I figured out why my ftp client, on my Windows95 machine, did not appear to work using my Linux machine with IP masquerading. I had to type the following command on my Linux machine that was doing the masquerading:
I found this information at the URL:
It had all kinds of other stuff for using ipchains.
I've actually had direct experience with this problem. Newer Linksys cards don't work with the Kernel module that was included in the 2.2 Kernel tree. I was helping friends install Linux on their machines, and had to do some scrambling of my own.
What I did to solve to problem was to download the latest 2.4 tree onto their windows partitions, then perform the Debian install, unpack to tree to /usr/src/linux and recompile (a person should always compile their own kernels IMO). The card worked beautifully after that.
I think Carlos needs to use:
force user = someuser
force group = somegroup
in his smb.conf file on a per share basis
That way any samba user who access to that share can write to any other user's files.
Somebody on another list had a problem with MySQL losing tables. Since the answer is good for troubleshooting various MySQL table problems, I'm submitting it as a 2-Cent Tip.
I've never seen MySQL lose tables without a specific DROP command. First, be sure you're looking in the correct database?
Something on your system may have reset the ownership to root.root. If MySQL doesn't have read access, I think it will say the table doesn't exist.cd /var/lib/mysql chown -R mysql.mysql /var/lib/mysql # Or 'nobody' or whoever the MySQL server runs as. chmod -R u+rwX /var/lib/mysql # Or 'ug+rwX' or 'ugo+rwX' for less security. mysqladmin -u root -pPASSWORD flush-tables
I recently read an article from your site: "SysAdmin: User Administration: Disabling Accounts-From Glenn Jonsson on 05 Aug 1998"
It spoke of placing an * in the password field of the /etc/passwd file. This doesn't restrict the account on my system(Solaris . Could you have meant placing the * as the first character in the password field of /etc/shadow.
thanks for any feedback
Definitely. That trick only works when placed in the passwd field which is actually going to be used ... and since most Linux systems now support shadow files, that means /etc/shadow. In 1998 those were a bit less common. -- Heather
I am currently trying to write html which will insert page breaks for printing, which is [CSS2 and] not implemented in mozilla.
Is any anyone aware of any solutions to this using HTML/CSS1
I don't think so, but if your HTML qualifies as well-formed XML, you could use XSLT (XML stylesheet and transformation language) to transform it into something that can be printed. The W3C spec at www.w3c.org does a pretty good job of describing the language.
If your source is valid (i.e. passes through an SGML parser without complaints from the parser), you can use DSSSL to convert it to a printable format. The beginnings of some how-to docs are at http://www.mulberrytech.com/dsssl/dsssldoc
If I had to do this, I would use Sablotron (a free XSLT processor from www.gingerall.com) and write a stylesheet to transform XHTML to groff for printing. It's not as convenient as printing directly from Mozilla, but much more flexible and easier to control.
Hope this helps,
-- Larry "Dirt Road" Kollar
Take a look at the latest version of Samba. Samba makes a linux box look like an NT file and print server. The latest beta version of Samba has Active Directory support.
The Samba url is http://www.samba.org
Good Luck! Rick
Mark E. Nosal asked:
I've been asked to provide our LAN clients with web access to their email. Our present NOS is dare I say it, NT4 w/Exchange 5.5.
I refuse to install IIS to use OWA (w/exception to being fired that is). I've downloaded Apache for wintel, printed all the "how to's" and plan to be enlightened.
I've been to http://horde.org/imp; (per advise of another). They offer imap & pop3 web mail access.
The problem is I haven't any Apache knowledge, and limited mail knowledge in general. I used your search engine (in addition to other Linux based sites) but I haven't found what I need. Would you please clue me so I may tackle this task and hopefully justify bringing Linux in-house. One small step for penguin......
We use IMP here at CCIL at http://webmail.ccil.org. If you use Debian, it simplifies the install process. Although we did have a problem on the last security update of IMP that broke it. We just set it up on another box until we had time to fix it in a couple of days. CCIL is a non-profit freenet and all volunteer work for the techs anyway, we have a part time paid Executive Director as of 2 months ago.
There are lots of webmail apps; Debian definitely makes some of them easier to install (aeromail comes to mind). Most distros come with Apache set up alright for a single domain... a lot of webmail apps are perl based or PHP based. If you don't like IMP and its fellow apps in The Horde, you could try Squirrelmail (http://www.squirrelmail.org) or Phorecast (http://phorecast.org) both of which have been updated recently... or type "webmail" into the search gadget at Freshmeat and see what suits your fancy.
For a recent client of mine, his tastes were simple and we found ourselves very happy with OpenWebMail. However, it doesn't do IMAP, just POP. -- Heather
In issue 72 (November 2001) we published Ben's 2c Tip about sophisticated excluding backups (http://linuxgazette.net/issue72/lg_tips72.html#tips/12)
... in which he comments to Matthias:
- and, heck, since you're putting yours up, I might as well add mine to
Arggh, just figured out a major/minor/whatever bug in the date string. Here comes a fixed version.
See attached mpbackup.sh.txt
See attached evaluate_file.sh.txt
Do not use kernel 2.4.11, especially on SuSE Instead, use any earlier or later versions. -- Mike
2.4.11 had a nasty error which Linus almost immediately regretted... many of the 2.4.x series have had significant improvements while occasionally mangling something rather ordinary (e.g. loop.c, needed for loopback mounting, didn't work in 2.4.14 ... I check my fresh-cut CDs that way, argh... it appears that unnecessary "deactivate_page" lines were the culprit. I can't say I discovered that on my own, but it seemed to work, anyway).
The kernel maintainers are still fussing over having a working virtual memory handler - Andrea Arcangeli with a new one which Linus accepted, while Alan Cox and Rik Van Riel worked towards improving (some might say repairing) the original VM. Although Alan eventually agreed that Andrea has an ok design, the new VM's very new vintage and limited comments in the code still have a few people favoring Rik's VM, and Rik continuing to improve it. Keep watch at the current "Kernel Traffic" summaries http://kt.zork.net/kernel-traffic/latest.html
... if the linux-kernel mailing list itself is too much to wade through, As of press time the current kernel of the 2.4 series is 2.4,17 with some 18-pre's already posted. -- Heather
OK, so Answer Gang discussions get me thinking - even if it's a question I asked first. Heck, in some circles, thinking's not only acceptable, people actually do it regularly! And nobody laughs at'em, either.
Anyway... my question was "how do you print a sign ('Welcome!', for example) big enough to cover a sheet of paper without using a GUI?" In effect, I wanted some utility that would work like this:
printbig -size 1024x768 'Welcome!'
Well, the closest thing was a TeX solution by Karl-Heinz... great stuff for those that know TeX (which I find obscure, complex, and just Too Darn Big for the occasional dinky little "fancy printing" jobs I need to do), but I was looking for something simpler still. Then, I remembered a set of tools that came with a tarball I'd downloaded a while ago, "libungif-4.1.0" (I would imagine it's been through a few versions since then, but it worked for me).
echo 'Welcome!'|text2gif -c 128 0 0|gifrsize -s 12 > welcome.gif
This gives a rather blocky-looking output, with the text magnified 12X (think of the Courier font at about 150 points or so) and a red foreground (the color is optionally set by the "-c R G B" switch.) For much more flexibility in conversion - anti-aliasing, blurring, drawing boxes around the text, convolving, embossing, and many, many other options, try using "convert" (part of the ImageMagick utilities) after the "text2gif" has done its job:
echo 'Welcome!'|text2gif|convert -monochrome -geometry 800x200 gif:- welcome.jpg
This one gives a beautiful "lace fringe" effect to a softly rendered black-and-white picture of the text, as if the letters were covered in snow and edged with frost. Note that "convert" has also changed the format into JPG; this is a much faster output option than GIFs.
Perhaps this could help: the file attached, poster.tgz, contains the sources for a program that allows you to use a regular printer to print arbitrarily large posters, assuming the starting picture has sufficient detail.
Best wishes, Julio
I repackaged it so all files were at the same level, rather than making you all have to open a second tarball. DOS and MSwin readers can use his pre-compiled executable. -- Heather
We have just switched our network from a Novell server to a SuSE Linux server. However, one of the most missed features was the ability to receive a pop-up indicating that a print job sent to the network printer had successfully completed.
We would like to do the following:
You don't mention any specifics about how your handling our print requests, etc. Assuming that you're using samba and that you're running MSW clients, you can run winpopup on the client, and send a msg to it using smbclient with the appropriate command line option - see the smbclient man page. Sorry I can't give specifics, as really haven't set up samba to do much printing. It would probably involve writing one or two bash or perl scripts. -- John Karns
The sheets announcing what user has the print job are called "burst pages" in the UNIX world. In 'lpr' you would take "sh" out of the printcap entry, and (if you like these seperators after the print job) maybe add "hl". For the notification you'd have to abuse the print accounting system, I think... have that shell script send email, that'd be the easiest. But, there are other print spooling systems, all of them much newer. I'd look at a lot of stuff at http://www.linuxprinting.org before working too hard. -- Heather
Mike Orr asked:
PS. How do you get Linux to leave Num Lock on by default? I have it set on in
the BIOS startup, but Linux turns it off.
I believe it's specific to your distro. On SuSE, there is a parm in /etc/rc.config to handle it. -- John Karns
"setleds" is what I've used in the past. -- Ben Okopnik
Can somebody who uses DHCP modify this script so that it can be used in both static and dynamic situations? -- Mike
If you can't get your IP Masquerading working, try this "simple" script. If it works from the command line, put it in your boot sequence somewhere or reference it in your startup scripts (see "man init").
Remember to set the variables at the top of the script.
It works on kernels 2.4 and 2.2 only, using iptables on 2.4 and ipchains on 2.2. Your kernel must have the appropriate firewall/masquerading/forwarding compilation options enabled.
It tries to allow all connections initiated by the internal network, while prohibiting connections to the internal network from outside. This is minimal security, you can add iptables/ipchains commands to block certain ports on the gateway if you wish.
For FTP, IRC, RealAudio, etc, you may have to load additional modules.
This script assumes you have a static IP. If you have a dynamic IP (DHCP), you'll need to determine your current public IP and plug it in. You can run ifconfig to see the "inet addr:" manually, or modify this script to automatically determine the current IP.
See the iptables/ipchains manual pages for more information, and the firewalling/masquerading HOWTOs.
The 'xx' function displays each command line as it's run.
See attached ipmasq.sh.txt
Chuck Peters asked:
We are using mailman for our freenet support, CCIL Help Desk Team <email@example.com>, and often the users reply to only the individual who originally answered the question. As much as I don't want to munge the header with a reply-to it would be be better than our problem of users not replying to the list.
I took a quick look at the msg_footer and Python's string formatting rules, but its not giving me the clues to figure out how you are changing the reply-to to the list and the user, or the header containing "Original question from: user". How did you do that?
A wrapper. I'd threatened to post details, and since you ask, I'll do so.
It was a quick hack. Improvements and generalizations happily accepted.
The list begins by delivering to a procmail recipe. In /etc/aliases:
"|/usr/bin/procmail -m /etc/procmailrcs/linux-questions-only"
Because of the location and ownership of the procmailrc, mail is delivered as the user which owns the procmail recipe /etc/procmailrcs/linux-questions-only. In our case we have it owned by "list" which has permission to write to the temporary directory /var/lib/mailman/tmp/.
After several procmail recipes irrelevant to the present thread, the final delivering recipe says:
If you don't need procmail and you can deal with Sendmail's smrsh, or if you're using exim, postfix, qmail, mmdf, etc, you could deliver directly to hdrs.sh over /etc/aliases.
See attached hdrs.sh.txt
and then, hdrs.py:
See attached hdrs.py.txt
The data file /var/lib/mailman/localdata/linux-questions-only is generated by script run from a cron job:
/usr/lib/mailman/bin/list_members linux-questions-only >/var/lib/mailman/localdata/linux-questions-only
The membership of the list doesn't change very fast, so we run this nightly.
An' that's it.
-- Dan Wilder
my queston can linux run on a rs6000 ibm workstation
Yes. That is a PowerPC architecture. Check distributions which offer PowerPC support for more details, but I've definitely seen it mentioned in Debian, Yellow Dog Linux, and Rock Linux.
-- Heather Stern
Hardy Boehm asked:
This may be a stupid question which already was answerd a million times, but I was unable to find an answer on the net.
When I gave her a stuffed Tux as a present, my Girlfriend asked me, what it's sex is?
Can you help me on this???
<patiently> It's obvious. Geek, of course. -- Ben Okopnik
Four out of five sexist computer nerds surveyed agree Tux is male. -- Mike Orr
That might refer to Linus' original comment that penguins are happy because they have just stuffed themselves full of herring or have been hanging out with lady penguins. We only know that Tux is stuffed full of herring, but we can assume Tux hangs out with lady penguins. -- Heather
I am trying to write an ftp macro to run automatically in .netrc. macro is nammed init as in
The macro should get the current date as in
Is that ! supposed to be there?
and use that date to retrieve a set of files as in
where the files are named 1215somethingorother
I can't get the variable pre to be recognized by mget mget uses instead of 1215 ie current date*
I would think you'd need to do
Any ideas? Any place to find help on ftp macro? I have tried web search
I always use the expect programming language (http://members.cotse.com/dlf/man/expect/index.html) when I need to do an "ftp macro".
I don't know where to start. I have used (and been frustrated by) Windows for a long time. Linux seem to be a blessing from above. However, the practical matter is that some things don't work as advertised. There are so many, I don't know where to begin. Lets start with the Genome Calendar. I am running Redhat 6.0 and using the Gnome desktop. I have read the instructions about the Calendar application, but when I set an appointment it never notifies me of it's passing. I leave the user logged in and the application running and minimized on the desktop. The date and time of the appointment comes and goes and nothing happens. Additionally I don't know where to look for further help. Can you suggest something?
Thank you... Larry Gilson
First off RH6 is really old (2 and half years) Cant really comment on gnomecal, but you may want to upgrade gnome (its worth it) and try evolution http://www.ximian.com you can upgrade gnome fairly painlessly from there as well
I am new to Linux and need to get a network involving a Windows2000 box up and running.
I have a windows share which has the "everybody full control" permission set on a windows box on my network.
I can "see" the share on my linux box and can read all data in the share as a normal user. However as a normal user I am totally unable to write to the windows share. I do have write access as root
I have tried using mount with the -o rw options also the chown, chgrp and chmod commands. All meet with failure. The mounted share just will not allow me to alter its permissions so that as a normal user I can write to it.
Do you have any suggestions, I would really appreciate any assistance you can give, this problem has been driving me batty for weeks!
I know that when I was using samba with NT, if you put uid=(any user uid) that user will be able to write, you may be able to make it work using gid - never had chance to try it out
I have a problem that occurs with telnet on my linux machines. the only fix for it i've found is to reload it. telnet will work fine for a few months, and then the same problem recurs. the issues is that when i try and telnet into the machines, i get the first part of the prompt
Red Hat Linux rlease 6.0 (Hedwig)
Kernal 2.2.5-15 on a i 586
/usr/bin/login: no such file or directory
of course, that directory doesn't exist when telnet is working either, so i can't see what the problem is. i have a hacker that's been plauging me, someone in korea, and i am pretty certain that he's responsible for this issue, but thus far i haven't been able to keep him out nor keep telnet running. any suggestions on how to make it work again without reloading the OS would be appreciated.
My first suggestion would be to turn off telnetd permanently. The thing's a horrible security risk, and nobody should use it any more except within a network containing only trusted hosts.
Instead, use Openssh (http://www.openssh.org) which may be available as .rpms for your Red Hat, someplace.
Get OpenSSH-2.9.9p1 or later.
If not available, you can build it from source. You'll need to build OpenSSL and zlib first, as openssh depends on libraries from these.
There's a W*ndows openssh client:
which I have not personally tried. It requires the cygwin.dll libraries, which are a pretty fair-sized download. There's also a small open-source standalone ssh client, putty.exe,
-- Dan Wilder
It's certainly worth your while to download putty's scp program too. Even if you continue to use telnet in some places, putty is a better telnet client than the one that comes with MSwin. -- Heather
If someone has cracked your system and messed with /usr/bin/login (it's a binary file rather than a directory - on my SuSE7.1 system, it's /bin/login) then it would be worth your while, even mandatory to reload the OS. There's no way to tell to what degree your system has been compromised, and what kinds of trojan horse binaries may have been planted.
If you're going to stick with RH6.0, then after re-installing you should visit the RH site and update all the rpm's which were updated for security fixes. After that install a firewall and / or some security programs such as tripwire, port sentry, etc. Consult the security HowTo(s) for more info.
-- John Karns
Also, http://www.linuxsecurity.org is well worth an extended visit. -- Heather
Many users want to keep a little of reminder information for themselves.
Take me for example. Sometimes I want to remind myself of installing a software package, compiling some code, playing a particular game or simply to do my homework.
What I want is a little reminder display at login.
I' m working most of the time in X so I put the following line in my .xinitrc file BEFORE launching the window manager.
test -f ~/.ToDo && xmessage -center -file ~/.ToDo -buttons Discard:0,Keep:1 && rm ~/.ToDo
This one checks if the reminder file ($HOME/.ToDo) exists. If yes, the file is displayed with the xmessage command centered on the screen giving the choice of either discard it or to keep it. If I want to keep it, I click on "Keep", if not, the rm command will remove it.
To be able to edit the file, I use two methods. First of all I have a shortcut to my favourite editor loading the ToDo file in my window managers menu.
Second I have the following lines at the very end of my .xinitrc file:
if [ ! -f ~/.ToDo ]; then xmessage "Create TODO list?" -center -buttons yes:0,no:1 && xjed ~/.ToDo fi
This block asks me at session end if I want to create a TODO file but only when this file is non existent. Substitute xjed with your favourite text editor.
Using the console? Simply put the following line in your .profile or .bash_profile file:
test -f ~/.ToDo && cat ~/.ToDo
This will simply type the ToDo file on your console at login. With a little more of shell programming you can achieve a deletion of the ToDo file at logout as well.
Experiment a while with these - it is a nifty feature and you do not need any extra software. Simply Linux standard packages that come with all Linux distros.
Harjit Gill asked:
I am having a bit of a problem with suse linux 7.2. My problem is on the xconsole I get an error message stating the below:
inetd smtp/tcp (2): bind: Address already in use
The process inetd (process id 83 tried to run some SMTP protocol program (that also uses TCP) but the address that the SMTP program wants is already in use by someone else.
My guess is you're running an email program like sendmail and also running another SMTP program (read: mail) from inside of inetd. Check to see what's uncommented in /etc/inetd.conf, cross reference that with /etc/services and see if anything uses port 25 (which is listed in /etc/services).
Hiya everyone at the Gazette,
Great job again with Issue 72. I especially liked "PDF Service with Samba" by John Bright.
Well I'd like to comment on "Setting Up a Web-based Archive for a Mailing List" by Lawrence Teo.
Let's assume we've already set the mailing list as described in the previous article -- "A Quick and Easy Way to Set Up a Mailing List" and also compiled and installed hypermail. So we're at item 2.2. -- Creating a dummy account, which IMHO has some drawbacks.
Well suppose our project has about 20 researchers enlisted in the mail-list. They also want to share file attachments via e-mail e.g. drawing charts, spreadsheets, tarballs of source code, whatever. So our mail traffic is pretty high. It will soon result with a dummy user mbox several hundred Mbytes of size which will keep growing. Hypermail has to parse the whole mbox to re-index the archive. On P200 128MB RAM it takes 30 sec to parse a 5 MB mbox and 2 min to parse a 25 MB mbox. Suppose you have a 500 MB mbox and cron starts hypermail every 2 min -- despite hypermail's locking mechanism soon you will end with an endless queue of hypermail processes waiting to be executed or if you switch locking off -- even bring the box down to it's knees.
Well all the above may be a bit too far from the real-world situation, neither have I tested it thourougly. However there is a way to go around it and it's actually easier to setup.
What we have to do is as follows:
This will pipe each incoming message for firstname.lastname@example.org into hypermail. Save /etc/aliases and issue the
projarch: "|/path/to/hypermail -c /path/to/projarch.conf"
command. Do not forget to set the output directory for hypermail archives somewhere under the web server document root (Option "dir =" in /path/to/projarch.conf). Create the output directory e.g.
and give the user sendmail runs under (usually user mail) write access to it.
Pay attention to possible values of the "dir =" option in the config file (man hmrc). Using substitution cookies, you can tell hypermail to archive messages in different directories by the date they were received.
chown mail:apache /var/www/html/projarch; chmod 750 /var/www/html/projarch
it means sendmail uses smrsh (Sendmail restricted shell) to execute binaries. In this case do the following:
sh: hypermail not available for sendmail programs
554 5.0.0 |"/path/to/hypermail"... Service unavailable
Then restart sendmail
ln -s /path/to/hypermail /etc/smrsh/hypermail;
Test hypermail again sending a message to the mailing list and pointing your web browser to:
http://mybox.example.com/projarchIt should be all set up.
With this setup of hypermail we do not have to create a dummy user -- hence no multi-Mbyte mbox to parse. We process messages one by one straight as they arrive and update the web archive this very instant - so we don't need no cron job, and we don't need extra setup of Apache.
No need to mention you will need root access to the system but you will need it in the first place -- setting up the mailing list. And note your environment paths may differ from above examples depending on the distribution you use, which is well explained in the original article.
Hope this helps,
Joseph Adamo asked:
I just bought Linux-Mandrake 8.0 and i have it dual booted to my Windows 2000. Linux has a boot up screen menu. The default is Linux , i would like to know how to change the order default so i can change it to Windows 2000 or DOS 6.22, etc.
here's what to do
login as root open up /etc/lilo.conf in ur favourite text editor u'll find a line like this
just cange it to dos (or whatever it might be..and u'r done) oopss.i forgot, run
after saving the changes in ur file and if some idiotic winblows antivirus complains abt a changed mbr after that, don't pay any attention to that
Of course, if you have such an antivirus program, you may want to temporarily disable it, or otherwise advise it that you are deliberately updating the MBR. Otherwise you risk getting it put back the way it was... -- Heather
I wonder if one can dig up a short of whitepaper on crypto file systems(also AES perhaps).
AES (Advanced Encrytption standard) is the new encryption standard after DES and the US government finally decided to use the Rijndael algorithm. This is available with a "free" license and open source.
"AES" in google, third link from top:
which is the official US gov site anouncing Rijndael as chosen AES algorithm along with details on the algorithm, links to source and executables as well as links to the Rijndael developers and more material.
I have been unable to point a friend who is interested in such security issues to a document that addresses not the technical details, but the whys and in broad terms hows
On the Crypto File system for Linux:
put "crypto File system" in the search filed of www.google.com and the 4th link from top will be www.crypto.com/papers/cfs.pdf which seems to be exactly what you are looking for -- not very hard though.
If you would at least use a search engine first you would be more welcome.
Use ssh -n to run an X program from one computer on another.
ssh -n frodo gimp &
will run the GIMP on the host frodo, but display locally.
Using ssh for this is much easier and more secure than setting it up in X manually.
How many times have you installed some cool software on one of the systems at your office, gotten used to running it, then one day tried to run it from a different system only to find it wasn't there?
Now there's an answer. Jablicator for Debian:
automatically builds a package file based on your current software load. Apt-get that package on all your other hosts, and they'll keep in sync.
Color inkjet printers vary widely in their support under Linux. Vendors make these family-oriented units as dumb as possible to keep the cost down. (Think of a color inkjet printer as an in-home display unit to sell you color inkjet cartridges.) As in a Winmodem, all the decisions get made in the driver, and some vendors offer decent drivers for Linux while others don't.
You might find the same printer gives you photo-quality prints from a proprietary OS and a faded, blurry image under Linux. Visit LinuxPrinting.org:
for up-to-date reports on printers and drivers, so you don't get stuck taking your printer back.
For business or even home office use, a reconditioned laser printer with network interface is less hassle than a parallel port inkjet and much cheaper per page. Unless you really want color.
Your Editor had to replace his color printer recently, and I got an Epson Stylus C80 based on the evaluations of the Linux Printing site. It works great from the Gimp with the Gimp Print driver, once I realized the latest Debian Gimp package is "gimp1.2" rather than "gimp". Still not working with LPRng/Ghostscript, but that's a configuration issue rather than a capability issue. My current Debian Ghostscript works fine with my laser printer but doesn't contain the Gimp Print driver for the C80. I tried installing a binary version of Ghostscript with that driver, but that screwed up my LPRng configuration and my other printing. So I can't print directly from Netscape. For now, I'm just opening pictures a second time in the Gimp, which is time-consuming but it works. -Iron.
Mutt doesn't forward messages with MIME attachments by default. To give yourself the ability to include MIME attachments when forwarding a message, set mime_fwd in .muttrc. In our humble opinion this is the most useful setting; it allows you not to include attachments by default but to include them when you want.