LINK="#3366FF" VLINK="#A000A0">


[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]


More 2¢ Tips!


Send Linux Tips and Tricks to tag@lists.linuxgazette.net


Command-line calculator

Wed, 31 Oct 2001 22:40:27 -0500
Ben Okopnik (LG Contibuting Editor)

One of the things I've always found amusing is watching people working at a PC suddenly stop and go digging through their desk for a calculator. I mean, good grief - all that processing power, and they have to go back to the Stone Age! Well, if you're one of those unfortunates, suffer no more. Just put the following lines in your "~/.bash_profile":

calc(){ perl -wlne'print eval'; }
export -f calc

The next time you log in (or if you source ".bash_profile"), the function will be available to you.

ben@Baldur:~$ calc
3.141592653*6**2   # What is the area of a circle 6 meters across?
113.097335508
( 3 - 117 ) % 7	   # If today is Tuesday, what day was it 117 days ago?
5
sqrt(115) * 1.34   # Hull speed of a ship with a load waterline of 115'
14.3698990949832
ben@Baldur:~$

Note that I actually typed those comments into "calc"; it chews and swallows them without a problem.

"calc" is actually a 'gateway' into Perl (via the "eval" mechanism); that makes it into quite a powerful gadget. It supports all the math/trig/etc. operations that are built into Perl - functions like "abs", "atan2", "cos", "exp", "hex", "int", "log", "oct", "sin", "sqrt", and even "rand" (rolling dice, anyone?)

ben@Baldur:~$ calc
print int rand(6) + 1 for 1..20		# Roll 20 6-sided dice
6
1
6
5
3
5
3
5
1
1
6
4
6
3
3
4
1
1
1
4

"calc" can be as simple as you like - or provide you with the kind of power that calculators just can't match. It's all in what you choose to do with it. By the way, be aware: there's nothing in "calc" that restricts you to "math-only" commands; if you type "unlink my_important_file", Perl will happily obey your orders (i.e., delete that file.) So, as with everything in Linux, be careful - and have fun.

[Python's interactive mode can also be used as a calculator. -Iron.]


Apache startup script improvement

Mon, 19 Nov 2001 08:54:27 -0500
Allan Peda (allan.peda from verizon.net)

Every thime I setup Apache I add two lines to the startup script to parse the config file for the variable containing the name of the file to store the PID at.

It seems logical to me to automate this, since the script has an entry for the pidfile, but really should also "knows" the location of the config file, why not parse any redundant information from it and remove the risk of conflicting parameters.

Here is what I add to the /etc/init.d/apache start|stop script:

CONFIG_FILE=/etc/apache/httpd.conf
PIDFILE=`sed -e '/^PidFile /!d; s/PidFile //' $CONFIG_FILE`

or for you bashers:

 PIDFILE=$(sed -e '/^PidFile /!d; s/PidFile //' $CONFIG_FILE)

Also, I usually pass the name of the config file to apache explicitly, so that it's obvious via "ps ef" what configuration is currently being used.

Seems to make sense to me. In fact, I'd hope this makes it into the scripts included in the distro.

[JimD] It's a good suggestion.
Personally I think the start-up (rc) scripts from most distributions are a bit lacking. For example I've always thought that it was remiss of the start up script that mounts the /proc filesystems fails to check that the mount point is a properly empty directory.
In the case of your suggestion, you are eliminating what I call a "moving part" (an opportunity for different configuration elements from different sources to get out of sync with one another).
Of course there are many other failure opportunities which could be mitigated with additional tests. For example: what if there are multiple PidFile directives? what if the case doesn't match your sed expression (doesn't Apache tread PidFile as equivalent to PIDFile, etc)?
[Ben]
The usual way that Debian does it is also fairly sensible. This is from "/etc/init.d/skeleton" (the template that you're supposed to use when writing an "init.d" script under Debian), by Miquel van Smoorenburg and Ian Murdock:

See attached apache.init-d-fragment.txt

Any daemon, when started via this mechanism, gets an individual pidfile.
[JimD]
I think you miss his point. Debian's rc scripts are no better than Red Hat's in this respect. If one changes the PidFile directive in the .conf file, then Apache's notion of its PID file location disagrees with Debian's startup/shutdown scripts.
That could be reported as a bug to the maintainer --- but it's unclear how far we should go in making the rc scripts more dynamic. It would be a bit absurd to do comprehensive failure-mode analysis and mitigation for all of the rc scripts. At some point we must just give up (maybe calling on logger -s to emit and error message).
The problem with making foolproof systems is that the universe keeps creating more ingenious fools.


Re: De-enhancing text

Fri, 9 Nov 2001 12:16:23 -0800 (PST)
Thomas Adam (The LG Weekend Mechanic)
and Peter Dzimko (dzimko from yahoo.com)

Richard Bly sent us:

Just in case you were not aware, the utility colcrt will take a man page output and format it without all the weird stuff. The underlining is put on the next line so both the text and the underline are visable.

[Thomas Adam] Why not just use the following......:
man manname | col -b > ./mymanpage.man
where "manpage" is the man page (obviously). The "col" command in this case (with the -b flag) will filter reverse line feeds.
There is also the option of using "man2html" for the adventurous......

Guys,

I think that following method is much simpler:

man thttpd | col -bx

Regards
Peter Dzimko


Fun with chroot jails

Tue, 30 Oct 2001 13:21:58 -0500
Heather Stern (The Editor Gal)

Ben asked:

There's one you could write up (assuming you ever got the time to do it, that is) - creating those "chroot" jails. That's something I'd love to have the specifics of; I understand the concept well enough, but having never implemented one, I'm short on the actual mechanics.

There's a fairly current Freshmeat entry called "cage". Initial release. Not my stuff, but it's exactly the right idea - some support for a bash-shell centered chroot jail, so you can jail more complex apps a little more safely, e.g. make chroot a one way trip, nicking off a few linux-privs along the way.

Sounds like cool fun; I'll definitely check it out.

In the "barely enough to run an app" category, there's a helpful document for BIND, and a different one for Postfix, iirc, but I don't have their URLs memorized and I'm trying to avoid getting -too- distracted. (too late!)

<grin> I'll search for those some time this coming week...

There are a few patches and at least one kernel module (capsel) around now, that offer to stop the chroot() call from happening more than once, preventing the usual script-kiddy method of getting out of one, among their other helpful efforts.

Uh... what's the usual script-kiddy method? I mean, I know I can type 'exit' if I've started a regular 'chroot' without specifying a prog... but... maybe I'm not visualizing it right. I'm seeing a chroot jail as a "system within a system" - if you exit, you end up at a login prompt. That's it. Real "root" is only available via a different IP; in effect, you're logging into a different system. Correct?

Minimum Mechanics:
  1. blank hard disk
  2. install parent level with syslog, cron, ssh, sudo.
  3. create subdirs for jail areas (e.g. /home/HTTPD-jail, /home/MAIL-jail, etc.)
  4. run installer again, using "already mounted directory". Once per jail of course.
    Mhm. I wonder how hard it would be to create a stripped-down installer just for the purpose. Might make a nice project, don't you think?
  5. tweak each jail like it was a seperate machine you could boot into normally that was dedicated to the purpose. Each jail's ssh must be on a unique IP address/port number combo.
  6. grafting - setup top level so it runs services out of their jails, already chrooted there.
  7. time to make an IPL backup
  8. stripping - take more stuff out of the jails, that they will NEVER need because they are really not the top level after all. e.g. fsck, copy of the kernel and modules. This may require some brutal adjustments to the packaging systems so they won't get put back if you choose to upgrade the jails later. Possibly make it so there should never be a need to be root inside the jail anyway. etc.
  9. time to make IPL backup #2, on a different media from #1. Allows for return to this point, or to decide you went overboard and try shaving that differently by starting again from #1.

Eh... you lost me there on #6; that's the part I'm not seeing. What's the interaction mechanism between the two levels? How does the "top" see the "bottom" without the "bottom" seeing the "top"?

I usually run a lot of things from /etc/inittab so they can be respawned if they die.

For #8 I agree, that's the way I would do it - since root can twiddle anything on the mounted filesystems, there shouldn't even be root access in there. Although I would set up some sort of an "admin" account, with carefully decided powers.

Might be helpful to have more hard disks, or seperate partitions for each jail. I gotta stop procrastinating like this ;>

I'm glad you did. :) Thanks - I'll dig into it some more!


Password list

Tue, 30 Oct 2001 08:49:40 -0500
Ben Okopnik (LG Contibuting Editor)

OK, so this is straight out of any security FAQ: whatever you do, _don't_ keep a list of your passwords on your machine. Right? Right.

Now, since you're going to do it anyway... :) Here's a somewhat safer way to do it - note that I did not say "safe", just "safeR". The way I see it, those of you who don't keep one won't be affected, and those of you that do will notch up the security just a tad.

To make this work, you'll need something to keep your secrets for you:

See attached pass.bash.txt

Here's what you do: put this script in a directory that's in your path, say "/usr/local/bin", then set the ownership and permissions as follows:

chown root:root /usr/local/bin/pass	# You must be root to do this
chmod 755 /usr/local/bin/pass		# And this, too

You now encrypt the file that contains your list of hosts, usernames, and passwords, one per line:

www.cia.gov		JohnDoe			cRYpTo
www.kgb.ru		IvanIvanov		bOLsh0isEkRET
www.mossad.il		PloniAlmoni		sHiN8eT
kempeitai.jp		NanashiNoGombe		haITTeM0ikEmAsEN
www.mybroker.com	FulanoMengano		QuIenSaBE
www.mybank.bm		MattiMeikalainen	sAipPUakAuPPIAs
www.centralbank.an	JanModaal		fInanCIeeL

...with a command like:

crypt My1SecretPasswD < mysecrets > ~/pass

Move the original ("mysecrets") to a floppy and put it somewhere safe (yes, that usually means where nobody - not even you will ever find it again. :). Remember to update it once in a while. As to the encrypted file, all anyone is going to see when they look at it (you did set its permissions to 0600, right?) is a bunch of binary-looking gobbledygook.

Now, let's say you want to see what the combo is for "mossad". Easy enough:

spy@Hideout.com:~$ pass mossad
Enter password (screen echo disabled):
www.mossad.il		PloniAlmoni		sHiN8eT
spy@Hideout.com:~$

If you want to edit the file, just type "pass -e"; this will invoke your editor ("$EDITOR" - "vi" by default) on the decrypted version of the file.

"grep"-related tip: if you want to just see the entire file, call it as

pass $


DNS

Sun, 11 Nov 2001 12:21:43 -0900
Heather Stern (The Editor Gal)
and Faber Fedor (The Answer Gang)

David Menegat asked us the following:

I am trying to set up a name server on my mandrake 8 system and I believe I installed the dns package I just don't know how to configure it do you know where there is a faq or have any advice for me. I just bought a domain name and this is the last piece in the puzzle before the final configuration and I transfer the name to my machine.

Thank you David Menegat

[Faber] Well, there's always the HOWTOs: http://www.linuxdocs.org/HOWTOs/DNS-HOWTO.html
[Heather] There's also the absolutely marvelous resaources of "Ask Mr. DNS".
Although Acme Byte and Wire was bought by Network Solutions, there still exists his marvelous archive of detailed answers to how DNS works:
http://www.acmebw.com/askmrdns
If that doesn't answer what you need, you can also ask him questions directly at his current email address... which I won't tell you, you'll have to read his archive first :) BTW as far as I can tell, he only answers questions for DNS sites which he can access, so he can see what things are resolving like.
We hope it helps! Let us know if Linux itself has any extra questions for you, or there's a spot in the DNS-HOWTO we can explain a bit better for you. We want it to make sense :D

To which David replies:

Thank you very much I'm sure I'll have no problem now
thank you
David Menegat


using m-w online dictionary.

Mon, 19 Nov 2001 21:30:59 -0500
Matt Giwer (jull43 from tampabay.rr.com)

looking up words in the m-w dictionary. I thought you carried this about a year ago.

create a file named def containing

# def <word> goes to Mirriam Webster page of it definition
lynx "http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=$*"

used as

def word


PacHell DSL w/LINUX

Sat, 24 Nov 2001 20:47:32 -0800
(j_on_e from sbcglobal.net from sbcglobal.net)
(tag@lists.linuxgazette.net)

Johny asked us ... in quoted-printable, and in HTML:

Im a newbie to Linux but want to lear really bad. Im tired of the limitations in Windows. Anyway, I just installed OpenLinux eDesktop2.4 Caldera Systems and want to know how to configure it for use with my PacBell DSL using an Efficient Networks SPEEDSTREAM Modem.
a.. 5260 ADSL (ITU Annex A)
a.. 5260: G.DMT, G.Lite, T1.413 (ADSL)
I cannot find a driver or figure out where to configure or how to configure all of this to work so that I can get my linux online. Please help or forward this to anyone and everyone who may be able to help me out. Thank you very much for your time and I hope I can get this going very soon.

First, please send mail in text format rather than text+HTML.
External DSL modems (that connect to an ordinary Ethernet card via an Ethernet cable) work fine on Linux. Internal DSL modems are iffy, especially if they're USB. It all depends on whether the manufacturer provides Linux drivers or gives us enough of the card's specs to enable us to write a driver or expand one of our existing drivers. Unfortunately, there are so many different types of DSL modems and none of them are as widely used as the different analog modems, so drivers are less likely.
Also, there are analog modems called "Winmodems" that are marketed as real modems but they actually have part of their hardware missing. The missing portion is handled by the Windows driver. These didn't run under Linux for several years, until some Linuxers reverse-engineered them enough to make drivers for at least some of them. I don't know whether DSL modems have an equivalent to these "Winmodems", but you have to watch out for that possibility. Especially if the DSL provider "supports only Windows".
If your modem is new enough that you can return it and get an external modem instead, that's your best bet. It may cost $100-200 more, but it will be worth it because the modem will be more standards compliant, meaning fewer headaches in the future when you upgrade, move or switch systems.

I'm not sure if DSL has fallen victim to the "sahave off chips to save a few cents a motherboard" craze. On the other hand, there's PPP over Ethernet (pppoe) to run away from. Even though you in theory would get full ethernet bandwidth, in practice that protocol slows you down to PPP speeds deliberately. Some very knowledgeable sysadmins I know go directly into "rant mode" when just hearing the acronym. -- Heather


How we fixed "FW-I/LINUX kmalloc" problem

Thu, 1 Nov 2001 17:36:28 +0200
Vitaly Karasik (vkarasik from ndsisrael.com)

It may be too small for article and too big for letter, but I hope it will useful for LINUX/FW-1 administrators and provide a good example of OSS advantages.

Regards,

Vitaly Karasik Unix System Administrator Israel

But it's perfect for a 2 Cent Tip. -- Iron

---- We've tried to replace our NOKIA FW-I box with LINUX one [FW-I v4.1 SP4 + RedHat 6.2 2.2.19 kernel].

Installation was pretty strainforward, but every time when we tried to install policy from our management station we got few messages in /var/log/messages:

/var/log/messages.4:Oct  5 14:29:42 fw kernel: kmalloc: Size (786540) too
large
/var/log/messages.4:Oct  5 14:29:42 fw kernel: kmalloc: Size (786636) too
large
/var/log/messages.4:Oct  5 14:29:42 fw kernel: kmalloc: Size (789660) too
large

Our policy contains about 90 rules & 400 objects with few VPN.

Short search with Google pointed us to a few letters with the same problems, but didn't help to solve the problem. (for instance, "[FW1] Strange things in RH62 + Fw1-41-Sp2( kmalloc: Size (275548) too large )" thread on http://www.firewall-1.org/2001-01/maillist.html)

According to skl1314 from Check Point SecureKnowledge, "solution is currently not available. Issue under investigation".

But this search helped me to understand what is exactly the problem: FW-1 call "kmalloc" function in order to get block of memory. But linux's kmalloc [kernels 2.2.x & 2.4.x] knows to allocate memory in blocks 2K,4K, ... 128K only. And FW-1 in our case wants to get ~800 K memory.

The solution:

I fixed slab.c in order to increase kmalloc limit from 128K to 1280K. Diff from orig slab.c for kernel 2.2.19 is below:

298c298
< #define	SLAB_OBJ_MAX_ORDER	8	/* 32 pages */
---
> #define	SLAB_OBJ_MAX_ORDER	5	/* 32 pages */
301c301
< #define	SLAB_MAX_GFP_ORDER	8	/* 32 pages */
---
> #define	SLAB_MAX_GFP_ORDER	5	/* 32 pages */
345,347d344
< 	{262144,	NULL},
< 	{524288,	NULL},
< 	{1048576,	NULL},
370,374c367
< 	"size-131072",
< 	"size-262144",
< 	"size-524288",
< 	"size-1048576"
<
---
> 	"size-131072"

After compiling & installing new kernel we're able to install fw policy without any problem.


DSL Drivers for USB

Mon, 5 Nov 2001 13:18:19 -0500
Andy Fore (arfore from valdosta.edu)

This is in answer to the question about USB DSL drivers for Linux.

There are drivers out there for the Alcatel SpeedTouch USB. The SpeedStream 4060 is actually made by Alcatel.

I have setup the SpeedTouch in RedHat 7.1 and gotten it to successfully work on my home network.

Andy Fore
Computer Services Specialist III


gtkmm-config problem

Mon, 26 Nov 2001 07:09:04 -0500
Dann S. Washko (The Answer Gang)
When testing the gtkmm hello world code on this page I get errors:
http://gtkmm.sourceforge.net/tutorial/sec-gettingstarted.html
bash-2.05$ g++ test.cc -o test `gtkmm-config --cflags --libs`
In file included from /opt/gnome/include/gtk--/base.h:34,

from /opt/gnome/include/gtk--/object.h:30,
from /opt/gnome/include/gtk--/widget.h:32,
from /opt/gnome/include/gtk--/container.h:27,
from /opt/gnome/include/gtk--/bin.h:27,
from /opt/gnome/include/gtk--/button.h:27,
from test.cc:2:

/opt/gnome/include/gtk--/proxy.h:6: sigc++/signal_system.h: No such file
or directory
/opt/gnome/include/gtk--/proxy.h:7: sigc++/bind.h: No such file or
directory
/opt/gnome/include/gtk--/proxy.h:8: sigc++/convert.h: No such file or
directory
test.cc:4: `#include' expects "FILENAME" or <FILENAME>

For some reason (I believe) something is not getting passed to look for the sigc++ headers in /opt/gnome/include/sigc++-1.0/sigc++.

I was getting more errors about not being able to find sigc++ headers before I added -I/opt/gnome/include/sigc++-1.0/sigc++ to the gtkmm-config file. Without this line or taking off the sigc++ directory, produces more errors about not being able to find the headers in sigc++.

The sigc-config file looks just right.

Furthermore, this all started when I tried to compile quickedit. During the configure process I received and error that gtk-- was not installed correctly and/or I should edit the gtkmm-config script to correct anything off in there. Viewing the config.log shows the same error as above.

... after a bit of fighting with it ...

The problem must have been with gtkmm-config or the gtkmm packages I had originally installed. I compiled gtkmm from the sources and everything appears fine. Quickedit compiled without complaint. I noticed the one line in the new gtkmm-config that was not in the old was -I/opt/gnome/lib/sigc++-1.0/include. I had mistakenly put this in the libs area instead of the cflags. I'm not sure whether this was the whole crux of the problem though.

-- Daniel S. Washko Lehigh Valley Linux Users Group www.thelinuxlink.net/lvlinux get slack (www.slackware.com ) and get happy


Linux equivalent for Active Directory?

Tue, 30 Oct 2001 11:39:30 -0800 (PST)
Craig Baker (ctbaker78 from yahoo.com)

Ok Im just learning Linux so bare with this question...I know in Windows 2000 Server you can create a Active Directory and install a Distributed Files system...what would be the Linux counterpart to this be? I've poored over alot of FAQs but I must not be looking for the correct terminology. So far the closest Ive found is NIS/NIS+ with NFS.

Take a look at LDAP (i.e., where Microsoft got the original idea) - OpenLDAP <http://www.openldap.org> has some good info on their site; their "General LDAP FAQ" is worth a read. As well, Jeff Hodges "LDAP Roadmap" <http://www.kingsmountain.com/ldapRoadmap.shtml> is an excellent resource. Novell with their NDS (Novell Directory Services) had an early jump at the idea of abstracting the directory structure from the FS; chances are pretty high (I'm making a guess here - I don't know Caldera that well) that Caldera, being a Novell "sister" company, supports it. To confuse the tangled skein a bit more, Novell has released the JLDAP (the LDAP class libraries for Java) to the world - I haven't done Novell stuff in years, but I would guess that LDAPv3 is what they're using these days. There might be other implementations of the idea, but the key words, rather than "Active Directory", would be "LDAP" (Lightweight Directory Access Protocol) and "X.500" (the protocol that defines LDAP.)


Re: [LG 72] 2c Tips #4 translated oddly

Mon, 19 Nov 2001 11:31:10 -0800
Marcelo E. Magallon (marcelo.magallon from bigfoot.com)

Hi,

I think the translation of the original message is wrong. The original poster is asking about a content manager, not an editor. Here:

información acerca de algun manejador de PHP con el cual pueda modificar los archivos de páginas de internet bajo Linux Red Hat 7.1

Even if the Spanish translation of several computer terms varies wildly across countries, I can't imagine a place where an 'editor' would be called 'manejador'. This word means 'manager'. Even if it's not clear what the original author actually wants or needs, I think he's thinking of something along the lines of Midgard, available at http://www.midgard-project.org.

If the original author does mean an editor, Heather is right on the spot: vim, in particular vim 6, has some nice features, like improved syntax definitions and folding, that make editing of HTML and PHP files much easier.

HTH,
-- Marcelo

Thanks Marcelo. The original querent never wrote back to tell us what he was looking for, even after we asked him. So I'm inclined to think he's either already found what he needs, or it's his fault if we misunderstood it. But we've published your tip for other readers. -- Iron


This page edited and maintained by the Editors of Linux Gazette Copyright © 2001
Published in issue 73 of Linux Gazette December 2001
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/

[ Prev ][ Table of Contents ][ Front Page ][ Talkback ][ FAQ ][ Next ]