From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Thu, 26 Aug 93 16:22:59 EDT Subject: Linux-Admin Digest #20 Linux-Admin Digest #20, Volume #1 Thu, 26 Aug 93 16:22:59 EDT Contents: Re: Why use shadow? (Brandon S. Allbery) Re: Why use shadow? (Joel M. Hoffman) Re: Why use shadow? (Larry Wall) SUMMARY: Ringback (James A Robinson) Re: Linux bbs software? (Steve Traugott) Re: Linux bbs software? (Mark Buckaway) Re: Linux bbs software? (Bob Myers) processes changing ownership (C Wayne Huling) Peculiar e2fs problem (Vinod G Kulkarni) big UUCP spool files (JL Gomez) Re: Why use shadow? (Michael Cook) Re: Why use shadow? (Net Ranger) ---------------------------------------------------------------------------- From: bsa@kf8nh.wariat.org (Brandon S. Allbery) Subject: Re: Why use shadow? Date: Wed, 25 Aug 1993 22:25:45 GMT In article <1993Aug25.021919.29458@seagoon.newcastle.edu.au> c9219517@frey.newcastle.edu.au (Scott Howard) writes: >Brandon S. Allbery (bsa@kf8nh.wariat.org) wrote: >: In article sjm@ss43.icl.co.uk (Simon McKenna) writes: >: If you limit it to lowercase letters, multiply by 26*26=676. All letters, *********** >26*26 will give you all the possible combinations of 2 letter, lower Precisely why I said to *multiply* *by* 26*26. Learn to read. ++Brandon -- Brandon S. Allbery kf8nh@kf8nh.ampr.org bsa@kf8nh.wariat.org "MSDOS didn't get as bad as it is overnight -- it took over ten years of careful development." ---dmeggins@aix1.uottawa.ca ------------------------------ From: joel@rac2.wam.umd.edu (Joel M. Hoffman) Subject: Re: Why use shadow? Date: Wed, 25 Aug 1993 13:33:19 GMT In article <1993Aug25.021919.29458@seagoon.newcastle.edu.au> c9219517@frey.newcastle.edu.au (Scott Howard) writes: >Brandon S. Allbery (bsa@kf8nh.wariat.org) wrote: > >: In article sjm@ss43.icl.co.uk (Simon McKenna) writes: >: If you limit it to lowercase letters, multiply by 26*26=676. All letters, >: 52*52=2704. Which implies that an 8-letter password could be checked in under >: 18 hours on the second machine if the claim is correct, and in 108 hours on >: the first. > >26*26 will give you all the possible combinations of 2 letter, lower >case passwords (all 676 of them). Assuming that most people use 8 letter >passwords, the total number of passwords using lower case letters only >is 26^8 (26 to the power of 8), a total of 208827064576 possible >combinations. If uppercase and numbers are taken into this (still >exclusing special symbols, etc), there's a total of 52^8=53459728531456 >combinations - so the total time to crack a password is a little more >than the 108 hours above. So if you tried, say, ten possibilities a second, in the worst-case you'd get the password in something like 170,000 years. BUT, if you make the (reasonable) assumption that there's at least one password that's all lower case and, say, exacly 6 chars long, your chances improve drastically. If you further assume that you don't need to guess any >one< password, but just >any< password out of a list of 150 in /etc/passwd, the worst-case drops to less than a month. And if you now use 10 computers, you'd likely have an answer in a few days. So, there are two possibilities. Either make sure users use >very< hard to guess passwords (like "UUwb3QbN") or use /etc/shadow, and just make sure users don't use stupid passwords (like "password" or "test"). -Joel (joel@wam.umd.edu) -- ============================================================================= |_|~~ Germany, Europe. 1943. "The diameter of the bomb was 30 centimeters, __|~| 16 Million DEAD. and the diameter of its destruction, about 7 meters, and in it four killed and 11 wounded. cnc Bosnia, Europe. 1993. And around these, in a larger circle of pain cnc HOW MANY MORE? and time, are scattered two hospitals and one cemetery. But the young woman who was buried in the place from where she came, at a distance of more than than 100 kilometers, enlarges the circle considerably. And the lonely man who is mourning her death in a distant country incorporates into the circle the whole world. And I won't speak of the cry of the orphans that reaches God's chair and from there makes the circle endless and godless." ============================================================================= Tell Clinton to stop the genocide: president@whitehouse.gov ------------------------------ From: lwall@netlabs.com (Larry Wall) Subject: Re: Why use shadow? Date: Wed, 25 Aug 1993 23:50:13 GMT In article pdcawley@iest.demon.co.uk (Piers Cawley) writes: : I like the version of passwd that comes in the perl camel book. It : traps bad passwords without being prescriptive, and can be customized : to take into account local conditions (for example set it up to reject : the names of Halls of Residence or whatever.), reading the source it : becomes apparent that Larry Wall (or whoever wrote it) has thought : *very* carefully about what makes a bad password. I can't take all the credit. Much of it belongs to the good folks at JPL who periodically came up to me and said "I figured out another way to get a bad password past your #!*@&%#& program." Larry Wall lwall@netlabs.com ------------------------------ From: jcg@world.std.com (James A Robinson) Subject: SUMMARY: Ringback Date: Thu, 26 Aug 1993 03:11:14 GMT Ok, I had some problems and two peoples posts combined helped solve it. Dave Bullis ave@sillub.ocunix.on.ca gave me on part of it, it seems that my Hayes is not fast enough to keep up with the computer, and was ignoring the ATA my Dell kept throwing at it, so the following line for ATA paused ATA (using /pATA) enough that my modem could read it. CONNECT="" \pATA\r CONNECT\s\A Unfortunetly this was only part of the problem, now my modem was cheerfully answering the phone... on the second ring. Not waiting for any sort of ringback. So the obvious answer is changing the settings on how long a pause inbetween rings is, and what the default time space is. Mike D. mdickey@sage.cc.purdue.edu gave my the following settings for uugetty.ttyS? MINRBTIME=7 MAXRBTIME=21 INTERRING=6 MINRINGS=1 MAXRINGS=2 And they work just fine. :-) I would recommend increasing MAXRBTIME if you are going to be calling LD using a credit card, as this is too short for the computer to recognize a ringback (of course your girlfriend calling, letting it ring, hanging it up, and dialing 10 seconds later is going to get an earfull of modem-noise :-( ). Thanks for everyones help! Jim jimr@world.std.com ------------------------------ From: stevegt@TerraLuna.Org (Steve Traugott) Subject: Re: Linux bbs software? Date: Thu, 26 Aug 93 03:34:03 EDT Scott Little (little@qucis.queensu.ca) wrote: > Have any bulletin board software packages been ported to Linux? > Where can such software be found? What are the hardware constraints? Waffle should work with little hacking - see comp.bbs.waffle. Steve --- . . ` * Steve Traugott ` . * + stevegt@TerraLuna.Org ...Organizational Evolution + ` . . stevegt@well.sf.ca.us Unix/Internet Systems Engineer . UUs-L@UBVM.BITNET List Manager Currently contracting in Summit, NJ . stevegt@usl.com ------------------------------ From: mark@datasoft.north.net (Mark Buckaway) Subject: Re: Linux bbs software? Date: Wed, 25 Aug 1993 02:47:40 GMT Scott Little (little@qucis.queensu.ca) wrote: : Have any bulletin board software packages been ported to Linux? : Where can such software be found? What are the hardware constraints? Why do you need BBS software? If you run Linux all you need is a shell to get to elm, tin, and something for a file section? I use the menu that came with Linux and utree for the file section. It works. If it matters, I am also writing my "BBS" program (more like a collection of BBS-like utilities) to support automatic addition of new users, color, etc.. Look for in a few months. Mark -- Mark Buckaway | "UNIX and OS/2 are operating systems, DataSoft Communications | Windows is a pitiful shell, System Administrator | DOS is an installible virus." root@datasoft.north.net | uunorth!datasoft!root | ====================================== ------------------------------ From: bmyers@dseg.ti.com (Bob Myers) Subject: Re: Linux bbs software? Reply-To: bmyers@dseg.ti.com Date: Thu, 26 Aug 1993 13:06:56 GMT In article 5921@datasoft.north.net, mark@datasoft.north.net (Mark Buckaway) writes: >Scott Little (little@qucis.queensu.ca) wrote: >: Have any bulletin board software packages been ported to Linux? >: Where can such software be found? What are the hardware constraints? > >Why do you need BBS software? If you run Linux all you need is a shell >to get to elm, tin, and something for a file section? I use the menu >that came with Linux and utree for the file section. It works. > >If it matters, I am also writing my "BBS" program (more like a >collection of BBS-like utilities) to support automatic addition of new >users, color, etc.. Look for in a few months. > >Mark > One of the main reasons is that you'd want some type of protection mechanism for accessing either files for downloading and/or newsgroup reading. I'm sure that you wouldn't want kids getting onto your bbs and downloading files/messages from alt.bin.pic.erotica.* or getting into discussions on the alt.sex.* tree either. I'm running Uniboard right now, and have had some good responces so far. I do have the ability to limit newsgroup access (yep, i get over 2100 newsgroups on my Linux system at home -- thank god for WorldBlazers and TurboPep.) One of the drawbacks so far is file transfers; I need to get some of the protocol sources and recompile them. -bob p.s. If you need an ftp address for uniboard, let me know... ------------------------------ From: wayne@rose.cs.odu.edu (C Wayne Huling) Subject: processes changing ownership Date: 26 Aug 93 14:04:29 GMT I have found my problems with the nfs I have been having.... but I didn't like what I found... my nfsd changes ownership on the fly.... upon bootup it is owned by one user, a few seconds later a different user..... really weird expierence... anyway, has anyone else had similar problems with Linux 0.99.pl9-1? ------------------------------ From: vinod@cse.iitb.ernet.in (Vinod G Kulkarni) Subject: Peculiar e2fs problem Date: Thu, 26 Aug 1993 15:20:50 GMT I suddenly got this very peculiar problem yesterday: I booted as usual from LILO and got login prompt. But other file systems were not mounted. When I tried to mount them manually (after logging in as root), I got the error 'cannot create /etc/mtab'. I could edit /etc/passwd and save it peacefully. Verified that the permissions to directory /etc are proper. (i.e. owned by bin, rwx for bin and rx for others. I did 'touch /etc/mtab; touch /etc/mtab~', and tried to mount again. It said 'only supervisor can mount'. 'id' gave me proper value of id=0, gid=0. I used another partition to boot, and I could mount this partition and access all the files! I tried e2fsck on that partition. There was one error (which I forgot) which it corrected. However, same things repeated, plus, it could not open tty's for writing.(So no login prompt also.) I did e2fsck again on that partition (after again logging from another partition) and this time it just quit without doing anything and without giving any message also. I am really surprised! But I can access this faulty partition as usual after booting from another partition! (I have still retained the partition, if anyone requires any info which I can get by using dd and send.) -Vinod. PS. I am bit confused whether it should be posted to admin or development (or help)! Someone please comment! -- Vinod Kulkarni. Watch your thoughts; they become words. research Scholar Watch your words; they become actions. Dept. of CSE, Watch your actions; they become habits. IIT, Bombay Watch your habits; they become character. INDIA Watch your character; it becomes your destiny. --- Frank Outlaw --- ------------------------------ From: gomez@enuxsa.eas.asu.edu (JL Gomez) Subject: big UUCP spool files Date: Thu, 26 Aug 1993 13:36:08 GMT Is there anything I can do short of adding cron entries to reduce the size of those UUCP spool files in .Log, .Admin, etc? One file was 16MB+! Thanks for the info! ------------------------------ From: mcook@fendahl.dev.cdx.mot.com (Michael Cook) Subject: Re: Why use shadow? Date: Thu, 26 Aug 1993 17:27:00 GMT joel@rac2.wam.umd.edu (Joel M. Hoffman) writes: >make sure users use >very< hard to guess passwords (like "UUwb3QbN") That's the one I always try *first*! O:^) ^(halo) M. ------------------------------ From: ranger@twain.ucs.umass.edu (Net Ranger) Subject: Re: Why use shadow? Date: 26 Aug 1993 19:52:16 GMT Joel M. Hoffman (joel@rac2.wam.umd.edu) wrote: : So, there are two possibilities. Either make sure users use >very< : hard to guess passwords (like "UUwb3QbN") or use /etc/shadow, and just HEY! how'd you find out my password!!!! better go change it...... *grin* -- =============================================================================. | Your .sig power has been revoked due to expiration of license. To reinstate | | .sig power please send a self addressed stamped envelope and we will send | | you the 25 page required renewal application. Please allow 6-8 months for | | delivery. | | --------------------------------------------------------------------------- | | Ranger@Titan.ucs.umass.edu (Net Ranger) | `-----------------------------------------------------------------------------' ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************