[ Prev ][ Table of Contents ][ Front Page ][ FAQ ][ Next ]


More 2¢ Tips!


Send Linux Tips and Tricks to


EZ Email Security With Stunnel

Fri, 12 Oct 2001 19:43:28 -0500
Pat Parson ()

This is a little crash course in how to setup email over SSL painlessly using Stunnel. With Stunnel you can keep your email passwords from being sent as plain text and possibly intercepted by others. Stunnel is a program that you can use to encrypt TCP connections in SSL. First you need to have installed a mail transfer agent such as Exim, Sendmail, or Qmail to handle the SMTP portion of the mail. Then you need to have installed either an IMAP server or a POP3 server such as the Cyrus package or Cuci-pop. Many distributions come with Stunnel, if yours does not you can get it from http://www.stunnel.org.

After obtaining and installing Stunnel you need to make a SSL certificate for use with Stunnel. A SSL certificate is a kind of unique "key" that is used to encrypt the data. OpenSSL provides a makefile to do just that. In my distribution it is located in /usr/share/ssl/certs . CD to that directory and type make stunnel.pem to create the certificate that is named stunnel.pem. Now you need to a few lines to your rc.local file to start Stunnel at bootup (assuming you ever reboot that is) these lines are:

  /usr/sbin/stunnel -d 995 -r 110
  /usr/sbin/stunnel -d 465 -r 25

This will start stunnel listening on port 995 for POP3 and 465 for SMTP. Now all you need to do is edit the options for your mail client and there you go. No need to worry about cleartext email passwords. If you are too impatient to wait for the next reboot you can type the commands given previously to start Stunnel right away.

There may be some problems with certificate validation for some email clients. Make sure when asked by the makefile you get the server name correct. If your email client will not let you add certificates you may need to change clients or obtain a certificate from a certification authority. If you cannot get the certificate vaidation worked out there is no way to ensure that you are connecting to the correct machine. Have a nice day.


users permissions

Sun, 30 Sep 2001 22:41:22 -0400
Carlos G Kruger ()

Hi, I have gone thru your entire library since the begining but I could find an answer to the following questions. First after some time I have been able to setup a small network, one server and 2 linux boxes and a windows box. Using samba, the "clients can see the share". All the clients can read and write to this share. I have created a share with one of the user's names and add the others to this in the smb.conf file. I have change the owner and group for the share to be "today--name of the group--and add all the users to this group. The problem is the user A creates a file in the share, saves and closes, then user B opens the file, edits and can't save unless it saves with another name.

I have used all the combinations for the users, even using the "SETUID, SETGUI" but nothing works.

At server level I can see that the main directory, sub directories and files, with the format .rwxwrxwrx root (or user A) today etc.etc

User B, C, D are under the smb.conf share [A] and under group.conf A::500:B,C,D or A:x:500:B,C.D

If B creates a file all the rights are changed to B, ditto for A,C or D. I can't even change the ownership from B to A, C, or D.

I've spent hours and hours of reading and searching on the web but still can't find an answer?

is there one?

please let me know.

thanks

[Mike Martin] One or two things to check
Do the permissions on the share when accessed through samba and directly eg: share a on mount /mnt/a Do you get the same output from ls -l (You may want them to differ, but as a troubleshooting technique it may be an idea) So you could check by accessing the share from your linux box , do an:

ls -l
and if you get:

rwxr_xrwx
...then there is your problem.
[Heather] You might check if the users are all of the same group in /etc/passwd; when you create new files, the files can only be in one group, and that's where it generally comes from.


Re: Problem faced while defining permissions for read & wirte access

Thu, 11 Oct 2001 10:20:06 -0500 (COT)
John Karns ()

Hi! I have got a requirement of defining a share,where one user should have reader rights & other should be having write rights.The definition is as below

comment = Testing Permissions
path = /usr/local/support
valid users = ibm, god
read list = ibm
write list = god
read only = No

when i define this the user=GOD gets permissions properly i.e=write But the user=IBM also gets write permissions instead of read. I have relaxed the permissions on unix by giving 0777 to the path

i.e drwxrwxrwx 3 root root 4096 Oct 9 11:53 support

This happens to every share which i create & my smb.conf file is tested from the diagnosis.txt

Is there any thing which I am missing Please revert to me asap

Thanks in advance Franco.F

Sorry about the delay in answering, but I've been pretty busy ...

There are several parameters which affect this. Usually I just try juggling them until I get what I'm looking for.

One such parameter is

[global]
   security = user

I put this in the global section.

Then for a user's smb share, I have found the following to usually limit access. The dir is made read only be default, and overridden by the "write list" parameter:

[joeBlow]
   comment = Joes smb share directory
   path = /usr/smbShares/jblow
   browseable = yes
   read only = yes
   create mode = 0770
   valid users = jblow
   write list = jblow
   public = no

Hope this helps.


Informacion sobre PHP

Tue, 23 Oct 2001 15:49:47 -0500
Iván Overlín Sánchez Rodríguez ()

Buenas Tardes:

El motivo de este mail es para pedirle de la mejor manera información

acerca de algun manejador de PHP con el cual pueda modificar los archivos de páginas de internet bajo Linux Red Hat 7.1, he bajado algunos editores de PHP pero aun no logro modificar los archivos.

Espero su recomendación y agradezco su atención.

Gracias

ATTE: Ing. Iván Overlín Sánchez Rodríguez

Translation: "Good afternoon. The purpose of this e-mail is to ask you about the best editor for PHP scripts ("archives of Internet pages") on Red Hat 7.1 I have downloaded several PHP editors but have been unable to edit the files. I await your recommendation and am grateful for your attention."

We need more information. Which editors have you tried and why did they not work? I normally use an ordinary text editor (vim) for editing PHP files. If you cannot describe it in English, send a Spanish message to Rory Krause () and he will translate it for us.
Necesitamos más de información. Qué editores Vd probó, y por qué no rindieron? Suelo usar un típico editor de texto (vim) por modificar PHP-archivos. Se Vd no puede describir la situación en inglés, mande un mail a Rory Krause () en español, y él nos lo traducirá. -- Mike
Tip: if something doesn't work as you expect, try to also describe what it was you expected, in more detail rather than less. -- Heather


Sendmail backup ?

Wed, 10 Oct 2001 16:46:05 +0200
Robert Kemp ()

My LINUX (Redhat 6.1) box was compromised , I want to reinstall but I have a hell of a lot mail users (sendmail) that I need to backup and restore on the new (reinstalled) system.

PLease could someone help me out on this one !!!!

Regards

Robert Kemp

[Thomas Adam] Of course :-) Since I don't know how your file-system is laid out, or where the $USER's mailboxes are stored, and how many.......it might be limited.
Assuming that not many of the user's have had graphical attachments to their inbox, it should just be routine enough to:
1. Backup (tar/gz??) files in "/var/spool/mail/*" and dump them to a tape drive.
2. Or you move it to a separate drive that won't be affected by this installation.
3. Seeing as you have a lot of users, is the $USER's mailbox on a separate partition??? You see, if you upgrade you can intruct Linux not to touch that particular partition.
You might also want to backup "key" configuration files:
/etc/sendmail.conf /etc/aliases
...etc
Other than that, I don't know what else you can do.
Kind Regards
[Guy Milliron]
and /etc/sendmail.cf. I'd also back-up /etc/mail/*


tests on the net for linux

Wed, 03 Oct 2001 20:03:38 +1000
A Student ()

i am currently working on introduction to linux at university and was wondering wether there are any tests or quizez on basic linux that i could do to learn more and to test my knowledge

SAIR Linux and GNU Certification has quizzes on their web site, http://www.linuxcertification.com , "On-Line Quizzes" link.
Several organizations including SAIR and the Linux Professional Institute (http://www.lpi.org) offer paid examinations similar to A+ and MCSE. You may find some information and ideas on their web sites, even if you're not interested in the exams. SAIR's FAQ mentions some comparisions they have with other certification programs.
Linux Gazette has published an 11-part series about the founding and development of the LPI, titled "Creating a Linux Certification Program", and has published several News Bytes pieces about SAIR. Search for "certification" and "SAIR" in the LG search engine.
Some other Linux web sites may have quizzes somewhere. Poke around http://www.linuxnewbie.org, http://www.linux.com, and other Linux portals, and search for "quiz". -- Mike


Need Help on X

Mon, 8 Oct 2001 10:15:36 -0700 (PDT)
Joyer Jude ()

Hi there,

I'm running Linux 2.2.4-2 kernel Redhat Version 7.1

on a Celeron 500MHz Intel Chipset MB with 64 MB RAM.

Even after a fresh installation Gnome seems to crash

(I mean to say Gnome comes up but without Sawfish the Window mamnager running and with an error message saying urnot running a GNOME compilant window manager) with no options to close any windows running well it looks like its got one single window for every icon on the desktop and out of the 4 desktops only one can be used ..... usually I worked around this problem by running Sawfish manager from the RUN option, now even that doesn't seem to start this Sawfish Can u please help me out with this

waitin for ur reply

Joyer

[Mike Martin] Try this
When gnome loads up type gnomecc as a command (either in a terminal or as a command) then go to window manager section, change to other wm click ok then change back to sawfish - should work
Let us know if you need any more help!


Modules Drivers

Tue, 23 Oct 2001 13:59:21 -0600
William Laing ()

Hi Can someone show me how to install a networking card driver on a 31/2 disk into redhat 6.2 text only

Thanking you Bill

[Mike Orr] If it's a binary module (*.o file) on a DOS-formatted floppy:
# mcopy a:MODULE.o /lib/modules/VERSION/SUBDIRECTORIES.../net
# modprobe MODULE               : Any error messages?
# cat /proc/modules             : Is it listed?
# ifconfig eth0 10.0.0.1        : Any error messages?
# ping -c 1 10.0.0.1            : Success?
# vi /etc/modules.conf          : Distribution-dependant, see below.
# vi /etc/modules               : If you want it always loaded.
# mcopy a:MODULE.o ~/Backups    : In case you need to reinstall it someday.
If it's a source module (*.c), you'll have to compile it according to its README.
In /etc/modules.conf, you may want an "alias eth0 MODULE" line and/or a "options MODULE io=0x330 irq=0xA" line or something like that, depending on the module. But Debian has a front end, /etc/modutils/aliases, where you put your customizations, then run 'update-modules' to calculate and write /etc/modules.conf. Check your Red Hat docs to see what to do. Also see "man 5 modules.conf".
Your network setup script then has to load the module, unless the kernel is loading it automatically on demand, or unless /etc/modules takes care of it. "modprobe MODULE", or "modprobe eth0" if you've set up the alias.


Routers

Tue, 23 Oct 2001 12:10:50 +0300 (EAT)
gatheru ()

Hi, I have heard this rumour that linux can be used to create

routers instead of going for commercial ones. I would like to know if it is true and hints on how to do it ( Actually any information is welcome).

regards Kamau Gatheru

[K.-H.] Yes, it is possible to use a Linux box as router. You would need some hardware (486 would probably do), >= 1 network card(s) (ethernet probably).
For starters look at: http://www.linuxgazette.com/cgi-bin/htsearch and search for "routers"
Another place to look is:
http://www.linuxdoc.org/HOWTO/HOWTO-INDEX/networking.html#NETROUTING
I you would tell us what exactly you would expect that router to do we[1] could maybe even tell you if Linux can handle that and how difficult it would be to setup.
[1] not necessarily me -- so reply to the list <>
Also see the Linux Router Project, http://lrp.ramhb.co.nz/main.htm . -- Mike


LWN links

Fri, 12 Oct 2001 11:51:05 -0700 (PDT)
Heather ()

Linux Weekly News has sprouted a seperate page for the now very long Distributions list: http://lwn.net/Distributions

Don't count 'em dead yet, folks. But I'd love to hear them get the sponsorship they need to go on. See our News Bytes for more.


2-cent Tip: "De-enhancing" enhanced text

Fri, 26 Oct 2001 18:37:06 +0000
Ben Okopnik ()
The Answer Gang ([email protected])

One of life's little problems that comes up once in a while is dealing with enhanced text. You know, that stuff you get when you try to dump a man page as text, or just in reading a file that somebody has "enhanced" - a few minutes ago, I got an e-mail from someone using an NT box (!) that had the stuff in it. If you still don't know what I'm talking about, here's a sample from the "thttpd" man page:

-----------------------------------------------------------------------------
N^HNA^HAM^HME^HE
       thttpd - tiny/turbo/throttling HTTP server

S^HSY^HYN^HNO^HOP^HPS^HSI^HIS^HS
-----------------------------------------------------------------------------

So, how do we turn this mess into readable text? If you're using the "vi" editor, it's a fairly simple task:

:.,%s/.^H//g

Note that to enter the actual "Control-H" sequence rather than a caret followed by an "H" (which will not work), the key sequence is "Ctrl-v" ("Enter raw character") followed by a "Ctrl-h".

The above says

:      Enter command mode
.,%     Apply to every line from the current one to the end of the file
s/.^H   Grab all "Control-H"s and the character that precedes them...
//g     ...and delete no matter how many times they occur on a line.

In case you've been wondering, the above text "translates" into this:

-----------------------------------------------------------------------------
NAME
       thttpd - tiny/turbo/throttling HTTP server

SYNOPSIS
-----------------------------------------------------------------------------

Deleting the preceding rather than the following character makes this trick work with "enhanced-underlined" text (not shown here) as well as "enhanced-bold".

I always call that "nroff format". -- Mike
[Dan Wilder] Actually it's impact printer format. Works nicely for 9-pin printers, as it did for daisywheel and type ball printers, or for that matter, for chain printers.
The use of character-backspace-character to produce bold originated with the impact printer, and was used long before nroff was written. Nroff merely made use of what was already common existing practice. Calling it "nroff format" would be a little like calling the rising sun "rooster-crow format".
"col -b" is an easy way to filter out the backspaces and duplicate characters.

Interestingly enough, it's not really nroff format... (discussion between Mike and Ben about output formats versus input formats, and other truly odd things that can be done inside man pages, trimmed for clarity.)

- "nroff" has its own weird way of doing things:

The \fIlwp-download\fR program will download the document specified...

What this stuff is is a hold-over from the Elder Days, when mighty heroes wrestled giants and monitors were fancy things that only the richest of the rich could afford; the rest of us scrounged wide-carriage printers and bought greenbar by the metric assload (nobody was offering discounts on the Imperial assloads (arseloads?)). "Control-H" is a backspace; in order to print in bold, you printed a character, backed up over it, then printed it again.

H^HHE^HEL^HLL^HLO^HO!^H!

Underlining was done by much the same method, except that instead of double-printing the character, you printed an underscore, backed up over it, and printed the character:

_^HG_^Ho_^H_o^Hd_^Hb_^Hy_^He

(You could do it in reverse, too, but this has become the standard format.)

Underscore/bold combos were, of course, a horror to behold. As you can imagine, all sorts of utilities to automate this were widely available.

_^HG^HG_^Ho^Ho_^Ho^Ho_^Hd^Hd _^HG^HG_^Hr^Hr_^Hi^Hi_^He^He_^Hf^Hf!^H!

Until I started using Linux, I had not realized that someone had kept the creature alive - which, in Unixland, it very much is. Most text utils - including "more", "less", and "*cat*", fer Gossake - support it. Midnight Commander even displays the stuff in nicely distinct reds and yellows.


2 Euro-Cent tip: Sophisticated excluding backup

Sun, 28 Oct 2001 21:44:37 +0100
Matthias Posseldt ()

Hi all @ Linuxgazette,

I just wrote a small backup script (mpbackup), which has the option to exclude files from the backup, and those files are read from =2Eexclude_from_backup files in each subdirectory. So you create a file /home/matthias/.exclude_from_backup and write


tmp
build
kde-cvs

in it. The script will read all .exclude_from_backup files in the directories to backup and create a list of it. It then creates a tar.bz2 file.

You can even write wildcards into the exclude files. All files mentioned are relative to the .exclude_from_backup file's directory.

You need the included evaluate_file.sh in PATH (or have to edit the script).

Hope that it helps someone. My 500+ megs home directory is now backed up in about 100 megs, because I left out build trees and cvs trees. And every user can configure which files go into the backup.

Ciao, Matthias

See attached mpbackup.sh.txt

See attached evaluate_file.sh.txt

Hello,
This is a good shell script. I rememeber I wrote a bash script called "keyfiles" when I was at school, that ran on your proxy servers.
(also activated via my "loop4mail" bash shell-script daemon.....I think I might include it sometime in LWM).
What would happen was that a file "/etc/keyfiles.conf" would contain a list of files (with their respective paths).
Then tar would read the file line by line, add the files to the archive, and dump the archive to a backup partition.
This is more or less what your script does.
All in all well done!!!
--Thomas Adam, the Linux Weekend Mechanic
[Ben] <laugh> Great minds think alike, Matthias. I wrote a backup script - slightly different idea from yours, though - and have been evaluating it for the past couple of months (a backup script is one of those things you want to beat to death under various conditions; think of where it leaves you if it fails silently...)
The idea behind mine is that there are a lot of files that you need to transport between your desktop and your laptop if you travel a lot (as I do) - things like your bookmark files, document directories, etc. This script has two config files, both of them accessible from the script itself: a permanent backup list, where you put the files and directories that are to be backed up every time, and a temporary list of files that will only be added to the current backup. It then restores the backed-up files onto the target machine, saving the previous versions in a .tgz file in case something has gone screwy.
I've had no problems with this thing for quite a while now - it has a fair number of tests built in - and, heck, since you're putting yours up, I might as well add mine to the list.

See attached backpack.bash.txt


Re: [LG 71] help wanted #4

Tue, 2 Oct 2001 04:56:03 +0200
guran ()

This is in response to the Asound ethernet card question last issue.


Hi

One of my sons called me the other day, when he could not find that driver on a RedHat 7.1. I adviced him to look for rtl-8139, where he found it, if I remember right the same goes for Debian.

regards guran


Additional Answer for a 2Cent Tip.

Mon, 01 Oct 2001 12:32:02 +0200
Matthias Egger ()
linux-questions-only ([email protected])

Hi Answer Gang

I was just reading the 'August 2001 - Nr.69' Issue. In your 2 Cent Tip's there was a Question called ' Cannot Format Network Drive '.

If i understood it right (english isn't my mother language) the person wanted to wipe off every Partition and bevome a new clean and crispy Harddisk?

Well, in this case i have another little Tip for him (or others with the same problem).

I sometimes have the same or similar Problem, especially when the System hosts Linux and Win200 or WinME. In this cases i use a Bootstrap Killer Programm called zap wich comes from IBM.

Unfortunately it's only avaiable for DOS, but it's a nice litte utillity. You can get it from the IBM Storage Homepage or from this URL "http://service.boulder.ibm.com/storage/hddtech/zap.exe" and it has approx. 18 KB.

I know it's definitely not a LINUX Answer, but maybe it's a useful Hint.

Sincerely

Matthias Egger


Re: [LG 71] 2c Tips #9

Mon, 01 Oct 2001 15:30:18 -0400
martin leisner ()
linux-questions-only ([email protected])

I found the gnu make documentation to be excellent reading. Part of it is tutorial.

-- Marty Leisner


Re: [LG 71] 2c Tips #10-signwriting

Fri, 26 Oct 2001 12:26:01 -0700
LBrown ()
linux-questions-only ([email protected])

This is in response to the Re: signwriting question last issue.


Hi,

I was wondering if by signwriting application, Steve Gosden meant signwiritng as in the written form of Signed Languages including American Sign Language?

[Ben] Hmm. It could be, I suppose; the question was pretty ambiguous.

Here is a site that is dedicated to it:

http://www.signwriting.org

Im hoping to write a signwriting program as soon as both my signwriting and my programming are up to it.

Here is the part of the site that provides source code, applications and programming information for writing software utilizing signwriting:

http://www.signwriting.org/forums/software/software.html

[Ben] Very interesting site, Lisa! I'm afraid that I know very little about implementing sign languages on a computer - despite knowing a little bit of ASL (learned from the docents at the Renaissance Fair while working there.) It would actually be an interesting challenge... Linux, along with the Unix community in general, has supported access for people with disabilities from its very early days - there is accessibility stuff built right into X, there's lots of support for Braille output devices, and the Emacs "Audio Desktop" is billed as "the first zero-cost Internet access solution for blind and visually impaired users." A signwriting program would fit in well, and (I would think) would be well received.
Hmm. I can visualize a sign "editor" that would let you build each symbol in the "sign group", one piece at a time, then let you jump to the next position using a set of keys for direction... yeah, definitely a bit of a challenge. :) Best of luck, and please let us know if and when you have something usable; I'm sure that there are a number of folks in the Linux community who would be interested in the results.

thank you and gentle day, Lisa Brown

[Ben] <smile> I like that. The same to you, Lisa, in double measure.


Tech Tips from Linux Journal

Subscribe to LJ's Tech Tips:
http://noframes.linuxjournal.com/subscribe/lja-sub.html


How to lie about your uptime

Bogus uptime, anyone?

The longer the uptime of your Linux box, the cooler you are, right? To be cool without leaving your machine on, go to /usr/src/linux/kernel/timer.c and change the line:

unsigned long volatile jiffies;

to get a bigger uptime at boot. Example:

unsigned long volatile jiffies = 0x00010000;

will start with a 655.36 second (more than 10 min.) uptime. Bigger values are left as an exercise for the reader.



Adding many users at once

It's back to school time and that means adding many users at once. No need to do it manually; add many users and set their passwords from a single file with the newusers program.

It's included with Debian; if your distribution doesn't have it, get the source from the Debian web site: http://packages.debian.org/stable/base/passwd.html



Speeding up Debian APT using Squid

If you have several Debian boxes, speed up software updates and be kind to the Debian mirrors. Install Squid on one of them and configure APT to use it with:

Acquire
{
  http
  {
    Proxy "http://webproxy.example.com:3128/";
  }
}

(If your distribution has automatic upgrades but won't use an HTTP proxy, file a bug report.)



Blocking the Nimda worm

The Linux Journal web site, like others, is getting a lot of traffic from the Windows worm du jour. Here's the cron job our sysadmin team is using to block them from our Apache-based site.

See attached block-nimda.sh.txt



Making Caps Lock work like Control (in X)

To make your Caps Lock key think it's a Control key, put this in the Keyboard section of /etc/X11/XF86Config:

   XkbOptions "ctrl:nocaps"


This page edited and maintained by the Editors of Linux Gazette Copyright © 2001
Published in issue 72 of Linux Gazette November 2001
HTML script maintained by of Starshine Technical Services, http://www.starshine.org/
[ Prev ][ Table of Contents ][ Front Page ][ FAQ ][ Next ]