runlevel management and netbase
hello, I am switching to debian from redhat land and have come across a couple things that I have not been able to find complete answers to: in redhat land the preferred way to manage the rc?.d symlinks was with chkconfig (more typing but works right) or ntsysv (don't work right most of the time) which allow you to set a service to be stopped or started at specified runlevels, this was accomplished by changing a K to a S and vise versa... I have found and RTFM on update-rcd but it does not seem to be really equivalent to chkconfig (only works to add a symlink not change existing ones nor list the status of a service for a specified runlevel...) the way I see it to stop a service from running on a runlevel I could a) rm the service symlink from the appropriate rc?.d or b) mv Sblah Kblah (tedious) the problem with a is switching runlevels will only start new services not kill services that are not set to run in that runlevel (unless going to 1 and back) also I am wondering if debian leaves the runlevels function to the sole discretion of the admin? I see that after a install 2345 are all exactly the same (ie start every service in existence and X too) I think I will probably setup the runlevels like redhat does 2 -> multiuser no/minimal network stuff, 3 -> full multiuser networked mode, 5 -> same as 3 plus X. does this violate any debian conventions that would cause me annoyance in the future? (redhat is riddled with traps like this...) another oddity I noticed is there is a netbase script which appears to start telnet and about a dozen other services that are also run out of inetd, why? should both netbase and inetd not be run at the same time? looking at the netbase script it appears to do a couple other things as well but mostly it just seems to make sure your running as many services as possible :) is there a migrate from redhat faq anywhere? I don't remember seeing one, if not maybe I will write one after I get to know debian better if people think something like that would be useful. I am running potato btw. thanks for reading this long message... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: System halted (Linux 2.0) versus Power down (Linux 2.2)
On 20/10/99 Keith Harbaugh wrote: So why does shutdown branch through ...POWER_OFF rather than ...HALT? At least under a Debian 2.1 (slink)/Linux 2.2.12 combination. if you compile support for APM and activate the power down on shutdown then if your hardware supports software power off control then your machine will power down after linux shuts down, just like it would do if you ran win*. if you don't have that APM option turned on it won't work though, I think debian leaves those off by default since some BIOSes are broken and cause crashes with linux APM code. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: MacOS and Intel Linux mixed network
On 19/10/99 Simon Hogg wrote: I have an intel linux box, acting as a workstation (not a server), and the entire rest of the place runs on MacOS (well, more-or-less). Are there any tools that allow me to browse the network, mount shares, etc? I have appletalk installed, and that runs fine. The Macs can see my Linux box, and using tkchooser, I can see their boxes, but tkchooser doesn't yet allow you to mount the volumes exported from the macs. So what I'm looking for is a tool that will understand appletalk, and connect to a mac that only talks appletalk, so I can mount, read and write etc. I thought I saw one mentioned in dselect, but I can't seem to find it now - only similar tools for samba neworks (which we don't have, except in my office / cubicle). there is a netatalk package that does the reverse, allows macs to mount exports of your linux system, be warned however that when a mac user mounts a share (if writable) .appledouble directories and other such junk will be spewed all over the place, very annoying... I had found a utility called afpfs or something like that to allow mounting of mac shares but it appeared to be abandoned and would not compile (this was source not a debian specific thing.) there just does not seem to be very much interest in maintaining mac <-> GNU/Linux tools, hfs fs appears to be virtually unmaintained too (from discussions on linux-ppc lists it is incompatible with 2.3 kernels and so far does not look like its going to be anytime soon either) netatalk as you can see has not been modified in quite a long time (2, 3 years now?) and has some problems on the mac side... (if a mac user uses a OS 8.5 utility to see a linux box there machine will freeze up solid) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: upgrading to potato problem
On 19/10/99 Jacob Schmude wrote: I'm trying to upgrade slink to potato. However, when it comes time to install the new emacs packages (gnu emacs 20.3-11) I get the following errors: some errors were found while processing emacs20_20.3-11.deb while compiling the last portion of the code This is happening when compiling an emacs addon, but there's no specifics as to what addon is causing it. I currently have auctex, emacspeak (I'm a blind user so I need that), psgml, hyperlatex, and emacs/w3 4.0pre.44 (managed to get that installed). Anyone else have this problem? Again, the file name of the problem package is: emacs20_20.3-11.deb in the editors section I do not plan to install emacs 19 so I want to find a fix for 20.3. Btw, why doesn't debian upgrade emacs to 20.4? 20.4 contains many enhancements and fixes bugs. I know this will sound strange, but install gnats (not gnats-user) for some reason I do not really understand the post install scripts of emacs try to copy *.el files that are missing if the gnats package is missing, so the configure stage fails, at least that is what it too to get my emacs to install and thus allow about 20 other things that rely on it to install too... I am not certain you are having the same problem I was but it sure sounds like it from what you said. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: MD5/bigcrypt passwords with potato
"Dwayne C . Litzenberger" <[EMAIL PROTECTED]> wrote: I did this on RedHat months ago, and how do I do it in potato? I want passwords longer than 8 chars, whether it be MD5 or bigcrypt or whatever, I don't care how (although I'd like to be able to preserve other people's old passwords, if it's easy enough), but I miss this functionality in RedHat, and I suspect it's possible with Debian. if you are running potato (which you say you are) you just need to modify the appropriate /etc/pam.d/ files anything like password pam_unix.so add md5 to the end of pam_unix.so the files you should have to change off hand are passwd, su, login, and possibly some others depending on what you have installed. if you are not running potato then you need to edit /etc/login.defs you will (should) find a line for enabling md5, after these changes all you need to do is run passwd and your new password will be in md5 format. now I do have one question about this too, in /etc/login.defs there is a line for defining the maximum number of significant characters in a password, it is set to 8 which you would need to change, my question is 1) is this option relevant on potato with PAM? and 2) what is the maximum number of characters a md5 password may contain? thanks Ethan Benson OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A
Re: upgrading to potato problem
On 19/10/99 Jacob Schmude wrote: That didn't work but it got me more detail on the problem, the exact output of the command starting with the problem lines follows: Byte-compiling pcl-cvs-lucid.el... While compiling pcl-cvs-fontify in file /usr/share/emacs20/site-lisp/pcl-cvs/pcl -cvs-lucid.el: ** assignment to free variable mode-motion-hook ** reference to free variable current-menubar While compiling the end of the data: ** The following functions are not known to be defined: popup-menu, event-window, event-point, mode-motion-highlight-line, set-buffer-menubar, add-menu Wrote /usr/share/emacs20/site-lisp/pcl-cvs/pcl-cvs-lucid.elc sed -e '[EMAIL PROTECTED]@"/usr/share/emacs20/site-lisp/pcl-cvs/"@g' < pcl-cvs-startup.el > startup.el Errors were encountered while processing: emacs20_20.3-11_i386.deb Any ideas? What needs to be done? well I got all kinds of byte compile warnings too and they did not seem to matter, (I think they are just compiler warnings like you see with C code, still annoying I hate warnings :) ) you have to watch the output very carefully to see the right error, maybe tee would be useful here? I also had alot of errors when installing the slink system before upgrading to potato, things like: ldconfig: warning blah is not a symlink ldconfig: warning blah is not a symlink ldconfig: warning blah is not a symlink ldconfig: warning blah is not a symlink where blah is one of about 4 libraries this repeated over and over, but there seem to be not any trouble, are these warnings normal for a debian install? there were also some ldconfig: blah file not found errors here and there. errors just bother me, maybe im idealistic but I prefer to have completely error/warning free install/compiles :-) all I can tell you on the emacs is that there is some dependency that is not declared in the deb, and just carefully watch all the output and note all errors (i think you can safely ignore the compiler warnings) I don't think I was able to avoid installing emacs 19 along with 20 though. I definitely think there is something fishy with the potato emacs packages, maybe you/we should bring this up on devel? (I am not yet totally familier with the debian procedures for possible bugs like this...) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: upgrading to potato problem
On 19/10/99 Jacob Schmude wrote: I'm a new user to debian too. The thing is that these compiler message results in the error so they are not warnings but errors. I've also been getting those exact messages from ldconfig but they didn't seem to be troublesome. I had to install emacs19 along with 20 but as soon as my system was configured it was out of there because it was causing too many conflicts with version 20. ok, so basically what we are looking at are a set of broken emacs packages no? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Need help for x window
On 20/10/99 jh wrote: Fatal server error: No config file found! -x11TransSocketUNIConnect: Can't connect: errno= 111 Giving up. xinit: connection refused (errno 111): unable to connect to x server xinit: no such process (errno 3): server error. My question is how do I find and properly install xf86config? I'm pretty sure that I installed all the x packages in dselect. Could someone help me in layman's terms? Thank you all very much. you want /etc/X11/XF86Config you do know that Un*x filesystems are case sensitive right? (that includes GNU/Linux) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: New Kernel: make-kpkg vs. make bzLilo
On 20/10/99 Brad wrote: > Has anyone tried compiling the recent kernels (ie 2.2.10-12) with gcc 2.95 > or 2.95.2 ? Any problems ?? I've done it, no problems here. YMMV. with 2.2.12 you had to add -fno-scrict-aliasing to the Makefile CC arguments, I am told that 2.2.13 will detect gcc 2.95 and do that automagically 2.2.13 is trickling through my slow modem so I do not know for sure :) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Purging mozilla
On 20/10/99 David Jardine wrote: It appears that mozilla creates a subdirectory in the user's home directory with the user's name, eg /home/fred/fred. I ran which according to my understanding of the manpages should eliminate all traces of its existence - it didn't say that exactly, but this seemed the most radical option. However, the directories are still there, so: Should I have done it another way? Has mozilla left any other droppings on my system? If there is no other way to clean up, shouldn't there be? dpkg will not go into user's home directories and start removing stuff, that would just be plain rude! :-) there is probably nothing left of mozzilla except for the files in anyones home directory who used it, but those files belong to the user so it is up to them to delete them. (there may be data they want to keep, bookmarks for instance.) now if you are the only user then your the only one with these files rm -rf fred should take care of it. (just make sure you point to the right fred :-) ) Ethan Benson OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A
Re: Matrox G400 and X (was: debian-user-digest ...)
On 21/10/99 Rune Linding Raun wrote: xfree86 server for matrox g400max does it exist? The SVGA server supports this card, it is listed in the XF86Config program so you should have no problems. (if you do upgrade to Xfree 3.3.5) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Purging mozilla
On 21/10/99 David Jardine wrote: ...wouldn't it be nicer if I knew what the deleted program had left on my system? well most programs do not run as root, this means that its literally impossible for the program to spew crap all over the filesystem after installation (unlike some other OSes *cough* macos windoze *ahem*) when you are logged in as a ordinary user the programs you run have the same privileges you do (except for a very small minority that require an extra privilege or two, but those do not spew crap where they shouldn't) and thus CANNOT write anywhere except /home/you /tmp and /var/tmp the tmps are cleaned up automatically I believe with the boot scripts and cron jobs. I suspect you are coming from win* or macos and are used to crappy things like `self repair' read randomly spew files all over the place, which makes true deinstallation impossible. generally you can expect alot of software to install a configuration file or directory in the user's home but its up to the user to keep track of that and clean up as needed. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: I messed up my resolution.
On 21/10/99 jh wrote: Is there a way to keep debian from trying to start x at start up? I messed up the resolution and can't read anything. I think MS products sometimes use F8. How about debian? Is there any other way to get to the command line and re-run xf86config? I tried using my boot disk, but this too tried to start x. I got into this trouble because I do not know my systems settings. It is a vga monitor. I thought I set the resolution quite low. Thank you for any help you can give. at lilo boot: linux single that will get you to single user mode where you should be able to run the X configurator if not then cd into /etc/rc2.d and mv SXXYdm to KXXYdm then X will not start automatically for runlevel 2. then you can boot normally without X. I think you could also mv your /etc/XF86Config somewhere else temporarily so that the startup scripts think that X is unconfigured and forgo starting it. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Kernel panic VFS ...
On 22/10/99 Jocke wrote: I have 2 debian partitions the one that works are on hda2 and the one that messed up is on hda5. I have some old vmlinuz + System.map in /boot Could anyone guide me thru this so I can get my hda5 debian to boot again ? Can I fix it from "this" (hda2) partition or do I have to use a rescue disc or something and recompile or what ? Hoping for some help! do you have lilo configured so you can boot the other partition? if not you should do that after to get this straightened out, and then alway leave your old kernel in place and have a lilo image for it so if the new one fails you can just boot the previous without problem... i will give you example lilo .conf at the end so you can do this. if you have successfully booted to your unbroken root hda2 then you can mount -t ext2 /dev/hda5 /mnt to get access to your messed up root, if you still have the working kernel there then simply edit your /etc/lilo.conf (on hda2) and add image=/mnt/boot/vmlinuz #whatever working kernel name is label=linux.good root=/dev/hda5 read-only make sure that you also have prompt in there and run lilo when you reboot press tab at the lilo boot: prompt and you will see linux.good so type linux.good and you should boot into hda5 with the working kernel you put there. you can use the above convention to dual boot between different linux setups just make sure to mount the appropriate filesystems before updating lilo. my lilo.conf to dual boot debian and redhat with support for one backup kernel (debian side): boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 default=linux image=/vmlinuz label=debian alias=linux read-only root=/dev/hda1 image=/vmlinuz.old label=debian.old read-only root=/dev/hda1 image=/redhat/boot/vmlinuz label=redhat read-only root=/dev/hda2 image=/redhat/boot/vmlinuz.old label=redhat.old read-only root=/dev/hda2 on the redhat side the /redhat part of the paths are deleted and the debian parts (and the map and install lines) have /debian added to them, each time I run lilo I first make sure that either /debian or /redhat is mounted (the root filesystem of the other system) depending on which i am running, I also make sure that the symlinks point to the right kernels one old/previous one current then I can boot into anything i want right from the lilo prompt. note: I always use the debian lilo binary, so if I boot into redhat i use /debian/sbin/lilo to update lilo this is to keep the bootloader consistent. if you build kernels the debian way then the vmlinuz.old symlink should be taken care of for you but check it anyway :) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: How can I find specs on my monitor?
On 21/10/99 jh wrote: I am trying to set up x. I keep running xf86config but I do not know the specs for my monitor. It is a Micron monitor model # m14fg. I have gone to Micron's home page but they do not list this old monitor. Does anyone have any ideas? I was wondering why Debian's X config tool does not have a list of monitors like redhat's Xconfigurator, yes long list can be clumsy but its sure beats trial and error when you get a monitor from someone with no documentation whatsoever and no idea what the refresh rates are... I had to copy the numbers from my redhat XF86Config file made by Xconfigurator to get it right... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Where is nologin file?
On 22/10/99 Milan Kliska wrote: I'm looking for a nologin file which gets removed with rmnologin script. Is that just a dummy file or what? I just want root to be able to login to this specific computer. I couldn't find any information about this file, or the file itself. /etc/nologin when exists only root will be permitted to login all other users will be shown the contents of /etc/nologin and denied access, this is meant for temporary use only, such as when the system is being shutdown to prevent new users from connecting while giving time to already logged in users to close up and logout. it is not meant nor should be used to lock down your box in a permanent fashion. I don't know if you are referring to remote users only or everyone, but nologin affects everyone regardless of where they come from, and root and never allowed to login from anywhere but the physical console (tty1-6) if you don't want a user to login anymore permanently delete their account. you should of course have a normal account that you use for day to day activity never use root for that. the other options for denying some users access or access to certain services would be to use PAM but I will leave that to a excercise for the reader. Ethan Benson OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A
Re: I messed up my resolution.
On 22/10/99 Brad wrote: > Boot from your rescue flop, edit your /etc/inittab file and > change the line: > id:5:initdefault: > to: > id:3:initdefault: I don't believe this will work on a Debian system by default, since Debian by default doesn't make any differences between runlevels 2-5. Are you by any chance a RedHat user (RedHat does set up these differences)? ;) not only that debian does not start xdm through init but rather through an initscript in /etc/init.d Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: I messed up my resolution.
On 22/10/99 Brad wrote: RedHat doesn't start xdm through init either, but uses a script in /etc/rc.d/init.d. RedHat is set up so that xdm will only start in runlevel 5 (although you could always run it by hand in any runlevel if you felt like it). The change Onno posted would set the default runlevel from 5 to 3, which would cause a default RedHat setup not to run xdm. The only thing init has to do with it in either distro is setting the runlevel and evaluating the proper rc?.d directory based on that. not unless they changed it for 6.1, my redhat 5.2/6.0 system has a line in inittab that respawns xdm on runlevel 5, there is no initscript for anything related to X, I assure you I did not set it up that way it came that way out of the box. Depending on how you look at it, either both distros start xdm through init (because init executes all scripts in the /etc/rc?.d directory) or they don't (because init doesn't directly spawn the process). well to pick nits yeah init is doing it one way or another, just debian uses an initscript and redhat spawns it directly with init though an inittab line. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Looking for monitor sync settings
On 22/10/99 Andrei Ivanov wrote: cd to that directory, then type gunzip monitors.gz Then you can view the file. nah, use zless or zmore then you do not have to recommpress it again (or have it wasting extra space) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: xdm/shell login
On 22/10/99 Dave Wiard wrote: i've been running potato and want to give gnome a shot. since i have xdm running, if i screw anything up, i'll need to fix my problems. with xdm running, is there a way to get a shell login so i can fix the file locally? control - alt F1 F2 etc give you the normal virtual consoles if thats what you mean. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: FTP and telnet
On 23/10/99 Art Lemasters wrote: Look at /etc/hosts.allow and /etc/hosts.deny. Read the documentation (man pages, /usr/doc, everything) very thoroughly, because there are serious security risks involved with mistakes made at configuring FTP and telnet. BTW, proftpd and ssl telnet are the best way to go with those if you must run them, IMHO. Any input (or corrections) from others on this list would be welcome. definitely right about the security issues involved with activating those services. dont enable them lightly... I would suggest ssh over ssl telnet though, ssh 1.2.27 is very secure and has clients available for most platforms, but I think its simply less hassle to deal with then ssl as you don't have to deal with all that certificate crud. ymmv. as for ftp I think its a tossup between wu-ftpd 2.6.0 and proftpd, proftpd is supposed to be built from scratch with security in mind but it has proven to have just about as many problems as any other, the last couple wu-ftpd exploits existed in proftpd too, wu-ftpd also has some nice abilities (on the fly tarring and gziping) which proftpd claims introduce more security risks, maybe they are right but I have yet to see a recent exploit that involved those abilities and I find them very useful. debian appears to still have not packaged the final version 2.6.0 of wu-ftpd which fixes the latest exploits (redhat has a final 2.6.0 available on their errata, fixing all 3 of the issues reported on BugTraq) what other ftpds are available for GNU/Linux? (and/or debian packaged) am going to look at the OpenBSD ftpd and see what it can do, if it has not been done already I may try and get it to run on GNU/Linux, that would probably be the most secure one there is :-) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: adding win 95 partition
On 23/10/99 James Ruby wrote: I have a 20 gb drive with 5 gb for root and 5 gb for user and 128 mb swap they are all primary partitions. Now I have a little over 9 gb left, I would like to devide this in half and make partitions that windows 95 can see and use, can I do this with out trashing the drive and starting over? if your careful it might be possible So far the things I've tried with cfdisk did not work, there are about four different win 95 fat 32 options. I am not very familier with cfdisk, its too clumsy for my tastes :) with regular fdisk you should be able to create a partition for win95, you cannot make 2 partitions because you can only have 4 primary partitions, and you are using 3 the 4th would have to be an extended partition which is just a container for additional partitions, you cannot boot from an extended partition as far as i know (definitely not win95 at least) so that leaves you with 2 options: 1) just make a 9gb partition for bloat^H^H^H^H^Hwin95 2) create a 9GB extended partition and then create some linux partition and move one or more of your Linux partitions to the extended partitions (just not root) then change the old primary linux partition to a win95 type (im not sure what it prefers I think FAT16) and make a dos filesystem on it. you can do this with your /usr partition pretty easy. just mount the new replacement /usr in /mnt and do a (cd /usr ; tar -cvpf -) | (cd /mnt ; tar -xvpf -) after a few minutes /usr and /mnt will be identical and you can just go down to single user mode umount /mnt and /usr and change /etc/fstab to mount the new /usr instead of the old one, nothing will ever know you did it. obviously the second option will give you more of what you want but is much more work, with more margin for error... one note when you create a FAT partition with linux utilities you need to dd if=/dev/zero of=/dev/blah (#where blah is your new dos partition) bs=512 count=10 otherwise the win95 tools that create the filesystem (probably better to use them then the linux mkdosfs) will do all sorts of undesirable things. also make sure to have a good working boot disk that will let your restore lilo because win95 WILL destroy your current lilo configuration. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: adding win 95 partition
On 23/10/99 Kent West wrote: Assuming you have an IDE drive, you're limited to a max of 4 partitions I believe, which may be causing your problem. If it's a SCSI drive, I think you can have 32 partitions so that's not an issue. you can have 63 partitions on a IDE disk (i have 18 :-) ) the limit is you may only have 4 PRIMARY partitions which are bootable, one primary partition may be a extended partition which can contain many many partitions inside it. SCSI disks I believe have the same primary partition limits as IDE (if you use the DOS partition table anyway) but SCSI disks are limited to 15 partitions total (primary and extended) at least in the linux kernel. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Embarassing NEWBIE Question
On 26/10/99 Eric G . Miller wrote: Am wondering were you got the binaries from? Are they debs (*.deb) or are they tarballs (*.tar.gz, or *.tgz, or just *.tar)? right, don't install tarballs or do make install for things that are managed by dpkg, I buddy of mine new to debian tried updating XFree by make install and dpkg did not take well to that, his system ended up in a state of ruination... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: removing user from group
On 27/10/99 <[EMAIL PROTECTED]> wrote: Another beginners question I`m afraid :-) I added myself to the group "mail" which I now think may have been a mistake. What command do I use to remove myself (or any other user) from a group? Thanks. gpasswd -d user group where user is the username your are removing and group is of what group you are removing said user. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Need a runlevel editor! (console ofcourse)
On 29/10/99 Onno wrote: Yes... At 03:59 AM 10/29/99 -0800, Ethan Benson wrote: On 29/10/99 Onno wrote: I can't find one on the net... Can somebody help me? do you mean do manage the /etc/rc?.d symlinks? I asked about this earlier too, the answer was `mv' :-) redhat has 2 console runlevel editors chkconfig and ntsysv, the latter is ncurses based... they are not too bad except for one serious problem (IMO) they require that the initscripts have a header with description info and what the default runlevels it should be started or stopped at, if the script lacks this header they just pretend it does not exist... if it was not for that I would probably get the source code and fix the /etc/rc.d -> /etc/rc?.d paths and see if they worked on debian but I am not enough of a programmer to try and fix that description header stuff and I don't want to fix every damn initscript I have... chkconfig works sorta like so: # chkconfig --levels 2345 giverootd off redhat's tools are a wee bit buggy though, they do not always do what you expect them too, ntsysv is worse about this. the main flaw though is that header thing. I was thinking about writing a script to make management of runlevels easier but I have been overcome with laziness^W^W^Wdistracted with other things etc etc... not to start any flamewars but using mv to manage multiple runlevels is pretty archaic... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Need a runlevel editor! (console ofcourse)
On 29/10/99 Martin Fluch wrote: Ther is a script called update-rc.d ... no this is not what we are looking for, update-rc.d only works if there is no symlinks at all for a given script, so to use it to change a runlevel you must first rm all the symlinks then use update-rc.d to recreate them in the configuration you want, not that much more convenient then using mv... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Pre/Post Install Script Failurei
On 29/10/99 [EMAIL PROTECTED] wrote: penguin:/var/cache/apt/archives/fucked# dpkg --configure enlightenment-theme-bluesteel Setting up enlightenment-theme-bluesteel (0.16.0-2) ... dpkg (subprocess): unable to execute post-installation script: Permission denied dpkg: error processing enlightenment-theme-bluesteel (--configure): subprocess post-installation script returned error exit status 2 Errors were encountered while processing: enlightenment-theme-bluesteel It doesnt matter what package I try to install, it's always the same. is the partition where /var/tmp resides mounted noexec? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: xemacs font problem
On 29/10/99 Micha Feigin wrote: I just moved to a new apartment. When i restarted linux I got a message that the system hasn't been shut down properly, and that there were some bad inodes. When i tried to start emacs i got a message that it can't get any usable font, and it seg faulted. It worked fine before that. I tried to install xfs again, and i installed the last version of xemacs21 (i had the one before last) but it didn't help. The full error message i got: Warning: Missing charsets in String to FontSet conversion Warning: Unable to load any usable fontset check the lost+found directory of whatever filesystem it was that was corrupted, if there are lots of files there I bet they are the missing fonts, though probably with the name being their inode number :( I had some filesystem corruption on my old redhat box yesterday, parts of pam were moved to /lost+found and my /etc/rc.d/rc6.d was changed to a ordinary file and all its contents were orphaned to /lost+found. its a mess when this type of problem happens... its probably easier to just reinstall the affected packages. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
boot messages
recently after updating my potato system I started getting the following messages right after the root filesystem is checked: IRQ 0 in use IRQ 1 in use IRQ 2 in use IRQ 8 in use IRQ 13 in use IRQ 14 in use IRQ 15 in use it does not seem to hurt anything but it annoys me :) i have not figured out what script is printing these messages.. does anyone have any insight? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: swap partition size OK... Pointers to MINIMUM boot configuration info?
On 30/10/99 John Miskinis wrote: I am hoping that there are some sites out there that will explain how to create a minimum barebones system. I have created what I believe are the essential devices, and am using the simple /etc/inittab and /etc/rc from the howto. The system hangs after mounting the root system read only, giving no more clues. I do not know much about creating minimal systems... I am also confused about the boot.b and map files, and how they come into play, and how they are created. boot.b and the map files are part of lilo, boot.b is a static file that comes with the lilo distribution as are chain.b and os2_d.b and i think there is one more whose name escapes me, these are second stage loaders, the map file is created when you install lilo and contains the disk block addresses of the files lilo needs to access to bootstrap the machine, such as the kernel, it may also contain the address of a message file if any, and the second stage loader. basically the way I understand lilo it installs a MBR with just the block address of the map file and uses that to find the second stage loader and the second stage loader uses the map to load the kernel after displaying the lilo boot: prompt. chain.b would be loaded if you had a win* system you dual booted or something else, all it does is load another bootblock from wherever you tell it to. lilo also creates a backup of your MBR when you install it this is usually in /boot/boot. where is the major/minor number of the device it came from, ie /dev/hda is major 3 minor 0 so its backup is called boot.0300. #include the above is as far as i understand accurate but I may be either slightly or totally wrong feel free to correct any errors you find. hope this helps.. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Need a runlevel editor! (console ofcourse)
Look at the man page for update-rc.d: -f Force removal of symlinks even if /etc/init.d/name still exists. =20 This sounds exactly like what you need... yes I read the man page, yes I tried this, no it didn't work :| Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
inodes
I recently noticed that the defaults for mkfs.ext2 have changed somewhat recently (or maybe not somewhere after 2.2 kernel was finalized)... the main changes I am interested in are the default block size which was 1024 and is now 4096 and the number of inodes created which was 1 for every 4096 bytes, the new defaults appear to be 4096 block size and 1 inode per 8192 bytes, same ratio but you still end up with half as many inodes... having just run out of inodes on my 200MB root filesystem (only /home and /usr are farmed out on this system) and having had created that filesystem with the older ext2fs utils it has 1 inode per 4096 bytes ... (the filesystem has about 77000 inodes which figures about right, I don't see anything unusual I am not sure how i managed to run out of inodes...) what is the general opinion on the number of inodes that should be made on a filesystem? is there any disadvantage to creating much more inodes then default? (i would guess longer fsck times but that is less annoying then running out of inodes...) also what about the larger block size, I imagine this is faster but how much space is really wasted on average by the larger block size? fortunately I am in the process of replacing this box and the lack of inodes is not a huge problem at the moment (i found some files to delete so the system can function properly at least), but I want to avoid this in the future... does anyone know what the rationals were for changing these defaults? thanks Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: 6.4 gb hd
On 30/10/99 gisela ishihara wrote: hello everybody i have just installed a 6.4 gb hd and i can not boot the debian instalation i have read that only i need to make a small (10 mb) partition and to put the kernel image there? is that true? it depends on whether you have a broken BIOS that thinks disks are never larger then 1024 cylinders (~500MB) unless you bought your motherboard/computer VERY recently (this year maybe last) you do. this means you must have a partition that resides completely within the 1024 cylinder limit, you do not necessarily have to have a partition just for the kernel if you farm our your partitions you can have a 80 - 100MB root partition and be perfectly safe. how can i accomplish that? if you like to have monolithic partitions (big bloated things that hold the entire filesystem root and all) then you must go the 5 - 10MB /boot partition, otherwise make a partition for the following (at the very least: / /usr /home /var swap I like to make a /tmp partition too in order to protect / and allow it to be safely smaller with this configuration / can safely be 80 MB (probably smaller but I don't like to restrict myself too much in case of changes in linux that cause more space to be required. my current root partition is 90MB and is only 30% or 40% full iirc just make sure the / partition is the first one on your disk. another thing to watch for is something called LBA or LARGE disk modes in the BIOS, they are pretty gross kludges whose only purpose seems to be to fix (partially) the 1024 cylinder limit without fixing it (even new bioses that no longer have this problem have these modes which must be used for crappy^W MS win*) I personally think you should shut off these modes and use the real geometry there is less chance of problems that way (LBA and LARGE basically translate the disk geometry (cylinders, heads, sectors) into something fake so there appears to be less cylinders) you must [re]partition your disk after that mode has been set to NORMAL. these kludges do not entirely work for very large disks they will raise the bar past 512MB but usually not to the entire disk. thanks a lot Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Compiling kernel2.0.36 on potato?
On 30/10/99 The Dragon De Monsyne wrote: Hello, I just reacently upgraded a slink box at work to potato for warious reasons, and now I find I'm unable to recompile the kernel (ix86 box) (I get all sorts of errors about bad asm code. I'm gathering this is due to an incompatibility btwn the kernel and gcc? There was a url for a patch at suse.de suggested , but it didn't fix the problem) I can't use 2.2.x as I have binary-only drivers for hardware I need to use (MaxSpeed MaxStation multiconsole card) that don't work with 2.2 you will have to get gcc 2.7.2 ( i think 2.7 something) as 2.0 kernels will not compile with any iteration of egcs (including gcc 2.95 which is what potato has) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: debian installation woes
On 2/11/99 Mock Ko wrote: 1: w95 (1 gig) 2: extended (the rest of it) ^ 5: linux (1gig) 6: vfat storage partition (2 gigs) 7: vfat storage partition (the rest of it) 8: linux swap (150 megs) I've gotten it to install and reboot off the mbr now (I was using system commander before, but it can't seem to boot the linux partition). the above is probably your problem, I do not think its possible to boot from partitions inside a extended partition (its at the very least problematic). since you only have 2 primary partitions defined moving your linux one out of the extended one is a non issue. you also must make sure everything that is needed for bootstrap is inside the 1024th cylinder of your hard disk. (the kernel and such all in LILO docs) I think its better to farm out your partitions a bit, a /usr a /home and a /var let you have a small / partition that makes it easy to keep within the BIOS limits. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Problems with the man
On 4/11/99 Manuel Arenaz Silva wrote:
In my slink box there are some packages (for example a2ps) whose man
pages are available only for the root user. The other users can execute
the commands (a2ps) but can not read their man pages ("man a2ps" fails).
What is the problem? Should these man pages be available as their are
related to packages that where installed in the system during the
default installation?
sounds like the a2ps man page file permissions are wrong, they should
be world readable, if not chmod 444 should do the trick.
/usr/share/man/man?
Best Regards,
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
potato install and boot floppies
hello, I have to repartition my disk (completely) and have potato system there now, but would just like to install it directly this time since upgrading from slink did not go very well the first time. I downloaded the boot floppy and root disk and the base2_2.tgz files et al, I intend to install the base though nfs, however when I configured the network in dbootstrap it failed to initialize my NIC, ok so they did not include a driver for it, I so i recompile a new kernel with the appropriate options and install it on the floppy, everything seems to work, except now dbootstrap wants to have drivers-2.2.13.tgz and resc1440-2.2.13.bin instead of drivers.tgz and resc1440.bin (I did run the rdev.sh script btw) is this just because I used a 2.2.13 kernel instead of 2.2.12? I don't see why this would matter... would renaming the files be an acceptable solution? if I missed a piece of documentation somewhere please point me in that direction :) also will it work to restore my current /var/cache/apt/ with the one i have now to save downloading packages that are there now? thanks Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: glibc2.1
On 9/11/99 Bob Nielsen wrote: 1. Point /etc/apt/sources.list to "unstable" instead of "stable". This does not appear to work on the non-us.debian.org site, i still have to add the lines like so: ... non-us.debian.org/debian-non-US dists/unstable/non-US/main/binary-i386/ does anyone know what is broken? is it apt-get or is it the non-US site, it looks to me like the non-US site is in order... if i do not set the sources.list like above apt reports it cannot find anything there. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: glibc2.1
On 9/11/99 Bob Nielsen wrote: deb http://pandora.debian.org/debian-non-US unstable/non-US main contrib non-free thanks, this works perfectly. why is non-us.debian.org still broken? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Shouldn't debian be configured better by default ?
On 7/11/99 Sami Dalouche wrote:
While I was cleaning my home directory, I saw this program that I compiled.
After that, I launched it and... My X became frozen and then crashed
( I executed the program in an Xterm). I think it's because it used
all the memory available...
I don't want to try but what could happen if I'd have run it from a console
? Whould the system crash ?
I find it surprising that this program caused this much damage...
I once tried to crash my Redhat GNU/Linux system with 96MB of real
ram and 64MB swap partition, so I had netscape 4.6 go to a keyserver
and search for `michael' (which this server will return a couple
thousand results in one complicated html page that ends up being
about 15MB in size) well after a long time watching netscape bloat up
eventually all memory was consumed all swap all real, any attempt to
run the smallest of utilities resulted in seg faults...
$ ps
Segmentation fault
:)
all i had to do was (slowly) hit the close box on netscape and it
went away and all was well and i kept on adding to a 50+ day uptime
iirc.
I think there is a way (or more than one) to be sure a user doesn't crash
the system by using all the memory available.
I've heard a bit about the /etc/limits file but it seems that it's a per
login configuration, which has a lot of disadvantages. I'd like to know if
there is a way to impose GLOBAL/per user limits. If a such {program ;
configuration file } exist, I'd like to know why debian shouldn't be
configured to impose quotas by default. I think it's very disapointing to
let every user crash the system by default :-((
Have you a better idea to avoid this kind of program to crash the system ?
i suspect /etc/limits is obsolete under potato because it uses PAM
and there is a pam_limits module that i think takes this over (i have
not checked i could be wrong) I have played with pam_limits and it
can be made to do what you want, however I am not sure what
reasonable values are to set for the various things you can limit
with it...
another option is ulimit (bash) which does the same things as
pam_limits except its not protected, a user can un ulimit all they
want.
what I think would be a good thing is getting the right pam_limit
values that are very generous but just enough to keep a single user
from crippling the system (and preventing the operator from accessing
the root account or using kill ($ kill -- segmentation fault :-) )
i think something like ext2fs' default 5% reserved blocks for root to
prevent someone from completely filling a filesystem. somehow keep
5% of memory available for use by root to take care of an obnoxious
user (or user accident)
it would be nice to hear from people about what a reasonable limit
is for the various limits in pam_limits.
Best Regards,
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: mounting macintosh floppy?
On 10/11/99 T.V.Gnanasekaran wrote: how do i mount a mac format floppy? mount -t hfs /dev/fd0 /floppy this assumes you have compiled in support for hfs in your kernel or have it as a kernel module, if not you will have to recompile the kernel with hfs fs support. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
/etc/passwd in potato
I was looking through the /etc/passwd that was installed on my new potato install (direct not from slink) and I noticed alot of users that have their shell set to /bin/sh that should probably be set to /bin/false. for example i installed qmail on my old redhat system and all the qmail users were installed with the shell set to /bin/true (btw is there any advantage to using true instead of false or vise versa?) on my potato /etc/passwd they are all set to /bin/sh. in fact the only users that have the shell set to /bin/false rather then /bin/sh are postfix, telnetd, rwhod, identd, and ftp also note that i did not install qmail on this system, so why are qmail users present? there are several users installed here that have to do with packages i do not have installed... what is the deal here? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: /etc/passwd in potato
On 11/11/99 David Rocher wrote: it's because other packages aren't allowed to change /etc/passwd (provide by base-passwd) cf Debian Policy Manual. but you are free to remove then! you mean that packages are not permitted to add users to my system as part of their install process? that's sure fine with me, I rather disliked it when a RPM would go around adding accounts to my system without asking (especially when it does it wrong)... does base-passwd when upgraded compare the existing passwd file with the one it has and add missing users? this still does not answer my other question, why are these accounts installed with a valid shell? is this considered a bug in base-passwd? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: /etc/passwd in potato
On 11/11/99 Brad wrote: As a side note, be careful when changing users' shells to /bin/false--some packages depend on the shell being /bin/sh and you'll get minor breakage if you change them. yes I know which i why I wish that they were set properly in the first place (I know for sure that qmail's are supposed to be /bin/true or false) Ethan Benson OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A
fsck errors
hi, today i had a fsck run and for it looks like every socket type file fsck reported: set file type on entry `whatever' in /what/ever (inode) to 6 or something to that effect, I reran fsck again and it reported the same errors again, I even tared the /var/ filesystem (most of these files are postfix sockets) and did a mke2fs on that partition and restored the files. fsck still reports these errors. is there something really wrong or is this just a bug in fsck? system is potato e2fsprogs/libs 1.17-2 kernel 2.2.13 Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: getting source
On 13/11/99 b- wrote: how can i get access to the source for debian packages? specifically, i'm looking for the source for debian's "dump" package. i thought i send a note to debian before contacting the author, in case there is a standard way users can access the source code for the binary deb packages. try adding: deb-src ftp://ftp.us.debian.org/debian unstable main contrib non-free deb-src ftp://ftp.pandora.debian.org/debian-non-US unstable/non-US main contrib non-free to your /etc/apt/sources.list change unstable to stable if you are not using potato. then you can use apt-get source to download and unpack the source for any .deb into your current directory. (unless its a non opensource non-free package) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: /usr/src and file permissions
On 14/11/99 Kevin Heath wrote: Could someone please remind us exactly what setgid on directories does? I think it causes any file created in that directory to automatically have its group ownership, but I'm not certain. yup, any file/directory created in a setgid directory inherits the group of the parent, in other words it changes the behavior from SysV to BSD... though I have not found it in the policy i assume the permissions are this way to allow a user to be added to group src and then can compile and install sources without being root, a very good idea, just so you are not too promiscuous about who is a src member. does anyone know the exact rational for the root.staff 2775 permissions on /usr/local? I suppose it could theoretically be used to allow a privileged user to do make installs on non packaged software and have it work in /usr/local, but there are some problems i see with this, it really seems more reliable and perhaps safer (security wise) to just gain root privileges to do a make install. this way all the ownership is correct, of course most install scripts set permissions 755/644 which will force read only permission on the group staff anyway... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: getting source
On 14/11/99 b- wrote: this was very helpful. some notes for for non-US packages sources: - for non-US packages, ftp.pandora... doesn't seem to exist (doesn't resolve with dns). oops! thats supposed to be ftp://pandora.debian.org not ftp://ftp.pandora.debian.org i used non-us.debian.org or one of its mirrors, and it seems to work. I have had problems with apt not finding stuff on non-us.debian.org if its working for you now thats great. - stable direcotry does not have subdirectories main/contrib/non-free. apt-get source is very cool. 8-) apt-get is just cool period :-) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Strange file names
On 15/11/99 Phil Brutsche wrote: You're just being paranoid. I have all those files too, and my server has, most definitely, been cracked. ^^ so these files were not left by the cracker who cracked your system :-) Ethan Benson OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A
Re: Encounter with Satan
On 16/11/99 Oki DZ wrote: I have visited Satan's site. I think it is a useful tool for testing your systems' security. But when I visited www.debian.org, I didn't see any mention about it. There is a version for Linux, but all I can get is the tarball (after you have gotten used to apt-get, tarballs are supposedly something in the past). Isn't there any interest in "porting" Satan to Debian...? (Or, did I just miss something here?). debian has nmap packaged (and its been installed every one of the 12 reinstalls ive done :) ) which iirc does everything satan does only better. corrections welcome of course. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Latest Acct package broken?
On 16/11/99 Todd Suess wrote: I just did my nightly apt-get dist-upgrade, and it downloaded about 26 packages, one of which was acct 6.3.5-16. After downloading all the packages, apt went right into configuring packages. and it stopped. and sat. and sat. I let it sit about a half hour with no hard drive activity, before I killed it. I went to /var/cache/apt/archives and manually did dpkg -i * and installed all the packages. They all installed except acct, which did the exact same thing as with apt. I purged acct completely, and tried apt-get install acct. Same thing. I finally killed it again, and am currently running with accounting functions. Anyone else run into this? yup sure did, i tried to figure out what is going wrong but really did not find the problem, i suspect its something to do with debconf and/or perl. I can tell you its definitely getting stuck in the postinst script. I just manually performed the steps in the post install script and changed it to execute /bin/true :-) (i put the original one back after dpkg/apt were satisfied with the install) a quick look around and everything appears to be in order... probably not a good idea but i'm adventurous. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
ttys
hi what are the permissions on /dev/console supposed to be? what about /dev/tty0? also i am getting a sh: device /dev/tty not configured twice at at bootup and shutdown but I am not sure what script is doing it (or why), i appears right between ssh and openssl. thanks Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: UDP port 1025(Blackjack)
On 16/11/99 aphro wrote: During the process of closing non important ports on my new server i noticed it has port 1025(UDP) and the service is Blackjack according to nmap. Anyone know what this is? i dont see anything in the dpkg list for blackjack and its not on my machine at home, and its not on my main server. I have been having a bit of trouble getting rid of all these open ports too, I have a unknown port tcp 779 and unknown, and tcp 1024 open, and it seems that every few times i run nmap i see a few extra weird ones open but then are gone a minute later. also have udp 777 unknown, udp 800 mdbs_daemon and, udp 1024 unknown, and that 1025 blackjack too. I have gone though the rcS.d and rc2.d and just cannot seem to identify these. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: UDP port 1025(Blackjack)
On 17/11/99 Brian May wrote: Try fuser, in the psmisc package. I get: # fuser -n tcp -v 1024 USERPID ACCESS COMMAND 1024/tcp root189 f wdm root 1917 f wdm root 1924 f xconsole still, I am not sure why wdm or xconsole would be listening on port 1024. I am also confused as to how three programs can be listening on the one port: actually i get no output for port 1024, 779 tcp is rpc.statd for nfs.. [554] [dewey:bam] ~ >netstat --tcp -a | grep 1024 tcp0 0 *:1024 *:* LISTEN This is a slink computer. i get that output too, but 1025 is owned by named. i just did another scan and 1399 tcp cadkey-licman was open but now its gone again... I do not have X or xdm/wdm running at the moment. I still cannot figure out what this udp 800 mdbs_daemon is... Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: single-user
On 17/11/99 Noella Pierlet wrote: Maybe a stupid question, but how do I boot my debian-linux (slink) in single-user-mode? if its x86 and you use lilo just type linux single at the lilo prompt (unless you call the default image something else) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
how to start an obnoxious daemon at boot?
hi, I have a BestPower UPS (it is a `smart' one) and I am trying to start the monitoring daemon with a /etc/init.d/ script like everything else (using the init.d/skeleton for a template), however i have a problem: this daemon does not create .pid files, and it forks several times when its first starting up so start-stop-daemon --make-pidfile gets the pid of a process that is killed as soon as the daemon is finished connecting to the UPS, so the `stop' part of the script won't work :( and if that is not enough this daemon always leaves a zombie process after it starts up, so trying to fix the .pid with pidof does not work either since it finds 2 pids... I have been trying various scripting tricks to replace start-stop-daemon creating an empty file in /var/run so i can tell when its running or not, the other problem I have is the way this daemon forks and exits it seems to cause my script to aport prematurely. BestPower supplies the full source code to their software (and gives full specification on the comm protocol to anyone who asks), but I am not skilled enough of a programmer to fix these problems (that and the code is kinda gross...) does anyone have any suggestions for how to do this? does there happen to be a replacement software for these UPSs (that works in smart mode) ? Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: [ftp] ftpadmin user, private directories, incoming and not much more. . .
On 18/11/99 Neil D. Roberts wrote: This is my first mail here, so hi to all. . .I have a little problem, lack of knowledge is what I call it. Anyway, I have a public ftp server, and I need to create a special account for ftp administering (ftpadmin). This account can only be to accessed via ftp, to put files and take files off. The user can not acces via anything else, only ftp access. if your using potato this is easy to setup with pam, I add: auth required pam_listfile.so item=user sense=deny file=/etc/deny.shell onerr=succeed to all interactive shell services and any other service i do not want such a user to access. this way he is allowed into FTP but all other access attempts fail. if you do not use potato probably the best bet is using falselogin add it to /etc/shells and make it the login shell for that user, he will still be able to login to things like telnet and ssh, but instead of getting a shell he just gets a message saying go away and is logged out. (I actually do both for good measure) the other thing you could do that you may prefer is add /usr/bin/passwd to /etc/shells and set his login shell to that, then he can ssh (or *bleak* telnet) in and he immediately gets a prompt to change his passwd as soon as he does the connection is closed. you probably want him to change his passwd very often anyway since ftp has this annoying tendency to send passwords flying across the network in clear. I also need to find out how to create the incoming directory in such a manner that users can place files there, but not delete. I also want to create a directory called private, where only a ftpadmin can access it to modify and place things. Do I ask for much ? I 'm not sure, but I sure am stuck. . . .Thanks in advance for the help !!! just add the sticky bit to the incoming directory chmod +t incoming should do it, this will let him only delete files that he owns (just like /tmp) if you want to allow him to upload but not see what is in the directory then make the permissions he falls under (either group or world) mode 3 (write and execute only) if you use wu-ftpd (probably not a good idea unfortunately since its so good at giving out root accounts) you get quite a bit more control over what who and do what on incoming directories such as forbidding the upload of directories (common way ftpd root exploits must be performed) and configuring so that files uploaded have the owners and permissions changed so the uploader no longer has access. and other such niceties. if you use the plain ftpd with debian add your user to the /etc/ftpchroot file. create a bin, etc and lib directories in his home directory copy /bin/ls to ~ftpadmin/bin/ then chmod -R 111 ~ftpadmin/bin/ copy /lib/ld-linux.so.2 (may be different number of your system) to ~ftpadmin/lib/ and chmod 555 ~ftpadmin/lib/ld-linux.so.2 copy /lib/libc.so.6, /lib/libnss_files-X-X-X.so to there as well (where X.X.X is the version number on your system), chmod 444 them cd ~ftpadmin/lib ; ln -s libnss_files-X.X.X.so libnss_files.so.1 and ln -s libnss_files-X.X.X.so libnss_files.so.2. chmod 111 ~ftpadmin/lib now create a group file in ~ftpadmin/etc in the format root:*:0: just like the real /etc/group except do not show the members, this file is only used by ls to show real group names instead of gids, so only add groups to this file that you want to show up as a real name (you could make a fake name if you wanted too.) do the same for ~ftpadmin/etc/passwd make sure there are no real passwords in that file, it should look like: root:*:0:0::: only add users to this file that you want to show up properly in the listings, its probably best to only add a couple rather then your entire system's /etc/passwd so you do not give away all the account names on your system. you do not have to use the same names as the real accounts, just the same ids, and any name you want, this file is only used by ls nothing else. do not add the gecos feild or home directorys to this file as it gives to much information about your system away. after you do that chmod 444 ~ftpadmin/etc/* and chmod 111 ~ftpadmin/etc mkdir ~ftpadmin/pub and do a chmod 555 ~ftpadmin and add the incoming directory. that should do it, if you use wu-ftpd and want to take advantage of some of its guest user features read the ftpaccess man page as its pretty good, but well test it as its a little buggy in its config parsing... (and i cannot recommend wu-ftpd or proftpd anymore as they have just too many security problems) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Bash can't find, PS1 and HISTSIZE
On 18/11/99 ktb wrote: case $TERM in xterm*) PS1 ="\[\033]0;[EMAIL PROTECTED]: \w\007\]\w\$ " ;; *) PS1 ="\w\$ " ;; esac HISTSIZE =1000 _ I get the following error when I open an xterm, bash: PS1: command not found bash: HISTSIZE: command not found bash-2.01$ I don't understand this. Both commands worked in my last Slink system. I checked the list archives and didn't find anything. Anyone know how to fix this? yes try deleting the spaces after PS1 and HISTSIZE. try this: case $TERM in xterm*) export PS1="\[\033]0;[EMAIL PROTECTED]: \w\007\]\w\$ " ;; *) export PS1="\w\$ " ;; esac export HISTSIZE=1000 _ you should be able to export them all at once by adding a line: export PS1 HISTSIZE to the bottom of the .bashrc instead of exporting each one individually, but it really does not matter which way you export them just so you do. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: quota.group / quota.user
On 18/11/99 aphro wrote: since the chroot stuff didnt work out, and the author of the tip never replied to my request for help i can take the nodev option out, but would like to keep the nosuid option. BUT i can take it off too, its not a huge deal. just wanted to know if/why those files appeared to need to be suid. I was tinkering with quotas on my own box (just for fun :) ) a while ago, my /home is mounted nosuid,nodev as well and quotas worked fine, the quota.user,quota.group are just data files they do not need to be suid (and are not) i think you have a unrelated problem here. i was using 2.2.12 (or maybe 11) but its a redhat system have not tried quotas on debian yet. (i really have no use for them other then for my own amusement) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: WDM troubles
On 19/11/99 Christian Dysthe wrote: I am trying to make WDM work on my Debian (potato) box. After having installed it I am not longer able to log in even though I know I type in the correct passwords. WDM "shakes it's head" as if the passwords are wrong. They aren't. It doesn't matter which account I am trying to log into. Same result. you might want to check that /etc/pam.d/wdm exists and is in proper order, i have found a couple packages forgetting to include a pam file which will often lead to authentication with them failling. (not always unless you change pam.d/other to deny access (which the developers should do so they notice when they have a pam bug...)) I am using wdm and it works fine. (except for not loading the environment) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: eth0: promiscuous
On 20/11/99 Alberto Maurizi wrote: What does "eth0: Setting promiscuous mode" mean? And where to find information about? it means your NIC will not only perform at less then 1/10th the speed it used to. turn it off. and what everyone else has already said its for snooping on networks. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Netatalk works/doesn't work
On 20/11/99 Alisdair McDiarmid wrote: Starting Appletalk Daemons (this will take a while):socket: Invalid argument socket: Invalid argument atalkd: can't get interfaces, exiting. atalkd afpd papd. This causes the Mac on the network to fail to see the server in Chooser (typing the IP address works okay). Bizarrely, the 486 ^ doesn't have this problem, boots up cleanly and is seen in Chooser. What could be causing this problem? I don't even understand the error message, nevermind how to fix it. sounds like AppleTalk is not compiled in your kernel (or the module is not being loaded) Mac Chooser will only see a server automatically if the server is using appletalk, so you can either reconfigure netatalk to not use appletalk at all getting rid of the error, or you can make sure Appletalk is either compiled into your kernel or being loaded as a module before netatalk loads. personally I would ditch appletalk and make the server TCP/IP only, but if you have stubborn mac users who won't type a IP address then this may not be an option.. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: user edit
On 20/11/99 GECOS wrote: I know how to add and selete users but how do you edit an existing user? usermod see man usermod for details. (at least on potato i would guess slink too) also chsh for changing a users shell and chfn for changing gecos information (full name phone number etc) Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: xconsole problem
On 20/11/99 Brian Servis wrote: I fixed it by adding my user to the adm group. I don't know the reasononing behind having xconsole as group adm though. It is the only device in /dev with that group ownership. Remember that passwords and other private info can be put on the logs so don't make it world readable. normally xconsole is run as root so everyone can see what goes into /dev/xconsole anyway. I shut this off because I think its a bad idea. /etc/X11/xdm/xdm.options comment out the line `run-xconsole' same way for wdm just subsitute xdm for wdm. I do think that letting users see certain messages is a good thing, such as kernel messages about media errors on a device, say the CDROM, but what is being tossed into /dev/xconsole for everyone to see though the root owned xconsole process (very bad! don't run stuff like that as root!) is way too much. IMParanoidO anyway. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: /etc/syslog/conf
On 21/11/99 ktb wrote: I saw this nifty little command at Linux.com and I thought I would give it a try. It reroutes log information to tty12. The command was, echo '*.* /dev/tty12' >/etc/syslog.conf The file now looks like this, ~$ cat /etc/syslog.conf *.* /dev/tty12 the command was probably supposed to be echo '*.* /dev/tty12' >> /etc/syslog.conf notice the 2 >> that means append, just one > means overwrite. I didn't realize that it would become "permanent" and wipe out my xconsole info. At any rate I was wondering if someone could send me their default Slink /etc/syslog.conf file? I read through the various man pages but there didn't seem to be a default that I could see. I looked in dselect for a syslog package but couldn't find one. I was thinking I could delete and reinstall on my system to get it back to the way it was. If that is a good option which package is this in? I see from the archives there are many setups which is interesting and I'd like to play with it later but right now I just want things back the way they were. Also is there a way to start the syslog running after changes without rebooting? just reinstall the syslogd package (or is it sysklogd) that should give you the option of overwriting your config file with the packaged one, as far as rebooting you don't need to just do /etc/init.d/syslogd restart (or is it sysklogd...) if reinstalling the package won't touch your config file you could extract the .deb manually and grab the file yourself i suppose. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Netatalk is trashing the network
On 22/11/99 Nico De Ranter wrote: I know Appletalk is a very crapy protocol when it comes to broadcasting but this is realy to much. Even our (few) Macintoshes do not send that many broadcasts. Is there any way to turn this off? It's realy messing up my network. I believe you can reconfigure netatalk to not use appletalk, one way to force it for sure is to remove appletalk from your kernel and disable the appletalk module. then just have your mac users connect via TCP/IP (which netatalk supports as well) as long as they use the appleshare 3.8* extension TCP/IP is not a problem for them. Best Regards, Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
world writable libguile
hi, I mentioned this on the devel list and i think they already figured out what was wrong and presumably fixed it. but i had just discovered that /usr/lib/libguile.so.6.0.0 was mode 777 (world writable) for those not on devel it might not be a bad idea to do a quick check on your system's libguile (if you have this package installed) cheers, Ethan
Re: apt-get is holding back messages
On 25/11/99 Mark Wagnon wrote: I recently upgraded to potato, and just noticed thant I'm still using the .95 version of mutt (potato has the 1.0 v.). I did and apt-get update/upgrade and a bunch of packages are being held back. Is there a way to get them to install via apt-get? did you try apt-get dist-upgrade? or just apt-get upgrade? apt-get upgrade never removes packages currently installed, so if a new/updated package depends on something that conflicts with a package currently installed, then that package will not be installed. if my explanation sucks try the man page on apt-get :-) Ethan
Re: Login and Password
On 25/11/99 Woodrow Lovett wrote: >Last year I loaded Debians on my box, but because of problems connecting >to the internet to complete the installation and the upcoming planting >season it has just been sitting there used. I returned to complete the >installation,but I can not get into the system. It will not accept the >login and password. They could be incorrect. Is there any way to get into >the system to change the Login and password. this box is in my home, >and there is a single user. > I assume you use i386 and LILO.. reboot and type linux single at the LILO boot: prompt (it only stays for 2 or 3 seconds so you have to be quick, hold down shift if you have problems getting it to appear) that will probably get you a prompt saying enter root password for maintenance, if it still rejects your root password there then reboot again and enter linux init=/bin/sh that will certainly drop you into a root shell with no passwords required, then: # mount -o remount,rw / # mount -o ro /usr # passwd root and enter a new root password, then (important!): # sync # sync # sync # umount /usr # mount -o remount,ro / # sync and try to run /sbin/reboot which may not work (we have no init running) if not and you are sure you umounted the filesystems (run sync a few more times for good measure) you can hit control alt delete the next reboot should let you login as root using the passwd you supplied alternatively (and perhaps safer) use vi to remove the password from /etc/passwd (or /etc/shadow if you enabled shadow passwds) so you have root::0:0 instead of trying to run the passwd command. if you do this skip the steps about mounting /usr Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: killing a process
I've a little problem: a process (some diff) that just won't die. I've tried=20 kill -s SIG with SIG =3D 2,3,6,9,14 and 15 but it is still there. is it a zombie process? (will show up as zombie, Z, or ) if so you need to kill its parent so init can inherit and destroy the zombie. zombies are the only ones I have seen that will not die with a kill -9. This process accesses /mnt/md5/ and I cannot remount it ro. (I thought I should always be allowed to rmount,ro something??) i think if there is a file open with write access enabled or such you cannot remount a filesystem read only, till that file is closed. at least that is what I read on the BSD docs on BSD there is a force option that will force write access to be revoked but its not recommended, and I am not sure what if any linux counterpart there is. Any ideas how I can get rid of this process? see above, one way without a reboot (but not by much) is go to single user mode and come back, that kills pretty much all processes. Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: need help with potato
On 25/11/99 richard newton wrote:
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
but I've had to comment out the two "route add -net" lines because they
were giving errors at boot time.
What's changed here. Is that going to be a problem?
apparently kernel 2.2.* does not need the routes defined manually
anymore. and if you do define route manually then route has to be
called with an extra argument i cannot remember at the moment.
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: Windows moving active partition mark
On 28/11/99 Micha Feigin wrote: I am tring to run linux and windows 98 together on the same drive using lilo. I installed lilo on a partition containing the kernel. I then set the active partition mark to that partition. As long as windows isn't started then this setup works greate (the lilo boot prompt comes up and I can chose betwin linux and windows). The problem is that when ever windows starts it moves the active partition mark back to its partition. Is there a way to stop this behaviour? just install lilo on the MBR then the active partition flag becomes irrelevant, lilo gets control immediately. boot=/dev/hda ## change to your hard disk device map=/boot/map install=/boot/boot.b vga=normal prompt timeout=40 ## 4 seconds till auto boot of default image default=linux image=/vmlinuz label=linux read-only root=/dev/hda1 ## change to your real root partition image=/vmlinuz.old label=linux.old read-only root=/dev/hda1 other=/dev/hda4 ## change to the partition holding win98 label=win table=/dev/hda ## change to the same value as boot= rerun lilo and lilo will now be loaded by the BIOS immediately. LILO does not care about active partitions and will follow the lilo.conf file whatever image you pick (linux, linux.old, win) it will load. the only time you will have problem is if you reinstall win98 in which case it will overwrite the MBR without asking and you will have to use your boot floppy (which you already made right? :) ) to boot linux and reinstall lilo. AFAIK win98 does not do anything stupid like reinstalling the MBR every time it boots... Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: who broken?
On 28/11/99 Dave Wiard wrote: After upgrading to potato, it appears as though who may be broken: [EMAIL PROTECTED]/home/dave] who --count # users=0 Any idea why this might have happened or how I can fix it? works for me TM perhaps your utmp file is corrupt? Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: bad alternatives symlinks after potato upgrade
On 28/11/99 Dan Christensen wrote: I just upgraded my mostly stock slink machine to potato with "apt-get update; apt-get dist-upgrade". Now I have both /usr/man and /usr/share/man on my system, and neither is a symlink to the other. A quick glance showed no files in common between the two directories, and they both contain around 7.5M. "man foo" works for foo's in either directory. But the alternatives system is messed up, with symlinks pointing to the wrong place. you getting caught in the transition to FHS (Filesystem Hierarchy Standard) that defines that /usr/doc be moved to /usr/share/doc and /usr/man be moved to /usr/share/man it sounds like you found a package or two with bugs not handling this transition properly, file a bug report. An example is /etc/alternatives/editor.1.gz, which points to /usr/man/man1/elvis.1.gz, which does not exist. However, /usr/share/man/man1/elvis.1.gz does exist. What happened? Would manually changing all the bad symlinks in /etc/alternatives to point to the right place be the correct fix? Is there an automatic way to do this? I am not aware of a automatic way to fix this but i could be wrong (I have not totally figured out this alternatives thing) it sounds like a bug in the package not fixing these symlinks. Thanks for any suggestions. Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: file permisions in /etc
On 29/11/99 aphro wrote: id suggest making the compiler(s) runable only by root(same for the libraries the compilers use) i suppose, but that takes the fun out of the system :-) make users home dirs on another partition mounted with at least the noexec option and make sure there is no directories writable by users(like /tmp) on a partition that is not mounted with such options. unfortunately this is easier said then done, the /var filesystem cannot be made noexec without problems and its littered with world writable directories. if you remove tetex you get rid of about half a dozen, but that still leaves /var/tmp and /var/lock (why is /var/lock world writable on debian but not redhat??) i can make a partition for /var/tmp but not /var/lock! also note that if you mount /var/tmp noexec root will have to remount it exec to install any .deb packages. i personally just settle for nosuid on /var/tmp, /tmp /home, /var (/var sometimes has suids though check first) Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: file permisions in /etc
On 30/11/99 Quietman wrote: I don't think that is likely to work since bit one is the execute bit and most config files don't need to be executed, just read by the program that needs them. he does not mean the files in /etc, he suggested leaving the file's permissions alone and changing the /etc DIRECTORY permissions to 711, that would allow access to the contents of /etc (given permission to individual file's permission) but not allow a general listing of the /etc directory. in other words you can access anything just as you can now, the only difference is you would need to know its exact filename and that it exists to access it, you would be unable to get that information from a ls -l on /etc. but this is really no added security since most files in /etc are 1) not security critical, and if they are they are protected anyway and 2) most files in /etc are in every linux systems /etc so getting filenames is trivial. Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: How to Pre-Invoke {"mount -o remount,rw /usr";}; with /etc/apt/apt.conf?
On 30/11/99 Shaul Karl wrote:
I tried to change the Pre-Invoke and Post-Invoke lines of /etc/apt/apt.conf so
that it would pre mount and post mount my /usr which is normally mounted ro,
but failed.
How should I do it correctly?
it looks like you copied the example conf from /usr/share/doc you
should not use that as it is an example and not really suited for
real use.
i have:
DPkg
{
// Auto re-mounting of readonly /usr
Pre-Invoke {"mount -o remount,rw /usr";};
Post-Invoke {"mount -o remount,ro /usr";};
}
which always works for mounting rw but does not always work for
remounting ro because after install/upgrades for some reason mount
thinks /usr is busy and refuses to remount it read only. very
irritating especially since i have not found any files opened with
write permission with fuser...
dropping down to single user mode and coming back lets it remount
though, but this is less then convenient... at least it does not ruin
uptimes :-)
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: security and guest accounts
On 30/11/99 Martin Dickopp wrote: Read the section "Restricted Shell" in the bash documentation; this might be what you're looking for. In restricted mode, you can control what commands bash can execute, so you could limit them to telnet and ssh. I tried this out once, it was interesting, but all i had to do was type `bash' and get a real unrestricted shell. maybe i missed something :-) Ethan
Re: How to Pre-Invoke {"mount -o remount,rw /usr";}; with /etc/apt/apt.conf?
On 30/11/99 Shaul Karl wrote:
Your lines are exactly as mine, aren't they? However I do not think
that I have a problem similar to yours because remounting manually
before and after apt-get runs is working.
Maybe some other setting in /etc/apt/apt.conf changes the behavior
of these lines. Can you email me your /etc/apt/apt.conf?
well yes the lines doing that are the same, however my apt.conf is
very light yours is very complex so I thought perhaps all that
complexity was messing things up.
[EMAIL PROTECTED] eb]$ cat /etc/apt/apt.conf
DPkg
{
// Auto re-mounting of readonly /usr
Pre-Invoke {"mount -o remount,rw /usr";};
Post-Invoke {"mount -o remount,ro /usr";};
// Pre-configure all packages before they are installed.
Pre-Install-Pkgs {"dpkg-preconfig --apt";};
}
as for my busy /usr yes, that has nothing to do with apt as trying to
remount it readonly manually also fails, its probably some
braindamaged program being started/restarted leaving a file open with
write permission. (the xfs's tend to trigger this)
Ethan
Re: Stuffit (was Unidentified subject!)
On 30/11/99 Alberto Maurizi wrote: Does anybody know how to "unstuff" MacIntosh archives under Linux? (i.e., a replacement for StuffIt Expander). no such thing, stuffit is a very proprietary file format and aladdin has refused numerous requests for specs on it so that a decompressor could be made (for Rhapsody/MacOSX/OpenStep) if its stuffit 4 format I would suggest asking the MindVision people (made MindExpander which handles stuffit 4 but not 5 archives) to release their code/information to the public so other expanders can be made, as far as I can tell they reverse engineered the file format and made an expander (if they had a licence there would be aladdin spam all over the software and it would support version 5 i would think) I have asked them several times if they would consider open sourcing thier expander but have not received anything more then form responses. if you want a compatible format I suggest you use a combination of macbinary and gzip (macbinary can be decoded from linux using utilities from netatalk i think, assuming they work heh heh) there are many free macbinary encoding utilities, or if you don't need all the macos specific metadata just use tar.gz just a sidenote I did find some very old code for some un*x that supported creating and extracting of stuffit 1.5.1 archives but my testing showed that it did a better job of creating corrupted archives and extracting corrupted files. and i doubt this would be of much use since i have not seen a stuffit 1.5.1 archive in years. sorry for the rantish post this topic is a bit of a thorn for me :| Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: PLEASE: standard package README file/orientation
On Sun, Aug 20, 2000 at 05:33:05PM +0530, bish wrote: > If there is anything called "users-requests" this certainly should be > placed there for the kind Debian developers to take notice. Surely, the best way to make a feature request is probably to file a *wishlist* bug against package `general' explain in a calm and reasonable way what the request or problem is. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp8ibXOEujJh.pgp Description: PGP signature
Re: Where does Debian usually install stuff?
On Sun, Aug 20, 2000 at 02:17:16PM +0200, Florian Friesdorf wrote: > > Sorry typing error, I meant /boot 10MB. ah i thought it had to be something like that.. > I think you are right. It's just, I'm used to seperate /boot from /, so I can > move around root, if neccessary. > But with the lba32 lilo-option, this isn't necessary anyway. quite right, assuming you have a reasonably modern bios anyway. > --> /70MB > > > I had in mind, using the /var partition also for temporary files, because it > is nearly as often frequented as /tmp. > Having a seperate partition for /tmp and linking /var/tmp is definitely the > better way, if you don't have to care about disc space. on workstations with large disks i tend to create a 30 or 40 MB /tmp and a 100 - 300MB /var/tmp, this way /tmp is cleaned automatically and is where the majority of small cruft files get placed, but /var/tmp can be used for semi long term storage of temporary junk. but on the other hand with a large /home /var/tmp is almost silly since users can and probably should use ~/tmp instead. (i have just found a large /var/tmp helpful in cases where /home is NFS mounted and i want to compile something, then to find the clocks on the two machines are slightly out of sync which pisses off make...) the /var/tmp partition would be more helpful security wise if /var was not so full of world writable directories... (/var/lock, /var/spool/texmf/*) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpDZlLWYzAFR.pgp Description: PGP signature
Re: why so hard to decline recommend packages dselect/apt
On Mon, Aug 21, 2000 at 02:12:17AM +0200, Florian Friesdorf wrote: > > There are programs, like mutt, that depend on a smtp-mailer-daemon. > You installed exim to satisfy this dependency. Now if you prefer using qmail > instead of exim, just install qmail, and afaik exim will be automatically > removed. > At least this worked for me the other way round using apt-get. > > qmail was installed. > apt-get install exim // removed qmail and installed exim yes that is how it works right now, all MTAs conflict with each other, however there is talk on debian-devel about changing this so you can multiple MTAs installed at the same time.. personally i think this is insane but... -- Ethan Benson http://www.alaska.net/~erbenson/ pgpjaP3oChhOL.pgp Description: PGP signature
Re: Recommended File and User sharing between Debian systems?
7;t use any distributed authentication system at the moment. > Can anyone point me in the right direction? i would say what your looking for is NFS for file sharing, just read up on it and do what you can to maintain security. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpjJmadgnz9V.pgp Description: PGP signature
Re: changing partitions around
On Sun, Aug 20, 2000 at 09:05:04PM -0500, ktb wrote: > I've just installed potato base via internet and am trying to download > the rest of the packages I want. I made my /var partition too small in > retrospect. I made a /usr/local partition that I don't need so large. > /var is on /dev/hda17 > /usr/local is on /dev/hda14 > > How can I make /var be /dev/hda14 and > /usr/local be /dev/hda17? well assuming you don't need anything in /usr/local right now just rm -rf /usr/local/* and then run: (cd /var; tar -cvpf - .) | (cd /usr/local; tar -xvpf -) then change /etc/fstab. you should probably create a tarball of /usr/local/* so you can restore it when you change over, once your sure it worked remove all the /var files from the new /usr/local. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpRIO2DHDZ1h.pgp Description: PGP signature
Re: Recommended File and User sharing between Debian systems?
On Mon, Aug 21, 2000 at 04:02:19AM +0200, Florian Friesdorf wrote: > > I'm also using mutt with nfs mounted home and the mailbox option. > It works fine with the following mount options: > rsize=8192,wsize=8192,retry=1,hard,intr,actimeo=3,bg,retrans=1 > > I think the actimeo=3 is the one solving your problem. With default > settings nfs caches file/dir information up to 60 seconds. (--> man > nfs) thanks for the tip, unfortunatly it does not work for me, mutt still runs around chasing its tail... also when i run mutt on the server it still sees new mail in the empty mailboxes till i change to them at least once, then it no longer sees phantom new mail. its as if some sort of update never occurs over NFS.. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp5BfvQo7zVb.pgp Description: PGP signature
Re: netscape crashes
On Sun, Aug 20, 2000 at 08:37:04PM -0600, Rick Macdonald wrote: > > > > [EMAIL PROTECTED]:~$ netscape & > > [1] 30802 > > [EMAIL PROTECTED]:~$ ls: /usr/lib/netscape/473/wrapper.d: No such file or > > directory > > ls: /usr/lib/netscape/473/communicator/wrapper.d: No such file or directory > > [EMAIL PROTECTED]:~$ > > > > it still starts up and runs, but I thought it might have something to do > > with my problem. Anyone recognize this or have suggestions? > > I get the warnis as well. mkdir /usr/lib/netscape/473/wrapper.d mkdir /usr/lib/netscape/473/communicator/wrapper.d to eliminate those. its a minor bug in the wrapper script or a bug in the package depending on which way you look at it. its harmless though. > I noticed Netscape got worse lately too. I loaded mozilla. It doesn't > crash on the javascript pages that crash netscape but it's a bit slow. if it were not for that XUL crap, and the lack of a working ./configure --prefix=/usr/local and make install function mozilla would be perfect. the part that is slow is the interface which can be squarly blamed on that XUL crud. /me wishes galeon would compile properly. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpLDP0Z77moD.pgp Description: PGP signature
Re: Fortify and Netscape Navigator
On Sun, Aug 20, 2000 at 08:14:20PM -0700, Mark Wagnon wrote: > Hi all, > > I'm running fortify 1.4.6-2 and netscape 4.73 that are part of potato, > but I can't seem to get the two to dance. I figure that the netscape > binary is navigator-smotif-473, but fortify doesn't recognize it. Am I > attempting to patch the correct binary? I had to follow symlinks all > over to pin this one down. > > Anybody have fortify working on a debianized netscape? Care to share > what you did? > its not the debian packages that are at fault, its fortify, fortify does not and will not support netscape past 4.72. you have to do one of 3 things to get 128 netscape: download the netscape tarball from netscape.com and extract the appropriate binary out and mv it to /usr/lib/netscape/473/communicator/communicator-smotif.real. download the netscape tarball from netscape.com and install it in /usr/local follow the instructions posted by Brad earlier to build your own .debs. (this involves more downloading then either of the above solutions) netscape has been orphaned by the original debian developer (too small of a /dev/null i think was one of the reasons he mentioned..) and just now adopted by another. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpzZsPAkGIBp.pgp Description: PGP signature
Re: Fortify and Netscape Navigator
On Sun, Aug 20, 2000 at 10:42:19PM -0700, Mark Wagnon wrote: > > Thanks. I went to Netscape's web site and my browser was identified as: > > Netscape Navigator 4.73 > English language, [en] (X11; I; Linux 2.2.17 i686; Nav, Strong 128-Bit > Encryption > > Here it is supposedly 128-bit already. I used to use the fortify no netscape is lying to you. the export version does have 128 bit encryption but it will only be used for `select' sites, ie ones approved by the NSA or somesuch thing. > homepage's SSL check to determine my various browsers' encryption > levels. When I checked my 4.73 deb, it was reported to be 40-bit only. thats because it is effectivly 40bit only, the export version refuses to use strong crypto in almost every circumstance. > Maybe fortify's ability to check the encryption level of 4.73 is a bit > off since you mentioned that fortify doesn't support netscape versions > beyond 4.72? no fortify is correct, netscape is lying. > An idea where I might determine my browser's true encryption level? http://www.fortify.net/sslcheck.html which says my netscape supports RC4, 128 bit key. because i downloaded the strong crypto version and replaced the debian binary with it. > I'd hate to go through the hassle of getting fortify to work if I've > already got a strong crypto browser. you don't have a strong crypto browser. > Thanks! no problem. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpmg1YUMH4AS.pgp Description: PGP signature
Re: Fortify and Netscape Navigator
On Mon, Aug 21, 2000 at 05:19:08PM -0700, Mark Wagnon wrote: > On 08/20/00 19:13:32 -0800, Ethan Benson wrote: > > its not the debian packages that are at fault, its fortify, fortify > > does not and will not support netscape past 4.72. you have to do one > > of 3 things to get 128 netscape: > > > > download the netscape tarball from netscape.com and extract the > > appropriate binary out and mv it to > > /usr/lib/netscape/473/communicator/communicator-smotif.real. > > Thanks for the help. I went with the above option. I stepped up to 4.75 > though. I simply copied the netscape binary to the location of the > navigator-smotif.real binary and after backing it up renamed it. It > works nicely and now I have a 128-bit browser! I never would have > thought of that. I just have to remember to check it after doing an > upgrade every now and then. be aware that you are probably still vulnerable to at least the java security hole in 4.74 and previous since the java files were not updated (and i think that is where the bug lies) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpoyz0sgFR83.pgp Description: PGP signature
Re: Fortify and Netscape Navigator
On Mon, Aug 21, 2000 at 06:19:03PM -0700, Mark Wagnon wrote: > On 08/21/00 16:48:51 -0800, Ethan Benson wrote: > > be aware that you are probably still vulnerable to at least the java > > security hole in 4.74 and previous since the java files were not > > updated (and i think that is where the bug lies) > > > hmm. Okay. There was a java symlink in the directory where the binary > was located. I recreated it, this time pointing it to the jave > directory for the 4.75 version. You wouldn't happen to know where one > might test for this vulnerability or find info on it? I suppose > netscape's web site might be a good starting place? i think there is a CERT advisory which are usually pretty detailed and useful. otherwise search on bugtraq/securityfocus.com -- Ethan Benson http://www.alaska.net/~erbenson/ pgpGdhRssKhl6.pgp Description: PGP signature
Re: Minor problem with dosfsck
On Tue, Aug 22, 2000 at 06:38:17AM +, Tim Jump wrote: > I've got a minor problem since upgrading to Potato that I've > been banging my head against the wall trying to fix to no avail. > Hopefully someone here can help (they usually can!). > > Ever since the upgrade, I've been getting an error telling me there > are differences between the boot sector & the backup, showing me a bunch > of numbers, then saying "Not automatically fixing this" before giving me > about a 10-15 second delay in the boot process. I've tracked this down > to dosfsck but I can't figure out a way to either disable this or to > make a good backup. I suspect this is caused by my using Partition > Magic's "Boot Magic" program to dual-boot between Linux and that unnamed > force for OS evil, but I can't figure a way to stop it from happening. i would suggest not fscking DOS filesystems at boot, look in your /etc/fstab and find the line(s) for your dos partitions and make sure they end with: 0 0 as in: /dev/hda11 /local msdosdefaults,noexec 0 0 0 2 or 0 1 would cause it to be fscked at boot by fsck.msdos aka dosfsck. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpi0Un1t9aUG.pgp Description: PGP signature
Re: Utility for multiple floppies
On Tue, Aug 22, 2000 at 04:08:26PM -0700, kmself@ix.netcom.com wrote: > (List added to distribution -- I assume it was dropped inadvertantly) > > In general I try to avoid these problems by: > > o Not using MS Windows. by far the best option ;-) > o Using networked file transfer (shared drive, scp, ftp, email). > o Using shared-drive transfer between multiple boot OSs (however, see > first comment). > > I suggested you install a set of common GNU utilities in all your > environments and use them. This will give you a set of uniform tools > which should treat your data and multi-disk sets consistantly. > Otherwise, I really can't help you. are gnu tar, gzip and friends available for windows wastelands^Wenvironments? BTW your Mail-Follow-Up header is broken, mutt ends up trying to send mail to user `karston' which does not exist on my system obviously. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp0sWbYcH68t.pgp Description: PGP signature
Re: FTP trought firewall (inverse)
On Tue, Aug 22, 2000 at 09:03:59PM -0700, Nate Amsden wrote: > ftp is a horrible protocol to try to firewall because of all the ports > it uses, i suggest using the package 'iptraf' to see what ports are > being used when you connect to it. there are 2 modes of ftp, passive and > active. Switch your ftp client to PASSIVE mode and it should work(i just > tried it) using unix ftp just type 'passive'. To get active mode unfortunatly i think there are some lame servers that do not support PASV but i think they are becoming more rare.. > working you will have to forward thousands of ports most likely as i > believe it uses a random port above 1024. You can also try to find a ftp > server that forces the client into passive mode if you have users that > won't know how to use passive. IMO though, ftp is insecure and i > reccomend using SSH w/scp to transfer files(it encrypts both the login > and the data). heh, i have gotten into a flamewar several times with someone i know in irc conversations about the merits of scp over ftp, the problem is he is a MacOS user who maintaines web sites, he uses a MacOS ftp program called Anarchie to upload the site. he refuses to consider using scp instead since it is not `drag and drop' there are also pesky windows lusers who use basically the same excuse. trying to force scp on these people would result in a lynching of the sysadmin ;-) and yes i am aware of various kludges to enable ftplike attributes to scp, the problem is those won't work with the specific ftp clients (Anarchie) that these users demand to use. even sslized ftp is not an option since these clients of course don't support that either... so the way i see it we as sysadmins are not going to be able to kill and bury ftp until there is a sftp implementation that is Free (speech) and the popular ftp clients support that protocol (read Anarchie on MacOS and whatever it is Win* lusers insist on) /me who wants the OpenBSD guys to add a fourth grave for ftp to the OpenSSH t-shirt. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpFAF1kx7DYa.pgp Description: PGP signature
Re: screensaver not working in gnome/enlightenment
On Wed, Aug 23, 2000 at 04:44:23AM -0400, Dave Bresson wrote: > > > Hi, i'm running off a new install of Potato, with GNOME and E all happily > working. However, their is one problem. The various utilities in all the > GNOME menus for screensavers don't work. In other words, i can't get the > screensaver to kick in at all after it's initial idle time (or for that > matter, if i simply tell it to lock immediately). I try running > `xscreensaver &` and all i get is an error message: > > > Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > xscreensaver: Can't open display: :0 > xscreensaver: initial effective uid/gid was root/shadow (0/42) > xscreensaver: running as nobody/nogroup (65534/65534) > > > Also, it's very important to mention that this *only* happens as root, > other regular accounts work fine. Anyway, i would just like to find a > solution to have a screensaver for root. why? root should never login to X, root should never login period, you should use su instead. xscreensaver will refuse to retain root privileges and drops them immediatly before even connecting to the X server, this means it will not have access to the X cookies (~/.Xauthority) and will thus be refused permission to connect to the X server. this is a good thing. so the solution is (as BSDers say) `don't login as root use su' -- Ethan Benson http://www.alaska.net/~erbenson/ pgplzRuW7H3iO.pgp Description: PGP signature
Re: q ad security.debian.org
On Wed, Aug 23, 2000 at 11:50:50AM +0200, Preben Randhol wrote: > Olaf Meeuwissen <[EMAIL PROTECTED]> wrote on 23/08/2000 (08:25) : > > What about security updates for non-US? > > I don't know. deb http://security.debian.org/debian-non-US/ potato/non-US main contrib deb-src http://security.debian.org/debian-non-US/ potato/non-US main contrib add non-free to taste. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpbpeoxqfLoK.pgp Description: PGP signature
Re: max n of groups per user?
On Thu, Aug 24, 2000 at 11:34:37AM +, Lars O. Grobe wrote: > Hi! > > First - I'm new to the list. I used debian some time ago and now > I'm thinking about installing it on a server machine at university. > > How many groups can a user have? I want to use a private groups > concept with >300 users, and my admins must be members of all private > groups because I want them to be able to r/w into the 2770ed-homes > of the users - and avoid that one must change owner every time an > admin has copied into a user's home. first, why should the admins have write permission to everyones home directory? why do they need to go mucking around in your user's files? personally i would find this quite obnoxious and besides that i never leave my $HOME writable by anyone but me. (also remember ssh will bitch about those unsecure permissions) now ignoring the above, adding an admin to 300 groups is both inefficient and silly, it would be better to simply set the permissions on the home directories to 770 group `users' and make the admins members of that group (or maybe group staff) however i would suggest going about this differently, give users a private group, but set the home directory permissions to 750 or 710 group users. make everyone a member of group users and put a directory ~/incoming with permissions like 3775 group users (or group staff if you only want admins to have writability here) (you can use /usr/local/sbin/adduser.local to take care of fixing the permissions when the user is created, see man adduser) i really think giving all the admins write permission to all users $HOME is a bad idea, what if one accidently runs rm -rf / as themself? ordinarily all that would remove is thier own files, but in your scheme every user on the system will lose data, you might as well have all your admins running around as root all the time. > In SuSE, the number of groups is limited (AFAIK to 20), so I can't use > this concept. What about debian? this is a kernel issue not a distribution one, this limit will likely be the same on all distributions. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpaeKIwevUz3.pgp Description: PGP signature
Re: max n of groups per user?
On Thu, Aug 24, 2000 at 02:43:16AM -0700, Nate Amsden wrote: > the limit is 32, it is on slink, assume it is on potato as well. to > eliminate the need to change owner or group every time anybody copies > into a user's home directory(or any directory for that matter) make the > directory suid, and sgid. that way all files in that directory should > inherit the same ownership as the directory itself. not quite, sgid will cause new files to inherit the group of the parent directory a la BSD. but nothing will cause the owner to be changed. suid on directories does nothing. only way to change owners is to be root or have CAP_CHOWN. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpiGkTWv6Si2.pgp Description: PGP signature
Re: max n of groups per user?
On Thu, Aug 24, 2000 at 12:10:42PM +, Lars O. Grobe wrote: > Addressed to: Ethan Benson <[EMAIL PROTECTED]> > debian-user@lists.debian.org > > ** Reply to note from Ethan Benson <[EMAIL PROTECTED]> Thu, 24 Aug 2000 > 01:47:32 -0800 > > Hi! > > The admins want to read / write, because we have services like burning cd's, > printing / plotting etc. The user comes, the admin takes the file from the > user's home, ready. And if a user has deleted his windows-profiles or other > settings, the admin needs write. > > I don't want all users be able to read in other users home. But admins must > be able to read. > > If I would use the incoming-dir, I would also need an outgoing, and all users > would have to understand this concept. Users are not computer freaks here, but > students of architecture, and most don't know what is unix. On the admin side, > some admins work with windows clients, others with apple clients, they don't > want to learn unix permissions. in this case i would just create the users with primary group users and set the home directory permissions to 2770 group staff (or some other group, if you use staff be sure to fix the broken permissions on /usr/local/* and /var/local) you will probably have to play with samba a bit to get it to perserve the permissions properly, i have done it once but don't have access to the smb.conf at the moment. the private group system is really only helpful when the users are knowledgable of unix permissions. unix perms don't translate well into macos and win* anyway (especially given those OSes don't have much of a concept of permissions) all users will have to have a umask of 007 as well, not sure how you do that in netatalk... -- Ethan Benson http://www.alaska.net/~erbenson/ pgpwXS05dXH2a.pgp Description: PGP signature
