Linux-Misc Digest #522, Volume #27 Tue, 3 Apr 01 18:13:03 EDT
Contents:
Re: Daylight savings time ("Peter T. Breuer")
Re: Daylight savings time (Leonard Evens)
Re: Daylight savings time (Bill Unruh)
Re: chrooting users (Jeremiah DeWitt Weiner)
Re: chrooting users (Jeremiah DeWitt Weiner)
Re: Secure File deletion (Grant Edwards)
Re: Secure File deletion ([EMAIL PROTECTED])
kde problem (De Mann)
Re: Secure File deletion (Kevin)
Re: chrooting users (Victor Dods)
Re: Odd Pauses (maybe DNS)? ("Andrew Smith")
Re: I would like to register a complaint ... (Jean-David Beyer)
Re: Secure File deletion (Grant Edwards)
Re: LILO version 21.7.3 released (Andy Collinson)
Re: Secure File deletion ("Christopher W. Aiken")
----------------------------------------------------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: Daylight savings time
Date: Tue, 3 Apr 2001 20:00:35 +0200
Paul Kimoto <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Bill Grzanich wrote:
>> After some research on deja.com, the con[s]ensus seems to be that I must set
>> the hardware clock to UTC (GMT), the timezone to America/Central, and
>> everything should be fine. So, I tried the following at 4:51pm local time:
>>
>> hwclock --set --utc --date="4/2/01 21:51:10"
eh? Ungggh. You mean you set the bios to the UTC equivalent of 21:51
localtime at 16:51 localtime. Why, pray would you do that? I'm not
saying it's silly, I just can't follow what you are trying to do!
Surely you'd just set your date correctly for the timezone you're in
with a date command, then do a hwclock --systohc --utc. No?
> My hwclock(8) man page says:
> : --date=date_string
> : Specifies the time to which to set the Hardware
> : Clock. The value of this option is an argument to
> : the date(1) program. For example,
> :
> : hwclock --set --date="9/22/96 16:45:05"
> :
> : The argument is in local time, even if you keep
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Oh, I see Paul spotted it too.
> : your Hardware Clock in Coordinated Universal time.
> : See the --utc option.
>> When running the date command, however, I get back UTC time with the CDT
>> timezone!
>>
>> $ date
>> Mon Apr 2 21:52:30 CDT 2001
> According to the man page (which might be a little confusing), that's what
> you told it to do with your "hwclock" command.
Precisely.
>> So, I changed things back to the way they were, and now date tells me:
>>
>> Mon Apr 2 17:04:43 CDT 2001
>>
>> which is correct.
He is confused by his own wizardry!
Peter
------------------------------
From: Leonard Evens <[EMAIL PROTECTED]>
Subject: Re: Daylight savings time
Date: Tue, 03 Apr 2001 13:09:15 -0500
Bill Grzanich wrote:
>
> Hello, All.
>
> I have a dual-processor server running RedHat 6.2 (VA Linux), kernel
> 2.2.14-5.0.14csmp. As delivered, the hardware clock was set to Pacific
> Standard Time, so I changed it to Central Standard. Since then, we've had
> two instances of time change, fall back and spring forward, and in each
> case I've had to manually change the server time, to the amusement of my
> WinNT coworkers. The Linux server is used primarily for file and print
> sharing, but is also the reference time for the clients... that is, they
> execute "net time \\linux02 /set /yes" as part of their logon scripts.
>
> After some research on deja.com, the concensus seems to be that I must set
> the hardware clock to UTC (GMT), the timezone to America/Central, and
> everything should be fine. So, I tried the following at 4:51pm local time:
>
> hwclock --set --utc --date="4/2/01 21:51:10"
>
> then
>
> hwclock --hctosys
>
> and
>
> timeconfig --utc America/Chicago
>
> which modified the /etc/sysconfig/clock file to:
>
> ZONE="America/Chicago"
> UTC=true
> ARC=false
>
> When running the date command, however, I get back UTC time with the CDT
> timezone!
>
> $ date
> Mon Apr 2 21:52:30 CDT 2001
>
> So, I changed things back to the way they were, and now date tells me:
>
> Mon Apr 2 17:04:43 CDT 2001
>
> which is correct. However, I'd like to fix this before we fall back to
> CST. What am I missing?
>
> Thanks.
>
> -Bill
On my RH7.0 system, I have
UTC=false
ARC=false
ZONE="US/Central"
and I believe it works properly.
--
Leonard Evens [EMAIL PROTECTED] 847-491-5537
Dept. of Mathematics, Northwestern Univ., Evanston, IL 60208
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Daylight savings time
Date: 3 Apr 2001 18:33:04 GMT
In <[EMAIL PROTECTED]> Leonard Evens <[EMAIL PROTECTED]> writes:
]On my RH7.0 system, I have
]UTC=false
]ARC=false
]ZONE="US/Central"
No. You will discover that on Sun it did not set your tranfer to
Daylight time ( Does Ill. use Daylight savings time) properly. Your bios
clock is set to local time, but of course local time keeps changing (eg
DST) and thus the computer has no idea if the local time you claim is
correct. It does not do the transfer to DST for you. IF you set it to
UTC then UTC stays constant, and the system can know by how many hours
to change that to get the correct local time, including DST.
]and I believe it works properly.
]--
------------------------------
From: Jeremiah DeWitt Weiner <[EMAIL PROTECTED]>
Subject: Re: chrooting users
Date: 3 Apr 2001 18:33:26 GMT
Vilmos Soti <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David Efflandt) writes:
>> chroot for normal users is not so easy. All binaries and libs, perl, etc.
>> that they need have to be hard linked or copied into their home dir or
> Copy them over and don't hardlink. If somehow they manage to overwrite
> the binary, then your original copy will be corrupted.
Simply copying will not be enough. For example:
chindi:~$ ldd /bin/ls
libc.so.6 => /lib/libc.so.6 (0x4001a000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
For ls to work, you'd have to copy over both libraries as well as
the binary. You could make a whole new "userroot" directory, with the
binary in userroot/bin and the libraries in userroot/lib, but it's probably
not worth it for user accounts.
JDW
------------------------------
From: Jeremiah DeWitt Weiner <[EMAIL PROTECTED]>
Subject: Re: chrooting users
Date: 3 Apr 2001 18:47:21 GMT
Victor Dods <[EMAIL PROTECTED]> wrote:
> How exactly do I go about chrooting users' accounts so they are
> restricted to their home directory and below? Also, will this affect
> ftp logins? I wish to create one or more ftp accounts that have only
> access to their home directories, and can't escape and read/write all
> over my root directory, etc. I think this is called a "chroot jail"?
You can do it with chroot, but it's probably easier to do it
with a restricted shell. Do 'man bash' and look for "rbash". (Besides,
why would users be able to "read/write all over the root directory"
anyway? That's what permissions are for.) If you want to do it for
ftp only, then it's a bit easier; some ftp daemons support it natively
(from "man ftpd": "The -r option instructs the daemon to chroot(2) to the
specified rootdir immedeately (sic) upon loading..." and even for others,
it can be done (see http://www.meangene.com/notes/ftpaccess.html).
JDW
------------------------------
From: [EMAIL PROTECTED] (Grant Edwards)
Subject: Re: Secure File deletion
Date: Tue, 03 Apr 2001 18:51:17 GMT
In article <[EMAIL PROTECTED]>, Peter T. Breuer wrote:
>Hugh Potter <[EMAIL PROTECTED]> wrote:
>> Im a recent convert to Linux. Ld like to be able to securely delete swap and
>> other temp files in Linux Mandrake. In Windows I used scorch for the swap file
>> and eraser for the rest. Any suggestions for linux.
>
>man dd. Overwrite it with zeros (then delete it, if appropriate).
Overwriting a file with dd may or may not overwrite the data
that existed in the file. It depends on the filesystem
implimentation. I think it will work for ext2, but doubt that
it will for reiserfs.
A file-wiper really has to know file-system implimentation to
work "reliably". For some values of "reliable" you have to use
something like a thermite grenade.
--
Grant Edwards grante Yow! Isn't this my STOP?!
at
visi.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Secure File deletion
Date: Tue, 03 Apr 2001 19:59:09 GMT
[EMAIL PROTECTED] (Grant Edwards) writes:
> In article <[EMAIL PROTECTED]>, Peter T. Breuer wrote:
> >Hugh Potter <[EMAIL PROTECTED]> wrote:
> >> Im a recent convert to Linux. Ld like to be able to securely delete swap and
> >> other temp files in Linux Mandrake. In Windows I used scorch for the swap file
> >> and eraser for the rest. Any suggestions for linux.
> >
> >man dd. Overwrite it with zeros (then delete it, if appropriate).
> Overwriting a file with dd may or may not overwrite the data that
> existed in the file. It depends on the filesystem implimentation. I
> think it will work for ext2, but doubt that it will for reiserfs.
I wouldn't be sure that it would work for ext2, either.
It is by no means obvious that dd would make any attempt to write to
the same file, regardless of the filesystem. Frankly, I'd expect this
to just plain not work, for the result to be something along the lines
of:
-> dd opens file for output.
-> Internally, this means that blocks attached to the file are
thrown into system free list.
-> Then, a new set of blocks get written to, by dd.
-> The file is now tied to the new sequence of blocks.
In this sequence, the only reason for the former data to get
"overwritten" would be because those blocks of data coincidentally
happened to immediately be reclaimed.
With a journal-oriented or log-oriented filesystem like reiserfs, XFS,
or JFS, such an immediate "reclaimation" becomes entirely improbable.
> A file-wiper really has to know file-system implimentation to
> work "reliably". For some values of "reliable" you have to use
> something like a thermite grenade.
Indeed :-).
One thought: if the file were to be opened with read/write permission,
and then you ran through it, writing zeros everywhere, _THAT_ would
have a higher probability of hitting on the existing blocks, and
actually trying to overwrite.
--
(reverse (concatenate 'string "ac.notelrac.teneerf@" "454aa"))
http://www.ntlug.org/~cbbrowne/resume.html
Rules of the Evil Overlord #200. "During times of peace, my Legions of
Terror will not be permitted to lie around drinking mead and eating
roast boar. Instead they will be required to obey my dietician and my
aerobics instructor." <http://www.eviloverlord.com/>
------------------------------
Date: Tue, 03 Apr 2001 21:59:03 +0200
From: De Mann <[EMAIL PROTECTED]>
Subject: kde problem
Hi, I'm currently running kde 2 on redhat linux 6.2. I am having a problem
that everytime i reboot i have only one visible desktop. I then make more
visible by using the configure option (right click) from the panel, but when i
reboot again there is only one visible desktop.
Could someone please give some advise, i have tried kde.org but have seen no
entries in the bug database that i can relate to.
Thanks in advance
De Mann
------------------------------
From: [EMAIL PROTECTED] (Kevin)
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure File deletion
Date: Tue, 03 Apr 2001 20:32:17 GMT
Try http://users.erols.com/thomassr/zero/download/wipe/
In article <[EMAIL PROTECTED]>,
Hugh Potter <[EMAIL PROTECTED]> writes:
> Im a recent convert to Linux. Ld like to be able to securely delete swap and
> other temp files in Linux Mandrake. In Windows I used scorch for the swap file
> and eraser for the rest. Any suggestions for linux.
--
Unless otherwise noted, the statements herein reflect my personal
opinions and not those of any organization with which I may be affiliated.
------------------------------
From: Victor Dods <[EMAIL PROTECTED]>
Subject: Re: chrooting users
Reply-To: [EMAIL PROTECTED]
Date: Tue, 3 Apr 2001 13:47:29 -0700
Jeremiah DeWitt Weiner wrote:
> Victor Dods <[EMAIL PROTECTED]> wrote:
>> How exactly do I go about chrooting users' accounts so they are
>> restricted to their home directory and below? Also, will this affect
>> ftp logins? I wish to create one or more ftp accounts that have only
>> access to their home directories, and can't escape and read/write all
>> over my root directory, etc. I think this is called a "chroot jail"?
>
>
> You can do it with chroot, but it's probably easier to do it
> with a restricted shell. Do 'man bash' and look for "rbash".
> (Besides, why would users be able to "read/write all over the root
> directory"
> anyway? That's what permissions are for.) If you want to do it for
> ftp only, then it's a bit easier; some ftp daemons support it natively
> (from "man ftpd": "The -r option instructs the daemon to chroot(2) to
> the specified rootdir immedeately (sic) upon loading..." and even for
> others, it can be done (see
> http://www.meangene.com/notes/ftpaccess.html).
>
> JDW
>
>
>
Strangely when I specify the -r option, the daemon doesn't even start
up. I'm using wu-ftpd, if that makes any difference. I have the man
pages for ftpd, but apparently no ftpd binary. The binary I use is
called in.ftpd. Maybe wu-ftpd just doesn't support that?
------------------------------
From: "Andrew Smith" <[EMAIL PROTECTED]>
Subject: Re: Odd Pauses (maybe DNS)?
Date: Tue, 3 Apr 2001 21:57:17 +0100
Reply-To: "Andrew Smith" <[EMAIL PROTECTED]>
"The Spook" <[EMAIL PROTECTED]> wrote in message
news:9a83r7$cv3$[EMAIL PROTECTED]...
> Did you by any chance try to activate logging? Just add a -l (that's a
> lower-case ell) to the relevant rules (maybe even to all rules, to be on
the
> safe side, but be warned, large amount of internet traffic will generate
> numerous entries in the log-file). If you want to log everything, make
sure
> the last rule in each chain (input, output, and forward) is either
> "ipchains -A chain-name -l -j ACCEPT" if the policy of the chain is accept
> and "ipchains -A chain-name -l -j DENY" if the policy of the chain is
deny.
>
> Try the action that failed and go through the log-file
("/var/log/messages"
> for my system) and look for the DENY or REJECT lines matching the host
that
> gives you the problems. Hopefully this will give you sufficient
information
> to solve your problem. If you cannot solve your problem after this, you
> might try to post the relevant lines of the log-file (be careful to post
> only the relevant lines and for your own sake, mask or change the external
> IP-numbers so as not to expose yourself to attacks).
>
> /TRY
>
Hi
I already have logging enabled for any packets that:
a) establish or attempt to establish a connection (also using the -y
flag)
b) are DENYed because they are using a port I dont want them to
During my mail send/recieve sessions no packets get logged, so it doesn't
look as if my firewall is stopping anything...
Any other suggestions why I get these pauses?
Thanks again,
Andrew
------------------------------
From: Jean-David Beyer <[EMAIL PROTECTED]>
Subject: Re: I would like to register a complaint ...
Date: Tue, 03 Apr 2001 17:13:43 -0400
[EMAIL PROTECTED] wrote:
>
> KCmaniac <[EMAIL PROTECTED]> writes:
>
> > I realize this isn't the argument clinic, but I would like to register a
> > complaint.
> >
> > There is a very fundemental concept in the DOS/Windows world of being
> > able to format a partition, after which you can begin again compiling
> > data into that empty but very much functional partition. WHY DOESN'T
> > LINUX HAVE AN EQUIVALENT COMMAND/FUNCTION???
> >
> > Sorry for the big letters but I am now extremely frustrated over Linux's
> > apparent inability to clear a partition of all its data and to be able
> > to just simply begin again. Instead, it appears that you have to jump
> > through a bunch of hoops and all of which I have not yet found.
> >
> > Without getting into the why's and what for's, formatting a partition in
> > the DOS/Windows world is a legimate and useful function when it is the
> > desired thing to do.
> >
> > Is there anybody out there that knows enough about Linux/Unix
> > filesystems that can tell me why this function is not available and if
> > it is what is it?
> ...<snip>...
> > Is there any body out there who knows enough to give me a workable
> > solution. I just can't understand why Linux does not perform this very
> > simple yet powerful function over its own filesystem.
> >
> > Please, please, please. Anybody.
> ...<snip>...
>
> mkfs for 'make file system' is the equivalent of the format command.
> Since in linux the usual file system is ext2fs, a variant of that command,
> mke2fs is probably what you really want. If the partition is mounted
> I'd unmount it first with the umount command (do a 'man mount' and
> 'man umount').
>
> There's always a problem when going from one system to another of
> 'mapping' the way of expressing functionality in one system to another
> and sometimes it gets frustrating and then even a fairly simple thing
> can sort of break the camel's back of one's patience. The fact that
> Unix always had a lot of esoteric names for things and linux has
> inherited them doesn't help ('ls' to list files in a directory, 'cd'
> to change directories, etc). I remember back in the 80s, when I first
> started working with unix, just thumbing through manuals, reading what
> one command did after another or one function from the libraries after
> another, till I found something that did what I wanted. Now I struggle
> on those rare occasions when I go into the DOS/Windows world.
> --
> Replace ragwind.localdomain with rahul for a working email address
Anyone remember the dsw command? I no longer recall, but I think it
was like
rm -fir (but I would not bet on that). It was presumably named after
the trucks in the NYC Department of Sanitation, IIRC.
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 5:10pm up 2 days, 0 min, 3 users, load average: 2.29, 2.23, 2.13
------------------------------
From: [EMAIL PROTECTED] (Grant Edwards)
Subject: Re: Secure File deletion
Date: Tue, 03 Apr 2001 21:32:28 GMT
In article <hYpy6.122860$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] (Grant Edwards) writes:
>> In article <[EMAIL PROTECTED]>, Peter T. Breuer wrote:
>> >Hugh Potter <[EMAIL PROTECTED]> wrote:
>> >> Im a recent convert to Linux. Ld like to be able to securely delete swap and
>> >> other temp files in Linux Mandrake. In Windows I used scorch for the swap file
>> >> and eraser for the rest. Any suggestions for linux.
>> >
>> >man dd. Overwrite it with zeros (then delete it, if appropriate).
>
>> Overwriting a file with dd may or may not overwrite the data
>> that existed in the file. It depends on the filesystem
>> implimentation. I think it will work for ext2, but doubt that
>> it will for reiserfs.
>
>I wouldn't be sure that it would work for ext2, either.
>
>It is by no means obvious that dd would make any attempt to
>write to the same file, regardless of the filesystem. Frankly,
>I'd expect this to just plain not work, for the result to be
>something along the lines of:
>
>-> dd opens file for output.
>-> Internally, this means that blocks attached to the file are
> thrown into system free list.
>-> Then, a new set of blocks get written to, by dd.
>-> The file is now tied to the new sequence of blocks.
Good point! I think it will work if you open the file in
append mode and seek to the beginning before writing. But I
don't know how to get dd to do that.
>In this sequence, the only reason for the former data to get
>"overwritten" would be because those blocks of data
>coincidentally happened to immediately be reclaimed.
>
>With a journal-oriented or log-oriented filesystem like
>reiserfs, XFS, or JFS, such an immediate "reclaimation" becomes
>entirely improbable.
>
>> A file-wiper really has to know file-system implimentation to
>> work "reliably". For some values of "reliable" you have to use
>> something like a thermite grenade.
>
>Indeed :-).
>
>One thought: if the file were to be opened with read/write
>permission, and then you ran through it, writing zeros
>everywhere, _THAT_ would have a higher probability of hitting
>on the existing blocks, and actually trying to overwrite.
It will probably work fairly well on ext2, but I don't think it
would on most journalling file systems.
--
Grant Edwards grante Yow! Are you selling NYLON
at OIL WELLS?? If so, we can
visi.com use TWO DOZEN!!
------------------------------
From: Andy Collinson <[EMAIL PROTECTED]>
Subject: Re: LILO version 21.7.3 released
Date: Tue, 3 Apr 2001 22:53:05 +0100
John in SD wrote:
> LILO release 21.7.3 is based upon Werner Almesberger's LILO version 21.
>
> Version 21.7.3 is a bugfix release.
>
> Version 21.7 adds support for higher serial line rates.
>
> Version 21.6 is an upgrade for users of the Reiser File System, and adds
> new diagnostic capabilities. Internal changes allow booting kernels with
> larger real-mode setup codes (2.4.0 and later).
>
> Source code is available for download from:
>
> ftp://brun.dyndns.org/pub/linux/lilo (developer's site)
>
> Or from the main distribution site:
>
> ftp://metalab.unc.edu/pub/Linux/system/boot/lilo (please use)
>
>
> See the distribution file 'CHANGES' for details of the differences between
> 21.7.3 and prior releases.
>
>
> --John Coffman <[EMAIL PROTECTED]>
>
>
> LILO version 21.7 (24-Feb-2001) source at
> http://www.ibiblio.org/pub/Linux/system/boot/lilo
> patches to -2 at ftp://brun.dyndns.org/pub/linux/lilo
John,
I tried Lilo 21.6 but could only dual boot from a floppy disk; my problem
is my hard drive is hde and higher than the 1024 cylinder limit. Lilo can
cope with the cylinder but the error message was only hda only. Can 21.7
cope with hard drive on the 3rd IDE connector?
------------------------------
From: "Christopher W. Aiken" <[EMAIL PROTECTED]>
Subject: Re: Secure File deletion
Date: Tue, 3 Apr 2001 18:01:59 -0400
On Tue, 3 Apr 2001, Grant Edwards wrote:
->In article <[EMAIL PROTECTED]>, Peter T. Breuer wrote:
->>Hugh Potter <[EMAIL PROTECTED]> wrote:
->>> Im a recent convert to Linux. Ld like to be able to securely delete sw=
ap and
->>> other temp files in Linux Mandrake. In Windows I used scorch for the s=
wap file
->>> and eraser for the rest. Any suggestions for linux.
->>
->>man dd. Overwrite it with zeros (then delete it, if appropriate).
->
->Overwriting a file with dd may or may not overwrite the data
->that existed in the file. It depends on the filesystem
->implimentation. I think it will work for ext2, but doubt that
->it will for reiserfs.
->
->A file-wiper really has to know file-system implimentation to
->work "reliably". For some values of "reliable" you have to use
->something like a thermite grenade.
->
->--
->Grant Edwards grante Yow! Isn't this my ST=
OP?!
-> at
-> visi.com
->
SuSE 7.1 comes with a file "wipe" utility. Here is part of the man page.
DESCRIPTION
Wipe is a secure file wiping utility. However, it does not
set the media access bit on scsi commands, therefore it is
not 100% secure, unless your drive has no write cache. For
maximum security, disable drive write cache on scsi mode
page 8.=09 If possible, disable operating system file cache
and driver-level buffers. Wipe tries to sync the=09 data to
disk via a call to fdatasync(), fsync(), or using O_SYNC.
Wipe should make it extremely difficult for all=09 but the
most determined=09 person(s) to recover the original plain=AD
text data. Utilities such as PGP and the GNU Privacy Guard
provide=09strong=09encryption, but encryption is useless if
the original plaintext can be recovered.
For more information on the secure deletion of=09 magnetic
media and solid state=09 storage devices, see the USENIX
article by Peter Gutmann.
http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
Wipe is based on Peter Gutmann's USENIX article, which
provided=09 the target byte patterns for various encoding
schemes. Wipe uses the Tiger hash algorithm for speed, to
make the best use of operating system's random character
device driver.
http://www.cs.technion.ac.il/~biham/Reports/Tiger/
--
Christopher W. Aiken
Scenery Hill, Pa, USA
chris at cwaiken dot com
www.cwaiken.com
SuSE 7.1 Professional Linux
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.misc.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
