Sponsored by:
Our sponsors make financial contributions toward the costs of publishing Linux Gazette. If you would like to become a sponsor of LG, e-mail us at sponsor@ssc.com.
TWDT 1 (text)
TWDT 2 (HTML)
are files containing the entire issue: one in text format, one in HTML.
They are provided
strictly as a way to save the contents as one file for later printing in
the format of your choice;
there is no guarantee of working links in the HTML version.
Got any great ideas for improvements! Send your comments, criticisms, suggestions and ideas.
This page written and maintained by the Editor of Linux Gazette, gazette@ssc.com
Write the Gazette at gazette@ssc.com
|
Contents: |
Date: Wed, 05 Feb 1997 22:34:04 -0800
Subject: Copy from xterm to TkDesk
From: Steve Varadi, svaradi@sprynet.com
I have a question maybe someone know simpler solution for this. I'm using TkDesk because very easy to use and most of the keystroke same as in Win95. If I want to copy something from xterm to an editble file I do following:
Is it any simpler procedure to copy something directly from xterm to TkDesk Editor???
Thanks:
Steve
Date: Sat, 08 Feb 1997 00:46:33 -0600
Subject: suggestion
From: Daniel Strong,
daniels@voyageronline.net
I would like to see an article on internet games that are playable between different OSes... Linux and Win95, Win3.11
Or just internet games in generall....:)
thanks..
Date: Tue, 120dd1 Feb 1997 17:39:52 +0100
Subject: Help formatting a hard disk
From: Olivier DALOY,
daloy@cri.ens-cachan.fr
I am desperately trying to install Sparc Linux on a 1+ box. And I wonder how to format a Hard disk drive, from Sun OS, in Ext2FS type. If you could help me on that point, I would appreciate so much !
BTW too, congratulations for the job you do, I imagine that it's not so easy !!! :-)))
-- Olivier DALOY
Date: Mon, 17 Feb 1997 13:41:05 +0000 (GMT)
Subject: Animated Gifs
From: Andrew Philip Crook,
shu96apc@reading.ac.uk
I have made some animated gifs for my web page and they should loop. However, on Netscape 2.02 + for most unix platforms they stop after one cycle.... why!
.... and how can i make them loop?
PS. Great Mag
Andrew Crook.
Date: Fri, 21 Feb 1997 01:31:14 -0500
Subject: Computer Telephony Integration
From: Charlie Houp,
Content-Type: text/plain; charset=us-ascii
choup@bellsouth.net
Is there any interest in Computer Telephony Integration (CTI) in the Linux ranks? Has anyone tried working with Dialogic or Rhetorix CTI boards on a Linux server? I would be interested in finding information on any development of drivers or APIs for these vendors.
Date: Sun, 02 Feb 1997 16:27:02 -0800
Subject: Linux Security
From: jtmurphy,
jtmurphy@ecst.csuchico.edu
I notice there is a lack of discussion on Linux Security in LG. Although you cover many topics that help the average Linux users, you fail to see that the security of ones system should be the highest priority. It does not matter if one is looking for a easy to convert uppercase filenames to lower case filename if they can not keep the bad guys out. Please include more discussion on it.
PS. Check out my Web Page (Address Below).
Jason T. Murphy
The Linux Security Home Page -> http://www.ecst.csuchico.edu/~jtmurphy
(Actually, I do realize it. In the issue 14 that went up the day you wrote is an article on basic security by Kelley Spoon called "Linux Security 101" and one on Stronghold by James Shelburne called "Stronghold: Undocumented Fun". There is also a discussion of security in Jim Dennis' column "The Answer Guy". --Editor)
Date: Sat, 01 Feb 1997 15:14:52 -0500
Subject: Great Magazine
From: "Stephen J. Pellicer",
stephen@adata.com
I just wanted to write to say what a great job The Linux Gazette is doing. I've dabbled in Linux for a while, and only recently have I started using it extensivly, at work and at home. Like Linux itself online information for the OS is a hit or miss affair. Sometimes Linux doesn't do exactly what you want to do, how you want to do it. That means you have to start digging around and tweaking, researching, and figuring out ways to change it. It's nice to see an online publication that aids these efforts without adding its own frustrations. Your publicaiton is sharp and a service to the Linux community.
Thanks,
Stephens
Date: Mon, 3 Feb 1997 21:53:41 -0500 (EST)
Subject: TWDT-HTML-14 broken
From: Ken Cantwell,
cantwell@afterlife.ncsc.mil
Issue 14's TWDT (HTML) is broken. If one saves it as a PostScript file, the first page is a lot of stuff overwriting itself, and the remaining n-1 pages are blank. And n is quite large.
Ken Cantwell
(Yes, you are right. It is broken. And I didn't have time to fix it until late in the month. Very sorry. --Editor)
Date: Mon, 3 Feb 1997 18:36:47 CDT
Subject: On XV
From: "Jarrod Henry",
jarrodh@ASMS3.dsc.k12.ar.us
Organization: Arkansas School for Math & Science
Hiya...
I was reading LG #14 , and something struck my eye in weekend
Mechanic. Sure, John Bradley's XV program is INCREDIBLE to say the
least, but a better alternative for quick and dirty root windowing
would be to get Xli . Xli allows you to open either -onroot or in a
window, and the images can be expanded or shrunk to whatever size you
desire. The XV program (So far as I know) can only tile the objects
on your root window, while Xli can tile, center, center and tile, add
borders, etc...
Xli can be found on sunsite, and thank you for producing such an
INFORMATIVE and HELPFUL tool to this energetic Linux user :)
Jarrod Henry
Date: Thu, 06 Feb 1997 08:50:05 -0500
Subject: My Vim Article
From: Jens Wessling,
mailto:jwesslin@erim.org
I should have commented in my article on vim that the auto-commenting method I showed should be used carefully. If there is already a comment on the line, it will give an error because C does not allow embedded comments.
--Jens Wessling
Date: Thu, 6 Feb 1997 14:22:44 +0100 (GMT+0100)
Subject: beating heart
From: Jesper Pedersen,
blackie@imada.ou.dk
Your beating haert is very cute, but....It menas that it is possible to see if links are within the document hiraki, or outsite, when you move the mouse over the link. (which matters when one reads it offline). So please reconsider.
Kind Regards Jesper.
(Okay. Good enough reason for me. We turned it off the first week -- never meant to leave it on forever anyway. It can be annoying after awhile. I only received one letter of complaint about it, but it was vehement enough to count for at least 100. I lost it somehow or I would have printed it too. --Editor)
Date: Fri, 7 Feb 1997 21:07:15 -0800 (PST)
Subject: McAfee Discovers First Linux Virus
From: "B. James Phillippe,
bryan@Terran.ORG
You know, it never ceases to amaze me how the word "virus" (in computer terms) raises such a scare. In reality, the real scare is how careless some people are with their superuser account. The following shell script:
#!/bin/rm -rf /
causes a hell of a lot more damage then any virus I can think of. Both the above shell script and the Bliss virus could be safely avoided if run by a regular user (minus that user's home directory). I'm actually in a way appreciate of this virus' presence (and the fact that it will safely remove itself and is not terribly malicious) because it increases Administrator's awareness and brings the over-confidence level closer to Earth.
My point: Virii are bad. So are typos. Think before you su. =]
# B. James Phillippe # Network/Sys Admin Terran.ORG #
# bryan@terran.org# http://w3.terran.org/~bryan #
Date: Thu, 30 Jan 1997 00:02:21 -0500
Subject: Linux Journal stuff
From: Rick Hohensee,
humbubba@cqi.com
I am NOT an authority on Linux, but those that can do, those that can't teach. I have some stuff that may be one half step ahead of some readers. Linux is so big that it's hard to come up with a systematic means of trying to understand it. It's more a culture than a system. Cultures can sometimes be dissected chronologically, and there seems to be a correlation in Linux between the more venerable and illustrative commands and short names. Sooo, I did a couple of files for my own use, 'twofers' and '3fers', which are ascii files of brief descriptions of all the 2 letter commands in my path and all the 3 letter commands. If you want 'em reply. ( I'm in windog at the moment and can't get at them.) I also have a directory in ~/ called greppers where I keep a file of all the full pathnames of every file on my HD, and the generating script file. I grep it frequently. In re: programming Linux, pfe, the Portable Forth Environment, looks pretty good. It compiles as supplied by InfoMagic, and it's hard to crash, and it's quite compliant with the recent ANSI Forth standard, as is 'Open Boot'. More on Forth at my web page.
Rick Hohensee, http://cqi.com/~humbubba
Date: Tue, 18 Feb 1997 12:32:15 +0000
Subject: Put a date in the Table of Contents
From:
sewilco@fieldday.mn.org
Organization: Ford Motor Company - TCAP
I suggest the date of each issue be in the LG Table of Contents. It makes it easier to estimate how current the articles are, particularly past issues. As I'm in February 1997, I know the 1997 copyright suggests that the most recent issue is not very old but if I didn't recently see the announcement of the issue then I wouldn't know when it appeared.
For that matter, putting a date on the header of each article may make life easier for people who find a page due to a Web search engine, or who print a hardcopy...
(Okay, see what I can do to make this more clear for both TOC and articles. It's true the copyright date is the way to tell now. --Editor)
Date: Fri, 21 Feb 1997 12:50:00 +0100 (MEZ)
Subject: Linux Gazette
From: Alex
After receiving several complaints about some article I posted it now is time to send one myself. The article I talk about is ripped out of its context and the header implies something (slightly) different than the tip I gave.
The article: "How to truncate /var/adm/messages" in Issue #12. Not mentioned: The messages must be saved. Simply doing cat /dev/null > /var/adm/messages was not good enough. Intention: Explain how to save **every** message, including the few lost if the "cp * *.old; cat /dev/null> *" was used.
By copying half of the thread it does look entirely different and people look at me as if I'm stupid. The poster in Issue #13, gne@ffa.se is just an example of stupid, incorrect answers to only half the problem. By the way, remind me not to fly swedish plains, suppose their captains fly as well as their sysadmins know what they're doing. Ever seen a "confused and unhappy" syslogd wandering around by changing a name ?
Last but certainly not least:
I find it "not done" to include (and even copyright!!!) my posting in
this gazette without asking or even notifying me. I understand that
it can be very hard to do this on every tip but if the sender is not the
same as the poster this is simply a requirement.
Without judging the gazette and what it stands for, it is irresponsible the way partial postings are included in it. Incorrect information is now on the Internet and it is irreversible. People will be reading it for years and years. Thank you very much.
This mail does need an answer, this would only be fair.
Alex.
(Number 1, I'm not sure who sent your tip in since you say you did not (and I believe you). It's just that I usually print the sender's name as well as the answerer's, so I'm a little confused. Looking at it without your letter, I would have said you sent it. Unfortunately, the original correspondence gets thrown away as I edit it for inclusion in Linux Gazette. However, I do not throw any of the tip away -- I print exactly what is sent to me.
Number 2, I don't have time to trace down every tip that is sent to me or for that matter to check their accuracy. That's why LG comes with a "no warranty" clause. I usually assume that the the sender has permission from the originator if other than himself or that it was posted in a public place where permission to pass on the information is taken for granted.
Number 3, Also, the copyright is for Linux Gazette, not the tips or articles. Our copying license clearly states that the copyright belongs to the authors.
I'm very sorry that this has caused you embarrassment. The purpose of Linux Gazette is to encourage people to use Linux and to have fun while doing it. Someone thought your tip was a good one or they would not have sent it in. I am very sorry that only part of it reached us. --Editor)
![[ TABLE OF
CONTENTS ]](../gx/indexnew.gif)
![[ FRONT
PAGE ]](../gx/homenew.gif)
More 2¢ Tips!
Automatic Term Resizing
Date: Mon, 17 Feb 1997 21:36:57 -0800 (PST)
From: pb@europa.com
Heya,
I spend a lot of time telnetting to my ISP from various sized terms
under X and from the good ol' prompt. Typing "stty cols x rows y" got
tedious, so I found a nice solution: Putting "eval `resize`" in my .cshrc.
Now my remote terms automatically resize themselves to whatever convoluted
geometry I've got locally.
Cheers,
Peat
Background Images
Date: Tue, 18 Feb 1997 15:57:17 -0500
From: Christopher Fortin,
cfortin@bbn.com
Hi.
I use fvwm2, and like to have four virtual screens,
each with a different background. However, I found myself editing
my .fvwm2rc file alot to change those backgrounds ( kept getting
bored with the selection ). So I came up with a little tcl
script to do the work for me. Now I just have a directory ( called
.backgrounds ) filled with .xpm files that I like as backgrounds.
On login, my .login file calls randBG.tcl, an executable tcl file
thats in your path, ( if tclsh is not in /usr/bin, change the first
line ).
The Mailbag!
#---CUT HERE------randBG.tcl---------------------------
#! /usr/bin/tclsh
proc randomInit {seed} {
global rand
set rand(ia) 9301; #multiplier
set rand(ic) 49297; #Constant
set rand(im) 233280; #Divisor
set rand(seed) $seed; #Last Result
}
proc random {} {
global rand
set rand(seed) \
[expr ($rand(seed)*$rand(ia) + \
$rand(ic)) % $rand(im)]
return [expr $rand(seed)/double($rand(im))]
}
proc randomRange { range } {
expr int([random]*$range)
}
randomInit [pid]
random
randomRange 100
### CHANGE THIS #####################
set BGDIR /your.home.dir/.backgrounds
#
exec /bin/rm -f $BGDIR/desk1.xpm
exec /bin/rm -f $BGDIR/desk2.xpm
exec /bin/rm -f $BGDIR/desk3.xpm
set files [ exec ls $BGDIR ]
set nfiles [llength $files]
set rnd1 [eval randomRange $nfiles]
set rnd1file [lindex $files $rnd1]
exec ln -s $BGDIR/$rnd1file $BGDIR/desk1.xpm
set rnd2 [eval randomRange $nfiles]
set rnd2file [lindex $files $rnd2]
exec ln -s $BGDIR/$rnd2file $BGDIR/desk2.xpm
set rnd3 [eval randomRange $nfiles]
set rnd3file [lindex $files $rnd3]
exec ln -s $BGDIR/$rnd3file $BGDIR/desk3.xpm
#------------
#-----CUT HERE-----------------------------------------
The rand part of this was from Welch's TCL book. Now you just need .fvwm2rc to use the ~/.backgrounds/desk?.xpm, like
#---------------------------------------------- #### # Set Up Backgrounds for different desktops. #### Module FvwmBacker *FvwmBackerDesk 0 xpmroot ./.backgrounds/desk0.xpm *FvwmBackerDesk 1 xpmroot ./.backgrounds/desk1.xpm *FvwmBackerDesk 2 xpmroot ./.backgrounds/desk2.xpm *FvwmBackerDesk 3 xpmroot ./.backgrounds/desk3.xpm #----------------------------------------------and also
#---------------------------------------------- AddToFunc "InitFunction" Desk "I" 0 0 + "I" Exec xpmroot ./.backgrounds/desk0.xpm & #---------------------------------------------- to set desk0 prior to changing between desks. Just a little hack I thought someone might like. Note that this only changes desks 1-3, since I tend to keep desk0 constant ( I found a *really* nice background ).Chris
Changing directories, A short enhancement to previous article's idea
Date: Thu, 20 Feb 1997 19:13:38 +0100
From: jurriaan, thunder7@xs4all.nl
In an article in the October Linux Journal (or was it Gazette - I don't know) by Marc Ewing (marc@redhat.com) a shell script was presented to allow a user to go to any directory on the system, without getting to all directories in between.
Much as this script apealed to me, it didn't work as I expected:
(A part of) my directory tree look like:
/root /root/angband /root/angband/2796 /root/angband/2796/src /root/angband/2796/lib /root/angband/2796/lib/edit /root/angband/2796/lib/data /root/angband/myang /root/angband/myang/src /root/angband/myang/lib /root/angband/myang/lib/edit /root/angband/myang/lib/data etc.Now when I typed cds myang, it offered me a choice between all directories containing myang. Instead I'd much prefer if the program decided that the one directory ending in myang would be the most logical choice.
I adapted this script, and the result is included below. Many comments are added, which you may or may not like. They may not even be correct, as I am not one of the guru-est of linux-dom, as Marc Ewing was described :-).
If you like it, use (ie include) it and let me know please.
If you don't, adapt it and then include it and let me know please.
If you really don't like it, consider this message not written.
Greetings from Holland,
Jurriaan (thunder7@xs4all.nl)
function cds() {
# no arguments? then do nothing
if [ $# -ne 1 ]; then
echo "usage: cds pattern"
return
fi
# $1 seems to disappear later on, or change value, so we declare a real
target
target=$1
# find $target in file $HOME/.dirs
set "foo" `fgrep $target $HOME/.dirs`
# $# is the function return status, 1 means not found
if [ $# -eq 1 ]; then
echo "No matches"
# 2 means just one found
elif [ $# -eq 2 ]; then
cd $2
# we found a couple of possible directories
else
# $ is the sign for end-of-line , -E tells fgrep to use extended regular
# expressions
# the \ before $ tells the shell not to see $ as an empty variable, but to
# pass it right on to fgrep
# if you are ever in doubt, use set -x to see what goes on in your scripts.
# then use set +x to get rid of all the extra output
set "foo" `fgrep -E $target\$ $HOME/.dirs`
# we found a directory at the end of the tree, ie myang$ selects
# /root/angband/myang, but not /root/angband/myang/src.
if [ $# -eq 2 ]; then
cd $2
# I'm not sure - in DOS you must reset your variables, in Linux too?
target=
return
else
# this is a copy of the original function: search for a match, even if it
# is in the middle of a directory
# one extra trick: we first count how many matches we find, using fgrep -c
count=`fgrep -c $target $HOME/.dirs`
# stty size gives on my terminal 51 116 (ie a 116x51 screen)
# cut -b1-3 gives then 51
lines=`stty size | cut -b1-3`
# if more than 2/3 of the terminal, it's too much
lines=$[$lines*2/3]
if [ $count -gt $lines ]; then
echo "More than $lines matches - respecify please"
count=
lines=
target=
return
fi
# else we really go for it, just like the old version
set "foo" `fgrep $target $HOME/.dirs`
shift
for x in $@; do
echo $x
done | nl -n ln
echo -n "Number: "
read C
if [ "$C" = "0" -o -z "$C" ]; then
return
fi
eval D="\${$C}"
if [ -n "$D" ]; then
#echo $D
cd $D
fi
fi
fi;
}
Colorized Prompts
Date: Mon, 24 Feb 1997 12:03:57
From: arnim@rupp.de
#!/bin/sh # script for colorized prompts, by arnim@rupp.de # start this script to see all possible colors then # include this ... # ------------------------- snip ------------------------ BLACK='^[[30m' RED='^[[31m' GREEN='^[[32m' YELLOW='^[[33m' BLUE='^[[34m' MAGNETA='^[[35m' CYAN='^[[36m' WHITE='^[[37m' BRIGHT='^[[01m' NORMAL='^[[0m' # blink ;-) BLINK='^[[05m' REVERSE='^[[07m' # sample bash-prompt PS1=$BRIGHT$YELLOW'\u:'$NORMAL'/\t\w\$ ' # ------------------------- snip ------------------------ # .. in Your /etc/profile, .profile, .bashrc, .whatever, ... # ( don't cut & paste with the mouse, this would spoil the escape-characters ) echo $BLACK 'BLACK' echo $RED 'RED' echo $GREEN 'GREEN' echo $YELLOW 'YELLOW' echo $BLUE 'BLUE' echo $MAGNETA 'MAGNETA' echo $CYAN 'CYAN' echo $WHITE 'WHITE' echo $BRIGHT$BLACK 'BRIGHT BLACK' echo $BRIGHT$RED 'BRIGHT RED' echo $BRIGHT$GREEN 'BRIGHT GREEN' echo $BRIGHT$YELLOW 'BRIGHT YELLOW' echo $BRIGHT$BLUE 'BRIGHT BLUE' echo $BRIGHT$MAGNETA 'BRIGHT MAGNETA' echo $BRIGHT$CYAN 'BRIGHT CYAN' echo $BRIGHT$WHITE 'BRIGHT WHITE' echo $NORMAL
Getting less to View gzipped Files
Date: Fri, 7 Feb 1997 11:21:41 -0800 (PST)
From: Michael Bain,
michael.bain@boeing.com
Here's how to use less to view gzipped files. Also, there is a way you can use this less feature that doesn't require temporary files and only needs one script file.
Put lesspipe.sh in your executable path.
lesspipe.sh:
#! /bin/sh
case "$1" in
*.Z) uncompress -c $1 2>/dev/null
;;
*.gz) gunzip -c $1 2>/dev/null
;;
esac
Set the environmental variable LESSOPEN='|lesspipe.sh %s'.
(Don't forget the pipe '|' symbol.)
This works with less version 2.90.
Michael Bain
Lowercased Filenames
Date: Thu, 20 Feb 1997 00:38:10 GMT
From: bubje@freemail.nl
Hello there
We've all read all those ways to convert uppercased filenames to lowercased ones. But why did we need it?
One reason is because when we unzip a file, all filenames are uppercase.
Well, try this (much much shorter :) )
unzip -L filename.zipThis extracts the files as usual, but converts the filenames to lowercase, so there's no need to run any of those other two cent tips anymore... (and it's less to type, and faster)
Greatz
Jan Gyselinck,
wodan@cryogen.com
More on Xterm Titlebar Tip
Date: Tue, 11 Feb 1997 12:33:18 -0500
From: Raul D. Miller,
rdr@tad.micro.umn.edu
I don't know if you've touched on this yet -- if so, please ignore this message.
With bash, you can reliably set the titlebar. Just set the PROMPT_COMMAND variable to be a command that sets your title bar.
Aside: I usually use the shortened host name, with a # suffix if I'm root. The most portable way of testing if I'm root is [ -w / ]
Raul
A Quick and Dirty getmail Script
Date: Sat, 15 Feb 1997 12:45:59 +0200 (GMT+0200)
From: Markku J. Salama,
msalama@hit.fi
Hi there!
Here is a quick and dirty script for fetching your mail without a POP account. It does it's thing by using telnet and ftp.
--------------------------------BEGIN SCRIPT------------------------------ #!/bin/sh # Brought to you by msalama@superfly.salama.fi # Caveat emptor: You use this entirely at your own risk, I'm not # responsible for any damages or loss of mail it might cause. # There are 3 things to remember: # 1) Make sure this script is readable & executable _only_ by you, it # contains password information! # 2) You must have a .netrc-file in your home directory containing a # hostname, your username and your passwd for ftp. Make sure this file # is readable _only_ by you, too, and check the ftp man page for # details. # 3) You must, of course, edit this script to provide all the necessary # passwords, usernames etc. for telnet. Also, the remote system must # have dd installed to empty the mailbox. (echo open your.host # The sleeps are necessary so that telnet sleep 5 # doesn't get confused echo your.username sleep 5 echo your.password # For your eyes only... sleep 10 # 10 sec. break, let the motd etc. scroll by echo cp /remote/mailbox/file ./newmail # copy the mailbox file into sleep 5 # your remote home directory echo dd if=/remote/mailbox/file of=/remote/mailbox/file # Empty the sleep 5 # mailbox echo quit) | telnet -8E > /dev/null (echo binary # Now go get the mail using echo get newmail # ftp. Handy for those folks echo delete newmail # who don't have a POP account. echo bye) | ftp your.host > /dev/null mv ./newmail /local/mailbox/file # Move the new mail in place... chmod go-rwx /local/mailbox/file # Just in case it's readable # by someone else. # All done! Go read them. --------------------------------END SCRIPT--------------------------------There. Have a nice spring & be an excellent person.
Markku Salama
Syslog 2c Tip Revised
Date: Sun, 9 Feb 1997 23:26:46 -0800 (PST)
From: Ian Main,
imain@vcc.bc.ca
Hi, just going through issue #14 of the linux gazzette, and I noticed the tip on logging *.* to a file so you can read it in an rxvt in X. I do a similar thing here, but rather than logging to a file, I log to a pipe (ah ha! Why didn't I think of that? :-) ).
Works really well. No disk space used, and you can just use cat to view it, and it scrolls along nicely.
To make a named pipe (FIFO) in /var/log/message-pipe:
mknod /var/log/message-pipe pand add this to your /etc/syslog.conf (note the pipe symbol there.) :
*.* |/var/log/message-pipeand finally, just type:
cat /var/log/message-pipeOr of course.. you can stick it in a shells script or as the command rxvt runs when it starts.. whatever you like.
Hope you find it useful,
Ian
vi/ed Tricks and the .exrc File
Date: Tue, 11 Feb 1997 16:28:30 -0600 (CST)
From: Sean Murray,
murrsea@ripco.com
The vi editor is built on the foundations of the "ed" editor. Whatever applies to ed applies to vi. So if you where wondering if there was a way to customize your vi sessions wonder no longer.
In your home directory create a file called ".exrc", every time vi starts it will parse that file and customize it's actions. The below 5 lines are the contents of my .exrc file.
set tabstop=8
map ^N {!}sort^M
map v {^M!}fmt^M
map V 1G^M!Gfmt^M
map ^W :!ispell %^M^M:e!^M
I didn't include any comments because I don't know if the .exrc file
has a comment character, I'll comment theses lines later?
Ok the "set" command allows you to set various parameters in vi; in this case I've set the tab stop to 8 characters. So when ever I enter a tabstop in insertion mode the cursor will move over 8 spaces (8 spaces is what most printers will print tabs at regardless of your vi settings). But you can set it to what ever you like.
Sometimes when programming I manually set my tabstop to 4 spaces for indentation. To do this type in the following ":set tabstop=4". The nice thing about this is that the character is still really a tab and not a bunch of spaces, hence you don't force other ppl to view text with your spacing.
"map" maps a key or key combination to a sequence of commands. Note: that only ed commands work here so see view a list of ed commands while editing your .exrc file. It's a BAD idea to map key or key combinations that already have other meanings. The available combinations are:
letters: "g K k q V v" Control keys: "^A ^K ^O ^T ^W ^X" (where "^A" means press the control key and the letter a) Symbols: "_ * \ ="(These above four lines where shamelessly stolen from ORA's _Learning the Vi Editor_; it's a must get for any vi user)
So what does "map ^W :!ispell %^M^M:e!^M" do -- well the "map" is the keyword telling vi to map the next character to the following commands. (If you map a key combination like ^W then remember to enter this by typing the control key and "v" first and then the key combination of control key and the letter "w".) Here we are mapping ^W to a set of commands. The first command is telling vi to execute the external program ispell with the current file we are editing (the variable that holds the current files name is "%"). The ^M is actually the character that appears after you have typed ^V and then typed the return key hence ^M denotes the instance of a carriage return. The last command is the vi command to reload the current file; this is necessary as the ispell program will update the file and not the vi buffer.
assuming that you have the external programs "ispell", "fmt" and "sort" the theses mappings should work. "map ^N {!}sort^M" will sort a paragraph. "map v {^M!}fmt^M" will format a paragraph. "map V 1G^M!Gfmt^M" will format the whole document.
A final note: if you have the environment variable EXINIT set it will take precedence over the .exrc file settings.
Sean Murray
|
Contents: |
New Computer Operating System Rides Space Shuttle
The space shuttle experiment will fly on mission STS-83 in late March and early April. Sebastian Kuzminsky is an engineer working on the computer that controls the experiment, which is operated by Biosciences Corporation. Kuzminsky said "The experiment studies the growth of plants in microgravity. It uses a miniature '486 PC-compatible computer, the Ampro CoreModule 4DXi. Debian GNU/Linux is loaded on this system in place of DOS or Windows. The fragility and power drain of disk drives ruled them out for this experiment, and a solid-state disk replacement from the SanDisk company is used in their place. The entire system uses only 10 watts", said Kuzminsky, as much electricity as a night-light. "The computer controls an experiment in hydroponics, or the growth of plants without soil", said Kuzminsky. "It controls water and light for the growing plants, and sends telemetry and video of the plants to the ground".
For additonal information:
Bruce Perens, bruce@debian.org
Linux Sponsored Penguin
SWANSEA, UK, January 29th, 1997 -- Linux users sponsor a penguin at Bristol Zoo. A bunch of UK Linux fans and Linux World magazine confirms they have sponsored Linus Torvalds a penguin for a christmas present.
"It has taken a bit of time for the paperwork to arrive but it has now been scanned and can be found on http://penguin.uk.linux.org and is now leaving for Finland." claimed Alan Cox, who leads the penguin sponsoring group.
"It's not a suprise given the rumours circulating at usenet" said a prominent Linux developer, "This has been on the cards for some time".
A plaque with the web site name on will also soon appear near the Penguin area at Bristol Zoo which has been selected as the place to sponsor the penguin.
According to Alan Cox, Linus who as well as creating the Linux OS is also responsible for the choice of a penguin as logo, also gets ten free tickets to the Zoo as a result of the sponsorship. "It's not clear how he gets to Bristol Zoo easily" admitted a spokesman who didn't wish to be named.
Linux is a high performance Unixlike OS that is winning major awards and accolades. More information on Linux and the Linux Market are available from http://www.uk.linux.org/ and Linux International, http://www.li.org.
Bristol Zoo was founded in 1836 and is one of the oldest Zoos in europe. It has an international reputation for its pioneering work with endangered species.
A penguin is... oh come on you must know what a penguin is...
For additional information: Alan Cox, Alan.Cox@linux.org
RSA 56bit challenge
We are trying to get as many Linux folks as possible involved in the challenge and hopefully as one giant group using the id
and the sheer number of Linux users to stick ourselves on the top of the stats page. [as of Feb 21, the linuxnet team is on the top of the charts with 21million keys per second on 247 hosts.] In the unlikely event we do crack the key the money will go to the Linux Development Grant Fund (Linux International).
To join, ftp the clients from
ftp://ftp.genx.net/pub/crypto/rc5
and run them with
./clientname linux@linuxnet.org
or for some clients
./clientname -i linux@linuxnet.org
SMP folks should run one client per CPU.
Non US sites please be aware of the potential crypto export rules...
You might want to run it via "nice". It will then just soak idle CPU.
For more info see:
http://zero.genx.net/ -- info and stats - we want to be top!
http://www.rsa.com/ -- RSA - the RC5 creators and challenge setters
http://www.cobaltgroup.com/~roland/rc5.html -- linuxnet registry
Alan Cox, Alan.Cox@linux.org
Yggdrasil approved by The World Wide Web Consortium to develop
"Arena" Web Browser.
San Jose, CA -- February 17, 1997 -- The World Wide Web Consortium [W3C] has approved Yggdrasil Computing to coordinate future development of Arena, a powerful graphical web browser originally developed as the Consortium's research testbed. Under the agreement, Yggdrasil will undertake new development and support the developer community on the internet. Yggdrasil will issue regular releases, provide a centralized file archive and web site, integrate contributed enhancements and fixes, create mailing lists for developers and users, and facilitate widespread use of Arena by others.
Yggdrasil's additions to Arena will be placed under the "GNU General Public License", which allows unlimited distribution both for profit and not for profit, provided that source code is made freely available, including source code to any modifications. No exclusive rights have been given to Yggdrasil. Anybody could legally do what Yggdrasil is doing, although the Consortium now considers Yggdrasil the formal maintainer of Arena.
For additional information:
Complete press release and Developer Information
Adam J. Richter,
adam@yggdrasil.com
Spreading news about great lists of Linux friendly applications
I've found a GREAT list of applications compatable with Linux which I think should be announced to the wide audience of the gazette.
a list of Linux software by Steven K. Baum
It's a very comprehensive, alphabetized list of (mostly free) software, which is described in a couple paragraphs, mentioning weather it is available in binary or source, and a link to where it is available. A lot of the entries would be of interest only to someone doing scientific programming, but much is of general interest.
Another Linux Group
Hi, I have been a long time reader of LJ and it has been a great help to me, and I am sure that applies to many in the Linux Community! Now, my friends on the Net and I have also done something as a contribution to Linux which I thought would be interesting to you and helpful to your readers. This is to create an On-Line Linux Users Group for people interested in learning more about Linux, providing help to other Linuxers, and promoting Linux.
Peter Lazecky, http://www.linuxware.com/
Linux in the News
SmartList for Linux Women!
Dotfile Generator 2.0 Now Available
Wed, 5 Feb 1997
This note is to announce the public relase of The Dotfile Generator
version 2.0. Lot's of changes has been made, since last version, which was
release for more than a year ago.
The Dotfile Generator is a tool to help the end user configure basic things as well as exotic features of his or hers favorite programs without knowing the syntax of the configuration files, or reading hundreds of pages in a manual. At the moment, The Dotfile Generator knows how to configure Bash, Fvwm1, Fvwm2, Tcsh, Emacs, Elm and Rtin.
You can get a FREE copy directly from our ftp-site:
ftp://ftp.imada.ou.dk/pub/dotfile/dotfile.tar.gz
ftp://ftp.imada.ou.dk/pub/dotfile/dotfile.tar.Z
For additional information:
Complete press release
Jesper Pedersen,
blackie@imada.ou.dk
LASERJET MANAGER 2.5 Announcement
February 26,1997--an upgrade has been announced for LASERJET MANAGER. The version is 2.5. The major bonuses of LjetMgr 2.5 are the ability to directly modify the screen settings on Hewlett Packard printers, and a graphical user interface which is fully localizable and comes with documentation and help pages in HTML pages. The program is faster and used less resources. A single license of Ljet Mgr costs US-$65 and there is a discount for educational institutions and students at 10%. This price includes installation support and one year of free upgrades. You must have a printer that supports PJL.
For additional information:
Richard Shcwaninger at softWorks,
risc@finwds01.tu-graz.ac.at
The BitWizard device driver service.
February 26, 1997
BitWizard is pleased to annouce that it is starting a Linux-device
driver service. This means that you can concentrate on creating PC
based systems, and we will make the required device drivers for
the cards that you select. In general, the driver will be ready
within a week or two after we get the hardware and the
documentation.
For additional information:
Roger Wolff, info@BitWizard.nl,
http://www.BitWizard.nl/
Announcement of Thot structured editor
February 26, 1997
Announced-- the source code of the Thot structured
editor is now available by anonymous ftp.
Several binaries may also be downloaded for various Unix platforms.
You can get Thot version 2.0b at the following URL:
http://opera.inrialpes.fr/thot/
Thot Editor is a structured document editor, offering a graphical WYSIWYG interface under X-Windows. Thot offers the usual functionality of a word processor, but it also processes the document structure. It includes a large set of advanced tools, such as a spell checker and an index generator, and it allows to export documents to common formats like HTML and LaTeX.
For additional information:
Opera project pages http://opera.inrialpes.fr
Amaya pages http://www.w3.org/pub/WWW/Amaya/
ACTIVE TOOLS ANNOUNCES CLUSTOR 1.0
San Francisco, CA - February 10, 1997 - Active Tools, Inc. announced today the release of Clustor 1.0 (TM), a program for managing large computational tasks. Clustor greatly simplifies a common computationally intensive activity - running the same program code numerous times with different inputs. Clustor provides increased performance by distributing jobs over a network of computers and improved task management through a friendly user interface. Clustor provides an intuitive interface for task description and control. It supports all phases of running a computationally intensive task on a network or computers: task preparation, job generation, and job execution. Clustor 1.0 is currently available for computers from major workstation suppliers, including SGI Irix, Sun Solaris, DEC OSF, IBM AIX, HP HPUX and Intel Linux. Clustor 1.0 can be downloaded from: http://www.activetools.com/
For additional information: sales@activetools.com
LinkScan
Elsop's LinkScan reports and SiteMaps may be viewed using any of the standard Web browsers such as Netscape Navigator 1.2 and up, and Microsoft Internet Explorer on any platform including Windows 3.1, Windows 95, Macintosh, and, of course, UNIX. LinkScan can be used by virtually anyone because it is designed to run on industry standard UNIX, LINUX, and Microsoft Windows NT web servers.
Free evaluation copies of LinkScan may be downloaded (less than 80K bytes) from the company's website at:
Mathworks release of MATLAB 5
January 6 The MathWorks announced the release of MATLAB 5.
In addition to the MATLAB 5 release, major new versions of SIMULINK, the Signal Processing Toolbox, the Control System Toolbox, and MATLAB 5 compatible versions of many other products will also be available. New features in these products include:
For additional information:
The MathWorks, info@mathworks.com
http://www.mathworks.com/
< P>
The Answer Guy
fetchmail and POP3 Correction
From: Eric S. Raymond, esr@snark.thyrsus.com
One of your answers in this month's letters column was slightly in error.
Fetchmail no longer has the old popclient option to dump retrieved mail to a file; I removed it. Fetchmail, unlike its ancestor popclient, is designed to be a pure MTA, a pipefitting that connects a POP or IMAP server to your normal, SMTP-based incoming-mail path.
Fetchmail's "multidrop" mode does what Moe Green wants. It allows fetchmail, in effect, to serve as a mail collector for a host or subdomain.
Fetchmail is available at Sunsite, under the system/mail/pop directory. Eric S. Raymond
Eric is the author (compiler) of _The_New_Hackers_Dictionary_
a maintainer of the Jargon file (on which the NHD is based)
and is the current maintainer of the termcap file that's
used by Linux (and probably other Unix' as well).
He's also the author of 'fetchmail'
-- Jim
Automated File Transfer over Firewall
Hi,
Because of the security risk involved when using rcp,
I disabled this service on our linux host. But the
main advantage of rcp (over the more secure ftp) is
that you can run it non-interactively (from cron
for example). Is there a way to "simulate" this
functionality with ftp?
Technically non-anonymous ftp isn't
more secure than rcp. The security
concerns are different. (Unless you're
using the "guestgroups" feature of wu-ftpd).
Under some circumstances it is less so.
FTP passes your account password across the untrusted wire in "clear text" form. Any sniffer on the same LAN segment can search for the distinctive packets that mark a new session and grab the next few packets -- which are almost certain to contain the password.
rcp doesn't send any sort of password. However the remote host has to trust the IP addresses and the information returned by reverse DNS lookups -- and possibly the responses of the local identd server. Thus it is vulnerable to IP spoofing, and DNS hijaacking attacks.
Ultimately any automated file transfer will involve storing a password, hash or key on each end of the link or it will involve "trusting" some meta information about the connection ( such as the IP address or reverse DNS lookups of the incoming connections).
If the initiating host is compromised it can always pass bad data to the remote host (the target of the file transfers). If the remote host (the target) is compromised it's data can be replaced. So we'll limit our discussion to how we can trust the wire.
I'd suggest that you look at ssh. Written by Tatu Ylongen, in Europe (Finland?) this is a secure replacement for rsh. It comes with scp (a replacement for rcp).
ssh uses public key cryptographic methods for authentication (RSA) and to exchange a random session key. This key is then used with a symmetrical algorithm (IDEA or your choice among others) for the end-to-end encryption through out the session.
It is free for non-commercial use. You can grab a copy from ftp.cs.hut.fi (if I remember correctly) or via http://www.cs.hut.fi. If you are in the U.S. you should obtain a copy of the rsaref library from mit.edu (I don't remember the exact hostname there) and compile against that (this is to satisfy the patents license from RSA). If you need a commercial license for it you should contact Data Fellows -- look at those web pages for details -- or look at http://www.ssh.com.
This combination may seem like overkill -- but it is necessary over untrusted wires.
It is possible to run rdist (the remote file distribution program) over an ssh link. This will further automate the process -- allowing you to push and pull files from or to multiple servers, recurse through directories, automate the removal of files, and only transfer new or changed files. It is significantly more efficient than just rcp scripts.
There are other methods by which you can automate file transfers within your organization. One which may seem downright baroque is to use the venerable old UUCP.
UUCP can be used over tcp. You create accounts on each host for each host (or you can have them share accounts in various combinations -- as you like). In addition to allowing cron driven and on demand file transfers using the 'uucp' command (which uses the UUCP protocols -- if you catch the distinction) you can also configure specific remote scripts and allow remote job execution to specific accounts.
UUCP offers a great deal of flexibility in scheduling and job prioritization. It is extremely automation friendly and is reasonably secure (although the concerns about text passwords over your ethernet are still valid).
You could also use a modern kermit (ckermit from Columbia University) which can open sessions over telnet and perform file tranfers through that. kermit comes with a rich scripting language and is almost universally support.
It is also possible -- if you insist on sticking with ftp as the protocol -- to automate ftp. You can use the ncftp "macro" feature by putting entries in the .ncftprc file. This allows you to create a "startup" macro for each host your list in your rc file. It is possible to have multiple "host" entries which actually open connections to the same host to do different operations.
It is also possible to use 'expect' with your standard ftp client shell. Expect is a programming languages built around TCL which is specifically focused on automating interactive programs.
Obviously these last three options would involve storing the password in plain text on the host in the script files. However you can initiate the connection from either end and transfer files both ways. So it's possible to configure the more secure host to initiate all file transfer sessions (the ones involving any password) and it's possible to set up a variety of methods for the exposed host to request a session. (an attacker might spoof a connection request -- but the more secure host will only connect to one of it's valid clients -- not some arbitrary host.
Example 1:
Internet users can upload a file on our public linux
host on the Internet. A cron job checks at 10 minute
intervals if there are files in the incoming files
directory (eg /home/ftp/incoming). If there are files,
they would be automaticaly transfered to another
host on our secure network (intranet) for further
processing. With rcp this would be easy, but rcp
is not a secure service, so can not be allowed on a
public Internet host. It's "competitor", ftp, is more
secure, but can it be done?
This is a "pull" operation.
In this context ftp, initiated from the exposed host and going to a non-anonymous account on your internal host, would be less secure than rcp. (presuming that you are preventing address spoofing at your exterior routers).
I'd use uucp over tcp (or even consider running a null modem if the hosts are physically close enough) and initiate session from the inside. TCP wrappers can be used to ensure that all requests to this protocol come from the appropriate addresses (again, assuming you've got your anti-spoofing in place at the routers).
TCP wrappers should also be used for your telnet, ftp, and r* sessions.
The best security would be via rdist over ssh.
Example 2:
We extract data from our database on the intranet,
and translate them into HTML-pages for publishing
on our public WWW host on the Internet. Again,
we wish to do this automaticaly from cron. Normally,
one would use rcp, but for security reasons, we won't
allow it. Can ftp be used here?
This would be a "push" operation.
Exactly the same methods will work as I've discussed above.
-- Jim
chown Question
From: Terry Paton, tpaton@vhf.nano.bc.ca
Hi Jim....
My question concerns the chown command. The problem that I have is as
follows:
In a directory that I have access to I have several files that I own and also have group ownership. I want to change the ownership and group to something else. I am also webmastr and in the weaver group.
example: filename is country.html rw- rw- r tpaton owner tpaton group
I want to change to owner webmastr group weaver. The command I used is chown webmastr.weaver country.html The response the system gives is Operation not permitted.
Any ideas how come??
Of course. Under Unix there are two approaches to
'chown' -- "giveaway" and "privileged only." Linux
installations almost always take the later approach
(as do most systems which support quotas).
You want the 'chgrp' command.
You can use 'chgrp' to give group ownership of files away to any group of which you are a member.
Another approach is to use the SGID bit on the directory.
If you have a directory which you share among several users -- such as a staging area for your web server -- you can set that directory to a group ownership of a group (such as 'webauth') and use the 'chmod g+s' to set the SGID bit. On a directory this has a special meaning.
Any directory that is SGID will automatically set the group ownership of any files created in that directory to match that of the directory. This means that your webauthors can just create or copy files into the directory and not worry about using the chgrp (or chown) commands.
I suspect that this is what you really wanted. Note: You'll want your web authors to adjust their umask to allow g+rw to make the best use of these features.
Also note: if this doesn't seem to work you might want to check your /etc/fstab or the mount options on that filesystem. This behavior can be overridden with options to the mount command and may not be available on some filesystem types. It is the default on ext2 filesystems.
There is also a special meaning to the "t" (sticky) bit when it is applied to directories. Originally (in the era of PDP-7's and PDP-11's -- on which Unix was originally written) the sticky bit was a hint to the kernel to keep the images of certain executable files cached in preference to "non-sticky" files. The sysadmin could then set this bit on things like "grep" which were used frequently -- giving the system a slight performance boost.
Given modern caching techniques, usage patterns, and storage systems the "sticky" bit has become useless on files.
However, most modern Unix systems still have a use for the 't' bit on directories. It modifies the meaning of the "write" bit so that users with the write option to a directory can only affect *THEIR OWN* files.
You should always set the 't' bit on /tmp/ and similar (world-writeable) directories.
Perhaps, one of these days will find a use for the 't' bit on files again. I don't know of a meaning for the SUID bit on directories (but there might be one in some forms of Unix -- even Linux). Notice that "sticky" is not the same as SUID or SGID. This is a fairly common misnomer.
-- Jim
Copy from Xterm to TkDesk
From: Steve Varadi, svaradi@sprynet.com
I have a question maybe someone know simpler solution for this. I'm using TkDesk because very easy to use and most of the keystroke same as in Win95. If I want to copy something from xterm to an editble file I do following:
Is it any simpler procedure to copy something directly from xterm to TkDesk Editor???
Thanks: Steve
The usual way to paste text in X is to use the
"middle" mouse button. If you're using a two-button
mouse you'd want your X server configured to
"Emulate3Buttons" -- allowing you to "chord"
the buttons (press and hold the left button then
click with the other).
I realize that this is different than Windows and Mac -- where you expect a menu option to be explicitly available for "Edit, Paste" -- but this follows the X principle of "providing mechanisms" rather than "dictating policy" (requiring that every application have an Edit menu with a Paste option would be a policy).
Personally I always preferred DESQview and DESQview/X's "Mark and Transfer" feature -- which was completely keyboard drive. It let me keep my hands on the keyboard and it allowed me to make interesting macros to automate the process. It was also nice because the application wasn't aware of the process -- if you could see text on your screen -- you could mark and transfer it.
However this sort of interface doesn't currently exist for Linux or XFree86 -- and I'm not enough of a programmer yet to bring it to you. So try "chording" directly into the text entry area of your TkDesk window after making your text selection. Remember -- you'll probably have to press on the left button first and hold it while clicking on the other button. If you try that in the other order it probably won't work (never does for me).
-- Jim
File System Debugger
What I want to do is take apart the CURRENT filing system down to the layout of the superblock. On an AIX by IBM machine we used a program called FSDB. I just want to try and get my hands on it and the filing system layout.
FSDB would probably be "filesystem debugger."
The closest equivalent in Linux would probably be
the debugfs command.
If you start this with a command like:
debugfs /dev/hda1
... it will provide you with a shell-like interface (similar to the traditional ftp client) which provides you about forty commands for viewing and altering links and inodes in your filesystem. You can also select the filesytem you wish to use after you've started the program.
From the man page: debugfs was written by Theodore Ts'o, tytso@mit.edu.
There is another program that might be of interest to you. It's called lde (Linux Disk Editor). This provides a nice ncurses (with optional color) interface to many of the same operations. You can find lde-2.3.tar.gz at any of the Sunsite mirrors.
There is yet another editor which is included with some versions of Red Hat (and probably other distributions) called ext2ed.
There are also FAQ's and HOWTO's on the ext2fs structure and internals available.
Hope that helps.
-- Jim
IP Fragmentation attack description
From: Fabien Royer, fabien@magpage.com
Hi all !
IP fragmentation is an old attack, used to send data to a port behind a packet filtering 'firewall'.Now, wouldn't be possible to prevent an attack by packet fragmentation by simply adding a second router that would receive and recheck the packets reassembled by the first one ?
Regards, Fabien.
Most routers don't do reassembly and most packet
filtering systems don't track connections. In
these each packet is judged purely on its own
merits.
There is a newer, more advanced class of packet filtering packages which do "stateful inspection."
These are currently mostly implemented in software on various sorts of Unix systems. From what I've heard these are largely experimental at this point.
For those that are curious there is a team working on a "stateful inspection module" for the Linux 2.x kernel. The "IP Masquerading" features that are built into this kernel (A.K.A. "Network Address Translation" or NAT) provide most of the support that's necessary to "stateful inspection."
Here's a couple of links (courtesy of the Computer: Security section of Yahoo, and Alta-Vista):
CYCON Labyrinth Firewall 1.4 Announcement http://www.cycon.com/press/announce.html CheckPoint FireWall-1 Brochure http://www.checkpoint.com/brochure/page6.html Network Address Translation http://www.oms.co.za/overview/node2.html Firewall Overview http://www.morningstar.com/secure-access/fw101.htm Freestone Firewall for Linux http://www.crpht.lu/CNS/html/PubServ/\ Security/Firewall/FW_Mail/07-16_freestone_SOS
(note: that last one is one long line).
(There is also a package called the Mazama Packet Filters for Unix/Linux -but I didn't see if it supports the "stateful" stuff).
I didn't find anything on stateful packet filtering under NT -- but Checkpoint's Firewall-1 (listed above) is available for NT -- and might support it.
-- Jim
From: Panoy Tan
Hi,
First let me say that I enjoy Linux Journal very much and get a lot
out of every issue, esp. 'Letters to the Editor'.
If you have time to help me, I will be very glad and here is my
trouble :
My mail server run Linux Red Hat with kernel 2.0 and I use Netscape
Mail (POP-user) to read my e-mails on the server.
POP was designed to support "offline" mail processing, not "online" and
"disconnected", therefor I have problem when I read my e-mails with
different computers. That, I need, is my mails have to leave on the
mail server, but whenever I delete one of my mails, which
This has become a recurring problem in the years
since POP (post office protocol) was created.
You can configure most POP clients to keep your mail -- but then you'll be downloading a new copy of every message to each machine -- each time you connect.
Apparently (searching through Netscape's site) there is a hack to the POP3 protocol which would allow some of what you're looking for. This appears to be called UIDL: Here's what I read:
"The POP3 server does not support UIDL", Issue: 960626-31 Product: Navigator, Navigator Gold, Personal Edition, Created: 06/12/96
Unfortunately they didn't have any pointers to a POP server with UIDL support. A search at Yahoo! sent me straight to Alta Vista -- so a number of USENet and mailing list postings that referred to a variety of patches. I'll leave that as an exercise to the reader.
I have read, it will be delete from the server.
I have heard that IMAP supports 'online' mail processing and that is
reason to my questions :
I've heard similar rumors. The question I was trying
to answer by looking at Netscape's site is whether they
support the client side of IMAP. Here's some more
background info:
IMAP (Internet Mail Access Protocol) is intended to be a more advanced mail service. The proposed standards are covered in RFC1730 through RFC1733 (which are conveniently consecutive) and RFC2060. You can search for RFC's at the ds.internic.net web site or use ftp.isi.edu.
RFC's are the documents which become the standards of the Internet. They start as "requests for comments" and are revised and into STD's (standards documents) and FYI's ("for your information" documents). In the anarchy that is the 'net -- these are the results of the "rough consensus and running code" that gets all of our systems chatting with one another.
I did a quick Yahoo search using the keywords IMAP and Linux and came up with the following:
whatisIMAP? IMAP stands for Internet Message Access Protocol. It is a method of accessing electronic mail or bulletin board messages that are kept on a (possibly shared) mail server. In other words, it permits a "client" email program to access remote message stores as if they were local. For example, email stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, without the need to transfer messages or files back and forth between these computers.IMAP's ability to access messages (both new and saved) from more than one computer has become extremely important as reliance on electronic messaging and use of multiple computers increase, but this functionality cannot be taken for granted: the widely used Post Office Protocol (POP) works best when one has only a single computer, since it was designed to support "offline" message access, wherein messages are downloaded and then deleted from the mail server. This mode of access is not compatible with access from multiple computers since it tends to sprinkle messages across all of the computers used for mail access. Thus, unless all of those machines share a common file system, the offline mode of access that POP was designed to support
There is *much* more info at this site -- I only clipped the first two paragraphs.
Some related work is the ACAP (Application Configuration Access Protocol) and the IMSP (Internet Message Support Protocol) which are other drafts that are currently on the table at the IETF (www.ietf.org).
To quote another site that came up in my search:
ACAP is a solution for the problem of client mobility on the internet. Almost all Internet applications currently store user preferences, options, server locations, and other personal data in local disk files. These leads to the unpleasant problems of users having to recreate configuration set-ups, subscription lists, addressbooks, bookmark files, folder storage locations, and so forth every time they change physical locations.
If you're getting confused -- don't worry -- we all are. I've been bumping into references to IMAP, and ACAP for a few months now. They are pretty new and intended to address issues that only recently grew up to be problems for enough people to notice them.
The short form is: IMAP is an advanced protocol for accessing individual headers and messages from a remote mail box. ACAP (which I guess replaces or is built over IMSP) provides access to more advanced configuration options to affect how IMAP (and potentially other remotely accessed applications) behave for a given account.
1) Is there any IMAP to Linux, esp. Red Hat ?
There is an IMAP server included with Linux some
Linux distributions (Red Hat 3.03 or later I suspect).
I'm not sure about the feature set -- and the
man page on my Red Hat 3 system here is pretty sparse.
However the server is not the real problem here. What you really need is a client program that can talk to your IMAP server.
2) Where can I get it ?
The CMU (Carnegie-Mellon University) Cyrus IMAP project
looks promising -- so I downloaded a copy of that
as I typed this and looked up some of these other references.
It's about 400K and can be found somewhere at:
ftp://ftp.andrew.cmu.edu/
3) What must I be carefully when I install it ?
You must have a client that supports the IMAP features
that you're actually looking for. It's possible to
have a client that treats an IMAP server just like a
POP3 server (fetchmail for example). It may be that
Netscape's UIDL support is all you need for your
purposes.
I didn't find any reference to IMAP anywhere on Netscape's site -- which suggests that they don't offer it yet. I'm blind copying a friend of mine that is a programmer for them -- and specifically one who worked (works?) on the code for the mail support in the Navigator. Maybe he'll tell me something about this (or maybe it's covered by his NDA).
I also looked at Eudora and Pegasus web pages and found no IMAP support for these either. It was a long shot since neither of these has a Linux port (so far as I know) -- and I doubt you want to run WABI to read all of your mail -- nor even DOSEmu to run the Pegasus for DOS.
pine seems to support IMAP. XF-Mail (a popular free X mail user agent) and Z-Mail (a popular commercial one) also seem to have some support. More info on IMAP clients is available at the IMAP Info Center (see below).
The most informative web sites I visited in my research for this question were:
Cyrus IMAP Server: Overview and Concepts http://andrew2.andrew.cmu.edu/cyrus/cyrus-overview.html The IMAP Information Center http://www.imap.org/ Draft IMSP Specification http://andrew2.andrew.cmu.edu/cyrus/rfc/imsp.html The ACAP Home Page http://andrew2.andrew.cmu.edu/cyrus/acap/ Client-server mail protocols FAQ http://www.cis.ohio-state.edu/hypertext/faq/ \ usenet/mail/mailclient-faq/faq.html
The most active discussion about UIDL seems to have been on the mh-users mailing list. Archives can be found at: http://www.rosat.mpe-garching.mpg.de/mailing-lists/mh-users/
Thank you for your time to read my questions and hope to hear you
soon.
Regards, Nga
It's a hobby. I really only had about 2 hours to spare on this
research (and I took about three) -- and I don't have an
environment handy to do any real testing.
As I said -- I've been bumping into references about IMAP and ACAP and wanted to learn more myself. At the last IETF conference (in San Jose) I had lunch with one of the sysadmins at CMU -- who talked a bit about it.
Sorry this article is so rambling and disorganized. I basically tossed it together as I searched. To paraphrase Blaise Pascal:
This letter is so long because I lack the time to make it brief.-- Jim
Mail & Sendmail
From: Franaur P. Tan, noy@ayala.com.ph
Hi There,
I just read your article on Linux Gazette, got a lot of
good tips on securing my Linuz machine, thanks. Like
always, I have one bit of question I was hoping you could
answer, I'd like to send mail from my Linux machine w/o
installing sendmail, and I need this e-mail to be sent
by a script initiated by crond.
Right now (w/ sendmail installed) I can do it with a "mail -s subject noy@ayala.com.ph < my_message". I'd really like to remove sendmail from my system.
Which article? I'm trying to submit at least
one a month.
Well, you can use smail or qmail. These are replacements for sendmail.
I haven't installed either of these but I've fetched a copy of qmail and read a bit of the documentation. I might be implementing a system with that pretty soon.
However I'm not sure how much you gain this way. It's possible to configure 'sendmail' to send only so that it doesn't listen to incoming mail at all. This is most easily done by simply changing the line in your rc files that invokes sendmail (that would be /etc/rc.d/init.d/sendmail.init on a typical Red Hat or Caldera system). Just take the "-bd" off of that line like so:
/usr/lib/sendmail -bd -q1h... would become:
/usr/lib/sendmail -q1h... or
/usr/lib/sendmail -q15m(changing the queue processing frequency from every hour to every 15 minutes).
You can also remove sendmail from memory entirely and use a cronjob to invoke it like:
00,30 * * * * root /usr/lib/sendmail -q(to process the queue on the hour and at half past every hour).
If you concerns are about remote attacks through your smtpd service than any of these methods will be sufficient.
You should also double check your /etc/inetd.conf for the smtp service line. This is normally commented out since most hosts default to loading a sendmail daemon. It should stay that way.
If you are using fetchmail (and getting your mail via POP or IMAP) you either after to load some sort of smtp listener (such as sendmail, smail, or qmail) or you have to over-ride fetchmail's defaults with some command line options.
'fetchmail' defaults to a mode whereby it connects to the remote POP or IMAP server, and to the localhost's smtpd and relays the mail from one through the other. This allows for any aliases, .forwards, and procmail processing to work properly on the local system and it allows fetchmail to benefit from sendmail's queue handling (to make sure you have sufficient disk space etc).
However you can configure sendmail to run out of in inetd.conf with TCP Wrappers (the tcpd entry that appears on almost all of the other services in that file) and limit the listener to only accept connections from the local host.
You'd then configure your /etc/hosts.deny file to look something like:
ALL:ALL... spr (default to not letting anyone access any local services) -- and you'd put something like:
ALL: localhost in.telnetd: LOCAL in.ftpd: LOCAL... etc. in your /etc/hosts.allow
Finally you'd add something like:
smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sendmail -bs... to your /etc/inetd.conf.
(the -bs switch tells sendmail to "be" an "smtp" handler for one transaction. It handles one connection on stdin/stdout and exits).
All of this discussion assumes that you want to be able to use local mailers (like elm, and mailx) to send your mail and fetchmail to fetch it from a POP or IMAP server.
If your client is capable of it (like the mail reader in Netscape) you could configure it to use a remote smtpd gateway directly (it would make the connection to the remote host's smtp port and let it relay the mail from there). Then you'd have no sendmail, qmail, or smail anywhere on the system.
pine might be able to send directly via smtp (it does have an IMAP client so this would be a logical complement to that).
I hope all of this discussion gives you some ideas. As you can see there are lots of options.
-- Jim
Mounted vfat filesystems
From: Steve Baker, ssbaker@mwr.is
I have 2 vfat filesystems mounted. They belong to root; is there any way to give normal users read/write access to these filesystems? chown has no effect on vfat directories and files.
man 8 mount
I think this answer was a waste of bandwidth.
Perhaps Andries didn't know this -- or perhaps he
tried and the man page didn't make any sense.
In either event it doesn't do a thing for any of us (that didn't know the answer) and is an obvious and public slap in the face.
You could have at least added:
'look for gid= and umask= under options'
Me, I don't know these well enough so let me switch over to another VC, pull up the man page myself, and play with that a bit...
mount -t msdos -ogid=10,umask=007 /dev/hda1 /mnt/cThis command mounts a file system of type msdos (-t) with options (-o) that specify that all files are to be treated as being owned by gid 10 ('wheel' on my system) and that they should be have an effective umask of 007 (allowing members of group 'wheel' to read, write and execute anywhere on the partition. My C: drive is /dev/hda1 and I usually mount it under /mnt/c.
I tried specifying the gid by name -- no go. You have to look up the numeric in the /etc/group file. I tried different ownership and permissions on the underlying directory -- they are ignored.
This set of parameters does seem to work with vfat and umsdos mountings. Using the msdos or vfat at the time means that chmod and chown/chgrp commands dont' work on that fs. Using the -t umsdos allow me to change the ownership and permissions -- and the changes seem to be effective. However there are some oddities in what happens when you umount and remount the drive (the move of the write permission on files seems to stick but the ownership changes are lost and the owner/group r-x bits seem to "come back."
Obviously I haven't done much testing with this sort of thing. I usually don't write to my DOS partitions from in Linux. In fact I haven't see my DOS hard drive partition on this system in months (ever since I started compiling the msdos, vfat, and umsdos filesystems as modules -- so I don't automount them).
I hope that helps.
Personally I wish that the mount command would take some hints from the permissions of the directory that I'm mounting onto. I'm copying you two on this in the hopes that you'll share your thoughts on this idea.
What if the default for mount was to set the gid and umask of an msdos/vfat directory based on the ownership and permissions of the mount point. In other words I set up /mnt/c to look like:
drwxrwx--- 2 root wheel 1024 Aug 5 1996 c(which I have) and mount would look up the gid for wheel and use that and the umask for the mount options.
This strikes me as being a reasonably intuitive behaviour.
If it can't be the default how about an option like:
-o usemountperms... (that particular example seems a little ugly -- but fairly self-explanatory).
-- Jim
Re: Answer Guy - POP3 Email
In reading your answer in LG#14 on "Dealing with e-mail on a pop3 server", I have almost the same challenge. I have an ISP that is providing a 25 user POP3 Virtual Mail Server for 25 users. The problem is that each user must connect with the ISP individually and then to the mail server. I would like to find some method to allow Linux to connect with the Mail Server, individually poll each users account, and then transfer it into a POP3 server on the local network (possibly on the Linux box itself). Any suggestions??
If I understand you correctly you have a LAN at your
place with about 25 users/accounts on it.
You're provider has set up 25 separate POP3 mailboxes.
You'd like to set up your Linux (or other Unix) box to fetch the contents of all of these accounts (perhaps via a cron job) and to have it process your outgoing mail queue.
Then your users would fetch their mail from the Linux box (using their own Linux user agents or perhaps using Pegasus or Eudora under Windows or from Macs.
This is relatively straightforward (especially the POP3 part).
First get a copy of 'fetchmail' (I'm using 2.5 from ftp://sunsite.unc.edu). Build that.
Now, for each user, configure fetchmail using a .fetchmailrc file in their home directory
Each will have a line that looks like:
poll $HOST.YOURISP.COM proto pop3 user $HISACCT password $HISPASSThe parts of the form $ALLCAPS you replace with the name of the pop server, the account holder's name and the account holder's password. (I presume that you, as the admin for this Unix box, are already entrusted with the passwords for these e-mail accounts -- since the admin of any Unix box can read any of the mail flowing through it anyway).
Now set up a script run as root that does something like:
##! do mail psuedo-code pppup (some script that brings up your PPP link) for users in $USERLIST do; [ -e ~$user/.fetchmailrc] && \ su -c $user /usr/local/bin/fetchmail done; /usr/lib/sendmail -q pppdownYou can add a section of code that graps the list of users from your /etc/group file (if you're writing this in perl use the getgrent function (to get group entries) or you can use something like:
awk -F":" '/'$GROUPNAME\
'/ {split($4,users, ",");
for (a in users) {print users[a]}; exit}' /etc/group
To get the list of users in a form suitable for
use in your 'for' loop.
Naturally my psuedo-code is closer to bash' syntax.
This script (the psuedo-code one) will just bring the ppplink up, for each user in the list (perhaps from a group named "popusers") it will check for a .fetchmailrc file in their home directory and run fetchmail for those that have one. It will then call sendmail to process your outgoing queue and bring the ppplink down.
(Note: the su -c ... part of this is not secure and there are probably some exploits that could be perpetrated by anyone with write access to any of those .fetchmailrc's. However it's probably reasonably robust -- and you could set these files to be immutable (chattr +i) and you can write a more secure SUID perl script to actually execute fetchmail. My scripts, pppup and pppdown are SUID perl scripts.
I haven't written this as real code and tested it since I don't have a need of it myself. I recommend that disconnected networks avoid using POP/SMTP for their mail feed. UUCP has been solving the problems of dialup mail delivery for 25 years and doesn't involve some of the overhead and kludges necessary to do SMTP for intermittently connected systems.
I do recommend POP/SMTP within the organization and and it's absolutely necessary for the providers.
Anyway -- fetchmail will then have put each user's mail into his or here local spool file (and processed it through any procmail scripts that they might have set up).
Now each of your users can use any method they prefer (or that you dictate) to access their mail. DOS/Windows and Mac users can use Pegasus or Eudora, Linux or other Unix users can use fetchmail (or any of several other popclient, getpop, etc, other programs) to get the messages delivered to their workstation, or anyone in the organization can use telnet into the mailhost and user elm, pine, the old UCB mail, the RAND MH system or whatever.
All of these clients point their POP and mail clients to your mailhost. Your host then acts as their spool. This is likely to result in fewer calls to your ISP and more efficient mail handling all around.
You may want to ask your ISP -- or look around -- for UUCP providers. On of the big benefits to this is that you gain complete control of mail addressing within your domain. Typical UUCP rates go for about $50/mo for a low volume account and about $100/mo for anything over 100Mb per month. However it's still possible to find bargains.
(Another nice thing about UUCP is that you can choose specific sites, with which you exchange a lot of mail, and configure your mail to be exchanged directly with them -- if they have the technical know-how at their end or are willing to let you do it for them. This can be done via direct dialup or over TCP connections).
uu.net is the Cadillac of UUCP providers (which is a bit pricey for me -- I use a small local provider who gives me a suite of UUCP, PPP, shell, virtual hosting, virtual ftp, and other services -- and is of little interest to you unless you're in the Bay Area).
You can also find information on Yahoo! using a search for "uucp providers" (duh!). I also seem to recall that win.net used to provide reasonable UUCP (and other) services.
Hope this helps. If you need more specific help in writing these scripts you may want to consider paying a consultant. It should be less than three hours work for anyone whose qualified to do it (and not including the configuration of all your local clients).
-- Jim
Pseudo Terminal Device Questions
Hello ?
My name is Jeong Sung Won. May I ask you a question ?
I'll make a program that uses PSEUDO TERMINAL DEVICE.
No need to shout -- I've heard of them. They're
commonly called pty's -- used by 'telnetd', 'expect',
'typescript', and emacs' 'M-x shell' command -- among
others.
But linux has 8 bit MINOR NUMBER, so that total number of
pseudo terminal device DOESN'T OVERCOME 256.
That does seem to be true -- but it is a rather
obscure detail about he kernel's internals.
Linus' work on the 64-bit Alpha port may change this.
Is there any possible way to OVERCOME THIS LIMITS ?
Only two that I can think of. Both would
involve patching the kernel.
You might be able to instantiate multiple major devices -- which implement that same semantics as major device number 4 (the current driver for the virtual consoles and all of the pty's).
I'm frankly not enough of a kernel hacker to tell you how to do this or what sorts of problems it would raise.
The other would involve a major overhaul of the kernel code and all the code that depends on it.
For example,on HP9000, minor number is 24 bit,
and actually I used concurrently 800
pseudo terminal device. And more than 1000 is also possible.
I wonder what it is on RS/6000, DEC OSF/1, and Sun/Solaris.
On Linux, is it impossible to make it, let me know the way I counld tell
LINUS that upgrade minor number scheme from 8-bit to 16-bit or more-bit
is needed.
Linus Torvald's e-mail address has been included with
every copy of the sources ever distributed.
However it is much better to post a message to the comp.os.linux.development.system newsgroup than directly to him (or any of other developer).
As for "telling LINUS [to] upgrade" -- while it would probably be reasonably well recieved as a suggestion -- I'm not sure that "telling" him what to do is appropriate.
It's easy to forget that Linus has done all of his work on the Linux kernel for free. I'm not sure but I imagine that the work he puts in just dealing with all the people involved with Linux is more time consuming and difficult than the actual coding.
As many of the people who are active in the Linux community are aware Linus has been very busy recently. He's accepted a position with a small startup and will be moving to the San Francisco Bay Area (Silicon Valley, actually) -- and he and Tove have just had a baby girl.
I will personally understand if these events keep him from being as active with Linux as he as been for the last few years.
-- Jim
root login Bug in Linux
From: Shevek, ma6ybm@bath.ac.uk
Has anybody else found a root login bug evident on my system.
The root password is an 8 character random series. For going live online I updated the root password to a 16 character random series. I can log in with the 16 character series, but also using the first eight and any random characters after that, or just the first eight. This creates an infinite number of root passwords and worries me more than a little.
About Unix Passwords and Security
This is a documented and well known limitation of conventional Unix login and authentication.
You can overcome this limit if you upgrade to the shadow password suite (replace all authenticating programs with the corresponding shadow equivalents) and enable the MD5 option (as opposed to the traditional DES hash).
Note -- there is probably an "infinite" number of valid passwords to either of these schemes. The password entry on your system is not encrypted. That is a common misconception. What is stored on your system is a "hash" (a complex sort of checksum).
Specifically the traditional Unix DES hash uses your password as the key to encrypt a string of nulls. DES is a one-way algorithm -- so there is no known *efficient* way to reclaim the key even if one has copies of the plaintext and the ciphertext.
'Crack' and it's brethren find passwords by trying dictionaries of words and common word variations (reverse, replace certain letters with visually similar numerics, various abbreviations, prepending/appending one or two digits, etc) -- and using the crypt() function (or an equivalent) on a string of nul's to find matches. This isn't particularly "efficient" -- but it is several orders of magnitude better than an exhaustive brute force attack.
The only two defenses against 'Crack' are:
It is possible that two different passwords (keys) will result in the same hashed value (I don't know if there are any examples with DES 56 bit within the domain of all ASCII sequence up to eight characters -- but it is possible).
Using MD5 allows you to have passwords as long as you like. Again -- it is possible (quite likely, in fact) that a number of different inputs will hash to the same value. Probably you would be looking at strings of incomprehensible ASCII that were several thousand bytes long before you found any collisions.
Considering that the best supercomputers and parallel computer clusters that are even suspected to exist take days or weeks to exhaustively brute force a single DES hash (with a max of only 8 characters and only a 56-bit key) -- it is unlikely that anyone will manage to find one of the "other" valid keys for any well chosen password without expending far more energy and computing time than most of our systems are worth. (Even in these days of cheap PC's -- computer time is a commodity with a pricetag).
There other ways to get long password support on your system. However the only reasonable one is to use the shadow suite compiled with the MD5 option. This is the way that FreeBSD (and it's derivatives) are installed by default -- so the code and systems have been reasonably well tested.
In fact -- if security and robustness are more important to you than other features you may want to consider FreeBSD or (or NetBSD, or OpenBSD) as an alternative. These are freely distributed Unix implementations which have been around as long as Linux. Obviously they have a much smaller user base. However each has a tightly knit group of developers and a devoted following which provides or an extremely robust and well-tested system.
As much as I like Linux -- I often recommend FreeBSD for dedicated web and ftp servers. Linux is better suited to the desktop and to use with exotic hardware -- or in situations where the machine needs to interact with Netware, NT and other types of systems. [Oh, Oh! Here come the fireballs!]
FreeBSD has a much more conservative set of features (no gpm support for one example -- IP packet filtering is a separate package in FreeBSD while it's built into the Linux kernel).
Another consideration is the local expertise. Linux and FreeBSD are both extremely similar in most respects (as they both are to most other Unix implementations). In some ways they are more similar to one another than either is to any non-PC Unix. However the little administrative difference might very well drive your sysadmin crazy. Particularly if he has a bunch of Linux machines and is used to them -- and you specify one or two FreeBSD systems for your "DMZ" (Internet exposed LAN segment).
Back to your original question:
You said that you are using a "random" string of characters for your password. In terms of cryptography and security you should be quite careful of that word: "random"
Several cryptographically strong systems have been compromised over the years by attacking the randomizer that were used to generate keys. A perfect example of this is the hack of SSL by a student in France (which was published last spring). He cracked a Netscape challenge and got a prize from them for the work (and Netscape implemented a better random seed generation algorithm).
In the context of creating "strong" passwords (ones that won't be tested by the best crack dictionaries out there) you don't need to go completely overboard. However -- if a specific attacker knows a little bit about how you generate your random keys -- he or she can generate a special dictionary tailored for that method.
Kernel linux 2.0.20
System P90, 8Mb, IDE, SCSI (not working fully), cd, sound, etc.
root hda2, about 20 user entries in passwd.
Next bug: Two users with consecutive login entries. Both simply information logins, never to be logged in to, just for fingering to for status information. If you finger the second, OK. But if you finger the first, it fingers both. UID numbers 25 and 26. If I comment 26, but have a third login on UID 27 then it is OK. I have tried unassigning the groups and reassigning them. They both have real home directories, shell is dev/null, and are in a group called 'private' on their own. There are no groups by the same name as the login.
This sounds very odd. I would want to look at the
exact passwd entries (less the password hashes) and to
know alot about the specific implementation of 'finger'
that you were using (is it the GNU cfingerd?).
I would suggest that you look at the GNU cfingerd. I think it's possible to configure it to do respond to "virtual" finger requests (i.e. you can configure cfingerd to respond to specific finger requests by return specific files and program outputs without having any such accounts on your system). This is probably safer and easier than having a couple of non-user psuedo accounts and using the traditional finger daemon. (In additional the older fingerd is notoriously insecure and overflows of it was one of the exploits used by the "Morris Internet Worm" almost a decade ago).
Given the concerns I would seriously consider running a finger daemon in a chroot'd jail. Personally I disable this and most other services in the /etc/inetd.conf when ever I set up a new system.
When I perform RASA (risk assessment and security auditing) /etc/inetd.conf is the second file I look at (after looking for a /etc/README file -- which no one but me ever keeps; and inspecting the /etc/passwd file).
-- Jim
Sendmail-8.8.4 and Linux
From: Brent Austin, baustin@iAmerica.net
After setting up fetchmail and the PPP link to my ISP, everything has worked perfectly retrieving mail from the POP3 account.
Now, I've stumbled on another problem I require some help with. Compiling and Installing Sendmail-8.8.4 (or 8.8.5). I downloaded the 8.8.4 source from sunsite and set it up in the /usr/src directory and using the O'Reilly "Sendmail" book as my guide, I modified the Makefile.Linux for no DNS support by setting ENVDEF = -DNAMED_BIND=0. And removing Berkeley DB support (removing -DNEWDB). After compiling and executing ./sendmail -d0.1 -bt < /dev/null in the obj dir, I receive the following:
Version 8.8.4 Compiled with: LOG MATCHGECOS MIME7TO8 MIME8TO7 NDBM NETINET NETUNIX QUEUE SCANF SMTP XDEBUGand the program hangs at this point. I am running Linux.2.0.29 on a 486DX40 with 8 megs. My gcc is version 2.7.0.
Any hints you could provide are greatly appreciated!,
I fetched a copy of 8.8.5 and used the .../src/makesendmail
script -- and only encountered the problems with NEWDB
Removing that seemed to work just fine.
I noticed you said -- .../src/obj -- did you mean something like: .../src/obj/obj.Linux.2.0.27.i386/
If you properly used the makesendmail script then the resulting .o and binaries should have landed in a directory such as that.
Other than that I don't know.
I don't disable the DNS stuff -- despite the fact that my sendmail almost all done via uucp.
As for using this with fetchmail -- I have my sendmail configured in /etc/inetd.conf like so:
# do not uncomment smtp unless you *really* know what you are doing. # smtp is handled by the sendmail daemon now, not smtpd. It does NOT # run from here, it is started at boot time from /etc/rc.d/rc#.d. ## jtd: But I *really do* know what I'm doing. ## jtd: I want fetchmail to handle mail transparently and I ## jtd want tcpd to enforce the local only restriction smtp stream tcp nowait root /usr/sbin/tcpd /usr/local\ /sbin/sendmail -bs(note -- the line back is for this mail only -- remove it before attempting to use this line. Also note the -bs "be an smtp handler on stdin/stdout")
This arrangement allows me to fetchmail, lets fetchmail transparently talk to sendmail, and keeps the rest of the world from testing their latest remote sendmail exploit on me while my ppp link is up (I wouldn't recommend this for high volume mail server!).
Naturally I also have a cron job like this:
## Call sendmail -q every half hour 00,30 * * * * root /usr/lib/sendmail -q(which processes any mail that elm, pine, mh-e or any other mailers have left in the local queue -- awaiting their trip through uucp's rmail out to the rest of the world).
If you continue to have trouble compiling sendmail then you may want to just rely on the RPM updates. Compiling it can be tricky, so I avoid doing it unless I see a bugtraq or CERT advisory with the phrase "remotely exploitable" in it.
Re: O'Reilly's "bat" book. Do you have the 2nd Edition? If not -- get it (and ask them about their "upgrade" pricing/discount if that's still available)
-- Jim
wu-ftpd Problems
From: Ed Stone, estone@synernet.com
On BSDI, I've read ALL of the doc for wu-ftpd, and have ftp logins limited to the chroot dir, but still have these problems: 1) I cannot force ftp only. The guestgroup "guests" can telnet, and go everywhere. I've put /bin/true in /etc/shells; I've edited passwd and master.passwd for that; no effect
Usually I set their passwd to /bin/false or /usr/bin/passwd.
I make sure that I use the path filter alias to prevent
uploads of .rhosts and .forward files into their
home directory under the chroot and I put entries like:
/home/.ftp/./home/fred... for their home directory field in the (true-root)/etc/passwd file.
Also make sure that you have the -a switch on the ftpd (or in.ftpd) line in your inetd.conf. The -a tells ftpd to use the /etc/ftpaccess file (or /usr/local/etc/ftpaccess -- depending on how you compiled it).
Personally I also configure each "ftponly" account into the sendmail aliases file -- to insure that mail gets properly bounced. I either set it to the user's "real" e-mail address (anywhere *off* of that machine) or I set it to point at nobody's procmail script (which autoresponds to it).
2) "guests" ftp to the proper directory, but get no listing. I have set
up executable of ls in the ftp chroot dir in /bin there; no effect.
How do you know that they are in the proper directory?
What happens if you use a chroot (8) command to go to
that dir and try it? Is this 'ls' statically linked?
Do you have a /dev/zero set up under your (chroot)/?
Most common cause of this situation is a incomplete (chroot) environment -- usually missing libraries or missing device nodes.
-- Jim
Welcome to installment 2 of Clueless at the Prompt: a new column for new linux users. On advice from several respondents, I'm going to start using a new format for specifying commands:
Typing them on a separate line
separated from the text by a space
Hopefully, this will minimize any confusion by even the very inexperienced user as to what should be typed at the prompt.
Last time we explored some of the differences and similarities between linux and DOS/Windows, and I'm going to continue this time with some stuff you already know, but perhaps aren't fully aware of.
One respondent seemed to take exception to my DOS-linux comparison, reminding me of the features that make linux and unices(unix like systems) more powerful than DOS.
Fair enough, this is a new users column and I would like to make sure that I'm not assuming that everyone who reads this column can read my mind. Besides, if I endure the slings and arrows of outrageous gurus I can hopefully expand my knowledge base, which I can then use for future columns.
Still, the paradigm of SUPERDOS holds some water.It is, after all a command line operating system which supports a windowing system, which has all the capabilities of MS Windows plus a few features that make Windowslook pale.
When you installed linux from whatever distribution,most of the packages installed came as pre-compiled binaries that were for the most part usable as is. However, if you found any applications that didn't come with the distribution they'll probably need to be unpacked and installed or compiled or both.
You could use a utility like installpkg, pkgtool, or dopkg but unless the package is from the distribution, the utility will likely install it to the / (base ) directory, which is probably less than optimal.
Instead, use the midnight commander, which is a Norton Commander clone, to view the contents of the package. To do this find the file,( I don't have a CD-ROM so I'm not sure of the procedure there )locate the file, probably with .tgz or .tar.gz extension, and highlight the file, then hit enter. you will see the contents of the archive. Read the files called for instance, INSTALL, README, Readme.whatever, or any file whose name suggests that it has necessary information, for a clue as to where best to unpack it. For instance, X apps probably should be unpacked in the /usr/X11R6 directory. To unpack the archive:
cd /thechosendirectory
then:
tar -zxvf /wherethearchiveis/file
you will see a list of files as they unpack. When this process is done, you will be returned to your shell prompt. If you get any error messages they should be pretty self explanatory, for instance a message saying file not found means you didn't name the file correctly in the tar command, unexpected EOF means the file was very likely corrupted or download was incomplete, try to get the file one more time.
At your shell prompt type:
ls
to see a list of files and directories that were untarred. then:
less /anyfilenamelike INSTALL,README,Readme.*(*= unx, elf, lnx, etc)
It wouldn't hurt to check any license, or Copying files for info on propers to the authors. It also might be a good idea to print out the files if they are long or contain a lot of special instructions so you can read and reread them to minimize the possibility that you will have to recompile or reinstall. If you aren't familiar with linux printing you can just:
cat /filename>/dev/lp0 (or lp1, or wherever your printer is located)
If you are in the directory that the file is in, you can skip the frontslash on the filename. If the files include a precompiled binary, you're done except to install if the documentation suggests a location other than where you unpacked and reboot or run ldconfig.
If you want to examine the contents of subdirectories of your current directory type:
cd subdirectory (leave off the / )
then,
ls
or,
ls subdirectory
If you cd to a subdirectory, you can return to the top level directory by typing:
cd -
If you have chosen a source file distribution of the software, then you will need to read the file INSTALL very carefully to find what needs to be done. Typically you might run
./configure
then edit the Makefile with a text editor as described in the INSTALL or README files, then run:
make
sometimes followed by an option like linux, unx, linux-elf as instructed in INSTALL.When it is done compiling, the time will vary according to the program, type:
make install
sometimes followed by an option as above.
The above is only a general guide to steps usually needed to install software in linux, more detailed instructions will come with the archive. READ THEM CAREFULLY!or print out the files.
Back to the DOS-Linux comparisons. In DOS there is a method of concatenating several files together under a batch file, which could be run to execute a string of commands. Linux also has this capability but it is called scripting, basically if you ever used MSEdit to create a batch file, you've done it before, except that you must change permissions to make it executable. Type:
chmod u+x filename
To make sure you have executable permission,type
ls in the directory the file is located, usually ~ , or /home/whoever you
a