Re: [expert] PCMCIA: Texas Instruments PCI1420 not working afterkernel-update
civileme schrieb: t_gecks wrote: configuration: Mandrake 8.1 lspci: ... 00:04.0 CardBus bridge: Texas Instruments PCI1420 00:04.1 CardBus bridge: Texas Instruments PCI1420 ... Windows says: PCI1420 at i/o-address 0x3e0 and irq 11 tried that with [root@... root]# modprobe i82365 i365_base=0x3e0 cs_irq=11 resulted in: /lib/modules/2.4.18-8.2mdk/kernel/drivers/pcmcia/i82365.o.gz: init_module: No such device The pcmcia worked before i updated the kernel. You are lucky _ANYTHING_ works after updating the kernel. You do not update kernels. If you have an updated kernel, you INSTALL it. Afterward you have the choice in LILO of booting either kernel. If you use update instead you have the new kernel with the old kernel modules, a definite mismatch when trying to load modules. Hmmm, you did not say your version but I know we had changed numbering schemes in 8.2 so the automated tools would not update kernels and our advisories which accompany such updates clearly states not to update. Civileme Ok, I'll tell the whole story. I used the MDK 8.1 with kernel 2.4.8-26mdk and a week or 2 ago I updated iptables with the Software Manager to version iptables-1.2.5-1.1mdk. After that iptables said something like: Jul 29 11:09:49 resy54 iptables: iptables-restore v1.2.5: iptables-restore: unable to initializetable 'filter' in /var/log/messages. trying it on the command line it told me that too and that I perhaps needed to upgrade the kernel. So I got the 2.4.18-kernel stuff by hand from ftp://ftp.uni-kl.de/pub/linux/mandrake/Mandrake/updates/8.1/RPMS/ (my local update site). Software Manager did not offer this update, you're right. But now iptables is working and pcmcia doesn't. The kernel has the right modules and the pcmcia-cs is for this kernel. I removed the old one (for the 2.4.8 kernel). Now do I have to change everything back (if this is possible) or install a fresh 8.2 ? ciao Thorsten Gecks Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Lost Control Center
Just upgraded kde from 3.0.1 to 3.0.2 and seemed to go ok... BUT...First what found...ControlCenter stopped working... Have this issue been under discussion and fixed...I have been 2 months now without linux because of travelling,so haven't read news lately... So please,if discussed,point me to topics... Jarmo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] supermount problem?
On Monday July 29 2002 07:11 pm, Darren King wrote: I am running 8.2 with the cooker kernel. With the old kernel, I had no problems accessing cd's but now I get Stale NFS file handle when I try to ls under the cdrom directory. Is this a known bug? Is there a known fix? Darren It's a known problem. It's still the behavior in current cooker and 9.0 beta. If you search the cooker ML archive, I believe some hacks to fix it were disscussed. OTOH, 'ls /mnt/cdrom' should work. -- Tom Brinkman Corpus Christi, Texas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] logcheck and prelude
In LM 8.2, prelude service is included and generates messages to the log files. I use logcheck (and portsentry) and I keep getting messages like these ... Security Violations =-=-=-=-=-=-=-=-=-= Jul 30 06:29:19 www prelude: Debug: Flushing queued report for id=0x4001d680, count=3... Jul 30 06:29:22 www prelude: Debug: Flushing queued report for id=0x4001d680, count=1... I have tried many variations in the /etc/logcheck/ignore file to have these messages ignored, and therefore no email message sent to me about it. I have tried things like... prelude: Debug: Flushing queued report for Flushing queued report for prelude.*: Flushing queued report for.* Debug: Flushing queued report for Has anyone else encountered this and found a logcheck rule to ignore it ? Thanks... Dan. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Building a New Server..
Dear Experts, I'm planning on building a Server for my School, here are the parts I plan on using, please give me your feedback on my selection of parts list. CPU:Celeron 1.8GHz 478 pin MB: ASUS P4B533/WA Memory: PC2100-512/CL2 HDD:MAXTOR MX4G120J8 (120GB) X4 FDD:NEC1231H /NEC CD-RW: BCE4012M (for got the maker..sorry) VIDEO: XPERT 2000 B/K (ATI) LAN:NIF-100R REALTECH BOX FAN: D12A-12PHA (sorry again for got the maker's name) I you know for sure that these parts are bad, please direct me to the url for more information.. thanks for your help and GOD BLESS ALL, near and far! Gavin Gavin's English School Fukushimaken, Fukushima City Nankodai, 2-34-1 Japan Zip Code 960-8143 phone 0245-21-6220 Fax 0245-22-3264 e-mail [EMAIL PROTECTED] Mandrake Linux 8.2 Registered Linux user #199865 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Building a New Server..
On Wed, 31 Jul 2002, Gavin Rollins wrote: Dear Experts, I'm planning on building a Server for my School, here are the parts I plan on using, please give me your feedback on my selection of parts list. CPU: Celeron 1.8GHz 478 pin MB: ASUS P4B533/WA Memory: PC2100-512/CL2 HDD: MAXTOR MX4G120J8 (120GB) X4 FDD: NEC1231H /NEC CD-RW:BCE4012M (for got the maker..sorry) VIDEO:XPERT 2000 B/K (ATI) LAN: NIF-100R REALTECH BOX FAN: D12A-12PHA (sorry again for got the maker's name) I you know for sure that these parts are bad, please direct me to the url for more information.. thanks for your help and GOD BLESS ALL, near and far! Nothing seems wrong with the parts, but they still may not be appropriate for your needs. What will the machine be used for? Other things to consider: How will you perform backups? The RealTeks tend to be cheaper NICs and you could pay a penalty in performance. Without knowing the needs of the server it's impossible to say if this is a factor. Are these drives SCSI or IDE? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Lost Control Center
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 30 July 2002 3:46 am, jarmo wrote: Just upgraded kde from 3.0.1 to 3.0.2 and seemed to go ok... BUT...First what found...ControlCenter stopped working... Have this issue been under discussion and fixed...I have been 2 months now without linux because of travelling,so haven't read news lately... So please,if discussed,point me to topics... Jarmo You more than likely have to update the system menu as I get that, too, every now and then when you updates. - -- - Altoine B Maximum Time Unlimited Chicago Based and Operated http://pgp.mit.edu - You will always forget the most important item if you don't make a list -- Murphy's Food Laws n°10 - 2.4.18-21mdk Mandrake Linux release 9.0 (Cooker) for i586 - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9RsTjxjybQmhmUgYRAunrAKCmHWj37ilGUmrCL6q3fpvXWu/fxgCgu9zJ DfHiEDygL8AegULU/IvfazY= =hxFG -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] How to use sudo?
I'd look this up in the man page, but the package doesn't seem to have one I'm trying to use sudo for some tasks that I start up, so that I don't have to do a full su to root in a shell window first and then execute the command that I want to run. However, I can't seem to get the thing to let me do it. I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] How to add something to chkconfig?
I've added a startup script to my /etc/rc.d/init.d directory, but when I try to do a chkconfig --list {the-file} so that I can see it, I'm informed that service {the-file} does not support chkconfig. How do I add something that exists in init.d to chkconfig? --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Disabling PCMCIA support
VERSIONS: Mandrake 8.2, Kernel 2.4 Hi, I am trying to install linux-wlan-ng in order to get my ActionTec wireless PCMCIA card to work. After a lot of research over the last few days, I have been warned that this may not be possible due to the fact that the PCMCIA source is integrated with the kernel in Mandrake 8.2. Someone pointed out though that it might be possible to disable PCMCIA in menuconfig, and install the PCMCIA-CS source in /usr/src. However, I could not find any reference as to how to disable pcmcia in menuconfig. Initially, I toggled the PCMCIA support in General Setup. However, compiling the kernel crashed during 'make modules' (error below.) I also changed what I think are all other references to PCMCIA (under SCSI Support, Network Device Support and Character devices.) But I was still confronted with the same error shown here: /usr/src/linux-2.4.18-6mdk/include/asm/pgalloc.h:137 'boot_cpu_data_R0657d037' undeclared (first use in this function) make[2]: *** [eni.o] Error 1 make[2]: Leaving directory '/usr/src/linux-2.4.1.18-6mdk/drivers/atm' make[1]:***[_modsubdir] Error 2 make[1]: Leaving directory '/usr/src/linux-2.4.1.18-6mdk/drivers' make:***[_mod_drivers] Error 2 Does anyone think that I am barking up the wrong tree? Yours faithfully, Raphael Summers. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
On Tue, 30 Jul 2002 10:30:07 -0700 David Guntner [EMAIL PROTECTED] wrote: I'd look this up in the man page, but the package doesn't seem to have one I'm trying to use sudo for some tasks that I start up, so that I don't have to do a full su to root in a shell window first and then execute the command that I want to run. However, I can't seem to get the thing to let me do it. I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key if you don't need password protection, just add NOPASSWD like this: ME MY_PC = NOPASSWD: MY_COMMAND bye jipe Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
David Guntner wrote: I'd look this up in the man page, but the package doesn't seem to have one I'm trying to use sudo for some tasks that I start up, so that I don't have to do a full su to root in a shell window first and then execute the command that I want to run. However, I can't seem to get the thing to let me do it. I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com It wants the password for your user... But on to another question, what did you edit sudoers with? I hope it was visudo, because nothing else is likely to produce proper results. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
civileme grabbed a keyboard and wrote: David Guntner wrote: I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) It wants the password for your user... The password for WHAT user? If I do sudo {some command}, doesn't it try to run {some command} as root? I thought that was kind-of the idea? :-) I've tried putting in the root password, but it doesn't take that, although I can su to root all day with that same password. But on to another question, what did you edit sudoers with? I hope it was visudo, because nothing else is likely to produce proper results. Yes. I looked at sudoers first, and noticed the comment at the top of the file saying that it needed to be edited with visudo. So I used that program to edit the file. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] MandrakeUpdate bug found
I was attempting to install the libpcap rpm (to satisfy a dependency issue for snort) and encountered the following error message: [/root] MandrakeUpdate rpminst didn't install: 'libpcap0-0.6.2-3mdk' 'libpcap0-0.6.2-3mdk' added to the already_installed_list already installed: 'libpcap0', SHOULD NOT HAPPEN -- Albert E. Whale - CISSP http://www.abs-comptech.com -- ABS Computer Technology, Inc. - ESM, Computer Networking Specialists Sr. Security, Network, and Systems Consultant Board of Directors - InfraGard - Pittsburgh, PA Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to add something to chkconfig?
Check the man page for 'chkconfig'. Under the 'RUNLEVEL FILES' section is a description of what you need to do. Jim On Tue, 2002-07-30 at 13:38, David Guntner wrote: I've added a startup script to my /etc/rc.d/init.d directory, but when I try to do a chkconfig --list {the-file} so that I can see it, I'm informed that service {the-file} does not support chkconfig. How do I add something that exists in init.d to chkconfig? --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
jipe grabbed a keyboard and wrote: On Tue, 30 Jul 2002 10:30:07 -0700 David Guntner [EMAIL PROTECTED] wrote: So, what the heck password does sudo want from me? :-) if you don't need password protection, just add NOPASSWD like this: ME MY_PC = NOPASSWD: MY_COMMAND I saw that note in the sudoers comment, but the idea here is that if *my* password should somehow become compromised, I don't want to give someone root access on a silver platter :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to add something to chkconfig?
On 30 Jul 2002 at 10:38, David Guntner wrote: How do I add something that exists in init.d to chkconfig? Look in man chkconfig ,in the section: RUNLEVEL FILES. Ray Warren Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) It wants the password for your user... How about the user that you're logged in as ! Thanks... Dan. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Overriding msec
I'm currently (trying to be) running my system with msec set to level 4 for the greater protection level. I've used kcontrol to set my login console settings so that it will show the available users with those new lame icons that replaced the cool penguins, and allow for a reboot from the login window. (If someone is sitting at my console, I don't *care* if they reboot the machine. :) The problem is that msec seems to keep changing my settings back to no icons and no reboot. Argh. Can someone please tell me what I have to put in which file to tell msec that I don't want it dorking around with that setting? It would be much appreciated! --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Building a New Server..
On Tue, 2002-07-30 at 10:16, [EMAIL PROTECTED] wrote: On Wed, 31 Jul 2002, Gavin Rollins wrote: Dear Experts, I'm planning on building a Server for my School, here are the parts I plan on using, please give me your feedback on my selection of parts list. CPU:Celeron 1.8GHz 478 pin MB: ASUS P4B533/WA Memory: PC2100-512/CL2 HDD:MAXTOR MX4G120J8 (120GB) X4 FDD:NEC1231H /NEC CD-RW: BCE4012M (for got the maker..sorry) VIDEO: XPERT 2000 B/K (ATI) LAN:NIF-100R REALTECH BOX FAN: D12A-12PHA (sorry again for got the maker's name) I you know for sure that these parts are bad, please direct me to the url for more information.. thanks for your help and GOD BLESS ALL, near and far! Nothing seems wrong with the parts, but they still may not be appropriate for your needs. What will the machine be used for? Other things to consider: How will you perform backups? The RealTeks tend to be cheaper NICs and you could pay a penalty in performance. Without knowing the needs of the server it's impossible to say if this is a factor. Are these drives SCSI or IDE? If it is a straight file server, you don't need a 1.8 GHz processor, storing and retrieving files take very little CPU over head, you would be better to sink your money into your file I/O subsystem. If it is a DB server then depending on your load, you might be better off going to a lower MHz dual process or system. Two 900 MHz processors can be better that a single 1.8 GHz if the DB software can support SMP. All my servers use 3com cards, the 905, widely used, good support. Bought an Intel card once on a moment of weakness, it died a horrible death, have yet to have one of my 3com card ever die (your mileage may vary). I have a realtec built-in in my laptop, and I find it a pain some times, almost enough to switch back to my 3com PCMCIA 10/100 card. -- ...Rob = Robert Goshko Axis Computer Consulting Services, Inc President Sherwood Park, Alberta, Canada http://www.axis-dev.com/ Supporting the Revolution In Your World = Registered Linux User #260513 1:14pm up 4:32, 2 users, load average: 0.02, 0.04, 0.09 signature.asc Description: This is a digitally signed message part
Re: [expert] Building a New Server..
Hi! If this is just a server, and not a workstation, then there really isn't a reason to put a CDRW in it. However, with the amount of disk space you're dropping into this box I would get some kind of high-capacity tape backup system, as you are mmore than likely going to need to back up files stored on the server. (If you aren't storing any files on this server then I think (4) 120GB drives is *way* overkill.) What is the load on this box going to look like? How many users? What kind of throughput? I'd agree with Kwan on looking at a higher quality NIC...possibly something from SMC or 3Com. I would also consider scrapping the Celeron processor and get a P3 Xeon, as there is a *huge* difference in the server-level performance of these processors. This, of course, depends on what you are using the server for. Hope this helps! Jon 8^) - I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams Gavin Rollins [EMAIL PROTECTED] 07/30/02 11:31AM Dear Experts, I'm planning on building a Server for my School, here are the parts I plan on using, please give me your feedback on my selection of parts list. CPU:Celeron 1.8GHz 478 pin MB: ASUS P4B533/WA Memory: PC2100-512/CL2 HDD:MAXTOR MX4G120J8 (120GB) X4 FDD:NEC1231H /NEC CD-RW: BCE4012M (for got the maker..sorry) VIDEO: XPERT 2000 B/K (ATI) LAN:NIF-100R REALTECH BOX FAN: D12A-12PHA (sorry again for got the maker's name) I you know for sure that these parts are bad, please direct me to the url for more information.. thanks for your help and GOD BLESS ALL, near and far! Gavin Gavin's English School Fukushimaken, Fukushima City Nankodai, 2-34-1 Japan Zip Code 960-8143 phone 0245-21-6220 Fax 0245-22-3264 e-mail [EMAIL PROTECTED] Mandrake Linux 8.2 Registered Linux user #199865 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
David, For example, if you are logged in as user linux1, then it wants the password for user linux1. All other passwords will be rejected. This is why people typically give someone sudo root access (with a limited subset of commands they are allowed to run) instead of the root password (at which point hopefully you have a backup ready in case the person does some damage). Michael -- Michael Viron Project Manager / Primary Developer / Manager of Online Operations General Education Online http://www.findaschool.org At 11:36 AM 7/30/2002 -0700, you wrote: civileme grabbed a keyboard and wrote: David Guntner wrote: I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) It wants the password for your user... The password for WHAT user? If I do sudo {some command}, doesn't it try to run {some command} as root? I thought that was kind-of the idea? :-) I've tried putting in the root password, but it doesn't take that, although I can su to root all day with that same password. But on to another question, what did you edit sudoers with? I hope it was visudo, because nothing else is likely to produce proper results. Yes. I looked at sudoers first, and noticed the comment at the top of the file saying that it needed to be edited with visudo. So I used that program to edit the file. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to add something to chkconfig?
Ray Warren grabbed a keyboard and wrote: On 30 Jul 2002 at 10:38, David Guntner wrote: How do I add something that exists in init.d to chkconfig? Look in man chkconfig ,in the section: RUNLEVEL FILES. No manpage for that, either. Oh great, I'm starting to think that I may have set the system up wrong on this last install Anyone know if there's a good way to tell the system to grab all the documentation off the disks and install it? Or do I have to go back to square one...? --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] possible problems with devfsd standard configuration in Mandrake 8.2
Hello, I am reporting strange problems with my Mandrake 8.2 installation on my Intel PC - maybe the key is with devfsd (Mandrake version is devfsd-1.3.25-1.1mdk). I am a 10-years Unix-user, and a 2 years part-time Unix/Linux admin, but I really don't know devfsd. So I have been reporting several symptoms for several weeks/months : - sometimes after logging, the OS partially hangs : ps -ef does not complete, and I need to reboot - after the second reboot, the OS always works (I mean, ps -ef displays completely); but always, I have modprobe defunct and this modprobe is the son of devfsd (which I unfortunately don't know :-( BTW, the previous partial ps -ef never includes this modprobe defunct - in /var/log/messages, I always have at boot: devfsd: error calling: symlink in GLOBAL devfsd[70]: error calling: unlink in GLOBAL Finally, one strange symptom, that I did not connect to devfsd at the beginning : while scrolling with the wheel in galeon overloaded with maybe 20 or 30 tabs in 6 windows (not konqueror or netscape or else) regularly the session crashed, bringing me back to the login window, and leaving on the virtual consoles (I have only two) a white square/rectangle, 1 inch for each side nearly, including a fixed ugly cursor arrow. Gradually, I became sure that that the wheel caused the crash. Today, I crashed the session while scrolling in evolution, moving the wheel in evolution for the first time in the session, just the first step of the forward move of the wheel; I just migrated to evolution these days. I spent today some time to try to go a bit deeper; I read the man pages of devfsd and devfsd.conf, discovered the startup of devfsd in /etc/rc.d/rc.sysinit and also the one in /etc/rc.d/init.d. As I did not understand clearly the use of the former, I removed the symlink in /etc/rc5.d and rebooted. Now I seem to be able to scroll with the wheel as much as I want in galeon and evolution, and the scroll even seems to be very light and rapid. Some more tests : devfsd, even with the defunct modprobe, dies quietly with pkill devfsd : and the defunct modprobe disappears ! Then I restart it by hand (/sbin/devfsd /dev) and rerun /etc/rc.d/init.d/devfsd start by hand : no modprobe defuncts !!! I don't understand ... As devfsd is S99devfsd in /etc/rc5.d with some others (linuxconf, medusa, local), I renumbered these so that devfsd is really the last one : no use, I still got modprobe defunct ... Unfortunately, I did not see anything useful in the logs (/var/log). I browsed in Google, but I did not see anyone with my problem. Does somebody have an idea ? I am pasting at the end my devfsd.conf : I commented in several USB lines (what tool generated them ???) so it's now identical to the original one from the rpm (excepted some spaces here and there) Best regards -- Robert Grasso @home # Sample /etc/devfsd.conf configuration file. # Richard Gooch [EMAIL PROTECTED] 17-FEB-2002 # # Enable full compatibility mode for old device names. You may comment these # out if you don't use the old device names. Make sure you know what you're # doing! REGISTER.* MKOLDCOMPAT UNREGISTER .* RMOLDCOMPAT # You may comment out the above and uncomment the following if you've # configured your system to use the original new devfs names or the really # new names #REGISTER ^vc/MKOLDCOMPAT #UNREGISTER ^vc/RMOLDCOMPAT #REGISTER ^pty/ MKOLDCOMPAT #UNREGISTER ^pty/ RMOLDCOMPAT #REGISTER ^misc/ MKOLDCOMPAT #UNREGISTER ^misc/ RMOLDCOMPAT # You may comment these out if you don't use the original new names REGISTER.* MKNEWCOMPAT UNREGISTER .* RMNEWCOMPAT # Enable module autoloading. You may comment this out if you don't use # autoloading LOOKUP .* MODLOAD # Uncomment the following if you want to set the group to tty for the # pseudo-tty devices. This is necessary so that mesg(1) can later be used to # enable/disable talk requests and wall(1) messages. REGISTER^pty/s.*PERMISSIONS -1.tty 0600 REGISTER^pts/.* PERMISSIONS -1.tty 0600 # # Uncomment this if you want permissions to be saved and restored # Do not do this for pseudo-terminal devices REGISTER^pt[sy] IGNORE CREATE ^pt[sy] IGNORE CHANGE ^pt[sy] IGNORE DELETE ^pt[sy] IGNORE REGISTER.* COPY/lib/dev-state/$devname $devpath CREATE .* COPY$devpath /lib/dev-state/$devname CHANGE .* COPY$devpath /lib/dev-state/$devname DELETE .* CFUNCTION GLOBAL unlink /lib/dev-state/$devname RESTORE /lib/dev-state # # Uncomment this if you want the old /dev/cdrom symlink REGISTER^cdroms/cdrom0$ CFUNCTION GLOBAL mksymlink $devname cdrom UNREGISTER
Re: [expert] Quota on XFS problems
I tried using the normal kernel (i.e. the non secure one), and it didn't make any difference :( The quota tool still doesn't work as expected. I'm still thinking it has to do with that "if" statement because I don't see what else it could be... Is there anyone running LM 8.2, all partitions XFS, msec level 5, kernel-secure-2.4.18.8, or the normal kernel 2.4.18, etc... that has quota running the way expected (as a user)? Thanks gikoreno --- On Mon 07/29, Bryan Whitehead < [EMAIL PROTECTED] > wrote: From: Bryan Whitehead [mailto: [EMAIL PROTECTED]] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Mon, 29 Jul 2002 11:54:56 -0700 Subject: Re: [expert] Quota on XFS problems > Don't use a secure kernel. The secure kernel does not give out quota > information to users. > > gikoreno wrote: > > Hello everyone, > > > > This is a repost from the newbie list, so sorry about that, I haven't > > > had a reply yet. > > > > I am running LM 8.2, and all my partitions are XFS. > > I am also running the system with msec level 5. > > The machine's Kernel is : kernel-secure-2.4.18.8 > > > > Today I setup quotas for my users. I added the lines that were needed > in > > fstab, and the quotas are being enforced. For some reason it only > works > > certain times... "edquota" opens up an editor, in which I > make the > > changes and then save and quit. Is there a better way of doing this? > One > > that works every time? am I missing a step? > > > > > > My problem is that I would like my users to know what their current > > quota is, and for some reason typing quota doesn't work (the users > for > > which I tried this command do have quota enforced). > > > > If a user types "quota", > > they get something like: > > "Disk quotas for user XXX(uid ): none" > > > > If they type "quota -v" they get something like: > > << > > Disk quotas for user XXX (uid ): > > Filesystem blocks quota limit grace files quota limit grace > > /dev/hda5 0 0 0 0 0 0 > > /dev/hdc7 0 0 0 0 0 0 > > >> > > > > Yet, if I check their quota as root, I get the accurate values. > > In other words, the quota command works as expected only if I am > running > > it as root. > > > > I am guessing it might be that quota can't read something that > contains > > the quota info when it is run as a user. What else could it be? What > > > should I try? > > > > I read the XFS info about the quota system on SGI's site (and in the > > > docs), but they all seem to imply that it should be possible to run > the > > quota command as a user and get the proper result. An edquota is > > supposed to work every time... > > > > My third and last question is that I would like the quota info to be > > > displayed for each user when they log on through ssh. How do I make > that > > happen? > > > > Thanks in advance! > > > > gikoreno > > > > > > > *Join Excite! - http://www.excite.com > > * > > The most personalized portal on the Web! > > > > -- > Bryan Whitehead > SysAdmin - JPL - Interferometry Systems and Technology > Phone: 818 354 2903 > [EMAIL PROTECTED] > > Join Excite! - http://www.excite.comThe most personalized portal on the Web!
Re: [expert] Quota on XFS problems
gikoreno wrote: I tried using the normal kernel (i.e. the non secure one), and it didn't make any difference :( The quota tool still doesn't work as expected. I'm still thinking it has to do with that if statement because I don't see what else it could be... Is there anyone running LM 8.2, all partitions XFS, msec level 5, kernel-secure-2.4.18.8, or the normal kernel 2.4.18, etc... that has quota running the way expected (as a user)? (home machine) [driver@beavis ~]$ quota -v Disk quotas for user driver (uid 501): Filesystem blocks quota limit grace files quota limit grace /dev/hde1 20190640 3000 3200 10352 0 0 [driver@beavis ~]$ uname -a Linux beavis 2.4.18-beavis #1 Fri Jul 19 16:30:23 PDT 2002 i586 unknown [driver@beavis ~]$ rpm -qa | grep quota quota-3.01-0.5mdk [driver@beavis ~]$ id uid=501(driver) gid=501(driver) groups=501(driver),80(cdwriter) [driver@beavis ~]$ Note, I am running a custom built kernel. 2.4.18 + XFS patches. (no other changes) Note: at work quota works on mandrake 8.1 without any problems, including over NFS. Thanks gikoreno --- On Mon 07/29, Bryan Whitehead [EMAIL PROTECTED] wrote: From: Bryan Whitehead [mailto: [EMAIL PROTECTED]] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Mon, 29 Jul 2002 11:54:56 -0700 Subject: Re: [expert] Quota on XFS problems Don't use a secure kernel. The secure kernel does not give out quota information to users. gikoreno wrote: Hello everyone, This is a repost from the newbie list, so sorry about that, I haven't had a reply yet. I am running LM 8.2, and all my partitions are XFS. I am also running the system with msec level 5. The machine's Kernel is : kernel-secure-2.4.18.8 Today I setup quotas for my users. I added the lines that were needed in fstab, and the quotas are being enforced. For some reason it only works certain times... edquota opens up an editor, in which I make the changes and then save and quit. Is there a better way of doing this? One that works every time? am I missing a step? My problem is that I would like my users to know what their current quota is, and for some reason typing quota doesn't work (the users for which I tried this command do have quota enforced). If a user types quota, they get something like: Disk quotas for user XXX(uid ): none If they type quota -v they get something like: Disk quotas for user XXX (uid ): Filesystem blocks quota limit grace files quota limit grace /dev/hda5 0 0 0 0 0 0 /dev/hdc7 0 0 0 0 0 0 Yet, if I check their quota as root, I get the accurate values. In other words, the quota command works as expected only if I am running it as root. I am guessing it might be that quota can't read something that contains the quota info when it is run as a user. What else could it be? What should I try? I read the XFS info about the quota system on SGI's site (and in the docs), but they all seem to imply that it should be possible to run the quota command as a user and get the proper result. An edquota is supposed to work every time... My third and last question is that I would like the quota info to be displayed for each user when they log on through ssh. How do I make that happen? Thanks in advance! gikoreno *Join Excite! - http://www.excite.com * The most personalized portal on the Web! -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] *Join Excite! - http://www.excite.com http://www.excite.com/?PG=EmailSEC=Signature* The most personalized portal on the Web! -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Quota on XFS problems
Bryan Whitehead wrote: gikoreno wrote: I tried using the normal kernel (i.e. the non secure one), and it didn't make any difference :( The quota tool still doesn't work as expected. I'm still thinking it has to do with that if statement because I don't see what else it could be... Is there anyone running LM 8.2, all partitions XFS, msec level 5, kernel-secure-2.4.18.8, or the normal kernel 2.4.18, etc... that has quota running the way expected (as a user)? (home machine) [driver@beavis ~]$ quota -v Disk quotas for user driver (uid 501): Filesystem blocks quota limit grace files quota limit grace /dev/hde1 20190640 3000 3200 10352 00 [driver@beavis ~]$ uname -a Linux beavis 2.4.18-beavis #1 Fri Jul 19 16:30:23 PDT 2002 i586 unknown [driver@beavis ~]$ rpm -qa | grep quota quota-3.01-0.5mdk [driver@beavis ~]$ id uid=501(driver) gid=501(driver) groups=501(driver),80(cdwriter) [driver@beavis ~]$ Note, I am running a custom built kernel. 2.4.18 + XFS patches. (no other changes) Note: at work quota works on mandrake 8.1 without any problems, including over NFS. One more note, I'm running at msec 3. msec 5 might be your problem. You do have you stuff set up paranoid and that means giving as little info as possible Why not try a lower security level? maybe that's the problem? -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to add something to chkconfig?
Go to the MCC and under Installable do a search in the Find: box for man and HOWTO from there you may select the documentation packages to install. Larry David Guntner wrote: Ray Warren grabbed a keyboard and wrote: On 30 Jul 2002 at 10:38, David Guntner wrote: How do I add something that exists in init.d to chkconfig? Look in man chkconfig ,in the section: RUNLEVEL FILES. No manpage for that, either. Oh great, I'm starting to think that I may have set the system up wrong on this last install Anyone know if there's a good way to tell the system to grab all the documentation off the disks and install it? Or do I have to go back to square one...? --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Overriding msec
I'm currently (trying to be) running my system with msec set to level 4 for the greater protection level. I've used kcontrol to set my login console settings so that it will show the available users with those new lame icons that replaced the cool penguins, and allow for a reboot from the login window. (If someone is sitting at my console, I don't *care* if they reboot the machine. :) The problem is that msec seems to keep changing my settings back to no icons and no reboot. Argh. Can someone please tell me what I have to put in which file to tell msec that I don't want it dorking around with that setting? It would be much appreciated! --Dave Check out the how-to on Mandrake Secure Site at http://www.mandrakesecure.net read the man pages man msec man mseclib and create the necessary info in /etc/security/msec/level.local /etc/security/msec/perm.local then run 'msec' Thanks... Dan. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to use sudo?
It should want your password, not the root password. On Wed, 2002-07-31 at 03:30, David Guntner wrote: I'd look this up in the man page, but the package doesn't seem to have one I'm trying to use sudo for some tasks that I start up, so that I don't have to do a full su to root in a shell window first and then execute the command that I want to run. However, I can't seem to get the thing to let me do it. I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to add something to chkconfig?
On Tuesday 30 July 2002 01:38 pm, David Guntner wrote: I've added a startup script to my /etc/rc.d/init.d directory, but when I try to do a chkconfig --list {the-file} so that I can see it, I'm informed that service {the-file} does not support chkconfig. How do I add something that exists in init.d to chkconfig? --Dave CHKCONFIG(8) CHKCONFIG(8) NAME chkconfig - updates and queries runlevel information for system services SYNOPSIS chkconfig --list [name] chkconfig --add name chkconfig --del name chkconfig [--level levels] name on|off|reset chkconfig [--level levels] name -- skip - OPTIONS -- skip - --add name This option adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel. If any runlevel is missing such an entry, chkconfig creates the appropriate entry as specified by the default values in the init script. Later, Jason B. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Can't get phpgroupware working
Hello world! I just untar and run http://127.0.0.1/phpgroupware/setup/index.php to create a header.inc.php file. As explained in installation doc, I did (as postgres user): /usr/bin/createdb phpgroupware /usr/bin/createuser phpgwuser --pwprompt So far so good, but it seems to work with phpgroupware itself (I can re-setup header.inc.php from web interface) but I cannot connect to postgresql database when I try to login. Error is: Warning: Unable to connect to PostgreSQL server: FATAL 1: No pg_hba.conf entry for host 127.0.0.1, user phpgwuser, database phpgroupware in /var/www/html/phpgroupware/phpgwapi/inc/class.db_pgsql.inc.php on line 89 I know user is ok because I connect from command line with: psql phpgroupware phpgwuser Also, I know postgresql is listening to TCP/IP (it is configured so) as long as phpPgAdmin works ok. I'm suspecting that file pg_hba.conf might be the culprit as I put access restriction to local all trust (I couldn't make it work rigth with another config). I'm going nuts with all this and moreover Google does not want to be my friend on this subject (I can't get a similar case solved to have a hint :-(( Thanx in advance!!! ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Mon Jul 29, 2002 at 07:56:32PM -0700, David Guntner wrote: I'm also going to make sure that my FTP server and sshd server are listening to non-standard ports, to make it harder for someone to find an access point. This is trivial. An nmap scan will give an attacker an idea within seconds of where these ports have been re-located. Security through obscurity is no security at all. You're better off to disable FTP if you don't need it, or if you do, configure your firewall to only allow connections from certain IPs. Likewise for ssh. If you're making it semi-public (ie. you need to be able to connect from previously-unknown IPs), you may as well leave them where they are and work on hardening other parts of your system. Putting FTP on port 2020 and SSH on port 4022 will only give you a false sense of security. I aggee with you that security through obscurity is no security at all. However, adding obscurity as a layer on top of existing security certainly doesn't hurt anything. :-) It doesn't, but it also doesn't really accomplish anything except add an extra layer of complexity to your own life. =) I would do as you suggest above, except for the fact that I have no way of knowing what IP addresses I'm going to want to connect from when I'm traveling away from home, and I have a few close friends that I've given accounts to the machine on. They need to be able to access the system from whatever IP their ISP gives them when they login. I do have sshd configured to only honor protocol 2 connections, which I understand helps quite a bit. FTP is needed sometimes, though not often enough that I'll leave it open for now. File transfers *can* be done through ssh, and I'm going to tell my friends that do access the system that if they want to upload/download a file, they'd better get ssh clients that support file transfer. My suggestions: Disable FTP. Use scp or sftp. Protocol2 is a good start, but enforce key-based logins only (ie. disable password authentication). This way no one can attempt to brute force your system, they have to have a key, and know it's passphrase, in order to get in. That's how I have my systems setup. I find it a lot more reliable. And putty, for instance, can do both keys and scp (although I'm not sure if it can do V2 keys with the latest versions of openssh, it may only be able to do V1). -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} msg56665/pgp0.pgp Description: PGP signature
Re: [expert] How to use sudo?
On Tue Jul 30, 2002 at 10:30:07AM -0700, David Guntner wrote: I'd look this up in the man page, but the package doesn't seem to have one Well, the first thing I'd suggest is reading the sudo document on MandrakeSecure: http://www.mandrakesecure.net/en/docs/sudo.php That should answer most, if not all, your sudo questions. I'm trying to use sudo for some tasks that I start up, so that I don't have to do a full su to root in a shell window first and then execute the command that I want to run. However, I can't seem to get the thing to let me do it. I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) Did you try your own password? -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} msg5/pgp0.pgp Description: PGP signature
Re: [expert] Hack attack or not?
(* Another post to expert, another dropped message... *) On Monday 29 July 2002 10:56 pm, David Guntner wrote: I aggee with you that security through obscurity is no security at all. However, adding obscurity as a layer on top of existing security certainly doesn't hurt anything. :-) Indeed, if someone were doing a bulk scan of ip address blocks, wouldn't they most likely miss services on non-standard ports? If they are specifically targeting your address, aren't there ways of slowing them down? Here's a thought, how about a few random bogus services? Something that looks like a ssh login, but _always_ fails--AND throws up a big warning message (to the console or some such) for good measure? Or maybe automatically blocks that IP address for good? Actually, if you're going to do the later, it could be something as simple as a listening socket that blocks any IP address that attempts to connect to it... (Personally I'd get more satisfaction out of wasting the hackers time with a bogus login prompt, but that's just me... :) Finally, David, have you considered the possibility that the security breach actually came from your Windoze :) box? If you picked up a trojan keystroke watcher, and you login from that box, then someone's got your password... On the plus side, if I'm reading the Snort docs correctly, once you have that installed, it will watch for any strange activity on your local network, not just targeted at your linux box. (So, if e.g. your Windows PC starts broadcasting BackOrifice messages you'll know it...) -Jason = In a word -- im-possible! That's two words, said Dibbler. (Moving Pictures) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Lost Control Center
Interesting... I noticed the same thing, went into the icon Preferences/Execute, set run as different user to root. Worked just fine. Then, out of idle curiosity, I tried update-menus. Guess what? It stopped working... (and run as different user was reset.) -Jason On Tuesday 30 July 2002 12:54 pm, nDiScReEt wrote: You more than likely have to update the system menu as I get that, too, every now and then when you updates. = The librarian was, ex officio, a member of the college council. No-one had been able to find any rule about orang-utans being barred, although they had surreptiously looked very hard for one. -- Unseen University politics at work (Terry Pratchett, Eric) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Lost Control Center
(* repost of dropped message *) Interesting... I noticed the same thing, went into the icon Preferences/Execute, set run as different user to root. Worked just fine. Then, out of idle curiosity, I tried update-menus. Guess what? It stopped working... (and run as different user was reset.) -Jason On Tuesday 30 July 2002 12:54 pm, nDiScReEt wrote: You more than likely have to update the system menu as I get that, too, every now and then when you updates. = The librarian was, ex officio, a member of the college council. No-one had been able to find any rule about orang-utans being barred, although they had surreptiously looked very hard for one. -- Unseen University politics at work (Terry Pratchett, Eric) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
Vincent Danen grabbed a keyboard and wrote: My suggestions: Disable FTP. Use scp or sftp. Protocol2 is a good start, but enforce key-based logins only (ie. disable password authentication). This way no one can attempt to brute force your system, they have to have a key, and know it's passphrase, in order to get in. That's how I have my systems setup. I find it a lot more reliable. And putty, for instance, can do both keys and scp (although I'm not sure if it can do V2 keys with the latest versions of openssh, it may only be able to do V1). Ooooh, that sounds promising. I'll have to look into that. Is it particularly hard to make sure that your key is available to those you want to access the system? I presume that even with the system key, they *do* still have to login as themselves, right? :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Monday 29 July 2002 10:56 pm, David Guntner wrote: I aggee with you that security through obscurity is no security at all. However, adding obscurity as a layer on top of existing security certainly doesn't hurt anything. :-) Indeed, if someone were doing a bulk scan of ip address blocks, wouldn't they most likely miss services on non-standard ports? If they are specifically targeting your address, aren't there ways of slowing them down? Here's a thought, how about a few random bogus services? Something that looks like a ssh login, but _always_ fails--AND throws up a big warning message (to the console or some such) for good measure? Or maybe automatically blocks that IP address for good? Actually, if you're going to do the later, it could be something as simple as a listening socket that blocks any IP address that attempts to connect to it... (Personally I'd get more satisfaction out of wasting the hackers time with a bogus login prompt, but that's just me... :) Finally, David, have you considered the possibility that the security breach actually came from your Windoze :) box? If you picked up a trojan keystroke watcher, and you login from that box, then someone's got your password... On the plus side, if I'm reading the Snort docs correctly, once you have that installed, it will watch for any strange activity on your local network, not just targeted at your linux box. (So, if e.g. your Windows PC starts broadcasting BackOrifice messages you'll know it...) -Jason = In a word -- im-possible! That's two words, said Dibbler. (Moving Pictures) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Tuesday 30 July 2002 08:15 pm, PlugHead wrote: (* Another post to expert, another dropped message... *) Hmmm... Apparently I wasn't patient enough. Sorry for the dupes... :} = No one was avoiding him, it was just that an apparent random Brownian motion was gently moving everyone away. (Reaper Man) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Tuesday 30 July 2002 08:39 pm, David Guntner wrote: Ooooh, that sounds promising. I'll have to look into that. Is it particularly hard to make sure that your key is available to those you want to access the system? I presume that even with the system key, they *do* still have to login as themselves, right? :-) --Dave This is definitely the way to go, and the setup works something like this: The remote user provides their _public_ key (prior to first login), and it is added (manually) to $HOME/.ssh/authorized_keys (see man ssh) for that user. When said user attempts to login, this public key is used to encrypt a random string that is sent to the ssh client trying to log in. If the client can return the same random string, decrypted (meaning that it, almost certainly, has the correct _private_ key) then the user is allowed to log in. Each user has their own private key(s), and the host system has no need of knowing what the key(s) actually is... Given the number of bits involved and the fact that 'dictionary lookups' are useless against them, key authentication should be far more secure than password authentication. Even if the user chooses a dumb password, anyone trying to hack your system would need to hack the user's system first, grab _their_ private key, and crack it before they could gain access to your system... -Jason = Pride is all very well, but a sausage is a sausage. -- Gaspode, of course (Terry Pratchett, Men at Arms) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Quota on XFS problems
> Note, I am running a custom built kernel. 2.4.18 + XFS patches. (no > other changes) > Note: at work quota works on mandrake 8.1 without any problems, > including over NFS. Thanks Bryan, I tried msec level 3, and it didn't work. I have the same setup as you with the exception of the custom built kernel+XFS patches. Yet, I still get the << Disk quotas for user XXX (uid ): none >> for "quota" and all zeros for "quota -v". Frustrating, to say the least. I don't know where to start to fix it. I also had posted another thread with thess links: http://marc.theaimsgroup.com/?l=linux-xfs=101697728801467=2 http://marc.theaimsgroup.com/?l=linux-xfs=101701227031491=2 http://marc.theaimsgroup.com/?l=linux-xfs=101701969005112=2 http://marc.theaimsgroup.com/?l=linux-xfs=101902864819725=2 Do you think they might have anything to do with quota not working on my system? gikoreno > > --- On Mon 07/29, Bryan Whitehead < [EMAIL PROTECTED] > > wrote: > > From: Bryan Whitehead [mailto: [EMAIL PROTECTED]] > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Date: Mon, 29 Jul 2002 11:54:56 -0700 > > Subject: Re: [expert] Quota on XFS problems > > > > > Don't use a secure kernel. The secure kernel does not give out > quota > > > information to users. > > > > > > gikoreno wrote: > > > > Hello everyone, > > > > > > > > This is a repost from the newbie list, so sorry about > that, I haven't > > > > > > > had a reply yet. > > > > > > > > I am running LM 8.2, and all my partitions are XFS. > > > > I am also running the system with msec level 5. > > > > The machine's Kernel is : kernel-secure-2.4.18.8 > > > > > > > > Today I setup quotas for my users. I added the lines that > were needed > > > in > > > > fstab, and the quotas are being enforced. For some reason > it only > > > works > > > > certain times... "edquota" opens up an editor, > in which I > > > make the > > > > changes and then save and quit. Is there a better way of > doing this? > > > One > > > > that works every time? am I missing a step? > > > > > > > > > > > > My problem is that I would like my users to know what > their current > > > > quota is, and for some reason typing quota doesn't work > (the users > > > for > > > > which I tried this command do have quota enforced). > > > > > > > > If a user types "quota", > > > > they get something like: > > > > "Disk quotas for user XXX(uid ): none" > > > > > > > > If they type "quota -v" they get something > like: > > > > << > > > > Disk quotas for user XXX (uid ): > > > > Filesystem blocks quota limit grace files quota limit > grace > > > > /dev/hda5 0 0 0 0 0 0 > > > > /dev/hdc7 0 0 0 0 0 0 > > > > >> > > > > > > > > Yet, if I check their quota as root, I get the accurate > values. > > > > In other words, the quota command works as expected only > if I am > > > running > > > > it as root. > > > > > > > > I am guessing it might be that quota can't read something > that > > > contains > > > > the quota info when it is run as a user. What else could > it be? What > > > > > > > should I try? > > > > > > > > I read the XFS info about the quota system on SGI's site > (and in the > > > > > > > docs), but they all seem to imply that it should be > possible to run > > > the > > > > quota command as a user and get the proper result. An > edquota is > > > > supposed to work every time... > > > > > > > > My third and last question is that I would like the quota > info to be > > > > > > > displayed for each user when they log on through ssh. How > do I make > > > that > > > > happen? > > > > > > > > Thanks in advance! > > > > > > > > gikoreno Join Excite! - http://www.excite.comThe most personalized portal on the Web!
Re: [expert] How to use sudo?
David Guntner wrote: civileme grabbed a keyboard and wrote: David Guntner wrote: I've edited /etc/sudoers to allow group wheel to execute all command, and I made sure that my regular user account is part of that group. Then I type something really simple like sudo tail -f /var/log/syslog. It then prompts me for a password. No matter what password I put in (even when I put in the root password), it tells me the password is wrong. So, what the heck password does sudo want from me? :-) It wants the password for your user... The password for WHAT user? If I do sudo {some command}, doesn't it try to run {some command} as root? I thought that was kind-of the idea? :-) I've tried putting in the root password, but it doesn't take that, although I can su to root all day with that same password. But on to another question, what did you edit sudoers with? I hope it was visudo, because nothing else is likely to produce proper results. Yes. I looked at sudoers first, and noticed the comment at the top of the file saying that it needed to be edited with visudo. So I used that program to edit the file. --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com sudo is a per-user type gateway to (possibly limited) programs that normally run as root. when you sudo it will ask for the USER password (your current logged user) Then it willl give you a 5-minute window of (possibly limited) root privileges. There would be no point in asking for the root passwrod, because su does that and gives an unlimited window to all root privs. And if the user isn't authorized in sudoers, it sends mail to root, reporting the incident Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Wierd CPU Utilization
This might be something more... like a kernel based problem but sometimes under high load I have noticed the cpu utilization to go to a number of a negative couple thousand. Attached is a capture of vmstat -n 1. Note that the last column is the precent cpu not being used. Jason B. [root@waturu sbin]# vmstat -n 1 procs memoryswap io system cpu r b w swpd free buff cache si sobibo incs us sy id 2 0 0 4128 4344 2296 321984 0 03328 130 457 14 5 81 4 0 0 4128 4432 2300 321224 0 0 3456 0 358 485 32 64 4 4 0 0 4128 4376 2296 318400 0 0 3200 0 323 527 36 71 42107516 4 0 0 4128 4356 2296 321872 0 0 3968 0 373 426 22 77 1 3 0 1 4128 4468 2300 321712 0 0 3968 11776 402 583 18 87 42107518 3 0 0 4128 4384 2312 321864 0 0 3584 4412 465 494 19 81 0 3 0 0 4128 4372 2316 321848 0 0 4224 0 390 519 20 85 42107518 4 0 0 4128 4416 2320 321740 0 0 3840 0 379 474 22 76 2 5 0 0 4128 4460 2324 321600 0 0 4224 0 388 491 17 88 41297757 3 0 1 4128 4368 2328 321596 0 0 3712 15500 447 517 18 82 0 3 0 0 4128 4464 2332 321612 0 0 3712 3628 439 470 21 84 42524424 4 0 0 4128 4436 2336 320208 0 0 3072 0 336 469 28 74 41698710 5 0 0 4128 7472 2340 318520 0 0 3328 0 324 567 33 70 42524426 2 0 0 4128 4432 2344 321492 0 0 4224 0 365 427 12 88 0 6 0 1 4128 4356 2348 321480 0 0 3712 15416 441 478 12 92 42107519 4 0 0 4128 2360 321488 0 0 3712 2436 439 505 18 82 0 4 0 0 4128 4400 2356 321500 0 0 4224 0 434 691 19 85 41698707 5 0 0 4128 4364 2360 321484 0 0 3968 0 416 568 15 85 0 [root@waturu sbin]# Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Tue Jul 30, 2002 at 05:39:11PM -0700, David Guntner wrote: My suggestions: Disable FTP. Use scp or sftp. Protocol2 is a good start, but enforce key-based logins only (ie. disable password authentication). This way no one can attempt to brute force your system, they have to have a key, and know it's passphrase, in order to get in. That's how I have my systems setup. I find it a lot more reliable. And putty, for instance, can do both keys and scp (although I'm not sure if it can do V2 keys with the latest versions of openssh, it may only be able to do V1). Ooooh, that sounds promising. I'll have to look into that. Is it particularly hard to make sure that your key is available to those you want to access the system? I presume that even with the system key, they *do* still have to login as themselves, right? :-) No, you misunderstand the use of ssh keys (/me smells an article on sshd coming for MandrakeSecure in the near future). There are two types of ssh keys: The server keys and the client keys. The server keys are already in place, a user just has to validate that the server key is ok when they connect, which prevents things like man-in-the-middle attacks. A client key is a user-generated key. I, as a user, run ssh-keygen -t dsa to generate a V2 DSA key. I get a public key and a private key (similar in concept to gpg). The public key I give to the server administrator (or place on the server myself if it allows password authentication) as ~/.ssh/authorized_keys (or the key gets included in this file which can include multiple keys). At this point, if the server doesn't allow password authentication, in order for me to log into that machine, I have to be on the machine that contains the ssh private key. When I connect, I supply the passphrase to the key, which the client-side ssh will sent to the server-side sshd. If my private key matches the public key on the server, I obtain access without having to supply a password (the private/public keypair provides all the authentication the system needs that I am who I say I am). So what you would have to do is have your users (and yourself) generate personal ssh keys, send them to you (as the admin), for you to place into each user's home directory. Of course, make sure that you put their key into *their* account... if you put Alice's key into your authorized_keys file, Alice gets instant access to your account. I hope that makes sense for a very quick-n-dirty response. -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD} msg56677/pgp0.pgp Description: PGP signature
Re: [expert] possible problems with devfsd standard configuration in Mandrake 8.2
Robert Grasso wrote: Hello, I am reporting strange problems with my Mandrake 8.2 installation on my Intel PC - maybe the key is with devfsd (Mandrake version is devfsd-1.3.25-1.1mdk). I am a 10-years Unix-user, and a 2 years part-time Unix/Linux admin, but I really don't know devfsd. So I have been reporting several symptoms for several weeks/months : - sometimes after logging, the OS partially hangs : ps -ef does not complete, and I need to reboot - after the second reboot, the OS always works (I mean, ps -ef displays completely); but always, I have modprobe defunct and this modprobe is the son of devfsd (which I unfortunately don't know :-( BTW, the previous partial ps -ef never includes this modprobe defunct - in /var/log/messages, I always have at boot: devfsd: error calling: symlink in GLOBAL devfsd[70]: error calling: unlink in GLOBAL Finally, one strange symptom, that I did not connect to devfsd at the beginning : while scrolling with the wheel in galeon overloaded with maybe 20 or 30 tabs in 6 windows (not konqueror or netscape or else) regularly the session crashed, bringing me back to the login window, and leaving on the virtual consoles (I have only two) a white square/rectangle, 1 inch for each side nearly, including a fixed ugly cursor arrow. Gradually, I became sure that that the wheel caused the crash. Today, I crashed the session while scrolling in evolution, moving the wheel in evolution for the first time in the session, just the first step of the forward move of the wheel; I just migrated to evolution these days. I spent today some time to try to go a bit deeper; I read the man pages of devfsd and devfsd.conf, discovered the startup of devfsd in /etc/rc.d/rc.sysinit and also the one in /etc/rc.d/init.d. As I did not understand clearly the use of the former, I removed the symlink in /etc/rc5.d and rebooted. Now I seem to be able to scroll with the wheel as much as I want in galeon and evolution, and the scroll even seems to be very light and rapid. Some more tests : devfsd, even with the defunct modprobe, dies quietly with pkill devfsd : and the defunct modprobe disappears ! Then I restart it by hand (/sbin/devfsd /dev) and rerun /etc/rc.d/init.d/devfsd start by hand : no modprobe defuncts !!! I don't understand ... As devfsd is S99devfsd in /etc/rc5.d with some others (linuxconf, medusa, local), I renumbered these so that devfsd is really the last one : no use, I still got modprobe defunct ... Unfortunately, I did not see anything useful in the logs (/var/log). I browsed in Google, but I did not see anyone with my problem. Does somebody have an idea ? I am pasting at the end my devfsd.conf : I commented in several USB lines (what tool generated them ???) so it's now identical to the original one from the rpm (excepted some spaces here and there) Best regards Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com devfsd is still very much bleeding edge... Maybe this next go-round the tide will turn, but someone has to get it tested and working because There are USB memories (storage devices) and CDRWs and webcams and scanners and mice that regularly get plugged in or removed in a hotswap fashion. hotplug is part of the answer, but devices have to ne made and removed dynamically as well and that is the function of devfs. There are firewire hard drives that will soon need support, too. And all of that fluff to some of us is still vital to many users, and it isn't all fluff, either. If you want to build in a failover capability, then the system has to be able to handle the hotswap of drives, so even entry into mid-level servers is partially dependent on devfs. OK, for the rest of it, I have no idea... I am not able to reproduce the messages or behavior on any of my 8.2 machines, so it is a good question. I have the following: 1. Intel BP810 Chipset Celeron 466 128M 10G CDROM floppy, USB mouse and keyboard (Yep a logo-removed barbie(tm)) 2. ASUS A7N266-VM Duron 1G 512M DDR 40G 20G (RAIDed with dual-boot fior win) PS/2 Kbd USB Optical wheelmouse CDRW/DVD 3. Jetway 630TCF with 900MHz C3 192M SDRAM 20G Acer CDRW USB Optical wheelmouse PS/2 kbd 4. ECS K7S5A Voodoo5 5500 800MHz T-Bird 256M SDRAM PS/2 Optical Wheelmouse and Kbd, CDRW 5. Compaq Professional Workstation 5000 Twin 200MHz PPro 512K cache matched step 160M RAM PS/2 Optical wheelmouse PS/2 Kbd, NEC PD drive, 2G 4G SCSI-UW drives. 6. ECS P6VEM C3 733 256M PS/2 Mouse and Kbd 40G, LS120, CD 7. IBM PC300GL PII-300 192MRAM 12G Wearnes CDRW PS/2 Optical Wheelmouse, PS/2 Kbd Intel LX type chipset with embedded CL video on mainboard. Civileme And if you would care to actually paste devfsd.conf this time around, I will read it with interest Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
Vincent Danen grabbed a keyboard and wrote: [...] I hope that makes sense for a very quick-n-dirty response. Yea, it did, actually. Unfortunately, it's more complicated for some of the people that I've given access to my box to deal with, so as much as I'd like to go that route, I don't think it will be happening anytime soon But thanks for the information. I'll keep it in mind for future reference. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Help!
What do I do with this? journal-601, buffer write failed invalid operand: CPU: 0 EIP: 0010:[e0a5017b] Not tainted EFLAGS: 00010286 eax: 001c ebx: e0a649a0 ecx: c0278620 edx: 3121 esi: dffbe800 edi: 1e29 ebp: dffbe800 esp: c1829ea8 ds: 0018 es: 0019 ss: 0018 Process kupdated (pid: 7, stackpage=c1829000) Stack: e0a67284 014e e0a6bfb0 e0a5a798 dffbe800 e0a649a0 0004 002d d8d273c0 c013c0b2 df67d500 0802 c013db59 e0a6b000 002c 0010 e0a5e215 dffbe800 e0a6bfb0 0001 3e2b Call Trace: [e0a67284] [e0a5a798] [e0a649a0] [c012c0b2] [c013db59] [e0a5e215] [e0a5d3f2] [e0a5d400] [e0a675f1] [c0151048] [e0a4da95] [c01413a7] [c014047c] [c01407b2] [c0105000] [c0105000] [c0105876] [c01406a0] Code: 0f 0b 5b 58 68 20 7f a6 e0 85 f6 74 0d 0f b746 08 50 e8 be SCSI disk error : host 0 channel 0 id 0 lun 0 return code = 802 Info fid=0x4ddf0, Current sd08:02: sense key Hardware Error I/O error: dec 08:02, sector 61920 SCSI disk error : host 0 channel 0 id 0 lun 0 return code = 802 Info fid=0x4ddf8, Current sd08:02: sense key Hardware Error I/O error: dec 08:02, sector 61928 -- D. Olson The Mandrake eXPerience http://mdkxp.by-a.com/ MUB-NWN http://nwn.by-a.com/ WinXP - the best thing since induced vomitting. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Lost Control Center
On Wednesday 31 July 2002 02:42, PlugHead wrote: Interesting... I noticed the same thing, went into the icon Preferences/Execute, set run as different user to root. Worked just fine. Then, out of idle curiosity, I tried update-menus. Guess what? It stopped working... (and run as different user was reset.) -Jason On Tuesday 30 July 2002 12:54 pm, nDiScReEt wrote: You more than likely have to update the system menu as I get that, too, every now and then when you updates. None of these helped... BUT..Opened preferences and looked,where icon was pointed (/usr/X11R6/bin/DrakConf) which was link to /usr/bin/consolehelper. I changed link to point /usr/X11R6/bin/drakconf.real and that executes control center ok now... Oh what a guru I am...Am I? --)) Jarmo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Can't get phpgroupware working
Hello world! I just untar and run http://127.0.0.1/phpgroupware/setup/index.php to create a header.inc.php file. As explained in installation doc, I did (as postgres user): /usr/bin/createdb phpgroupware /usr/bin/createuser phpgwuser --pwprompt So far so good, but it seems to work with phpgroupware itself (I can re-setup header.inc.php from web interface) but I cannot connect to postgresql database when I try to login. Error is: Warning: Unable to connect to PostgreSQL server: FATAL 1: No pg_hba.conf entry for host 127.0.0.1, user phpgwuser, database phpgroupware in /var/www/html/phpgroupware/phpgwapi/inc/class.db_pgsql.inc.php on line 89 I know user is ok because I connect from command line with: psql phpgroupware phpgwuser Also, I know postgresql is listening to TCP/IP (it is configured so) as long as phpPgAdmin works ok. I'm suspecting that file pg_hba.conf might be the culprit as I put access restriction to local all trust (I couldn't make it work rigth with another config). I'm going nuts with all this and moreover Google does not want to be my friend on this subject (I can't get a similar case solved to have a hint :-(( Thanx in advance!!! ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com