Re: sendmail virtual hosting
On Wed, 21 Jul 1999, A. M. Varon wrote: > Hi, > > Anybody has experience with sendmail virtual hosting on a > Debian slink/potato? Any tips/tricks to share? I use slink with sendmail on one of my machines doing this. First of all, put all virtualhosts in the /etc/mail/sendmail.cw file, one host in one line. This is needed for sendmail to accept mail for the host. You need to restart sendmail for this to take effect, but you will need to restart it later anyway, so don't restart it for now. You need to reconfigure sendmail to use genericstable and virtual user table features. You can do it the following way, if you have not already done it: These two lines should be in /etc/mail/sendmail.mc: FEATURE(`virtusertable', `hash /etc/mail/virtualusertable')dnl FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl GENERICS_DOMAIN_FILE(`/etc/mail/sendmail.cG')dnl (I think the last line is there by default.) After this you need to run sendmailconfig. It recreates sendmail.cf. For me it also puts in an error, for which I need to edit the generated sendmail.cf manually, to comment out a line for which it generates an error upon restarting sendmail. But it may be due to the fact that my machine had exim as well, and I installed sendmail upon it, instead of removing exim before. Anyway, after running sendmailconfig, if you restart sendmail, it will probably give an error message complaining about not being able to find /etc/mail/virtualusertable.db and /etc/mail/genericstable.db. Ignore this for a moment, or don't restart. Create a script containing: makemap hash /etc/mail/virtualusertable < /etc/mail/virtualusertable makemap hash /etc/mail/genericstable < /etc/mail/genericstable This will be used to rebuild the binary databases from the text source of them. These databases can be used to provide mapping for addresses to users/forward addresses. The databases are the .db files sendmail complains about not being able to find. The format of these files are: virtualusertable: genericstable: Both files should contain lines only of the given structure. is a TAB character (\t) The virtualusertable contains the email address to look for in the first column. If an email is arriving for this address, then it takes the action defined in the second column. The action can be a username for the message to be delivered to. It can be an email address for the message to be forwared to. It can be an alias name as well. And probably it can be a program delivery line, or mailbox file in procmail syntax as well, although I am not sure about this. The genericstable contains usernames in the first column. The second column contains the email address to which the address is rewritten to. Sendmail rewrites all addresses according to this, if the domain of the original address is in /etc/mail/sendmail.cG and the user is in the genericstable file. So, create these files (/etc/mail/virtualusertable and /etc/mail/genericstable) (or at least touch them). After it, run the script creating the binary databases. Now, you can restart sendmail, and it should be working. After altering the two tables you need to rerun the script creating the binary databases, but you don't need to restart sendmail. However if you add to /etc/mail/sendmail.cw or /etc/mail/sendmail.cG then you do need to restart sendmail, I think. For using hashtables, I think you need libgdbmg1 package to be installed. Probably it is installed anyway. Good luck, Robert Varga
perl5
What packages are needed to be installed to provide perl5? perl5.004 or perl5.005? Can I install perl5.005 on top of perl5.004? Robert Varga
Apache and user cgi scripts
I have a problem with running cgi-scripts in user directories. They simply don't run, giving back a 403 Forbidden error message. However I can access files in there, without a problem. http://myserver.address/~robi/cgi-bin/proba.cgi I use slink, apache-1.3.3-7 My home directory is: drwxr-xr-x 21 robi robi 3072 Jul 22 11:50 robi My public_html is: drwxr-xr-x 6 robi robi 1024 Jul 19 23:38 public_html My public_html/cgi-bin is: drwxr-xr-x 2 robi robi 1024 Jul 22 15:05 cgi-bin The public_html/cgi-bin directory contains: drwxr-xr-x 2 robi robi 1024 Jul 22 15:05 . drwxr-xr-x 6 robi robi 1024 Jul 19 23:38 .. -rwxr-xr-x 1 robi robi 27 Jul 19 23:39 .htaccess -rwxr-xr-x 1 robi robi 144 Jul 22 15:05 proba.cgi .htaccess in it contains: AddHandler cgi-script .cgi proba.cgi (which I tried to run) contains: #!/bin/sh echo Content-type: text/html echo echo "Hello" echo "" echo "Hmm" echo "" It runs fine if I change identity with su to www-data, and try to run the proba.cgi What can be the problem? Robert Varga
perl5 again
I have the perl packages from the normal slink distribution installed: ii perl5.004.04-7 Larry Wall's Practical Extracting and Report ii perl-base 5.004.04-7 The Pathologically Eclectic Rubbish Lister ii perl-suid 5.004.04-7 Runs setuid Perl scripts. I would like to upgrade my system, so that it will provide perl5, since I would like to install some packages requiring it. I don't have libc6 2.1 installed, only the 2.0.7... version. What do I have to do? If possible I would like to keep glibc 2.0.7, if glibc 2.1 has problems or would need to much package replacing. Thanks in advance, Robert Varga
Re: "Powered by Debian" logo
On Mon, 2 Aug 1999, [windows-1251] Äìèòðèé Ñèäîðîâ wrote: > Hello. > Where I can get a "Powered by Debian" logo for my WWW server ? > All servers that powered by FreeBSD or RedHat have "Powered by..." logos but > I can't find "Powered by Debian". The world must know it's heroes ! > Sorry for my bad english. > Bye. > Have you looked at /usr/share/apache/icons/jhe061.gif ? I admit, it is not a small image, but it is so cute... :-) Robert Varga
Re: SSH2 on slink?
On Wed, 4 Aug 1999, Pawel Mazur wrote: > On Wed, 4 Aug 1999, Christian Dysthe wrote: > > > I see that there is a SSH2 package for Potato available and wondered if > > anyone has installed this successfully on slink. > > I run slink on a 486dx/2 home box with 12 megs of RAM (yep, there are some > archaic computers :) > I tried to run SSH2, but generating host key was the main problem - the > process of generating freezed each time I had run it. > But that was probably a hardware problem (anyone got any ideas about it? > lack of RAM? lack of processor speed?) Probably processor speed. > > > I also need to know if installing this package disables SSH1 that we > > currently have running on the web server > > SSH2 has been rewritten from scratch, according to its authors. > Of course, it disables SSH1, but it is 100% compatible with SSH1, > so that SSH1 users should be able to log into machine running SSHD2, > and vice versa - SSH2 users into SSHD1. It does not disable ssh1. ssh1 is used for a connection if either the clients calls an ssh1 element, or if the server is using only ssh1. This is carried out by passing the call to the ssh1 counterpart programs. Therefore ssh1 must also be installed, and moreover, ssh1 package should be installed before installing ssh2 package, if you want to maintain compatibility with ssh1. No problem used to come forth when installing it. Robert Varga
apache-ssl and virtual hosts
How can I use virtual hosts on the SSL port in apache? I copied the virtual host sections in httpd.conf to another piece and updated the virtualhost tag with :443, and ServerName tag with :443 and put SSLEnable in as well. I put NameVirtualHost mynumericip:443 in the file as well. However, I always get the default page for every one of my virtualhosts. The default page is the first virtualhost on the port. How can I get virtual ssl hosts? Robert Varga
Re: qmail question
On Mon, 16 Aug 1999, Nikolay Hristov wrote: > has anybody tried to limit the size of the Sended mail with qmail for a > single user? /var/qmail/control/smtpsize seems to be for that purpose. Search on the Qmail mailing lists for it to be sure, anyway. Robert Varga
Re: qmail question
On Mon, 16 Aug 1999, Robert Varga wrote: > > > On Mon, 16 Aug 1999, Nikolay Hristov wrote: > > > has anybody tried to limit the size of the Sended mail with qmail for a > > single user? > > /var/qmail/control/smtpsize seems to be for that purpose. Search on the > Qmail mailing lists for it to be sure, anyway. Sorry, make that /var/qmail/control/databytes Robert Varga
what do I need to upgrade perl from slink to provide perl5 virtual package?
I have slink on my machine, and the perl which it contains. However that does not provide the perl5 virtual package. What do I need to upgrade to what, so that my packages provide perl5? It would be needed to be able to install packages dependant on it, but nothing else currently. Please help, Robert Varga
apt-0.3.10slink11.deb
Where can I find apt-0.3.10slink11.deb ? It was up on proposed-updates and at security.debian.org, but now I can't find it there... although it is still in the packages files. Robert Varga
Re: Promise FastTrack 66 IDE-RAID controller
On Mon, 23 Aug 1999, Alexis Maldonado wrote: > Hello! > > Has anyone used the FastTrack 66 controller from Promise in Linux? Does it > work well? Do we need kernel drivers for this board? Are they available? > There is a patch for the controller, I will look for it on my drive and send it to you, for 2.0.37 and 2.2.10. We are using it for a RAID-1 array with two drives. It seems to be working all right, even though we have only one 80-wire cable, and the other drive is on a 40-wire cable. Unfortunately in our country no 80-wire cables can be purchased, and there were only one 80-wire cables in the box. Could anybody point me to an url where I can order a 80-wired Ultra-ATA/66 cable where is no outrageous postal and handling fee? It does not seem proper to pay $50 postage fee for a <$10 cable... > Someone on the list wrote that the Promise Ultra 66 controller works, but > that one doesn't do RAID, so I need to find out about the FastTrack 66 > controller. > No need for that, just use the proper mdtools... mdtools for the normal 2.0.35-37 kernel and mdtools2 for the 2.2.x kernels or 2.0.3x kernel with the extra kernel patches for mdtools2 (see the documentation for it). Robert Varga
xfree86 3.3.4
Are there debian packages for xfree86 3.3.4? My video card (Trio3d) is supported only in that version. However I cannot find them anywhere, although someone mentioned about them being in existence. Oh, and I use slink :-) Thanks in advance, Robert Varga
Re: Oracle
On Thu, 26 Aug 1999, ICON ICON wrote: > Does anyone know of any free software for oracle development?? > > Icon You could be more specific.. Would you like to develop in pl/sql or just plain sql for oracle? Robert Varga
Re: My own DNS with bind
On Mon, 30 Aug 1999, Marcus Johansson wrote: > > Hi! > > I have 4 machines at home, and one of them is configured with ip-masq/forward > so I can have them all on the big net. And that works like a charm. I've also > set up a slave DNS on the ip-masq box, which all my clients use as their > primary DNS, and that works too. But where and how do I configure so my own > local machines are in that DNS? I dont want to have to edit /etc/hosts on > every machine when I add a new machine... Append to /etc/named.conf the following lines: zone "your_local_domain_name" { type master; notify no; file "filename_relative_to_/var/named"; } zone "1.168.192.in-addr.arpa" { type master; notify no; file "rev-filename_relative_to_/var/named"; } assuming that your masqueraded network base address is 192.168.1.0 Create a zone file named as the given filename in the 4th line you appended to /etc/named.conf. Syntax of the zone file is described in DNS-HOWTO. Create a reverse zone file named as in the 10th line you appended to /etc/named.conf. You need to create A records in the forward zone, and PTR records in the reverse-zone, and SOA records in both. Robert Varga
Re: qmail & procmail
On Thu, 2 Sep 1999, Shao Zhang wrote: > Hi, > We are using qmail for our machines here. Now I could not get > qmail to work with procmail to do the sorting. > > Basically, I need to fetchmail emails from three pop3 mail > servers and then use qmail to deliever them all to the root > account. > > > The .qmail in /root looks like this: > > | /var/qmail/bin/preline /usr/bin/procmail root QMAIL DOES NOT deliver to root. That is a security issue. Instead it delivers to the ~alias/.qmail-postmaster .qmail file if you have installed qmail from the debianized source, and .qmail-root if you have installed on your own. But there is no way you can make qmail to deliver to a user whose directory is owned by root. Robert Varga
Re: WD drives was:IBM drives
On Sun, 5 Sep 1999, John Gonzalez/netMDC admin wrote: > > WD has a utility on their website that you can run and actually repair the > drive. I've had drives with bad sectors that i've repaired with utility > that have lasted YEARS after the fact, without developing a single bad > sector. > > Also, it's alot easier to convince WD to RMA the drive, if you give them > the failure code that the drive reports with this utility. > YMMV. > > On Mon, 6 Sep 1999, Chris Wagner wrote: > I have had wd's in my machine for years and it did not have any problem... however those were a 170 and a 340 meg drives. You can guess how much time ago it was, though one of them is still working in one of my machines. The other was stolen :( Well at least it was not WD's fault. However, what WD's fault IS, is that my friend had a WD drive gone wrong, starting to develop bad sectors. >From the computer reseller the drive was bought from, we learnt that WD usually corrects the errors of the drives which was returned to them as having errors, repackages them and tries to sell them again with a distinctive marking about a year after the appearance of the respective model. Of course these drives tend to fail again in not much time. So you can buy WD, but if you do, then buy a fresh model which is less than a year on the market. Just my (and my computer reseller's) 2 cents... Robert Varga
Re: Error opening terminal: xterm-debian.
On Sun, 5 Sep 1999, Brian E. Lavender wrote: > When I telnet into another machine and I try to run a curses based > application I get the > below error. Say I run mutt > > $ mutt > > Error opening terminal: xterm-debian. Try copying /etc/terminfo/x/xterm-debian to the appropriate place on the remote machine. To determine the appropriate place, run locate xterm-sun. That is usually found on all machines... Robert Varga
Re: Upgrading mail-transport-agent to postfix?
On Wed, 8 Sep 1999, Brian May wrote: > > Last time, when I installed qmail, I manually removed all programs > that depended on sendmail, then removed sendmail, installed qmail, and > reinstalled all my mail programs again. Yuck! But why... you would only have to select sendmail for purge and qmail for install. I haven't even remove sendmail before installing qmail. As far as I remember, it does not have conflict with sendmail or any other mail-transport-agent (qmail_1.03-3.deb) Robert Varga
Re: qmail setup
On Wed, 8 Sep 1999, Paul Nesbit wrote: > I'm trying to get pine working on top of qmail. > > I'm having problems with ./configure in /var/qmail/qmail1.02 > The output of ./configure is as follows: > > Your hostname is nezgnu. > soft error > Sorry, I couldn't find your host's canonical name in DNS. > You will have to set up control/me yourself. > > In control/me I have one line: " algonquinc.on.ca" the canonical name of > the provider I am dialing-up to. Should I change my hostname to > "algonquinc.on.ca". You should not set up your qmail to receive mail destined to your ISP. If you have a fix IP name, then you should set up your machine so that `hostname`.`dnsdomainname` would give your machines fix ip name. If you have not, then you should set up a dns server on your machine, and configure qmail for a bogus name, and you can use qmail only for local use, but not for the internet, since the messages won't be delivered to you anyway. Robert Varga
Open-SSL
Where can I download Open-SSL from? Or is there any ready-made program which provides an SSL proxy for a POP3 connection on the POP3 server? Robert Varga
Re: Open-SSL
On Thu, 9 Sep 1999, J.H.M. Dassen (Ray) wrote: > On Thu, Sep 09, 1999 at 12:22:53 +0200, Robert Varga wrote: > > Where can I download Open-SSL from? > > non-US.debian.org ok, compiled and installed, although I could not build any of the demo applications in /usr/doc/openssl/demos/ssl because the linker found lots of undefined references... I have slink but rebuilt the 0.9.4-1 version of the openssl source with the debian patches, so there should not really be any problem. > > > Or is there any ready-made program which provides an SSL proxy for a POP3 > > connection on the POP3 server? > > ssltunnel? (also on non-US). > I could not make it install, and it even had a compilation error. Robert Varga ps: by the way, is there ANY commercial program which supports SPOP3?
ip_masq_ftp
How can I install the masquerading module for FTP compatibility? Where can I find it? Robert Varga
Re: ip_masq_ftp
On Thu, 23 Sep 1999, Seth R Arnold wrote: > If you built your kernel yourself, it should be installed into > /lib/modules//ipv4/ip_masq_ftp.o > > In which case, you can "modprobe ip_masq_ftp" to get it to go. > > :) So I do not need to set any option during the kernel configuration? And is there some documentation how I can create additional modules for other applications? Robert Varga
Re: OT: MS Security not centralized at all
>How difficult can organizing a moderate number of patch files be? I think here is the problem... They don't seem to be a moderate number... they just appear and appear More like almost infinite... :-) And still less patches than bugs and secholes... Robert Varga
passing parameters to a SSI in apache
How can I pass parameters to an SSI (server-side include)? I invoke the SSI file from a server-parsed html file: test.shtml: ... <--#exec cmd="cginame" --> What I would like to be able to do is to either to set environment variables for the cgi invoked, or set command line parameters for it. I cannot give command line parameters in the cmd attribute since it is used by suexec to stat() the file, and of course it cannot find a file since it tries to stat() a file named "cginame parameters". Please help, Robert Varga
passing parameters to a SSI in apache
How can I pass parameters to an SSI (server-side include)? I invoke the SSI file from a server-parsed html file: test.shtml: ... <--#exec cmd="cginame" --> What I would like to be able to do is to either to set environment variables for the cgi invoked, or set command line parameters for it. I cannot give command line parameters in the cmd attribute since it is used by suexec to stat() the file, and of course it cannot find a file since it tries to stat() a file named "cginame parameters". Please help, Robert Varga
Re: RAID, a little question ...
On Fri, 22 Oct 1999, Paolo Pedaletti wrote: > Ciao, > I have bought 2 IBM EIDE DJNA 13.5 Gb to do RAID under Linux. > It works ... not complitely. > > Short question: is it possible to have more than 4 md-devices? > I can't do it. I seem to remember from the RAID tools documentation, that only 4 is supported currently, you need to recompile the kernel for more, I think. Not sure though, maybe I am wrong. Robert Varga
Re: [A try again . . .] Mail Server
On Tue, 2 Nov 1999, Julian Gilbey wrote: > Hello List ! > > > 1. What is the best mail software for Redhat ? > INFO : The mail server has to be SMTP / POP3 and WILL have a very nasty > load of users. I would say qmail 1.03 :) > > 2. What would be the best platform for this server ? > INFO : We currently have COMPAQ Proliant's ranging from the 1600 to 7000 Does not really matter. > > (Dual Processors). > > 3. What would be the best kernel for a vast majority of user load ? > INFO : I am looking at 14.000 users, sending and recieving mail That's not really that much for qmail :) > > 4. What kind of software would be the best for fault tolerant systems ? > INFO : If server A falls down, then server B takes over. qmail for both. drop sendmail that's the only trick :) you can ask for help concerning qmail on the following lists: qmail discussion list: qmail@list.cr.yp.to debian related qmail list: [EMAIL PROTECTED] Robert Varga
Re: Secure Networks?
On Wed, 3 Nov 1999, Andrew Clark wrote: > I have a quick question. I have two networks in different locations, is > there any way to have all traffic between the two networks encrypted (by > the gateway machines I'd assume) ie so that I can just use telnet > between the two networks and it'll be encrypted (as well as all http, > ftp etc) > > If this is possible, where would I find information? Look at Free S/WAN project, and in general the IPSec security. It provides encoding of the IP layer. Free S/WAN Project Homepage: http://www.xs4all.nl/~freeswan/ Robert Varga
Re: Another Crazy DNS Question... ;-)
On Wed, 3 Nov 1999, Art Lemasters wrote: > How can I set up two completely different FQDNs (two totally > different hostnames) on one box (e.g., my.domain.net & > alsomy.otherdomain.net) so that this machine accepts traffic > on my.domain.net while appearing to be alsomy.otherdomain.net > to anyone who accesses it via the webserver or mailserver? ;-) > > Do I need to run virtual hosting here? Will it work to > point A records from each of those host names to the same, > single IP address? > > Art > The easiest method is virtual hosting for the alsomy.otherdomain.net hostname, since you need only mail and web there. Robert Varga
Re: starting ssh port forwarding from inetd
On Wed, 3 Nov 1999, Bernhard Rieder wrote: > Hi, > > I'd like to secure my pop3 ans smtp ports with ssh, > but I'm not sure hoe to set it up. > Is there a way to start it from inetd? Try to conform to the standards. Use stunnel to set up an SSL proxy for the 110 port on the POP3S port (995). For the client side use either Outlook express's SPOP3 connection method, or stunnel on the client side, too. stunnel is the recommended. If you want to use ssh, then use portforwarding on the client side. If you use it on the server side, then you need to teach the POP3 client ssh, which is not really feasible. SMTP is a bit more problematic though. With ssh it is the same as with POP3. With SSL there seem to be some problem, as far as I remember what I have read on a page reachable from stunnel homepage. Anyway: stunnel homepage is: http://mike.daewoo.com.pl/computer/stunnel Read all pages reachable thereof. Robert Varga
Re: Another Crazy DNS Question... ;-)
On Thu, 4 Nov 1999, Bob Nielsen wrote: > On Thu, Nov 04, 1999 at 12:01:29AM -0500, William T Wilson wrote: > > > > Yes, you can point A records from two domains to the same IP address. > > You can also use a CNAME record. I'm not sure when one approach would > be preferred over the other. You cannot use a CNAME record for mail hosting. Robert Varga
how to compile packages optimized for Pentium or Pentium-II?
How can I recompile the packages so that they be optimized for running on Pentium or Pentium-II or else? Robert Varga
Re: Compiling ATA/66 support into the kernel?
On Thu, 4 Nov 1999, Sudhakar Chandrasekharan wrote: > How do I compile ATA/66 support into the kernel? And what version of the > kernel should I use? The slink boot floppies have 2.0.36 and this kernel > is not currently recogonizing my ide2 and ide3 interfaces. > > Here is my setup: > > Abit BP6 MoBo. > 128M PC100 SDRAM > 2 * 466MHz Celeron PPGA There are patches for kernel 2.0.37 on the kernel mirror under people/hedrick. That I think handles (although I am not sure) the ATA/66 controller (HPT 366) on ABIT mobos. If not, then there are some patches for 2.2.x... The pre-2.0.38 patches cannot be installed on the 2.0.38 kernel unfortunately. Robert Varga
gdb version in slink: 4.17-4.m68k.objc.threads.hwwp.fpu.gnat.3
What does the m68k mean in gdb? Is it only m68k, or what the heck does that mean??? Robert Varga
Re: building openssh on slink
> > Sue me - that's because some ssh clients/servers in non-Linux world > >didn't support blowfish, and 3des is .. hm. untrustworthy, in my eyes. > > *shuffle* phew, TeraTerm ssh can do blowfish ;-) > SecureCRT can also do blowfish. By the way, which transfer encoding should be selected over which one? What are the usability terms and anyway the differences between each algorithm? Robert Varga
Re: replacing the standard mta with qmail (Re: Question about dselect)
On Mon, 8 Nov 1999, Joost Kooij wrote: > Hi, > > On Sun, 7 Nov 1999, Bastard Operator From Hell wrote: > > > I recently replaced exim with qmail as that is what I have to administer at > > work and I would rather glitch something up at home vs on-the-job. > > There is some additional effort required to install qmail, you have to > compile your own debs, as the licence prohibits distributing those. > > Because of this, dselect doesn't know about the qmail debs in the same way > as it knows about the regular debs from the debian archive. You can alway create a local package repository with which you can use dselect. It is quite easy, to tell the truth: 1. create a directory B in any directory A. 2. put all packages you have built in directory B. Don't maintain section hierarchy. If you want to, then use the appropriate switch for dpkg-scanpackages in step 4. 3. put the following line in /etc/apt/sources.list: deb file:/A/ B/ (of course replace A and B, and keep the space before B) 4. cd A dpkg-scanpackages B /dev/null > B/Packages Execute step 4. if you have put or taken any packages to/from the directory B. After this you can switch to apt retrieve method in dselect, and it will see your packages. Probably you should download the latest apt for your distribution. It is somewhere around 0.3.10slink11 for slink and I don't know where I got it from. For potato just download it from the debian mirror of your choice. > > Slight problem though, when I removed exim, dselect also wanted to remove > > all of my MTA and mail related packages (i.e.: af, anacron, at, elm-me+, > > fmirror, logrotate, mailx and mutt), so of course, I exited the Select > > phase of dselect with the "Q" option to force it to ignore the depends. > > You should not use dselect to replace your mta. Dselect is a great tool > to manage dependencies, but in this case, you really want to _work_around_ > dependencies, making dselect the wrong tool for this particular job. > > You can not (easily anyway[1]) use dselect to install qmail, because there > is no archive containing pre-built qmail.deb. You can do it the way I described previously. You just select exim for purging and select qmail and ucspi-tcp for installing. You should probably install dot-forward as well if you have users with .forward files. Take care to use ucspi-tcp 0.84 for qmail 1.03. > ... > That's all there should be to it. Now, you can continue using dselect for > all you daily updates and standard package installations and removals. The > only package that it cannot update automatically is qmail, because there > is no qmail.deb in the archive. > It does not really evolve too fast anyway :) > ... > Notice that when you run dselect, it will show the "installed" status of > the qmail package, but it knows only the installed version, not the > available version, because there is no "official archive" version of the > qmail.deb. For the same reason, dselect classifies the package as > "Obsolete/local Unclassified packages without a section". This is nothing > to worry about. It does not come up if you create a proper local repository :) Robert Varga
Re: ppp problem with 2.2.X kernel; ok with 2.0.36
On Tue, 9 Nov 1999, Brian Servis wrote: > *- On 9 Nov, [EMAIL PROTECTED] wrote about "ppp problem with 2.2.X kernel; > ok with 2.0.36" > > > > > > I had a slink system with 2.0.36 kernel, and wanted to update to 2.2.X > > kernel. I > > updated the suggested packages listed on the debian page that discussed > > known > > issues, and then updated the kernel. No problems with that. Netscape seemed > > to > > work ok, but when I tried to download any packages, it would only download a > > small amount of data and stall. I thought it might be a problem with > > packets not > > clearing. > > > > So, since that page said all these problems were cleared up in unstable, I > > upgraded to potato with "apt-get dist-upgrade". Same problem. But, if I use > > the > > 2.0.36 kernel, downloads are fine. > > > > I recompiled the 2.2.X kernel to make sure I have ppp support, and couldn't > > see > > anything else that might cause this in the kernel config menu. I'm doing > > something wrong, but what? Ideas / suggestions? > > > > I had similiar problems as well. Check the debian-user list archives > for other discussions on this topic. If I recall correctly the thing > that helped me was to simply play around with the mru and mtu options > for pppd. Currently I have each set at 552. I think the defaults are > 1500. Unfortunately I can't seem to recall where I got my info on > settings for the mru/mtu values. > ppp needs to be upgraded pppconfig as well, I think. the ppp/isdn part of the kernel has been reorganized, hence the need for the new versions. Robert Varga
Re: Apache-SSL: Can't get XBitHack to work.
On Tue, 16 Nov 1999, Christian Dysthe wrote: > Hi, > > I am trying to enable SSI using the XbitHack option. However, it won't > work either from adding "XbitHack on" to config files or to add it in a > ..htaccess file. > > I have another box running "standard" Apache. No such problems there. > > I am running Apache-SSL on a Debian Slink box. > > Any ideas what might be wrong, or is this simply a bug in Apache-SSL, > or in the Debian version? The needs for Server side includes is the following: 1. You need the LoadModule includes_module /usr/lib/apache/1.3/mod_include.so line in httpd.conf 2. Options for the directory must have Includes enabled in all cases. If you want to enable Includes from the .htaccess then you also need AllowOverride Options set for the directory in access.conf. 3. Furthermore, either AddHandler server-parsed .shtml or XBitHack on (or full) need to be set for the directory. Regards, Robert Varga
CD-writing on USB-connected CD writers
Does anyone have any experience with writing CDs on a USB connected CD writer in Linux? Is there a way to do it? Regards, Robert Varga
Re: eqlplus...
I tried but it did not work. Probably my ISP did not provide the connection bundling service for PPP. I have even found some mail regarding eql not working in 2.2 at all. Regards, Robert Varga On Sun, 11 Jun 2000, Jason Quigley wrote: > Hi! > > Has anyone tried to use eqlplus with Debian (2.2.14)? If so, has anyone > managed to get it to work? :-) > > Many thanks, > Jason. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: eqlplus...
I found that page then as well, and did not work for me anyway. Regards, Robert On Thu, 15 Jun 2000, Jason Quigley wrote: > Hi Robert! > > See the subject! ;-) > > Also check out this link: > > http://www.cwareco.com/eqlplus.html > > Cheers, > Jason. > > At 14:41 +0200 14/6/00, Robert Varga wrote: > >I tried but it did not work. Probably my ISP did not provide the > >connection bundling service for PPP. > > > >I have even found some mail regarding eql not working in 2.2 at all. > > > >Regards, > > > >Robert Varga > > > >On Sun, 11 Jun 2000, Jason Quigley wrote: > > > >> Hi! > >> > >> Has anyone tried to use eqlplus with Debian (2.2.14)? If so, has anyone > >> managed to get it to work? :-) > >> > >> Many thanks, > >> Jason. > >> > >> > >> -- > >> Unsubscribe? mail -s unsubscribe > >>[EMAIL PROTECTED] < /dev/null > >> > >> > >
Re: How to enable some specify users to run pon and poff?
There is a pon or dialout group depending on the version of Debian you are using. Add the user to that group (adduser user group), and that's all. (Look at the group of /usr/sbin/pppd to know which group. Regards, Robert Varga On Fri, 16 Jun 2000, Alex Kwan wrote: > Hi! > > My dialup ppp connection only can run by root, > How to config to enable some specify (not all) users > to run pon and poff ? > > Thanks > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Troubles with compiling Oracle 8.0.5 on Potato
Look at http://jordan.fortwayne.com/oracle The install for Redhat 6.x is described there. There is five compat-... packages mentioned which should be installed. Convert them to .deb packages with alien. (no options needed). Install the deb-s. You need to chmod +x one file, I don't remember which, I think /usr/i386-glibc20-linux/lib/ld-2.0.7.so With these packages you can carry out the instruction mentioned at that file. Feel free to change the paths to different ones from the ones in that document. Regards, Robert Varga On Tue, 20 Jun 2000, Matthias Klose wrote: > Debian does not provide a glibc-2.0, which is installable on potato. > What about Oracle 8.1.6, is it compiled for glibc-2.1? > > Greg writes: > > We need to install Oracle 8.0.5 on Potato but compiler reports > > some errors due to incompatibility glibc2.0 with glibc2.1 at > > the source level. On Slink everything was ok. > > > > My chief said, that there is a package for RedHat, solving > > that kind of trouble. (compat-glibc 5.2-2.0.7.2) > > > > Is there Debian package like that? > > Any advice? > > Can I install this .rpm package on Debian potato ? Is it safe ? > > I think it can be made simpler... > > > > p.s. > > please, forward this mail to anybody, who may help, > > because we need _fast_ solution... > > > > Gregory Belenky > > WebZavod programmer (http://www.webzavod.ru) > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
how to make custom install cd-s?
How can I make a customized install CD which boots a kernel which I created and installs a base image which contains the same custom kernel? It would make it easier to create RAID-root installations. Afterwards, all one would need to create such installs with an otherwise regular Debian install is to mount the filesystems manually during the install, and modify the fstab and lilo.conf manually. Maybe not even that, if the installer looked at /dev/md? devices as well. Correct me if I am wrong. Or is there some other way for that, that I overlooked? Regards, Robert Varga
Re: SSL for smtp & pop
On Wed, 28 Jun 2000, Jens B. Jorgensen wrote: > > Q.2/ Do Outlook Express 5.0 onwards & Netscape 4.6 onwards offer SSL > > support for both pop & smtp? If they do not, any other mail clients do? > > Netscape 4.6 does support secure pop-3 and smtp. I haven't tried the secure > smtp > before but I have used pop-3 over ssl and can testify that it works. How can you enable POP3-SSL in Netscape Messenger? I haven't been able to find a setting related to that, only related to TLS and SMTP-SSL... I have tried Communicator 4.7 on NT4.0. Regards, Robert Varga
Re: apt-move and alternate config file
apt-move is just a perl program calling ftp and rsync, and its config file gets read via the source (.) statement. Just hack it there :) Regards, Robert Varga On Sat, 22 Jul 2000, Pat Mahoney wrote: > Is there a way to get apt-move to use an alternate config file > (~/.apt-moverc)? Man page and docs reveal nothing. Tests of various > .apt-move's fail. Should I report this as a wishlist bug? > > -- > Pat Mahoney <[EMAIL PROTECTED]> > > > I cannot overemphasize the importance of good grammar. > . > What a crock. I could easily overemphasize the importance of good > grammar. For example, I could say: "Bad grammar is the leading cause > of slow, painful death in North America," or "Without good grammar, the > United States would have lost World War II." > -- Dave Barry, "An Utterly Absurd Look at Grammar" > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: raid setup
It is quite doable... I suggest you use the latest stable kernel with the raid0.90 patches which can be downloaded from http://people.redhat.com/mingo/raid-patches You will need to use the raidtools2 package instead of raidtools or mdutils. You can put everything on raid1 even root, if you want. For documentation on what to do, look at the docs of the raidtools2 package. Everything is in there in details. I have put together a system following instructions in it. (It is useful to use a third hard drive to put the initial system on, or partition the system according to what you will need to do (you will need a separate partition for the initial system root, and the raid-root partitions will be created later). I will put together a patched version of the install system so that one will be able to install debian into raid1-root directly, and if I succeed, I will post my work. Regards, Robert Varga On Thu, 12 Oct 2000, Chris Mason wrote: > I had a drive failure yesterday so I am re-thinking my file server. I would > like to setup my debian machine as my file server with two drives, each 20 > GB or more. I would like one to mirror the other, either as a raid setup or > just copying files that have changed every hour. The idea is not to protect > me against stupidity, but against mechanical failure. > I use the fileserver mainly for making a large number of images available on > the network, and for components of collaborative design projects, also > mainly images. A drive failure can set us back days, and I have found tape > drives to be useless. Even if they do back everything up, it takes too long > to find and restore anything. > I'm looking at a couple of cheap Seagate 20 GB drives, I would even consider > 3 drives in a parity raid if that was do-able. Any comnments? > > Chris Mason > Box 340, The Valley, Anguilla, British West Indies > Tel: 264 497 5670 Fax: 264 497 8463 > USA Fax (561) 382-7771 > Take a virtual tour of the island > http://net.ai/ The Anguilla Guide > Find out more about NetConcepts > www.netconcepts.ai > Talk to me in real time with Instant Messenging: [EMAIL PROTECTED] > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Pine
You need to install the pine4-diffs package as well. It contains the patches and the dsc file, as well as the debian-package configuration files. You also will need libc-client4.7 and libc-client4.7-dev, and libncurses5-dev packages. After you have installed both, switch into /usr/src/pine4. Issue: dpkg-source -x *.dsc After that, you can change into ./pine-4.21, and issue: debian/rules binary After it, you will receive the debian packages of pine, pico and pilot in /usr/src/pine4, which you can install. Regards, Robert Varga On Thu, 12 Oct 2000, Eileen Orbell wrote: > Hi, > I have just installed Debian 2.2 after being a RH user for quite some > time. I currently trying to install the pine package which I downloaded > from us.debian.org. > The commands I issued were > dpkg -i pine4-src.1.deb > > I then changed to the usr/src/pine4 directory (AND READ THE READ ME FILE) > issued the commands in the readme file > but I get this error msg when I run > debian/rules binary > > install bin/pine debian/tmp/usr/bin > install bin/pine No such file or directory > > Any help would be appreciated... > > Thanx > > Eileen Orbell > Software & Internet Applications > Capitol College > mailto:[EMAIL PROTECTED] > Don't Fear the Penguin. > > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Pine
On Fri, 13 Oct 2000, Christian Pernegger wrote: > > What's wrong with > > $ apt-get -b source pine > Would it not want to get pine4-tar.gz, pine4-4.21-xdiff.gz and pine4-4.21-?.dsc ergo the source files themselves from the source archive? It is not that way with pine. The sources are put in two binary packages. They must be installed and then you can extract and build them, but the source and diff files themselves are not retrievable from the source tree, I guess. Regards, Robert Varga
Re: Bastille-Linux and Debian
Aside from this, Bastille also sets up a default ipchains firewall for your system to prevent users to set up services on their own on your machine, I think. Regards, Robert Varga On Thu, 2 Nov 2000, Ethan Benson wrote: > On Thu, Nov 02, 2000 at 09:26:27AM +0100, [EMAIL PROTECTED] wrote: > > I'd like to know if Bastille-Linux (which was intended for Red Hat > > 6.x-Systems) works fine on Debian, too, if anyone has experiences with it > > already > > and / or if there's an equivalent for Debian aswell. > > What do you think/know? > > greetings, > > Michael > > it would likely screw up your debian system. i believe the consensus > is that you really don't need bastille on debian. one of the main > things (last time i checked) that bastille does is remove stupid suid > bits (*cough* /sbin/dump) and do some silly permissions changes, like > changing /usr/sbin/adduser from 0755 to 0700, which is pointless since > anyone can download adduser from debian mirrors, and it only spews > errors when run as a normal user anyway. Debian is already VERY > conservative about suid bits, there are not really many you would > bother removing except on extremely hardened systems (say a firewall) > > other then that remove nfs-kernel-server, nfs-common, telnetd packages > and comment out anything you are not using in /etc/inetd.conf and run > /etc/init.d/inetd reload. > > also disable portmapper, which is the only real daemon that is a pain > to get rid of on debian (no longer so on woody, yay!) simplest option > is rm /etc/rcS.d/S41portmap. which works pretty well (you do have to > rekill portmap on netbase upgrades but that does not happen too often) > > also add: > > ## security updates > deb http://security.debian.org/debian-security/ potato/updates main contrib > deb http://security.debian.org/debian-non-US/ potato/non-US main contrib > deb-src http://security.debian.org/debian-security/ potato/updates main > contrib > deb-src http://security.debian.org/debian-non-US/ potato/non-US main contrib > > to your /etc/apt/sources.list and run apt-get update && apt-get dist-upgrade > to get all the current security updates. add non-free to those lists > if you have non-free in your other apt lines. > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ >
Re: Bastille-Linux and Debian
It probably examines your current ports via something similar to netstat, to know what services on what ports are needed and creates a firewall script that creates the rules according to actual ip, that is good for that state of the system, as it was in upon running the build script. It probably knows a couple of protocols which needs special handling, eg. ftp. It probably just filters out everything which is not traffic to the then-active server processes, and sets up a few anti-spoofing rules. I just guess this according to an article describing how to set up bastille. Regards, Robert Varga On Thu, 2 Nov 2000, Ethan Benson wrote: > On Thu, Nov 02, 2000 at 03:25:53PM +0100, Robert Varga wrote: > > > > Aside from this, Bastille also sets up a default ipchains firewall for > > your system to prevent users to set up services on their own on your > > machine, I think. > > i would be interested in seeing how this can be done without breaking, > well just about everything. i would assume its a mostly static set of > rules which could be exported and used anywhere. > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ >
Re: Bastille-Linux and Debian
On Thu, 2 Nov 2000, Ethan Benson wrote: > On Thu, Nov 02, 2000 at 03:39:46PM +0100, Robert Varga wrote: > > > > It probably examines your current ports via something similar to netstat, > > to know what services on what ports are needed and creates a firewall > > script that creates the rules according to actual ip, that is good for > > that state of the system, as it was in upon running the build script. It > > probably knows a couple of protocols which needs special handling, eg. > > ftp. > > handling ftp means opening up large ranges of ports, same with irc > stuff (dcc et al) Handling ftp does not need that much. In active mode the server initiates the data connection with source port ftp-data(20) and that needs only one rule. It only breaks the passive transfer mode. As for irc: DCC is between the clients, it has nothing to do with the server. The only traffic on an irc server is the client initiated connections to the irc server port (usually 6667). If the irc server is running at the time of the hardening process, then it can be detected and the appropriate rules permitting connection to the irc server can be created. If an irc client wants to use DCC, then some manual intervention on the firewall rules is probably needed, if all traffic is blocked. Regards, Robert Varga > > > It probably just filters out everything which is not traffic to the > > then-active server processes, and sets up a few anti-spoofing rules. > > this would probably break loads of other protocols, then just ftp and > irc. by the time you allow for a usable internet connection there are > many many ports which users could attach daemons to. > > then again maybe it simply disables all internet access accept for > www, but i wouldn't call that usable. > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ >
Re: apache_1.3.9-12_i386.deb
On Sun, 9 Apr 2000, Marek Andricik wrote: > Hello, > > I have the problem with the apache_1.3.9-12_i386.deb package. Before the > latest > upgrade I did not experienced the problem. I have .cgi programs in directories > which are directly there or symlinked. > > After upgrade .cgi programs stopped working. In the error logfile there is > this > error message. > > [Sun Apr 9 18:16:43 2000] [error] [client 194.145.136.134] Premature end of > scr > ipt headers: /home/andricik/public_html/works/test.cgi Do you have suexec enabled? (It is enabled by setting it suid, and is located at /usr/lib/apache[-ssl]/suexec . If it is, and I usually get error messages like that when suexec rejects the cgi, then you can look at its quite explaining error messages in /var/log/apache[-ssl]/suexec.log You should either do things according to what suexec expects, or disable suexec. Robert Varga
raid patches for 2.2.14
Are there raid0.90 patches for 2.2.14 kernel? The last patch that I can find on the kernel mirror is 19990824 and it is against 2.2.11, however it cannot be applied to the kernel found in kernel-source-2.2.14 debian package. The last raid kernel-patch debian package is 19990724 and is against 2.2.10 kernel. However the raidtools2 package is version 19990824. What to do now? Robert Varga
HELP! How to use ISDN in debian?
What do I need to do to make an ISDN card work in Linux? What modules do I need to install? What do I need to do to configure the ISDN card? Can I use the two 64kbit channels separately and how? What other packages support the ISDN channel? Etc... The hardware: I need to install two machines (on different sites, both have ISDN 128kbit and it is in Europe). On of the cards is an Eicon DIVA Server, the other is a FRITZ PCI ISDN card. I use woody. One of the machines have a dynamic IP account, the other has static IP account. I don't need dynamic DNS for the dynamic IP. Thanks in advance, Robert Varga
Re: newbie question.
Have you compiled a new kernel or you are using the kernel provided with the installation? If you are using the kernel with the installation, then put a line containing rtl8139 into /etc/modules.conf. Also make sure that the the rtl8139.o file can be found in the appropriate directory under /lib/modules . It should be found in /lib/modules//net Robert Varga On Thu, 13 Apr 2000, Sunil Pandey wrote: > okay, I am sorry for having provided incomplete details.. > > I am using Debian 2.1r5 (downloaded only yesterday) on my > pentium III machine with realtek RTL8139 ethernet card. > > I had installed from floppy earlier.. but probably botched up a > few things so decided to install from dos, following some very good > suggestions I got from this list. But the problem still remains and I > still get Network Unreachable. > > #ping 144.16.116.247 > PING 144.16.116.247 (144.16.116.247): 56 data bytes > ping: sendto: Network is unreachable > ping: wrote 144.16.116.247 64 chars, ret=-1 > > when I do ifconfig I get the following output.. > > #ifconfig > lo Link encap:Local Loopback > inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 > UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 > RX packets:0 errors:0 dropped:0 overrun:0 frame:0 > TX packets:0 errors:0 dropped:0 overrun:0 carrier:0 > Collisions:0 > > #lsmod > Modules Pages Used by > > lsmod does not give any other output.. does that mean no modules > are installed? > > I didn't do anything spl after all the installation ended.. do I > have to start/configure something?? > > I have a few more questions to ask which may be I will send in > next mail.. > > On Wed, Apr 12, 2000 at 02:19:55AM -0700, kmself@ix.netcom.com wrote: > | What card do you have? > | What version of Debian are you installing? > | How did you install Debian? > | How did you attempt to configure your networking? > | What modules do you currently have installed (run "lsmod")? > | What is the output of the command "ifconfig"? > | > | What, if any, error messages are being generated by any of the commands > | you are using to configure or verify networking? Please quote them in > | full, with full command and arguments issued. > | > -- > Sunil Pandey <[EMAIL PROTECTED]> > > If you park, don't drink, accidents cause people. >
RE: newbie question.
Oops, my error there, of course it should be /etc/modules. Robert Varga On Thu, 13 Apr 2000, Christian Pernegger wrote: > Shouldn't modules be loaded via /etc/modules (or modconf, for that matter) in > Debian? > > My modules.conf says "do not modify" > > Christian > > > -----Original Message- > > From: Robert Varga [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 13, 2000 1:45 PM > > To: Sunil Pandey > > Cc: [EMAIL PROTECTED]; Debian Users Mailing list > > Subject: Re: newbie question. > > > > > > > > Have you compiled a new kernel or you are using the kernel provided with > > the installation? If you are using the kernel with the installation, then > > put a line containing rtl8139 into /etc/modules.conf. > > Also make sure that the the rtl8139.o file can be found in the appropriate > > directory under /lib/modules . It should be found in > > /lib/modules//net > > > > Robert Varga > >
Re: newbie question.
On Thu, 13 Apr 2000, Sunil Pandey wrote: > On Thu, Apr 13, 2000 at 01:45:00PM +0200, Robert Varga wrote: > | > | Have you compiled a new kernel or you are using the kernel provided with > | the installation? If you are using the kernel with the installation, then > | put a line containing rtl8139 into /etc/modules.conf. > | Also make sure that the the rtl8139.o file can be found in the appropriate > | directory under /lib/modules . It should be found in > | /lib/modules//net > >I am using the kernel with the installation ie 2.0.38 and I did > all that u had suggested. I put an entry in /etc/modules and also got > the file rtl8139.c . now, however, I am getting a shady problem. how do The debian cd should contain the rtl8139.o file. It should install it, if you select the rtl8139 module during the kernel module configuration phase of the installing. If you want to reconfigure the installed modules of the installation, you need to start from install the base system menu item. > I compile it?? I can't find any cc/gcc on my comp and if I compile it on > other comps, running redhat, I get version mismatch. > You need to install it as mentioned previously. > btw, do I need to do "insmod rtl8139"? > also, what is the 'auto' entry in /etc/modules and why is it commented > by default? > In /etc/modules if auto is given, then it loads any further necessary modules on its own. It should be the last uncommented not empty line in /etc/modules. All modules loaded by auto are subject to automatic module removal if they are not needed. Specifically given modules are not unloaded automatically. If rtl8139 is given in /etc/modules, then it is loaded upon bootup and not upon request by the system, and is not subject to autoremoval. You need insmod rtl8139 only if neither auto nor rtl8139 is given /etc/modules. If you cannot find rtl8139.o then I can send you one compiled for 2.0.36 or 2.2.13. Robert Varga
RE: newbie question.
On Thu, 13 Apr 2000, Christian Pernegger wrote: > > >> On Thu, Apr 13, 2000 at 01:45:00PM +0200, Robert Varga wrote: > > > The debian cd should contain the rtl8139.o file. It should install it, if > > you select the rtl8139 module during the kernel module configuration phase > > of the installing. If you want to reconfigure the installed modules of the > > installation, you need to start from install the base system menu item. > > Ah, I don't want to be such a wiseguy, but I'm quite sure that _all_ modules > are installed regardless of what you select at install time. I guess it's so. But then why did he not find it there? I have the rlt8139.o in there. > > The selection interface is just the program modconf, which you can rerun > anytime. If a module is compiled at all in the debian standard kernel, it will > show up there (under net) > That's good to know. I used to forget to select some modules during install, and after the next install phase the menu would not call the module reconfiguration. > I do not know what things modconf does, but it does add a line for the module > to /etc/modules. > Yes, if you selected the module. Robert
RE: Two modems
Have you managed to do this? I will have to setup a machine with two modems, but I cannot make eql to work. I don't have static ip-s. I do everything as stated in the documentation, it does not give any error, but neither does it work. Regards, Robert Varga On Mon, 10 Apr 2000, Tom Warfield wrote: > Its called Multi PPP. I am working on doing the same thing and have been > told by several people that it can be done. Here are dome links; > > http://mp.mansol.net.au > > http://www.xteamlinux.com.cn/lxr/source/Documentation/networking/eql.txt > > http://linux-mp.terz.de/ > > There are some posting on FreshMeat.net that rate these. I guess it appears > that there are a few ways to do it. I will be trying to accomplish this > within the next month so that i can use dual from my house. If you find > anything that is usefull please let me know. I am a newbie and im still > trying to decide what is the best way to accomplish this. > > > Tom W. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Camilo Alejandro Arboleda > Sent: Monday, April 10, 2000 5:42 AM > To: debian-user@lists.debian.org > Subject: Two modems > > > Hi! > > I have two modems and I want to increase my bandwidth. > > There are some way to share Internet trafic through two ppp interfaces? > > Thanks, > Camilo Alejadro > -- > * De simio la conoci y he visto hombres que la ańoran. > * En lo que a mi se refiere, ni entonces ni ahora > * perdi mi libertad. > Informe para una academia. Franz Kafka > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < > /dev/null > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: jdk1.1 problmes
On Sat, 6 May 2000, Jan Pfeifer wrote: > Chris Gray writes: > > > > On Sat, May 06, 2000 at 01:14:30PM -0300, Jan Pfeifer wrote: > > > I'm trying to execute a "HelloWorld" program in java, > > > but after compiling it, when running, it segment faults: > > > > > > > > > > > ahn, and: > > > > > > CLASSPATH=/usr/lib/jdk1.1/lib/classes.zip > > > JAVA_HOME=/usr/lib/jdk1.1 > > > > I haven't got this in my env. Maybe you should unset them > > (CLASSPATH=""; JAVA_HOME=""), but they shouldn't be hurting anything > > either. > > > > they did!! Without the CLASSPATH definition (unset CLASSPATH) it > worked just fine, thanks Chris! > Of course they did. If you set a classpath, then the default content of the classpath will be ignored and you will be able to use only what's in the classpath. Of course none of your programs will be found in the jdk's classes.zip hence the problem. Robert Varga
Re: lilo in potato, and the 1024 cylinder issue
You forgot to mention a fourth choice, which is loadlin boot disk, and a fifth choich which is a linux boot disk made with mkboot, and a sixth choice which is a boot-disk created with the kernel-image's boot disk creator (it does not generate the same disks, since I made one with mkboot which did not booted, and one with the kernel-image which booted). Robert Varga On Wed, 10 May 2000, Jim Breton wrote: > Does anyone know the likelihood of getting the version of lilo which > supports booting from above the 1024th cylinder into potato? > > From /usr/doc/lilo/changelog.Debian.gz: > > lilo (1:21.3-3) unstable; urgency=HIGH > > * This version supports booting from cylinders above 1024. > (Been in unstable for 3 weeks, and I got 0 complaints about it, so > I think it's definatly worth to include it in potato). > > -- Vincent Renardias <[EMAIL PROTECTED]> Sat, 25 Mar 2000 13:57:10 > +0100 > > > My particular problem is the typical one. However, there's something I > don't understand. I downloaded the lilo source for version 21.4.3 which > supposedly supports this operation on "modern" drives/BIOSes... compiled > it, and tried to run it on my new machine which is running an Athlon 750 > on an Asus K7M, with a Maxtor 7200 RPM ATA66 30 GB drive... and the BIOS > is dated Dec. 99 IIRC. Shouldn't this be sufficiently recent to allow > me to boot from >1024? > > I want to set up a 10GB FAT32 partition for Win98 on hda1, and have my > linux and swap partitions as hda2 and hda3. But when I tried this -- > even with the new lilo -- same old error message. Anyone have any idea > at all how to make this work with Lilo? > > Changing the partitioning scheme is really not an option (long story) so > afaict my choices are: > > - loadlin (works fine now but should Windows ever become unbootable for > any reason... I'd be screwed ;) ) > > - set up GRUB, which, if I am correct, will not have this problem (am I > right?) > > - figure out wtf I am doing wrong with Lilo! > > > Thank you for any advice. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: apache 1.3.9 debs
In frozen. Only unstable contains apache-1.3.12. Robert Varga On Fri, 12 May 2000, thomas lakofski wrote: > in a rash moment at 2am i upgraded my apache, forgetting about mod-ssl > which still depends on 1.3.9. does anyone know where i can find apache > and apache-common 1.3.9? dpkg-repack'ed packages would be fine too if > anyone feels like doing so. > > thanks in advance, > > thomas lakofski > > > .. > who's watching your watchmen? > EF D8 33 68 B3 E3 E9 D2 C1 3E 51 22 8A AA 7B 98 > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Jserv segfault on Debian
I use it without a problem. I use the following packages: jserv: 1.1-2 ibm-jdk1.1-installer: 1.1.8-3 (with the latest version of IBM JDK 1.1.8 (there was no segfault problem at our machines with versions after 1999 october)) we are also using gnujsp with it without any major problems. Regards, Robert Varga On Tue, 16 May 2000, Ferenc Kiraly wrote: > Hi! > > Has anyone got Jserv running on Debian? I installed all the > required packages for Jserv, but when I run it it immediately > segfaults. Any ideas? > > feri. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: quickinstall for multiple debian machines
If you find one in which you can preselect even the partition sizes, then notify me as well :) If you can bear the manual setup of the base setup, then you can use 1. (on an installed box) dpkg --get-selections > filename 2. transfer file to other machine after the base install is complete (no preselected package combos are selected, answer N to the question, do an update in dselect, _skip_the_select_menuitem_, and select install this will put up) set /etc/apt/sources.list to your mirror. 3: apt-get update; dpkg --set-selections < filename This will download and install the appropriate packages. Unfortunately, you still need to answer the questions, but the whole install goes down in about 20 minutes. X server conflicts can arise. You can even try putting all the config files of the packages (you can probably obtain them from debian package info) in a tarball and extracting them on the other machine, although you must take care of hostname problems. Regards, Robert Varga On Wed, 17 May 2000, David Benson wrote: > Hi, > > I am looking for a package that will allow > quick installation of a customized debian system, > ie one in which i have selected a precise package > list / ftp mirror. > > Preferably I could construct a single customized > floppy which would do the rest of the install > over a LAN. (the customized floppy would contain the appropriate > sources.list files ...) > > Has anyone had experience doing such things? > > Thanks very much for your time, > Dave Benson > [EMAIL PROTECTED] > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: Java 1.2 JDK released for Linux...
IBM has also released a Technology Edition of their JDK 1.3 It can be downloaded from their website. It probably has a much more allowing licence than SCSL. Robert Varga On 24 May 2000, Gary Hennigan wrote: > "Joe Emenaker" <[EMAIL PROTECTED]> writes: > > JavaSoft apparently released the Linux version of the JDK 1.2. > > > > Anyone know if anyone is packaging it already? > > I assume JavaSoft = Sun Microsystems? If so, the JDK 1.2.2 has been > out for at least a month or two. As far as I know it's not packaged > for Debian but I did download it from Sun and install it in /usr/local > and haven't had any problems with it on either of my Potato systems. > > Gary > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: qmail
On Wed, 7 Jun 2000, Jay Kelly wrote: > I thinking of switching over to qmail from sendmail and wanted to know if I > install it with apt-get install? when I use sendmail I am able to mail some > addresses but not others. For example when I try to mail You need to install qmail-src and ucspi-tcp-src packages, build them with build-ucspi-tcp and build-qmail. For building qmail, make sure that no qmail-related uid-s and gid-s are in /etc/passwd and /etc/group. (the five qmail? users and alias, and group qmail). After installing look at README.Debian in /usr/doc/qmail. And moreover, read a few qmail documentation, eg. 'Life with qmail' to know how qmail works. It is very easy to use, but you need to know how things are done. > [EMAIL PROTECTED] I receive an error "Host not found" but I can > mail other email addresses. > any thoughts will help > It is [EMAIL PROTECTED] (lists and not list) Regards, Robert
secret data for php pages
Is there a way in which I can store some data (eg. mysql passwords) safely from other users on a website and retrieve it from php3/4? The site is running php3 or php4 as an apache_module, and I need to provide separate mysql databases for each users inaccessible to all other users, so each user's data in the database is safe from other users. However the mysql passwords are need to be stored on the server somewhere, and then they are retrievable, if special means are not taken. I would be interested in these special means. Since apache modules run with the id of the webserver itself (www-data.www-data) therefore if the user passwords are stored in .php files, then they must be readable by www-data, and therefore they are retrievable (1. put on a php3 script which lists the public_html dir of the other user, 2. put on a php3 script which displays all the files of the other user's public_html, and there it is, 3. use this recursively to reach directly untraversable directories). I would not like to use php-cgi if it is not a necessity, due to the performance drop. Regards, Robert Varga
RE: secret data for php pages
On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote: > > On 07-Jun-2000 Robert Varga wrote: > > > > Is there a way in which I can store some data (eg. mysql passwords) safely > > from other users on a website and retrieve it from php3/4? > > > > include the files from your script. The file can be elsewhere, the server > just > has to be able to get to it. > This is the scenario I told in my letter: If I would like to include it, then it has to be retrievable to the user www-data, and therefore it can be retrieved. Regards, Robert Varga
Re: secret data for php pages
That is not the same problem. When I refer on users, they are meant as system users on the webserver, not web visitors. What I need is a way to provide separate mysql databases to all virtualhosts and webserver users, without a possibility for them to access each other's databases. Regards, Robert On Wed, 7 Jun 2000, Andrew Sullivan wrote: > On Wed, Jun 07, 2000 at 07:46:29PM +0200, Robert Varga wrote: > > > > Is there a way in which I can store some data (eg. mysql passwords) safely > > from other users on a website and retrieve it from php3/4? > > You need to use sessions. Either use phplib under php3, or use php4. > > A > > -- > Andrew Sullivan Computer Services > <[EMAIL PROTECTED]>Burlington Public Library > +1 905 639 3611 x158 2331 New Street >Burlington, Ontario, Canada L7R 1J4 >
Re: files/dirs under /var/www/
On Wed, 7 Jun 2000, Will Trillich wrote: > On Fri, Jun 02, 2000 at 01:08:04AM -0800, Ethan Benson wrote: > > On Fri, Jun 02, 2000 at 01:52:10PM +0900, Olaf Meeuwissen wrote: > > > Just a quick question: how (un)safe is it to create your own files and > > > directories below /var/www/? Are there any names taken (besides dwww > > > and index.html)? > > > > /var/www should belong to you, i don't think any debian package will > > clobber anything in there, if they do its a bug. /var/www is set as > > the document root for apache so its obviously natural for your site to > > go there and be organized how you see fit. the index.html file should > > be replaced by your own. > > > > just make sure its not owned by www-data.www-data! > > what's the flaw in that? it's MORE secure to have files owned by root?? > i don't grok that just yet, sensei... > The problem with it is that ANYBODY whois being able to put up a script that runs as www-data will be able remove your /var/www. This includes anything ran from an apache module or a cgi and not run via suexec. Eg. php3 scripts, cgi-scripts, servlets, jsp files, and so on, which all by default run as www-data. And suexec is disabled by default. Only this "small" flaw... And there is no problem with files owned by root, as long as they are not suid-root, or not executable at all. Regards, Robert
Re: secret data for php pages
On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote: > > On 07-Jun-2000 Robert Varga wrote: > > > > That is not the same problem. When I refer on users, they are meant as > > system users on the webserver, not web visitors. > > > > What I need is a way to provide separate mysql databases to all > > virtualhosts and webserver users, without a possibility for them to access > > each other's databases. > > > > each v host gets a user, the web daemon runs as that user. The mysql passwds > are in a file that that user can read. Only people who can learn it are other > members of the v host. > No, that is only true if it is a cgi. Apache modules don't change uid-s. They always run as set globally in httpd.conf, by default www-data, and you cannot override it for virtual hosts. What you can override is running cgi-s or exec-s from SSI-s. The User / Group override for virtual hosts is only for cgi-s run in that virtual host. PHP is an apache module on our site, and if it was run from a cgi (php3-cgi package) then performance would decrease due to 1. not having persistent connections 2. having to load the php interpreter on every request for every php page. Regards, Robert Varga
Re: secret data for php pages
On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote: > > On 07-Jun-2000 Robert Varga wrote: > > > > > > On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote: > > > >> > >> On 07-Jun-2000 Robert Varga wrote: > >> > > >> > That is not the same problem. When I refer on users, they are meant as > >> > system users on the webserver, not web visitors. > >> > > >> > What I need is a way to provide separate mysql databases to all > >> > virtualhosts and webserver users, without a possibility for them to > >> > access > >> > each other's databases. > >> > > >> > >> each v host gets a user, the web daemon runs as that user. The mysql > >> passwds > >> are in a file that that user can read. Only people who can learn it are > >> other > >> members of the v host. > >> > > > > No, that is only true if it is a cgi. Apache modules don't change uid-s. > > They always run as set globally in httpd.conf, by default www-data, and > > you cannot override it for virtual hosts. > > > > What you can override is running cgi-s or exec-s from SSI-s. The User / > > Group override for virtual hosts is only for cgi-s run in that virtual > > host. > > > > PHP is an apache module on our site, and if it was run from a cgi > > (php3-cgi package) then performance would decrease due to > > 1. not having persistent connections > > 2. having to load the php interpreter on every request for every php > > page. > > > > apache runs as the vhost user. One apache daemon group per v host. > Nope. It may be true for ip-based virtual hosts, but surely not for namebased virtual hosts. It changes uid and gid only for running cgi-s via suexec. It is sure. You can check it the following way: put a file which should be readable by the uid and gid that is set at the virtual host, but not by www-data.www-data, into that virtual host's webspace. Try to retrieve it with a browser. You will get a 403 error (access forbidden). Therefore it is sure that for normal pages the server and the apache modules (eg php3) run as www-data. I tried it. Regards, Robert Varga
Re: secret data for php pages
Unfortunately we are serving only web- and mail services currently and we don't have an ip-block, only one server. Regards, Robert Varga On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote: > >> apache runs as the vhost user. One apache daemon group per v host. > >> > > > > Nope. It may be true for ip-based virtual hosts, but surely not for > > namebased virtual hosts. > > > > we ran IP based, I assumed most people did, sorry. > > Guess you just have to cross your fingers and hope. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: secret data for php pages
If php is called as a cgi then it can be run setuid via suexec anyway. What I was looking for was a way to provide some information preload during the time when apache is still root for the php3 module, since modules run as www-data. There was another suggestion for running several instances of suid-ed apache on ports other than 80 and using the rewrite engine to transfer calls to them. This would cause large memory consumption but still looks like the most feasible method aside from ip-based virtualhosts. Regards, Robert Varga On Thu, 8 Jun 2000, Christian Hammers wrote: > Hello > > > Is there a way in which I can store some data (eg. mysql passwords) safely > > from other users on a website and retrieve it from php3/4? > There exists a patch that allowes apache to run every virtual host in > a seperated chrooted environment under a different UID. > This involves that php has to be called as cgi but it's ok from the > security point of view. > > http://stein.cshl.org/software/sbox/ > > bye, > > -christian- > > -- > Linux - the choice of the GNU generation. Join the Debian Project > http://www.debian.org > Christian Hammers * Oberer Heidweg 35 * D-52477 Alsdorf * Tel.: 02404-25624 > 0AA3 E879 1D82 F59E 77A4 0096 911F 4AE6 86A1 18E6 1024D/86A118E6 1999-09-17 >
Re: ssl'ed / ssh'ed ftp ?
On Mon, 7 Feb 2000, Joe Chung wrote: > On Sun, Feb 06, 2000 at 09:32:11PM -0800, t s a d i wrote: > > hello all, > > we use ssh (and ssl telnet) at our place to remotely admin some > > machines (we are on an untrusted network) ... > > our concern now is on ftp, is there such thing as an ssh'ed or > > ssl'ed ftp ? or any equivalent ? (using ssh's file transfer capability > > is not an option since no Win9x ssh client supports this) > > For Windows clients try the ssh extension to Teraterm at: > > http://www.zip.com.au/~roca/ttssh.html > > With the port-forwarding feature, I was able to use good old ws_ftp from the > Windows machine to connect securely to our Solaris server running openssh's > sshd. That should work for you. > That's only partially true: ftp is a dual-ported protocol. It uses port 21 for transferring the parameters and commands, but it uses a separate data connection. It can behave the following two ways: Active mode: the data connection is initiated by the ftp server. The connection is between ftpserver:20 a user-specified ip:port. Passive mode: the ftp server is the one which is contacted by another computer. This mode is triggered by the pasv command. The reply of the ftp server to pasv command is a port on which it will listen. It then needs to be contacted by the client (or another machine). This makes it possible to use ftp protocol to transfer files between two ftp servers. In this scenario the control connections are between the client and the two ftp servers, but the one data connection is between the two ftp server. What is described in the previous lines shows the forwarding a connection to port 21 via ssh does not encrypt the data connections. Therefore: if you need to encrypt only the passwords, then ssh can provide you the tool. But there is no way to encrypt the data connection with ssh alone. You need a tool which uses ssh's port forwarding capabilities actively for that. Robert Varga
Re: suExec annoyances
On Wed, 9 Feb 2000, Adam Shand wrote: > > > Can anyone explain to me the restriction on where I can place cgi > > scripts if suExec is being used with apache? As best as I can > > understand, all cgi scripts must be contained under the *global* > > DocumentRoot in order for suExec to run them. This means that when I > > have a setup like > > cgi's go in exactly the same place they would go if you weren't running > suexec. > > > DocumentRoot /var/www > > > > > > ServerName my.virtualhost.com > > DocumentRoot /usr/local/share/virtualhost > > ScriptAlias /cgi-bin/ /usr/local/share/virtualhost/cgi-bin/ > > User vhostusr > > Group vhostgrp > > > > > > Then requests to any cgi script within > > http://my.virtualhost.com/cgi-bin/ will fail with an internal server > > error, claiming that the command is "not in the docroot". If suexec is used then virtualhost cgi-s which are suid-ed (you gave user and group at virtualhost) must reside physically under /var/www/htdocs in slink and I don't know exactly off my head where they must be in potato version of apache-common. They must be go-w and must reside in a go-w directory. (must be writable only by the user). They must be owned by the user and group given in the virtual host section. If there is still more problem, look at /var/log/apache/suexec.log, plaintext error messages are there for other existing constraints. > that is *NOT* a good idea. > > > Does anyone have any suggestions? It seems to me that suExec should be > > seeing whether the command is in the documentroot *for this virtual > > host*... and I don't understand why it isn't doing that. > > the way you think it should work *is* the way it works, something else is > going wrong. > > adam. I myself put cgi-s under /var/www/htdocs/vhostname and the default docroot is /var/www/default. The vhost docroots are in the /home. Robert Varga
Re: SSLwrapper software
On Sun, 13 Feb 2000, Mark Symonds wrote: > Hi, > > I'm still using slink, just curious if anyone has begun work packaging > some sslwrapper software (sslwrap, stunnel). I'd like to have pop-3s from > an apt-getted .deb as opposed to doing the whole search and destroy thing. stunnel is in potato. You can compile it for slink as well, but you have to compile openssl0.9.4 as well. And what it needs. But it works. I use it :) Unfortunately it is a bit outdated. Three new versions are out which are unpackaged. But you probably don't need that functionality, so you can stuck with 3.4 Robert Varga
Re: enabling suexec with debian apache [solved]
On Sun, 20 Feb 2000, Adam Shand wrote: > > > Here is a list of searches from the apache main site about suxec AND > > security: > > thanks but i just figured it out. all that needed to happed was to have the > suid bit set on the suexec binary. > > # chmod 4711 /usr/lib/apache/suexec > > the log file shows that it is now detecting the suexec binary, and when i do > a "apachectl configtest" i now get "Syntax OK". > > does anyone know, is this a bug or is this the way it's "supposed to > be". sorry for following up my own post. > It is the way it is supposed to be. With suEXEC enabled, cgi-s run setuid-ed, which is always a risky thing, so it should be done on the administrator's explicit statement, hence the need for enabling suEXEC manually. Robert Varga
Re: enabling suexec with debian apache [solved]
On Mon, 21 Feb 2000, Adam Shand wrote: > > > It is the way it is supposed to be. > > is there a something in the docs i missed explaining that this is what needs > to be done? it took me a very frustrating hour to figure this out. if not > it should be submitted as a documentation bug, right? > > > With suEXEC enabled, cgi-s run setuid-ed, which is always a risky thing, > > so it should be done on the administrator's explicit statement, hence > > the need for enabling suEXEC manually. > > well, they run suid'd to the user which is a whole lot less risky then > having them run as the user that the web server runs as. i agree that > having another suid root binary is always a bad thing but suexec is kinda > pointless with out it, and it's a major security boon. > > adam. > > If there is an exploitable cgi, then there is web access to all of the owning user's files. If it is not run via the suEXEC mechanism, then the permissions are that of www-data, which are close to nothing. If suEXEC is enabled, then a lot more requirements need to be met for running a cgi. This usually leads to a lot of users complaining about this and that is not working and why, when it runs on another similar machine? Robert Varga
Re: enabling suexec with debian apache [solved]
On Mon, 21 Feb 2000, Joe Block wrote: > Robert Varga wrote: > > If there is an exploitable cgi, then there is web access to all of the > > owning user's files. If it is not run via the suEXEC mechanism, then the > > permissions are that of www-data, which are close to nothing. > > Without using suexec or cgiwrap, how do you keep each user's cgis from > mucking about with the other user's cgi datafiles? And I certainly > don't want one of my student users' cgis able to mess with my log files, > which are also owned by www-data That IS a case when it is needed, and must be set by the admin to use suexec. > > > If suEXEC is enabled, then a lot more requirements need to be met for > > running a cgi. This usually leads to a lot of users complaining about this > > and that is not working and why, when it runs on another similar machine? > > This is a good thing, IMO. Once students realize that it's their files > and quota that are going to be eaten up by runaway cgis, in my > experience they start paying more attention to what they're writing. > It is not only what they write, but what they set the permissions to, as well. I know, this is also what they should learn. But with exploitable setuid cgi-s, and one can never be sure that his code is unexploitable, not only his cgi datafiles, but all files can be accessed and modified as well. Robert Varga
Re: enabling suexec with debian apache [solved]
> > One important point about cgiwrap - the current debian package puts the > > user cgis in ~user/public_html/cgi-bin instead of ~user/cgi-bin. I've > > filed a bug about it. It's bad security for cgis and their associated > > datafiles to be web-readable. Yes, I know security through obscurity > > isn't really security, but we should at least make the black hats work a > > little to get at the cgi source. > And how can you set up /home//cgi-bin to be web-executable if you cannot describe it with a web url? And another thing I have been running circles around is: - how can I protect data files from being read from the filesystem, which should be readable from the web, but only after authentication? Since they should be http-served, they should be world-readable... Then how can I prevent anyone from reading them on the webserver system itself? Robert Varga
Re: Kitchen sink and Linux?
On Sun, 27 Feb 2000, Chirag wrote: > Dear debian users > > I would like to draw your attention to certain ugly an unlinuxy comment > on the web site of a > Linux distribution about other distribution(s). > > Quoting from > http://www.calderasystems.com/support/docs/2.3/gsg/introduce.html > > Improved best-of-class package selection, with each Linux application > carefully chosen to be more useful and refined than the "everything but the > kitchen sink" products from some Linux packagers > > Unquote. > > This is an obvious reference to debian if not for others, which is the > largest distribution and include > most freely available packages. I strongly feel that this kind of comments > is very bad for Linux and > should be ripped in the bud itself and what is justfication for this when > the company seems to benefitting > from the works of millions of developers who test and 'robust'fy > applications that may have been called > toilet bowl applications in the near past. I may be unaware of some implications that you know of, but I don't feel that it would refer on debian. I think rather it refers on the individuals doing the packaging. And I don't think that debian has so bad reputation concerning the quality of packaging the softwares... Redhat is a totally different quality however (kitchen sink quality does apply for redhat). Robert Varga
RE: Potato and /etc/apt/sources.list
On Fri, 25 Feb 2000, Ross Boylan wrote: > Replace "unstable" with "potato". If you prefer, I think "frozen" will > work, but using potato is likely to produce fewer unpleasant surprises as > things evolve. > For one such surprise, I think you should remember that frozen will go away after the release... There will be only stable and unstable for a while... Robert Varga
Re: enabling suexec with debian apache [solved]
On Sat, 26 Feb 2000, Adam Shand wrote: > > > And how can you set up /home//cgi-bin to be web-executable if you > > cannot describe it with a web url? > > that's what aliases and scriptaliases are for. you would put in their > virtualhost config (or just change the pathing cgiwrap's source) something > like this: > > ScriptAlias /cgi-bin/ /home/user/cgi-bin/ > > think about it, debian's default cgi-bin isn't describable with a url. the > doc root is /var/www and the default cgi-bin is /usr/lib/cgi-bin. That involves creating a virtual host for every user. I was asking whether ~user/cgi-bin can be made to be not under /home/user/public_html/cgi-bin but /home/user/cgi-bin. > > > - how can I protect data files from being read from the filesystem, > > which should be readable from the web, but only after authentication? > > Since they should be http-served, they should be world-readable... Then > > how can I prevent anyone from reading them on the webserver system > > itself? > > what we do is have the doc root setup like this: > > ryumin(larry)$ ls -ld /var/www > drwxr-s--- 22 root wwwroot 28672 Dec 27 11:25 /var/www > > and have the user the web server runs as setup like this: > > ryumin(larry)$ groups www-data > www-data wwwroot > > that way the web server can read files from inside /var/www but no one else > can unless they are in the wwwroot group. > > adam. > > The problem with this is that this way the users can't do this themselves, but they need me to chown and chgrp their files needing protection. They can't create files with www-data.wwwroot, and apache won't serve files for which it has only group access rights. Or maybe I only need to restart apache after adding www-data to the user's group? (Adding www-data to the user's group pose no problems if every cgi is run under the owner's id). Robert Varga
Re: enabling suexec with debian apache [solved]
On Sat, 26 Feb 2000, Adam Shand wrote: > > > That involves creating a virtual host for every user. > > > > I was asking whether ~user/cgi-bin can be made to be not under > > /home/user/public_html/cgi-bin but /home/user/cgi-bin. > > with ~username urls it's even easier. i'm not sure how you do it with > suexec It is automatic with suexec. Only you have to enable suexec by setting suexec setuid. > cause i've never tried but with cgiwrap it's trival. a user would > run a cgi via cgiwrap like this: > > http://www.domain.com/cgi-bin/cgiwrap/username/script.cgi > > and the path to user cgi's is hard coded into the cgiwrap program. so when > the above is called it knows to look in ~username/public_html/cgi-bin for > the script. hence joe's complaint about the cgi-wrap program. it could > just as easily look in ~username/cgi-bin and that would mean that there was > no way for someone to poke around in the users cgi-bin directory by going > to: > > http://www.domain.com/~username/cgi-bin > > and viewing the cgi's. > > > The problem with this is that this way the users can't do this > > themselves, but they need me to chown and chgrp their files needing > > protection. They can't create files with www-data.wwwroot, and apache > > won't serve files for which it has only group access rights. > > if it's the users stuff you want to protect you should figure out how to run > ~username accounts via suexec (i'm fairly sure it's possible). that way > they can simply chown all their web pages to them, and chmod 600 all the web > pages. the web server will be able to read them because it runs as the > user, and no one else will be able to read them because they are only > readable by the owner. > Unfortunately with apache, data is always served as www-data.www-data or whatever it is set to in httpd.conf. It does not change uids to serve normal files, since that would need running as root. It does that for cgi-s since that inherently needs a program execution itself... > > Or maybe I only need to restart apache after adding www-data to the > > user's group? (Adding www-data to the user's group pose no problems if > > every cgi is run under the owner's id). > > i don't understand this. i wouldn't add your users to the www-data group. > No. I would add www-data to the user's group. That way it can see the user's file, and it need not be world-readable. However it did not work. But maybe only because I did not restart apache, and it did not have the user's group among its groups. Robert
Re: redirecting 101
On Sun, 27 Feb 2000, Guyren G Howe wrote: > I'd love to understand the general theory of how to redirect particular > ports for particular protocols to particular machines. > > ipchains? ipautofw? ipportfw? > > TIA Forget ipautofw, it is 2.0 dependant, use ipchains instead. There is a page concerning the necessary actions to make games playable from a masquaraded network which can be reached from the IP-Masquaradeing Homepage, but I can't remember either address off my head... Robert Varga
Re: Kitchen sink and Linux? Who is GNU?!!
On Sun, 27 Feb 2000, Chirag wrote: > > > Redhat is a totally different quality however (kitchen sink quality does > > apply for redhat). > > > > > > I am frustrated that you have ignored my main point. The point is > it is unlinuxy to use such comments and alas, you are using such > comments as well!. . Distributions doesn't grow > at the expense of each other but by doing bug fixes for others! > Although Caldera may be overwhelmed by the fact that their own failure to > promote DR DOS as the best DOS 'distribution' in the past was > inflicted by unfair competition from Microsoft and so are doing the > same marketing strategy to other competitors > > Well kitchen sink quality does apply for RedHat in a way. > Just have a look at their home page. It does look like stacks of utensils > placed at > the kitchen sink I wonder how they are going to promote 150$ > Web server products with such a terrible looking web site.. > In contrast Caldera's web page is a charm and that is exactly > how that I read so deep and found about the ugly remarks. > > By the way RedHat 6.2 beta announce contains some controversial > comment as well. Naming the release as Piglet, from the Winnie the > Pooh , the announcement says 'This bad boy eats lizards and > spits out kernel patches' and incidenltly caldera's installation program > is named Lizard (for Linux Wizard). > > Sure we should ignore these kind of ugly things. But I fear > that these things may grow into something uncontrollable that > Linus Torvalds may be forced to review the License. Well, I think your main point was to help each other and not hinder or speak bad about one another, either personally nor distribution-scale. I think that helping one necessarily involves telling him/her their errors. Unfortunately some distributions do this in a rather rude way... And the other sad fact is that Redhat does not take the suggestions too well, since they don't really improve the quality of their distribution. The other thing you mentioned about actively discrediting other distributions, is of course totally unacceptable from any distribution creator. By the way, there IS a certain resemblance to the marketing strategy of Micro$oft in the marketing strategy of some Linux distributors... I won't mention names, but I think you will catch my point... And well.. there are companies which tend to commit the same errors more than one times... Robert Varga
FW: IBM Developer Kit for Linux, Java Technology Edition and Debi an (fwd)
Hello all, Sorry for crossposting, but I think this may be important enough to warrant that action. I have received the following letter from IBM. This states that in two weeks the license for IBM JDK will change so that it will not contain any restrictions for the usage of it on any Linux system (the ridiculous clauses concerning RH6 and Caldera2.2 will go away at the very least). I don't know anything about what the exact license will be, whether it will allow packaging IBM JDK in non-free, or only the installer, but anyway, there will be no legal problem concerning the usage of the ibm-jdk11-installer. I don't expect IBM JDK to go open-source by the way, so I don't think that it will go into main. Robert Varga > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] > Sent: Monday, February 28, 2000 4:50 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: IBM Developer Kit for Linux, Java Technology Edition and > Debian > > > > Robert, you may use the Developer Kit or the Runtime Environment with > Debian if you are satisfied with the way the code operates in that > environment. The restrictions in the license agreement were in error > and are in the process of being updated in the next two weeks to allow use > with any Linux O/S. > > Thanks, >Jeff > > Java Marketing; Software Group Solutions & Strategy > > Phone: (512) 838-0228 T/L 678Fax: 838-0169 > Building 903 Zip 9372 Austin, Texas 78758 > > Internet: [EMAIL PROTECTED] > > > -- Forwarded by Jeff N Roberts/Austin/IBM on > 02/28/2000 > 09:45 AM --- > > Brian Watt <[EMAIL PROTECTED]> on 02/25/2000 10:27:58 PM > > To: [EMAIL PROTECTED], Jeff N Roberts/Austin/[EMAIL PROTECTED] > cc: > Subject: IBM Developer Kit for Linux, Java Technology Edition and Debian > > > > Robert, > > I would suggest that you e-mail Jeff N. Roberts, Sr. Marketing Manager, > in Austin, TX and ask him. His e-mail address is [EMAIL PROTECTED] > > WRT your questions on Debian, we have tested on RedHat, and Caldera, > and, as such, those are the only distributions that we can be sure that > it operates on, however, we are aware of many other distributions where > people are using it successfully. > > In your note you mention the Developer Kit (AKA JDK) which does have > restrictions on redistribution, but if you review the Runtime > Environment (AKA JRE) you will find that it can be redistributed if the > proper conditions are followed. Please review the LICENSE files and > README files. > > Brian Watt > Java Development > IBM > [EMAIL PROTECTED] > > Subject: Is it legal to use IBM JDK 1.1.8 on Debian Linux? - someone > please answer! > Date: Fri, 18 Feb 2000 17:48:47 +0100 > From: "Robert Varga" <[EMAIL PROTECTED]> > Organization: IBM Software Group > Newsgroups: ibm.software.java.linux > > The licence of IBM JDK looks very restrictive. Is IBM's opinion on the > subject of using IBM JDK different Linux distributions that it allows it > to be used only on RH6.0 and Caldera 2.2? > > Does IBM really intend to forbid its usage on eg. Debian? Our company > needs to deploy a site using Apache JServ and GNUjsp. We would like to > deploy it with IBM JDK and in all cases we want to deploy it on Debian > Linux, but the license seems very restrictive about it. > > If the licence is really forbidding to use it on Debian, is there a way > for our company as an IBM Business Partner to approach IBM to allow > using IBM JDK on Debian Linux in specific cases and conditions? > > Regards, > > Robert Varga > [EMAIL PROTECTED] > >
sorry for posting twice
And sorry for posting my previous message twice, but it took a very long time for my first message from a non-subscribed address to make it on the list, so I thought that they are ignored by the list processor. At the moment I sent my second letter did the first one from the list arrive. Sorry again, Robert Varga
Re: SuExec(?) isn't installed?
On Mon, 28 Feb 2000, [iso-8859-1] andreas pålsson wrote: > Hello. > This might be a stupid question, but how do I get support for SuExec in > Apache? You have to set the suid bit of /usr/lib/apache/suexec or /usr/lib/apache-ssl/suexec according to which one you use. If you have suidmanager installed, then put it in /etc/suid.conf as well (see doc for exact instructions). Robert Varga
Re: Configuration of local mailserver behind linux firewall - HELP!
On Mon, 6 Mar 2000 [EMAIL PROTECTED] wrote: > Hello, > > I have a linux (2.2.X kernel) box that I am using as a firewall between > my internal network and our new ADSL modem. I am currently working on > configuring the ipchains on the linux box to protect my internal > systems. > > Question: My internal mailserver is currently running on a HP-UX C3000 > which > is behind the firewall (IP: 192.168.XXX.XXX). I need to configure my > linux firewall to pass the SMTP transmissions to and from my server. > > What is the best way of doing this? a: Just forward tcp port 25 on the firewall to the mail server. b: setup a mail proxy on the firewall, that accepts incoming mail from outside and forwards it to the internal mailserver. if you want to, you can also direct outgoing mail from the internal mailserver through this mail proxy. relaying on the proxy should be enabled for the internal mailserver only. This is the cleaner solution since you don't have to make any firewall rules for this. However you must not have any user to which mail is delivered on the firewall. The mail proxy must be only a proxy. And choose a safe MTA for te firewall, I suggest qmail. With qmail questions in Debian, write to the Debian-Qmail list at [EMAIL PROTECTED] . Robert Varga
Re: glibc-compat ???
On Thu, 23 Mar 2000, Eric Weigel wrote: > > On Thu, 23 Mar 2000, Hamish Moffatt wrote: > > On Thu, Mar 23, 2000 at 02:42:26AM -0300, Taupter wrote: > > > Strange. If i can remember, Slink has libc5 compatibility libs. > > > Why not glibc2.0 compatibility libs for potato, as RH-based distros > > > have? > > > > They're both libc 6.0 -- how would ld.so know which one you wanted? > > Any apps which run on 6.0 and not 6.1 are broken and should be fixed. > > > Some things changed from 2.0 to 2.1 so that non broken binaries won't > work. One I know about is stat, which is now a macro instead of a > function call (breaks smbsh, even if you recompile it) > > Some other software doesn't work either. One I know about is IBM DB2 > database. I don't know why it doesn't work, it just doesn't, and of > course I don't have the source. > > I've thought about compatibility links, but like you said, they're both > libc 6.0. > > Overall though, there doesn't seem to be a lot of broken stuff. > The other one it breaks is Oracle 8.0, and one needs to convert Redhat compatibility libraries to be able install it, and a patch from Oracle. I have heard it also broke Applixware, but I am not sure. Robert Varga
Re: glibc-compat ???
On Thu, 23 Mar 2000, Steve Greenland wrote: > On 23-Mar-00, 18:08 (CST), Andor Dirner <[EMAIL PROTECTED]> wrote: > > On Thu, 23 Mar 2000, Robert Varga wrote: > > > > > > The other one it breaks is Oracle 8.0, and one needs to convert Redhat > > > compatibility libraries to be able install it, and a patch from Oracle. > > > > > FWIW, I'm running Oracle 8i (SQL*Plus reports v 8.1.5) with the latest > patches (as of a month ago) on a potato box with no obvious problems, I > don't have any compatibility libs installed. > I said 8.0. I know 8.1.5 works with glibc2.1 since it is explicitly stated in its requirements that it needs it. Of course it should work with it. However I don't really like 8i, since it needs much more (and it should be written as MUCH MORE) resources than 8.0.5. I know there is one aspect of using 8i on linux when compared with 8.0.5, its being free for development purposes. Robert
Re: Apache virtual hosting
Not really like that. Don't forget there are hosts out there which have only one ip-address, so they must use name-based virtual hosting. For this they must configure their only ip-address as NameVirtualHost. After this the documentroot in srm.conf is ignored. All ip-names which the server have, should appear in a VirtualHost section in a ServerName or ServerAlias directive. If it does not, then the default virtualhost is served for it, which is the first VirtualHost section parsed. Of course if you use mass virtual hosting (vhost module), then the operation is as it is described in its documentation. Robert Varga On Mon, 27 Mar 2000, Daniel Yang wrote: > normally, you would have main web server and then virtual web servers. > Here is what it looks like in the httpd.conf > > #setup main web server > DocumentRoot /www/mainweb > ServerName www.mainweb.com > > #then set up virtual web server (e.g. IP based) > > DocumentRoot /www/virtualweb1 > Servername www.virtualweb1.com > > > #if you want, the second virtual web server > > DocumentRoot /www/virtualweb2 > Servername www.virtualweb2.com > > > So the answer is obvious. > Daniel > > -Orig > inal Message- > From: Dzuy M. Nguyen <[EMAIL PROTECTED]> > To: Debian User Mailing List > Date: Monday, March 27, 2000 2:32 PM > Subject: Apache virtual hosting > > > If I figure my apache web server to allow virtual hosts, > does the 'DocumentRoot' directive in the main server > configuration area of httpd.conf get ignored? > > By setting up the virtual hosts, do all my domains > have to be listed in: > > > > > And is this now the default directives the all the > DocumentRoot? >
Re: Apache VH Help needed
This is an apache configuration issue AND a DNS configuration issue. Requirement 1: An A record or a CNAME for * in the zone file for the domain customer1.com. * IN A ip-address-of-www.customer1.com or * IN CNAME www.customer1.com. However this will also mean that: a: no other ip-s can be given out in the domain (but they can be assigned from a subdomain) b: not all ip-s will point to www.customer1.com (the A records pointing to somewhere else must be before the * line in the zone file). A CNAME and A record coexisting for the same name can cause problems (eg. an A record for * and a specific CNAME). Requirement 2: The rewrite engine must rewrite all addresses that and with .customer1.com to www.customer1.com or else they will be served from their own directory, not from /var/customers/webs/www.customer1.com Robert Varga On Wed, 29 Mar 2000, Cory Snavely wrote: > This isn't an Apache configuration issue, it's a DNS configuration issue. > > You need an A record for the customer1.com domain with the IP address of the > server. This assumes, of course, that this is OK with your customer--they > may already have an A record in place for their domain. This also assumes > you have some control over the DNS records. > > - Original Message - > From: "Jaume Teixi" <[EMAIL PROTECTED]> > To: "Debian User" > Sent: Wednesday, March 29, 2000 4:58 AM > Subject: Apache VH Help needed > > > > I've setup this in order to not to restart apache each time I enter a > > new customer: > > > > My problem is How To config that automatically *.customer1.com points > > to www.customer1.com ? > > > > I've setup on httpd.conf : > > > > > > ServerNamecustomers.mydomain.com > > CustomLog /var/customers/logs/access_customers.log > vcommon > > VirtualDocumentRoot /var/customers/webs/%0 > > VirtualScriptAlias/var/customers/webs/%0/cgi-bin > > > > > > On /var/customers/webs/ I put each directory as www.customer1.com, > > www.customer2.com, etc. > > > > > > thanks! > > > > > > -- > > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < > /dev/null > > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: ipmasq and howto
I just installed ipmasq package on the stock potato kernel. After this I needed to take out a line from /etc/init.d/network which set a default route to eth0. After it everything went flawlessly. Robert Varga On Fri, 31 Mar 2000, Jeff Gordon wrote: > Hi, Matt -- > > On Thu, 30 Mar 2000 17:38:05 -0600, matt garman <[EMAIL PROTECTED]> wrote: > > > Perhaps I'm not making myself clear. I just want to get IP Masquerading > > working on my Linux box. So I read the IP Masquerading howto. But I > > believe some steps outlined in the howto would be redundant given the > > packages I have installed on my computer. > > > > In other words, having installed ipmasq and other related Debian packages, > > do I still need to follow all the steps in the howto? > > The answer seems to be, "Yes...sort of." :-) See if this helps: > > I've got a dial-up connection, and a 2-station LAN, with my brother's machine > needing to dial out through the modem on my machine. What appears to have > been necessary to get this working included these steps: > > - ipmasq and ipchains are installed; > - ip_masquerading is enabled in the kernel -- not sure why, but it wasn't > enabled in the 2.2.14 kernel I had, and I had to compile one in which it was > enabled. I think it's possible I might've answered a question during > installation that switched masquerading 'off', but I don't know for sure. > Whatever -- if you run ipmasq, you'll either get a message about masquerading > not being enabled, or you won't, and can go from there. > - forwarding policies are set to 'allow' -- the default on these, > understandably, is 'deny', so you have to take active steps to get forwarding > turned 'on'. These commands do that across-the-board (leaving you wide open, > so this is not a good final state to be in if you're hosting folks with a > permanent connection, etc.): > > ipchains -P input ACCEPT > ipchains -P output ACCEPT > ipchains -P forward ACCEPT > > - also do: > > echo "1" > /proc/sys/net/ipv4/ip_forward > > - and, yes: > > ipchains -A forward -s 10.0.0.30 -j MASQ > > ...with the IP to be masqueraded in place of the 10.0.0.30 I'm showing here. > > NOTE, all this is about using ipmasq with 2.2.14 and ipchains. The HOW-TO > instructions are (for the moment) confusing about this, since they mention > ipfwadm, etc., and only if your eyes haven't yet glazed over do you locate > the info at the -bottom- of the HOW-TO that mentions the "new" ipchains. > > Helps...? > > -- Jeff -- <http://www.wellnow.com> > > "There's nothing left in the world to prove. All that's worth doing > is to love one another, using whatever means are available to serve." > > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: qmail error
On Fri, 7 Apr 2000, john smith wrote: > hi, > when I try to install qmail after building it I get the error: > > green:/tmp/qmail# dpkg -i qmail_1.03-12_i386.deb > (Reading database ... 28966 files and directories currently installed.) > Unpacking qmail (from qmail_1.03-12_i386.deb) ... > Performing install > First installation of the Debian qmail package... > Checking if qmail is already installed on this computer... no. > Checking group qmail (gid 64010)... error! > Group qmail has gid 70 instead of 64010 > Checking user alias (uid 64010, gid 65534, homedir /var/qmail/alias)... > error! > User alias has uid 70 instead of 64010 > Checking user qmaild (uid 64011, gid 65534, homedir /var/qmail)... error! > User qmaild has uid 71 instead of 64011 > Checking user qmails (uid 64012, gid 64010, homedir /var/qmail)... error! > User qmails has primary group 70 instead of 64010 > User qmails has uid 72 instead of 64012 > Checking user qmailr (uid 64013, gid 64010, homedir /var/qmail)... error! > User qmailr has primary group 70 instead of 64010 > User qmailr has uid 73 instead of 64013 > Checking user qmailq (uid 64014, gid 64010, homedir /var/qmail)... error! > User qmailq has primary group 70 instead of 64010 > User qmailq has uid 74 instead of 64014 > Checking user qmaill (uid 64015, gid 65534, homedir /var/qmail)... error! > User qmaill has uid 75 instead of 64015 > Checking user qmailp (uid 64016, gid 65534, homedir /var/qmail)... error! > User qmailp has uid 76 instead of 64016 > > 8 entries have errors. Please correct these errors and reinstall qmail. > dpkg: error processing qmail_1.03-12_i386.deb (--install): > subprocess pre-installation script returned error exit status 2 > Errors were encountered while processing: > qmail_1.03-12_i386.deb > This means that you have tried to install qmail on a system upgraded from slink. In potato the userid-s that are assigned, have moved from under 100 to above 64000. You need to erase all qmail related entries from /etc/passwd and /etc/group. Remove the directory trees from /var/spool/qmail /etc/qmail /var/lib/qmail. Remove the symlinks from /var/qmail and remove the directory itself. Purge the qmail-src package. Remove /tmp/qmail or /usr/src/qmail whichever exists. Now I think all qmail-related files must have vanished from your system. Now install qmail-src package, and rebuild the package again. Install it. Now it should build normally and should install normally. If it installed, look at the output of the command ps auxfw It should be something similar: qmails 353 0.0 0.1 1044 168 ?SMar11 0:06 qmail-send root 361 0.0 0.0 1000 68 ?SMar11 0:01 \_ qmail-lspawn ./Maildir/ qmailr 362 0.0 0.0 1000 100 ?SMar11 0:00 \_ qmail-rspawn qmailq 363 0.0 0.0 992 96 ?SMar11 0:00 \_ qmail-clean qmaild 358 0.0 0.0 1372 76 ?SMar11 0:00 /usr/bin/tcpserver -v -u 71 -g 65534 -x /etc/tcp.smtp.cdb 0 smtp /usr/sbin/qmail-smtpd It can contain other lines depending on the setup, but these five lines must be present (look at the end of the lines for comparing the results). If the tcpserver for qmail-smtpd is absent, then the smtp daemon is not running. If the other four don't exist, then the qmail queues are not processed. If some problems are present (eg. qmail-newu complains about permissions during install, then write a mail to me, and I will send a 1.03-8 version of qmail which you should be able to install on your system). Robert Varga