From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Fri, 9 Sep 94 23:13:24 EDT Subject: Linux-Admin Digest #44 Linux-Admin Digest #44, Volume #2 Fri, 9 Sep 94 23:13:24 EDT Contents: Re: UID 0 Passwd blues (Andrew R. Tefft) ip forwarding/gatewaying with kernel 1.1.18 problems (GJGM) Re: PCI+Pentium+Linux+X? (Pete Deuel) Re: DOMM 4 Linux /X is OUT !!! (Christopher Wiles) Re: Minicom question (Mark A. Horton KA4YBR) Re: Q: NFS, Linux -> Macintosh (Mark Johnson) Re: DOMM 4 Linux /X is OUT !!! (Mike Loseke) Re: What would be faster Dx-50 or DX2-66? (Ian McCloghrie) Re: WARNING about shadow-mk package (Joe Zbiciak) Wangtech 5099 Tape drive with pc36 card Anybody use one of these? (Don Reynolds) Please Help :Printing with a HP Deskjet 520 (Rick Crow) Setserial FREEZES under LILO only!!!!! (Lawrence Houston) X doesn't work anymore !? (Laurent Chemla) Sorry! Addition to Wangtech posting.. (Don Reynolds) Re: Q: Logging outgoing INET services (David Werner) Serial Link w/ 2 Linux Hosts (Andrew Anderson) ---------------------------------------------------------------------------- From: teffta@erie.ge.com (Andrew R. Tefft) Subject: Re: UID 0 Passwd blues Reply-To: teffta@erie.ge.com Date: Thu, 8 Sep 1994 17:20:42 GMT In article 8q8@qus102.qld.npb.telecom.com.au, pclink@qus102.qld.npb.telecom.com.au (Rick) writes: >teffta@erie.ge.com (Andrew R. Tefft) writes: > >>In article o5d@harbinger.cc.monash.edu.au, kevinl@bruce.cs.monash.edu.au (Kevin Lentin) writes: >>> >>>Having multiple accounts with the same uid and different names are bound to >>>cause trouble. Some programs may use other methods besides getuid() to >>>figure out who you are. $LOGNAME. getlogin(), who knows what they might >>>return. > >>But it is common practice and indeed recommended quite often. It >>seems to me that the software is indeed broken. > >Recommended where? Take it from me - the fewer people who have access >to root privs, the better. I would go as far as to say that you should Recommended in books, on the net, etc. What is recommended is NOT giving multiple people root access; what is recommended IS the idea of separate UID 0 accounts IF you have already decided that you DO want multiple people to have root access. I agree that the fewer people with root access, the better. However people are free to run their systems as they wish. --- Andy Tefft - new, expanded .sig - teffta@erie.ge.com ------------------------------ Crossposted-To: comp.os.linux.help From: gmatche1@sol.UVic.CA (GJGM) Subject: ip forwarding/gatewaying with kernel 1.1.18 problems Date: 8 Sep 94 18:00:14 GMT I seem to have a problem with kernel 1.1.18 (actually any kernel from 1.1.13 onward ). I have two machines , call them A and B. Machine A runs a ppp link to a netblazer providing an internet connection. This machine also runs named for our local net. The other machine , B , is connected via ethernet to nmachine A. With kernel 1.0.8 ther was no problem getting to machine B from outside our domain. Machine B could also send packets outside our domain as well. When I compiled 1.1.18 for machine A , I enabled IP forwarding. After installing this kernel , I cant ping machine B from outside the local domain. Machine B also cant ping machines other than machine A. The /var/adm/messages on machine A indicate that when a ping from a machine outside our domain , to machine B occurs , it claims we have forwarding disabled and I assume the packets go to /dev/null. I can ping machine A from outside the domain no problem. Why are the packets not being forwarded even when I have enabled forwarding ? Is this fixed in a later patch ? Thanks in advance. ------------------------------ From: deuelpm@craft.camp.clarkson.edu (Pete Deuel) Crossposted-To: comp.os.linux.development,comp.os.linux.help,comp.os.linux.misc Subject: Re: PCI+Pentium+Linux+X? Date: Fri, 9 Sep 1994 01:16:21 GMT In article <34khnj$4f@apakabar.cc.columbia.edu> djt1@ciao.cc.columbia.edu (David J Topper) writes: >From: djt1@ciao.cc.columbia.edu (David J Topper) >Subject: PCI+Pentium+Linux+X? >Date: 7 Sep 1994 14:12:03 GMT >Subject: Pentium PCI + Linux X Motiff >I could really use some help on the following: >1) Does Linux support the Pentium? Yup, ours is a Gateway P5-90 (a Gateway better than usual) (PCI HOWTO) >2) Does Linux support 32 | 64 bit Video (PCI)? The gateway came with an ATI Mach 64; there's an experimental driver, which is working great for us! 1024 x 768--woks spectacularly (PCI HOWTO, X Free 86 HOWTO) >3) Would an SCSI HD make life better? Drive access speed will be much better (faster). SCSI may also make it easier for you to add a CD ROM and such (SCSI HOWTO, Installation HOWTO, I think) >4) How does one get Linux + a GUI (X Windows / Motiff) + a C++ compiler> and other utils? See Distribution HOWTO--Yggdrasil sells OSF Motif WM for Linux, however I've been less than satidsfied with their non-standard file structure. I also like Trans-Ameritech--if I had to do it again, I'd get the TA dist. and then by Motif from Yggdrasil. >5) Are there any major brand hardware peices I need to watch out for? Read the HOWTOs to get a sense of it (theres even a Hardware HOWTO) >6) Or, is there a list (are there lists) of Linux / Xfree86 / C++ > compatibility and availability w/respect to Pentium / PCI Video. Yup. See The HOWTOs. They are at sunsite.unc.edu /pub/Linux/docs/HOWTO Basically, here's the lowdown--> read the HOWTOs + a little extra commentary. Good Luck, Linuxer! Pete =================================================== "Actually, I'm a lab mouse on stilts..." E-mail: deuelpm@craft.camp.clarkson.edu =================================================== ------------------------------ From: a0017097@wsuaix.csc.wsu.edu (Christopher Wiles) Subject: Re: DOMM 4 Linux /X is OUT !!! Date: Fri, 9 Sep 1994 21:36:25 GMT mike@bob.sc.colostate.edu (Mike Loseke) writes: : I tried it out earlier this morning on my work box which has : 8meg RAM (486/66) and it ran pretty smoothly in the tiny : window. My Xserver is still a little goofy so the larger windows : looked a bit off. Other than that, it's great! Hold a mo ... Pixel doubling/tripling/etc is producing odd effects on my system, also .. and my server is configured right. Anyone else with this problem? -- Chris a0017097@wsuaix.csc.wsu.edu wileyc@halcyon.com wileyc@quark.chs.wa.com "... but I want to use all eight comm ports SIMULTANEOUSLY!" PGP 2.6 public key available by finger for the clinically paranoid. ------------------------------ From: mah@ka4ybr.com (Mark A. Horton KA4YBR) Subject: Re: Minicom question Date: Fri, 9 Sep 1994 00:02:50 GMT Brian Curti Harvell (kiko@chopin.udel.edu) wrote: : Hi I have a quick question about minicom. I have Slackware 2.0 dist and when : trying to use minicom as non root it says that I don't have access to the : config file. Now the man page says you can have a file minicom.users with : who is allowed to use it but I can't seem to get it right or not in the : right place. Could someone help me. : Brian From the man page: SECURITY ISSUES Since Minicom runs setuid root, you probably want to restrict access to it. This is possible by using a config- uration file in the same directory as the default files, called "minicom.users". The syntax of this file is as fol- lowing: [configuration...] To allow user 'miquels' to use the default configuration, enter the following line into "minicom.users": miquels dfl If you want users to be able to use more than the default configurations, just add the names of those configurations behind the user name. If no configuration is given behind the username, minicom assumes that the user has access to all configurations. From my file /etc/minicom.users: # Sample of "minicom.users" (should be in /etc) # Format : User name line [line..] # Minicom saves it's setup information in /etc/minirc.dfl. # Dfl is default. So normally, everyone should have a default entry. # # # Who may use minicom? # # User line [..line] # root dfl /dev/ttyS4 root dfl6 /dev/ttyS6 root dfl4 /dev/ttyS4 root dfl3 /dev/ttyS3 root dfl7 /dev/ttyS7 mah dfl /dev/ttyS4 mah dfl6 /dev/ttyS6 mah dfl4 /dev/ttyS4 mah dfl3 /dev/ttyS3 mah dfl7 /dev/ttyS7 sbg dfl /dev/ttyS4 sbg dfl6 /dev/ttyS6 sbg dfl4 /dev/ttyS4 sbg dfl3 /dev/ttyS3 sbg dfl7 /dev/ttyS7 Not much more to it than that! - Mark -- "Linux! Guerrilla UNIX Development Venimus, Vidimus, Dolavimus." ============================================================ Mark A. Horton ka4ybr mah@ka4ybr.atl.ga.us P.O. Box 747 Decatur GA US 30031-0747 mah@ka4ybr.com +1.404.371.0291 33 45 31 N / 084 16 59 W ------------------------------ From: mjohnson@sparc.uccb.ns.ca (Mark Johnson) Subject: Re: Q: NFS, Linux -> Macintosh Date: 9 Sep 1994 12:57:25 -0300 In article <1994Sep6.174819.2697@xtac.tg.sub.org>, Darko Krizic wrote: >Linux. That would enable the Macintosh to mount Linux-Drives, since Linux >simulates a AppleShare-Server. Where can I find out more about this? I know someone who is interested in networking macs and needs an inexpensive server. Linux would be great. Mark Johnson johnson@vrlab.uccb.ns.ca ------------------------------ From: mike@bob.sc.colostate.edu (Mike Loseke) Subject: Re: DOMM 4 Linux /X is OUT !!! Date: 9 Sep 1994 16:03:47 GMT In article <34pssk$h3k@chopin.udel.edu>, Jason Aaron Fager wrote: >Vianney Govers wrote: >>Sebastian W. Bunka (seb@i102pc1.vu-wien.ac.at) wrote: > >>: X-DOOM for Linux is OUT !!!!!!!!! > >Anybody got feedback on how much memory is required for "decent" play? >(I.E., as fast as running it on DOS?) > I tried it out earlier this morning on my work box which has 8meg RAM (486/66) and it ran pretty smoothly in the tiny window. My Xserver is still a little goofy so the larger windows looked a bit off. Other than that, it's great! -- _______Mike!________ | Mike Loseke BOFH | Behold, here cometh the Dreamer. | | mike@bob.sc.colostate.edu | Let us slay him, and we shall see | | Linux Linux Linux Linux Linux | what will become of his dreams. | ------------------------------ From: ianm@qualcomm.com (Ian McCloghrie) Subject: Re: What would be faster Dx-50 or DX2-66? Date: 9 Sep 1994 09:14:51 -0700 spritcha@nyx10.cs.du.edu (Steven Pritchard) writes: >cisko@d0tokensun.fnal.gov (Greg Cisko) writes: >>In most cases, with 256K cache (essential in a DX2) the DX2 66 will be faster >>than the DX50. DX2's acheive the "clock-doubling" via CPU cache hits. I gained >>huge performance increases (in norton sysinfo and 3dbench) by going from 0K >>external cache to 256K. Generaly, when the CPU is excercised, a DX2 66 CPU will >>be faster than a DX50. You're correct, but your reasoning is slightly flawed :) The 256K of secondary cache (or however much) is accessed at 33MHz, not at the 66MHz that is internal to the processor. The *only* thing you can access at 66MHz is the 8K of primary cache that's on the chip itself. -- ____ \bi/ Ian McCloghrie | FLUG: FurryMUCK Linux User's Group \/ email: ian@ucsd.edu | Card Carrying Member, UCSD Secret Islandia Club GCS (!)d-(--) p c++ l++(+++) u+ e- m+ s+/+ n+(-) h- f+ !g w+ t+ r y* The above represents my personal opinions and not necessarily those of my employer, Qualcomm Inc. ------------------------------ From: im14u2c@cegt201.bradley.edu (Joe Zbiciak) Subject: Re: WARNING about shadow-mk package Date: 8 Sep 1994 12:18:11 -0500 In <34n0f0$6i4@news.xs4all.nl> bjdouma@xs4all.nl (Bauke Jan Douma) writes: [snip] >>I, as well as some others, I am certain, would like to see a factual basis >>for this outright character assassination that you are making. I have no >>reason to doubt that you may be able to support your statements. However, >>I also have NO reason whatsoever to believe any of your closing statements. >I can support these statements; in trying to avoid just that, a >"character assassination" on hearsay, I specifically did not mention >a name, but asked the emailer of these statements to follow up on my >posting as soon as possible and to elaborate his first hand >experiences, to which he agreed. He emailed me back that he had in >fact posted that followup, but I have not seen it in any of the >threads, including this one. Nor have I. I have reveived Email from Mohan regarding this situation, and I will say that your statements are warranted given what you were told. However, I must say that the information that you were given was indeed misrepresentative: >Btw, stating someone asked for an account, for the password file, or >is bragging about violating computer security can hardly be called an >attempt at character assassination - as you appear to admit yourself; >they may be, however, relevant facts to the issue. I had no reason to >doubt that what the emailer said had in fact happened to him. I read the email in question. I must say that until we see some hard facts on this matter, we *should not* try to make any character judgments. (We shouldn't be making character judgments anyway... that's not what this is about.) >Anyway, given these statements, I felt it warranted a warning about >the shadow-mk package; I was not alone in this. Yes, based on what email you received, your actions were somewhat warranted. However, a bit more research would have been nice. This entire incident may have been avoided. Emailing Mohan requesting source for login.secure and compilation options used could have been done to verify the origin of login.secure, and subsequently, a post updating the shadow-mk packe could have been made. >If, in fact, my remarks are interpreted by you and others to be an >unfounded "character assassination", I apologize to Mohan Kokal. I think that no apology from you is necessary, after reading the other email. However, the third party (whose name I will also not divulge), does have some work to do to support his position. For one thing, he bases some of his argument on behavior observed on IRC. Well, I'm sorry, but IRC is such an easy medium to spoof that I would not trust it. Anyone with a half-hour's time can edit the source to his or her client and "be" someone else. Not secure in the slightest. (Please, I don't wish to be labeled as bragging about breaking system security now! I'm pointing out widely known fact! :-) Also, this person makes some other incredible claims. I really think that he should probably review his position and his system, and then realize that he is indeed mistaken. Perhaps someone should refer him to some good papers on system security, and even the "COPS" package. The insight may allow him to make a better determination of what his system is doing, and may ease his mind. --Joseph R. M. Zbiciak Systems Administrator & Programmer Texas Networking Systems, Inc. := Joe Zbiciak == im14u2c@ =: :- - cegt201.bradley.edu - -: : - camelot.bradley.edu - : If it works, Don't fix it. :-Finger for PGP Public Key-: :======= DISCLAIMER: =======: : He flamed me first! : +---------------------------+ ------------------------------ From: drynolds@tcd.ie (Don Reynolds) Subject: Wangtech 5099 Tape drive with pc36 card Anybody use one of these? Date: Fri, 9 Sep 1994 19:33:32 GMT Ah yes, another help me request. I was given a Wangtek 5099EN Tape Drive with a PC-36 I controller card. I read in the scsi-howto that it should work, but (as per normal) it wont even detect the drive on boot up. When the kernel boots I get messages along the lines of Wangtek qic02 irq 5, dma 1, 300 Setting buffers Failed setting This is inaccurate but unfortunately the machine is 20 miles away from here so I cant check it until monday. While these messages come up during bootup (Probing for the card?) the Tape drive grunts. Then the scsi devices are probed for, and it grunts again. The machine boots normally and there are no problems except no device in /dev will access the tape. (not surprisingly if it cant find it). The drive does work under a commonly known boot sector virus called Ms-Dog. I followed all instructions in the scsi-howto on what to do if things go wrong. I fiddled the irq's, the dma's, and the memory addresses all in a vain attempt to get it to work. Documentation? Like I said I was given it by an old man. DDocumentation is limited to a couple of grubby stapled sheets describing jumper locations. If anyone actually has one of these or recognises my problem, I would be very grateful if they could email me any suggestions. Thanks, Don -- *** Don Reynolds : drynolds@tcd.ie // drynolds@scrg.cs.tcd.ie *** ------------------------------ From: rcrow@sosi.com (Rick Crow) Subject: Please Help :Printing with a HP Deskjet 520 Date: Fri, 9 Sep 1994 17:14:24 I have been following the printer how to, which by the way seem to match almost nothing in slackware version 2.0. No matter what I seem to do the system will not recognize my printer. When it boots the printer is recognized followed by a permanent busy signal on the printer. I have tried changing the printcap several times but to no avail. I know that in the printer how to it states that it is useless to ask for a printcap entry on the net. But I am seriously frustrated and would appreciate any help that anyone could provide. I have also asked similar questions on comp.os.linux.help and never receive a reply. Thanks, Rick Crow rcrow@sosi.com ------------------------------ From: houston@norton.geog.mcgill.ca (Lawrence Houston) Subject: Setserial FREEZES under LILO only!!!!! Date: Fri, 9 Sep 1994 12:21:05 GMT Attempting to move from using a boot floppy to LILO 0.14 under Slackware 2.0.0 (kernel 1.0.9) I found my system hanges executing /etc/rc.serial! There is infact a note in /etc/rc.S (at the point where rc.serial is called) that some systems will hang at that point. I had NO problems when using from the boot floppy generated by "make zdisk" or if /etc/rc.serial is NOT called (2 standard COMs, 14.4K Internal & STB 4COM). I did find a work-around of changing the line near the top of /etc/rc.serial to explicitly enumerate ONLY the serial ports that my system has instead of the double levels of wild-cards. For example I currently have the "PORTS" line reading: PORTS=`echo cua0 cua1 cua2 cua4 cua5 cua6` which seems to do fine on my system. Was hoping someone else might have an explaination or better solution? Lawrence Houston - (houston@norton.geog.mcgill.ca) ------------------------------ From: chemla@cnam.cnam.fr (Laurent Chemla) Subject: X doesn't work anymore !? Date: 8 Sep 1994 17:27:08 GMT -- Hello everybody, I have a strange problem : X just stopped wworking today, and I have not made any changes in it's configuration :-( The symptoms are: - The server starts alright, displaying it's grey screen and the mouse (but the mouse does'nt move if I try it) - The window manager (I tried mwm and fvwm, same thing) starts too, and it opens an xterm as usually, BUT nothing works from then: no mouse (unless I kill selection before to start X) and no keyboard (and what should I kill for it :-)) at all! The only thing I can do from then is switching to another vc, but the X screen remains. And I don't have to use Ctrl+Alt to switch : Alt alone is enough. Sound's like the keyboard doesn't know I'm under X. I admit some things changed since the last time I used X: I changed my IP number and I changed some dip switches on my Soundblaster card. That's all. I tried to change back the Soundblaster config, I tried to use an old kernel as I made some changes in the new one according to the new soundblaster config, nothing changes: X just doesn't want to work anymore. I get no error message from the X server, no error message in either syslog and message.. Nothing. And if I switch to the vc from which I started X and hit ctrl-c, X stops just fine, restoring the screen as usually. I'd really appreciate any hint or any direction to go to find what happens, because I'm completely confused by this one :-( Laurent Chemla. -- Laurent Chemla : chemla@cnam.cnam.fr or laurent@brasil.frmug.fr.net Brasil BBS - +33 1 44 67 08 44 - Atari France developpers support ------------------------------ From: drynolds@tcd.ie (Don Reynolds) Subject: Sorry! Addition to Wangtech posting.. Date: Fri, 9 Sep 1994 19:51:33 GMT Sorry I forgot to add my hardware setup. Generic 486 sx 25 clocked at 32 mhz, 8 mb ram, 64k Cache, Maxtor 245 mb hard disc, D-Link (Ne2000 nearly compatible) Ether card, combo IO/VGA card with OTI 77 chipset, generic again. Linux version 1.08 with IDE, SCSI, Qic 02/102, ext2, inet, tcp (i think !) options compiled in. Sorry about having to post a following article. Don ~r .signature -- *** Don Reynolds : drynolds@tcd.ie // drynolds@scrg.cs.tcd.ie *** ------------------------------ From: werner@heim2.tu-clausthal.de (David Werner) Subject: Re: Q: Logging outgoing INET services Date: 9 Sep 1994 21:10:53 GMT Frank Dwyer (dwyer@dirac.scri.fsu.edu) wrote: : Barry Yip kam-wa (g609296@win.or.jp) wrote: : :>Morten Jammer (morten@gurke.allcon.com) wrote: : Unless I'm reading this wrong :), I think he wants _outgoing_ connections. : Not aware of tcp wrappers that can do this. A _very_ simple change could : fix this though..... Just make your telnet/ftp/rlogin command a : perl/csh/whatever script that writes a log entry and then executes the real : telnet/ftp/rlogin command. Sorry, this doesn't work. Everyone who can run your script can execute the 'real' telnet/ftp/rlogin command. The log-files must be either worldwritable or you need a log program that has SU(G)ID on execution or you run a logdeamon which can be connected by a logclient . In all three cases everyone can generate logentries that does not coincidence whit those events that you want to log. In first case everyone can substitute the contend of the logfile by something others. Ciao, David -- David Werner email: Werner@heim2.tu-clausthal.de To obtain my PGP public-key, finger pedw@asterix.rz.tu-clausthal.de or email me. ------------------------------ From: andrew@amelia.db.erau.edu (Andrew Anderson) Subject: Serial Link w/ 2 Linux Hosts Date: 9 Sep 1994 12:48:10 GMT I'm trying to setup a serial link between 2 linux boxes. Box "a" has an ethernet card and works fine with kernel 1.1.18. Box "b" does not have an ethernet card and is running kernel 1.0.9. |-------| Serial |-------| ethernet |----------| | b |==========| a |==========| ethernet | |-------| |-------| |----------| I am using known good serial cables, and I have a serial tester on the link showing that everyting appears to be good. I can cat a file into /dev/cua0 on box "b" and see a transfer occuring on the line. I can cat a file into /dev/cua1 on box "a" and see a transfer. So the ports and lines appear to be fine. So I tried using slattach and ifconfig to get a serial point-to-point link going. Machine "b" will send ping requests to machine "a" (as seen on the serial line tester), but machine "a" will not send pings to machine "b". Next I tried using dip to setup a link, thinking that I may have used slattach incorrectly. I started it with 'dip -t' and used this: get $locip /* these are both unique numbers, so */ get $rmtip /* there isn't an IP conflict */ port cuax /* either 0 or 1 depending on which machine I was on */ databits 8 stopbits 1 parity none mode SLIP I checked both ifconfig and route and everything looks ok. Does anyone see a problem here? Is there a problem with 1.1.18 and serial links? Thanks, Andrew -- |===========================================================================| | Andrew Anderson andrew@db.erau.edu | | Novell Network System Administrator "Making the impossible | | Linux System Administrator possible -- daily!" | | | | I don't speak for ERAU, and God knows I don't want them to speak for me! | |===========================================================================| ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************