Answers 82

From LXF Wiki

Answers 82

<title>NFS and Mepis</title>

<question>I enjoyed the version of Mepis with last month's LXF [LXF79], especially as it is the first Linux version I've tried in which Skype works well. However, I was disappointed that there was no sign of NFS, meaning I could not use my Linux network. The Mepis website was no help as others have the same problem. So I returned to Kubuntu, which does not seem too different and does most things well (though I regret that Midnight Commander is not available for either system). Can you give me instructions for getting NFS working in Mepis? </question>

<answer>While Mepis comes with NFS enabled in its kernel, it does not have Portmap installed, which is needed to mount NFS partitions. Run Synaptic, go to Settings > Repositories and enable the first entry, the Debian one. Click on Reload to get the latest package lists, then use the Search button to find and install Portmap. You also need to check that the Portmap service is started when you boot ­ theinstallation should take care of this. You should now be able to mount the NFS export with the standard

mount -t nfs hostname:/exported/dir /mnt/somewhere

If you have already tried, unsuccessfully, to mount this export in the same session, you may need to reboot before it works. NFS can be a little quirky about things like that. Midnight Commander is available for Mepis, once you activate the Debian source that you needed to install Portmap. Again, search in Synaptic and you will find it. The package is called mc. </answer>

<title>Ignorance is bliss</title>

<question>Our intranet runs on Debian Sarge, with around 1,500 Windows 2000 PCs that can access the web server (we're running Apache 2.0.54). A few of these PCs seem to have a WebDav service running that is trying to connect to the intranet web server, and it's filling up my logs. Is there any easy way of configuring Apache to simply ignore all requests made from this WebDAV service? The browser user agent is `Microsoft-WebDAV- MiniRedir/5.1.2600'. </question>

<answer>You can block (or allow) requests based on the browser's user agent with a combination of the

SetEnvIf and Deny (or Allow)

directives. These can be included in a [Directory] section of your httpd.conf or in a .htaccess file. As you want to block all requests for this user agent, I would recommend the [Directory] section corresponding to your document root setting. The directives to use to block this particular user agent are

SetEnvIf User-Agent ^Microsoft-
WebDAV-MiniRedir BegoneWebDAV
Order Allow,Deny
Deny from env=BegoneWebDAV

The first line sets the environment variable BegoneWebDAV if the user agent begins with `Microsoft-WebDAV-MiniRedir', which means it will still work when the version number changes. The next part denies access if this variable is set. The combination of SetEnvIf with Allow and Deny lends a great deal of control over who or what can access any part of your site. For more information, see

httpd.apache.org/docs/2.0/mod/mod_setenvif.html#setenvif
httpd.apache.org/docs/2.0/mod/mod_access.html#deny
httpd.apache.org/docs/2.0/mod/mod_access.html#allow

</answer>

<title>A warmer welcome</title>

<question>How do I customise a login prompt? I really want mine to look like the one at aLinux-step4.png (above right) but without the surrounding graphics or the Ctrl+C text. I want the penguin, CPU info, memory info, bogomips rating and an actual prompt. Can you help? </question>

<answer>The text displayed on the console immediately before the login prompt is taken from the file /etc/issue. Put the text you want displayed, including any ANSI graphics, into this file. You can even use a Cron task to modify this file with time reminders, such as Mother's Day next Sunday' or `Buy new Linux Format tomorrow'. If your artistic abilities fall short of creating ANSI penguins, you probably need the Linux_logo package, available from www.deater.net/ weave/vmwprod/linux_logo and possibly in your distro's package repository. The Linux_logo man page lists various options to control the output. The example that you found looks as though it was created with

linux_logo -c -y -k >/etc/issue

Good luck! The surrounding graphic is a framebuffer splash screen, by the way, which is completely separate from the prompt. </answer>

<title>A low profile</title>

<question>I'd like to back up my bookmarks, account settings and address book from Firefox and Thunderbird. I used them for a while in Windows, where I had a dedicated backup program ­ very useful when Windows threw a wobbly. But in Fedora I can't find either profile. The paths suggested on the Mozilla website don't seem to point at anything resembling either my personal bookmarks (although I did find the Red Hat bookmarks) or my mail files. Searching the filesystem doesn't turn up anything either. Evidently I'm not asking the system the right questions... </question>

<answer> Firefox stores its settings in ~/.mozilla/firefox/default.???, where ??? is an apparently random string. Thunderbird uses ~/.thunderbird/default.???. For example, my bookmarks, settings and address book are stored, respectively, in

~/.mozilla/firefox/default.yyh/bookmarks.html.
~/.thunderbird/default.piz/prefs.js.
~/.thunderbird/default.piz/abook.mab.

It is probably easiest to back up the entire directories with something like

tar czf FFandTBsettings.tar.gz ~/.mozilla/firefox ~/.thunderbird

You could use Cron to make automatic daily backups by saving this script in /etc/cron.daily/mozbackup:

#!/bin/sh
tar czf /somewhere/safe/
FFandTBsettings-$(date -I).tar.gz
home/john/.mozilla/firefox home/
john/.thunderbird

Don't forget to set the executable bit or it will not run:

chmod +x /etc/cron.daily/mozbackup

</answer>

<title>The Magic's gone</title>

<question>I bought a copy of your Get Started With Fedora Core 5 special and followed the instructions for installing the software, but I have run into a problem. I have Windows XP installed, and partitioned my hard drive with Partition Magic to give 10GB of hard disk space to Linux. The CD runs OK until I get to step six of the installation guide in the mag, and then it keeps coming back telling me it cannot install. I told Partition Magic that I wanted to install Linux ­ do I have to chop that partition into pieces to install the three directories that I need? </question>

<answer>Linux partitions created with Partition Magic can sometimes be problematic. Many distros' installers have an option to resize your Windows partition and create the Linux partitions. When this is an option, use it. Fedora Core does not give you this choice so the best approach is to use Partition Magic to resize your Windows partition, as you have already done, but leave the space for Linux empty. To go ahead, simply delete the Linux partition(s) you have already created. Then run the Fedora Core 5 installer and select Use Free Space at this point. The installer will take care of creating the partitions it needs in the empty space you have left. The important point to remember is that the free space it refers to is unpartitioned space on the disk, not free space within an existing partition. </answer>

<title>Configure blues</title>

<question>I installed SUSE 10.0 three weeks ago, and I've not looked back since. I hope to eventually defect fully to Linux. One problem I cannot figure out comes with installing certain applications, particularly tarballs. I understand about untaring them and changing into that particular directory, but when I enter ./configure I get this:

bash: ./configure: No such file or directory

I'm a little confused by this, as I've followed lots of people's advice, tried carrying out this task using root and still can't get my head around it. I feel like I'm missing something really simple, but have to admit defeat. </question>

<answer> It is often said that running ./configure is the first step after unpacking the tarball; in fact it is the third. The first two are:

1 Look for any files containing installation instructions.
2 Read those instructions thoroughly.

Most source code tarballs contain files called README or INSTALL, which you should read to see how to install them. The standard installation method for source code of

./configure

make
make install

applies to more than 90% of Linux open source programs, but there are exceptions. In some cases there is no configuration to do, particularly with very simple programs, and you only need make followed by make install. In other cases, the program uses a different installation method. In either case, you must read the instructions before you proceed. While it is unnecessary ­ and some say undesirable ­ to run the first two steps as root, make install generally needs root access as it copies files into system directories. As such, it is potentially dangerous, so you should not run it without looking at the instructions first. Another step worth taking when using ./configure is to run it with the --help option first. This gives you plenty of options for controlling where the program is installed (not something you should change lightly) and which features of the program should be compiled and installed. </answer>

<title>Traffic control</title>

<question>I have a system that is going to be sitting on my internet connection and file sharing on my local LAN. It has two Ethernet cards for this purpose. I am going to configure Iptables, but also wondered if there were a way of restricting services (Samba, NFS etc) to only a single interface ­ in my case, the internal LAN connection. Is this done in each service or can it be set on a global scale? I shall be using either Fedora Core or SUSE. </question>

<answer>There are three ways to handle this. The first is to set up each service to only listen on the LAN interface. If you only run a small number of services, this may be easiest solution and certainly offers the most control. Check the man pages for each service and add the appropriate lines to the configuration files. Assuming your LAN interface has an IP address of 192.168.0.1, and your other interface has an address on a different subnet, usually supplied by the ISP, you could do the following:

Add `Listen 192.168.0.1:631' to /etc/cups/cupsd.conf.
Add `socket address = 192.168.0.1' to /etc/samba/smb.conf.
Add `Listen 192.168.0.1:80' to /etc/apache2/httpd.conf (the location of this file may vary).

NFS is slightly different in that you specify the client addresses allowed to connect, so for each export you would have a line in /etc/exports like

/path/to/export  192.168.0.0/24(rw,sync)

The second method is to use Iptables to block all access from the internet to the ports of the various services on the WAN interface. You can do this on a per-port basis, but if you are doing that you may as well configure the individual services as above. Alternatively, you could block all incoming access, which is the default setting for most Linux firewalls. If you take this route, you can then open up specific ports for any services you may wish to let through, such as SSH. While configuring Iptables by hand is possible, it is also possible to inadvertently leave a security hole if you are not totally familiar with it. The safest approach for anyone but Iptables experts is generally to use one of the GUI or script-based configuration tools, such as Guarddog or Shorewall. Fedora Core and SUSE both have tools for easily setting up Iptables to do this. The third option is to block access at your modem or router. This is in some ways the safest method, because you are stopping the traffic before it even reaches the computer, but it not always as configurable, depending on your modem or router. These three methods are not mutually exclusive ­ you could implement two, or even all, of them, to provide belt-and-braces security. </answer>

<title>Share with Samba</title>

<question>I have a Linux machine at 192.168.1.1 connected to my wireless router, which contains a backup of my Windows laptop that I FTP up every now and then. Is there a better way to do this and perhaps store all my documents on my Linux machine and connect to them over the network? </question>

<answer> An easy solution is to use Samba and set up a CIFS (Common Internet File System) server on your Linux machine. First install a recent copy of Samba (www.samba.org) and find the Samba configuration file: usually /etc/samba/smb.conf. The configuration file is split in two: global settings and share definitions. The global settings control how the CIFS server works and can be used to control anything ­ from what interface the server listens on, to Windows Active Directory domain controller settings. Here, the out-of-the-box global settings will be sufficient. Now set up a share for your files. Let's say that the files exist on the filesystem as /export/share. You will need a CIFS share name and description, which we will call myshare' and `all my files' respectively Now, as we have multiple wireless users on the network, we want to lock down this share so that only Fred and Mary can access the share, giving them read and write access. Add the following to the smb.conf:

[myshare]
   comment = all my files
   path = /export/share
   valid users = mary fred
   public = no
   writable = yes
   printable = no
   create mask = 0765

The main step is complete but we still need to add authentication credentials for Fred and Mary. To do this, use smbpasswd as root:

# smbpasswd -a fred New SMB password:
# smbpasswd -a mary New SMB password:

Finally, make sure Samba is running ­ if it isn't, start it. On your Windows laptop, you will now be able to map your CIFS share at \\192.168.1.1\myshare using the credentials for either Fred or Mary. </answer>

<title>LVM mounting</title>

<question>Is it possible, and if so how, to mount LVM partitions from an external hard drive? I'm thinking of my old Fedora Core 3 system drive from which I would like to retrieve a single file without having to boot from it. </question>

<answer>As long as you have the LVM tools installed on the distro you are booting, you can mount LVM partitions from any disk (I even did it from a USB key once). Run

vgscan
vgchange -a y

as root and all the partitions should have devices created in the form /dev/volumegroup/logicalvolume, which you can then mount in the usual way:

mount /dev/volumegroup/
logicalvolume /mnt/somewhere

</answer>

<title>Flashing lights</title>

<question>I have Mandriva 2006 on a box with two hard drives. The second is a backup partition. After loading the KDE desktop all appears OK; however, the indicator LED for the hard drive keeps flashing on and off faster than I can count (several times a second). It also does it on an older box that I use just to try out any software. I was advised to remove Kat, but that did not stop it. I tried SUSE on the old box and there was no problem, but I would like to stick with Mandriva if I can. I don't know why Mandriva is trying to wear out my hard drive, but I want it to stop doing it! Any suggestions to this end would be most welcome. </question>

<answer>Removing Kat makes sense as a first suggestion. Kat indexes all files in your home directory, which means that during its first run it has a good stab at making a fast 64-bit computer emulate the speed of a Sinclair Spectrum. However, there are other programs that will scan your hard disk from time to time, the most likely being Updatedb, which builds the database for locate. This is run as a Cron task ­ one that Mandriva defaults to running once a week, in the early hours, so you wouldn't normally notice the disk activity. If you have the anacron package installed, this will run any Cron jobs that were missed because the computer was turned off, which could account for the disk activity after you turn it on. Run top in a terminal while the disk light is flashing and nothing else is running. This will show the tasks using the most CPU time, which would usually include whatever is hammering your hard disk too. If the culprit is Updatedb, there's nothing to worry about. It normally only takes a few minutes to update its database, once a week, and it is well worth having. Try leaving the computer switched on for a while. If the light is still flashing after, say, half an hour, something would appear to be amiss and you should use top to find what it is. It is worth noting that your `hard drive' LED actually monitors activity on the IDE bus, so it doesn't necessarily mean that your hard drive is being used. For example, checking whether a disc is in the DVD drive can cause this light to flash. It could be something as innocuous as Partmon, which warns you if a partition is close to full. You can disable this in the System > Services section of the Mandriva Control Center. </answer>

<title>Oh, behave!</title>

<question>I'm relatively new to Linux. I got my first distro from Linux Format and am very eager to install VMPlayer to test other distros, but the installation instructions in LXF78 do not work for me. I've unpacked the file VMware-player-1.0.1-19317.tar.gz as per the installing from tarballs instructions on page 111 [Essential Linux Info]. The unpacking worked fine. But the next instruction (./configure) seems to fail. I believe I am in the correct directory (vmware-player-distrib), but the message received when I key in ./configure is:

bash: ./configure: No such file or directory

I think it has something to do with my SUSE 9.1 install. My guess is that I do not have a command called configure. </question>

<answer>Well, configure is a script included with many source code tarballs ­ the `./' refers to the current directory, so you are running (or trying to run in this case) a program from the unpacked tarball, not a command installed on your system. The majority of Linux open source programs use this to check your system for any dependencies the program needs and to set things up ready for compilation and installation. The reason why it doesn't work in your case is that VMware Player is a precompiled binary program, with a different installation method. The VMware section on page 106 of LXF78 explains this briefly, where it tells you to run vmware-install.pl. As a general rule, you should check the Coverdisc pages, and the relevant directory of the disc itself, for packages. The commands you need to information specific to individual run after unpacking the tarball are

cd vmware-player-distrib
./vmware-install.pl

You may need a C compiler and your kernel source installed for VMware Player to configure itself after installation, because it needs to install a module to match your kernel, and it will compile one for you if there is not a pre-built module that suits your system. You can install these from Yast. The packages you need are gcc and kernel-source. </answer>

<title>Damn Late Linux</title>

<question>Greetings from the USA, and thanks for a great, great magazine! I enjoy reading all the articles and reviews of apps. The only challenge is patience, waiting for the magazine to get to the US bookstores... Just one question for the experts: can you make any suggestions for a distro on a laptop, an IBM T22 with 256MB of RAM? I have tried the Live CD Damn Small Linux and it works great with my Winmodem. I would like to install it to the hard drive. Any suggestions? </question>

<answer>Your first problem is easily solved: take out a subscription. Then youshould receive the magazine only a few days after it appears in UK shops. IBM laptops are well supported by most Linux distros, because IBM provides the information and driver code that they need. Most Live CD distros have a hard disk install option, including Damn Small Linux, although this is probably not the best choice for you. DSL is really intended to be used as a Live CD, and keeping a hard disk version up to date would need work. I would recommend you try a number of Live CD distros and pick the one that detects all your hardware and you like best. Alternatives include:

Knoppix This gives you a modified Debian system when installed.
  www.knoppix.com
Ubuntu or Kubuntu Both are based on Debian: the former uses
  the Gnome desktop while the latter has KDE. www.ubuntu.com
PCLinuxOS A Live CD that installs to hard disk and provides easy
  updates. www.pclinuxos.com
Kanotix Another Debian-based Live CD with one of the easiest
  installations I've seen. http://kanotix.com 

</answer>

<title>Spider catching</title>

<question>I run my own small site and it seems most of my traffic is from web crawlers. How can I control access to my Apache web server from potential malicious user agents, crawlers, spiders et al? </question>

<answer>Web crawlers and spiders can be used to pirate content and gain information about the structure of your website that you may want to keep hidden, and have been known to bring sites down due to the load they can put on a server. These agents are also commonly used by search engines to catalogue the content of websites. This is all well and good but if you do not want your site to be searched in this manner it is a good idea to block the associated agents that do the searching, and take some load off your server at the same time. Most of the time well-behaved web crawlers will read the robots.txt file at the root of the website. But if they don't, we have to adopt strong tactics. One way to achieve this is to block using the HTTP header information. Though there are ways around this type of filtering, this is a good first step and in most cases is all you require to block this type of access. You need to change webcopier to a string that is being sent from the spider. Try

setenvif User-Agent ^webcopier block <Limit GET POST> Order Allow,Deny Allow from all Deny from env=block </Limit> or RewriteEngine On RewriteCond %{HTTP_USER_ AGENT} ^WebCopier [NC,OR] RewriteRule ^.* - [F,L] </answer>