"Linux Gazette...making Linux just a little more fun!"


The Answer Guy


By James T. Dennis, [email protected]
Starshine Technical Services, http://www.starshine.org/


Contents:


 Linux Control Panel

To: [email protected]

I have recently installed RedHat Linux ver 4.2 on my pc . My problem is that I cannot get the control-panel to work when I run startx or XDM . The panel comes up but I am unable to activiate any buttons in control-panel . I don't know what I did wrong or what to check ! Please help...

 Are you running it as root? Are there any interesting error messages in /var/log/messages? Are there any interesteing error messages back on the text console from which you ran "startx" (you can switch out of XFree86 with {Ctrl}+{Alt}+{Fx} -- where {Fx} is the function key that corresponds to any of you other virtual consoles). Are you sure you installed the Python and related libraries (last I heard all of the Red Hat GUI control panel stuff is written in Python).

As I've said several times -- I'm not a Red Hat specialist (although that is what I'm running here at the moment) and I barely use X (since I vastly prefer old fashion text mode).

Have they ever gotten a support line running that can answer questions that are specific to their code? (Hey! I wouldn't even object to a paid support line -- if it was good).

 Thank you for responding to my question I will look into the areas you suggested . However I have one other question that is how would I activate my modem from a Linux command line? I thought I needed the xwindow to do that in the first place.

 One of the virtues of Unix is that you don't need X Windows to do anything except run X applications -- there are other ways to access graphics (SVGALib, MGR) use your mouse (GPM) do cut and paste (GPM/select, 'screen'), provide task/session switching (virtual consoles, and 'screen'), do screen management ('splitvt', emacs) etc.

In answer to your question regarding modems: There are a number of programs that are included with the typical Linux distribution that may use your modem:

pppd is the PPP daemon -- it usually uses the 'chat' command to talk to the modem.

minicom is a vaguely Telix like ncurses terminal emulation package (Telix is a popular shareware MS-DOS program). It provides a fullscreen, color interface.

'cu' is a "call utility" usually associated with UUCP. It uses the UUCP configuration files for information about your modem -- if you have those configured. It's a very limited communications package -- that's only virtue is that it is small.

UUCP is a suite of programs -- of which the uucico program actually talks to the modem. You almost certainly are not planning on using this. However UUCP was (and still is) used as a mail, file, and netnews transport protocol for years before TCP/IP existed. I still use it for my mail.

C-Kermit is a communications package from Columbia University. You can fetch it freely -- but it can't be included with Linux (or other) CD-ROM collections of software due to it's licensing model. If you decide you like it you should buy a copy of the C-Kermit book by Frank da Cruz (the program's principal architect and head of the project since it's foundation).

C-Kermit is also a scripting language and can be used as a telnet or rlogin client, and Kermit is a file transfer protocol which can be used by C-Kermit over any communications channel that it can establish. I wrote an article for SysAdmin Magazine on the subject just a couple of months ago.

There are other program that access your modem if you want to use them, There's a SLIP package which usually controls the modem via 'dip' -- there's a variety of different "getty" implementations which "Get a tty" (terminal) so that you can log in from a terminal, or another system running a terminal package.

I use mgetty which not only allows incoming dial-up data connections but adds support for FAX and even voice/DTMF with some modems. That package also includes "sendfax" -- a program for outgoing faxes. efax is another package for support FAXes under Linux.

Judging from your earlier question regarding the Red Hat Control Panel I suspect that you're just interested in configuring your system for PPP access to your Internet service provider (ISP). There is a script floating around (on http://sunsite.unc.edu somewhere) called 'pppsetup'. I think this will allow you to setup your PPP configuration from a text console (I used plain old 'vi' and made my own configuration files -- so I've never used this -- though I've seen it recommended many times).

There are several HOW-TO's on configuring PPP (and SLIP) which can be found at http://sunsite.unc.edu/LDP/HOWTO Look for the ones that refer to "PPP" and "ISP."

Hope all of that helps.

-- Jim


 Linux Command Line Arguments

From: Ronald B. Simon [email protected]

Where can I find a list of the linux boot command line arguments? e-mail addresses:

 Look in the following HOW-TO document: BootPrompt HOWTO http://sunsite.unc.edu/LDP/HOWTO/BootPrompt-HOWTO.html

-- Jim


 More Random Crashes

Date: Fri, 01 Aug 1997 14:40:06 -0700
From: sloth [email protected]

Hi, I wrote to you a while ago with a problem regarding random crashes while installing Linux... I recently tried again, with exactly the same hardware but a different hard disk and the whole thing worked fine. unfortunately, the hdd i used was only and 80mb conner :). The hard disk i want to use is a 2.1 gb Quantum Fireball. When I try on this hard disk the computer locks up at a different place each time during the installation ( but only when it is decompressing the files). I have an IDE Hard disk controller.

h/w list:

any help would be much appreciated.

cheers, sloth...

 This new information about your situation suggests two possibilities:

1) Your HD is bad -- possibly it has some bad sectors that the drive electronics haven't mapped out, or possibly it's something more subtle.

2) Your controller (IDE) is incompatible with your HD and/or the combination of your HD and CD drive.

Some notes:

Any IDE drive that's over 540Mb requires an EIDE (enhanced IDE) controller/BIOS. There have been cases where specific IDE devices weren't compatible with one another -- where a particular combination of devices couldn't share the same IDE channel.

So, try getting a new EIDE controller and disabling the interface on the motherboard (or configuring the new on as a "secondary" IDE channel. Try running the two devices on the new EIDE controller if you can get it installed as the primary (but don't blindly trust the motherboard documentation -- I've heard that some of the "disable me" settings on some boards just don't work). Then try running the CD-ROM drive and the hard disk on separate channels (controllers).

If you can get a copy of Spinrite or the Norton Utilities for DOS then you might install a small DOS partition and run that on your Fireball. It might be able to map out any bad sectors.

If you get a new controller (which will be less expensive then buying either of the software packages I just mentioned) I'd try a a QuickPath Portfolio or a GSI brand multi-funtion card with 4 high speed (16550 UART) serial ports. The QuickPath is an ISA card (rather than taking up one of your PCI slots for a set of relatively slow interfaces) and is what I'm using in a couple of my machines here. It combines floppy, four serial, two parallel, two IDE channels and a game port (for 13 devices in all).

Hope that helps. Unfortunately the diversity and cheapness of PC hardware results in a diversity of inexplicable incompatibilities and a common "cheapness" in quality that's imposed by the competition. So, as much as I hate to recommend "black magic" experiments in new hardware -- it's frequently the most effective approach.

-- Jim


 More on Disk Defrag

Date: Mon, 4 Aug 1997 20:27:11 +0200
From: Markus Enzenberger [email protected]

...them in any Linux books that I have consulted. Is disk degragmentation not needed in maintaining a Linux file system?

 No, disk fragmentaion is a particular problem of the DOS FAT file system and its descendants. You can see the fragmentation status of one your partitions by running the e2fsck file system check program as root on an unmounted partition. It is run every boot time too. It will report the amount of non-contiguous files.

- Markus


 X-Windows is Crashing

Date: Sun, 13 Jul 1997 19:34:12 -0700
From: Gerramie Dinsel[email protected]

Hello. I am searching all over for an answer or a pointer to this problem:

I upgraded my memory from 18 megs to 48. Now, X-Windows crashes on me when I load FVWM2.. Odd, because XDM loads fine and will sit there, waiting, without crashing for as long as you want. Also, console mode works wonderfully...

Can you offer any help? Gerramie Dinsel

 The first guess might be that the new memory is bad -- and that you normal (console) usage -- and the overhead of xdm just doesn't "land" on the bad chips.

One way to test this would be to do something from console mode that will use *a lot* of memory. make's -j switch (to parallelize as many gcc processes as memory allows) is a good way to test for this sort of thing. Just make a new kernel (no need to even to an install of it -- just the make is fine).

If that runs O.K. than we have linked the problem X -- possibly to any graphical use of the card beyond xdm's. So we try to run X with no window manager and a minimal configuration file (no setting of special root images like xli, xloadimage, or xsetroot, no -16bpp or any of that).

It could be that your video card uses a region of address space (a video frame buffer). Look carefully in the configuration settings, or call the manufacturer's tech support. That's the most likely problem.

If you have access to another, simpler video card -- try swapping it in and seeing if that helps. If it does than you need to reconfigure that video card or use one that's better behaved.

If that doesn't help then it's just anyone's guess what's happening. Try rearranging the adapters in your card cage -- it may be that the video card is emanating some noise or crosstalk that's affecting your RAM. Re-arranging adapters used to be a time honored sport among PC technicians. I think it's more rare in the PCI era -- but you don't even mention what sort of bus your using -- and I have no information about your hardware. Besides -- it can't hurt.

If it still doesn't work try switching to 32Mb. This might be some weird chipset bug on your amount of RAM. More systems work with 16 or 32Mb of RAM than with 24 or 48Mb.

There are a plethora of parameters you can pass to the kernel for excluding specific memory address ranges from its use. They might help -- but I'd hate to have to experiment with them.

-- Jim


 Lynx and Frames

Date: Tue, 05 Aug 1997 02:48:26 -0700
From: Scott [email protected]

Hey Jim, Caught this quote in your article:

(Warning for Lynx users -- both of these sites use frames and neither bothers to put real content in the "noframes" section -- Yech!)

Current versions of lynx support frames and tables in a fairly nice and elegant fashion. They even handle cookies.

Check out http://lynx.browser.org

Just thought you should know. Sure, I use Netscape for some of my browsing and I hope to begin using Mnemonic soon. But for really fast, heavy-content oriented browsing, lynx on the console or in a color-xterm does the trick.

Scott

 Oh, I know that Lynx 2.7.1 can handle frames, by simply showing you a list of the available frames as a set of hot points at the top of the rendered page. I use Lynx for almost all of my web browsing.

The problem is that the HTML editors used by many sites don't put meaningful names on the frames so you get a list of: frame01.html, frame02.html, etc. instead of something like: navigation.html, main.html, toolbar.html etc.

It's as irritating as those sites that use large tableaus of image icons with no Alt="" attributes or imagemaps that with no sane information in the .map file. (The current Lynx can also handle most types of image maps.

-- Jim


 More on ftpd

Date: Tue, 05 Aug 1997 01:59:18 -0700
From: Benjamin Peikes [email protected]

Jim,

I am currently trying to set up some user accounts on our webserver so that other people working on their sites can ftp their files up and down easily. I am using wu.ftpd and have set up the line

guestgroup ftponly
in /etc/ftpaccess. I have also added the group into /etc/group and added the users name to the group. The problems is that everything seems to work correctly except that ls and dir return nothing during an ftp session.
  1. ftpd chroot's to the correct directory.
  2. ftpd changes to the correct home directory.
  3. you can upload and download files without any problems if you know the name of the files you want.
  4. I have made the directories world rwx just to make sure it wasn't a permissions problem.

I'm so close that it's driving me nuts. The main problem arises when people need to transfer entire directories. Most of them are using GUI driven ftp clients and the lack of directory listings kill those clients. I know there must be a simple solution. Any help would be great.

Ben

 You're probably having problems with the shared libraries or devices that are typically required by the ls command. Some version of ls require that you have a /dev/null and/or a /dev/tcp in order to work properly. Most versions of ls require some shared libraries and all of them require the existence of some of /etc/passwd and /etc/group files (even with completely fictional data in them) in order to resolve UID numbers into symbolic ownership information to display in long listings.

For real information about setting up wu-ftpd on any platform look at the following resources: http://www.landfield.com/wu-ftpd/ http://www.cetis.hvu.nl/~koos/we-ftpd-faq.html (Or, send mail with subject of "send faq" no quotes, body ignored).

... and information about the guestgroups feature in particular can be found at: http://www.landfield.com/wu-rtpd/guest-howto.html

... or ftp://ftp/fni/com/pub/wu-ftpd/guest-howto

A document describing virtual ftp servers: http://www.westnet.com/providers/multi-wu-ftpd.txt

Ftpaccess on virtual ftp servers ftp://ftp.meme.com/pub/software/wu-ftpd-2.4.2/README.ALT.FTPACCESS

Hope that covers it.

-- Jim


 DNS Problem

Date: Mon, 04 Aug 1997 18:31:36 -0700
From: Dr Ceezaer [email protected]

(Ping doesn't work -- but /etc/resolv.conf and /etc/hosts.conf are correct and nslookup works).

It used to work before I upgraded my library files (/lib and /usr/lib) so I don't think there is an error in /et/resolv.cfg

Well... I've solved the problem. First I re-installed Linux on a small 120 MB harddisk. By comparing all relevant directories I found that I had a file called libc.so.5 (no symlink) in /usr/X11R6/lib plus the normal one in /lib. By removing the file /usr/X11R6/lib/libc.so.5 it all works again :)

 Ahh the mysteries of the shared libraries. I've always wondered how the dynamic loading code searches for these .so (shared object) files. However I've never wondered enough to leave stray copies of them laying around.

 Well... I would need such a HOWTO, I didn't even got chroot to run...

 The only real trick is to do a 'cd' before trying to execute the command -- otherwise your process is very confused becuase it can't access its current working directory (cwd).

The other problem is that your target program must be contained in the chroot tree with any shared libraries and usually it will need a set of /etc/ files including the termcap and maybe a set of /usr/lib/terminfo files.

-- Jim


 Sendmail

Date:Sun, 10 aug 1997 14:4457 -0700
From: Stephen P. Smith [email protected]

When I send mail (using the mail program) to someone my reply to address is wrong. What sendmail is sending is [email protected] What I want is [email protected] What do I need to change to fix this

Stephen Smith

 You use the "masquerade" feature in your local sendmail configuration. I recommend that you use the m4 macro package to reate a new sendmail configuration.

First copy the old configuration. I like to use RCS -- the revision control system to track changes to my configuration files. Here's how you'd do that:

(As root)

		# cd /etc
		# mkdir RCS		
			(unless you already have one)
		# ci sendmail.cf	
			(checks the cf file into the RCS directory)
		# co -l sendmail.cf
			(checks it back out, locked for editing)

Now you want to create a sendmail "mc" file. This is a file that uses sendmail specific macros -- which is then processed by the m4 program to generate the full sendmail.cf. A typical sendmail.cf is over a 1000 lines long -- a typical "mc" file is less than 20.

Under my Red Hat installation the sample "mc" files are located in /usr/lib/sendmail-cf/cf/. You can put yours there, or you might use /usr/local/lib/sendmail (and perhaps add a symlink under the other path). This helps maintain the separation between your local changes and the distribution's files "as shipped."

I name my "mc" files after my hostnames -- so mine is "antares.mc." It looks like this:

divert(-1)
include(`../m4/cf.m4')
VERSIONID(`@(#)antares.uucp.mc	.9 (JTD) 8/11/95')
OSTYPE(`linux')

FEATURE(nodns)
FEATURE(nocanonify)
FEATURE(mailertable)
FEATURE(local_procmail)
FEATURE(allmasquerade)
FEATURE(always_add_domain)
FEATURE(masquerade_envelope)

MAILER(local)
MAILER(smtp)
MAILER(uucp)

MASQUERADE_AS(starshine.org)
SITECONFIG(uucp.antares, starshine.org, U)

define(`UUCP_RELAY', a2i)
define(`UUCPNAME', starshine)
define(`UUCPNODES', a2i)
define(`RELAY_HOST', a2i)
define(`RELAY_MAILER',uucp)
define(`SMART_HOST', uucp-dom:mailer)
define(`PSEUDONYMS', starshine|antares|antares.starshine.org|starshine.org)
undefine(`BITNET_RELAY')

I've seen some of these that end each line with a 'dnl' -- which is a macro to "do newline" -- I don't bother with that.

You'll want to ignore all the UUCP references and my SITECONFIG line (mine is also a UUCP reference -- so yours will be different -- preserve whatever is in the samples that mathc your current configuration).

What your interested in here is the various "masquerade" lines. Now you'd just 'cd' to the directory where you've created this "mc" file and issue a command like:

	m4 < $MYFILE > /etc/sendmail.cf

(where you replace $MYFILE with whatever you named your "mc" file, of course).

It's also possible to to simply add a line like:

DMisp.com

... directly to your /etc/sendmail.cf. DM "defines masquerading" to be for "isp.com" (from your earlier example). This is easier, on the one hand -- but learning the m4 configuration method will serve you well if you ever have to do upgrades to your sendmail -- and it's a valuable skill if you ever have to administer Unix systems as (or as part of) your work.

There are a variety of HOWTO's on configuring your mail to work well with your ISP. I don't have my PPP connection up at the moment -- but you should search the SSC web site (http://www.ssc.com) for the the HOWTO archive and look for the strings "ISP" and "mail."

-- Jim


 Linux PPP Server

Date: Sun, 10 Aug 1997 05:34:45 -0700
From: [email protected]

I have a Linux PPP server but I can not get my Windows95 client to do the "automatic" login. Sure, I can get it all to work if I check "bring up terminal window after connecting".

All I have is the login: prompt, followed by the Password: prompt then right into PPP.

What gives ?

TIA
-Rob

 Here's a URL that talks about getting Linux mgetty to work with Microsoft's infamous "AutoPPP":

ISP Resources - mgetty info(AutoPPP)

For more general information about mgetty look at: Mgetty + Sendfax Documentation Centre

-- Jim


 Linux/Unix Emulator

Date: Sun, 10 Aug 1997 05:30:18 -0700
From: Jun Liu [email protected]

Hi, Dear James,

First I'd like express my gratitude for your great work on the Linux Gazette. But for the Linux/Unix Emulator, I think you're somehow wrong. Actually there do exist at least one such product as far as I know. When I was staying in Japan, I've learned there're quite some people there use a software called BOW (namely BSD on Windows ), which is a BSD emulator for Windows. Check out http://www.ascii.co.jp/superascii/bow if you do know Japanese. In short, this is a BSD kernel emulator for 4.4BSD-Lite based BSD Unix program. It's said most BSD binaries (x86 certainly,character mode applications only, no X, no debuggers like gdb) can be run unmodified.

 Actually, there has been quite a bit of work on supporting Unix under NT. Cygnus Support (http://www.cygnus.com) has made quite a bit of progress with their GNU-Win32 Project

A couple of other sources worth noting are: OpenNT 2.0 Server Data Sheet UNIX to NT Resource Center

There was also a paper presented at the Anaheim USENIX conference this year:

The advantages are, you have the rich development environment from Unix, and the nice( ? ) UI from Windows as well as lots of Windows applications around all at the same time. It's said BOW Version 1.5 which is Windows95 compatible, is already published last year in May as a book and available in Japanese bookstores, priced at 9,800 yen with one floppy disk and one CD-ROM.

Hope this can be helpful.

Best regards.
Stefan

 Again, in the article to which you refer I was asking what the original person was asking for. Many Unix packages have been ported to NT, Windows '95, and DOS (emacs, perl, awk, most of the simple commands like grep, cp, find, and a couple of shells: Korn, bash) -- and it would certainly be possible to host some binaries under (ELF, iBCS).

At what point to NT become Unix?

-- Jim


 LILO Concerns

Date: Sun, 10 Aug 1997 03:50:35 -0700
From: Tibs [email protected]

I have been looking all over for an answer to my linux question...nobody seems able to help so I thought I'd ask you (liked the LG web stuff very much). I am about to take the plunge and install linux but I am concerned about how LILO will work on my system. I have two IDE drives on my system. The first is 1 gig and I have DOS, Win95, etc. on it and that's what I boot to. The second is divided into two 1.5 gig partitions, and 1 500 meg partition. I planned on putting linux on that last 500 meg partition.

 First: you'll want to learn how to use paragraphs. Break your question down into short steps so we can read it (particularly when we're doing the reading at 3:30 in the morning after hacking all day)

 .... The problem is that in order for my computer to recognize the full 3.5 gig capacity of the second hard drive, the hard drive installation floppy (it's a Maxtor) installed something called EZ-BIOS. So booting to DOS or Win95 now works and my BIOS recognizes all 3.5 gigs of the space. When I boot to a floppy I have to use the EZ-BIOS "boot to a:" option otherwise I can only access the first partition on the second drive. So when I install linux and add LILO, will LILO start doing stuff after the EZ-BIOS stuff loads? If so then it is not a problem but if LILO starts before EZ-BIOS does it's thing, then I don't think I'll be able to access my 500 meg partition. And since that's wherelinux would be, that would be a bit of a problem.

 You're using an alternative master boot program which will be incompatible with any other boot software.

You should use LOADLIN and forget all about LILO.

I've written about LOADLIN several times in this column -- so please look back through some of the pack issues for details.

 So I guess my question would be: 1. do you know anything about this EZ-BIOS stuff and it's compatibility with linux (the Maxtor people aren't helping with linux questions)

 The EZ-BIOS and the old Ontrack Disk Manager and similar drivers were originally created to allow DOS to see larger partitions (which they did by hooking into the BIOS Int 13H disk access routines before DOS was loaded -- by replacing the MBR). They have always been a bad idea.

Now that DOS supports partitions larger than 32Mb these programs have a different purpose -- to allow older systems to see IDE drives that are larger than 512Mb. The BIOS interface only supports a maximum of 1024 cylinders of up to 64 sectors each. A typical drive is less than 16 heads. This "geometry" gives a maximum of about 528Mb. It's possible to "lie" to some BIOS' and double the number of heads -- or even go up do 255 "virtual heads" -- the drive electronics will simply translate for you.

Essentially this is how SCSI and EIDE drives give you access to larger disks (up to about 9Gb).

Your other alternative is to get an EIDE controller and get rid of the non-standard software (sofware which isn't supported under OS that I know of, Linux, any Unix, FreeBSD, NT, OS/2 or anything other than DOS).

 2. is there some workaround that would still let me use linux if EZ-BIOS would be a problem (like using a boot floppy everytime I wanted to use linux, or something like that)

 You can probably just use LOADLIN. However you might have to cook up some weird boot time parameters (you can store them in the bathc file that invokes LOADLIN) to tell the kernel what the drive geometry really is -- so it doesn't step on anything.

Here are the two HOWTO documents you want to read:

Large Disk mini-HOWTO

Loadlin+Win95 mini-HOWTO

-- Jim


 Crypt

Date: Fri, 08 Aug 1997 20:47:11 -0700
From: David Saccon, [email protected]

Hi; I'm a Linux enthusiast bla bla bla, compliments for the good work, etc etc.

 Well, charmed I'm sure!

 I don't know if an e-mail to this address is the right way to ask you a question.

 It isn't really -- but most of the readers of Linux Gazette's "The Answer Guy" column haven't see the "tag@" address that I currently prefer.

 Please feel free to get rid of this mail if it bugs you. Anyway, my question is: where can I find an implementation of the fine tool "crypt" for Linux ? You know, "crypt <myfile >myfile.x password", and back to the clear text the same way.

 I'm not sure that the traditional Unix 'crypt' command is all that "fine." I'd suggest that you obtain a copy of PGP from one of the international sites that carry it.

(Please don't obtain it from any of my "free" fellow U.S. citizens -- since it would be illegal for them to exercise this particular form of free speech at this time. I'd like to apologize for the ludicrous attitude my government takes with regards to cryptographic software -- feel free to refer to the "Electronic Freedom Frontier" (http://www.eff.org) for more information about that).

 I haunted the internet for days but couldn't find it. I also tried something like this:


include "stdio.h"
include "unistd.h"
void main(int argc, char ** argv ) 
{
puts(crypt(argv[1], argv[2]))
}
but it doesn't work the same way.

Help!
Thank you
Davide Saccon

 There is a library function named "crypt" which is technically a "hash" rather than a cryptographic function -- it's used to compute the hash of a password for comparison to that which is stored in the second field each entry in the /etc/passwd file.

I've heard that the program named 'crypt' varies from one Unix implementation to another. I think its currently not included in many Linux distributions to the export (U.S. ITAR and related) restrictions to which I alluded earlier. Since many of the companies that produce these distributions are U.S. they would have to ensure that their products were for "domestic use" only if they were to include this on their CD's and in their FTP sites.

Here are a few sites I picked off of Yahoo! International PGP FAQ Guida Pratica a PGP Guida Pratica a PGP PGP User's Guide (in Italian -- 250K) The Crypto Chamber -- Italian Cryptographer's WorkBench.

There are other strong cryptographic products available internationally for other purposes. I think the new Linux "TCFS" (transparent cryptographic filesystem) is being done in Italy. TCFS is apparently similar to Matt Blaze's research on CFS -- it allows a Linux admin to create filesystems that are encrypted in such a away that users can have confidence that no other user access their files. Given its design is should be difficult even for the root user to compromise the cryptographic integrity of any local user -- and it should be impractical for remote systems.

Here's some more links for that: Transparent Cryptographic File System Project Page TCFS TCFA FAQ v1.7.7

Come to think of it STEL (a secure telnet) was also done in Italy. Seems that a lot of work on cryptography is coming out of your country. Obviously your government hasn't been interferring in this work. If you'd like to look at the sources for STEL I'd FTP over to ftp://idea.sec.dsi.unimi.it/cert-it/

Another set of useful cryptographic resources are in Eric A. Young's free implementation of Netscape's SSL (secure sockets layer) specification and a set of related applications (like ssltelnet and sslftp): SSLeay: SSLeay and SSLapps FAQ SSLeay: SSLeayand SSLapps FAQ

(This set of pages is an excellent resource for anyone that wants to learn anything about SSL).

Eric's work was instrumental in the development of the Stronghold web server by C2 Software Inc. (http://www.c2.net) (I recently published an interview with C2's founder, Sameer Parekh, in Linux Journal, if your interested).

And, of course, no discussion of Internet cryptography tools would be complete without a mention of Tatu Ylongen's SSH ssh (Secure Shell) ssh FAQ

-- Jim


 Apache 1.2.1

Date: Mon, 11 Aug 1997 13:53:14 -0700
From: Alf Stockton [email protected]
I am playing with Apache 1.2.1 and have it running well except that it won't run cgi scripts. If I give the full path in the command line of the browser the CGIs run fine but the server cannot/does not run these CGIs when I expect it to. Where can I turn for help? The Apache team don't appear too interested. I suspect that one of my config files is wrong but don't know enough to tell which.

 I wouldn't necessarily say that the Apache team isn't "interested." However, they far more interested in providing the software than in answering questions about it.

It sounds like you don't have your "ScriptAlias" set up correctly -- or you're trying to access a CGI script that isn't stored in one of the proper "ScriptAlias" directories.

Here are links to the relevant documentation pages at the Apache site (http://www.apache.org):

Apache: Configuration: ScriptAlias http://www.apache.org/docs/mod/mod_alias.html#scriptalias

Apache: FAQ: How do I enable CGI execution in directories other than the ScriptAlias? http://www.apache.org/docs/misc/FAQ.html#CGIoutsideScriptAlias

Another possibility is that you have built it with no CGI support. Apache has many compile-time configuration options -- include a large list of "modules" that can ben enabled or disabled. However I'm sure that it would take some work to build Apache with no CGI support -- so I think this possibility is remote.

-- Jim


 Red Hat Questions

From: Brent Johnson [email protected]

So are you the answer guy and can you answer a very important question for me?

 I appear to have been dubbed "The Answer Guy" (it wasn't a self-appointment -- but I did volunteer for it).

I can certainly answer any question. Answering it correctly and usefully are not as sure a bet -- but I'll try.

 I first heard about RedHat's Linux distribution about a year ago and there was no way Slackware could compete to the easy installation procedure, RPMS, and other great features included in RedHat.

But, ever since I moved to RedHat Ive had a terrible gcc compiler problem. This has happened to me on two different machines... on the first Id assumed it was some memory problem (as in hardware), but now Im on a totally different machine that has (or shouldnt have) any memory problem.

Everytime I try and compile anything (Apache 1.2.1 for example)... it gets to about the 3rd or 4th .c file, and it bombs out with the following error:

gcc -c -Iregex  -O2 -DLINUX=2   util_date.c
gcc -c -Iregex  -O2 -DLINUX=2   util_snprintf.c
gcc: Internal compiler error: program cc1 got fatal signal 11
make: *** [util_snprintf.o] Error 1

It happens at different times on different .c files when compiling different things. Any help would be greatly appreciated... a Unix system with a defective compiler or defective hardware is almost useless!

- Brent

 I notice that you haven't told me *which version* of Red Hat you're working with. However I've used 3.03, 4.0, 4.1, and 4.2 -- and I think I remember playing with an earlier one before 3.03 and I never saw this behavior from gcc.

I did get it from my original copy of minicom anytime I was running in an extended video mode and trying to use the dialer (and not when issuing the same dialing function as a direct ATDT command from the terminal window). In this case I suspect there was a bug in the ncurses calls being made by minicom. In any event I switched to CKermit and forgot all about it.

In your case the signal 11 (SEGV) is probably not caused by curses/ncurses calls.

Do you have a swap partition or file? If so, have you tried disabling it (possibly creating a new one temporarily)? If you have a defect on the disk you could get a SEGV from some piece of data/code that gets swapped out, read back in (with errors) and subsequently used by the running process.

If you don't have a swap partition or file you might just be running out of RAM completely. gcc does use up quite a bit of memory -- so I'd suggest at least 32Mb virtual memory (RAM + swap) available when running it (you could certainly ask the FSF for more specific recommendations -- this is just my unsubstantiated and untested suggestion).

When you installed, did you let Red Hat's install routine perform thorough block checking while it was making filesystems? If not, try re-installing and enabling that (in case you hit some bad spots on your disk and you have corrupted gcc binaries).

This is extremely unlikely to be related to your distribution, but you could try installing Slackware to see if its gcc works on this system -- or you could try booting up in single user mode and just run a few test "make's" from a simple shell line (no emacs M-x shell mode, no X Windows, no "integrated dev. environment" nothing else running).

If you still get SEGV's then, you want to find some other sort of memory intensive program to run as a test -- to see what else will die. It may be worth extracting the RAM and taking it to a good hardware tester -- and/or removing any ethernet cards or unecessary adapters for other tests.

These sorts of things can be very frustrating to track down regardless of OS. If you have a copy of DOS and an old copy of Norton Utilities (version 8 or later) you could boot that up and run NDIAGS.EXE. There are several other diagnostics packages that were available before it -- but NU is still my personal favorite untill the Linux crowd does up a suite of them. Unfortunately the results of any software diagnostics package aren't definitive -- they can detect trouble -- but they can't "prove" that there isn't any hardware problem.

I suppose, for some systems, particularly some 386's and 386SX's, you might also try twiddling the CMOS "wait states" settings. Those used to make a difference -- particularly with earlier generations of "3-chip" SIMM's. Apparently in the early attempts to use SIMM's with three chips (two four bit chips and a parity bit chip) there were some slight timing differences between the "signal settling" characteristics -- so the parity bit wouldn't "settle" before the system was trying to read the memory. This resulted in parity errors if the systems were set for "zero wait states" -- and was generally solved by changing the CMOS settings.

(I've never heard of a Pentium system or any system using 72-pin SIMM's having these problems -- but that doesn't mean it's not worth looking in your "advanced" CMOS and trying some experiments therein).

I hope some of this helps.

-- Jim


 PPP and Internet MCI

From: Demosthenes [email protected]
Subject: Re: PPP and InternetMCI

Hey there, I've been reading through your column from August in the Linux Gazette, and ran across the gentleman's question regarding GTE's internet services.

I'm trying to switch over to MCI from a local ISP, and I'm having some of the oddest connection problems. I use PAP currently with my local ISP, and MCI is supposed to use PAP/CHAP (one, the other, or both :P). I beleive i have everything setup properly, as I don't get any rejections from PAP/CHAP, but after a few seconds of modem activity with the server, MCI just hangs up. I did misspell something before, and got a PAP rejection, and I've got full debugging logs regarding the connection, but I can't make much sense of them. I know the server isn't asking for MS-CHAP (chap 80, vs chap 05). It looks like it dies during the configuration. I'm not sure.

Do you have any information regarding connecting to InternetMCI via Linux? MCI tech support is clueless, and I can't even get someone that knows how their own software works on the phone.

Any help would be highly appreciated, and I'd be more than glad to share my debugging logs if you think they will help.

Thanks again!

Russell Adams

 My first impulse is to say "vote with your feet." Fire off a polite, assertive, note to their VP of Customer Service and go find a Linux/Unix friendly ISP with quality tech support (and maybe spend a little more in the process).

My provider isn't the cheapest -- and isn't even the friendliest -- but they understand Unix and they provide quality service (refusing to structure their rates to "compete" with an unreasonable "quality of service" -- i.e. I get few busy signals).

That bit of non-technical advice aside I'd ask: What are your MTU and related parameters?

You could send the logging output -- but it would probably be as incomprehensible to me as it is to you. I've never set up a PAP/CHAP system (yet). However I'll look at them and suggest some experiments.

-- Jim


 Enabling Automounter on a Linux Notebook

From: Dennis Dai [email protected]

Hi, Jim

I think I need to ask you for help. My problem is:

Originally I have a 1.6G HD. Last month I bought a new one (3.2G) in order to accommodate linux and NT. I placed the swap partition in the very last part of the new harddisk (it seems that this is a bad idea, isn't it?) which is hdc8 and initialized it without problem. After a while, I made a new NTFS partition for NT which resides in front of the swap partition (I installed NT system on one of my original HD's partition which is hda7), then I moved some of my data on the new NTFS partition. But after I booted up to linux, I realized that the swap partition didn't initialized properly, so I issue a command like this:

mkswap /dev/hdc8

And this was how I screwed up things. Actually the new NTFS partition became hdc8, and the original swap partition became hdc9. Now I can't access the new NTFS partition from NT!

Immediately after I issued that command, I realized that I made a big mistake so I issued a "free" command and it showed that the swap partition (which is my NTFS partition) was not used.

So I think I still have hope to retrieve the data on my NTFS partition. I know they are still there, just I can't get them out.

I posted this to linux newsgroups, and received some kind response that suggested me to use linux fdisk to change the partition type to NT one. But I did check that, it is still NTFS (actually HPFS under linux fdisk). Others suggested me to zero out the first 512 byte of that partition as part of the recovery, but since I am not quite familiar with that I didn't dare to do that.

So I hope you can get me out of the hole. Thanks in advance.

 Well, I haven't done regular data recovery for a few years (since I left Symantec' Peter Norton Tech Support Department). It's not something that I can do via e-mail (or for free) -- and I don't know diddly about the internals of NTFS (or HPFS or ext2fs for that matter).

You best bet, of course, is to have recent backups from which you can recover. I don't know why they were suggesting that you blast the boot record (the first 512 bytes of a partition is the "logical boot record" or "superblock" while the first 512 bytes of a drive is the "master boot record" or MBR). Perhaps they believe that NT will be able to recover from this. If I was to do anything with the LBR I'd go to a different machine, create a new NTFS partition that was indentical in size and configuration to the one you think you've damaged, and use a disk editor (or a Linux dd command) to cut and paste that from the other machine onto the allegedly damaged partition.

Before doing much of that I'd suggest do a dump to tape of the entire raw device (using 'dd'). This may allow you to return to the current state of brokenness after you've made unsuccessful attempts at repair.

I don't recommend these procedures (disk surgery) unless the data on that drive is very important to you (and otherwise unreproducable) or you really like playing with hex editors.

If it's of considerable financial value to you -- I'd suggested making a dump tape, extracting the drive from the system and sending it to a data recovery specialist.

-- Jim


 X Locks Monitor

From: Gord Urquhart [email protected]

I have found when playing with my Xconfig I could get my monitor (MAG15) to go into power saving state (with a resulting black monitor) when I changed the pre and post sections of the horizontal scan line timings (I can't remember the proper names of these), to certain values.

gord u.

 ... and? ...

You can also cause a monitor to permanently damage itself if you play with those long (wrong) enough. This is well known and noted in the XFree86 configuration file.

So, what's the point of this message? Or is it just a stray observation?

-- Jim


 Pop3d That Doesn't Use /etc/passwd

From: Benjamin Peikes [email protected]

Do you know if there is a pop3d that does not use /etc/passwd? I want to set up mail only accounts for some people but in.pop3d that I have uses /etc/passwd. I want to set up accounts that sendmail knows how to deliver for but I don't want to put these people in /etc/passwd because then I have to worry about all the other services on the machine. Have you heard of some daemon that will do this, or a set of packages that will do this type of seperate user management? Thanks.

Ben

 Ultimately this issue of restricting specific classes of users to specific services on a system is goes way beyond the particular services you pick. PAM (the pluggable authentication modules) is supposed to solve this problem eventually. That is already included with recent versions of the RedHat distributions (and with recent Solaris releases). However it is still evolving -- so few of us have any idea how to "do it right." (A fact which leads to an understandable lack of confidence in recommending it).

So, getting back to the original question:

What POP daemon supports a user/password database that's distinct from the one used by other Unix services (/etc/passwd)?

I've heard the rumor that this can be done in qpopper but I'd like to confirm that. So I go to Yahoo! and issue the "+qpopper +account" search and get:

There is: http://www.hdshg.com/fixes/mail_patch/

... which is supposed to be a patch to qpopper to allow this. However I couldn't connect to and I couldn't find any mirror of it even after several hours of trying.

I traversed a number of links searching on strings like "+pop3 +passwd +passwd +separate" and various permuations. This was the only firm reference I found.

Another approach would be to create a custom chroot environment. This isn't as hard as it sounds. The hard part is making your binary statically linked or including the necessary libraries. The other thing you'll have to consider is whether you want the POP-only accounts to use their own "virtual mail host" (requires an IP alias or an additional interface) or whether you your smtpd to run in the same chroot "jail" -- then requiring any local account holders to also use POP (perhaps using the fetchmail client to the "localhost" target).

Here are some of the links that have more information on mail and POP in general.

Harker's sendmail References Page

Mr. Harker gives seminars and classes in sendmail

Free Servers from Eudora: Servers

Qualcomm, publishers of Eudora, also are the source of qpopper.

POP/IMAP FAQ

Passwdd/Passwd -- An authentication Daemon/Client

This isn't mail related specfically -- but relates to alternative authentication model -- a passwd daemon running on a privileged TCP port via inetd. It shows examples for supporting Eudora/APOP and using alternate passwd files. /pub/smtpd directory -- Similar to TIS FWTK smapd

Running a simpler, perhaps unprivileged smtpd to toss incoming mail into the queue is considered to be a good idea -- for isolating sendmail (which is large, powerful, complex, and has a long history of compromises). http://www.qmail.org The qmail Page

An alternative to running sendmail at all. I won't get into this debate -- I'm just including it in this list because I'll receive lots of unnecessary mail if I don't. MH Message Handler Home Page

The Rand MH is a particular mail user agent -- actually a set of programs for working with mail from a shell command line. There are several packages that provide full screen interfaces to this -- including an emacs mode/package, mh-e, which is what I use. Scripts and Patches for ISP's 4th UNIX SECURITY SYMPOSIUM -- Sendmail w/o Superuser How to Get There From Here -- Scaling e-mail to the enterprise Linux: Server-Linux FAQ

I hope all of this helps.

-- Jim


 Configuration of Two Ethernet Cards

From: Carlos Gonzalez Andrade [email protected]
Date: Mon, 11 Aug 1997 23:40:16 -0700

Hi Jim.

I have a question about some problems i have while I was seting up 2 ether cards.

first . the device eth1 is not recognized when I add the line append = ether=0,0,eth1 into the lilo.conf.

 You should consider putting the I/O base address, the IRQ, and any DMA or memory address information into this append clause in place of those zero's.

You can test these by entering them at the LILO prompt (interactively, during boot) before editing the /etc/lilo.conf file.

 second . What files are necesary to set up to configure two IP address for my machine and get runing my gateway?

I will apreciate your answer

 This depends on which distribution you're using and how closely you want to stick to their configuration conventions. Minimally all you need is a script file (typically located under /etc/rc.d/ and invoked by the rc.local) with calls to the 'ifconfig,' and a 'route add' command or two. Under Red Hat's SysV init system you'd leave your rc.d files alone and edit some file under your /etc/sysconfig/network-scripts/ directory (ifcfg-eth0, and ifcfg-eth1 if I recall correctly -- it should be obvious by browsing through those files).

-- Jim


 Attaching a Console to a PC

To: Benjamin Peikes [email protected]
Date: Mon, 11 Aug 1997 23:14:37 -0700

Jim,

I'm not sure if you are the right person to ask but I figured you would be a good place to start. I have a handful of PC's that I need to be able to watch as they boot. What I would like to do is connect a dumb terminal(old laptop) to a rs-232 switch box and then be able to switch to any of the machines as I boot them. I was wondering if you knew any way to do this. Thanks.

Ben Peikes

 It is possible to use a serial terminal as a console for Linux -- given some patches. With some PC hardware you'll have to leave the video card in their -- though you don't need a monitor attached.

Unfortunately I don't remember where I saw these patches. I'd so a search on "+Linux +serial +console" (using the Yahoo! convention of preceding "required" terms with "plus" signs).

-- Jim


Previous "Answer Guy" Columns

Answer Guy #1, January 1997
Answer Guy #2, February 1997
Answer Guy #3, March 1997
Answer Guy #4, April 1997
Answer Guy #5, May 1997
Answer Guy #6, June 1997
Answer Guy #7, July 1997
Answer Guy #8, August 1997


Copyright © 1997, James T. Dennis
Published in Issue 21 of the Linux Gazette September 1997


[ TABLE OF 
CONTENTS ] [ FRONT PAGE ]  Back  Next