Answers 73

From LXF Wiki

Answers 73

<title>Triple booting</title>

<question>I have a 40GB hard drive split into two 20GB partitions for Windows XP and Knoppix. I made a new 10GB partition and installed Fedora Core 4 from the [LXF70] coverdisc, wanting a triple boot so I could choose Windows, Knoppix or Fedora Core. When I rebooted after installation, only Fedora Core and Windows were on the boot menu, not Knoppix. I went into Fedora Core, and Knoppix is still there on hda6. I installed Knoppix again hoping that it would add Fedora to the boot menu, but it did not. Now it only shows Windows XP or Knoppix. Is there a way to add Fedora to the boot menu so I can pick XP, Knoppix, or Fedora Core? My setup is as follows:

hda1 Windows XP
hda3 Fedora Core
hda6 Knoppix

</question>

<answer>This is a fairly common situation when installing a second Linux distro. The installers are good at detecting an existing Windows system and adding the relevant option to the boot menu, but very few will pick up on other Linux installations. The result, as you have already discovered, is that your previous distro is still installed, but there appears to be no way to boot into it. As a short- term solution, you can usually use the installation disc in rescue mode to boot your installation. Pressing F1 after booting from the disc usually shows the options. The long-term solution is to add an entry to your current boot menu for the hidden distro. This is made easier here because both Knoppix and Fedora Core use the Grub bootloader. You need to load the Grub configuration files from the two distros into a text editor. First you will need to mount the other distro's partition with

mkdir -p /mnt/fedora
mount /dev/hda3 /mnt/fedora

Then select System > More Applications >File Manager ­Superuser Mode from the KDE menu, navigate to /boot/grub and load grub.conf. Now go to the same directory in your Fedora setup and do the same. Highlight the three lines in the Fedora file starting with `title Fedora Core' and copy them to the Knoppix file. Save and reboot and you should get your three way choice. If the Fedora installer used LVM (Linux Volume Manager) when partitioning the disk, you might not be able to access your Fedora files from within Knoppix, as Knoppix doesn't support LVM. In this case, you need to perform the process from Fedora, so you'll need to first reinstall the Fedora Core boot loader from the installation disc. Start the installer as before and select the Upgrade An Existing Installation option. Select the Update Bootloader Configuration option to reinstall the Fedora bootloader. Now let the update finish, boot into Fedora and copy the relevant section of the Knoppix boot menu to that of Fedora core. If you are interested in the various options for triple (and more) booting with Linux, there is an excellent reference at http://home.planet.nl/~elst0093/motub/multboot.html.

</answer>

<title>Server migrations</title>

<question>I have had a dedicated Linux server with a hosting company for about six years or so. As part of their customer-retention strategy they have arranged for me to upgrade to a newer server with better bandwidth allowance, SLA [service level agreement] and so on. The server is used by my very small business for email, web hosting, a testing server and managing DNS for domains that we own. A few friends and family also use the server for their email and web hosting. Is there a best-practice way of transferring DNS, websites, home directory files and email (Sendmail) to the new server with minimal disruption for myself and other users? I cannot afford to pay the hosting company's staff to do the transfer for me.

</question>

<answer>Server migration, especially when changing distribution and versions (MySQL, Apache and the like), is never a straightforward procedure. However, it is a good opportunity to revise your current setup, and just as when moving house, you will come across a lot of stuff that can be thrown out. Also, this is a perfect opportunity to audit all your configurations and create and test backup and disaster recovery strategies. On the new server, set up and test all the zone files, email configurations, user accounts and websites. You can trick your workstation into believing that the sites are on the new IP by modifying your hosts file (/etc/hosts on Linux, c:\windows\system32\drivers\etc\hosts on Windows XP). DNS is the first target for migration. Point NS records at the registrar to the new name servers at least three days ahead of the planned switchover. Reduce the TTL (`time to live') on your new records to a reasonable 35 minutes so that on IP switchover visitors will clean their cached records of your IPs and pick up the new ones in no time at all. Set the TTLs back to a more internet-friendly value, say 24 hours, a few days after the migration. Depending on your budget and how critically reliant your sites are on a database back-end you may have to take extra precautions on the way you move over your databases. Finally, tend to your log files and web statistics. They're often forgotten during migrations.

</answer>

<title>Four starters</title>

<question>Regarding booting from an external USB or CompactFlash device ­ I have four questions: 1. Is it possible to boot from a USB flash drive if your BIOS doesn't support USB booting? 2. Can a boot CD with Smart Boot Manager pass off the process to the USB? 3. Is it possible to fit an uncompressed Knoppix or Kanotix CD to a 2MB CompactFlash or USB? 4. What parts of the system would be better off on the hard drive, eg swap or logs?

</question>

<answer>I'll answer each of your questions in turn. 1. Yes, but you will need a boot floppy to do this. For example, Puppy Linux has a floppy disc image on the website that can be used to boot it from a USB flash disc. See www.goosee.com/puppy. 2. No. Smart Boot Manager does not support booting from USB devices. 3. It should be, although you shouldn't uncompress the image. USB reading is quite slow, so any reasonably powerful machine would probably uncompress faster than it reads, making the compressed image faster. There are instructions for installing Knoppix on to a 1GB (or larger) flash disc at www.knoppix.net/forum/viewtopic.php?p=64999#64999. Alternatively, Damn Small Linux can be installed on a USB device, and DSL is a cut-down Knoppix. So you should be able to put a full Knoppix on to a 1GB flash disc by booting DSL, running sudo dsl-usbinstall to install it to the USB device and then replacing the knoppix/knoppix file with the full-sized one from a Knoppix CD. 4. Anything that involves writing, especially frequent writing like swap and log files, should not be placed on the flash device. Flash memory has a limited write lifetime, typically between 100,000 and 1,000,000 writes (and as little as 10,000 writes for older devices). If the system is continually writing to the same area of memory, it could fail in a few months. Your choices are: to put these on the hard drive, which limits portability; to write logs to a RAMdisk and copy it back to the flash drive on shutdown, which would limit the writes to one per session; or to use the JFFS2 filesystem from http://sources.redhat.com/jffs2. This is a special filesystem designed to address this problem with flash devices. If you want a ready-made distribution for a flash drive, try Flash Linux from http://flashlinux.org.uk. </answer>

<title>Ejected and rejected</title>

<question>I have very recently installed Mandriva 2005 LE from the [LXF67]coverdisc. The install went very well for a first time Linux user. But I have a problem with installing some of the additional programs. Sometimes I am informed that Mandriva needs to have my DVD in drive hda (my CD drive) and I must then hit Enter. When I put it in, the disc is immediately ejected ­ not surprising as it is a DVD! If I try putting the DVD in the DVD drive instead and hit Enter, the disc is again ejected. If I then simply try to abandon that task I am forced to end the session to do so. My /etc/fstab contains

/dev/hda /mnt/cdrom auto umask=0, user,iocharset=iso8859-15,codepage=850,noauto,ro,exec,users 0 0
/dev/hdc /mnt/cdrom2 iso9660 user,iocharset=iso8859-15,noauto,ro,exec 0 0


</question>

<answer>This occasionally happens with Mandriva installations. Despite the installer running from the DVD drive, it will sometimes add the path to your CD- ROM (or CD-RW) drive to its list of software sources. In your case, it is looking at /mnt/cdrom when your DVD is mounted at /mnt/cdrom2. Fortunately, the solution is dead simple. Put the DVD in the correct drive and start the Mandriva Control Center. Go into the Software Management section and select Media Manager. This will show you a list of software sources ­ possibly only the DVD. Click on the DVD entry, press Edit and change the URL entry from removable://mnt/cdrom/media/main to removable://mnt/cdrom2/media/main, that is, the path to your DVD drive. Click on Save Changes and all should be well.

</answer>

<title>Desert foxed</title>

<question>I have to SSH into three Red Hat servers at one desert outpost (I work for an oil company). The TCP/IP connection to the field servers is an unreliable internet over satellite link. Very often I find myself losing connectivity halfway through an operation, and if I leave a session open for more than 15 minutes, the satellite router (to which I have no access) rudely drops my connection. I know that I can run most applications in the background but I am looking for a solution to maintain a persistent connection. Do you know if there is a budget solution that I can implement?

</question>

<answer>Yes, there is. The Nohup command runs a command immune to hang ups, with output to a non-TTY, while Screen is a full-screen window manager that multiplexes a physical terminal between several processes (typically interactive shells). I am a big Screen fanatic. When invoked as Screen, you can create new windows through a Ctrl+A C with Ctrl+A " (note that is double quotes) to list and select active windows. Ctrl+A D detaches from Screen, to which you can reattach by invoking screen with the -r parameter. If your session drops and you want to reattach to a screen that hasn't been properly detached, invoke as screen -x. Amazing! </answer>

<title>Fstab in the dark</title>

<question>I have an old but

           dependable Compaq
           Deskpro EN (733MHz,
           488MB of RAM) which

I've set up with a 10GB hard drive with Windows XP. I also have the My Documents directory including all my music files, and my SUSE Linux 9.2 installation, on a 40GB hard drive. This allows me to completely max-blast Windows when I want to start again without affecting my documents or Linux. My problem is that SUSE cannot see either of my Windows directories ­ when I look under storage devices it shows only the Linux filesystem.

   I've tried Mandriva and Fedora

Core 4, but the same thing happens. I really want to be able to listen to my music in Linux (and Windows) without changing my windows/documents partition to FAT32. Any ideas?

</question>

<answer> If you installed SUSE after A Windows, the installer

            should have picked up your
            Windows directories and

added them to /etc/fstab, so they would be mounted on boot. If this is not the case, you need to add them to /etc/fstab manually.

   This has to be done as root, so

open a terminal, type sux - to log in as root and give your password. Use whatever editor you prefer to change the file, for example:

sux -

<enter root password>

kwrite /etc/fstab
   You need to add two lines to the

end of this file. This example assumes your Windows NTFS partitions are the first primary partition on each drive. Otherwise, change the device names accordingly.

/dev/hda1             /windows/C
ntfs       ro,users,gid=users,umask=0
002,nls=utf8          00
/dev/hdb1             /windows/D
ntfs       ro,users,gid=users,umask=0
002,nls=utf8          00
   Save the edited file, then create

the mount points. Mount the partitions and check that they are mounted.

mkdir -p /windows/{C,D}
mount -a
df -h
   Provided the mount command

gave no errors and df showed the partitions, you should have full read access to them. Write support for NTFS is very limited in Linux, so Windows partitions are usually mounted read-only. If the mount command gave an error along the lines of `wrong fs type, bad option, bad superblock...', double-check the options you typed into /etc/fstab. NB

</answer>

<title>No boot Ubuntu</title>

<question>I wonder if you can help. I am running Ubuntu and during boot it says the following:

  `fsck failed. Please repair manually.
    * CONTROL-D will exit from this shell and continue system startup.
    root@(none)::~#'.

Ctrl+D does indeed continue the boot process and brings me to the login screen. Logging in gives the error message:

  `Your home dir is listed as: /home/john, but it does not appear to exist.  
Do you want to log in with the / (root) dir as your home dir. It is    

unlikely that anything will work unless you use a failsafe session'.

</question>

<answer>Despite what it sounds like, Fsck is not a chain of clothes shops, nor a strange Linux curse. It is the FileSystem Check program, which performs a similar function to the likes of Scandisk. The first message means that the boot process has detected an error on one of your partitions that needs your attention. It wants you to do this before pressing Ctrl+D to continue. By pressing Ctrl+D straight away you have left it in its faulty condition, so the partition could not be mounted. Presumably, this partition is mounted at /home, which explains why /home/john cannot be found when it fails to mount. The error message should have told you which partition was affected, for example /dev/hda6. If not, typing

grep /home /etc/fstab

will tell you which it is. Now type the following code, replacing `N' with the partition number:

fsck -f /dev/hdaN

After some disk activity and various screen messages, Fsck should exit without an error. To be safe, I prefer to run the command a second time, to make sure things really are fixed. Now you can press Ctrl+D to continue with the boot process. If the problem persists, it is likely that your disk has a fault. Your first action should be to back your data up, now ­ not tomorrow. Then you should install the Smartmontools package ­ from http://smartmontools.sourceforge.net or an Ubuntu or Debian repository, and run

smartctl /dev/hda

for a report on your disk's health. </answer>

<title>Virtually gone</title>

<question>I have just installed Fedora Core 4 and have one quick question ­where have all of the virtual terminals gone in this release? Pressing Ctr +Alt+F1 to F6 just gives blank screens.

</question>

<answer>This is a known bug. The fault lies in the file /usr/X11R6/lib/modules/libvgahw.a so move this somewhere safe (don't delete it, just in case) and replace it with the same file from Fedora Core 3. If you do not have FC3 installed, you can get the file from http://rapidshare.de/files/2399145/libvgahw.a.html. This is advertising-financed web space, so you will need to scroll down to the bottom of the page, click the Free button then scroll to the bottom of the next page for the actual download link. Copy the replacement file to /usr/X11R6/lib/modules/ and reboot. Your virtual terminals should now be back.

</answer>

<title>Zombie fears</title>

<question>I have recently been humiliated by my ISP for spamming. It turned out that a forum I had set up on my home box had been hacked and I was mass mailing the whole world. That issue has been fixed but now I'm losing sleep fearing that my server is a zombie. Do you recommend tools or frameworks for quickly and reliably telling if a machine has been broken into? </question>

<answer>While there is no short answer to that, there are some simple steps that can be followed to reveal most common scripted break-ins. 1. Use ls -lai to determine whether there are any files in /tmp and /var/tmp that shouldn't be there. In particular, watch out for executables, scripts and text files that are full of email addresses. 2. On RPM-based systems it is possible to verify whether system utilities such as Ls, Ps, Netstat and so forth have been replaced with ones that hide the hacker's activity. On a Red Hat-based system, the following packages should be verified using

rpm -V <packagename>

for the following packages: util-linux, coreutils, net-tools, procps and lsof. 3. Check running processes with ps -auxf. 4. Use netstant -tanp to find out whether there are processes listening on strange ports, or inexplicable amounts of outgoing traffic. The -p option shows which program is being used. Very often this is named in a way to make it look like a legitimate program (such as httpd). The lsof command can also list listening ports. 5. Review /etc/passwd to see if any users have been added to the system or have had their UID changed. It's a good idea to compare to a known clean copy of the password file. 6. Check Apache log files for tell-tale signs of exploits where utilities such as Wget were used to download some form of malware. Check other system log files for anything suspicious­ in particular, for log files that have been redirected to /dev/null. 7. Finally, Chkrootkit (www.chkrootkit.org) checks your server for signs of rootkit presence. </answer>

<title>SUSE networking</title>

<question>I just installed SUSE 9.3, and am having a couple of networking problems. I've got the system all running smoothly so far but I'm trying to share my internet connection with two other computers running XP. I'm also trying to have my Linux machine identify my XP network for mapping drivers and view shared folders and so on. I have a problem with my cable modem: now and again my internet connection does not work after booting up. Can you recommend a good book that covers issues like this without too much technical stuff? </question>

<answer> You need two network interfaces on the computer­ one to the local network and one to the internet. The former would be your local Ethernet, the latter your cable modem, which could be Ethernet or USB. You can set up connection sharing from SUSE's Yast. First you need to make sure your internet connection is working properly on the SUSE machine, then turn on routing by going to Network Services > Routing in Yast and ticking the Enable IP Forwarding button at the bottom. Press Finish and it's all done. Now you need to tell the other computers where to look for their internet connection. On each computer, set the gateway address to the IP address of the local interface on the SUSE computer. Browsing shared folders on your windows machines is easy if you use the default KDE desktop. Open a file manager window and type smb:/ (that's a single slash) in the location bar. You'll see a list of your workgroups (usually only one) and you can browse through here to access the various shared folders. If you want to share folders to be accessed from the Windows computers you will need to set up Samba. Go to Internet & Network > Samba in the KDE Control Centre, click the Administrator button for root access and set up any directories or printers you wish to share. Make sure your workgroup name, in the Base Settings tab, is the same as on the Windows boxes. Finally, your intermittent cable modem problem may be a timing issue. Is this a USB modem? Does it have an Ethernet option? If the answer to both is yes, it would be best to add another Ethernet card to your computer and connect the modem that way. If you are stuck with USB, it is likely that the connection is not coming up fast enough to be ready when the computer boots. In this case, the quick solution is to unplug and reconnect the modem from your USB port. This should force it to reconnect to the ISP. As for reading material: do you have a boxed version of SUSE? The SUSE manuals are some of the best around, and have the advantage of being specific to your distro. </answer>

<title>Sudo security</title>

<question>My web developer has been granted access to FTP and SSH into a dedicated server that we are renting. He can upload pages and manage MySQL together with an Apache include file for the server's site-specific configurations. Since our company's security policies dictate that we cannot disclose the root password to a contractor, we are being called by the developer to restart Apache a number of times a day, which is not ideal. What do you recommend? </question>

<answer>If you are running Webmin you will be able to create a user that is restricted to doing nothing but stopping and starting Apache. First, create a new user through Webmin > Webmin Users and select Apache Webserver. Click on the Apache Webserver link to restrict access specifically to whichever aspects of Apache administration the contractor needs. Alternatively, if command line access is preferred, Sudo becomes the way to go. It is likely that a copy of Sudo (www.sudo.ws) came preinstalled with your distribution. The sudo command allows certain users or groups to execute a number of commands as root or otherwise specified. The configuration file /etc/sudoers, editable through visudo as root, defines who can do what as who. The configuration itself can be a bit daunting, and time spent reading the man pages is time well spent. Here is a simplified configuration that can be used to allow user webman' to execute the Apache and MySQL startup files. The user will also be able to kill, as user `apache', any renegade process belonging to user `apache':

Cmnd_Alias       HTTPD = /etc/rc.d/
init.d/httpd
Cmnd_Alias       MYSQLD = /etc/
rc.d/init.d/mysqld
Cmnd_Alias       KILL = /bin/kill
webman           ALL = (root)
NOPASSWD: HTTPD, MYSQLD
webman           ALL = (apache)
NOPASSWD: KILL
    Usage:
$ sudo /etc/rc.d/etc/httpd stop
$ sudo -u apache kill 9982
$ sudo /etc/rc.d/etc/mysqld restart

This should set you straight. HH </answer>

<title>GTK on KDE</title>

<question>I've been using Linux for a while, but there's something I've been puzzling over that I've never worked out. I use KDE for my desktop, but I still use some GTK apps such as Gimp. Is it possible to apply GTK themes to GTK apps running under KDE? If so, how? </question>

<answer> Yes, you can use Gtk-chtheme to preview and select GTK themes. The program is available from http://plasmasturm.org/programs/gtk-chtheme as source code or RPM packages. There's also a Debian package available from the various Debian repositories. An alternative solution is a module for the KDE Control Centre that adds a panel for GTK Styles And Fonts to the Appearance & Themes section. You can get this from www.freedesktop.org/Software/gtk-qt. This module allows you to select a theme in the same way that Gtk-chtheme does, or apply your KDE theme to GTK applications. I use both programs, because the KDE Control Centre module has no preview facility. I'd use Gtk-chtheme to browse newly installed themes, or the KDE Control Centre when I know which one I want. You may as well install both ­ some distros come with the KDE module pre-installed ­ and make up your own mind. </answer>

<title>Debian desktop</title>

<question>I installed Sarge from a DVD distro. Everything seemed to go OK. At the end of the install, it asked me to log in and then dumped me in a full-screen Bash shell. I expected to see a desktop environment. I repeated the procedure using a net load ISO from the Debian site. Same result. What is going on? What do I have to do to get a desktop? Why didn't the install create it for me? </question>

<answer> Debian installs very little by default: just the basics to get a core system working, which does not include X. During the second stage of the installation, after the reboot, you are asked to choose from software collections. The first in this list is Desktop Environment. It looks like this is pre-selected, because the cursor is in the selection box to the left of the name, but it is not. Package groups are only installed when there is a star in the box (see screengrab above). You need to explicitly select the groups you want by moving the highlight bar over them and pressing space. If you simply press Enter at this stage without selecting anything, you will get exactly the system you describe. All is not lost. There is no need to reinstall. Log in as root and type aptitude to load the package manager. Highlight Tasks and press Enter, move down to End-User and press Enter, then highlight Desktop Environment and press `+' to select it. Press G to see what will be installed and G again to begin installation. This will install both the KDE and Gnome desktops ­ you will be able to choose which you use when you log in. There are a few basic configuration questions to answer, but the defaults are fine if you are unsure. You will also be asked some questions to help configure the graphical display. These are the same as you would have been asked during installation, had you selected the desktop option. Once installation has finished, which will take several minutes, your desktop should load the next time you boot up. </answer>

<title>Hiding passwords</title>

<question>I have a simple shell script that is scheduled to download files from a remote server by FTP. In the shell script I have hard-coded USERNAME and PASSWORD to string variables to access the remote server. How do I prevent the USERNAME and PASSWORD being seen by others when they just open up the shell script file? </question>

<answer> The safest way to do this requires SSH access to the server. If this is available, you can use the scp command to send the files. The syntax for this is similar to cp, but it works over an encrypted SSH link. For example, you would download a file with

 scp -p user@server:/path/to/my/file

As it stands, this will still ask for a password, but SSH has a means of authenticating users by means of keyfiles. If you do not already have a keyfile pair, use ssh-keygen to generate them. Full details are in the man page, but ssh-keygen -t dsa will create a pair with the default settings. This generates two files, a private key named id_dsa, to go in ~/.ssh, and a public key named id_dsa.pub. The names will be different if you choose to create RSA instead of DSA keys. Copy the public key to a file named authorised_keys and put this in ~/.ssh on the server. Now SSH will use the keys to authenticate and not require a separate password. If SSH is not an option, you will have to use an FTP client to transfer the files. Some of these have the option to store passwords in a configuration file, which you should chmod to 600 so that only you and the root user can read it. This is safer than putting the password in a script to be used when you run the programs, because then the password can be read with ps while the program is running. For example, Ncftpget and Ncftpput are part of the Ncftp package and accept a login definition file instead of a URL. The file format issimple:

host ftp.host.com
user myuser
pass mypass

Then you can download the files with a single line in your script

ncftpget -f login.def dest/dir path/to/file1 path/to/file2 ...

where login.def is the file containing the login information. Ncftp, the interactive FTP client in this package, is able to store encrypted passwords in its bookmarks file, but this file is not used by the non-interactive Get and Put programs.0 FTP is inherently insecure. Even if your password is not stored anywhere, it is still sent in plain text when logging in. If security is important, you should really look for an alternative means of transferring the files. </answer>

<title>Webministration</title>

<question>We had a Fedora Core-based solution set up as an email, DNS and firewall server for an office of eight people. We manage the server mostly through Webmin, and we have our phone system wired to the server's serial port where call activity gets written to the log file /home/phone/cdr.current. A Cron job emails the previous day's activity daily while we review current telephone activity over SSH a number of times a day.cdr.current gets deleted automatically at the end of each month. After a week it is already substantially long, and too long to view entirely over SSH. Is it possible to view an arbitrary log file through Webmin to avoid additional software being written or installed? We are trying to avoid both unnecessary SSH access and additional software being installed. </question>

<answer>The shell using tail -n would return the last `n' lines of the log file. This in turn could be conveniently piped into tac to reverse the text, effectively listing the latest entries at the very top.

tail -n 200 /home/phone/cdr.current
| tac

Webmin, under the Options tab, makes such commands easily executable. Here is a possible configuration option:

Definition = View CDR
Command = /usr/bin/tail -n 200 /
home/phone/cdr.current | /usr/bin/tac
Run in directory = /tmp
Run as user = Webmin User
Command outputs HTML = No
Maximum time to wait for command
= 5 seconds

Saving the configuration creates a View CDR button, which should provide the functionality. </answer>