bind
Then close the file. This simply tells the Linux box to first check
its hosts file to find another machine on the network before trying
anything else.
Next, open the resolv.conf file, or create it if necessary, and edit
it to contain the lines:
domain home.net
search home.net
After you are finished, close the file. This tells the Linux box it's
domain name, and to search this domain first before implementing any
external name resolution.
The purpose of this is to keep your local network name resolution on
the local network. This will become important later when we hook these
machines up to the Internet through a gateway machine.
Common to both the NT and UNIX machines will be:
A hosts file, which is simply a listing of all the machines on a local
area network, which translates IP addresses to hostnames.
Open the hosts file with your favorite editor, again creating it if
necessary, and create entries for the loopback adapter, also known as
the localhost, and each machine on your network. This file will be
copied to each machine, thus allowing both the UNIX boxes and the NT
machine to find each other by hostname.
Entries in the hosts file are created using the following syntax:
IP address Fully Qualified Domain Name (FQDN) hostname
For example, for the machine bear.foobar.net, with an IP of
206.113.102.193, the proper entry would be:
206.113.102.193 bear.foobar.net bear
A SHORT NOTE ON THE LOOPBACK ADAPTER: this interface, also known as
the localhost, MUST be the first entry in any hosts file.
So, to create the hosts file we will be using across our entire
network, edit it to contain the following lines:
127.0.0.1 localhost
192.168.1.1 gateway01.home.net gateway01
192.168.1.2 fileserver01.home.net fileserver01
192.168.1.3 linux01.home.net linux01
192.168.1.4 nt01.home.net nt01
On the UNIX machines, this file also lives in the /etc directory,
while on the NT machine it will live in /winnt/system32/drivers/etc
directory.
Now that we have prepared our common files, we can move to actual
deployment preparations.
Logistics and downtime: While this is not as great a concern on a home
network as it is on a commercial LAN, it is still important to
consider the impact the network installation will have on your
machines, as well as what if any interruption of productivity might
occur.
You have two major, and one minor option in this regard:
* The blitz method: This method entails setting aside a period of
time when all machines may be downed, cabling, hardware and
software installed and configured all in one contiguous session.
Best for very small networks, and non commercial networks.
* The phased method: This method involves a more conservative,
cautious approach. Individual machines or sections of the network
are downed one at a time, configured, tested, and brought back up
before moving to the next section. This minimizes the interruption
of productivity, and loss of computer services. Best for larger
networks or most any commercial network.
* A combination of the two: In any installation other than an
extremely small network such as our example here, some combination
of the two methods is usually the most practical approach. For
instance, you may choose to blitz all the server machines, so that
file services and other services will be immediately available to
the client machines. After the blitz of the servers, you may then
choose to slowly integrate the client machines by department, by
priority of use, or most commonly, the suits first, then everyone
else. As an aside, if you are deploying a network in a commercial
environment, never underestimate the effect of office politics in
your planning. While the executives may not technically need to be
on the network as soon as your programmers or designers, remember
to keep the man with the checkbook happy, and you will find your
next upgrade much easier to justify.
Preparing the cabling:
10BASE2: Double check that you have sufficient coaxial cable, in the
proper lengths, to interconnect all the machines on your bus.
Remember, the cable strings from machine to machine, so I recommend
physically laying out the cable between each machine to make sure you
have enough, and the proper lengths. Finally, be sure you have the
proper clips and ties to dress the cables neatly.
10BASET: Depending on whether you bought the cables already made up,
or made them yourself, the same general rules stated above will also
apply here. Placement and layout of the cabling will be largely
determined by your placement of the hub. Try to place the hub in such
a way as to assure the shortest average length from the hub to each
machine. As mentioned above, make sure you have sufficient materials
to neatly run, anchor, and wrap your cabling.
Preparing the file server:
Memory issues: A good rule of thumb for any computer, and especially
servers, is the more RAM the better. Since this is a home network,
this is not as big an issue, but still important.
Disk storage issues: If you can afford it, get SCSI drives. They work
better and last longer. If you are on a budget, EIDE or UDMA drives
will do in a pinch, but be aware they will not stand up as well under
heavy, constant use.
Backup device issues: I use a SCSI DAT drive, and have always had good
results with it. Whatever you choose, MAKE SURE IT IS SUPPORTED BY
Linux BEFORE YOU BUY IT! And backup up anything on any of the machines
you will be working on that you cannot afford to lose!
Power interruption and loss of data: You should consider at least
protecting your fileserver with an Uninterruptable Power Supply (UPS.)
I can recommend APC and Tripp-Lite products here. Why? Because they
put they're money where they're mouth is on the warranty provided. Try
to get one with two protected outlets, and jacks for your phone line.
This will come in handy later when we do the gateway. Surges don't
just come over the power lines. Ideally all your machines should have
one, but try to make sure you get one for the file server.
Preparing the client workstations:
Linux box: not really much to do here, as most everything you need
should already be installed. All your networking software should
already be there. The only possible exception to this is if you have a
RedHat machine, and you chose dialup workstation during installation.
In this case, you may or may not have to install additional packages.
Check your documentation.
NT box: Here you will need to have your CD-ROM handy, as the
networking software is probably not on your machine unless you
explicitly requested it during the installation process. The software
I am talking about here is separate and distinct from what is required
for Dial Up Networking (DUN.)
Surge protectors: If you cannot afford a UPS for each machine, at
least put a quality surge protector on the two clients. Avoid the
temptation to buy a bargain one. APC and Tripp-Lite are ones I can
recommend for the same reasons as stated above. If either of these
machines has any peripherals connected to it such printers, modems,
scanners, etc. make sure these are protected as well.
Installing the cabling:
10BASE2: This is a fairly straightforward process. Simply lay the
cable along the back on the table (or whatever your machines are on,)
where you plan to install them. Do not anchor the cables at this time.
10BASET: Once you have determined where your hub will be located, lay
out the cable from the hub to each machine. Do not bundle or anchor
the cables at this time.
Installing the hardware:
Network Interface Cards: This is fairly straightforward. Power off
your machine. Remove the case cover and find an empty expansion slot
appropriate for your type of card. Make sure it is firmly seated, and
that you replace the screw that holds it in place.
If the card is an ISA card, and is going into one of the Linux boxes,
be sure to disable the Plug and Play feature and make note of the IO
address and IRQ the card is using. There is usually some of setup
program to help you with this. Write these values down as you will
need them later.
A QUICK NOTE ON IO ADDRESSES AND IRQ's: Some cards may require you to
manually set the IO and IRQ values using jumpers on the card. Use care
here. If you choose an IO address or IRQ already in use by another
device, all sorts of nasty things can happen. Here are some good ones
to try that generally work:
IO Address:
0x300 (300)
0x310 (310)
0x320 (320)
IRQ:
10, 11, or 12.
If the card is a PCI card, have a go at auto detection first, then
failing that, use the DOS setup program if required. Here at most, you
may have to specify the IO address, which usually looks something
similar 0x6xxx.
In any case, once the card is set, be sure to write the pertinent
information down. You will need it later on the Linux boxes, and you
may or may not need it on the NT box.
10BASE2:
* Connectors and termination: Connect the tee to the NIC. On the
Linux client and the NT client, place a termination device one
side of the tee. Then using the cables you laid out earlier,
connect the machines together.
10BASET:
* Installing the hub: This should consist of nothing more than
setting it down on the table and plugging it in. In other
situations, you may or may not find it advantageous to mount it on
the wall, or even under the table.
* Connecting to the hub: Using the cables you laid out before,
connect one end of each cable to the appropriate NIC. Now you may
bundle, but not anchor the cabling, starting at the each client on
either end, and working toward the fileserver in the middle.
Installing the software:
Required software:
Common:
The /etc/hosts file: as specified above.
The /etc/hosts.conf file: as specified above.
The /etc/resolv.conf file: as specified above.
Specific to the file server:
If necessary, copy the above common files to the appropriate
directories.
SAMBA: This may or may not already be present on your system. If not,
use pkgtool on a Slackware box to install it, and glint or the command
RPM:ivh <name of samba.rpm> to install it on a RedHat box. Once you
have verified it is installed, configure it as follows:
* In the /etc directory, there should be an smb.conf-sample file.
You may copy this to a new file called smb.conf, or create your
own from scratch. I recommend using the sample one at first.
* Edit the line workgroup = WORKGROUP and change it to workgroup =
home.net
* Next, look for a line similar to the following: hosts allow =
xxx.xxx.x. Where xxx.xxx.x. represent the first three octets of
your network address, 192.168.1. in the example. Additionally, be
sure to allow the loopback interface. So the correct entry would
be : hosts allow = 192.168.1. 127.
* Finally, look for the line: remote announce = xxx.xx.x.xxx and
change it to 192.168.1.255 for our example network.
NFS services: This should already be installed on your Linux boxes.
A possible exception is RedHat, again if the NFS server and client
options were not selected during installation. If necessary, install
them. Once you have verified the software is installed on your system,
configure as follows:
The /etc/exports file: This is fairly simple. There is much more to
NFS than what I will present here, but briefly, and entry in the
exports file uses the following syntax:
/name/of/directory/to/export (type of access) who.can.access
So as an example, to export the home directory with read and write
permissions, to anyone in the home.net, the correct entry would be:
/home (rw,no_root_squash) *.home.net
Specific to the NT client: Copy the hosts file ONLY to the specified
location. Insert your NT CD-ROM and choose
start/settings/controlpanel/network. Depending on whether you have
been using this machine for DUN, you may or may not have some of the
software already installed. If not just follow the prompts, with the
following objectives:
Install ONLY the TCP/IP protocol.
When the time comes to install your Network Adapter (NIC), you can try
to let it auto-detect first, then failing that, choose Have Disk and
use the diskette supplied with your NIC.
You can safely accept the defaults at this point. If prompted for
information such as hostname, IP address, or netmask, refer to the
stated configuration above.
You may be prompted to reboot several times. Do so.
Specific to the Linux client: Copy the common files to the appropriate
directories.
The only exception would be if you desired to make directories on the
Linux client available to the NT client. If this is the case, simply
repeat the SAMBA instructions for the file server above on the Linux
client as well.
Configuration of the file server:
Basic Networking the first step on the UNIX boxes is to get the NIC
recognized. On a Slackware machine, this is done by editing
/etc/rc.d/rc.modules and uncommenting the line that will load the
kernel module necessary for your particular NIC, and possibly passing
the IO address and/or the IRQ to help Linux find the card. Scroll down
to the Network Device Support section, and look for the line:
#/sbin/modprobe/ ne io=0x320 #NE2000 at 0x320
Uncomment the line by deleting the pound sign. Depending on what
release of Slackware you are using, you may or may not have to specify
the IRQ as well. This should not be necessary if you are using release
3.5 or higher.
Next, you will want to configure your networking software. Use the
netconfig utility for this. Follow the prompts, with the following in
mind:
When asked if you will be using only loopback, answer no.
Leave the default gateway blank.
Leave the nameserver stuff blank.
In RedHat, you can use the linuxconf utility in either text mode or
under X. I have had a few bad experiences with the X version, so I
recommend using the text mode version.
At the command prompt, type linuxconf <RETURN>
You will be presented with a dialog box.
Choose Config/Networking/Client tasks/Basic host information.
First, set your hostname to fileserver01.home.net, then tab to quit to
return to the previous screen. Choose Adaptor 1, use the spacebar to
select the following parameters:
* Enabled
* Config mode Manual
Next enter the proper hostname, domain, IP, netmask, device number,
kernel module, IO, and IRQ for machine. In our case, the proper data
is:
fileserver01.home.net
fileserver01
192.168.1.2
255.255.255.0
eth0
ne
0x320
10
If at any point, you are prompted for a default gateway, leave it
blank for now.
After you have entered this information, choose quit, accept, quit,
quit, quit, until you are asked to activate your changes.
If you want, you can use linuxconf to add your user accounts now, or
do it manually later.
Reboot.
Configuration of the workstations:
Configuration of the NT client Choose
start/settings/controlpanel/network.
Select the Identification tab. Make sure your Workgroup is set to
HOME.
Select the Protocols tab. Highlight TCP/IP. Click on Properties.
Select the IP Address tab, and make sure Specify an IP address is
selected, and that the IP and netmask are correct. Additionally, make
sure the Default Gateway is blank.
Select the DNS tab. Enter your hostname (nt01) and domain (home.net)
in the appropriate boxes.
Select the WINS Address tab. Make sure the WINS server boxes are
blank, and uncheck the Enable DNS for Windows Resolution and Enable
LMHOSTS Lookup boxes if necessary.
Select OK. When prompted that one of the adapters has an empty WINS
something or other, select yes to continue. Select close. You will be
prompted to reboot.
Configuration of the Linux client The network configuration will be
the same as the fileserver instructions.
Testing the installation:
If any of these testing procedures fail, go to the troubleshooting
section for suggestions on how to correct the problem.
Testing for physical connectivity To test physical connectivity, ping
one of the other hosts on the network. You should see some return
information and statistics. Depress Ctrl+C to exit.
Testing the loopback adapter To test the loopback adapter, simply ping
127.0.0.1.
Testing the NIC To test the NIC, simply ping the IP address of the
NIC.
Using ifconfig and ipconfig -
In Linux and NT, there are utilities provided to assist you in
assessing the condition of your networking setup and hardware. They
are called ifconfig and ipconfig, respectively.
On a Linux box, at the command prompt: ifconfig <RETURN> should yield
two entries one for the Loopback Adapter called lo, and one for your
NIC, called eth0.
On an NT box the command ipconfig should yield one entry, describing
your Ethernet adapter.
Testing name resolution To test name resolution simply ping by
hostname, such as fileserver01, nt01, linux01, etc.
Testing file services
* Linux NFS To test the NFS services, CD to /mnt, and create a
directory called test. Then try to mount the remote directory to
it. For instance, in our example above, we are exporting /home on
the fileserver machine, so lets mount it under test: mount t nfs
fileserver01:/home /mnt/test <RETURN>. If all went well, you
should now be able to access the remote directory from the Linux
client.
* NT SAMBA double-click on Network Neighborhood. Under Home, you
should see both your NT client and the Linux machine,
fileserver01. Double click on the entry for fileserver01. If your
user account has been created on the Linux box, you should be able
to enter your username and password when prompted, and be taken
directly to your home directory on the Linux box.
Troubleshooting the installation:
Troubleshooting physical connectivity problems
* ping 127.0.0.1. If this fails, you have an improper networking
configuration. Go back and recheck all your settings and required
files. If this works, try to ping the IP address of the NIC
installed in the machine. If this does not work, make sure the
card is being recognized by Linux. If the NIC has more than one
interface e.g. RJ-45 (10BASET) and a BNC (10BASE2,) make sure you
have the correct one activated. If all goes well up until this
point, try to ping another machine on the network by IP address.
If this fails, see the next section on cable integrity.
Cable integrity
* If you cannot ping any other machine on the network, and you have
tried all of the above, here are some tips for isolating cabling
problems.
* 10BASE2 move the termination of the bus to the next machine in
line. Try to ping it. If this fails, try another cable. Repeat the
ping test. If it still fails, suspect a termination problem. See
below.
* 10BASET check that the RJ-45 connector is firmly seated in the NIC
and the hub. If the cable is good, there should be an LED lit up
above the port on the hub into which the cable is inserted. If the
LED is not lit, try another cable.
Termination integrity
* This only applies to 10BASE2 or bus networks. Terminators are
usually a pass or fail type of deal. Either they work or they
don't. First try another cable, and check to see if you are
getting link lights on the NIC. Finally, double check combo cards
to make sure the BNC interface is active.
Troubleshooting name resolution problems:
* First, try to ping by IP address. If this fails, check cabling,
termination, and NIC recognition at boot time. On the UNIX boxes,
ifconfig <RETURN> should show the loopback interface and eth0. If
the NIC is not recognized, make sure Plug and Play is turned off,
and you have passed the correct IO and IRQ parameters to the
kernel. On an NT box, ipconfig <RETURN> should yield similar
results. If not, check your network configuration.
/start/programs/administrative tools/nt diagnostics may be of some
help here.
* If the ping by IP is successful, try to ping by hostname. If this
fails, check your hosts file and make sure it matches the one
above. If this is a UNIX box, check your hosts.conf and
resolv.conf files and make sure they match the examples. If this
is a NT box, make sure you placed the hosts file in the proper
directory as specified above.
Troubleshooting NFS problems
* If you cannot mount a remote drive, check the /etc/exports file on
the machine that physically contains the directory you are trying
to mount. Make sure the desired directory is being exported
correctly.
* If you can mount the remote directory, but can read and/or write,
go back to the exports file and check the permissions.
Troubleshooting SAMBA problems
* If the Linux box does not show up in the Network Neighborhood,
make sure that both the NT box and the /etc/smb.conf files are
using the HOME workgroup.
* If the Linux box shows up, but you cannot access the shares, see
if you are running Service Pack 3. If so, read the SAMBA docs for
the required registry change that will need to be made to the NT
machine.
* Finally, make sure the username/password combination you are
trying to use exists on the UNIX box as well as the NT box.
References:
Previous columns:
Linux Installation Primer parts three and four
Other:
Ethernet HOW-TO
Net-3 HOW-TO
Network Administrators Guide
Mastering Windows NT Server 4 (3rd Edition)
Resources for further information:
The Linux Documentation Project
http://www.patoche.org/LTT/
http://www.ugu.com/
http://www.stokely.com/unix.sysadm.resources/
alt.unix.wizards
comp.security.unix
comp.unix.admin
alt.os.linux.slackware
comp.os.linux.networking
comp.os.linux.hardware
linux.redhat.misc
Coming in Part Six: the long awaited Internet Gateway!
_________________________________________________________________
Previous ``Linux Installation Primer'' Columns
Linux Installation Primer #1, September 1998
Linux Installation Primer #2, October 1998
Linux Installation Primer #3, November 1998
Linux Installation Primer #4, December 1998
_________________________________________________________________
Copyright © 1999, Ron Jenkins
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Linux on a Shoestring
By Vivek Haldar
_________________________________________________________________
This article first appeared in the September 1998 issue of PC Quest,
India's leading infotech magazine.
_________________________________________________________________
Table of Contents
* INTRODUCTION
* SAVE RAM!
+ RECOMPILE THE KERNEL
+ STOP SOME SERVICES!
+ HOW TO REMOVE SERVICES FROM A RUNLEVEL
+ WHICH SERVICES TO KEEP, AND WHICH TO REMOVE
+ SERVICES YOU MIGHT WANT TO KEEP
* SAVE DISK SPACE
+ HOW TO REMOVE A PACKAGE
+ WHICH PACKAGES DO I REMOVE?
* WINDING UP
_________________________________________________________________
INTRODUCTION
With every operating system out there screaming "Give me more!" - more
disk space, more RAM, more Mhz - it's comforting to know that there is
one savior out there for those of us not endowed with the sizzlingly
latest hardware. Yes, I am talking about Linux.
Though Linux shines as a network operating system, and is often
projected as one, the fact is that it makes a great single user OS as
well - something that one could use on a non-networked home PC.
And in that case, there are a number of ways in which you could tweak
your system to get more punch out of it - even on machines as
antiquated as 486s, and with as little RAM as 8MB.
Now please remember that you need to be logged in as root to do all
the following things. Our attack will be two pronged - to minimize
usage of RAM, and to save disk space.
SAVE RAM!
RECOMPILE THE KERNEL
The kernel that is installed out of the box does the job, but its a
catch-all kernel, with almost everything compiled into it. Which means
that its bigger than it has to be for you. If you compile your own
kernel from the kernel sources, it could be upto 100kb smaller than
the default vmlinuz kernel. Besides, its very helpful to know how to
compile the kernel. It's quite simple actually. You first configure
it, that is, you say what all you want in your kernel. And then you
compile it.
Linux has reached that advanced stage in its evolution where even the
kernel configuration can be done graphically. The kernel sources
usually reside in /usr/src/linux. To get the graphical configuration
running, do "make menuconfig"(for text based menus), or "make
xconfig"(for graphical setup in X). You'll be presented with a long
list of configurable options, and before deciding, it is advisable to
see the sagely help note which goes along with each. The notes always
give sound advice, and you should follow it. By doing so, you'll land
up with exactly the things that you need compiled into your kernel,
and nothing else. I would also suggest reading the README file in the
source directory. Once you've configured everything, quit X if you're
running it. This is so that you can do the compilation in text mode,
without a heavy X running, and with more available RAM.
Do "make dep; make zImage", go have coffee, and come back after some
time. Once that is done, the README explains in no uncertain terms
what to do with your new kernel, and I would only be reproducing it if
I told you.
STOP SOME SERVICES!
When a normal Linux system is running, there are a number of
background jobs constantly running on it, each for a specific purpose
- these are called daemons. For example, sendmail, the mail daemon, is
the process which takes care of all the sending and routing of mail. A
number of such daemons are started at bootup. And to group together
sets of daemons that you might want to start for specific purposes,
you have runlevels, which are simply groupings of services to start
and stop. For example, on a normal Linux system runlevel 1, which is
single user mode, will obviously need a lot fewer services to be
running than runlevel 3, the full fledged multi user mode.
Linux, by default, boots into runlevel 3. Now it turns out that of the
myriad services started in that runlevel, some of them a simple non
networked home PC could do without. For example, you obviously
wouldn't want to waste precious RAM by running sendmail on such a
machine. Yeah, it can be fun to send mail back and forth between
root@localhost, and someuser@localhost, but that wears off pretty
fast.
HOW TO REMOVE SERVICES FROM A RUNLEVEL
With RedHat, it's all very simple. Administration is definitely one of
the areas in which RedHat scores over other distributions. After
logging in as root, start X, and from an xterm, start "tksysv". This
is the graphical runlevel editor.
You'll see six columns, one for each runlevel. Now we'll only be
fiddling with runlevel 3, the one which Linux normally boots into.
Each column will have two halves, the top one for services to start at
bootup, and the botton one for services to stop at shutdown. All you
have to do to remove a particular service is to select it, and press
Del. Thats it. Just remember to save your changes before quitting.
WHICH SERVICES TO KEEP, AND WHICH TO REMOVE
Actually, it's much simpler to tell you which ones to keep. Remember,
all this tweaking is only in runlevel 3. Now the bare essentials are :
* kerneld - nothing will work without this!
* syslog - must have around for kernel to log messages. The logs are
helpful for seeing what was going on with your system in case
something goes wrong(actually, nothing ever goes wrong with
Linux!).
* keytable - you need this if want to be able to use your keyboard!
* rc.local - this is where some trivial nitty gritties happen, after
all the other services have been started.
You simply need to have the above four services. Without them, as some
say, "not everything will work."
SERVICES YOU MIGHT WANT TO KEEP
Then there are the fence sitters - non critical services which you
might want to keep, if you need them, or if you fancy them.
* crond - this runs a number of trivial jobs periodically, the most
important of which is to make sure that your log files don't get
too large. you can run it if you're paranoid.
* atd - this deamon is required if you want to run "at" jobs, i.e.,
jobs which begin execution at a time specified by you. people
working on large, multi-user systems which are up 24 hours,
everyday, use this to run heavy computational jobs at night, when
loads on the system are lighter. but on a simple home machine, i
don't see much use for it. after all, you're the only one using
it!
* gpm - this allows you to use the mouse in text mode. useful
sometimes only if you work in text mode, and a complete waste if
you work in x.
SAVE DISK SPACE
Actually, there's nothing much you can do here, except removing
unwanted packages. Redhat linux has a superb, easy to use, and
comprehensive package management system which can keep track of almost
every non user file on your disk. Everything installed on your system
is part of some package, and packeges can be uninstalled.
HOW TO REMOVE A PACKAGE
Just run "glint", the graphical interface to the redhat package
management system, from a command line while in x, and you will get a
graphical interface to all the packages installed on your system. The
packages are classified, and show up in a directory browser like
window. To remove a package, just select it and click on the
"uninstall" button on the right side.
WHICH PACKAGES DO I REMOVE?
Beware though, there are some critical packages which shouldn't be
uninstalled. In glint, it's generally advisable to not touch the
"base" and "library" packages unless you know exactly what you are
doing.
For others, see their description(click the "query" button). If you
haven't used that package in a long time, or don't foresee using it,
it's generally safe to remove it. In case removing a package affects
any other package, glint will tell you. It's all quite safe. If you do
end up needing the package, you can always reinstall it from the CD.
WINDING UP
These were only a few suggestions that you could try out. The more
comfortable you get with Linux, and the more you explore, the more
ideas you'll get to tweak your system to get the most out of it.
Linux is an OS which is more forgiving to experimentation than most
others. So think, and try it out!
_________________________________________________________________
Copyright © 1999, Vivek Haldar
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
The Linux User
By Bryan Patrick Coleman
_________________________________________________________________
Who uses Linux? This question has changed as Linux evolves. Originally
none but the ultra hacker or the core developers of the OS were the
ones to use it. As different functionality got added, more and more
less technically oriented people began to use Linux.
Now the question is how far will Linux go toward being an OS for the
end user. The response that is the healthiest for continued growth
would be as far as one can go. What you say would you turn Linux into
a next generation Windows. No, but there is more to it than that.
nifty To effectively become an end user product and keep the hackable
quality of Linux should be the new focus. That means when developing
open source software you are developing for everyone from the ultimate
power user / hacker to the less than average user that may have never
used a computer before. Yes some people have never used computers
before still in this day and age.
What does this mean for development? First and foremost make
everything you possible can configurable. Not just different makes for
different needs but truly extendable interfaces using guile or python
for example. But also there need to be defaults. So after your
application is installed a user can simply start your program and it
look polished. As long as your source code is available the hard core
hacker is happy. But for hacker wouldi-be's it is very important that
source code is internally documented.
But wait we can go a step beyond simply creating fully configurable
applications that are extendable and come with default settings. How
about "smart" applications. Maybe you have installed application A on
your system and application B comes along from the same people that
brought you A. Wow you would love to have it so you install it and low
and behold all of the little tweaks that you have made to A are
already configured for application B. Since A and B are smart
applications they have communicated and B now knows what you like. Of
course not everyone likes there applications deciding what they like
so all smart applications should be lobotomyzable.
Now for the real fire. How about all this plus the application is
ready for immediately distributed computing, not only distributed but
PVM aware so if you connect to a Beowulf cluster your application is
ready to do some super computing. Groups can be formed across the web
i.e. ready made intranet. Security is of course built in so you
company or organization can just set up there own key and away they
go.
Why stop at just X or the console or even Linux. I your application is
completely system aware no matter where you are or what computer your
using a person just has to start up there application and it does the
rest going so far as trying to figure out which way you like your
application and if your going to be doing distributed work.
In short the new wave of computing will be all things for all people.
This new approach needs a new name I think. I prefer liquid or fluid
UI or interfacing framework. Some might think of Java. Java however is
slow, slow and in the end it is only one library. What I have in mind
would be more of a set of wrapper classes one for each library used.
And one wrapper that would handle all of the calls to the widget sets
and do all of the AI work. This double wrapper approach would cut a
lot of the time and effort of emulating multiple classes.
_________________________________________________________________
Copyright © 1999, Bryan Patrick Coleman
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Kernel 2.2's Frame-buffer Option
By Larry Ayers
_________________________________________________________________
Introduction
The long-awaited new stable version 2.2 of the Linux kernel is on the
verge of release as the new year begins; a great variety of new
features and drivers will be included. One of the new features is the
option to use a new device type for the virtual consoles, the frame
buffer device (/dev/fb[0-7].) This new device type isn't really
essential for the many Linux users running Intel machines, but those
people using Alpha, Sparc, PPC, or any of the other platforms
supported by Linux should benefit, as the idea behind the frame buffer
console is to provide a hardware-independent console device.
Geert Uytterhoeven, a Belgian programmer and one of the primary frame
buffer developers, wrote a succinct introduction to one of the frame
buffer documents included with the kernel source:
The frame buffer device provides an abstraction for the graphics
hardware. It represents the frame buffer of some video hardware and
allows application software to access the graphics hardware through
a well-defined interface, so the software doesn't need to know
anything about the low-level (hardware register) stuff.
Users of Intel machines already have methods available to vary the
size of the text console screen, such as the video=ask Lilo parameter
and the SVGATextMode utility. I've used SVGATextMode for quite some
time to set the console text to a 116x34 resolution. It works fine,
but while configuring recent 2.2 beta kernels with menuconfig I
couldn't help but be intrigued by the choices offered in the Console
Drivers sub-screen. My video card these days is a Matrox Mystique, and
when I saw a new frame buffer driver for Matrox cards and another
option for Mystique support I just had to give it a try.
Installation Tips
The first time I tried a kernel with Matrox frame buffer support I
could see that the card was detected (as the boot messages scrolled
by) and the penguin logo's appearance at the upper right corner of the
screen seemed to indicate that at least part of this compiled-in
feature was working, but the console was the same old 80x25 default.
Back to the documentation, where I learned that a utility called fbset
would be helpful. This small program (written by Geert Uytterhoeven
and Roman Zippel) is used to change or query the current frame buffer
mode. Even more important, the installation of fbset creates the
special device files /dev/fb[0-7] which are needed for frame buffer
functionality. The fbset archive can be found at this FTP site.
Another document found in the fb subdirectory of the kernel source's
Documentation directory is called matroxfb.txt. Written by Petr
Vandrovec, the Czech developer responsible for the Matrox frame buffer
drivers, this document is a great help in setting up workable frame
buffer modes. Another, more generic document called vesafb.txt can be
consulted when setting up modes for other VESA-2.0 compliant video
cards.
There are two ways to tell the kernel which frame buffer mode to use.
While experimenting, setting the mode specification at the Lilo prompt
is a quick way to try a mode out. Let's say that your main dependable
kernel is the first one in the /etc/lilo.conf file, and the frame
buffer kernel is the second and is named bzImage-2.2. Your computer
boots, the LILO prompt appears, and you press the shift key. Here is
an example of a mode being set:
LILO bzImage-2.2 video=matrox:vesa:0x188
If the mode is acceptable, the console screen will switch to the new
mode (in this case, 960x720) soon after the boot messages begin to
scroll by. The relevant boot messages will look something like this:
matroxfb: Matrox Mystique (PCI) detected
matroxfb: 960x720x8bpp (virtual: 960x4364)
matroxfb: framebuffer at 0xE0000000, mapped to 0xc4807000, size 4194304
Console: switching to colour frame buffer device 120x45
fb0: MATROX VGA frame buffer device
If you like the mode, a variation of the above Lilo command can be
inserted directly into the /etc/lilo.conf file; the line should look
something like this:
append="video=matrox:vesa:392"
The quotes are essential, and notice that the hex number 0x188 has
been converted to its decimal equivalent 392, since Lilo can't
understand hex numbers in the lilo.conf file.
Once the frame buffer kernel is booted the fbset utility can be used
to switch to other modes. Mode specifications can be derived from X
modes, but not wanting to spend hours fooling around with this I took
the easy way out. Before I edited the lilo.conf file so that the mode
would be set automatically when booting, I tried several different hex
numbers at the Lilo prompt. After booting each one I ran fbset without
any arguments. When run this way fbset outputs to the screen the
current mode specs in a format usable in the (initially nonexistent)
config file /etc/fb.modes. Here's a sample of the output:
kbdmode "name"
# D: 56.542 MHz, H: 45.598 kHz, V: 59.998 Hz
geometry 960 720 960 4364 8
timings 17686 144 24 28 8 112 4
endmode
Several of these mode specs can be pasted into a new /etc/fb.modes
file, substituting different mnemonic names for the "name" in the
pasted output. One useful mode to include is a basic, non-color text
mode, either by trying one of the text modes described in the
documentation or simply by running fbset -depth 0. SVGAlib console
graphics programs won't run properly in frame buffer consoles with
higher color-depths. Once a fb.modes file has been created the frame
buffer mode can be changed by running the command fbset name, where
"name" is one of the mode names in the file.
Frame Buffers and X
Naturally, the big question many readers will have is "Will X Windows
run when started from a frame buffer console?". The answer is "It
depends.". Some combinations of X servers and video cards are known to
have problems, especially when switching back and forth from X to a
virtual console. This can be a problem with SVGATextMode as well. The
XFree86 3.3.3 SVGA server I've been using with my Matrox card has
worked well with the frame-buffer consoles. Your mileage may vary.
There is a special server available in source form; it's called
XF68_FBDev and it's included in the XFree86 3.2 (and later) sources.
Binaries aren't available, and the server is unaccelerated and would
mainly be of interest to those running Linux on non-standard hardware
such as PPC.
Conclusion
The majority of Linux users probably won't be using the frame buffer
kernel options any time soon. It has advantages with some hardware,
but it takes time to figure out and use effectively, and the benefits
are nice for console users but won't be of much use to those who spend
most of their time in X Windows. I think that the reason it will be a
part of the next stable kernel release is that frame buffer devices
aren't Intel-specific, as is much of the current console code. It's
likely that the much-anticipated release of XFree86 4.0 (possibly this
year) will include more frame buffer compatibility in its server
modules, such as seems to exist now in the SVGA server.
_________________________________________________________________
Last modified: Sun 3 Jan 1999
_________________________________________________________________
Copyright © 1999, Larry Ayers
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Running Your Own Domain Over a Part Time Dialup
By Joe Merlino
_________________________________________________________________
You love your linux box. You love the power. You love the flexability.
You love the freedom. You really love the utter non-microsoftness of
it. But deep down inside, you know there's something missing. A deep
longing sits within you, crying out to be assuaged.
Your friends with full-time ethernet connections have it. Your really
rich friend with a T-1 to the house has it. They can log into their
linux boxen any time they want. They have their own domain names. You
probably even have an account on one of their machines. But look what
you're stuck with. Sure your modem's pretty fast, but it only dials up
when you tell it to, and you can't tell it when you're not logged in.
Even if you set it up to run as a cron job, you wouldn't know where to
telnet to because your ISP gives you a different IP number every time
you dial in.
How do you get remote access?
Fear not. There Is A Way. For the price of a dialup PPP account, you
can have that precious remote access. And if you're willing to pay the
freight to InterNIC (you can scrape up seventy bucks, can't you?) you
can even have your own domain. Here's how:
_________________________________________________________________
STEP 1 - SETTING UP PPP
The general setup of PPP connections on Linux is well documented
elsewhere, so I won't go into it, except to say that you need to have
PPP set up to run non-interactively from a command line. Graphical
programs to activate PPP such as EZPPP or Red Hat's netcfg won't work.
This is because you're going to create a script to be run as a cron
job, and that script needs to be able to call your PPP-connecting
script.
For the purposes of this article, my PPP-connecting script is called
/etc/ppp/ppp-on, and the script that ends the PPP connection is called
/etc/ppp/ppp-off. You should be able to find examples of these sorts
of scrips on the web.
_________________________________________________________________
STEP 2 - DYNAMIC DNS SERVICE
You probably have Domain Name Service (DNS) through your ISP, but your
ISP doesn't keep track of your particular connection because it
changes every time you dial in. Your ISP does this because it has more
users than it does IP numbers. This makes sense when you consider that
most of the people who use the service only connect for a short time -
a couple of hours at most. You can probably get a full-time connection
and a static IP number from your ISP, but such things are typically
pretty expensive.
The thing is, you don't really need a static IP number to have a
constant domain name. As long as the Domain Name Server where your
domain name lives knows what your IP number is *at any given time*,
you can get to your machine. And the DNS server where you domain name
lives doesn't have to be the same one that belongs to your ISP.
I use a service provided by a company called Dyndns (www.dyndns.com)
Dyndns will, for a fee, maintain your domain name in its database. The
domain name you get can either be a subdomain of theirs (i.e.
yourdomain.dyndns.com), which is cheaper, or your can have your own
unique domain name (i.e. yourdomain.com), which is somewhat more
expensive. If you want a unique domain name, irst, you have to
register your domain name with InterNIC (www.internic.net). Dyndns
will do this for you, for a fee, but it's so easy to do, you might as
well save yourself the money and do it yourself. When you register
with InterNIC, you have to supply the IP numbers of a primary and
secondary DNS server. These numbers are available on Dyndns's web
page. Once all of this goes through (read: is paid for), you're good
to go.
The next thing you do is download a client program from Dyndns's
website. They have a couple of different clients you can choose from
(one in C, and one in Perl), and it might take some experimenting to
figure out which one is better for you (even then, I had to have a
friend of mine hack the Perl client a little to make it work).
When you are logged into your ISP, you run the client program. The
client program gets your current IP number from the output of the
'ifconfig' command, and reports it to Dyndns's DNS server. Your domain
name is now pointed at your machine.
[Note: Nothing I've said in this section should be considered an
endorsement of or advertisement for Dyndns. I've used their service as
an example because it's the service I use, and it's what I'm familiar
with.]
_________________________________________________________________
STEP 3 - AUTOMATING THE CONNECTION
You've got the domain name, you've got the DNS service, amd you've got
the client program working. Now you need a way to make the computer
log itself onto your ISP without your actually being there to do it.
Ah, the wonders of Linux! This is taken care of with a simple shell
script. Here's what I use:
#!/bin/bash
# This is a script that attempts to log into a remote dialup and
# establish a PPP connection. If it is sucessful, it runs 'ntpdate'
# (network clock set), NamedControl.pl (a perl script to update
# the dynamic DNS), and fetchmail for all accounts. If it fails, it
# makes two more attempts, and then exits.
# This script is released under the GNU General Public Licence. No
# warrenty whatsoever is expressed or implied.
# Original version was written by Joe Merlino <joe@negia.net>, November,
# 1997.
# If you have an idea for an improvement to this script, please let me
# know.
# set iteration counter at 1
i=1
while [ $i -le 3 ]
do
# This part tests for the availability of the modem. If the modem
# is available, it runs /etc/ppp/ppp-on. If not, it reports and
# exits.
(
if (test -e /var/lock/LCK..modem)
then
echo modem not available # for some reason this didn't work.
exit 0
else
/etc/ppp/ppp-on
sleep 45
fi
)
# This part tests for the modem lock file, and if it exists, runs
# the various programs needed to update the system from the network.
# if the lock file is not found, it reports and exits.
(
#!/bin/bash
if (test -e /var/lock/LCK..modem)
then
/etc/ppp/netpack #invoke 'netpack' script
echo done
else
echo no connection
fi
)
sleep 60
# This part again tests for the lock file, and if it finds it, sets
# the iteration counter to 4 (so the script will exit). If the lock
# file is not found, it incriments the counter by one.
if (test -e /var/lock/LCK..modem)
then
i=3
fi
i=`expr $i + 1`
echo $i
done
You'll notice that this script calls another script, 'netpack'. I've
done that because I have a set of things I like to do when my machine
logs itself in. At the very least, 'netpack' should include your
dynamic DNS client script. I would also recommend that it include
whatever you use to download your email (e.g. 'fetchmail' or
'popclient' or whatever). It would also be possible to replace the
line that calls 'netpack' with a series of lines that call the various
programs, but I like the modular design because I can edit 'netpack'
on it's own.
I put both this script (which I named 'auto-up'), and 'netpack' in
/etc/ppp/.
Once you've got all that set up, try running it manually to make sure
it works. (Don't forget to give yourself execute permission.) Once
you've established that it works, set it up as a cron job (using the
'crontab -e' command) to run whenever you want to have remote access
to your linux box. Also, set up /etc/ppp/ppp-off to run when you want
your access to end.
[Note: Some ISPs have a limit on the amount of time you can be
connected without doing anything. This is to keep people from logging
in and simply leaving their computers connected indefinitely. You
should be aware of your ISP's policy with regard to this.]
And there it is. You now have remote access to your machine at
specified times. Now you can start pining for a full-time connection.
Addendum: Between the time I wrote this article, and the time that
this issue of Linux Gazette was posted, DynDNS added a web-based
update system to its already existing methods. This means that you can
update DynDNS manually, with your browser.
It also gives us the opportunity to write another Perl client. This
one can be much more compact, and should work "out of the box" with
only one small hack required for your account information.
If you want to use it, simply copy the text between the ---CUT---
lines to a file, give yourself execute permission, and use it in place
of the other client program.
---------------CUT------------------
#!/usr/bin/perl
#
# Client script for HTTP update of DynDNS's Dynamic Domain service.
# Written by Joe Merlino 12/31/98
# Licence: GNU GPL
#
use IO::Socket;
# Replace the values below with your information as indicated
$host = "master.dyndns.com";
$myhost = "myhost"; #replace with your hostname
$myname = "postmaster";
$mypass = "mypass"; #replace with your password
# This part opens a connection to DynDNS's web server.
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$host",
PeerPort => "http(80)"
)
or die "couldn't open $host";
# This part sends an HTTP request containing your information.
print $remote "GET /dyndns/cgi/DynDNSWeb.cgi?name=$myname&passwd=$mypass&domain
=$myhost&IP=AUTO HTTP/1.0\n\n";
#This part extracts and prints DynDNS's response.
while ($hrm = ) {
if ($hrm =~ /UPDATE/) {
$message = $hrm
}
if ($line =~ /THERE/) {
$message = $hrm
}
}
print "DynDNS: $message";
-close $remote;
---------------CUT------------------
_________________________________________________________________
Copyright © 1999, Joe Merlino
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Setting Up a PPP/POP Dial-in Server USING Red Hat Linux 5.1
By Hassan Ali
_________________________________________________________________
DISCLAIMER:
This worked for me. Your mileage may vary!
OBJECTIVES:
To install PPP and POP/IMAP services on a Red Hat Linux 5.1 server for
dial-in users.
TOOLS:
Red Hat Linux 5.1 CDs
ASSUMPTIONS:
You have a PC with basic installation of Red Hat Linux 5.1 with a
Linux kernel that supports IP forwarding.
_________________________________________________________________
STEP 1: Install "mgetty" (if not yet installed) from Red Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Login as "root", insert Red Hat 5.1 CD #1 in the CD-ROM drive and
mount it using the command:
# mount -t iso9660 /dev/hdb /mnt/cdrom
(It is assumed that your CD-ROM drive is device /dev/hdb, if not
change it accordingly)
2. Get to the RPMS directory:
# cd /mnt/cdrom/RedHat/RPMS
3. Install "mgetty" rpm files:
# rpm -Uvh mgetty*
This will install mgetty and all its cousins, but who cares!! If you
hate extended family, have your way and replace "mgetty*" with
"mgetty-1.1.14-2.i386.rpm".
4. At the end of /etc/mgetty+sendfax/mgetty.config file, add the
following set of three lines for each serial port connected to a
modem for dial-in users. Here is an example for /dev/ttyS1 and
/dev/ttyC15:
# For US Robotics Sportster 28.8 with speaker off
port ttyS1
init-chat "" ATZ OK AT&F1M0E1Q0S0=0 OK
answer-chat "" ATA CONNECT \c \r
# For Practical Peripheral 14.4 with fax disabled and prolonged
# carrier wait time (90 sec)
port ttyC15
init-chat "" ATZ OK AT&F1M0E1Q0S0=0S7=90+FCLASS=0 OK
answer-chat "" ATA CONNECT \c \r
Notes:
1. AT&F1 sets hardware flow-control mode on many modems. For
other modems use appropriate initializations in the init-chat
line.
2. Just in case you wonder why I took as an example a ttyC15
port; well, you may have such a port if you have a multiport
serial card. If you need one, I recommend Cyclades cards.
5. In /etc/mgetty+sendfax/login.config file, search for the line that
starts with /AutoPPP/. Make sure that it is not commented (i.e.
there is no "#" at the beginning of the line), and edit it to be:
/AutoPPP/ - a_ppp /etc/ppp/ppplogin
If you wish to have users' login names (rather than "a_ppp") to appear
in the /var/run/utmp and /var/log/wtmp log files, then the above
line should be:
/AutoPPP/ - - /etc/ppp/ppplogin
6. In /etc/inittab file, search for the section that runs "getty"
processes and add at the end of that section one line of the
following form for each modem port. Example here is given for
ttyS1 and ttyC15.
7:2345:respawn:/sbin/mgetty -x 3 ttyS1
8:2345:respawn:/sbin/mgetty -x 3 ttyC15
[the first number (7,8) is arbitrary (in fact I have seen in some
cases "s1", "s2", etc, used instead). Just give a different number
for each port. And why not you go by the order!!? Me wonders!]
7. Connect the modems to the serial ports, switch them ON and then
initialize "mgetty" with the command:
# init q
NOTE: If you spawn "mgetty" on a serial port with no modem connected
to it, or the modem is not switched ON, you'll get lots of error
messages in "/var/log/messages" or/and in the other mgetty
("/var/log/log_mg.ttyXX") log files. In fact those error messages
may continuosly pop up on your screen. Quite annoying, eh? To
avoid this annoyance, each serial port that has no modem connected
to it should have its corresponding lines commented out in
/etc/inittab and in /etc/mgetty+sendfax/mgetty.config files.
_________________________________________________________________
STEP 2: Install PPP (if not installed) from Red Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. If the Red Hat CD #1 is properly mounted (see STEP 1.1), to
install PPP type the following command:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/ppp*
2. Edit /etc/ppp/options files to read as follows:
-detach
crtscts
netmask 255.255.255.0
asyncmap 0
modem
proxyarp
NOTES:
1. Use appropriate netmask for your network. It doesn't have to
be 255.255.255.0, in fact in my case it was 255.255.255.224
2. Read man pages for "pppd" to understand those options.
3. Edit /etc/ppp/ppplogin file (create it if it doesn't exist) to
read as follows:
mesg n
tty -echo
/usr/sbin/pppd silent auth -chap +pap login
Make the file executable using command:
# chmod +x /etc/ppp/ppplogin
NOTE: We're going to use PAP authentication BUT using the ordinary
/etc/passwd password file. That's what "+pap login" means.
4. For each serial port connected to a modem, create a corresponding
/etc/ppp/options.ttyXX file, where "XX" is "S1" for ttyS1 port,
"S2" for ttyS2 port, "C15" for ttyC15, etc. In one such file put
the following line:
myhost:ppp01
where "myhost" is the hostname of the PPP server - change it
accordingly to the actual hostname of your Linux box. If you're
more forgetful than you can REMEMBER to admit, remind yourself of
the hostname of your server using the "hostname" command.
# hostname
The word "ppp01" used above is just an arbitrarily chosen name for the
virtual host associated with one of the PPP dial-in lines and its
corresponding IP address as defined in /etc/hosts file (to be
discussed later). In another /etc/ppp/options.ttyXX file, you may
wish to type in the following line:
myhost:ppp02
That is, here you define a different PPP hostname, "ppp02". Use a
different hostname for each serial port. You can choose any names
that your lil' old heart desires! They don't have to be ppp01,
ppp02, ppp03, etc. They can be "junkie", "newbie", "noname",
whatever!
5. Edit /etc/ppp/pap-secrets file and add one line as shown below for
each IP address that is to be dynamically assigned to PPP dial-in
users. This, of course, assumes that you have a pool of IP
addresses that you can assign to your dial-in clients:
# Secrets for authentication using PAP
# client server secret IP addresses
* * "" 10.0.0.3
* * "" 10.0.0.4
This says: no PAP secrets (passwords) set for any client from anywhere
in the world with the shown IP address. We don't need to use PAP
secrets if we will be using /etc/passwd instead. If you are REALLY
not paranoid, you can have just one following line that will serve
all the IP addresses (yours and your neighbour's!):
# Secrets for authentication using PAP
# client server secret IP addresses
* * "" *
6. Make /usr/sbin/pppd program setuid "root" by using command:
# chmod u+s /usr/sbin/pppd
7. Edit /etc/hosts file to assign IP addresses to all PPP hostnames
you used in STEP 2.4. Use the pool of IP addresses used in STEP
2.5:
10.0.0.3 ppp01 ppp01.mydomain.com
10.0.0.4 ppp02 ppp02.mydomain.com
NOTE: Replace "mydomain.com" with the actual domain name of your PPP
server. Just in case you're confused, I assume your PPP server is
"myhost.mydomain.com".
_________________________________________________________________
STEP 3: Install POP/IMAP servers (if not installed) from Red Hat 5.1
CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~
1. With the Red Hat CD #1 properly mounted, issue the following
command to install POP and IMAP:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap*
2. Check /etc/inetd.conf file to see if "pop-2", "pop-3", and "imap"
service lines are all uncommented. If not, uncomment them (i.e
remove the leading "#"). If you only want to support POP3 clients,
just uncomment the "pop-3" line. If POP2 and POP3 files are not in
the "imap*" RPM file, try to see if you have "ipop*" RPM file and
use it instead.
3. Activate the new services by using command:
# kill -HUP `cat /var/run/inetd.pid`
_________________________________________________________________
STEP 4: Enable IP fowarding
~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. If you use the already compiled Linux kernel that comes with Red
Hat 5.1, it does normally have support for IP forwarding. If you
compile your own Linux kernel, you have to enable "IP:
forwarding/gatewaying" networking option during compilation. For
RFC compliance, the default bootup process does not enable IP
forwarding. Enable IP forwarding by setting it to "yes" in
/etc/sysconfig/network file, like so:
FORWARD_IPV4=yes
2. Activate IP forwarding by using command:
# echo "1" > /proc/net/ip_forward
or by rebooting the system.
_________________________________________________________________
STEP 5: Test the server
~~~~~~~~~~~~~~~~~~~~~~~
1. First create users (if not ready). You can give them
"/home/username" home directory and "/bin/bash" login shell if you
want them to have both "PPP" and shell access. Give them
"/home/username" home directory and "/etc/ppp/ppplogin" login
program if you want them to have PPP access but not shell access.
It's better to use "usercfg" tool to set-up new users. Typical
/etc/passwd file entries may be as follows:
jodoe:tdgsHjBn/hkg.:509:509:John Doe:/home/jodoe:/bin/bash
jadoe:t8j/MonJd9kxy:510:510:Jane Doe:/home/jadoe:/etc/ppp/ppplogin
In this example, John Doe will have both PPP and shell access, while
Jane Doe will only have PPP access. If you have just started to
wonder how John Doe may have PPP access, the answer lies with the
/AutoPPP/ configuration in "mgetty" - it does the magic. Any user
that will dial in and talk PPP, mgetty will give him/her the
/etc/ppp/ppplogin program.
So, if John Doe dials-in using Windows 95 dial-up adaptor which is
set up to make a PPP connection, mgetty will give John Doe PPP
access. If he dials in with any other communication software e.g
HyperTerminal, (with no PPP negotiation) he will be given the
normal login shell. This will never happen for Jane Doe. She will
always be welcome by the "/etc/ppp/ppplogin" program.
In fact "mgetty" allows you to use the same modem lines for
various protocols. For example, your UUCP clients (if you have
any) may use the same modem lines as your PPP clients! Of course,
you have to give your UUCP clients "/var/spool/uucppublic" home
directory and "/usr/sbin/uucico" login program.
2. Assuming you have a web server (Apache) already setup (it's a
piece-a-cake to setup Apache), use a web browser, and a POP e-mail
client (e.g Eudora) on a remote PC connected to a modem and a
phone line. If it is a Windows 95/98 PC, setup the Dial-up Adaptor
appropriately by specifying the IP address of the PPP server as
the Gateway, use correct DNS IP address, and specify that the
server will assign an IP address automatically. In the POP client
(e.g Eudora), set SMTP and POP host as the IP address of the
PPP/POP server.
Now dial-up the server and wait for connection. Test out web
browsing, and POP mail sending and receiving. If it doesn't
work... something is wrong somewhere ;-)
_________________________________________________________________
REFERENCES:
1. PPP-HOWTO 2. NET-3-HOWTO 3. "Using Linux", Bill Ball, published by
Que (around US$30 - highly recommended) 4. mgetty documentation
_________________________________________________________________
Copyright © 1999, Hassan O. Ali
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Touchpad Cures Inflammation
By Bill Bennet
_________________________________________________________________
Here are some reasons to go to a little touchpad for Linux:
1. It will exercise your whole hand digit by digit.
2. When you take the pressure off of your "clicker finger" your
chronic carpal tunnel and joint soreness will go away in a few
days.
3. When you work without soreness, you will enjoy your Linux box even
more than you do now.
4. You can really truly do magic hand gestures to make your machine
go.
5. It works better in Linux than in the monopoly system!
So, what make and model are we talking about? It is the Elite
800 dpi EZ-Pointe serial touchpad by PC Concepts. I got mine at
Computer Avenue (www.computeravenue.com). Developed for the
Windows-Intel monopoly system, it comes with a diskette that holds the
"drivers" for Microsoft's DOS and their 16-bit and 32-bit window
managers.
The DOS setup of the pad is simply a matter of putting the
diskette in the floppy drive and copying the "drivers" over to your
machine. You get the usual triple set of instructions: one for DOS,
one for 16-bit gui DOS and one very "clickety" set of instructions for
32-bit gui DOS 7.0.
After about twenty minutes of fiddling and adjusting, you
are back to square one: you have installed a serial pointing device.
Yes, you can enter in some key bindings coupled with clicks of the
primary and secondary switches. You can set up hotspots accessible
from a set of keys and clicks of switches. When the play-time is done
(about twenty minutes or so - depends how playful you feel), you have
to reboot your machine to record the settings. Ok, no problem.
Now you can use the pad. You will find that all of the
fiddling and customizing was a waste of time, since you will just be
doing same-old, same-old with a new pointing device. When it comes to
RSI, you can get yourself a better mouse or you can get yourself a
totally new pointing device.
The time comes when you want to see this thing work in
Linux. Then you realize that your DOS fiddlings with "drivers" will be
impossible in Linux because all of the "drivers" are written for the
Widows-Intel monopoly system. It makes me think.
Where does the typical hardware problem start? Right! It
starts with standard manufacturing procedure: you follow the market.
So the typical hardware problem in Linux is about hardware that will
work only when a set of mystical registers is set up; those settings
which can only be set with DOS software. We all know that the majority
of PC owners are forced to get DOS software when they buy their
machine. All we need is hardware that works on its own interface (like
your BIOS and CMOS at startup) and hardware that will accept signals
from any software, as long as the signals are correct.
The non-standard hardware that uses non-standard settings is
often (too often) kept from us by manufacturers who force the signing
of a NDA (non-disclosure agreement) in order to protect their secrets.
Ask yourself: is it a secret because it is simple and elegant? My
answer is that these companies are afraid of a certain big, bad wolf
company that steals innovation; this same thief claims to be the
leading innovator! It is no wonder, then, that certain hardware is not
yet open to Open Source.
We also need for the manufacturers to hear that Linuxians
will purchase from "Linux friendly" companies first. First and
foremost, the consumer can really influence the computer industry by
supporting the protocols that are open and free for all users. So do
not buy from a company that seeks to own the protocols and do buy from
companies that adhere to the protocols as they have been established.
Enter the serial port protocol for the serial mouse. A mouse
is a mouse. Evidence for the DOJ: a "regular" mouse is a Microsoft
mouse. If any of you folks think that there is no need to curb
monopolies and their anti-competitive, locked in, exclusive contracts,
remember this: a "regular" mouse used to be an Apple mouse. Apple had
the home computer mouse first and they played fair. It is my
contention that Apple needed to play a bit more hard-nosed. Just look
at who "owns" (influences) them now.
The defacto standard for a "regular" serial mouse is based
on its ubiquitous placement as an accessory for the monopoly system
PC. Besides, we users like pointing devices. For the sake of clarity,
you even call a "regular" mouse or the touchpad a Microsoft mouse when
you install Linux.
Well, it is time to leave the pad plugged in and reboot the
machine to Linux. Good. Let us see if it works without all of these
DOS driver fiddlings. You wait. You hope. You curse the monopoly. Then
it happens.
Gpm -t ms is running. You brush a digit across the pad. It's
alive! Now for startx.
The pad will work as a regular mouse in Linux without any of
those annoying "drivers" because the Linux mouse config is ready for
any serial mouse. No drivers. No fiddling. And the left and right
buttons work just fine. In fact, it seems to me that the motion is
smoother.
Give me a bit of skin anyday
The standard procedure for operating a mouse is odd to watch
if you look at it like a non-computer-familiar person. The operator
holds the hand in readiness on top of the mouse. Whether you are a
"micro-wrist-twitch" artist or a "full-shoulder-pusher" or a
"swing-punch-twister" it all looks the same: your finger rests on the
clicker and moves in one axis, making a tiny movement over and over.
The term "clickfest" was coined as a derisive remark by some person
with an aching "mouse wrist" and and a sore "clicker finger", I'll
bet.
Enter the pad, man. Brush a finger, any finger across the
smooth touch pad. Your cursor will follow. Skin is in. Try a knuckle.
Any skin covered body part will do. Now do a little light tap on a
menu button. It responds. Do a light double tap. This light double tap
is now your new "clickety-click". You do have switches, and they make
drag and drop a little easier. I prefer to do the light stroke thing
at this time; it just is way too cool and human, if you know what I
mean.
Then you try some fine pointer movement, such as in
xpainting or GIMP-ing. Wow! The finest single pixel motion is waiting
for you with a touchpad. It is done with a "fingerprint rollover" of a
fingertip; just like you get when they throw you in a holding cell at
your local ticket giving outlet. You get good traction and positive
one-to-one feedback from the pointer with none of that annoying
mouse-ball slippage. The finishing touch is the drag and drop, where
you can move to your target, take your digit away from the pad surface
(the cursor stays put), move it to one edge of the pad, touch down and
tap twice to light up the target, and drag your targeted item to its
destination. It is just a pleasure to work with a touchpad.
So that is it. No HOWTO is needed for this seriously fun way
to point and click on your screen. Best of all, there is no fiddling
with no damn "drivers".
When your carpal tunnel soreness goes away you may once
again be carefree and easy-going at your monitor. Do you suppose that
flame wars are due to pain from mousing in addition to the pain in the
usual place? Adios from this desktop.
_________________________________________________________________
gpm note
The gpm for a two button mouse is gpm -t bare. It also works
on gpm -t ms if you want or need three-button emulation.
_________________________________________________________________
3 button emulation note
As a three-button mouse emulator, the pad is very nice
because the middle pair of left/right switches are about 1 millimeter
apart and can easily be pressed together with one finger. The point is
that you do not have to make any adjustments from your "regular" mouse
setup, which is in /etc/X11/XF86Config in the pointer section. Just
plug it in and make it go.
_________________________________________________________________
rodent protocol
To see the various rodent protocols, type "man mouse" to see the fine
documentation.
_________________________________________________________________
I was set up!
XF86Setup is the graphical setter upper for your mouse and X Windows.
Xconfigurator is the console/xterm setter upper for this same job.
xf86config is the text based setter upper.-- pick a binary, any binary
_________________________________________________________________
Reference reading:
XFree86 HOWTO -- required reading for Linuxians -- see secret video
timings
3-Button-Mouse HOWTO -- you might have fun with this -- prep for
surgery
Loadlin+Win95 mini-HOWTO -- to beat the "DOS only" hardware trick
"Loadlin.exe Installer", Linux Gazette issue #34, November, 1998 --
step by step
_________________________________________________________________
made with Emacs 20.2.1 on an i486 with GNU/Linux 2.0.32
The word damn is used to emphasize an adamant position and is in no
way meant as an affront to sincere readers.
_________________________________________________________________
Copyright © 1999, Bill Bennet
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
Through the Looking Glass: Finding Evidence of Your Cracker
By Chris Kuethe
_________________________________________________________________
You've subscribed to Bugtraq and The Happy Hacker list, bought
yourself a copy of The Happy Hacker, and read The Cuckoo's Egg a few
times. It's been a very merry Christmas, with the arrival of a cable
modem and a load of cash for you, so you run out and go shopping to
start your own hacker lab. A week later, you notice that one of your
machines is being an especially slow slug and you've got no disk
space. Guess what - you got cracked, and now it's time to clean up the
mess. The only way to be sure you get it right is to restore from a
clean backup - usually install media and canonical source - but let's
see what the "h4x0r" left for us to study.
In late October of this year, we experienced a rash of attacks on some
workstations here at the University of Alberta's Department of
Mathematical Sciences. Many of our faculty machines run RedHat 5.1
(there's a good platform to learn how to try to secure...) since it's
cheap and easy to install. Workstations are often dual-boot with
Windows 95, but we'll be phasing that out as we get Citrix WinFrame
installed. This paper is an analysis of the compromise of one
professor's machine.
One fine day I was informed that we'd just had another break-in, and
it was time for me to show my bosses some magic. But like a skilled
cardshark who's forced to use an unmarked deck, my advantage of being
at the console had been tainted. Our cracker had used a decent rootkit
and almost covered her tracks.
In general, a rootkit is a collection of utilities a cracker will
install in order to keep her root access. Things like versions of ps,
ls, passwd, sh, and other fairly essential utilities will be replaced
with versions containing back doors. In this way, the cracker can
control how much evidence she leaves behind. Ls gets replaced so that
the cracker's files don't show up, and ps is done so that her
processes are not displayed either. Commonly a cracker will leave a
sniffer and a backdoor hidden somwhere on your machine. Packet
sniffers - programs that record network traffic which can be
configured to filter for login names and passwords - are not part of a
rootkit per se, but they are nearly as loved by hackers as a buggered
copy of ls. What wouldn't want to try intercept other legitimate user
passwords?
In nearly all cases, you can trust the copy of ls on the cracked box
to lie like a rug. Don't bet on finding any suspicious files with it,
and don't trust the filesizes or dates it reports; there's a reason
why a rootkit binary is generally bigger than the real one, but we'll
get there in a moment. In order to find anything interesting, you'll
have to use find. Find is a clever version of 'ls -RalF | grep | grep
| ... | grep '. It has a powerful matching syntax to allow precise
specification of where to look and what to look for. I wasn't being
picky - anything whose name began with a dot was worth looking at. The
command: find / -name ".*" -ls
Sandwiched in the middle of a ton of useless temporary files and the
usual '.thingrc' files (settings like MS-DOS's .ini) we found
'/etc/rc.d/init.d/...'. Yes, with 3 dots. One dot by itself isn't
suspicious, nor are two. Play around with DOS for about two seconds
and you'll see why: '.' means "this directory" and '..' means "one
directory up." They exist in every directory and are necessary for the
proper operation of the file system. But '...' ? That has no special
reason to exist.
Well, it was getting late, and I was fried after a day of class and my
contacts were drying up, so I listed /etc/rc.d/init.d/ to check for
this object. Nada. Just the usual SysV / RH5.1 init files. To see who
was lying, changed my directory into /tmp/foo, the echoed the current
date into a file called '...' and tried ls on it. '...' was not found.
I'd found the first rootkit binary: a copy of ls written to not show
the name '...' . I will admit that find is another target to be
compromised; in this case it was still clean and gave me some useful
information.
Now that we knew that '...' was not part of a canonical distribution,
I moved into to it and had a look. There were only two files;
linsniffer and tcp.log. I viewed tcp.log with more and made a list of
the staff who would get some unhappy news. Ps didn't show the sniffer
running, but ps should not be trusted in this case, so I had to check
another way.
We were running in tcsh, an enhanced C-syntax shell which supports
asychronous (background) job execution. I typed './linsniffer &' which
told tcsh to run the program called linsniffer in this directory, and
background it. Tcsh said that was job #1, with process ID 2640. Time
for another ps - and no linsniffer. Well, that wasn't too shocking.
Either ps was hacked or linsniffer changed its name to something else.
The kicker: 'ps 2640' reported that there were no processes available.
Good enough. Ps got cracked. This was the second rootkit binary. Kill
the currently running sniffer.
Now we check the obvious: /etc/passwd. There were no strange entries
and all the logins worked. That is, the passwords were unchanged. In
fact the only wierd thing was that the file had been modified earlier
in the day. An invocation of last showed us that 'bomb' had logged in
for a short time around 235am. That time would prove to be
significant. Ain't nobody here but us chickens, and none of us is
called bomb...
I went and got my crack-detection disk - a locked floppy with binaries
I trust - and mounted the RedHat CD. I used my clean ls and found that
the real ls was about 28K, while the rootkit one was over 130K! Would
anyone like to explain to me what all those extra bytes are supposed
to be? The 'file' program has our answer: ELF 32-bit LSB executable,
Intel 80386, version 1, dynamically linked, not stripped. Aha! So when
she compiled it, our scriptkiddie forgot to strip the file. That means
that gcc left all its debugging info in the file. Indeed, stripping
the program brings it down to 36K, which is about reasonable for the
extra functionality (hiding certain files) that was added.
Remember how I mentioned that the increased filesize is important?
This is where we find out why. First, new "features" have been added.
Second, the binaries have verbose symbol tables, to aid debugging
without having to include full debug code. And third, many
scriptkiddies like to compile things with debugging enabled, thinking
that it'll give them more debug-mode backdoors. Certainly our 'kiddie
was naive enough to think so. Her copy of ls had a full symbol table,
and source and was compiled from /home/users/c/chlorine/fileutils-
3.13/ls.c - which is useful info. We can fetch canonical distributions
and compare those against what's installed to get another clue into
what she may have damaged.
I naively headed for the log files, which were, of course, nearly as
pure as the driven snow. In fact the only evidence of a crack they
held was a four day gap. Still, I did find out something useful: this
box seemed to have TCP wrappers installed. OK, those must have failed
somehow since she got in to our system. On RH51, the TCP wrappers live
in /usr/sbin/in.* so what's this in.sockd doing in /sbin? Being
Naughty, that's what. I munged in.sockd through strings, and found
some very interesting strings indeed. I quote: You are being logged ,
FUCK OFF , /bin/sh , Password: , backon . I doubt that this is part of
an official RedHat release.
I quickly checked the other TCP wrappers, and found that RedHat's
in.rshd is 11K, and the one on the HD was 200K. OK, 2 bogus wrappers.
It seems that, looking at the file dates, this cracked wrapper came
out the day after RH51 was released. Spooky, huh?
I noticed that these binaries, though dynamicically linked, used
libc5, not libc6 which we have. Sure, libc5 exists, but nothing, and I
mean nothing at all uses it. Pure background compatiblity code. After
checking the other suspect binaries, they too used libc5. Thats where
strings and grep (or a pager) gets used.
Now I'm getting bored of looking by hand, so lets narrow our search a
little using find. Try everything in October of this year... I doubt
our cracker was the patient sort - look at her mistakes so far - so
she probably didn't get on before the beginning of the month. I don't
claim to be a master of the find syntax, so I did this:
find / -xdev -ls | grep "Oct" | grep -v "19[89][0-7]" > octfiles.txt
In english: start from the root, and don't check on other drives,
print out all the file names. Pass this through a grep which filters
everything except for "Oct" and then another grep to filter out years
that I don't care about. Sure, the 80's produced some good music
(Depeche Mode) and good code (UN*X / BSD) but this is not the time to
study history.
One of the files reported by the find was /sbin/in.sockd.
Interestingly enough, ps said that there was one unnamed process with
a low (76) process id owned by uid=0, gid=26904. That group is unknown
on campus here - whose is it? And how did this file get run so early
so as to get that low a PID? In.sockd has that uid/gid pair... funky.
It has to get called from the init scripts since this process appears
on startup, with a consistently low PID. Grepping the rc.sysinit file
for in.sockd, the last 2 lines of the file are this:
#Start Socket Deamon
exec in.sockd
Yeah, sure... That's not part of the normal install. And Deamon is
spelled wrong. Should a spellchecker be included as an crack-
detector? Well, RedHat isn't famous for poor docs and tons of typos,
but it is possible to add words to a dictionary. So our cracker tried
to install a backdoor and tried to disguise it by stuffing it in with
some related programs. This adds credibility to my theory that our
cracker has so far confined her skills to net searches for premade
exploits.
The second daemon that was contaminated was rshd. About 10 times as
big as the standard copy, it can't be up to anything but trouble. What
does rsh mean here? RemoteSHell or RootShell? Your guess is as good as
mine.
So far what we've found are compromised versions of ls, ps, rshd,
in.sockd, and the party's just beginning. I suggest that once you're
finished reading this, you do a web search for rootkit and see how
many you can scrounge up and defeat. You have to know what to look for
in order to be able to remove it.
While the log files had been all but wiped clean, the console still
had some errors printed on it, quite a few after 0235h. One of these
was a refusal to serve root access to / via nfs at 0246h. That
coincided perfectly with the last access time to the NFS manpage. So
our scriptkiddie found something neat, and she tried to mount this
computer via NFS, but she didn't set it up properly. All crackers, I'd
say, make mistakes. If they did everything perfectly we'd never notice
them and there would be no problems. But it's the problems that arise
from their flaws that cause us any amount of grief. So read your
manuals. The more thorougly you know your system, the more likely you
are to notice abnormalities.
One of the useful things (for stopping a cracker) about NFS is that if
the server goes down, all the NFS clients with directories still
mounted will hang. You'll have to 120-cycle the machine to get it
back. Hmmm. This presents an interesting tool opportunity: write a
script to detect an NFS hack, and if a remote machine gets in,
ifconfig that interface off. Granted, that presents a possible
denial-of-service if authorized users get cut off. But it's useful if
you don't want your workstation getting compromised.
At this point I gave up. I learned what I'd set out to do - how to
find the crap left behind by a cracker. Since the owner of this system
had all her files on (removed) removable media there was no danger of
them being in any way compromised. The ~janedoe directory was mounted
off a Jaz disk which she took home at night, so I just dropped the CD
into her drive and reinstalled. This is why you always keep user files
on a separate partition, why you always keep backups and why it's a
good plan to write down where to get the sources for things you
downloaded, if you can't keep the original archives.
Now that we've accumulated enough evidence and we're merely spirited
sluggers pulverizing an equine cadaver, it's time to consider the
appropriate response. Similar to Meinel's you-can-get-punched and
you-can-go-to-jail warnings in The Happy Hacker, I would suggest that
a vicious retaliatory hack is not appropriate. In Canada, the RCMP
does actually have their collective head out of the sand. I am not a
lawyer, so don't do anything based on these words except find a lawyer
of your own. With that out of the way, suffice it to say that we're
big on property protection here. Aside from finding a lawyer of your
own, my advice here is for you to call the national police, whoever
they are. People like the RCMP, FBI, BKA, MI-5 and KGB probably don't
mind a friendly phone call, especially if you're calling to see how
you can become a better law-abiding citizen. Chances are, you'll get
some really good tips, or at least some handy references. And of
course you'll know someone who'll help you prosecute.
My communication with RCMP's Commercial Crimes unit (that includes
theft of computing and/or network services) can be summarized as
follows: E-mail has no expectation of privacy. You wish email was a
secret, but wake up and realize that it's riskier than a postcard. As
systems administrator, you can do anything you want with your computer
- since it's your responsibility either because you own it or because
you are its appointed custodian - so long as you warn the users first.
So I can monitor each and every byte all of my users send or receive,
since they've been warned verbally, electronically and in writing, of
my intent to do so. My browse of the FBI's website shows similar
things. But that was only browsing. Don't run afoul of provincial or
state laws regulating the interception of electronic communication
either.
NOTE: While I have attempted to make this reconstruction of events as
accurate as possible, there's always a chance I might have misread a
log entry, or have misinterpreted something. Further, this article is
solely my opinion, and should not be read as the official position of
my employer.
Appendix A: Programs you want in a crack-detection kit
* find, ps, ls, cp, rm, mv
* gdb, nm, strings, file, strip
* (GNU)tar, gzip, grep
* less / more
* vi / pico
* tcsh / bash / csh / sh
* mount
For security reasons these should all be statically linked.
Appendix B: References WinFrame:
http://www.citrix.com/
RedHat 5.1:
http://www.redhat.com/
http://www.rootshell.com/
http://www.netspace.org/lsv-archive/bugtraq.html
About the filesystem:
McKusik, M.K., Joy, W.N., Leffler, S.J., Fabry, R.S., "A Fast File
System for UNIX" Unix System Manager's Manual, Computer Systems
Reseach Group, Berkeley. SMM-14 April 1986
LEA and Computer Crime:
http://www.rcmp-grc.gc.ca/html/cpu-cri.htm
http://www.fbi.gov/programs/compcrim.htm
_________________________________________________________________
Copyright © 1999, Chris Kuethe
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
USENIX LISA Vendor Exhibit Trip Report
By Paul L. Lussier
_________________________________________________________________
Thu, 10 Dec 1998
I went into Boston yesterday, 09 December, for the Vendor Exhibit at
the LISA conference. My most immediate and overwhelming feeling was
one of major disappointment in myself for not having pushed on my
management to send me to this conference :( It looks like it's a
really great conference. Alas, I'm trying to be positive and look at
it from the point of view of "Why waste a trip to your own backyard
that might be better spent traveling elsewhere :)"
Anyway, the vendor exhibit was fantastic, though my guess is it's only
really good for those of us who do hard-core sysadmin'ing for a
living. The average Linux enthusiast might have been bored, since it
really is nothing more than a lot of vendors hawking their wares
(Though *everyone* would have enjoyed all the free stuff :)
Ironically, the one major vendor who was conspicuously absent was Sun.
All the other vendors were there, Network Appliance, Auspex, Compaq
(never did see maddog though), IBM, SGI (at least I saw a booth with
an INDY in it).
There were a lot of what I call "Want-Ad" booths to. Collective
Technologies (formerly Pencom System Administration), Sprint Paranet,
Fidelity, and several other companies there for sole reason of trying
to recruit people.
The Open Source contingent was there in full force with booths for
RedHat OpenBSD, The Free Software Foundation, etc. There were several
booths from various software companies, most of whom I've heard of,
and even several I haven't.
I spent a lot of time talking to various companies for things directly
related to my needs here at work, and got in some personal geek talk
re: Linux as well.
I stopped by the RedHat booth, and was kind of disappointed. They just
didn't seem excited to be there. Maybe it was because I keep to much
up-to-date on them and they had *absolutely nothing* new to tell me
that I didn't already know. I got the distinct impression they were
tired of being there. It very well could have been that they wanted to
be talking to those who aren't yet converted to Linux yet, but instead
kept getting inundated with the RH fan club :) I don't think they've
adjusted to be on top of the world yet. I heard someone come by and
say, "Hey, we're planning on another 10 RH Linux servers in then month
of so!" The RH response, was an un-enthusiastic "Oh, that's cool." As
if they had heard the same thing all day long, and really didn't want
to hear it anymore. I don't think they knew how to deal with their
success. It could also have been that this particular guy was one of
the RH developers, not a PR/Marketing person.
I spoke with a guy at the OpenBSD booth, I think it was Theo de Radt
himself. I mentioned I tried to get the latest release from amazon.com
last week, which, according to the OpenBSD site, is selling it. Yet
amazon doesn't have any mention of 2.4, only 2.3. He basically got
really upset at that, mentioning that *they* sent him an e-mail the
same day of the 2.4 release announcement stating they had already
gotten 170 requests for it. His only response was "Well then fix your
web page. You just lost $1700US. They all bought it off the OpenBSD
site!" So, needless to say, I'll be getting 2.4 directly from them :)
There were 3 sw booths I stopped at that really got me intrigued.
First there was Aurora Software from Pelham, NH (I think). Their
product is called SARCheck. It's for Solaris, and it's a front end
reporting mechanism for ps and SAR. Supposedly it assists in
performance monitoring and tuning by taking the output of ps and sar,
translating it into English, and then making recommendations on what
to change, why, and how. I think the sw is $150 per system, not per
CPU (this means that I can use it on my 14 processor Sun E4500, and
only pay $150). This sounds really good, and I'm hoping to be able
play with it real soon.
The next company was Shpink Software (yes, really!:) . Their product
is the Network Shell (nsh). This looks *really, really, really cool*.
In short, it's a client/server system where you can 'cd' to a UNC path
on another machine. This differs greatly from NFS in that nsh has the
ability to *execute commands* on the remote system. For example, say I
have 3 systems, a Linux box, an NT box, and a Solaris box. From my
Linux system I can:
linux> tar cvf //solaris/foo.tar //nt/users
or:
linux> cd //solaris/etc
linux> vi passwd
Basically, nsh removes the need for rlogin/telnet sessions to a system
and provides for heavily encrypted sessions, user/machine ACLs, and
many other niceties. The price is incredibly reasonable at $150 per
seat. The advised way of using nsh is to set up a limited number of
machines as "administration" hosts, and run the server daemon where
ever else you need to. Nsh comes with Perl modules to allow access
from perl programs, and works on all major versions of Unix/Linux,
with the nsh daemon available for W95/NT.
Now, for the last, but one of the neatest! Spiderplant. This is an
environmental monitoring gizmo that can connect to the serial port of
any system. In short, you can designate any system as an environment
monitoring station and connect this little black box to your serial
port. It costs $100 for "The little black box" and 1 probe, $15 extra
for each additional probe. The software is Open Source so you can hack
it to your heart's content :) Here are the vital stats:
Temperature Range:
-55/+125 C in 0.1 C.
Accuracy:
0.5 C.
Sensors:
15 (or more) per device, 16 devices per serial line.
Data Connection:
RS-232, 1200 baud, 8,N,1.
DB9 or DB25 connector to computer.
Size:
Main unit measures 3.5" x 2.25" x 1".
Comes with 14-foot serial cable, 10-foot probe cable.
Certification:
Complies with FCC rules part 15
(Class B, for home or office use, US and Canada).
Here are the URLs for the products mentioned:
http://www.openbsd.org/
http://www.sarcheck.com/
http://www.shpink.com/
http://www.spiderplant.com/
http://www.shpink.com/
Hopefully someone will provide a trip report of the rest of the LISA
conference for those of us unfortunate enough to have missed it.
--
Paul
_________________________________________________________________
Copyright © 1999, Paul Lussier
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
"Linux Gazette...making Linux just a little more fun!"
_________________________________________________________________
X Windows versus Windows 95/98/NT: No contest
By Paul Gregory Cooper
_________________________________________________________________
In the December Issue of the Linux Journal Sergio Martinez wrote in
asking for a (quick) article about the differences between X and
Windows 95/98/NT (w95) -- see below. This is my attempt to answer his
questions - I remember asking similar things when I started using UNIX
4 years ago. [More answers can be found in the 2 Cent Tips Column.
--Editor] I've tried to aim this article at the 'Linux newbie' and as
I am not an X hacker, and never been a w95 hacker, there may well be
inaccuracies, but I have tried to capture the ideas and spirit of X
(and w95, such as it has any). I would be pleased to hear from Xperts
and newbies alike.
Sergio has asked questions relating to GNOME and KDE and for the most
part I treat them as equivalent (in the same way I'm treating all
window managers as equivalent). I should state now that I prefer using
GNOME over KDE, irrespective of the ongoing KDE / Open Source debate,
hence I have more experience in GNOME than in KDE. This too may lead
to inaccuracies.
Mail criticisms to pgc@maths.warwick.ac.uk.
_________________________________________________________________
This is Sergios mail;
I'm just writing in with an idea for a quick article. I've been using
the GNOME desktop. I'm a relative Linux newbie though, and I think
that many of your less experienced readers could probably benefit from
a short article about window managers. These are some things I
currently don't quite understand:
1.Terminology: The differences (if any) among a GUI, a window manager,
a desktop, and an interface. How do they differ from X windows?
2.Do all window managers (like GNOME or KDE or FVWM95) run on top of X
windows?
3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
5.How does the history of Linux (or UNIX) window managers compare to
that of say, the desktop given to Win98/95 users? How, specifically,
does Microsoft limit consumer's choices by giving them just one kind
of desktop, supposedly one designed for ease of use?
6.What's happening with Common Desktop Environment? Is it correct that
it's not widely adopted among Linux users because it's a resource hog,
or not open source?
These are some questions that might make an enlightening, short
article. Thank you for your consideration.
-- Sergio E. Martinez
_________________________________________________________________
Before I try to answer each point I'll try to give a quick intro into
X-windows.
Think of X as just another program. When you type startx what happens
is that X starts (shock!), in the background, and runs the .xinitrc
file. The .xinitrc tells X what programs to start once X itself has
started - more on this later. (Some systems use the .Xclients file
instead of .xinitrc - I'll just use .xinintrc).
So X is just another program but what does it do? Roughly speaking X
takes control of the screen from the command line and provides the
system with the ability to create windows and communicate with them.
Basically that's ALL it does - decorating, moving, resizing, focus,
etc, (i.e. managing the windows X provides) is left to the window
manager.
What's clever about X is uses a client/server model and is network
transparent. This is a bunch of jargon - what does it mean?
When you type startx you are starting the X-server, when you run an
'X-application', e.g. netscape, this is a client to which the X-server
gives a window. Similarly xterm is an X-app which puts the command
line in a window.
Network transparency doesn't mean much if you're not networked so
let's suppose the computer you started X on is called fourier and is
networked. Now a program on any computer on the network can ask the
X-server on fourier to start a window for it (on fourier), for
instance from fourier you could telnet to cauchy (another computer on
your network) and run netscape and have the netscape window appear on
your screen (connected to fourier).
In fact it works the other way round too - an X-server can have many
screens (or, as it calls them, displays) connected to it at once - all
different - and those screens can be at the other end of a network.
This goes back to (one of) the original design purpose(s) of X which
was for X-terminals, i.e. things that looked like a computer but were
no more than a screen, some memory, a bios, and a network card
connected to one (or many) UNIX mainframe(s). See this page for
details of how to turn old 386/486's into xterminals.
1.Terminology: The differences (if any) among a GUI, a window manager,
a desktop, and an interface. How do they differ from X windows?
Ok, so we have more jargon - I hope I get this right ;-). An interface
is the way in which a piece of software interacts with the user. Unix
commands use a command line interface (CLI) whereas X-applications use
a graphical user interface (GUI). However different applications tend
to use different approaches to the GUI, for instance when you select a
menu does one click bring the menu up (e.g. netscape) or do you have
to hold the mouse button down (e.g. ghostview). What GNOME, KDE, and
w95 try to provide a consistent GUI amongst all applications, or at
least amongst the common parts of applications, e.g. menus, file
selection, window controls, scrollbars, etc. See the GUI hall of
fame/shame for examples of good/bad GUI design (in windows
environment).
As was mentioned above a window manager takes over where X leaves of -
that is, controlling the windows X gives it. Window managers usually
give you alot more that the just the ability to move, resize, or
iconify windows. Many also provide virtual desktops, taskbars, themes,
app managers, etc. See Window managers for X for a list of most, if
not all, wm's.
Desktop has (as far as I can tell) two usages. We use 'the desktop' to
refer to the background part of the screen. GNOME, KDE, W95, and MacOS
all 'provide a desktop' meaning the background is more that just a
canvas for a nice picture - it acts like any directory in the system.
Technically all this means is that you can place files onto it.
However these may be data (like a letter to gran) or programs, (e.g.
netscape, emacs, etc). Usually this 'background as directory'
philosophy is coupled with a graphical file manager, so that when you
(double) click on a file either it runs (if it's a program) or a
suitable program is started to read the data in the file. In this
context 'desktop' can also include a GUI, so that when people say that
all Linux/UNIX is missing is a 'desktop' what they mean is a
consistent design of common parts of programs, a graphical file
manager, and the ability to leave files littered on the desktop ;-)
2.Do all window managers (like GNOME or KDE or FVWM95) run on top of X
windows?
I like to think of the window manager, fvwm95, window maker, etc, and
the desktop, GNOME or KDE, as running in conjunction with X - but this
is just semantics. The window manager and/or desktop is started (in
the .xinitrc file) after X has started.
The traditional (i.e. pre KDE/GNOME) setup of .xinitrc (after some
environment settings) is to have some xterms and a window manager, so
the last lines of the .xinitrc might look like;
xterm &
xterm &
fvwm95
The window manager is the last thing started by .xinitrc and when the
wm exits, .xinitrc finishes and then X terminates.
If you were using GNOME the last few lines of the .xinitrc would now
be;
fvwm95 &
gnome-session
And for KDE it would be;
startkde
As before GNOME (KDE) are the last things started by .xinitrc and so
when you logout of GNOME (KDE) the gnome-session (startkde) termintes,
.xinitrc finishes, and then X terminates.
In both these examples the xterms are left out as GNOME and KDE
provide sessions management, which means any application left running
when the session ends get started when you startup the next time.
Windows has some session management too.
See the next answer as to why the window manager is started for GNOME
but not for KDE.
3.What exactly does it mean for an application to be GNOME or KDE
aware? What happens if it's not? Can you still run it?
AFAIK an application is a GNOME (KDE) application of it conforms to
the GNOME (KDE) GUI guidelines/specifications and uses the Gtk+ (qt)
libraries. All this means is that GNOME apps use Gtk+ to build menu's,
buttons, scroll bars, file selectors, etc and they do so in a
consistent way (as defined by the GNOME team), e.g. all menus are left
justified, all apps have a FILE menu as the left-most menu, etc. Same
for KDE except they use the qt library by Troll Tech (and possibly a
different set of design guidelines).
Any GNOME app will run provided you have Gtk+ (and the other GNOME
libraries) installed and similarly any KDE app will run so long as you
have qt (and other KDE libraries) installed - you do not have to be
running GNOME/KDE to use a GNOME/KDE application. The only other
additional thing GNOME/KDE apps may have is drag and drop awareness,
e.g. in GNOME you can drag a JPG from a GMC (file manger) window into
an ElectricEyes (graphics viewer) window and ElecticEyes will display
this file. You can do similar things in KDE.
GNOME and KDE have different attitudes to window managers. KDE prefers
to work with its own window manager Kvm, and GNOME is 'window manager
agnostic' - well those are the 'party lines'. You can get other wm's
to work with KDE (so I'm told) and GNOME should work with any wm but
prefers to work with a window manager that is ICCCM compliant and
'GNOME aware'. I'm not sure what this means but I know the only
totally compliant wm is Enlightenment DR0.15 (which is only available
through CVS at the moment) followed by icewm, and with blackbox and
windowmaker a little way behind. I think that the KDE team are working
towards making KDE less dependent on Kvm and defining what a KDE wm
should be.
4.What exactly do the GTK+ (for GNOME) or Troll (for KDE) libraries
do?
Whoops - I think I answered this above. Gtk+ and qt are toolkits for
building menu's, buttons, scrollbars, dialog boxes, and loads more.
5.How does the history of Linux (or UNIX) window managers compare to
that of say, the desktop given to Win98/95 users? How, specifically,
does Microsoft limit consumer's choices by giving them just one kind
of desktop, supposedly one designed for ease of use?
I'm not sure I understand this question let alone know how to answer
it, so instead I'll answer what I think you might be asking which is;
What's the difference between UNIX + X and W95/98/NT.
The first thing to point out is the component nature of the UNIX
approach to a GUI/Desktop. First we have the OS itself, in our case
Linux, on top of that we have the window system, X, and in conjunction
with that we have the window manager, fvwm (for example), and in
conjunction with these two we have the desktop/gui, either GNOME or
KDE. This follows the general philosophy of UNIX which is to build
small tools that interact which each other in well defined ways. It
may seem shambolic but it is a strength. It means that one or other of
the pieces can be interchanged, which gives the user lots of choice
(perhaps too much), and also allows for technological improvements.
For instance X is just one windowing system and may not last forever
(gasp!) There are others, e.g. the hungry programmers Y.
This also gives the user the choice of which window manager or desktop
to use, or in fact whether to use windows and desktops at all - it may
seem strange but some people prefer the command line, and others use X
and a window manager but don't like GNOME or KDE.
Windows95/98/NT on the other hand is a different kettle of fish. Here
the OS, GUI, WM, and desktop aren't clearly separated (as in UNIX) but
are all rolled into one. Thus you have whatever choice Microsoft
happen to give you, i.e. windows themes.
For Microsoft this is an advantage - it stops people butting in and
rewriting parts of their OS which could potentially lose them money.
For instance they realized that with the old windows 2/3.1 you could
simply replace MS DOS with another compatible DOS such as DR DOS from
Caldera. In an ongoing court case Caldera allege that MS added code to
windows to make it seem like there was a bug in DR DOS. With 9*/NT
being all rolled in one there is no need to resort to such tactics.
IMO the W95 desktop is inferior because the user is limited to one
design whereas on a linux system there is a wm + desktop to suit just
about everybody (including those that don't want either a wm or a
desktop).
6.What's happening with Common Desktop Environment? Is it correct that
it's not widely adopted among Linux users because it's a resource hog,
or not open source?
It's not widely adopted because it is commercial, not open source, a
resourse hog, has security problems (RedHat stopped selling it for
this reason), and is IMHO outdated.
_________________________________________________________________
Copyright © 1999, Paul Gregory Cooper
Published in Issue 36 of Linux Gazette, January 1999
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back Next
_________________________________________________________________
Linux Gazette Back Page
Copyright © 1999 Specialized Systems Consultants, Inc.
For information regarding copying and distribution of this material see the
Copying License.
_________________________________________________________________
Contents:
* About This Month's Authors
* Not Linux
_________________________________________________________________
About This Month's Authors
_________________________________________________________________
Hassan Ali
Hassan is a Ph.D. degree holder in numerical techniques applied to
electromagnetics from the University of Ottawa, Canada. He is
presently working with NORTEL NETWORKS in Ottawa, Canada, as a
specialist in software tools used to predict signal integrity, and
electromagnetic compatibility (EMC) on printed circuit boards. Having
been introduced to Linux by a friend about 2 years ago, he has never
stopped having fun with it. Hassan loves to write about whatever
little he knows about for others to learn or to correct him.
Larry Ayers
Larry lives on a small farm in northern Missouri, where he is
currently engaged in building a timber-frame house for his family. He
operates a portable band-saw mill, does general woodworking, plays the
fiddle and searches for rare prairie plants, as well as growing
shiitake mushrooms. He is also struggling with configuring a Usenet
news server for his local ISP.
Bill Bennet
Bill, the ComputerHelperGuy, lives in Selkirk, Manitoba, Canada; the
"Catfish Capitol of North America" if not the world. He is on the
Internet at www.chguy.net. He tells us "I have been a PC user since
1983 when I got my start as a Radio Shack manager. After five years in
the trenches, I went into business for myself. Now happily divorced
from reality, I live next to my Linux box and sell and support GPL
distributions of all major Linux flavours. I was a beta tester for the
PC version of Playmaker Football and I play `pentium-required' games
on the i486. I want to help Linux become a great success in the gaming
world, since that will be how Linux will take over the desktop from
DOS." It is hard to believe that his five years of university was only
good for fostering creative writing skills.
John Blair
John currently works as a software engineer at Cobalt Microserver.
When he's not hacking Cobalt's cute blue Qube, he's hanging out with
his wife Rachel and newborn son Ethan. John is also the author of
Samba: Integrating UNIX and Windows, published by SSC.
Bryan Patrick Coleman
Bryan attends the University of North Carolina at Greensboro where he
is persuing a B.S. in both Computer Science and Anthropology. He has
been involved with Linux since 1994 kernel?, and helped found the
Triad Linux Users Group located in central North Carolina. His future
plans are for a PhD in computer science and a career where he can use
Linux.
Paul Cooper
Paul is a Ph.D. student at the Mathematics Institute Warwick
university. To help finance his studies he also works in the dept.
computer support team, mostly writing documentation. His main interest
outside of Maths and Linux, is American Football, in particular
playing for the university team, the Warwick Wolves.
Jurgen Defurne
Jurgen is an Analyst/programmer in financial company (Y2K and Euro).
He became interested in microprocessors 18 years ago, when my eyes saw
the TRS-80 in the Tandy (Radio Shack) catalog. I read all I could find
about microprocessors, which was then mostly confined to
8080/8088/Z80. The only thing he could do back then was write programs
in assembler without even having a computer. When he was 18, he
gathered enough money to buy his first computer, the Sinclair ZX
Spectrum. He studied electronics and learned programming mostly on his
own. He worked with several languages (C, C++, xBase/Clipper, Cobol,
FORTH) and several different systems in different areas: programming
of test equipment, single- and multi-user databases in quality control
and customer support, and PLCs in an aluminium foundry/milling
factory.
Jim Dennis
Jim is the proprietor of Starshine Technical Services. His
professional experience includes work in the technical support,
quality assurance, and information services (MIS) departments of
software companies like Quarterdeck, Symantec/ Peter Norton Group, and
McAfee Associates -- as well as positions (field service rep) with
smaller VAR's. He's been using Linux since version 0.99p10 and is an
active participant on an ever-changing list of mailing lists and
newsgroups. He's just started collaborating on the 2nd Edition for a
book on Unix systems administration. Jim is an avid science fiction
fan -- and was married at the World Science Fiction Convention in
Anaheim.
Vivek Haldar
Vivek is a third year BTech student at the Indian Institute of
Technology, and has been using Linux for the past two years, both at
home and college.
Ron Jenkins
Ron has over 20 years experience in RF design, satellite systems, and
UNIX/NT administration. He currently resides in Central Missouri where
he will be spending the next 6 to 8 months recovering from knee
surgery and looking for some telecommuting work. Ron is married and
has two stepchildren.
Gustavo Larriera
Gustavo teachs database courses at Universitario Autonomo del Sur
(Montevideo, Uruguay). He is also the webmaster of the only official
mirror site of Linux Gazette in his country
[http://www.silab.ei.edu.uy/lg/]. He is a Linux average user and also
a Microsoft Certified Professional in NT. He hopes that is not
considered a great disadvantage :-)
Joe Merlino
Joe Merlino is a library assistant at Georgia Tech. He lives with his
wife in Athens, Georgia. Consequently, he spends a lot of time in the
car, where he thinks up projects to try on his linux box.
_________________________________________________________________
Not Linux
_________________________________________________________________
Thanks to all our authors, not just the ones above, but also those who
wrote giving us their tips and tricks and making suggestions. Thanks
also to our new mirror sites.
With the Holidays, I took a week vacation to go back to Houston and
visit family and friends. I had a wonderful time. My grandchildren are
smarter and more beautiful each time I see them. I have a new picture
of Sarah and Rebecca on my home page.
My best friend, Benegene, had arranged for a get together with three
friends from our university (Baylor) days. We had a lot of fun
catching up and talking about old times. It was amazing how different
the memories were that stood out in each of our minds. Only goes to
prove that what one person finds remarkable may be quite "ho hum" to
the next. Ah well, it was a good evening and one I hope will be
repeated.
Have fun!
_________________________________________________________________
Marjorie L. Richardson
Editor, Linux Gazette, gazette@ssc.com
_________________________________________________________________
[ TABLE OF CONTENTS ] [ FRONT PAGE ] Back
_________________________________________________________________
Linux Gazette Issue 36, January 1999, http://www.linuxgazette.com
This page written and maintained by the Editor of Linux Gazette,
gazette@ssc.com
Reference in New Issue View Git Blame Copy Permalink