From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Fri, 9 Sep 94 09:13:43 EDT Subject: Linux-Admin Digest #41 Linux-Admin Digest #41, Volume #2 Fri, 9 Sep 94 09:13:43 EDT Contents: Script to limit access to a program (Dimitris Kontoudis) Re: What is login.secure from shadow-mk package? (Zygo Blaxell) Re: please help me with e2fsck!!!!!! (Bill Hay) Re: updated kernel ? (Dirk Schmidt) Re: Help using rcp on Linux (Maciej Otreba) Re: Whats the best _CHEAP_ ISA video card for Linux/Xfree? (Maciej Otreba) DOMM 4 Linux /X is OUT !!! (Sebastian W. Bunka) Re: Minicom question (Shawn Hsiao) Help: ftape13b with kernel 1.1.49 (Andreas Weigand) RFH: ping only works for root (Dave Spring) Re: Mysterious serial port. (Michael Talbot-Wilson) Re: How to kill the unkillable ? (Rob Janssen) Re: PPP and SLIP devices (Alan Cox) Re: linux & ISDN (Alan Cox) Re: UID 0 Passwd blues (Michael Faurot) ---------------------------------------------------------------------------- From: kontoudi@aphrodite.uoregon.edu (Dimitris Kontoudis) Subject: Script to limit access to a program Date: 7 Sep 1994 09:19:30 GMT Hi all, I am looking for a script (maybe executable program) that will allow me to restrict access to a programm for a specific user and for a limited time per day. That is, I want to be able to detect if my user ``X'' has executed the programm ``Y'' today, for how much time and, hence, allow him (or not) to executed it again until an upper time limit has been reached. If anyone has got any such script or programm (or a pointer to something relevant) and can share it with me, I will really appreciate. Thanks in advance for any help you might give me, Dimitris. PS. PLEASE REPLY TO: kontoudi@ics.forth.gr ------------------------------ From: zblaxell@miranda.uwaterloo.ca (Zygo Blaxell) Subject: Re: What is login.secure from shadow-mk package? Date: Thu, 8 Sep 1994 04:52:28 GMT In article , Joe Zbiciak wrote: >I will post the source to the /bin/login replacement that I wrote, and trust >on my own system. I did not realize that the net would grow so suspicious. >I should have known better. :-) After all, it could be snake oil, for I'm not at all concerned about the lack of sources for a binary. Unlike a lot of participants in this thread (and the sister thread on comp.unix.security), I don't give a hoot if you supply a binary without sources. The first things I do when I download a new package for Linux are: 1. 'make clean' or 'rm -f *.o'. 2. Read the installation docs 3. Edit the makefile (or equivalent) to ensure that the 'install' target is correct, and that all the installation paths are correct. This includes ownership/permission changes. I deliberately install software using nonstandard paths and a non-root userid to prevent random modification of major system components. 4. Delete any targets generated by the makefile. Pick off any other non-script executables by hand. 5. Attempt to build from sources. By step 5, I wouldn't have had a 'login.secure' file to install. This is a feature, and my package installation routine is designed to encourage it. It sounds like a lot of work or draconian measures, but the time spent properly configuring binaries really pays for itself. With _very_ few exceptions (Mosaic and libc), I simply don't run it on my system if I didn't compile it from source. So...in your case, it simply wouldn't have worked, and I would (and did) just fix the bugs in an older version. ------------------------------ Crossposted-To: comp.os.linux.help From: wish@dumain.demon.co.uk (Bill Hay) Subject: Re: please help me with e2fsck!!!!!! Date: Wed, 7 Sep 1994 09:54:38 +0000 holzleitner@indmath.uni-linz.ac.at wrote: > During the reboot the system comes up with the message > "filesystem clean, but when I run "e2fsck" after the reboot > there are the same errors again there!!!! > So it will destroy my filesystem peace by peace every time the > system hangs because I cannot repair the errors permanently. > My last system was so destroied that it refused > "root"-login!!!!!!!! So I got the newest version of Linux over the net, > reinstalled my system and now I have the same shit again. > So I hope that I made a mistake and you can tell me which, Yup: don't run e2fsck after the reboot. You should never run e2fsck on a file system mounted read-write. If you want to check the root fs boot off a floppy with its own fs and run e2fs from there. -- Bill Hay ------------------------------ From: dschmidt@hrz-serv7.hrz.uni-kassel.de (Dirk Schmidt) Subject: Re: updated kernel ? Date: 9 Sep 1994 06:42:57 GMT In article , clint@netcom.com (Clinton Carr) writes: |> I am running the kernel that came with slackware 2.0 and I am having |> a problem implementing SLIP. Some replies from my help posting have |> indicated I need to upgrade the kernel and dip. The question is where |> do I find the complete kernel and how do I know what version it is? |> Also, should I worry about the network modules being compatible? |> You will find the kernel-patches at: ftp//sunsite.unc.edu in /pub/Linux/kernel/v1.1 The kernel-source I used to start with the patch was version 1.1.8. I got the source from discseries D, included in slackware 2.0 and upgrade him by install discseries Q To get the actual version of the sourcecode inspect to the Makefile in the sourcedirectory (/usr/src/Linux) Don't forgett to make a copy of your current kernel, maybe you need this copy to restore him if anything is going wrong. ------------------------------ From: motreba@lnx1 (Maciej Otreba) Subject: Re: Help using rcp on Linux Date: 9 Sep 1994 07:04:00 GMT Dan Wilder (danw@connected.com) wrote: : franck@stdin.gatelink.fr.net (Franck Maestre) writes: : >I have installed TCP/IP on my 2 Linux systems with classical NE2000 : >compatible cards. No problem with , the installation (SLACKWARE , kernel : > > 1.00) , the cards are reconized at boot time.... : >The rlogin stuff is working correctly but I can't have a direct login on : >a host without typing the passwd. I have tried to configure all the setup : >files (.netrc /etc/hosts .rhosts etc ...) but nothing. : >The same thing happend with rcp where are always have the message : >"Permission denied"... : >Don't tell me I made a configuration mistake, it is working at the first : >time on a SCO UNIX PC(System V) . : You have made a configuration mistake. : Your linux system needs an entry in /etc/hosts.equiv on the system : you are logging into. Check out permissions of Your $HOME/.rhosts file. It should be set to 600. I experienced it on my own. Maciej -- ___________________________________________________ | / | | Maciej Otreba / E-MAIL: | |------------------------/--------------------------| | 87-116 Torun, POLAND / | | Dzialowskiego 4/4 / motreba@boa.uni.torun.pl | | phone +48-56-485645 / | |____________________/______________________________| ------------------------------ From: motreba@lnx1 (Maciej Otreba) Crossposted-To: comp.os.linux.misc Subject: Re: Whats the best _CHEAP_ ISA video card for Linux/Xfree? Date: 9 Sep 1994 08:05:01 GMT Dirk Eddelbuettel (eddelbud@qed.uucp) wrote: : Very well that the ATI Mach32/Ultra/Ultra Pro are advocated for, but could : someone give me hints for the best performance/price ratios ? : My system is a 486DX-33, 16MB, ISA bus, 1024x768 interlaced 14'' SVGA : monitor so I am looking for an accelerated card that gives me 800x600 and : 1024x768 (but not more, no 2 MB cards needed) and that will be faster than : the 512 kB Oak Oti67 it will replace (this one sucks: TOTAL 3012.000000 : xStones reported by xbench). : I am looking for something like : Orchid Fahrenheit 140 USD : STB Powergraph 125 USD : STB Horizon 95 USD : cards with Cirrus Logic 5428 chips price ? : : Comments, recommendations, flames, welcome under Ok. I could recommend Cirrus Logic chip-based cards. They have great performance/cost ratio, they are cheap (ca 79$) here in Poland. And I'm sure they are supported by Linux (now I'm working on 486 equipped with VLB Cirrus Logic 5428). Maciej -- ___________________________________________________ | / | | Maciej Otreba / E-MAIL: | |------------------------/--------------------------| | 87-116 Torun, POLAND / | | Dzialowskiego 4/4 / motreba@boa.uni.torun.pl | | phone +48-56-485645 / | |____________________/______________________________| ------------------------------ From: seb@i102pc1.vu-wien.ac.at (Sebastian W. Bunka) Subject: DOMM 4 Linux /X is OUT !!! Date: 9 Sep 1994 10:29:47 GMT Reply-To: Sebastian.Bunka@vu-wien.ac.at GEE !!!! I just fingered help@idsoftware.com X-DOOM for Linux is OUT !!!!!!!!! check sunsite.unc.edu:/pub/Linux/Incoming/linxdoom.tgz and doom1.wad However, I couldn't try it now, 'cause DOOM for Linux-X requires a 256 color server (and in my lab I've only the 16 color server running ) I can't wait 'til the work is over and I can go home (but I think my wife won't be so happy tonight...) Cheers, Sebastian -- email: [ Sebastian.Bunka@vu-wien.ac.at ] voice: FAX: +43-1-71155260 +43-1-7149110 Location: earth, europe, austria, vienna Inst. of Bacteriology Vet.Univ. ------------------------------ From: shawn@shawn.home.net (Shawn Hsiao) Subject: Re: Minicom question Date: 7 Sep 1994 22:01:33 GMT Brian Curti Harvell (kiko@chopin.udel.edu) wrote: : Hi I have a quick question about minicom. I have Slackware 2.0 dist and when : trying to use minicom as non root it says that I don't have access to the : config file. Now the man page says you can have a file minicom.users with : who is allowed to use it but I can't seem to get it right or not in the : right place. Could someone help me. I don't know which version of minicom Slackware 2.0 comes with. But in Slackware 1.{1,2}, minicom 1.5B, the file minicom.users is in /etc. BTW, I build the minicom 1.6 myself and with the minicom.users in /usr/lib/minicom. -- // Shawn E-mail: shawn@skydome.hinet.net ------------------------------ From: usera@wema10.elektro.uni-wuppertal.de (Andreas Weigand) Subject: Help: ftape13b with kernel 1.1.49 Date: 9 Sep 1994 08:19:05 GMT Hello all ! Can someone help me ? I want to use my Colorado streamer DJ-10 with controller card FC-10 on my Linux system ! I get the patched ftape-driver from sunsite and compiled it successfully. The modules were compiled same and I'am using kernel version 1.1.49. Now when I give the command "mt -f /dev/ftape reten " the tape go's from the beginning to the end and return. That is it what the tape should do, but when I want to read from the tape with: mt -f /dev/ftape erase or mt -f /dev/ftape status the tape moves and I get the message: I/O error ! Can someone help me about this problem ? You can reach me via Internet at the adress: usera@wema10.elektro.uni-wuppertal.de or you can post an articel at this place ! Thank you ! Andreas Weigand ---- usera@wema10.elektro.uni-wuppertal.de ------------------------------ From: das@oasis.icl.co.uk (Dave Spring) Subject: RFH: ping only works for root Date: Thu, 8 Sep 1994 19:00:02 GMT I'm sure it's my own fault but.... I'm running 1.1.18 from slackware 2.0 and tried to tighten up the permissions on the executables (I've got lots of novice users on my news server). Somehow, I've managed to stop everyone except root from doing ping, and rlogin. The error is 'socket: Operation not permitted' . I've checked permissions on the executables (I'd expect a different error anyway) and all the shared libraries I can find. What's I find just as strange is that telnet and ftp work ok. Does anyone have any clues or suggestions ? Dave-shamefacedly-purplexed-Spring -- das@oasis.icl.co.uk ------------------------------ From: mike@gumleaf.apana.org.au (Michael Talbot-Wilson) Subject: Re: Mysterious serial port. Date: Mon, 5 Sep 1994 12:49:20 GMT Justin Scott (jhs@dfw.net) wrote: : Park Medical Systems (parkmed@CAM.ORG) wrote: : : Hi everyone. I have a linux box running v1.0.8 on a 386DX33. When I : : boot the machine the boot up messages say that there are two serial : : ports. I have no problem using /dev/ttyS0. The problem I am having is : : with /dev/ttyS1. Everytime I try to do anything with the second port : : (kermit, seyon, setserial) I get a message saying that the device is busy : : and I'm put back to the prompt. : : Has any one else seen this problem. I've looked through all the /etc/rc* : : files, I can't see anything that uses this port. : : I would like to solve this problem so that I can hook up a second modem : : to this machine. The first port (/dev/ttyS0) is working fine with a : : cardinal modem being used for a full time slip connection. : You don't have your second serial port set up as a serial mouse : connection do you? (link from /dev/mouse to /dev/ttyS1 ? ) I don't : think the link would do it in itself, but if you had selection running or : something like that, it could interfere... I have had the same problem for a couple of days (since I put in an ethernet card). Tomorrow I will be booting MSDOS from a floppy to confirm that its version of kermit still works. -- Michael Talbot-Wilson ------------------------------ From: rob@pe1chl.ampr.org (Rob Janssen) Subject: Re: How to kill the unkillable ? Reply-To: pe1chl@rabo.nl Date: Fri, 9 Sep 1994 08:37:32 GMT In <1994Sep8.214256.376@light-house.uucp> las@light-house.uucp writes: >Christopher Cason (cjcason@yarrow.wt.uwa.edu.au) wrote: >: Occasionally, I have a program that I absolutely _cannot_ kill, short of >: a shutdown. These seem to occur at times when the program is attempting >: to access a part of a disk that has been corrupted (I have had filesystem >: problems from time to time.) >: _every_ signal has been tried. but it just refuses to die ! can anyone shed >: any light on how to get rid of processes in this state ! > You might be able to kill off zombies by killing their > parent process (i.e. the login shell, or init). He is not talking about zombies, but about processes hanging in D status... Rob -- ========================================================================= | Rob Janssen | AMPRnet: rob@pe1chl.ampr.org | | e-mail: pe1chl@rabo.nl | AX.25 BBS: PE1CHL@PI8UTR.#UTR.NLD.EU | ========================================================================= ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: PPP and SLIP devices Date: Fri, 9 Sep 1994 10:43:18 GMT In article <34obq2$ass@vixen.cso.uiuc.edu> thuffman@ux4.cso.uiuc.edu (huffman thomas w) writes: >i've got a simple beginners question i couldn't find in the documentation. >do i have to create the devices sl0 and ppp0, or does dip or pppd take >care of this? They are just names to the network not physical /dev/xxx entries. Nothing need sdoing. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: linux & ISDN Date: Fri, 9 Sep 1994 10:51:05 GMT In article <34fa6s$3p1@henri.mindspring.com> sjledet@netcom.netcom.com (Sterling Ledet) writes: >My question is, is there one of these :cards that you plug into your >computer" that works with linux (such as the IBM WaveRunner). I realize The waverunner definitely won't work with Linux. Its emulation of the UART and stuff is done in software. It appeared that programming the Waverunner yourself would eventually get documented but not yet. [ie manpower, production time and stuff not we won't tell anyone] >I can purchase an external standalone ISDN router but I believe Cisco >wants around $2200 for theirs. What's the cheapest way to get ISDN on >linux? Probably an external box from someone like Cisco, Hayes or Gandalf. In the UK you can use the Sonix Volante as a 56Kbit async link but not for sync stuff (its got a genuine 16550A for pc compatibility stuff). I'm currently (still) trying to get something sorted out about writing a Linux driver for this. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: mfaurot@phzzzt.atww.org (Michael Faurot) Subject: Re: UID 0 Passwd blues Date: Fri, 9 Sep 1994 10:36:10 GMT Rick (pclink@qus102.qld.npb.telecom.com.au) wrote: : Recommended where? Take it from me - the fewer people who have access : to root privs, the better. I would go as far as to say that you should : NOT use a root account to do ANYTHING unless it is ABSOLUTELY essential : that it be done by the superuser. If your users need high privs to do : system maintenance work, use su or sudo. It is necessary, in a production type environment for more than one person to have root access. You can't just give it to one person and then sit on your hands if that person is out sick or suddenly decides to be a lounge singer and on a whim moves to Vegas. :-) Of course you should limit the number of people with root to as few as possible. At my organization we like to limit it to about three people. : The bottom line is that UID means User Ident - meaning that it : identifies a user. If you assign multiple interactive logins to a : single UID, then confusion will reign. I agree with your principles here, but I believe the original problem was that when having multiple entries in /etc/passwd with UID 0, it was not possible to change the passwd for just one. It is a common practice on the SVR4 machines I've seen to have multiple entries tied to UID 0. For example the "sysadm" login. In this scenario it requires UID 0, but doesn't go to a regular shell. Suppose you didn't want anyone to be able to login into this account at all, so you lock out the password for this, and only allow using sysadm by someone logged in as root. Now root goes to change the passwd, but instead of it changing the password for just root, it changes it for sysadm too? This is NOT good. You've now just re-opened the sysadm account, that you'd previously closed by locking out the passwd. Granted the above example is a little "apples and organges" because Linux doesn't have a "sysadm" account like SVR4 machines. The point is the same though. There's a bug in the way passwords get updated when more than one login has the same UID. Let's get that fixed. -- +--------------------+----------------------------+--------------------------+ | Michael Faurot | mfaurot@phzzzt.atww.org | I don't like | | ------- ------ | ...!netcomsv!phzzzt!mfaurot| lima beans!! | +--------------------+--------------------+-------+--------------------------+ ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************