unable to login; pam broken?
I have a mysterious problem - I am unable to login as any user.
i am also unable to su to root. Forutnately I am currently logged in,
but I can't su or log in on another VC. Apparently my PAM setup is
broken (from looking at strace). I recently upgraded to the latest
version of sarge, I don't know if there is a known issue (nothing seems
to be in the list archives).
I have appended the strace from su. I am completely at a loss here, so
I would appreciate any help. I can provide more info if needed.
Thanks,
Carl
Script started on Mon Jan 5 22:25:58 2004
]0;swedishfish ~
swedishfish ~
10:25 PM $ stace su
bash: stace: command not found
]0;swedishfish ~
swedishfish ~
10:26 PM $ strace su
execve(/bin/su, [su], [/* 25 vars */]) = 0
uname({sys=Linux, node=swedishfish, ...}) = 0
brk(0) = 0x8054780
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40017000
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/etc/ld.so.preload, O_RDONLY)= -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=41378, ...}) = 0
old_mmap(NULL, 41378, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libcrypt.so.1, O_RDONLY)= 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\t\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=18636, ...}) = 0
old_mmap(NULL, 181532, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40023000
old_mmap(0x40028000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) =
0x40028000
old_mmap(0x40029000, 156956, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40029000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libpam.so.0, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\25\0\000..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=30360, ...}) = 0
old_mmap(NULL, 29324, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4005
old_mmap(0x40057000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7000) =
0x40057000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libpam_misc.so.0, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\16..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=8800, ...}) = 0
old_mmap(NULL, 11880, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40058000
old_mmap(0x4005a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) =
0x4005a000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libc.so.6, O_RDONLY)= 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`^\1\000..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1243076, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4005b000
old_mmap(NULL, 1253316, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4005c000
old_mmap(0x40183000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x126000)
= 0x40183000
old_mmap(0x4018c000, 8132, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x4018c000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libdl.so.2, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\34\0\000..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9796, ...}) = 0
old_mmap(NULL, 8632, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4018e000
old_mmap(0x4019, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) =
0x4019
close(3)= 0
munmap(0x40018000, 41378) = 0
brk(0) = 0x8054780
brk(0x8075780) = 0x8075780
brk(0) = 0x8075780
brk(0x8076000) = 0x8076000
getuid32() = 1001
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink(/proc/self/fd/0, 0x8054848, 4095) = -1 EACCES (Permission denied)
fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
stat64(/dev/pts, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open(/dev/null, O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory)
open(/dev/pts, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(3, /* 5 entries */, 1024)= 120
stat64(/dev/pts/3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
close(3)
Re: eth0--what's up?
Thank you. This is exactly what I needed to know. So if I get you right, eth0 is kinda like ppp? Interface, not a device? That just seems odd, the way I've seen it referred to in conversation. I knew I was missing something. If you know C, the following can help explain it: You cannot open(2) /dev/eth0 and then write(2) to it to communicate; instead you have to get a socket, then send(2) a message to the socket. If eth0 were a file in /dev, it would be very tempting to open it as a file, which wouldn't work. Carl
Re: graphical login
Bart Szyszka writes: (comment out the final line in /etc/X11/xdm/Xservers) A couple people have suggested that, but isn't it just easier to do a dpkg --purge xdm? You may want to connect from another X machine to your local machine, and login via XDMCP ; in this case, all that is required is to tell xdm not to start an xserver on your machine, but to continue to service requests from other machines. Thus /etc/X11/xdm/Xservers. Carl
Re: Mutt dependency on an MTA
What's the harm in having an MTA installed even if you don't use it? It doesn't interfere. Actually, a few system tasks depend on having an MTA; cron will email you the text output (if any) of your cron jobs, for example. I think a unix system without an MTA would be broken. This is correct. There are lots of programs/scripts that call either /usr/lib/sendmail or /usr/bin/mail when they want to send an email message. I remember seeing somewhere that '/usr/lib/sendmail is the standard place to look for a sendmail executable' - this is either in the debian policy, or the file system heirarchy. Either way, it implies that every fully functional system have a functional /usr/lib/sendmail. Carl
Re: slave symlink?
With the alternatives sytstem, there are two links per executable: /usr/bin/executable - /etc/alternatives/executable - /real/executable Apparently, the develoepr of update-alternatives calls the link in the middle a 'slave symlink' Carl
Re: lost the root password
You probably can't derive the root password from info on your system (if you could, then it would be easy to break in...) But you can get around it as long as you have physical access to the machine. Get 'tom's unix on a floppy' or any other linux boot disk. The debian rescue disk may work, but I never use ti so I don't know. Boot that floppy in your machine, and mount the partition of your hard disk that contains /etc on /mnt : for example, # mount /dev/hda1 /mnt Then, edit the passwd file IN THE MOUNTD PARTITION # vi /mnt/etc/passwd And remove root's password: Change root:sdfklhsdfakj:0:0: to root::0:0:... If you use shadow passwords, do the same thing to /mnt/etc/shadow. Then, reboot your machine without the diskette, and you will be able to log in as root with no password. Then, change the root password to something secure. Carl
Re: Logitech mouse M-S48
If it has a little round DIN connector, try '/dev/psaux' as the device. You will need to 'modprobe psaux' before you do try the mouse. I recommend installing gpm, which has a nifty mouse-test program that can usually figure out automatically the type/port/etc of your mouse - but you may have to run the program a few times, as it proresses too quickly for most people to follow the first time. Once you know what to expect, you can follow it. Install the psaux driver (modprobe it) before you try to he mouse-test prgram (which i think is calld gpm-mouse-test). Carl
Re: C2 Certification
My name is Jasmine Chan and I was wondering which packages of Linux is C2 Certified. And if they are not, is there any steps taken to make Linux C2 certified. Thanks in advance for your help. As I understnad it, C2 certification must be granted by a certifiacation authority; there is no checkliust that a developer can go over in order to declare his own code C2. Of course, you have to _pay_ to get someone to test your system to see if it is C2 secure. There are several things that (AFAIK) Linux does not do that C2 requires. ALso, there are some things about unix that must be disabled before C2 could ever be reached. The fact that root cannot be locked out of any file is a definite no-no ; C2 does not have a 'superuser' concept. The kernel must actively prevent one uer from seeing any of another user's data- this means cleaning deleted filers from the HD, bzero'ing memory when a process terminates (or when the memory is allocated, obviously), etc. I believe that 'su' is also agains thte grain of C2. In short, if you _require_ C2, then you won't be able to use Linux any time soon. Carl
Re: IglooFTP goes commercial. Violation of GPL?
AFAIK, the person who owns the copyright on the work is free to change that copyright as the code goes on. Only the owner can sue to enfore the license, so the owner is free to violate their own copyright or to change it at any time, since they won't sue themselves. The KDE people had this problem for a while, too. Their license required Qt to be gpl'ed, but qt wasn't, so no-one else could follow the license terms. But the owners were free to violate them because no one could force them to follow their own license. Carl
Re: IglooFTP goes commercial. Violation of GPL?
That's what I was thinking. However, is it copyright infringement to take up the last GPL'ed version of the software, modify it and release it under GPL? Of course, the original copyrights would remain intact and be distributed with it. If you receiveed (or downloaded etc) a copy of the code with the GPL license in effect, you can continue to use that code under the license terms that were given to you (gpl in this case). If, for some reason, you were to get the same code, but not under the gpl, then you could not redistribute that code as gpl. Telling the difference, of course, might be difficult. Carl
Re: IglooFTP goes commercial. Violation of GPL?
AFAIK, the person who owns the copyright on the work is free to change that copyright as the code goes on. Well, there might actually be an exception here! The 0.9 code contains a patch by one Igor Lefterov. Unless Mr. Lefterov also agrees to the change in copyright, it might have to go back to GPL unless his patch is removed or unless he agrees to the new copyright. George: I am sure that you know more about this than I do. Here is my question now: Who owns patches? When a patch is integrated into the main product, doesn't the new code incorporated from the patch become property of the original owner? This is certainly the impression that I would wager $1 that most people have - that code sumbitted as patches falls under the control of the 'main' author, not of the patch author. I am speaking of the code after it is incorporated, not the patch itself, to which the patch author would appear to have closer ties. If, as you suggest, patch code remains the property of the patch author, then the 'ownership' of the entire program comes into question. Carl
Re: rlogin .rhosts and amanda problem
Have you checked that the rhosts fields are: 1) named '.rhosts' 2) owned byt he user 3) mode 600 (not 644 or 664) 4) That the host you are coming FROM is listing in them Carl
Re: tail -f /var/log/messages and top
You can try setting the TERM environment variable to match your terminal; this is definitely needed from the awful windows telnet program. If you don't know which ones to try, try 'vt100' or 'vt220'. Carl
Re: ssh client
There is a program named 'tera term' that has an ssh extension, surprisingly known as 'tera term ssh'. The url is http://www.zip.com.au/~roca/ttssh.html You have to download two files: the tera term regular executable, and the ssh extention. More info is available through the above link. I am using that program as I write this; the terminal emulation is on par with commercial implementations (much better than the awful telnet.exe that comes with windows), and the ssh works fine. I have used both RSA and password authentication from Windows 95, 98, and NT to a Linux box, and never had any problems. Carl
Re: understanding netstat output
Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] STREAM 824491 /tmp/.X11-unix/X0 unix 2 [ ] STREAM CONNECTED 824490 unix 2 [ ] STREAM 824228 /tmp/.X11-unix/X0 unix 2 [ ] STREAM CONNECTED 824227 unix 2 [ ] STREAM 824171 /tmp/.X11-unix/X0 unix 2 [ ] STREAM CONNECTED 824147 unix 2 [ ] STREAM 715277 /dev/log unix 2 [ ] STREAM CONNECTED 715276 unix 2 [ ] STREAM 2095 /dev/log unix 2 [ ] STREAM CONNECTED 2094 unix 2 [ ] STREAM 1158 /dev/log unix 2 [ ] STREAM CONNECTED 1157 unix 2 [ ] STREAM 1126 /dev/log unix 2 [ ] STREAM CONNECTED 1125 unix 1 [ ] STREAM 1054 These are 'unix domain' sockets. They are a seperate protocol from tcp/ip, and AFAIK are mainly unsed by X11. Any comprehensive unix network programming book would discuss them, and the advantages/disadvantages of them over tcp/ip. But for normal users, they are jsut a different type of socket that some programs use. Carl
Re: Help me stay away from visual C++ :)
under visual C++. Is this something that's (most likely) broken in vc++, or
perhaps (less likely) broken in glibc 2.1? All I have to test it on is a
potato box, so I don't know if other versions of gcc have the same problem.
According to the fflush manpage, only _output_ streams are flushed.
Why not the following:
#include stdio.h
int main()
{
int test;
char garbage;
int result;
int j;
for(j = 0; j 10; j++)
{
while ( scanf(%[^0-9-], garbage)); /* skip non-number chars */
result = scanf(%d, test); /* now get the number */
if ( ! result)
printf(Error\n); /* this better not happen,
* since we know we had a
* number when we tried to scan one
*/
else
printf(Success: %d\n, test);
}
}
works for me, ymmv
Carl
Re: Help me stay away from visual C++ :)
The more I think about it, the following is better.
No more buffer overflow problem.
#include stdio.h
int main()
{
int test;
int result;
int j;
for(j = 0; j 10; j++)
{
while ( scanf(%*[^0-9-]) );
result = scanf(%d, test);
if ( ! result)
printf(Error\n);
else
printf(Success: %d\n, test);
}
}
Re: Help me stay away from visual C++ :)
Buffer overflows also happen when you use a single char with %[...] in scanf; this inputs as many chars as it can match, and null-terminates the string. Even when they aren't able to be exploited (i.e. not in a program with special uid), buffer overflows can make you program break in strange ways that are hard to find. Carl
Re: .tgz? How do I go about extracting them?
One issue with all this is that the GNU tools are vastly superior to older ones (in terms of extra functionality) but most people never have the misfortune to have to use other unix systems that don't have them. Imagine tar without the 'z' option, find with only 'name' as a predicate, and so on. While some people complain about the command line, it is several times worse on other systems which use the more traditional tools. Carl
Re: Any tool to write/read/convert 16bit TGA files ?
See if 'convert' in the imagemagick package will do. Note that this is non-free, so you need to check the license also. carl
Re: Mouse
A bus mouse is actually /dev/psaux. You will need to 'modprobe psaux' to install the kernel driver for this device. Carl
Re: Removing broken packages
dpkg error processing blackbox subprocess post-removal script returned error exit status 1 Go to /var/lib/dpkg/info/ and look at blackbox.postrm. This is the script that is failing. You can 'force' things by just moving this script somewhere else and running dpkg --purge blackbox. You may want to read the script and, by hand, perform whatever it is supposed to do. Carl
Re: bad login tracking
UNKNOWN ttyp1ruf2-6.evoserve. Tue Jul 27 21:13 - 21:13 (00:00) chadittyp1ruf2-6.evoserve. Tue Jul 27 21:12 - 21:12 (00:00) question, is there any way for as to know as to what exactly is the 'guess' user name someone tried to enter w/c resulted in the UNKNOWN record for /var/ log/btmp ? we know that for the entry chadi, that there really is a user chadi on th e system but his password was wrongly entered. is there any way for us to cap ture and know what the wrongly enetered password is (guess password) and recor d it in some file ? in /etc/login.defs, the following line controls whether unknown usernames are recorded: # # Enable display of unknown usernames when login failures are recorded. # LOG_UNKFAIL_ENABno To get unknown passwords, you have to edit the source. Note that this is a Bad Idea (to get the usernames or passwords) since it tends to 1) give you a list of the users' passwords and 2) give others a well-known place to look for them too. Any user can run lastb. Carl
Re: bad login tracking
Any user can run lastb. you can fix that with chmod o= /var/log/btmp* When the file is rotated, the old permissions will be restored, so you would have to fix the cron entry as well. I agree that it is possible to prevent others from running lastb, but it is easy to do it incorrectly, and you will have the dpkg system working against you (for example, the next upgrade will fix the changed cron entry). It is easier to accept that lastb isn't secure. tcp-wrappers gives more logging than mosdt people need, and solid passwords can prevent others from loggin in. Of course, the truly secuire fix is to disable telnet and rlogin, enable ssh, and to turn off password authentication (require RSA keypairs). Carl
Re: Network addressing
I am reasonably sure that it will NOT work to change the netmask; if the netmask is wrong, then some things that need directed to the gateway/router will not be, and stuff will break. I would try using 'route' to add a route to just add a route to the local computers on the local interface; try route add -host 24.5.xx.yy eth0 on one machine (with the other machine's IP address) or route add -net 24.5.xx.yy -netmask 255.255.255.255 eth0 (If the first command doesn't work). Note that eth0 must be replaced with the correct device name, and that you will have to fix BOTH computers before you can talk between them. Carl
Re: Network addressing
route add -host 24.5.xx.yy eth0
route add -net 24.5.xx.yy -netmask 255.255.255.255 eth0
route add -net 24.5.xx.yy -netmask 255.255.255.0 eth0
did NOT work ('route' complained about inconsistency)
You used FF00 as the netmask; this implies a 255-host subnet.
You do not want to do this. If an subnet won't work
then you will have to use the -host option to route instead of
the -net option.
Also, remember to use the IP of the OTHER machine; I don't know if you did
or not, but it is important. The idea is to tell the machine that the
best route to the other machine is not via the gw, but straight onto the
device.
Carl
Re: Mutt dependency on an MTA
It still needs an MTA to send mail :-) Not necessarily on the same machine. How does the mail get to the other machine? Via an MTA. Carl
Re: Debian Install woes..
Don't panic. If the system is letting you log in, then no permanent damage is done (i.e. you DON'T need to reinstall everything.) Here's what to do: See if you have the 'script' command available; it is in a base package, but onot priority essential, so you may or may not have it. If you don't have it, then download the bsdutils_???.deb (I don't know the version) from the main/binary-i386/basesubdir of your favorite debian distribution (you can try 'find /cdrom -name 'bsduti*'' to see if its on the cdrom, after you mount the cdrom on /cdrom). Once you have script available ( it's /usr/bin/script), run it as root, then go into dselect and re-run the dselect 'configure' option'. Type 'exit' to kill the shell that script started, and you will see a message that the output file is 'typescript'. Mail this file to the debian-user list, and we will comment on how to fix things. Note that, depending on what access emthod you chose in dselect, you may have to iterate the 'install' option a few times before everything will install successfully. This is fixed with apt, since apt knows what order to isntall things in. The older install methods install things in the wrong order, so you have to choose 'install' over and over. But, do the script thing. mail it in, and we will try to help you. Carl
Re: Wordperfect and LaserJet 6L
Wordperfect is attempting to print some PJL commands, and the filter is killing them. One possibility is that wordperfect is printing the command 'switch to postscript mode' before it begins the postscript output; some of the drivers for HP 4000 printers do this (two lines of pjl, 400+ lines of psotscript, 2 lines of pjl). If this is the case, you can write a small filter to remove the pjl commands from top and bottom, and set up a second printer in /etc/printcap that has a filter set to strip the pjl, and then pass on the rest to he normal printer. Carl
.no.spam email addresses
[EMAIL PROTECTED] ^^^ If you are going to do this, PLEASE say so in the body of the message. My reply bounced! I do not look over the email addresses wwhen I reply to a message, I just type 'repl', then edit, then type 'send'. If I were in a less patient mood, I would just rmm the bounce and keep on going. Carl
Re: Wordperfect and LaserJet 6L
One possibility is that wordperfect is printing the command
'switch to postscript mode' before it begins the postscript
output; some of the drivers for HP 4000 printers do this
(two lines of pjl, 400+ lines of psotscript, 2 lines of pjl).
If this is the case, you can write a small filter to remove
the pjl commands from top and bottom, and set up a second
printer in /etc/printcap that has a filter set to strip
the pjl, and then pass on the rest to he normal printer.
i'm not sure exactly how to do this, but i'm sure i can find it in the manpage
s. However, i was using wordperfect on redhat 5.2 a few months back, and I did
n't have this problem. At the time, i used their printtool gui to choose my pr
interwhy would it work on rh but cause problems in debian?
here's a perl hack (out of my head, so you may have to fix any
syntax problems):
--cut
#!/usr/bin/perl
# put this in /etc/printcap instead of the normal magicfilter
# to catch before/after glimpses of what's happening
#change this to match the desired 'real' filter
$magicfilter = /bin/true;
use IPC::Open2;
open LOG_PRE_FILTER, /tmp/filter.$$.before
or die Can't open file: $!\n;
open LOG_POST_FILTER, /tmp/filter.$$.after
or die Can't open file: $! \n;
open2(FROM_FILTER, TO_FILTER, $magicfilter)
or die Error opening filter: $! \n;
# turn off buffering on our side of filter
select LOG_FILTER_IN;
$| = 1;
while ( defined(STDIN ))
{
print LOG_PRE_FILTER;
print TO_FILTER;
}
close LOG_PRE_FILTER;
close TO_FILTER;
while ( defined(FROM_FILTER))
{
print LOG_POST_FILTER;
print STDOUT;
}
close LOG_POST_FILTER;
close FROM_FILTER;
--- cut
make sure this runs (from the command line) then put it in /etc/printcap.
Print something the normal way, then print something in WP, and compare the
resutling files in /tmp ( or shar them and mail them to me) and see what
is happening.
Carl
Re: CRON (another question)
Does anybody knows if there is a way to append (just put at last place without entering any editor) a schedule to crontab ON DEBIAN ONLY: bash$ CRONTAB_NOHEADER=Y (crontab -l ; echo new crontab line here) | crontab - should do the trick.The CRONTAB_NOHEADER is a debian change from the normal conrtab command. Carl
Re: How to switch off line buffering in stdin?
I'm writing an application, which implements some terminal functionalities. I'd like to receive every keystroke, just after the key is pressed (like with vga_getkey(), but in text mode). setvbuf, etc. are only for output streams, not input streams. Input is never buffed, but as you found out, the output of the terminal driver toyour program is. There are seveal ways to do this. The normal one is to use ncurses or a similar library; this lets you get raw characters. Carl
Re: Good HTML editor for debian Linux?
to the task... cut and paste works irregularly if at all, no facilities for previewing.. Previewing is not such a large issue on a machine that has a functional http daemon running. Just edit the pages in-place and look at them with your favorite browser, hitting 'reload' when you need to. I agree that cut-and-paste is a strange thing. It varies from editor to editor, so you just have to figure out the one you are using. What I still haven't found is the equivilent of 'indent' for html files, that will neaten up my code, single-case my tags,etc. Carl
Re: What provides glib.h?
from konica_qm100.c:7: /usr/include/glib.h:66: glibconfig.h: No such file or directory make[2]: *** [konica_qm100.o] Error 1 make[2]: Leaving directory `/usr/src/gphoto/gphoto-0.3-2-990422/konica' make[1]: *** [../konica/libgphoto_konica_qm100.so] Error 2 make[1]: Leaving directory `/usr/src/gphoto/gphoto-0.3-2-990422/src' make: *** [gphoto] Error 2 First, find a copy of Conents-i386.gz: bash$ locate Contents ... Then grep it for the file you need: bash$ zgrep glibconfig.h /var/local/debian/dists/potato/Contents-i386.gz usr/lib/glib/include/glibconfig.h devel/libgtk-dev,devel/libglib1.2-dev So the package is devel/libgtk-dev (or the other version) Carl
Re: Suggestion for Newbie Guide Lines
I was looking in my mail dir today and noticed my debian-user folder
exceeds 4 Meg for this month. In reviewing the question and answers
for the last few days, it seems like there is a lot of wasted
bandwidth.
I like the idea of less time being wasted on repeating the same answers
again and again.
One issue: there is already a lot of documentation out there. ( I will
not vouch for its quality or lack thereof, but volume is something that it
does not lack). Every package should have a manpage, and often there is
stuff in /usr{/share}/doc/package also, as well as all the web-based
documentation.
When a new user starts using Linux, a one problem is information
overload. Suddenly, the user is faced with 5000 pages of documentation
(if you take the 'read the docs for every package before you use it'
philosophy) which of course they do not have the time to read.
Until something breaks.
It is not reasonable to expect a new user to read all those docs
before inserting the installation disks. Or before they start using
the system. We don't have the magical ability to change human nature here.
One thing that might be nice would be a document that contained:
* ) a list of 'very important' documents - like some Xfree
docs, whatever else is really needed to install the system
* ) a list of (too) commonly asked questions and answers
* ) a list of places to look for further documentation
- man/apropos
- info
- /usr{/share}/doc/HOWTO
- online places
* ) a checklist that the user can follow to attempt to report
(or maybe even fix...) problems as they occur
Checklists are easy for users to follow, require no
previous knowledge, and teach processes for fixing things.
And they might lead to more detailed bug reports, easier to resond to.
* ) etc
If this were kept brief (say less than ten pages) then users could
print it out (but not read it yet) before they start, for reference when
the system breaks (when they will have the patience to sit down and look
for help)
Carl
Re: ACK! Too many ftpds.
You can turn off the netstd ftpd by commenting out the apprpriate line in /etc/inetd.conf and then '/etc/init.d/netbase restart'. As for proftpd, I am not sure if it wants to ru under inetd or as its own daemon. Look for an entry (maybe commented out) in /etc/inetd.conf, look for /etc/init.d/proftpd, and try th eproftpd manpage to see how proftpd wants to be started. If it needs inetd but doesn't ahve a line in there, copy the line from the original ftpd, but substitue the path to proftpd instead of in.ftpd Carl
Re: mount/fstab question [WAS: Re: SV: Unidentified subject!]
Oki. I just put a 'defaults' there... What does nosuid,nodev and use do? Where is the man page for this? (Not the normal man fstab) The options are filesystem-specific. Try mount(8) and nfs(5) to see what options are available for the filesystem you are mounting. Skip the nfs page if you do't use nfs. Oh... mount(8) means to run $ man 8 mount Carl
Re: STABLE graphical FTP clients?
I'm trying to get an FTP client for Linux that is graphical, and supports bookmarks. Something like gFTP or IglooFTP. Netscape will work; use ftp://[EMAIL PROTECTED]/ and netscape will prompt you once for the password. Once you are connected, you use the 'Upload' command on the file menu, and the 'save as' comand to download. Works well for me. Carl
Re: Multiple mail delivery.
Look at the '-m' option of fetchmail, in the fetchmail man page. If you install procmail, you can use it with fetchmail, and apparantly you can also use the /usr/lib/sendmail interface to do it. I know that several others here do what you are asking, so maybe they can give you their command lines. Carl
Re: Adding users - two quick questions
About the 'no home' ting: it means that the system couldn't cd to the user's homedir after assuming the identity of the user. Usually this means that /home isn't mounted, or wasn't mounted when you added the user, but you may have other reasons. Just make sure that the entry in /etc/passwd for the user accurately reflects their homedir, then 'chown -R user ~user' and 'chmod -R u+rwX ~user'. To get a log of when the users logged on, there are many utilities. 'last' provides a short listing; the 'sac' program can analyze the logins in several ways and is probably more than you will need. I am not sure that listing the users' commands is legal (but I'm not a lawyer so don't ask me) or desirable. It's called 'process accounting' in Unix-land, so try searching for that term and see if you can find anything. Note that .bash_history was NOT meant for this purpose, so any non-trivial use of it will have problems. Carl
Re: Suggestion for Newbie Guide Lines
I was looking in my mail dir today and noticed my debian-user folder exceeds 4 Meg for this month. In reviewing the question and answers for the last few days, it seems like there is a lot of wasted bandwidth. How about the once-a-week FAQ that gets posted to high-use newsgroups? These usually list guidelines for posting, along with answers to the questions that are asked too frequently for comfort. On the other hand, many users HAVE TRIED to solve the problem before they ask here. They just didn't see the right line of the man page, or weren't thinkning along the right lines of the problem. There's no use discouraging them from posting if they just can't find the answers elsewhere. It would be nice to make it easier for them to find the answers themselves, however. Carl
Re: Install Source Packages
How can I install a tar package and replace a debian package. I would like to install perl 5.005_03. I tried to remove the old one with dselect and all the web packages were gone. So, is there any chance either to remove the old perl stuff and keep the dependent packages or can I build a deb package from the tar file? How easy this is to do depends on how much that package you are replacing will change with the upgrade. Assuming that the package is not a dependant of another package, you can remove the debian version and use 'alien' to install the tgz version. HOWEVER, perl is not such a package. The unstable distribution of debian has been flopping around like a fish on a pier for a short time now, because of the introduction of perl 5.005. A large number of debian's scripts and installation system use perl, and break when you upgrade. Once the devel people have everything figured out, it will be fairly easy to upgrade. Carl
Re: Security problems
Hopefully this gets back to whoever asked originally.. You could roll a solution using chroot() to move the user into their home dir - all it costs is the disk space to recreate the bin and lib trees. Carl
Re: suid question, kind of
I tried this after reading the man page and it did not work, so I read the man page again and it seems that --user is intended for use in closing a process, not in starting one. damn. You're right. Rename the script below, edit the vars at the top, and you are i business. Sorry to have led you in the wrong direction before. --cut kicker.pl #!/usr/bin/perl $pidfile = /var/run/mypidfile; $daemon = /usr/bin/id; [EMAIL PROTECTED] = (-i, -o, -etc); $user = nobody; die I am already running ! \n if ( -e $pidfile); system echo $$ $pidfile; $ = $ = (getpwnam($user))[2]; #set uid and euid exec $daemon, @options or die Error: can't exec : $! \n; --cut This will do the setuid part; all you have to do is use start-stop-daemon to start/stop this script, which in trun will start/stop your program. You can use the --pidfile option to start-stop-daemon, which is a Good Thing. Carl
Re: return value of a child process
How do I catch the return value from the child process?? man waitpid
Re: suid question, kind of
IF you are using inetd, there is an option for which uid to use;
the sytnax is
port type type user {no}wait user command
IF you don't use inetd, then you should use start-stop-daemon, which
allows you to specify the user and group . man start-stop-daemon
Carl
Re: 'Inverse' chmod?
Is there a command that will do (so to speak) the inverse of chmod, i.e. if given the name of a file return its current permissions in octal? perl -e 'printf %#o, ((stat(FILENAME))[2] 0x1ff)' Remove the # (leave everything else) to strip the leading 0 Carl
Re: Re[2]: 'Inverse' chmod?
--cut
#!/usr/bin/perl
foreach (@ARGV)
{
printf %#o %s \n, (stat($_))[2] 0x1ff, $_;
}
--cut
CaRL
Re: suid question, kind of
start-stop-daemon --start --exec $NEWT /path/to/executable ? The sense I get from the manpage is that you should use start-stop-daemon --start --user newt --exec /path/to/prog -- -program -options Carl
Re: public_html directories not accessable outside of LAN
On Mon, Jul 12, 1999 at 11:15:22PM -0400, Carl Mummert wrote: Is this problem on remote machines, or your local machines? The change from dotted-quad to hostname with attempted domain name completion occurs on all machines (LAN and Internet users). It's only a problem outside the LAN, though, because my hostname is known by the LAN, but not on the Internet. have the remote people tried putting http://xx.xx.xx.xx/~user instead of xx.xx.xx.xx/~user (IE 5 requires this). Well, I don't have my winbox booted right now, but it doesn't seem to make any difference in Netscape. The dotted-quad gets changed to the hostname when running netscape on the host where the Apache server is running, even if entered with the http://;. Does it work locally? As I said in the original post, the dotted-quad is changed to the hostname for all clients, on the LAN or the Internet. The LAN users are able to recognize the hostname, though, so the LAN users can access users' public_html directories. Thanks for the input...I'll try it again from IE 5.0 next time I boot the winbox. - --D - -- === David Karlin mailto:[EMAIL PROTECTED] http://funk48.home.travelin.com Powered by Debian GNU/Linux 2.1 === --- End of Forwarded Message
Re: user list
Is there an easy way to get a list of all regular user ( UID 1000 )
accounts on the system? I can't find the userls command I used to use
on SCO.
awk -F ':' '{if ($3 999) print $0}' /etc/passwd
Re: help: setting up dial-in mail server
Why not just set their shell to /bin/false or some such. That prevents login access, and should prevent ftp access (you have to check - try man ftpd ). But it allows pop access, and imap access. Carl
Re: preventing weak passwords
You can get better versions of passwd(1) that prevent users from setting bad passwords in teh first place - we use one called npasswd, which works a little TOO well (it screens out my attempts to give new users simple passwords). I can give you the source if you need it, but there is a distro site out there. Carl
Re: Programming question: sizeof struct?
#pragma pack(1)
struct {};
#pragma pack()
Which forces the layout to be as you specified.
Using a command line option is a Bad Idea (tm) as it may corrupt glibc's
structures
To test a resonse to the original message, I made the follwing c file
( I was not familiar with the attribute flag, so I guessed wrong):
--begin
__attribute__ ((packed)) struct foo
{
char c[3];
int x;
};
int main()
{
printf(%d \n, sizeof(struct foo));
}
--end
This has a size of 8 without the command-line option, but 7 with it.
But this has 7 with or without:
struct foo
{
char c[3];
int x __attribute__ ((packed));
};
And this has 7 with or without
#pragma pack(1)
struct foo
{
char c[3];
int x;
};
#pragma pack()
Which made me think... and check... and sure enough
the ORIGINAL STRUCT actually has a size of 7 with the command line option!
THe guy is either crazy, or he is using some strange compiler that
we don't know about (althoguh he did say the size was 6, as if he
had a 286...)
Carl
Re: RedHat 6.0 Root Remote Login
But in RedHat 6.0 this doesn't work at all... Now,,, anybody got any ideas? Security issues aside ... you can add these lines to /etc/securetty: 0 1 2 3 4 5 6 7 8 9 Yes, that's 0..9 each on its own line. Why? I got this advice by On newer kernels ( I bet that Redhat 6.0 has one... ) , /dev/ptyN don't exist anymore; instead, you have /dev/pts/0 through /dev/pts/NNN Thus you are probably matching those. Carl
Re: where do i find crypt ?
crack ues its own version of crypt, you have to cd to the correct source directory of teh crack distribution and make the crypt library. They discuss this in the crack documentation. Carl
Re: where do i find crypt ?
Isn't that [crypt(3)] in libc6, folks?
WRT the message from yesterday, and this, and others:
crypt lives, for most applications, in /lib/libcrypt.*.
Some programs, like crack, provide their own, faster, version.
You specify crypt to gcc as follows:
Function prototype for C:
char *crypt(const char *key, const char *salt);
Command line
gcc -o file.o file.c -lcrypt
You specify it to g++ as follows:
Function declaration for C++:
extern C { char *crypt(const char *key, const char *salt); }
Command line
g++ -o file.o file.cc -lcrypt
Hope this clears up the confusion.
Carl
Re: Tab Tab program/command line editing
It's a feature of bash, as has been mentioned. According to the bash manpage, you can get rid of it by adding a line set disable-completion on in your /etc/inputrc (for the entire system) or ~/.inputrc (for whichever user's home directory it's in). Be advised you have to restart bash for this to take effect. Other shells might use a different file. Looking at the bash manpage, you can also use the 'bind' command to bash to change your keybindings at runtime; 'bind -P' will list the current bindings. i don't know why it's doing it when you press esc twice. i have to press esc four times to do it... Is this on a console or over a terminal? It may be that you have to press escape twice to get a single escape character to be read; that is, escape may be acting as a sticky modifier, and you have to hit it twice to get the actuasl keycode. Carl
Re: Fate strikes again
some reason, how odd.) It is amazing, isn't it? Only problem now is that when I right click and hit Exit X all it does is restart X with the debian login... I think that oughta be fixed. I'll have to look into that script file, I forget what its called. Oh well. Ctl-Alt-F1 to switch to a text console login as root /etc/init.d/xdm stop dpkg --purge xdm done Carl
Re: Making more groups and removing 32 groups limit.
OK, you can say that it's the admin task but it would be more clean to do this and the admin can't do everything. For example, if the dpkg database would be like an email spool, owned by a group called pkg for example, root could give the package management to a specific user. For now, even if the admin does addgroup pkg chown -R root.pkg /var/lib/dpkg chmod -R g+ dpkg will say that it needs root. dpkg has to write files to directories owned by root... What I say is maybe stupid but it would be really simpler et efficient to divide the system into a multitude of groups. Wait a little while; there is talk of adding ACL features to linux, which would fix your '32-group' problem. Carl
Re: Remove funny files
$ echo 'int main(){ unlink(--exclude_files=\blah\);}' file.c \
gcc file.c ./a.out rm -f a.out file.c
Carl
Re: /usr/include/linux and /usr/include/asm?
I would have thought that someone would have figured out by now that /usr/include/linux (at the very least) should reflect the status of the kernel so that kernel-specific stuff can be done and that NOTHING in the library or in the include files associated with that library should depend upon the kernel-specific files. It's not the symlinks, it's the contents of /usr/include/*.h that's the problem. They are the problem, but they cannot be fixed. Since the GNU C library is portable to various kernels and hardware platforms, it has to get its information about the underlying system from somewhere. Back when we had our very own private C library, we could get away with not separating the user-visible stuff from the kernel-only stuff. But when we start using portable libraries, we have to worry about what is used by normal programmers, and what is used only inside the kernel. find /usr/include -type f | xargs grep 'include.*linux' Most of the files that include stuff in /usr/include/linux are in the /usr/incldue/sys subdir, with a few network realted ones also hangin arond. The others seem to be individual cases. Of all the files in /usr/include/*.h, only a couple reference /usr/include/linux/... Carl
Re: /usr/include/linux and /usr/include/asm?
Look in the archives here: http://www.debian.org/Lists-Archives/debian-user-9702/msg00686.html for a note from linus about why things are the way they are. Carl
Re: Refusing to deliver mail
Is there a way to configure the email server (sendmail 8.9.3) so that it refuses mail coming from a specified address to a specific email. Let me clarify: My user A doesn't wan't to receive mail from [EMAIL PROTECTED] Is it possible (with sendmail or something else) to make b's message bouce back complaining about the unavailability of a ? You can do this easily with procmail. Into the file bounce.message, put some text describng why you are bouncing this mail. Then, set up the user's .forward or .qmail to use procmail. Then, add this rule to the .procmailrc : :0 * ^From [EMAIL PROTECTED] | (formail -r ; cat bounce.message) | $SENDMAIL -oi -t Carl
Re: ATX power on
Does anybody how to make an ATX motherboard boot without having to press the 'power' button everytime? That is, I want an standard AT behaviour: if there's power in the line, then I want the machine running without having to press anything. There was a long discussion of this on slashdot.org last week; look in their archives. The solution is to electrically connect (certain) two of the wires in the bundle that plugs into the motheboard, or else to connect some of the wires leading to the power 'switch'. The deatails are over there. Carl
Re: xlib6g-dev problem
You need to specify to gcc the X library that contains all those functions. Try something like: gcc -L/usr/X11R6/lib file.c -lXt -lXaw The profileration of those -l options isone reason that makefiles are so popular. Carl
Re: default ungziped /usr/doc/*/* ?
I am uploading here a small, hackish perl script that, along with some apache configuration changes, will allow you to view the compressed files in http://your-machine/doc as if they were not comrpessed. Very nice, but I urge people to file bug reports against packages that have compressed html files without hacked URLs such that they still work. Not good. If the html is hacked so that links work while it is compressed, then when someone UNcompresses it, the links will break. This would certainly be a surprising effect of unzpping html files. Carl
Re: do I have to use Redhat?
partition changes you want, then choose to install packages via Internet, but select dists/unstable main contrib non-free. I would say dists/potato instead of dists/unstable; here is why: I once used dists/unstable, and everything worked fine until the next debian version changeover (such as the one that will soon occur). At that point, since I had told the system to use unstable, I was upgraded to the NEW unstable. This is not what I expected, and I was surprised when, suddenly, over a hundred pacakges were upgraded. And whereas potato is realtively usable, brand new unstable archives often have many bugs and pacakging problems. I am not sure why we actually have those two symlinks (except for historical purposes) instead of files named 'stable-is-slink' and 'unstable-is-potato', but there is probably a good reason. Nonetheless, if you don't ALWAYS want the unstable version, use a real distribution name instead of 'unstable'. Carl
Re: default ungziped /usr/doc/*/* ?
I am wondering about way to grep or to view with editor /usr/doc/*/* files. zgrep zless zmore all work on gzipped files. lynx will also open gzipped html pages, but currently is not bright enough to look for gzipped pages as link destinations. carl
Re: default ungziped /usr/doc/*/* ?
I am wondering about way to grep or to view with editor /usr/doc/*/* files.
Of course, these files are gziped, according to debian policy.
Is there any way to choose to install these docs in ungziped as default?
I can ungzip these, but also want to leave these under control of package
manager.
I am uploading here a small, hackish perl script that, along with some
apache configuration changes, will allow you to view the compressed
files in http://your-machine/doc as if they were not comrpessed.
This issue was a real annoyance to me, which is why I had written this.
Note that you HAVE to use the webserver for my hack to work - you cannot
cd to the directory and run lynx on the inidividual file.
There are two issues that this resolves:
1) when you attempt to fetch a compressed html or
text file, this will uncompress the file, drunkenly guess the
content-type, and send it to your browser.
2) When you click on a link, the browser requests a .html file
which doesn't exist. So you configure apache to send such
errors to this script, which attempts to correct for them.
I am able to browse several compresses files, and click on links to
move between them, on my local machine, with the browser
unaware that the files are compressed.
This is all a small hack, don't take it too seriously or expect it
to work all the time. Use at your own risk.
Steps:
1) as root, edit /etc/apache/httpd.conf and uncomment the following line:
LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
2) as root, edit /etc/apache/access.conf, and make your
Directory /usr/doc look like this:
Directory /usr/doc
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
Action doc /cgi-bin/doc
AddHandler doc .gz
AddHandler doc .Z
ErrorDocument 404 /cgi-bin/doc
/Directory
3) now, put the following script into /usr/lib/cgi-bin/doc
and chmod it to 755.
NOTE: While I hope that this script is reasonably secure,
I can't make any promises. Use it at your own risk, or
better yet have someone knowledgable read over it and give
you their opinion.
--begin /usr/lib/cgi-bin/doc
#!/usr/bin/perl
# A small hack by Carl Mummert [EMAIL PROTECTED] to
# auto-gunzip compressed html files in /usr/doc
#
# I release this to the public domain;
# do whatever you want with it.
#damn buffering
select STDOUT;
$| = 1;
# the filename comes in different vars
# depending on whether this is a
# 404 or not
if ( ! defined $ENV{'PATH_TRANSLATED'} )
{
if ( defined $ENV{'REDIRECT_URL'} )
{
$path = $ENV{'REDIRECT_URL'};
} else {
print content-type: text/plain\n\n\n;
print internal error, sorry.\n;
exit 0;
}
} else {
$path = $ENV{'PATH_TRANSLATED'};
}
# silly attempt to remove '..' from path
$path =~ s/\.\.//g;
# kill tag names from filenames
($path, $rest) = split /#/, $path, 2;
#ensure that we aren't trying to go somewhere else...
if ( $path !~ m!^/usr/doc! ) #uncompress looks like this
{
if ( $path =~ m!^/doc! ) # 404 looks like this
{
$path = /usr$path;
} else {
print content-type: text/plain\n\n;
print Error: invalid location $path\n;
exit 0;
}
}
# is this a compressed file being fetched as if it's uncompressed?
if ( (! -r $path) ( -r $path.gz) )
{
$path = $path.gz;
}
if (! -r $path )
{
print content-type: text/plain\n\n\n;
print Error: cannot read $path\n;
}
#drunkenly guess content-type
if ( $path =~ /html?\.((gz)|z)$/i )
{
print content-type: text/html\n\n\n;
} else {
print content-type: text/plain\n\n\n;
}
print !-- Uncompressed from $path -- \n;
#hopefully gzip is secure...
exec /bin/gzip, -dc, $path;
--end /usr/lib/cgi-bin.doc
Re: loggin 'su'
Is there any way to log with syslog all attepts (good bad) to user 'su' ? If you can, it would be in the manual page, right. man syslog.conf. Actually, in this case it's not in any manpage. There was a behjavior change at the hamm/slink transition- hamm su would log to syslog, slink su would not. I researched this, and discoverd that the issue is some compile-time definitions that the newer su.c files need in order to activate syslog activity. The makefile doens't enable them, so su doesn't do syslog logging. There are some bugs filed against this, but I am not sure what their status is. I have some steps below to fix su. Use caution in following the steps below. Don't blame me if you break something, and be ready to log in on the console in case you break su. T y p e s l o w l y . Here is what I did to fix su: 1) download the appropriate version of the source code for the shellutils package. You need the .orog.tar.gz , the .diff.gz, and the .dsc from the debian server. 2) put these three files in some dir under /usr/src, and cd there. Then run # dpkg-source -x shellutils_VER.dsc This will unpack the tar file and patch it. 2) cd to shellutils-VER and run ./configure cd to src and open su.c in an editor. Add the following three lines at the very top, before the comment: #define SYSLOG_SUCCESS 1 #define SYSLOG_FAILURE 1 #define SYSLOG_NON_ROOT 1 they need to be flush with the left margin. 3) # cd .. # cd lib # make all # cd .. # cd intl # make all # cd .. # cd src # make su # chmod 4755 su # test su until you are happy with it # mv /bin/su /bin/su.debian # chmod 700 /bin/su.debian # cp su /bin # ensure /bin/su still works I suppose you could run debian/rules binary from the top of the source tree to generate a debian package, and then iat, if you don't like to run make by hand. However, this will also remake all the other shellutils, so the compile time will be longer carl
Re: logging 'su'
Is there any way to log with syslog all attepts (good bad) to user 'su' ? If you can, it would be in the manual page, right. man syslog.conf. Actually, in this case it's not in any manpage. There was a behjavior change at the hamm/slink transition- hamm su would log to syslog, slink su would not. I researched this, and discoverd that the issue is some compile-time definitions that the newer su.c files need in order to activate syslog activity. The makefile doens't enable them, so su doesn't do syslog logging. There are some bugs filed against this, but I am not sure what their status is. I have some steps below to fix su. Use caution in following the steps below. Don't blame me if you break something, and be ready to log in on the console in case you break su. T y p e s l o w l y . Here is what I did to fix su: 1) download the appropriate version of the source code for the shellutils package. You need the .orog.tar.gz , the .diff.gz, and the .dsc from the debian server. 2) put these three files in some dir under /usr/src, and cd there. Then run # dpkg-source -x shellutils_VER.dsc This will unpack the tar file and patch it. 2) cd to shellutils-VER and run ./configure cd to src and open su.c in an editor. Add the following three lines at the very top, before the comment: #define SYSLOG_SUCCESS 1 #define SYSLOG_FAILURE 1 #define SYSLOG_NON_ROOT 1 they need to be flush with the left margin. 3) # cd .. # cd lib # make all # cd .. # cd intl # make all # cd .. # cd src # make su # chmod 4755 su # test su until you are happy with it # mv /bin/su /bin/su.debian # chmod 700 /bin/su.debian # cp su /bin # ensure /bin/su still works I suppose you could run debian/rules binary from the top of the source tree to generate a debian package, and then iat, if you don't like to run make by hand. However, this will also remake all the other shellutils, so the compile time will be longer carl
Re: logging 'su'
Is there any way to log with syslog all attepts (good bad) to user 'su' ? If you can, it would be in the manual page, right. man syslog.conf. Actually, in this case it's not in any manpage. There was a behjavior change at the hamm/slink transition- hamm su would log to syslog, slink su would not. I researched this, and discoverd that the issue is some compile-time definitions that the newer su.c files need in order to activate syslog activity. The makefile doens't enable them, so su doesn't do syslog logging. There are some bugs filed against this, but I am not sure what their status is. I have some steps below to fix su. Use caution in following the steps below. Don't blame me if you break something, and be ready to log in on the console in case you break su. T y p e s l o w l y . Here is what I did to fix su: 1) download the appropriate version of the source code for the shellutils package. You need the .orog.tar.gz , the .diff.gz, and the .dsc from the debian server. 2) put these three files in some dir under /usr/src, and cd there. Then run # dpkg-source -x shellutils_VER.dsc This will unpack the tar file and patch it. 2) cd to shellutils-VER and run ./configure cd to src and open su.c in an editor. Add the following three lines at the very top, before the comment: #define SYSLOG_SUCCESS 1 #define SYSLOG_FAILURE 1 #define SYSLOG_NON_ROOT 1 they need to be flush with the left margin. 3) # cd .. # cd lib # make all # cd .. # cd intl # make all # cd .. # cd src # make su # chmod 4755 su # test su until you are happy with it # mv /bin/su /bin/su.debian # chmod 700 /bin/su.debian # cp su /bin # ensure /bin/su still works I suppose you could run debian/rules binary from the top of the source tree to generate a debian package, and then iat, if you don't like to run make by hand. However, this will also remake all the other shellutils, so the compile time will be longer carl
Re: Eterm
Eterm -P none -C --scrollbar-color gray --unfocused-scrollbar-color gray -g 80x40 -T 'm u t t' --name mail --icon-name 'm u t t' --term-name rxvt -M menu -e mutt /dev/null 21 Try running eterm in a subshell, and redirecting the output of the subshell: ( Eterm -P none -C --scrollbar-color gray \ --unfocused-scrollbar-color gray -g 80x40 \ -T 'm u t t' --name mail --icon-name 'm u t t' \ --term-name rxvt -M menu -e mutt ) \ /dev/null 21 Carl
Re: What is ELF?
ELF and a.out are two different ways of arraning data in a compiled program or library. a.out is older; ELF has more features. Most of the linux world switched to ELF several years ago, and new a.out binaries are uncommon on linux. (Although, for historical reasons, the compiler will still CALL your compiled file a.out). The kernel runs ELF binaries natively, and runs a.out binaries if you have support compiled in for them (or in a module - called binfmt_aout or something like that). Use the 'file' command to see what sort of file an executable is. Carl
Re: local mail delivery
Unfortunately, that seems to not be the case...all of the mail is deliverd to the account which invokes fetchmail. The To: header points to a local user, but is not delivered to that user. Are you running fetchmail as root, as the procmail manpage suggests?
Re: gtk1.2.3
FILE PACKAGE usr/X11R6/include/X11/Intrinsic.h x11/xlib6g-dev usr/i486-linuxlibc1/include/X11/Intrinsic.h oldlibs/xlib6-altdev This same info is in Contents-i386.gz , which you can download and grep locally . Carl
Re: awk progfile
BTW: Can somebody give me a clue why awk is /usr/bin/awk in Debian (also
e.g., ksh) (and /bin/awk in most other systems I've seen)?
What's the standard #! way to get a script running on both? ln -s
/usr/bin/prg /bin/prg in Debian (and vice versa in other systems)?
(please cc me)
Debian tries to follow a system where the only programs in bin are those of
utmost importance; this is because some systems mount /usr
remotely but /bin locally, and these systems want to minimize the
space taken up by /bin
To do the script thing: There is no one-line solution that I know of.
You can do it with a shell script:
-- cut
#!/bin/bash
SCRIPT=/your/real/awk/script/goes.here
#try 'which'
AWK=`which awk`;
test -x $AWK exec $AWK $SCRIPT
#now try standard places (in case which failed)
for AWK in {/bin/,/usr/bin/}{mawk,awk,gawk,nawk}; #any others?
do
test -x $AWK exec $AWK $SCRIPT ;
done
--end of script
Re: Kernel too big
No idea, and I doubt it. Isn't it a LILO problem? No, it is because the BIOS has to load the kernel, and because the kenrel starts in real mode, not protected mode. There is a thorough description in the archives sometime this earlier this year. Carl
Re: problem su'ing
su HAS to be suid root. Irregardless of shadow passwords. If I am user x, and I want to become user y, the process that calls seteuid() HAS to be running as UID 0. Since this process is su, it needs to be run by root or as root, i.e. setuid root. If you chown root.shadow su, and then chmod it 2755 (setgid), you WON'T be able to use su as a non-root user. Try it: $ su Password: su: cannot set groups: Operation not permitted Carl
Re: socket programming in c++
You canuse the same libraries in C++ that you use in C, just like you can use the C stdlib functions in C++. If you look around, you can find classes that wrap the socket api into OO form. But these will call the C api themselves. Carl
Re: Dotlock vs Kernel lock
What is the difference between these two lock methods, and which one would be considered to be most stable? I do also have the option to use both, but why would I want that? Kernel locking relies on a flag to the open() command which tells the krnel to reserve the file. dot-locking relises on certain files and special prgorams that eliminate some race conditions. Both are stable in the sense that they work perectly fine so long as your program works. All that is important is that EVERY prorgam that locks a certain file must lock it the same way,or else one program may not realize another program has locked it. Unfortunately, I can think of about 5 different ways of locking a file. Thus it is sometimes difficult to get diverse applications to interact correctly. Apparently, your mailer can compensate for this by locking a file with more than one method. This is probably a Good Idea unles you are certain that your programs all work together. Carl
Re: Death of a 2nd WD hard drive
At my former place of employment, we had quite a few 1.6 WDs die. They would usually have that clicking problem. My advice: download from WD their disk diagnosis program. You put it on a DOS floppy, boot the floppy, and run the program. If the program says the drive is dead, WD will replace it. Note that WD will not replace any drive that was stolen along the supply chain - a good reason to avoid grayware drives, as someone else mentioned. Carl
Re: Groups
From message [EMAIL PROTECTED] : How can I ad a user into the dip group ??? as root # adduser user group Carl
Re: c++ docs
You are probably looking for 'strstream' which you can include headers for with '#include strstream'. The name of this class has been strstream for a couple of years, but all of the STL stuff is relatively young, so if your book is more than (about) two years old, many thngs may end up slightly inaccurate. There is a package named 'stl-manual' that has some docs, but again the stl is too yung for much standarization between different libraries. So small things may be different. At least, with newer versions of eg++, you can use default template parameters; the former HP library did not uise them since g++ didn;t support them Carl
Re: passwords in .fetchmailrc
The danger in putting your password in .fetchmailrc: it is an obvious place to look. Suppose that I were a cracker, and that I were eager to find a way to compromise your account. (Note the subjunctive here). Say that I find a way to have your computer send me the contents of any file (this is a common hole that is often found; while it is not as serious as a hole that gives shell access, it is also more common. Old versions of sendmail did this.) First, I would get /etc/passwd. This would tell me the location of all the user home directories on your computer, and provide me with the _encrypted_ passwords (if you use shadow passwords, I will get /etc/shadow as well). Now, armed with the location of you homedir, say /home/luser, I request the following files: /home/luser/.fetchmailrc /home/luser/.netrc These files both exists primarily for the purpose of storing unencrypted passwords (along with other config info). If I am lucky, one of these files will have your unencrypted password. I can then crypt your password and see if it is the password on your linux box (all that I know is that it is a password on another computer). Whether you need to worry about this scenario depends on how paranoid you are and how much you value the secrecy of your files. If you do not check your mail often, you could enter the password each time. Or, if you are connected for long periods of time, you could run fetchmail -d , enter your password once, and let fetchmail pause between fetches. Carl
Re: *.deb vs. non package installs
$ external-package --installed perl 5.00502 There is a special package, named 'equivs', that lets you do this. That is, it allows you to specify to dpkg that a certain dependency is met. Carl
Re: OFFTOPIC: How about a /dev/clipboard ?
/dev/clipboard would require kernel modifications, and is probably not what you are lookign for. What WOULD be useful would be an X11 app that has the following feature: When you run this app from the command line, and send text to its standard input, the app places that text in the X clipboard. I have not found such an app, but it shouldn't be too hard to write since there is minimal interaction with X stuff. Carl
Re: OFFTOPIC: How about a /dev/clipboard ?
Assuming that you can get the output of your program into a file (via script or some other method), then you could use a native X editor to open the file, copy all the text, and paste it somewhere. I am surprised I didn't think of this earlier, but I don't use X much. Carl
Re: OFFTOPIC: How about a /dev/clipboard ?
/dev/clipboard would require kernel modifications, and is probably not what you are lookign for. I don't see why it would? Everything in /dev is run by the kernel; when you write or read a file in /dev, the kernel calls the appropriate driver functions to deal with it. Thus /dev/ttyS* interfaces with the serial driver, /dev/eth* with the ethernet drivers, etc. It would be a challenge to program something in the kernel to take care of the clipboard thing because: 1) You would have multiple users all using the same /dev/clipboard file 2) You would have to enforce quotas somehow 3) You would have to interface with X somehow. This is complicated by the fact that there may be several X sessions, and because the user who copies to /dev/clipboard may not own the X session she wants to copy the data into. The windowmaker thing, however, sounds like it provides the functionality that the guy was looking for. Carl
Re: redirecting ports from machine to machine
I think that the 'rinetd' package wil do this. Alternatively, you can write a daemon yourself to do it; something like the following, plugged into a normal inetd.conf, will do the trick. Note that nc is a seperate package, I think that the 'socket' program is similar but haven't used it. --cut #!/bin/sh #just open a connecton to the real server #my stdin/stdout represent the client (using inetd) /usr/bin/nc real-server-host port --cut Carl
Re: Installing from source
There is a package named 'alien' that can take care of some of this, depending on exactly what you are needing to install. What you do is to layout the files in some remote directory, like you would want them installed: /somewhere--etc/file1 | --usr/bin/\file2 | --- and so forth You can do this automtically with most makefiles by chainging the INSTALL_PREFIX or similar variable to point to some remote directory that you create for this purpose (then, 'make install' will put the files in that remote place.. just go slow.) You can also just build up the directories by hand. Make sure the permissions on all the files are correct. Then, cd to that remote directory. Notice that, in some sense, it is the root directory for your installation. What you will do is to package the files in this direcotry; then, when they are installed from the root directory, they will fall where they should. From that remote directory, run 'tar czvf package.tgz'. This will amke a file named 'package.tgz' that has all of the files that were in your current directory and below. Don't use the name 'package'! Now run 'alien package.tgz' as root - you will get a package.deb file. Now, run dpkg -i pacakge.deb. You cen rm the tgz file and the files in the remote directory. To uninstall, 'dpkg --purge package' will work. Carl
Re: fetchmail
1 message for linus159 at mail.server.se (4122 octets). reading message 1 of 1 (4122 octets) .fetchmail: SMTP listner doesn't like recipient address '[EMAIL PROTECTED]' fetchmail: can't even send to linus fetchmail: SMTP transaction error while fetching from mail.server.se fetchmail: Query status=10 try sending a mail message to '[EMAIL PROTECTED]' from any other mailer. If this bounces, then what you need to do is enable relaying for localhost. I assume you are using exim (it's the default now); for some strange reason, the configuration script does not enable realying from 127.0.0.1, which breaks a lot of things. I always have to go in and edit the exim.conf manually, although lately I have just begun to install smail instead. Someone else will need to tell you the syntax for the exim.conf line; I don't remember it and don't have a working copy available. Carl
Re: Starting programs on local x through telnet
From message [EMAIL PROTECTED] : Is it possible to start programs needing x to run through the net (telnet, rlogin ...). How do i tell them to use my screen? The program tells me its starting (it has a text output) and then doesn't do anything else (it's suposed to have a graphical interface). The remote system is a unix (one of the computers is running linux but it doesn't have all the relevant programs). Thanx To set your sidplay (using sh or bash) $ export DISPLAY=ip:0.0 i.e. export DISPLAY=152.30.5.1:0.0 Then, from an xterm in the xwindows session you have running, you need to use xhost or xauth to fix the permissions to allow other clients to connect. $ xhost + wll woprk but is insecure. RTFM about xhost and xauth. Carl Mummert -- FForgive my spelling, I'm on a dialup telnet connection...
Re: What to do with a tape drive?
in summary: yes, # tar czvf - * /dev/sct0 Should work. The easiest way to do incremental backups is to use a prewritten package. I used 'tob' for a while, and it worked fine, although you may have to spend an hour or two configuring it the first time. If you have relatively little data, why not just run a full backup each time? They are much simpler to restore. Also, you really need to investigate afio if you are serious about backups. While tar is great for making archives to be distributed over the net, afio is better at making backup archives (its more robust in the case of tape media failure). If anyone knows of a good place for general (i.e. not ftape specific) backup info, please let me or the list know. The ftape howto does have some stuff, but spends a lot of time talking about floppy tape issues, which go away when you use scsi tapes. Carl
Re: Backups Sharing
One solution: As root: # cd / # find . -xdev | afio -o -Z filename.afio xdev tells find not to go across a mount boundry, so you may have to list several root s for find, i.e. # find . /root /other/dir /somewhere/else -xdev | afio -o -Z filename.afio Of course, there a many ways to do this, some using tar, some using afio. I am sure you will get other suggestions as well.
Re: grab user's ip/tty on login
galactica: $USER logged in at `date` on $TTY from $IP Try the 'last' command,which parses wtmp and tells you who has logged in. $ last -10 -ad williams Tue May 11 07:39 - 07:40 (00:01) rn109022.wcu.edu mummert Tue May 11 07:37 still logged inrn109238.wcu.edu jjk Tue May 11 03:07 - 04:00 (00:53) rn105204.wcu.edu passmore Tue May 11 02:48 - 02:49 (00:00) rn120069.wcu.edu passmore Tue May 11 02:42 - 02:51 (00:09) rn120069.wcu.edu funk Tue May 11 02:02 - 02:14 (00:11) rn120028.wcu.edu tranthTue May 11 01:53 - 01:53 (00:00) ack.wcu.edu ftp Tue May 11 01:20 - 01:20 (00:00) www.smg.co.jp ftp Tue May 11 01:20 - 01:20 (00:00) www.smg.co.jp Carl
Re: logging uf su usage
I noticed this problem a while back. There is (was at the time) a bug against su because, somehow, the compile-time flag needed to enable this logging had been removed. I noticed this change when I upgraded from hamm to slink. My solution was to recompile su. It is in the shellutils package; you can just recompile su and copy it over, instead of recompiling everything, or otherwise you can make a new deb package and install it. Unfortunately, su is too sensitive a file for me to distribute my recompiled version. Carl
Re: logging uf su usage
From message [EMAIL PROTECTED] : ive downloaded the source and unpacked them already, almost ready to recompile. may i know how/where do I add this removed compile time flag thats needed to enable this logging ? chad from su.c: /* su for GNU. Run a shell with substitute user and group IDs. Copyright (C) 92, 93, 94, 95, 1996 Free Software Foundation, Inc. etc Compile-time options: -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog. -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog. -DSYSLOG_NON_ROOTLog all su's, not just those to root (UID 0). Never logs attempted su's to nonexistent accounts. */ After you run ./configre from the shellutils-1... directory, cd to src and edit the makefile there. Go to the sule to make su (it starts with su: ) and edit the command below to add whatever flags you want. ie gcc blah blah becomes gcc -DSTUFF blah blah then run 'make su' in the src directory. then tune 'strip su' then cp the su program somewhere, and chmod it to 4555 Carl
