August 2002, Issue 81 Published by Linux Journal
Front Page | Back Issues | FAQ | MirrorsThe Answer Gang knowledge base (your Linux questions here!)
Search
Editor: Michael Orr
Technical Editor: Heather Stern
Senior Contributing Editor: Jim Dennis
Contributing Editors: Ben Okopnik, Dan Wilder, Don Marti
![[tm]](../gx/tm.gif)
,
http://www.linuxgazette.net/
The Mailbag
Send tech-support questions, Tips, answers and article ideas to The Answer Gang <tag@lists.linuxgazette.net>. Other mail (including questions or comments about the Gazette itself) should go to <gazette@linuxgazette.net>. All material sent to either of these addresses will be considered for publication in the next issue. Please send answers to the original querent too, so that s/he can get the answer without waiting for the next issue.
Unanswered questions might appear here. Questions with answers--or answers only--appear in The Answer Gang, 2-Cent Tips, or here, depending on their content. There is no guarantee that questions will ever be answered, especially if not related to Linux.
Before asking a question, please check the Linux Gazette FAQ (for questions about the Gazette) or The Answer Gang Knowledge Base (for questions about Linux) to see if it has been answered there.
Linux terminal services server can't connect to internet via networkGreat eZine. I think the typos, editorial asides and comments, and rough edits are endearing and "personalizing" experience for the linux enthusiasts. Your nitpicking detractors obviously are ignorant of the fact that LG is a labor of love in what seems to be in the spirit of the open source environment. I know this is a terribly long-winded question, so I apologize in advance.
Thanks, Pat. As for long questions, it's okay. We like that you actually made some effort ahead of time. In fact since we didn't reply to your detailed request I have to assume we're stumped, so I'm letting the readers take a crack at it. -- Heather
I have a stumper that I can't seem to get answered. I suspect this is more of a two-NIC network question than a LTSP or K12LTSP question.
I have been testing terminal services. I couldn't really get the actual LTSP working properly (something wrong with X on the client that I couldn't figure out,) so I downloaded and installed the K12LTSP version of Redhat7.2.
This is a great version that offers LTSP as an install option and it works great right out of the box. My clients log right in and can utilize terminal services perfectly. However, on my normal installations of Redhat, I can assign a static IP to the linux PC and use my Win2K gateway to surf the internet. But when I install the LTSP'ized version with two NICs, I can ping the gateway, the gateway can ping the LTSP server, but I can't surf the internet. I think I've tried just about everything to try and use the gateway for internet access. If I can get the LTSP server on the internet via the gateway, then I believe the LTSP clients will fall into place, as well.
Some details.
My network "server" is actually a Win2k PC with internet connection sharing.
I use VNC to virtually connect to the gateway to open and close dial in connections to the internet. I have to use win2k because I need an "internet answering machine" to answer the phone when I am online and there is no linux support in this area (living in the sticks, as I do, also makes separate lines very much cost prohibitive for dial in access to the internet.)
The terminal services PC has two NICs. ETH0 attached to the terminal services clients via a 3com switch. ETH1 is attached via an additional switch to my network.
I might have a problem with the way the subnets are setup:
ETH0 is assigned by the K12LTSP default install to 192.168.0.254 and serves the LTSP clients .100 to .253.
ETH1 also gets its 192.168.0.x IP address either manually or through DHCP from the network. It doesn't matter if I manually assign the IP or let DHCP handle the IP asignment, but I have known for years that if I let DHCP handle the assignment, I can't surf, so I just use 192.168.0.88. This may be because the DHCP services via Windows Internet COnnection Sharing aren't really full DHCP.
My win2k gateway PC is 192.168.0.1 and I always enter this address as the DNS server.
I tried to manually change the LTSP subnet on ETH0 to 192.168.1.254, etc., but I'm not sure this is the problem. Does the fact that the two subnets are using the same subnet scheme create the problem? I could see if the clients couldn't surf, then that may be the case, but the LTSP gateway can't surf.
After about 30 installs, different configurations, etc., I'm not sure where to go further with this issue. Can I provide some conf files that might give you an idea of where I need to go? Is this DNS or a route problem? Can the same IP adress scheme be used because the subnets are on different NICs, or is this the problem? Can you push me in the right direction of where to get some help?
Thanks for your help.
Pls Help (Squid/2000)Hello ,
I've installed Squid-2.5.PRE8 & Samba 2.2.5 on RedHat Linux 7.1.So i wanted to authenticate windows 2000 users in Squid.So i've install the Winbind & configure as per the documentation available on the net , link is attached pls see(Authentication tab). http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 <http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5>;
After doing all the things successfully...when i run the squid it gives the message like this...
[root@gnspl-prx bin]# ./squid 2002/07/15 10:46:23| Parsing Config File: Unknown authentication scheme 'ntlm'. 2002/07/15 10:46:23| Parsing Config File: Unknown authentication scheme 'ntlm'. 2002/07/15 10:46:23| Parsing Config File: Unknown authentication scheme 'ntlm'. 2002/07/15 10:46:23| Parsing Config File: Unknown authentication scheme 'ntlm'. 2002/07/15 10:46:23| squid.conf line 1746: http_access allow manager localhost localh 2002/07/15 10:46:23| aclParseAccessLine: ACL name 'localh' not found. 2002/07/15 10:46:23| aclParseAclLine: IGNORING: Proxy Auth ACL 'acl AuthorizedUsers proxy_auth REQUIRED' because no authentication schemes are fully configured. 2002/07/15 10:46:23| aclParseAclLine: IGNORING invalid ACL: acl AuthorizedUsers proxy_auth REQUIRED 2002/07/15 10:46:23| squid.conf line 1751: http_access allow all AuthorizedUsers 2002/07/15 10:46:23| aclParseAccessLine: ACL name 'AuthorizedUsers' not found. 2002/07/15 10:46:23| Squid is already running! Process ID 9957 [root@gnspl-prx bin]#
Pls guide me...
Thanks.
Regards,
Vikas Kanodia
This is a bit more complicated than the stuff Thomas' "Weekend Mechanic" column covered in issue 78 (http://linuxgazette.net/issue78/adam.html) -- anybody care to help him out?
Some articles on living the life of a Windows server when you're really a Linux box would be cool, too. -- Heather
suggestion for link...hi
i went to www.linuxgazette.com and tried to find a 'subscribe to paper version' link to send to a coworker, but could not find one.
if you could please let me know of such a site, and include a link to
it on the main page..
DG
Maybe we should put a link on the mirrors page about paper copies to the FAQ entry for which formats LG isn't available in, since it describes how to make quality printouts. -- Heather
Attention publishers, there continues to be high demand for a print version of LG .
LG is not available in printed format. Since it's freely redistributable, anybody has the right to offer this service. Since nobody has done this in the six years LG has been in existence, even though there have been numerous requests, one has to consider why. It costs money to print and deliver a paper version, and the subscription rate would be higher than most people would be willing to pay. Those outside the publisher's own country or region can forget it; the mailing cost alone would be prohibitably high. Plus there's the labor-intensive world of "subscription fulfillment": taking down names and addresses, processing payments, updating addresses, etc. It can't all be automated, unless you can somehow wave a wand and get everybody to fill out the forms perfectly correctly every time.
Commercial magazines can justify all these costs by building a business around selling advertisement space, but LG does not accept advertisements. Consumer Reports don't accept advertising either, but again they have built a whole business around it. One can't see the incentive for building such a business around Linux Gazette , especially since Linux print magazines are already available. (Unashamed plug for Linux Journal .) -- Mike
Finding a Windows user's home directory from LinuxGreetings,
I've decided to try and integrate a RedHat 7.3 computer into our Windows NT domain based network, going for that brass ring of single sign-on and integrating the Windows necessities - access to Windows print queues and Windows file servers.
I have successfully implemented winbind (and samba, natch) under RedHat 7.3 and am now able to log on using a Windows domain based user name and password. Through a little more research and such, I have Linux configured so the user directory is setup automatically when the Windows user logs in for the first time, printconf makes it easy to connect to an SMB-based print queue and LinNeighborhood helps locate and mount SMB file shares. The only missing piece of the puzzle, as far as I'm concerned at the moment, is mapping the Windows user's home directory (which is a share on an SMB server) to a subfolder under their Linux home directory. I'm certain that I can accomplish the automatic mapping using the PAM module pam_mount (available at http://pam-mount.conectevil.com if anyone's interested in a look), it's retrieving the user's Windows home directory that eludes me.
Thus my question is this: How can I retrieve the Windows user's home directory, that elusive little string that will complete my puzzle, from my Red Hat system?
Many thanks,
Dee Abson, MCSE
Okay, this question has two parts. As an MCSE he may already know where MSwin keeps this valuable information stored; what he needs to know is how to make Linux properly ask for it, or dig it up across the shares.
It wouldn't be as easy as running 'grep' against some plaintext file, or maybe in a pipeline combined with 'strings'... would it? If it would, is that a security problem?
p.s. Don't attach HTML along with the plaintext. It's so messy and sent 3 times the text for the exact same message. -- Heather
article idea - making the minidistroHi,
This article idea may sound silly. I don't even know how to describe the topic, but here it goes...
For some time now, I've been thinking of developing a minimal/modular Linux distribution designed to allow small businesses to use Linux for their server needs rather then the M$ solutions. This idea is inspired partially by PizzaBox file server that Kyzo (http://www.kyzo.com/free_stuff.html) made available a few years ago, but their product is crippled and not Open Source. The same is partially true for http://www.guardiandigital.com and their excellent product.
Anyway, my problem is that I don't know where to start. I've looked at "Linux From Scratch" and "BYO Linux", but the most helpful information came from "Building Tiny Linux Systems with Busybox" Parts 1 through 3, published in ELJ. The three articles did help me understand some fundamentals and allowed me to actually plan my next step more intelligently.
Imagine having a modular Linux-based server that consists of a core and modules. The core will contain the basic services (kernel, security, networking, dhcp, etc. Web-based administration of all services should be available as well as equivalent console-based administration. Typical Modules will be a Web Server module, Workgroup File Server module, Mail Server module, Firewall module, FTP module, etc. All modules should be independent of each other and include their respective web and console-based administration components.
In other words if I want just a file server, then I install the core and file server module only. If I want a file and mail server then I install the core, file and mail modules and that's it.
Here is yet another requirement: The core and all modules must have the smallest possible memory footprint reasonably possible. I like uClibc, BusyBox and TinyLogin because they all fit on a floppy. Why can't the core and each installable module fit on one or two installation floppies? That will be easy to download and install unlike a 600meg ISO.
As you can probably tell, I know where I want to go, but don't know how to get there. Maybe my whole idea is flawed due to my lack of knowledge. An article or articles on how to build that unique Linux mini-distribution will be great.
Whew...
Thanks for the time
Tony Tonchev
Hmm, let me see if I have this right. You want to be able to do all these cool things, where maybe the real core fits on one floppy, and maybe each "module" as you put it (not to be confused with kernel modules) fits on a floppy of its own. Load up enough of them and you have the dream server, which fit in your lunchbox or purse.
I note that a 196 MB cd-rom fits in the same space as one floppy (except that it's slimmer). But you're right - watching someone take us through this process of development would be a great article.
You may want to keep an eye on current development in the LNX-BBC project. Nope, it has nothing to do with Britain's prime television station. It's what happens when you use cloop compression to cram a fairly usable Linux setup on a 50 MB "bootable business card" . Think LNX = squished LiNuX. Since you're interested in rolling your own, I recommend reading about the new GAR setup and, quite literally, checking it out. (http://www.lnx-bbc.org)
There are piles of specialized "mini distros" out there. This request clearly aims towards the general use setup. A making-of article for any of the minis might be fun to see, though. -- Heather
IMAPHi Heather,
Just read your TAG about IMAP. You're right that Courier-IMAP is the best.... run ith with Postfix instead of sendmail and you'll be even happier. Then mix in Sqwebmail (from Courier's author) and you'll be REALLY spoiled.
Just for grins, I mixed in OpenLDAP, and now have a server with no Unix accounts, full IMAP/Pop/WebMail capability, and very easy to maintain.
I use sylpheed as a mail client so far -- gotta try Evolution sometime. The OpenLDAP handles the address book too.
-Scott
LG #80: add to `Red Hat and USB devices'hi lg team,
i have a little add to the article `Red Hat and USB devices' in you current issue.
the missed kernel config files from the different redhat default kernels are located in /usr/src/linux-*/configs.
greetings, daniel
Normally I don't leave sig blocks in, but since we occasionally get requests asking us about free ISPs who cater to linux users... this isn't specifically an endorsement, but you're all welcome to go look. -- Heather
Get your free email from www.linuxmail.org
Using debug to write fresh MBRA recent follow-up to my MBR-rewriting article: a guy who had an E: drive (yup, Wind*ws) that he wanted to blow off contacted me - seems that Partition Magic wouldn't touch it as it was. He either didn't want to or didn't know how to open up the machine and swap cables, so I tweaked that debug program for him:
Original ----------- mov dx,9000 mov es,dx xor bx,bx mov cx,0001 mov dx,0080 mov ax,0301 int 13 int 20 -----------
Change the numbers in "mov dx,0080" for the appropriate drive:
hda C: 0080 hdb D: 0081 hdc E: 0082
Worked like a charm, according to the very happy fella.
MirrorsA question. Do you pay your Mirrors?
No.
They don't pay us, either.
-- Dan Wilder
No. The mirrors are run by people who want to host a mirror.
You didn't ask, but none of the LG staff is paid either, we're all volunteers. I'm the only one who's "paid", but paid in the sense that SSC donates some of my work time to LG. (I normally do web application and sysadmin stuff for Linux Journal.)
-- Mike Orr, Editor, Linux Gazette
Re: [LG 76] mailbag #1 cybercoffee shop
I just want to make a small mention of our own little cybercafe... we're
not gurus but we're definitely geeks here.
Sandra Guzdek (waving hi to Heather Stern)
Sip N Surf Cybercafe
Eugene, OR
Hi Sandra! (Sandra is the webmaster at one of my client sites.) Thanks to Sandra I also found a really cool search engine specific to hunting up internet coffeshops and kiosks - http://cybercaptive.com - which may be a little spotty since it relies on visitor reports, but at least it's international in scope. I was kind of amused when I looked up San Jose and had to pick through the entries checking that I was finding places in California. -- Heather
Sweet...As a long time self-taught user of Linux/Unix/Ultrix (and several other flavours), I've become addicted to such handy tools as vi, grep, sed, awk, ctags, and the bazillion other little utilities that can be so artisticly chained together to produce the desired results. I've stumbled across your LG archives, and all I can say is "WOAH!" I'm going to have to find myself a text-to-speech translator so I can read/listen-to all of this good stuff whilst at work, because there's just so much in here. Thanks for such a fabulous (and fun!) resource...
-tim chase
On behald of everbody here, THANKS! BTW, I've heard festival (http://www.cstr.ed.ac.uk/projects/festival) is pretty nice. Lots of things at Freshmeat that are supposed to use speech really use either it or ViaVoice under the hood. -- Heather
Ideas, huh?Home-brew hardware plans! Genertic GPL motherboard designs, SCSI cards, video, audio, PCI modems, NICs...everything Microsoft is trying to corner the market on. Some people feel Linux has only ten good years left if the current trend continues.
Some people believe that the Moon is made of green cheese and that big-bellied Santa Claus (with a sack of presents, no less) comes down a foot-wide chimney. "Other people are/think/do" is a very poor reason for doing something; I prefer to believe that people are _not_ sheep. -- Ben
Since the anti-trust suit, Microsoft's political contribution budget has gone from $100,000 per year to over $6.1 million, and now they're trying to get manufacturers to implement Microsoft-specific anti-piracy security measures directly at the hardware level (called "Paladium").
And those who do will end up in the same toilet as the winmodem/ winprinter manufacturers: the domain of the ignorant. I think that lesson has been well ingrained. There's a small market out there that sells to the gullible, but the whole world certainly isn't about to switch en masse. -- Ben
The only true solution I can see is to go back to the days of bread-boarding our own hardware in Dad's garage...public domain circuit designs from electronic hobbyist magazines and soldering irons. We've "de-marketized" software. Why not the hardware, too? If we can create the greatest operating system on the planet, imagine what Linux users can do with computers themselves. It would be nice to have something no organization or agency can legally touch or ruin for a buck. A collection of Linux-friendly hardware diagrams in the public domain that anyone can produce for the cost of parts alone. Our own hardware would completely end our dependency on third-party drivers and vulnerability to corporate rail-roading. I think creating our own hardware database would be the best move we could ever make.
Regards
I believe that you're seriously underestimating the difficulty and the complexity of what you propose. Even if Joe Average did have the necessary soldering, etc. skills (and I assure you that soldering multi-layer PCboards _is_ a skill, one that takes time and patience to acquire), where would he get the boards themselves? The average mainboard today is at least a six- or a seven-layer type; there's no way for the average experimenter to make one of those. Besides all that, there's the troubleshooting of the finished board - I can assure you that this will be required in most cases. How many people are capable of it? How many of them will burn a trace just as they're about to wrap up the project (i.e., after they've sunk hours into it?) How many have an oscilloscope, which is what's necessary for troubleshooting high-speed digital electronics?
I suggest that mainboard manufacture is the province of highly skilled, highly knowledgeable people - not something that can be retailed to Joe Average. I suggest that a much better tactic would be to create a Linux certification authority, someone who can brand hardware "100% Linux-compatible" in bright red ink; a goal that manufacturers could strive for and easily achieve, given how much hardware support already exists in Linux. -- Ben
There is a thing called "open-hardware". AFAIR they got open pci, agp, bridges and stuff. For a short time they even had a open-processor (arm clone) but that was pulled when arm pissed them off. So, the designs are there, but who is going to build the stuff? Writing 0.18um structures in your kitchen isn't that easy
I think that the problem lies not with us linux users, we KNOW that M$ is up to something "bad". But what about those windows dau's that simple stick to win "because it`s all so easy". Do you think they will go through much trouble to make their own computer? No, if the thing is cheap and it's easy (like in sharing your whole hdd with other kazaa users
When such M$ hardware with the fritz chip arise these people will buy them (in large numbers) so that it will be hard to get hardware that does not feature these chips. But I think there will be a small market (for us linux users and some intelligent win users) and where there is a market there will be a seller.
Lets hope for the best
-- Robos
While I'm a big fan of the make it yourself philosphy, remember that the widespread presence of all the good toys ... cars, and computers themselves come to mind ... came not from the individual skilled crafstmen, but from the assembly line. I find it far easier to maintain an old 386 for ten years past its expected lifespan, than to figure out how I'd compose a replacement out of loose copper wire and transistors. Given that I'm among those whom Ben describes as able to wield a soldering iron and knowing what an oscilloscope is (I don't own one, but I know where to borrow a few) I just don't think garage made P7-oids are going to happen real soon.
The buzzword you're looking for is "economy of scale". We haven't "de-marketized" software ... we've shown there's a growing market for a much greater variety of software.
Speaking of "so easy" ... the ease is mostly an illusion, fostered by all those strong-arm OEM deals that resulted in nearly all systems being preloaded with MSwin. Now that Linux, and perhaps rarely, occasional others, are also being pre-loaded you'll see that particular bubble pop. It's mostly flat already, since reinstalling MSwin after it crashes too many times is so painful.
In countries where someone cannot simply wander into a department store, buy a few new couch pillows, tortilla chips and salsa, and a box of the latest rev of MSwin on special, buying into an expensive foreign standards probably won't happen either. Indeed, here's looking to a long and profitable time for companies that don't buy into the "palladiium" chip game. Can you say "sink the Clipper chip?" Knew you could. -- Heather
A better solution might be to join the struggle to give some of the power back to the people through the establishment of public campaign financing. It should help to fight many more problems than just M$ taking over.
Some URL's to check for more info about this are:
http://www.angelfire.com/al/10avs/links.html#campfin
http://www.sonic.net/~doretk/Issues/96-04%20APRIL/alliance.html
http://www.thealliancefordemocracy.org
-- John Karns
More 2¢ Tips!
Spam commentsThis is in reply to the LG issue 80 TAG blurb.
In LG 80, Heather was rumored to have said:
Almost the only spam that escapes Dan's traps anymore are those dratted conman scams telling me about how their late uncle / business partner / revered general or whatever left them a quadzillion dollars / francs or whatever and they can't get at any of it unless you as a friend / distant relative / confidant / conveniently uninvolved sucker open your bank account to help them launder it.
Do you use "ifile"? That nails just about all the spam I get, including those stupid laundering schemes. The best part is that it gets smarter with time; the more spam you feed it, the better it weeds out crap.
My .procmailrc is below.
-- Karl Vogel
See attached vogel.procmailrc.txt
Playing CD Music Digital OutputThis is in reply to the LG issue 79, help wanted #2.
Hi,
Regarding Bill Parks question on the June issue, as to how to play CD audio without the analog cable usually connecting CD-ROMs to audio cards, a similar situation happens if you have one of the latest iBooks. There is no way to tweak the sound driver to do what he wants, but XMMS can be of help. He should try using the "CD Audio Player" Input Plugin (select it via Preferences -> Audio I/O Plugins) and configure it accordingly, say have /dev/hdc (the "real" CD-ROM device, not /dev/cdrom which is usually a symlink) and /cdrom. Then, put the audio CD, and open a "Playlist" in XMMS but instead of selecting a File, select the /cdrom directory; he'll see the audio tracks there and be able to play and listen to them.
That's right, the system will be doing CDDA extraction from the CD into XMMS, which then plays it through OSS/ESD/ARTS. Ugly, but works.
Ernesto Hernández-Novich
GPG Key Fingerprint = 438C 49A2 A8C7 E7D7 1500 C507 96D6 A3D6 2F4C 85E3
Getchar and loops...Hello. I'm trying to write a very simple C program that needs to attend the user input without blocking a loop. I have porgrammed many time on pascal, and there the code will be something like:
begin
while not keypressed
writeln('hello! i'm still alive');
end.
well... when i use C code i try the getchar function, but it waits until a key is pressed blocking the program.
How can i know if there is a key into the buffer without blocking the execution of my programs?
Thanks in advance
Zaikxtox
[jra] Well, you can, but it's not exactly trivial, and how you do it depends on which environment you're coding: raw-C for the glass-tty, curses/termcap, X, KDE, Gnome, etc.
This is more generic C stuff than Linux stuff; I'd recommend you look into books like The Unix Programming Environment, by (I think) Kernighan and Pike, and the Stevens books.
[pradeep] As the other poster mentioned, it depends on where you want this behaviour. Assuming that you want to do this on a console, ncurses is a great library to use. It gives you the right abstraction.
- Read my howto at
- http://tldp.org/HOWTO/NCURSES-Programming-HOWTO
Particularly the function halfdelay() should help you for non-blocking key input.
epochRecently one of the gang mentioned renaming an rpm file to a much higher version number before running alien, so that the Debian package system would not want to overwrite the result.
The key to doing that "the right way" is a value that the Debian maintaineers call the epoch.
Of course people are used to seeing package versions like 1.2 or even 1.4.3p1.
In the Debian world that might be 1.4.3p1-2 meaning that this is the second time the Debian maintainer had to build the same version. Probably he or she has patches in it.
But to handle programs whose version numbers don't go constantly up like time goes forward ... a certain typesetting package comes to mind ...
Must have been some other package. According to its FAQ, TeX's version number asymptotically approaches pi, growing digits along the way. -- Heather
... they invented an epoch. epochs start at the invisible "1" and go up to 99.
So a version:
99:1.4.3p1-local
Would be 98 epochs ahead of a mere:
1.4.3p1-12
and the same number of epochs ahead of:
2.1.12-1
If you want your package and the Debian one to live together in harmony, then rename yours to something before the version number that does not overlap:
mtools4flash-3.9.7-1fp
mtools-3.9.7-2
Of course that's safest if the files inside their file list don't overlap either!
That was the problem, of course; the filesets were exactly the same. -- Ben
Using either of these methods is safer than setting a hold on the package, which is sometimes recommended, but which I've seen fail before.
crypt undefined
This is in reply to the LG issue 80, 2c Tips #8.
g++ -lcrypt server.c Error: 'crypt' undefined
The order of the arguments matter. You should try:
g++ server.c -lcrypt
The linker links from left to right and is a bit dumb. After compiling server.c, the crypt call is undefined. Then libcrypt.a is tried, and crypt is defined in there. So it will be resolved.
In your case, libcrypt.a doesn't match any undefined symbols (YET!), so it is not linked into the executable. Then server.o is linked, and that has an unresolved symbol (crypt). The linker isn't smart enough to go back to libcrypt.a.
The answerer of the questions talks about the name mangling. If you mix C and C++ code, you have to tell the compiler what is C. That is usually done by doing:
extern "C" void foo(int);
This tells the compiler that function foo takes an int, returns nothing and is a C function. But all standard libraries already do that for you, so it's very safe to call crypt() from C++ code.
Greetings,
Chris Niekel
diald
This is in reply to the LG issue 80, 2c Tips #10.
I've mainly been connecting to the internet using diald, but I've noticed that I'm only getting about 3.5 KBps , whereas on W98 I get about 5KBps. A little experimentation shows that dialling with kppp gives about 5KBps as well.
kppp seems to use an initialisation string of ATM1L1, but changing MODEM_INIT to "ATM1L1" in /etc/diald/connect, didn't improve the performance.
MODEM_INIT started out as "ATZ&C1&D2%C0". I changed "%C0" to "%C3" to ensure that compression was enabled, but this made no difference. I can't find an option in diald to log exactly what's sent to the modem and I can't see any conflicting options in the configuration for pppd.
Any suggestions for how to track down why kppp gets better performance than diald would be appreciated.
The modem is an MRI 56K internal modem.
Check the port speeds. It's likely that diald is using a port speed of 28.8KBps or 56KBps. Try to have something well above the actual speed of the modem, as the data coming from the modem may be substantially higher in volume than the actual modem's capability (due to hardware compression).
The only exception to this is with a USR 56k Faxmodem I have when used with WvDial; it must be at 56k, and I don't know why. If the computer port speed is set higher than that, what comes across the line from the modem seems to be escaped characters of some sort, along the lines of
CONNECT 49333/ARQ
f [18] f [18] `[1e]~[1e]~[1e][06][1e]x[1e][18]x
And pppd says "LCP timeout sending Config-Requests" in syslog. Just thought I'd let you know about this problem in case you have it.
HTH, -cj
[Neil] Beware, it doesn't read /etc/diald/diald.conf. According to the man page "diald reads options first from /etc/diald/diald.defs, then from /etc/diald/diald.options".
Putting speed 115200 in diald.options gave me a throughput 4.9KBps downloading Mozilla 1.1 alpha.
Killing GUI applications under KDE
Here's a quick way of killing a GUI application that has hung or is not
quitting (or you just want to kill for fun
. Press Ctrl-Alt-Esc and
your mouse pointer turns into skull-and-bones. Now, click on the
offending application to kill it. This works only under KDE.
Of course, "xkill" command does the same thing, but this is much easier and faster to use.
Ashwin
[Ben] Good tip, Ashwin! Under IceWM, I have "xkill" tied to "Alt-Ctrl-K" for the same functionality:
(from "~/.icewm/keys")
key "Alt+Ctrl+k" /usr/bin/X11/xkill
GRUB - Window XP can not loadI find some info online that we can overwrite the boot loader and then install boot loader for Window by run fdisk / MBR on Windows If this is the way, how can I do that? What to do with my Linux once we overwrite the MBR?
I think what's needed is to experiment with the GRUB command line mode. When the menu comes up press 'c' to go to command line mode and try a few variations on the command sequence you've got in /boot/grub/menu.last When you come up with a command sequence that works, then edit your GRUB config to match.
2 things to try are:
1 After the rootnoverify command add the command makeactive. 2 Try varying the partition numbers in the rootnoverify command.
Hope That Helps
Kylix
This is in reply to the LG issue 80, Help Wanted #1.
Does anybody know how to run a program that's compiled in Kylix, but without having the Kylix environment around at runtime?
If you want to run a compiled Kylix program outside the IDE you need to run
source /usr/local/kylix2/bin/kylixpath
first, or add it to your /etc/profile
I had the same problem initially - so I presume that's what the question is about - my Spanish is non-existent.
The alternative interpretation could be about making a distribution package to run on machines where Kyilx isn't installed - I haven't tried that yet.
Chirag Wazir
use an .rpm without installing it
This is in reply to the LG issue 80, 2c Tip #18.
It is simpler to use Midnight Commander. Click on the rpm file like you would a directory and transverse the rpm as you would a branch of the directory tree. Locate the file or files and copy them to an actual directory with the copy button. Simple and effective!
[John Karns] I've found that some mc versions changed the rpm handling behavior. I had grown quite accustomed to viewing rpm contents and copying parts via mc, then after installing SuSE 7.1 on my laptop, was no longer able to view more than a partial list of the files in the rpm; specifically the rpm headers (description, etc.). I was able to correct the problem finding the mc scripts used for rpm handling, and changing one to agree with a previous mc version script.
One other point is that for very large rpm files (over 2 or 3 MB), the process can be very slow. When dealing with rpm files containing large tar balls of source code, I usually just "install" the rpm, which copies the desired file to /usr/src/packages/SOURCES.
Linux Journal Weekly News Notes tech tipsRecent versions of the GNU tail command let you tail multiple files with the same command. Combined with the -f option, you can watch multiple log files. For example:
tail -f /var/log/httpd/access_log /var/log/httpd/error_log
will monitor the Apache access and error logs.
If you're moving from old-style mailboxes to Maildir directories for your mail, you can force Mutt to create Maildir directories by default with:
:set mbox_type=Maildir
in your .muttrc file.
To get Procmail to deliver to directories as Maildir and not MH folders, put a / after the directory name in your recipes, like this:
# Dump mail from Microsoft viruses into a trash Maildir
:0 Bf
* Content-Type: application/octet-stream;
trash/
To run a screen-based program such as top remotely with one ssh command, use the -t (terminal) option to ssh, like this:
ssh -t myserver top
For an easy-to-understand, compact view of what's running on your system now, try the pstree command. A handy option is -u, which shows the name of the user running each process. Option -p shows the process ID, so if you want to memorize only one option combination, try:
pstree -pu
(No pun intended.)
pstree is a good way to make sure that privilege separation is working in your upgraded ssh install--you did upgrade sshd, didn't you?
The Answer Gang
Can't See Boot Messages Even Though RedHat 7.2 Boots OK --or--
ide-scsi emulation for IDE IOMEGA ZIP 250MB
Sound
Version incompatibility
Greetings from Heather SternIt's been a slow month here at the Gazette, with some days actually being so light that some gang members piped up with "did I fall off the list?" Not so slow that we didn't get tips and threads, though. And not quite so slow that I'm publishing all the threads we got or anything like that.
Readers are being very helpful to each other and I'm glad that the Help Wanteds are popular. Andy Fore tells us that with so much fuss over the Alcatel Speedtouch and its gory details, it now has a HOWTO of its very own (although not by him). Here it is:
http://linux-usb.sourceforge.net/SpeedTouch/howto.html
I'm glad to see that with enough people's work on tiny bits here and there, we all grow richer for it.
The Peeve Of The Month this time around is some fellow who, not getting more than raw guesses from The Answer Gang, and figuring it out himself, instead of chiming in with it decided to tell us off how stupid and flatfooted we all are, not to mention how dare we ask him for the answer. I'll save you all the grumpy replies. Let's just say that we didn't promise you our rose garden wouldn't have thorns, bugs, or that we'd have an instant gauze bandage (brand-name or otherwise) handy if you get bit. We try our best, when we've got a few moments free. That's all we can really do.
Which brings me to the topic of my babbling this month. I certainly say it often enough face to face...
With the sub-thought... and perhaps you should decide what really is important, instead of discovering it in emergency. Take a good look at your own day for a week or two, and notice the things and people that you need the most.
Unfortunately the financial world continues to be slow too. While Linux increasingly creeps onto people's desktops and has pretty much taken root in their LAN closers - especially places still small enough to use closets instead of glass houses and cardkey setups - there continues this persistent and patently false feeling that those free software zealots have no interest in spending money.
Not true in the slightest. If it was there wouldn't be all these shows on our topic, like this month's LinuxWorldExpo in San Francisco (http://www.linuxworldexpo.com). We just want to get our money's worth when we do.
Take this example. Just last week the news that Linux Weekly News (LWN.net) was almost out of money - again - resulted in another heartening rush of help for them from readers eager to keep getting their dose of Linux events... enough for them to consider that a web based subscription model might not fall plop on its rear, after all.
Free projects are good, but many of the finer ones have their commercial support avenues too, and not always with the obviosu product name placed in their URLs, either. Berkeley DB has Sleepycat (http://www.sleepycat.com), and so on. Without noting anybody in particular - I'm sure you all have different things you really use your computers for out there - I'd like to encourage everyone to continue to put their money where their mouth is. Pick up a distro at an installfest, and decide it doesn't drive you as batty as some other distro or OS you tried before? Buy their next version. Like an incredibly cool free software project that never asks a dime and says "we're doing this 'cuz it works, not 'cuz we need the bucks" ? Send something in thought of a thank you to one of the organizations that defend making it easy to pass these things around. The tops on my list are the Debian project (http://www.debian.org), the Free Software Foundation (http://www.fsf.org), and the EFF (http://www.eff.org) but you probably already guessed that, and I'm sure there are others.
Don't be afraid to thow kudos in package authors' directions either - that's at least some pay in "The Coin of The Realm" (http://www.linuxgazette.org/issue64/lg_answer64.html#tag/greeting). If your life with a package isn't quite perfect but you like it anyway, then pitch in with some elbow grease, being willing to fuss with ltrace, strace or waste a bit of disk space on some more verbose logging so your bug reports can be more useful, and even more importantly, be willing to try the new code when they think they've got some sort of fix for you.
Err, don't forget to turn off all the traces and debug stacks when you're done, or you'll find yourself buying terabyte storage to go with it.
If you have terabyte storage and nothing better to do with it, or at least don't mind, consider mirroring some projects that your site uses and enjoys the benefits from. You get a local download, crosslinks, and that's one less chance the project might disappear on you just because some poor fellow loses his job or completes his college curriculum and has to move... or that some poor company who was primary-hosting it will go the way of the dodo and the dotbomb.
And what people usually mean when they say that fun little phrase:
- don't forget to make backups!
- They aren't bloody well helpful if they don't work, so check the restore procedures once in a while. Go ahead. Grab a spare machine and try it. Figure out if it really only takes you an hour and a half or all afternoon to bring the mail server or accounting department back up if that last power surge fries the UPS and a computer with it.
(You laugh now, but I have seen a UPS blow out and take the machine with it. I can still smell the burning plastic and hear that horrible squeal. Thank goodness we cut off the real power before a real fire started. Ugh!)
- Make sure that you've rescued the human-generated work that goes into a system, not just the grubby details that make it able to boot up. People are limited in what they can regenerate, and people stressed from losing a lot of work, even more so.
Did I mention that we just passed Sysadmins Appreciation Day? It's the fourth Friday in July. (http://SysAdminDay.boxke.be) From the website: "Let's face it, System Administrators get no respect 364 days a year..."
It's a tough world out there, folks. We've got to stand together these days. If we can't all be heroes, we can at least put our own sense of what heroism is to good use.
Have a great August, folks. Now, enjoy the threads
|
Contents: |
Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release. Submit items to gazette@linuxgazette.net
August 2002 Linux Journal -- 100th issue!
![[issue 100 cover image]](misc/bytes/lj-cover100.png)
The August issue of Linux
Journal is on newsstands now.
This issue focuses on LJ's 100th issue. Click
here
to view the table of contents, or
here
to subscribe.
All articles through December 2001 are available for
public reading at
http://www.linuxjournal.com/magazine.php.
Recent articles are available on-line for subscribers only at
http://interactive.linuxjournal.com/.
JPEG
It emerged during the past month, to the dismay of everyone interested in open file formats and free software, that the JPEG image compression scheme may be subject to patent royalties. As reported by The Register, Forgent Networks have recently come into possession of a patent which they claim covers the transmission of JPEG images, and have even managed to claim royalties from two companies. If this patent proves to be enforceable, the ISO have said that they will withdraw JPEG as a standard (the licencing terms being enforced by Forgent are not compatible with ISO regulations for standards). Hopefully the patent will not stand up. To make sure of this, the JPEG committee is seeking examples of prior art which would render the patent null and void. If the worst comes to the worst, it appears that the patent will expire in 2004 in any case.
The Software Patent Working Group of the FFII, has pointed out that there are also European Patents in existence which could be used to put a lean on JPEG compression. A small step can be taken against EU software patents by signing the Petition for a Software Patent Free Europe.
A webpage bringing together many links on this story is the new Burn All .JPEGs! website. Forgent's website also has a list of recent appearances of the company in the news, which has a couple of links to stories regarding the JPEG patent.
Perens and DMCA
Bruce Perens generated some publicity this month by threatening to violate the DMCA live on stage at the O'Reilly Open Source Convention. The plan was to demonstrate how to remove the region-code control built into a DVD player. However as reported by Dan Gilmore and by Slashdot, Bruce backed down from openly breaking the law following a request from his employers, HP.
There are several good links regarding this story on the O'Reilly Open Source Convention Conference Coverage page.
More DRM (sigh)
A bill proposed by US Senator Biden would make certain kinds of Digital Rights Management circumvention a felony (capital crime). ZDNet coverage states that the bill was originally intended to combat large-scale piracy (e.g., fake Windows holograms), but was quietly rewritten to include DRM. (Courtesy Slashdot)
Open source: EU, US, Peru and Pakistan
It was reported in various locations (in The Register, on Slashdot and in ZDNet), that a recent EU report has called for wider open-source adoption, in order to have greater exchange of software between different administrative branches, and also between countries. The Slashdot story has links to the original EU report in various formats.
On a not unrelated theme, Sam Williams at O'Reilly.net has taken a look at the impact of open source software in government--both inside and outside the U.S.
Wired reports that the US Ambassador to Peru has come out against Peruvian Congressman Villanueva's bill advocating usage of open-source software in gonvernment computers. Also, Bill Gates personally delivered Peru's president Alejandro Tolero a donation estimated at $550,000 for the national school system. Not surprisingly, the money is to go to the same schools Villanueva's bill targets. Villanueva said he believes Microsoft isn't worried so much about losing the small Peruvian market as the cascading effect that might happen if other Latin American countries follow suit. Similar bills are pending in Argentina, Mexico and Brazil, and Spain's Extremadura region has already adoped Linux as the official operating system of its public schools and offices.
Pakistan is getting into the Open Source game too. 50,000 Pentium IIs running GNU/Linux are being installed in schools and colleges all over Pakistan, at a cost of less than US$100 each. "Proprietary software for these PCs would cost a small fortune. Surely more than what the computers cost!"
The Register have an excellent report (originally from NewsForge) by Grant Gross on a public workshop on digital rights management. It would appear that "fair use" advocates got less than a warm reception from Hollywood and Dept. of Commerce representatives.
Marcelo Tosatti, maintainer of the stable kernel branch in an interview with ZDNet.
From LWN, come links to reports in CNET and in ZDNet of the Netherlands' NAH6 plans to release a Secure Notebook incorporating a program that encrypts files transparently. The user runs applications on Windows, which is installed in a VMWare virtual machine. VMWare is run on Debian GNU/Linux, which keeps files encrypted in case the laptop is stolen or mislaid.
A few links from Linux Journal which might be of interest:
Some interesting links from The Register over the past month:
DesktopLinux.com are publishing the winning essays from their wIndependence Day contest.
Privacy International have an FAQ and other information on proposals to introduce ID cards to the UK. Probably of quite wide interest.
A couple of links from Slashdot which might interest you:
The binary nature of freedom, at Advogato (with talkbacks at NewsForge).
NewsForge have a report on the various instant messaging options available to Linux users.
Howard Wen at O'Reilly takes a look at Sony's upcoming Linux distribution kit for the PlayStation 2.
Some interesting links from Linux Today
NewsForge article on the game theory of open code.
Timo Hannay of Nature compares [O'Reilly] the scientific method to the mechanics of open source development.
Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.
|
USENIX Securty Symposium (USENIX) | August 5-9, 2002 San Francisco, CA http://www.usenix.org/events/sec02/ |
|
LinuxWorld Conference & Expo (IDG) | August 12-15, 2002 San Francisco, CA http://www.linuxworldexpo.com |
|
LinuxWorld Conference & Expo Australia (IDG) | August 14 - 16, 2002 Australia http://www.idgexpoasia.com/ |
|
Communications Design Conference (CMP) | September 23-26, 2002 San Jose, California http://www.commdesignconference.com/ |
|
IBM eServer pSeries (RS/6000) and Linux Technical University | October 14-18, 2002 Dallas, TX http://www-3.ibm.com/services/learning/conf/us/pseries/ |
|
Software Development Conference & Expo, East (CMP) | November 18-22, 2002 Boston, MA http://www.sdexpo.com/ |
Linux Journal articles available for documentation
Linux Journal has changed its author contract to clarify that any author may include his/her articles as freely-redistributable documentation in a free software project or free documentation project after the article has been published. Authors have always had this right since the founding of LJ, but some did not realize they had it. Motivations for doing so are to make the information available to all users of a program, in a convenient location, and so that the project can use the article as primary documentation if desired, updating it as the program evolves.
Linux Weekly News
It looked like the end of the road for Linux Weekly News earlier this month, when they announced that the August 1st edition would be the last ever. The basic cause for this decision was lack of money, and the absence of any plan which could generate money. Following the announcement, many disappointed readers put their money on the table and contributed to LWN's donation scheme. This quickly raised $12000, leading to a rethink of LWN's future. A final decision on the magazine's fate has not been made.
Mandrake at Walmart
Following last month's launch [NewsForge] by Wal-Mart of PC's with Lindows pre-installed, comes a new announcement of the availability of Mandrake-equipped versions. The Wal-Mart catalogue contains full details and prices of both the Lindows and Mandrake PC product lines.
NewsForge have reported on this story, as has The Register. Hopefully the Mandrake version of this product will prove more satisfactory than the earlier Lindows offering, which received a very lukewarm review from NewsForge.
Ogg and Real
Congratulations to the folk behind the Ogg Vorbis project, who have released a version 1.0. As linked from LWN, there are currently various news items related to the 1.0 release on Ogg Vorbis News. This story was also reported by The Register and by CNET,
Ogg Vorbis and Xiph.org have also been in the news this month due to the links being forged between the open source format and the new Helix software of RealNetworks. This development should see some parts of RealNetworks' software being released under "a community and open source licence". Inclusion of the Ogg Vorbis codec into RealNetworks products should follow.
Bruce Perens has written an in-depth account of the issues surrounding the RealNetworks-Xiph link-up, and has criticised many features of the deal, such as the fact that Real's codecs will remain proprietary, and the use of community licencing (rather than opensource) for parts of their software. Rob Lanphier of RealNetworks has replied to Bruce on Slashdot, and asked for good will to be shown to the company's open source contribution. The Register has also reported on Real's open source experiment, as has CNET. The Helix Community website should report future developments in the open source development of the RealNetworks Helix project, and also contains copies of the licences the software will be released under (comments are invited).
GNU Scientific Library (GSL) 1.2 is Released
Version 1.2 of the GNU Scientific Library is now available. The GNU Scientific Library is a collection of routines for numerical computing in C. This release is backwards compatible with previous 1.x releases. The project home page is at http://www.gnu.org/software/gsl/. Information for developers is at http://sources.redhat.com/gsl/.
Debian
Big news in the Debian world this month, Debian GNU/Linux 3.0 (Woody) has been released! Debian GNU/Linux now supports a total of eleven processor architectures, includes KDE and GNOME desktop environments, features cryptographic software, is compatible with the FHS v2.2 and supports software developed for the LSB. This was also reported by The Register. As reported by Debian Weekly News, the new testing distribution will be called "sarge".
A new revision of Potato, 2.2r7, was also released. Main changes were security updates, and a couple of corrections.
Debian Weekly News reported that the patent claims being made against the jpeg image compression scheme could require the movement of libjpeg62 and everything compiled against it into non-free.
Gentoo
LinuxPlanet have a recent review of Gentoo Linux 1.2.
RedFlag
Redflag Software Technologies Co., Ltd and Opera Software have made a strategic announcement, and are looking forward to working together on embedded browser solutions for the Chinese market. RedFlag will seek to join as an Opera reseller, with joint development and market efforts to tailor Opera for the Chinese embedded market.
With Opera included, RedFlag will be able to offer original equipment manufacturers (OEMs) and hardware manufacturers Web-enabled solutions customised to fit with Red Flag's current product line.
SuSE
SuSE Linux has announced the availability of the SuSE Linux eMail Server 3.1 with expanded system functionalities. SuSE's e-mail solution which assists in managing appointments, tasks, and resources, is aimed specifically at small and medium-scale enterprises as well as workgroups and public administrations.
SuSE Linux has also announced its participation in TSANet - the "Technical Support Alliance Network". TSANet is a global support platform that hosts more than 150 hardware and software providers. Within the scope of TSANet, various manufacturers cooperate in providing solutions for problems their enterprise customers encounter in connection with their applications.
For detailed information on the support offer of SuSE, please check http://support.suse.de/en/
Opera
Opera Software has announced the release of Opera 6.02 for Linux. The new version includes important fixes to the document and user interface, with special emphasis on the display of Asian characters, making this a useful upgrade for Linux users all over the world. Opera 6 opened up Asian markets to Opera, because of its added ability to display non- Western characters, and the Linux version has proved to be especially popular in this region.
Opera 6.02 for Linux is available for free in a ad-supported version at www.opera.com. Users can purchase a banner-free version for USD 39. Discounts apply.
Opera Software ASA has also announced that SuSE will distribute the popular Opera for Linux Web browser in their Linux distribution. The deal is Opera's first major Linux distribution agreement. Opera is available in SuSE Linux 8.0.
Random Factory
The Random Factory, have a range of scientific software for Linux, covering subjects such as astronomy, chemistry, and biotechnology. Also available are Linux workstations, preloaded with a choice of Random Factory products.
Magic Software
Magic Software Enterprises, a provider of application development technology and business solutions announced today the introduction of Magic eDeveloper into the Chinese market. Magic Software support Linux on some of their product lines.
Other software
VariCAD has announced the release of a new VariCAD 8.2.0.2 Update for both Windows and Linux operating systems. This mechanical 3D/2D CAD package offers tools for 3D modelling, 2D drafting, libraries of mechanical components, calculations, BOM's, and many others. It is priced $399. Free trial versions for Windows 98/NT/200/XP and Linux (RedHat, Mandrake, SuSE) are available for downloading at http://www.varicad.com
Linux Game Publishing is looking for beta testers for Mindrover 1.07b. You can register your interest at betas website. Successful applicants will be notified by e-mail.
![[picture of mechanic]](../gx/adam/mechanic.png)
Well Howdy. Glad you could all make it. How are you all??? Still keeping up the pace with the rest of the LG thus far? I hope so, 'cos I can't see that this article is going to be any different :-)
News for this month?? Well, I have installed myself in my house now. When I get the chance, I'll get some pictures together for you all to have a sneak preview into the isolated, but pretty corner of Somerset that I now reside in when I am not at University, that is.
I also have a new job!! I work in a small factory, which produces eight different types of luxury dessert for a chain-store called Waitrose. For those of you who don't know who this company is, Waitrose is part of the John Lewis Partnership, plc. They specialise in nice, high quality food. For the really curious among you, here is a list of the desserts I make:
I start at 6:00am :-) That's the only the drawback. However it does mean that I finish around 2-4 in the afternoon.
That's about as exciting as my life gets really, I think it is time to move on to some proper material. Linux.....
Way, way back in issue 13 Jim Dennis wrote a small article about how to set up your Linux machine so that it would tell you if you were going to run out of disk space. (SLEW). I read this article, and decided that you can make sure that your users do not run amok on disk space by enforcing a set rules by either specifying the number of inodes or blocks that a particular user cannot exceed.
Quota is handled on a per-user basis though, and is only active on one file system at a time. Thus, if a user has access to more than one file system, and you wish to enforce quotas on each of them, then you must do so separately.
So in short, quota is a way of setting maximum disk space that a user can consume, at any one time
As of Kernel version >=2.0, Quota support has been bundled in with the kernel, and as such, if you come from the dark ages, and have a kernel version <2.0, then obtain the latest source (www.kernel.org) NOW!!
And as for the rest of the GNU/Linux planet, you should find that you already have quota support enabled by default in the kernel anyway. If you think you have not, then download the latest stable release and re-compile. It can't hurt.....much :-). For instructions on how to do this, please refer to the INSTALL file, under the source directory.
Incidentally, for those users running a nice shiny SuSE Box, Quota automatically comes compiled into the kernel :-)
But the fun-and-games continue, since Quota is not directly runnable from the kernel itself (i.e. it is not a self-contained module). You have to either install an RPM for Source file.
The RPM file (should you be using a distribution that uses this system of package handling) in question is:
quota-1.70-263.rpmAnd the tarball file is called:
all.tar.gzBoth of which are available from the following FTP repository:
ftp://ftp.funet.fi/pub/Linux/PEOPLE/Linus/subsystems/quota/To install the RPM file:
Issue the command:
su - -c'rpm -i /path/to/quota-1.70-263.rpm'To install the source file
1. su - 2. cd /path/to/tarball/ 3. tar xzvfm ./all.tar.gz 4. ./configure[ Allow for configure script to run ]
5. make && make install 6. logout[ To exit out of root's "su;ed" account ]
That's all there is to it :-) Now the real fun begins
The first step in configuring this, is to have a logical idea in your head as to how you are going to organise this. Quota gives you the option of either specifying a single user, or a group (which has been assigned to specific users), or both. If you are on a large network, then perhaps a mixture of the two is preferable. Think about it :-)
Group version is usually good, if you assign all users to that specific group. Makes life easier, n'est pas?
But the first actual step is to make some system-wide changes. For this, log in as user root. Please though, do not simply "su" in, as this simply changed your effective UID, and does nothing about export variables, etc.
We must first modify "/etc/fstab" so that the kernel knows that the filesystem mount point will make use of the quota support. A typical "/etc/fstab" file looks like the following:
/dev/hda1 /boot ext2 defaults 1 2 /dev/hda2 swap swap defaults 0 2 /dev/hda3 / ext2 defaults 1 1 /dev/cdrom /cdrom auto ro,noauto,user,exec 0 0 /dev/fd0 /floppy auto noauto,user 0 0 proc /proc proc defaults 0 0 usbdevfs /proc/bus/usb usbdevfs defaults 0 0 devpts /dev/pts devpts defaults 0 0 #NFS clients.... #Updated: Thomas Adam, Tuesday 03:45am??? -- Can't remember. server:/etc /mnt/etc nfs rw,user,rsize=1024,wsize=1024,hard,intr 0 0 server:/home /mnt/home nfs rw,user,rsize=1024,wsize=1024,hard,intr 0 0 server:/usr/doc/lg/lg/lwm /mnt/lwm nfs rw,user,hard,intr 0 0 #server:/usr /mnt/usr nfs rw,user,hard,intr 0 0 server:/cdrom /cdrom nfs ro,user,rsize=1024,wsize=1024,hard,intr 0 0 server:/dev /mnt/dev nfs ro,user,rsize=1024,wsize=1024,hard,intr 0 0
What we are concerned with, is not the last part of the file [ ** although quota can be used with nfs exported file types -- see "man rquota" ** ], but with which mount point is to be issued with quota support. This will depend upon where your user's $HOME directories are located. Unless you have got a separate partition or drive for this, then typically the mount points you will want to use is either "/" or "/usr" (if /home is a symlink to "/usr/local/home/" -- and "/usr" is on a separate drive or partition.)
Now I come back to my original question that I first posed at the beginning of this section. How are the users going to be managed? If you have decided to do it just on a user by user basis, then add usrquota to your fstab file. If you are going to do it by group then add grpquota. If you are going to use a mixture of the two, then add them both.
Thus, we are now concerned with adding to the fourth field the following:
/dev/hda3 / ext2 defaults,usrquota,grpquota 1 1
Change as appropriate for your version of fstab. If you are unsure as to which quota to use, I recommend that you include both in the fstab file, since it means that should you need to swap, you'll already have it set up. Now save the file.
OK. The next thing we have to do is to make sure that for whichever option you chose (i.e. namely usrquota or grpquota), that you create the necessary file(s) on the root of the partition that you changed in the fstab file. To do this, enter the following commands (still as user root)
touch /top/of/partition/quota.user && chmod 600 /top/of/partition/quota.user touch /top/of/partition/quota.group && chmod 600 /top/of/partition/quota.group
Lastly, you have to ensure that when your system boots up, that quotas are enabled along with it. For those of you who installed Quota from an RPM/.DEB, etc should find that they already have a script named "quota" or something similar in "/etc/init.d/". If you installed from source however, this might not be the case, which means that you will have to add the following script into your main init-script AFTER the mounting of all files in "/etc/fstab" has taken place.
(text version)
#Check quotas
[ -x /usr/sbin/quotacheck ] && {
echo "Checking Quotas (please wait)...
/usr/sbin/quotacheck -avug
echo "Done."
} || {
echo "Checking Quotas FAILED"
}
[ -x /usr/sbin/quotaon ] && {
echo "Initialising Quotas..."
/usr/sbin/quotaon -avug
echo " Done."
} || {
echo "Turning Quotas On: FAILED
}
What the above does, is runs a test on the named file, for the "-x" flag which means that it is checking to ensure that the file is executable, before it processes the rest of the script. It checks to see what quotas are defined (if any), and then goes on to enable them.
Once you have done that, issue:
init 6
And wait for your computer to reboot.
Caveat Emptor:
If you did have to recompile your kernel, ensure that if you are using LILO
as your boot-loader that you run:
lilo
BEFORE you reboot so that it knows about your new kernel-image
:-)
Right. We should now have your machine acknowledging the fact that we are going to use Quota. What we haven't done yet, is the most important bit, and that is, who or which groups will be using the quota rule.
What I have decided to do, is to use an example if a user, and show you how you go about setting up a quota limit for him. We shall call the user lg.
Assuming lg is already on your system, what we must do is, depending on which format you are using, edit the appropriate file. For the purposes of this example, I shall do this on a per-user basis (i.e. I shall be using the usrquota format, although everything I shall explain here, is exactly the same for the grpquota option, if you have decided to do that.
The command that we shall be using is called "edquota" What we must do is edit a quota for user lg by issuing the command:
edquota -u lg
What this does, is launches an editor, and opens a new quota. If you haven't set the environment variable EDITOR="/usr/bin/jed" or some equivalent editor, then this command will not work. To set up this variable, add this to your "~/.bash_profile"
EDITOR="/usr/bin/jed" export EDITOR
Change the program as you see fit, i.e. Vi, jed, joe, emacs, etc. Then to make the changes active, source the file, by typing:
source ~/.bash_profile
What you should find, is that for user lg you get something similar to the following:
Quotas for user lg:
/dev/hdb2: blocks in use 0, limits (soft = 0, hard = 0)
inodes in use: 356, limits (soft = 0, hard = 0)
Now your thinking: "err...." :-) Don't worry. It is much more simpler than it looks.
Blocks indicate the total number of blocks that a user has used on a partition (measured in Kilobytes, KB).
Inodes indicate the total number of files that a user has on the partition. N.B. These values you cannot change.
What we are concerned with, is the bit in brackets, right at the end of each line. This is the key to setting the entire quota. You'll notice that there are two options, one for soft and one for hard.
Soft limits indicate the maximum amount of space (in Kilobytes) that lg is allowed to have. It acts as a boundary which when set along with a grace period informs to user lg that he is exceeding his limit.
A grace limit is a period of time before the soft limit is enforced. This can be set from (sec)onds, (min)utes, hour, day, week, month. This is set by issuing the command:
edquota -t
You'll see that you should get the following:
Time units may be: days, hours, minutes, or seconds Grace period before enforcing soft limits for users: /dev/hdb2: block grace period: 0 days, file grace period: 0 days
Change both values for block and file to whatever you see fit. I recommend 14 days (2 weeks) for both. But then, I am generous :-)
A hard limit indicates the maximum amount of space that a user cannot exceed. This only works when a grace period has been set.
That's all there is to it. Now, you are probably wondering how the hell you are supposed to assign the same quota to every user on your system. Well, having just followed the example for lg, what you can do, is to use user lg as a template, and issue the command:
awk -F: '$3 >= 500 {print $1}' /etc/passwd'
What this does, is prints a list to the screen of all users who start with a UID greater than 499 (i.e 500 onwards). If this set of users on the screen looks OK, then we can use the above, in conjunction with the edquota, as shown below:
edquota -p lg $(awk -F: '$3 > 499 {print $1}' /etc/passwd')
This uses the quota we have already enabled for lg as a template to assign it to the string of users that the awk script produces for us.
That's all there is to it :-). I have found quota to be an excellent tool in keeping users at bay. I use it for my non-root account, as it stops me from going wild in my home directory, and thus forces me to clean it out once in a while.
For those of you who followed my last miniature introduction to the world of linux proxying for Squid and SquidGuard, will remember that I showed you how you could filter certain webpages that matched a certain regex. What Dansguardian does. is take the concept of filtering and stretches it so that you can filter webpages, based on content!!. Also though, Dansguardian allows you to filter out mime-types and block file extensions, thus meaning that should your users have the unfortunate punishment of using an M$-Windows machine, you can block files such as .exe, .com, .dll, .zip .... etc
Dansguardian can be obtained from the following:
http://www.dansguardian.orgYou can either download an RPM or tar.gz file from his site. If you're a budding Debian GNU/Linux user, then you can always use the alien package to convert the RPM file to a DEB file :-). To actually install the files, follow the instructions as in the Quota section.
It is also worth noting, that Dansguardian requires the use of the nb++ library. There is a link to a download site, on the main site of dansguardian. This library is used to look at the content of webpages, and is thus essential to the operation of Dansguardian.
On install, dansguardian, main program is installed as "/usr/sbin/dansguardian". What you must do, is either in "/etc/init.d/rc.local" OR "/etc/init.d/boot.local" (depending on which distribution you are using), add:
/usr/sbin/dansguardian
So that Dansguardian is loaded up on init.
There really is not too much to configure when it comes to Dansguardian. What takes all the work, is the various regex expressions that you may want to build for really accurate content filtering.
It should be pointed out that DansGuardian can be used in conjunction with SquidGuard so that you don't have to replace any existing filters that you may already have in place :-) Good, eh?
So, the first thing we should do, is check where the package has put the configuration files. Well, it should be no surprise that they have been out in "/etc/dansguadian", and it is the files contained in this directory that we shall concentrate on. We shall begin by looking at the configuration file /etc/dansguardian/dansguardian.conf.
This is all the settings that Dansguardian will require. Typically, the only options that I have had to change are listed below:
#DansGuardian config file
[Reporting]
reportinglevel = 1 # 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
[Network Settings]
filterport = 8080 # the port that DansGuardian listens to
proxyip = 127.0.0.1 # loop back address to access squid locally
proxyport = 3128 # the port DansGuardian connects to squid on
accessdeniedaddress = "http://grangedairy.laptop/cgi-bin/dansguardian.pl"
[Logging] # 0 = none 1 = just denied 2 = all text based 3 = all requests
loglevel = 2
[Content Filtering]
bannedphraselist = "/etc/dansguardian/bannedphraselist"
bannedextensionlist = "/etc/dansguardian/bannedextensionlist"
bannedmimetypelist = "/etc/dansguardian/bannedmimetypelist"
exceptionsitelist = "/etc/dansguardian/exceptionsitelist"
exceptioniplist = "/etc/dansguardian/exceptioniplist"
[Phrase Scanning] # 0 = normal 1 = intelligent
scanningmode = 1
# normal does a phrase check on the raw HTML
# intelligent does a normal check as well as removing HTML tags and
# multiple blank spaces, tabs, etc - then does 2nd check
[ ** Many other options elided ** ]
The only things I changed here, was the filterport, the proxyport and the accessdeniedaddress tags, to reflect the configurations I used in "/etc/squid.conf". Having changed your options accordingly, you can save the file, and ignore it :-)
OK, moving on. In the same directory, you should notice files with the following filenames:
I shall take each file in turn, and explain what each one does. Where appropriate, I shall list small portions of the file.
bannedphraselistThis file contains explicit words and as such, I shall not list its contents here. Suffice to say, this is the file that holds keywords which are blocked if found anywhere in the HTML page.
As you will see, each word is enclosed within < > signs, as in:
< sex