Answers 65

From LXF Wiki

Answer 65


<title>It's terminal</title>

<question>I am about to start developing an information kiosk that will run from a bootable CD. This is not an internet café-type application but rather what one might see in a mall or similar offering local information. I would appreciate your suggestions on good starting points. I'm leaning towards a Linux-based system but have no idea which distribution I'm going to use. It must have a small footprint window manager, like FVWM, and a browser without toolbar. A printer and magnetic card reader will be part of the hardware environment.</question>

<answer>There are a selection of bootable Linux distributions that will do a great job of providing a dumb terminal for a kiosk. PCLinux OS is a great little desktop distribution that runs KDE and provides a selection of applications. FVWM is a little antiquated, but alternatives such as Sawfish or Blackbox are ideal for use on a simple desktop (see Roundup on page 36). Of course, you need not run a window manager at all, if all you need to do is provide browser access. Simply start up the browser and pass it the geometry to be full screen, and any moving or resizing capabilities are not required.</answer>

<title>Man down</title>

<question>I have been using your excellent Mandrake 10.1 distro with the Gnome 2.6 desktop. This has been installed on a standalone computer, rather than a dual installation. I am considering buying the next edition from Mandrake, as it has worked very well, but I've been rather puzzled by the software installation procedure. I have downloaded various items into the Mozilla download manager but installing these files has proved so far proved impossible. I've used Start > System Packaging > Install Software > RPM Drake and also Media Manager > Configure Media. RPM Drake lists all the software that was on the distro CDs and not installed. No matter where I tell it to search or whatever combination of file names or listing the answer is always `Search results (none)'. I have also tried other ways, like putting the software programs on a zip drive and installing /mnt/removable, but to no avail. Do you think there is a problem with the downloads themselves? Is Install Software not working or have I got the whole thing wrong?</question>

<answer>To access the RPM database or install software you have to be the root user. The database is designed so that non-root users can't easily establish what is installed, or modify the RPM database in any way. You can install software via the command line using rpm ­Uvh <filename> to install a package you downloaded, which will allow you to te if it is an issue with the Mandrake package management front end, or something within the RPM tools.</answer>

<title>Bash... crash</title>

<question>I have LXF58 and am trying to install Gentoo Linux from the coverdisc. I've been using the handbook, but when I get to Chapter 5 (chroot /mnt/gentoo/bin/bash) everything falls apart ­ I think it's something to do with /bin/bash. Also looking at the handbook, doing a Stage 3 install you need to bootstrap.sh but the link goes straight to compiling the kernel. Can you help?</question>

<answer>Lots of things can go wrong when you're trying to run something from within a to access the /bin/sh binary itself to not having the supporting libraries. Assuming the installation was successful, you should at least be able to run bash. Not having information on the specific error responses from the chroot command makes it hard to answer this specifically, so it would be helpful to post these to the LXF forums at www.linuxformat.co.uk. However, it would be a good idea for you to check that the prior installation stages succeeded and that /bin/bash is installed.</answer>


<title>Shrink to fit</title>

<question>The text mode of Knoppix sets the display to 132 columns, but I prefer the standard 80x25 layout, which suits a smaller monitor. Is this controlled by the kernel or by a program; and how do I change it, please?</question>

<answer>Knoppix used the kernel framebuffer for its video, including the console. Pass a vga=normal to the boot prompt if you want a standard console. Go to Knoppix's Help screen for other resolutions, or refer to the table at www.desktop-linux.net/framebuffer.htm for a variety of common resolutions. There is a selection of boot options for the Knoppix distribution, and there are several help screens accessible prior to booting the kernel that list all of the possible arguments you can use.</answer>

<title>Expecting the worst</title>

<question>I've been reading a book on RAID under Linux and have set up a RAID 1 system with two drives. However, if drive 1 fails and I have to replace, I'm unsure of whether I'll need to partition it first or if it will automatically do that during the reconstruction process.</question>

<answer>You might not have to repartition the disk, but this depends on the disk configuration with RAID. If there are individual partitions, such as hda1, hdc3, etc which are used to create the md devices, the new disk will have to be repartitioned, as the kernel is unable to do this itself. The new partitions must be at least large enough to store the RAID image, which can be particularly difficult when two disks that are apparently the same size have a different number of cylinders. Using identical disks helps ­ however, as we all know to our cost, manufacturers usually have batches of disks that just fail, so using disks from the same manufacturer isn't encouraged. If you want an easy solution where you can just slap in a new disk and have it build the RAID image on it automatically, take a look at LVM, which is a high-level partition system. One can create logical volumes (which are similar to partitions out of the md device) which means they are not involved in the RAID array itself. All md0 will consist of is /dev/hda and /dev/hdc, and rebuilding is easy assuming the disks are the same. It's also worth remembering that most hardware RAID systems ignore partitions entirely and use the whole disk that is put into the system, but one can partition this device up into smaller partitions which are distributed across the array. Software RAID devices can be either whole disks or partitions, and the structure needs to be built on any devices added to the array.</answer>

<title>Show and tell</title>

<question>I've just set up a new server with my corporate website running on Apache. I have a folder called /var/www/html/downloads with lots of files, which my customers or staff can download through various links in the website If I type www.secretdomain.com/downloads into my browser it gives me a listing of all the files ­not necessarily something I want. Is it possible to limit people so that they cannot list the whole directory? I looked at using .htaccess to limit this type of access but I don't particularly want to base access on passwords either.</question>

<answer>The ability to show files in a directory as a series of links is a feature of Apache known as indexes. You can turn this on or off by using the Options tag as follows. Search your httpd.conf file for an Options line which also includes the `Indexes' statement, for example: Options FollowSymLinks Indexes. Remove the word Indexes, save and restart Apache. This can be set in several places, either for an individual virtual host or globally, so be sure to search for all applicable iterations.</answer>

<title>Branching out</title>

<question>At our company we are trying to migrate our intranet from a Windows/IIS solution to Apache 2 on SUSE Linux Enterprise Server 9. The main problem is integration with the rest of our network, which runs Windows (Win2K on the servers and WinXP Pro on the clients). Some of the intranet apps we have use NTLM mechanisms to get the user credentials and to provide personalised information as well as various degrees of access to different areas of the intranet. We were looking at replacing these by using apache2-mod_ntlm which ­ even though is not directly available for SLES9 ­ we could compile and load. We found information on the web (www.hannesschmidt.de/drupal/node/12) that apache2-mod_ntlm would work fine in a situation in which you use it in one domain only. Unfortunately that's not the case with us ­ we have a main tree and sub-domains, in which case trust relationships between domains are used to provide authentication and access. Our Win2K servers are using Active Directory to authenticate users. Can you confirm that the information we found in the online article is correct? What sort of thing would you recommend? Would a minimal subset of Samba help?</question>

<answer>Samba can be used to replicate information from an Active Directory server, which can then provide information to the mod_ntlm system under Apache. It looks like other people have had problems with multiple domain mod_ntlm, judging by the open bugs on the SourceForge project page ­ mod_ntlm doesn't appear to be that well maintained any more. It's worth remembering that Active Directory implements LDAP, so mod_ldap can be used to access the directory information. There's more on this at www.wlug.org.nz/ActiveDirectoryAuthenticationNotes, which suggests some success in using Active Directory with Apache.</answer>

<title>Off message</title>

<question>I've recently been finding a lot of messages like the following in /var/log/maillog:NOQUEUE: server.domain.com [192.168.1.39] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Can you tell me if this message is something meaningful? And if there is anything I can do to get rid of it?</question>

<answer>Sadly I cannot tell much from this message alone. It basically means that someone or something has connected to the SMTP port but has not sent a message and then broken the connection (or been disconnected by the server). Maybe you have a spam blacklist configured and it will not allow this sender through, or it may be a probe to check what mail daemon software you are using. It could be as simple as a dropped connection during a mail send. You will probably find that there is another entry in your logs just before this one, which will tell you more as to why this is happening. </answer>

<title>New to TightVNC</title>

<question>I need your help with setting up two TightVNC servers: Windows XP and Mandrake 10.1. I also need help using the client, as I have never used this tool before. I used to have a KVM switch so I could switch between them both but that's now shuffled off this mortal coil. I need desktop connections to both my PCs and have been told that TightVNC was the best application to do the job. I have installed it in Linux but have no idea how to configure it or start the service running.</question>

<answer>You can run TightVNC on Linux with vncserver, which will create a new X server instance on the system for you. Usually this will be :1, which runs on port 5901 for VNC; you can then access this using VNC client on the Windows system. A selection of basic X applications will be started, through which you can get a terminal going.</answer>

<title>Alias angst</title>

<question>Thanks for the wonderful Apache documentation from LXF39. It really helped me. But the virtualhosts aliases don't work using PHP, though they do work with TXT. Here's a part of my httpd.conf:

RewriteMap lowercase int:tolower
RewriteMap host-map prg:/var/
www/hosts.php
RewriteEngine On
RewriteRule ^/icons/(.+) /var/www/
icons/$1 [L]
RewriteRule ^(.+)
${lowercase:%{HTTP_HOST}}$1 [C]
RewriteRule ^(www\.)?([^/]+)/cgi-
bin/(.*) /var/www/users/${host-
map:$2|$2}/cgi-bin/$3
[T=application/xhttpd-
cgi,L,E=VHOST:$2]
RewriteRule ^(www\.)?([^/]+)/(.*)
/var/www/users/${host-
map:$2|$2}/$3 [E=VHOST:$2]

Here's the hosts.php:

#!/usr/local/bin/php -q
mysql_connect("localhost","iglou",

"Frosties");

$fdin=fopen("php://stdin","r");
$fdout=fopen("php://stdout","w");
set_file_buffer($fdout,0);
while($l=fgets($fdin,256)) {
   fputs($fdout,key_lookup($l)."\n");
}
function key_lookup($key) {
    $res=mysql_query("SELECT dir
FROM iglou.web_aliases WHERE
alias='$key' LIMIT 1");
  if(@mysql_num_rows($res)) {
      return @mysql_result($res,0,0);
    } else {
       return $key;
    }
}
    And the MySQL `web_aliases'
table in the database `iglou' looks
like this:
 CREATE TABLE `web_aliases` (

`id` int(6) NOT NULL auto_

 increment,

`ws_id` int(6) NOT NULL default `0', `dir` varchar(50) NOT NULL default `',

  `alias` varchar(50) NOT NULL
 default `',
  PRIMARY KEY (`id`)
 ) TYPE=MyISAM AUTO_
 INCREMENT=2 ;
 INSERT INTO `web_aliases`
 VALUES (1, 0, `original-domain.net',

`alias-domain.net'); The problem is that when I try to access alias-domain.net it points to /var/www/users. What do you think is the problem? /question>

<answer>The first step for you to take is to run the PHP script from the command line, and pass it a domain name which you can then use to verify that is sending the correct information back to Apache. It may be that there is a hiccup with connecting to the database, or that the script is bailing out at some point. The fact that it returns nothing, rather than the original entry, suggests to me that it's not very happy with something in the database. We tested your script, and it worked. However, as we were building the database config from scratch, it's likely that we missed a problem existing in your configuration.</answer>

<title>Boot switcheroo</title>

<question>I have two hard drives in my PC, labelled as hda and hdb. Hda contains MDK 10.1 and Win2K. I put in hdb yesterday and installed Ubuntu on it, hoping that the boot loader (Grub) would detect the operating systems on hda. It did so ­ however, when I came to try to boot any of the options it couldn't find the image ­or something like that. I installed Mepis over Ubuntu and got the same problem. Do I need to change the boot loader of hda instead of hdb?</question>

<answer>If you installed Ubuntu on to hdb, you will need to tell your BIOS to boot off the second disk, or install chain loader in Grub on the first disk to jump to Grub on the second. If you want to temporarily boot off the hdb Ubuntu drive without making the changes permanent, most BIOSes have a `select boot device' option available by pressing F11 or F12.</answer>

<title>Domain pain</title>

<question>I have a Red Hat 8.0 server with one primary domain. A friend of mine recommended I check out www.DNSreport.com, which performs a variety of useful tests on the DNS records as well as the server itself. Everything went through fairly well but my domain failed on one test. The following is from DNSreport.com:

ERROR: One or more of your mailservers does not accept mail in the domain literal format
(user@[0.0.0.0]). Mailservers are required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses.

I'm not sure how to go about fixing this problem ­ or even if it's worth fixing.</question>

<answer>RFC1 123 requires the ability to use domain literals (ie using [s and ]s) tospecify the IP address of a mail server, and thus bypass normal DNS mechanisms. For security and for spam prevention reasons, not all mail servers are configured with it enabled by default. If you would like to have your Sendmail daemon server accept mail sent to it in this way, you can add a line containing only [10.10.10.10] to /etc/mail/local-host-names where 10.10.10.10 is the IP address you would like sendmail to listen to.</answer>

<title>Partition politics</title>

<question>I have an 80GB hard drive, which is configured as follows:

hda1 12.9GB Vfat (Win98 SE) 0-27045
hda2 776MB Linux Swap 53789-55366
hda3 16.7GB Linux 55367-90269
hda4 32.9GB Linux 90270-158800

Using YaST I managed to reduce the size of hda1, thus leaving a space at 27046-53788. Unfortunately fdisk does not see the spare space and I must first delete a partition. Is there any way I can use fdisk to delete hda1 and reconfigure it as two partitions without destroying the data on hda1? If I reconfigure hda1 as 0-27045 and the new partition as hda5 would hda1 be reformatted and the data destroyed?</question>

<answer>As you already have hda1­4, you can't create any other partitions without deleting one and creating an extended partition. The swap filesystem is an ideal candidate for this, since you can dump it without losing any important data. You can create hda2 as 27046-55366, then create hda5 and hda6 as logical partitions within hda2. Being forced to have to have four primary partitions is a 20-year-old legacy issue, which unfortunately is still sticking around. Usually it's a good idea to avoid creating more than one primary partition, and just use extended partitions for everything else, so that if additional partitions have to be created it's easy enough to do so without deleting anything. Each disk can have a single extended partition, which can contain as many logical partitions as you like.</answer>

<title>Antivirus ideas</title>

<question>I have been looking at (free) antivirus software for Linux and the two that have come to my attention are F-Prot and Panda. I have installed the F-Prot RPM but note that it's command line-only, and try as I may I can't seem to actually get it to load. Panda also seems to be a command line scanner so I suspect that every time I want to scan a file I have to do it manually. Is there such a thing as a GUI-based antivirus scanner for Linux that will just keep running in the background?</question>

<answer>There really is limited demand for a virus scanner under Linux. Most virus scanners for Linux are built for use on mail servers, which filter email destined for Windows systems to protect the users. As there are so few viruses that target Linux applications, there is no need to run a dedicated virus scanner. However, you may want to ensure that you regularly run chkrootkit to verify that the system has not been exploited through a vulnerable service, or an exploited binary. If you're set on a scanner, one of the best we've used is ClamAV, available fromhttp://clamav.sf.net/.</answer>


<title>D for desperate</title>

<question>Last night I installed Mandrake on my daughter's PC to run an MP3 player not supported by Win98. Initially I tried Partition Magic to create the partition on the C drive. Needless to say it crashed, as did Windows, and a reset was needed, so I used the Mandrake partitioner. So far, so good. The problem we have is the D drive, which I made no attempt to touch. Windows can't read it, though Mandrake could last night. I decided to copy the contents of the D drive on to C so that the D drive can be formatted. However, this morning Mandrake can't see the files. There's about 4GB of data still there comprising program files for installation and MP3 files (life-threatening). I strongly suspect you will say there's nothing can be done other than to bite the bullet, but anything more positive from you will be much appreciated.</question>

<answer>You can use fdisk to verify which partitions exist on which disks, by running fdisk ­l /dev/hda, and so forth. You didn't indicate if drive D is on a second physical disk, or a partition on the first disk. It may be that the partition structure became corrupted during the resizing process. You will have to manually mount the disk in Mandrake by running:

$ mount /dev/hda2 /mnt/dos

replacing /dev/hda2 with the partition containing the files.</answer>

<title>Share with the group</title>

<question>I want to give myself, as user, permission to use my CD-ROM, CD writer, floppy and so on, and avoid the `Permission Denied' error message when using programs such as CD Player. If I go into a terminal as su ­ or log in as root ­ and type chmod 666 /dev/hdc, all is then OK for the duration of the session. Unfortunately, when I reboot I lose the new settings, and am back with Permission Denied! What am I doing wrong? Is there any way of getting Linux (Fedora Core 3) to remember the settings? This seems such a basic problem and must affect many newbies, yet it never seems to be covered in magazine articles or textbooks (which I have studied by the score).</question>

<answer>You can solve your permissions problems by adding your user to the cdrom' group, by adding the username to the line starting `cdrom' in /etc/group. Unix is traditionally rather restrictive about users accessing physical devices, so everything is split up into multiple groups in order for granular access to be provided. For other devices, check out the file in /dev and see which user and group it is set up as.</answer>

<title>Gallery gripes</title>

<question>Before we begin let me tell you I'm not some super computer-user and all I know about Linux is that my website runs on it. I have Gallery installed on my website so that my family and friends can check out my holiday photos. I run the site on web space I was given on the server at work, but they have recently upgraded their system and apparently Gallery has been upgraded from version 1.3 to 1.4. When I try to move my albums back into Gallery it tells me that I need to upgrade all my albums. This is fine by me, but when I click Upgrade it tells me that it cannot access the album.dat file ­ Permission Denied. The guy who runs the server said he set all the ownerships to my user account to try to overcome this. He can't really help me much more as he is already doing me a favour by doing all this during working hours. What could I recommend to him to try to resolve this quickly?</question>

<answer>Gallery is extremely fussy about the permissions and ownership of its files. I think it's more than likely that the data he copied off the old server has some inconsistencies with the data on the newer system. Ask him to make sure that all the file ownerships are the same as before, rather than setting them all to your user account, as there are some files that need to be readable and writable by, for example, the Apache user. The best thing to do would be to take the exact error that you're getting to the Gallery website (http://gallery.sourceforge.net/) and see if they have it listed in their extensive documentation section. If your error is not listed anywhere it might be worth posting a comment in the forums.</answer>


<title>Porting probs</title>

<question>Unfortunately, I have recently had my system security compromised and I am now running iptables to filter traffic into my Fedora Core 2 server. The server runs a corporate website and anonymous FTP for software downloads. I am allowing incoming traffic to port 80 and ports 20 and 21. However, I am unable to download files from the server via FTP when connecting using passive transfers ­ the connection just times out. Can you help me?</question>

<answer>The reason passive FTP is not working is that in passive transfer mode the server tells the client to open a new connection to it on an arbitrary high port (above 1024). However, the firewall needs to be configured to accept traffic on this port in particular, as if you open up all the high ports then essentially your server will be wide open again. This was a classic problem with older software firewalls and packet filters (such as ipchains and ipfwadm). However, iptables can do stateful connection tracking. First you'll need to verify that you have ip_conntrack and ip_conntrack_ftp compiled into the kernel or compiled as a loadable module (this should be the case with a stock Fedora kernel). With this done you can add the following iptables rules:

# The following two rules allow the
inbound FTP connection
iptables -A INPUT -p tcp --sport 21 -
m state --state ESTABLISHED ­j
ACCEPT
iptables -A OUTPUT -p tcp --dport
21 -m state --state
NEW,ESTABLISHED -j ACCEPT
# The next 2 lines allow active ftp
connections
iptables -A INPUT -p tcp --sport 20

-m state --state

ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport
20 -m state --state ESTABLISHED ­j
ACCEPT
# These last two rules allow for
passive transfers
iptables -A INPUT -p tcp --sport
1024: --dport 1024: -m state --state
ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport
1024: --dport 1024: -m state --state
ESTABLISHED,RELATED -j ACCEPT

<code> In the active FTP transfer rules above the client sends the server a high port to connect to and the server connects to this port from port 20 to initiate the transfer. However, if the client is also behind a firewall that isn't stateful then this will not work, and passive transfers will be required.</answer>

<title>Log in, log out, log in...</title>

<question>In my daily activities I run my system as a normal user, not as root. So far, so good. What I want to know is if it's possible to read the mail of root while logged in as normal user. I run SUSE 8.2 and there I have the possibility of running a root console, but when I enter: root and password for root and after that enter: mail, I only get the mail of the logged-in user. I would like to see the mail of the root user but to do that I have to log out and log back in as root; and after reading the mail, I have to log out and them log back in again. There has to be a better way to read the mail of the root user without having to go through the whole logout and login process. Can you help?</question>

<answer>You can configure the mail routing for root through /etc/aliases, and mail can be delivered to any system user rather than the standard root user. Depending upon the mail software, you may have to run newaliases to rebuild the database used by the MTA (mail transfer agent).</answer>

<title>Modems and SUSE</title>

<question>I have just bought Linux SUSE 9.2 Professional. The problem I am having is with my internal modem. Written on the modem is CONEXANT CX06834-11. This modem runs well with Windows XP but will not run with SUSE 9.2. Can you tell me what modem (internal) will run with Linux, and where it is available? I have tried linmodems.org and linuxant.com but had no luck.</question>

<answer>Conexant do not write a Linux driver for any of their modems. However, Linuxant offer Linux support for your modem, though they do charge a fee for this driver. They previously made a free beta driver, which they have since taken down, but you may still find it somewhere. The paid-for version costs $15 and entitles you to a year of upgrades on this driver. SUSE 9.2 is fully supported. You can download a free version which limits you to 14.4 from www.linuxant.com/drivers/hcf/full/downloads.php so that you can verify this before buying.</answer>