From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Tue, 17 Aug 93 06:25:17 EDT Subject: Linux-Admin Digest #4 Linux-Admin Digest #4, Volume #1 Tue, 17 Aug 93 06:25:17 EDT Contents: Re: Do we need a "tweaking" FAQ??? (John Henders) tar & mt (JL Gomez) Re: Optimizing X... (Michael Fulbright) Re: Why use shadow? (Rene COUGNENC) Re: Why use shadow? (Peter Mutsaers) Re: Do we need a "tweaking" FAQ??? (Deeran Peethamparam) Re: Why use shadow? (Martin-D. Lacasse) Re: Why use shadow? (Drew Eckhardt) Help> ifconfig & ifsetup and ethernet setup (Damon Atkins) * [A] SLIP Question: UDP works but TCP doesn't (SLS 1.0.3) (Luc Cluitmans) Re: bsd_ioctl is where? (Gerrit Nieuwenhuizen) Re: NFS mount fails with authentication error (U.Kunitz) Help 1)Booting SCO from LILO 2)common fs for both (Vinod G Kulkarni) Re: Why use shadow? (Jason Haar) Re: LILO like DOS executable Loader? (Vinod G Kulkarni) Re: Why use shadow? (Alan Cox) SLS cron perms are insecure (Klaus Frank) German keymap with pl11 doesn't work? (sn) Re: Stupid ... Stupid .. (and test) (Kevin Burtch) ---------------------------------------------------------------------------- From: jhenders@jonh.wimsey.bc.ca (John Henders) Subject: Re: Do we need a "tweaking" FAQ??? Date: Mon, 16 Aug 1993 21:41:32 GMT iain.lea@anl433.erlm.siemens.de (Iain Lea) writes: >Dan Newcombe (NEWCOMBE@AA.csc.Peachnet.EDU) wrote: >: >: After reading a posting earlier on how to get X to run faster on >: a Trident, perhaps it might be a good idea to put together a list >: of ways to get the best performance/usage out of your equipment. >Nice idea. But what first needs fixing/correcting is the 10's of small >inconsistences throughout the SLS distribution (for more info read the >install & config article that I posted a few days ago in c.o.l). There's also a general performance tweaking FAQ posted to comp.windows.x monthly. -- John Henders GO/MU/E d* -p+ c+++ l++ t- m--- s/++ g+ w+++ -x+ ------------------------------ Crossposted-To: comp.os.linux From: gomez@enuxsa.eas.asu.edu (JL Gomez) Subject: tar & mt Date: Tue, 17 Aug 1993 01:41:11 GMT I have a BusLogic 545S attached to a Tandberg 3600 SCSI tape drive. Doing a 'tar -c -b 128 . -f /dev/nrmt0' followed by a 'mt weof' makes the tape drive rewind. What I want to do is append a new directory path to the current tape position. How do I do this? -- gomez@enuxsa.eas.asu.edu ------------------------------ From: msf@astro.as.arizona.edu (Michael Fulbright) Subject: Re: Optimizing X... Date: 17 Aug 1993 03:05:57 GMT In article <24n71j$3a2@walt.ee.pdx.edu>, moyerg@cs.pdx.edu (Gary Moyer) writes: |> I've been playing with the X color server for the Trident 8900. |> |> I've tried just about every option to get the thing to speed up |> to no avail. |> |> Is it just slow ? Has anyone successfully seen a marked improvement |> in configuration? |> |> Hardware: 386DX40, 8M RAM, 1M TVGA. |> |> == |> Gary Moyer |> moyerg@cs.pdx.edu I'm in a similar situation. I can run xlock in 'swarm' mode and it really crawls. This is on a 386-33 with 16 megs ram and a ET4000 ISA SVGA board. I'm running Xfree386-1.3 color server. I dont believe system memory is a problem. I've noticed that xboing runs reasonable fast, whereas xlander or ico are dreadfully slow. I figured the case for the later two was that they are floating point intensive. Anyone have a feel for how much adding a 387 would help the floating point? Is it going to be 50% faster or 3 times faster? Michael Fulbright msf@as.arizona.edu ------------------------------ From: rene@renux.frmug.fr.net (Rene COUGNENC) Subject: Re: Why use shadow? Date: 16 Aug 1993 23:12:10 +0200 Ce brave Eugene Kim ecrit: > I installed a version of SLS Linux ages ago. It used the normal > passwd stuff for login, etc. When I installed a more recent > version of of SLS, I noticed it had switched to using shadow > passwords. > What is the advantage to using shadow versus just passwd? I The standard 'passwd' file can be read by any user. The passwords are encrypted, but you can find some packages like 'cracklib', using dictionaries, algorythms and... time, capable to guess some elementary passwords used by too many users. These programs are obviously designed for system administrators, to make security tests... But anyone can use them... :-) If your machine is used by many people, it is preferable to hide the encrypted passwd into a file owned and readable only by root (or setuid root programs). This is password shadowing. I personnally prefer the traditionnal passwd file, but as a victim of the softwares previously described..... I now use shadow-passwds on my machine :-( -- linux linux linux linux linux linux linux linux linux linux linux linux ------------------------------ From: muts@compi.hobby.nl (Peter Mutsaers) Subject: Re: Why use shadow? Date: Sun, 15 Aug 1993 22:52:53 GMT >> On 14 Aug 93 23:39:18 EDT, eekim@husc11.harvard.edu (Eugene Kim) >> said: EK> Using shadow also prevents me from just editing the passwd file EK> to add new users. Does anyone know why shadow is better than EK> passwd? Because someone with lots of CPU time on a CRAY can read the encrypted passwords and do a brute force guessing of passwords through this. If you are not too afraid for this rare case, indeed it is simpler to use no shadow password (with its multitude of support programs which clutter your system). I don't use it; I want to edit just /etc/passwd to add a user and resent those SYSV-ish administration 'tools' and scripts. But I grew up with BSD so that might be a reason... -- _____________________________________________ Peter Mutsaers, Bunnik (Ut), the Netherlands. ------------------------------ From: ins308z@aurora.cc.monash.edu.au (Deeran Peethamparam) Subject: Re: Do we need a "tweaking" FAQ??? Date: Tue, 17 Aug 1993 04:26:56 GMT Dan Newcombe (NEWCOMBE@AA.csc.Peachnet.EDU) wrote: : After reading a posting earlier on how to get X to run faster on : a Trident, perhaps it might be a good idea to put together a list : of ways to get the best performance/usage out of your equipment. This already exists, however, it's not Linux specific, but applies to all X server. It's a regular posting on comp.windows.x, and is also available via anon ftp from rtfm.mit.edu (don't remember where :-). It's full of good tips, check it out. Deeran (fvwm fan -- cheers to Rob Nation!) ------------------------------ From: isaac@elrond.physics.mcgill.ca (Martin-D. Lacasse) Subject: Re: Why use shadow? Date: Tue, 17 Aug 1993 06:23:28 GMT In article mark@macs.ee.mcgill.ca writes: > >>>> On 14 Aug 93 23:39:18 EDT, eekim@husc11.harvard.edu (Eugene Kim) said: > > Eugene> file to add new users. Does anyone know why shadow is better > Eugene> than passwd? > >The shadow passwd is there for security reasons. If the encrypted passwords >are in the passwd file, anyone with access to your system can copy them and >run the publicly available crack program on them, and chances are they'll >crack quite a few. By shadowing the passwords, non-priviledged users simply >cannot get access to the encrypted passwords. > Only true for equally safe machines: One can go on another less secure machine (sometime the same machine will do, depending on the U*x flavour) and calls ypcat! """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Martin-D. Lacasse internet: isaac@physics.mcgill.ca Physics Department voice: (514) 398-7027 McGill University fax: (514) 398-8434 Montreal, Quebec, Canada --------------------------------------------------------------------- ------------------------------ From: drew@caesar.cs.colorado.edu (Drew Eckhardt) Subject: Re: Why use shadow? Date: Tue, 17 Aug 1993 06:30:31 GMT In article <24ot7a$g6q@renux.frmug.fr.net> rene@renux.frmug.fr.net (Rene COUGNENC) writes: >Ce brave Eugene Kim ecrit: > >I personnally prefer the traditionnal passwd file, but as a victim of the >softwares previously described..... I now use shadow-passwds on my machine :-( It's not a real problem if your users use "uncrackable" passwords, ie non-alphas, mixed case non-dictionary words, long length, etc. where the increased search space makes brute-force attacks impractical. Competant users will choose such passwords by themselves, competant system administrators will force users to choose "uncrackable" passwords using /bin/passwd replacements like npasswd. -- Boycott USL/Novell for their absurd anti-BSDI lawsuit. | Condemn Colorado for Amendment Two. | Drew Eckhardt Use Linux, the fast, flexible, and free 386 unix | drew@cs.Colorado.EDU Will administer Unix for food | ------------------------------ From: nomad@deakin.OZ.AU (Damon Atkins) Subject: Help> ifconfig & ifsetup and ethernet setup Date: 17 Aug 1993 07:40:36 GMT Dear people, ifconfig, setup the ip stuff (works fine) ifsetup sets up the option on a device driver ie wd003 With the just newly installed new version of linux, it seems to me that a) /dev/eth0 is missing b) /dev/wd0 is missing (and also /dev/inet) I wish to be able to, with out recompiling linux to ifsetup -v /dev/eth0 io=280 irq=3 etc..... I assume that this is what the programme is for. (ie man ifsetup) Does any one known what the story is. ?? NB MAKEDEV does not known about /dev/eth0 /dev/wd0 /dev/inet Thanks Damon. ------------------------------ From: luc@krait.es.ele.tue.nl (Luc Cluitmans) Subject: * [A] SLIP Question: UDP works but TCP doesn't (SLS 1.0.3) Date: 13 Aug 1993 09:49:58 GMT A week ago I posted a question on getting SLIP working. I got an answer. I also got a lot of questions like 'Yeah, I've got the same problem. Can you send me any answers you get...'. This and the fact that my rmailfile got completely screwed up this morning (and I lost the adresses of the people requesting an answer) is the reason I post here. (I hope c.o.l.admin is the best group to post to. Where is c.o.l.networking? :-)) Original question (abreviated): >I recently installed LINUX on my 486 machine. Last weekend I tried to get SLIP >working. It works only half: I can get UDP connections but I cannot get TCP >connections! > >So 'ping' and some tools using UDP that I wrote myself work great, but the >more usefull tools like telnet, ftp, and remote X-connections block after >connecting. For example, FTP gets to the point where it tells me 'connected >to bla.foo.bar.timbuktu' and then is as responsive as a dodo. Answer: (thanks to jes@grendel.demon.co.uk (Jim Segrave)) > I'll lay you any odds that it's SLIP header compression. 99pl11 added > header compression (CSLIP). So yourassociates are not using CSLIP and > you are. If you are talking to a SLIP server which doesn't do CSLIP, > only UDP datagrams will get through (they never get their headers > compressed). The fix is to go to linux/net/inet/slip.c > > In sl_encaps, there is a line beginning > > len = slhc_compress(... > Comment out this line and you will stop sending CSLIP packets. You don't > need to alter the code for receiving CSLIP, though you can if you want. > To do this, go to the routine sl_bump. There's an if(1) around a big > block of code for receiving CSLIP. Change it to if(0). It works for me! Notice also that you should set your 'mtu' not too high. I use 256. Otherwise you may get effects like: 'I can get the first few Kbytes and then the link blocks'. Luc. luc@es.ele.tue.nl -- Luc Cluitmans luc@es.ele.tue.nl - DARK IN HERE, ISN'T IT? (Signature still under construction... -For over four years- Be very patient.) ------------------------------ From: nieuwhzn@dxgsia.cern.ch (Gerrit Nieuwenhuizen) Subject: Re: bsd_ioctl is where? Date: Tue, 17 Aug 1993 08:08:31 GMT hdesiato@wam.umd.edu (Digital Phantasmagoria) writes: >>>In ioctl.h ioctl is redefined (at least when _SGTTY_SOURCE is not set, >>>which should not be the case otherwise, for instance, RAW is not >>>defined properly) as bsd_ioctl. >>>So now the linker starts complaining that it can find bsd_ioctl. >>>My question: where is it??? >> >>My question as well. For the meanwhile, commenting out the #define >>seems to work just fine. >bsd_ioctl is in the BSD libs - when compiling, do something like >"gcc -blah bob.c -lbsd" > ^^^^^ this is the important part. >BTW, this is in the FAQ.. please check them first ;) >-Hui-Hui If I list the modules in libbsd.a tthen there is no bsd_ioctl in this lib. According to Olaf Flebbe I have an old system if I have a file like and should upgrade my libc.a to version 4.4.1. But I installed SLS in the beginning of june, so that must have been SLS1.02 and I am NOT prepared to do a new installation of SLS 1.03 untill all the problems are ironed out by the more `profesional' hackers. Well I have worked with Esix before Linux and it can never get as bad (as Esix) again (I hope). Gerrit J. van Nieuwenhuizen CERN-PPE-IO Building 595, R-004 CH-1211 Geneve 23 Switserland nieuwhzn@dxgsia (or NIEUWHZN@VXWA80) tel.: +41 22 767 4740 ------------------------------ From: kunitz@informatik.hu-berlin.de (U.Kunitz) Subject: Re: NFS mount fails with authentication error Date: 17 Aug 93 08:25:13 GMT In <1993Aug16.114429.13662@black.ox.ac.uk> mbeattie@black.ox.ac.uk (Malcolm Beattie) writes: >In article tgl@netcom.com (Tom Lane) writes: >>I'm a new user of Linux, so please bear with me if this is a FAQ. >>(Couldn't find anything about it in the NET-2 FAQ though...) >> >>I'm trying to network SLS 1.03 with a couple of HP workstations. >>I can't get Linux to NFS-mount the workstations' filesystems; >>it fails with this message: >> >>rpc mount: RPC: Authentication error; why = Invalid client credential >> >Some implementations of NFS have trouble if the client user is a >member of too many groups (i.e. appears in too many lines in >/etc/group.) Here, `too many' can mean 4 or 8 or 16, for example. >Type `groups' to see how many groups you're in. It's a problem of System V. System V don't know additional groups. You have to delete all additional group entries for the user, who mounts. (Root in almost every case.) Hope this helps. MfG Uli -- I know tha >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> t in my heart I f >>>> Ulrich Kunitz >>>> kunitz@informatik.hu-berlin.de >>>> eel like going ho >>>> >>>> Voice: (030) 513 11 52 >>>> me again But I k <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< now ... ------------------------------ From: vinod@cse.iitb.ernet.in (Vinod G Kulkarni) Subject: Help 1)Booting SCO from LILO 2)common fs for both Date: Tue, 17 Aug 1993 07:03:57 GMT I am having SCO and linux both on same disk on different partitions. Has anyone configured LILO to boot SCO? Please mail me the config file. I also would like to have a common partition between SCO and DOS containing user's home directories. Can you recommend any common file system? Which file system recommended? (Apart from MSDOG ...) I am trying to go in for Xenix. -- Vinod Kulkarni. Watch your thoughts; they become words. research Scholar Watch your words; they become actions. Dept. of CSE, Watch your actions; they become habits. IIT, Bombay Watch your habits; they become character. INDIA Watch your character; it becomes your destiny. --- Frank Outlaw --- ------------------------------ From: Jason Haar Subject: Re: Why use shadow? Date: Tue, 17 Aug 1993 09:45:02 GMT In article Peter Mutsaers (muts@compi.hobby.nl) wrote: > EK> Using shadow also prevents me from just editing the passwd file > EK> to add new users. Does anyone know why shadow is better than > EK> passwd? > Because someone with lots of CPU time on a CRAY can read the encrypted > passwords and do a brute force guessing of passwords through this. If ... Or even more time on a Linux box - you don't need a Cray to break passwords. We run CRACK on our Un*x systems every so often to catch users with bad passwords - it's unsettling how many it gets... -- Cheers Jason Haar, Network Consultant ------------------------------ From: vinod@cse.iitb.ernet.in (Vinod G Kulkarni) Subject: Re: LILO like DOS executable Loader? Date: Tue, 17 Aug 1993 07:09:00 GMT Brian E. Gallew (geek+@CMU.EDU) wrote: : bootlin works nicely for loading linux from DOS. One Caveat: loading : linux with bootlin will fail heinously (hard reset necessary) IFF you : install a memory manager (e.g. QEMM, 386^MAX). Linux wants to put the : cpu into protected mode from real mode, which can't be done once your : memory manager is loaded (already in protected mode). : -Brian And, bootlin doesnot allow setting kernel parameters like LILO especially the root device, ramdisk size etc. It does allow you to set the root device if it is be default 0. (I just saw the code, haven't tried it.) The root device of kernel should therefore be set beforehand using rdev. -VInod ------------------------------ From: iiitac@swan.pyr (Alan Cox) Subject: Re: Why use shadow? Date: Tue, 17 Aug 1993 08:59:54 GMT In article muts@compi.hobby.nl (Peter Mutsaers) writes: >Because someone with lots of CPU time on a CRAY can read the encrypted >passwords and do a brute force guessing of passwords through this. If This is a popular and very dangerous myth. A bog standard 386 PC is more than enough to do effective password cracking by running a dictionary over a password file. Crack takes a day to run on a 4Mb 386 here (also doing other work) and the first time I ran it to tighten up our password file it got 1/3rd of the passwords. YOU DONT NEED A CRAY :: YOU _DO_ NEED SHADOW PASSWORDS Alan Cox [iiitac@pyr.swan.ac.uk/ Computer.Society@swansea.ac.uk] ------------------------------ From: klausf@messua.informatik.rwth-aachen.de (Klaus Frank) Subject: SLS cron perms are insecure Date: 13 Aug 1993 12:33:17 GMT If you did install from SLS and plan to run the cron daemon on your system, be sure to change the permissions of the directories /usr/spool/cron and /usr/spool/cron/crontabs from 1777 to 700. The current permissions allow to create files like /usr/spool/cron/crontabs/root which are interpreted as cron tables regardless of their ownership. If you allow guest logins, this could be exploited by friendly users to remotely help you administrating your system, but I wouldn't rely on that... ------------------------------ From: sn@plato.chemietechnik.uni-dortmund.de (sn) Subject: German keymap with pl11 doesn't work? Date: 13 Aug 1993 12:07:11 GMT Hi, I installed SLS 1.02 on my system and upgraded to the pl 11 Kernel, gcc 2.4.5 and libc 4.4.1 I also got kbd.tar.gz off some ftp server. It contains loadkeys and dump- keys binary and source. I can't get the files compiled myself and the binaries don't work either. The error I'm getting when I try to compile them is "KEYBD_ALT_GR undefined" "KEYBD_SHIFT undefined" etc (some other special keys). I looked in /usr/include/linux/keyboard.h and there are only things like "KEYBD_L_ALT"/"KEYBD_R_ALT" etc. Do I need a newer version of the keyboard.tar for pl11? Any help is appreciated. -Sven | DOS is hell - Linux is heaven ------------------------------ From: kburtch@pts.mot.com (Kevin Burtch) Subject: Re: Stupid ... Stupid .. (and test) Reply-To: kburtch@pts.mot.com Date: Fri, 13 Aug 1993 13:13:53 GMT In article 4Fs@netcom.com, phough@netcom.com (Paul Houghton) writes: >Is this group alive ... It was empty so I just had to post >my stupid admin story ... > * interesting, and quite humorous sysadmin story deleted * ... The moral of this story: _Never_ do sysadmin stuff when you're tired! :) Kevin ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************