Re: [OT]: UUCP
Joris Lambrecht wrote: UUCP stands for Unix-to-Unix-CoPy I've used it nearly 8 yrs ago in a specific situation, even then it was considered out-dated. I figure it's mostly replaced by TCP/IP on all devices. From what i remember (did not use it since then) it's easy (what's in a word) to set up but only support serial/modem lines, hence is rather slow. NFS is also one of the protocols wich started replacing UUCP back then in 19993/1994. I must add this has been a real long time and i'm not up-to-speed with eventual current UUCP features/implementations but i suggest you take a look at it from an historical point of view :-) UUCP also works quite well over TCP/IP and is very handy for getting your domain's mail if you don't have a static IP. jpb -- Joe Block [EMAIL PROTECTED] University of Central Florida School of Optics/CREOL Network/Systems Administrator Social graces are the packet headers of everyday life.
Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
Phil Brutsche wrote: sudo rocks, btw. It should be standard equipment on any and all Linux/unix systems. But only on OpenBSD is that so :( Fyi, MacOS X public beta ships with sudo as well. jpb -- Joe Block [EMAIL PROTECTED] University of Central Florida School of Optics/CREOL Network/Systems Administrator Social graces are the packet headers of everyday life.
Re: Which MTA to use?
Damon Muller wrote: Quoth Brooks R. Robinson, I am looking at changing an in-house e-mail system from an ugly combination of outsourced collection/forwarding and JSMail on an NT server to linux. We have an ADSL line coming in, and I can handle all of the DNS and network stuff through the firewall, but I drop the ball at mail. We have about 100 clients using Microsoft Outlook, but our legacy address format is [EMAIL PROTECTED] I can't change the address format, and I'd like to leave POP3 in place. Which MTA is the best given my limitation? You might find that qmail and vpopmail might do the trick. qmail is secure enough to have running on a firewall machine, and easy enough to set up. The only problem is it isn't (DFSG) free (but it is free beer free). vpopmail is GPL'd, and allows you to have virtual users, which do not need local machine accounts. It also has a nice HTML interface, and there is an imap server (courier-imap) which works well with it. qmail is packaged (a source package) in non-free, and vpopmail can be found at http://www.inter7.com/vpopmail (I think). Postfix is also very secure. And in my opinion, much easier to configure than qmail. And before anyone bashes me, I ran qmail for a couple of years with multiple virtual domains, and postfix is a lot easier to configure. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
dpkg dselect refuse to delete or install a package
A friend of mine is having problems with a package (xwhois) that refuses to be either upgraded or removed. That would be no big deal, but it is also causing dselect apt to crap out when trying to upgrade. The system is running stable, and the only entries in the /etc/apt/sources.list are for my campus mirror, the main debian mirrors and the security source entry. When I try to purge or remove xwhois with dpkg, it tells me that I should try to install it first $ sudo dpkg --purge xwhois Password: dpkg: error processing xwhois (--purge): Package is in a very bad inconsistent state - you should reinstall it before attempting a removal. Errors were encountered while processing: xwhois $ When I try to install it, (and yes I nuked /var/cache/apt/archives/xwhois_0.2.3-1_i386.deb first) with apt-get install xwhois, I get the following error message: $ sudo apt-get install xwhois Reading Package Lists... Done Building Dependency Tree... Done Sorry, xwhois is already the newest version 0 packages upgraded, 0 newly installed, 0 to remove and 19 not upgraded. 1 packages not fully installed or removed. Need to get 11.5kB of archives. After unpacking 0B will be used. Get:1 http://campus.mirror.name.removed stable/main xwhois 0.2.3-1 [11.5kB] Fetched 11.5kB in 0s (75.5kB/s) Selecting previously deselected package xwhois. (Reading database ... 28852 files and directories currently installed.) Preparing to replace xwhois 0.2.3-1 (using .../xwhois_0.2.3-1_i386.deb) ... Unpacking replacement xwhois ... dpkg: warning - old post-removal script returned error exit status 1 dpkg - trying script from the new package instead ... dpkg: error processing /var/cache/apt/archives/xwhois_0.2.3-1_i386.deb (--unpack): subprocess new post-removal script returned error exit status 1 dpkg: error while cleaning up: subprocess post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/xwhois_0.2.3-1_i386.deb E: Sub-process returned an error code (1) $ How do I get rid of this package? dselect is having fits every time we try to do an update or install, and while I can apt-get install package1 package2 ... packageN, that's a pretty big pain in the butt. Removing the campus mirror has no effect other than to force apt or dselect to download from the main mirror instead, the error messages are otherwise the same. Thanks, jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Quick Dirty Guide to making your own apt source directories (was Re: Administering large groups of Debian machines)
Stephen A. Witt wrote: I seem to have started a Debian thing in the company that I work for. It seems to be spreading. As the number of machines that we configure with Debian grows, system administration issues start to raise their ugly heads. We've recently gotten a dedicated sysadmin guy to take over the admin tasks. He is very knowledgeable on Solaris, HPUX, and probably some others, but is new to Linux. He and I are having a bit of a debate right now as to the most effective way to manage these machines. We've got NIS running and all user accounts are automounted from a Sun Sparc running Solaris. We have a mixed Solaris, Linux installation. So far so good. What our sysadmin would like to do (this is typically what he does for other Unixes) is to install client machines with a very basic set of functionality. Then he would compile each application that would be provided and install it into a directory in /home (e.g. /home/cvs/bin), which would also be automounted when necessary from one of the client machines. I see this as a little silly when, for Debian at least, nearly all of the applications we use are easily installed on all the machines in the normal Debian way. Our sysadmin sees the Debian way as interesting, but a requirement for him to visit 25 machines instead of 1. My question is, is there anyone out there, preferably a sysadmin type, who has experience with this type of thing and could give us some advice. You'd probably be better off rolling your own deb files for the apps that aren't already in debian and then adding a source entry to /etc/apt/sources.list. If you make a task package that depends on all your locally created packages, then installing a client is as simple as apt-get install ourtaskpackage after you've done the base install, and upgrading the clients later is as simple as 'apt-get update;apt-get upgrade' in cron on the clients, though I'm personally paranoid enough that I prefer to do it from the command line so I can see what is getting upgraded. deb files are very easy to make - you essentially just need working clean install targets in the top level Makefile. The online documentation is pretty good, and you can take a look at the source of an existing package to clarify things. Once you've figured out how to make deb files, making a directory suitable for apt is also pretty easy - I just created a fake user, made ~user/public_html/dists/local/jpb/binary-i386, then added deb http://name.of.server/~user/ local example to my /etc/apt/sources.list Then I added a Makefile to ~user/public_html/dists/local/example/binary-i386 with the following contents: # Packages.gz: Packages -rm Packages.gz gzip -9 Packages Packages: dpkg-scanpackages . override dists/local/example/binary-i386 Packages # end Makefile override contains lines like so ourscripts Important example/admin [EMAIL PROTECTED] ourapps Optional example/misc [EMAIL PROTECTED] Nothing bad happens if you don't list one of your packages in override, other than that you don't control where they show up in dselect's listing. When you make a new deb, copy it to the binary-i386 directory, cd there and run make. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: enabling suexec with debian apache [solved]
Robert Varga wrote: One important point about cgiwrap - the current debian package puts the user cgis in ~user/public_html/cgi-bin instead of ~user/cgi-bin. I've filed a bug about it. It's bad security for cgis and their associated datafiles to be web-readable. Yes, I know security through obscurity isn't really security, but we should at least make the black hats work a little to get at the cgi source. And how can you set up /home/user/cgi-bin to be web-executable if you cannot describe it with a web url? With cgiwrap, you don't directly specify the cgi, you pass it as a parameter to the cgiwrap cgi ex: if you want to run ~user1/cgi-bin/a, the correct url is http://server.domain/cgi-bin/cgiwrap/user1/a.cgi cgiwrap will take care of making sure a.cgi belongs to the user, isn't setuid, etc, etc and then run a.cgi as user1 And another thing I have been running circles around is: - how can I protect data files from being read from the filesystem, which should be readable from the web, but only after authentication? Since they should be http-served, they should be world-readable... Then how can I prevent anyone from reading them on the webserver system itself? chgrp the files to www-data and set their permissions to 640. -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: MacOS X (was Re: What *is* Gnome/KDE?)
kmself@ix.netcom.com wrote: On Tue, Feb 22, 2000 at 03:49:59PM -0500, Joe Block wrote: kmself@ix.netcom.com wrote: nothing else running on commercial Unix that comes close (I'm not counting Mac OS X as it's not based on X Windows and isn't a full Unix despite its Mach core). But on top of the mach core there is a full unix as I understand it, including an Xserver that coexists with the mac display I'm kind of curious - what makes you say MacOS X isn't a full unix? I run OSX Server on a couple machines and it seems pretty full to me - most stuff builds with ./configure;make Interesting. My understanding was that MacOS X wasn't a full Unix. I'm often wrong. Could you provide pointers to the Unixy features of MacOS X? Are the standard Unix features and utilities provided or do you have to obtain them independently 120+ day uptime, tcsh, bash, gcc (tho a apple version that groks the mach-o format OSX uses), perl, the usual suspects library-wise, crontab, sendmail (which I promptly ripped out in favor of postfix), apache. No X Window yet, but I hear John Carmack is porting it. python was a fairly simple build as I recall. Anything in particular you're looking for, feature wise? My sole complaint unix-wise is that most of the c-l tools are bsd and I'm more accustomed to the gnu versions, but that was easy enough to fix. The first thing I do on a non-linux box is build gnu fileutils, bash, make and gcc, so that wasn't a big deal. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: enabling suexec with debian apache [solved]
Robert Varga wrote: If there is an exploitable cgi, then there is web access to all of the owning user's files. If it is not run via the suEXEC mechanism, then the permissions are that of www-data, which are close to nothing. Without using suexec or cgiwrap, how do you keep each user's cgis from mucking about with the other user's cgi datafiles? And I certainly don't want one of my student users' cgis able to mess with my log files, which are also owned by www-data If suEXEC is enabled, then a lot more requirements need to be met for running a cgi. This usually leads to a lot of users complaining about this and that is not working and why, when it runs on another similar machine? This is a good thing, IMO. Once students realize that it's their files and quota that are going to be eaten up by runaway cgis, in my experience they start paying more attention to what they're writing. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: enabling suexec with debian apache [solved]
Robert Varga wrote: This is a good thing, IMO. Once students realize that it's their files and quota that are going to be eaten up by runaway cgis, in my experience they start paying more attention to what they're writing. It is not only what they write, but what they set the permissions to, as well. I know, this is also what they should learn. But with exploitable setuid cgi-s, and one can never be sure that his code is unexploitable, not only his cgi datafiles, but all files can be accessed and modified as well. So create a second account, usercgi for the people who need to use cgis and don't have the time/knowledge to secure them. I still don't see where having all the users share one uid for their cgis is better than having them use their own id - at least the damage is limited to one user rather than all of them. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Happy Valintines Day!!!
Fam. Engelen wrote: PLEASE DO NOT DELETE THIS. JUST READ A LITTLE BIT. IT REALLY DOES WORK! YOU WILL BE GLAD THAT YOU DID. [ snip ] I suggest we all send a couple of unstamped envelopes to these adresses, just to annoy them like they annoyed us. [ snip ] REPORT #1 The Insider's Guide to Advertising for Free on the Internet ORDER REPORT #1 FROM: Send them a brick postage due. Or send a letter to the postmaster at each of those area codes telling them there is someone running a pyramid scam through the mail. -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: newbie has graphics card problem
DOUGLAS HUNTER wrote: I have a Diamond Viper 770 but Slink (XF86Setup) doesn't have a profile for this. Has anyone been able to get X running on these if so could you drop me a copy of the chip, ramdac and driver used for these. Add deb http://www.debian.org/~vincent xfree-update main to your /etc/apt/sources.list, then apt-get update;apt-get upgrade It'll upgrade your XFree86 to 3.3.6 which supports the diamond viper in the SVGA server. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
problems with remote printing lpr
I'm running slink on a x86 box with all the security y2k updates applied. I've got lprng (version 3.5.2-2), magicfilter (version 1.2-28), a2ps (version 4.10.4-4) and aladdin-gs (version 5.50-3) installed. The first problem I'm having is that when I print (lpr file), I'm not getting a prompt back until the remote printer is finished printing. The remote printer is a Tektronics Phaser III, and my machine is talking to it using lpr protocol, which the printer supports natively. The printcap entry is: # snip lp|faculty|Faculty 360:\ :lp=/dev/null:sd=/var/spool/lpd/faculty:rm=192.168.100.1:rp=faculty:\ :sh:pw#80:pl#66:px#1440:mx#0:\ :if=/etc/magicfilter/psonly600-filter:\ :af=/var/log/lp-acct:lf=/var/log/lp-errs: # end snip The printcap entry was done with magicfilterconfig and not altered other than to sanitize the printer's real ip address. It prints, it just waits. The jobs never seem to actually be in the local queue, I can't see them with lpq. The psonly600-filter is the stock one from the magicfilter deb file. The second problem is that I'm getting stairstepped printouts when I try to print text files, even though I have magicfilter. I thought magicfilter was supposed to sense what you're trying to print and apply appropriate filters. I've looked through the howtos and didn't find anything that seemed appropriate. The truly maddening thing is that way back in October when I set up the system, it was doing the correct (background printing, no stairsteps) printing behavior. The only thing I've done since is the occasional apt-get update;apt-get upgrade to apply security fixes. It isn't a huge deal to me as I rarely print anything, but my co-workers who sometimes use my workstation have the occasional need to print and they complain about it. None of them have root, and I've re-configured the printcap (and restarted lprng) since they reported the problem. Anyway, does anyone have any ideas? jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Majordomo Trouble
Art Lemasters wrote: I'll do that if no more reasonable solution is found, Bob. It's appearing to me that such is likely. Thank you for the reply and possible best solution. Art On Wed, Jan 26, 2000 at 10:31:28AM -0700, Bob Nielsen wrote: I never could get the permissions configured correctly on the Debian package of majordomo and installed from the source tarball instead. Bob Have a look at mailman instead of majordomo. There's been talk recently in debian-devel about majordomo's license making it a pita to include the (very) necessary security fixes. mailman is gpl and a lot less hassle to configure. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: postfix/sendmail
Michael Meskes wrote: Could anyone tell me how smooth the update from sendmail to postfix is? Also I wonder if postfix is still considered the best MTA in terms of security. It depends on how customized your sendmail installation is. Postfix will read the old /etc/aliases without any trouble. If you've done a lot of tinkering with sendmail.cf it may take some time to get postfix configured exactly the same way. As far as security goes, Venema also wrote tcpwrappers, so he knows his security. As for whether it's the best security wise, I don't feel qualified to judge it. Certainly it is better than sendmail was, but I haven't used sendmail in years so I can't really compare it to the current sendmail. Postfix and qmail were both written with security as a goal from the beginning. qmail's license is a bit more hassle (last time I checked you aren't permitted to distribute binary packages without Bernstein's consent) and frankly I personally find postfix to be a lot easier to configure than qmail (you are in a maze of .qmail-* files, all alike). I've been extremely happy with postfix. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: postfix/sendmail
Michael Meskes wrote: On Thu, Jan 27, 2000 at 12:52:26PM -0500, Joe Block wrote: It depends on how customized your sendmail installation is. Postfix Almost nothing other than adding /etc/mail/peers for ppp setup. Uses only the standard Debian features. I haven't used sendmail in years and years. If peers lets you specify that you only allow 192.168.1.* and 192.168.2.* to use you as a relay, you can configure postfix to do that for you by specifying mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.2.0/24 in your /etc/postfix/main.cf file. I need it to use a smart relay host adn do complete masquerading. You can also have postfix use the rbl to reject mail - I think there is an example in sample-smtpd.cf I haven't had to deal with address masquerading, but look in sample-rewrite.cf jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: dynamic IP's, IP masq and mail, can it be done?
Ethan Benson wrote: Hi, I have a small network connected to the internet via a IP masq gateway, and would like to get mail working, but the above setup is a nightmare for mail it would seem. is it even possible for mail to work in such a setup or am i wasting my time? I got the gateway machine to send mail, but my fake domain still shows up in various places, such as the message ID and a second From line. and in order to do that i had to setup a virtual table for all the local user accounts, otherwise when cron or something send mail to root it would go to [EMAIL PROTECTED] ... I am using Postfix and have gone through pretty much all of the documentation on the web site and still don't have this all working very well, and it seems to be a very very messy setup. I'm using postfix on slink to do this now. It's been a while since I set it up so I may be a little vague about some of the details, my notebook with my debian notes has gone missing. Do you have a domain already? If you do, see if your isp will do uucp delivery for you. My home lan gets its mail via uucp from my desktop machine at work. If you don't have a domain and are unwilling to pay for a top level domain, talk to the folks at dyndns.org about getting a subdomain from them. To do this (from vague memory, there may be a little more to it than this) 1) set up a uucp link between your home gateway machine and your isp. There is a howto on this, so I won't go into detail. 2) set up your domain's dns so that your isp is the mx for your domain. 3) have your isp configure their end so that all mail for your domain is transferred via uucp to your machine. 4) Set up your home machine to send all mail outside your domain to your isp (check out the postfix faq for details) via uucp. This isn't totally necessary if you have a fast link - I have a cablemodem and do all my outgoing delivery myself. 5) Set up your ip-up script to add a call of 'uucico -S ispuucpname' to force a connection to pick up your pending mail send out your outgoing queue. 6) add a cron job to do 'uucico -S ispuucpname' every hour or so to pick up your mail If you want to have incoming uucp over tcp and use a seperate password file for uucp (recommended), put the password entries into /etc/uucp/passwd and add uucpstream tcp nowait root/usr/sbin/tcpd /usr/sbin/uucico -l to your inetd.conf and then kill -HUP inetd When I was using diald and ppp for a dialup connection, I had my ip-up script touch /var/run/linkup and then had ip-down remove it. Then I could have cron jobs check to see if the link was already up before doing anything. The big advantage of having your mail come in over uucp is that it will resume interrupted transfers where they left off, rather than making you retransmit the whole message. Very nice if you have timed local phone service. If your own isp won't do this, there are companies out there who will, including the consulting firm I work with (http://www.communiweb.net). jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Trouble with X Windows
Howard Mann wrote: Michael Jessop wrote: ...I do not understand the concept of how to point apt to a specific package or group of packages... for instance, to update all of x windows, how do I tell it where to look for the package(s)? Thank you. Mike Try this : 0 edit /etc/apt/sources.list, adding the following URI: deb http://www.debian.org/~vincent/ xfree-update main 0comment-out the other URI's in that file. You don't need to comment out the other URIs. apt is smart enough to use the highest version number for any given package, so the xfree-update packages will override the stock slink stuff. 0 apt-get update 0 apt-get upgrade 0 apt-get clean Cheers, Howard Mann Online Troubleshooting Resources: HOWTO http://www.newbielinux.comhttp://www.xmission.com/~howardm/t1.html -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Trouble with X Windows
Howard Mann wrote: Michael Jessop wrote: ...I do not understand the concept of how to point apt to a specific package or group of packages... for instance, to update all of x windows, how do I tell it where to look for the package(s)? Thank you. Mike Howard Mann wrote: Try this : 0 edit /etc/apt/sources.list, adding the following URI: deb http://www.debian.org/~vincent/ xfree-update main 0comment-out the other URI's in that file. Joe Block wrote: You don't need to comment out the other URIs. apt is smart enough to use the highest version number for any given package, so the xfree-update packages will override the stock slink stuff. Sure. However, the user may not wish ( for whatever reason) to upgrade the other packages on his system, and stipulating only one URI in this case will speed-up the upgrade process. I hadn't thought of that. The first thing I do on a new system is fix the sources.list and upgrade everything anyway - between bug fixes and security updates, it is the right thing to do. I'll admit it might be a bit painful over a dialup line though. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Attention: imapd gpoing back to $HOME as mailbox root
Joe Emenaker wrote: Actually, what we *really* need is some sort of consensus. I mean, it would be pretty nice if imapd and other tools (like procmail) all looked in the same default location without any configuration. I know Elm and Pine used $HOME/Mail and $HOME/mail at one time. Surely, I can't be the only one who sees the benefit in having all of the tools look in the same location for the Sent Mail folder, and Drafts, etc. You aren't. Count me as a vote for $HOME/mail jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: terminals
Mike Werner wrote: What you should do is add lines like these - one line for each tty that you want. For example to add one more tty you would add the line: 7:23:respawn:/sbin/getty 38400 tty7 and after a reboot you would have tty's 1 through 7. At least I *think* you have to reboot - I could be wrong on that one. But this should at least point you in the right direction. I think you can just kill -HUP 1 as root jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: QuickTime player for Debian?
Evan Moore wrote: there is the problem, xanime can not play Sorenson Video because apple will not release any docs on it. It isn't Apple's to release docs on - they just license it from Sorenson Vision (www.s-vision.com) jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: rsh access
Christopher S. Swingley wrote: rsh a redhat linux server from my debian server...and i have no idea how to get it to work. To do this you need four things on your Red Hat system (or any UNIX for that matter): * The user's home directory on the remote machine must have a ~/.rhosts file with the address of the local machine. * The remote machine must have the shell line in /etc/inetd.conf uncommented: shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd * The /etc/hosts.allow file must allow in.rshd from your local machine: in.rshd: local_machine * You may also need to make sure the portmapper is running on the remote machine, and that your local machine has access to it. In Debian, this is also done with /etc/hosts.allow, but remember that the portmapper only understands IP addresses: portmap: 192.1.4. will allow 192.1.4.0 thru 192.1.4.255 Of course the server machine also has to have in.rshd installed and all of that. Also don't forget to restart the inetd daemon on the remote server if you change your /etc/inetd.conf file. One quick note - if the boxes in question are on the internet, you really want to have them use ssh instead of rsh for security reasons. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Adding a superuser
William T Wilson wrote: On Sun, 9 Jan 2000, Patrick Kirk wrote: I need to add a second superuser. No you don't. If you want someone else to have root access, then just give them the root password. If you want someone else to be able to do some root tasks but not really be root, you have two choices. 1) Make the program setuid root. 2) Use sudo. Neither of these options is especially secure, but they're better than nothing. If you put another user with UID 0 in /etc/passwd then that login will also be root, it will just have another name. This will confuse some things and accomplish nothing as it will provide no security benefit. Just give them the root password. But it does provide security benefits. I've worked in multiple admin environments where (before we discovered sudo) we did this so that each admin could change his password without worrying about having the other admins out for his blood. It was in a .edu environment where we were forced by the powers that be to do root stuff from users machines occasionally, and (after having been burned once of course) had a strict policy of changing our personal root password whenever we'd used it where students had a chance of watching the keyboard. RMS can call me selfish, but when I'm the one responsible for keeping a machine running for a large group of users, I want to be the one who broke it by doing something stupid^Wignorant as root. Let them learn how to be an admin on their own machines, not the ones people are doing classwork on. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Netscape Communicator 4.7 dies silently.
Wayne Topa wrote: Subject: Netscape Communicator 4.7 dies silently. Date: Mon, Jan 03, 2000 at 05:19:56PM -0500 In reply to:Todd Suess Quoting Todd Suess([EMAIL PROTECTED]): | Greetings all, | | Anyone else noticed that at times Communicator will just die silently while | minimized, leaving no error messages, etc? I usually have about 5 navigator | windows open to various sites and check and referesh them regularly | (I am using potato, XFree 3.3.5, and Kde 1.1.2), but sometimes I will pull up | my window list and all occurances of Communicator will be closed with no | errors showing. Just curious if anyone else has seen this behaviour and if | there is any workaround/fix for it. I checked memory to see if that might be an | issue and while physical memory was a little low I still had plenty of swap | space left. Yes, just today, I had that happen 4 times. I had also noticed that everything seemed a bit slower then usual, and had been getting that way for a few weeks now. Keyboard repeats, changing consoles/or X screens, etc., all slowed down. As I hadn't rebooted for a few months I decided that I would try it just to see what would happen. I have been having netscape silently die every day or so. Everything else has been running just fine though - I haven't noticed any other slowdowns. Quitting netscape, rm -fr ~/.netscape/cache/* and restarting netscape seems to have fixed the problem. Going into preferences and erasing the disk cache from inside netscape does not seem to clear things up btw. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: crontab
Bernd Überbacher wrote: hi again what do i have to write into /etc/crontab that cron will cp a file every 5 mins?? i have 5 * * * * root cp ... */5 * * * * root cp ... -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: MTA
Matt Garman wrote: I've found postfix to be my favorite mta thus far. It's configuration is very easy. There is now a debian package of postfix. I did a /usr/local install, though, because I was previously unaware of the Deb package. I have postfix setup to defer messages until I explicitly flush the outgoing mail queue. I have a simple script in /etc/ppp/ip-up.d/ that flushes the queue automatically whenever I make a ppp connection. I never liked smail or exim, and sendmail seems like overkill for a small site. Count me in as another vote for postfix. I used to run qmail back when I still ran RedHat, but switched to postfix a few months before I switched to Debian. postfix is a lot easier to configure and has the advantage of being designed from the beginning for security. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: locking the console
Rob Mahurin wrote: Yeah, screen is a pretty rad program. I was looking for something with a timeout, though, so my dumb self could go away and not have to worry about mischeif happening. install idled and remove the console from the exempt ttys in /etc/idled.conf jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: /root - /home/kmfahey; /usr/doc - /usr/share/doc
Kerne Fahey wrote: I have two very vague general questions: 1) On my linux box (no other fleshblood users besides me; it's a laptop), I'm interested in emptying root's home directory, removing it, and making a symbolic link to my home directory, /home/kmfahey . This is for various aesthetic and convenience reasons, mostly so I'm not without my .*rc files when root, and so that 'cd' as root takes me to my home directory. Would this be a horrible mistake? (Would it be or create a security hole, or *really* confuse linux in some way?) This is a bad idea. You really want root to have a minimal .profile and so forth so that when you boot into single user mode you don't run into problems with root expecting to find files that aren't available any more. This would be an especially bad idea if /home isn't on the same partition as /root is - I don't think single user mode will be happy if it can't access ~root, which would make things awkward if you have to go to runlevel 1 for repairs later. If you really want to have your environment available when you're root, use sudo to run commands, they'll inherit all your environment variables that way. You can just 'sudo bash' where you'd currently 'su' if you need a root shell instead of just running a single command as root. 2) On that same linux box, I'm interested in [carefully] moving the contents of /usr/doc to /usr/share/doc , then removing /usr/doc and creating a symlink in its place to /usr/share/doc . This, also, is for various aesthetic and convenience reasons, mostly because of the FHS, and because I'd really like dhelp_parse to shut up about files in /usr/doc every time I'm apt-getting something. Would .this. be a horrible mistake? While you can do this, I don't recommmend it - the whole point of a nice packaging system is that you let it manage the files it installs and you manage the files you install. FHS will or will not eventually make it into debian - if you custom hack your machine to FHS, you'll run into a lot of problems when you try to install new debs that are dependent on the old directory structure. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Is Corel Off Topic ?
Paul McHale wrote: If I had ingressions of Corel, is it off topic (read, no interest) ? I don't think so. It is based on debian, after all. A friend and I were having trouble getting a working X setup on his Latitude laptop with a regular slink install, but the Corel installer detected his Neomagic chipset and set it up perfectly. One weird thing that I didn't realize until someone mentioned it here, is that the corel system doesn't show debian's menus in the kde menu. I checked, and menu is installed. Any ideas on a fix for that? jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: What video card do I use?
Rick Dunnivan wrote: I have a winmodem and thus have not configured ppp yet. How do I go about doing this without being on the net? In short, you don't. Winmodems only work with windows - get an external modem and you should be good to go. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: How can I change a password from a script?
Enrico Zini wrote: Now we have shadow passwords, MD5 hashes, NIS, LDAP, PAM... wow! It's fantastic, but I need something that knows how to change passwords on my system, because I don't. Check out chpasswd - you can pass it a list of username:newpassword pairs. I would like to call passwd from my setuid root CGI (in which all security precautions would have been taken), feed him the new password and let him to whatever it pleases, but it could complain about passwords being too weak. Look into cgiwrap. It'll take care of a lot of the security issues for you. If you're doing this to make it easier on the commandline-phobics to change their password, consider changing their shell to /usr/bin/passwd and embedding a telnet link in the web page. This is assuming from your comments about Samba that you're using your linux box as a server and the users never login directly - obviously this won't work if they're actually using their shell accounts. No suid root cgi that way, no having to worry about the security issues. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Adding a lot of users in a single operation.
Jens B. Jorgensen wrote: The trouble is that none of the utilities (that I know of) allow you to specify the password on the command line. Perhaps you can do it with pipes, like the following. Check the list archives - I posted a script on this list a couple days back that generates the /etc/passwd entries for you (and nis auto_home entries as well), including encrypting passwords specified on the command line. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
mod-auth-mysql
Has anyone gotten mod-auth-mysql to build correctly on slink/x86? I'm trying to puzzle out what I need to tell configure so it'll produce a working makefile. I looked and didn't find a deb for it in stable or unstable. Yes, I have mysql-dev apache-dev installed. Thanks, jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Corel to Slink upgrade
Randy Edwards wrote: Has anyone tried taking the freebie Corel Linux install and upgrading it to slink? I saw that Corel left the slink entries commented out in /etc/apt/sources.list and was curious as to what would go on if someone did an update and an apt-get dist-upgrade. I've been playing with the idea of testing it here, but didn't want to waste the download time; anyone else given it a whirl? When I did the install on my friend's laptop, the first thing I did after corel's install was done was add my local mirror of slink, security.debian.org, the y2k updates the XFree86 3.3.5 to its sources.list and update upgrade. Thinking back, I don't recall whether I just used 'apt-get upgrade' or if I remembered to do a dist-upgrade. Didn't have any problems other than not getting sound working on the machine (yet). jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: FW: Help with a Dell Latitude CPia
Chris Larson wrote: I have installed corel linux onto my laptop. Everything looks great and runs fine except for three things. 1. My ethernet card is not working. I can ping myself but I cannont ping anything else. I am still not able to get this to work, even with everyone's advice. I will try the PCMCIA package 3.1.3 that was suggested. On my friend's Latitude, I had to edit /etc/modules and add a line '3c59x'. I didn't mess with the PCMCIA package at all. After that, it saw his ethernet on boot. 2. I have no sound. sndconfig cannot detect a sound card. I think these laptops use some Neomagic sound chip. We didn't get the sound working. Then again, we didn't try too hard either. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: security and guest accounts
Jim McCloskey wrote:
Can I ask for some advice?
We've just set up two Slink machines in a graduate student lab. They
have ethernet connections; there is no firewall. Some of the students
want to do all their work in a regular way on these machines and those
students have user accounts. But a number just want to be able to
telnet or ssh to another machine quickly and check email.
Is there a safe way to set up a `guest' user-account with a publicly
known password?
Jim
I really *really* recommend that each user have their own password.
I've run student machines and believe me, you will want to be able to
account for who was on the machine at time X when, inevitably, you run
into a cracker wannabee script monkey.
Another problem you'll run in to is that people will give their friends
the guest password so they can telnet/ssh as well, and your control over
who gets to use the machines is gone. You also need to consider that
when you need to change the guest password because some people have left
or it inevitably leaks into the wrong hands, it's going to be a major
hassle.
That said, look into setting up a chroot jail for the guest account.
You are *much* better off just creating accounts for everyone. Just
make the profs you're supporting turn in a class roll at the beginning
of the semester and then generating the accounts in one big batch.
here's the code I used to use - yes, it's ugly as hell, but it was one
of the first perl scripts I ever wrote when I first started
administering solaris.
Note that it creates tmp-pass and tmp-homes that are ready to include in
your nis maps - I'm too neurotic to let a script modify those files in
place.
You may need to tinker with the script a little - I sanitized it by
removing some site specific information and may have inadvertantly
broken it.
-- cut here --
#!/usr/bin/perl
#
# by [EMAIL PROTECTED]
#
# If this breaks your system, you get to keep the pieces. You did back
# up your passwd and auto.home map files before running this, right?
#
# Command Line Options:
# -fuser's full name
# -aaccount
# -uuid
# -ggid
# -sshell
# -hhome directory prefix
# -puser password
# -ddebug mode
#
require getopt.pl;
main;
sub main
{
$opt_h = /export/home0;
$opt_u = ;
$opt_g = 20;
$opt_a = account;
$opt_p = password;
$opt_s = /bin/bash;
$opt_f = Full Name;
Getopt('faughdsp');
$homes=$opt_h;
$uid=$opt_u;
$gid=$opt_g;
$login=$opt_a;
$shell=$opt_s;
$password=$opt_p;
$fullname=$opt_f;
$homedir=$homes/$login;
$debug = 0;
srand;
# needs to be done only once.
$salt = compute_salt(0);
# change to compute_salt(1) for new crypt()
$hash = crypt($password, $salt);
if ($debug 30 )
{
print h = $opt_h\n;
print u = $opt_u\n;
print g = $opt_g\n;
print a = $opt_a\n;
print p = $opt_p\n;
print s = $opt_s\n;
print f = $opt_f\n;
}
open (PASSWD, tmp-pass) || die Can't open tmp-pass!;
print PASSWD
$login:$hash:$uid:$gid:$fullname,,,:/home/$login:$shell\n;
open (HOMES, tmp-homes) || die Can't open tmp-homes!;
print HOMES $login\tnemesis:$homedir\n;
}
exit(0);
# All this password code is copied from apache's dbmmanage script, I
forget which version.
# if $newstyle is 1, then use new style salt (starts with '_' and
contains
# four bytes of iteration count and four bytes of salt). Otherwise,
just use
# the traditional two-byte salt.
# see the man page on your system to decide if you have a newer crypt()
lib.
# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
# The new style crypt() allows up to 20 characters of the password to be
# significant rather than only 8.
sub compute_salt {
local($newstyle) = @_;
local($salt);
if ($newstyle) {
$salt = _ . randchar(1) . a.. . randchar(4);
} else {
$salt = randchar(2);
}
$salt;
}
# return $count random characters
sub randchar {
local($count) = @_;
local($str) = ;
local($enc) =
./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
while ($count--) {
# 64 = length($enc) in call to rand() below
$str .= substr($enc,int(rand(64)),1);
}
$str;
}
-- cut here --
jpb
--
Joe Block [EMAIL PROTECTED]
CREOL System Administrator
Social graces are the packet headers of everyday life.
Re: Help with a Dell Latitude CPia
Chris Larson wrote: I have installed corel linux onto my laptop. Everything looks great and runs fine except for three things. 1. My ethernet card is not working. I can ping myself but I cannont ping anything else. Coincidentally enough, I installed Corel on a friend's Latitude this weekend. What you need to do is edit /etc/modules and add a 3c59x line, then add 'alias eth0 3c59x' to the end of your /etc/conf.modules file. I don't have the laptop in front of me so these may not be precisely right, but it should point you in the right direction. 2. I have no sound. sndconfig cannot detect a sound card. I think these laptops use some Neomagic sound chip. If you figure out how to get sound working, please post to the list, I didn't get Darin's laptop sound working either, mostly due to lack of time. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: deleting files
Peter Ross wrote:
On 23-Nov-1999, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi
does anyone happen to know of a quicker way of deleting 4 files out of
a directory other than the command find . -exec rm {} \;
will rm -r directory be as quick?
rm -rf *
If you're new enough to linux to be asking this question, you definitely
don't want to be typing rm -rf * anywhere. Too easy to screw up if you
are uparrowing through your command history and accidentally hit return.
If you want to nuke a whole directory, you should use 'rm -rf
/path/to/directory' to eliminate chances of screwing up and nailing the
wrong directory.
jpb
--
Joe Block [EMAIL PROTECTED]
CREOL System Administrator
Social graces are the packet headers of everyday life.
...and what about Stormix?
Stormix just came out with beta4 this week, also debian based. Has anyone had a chance to tinker with it yet? I burned stormix and corel cds to do an install for a friend this weekend. If I can talk him into it, we'll try both. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: How to mirror Debian across a firewall
Gary Hennigan wrote: Pedro Sanchez [EMAIL PROTECTED] writes: I want to have a local Debian mirror but to do this I have to go through our firewall. I'm looking at rsync and mirror. The documentation of Are you planning on mirroring all the debian distributions (slink, potato, sid) for every architecture, eg., alpha, sparc, i386, etc.? If so then, once you figure out your ftp proxy, it'll work fine. If, on the other hand, you're going to try and mirror only one distribution, and only one architecture within that distribution your going to be in for a wild ride trying to do it with ftp! Most of the Debian mirrors use the proftpd server and it refuses to flatten symlinks. This is a problem, for example, if you want the potato distribution, because there are quite a few packages in potato that are merely symlinks to packages in slink. If you were just doing slink (don't know about sid) this wouldn't be a problem, but for potato it's a headache. Anyway, I gave up on the ftp solution and just started using w3mir. Other than a small bug that causes files with a + in their names to always be deleted it works fine and there aren't symlinks, at least visible ones, on the http mirrors, so it's easy to get all the files needed for a particular architecture in a particular distribution. It also has handled our http proxy without a hitch. A simple command-line argument was all that was needed. I think it's a bit more inefficient than an ftp mirror, but for partial mirrors it's about the only solution. I'm using wget to maintain a local mirror for my servers to update off and do local installs for students faculty. --cut here-- #!/bin/sh cd /where/you/want/the/mirror echo debian.log /usr/bin/wget --mirror -nH -c --cut-dirs=1 -b -o debian.log --dot-style=binary --tries=10 ftp://ftp.us.debian.org/debian/dists/stable/main/disks-i386 ftp://ftp.us.debian.org/debian/dists/stable/main/binary-i386/ ftp://ftp.us.debian.org/debian/dists/stable/main/binary-all/ ftp://ftp.us.debian.org/debian/dists/stable/contrib/binary-i386/ ftp://ftp.us.debian.org/debian/dists/stable/contrib/binary-all/ ftp://ftp.us.debian.org/debian/dists/stable/non-free/binary-i386/ ftp://ftp.us.debian.org/debian/dists/stable/non-free/binary-all/ --cut here-- All the ftp urls go on the same line as wget if your mailer wrapped them to new lines. You can set your proxy in /etc/wgetrc jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: test
Paul McHale wrote: test Sorry for the test message, ISP problems ... rant Sorry doesn't cut it. If you need to send test mail outside of your local lan, create a hotmail account and mail there, don't spam a list with many subscribers. Some people have to pay for every bit of traffic (like the folks hosting the list) and wasting bandwidth on your tests is rude. Something about the debian lists not being acceptable test mail recipients needs to be put in the confirmation email you get when you're subscribed. /rant jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: quicktime4 player for linux?
aphro wrote: one thing i would like to understand is what apple is doing by restricting who uses their codec. i mean..how does it hurt them if other people use it for decoding purposes? i can only imagine it helping the population In fairness to Apple, it isn't their codec to give away. They license the sorenson codec from Sorenson Vision (http://www.s-vision.com) who are the ones not giving it away. It might be possible to talk the s-vision folks into releasing a playback only version of the codec. from being upgraded to G4 via bios updates..the list goes on.) intel has (had?) a nifty tool that converted AVI - QT and back(free) but it doesnt work with most of the new (past 2-3 years) codecs from QT. Again, Apple doesn't invent most of the codecs in QT, they license them from other people. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: quicktime4 player for linux?
aphro wrote: On Mon, 15 Nov 1999, Joe Block wrote: jpb In fairness to Apple, it isn't their codec to give away. They license jpb the sorenson codec from Sorenson Vision (http://www.s-vision.com) who jpb are the ones not giving it away. It might be possible to talk the jpb s-vision folks into releasing a playback only version of the codec. oh ok..that makes more sense..i read somewhere that apple has *bought* all the codecs that came out the past year or 2..thought that was true..wonder whats got sorenson vision so paranoid.. They didn't buy them outright, just distribution rights. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: IP Alias and Slink - ARGH!
Damon Muller wrote: Hi Folks, I posted this a week or so ago, and although I got a couple of suggestions, nothing seemed to help. I've looked around the net, and not seen anything else like it anywhere. I have a pretty vanilla slink install, with the update for netbase recommended for 2.2 kernels. I'm using a 2.2.12 kernal at the moment, but I have also tried 2.0.38, and get exactly the same problem. Same thing if I just use the standard slink netbase, with either 2.2.12 or 2.0.38. Has *anyone* managed to get IP aliasing working on Slink? Surely someone has. Did you set up a route for the new ip? for example: /sbin/ifconfig eth0:0 192.168.1.31 up netmask 255.255.255.0 /sbin/route add -host 192.168.1.31 dev eth0:0 jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: stopping x from starting automatically
Kevin M. McLin wrote: Hi There, You can stop xdm from coming on and giving you that little X login window by removing xdm from /etc/init.d. I just copy things into a subdirctory /etc/init.d/disabled when I don't want them to start up on boot. That way, if I ever change my mind, which I often do, I can easily copy them back and get things restored. You can do it that way, but it isn't the proper way. It's generally a bad idea to mess with files in /etc/init.d because they may be needed in more than one runlevel. Leave the files in /etc/init.d alone, and go into /etc/rc2.d and remove the S**xdm file, which is really a link to /etc/init.d/xdm Then you can go into /etc/rc3.d and do 'ln -s /etc/init.d/xdm S99xdm' Once you've done that, you can telinit 3 to start up the graphical X login, and telinit 2 to go back. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: managing multiple ISPs
John Hasler wrote: I have been configuring my resolv.conf for DNS servers that do not belong to my ISP all the time. This will work, but it is a bit discourteous to use servers you aren't helping pay for. Finally, you can always run your own basic nameserver on your computer to speed things up even more. This is the best solution. Which will need nameservers to forward requests to. It doesn't, actually. named will just contact the root server and find out from it where to get the information from. It might be a little slower at first than using a forwarder, but the entries you use will stay in cache and you won't have to deal with the hassles of screwed up setups at your isp. Just make sure you have a valid root cache file (which was installed when you installed bind iirc) and you should be fine. I stopped using other people's nameservers several isps ago - the only thing I use an isp for anymore is usenet. -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: ip tunnel 10.10.10.0 network
aphro wrote: i was wondering (assume it is, but just incase) if it was possible to establish an IP tunnel between 2 locations for a 10.10.10.0 network (or btw this tunnel does NOT have to be secure..no encryption needed. i just need 2 way IP communications through it through the internet from the remote site as well as machines on the 216.128.8.0 network to be able to access the 10.10.10.0 network. Look into vpnd and vtun They're both secure - there is no particularly good reason not to secure the vpn. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Good books to learn python
Andrew Clark wrote: Any recommendations for good books to learn python for a programmer with a background in C/C++ ? I like and still use _Programming Python_ by Mark Lutz. I hear they came out with _Learning Python_, but haven't read it. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Printers..
Brian Servis wrote: Samba will make this possible. Just make a local printer available that passes the print data from the win machines directly to the printer without using a filter. That way you can install the printer driver on the win machines and take full advantage of the native win print drivers. Read the SMB-HOWTO and the doc in the samba-doc package. It's also worth it to set the printer up as a postscript printer as well on the windows machines - magicfilter will autodetect postscript and render it using ghostscript. Sometimes you can get better output from software by using a postscript printer, especially when you're using Adobe programs. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: time is 5 hours ahead (using ntp)
Brian J. Stults wrote: I'm using ntp and it's working just fine. The problem for me is that the time is always 5 hours ahead of what it should be. I think this is something in the kernel settings, right? I set it to report GMT or UTP or something, and I'm in the EST zone. Can someone tell me how to switch that back? Make sure your /etc/timezone is set up properly. On my machine, /etc/timezone contains EST5EDT I'm using tick.usno.navy.mil and tock.usno.navy.mil for my timeservers in ntp.conf jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Utilities for keeping time sync for a machine behind a firewall ?
Patrick Kirk wrote: xntp3 is excellent. Just type apt-get install xntp3 and it will take you through configuration. If you need a server, try salmon.math.tcd.ie and sundial.columbia.edu tick.usno.navy.mil tock.usno.navy.mil Easier to remember :-) jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Making a local debs directory
On Wed, Oct 20, 1999 at 07:22:24PM +0300, Martin Fluch wrote: Have a look at dpkg-scanpackages out of the dpkg-dev package... thanks, that was exactly what I needed to know. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Limiting cgi resource usage (was Re: apache + cgi)
On Tue, Oct 19, 1999 at 02:08:02AM +0200, Pere Camps wrote: Nathan, If you want to limit by actual clock time, you could use alarm and catch the signal (I know how to do it in Perl; I'd have to stumble a bit to do the same thing in C :) This unfortunately relies on good coding practices by the user, which you can't depend on. The problem is that I have an 'untrusted' user base I everything has to be implemented by the parent process or by the system itself. I have no way of making the users behave themselves (in fact, they misbehave for the fun of it) with good cgi programming. Use cgiwrap. You can configure exactly how much cpu they get to use. I used it on a solaris machine that we were teaching a course on digital media on, and magically the load problems disappeared. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: How to diable mail relaying in smail
On Tue, Oct 19, 1999 at 11:42:04AM -0700, Tom Kuiper wrote: I need to disable mail relaying on my system. I have smail 3.2.0.92-3, which came as the default with my Debian system, installed. We cannot figure out how to turn off mail relaying (an institutionally required anti-spam measure), since smail does not use a sendmail.cf file. Can anyone advise? The only alternative would be to install sendmail in place of smail, but wouldn't that be a step backwards? I don't know how to do it from smail, but both exim and postfix allow you to specify what networks you'll relay for - if you want to relay only for machines in 192.168.1.* for example, you specify 192.168.1.0/24 jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: slink and potato
On Sun, Oct 17, 1999 at 10:00:51PM -0500, Ben Wong wrote: Then how come at ftp.debian.org there's a directory named slink and also a directory named stable, and a directory named potato and also a directory named unstable? They're aliases. stable always points to the current stable distribution, and unstable to the current unstable distribution. That way when potato is stabilized, no one has to edit their /etc/apt/sources.list -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Diamond 770 X Window
Does anyone have a working config file for the Diamond Viper 770? I'm running slink if it matters. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: (very) remote install
On Thu, Oct 14, 1999 at 08:13:01PM -0400, paul wrote: I've been asked to install Debian on a server that resides several thousand miles from where I am (I am in Philadelphia, the server is in Korea). Is it possible for me to replace the current RH installation with Debian from my present location? Where are docs pertaining to this? Alas, there are none. The one time I had to do something similar, I ended up having them ups me the hard drive, I did the install, and then upsed it back. They'd gotten the system into a completely wedged state though, and trying to do it remotely wasn't an option. The owner of the machine (call him john) wants to avoid the reboot, and does not know (or trust) anyone at the remote location. I BELIEVE I could do this by installing and configuring a (minimal) base system complete with his root password here, and then gzipping it, telnet to the remote host as root, chroot to a ramdisk, reformat /dev/hda, install the gzipped and ready base system (configured for remote root access and RARP), start a script that will reboot the machine after I have logged off, then john can telnet to his server, log in as root, change root's password and run dselect to install the rest of his system. All this really depends on their disk partitioning situation. If they have enough free space on /home, you could move all the /home/whatever directories into /home/saved and then untar a working minimal system into it. I'd do a quick make bzDisk though so you can reboot off a floppy if you run into any 1024 cylinder problems and still get into the debianized partition. Once you're running off the debianized /home, you can then nuke the old / and rerun lilo again and be ready to go. John does not think this will work he should know, he's had 20+ years working with Unix and Ive only two years on Linux. But he has not suggested any other method. If you do manage to get it switched, it'd be nice if you wrote up exactly how you did it. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: Newbie Non-FAQ(I think) questions
On Thu, Oct 14, 1999 at 09:26:16PM -0400, Justin Settle wrote: [EMAIL PROTECTED] wrote: The Nt boot loader is a pain - you can't use lilo. There is a howto for this though. I take you have partitioning all done as fips can split and NTFS partition as of yet. I saw something yesterday or the day before on freshmeat that is supposed to specifically deal with getting ntloader to play nice with linux. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: test don't read
On Fri, Oct 15, 1999 at 10:17:47PM +0200, Jean-Yves BARBIER wrote: test local to externel I don't mean to be a sphincter, but public mailing lists are NOT appropriate places to test your mail configuration. Already irritated because of the clueless folk who sent their unsubscribe messages to the list. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: telnet banner
On Fri, Oct 08, 1999 at 04:07:53PM -0600, Luis Gustavo Madrigal Salazar wrote: How can I set my linux to display a banner before it prompts for login? I can do it in solaris by editing /etc/default/telnetd /etc/issue is the banner for console logins, /etc/issue.net is the banner for telnet connections. I recommend that you _not_ include your OS in the issue.net, though with nmap and queso that's getting to be a moot point security wise. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Making a bootable rescue CD
Marc Haber mentioned this yesterday and I mistakenly sent him a private reply instead of replying to the list. I'm also interested in creating a debian rescue floppy that either mounts /usr from a CD or preferably from a server via nfs. My goal is to be able to stick a floppy in an ailing W95/98/NT machine and mount its HD and copy the useful data to a network server before reformatting and reinstalling. I've had some problems lately with client machines that spontaneously (the users didn't make any changes, they _promise_) stopped seeing their network card and required a reinstall of Windows from scratch to fix the problem. So, my question, I guess, is what exactly do I need to do to make the inital rescue floppy? I presume I can just burn a copy of /usr to a CD, or export it via nfs, but I'm concerned about how I'm going to get all the necessary modules onto a floppy or two - naturally I have to cope with many different cards, and while I'm willing to have several different boot floppies, it'd be a lot more elegant to have just one. thanks, jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Getting source deb files
Hi. Where do I find the source deb files for packages in potato? I'd like to install postfix on a slink system, but it wants me to upgrade glibc which I'd rather not do. I'm sure that this is only because the postfix deb file was built on a machine with the new glibc, so I'd like to dl the deb and rebuild it for slink and the old libraries. I don't want to upgrade this machine to potato because I'm going to use it for a server and want a stable distribution. I could just download it and build it in /usr/local, but I'd prefer to keep everything possible under the control of dpkg. Thanks, jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
