Answers 69

From LXF Wiki

Answers 69

<title>Apache begone!</title>

<question>I need to install Apache and mod_ssl, but the tutorial says that first I have to get rid of the Apache version that is there already. It was put there by hand from source. Given that I can probably find the install directory (and then delete it), what else is it that makes Linux aware of an app, in the same way that Windows has a registry where you can clear stuff from? I have managed for the last two years by only uninstalling stuff I put on my Linux box with apt, so there is loads of junk (mainly from coverdiscs of LXF) that I need to clear!</question>

<answer>When you install software from source, it generally installs into /usr/local, unless you specify an alternate location with the --prefix switch. Apache, for example, will install into /usr/local/apache, so simply deleting this directory will purge Apache from your system. Linux has no registry, although for services that start at boot time, /etc/init.d contains the scripts that are used when switching between various run levels. Software installed from source generally will not change anything in /etc/init.d, but will often distribute sample init.d scripts that you can install manually. You can also often do a make uninstall from the source code directory, which should remove binaries, configuration files and libraries installed. However, not all applications provide this, so it requires a little brain-work to hunt code down and delete it manually. It's often a good idea to use dpkg and rpm, depending on which distribution is used, to establish if a file is connected with a package, so you can see if httpd' is actually provided by a package or is just floating around. Unfortunately, since there is no record of things you install manually, if you install it in /usr and it mixes with package-based code, the best option is often just to force an install of the package over the top and clean up after it. Starting off on the right foot with a source install, such as installing it in /usr/local/<package>, is a good idea, so that once you're done with it you can just rm the directory.</answer>

<title>Which distro?</title>

<question>I got a Pentium II computer recently from the London Freecycle group (www.freecycle.org), which I want to set up for my dear mother to use for the internet, instant messaging and OpenOffice.org. I also want it to be part of my planned wireless network. My question is, which easy-to-use distribution should I go for? I'm thinking Fedora Core 3 or Gentoo because I heard that Fedora has excellent support for wireless cards, and Gentoo because it's optimised for your hardware. Although Gentoo is more difficult to install, Pentium IIs are supported, according to www.gentoo.org, and I could not find official Fedora system requirements anywhere. The hard disk capacity is 6GB, but this is upgradeable, and I imagine I'll be able to get the RAM up to at least 128MB from 32MB.</question>

<answer>Gentoo is going to be horrible on a slow box, especially with such a small amount of memory, as compiling anything is going to take an age. I would actually suggest Debian. It's a great distribution for low-end systems, and it will run happily on the hardware you mentioned. You can either download a Debian netinst disc, which will download the required packages from the internet, or obtain the full set of discs and install it. www.debian.org has links to the various ISO images, as well as sites where you can buy a CD set.</answer>

<title>ACPWhy?</title>

<question>I've been out of the Linux game for a bit, and decided recently to give Ubuntu 5.04 a try. I downloaded the 64-bit version for AMD processors (I'm running an A8N-SLI system). The install went very well, and I liked the distribution instantly. The problems began when I started installing drivers. I downloaded the NVIDIA chipset Linux drivers, and discovered I needed the kernel source to install them. I figured out how to download the source, and the drivers installed OK. But on reboot, I discovered my keyboard would not work. I was able to determine it has something to do with the Linux kernel and the BIOS ACPI timings. Disabling ACPI restores the keyboard functionality, but now the processor dynamic scaling does not work, and I'd rather not disable ACPI if I can help it. I read that there are kernel patches that might solve this problem, but I'm unable to decipher the instructions to patch the kernel. If you can list the steps necessary to do this, and possibly what patch to try, I will figure out the rest.</question>

<answer>ACPI is always a lot of fun, especially with new motherboards that are not 100% supported by Linux. You may want to check out http://acpi.sourceforge.net and see if you can find your chipset in the mix. Often there are patches for specific boards, especially if they are popular. Another option would be to upgrade your kernel to the latest release, which is 2.6.11.9, although 2.6.12 will most likely be available once this is in print. If you have specific errors that the kernel outputs when the keyboard fails to work, these will help you establish what the cause of your problem is. You may also want to disable ACPI for IRQ assignment, but leave it running for everything else, which can be done with the pci=noacpi option. There are a number of Linux AMD64 lists that you could try, some of which are distribution-specific. Ubuntu does not seem to have anything AMD64-specific, but its forums are full of questions from people using 64-bit systems.</answer>

<title>Jar jar kinks</title>

<question>I'm trying to install DVDRipper from the June issue of the magazine[LXF67] for perfectly legal reasons and it's driving me nuts! I'm using SUSE 9.2 and KDE. Here's what I've done, several times:

1. Copy the folder from the disc to my home directory. 2. Open Konsole. 3. cd to my home directory and to the program's directory that I copied from the disc. 4. Do the tar xzvf thing to the file marked .tar.gz. 5. Konsole lists the contents of the file as DVDripper.jar and README. 6. cd back to the location of DVDRipper.jar. 7. Try ./configure and get the message, `No such file or directory'.

This is not surprising as the .jar file appears to be an archive in itself. So I tried to tar xzvf the .jar file and got the message:

  `gzip stdin has more than one
   entry, rest ignored. tar: child
   returned status 2 tar: error exit
   delayed from previous errors'   .

I have also tried to extract the .jar file manually with Ark. Where do I copy it to, and shouldn't it be configured and make installed first?</question>

<answer>As DVDRipper is a Java archive, you don't need to ./configure or install it. Simply cd into the directory containing DVDRipper.jar and run

java -jar DVDRipper.jar</answer>

<title>Grubbing around</title>

<question>I am using the Gentoo Linux 2004.2 disc from the October Linux Format magazine [LXF58] and am installing gentoo-dev-sources for the 2.6 kernel as per your instructions on page 108. They said to use

make && make modules_install &&
make install

at the command line to build the kernel and install it in /boot and set up symlinks. No other action is required. I am having a heck of a time getting emerge grub to work. The error message is:

  `/usr/sbin/ebuild.sh: line 55:
   a local command not found.
   !!! ERROR: sys-boot grub
   0.94-r1, failed !!! Function
   src_compile, line 55, exit code
   127 !!! (no error message)' .
   I have tried the Gentoo forum

and the drift seems to be that the kernel is not installed properly. Are there any additional steps? Everything went OK up to the emerge grub point. I can chroot and do /bin/bash.

</question>

<answer>From the research I did, the error you see indicates that you need to upgrade Portage on your system. The specific release of Grub you are trying to install most likely expects functions to exist that are only in the most recent version of Portage. The process of compiling a kernel you mention is accurate, though you'll have to manually edit your lilo.conf or menu.lst files to ensure that your boot loader notices it. We like to modify the filenames of kernels, so rather than just bzImage we use vmlinuz-2.6.11.9 to indicate which version it is.</answer>

<title>Two become one</title>

<question>I have a Linux box running SUSE 9.3 Pro. It was installed with three hard disks in the following configuration, which was taken from fstab:

/dev/hda3           /     reiserfs acl,user_xattr        11
/dev/hda1           /boot ext2       acl,user_xattr      12
/dev/hdb3           /home reiserfs acl,user_xattr        12
/dev/hdb4           /tmp  reiserfs acl,user_xattr        12
/dev/hdb1           /usr  ext2       acl,user_xattr      12
/dev/hdb2           /var  reiserfs acl,user_xattr        12
/dev/hda2           swap  swap        pri=42             00
/dev/hdd1           /shares reiserfs acl,user_xattr        12

hda is 40GB, hdb is 15GB and hdd is 4GB. I have now decided that, as I want to have a CD-writer and a DVD reader installed, it would be better to combine hdb and hdd on to a new 40GB hard drive that I have purchased especially. What I want to know is how I should go about installing, copying and configuring the new disk so that all the data on the existing partitions is copied correctly to new partitions on the new disk.</question>

<answer>This should be a straightforward process. I would install the new hard drive, along with the three existing ones. Boot Linux in single user mode. This is done by either adding single to the kernel parameter line in your lilo.conf or grub.conf, typing linux single on the LILO boot prompt. Or press E on the Grub splash screen, add single after the line starting with kernel, press Enter to save and press B to boot. Then partition your new hard drive to your heart's desire, using fdisk or parted. Format the partitions with the filesystem of your choosing. Mount them manually and copy the files from the old partitions to the new ones ­ I would use the -a flag with cp:

# cp -a /old-partition-mountpoint/* /new-partition-mountpoint
    or
# tar cp /old-partition-mountpoint/* |tar x -C/new-partition-mountpoint/

Then it's down to modifying /etc/ fstab to point to the new locations and you're set!</answer>

<title>Stop start</title>

<question>I needed to set up a PC so that access to and from the internet was stopped (DROP) while access to and from the local LAN was allowed (ACCEPT). I followed the article on pages 54-55 of LXF63 [Network Everything] and also looked at a couple of useful tutorials on the web. I was successful with the following commands:

# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT DROP
# iptables -A INPUT -s
192.168.0.0/24 -j ACCEPT
# iptables -A OUTPUT s
192.168.0.0/24 -j ACCEPT

Great. However, I have two questions. First, when I reboot the settings are lost. They default back to a default of all ACCEPT and my local LAN ACCEPT rules have gone. How can I make the changes stay after a reboot? The second is a curiosity question. 192.168.0.0/24 refers to all devices on the subnet 192.168.0. I thought it would only refer to devices 0 to 24. I have checked that it does what the article says ­ 192.168.0.102 is covered by 192.168.0.0/24, and I am able to ping it on my LAN. I just do not understand why.</question>

<answer>Many distributions have a /etc/init.d/iptables script which can be used to save your iptables rules for reload at boot time. As you didn't indicate your distribution of choice, you may want to check its iptables package and see what exactly it provides for you in terms of init scripts. As a last resort you can use iptables-save to save the rules, then use iptables-restore at boot time to load them again. The /24 means that the first 24 bits of the IP are for the network, and the last 8 are for the host. When a /24 range is defined, 192.168.0.0 through to 192.168.0.255 is included. You can find information on the use of CIDR or `slash' notation for network addressing at http://en.wikipedia.org/wiki/CIDR. </answer>

<title>No direction home</title>

<question>I am setting up an old machine to use as a web server internally on my office network. This is for design purposes before uploading sites to a web host. I am using Mandrake 9.0 and Apache/PHP and have it running OK. I can open the web server using 192.168.0.3:80, which opens the file at /var/www/html/index.shtml. I have replaced this file with my own index.html, which is fine. I would like to keep the files for the websites on /home and would like to know how to reference them. I have tried, temporarily, accessing a content management system at /home/mike/tmp/cinj152/index.php as a link but get a 404 error. What am I doing wrong?</question>

<answer>The root directory for your web services is set by the DocumentRoot option in /etc/apache/httpd.conf. Changing this to /home/mike/tmp/cinj152/, rather than /var/www/html will result in the functionality you need You may also want to move your website into /home/mike/public_html, then you can simply do http://192.168.0.3/~mike/, and get your site.</answer>

<title>Iptables and all that</title>

<question>I have a remote server thousands of miles away. Unfortunately, all I have is the bandwidth and the hardware. Whenever things go wrong, I either have to pay extra or fix things myself. I am also running a software firewall, using the iptables. When a service is unreachable, what's the best way to find out where the breakage is occurring? Secondly, can you recommend a good way of applying firewall rules while making sure my SSH session doesn't get dropped?</question>

<answer>I'll start with your first question. Let's check for the most obvious cause: whether there's a process listening on the port we're trying to connect to: port 25, say.

# netstat -vatnpu | grep 25
tcp       0       0 127.0.0.1:25
   0.0.0.0:*                LISTEN
3971/master
    That shows Postfix is running but is bound to the loopback interface. Loopback is unlike regular network interfaces in that anything bound to it is not accessible to the outside world, but is limited to the same machine. So that might be a point of failure.

But what if the output suggested everything was OK on that front?

# netstat -vatnpu | grep 25
tcp       0     0 0.0.0.0:25
0.0.0.0:*               LISTEN
3971/master

That indicates the daemon is listening correctly on all addresses for all addresses. So let's check if the daemon is actually running healthily. We do this by initiating a Telnet connection from the same machine to the public IP of the external interface. Let's pretend it's 1.2.3.4.

$ telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to 1.2.3.4 (1.2.3.4).
Escape character is `^]'.

Exact output depends on the daemon's config. So now we know that the process is alive and kicking and that the daemon is listening on the correct address or addresses. One last thing we can do on the local machine is to sniff the interface that the daemon is supposed to be listening on; eth0, say. You should look for packets in both directions:

# tcpdump -vni eth0 tcp port 25
tcpdump: listening on eth0, link-type
EN10MB (Ethernet), capture size 96
bytes
21:53:16.627942 IP (tos 0x10, ttl
64, id 4623, offset 0, flags [DF],
proto 6, length: 60) 1.2.3.5.52056 >
1.2.3.4.25: S [tcp sum ok]
2918495501:2918495501(0) win
32767 <mss
16396,sackOK,timestamp 34318082
0,nop,wscale 2>
21:53:16.628093 IP (tos 0x0, ttl 64,
id 0, offset 0, flags [DF], proto 6,
length: 60) 1.2.3.4.25 >
1.2.3.5.52056: S [tcp sum ok]
2929251633:2929251633(0) ack
2918495502 win 32767 <mss
6396,sackOK,timestamp 3431808
34318082,nop,wscale 2>/

These two packets are a SYN and a SYN/ACK message to and from the daemon on port 25 respectively. We could consider two more outputs. The first is where the daemon seems to reply with an address that is different from the destination address in the first packet, like this:

# tcpdump -vni eth0 tcp port 25
tcpdump: listening on eth0, link-type
EN10MB (Ethernet), capture size 96
bytes
21:53:16.627942 IP (tos 0x10, ttl
64, id 4623, offset 0, flags [DF],
proto 6, length: 60) 1.2.3.5.52056 >
1.2.3.4.25: S [tcp sum ok]
2918495501:2918495501(0) win
32767 <mss
16396,sackOK,timestamp 34318082
0,nop,wscale 2>
21:53:16.628093 IP (tos 0x0, ttl 64,
id 0, offset 0, flags [DF], proto 6,
length: 60) 5.6.7.8.25 >
1.2.3.5.52056: S [tcp sum ok]
2929251633:2929251633(0) ack
2918495502 win 32767 <mss
16396,sackOK,timestamp 34318082
34318082,nop,wscale 2>

You may ask why the daemon would send a packet back with a different address than the one it was contacted with. This can happen when you use source NAT incorrectly. If you looked through the output from iptables -t nat -L -vn | grep `[MASQ|NAT] you would probably find the culprit. The last possible output you might come across is where you can't see anything in tcpdump. That happens when your host is blocking access to that port. I assumed the client and server machine have adequate connectivity and that the server is reachable from the client machine, otherwise the answer could fill a book! To answer your second question, I've found that it's not uncommon to get locked out of a machine due to a hasty firewall command or a wrong sequence of commands. There are some precautions you can take. Where I'm implementing a firewall for the first time and need to set INPUT's policy to DROP, I time a service iptables restart in case I'm locked out just after adding all the ACCEPT rules. You need to be in `screen' if you would like to disconnect using the same terminal and then reconnect. You need to reconnect because the existing connection might still be healthy as the packets are matching a rule with ESTABLISHED. The command is as follows:

# iptables -P INPUT DROP &&
sleep10m && service iptables
restart

Do Ctrl+A Ctrl+D to detach from the screen session, log out and reconnect. You can reattach the screen session by typing screen -r and Ctrl+C in the shell, which will cause sleep to fail and service iptables restart not to be issued. We get the same outcome on a generic Linux install by using the iptables save/restore commands supplied in the iptables package. iptables-save is a utility that dumps the kernel iptables setup in a format that iptables restore understands, to STDOUT by default. As you might have guessed, prior to running the script or the DROP rule, we will be saving the current in kernel config, only to a file, by regular redirection. Do this by typing

# iptables-save > ~/iptables-dump

The same config would be instantiated in kernel by typing

# iptables-restore < ~/iptables-dump

The previous process of issuing the iptables commands in a safe way could be repeated by typing

# iptables-save > ~/iptables dump
&& iptables -P INPUT DROP &&
sleep10m && iptables-restore <
~iptables-dump

Or where we're running a script:

# iptables-save > ~/iptables-dump
&& /path/to/firewall/script &&
sleep10m && iptables-restore < ~/
iptables-dump

</answer>

<title>Synaptic woes</title>

<question>I'm setting up a computer for an absolute newbie. He lives very remotely and I will probably never actually meet him. Without him having anyone in his area who knows Linux, I want his computer to be set up to be as newbie-friendly as possible. Two questions then... Firstly, in the Network Device Control interface are seen eth0 and also the external modem, ppp0. This is what we will be using to initiate dial-up. At the moment, eth0 is at the top and therefore selected by default. How do I change this so that the modem is the top of the list? I think there's a config file. Secondly, I want my friend to update through Synaptic as I have found up2date to be extremely temperamental. But Synaptic is having problems downloading files it recommends for updates. A lot of repositories like http://ayo.freshrpms.net are giving `access forbidden' and such like. What's going on? It lists files that should be updated and then seems to time out or say they are not there or just give `access denied' on download. I'm using Fedora Core 2 ­ don't ask why!</question>

<answer>The order of the devices in Network Device Control should not matter, although you will want to remove the default route from the Ethernet device before moving to the modem. /etc/sysconfig/network-scripts/ contains the actual boot time scripts for the various devices, so you can completely disable eth0 by changing the ONBOOT flag within ifcfg-eth0. You can use the yum package manager to manage RPM-based distributions, although up2date should just work on Fedora Core 2. It sounds like Synaptic is having some problems locating the correct updates and downloading them, but verifying each specific URL that it's trying and figuring out what it's trying to do is the best place to start. I would highly recommend using yum, as it is really easy to use and can be used to update a system very quickly.</answer>


<title>Best laid plans...</title>

<question>Having bought my wife an MP3 player for her birthday, I'd hoped to be able to rip all the stuff under Linux so she could pick and choose what she wants to upload. Unfortunately, it would appear that my setup seems to have decided that the partition that my /root, /home and /mp3 partitions (extended) is formatted as a `Linux extended' partition, so the XP install can't or won't see it. The hard drive is set up like this:

hda1 XP(primary)
hda2 /boot(primary)
hda3 /swap(primary)
hda4 extended (apparently `Linux
extended') into:
    hda5 /root (logical)
    hda6 /user (logical)
    hda7 /mp3 (logical)

I thought that what I'd do is to change the format of the extended hda4 from Linux extended to some sort of extended Windows filesystem (FAT32, maybe). But that, it seems, would just screw up all the logical Linux partitions. So my current thinking is to dump everything after the XP/hda1 partition and start from scratch. Which would be something like:

hda1 XP (primary)
hda2 mp3 (primary, but formattedas FAT32)
hda3 extended into:
    hda5 /boot (logical)
    hda6 /swap (logical)
    hda7 /root (logical)
    hda8 /user (logical)

That would leave a primary hda4 for anything else. I'm presuming that it would be easier if the third primary extended drive should be formatted as some sort of Windows format, but I could still use ext3 for the /boot and /swap directories, and reiserfs for the /root and /user. Do you have a better suggestion?</question>

<answer>There is no such thing as a 'Linux extended' partition type, but you will need to change your MP3 filesystem to FAT32 and modify the partition type so that Windows will pick it up. There are several utilities for Windows that allow you to read ext3 filesystems, but it's simpler to allow mp3s to be FAT32 and have Windows pick it up automatically. The extended partition isn't actually formatted ­ it's just a place for the system to plonk additional logical partitions due to the old limitation of four partitions per drive. You can organise partitions within an extended partition however you want, although you will need to use /usr rather than /user. Your swap partition isn't actually a mount under /swap, just a partition with its type set to `Linux Swap'. </answer>

<title>Segmentation</title>

<question>I managed to get my laptop to install Mandriva 2005 from your CD coverdiscs, but I'm having a problem installing to my desktop from the DVD version. All seems to go well until reboot then I get a segmentation error and the boot halts. I've tried doing a fresh install with only the keyboard and mouse attached but I get the same error. I've also given Knoppix 3.3 a go on the same machine as specified below and that fires up no problem. The basic machine spec is:

Athlon XP2400+XFX KT400ALH mobo
3/4 gig DDR333 RAM
SBLive
   The hardware attached is:
HP PSC2110 printer/scanner
Line 6 GuitarPort
Sync cradle for iPaq
BT Voyager wireless router through the LAN port

The installation is on to a fresh 20GB drive in a caddy.

</question>

<answer>Trying another distribution is often a good way to go, so it's easier to verify if it's a hardware incompatibility issue, or something else. Segmentation faults are generally caused by mismatched library versions, or by bad hardware, but it's worth investigating the problem with Fedora Core or Ubuntu before going to the hassle of swapping hardware out. Knoppix 3.3 is fairly old and based on a 2.4 kernel, so if you have a copy of Knoppix 3.7 or 3.8 it may help to install that instead so that you're comparing apples with apples. </answer>

<title>Loader problems</title>

<question>I am trying to install Fedora Core 2 as a Samba server for the Win98/ME boxes in my workshop. During installation I receive no messages of anything unusual, but after rebooting it comes to a halt at Grub. It is completely stuck and it's not possible to write anything. I have tried twice with the same result. Setup is System P2 300, 256 of RAM, Drives 3G for the system and 80G for the files. I am only installing X, KDE and the Samba server plus some minor packages. No mail, internet, firewall nor office packages. I am trying to keep it as simple as possible. I started with SUSE Server 9.0 but it started installing the whole Linux world, and uninstalling packages under Linux is not that simple. I'm close to concluding that Linux is a non-productive system. </question>

<answer>This suggests the machine is unable to read the stage1.5 loader. This is often due to a filesystem issue, or because Grub was not installed correctly. You can boot off a Knoppix disk and manually reinstall Grub with the following commands:

# grub
grub> root (hd0,1)
grub> setup (hd0)

This will tell Grub that your / filesystem is on /dev/hda1 and to install the Grub system into /dev/hda. As you have multiple drives, you will have to review your partition assignments before doing this. Once you issue the `root' command, it will tell you if it can read the stage1.5 and stage2 loaders correctly or not. You may also want to look at installing Fedora Core 3, or a distribution such as Mandrake, which is particularly user-friendly. FC3 contains lots of updates to FC2, which may solve your problem without the headache of reinstalling Grub. </answer>