Admin Notes

Mostly Linux in general and Fedora Core 3 in particular related...

Linux Admin Notes

LDAP Setup

Separate LDAP dedicated to this topic.

Self-signed Certificates

Separate section dedicated to this topic.

Password protecting web directories

Authentication for Apache Sever

CUPS in LAN

Edit /etc/cups/cupsd.conf

In the section:

#BrowseProtocols cups

ensure that the LAN interface is uncommented and defined [for darkstar, LAN is on eth1]

#

# BrowseAddress: specifies a broadcast address to be used.

# By default browsing information is not sent!

[...]

BrowseAddress @IF(eth1)

DNS for LAN

Based on this article update /etc/named.conf to provide the authorative source of DNS information for example.com LAN domain and created files revp.192.168.2 [if LAN is in 192.168.2.0 subnet] and zone.com.example in /var/named directory.

Backups

Backups of /root, /etc, /home and /var/www/html directories are done by performing full [level 0] monthly backup and daily [level 1] incremental backups. Monthly and daily backups are controlled by scripts in /etc/cron.monthly/backup.sh and /etc/cron.daily/backup.sh which, in turn, invoke script in /root/backup directory.

Backed-up files are put in the directory on the separate disc [/mnt/media/backup/backup-monthly-0.tgz and /mnt/media/backup/backup-daily-1.tgz]. Level 1 backup will put incremental backup data relative to the last level 0 backup, so for full backup, both files are needed.

CUPS printing and windows clients

Setup windows client with the following http port [eg on a server named server and printer being Epson R200]:

http://server:631/printers/EsponR200

In order for windows clients to print to the CUPS printers, in /etc/cups/mime.types uncomment the line:

# application/octet-stream

and in /etc/cups/mime/convs

# application/octet-stream application/vnd.cups-raw 0

If after reboot, or power up of a USB printer mime.types gets rewritten, this is due to the operation of the system-config-printer utility. You need to specify that the queue is a raw queue in the system-config-printer tool. This is done by selecting Generic as the manufacturer and Raw Print Queue as the printer model. It seems that it is enough to just define one queue with the RAW capabilities to ensure that mime.types will not be overwritten.

PPD files for OpenOffice etc.

CUPS natively generated a PPD file. They can be found under /etc/cups/ppd/ directory.

Use the following procedure:

Start "spadmin", the printer setup program of OpenOffice as "root". Click on "Install new driver ..." and in the dialog use the "Browse" button to navigate to the directory where you have stored the PPD file for your printer. Choose the file in the file list and click "OK". Now your printer has an entry in the list "Existing printer drivers".

Enabling USB camera access to all users

Delete whatever is defined as /etc/hotplug/usb/usbcam [Typically default is a copy of usbcam.console, giving control only to the user who first accessed the console] and make it a symlink to /etc/hotplug/usb/usbcam.group. Edit usbcam.group to contain a group that all users you want to grant access to camera belong to. E.g.:

if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]

then

chmod g-rw "${DEVICE}"

chgrp cdrecording "${DEVICE}"

chmod g+rw "${DEVICE}"

fi

Where cdrecording is a group that allowed users belong to...

Mozilla stuff

To display favicons in the URL bar, create user.js file in the same directory where prefs.js is [e.g.:~/.mozilla/default/07mz48s3.slt/user.js]:

//

// user.js: Personal prefs which mozilla shouldn't overwrite.

//

//

// display favicons in the URL bar

user_pref("browser.chrome.favicons",true);

Useful XFree Info

xdpyinfo

Convert .cue/.bin mdf/mds to .iso in linux

For bin/cue Use bchunk

Usage: bchunk [-v] [-r] [-p (PSX)] [-w (wav)] [-s (swabaudio)]

[image.bin] [image.cue] [basename]

Example: bchunk foo.bin foo.cue foo

For mdf/mds use mdf2iso.

Usage :

mdf2iso [OPTION] [BASENAME.MDF]

OPTION

--cue Generate cue file

--help display this notice

Making an ISO Image

To make an ISO from your CD/DVD, place the media in your drive but do not mount it. If it automounts, unmount it.

dd if=/dev/dvd of=dvd.iso # for dvd

dd if=/dev/cdrom of=cd.iso # for cdrom

dd if=/dev/scd0 of=cd.iso # if cdrom is scsi

To make an ISO from files on your hard drive, create a directory which holds the files you want. Then use the mkisofs command.

mkisofs -o /tmp/cd.iso /tmp/directory/

This results in a file called cd.iso in folder /tmp which contains all the files and directories in /tmp/directory/.

Mounting ISO Images

mount -o loop -t iso9660 <ISO image file> <mount point>

SBC Yahoo DSL Postfix setup

As per http://efflandt.freeshell.org/sbc-smtp-auth.html#postfix [Click here for the the full article on SMTP AUTH]:

Add the following lines to /etc/postfix/main.cf

smtp_sasl_auth_enable = yes

smtp_sasl_security_options = noanonymous

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

relayhost = [smtp.sbcglobal.yahoo.com]

Create/edit the /etc/postfix/sasl_passwd file to contain:

smtp.sbcglobal.yahoo.com userid@sbcglobal.net:password

NOTE: Occasionally, SBC may change the DNS name of the relay server [currently smtp-sbc-v1.mail.vip.sc5.yahoo.com]. If that happens check the DNS resolution of smtp.sbcglobal.yahoo.com [e.g. dig smtp.sbcglobal.yahoo.com] and find out the new name and update the sasl_passwd accordingly.]

Then, do postmap /etc/postfix/sasl_passwd and postfix reload.

Also, it seems that there is no need to run /etc/init.d/saslauthd service for SASL support.

Linksys WAP11 Base Station management

Use SNMP based tool [e.g. ap-config] to access the WAP11 at, e.g. 192.168.2.247.

Playing GSM files [e.g. jfax voice mails]

Just use: play filename.gsm

CD Burning tools--access to non-root account

Changed group of all cdrtools utilities to cdrecording. Add users to the cdrecording group.

[root@darkstar ivan]# ll /usr/bin | grep cdrecording

-rws--x--- 1 root cdrecording 265925 Dec 23 06:36 cdda2wav

-rwxr-xr-x 1 root cdrecording 523696 Feb 26 05:15 cdrdao

-rws--x--- 1 root cdrecording 308841 Dec 23 06:36 cdrecord

-rws--x--- 2 root cdrecording 456777 Dec 23 06:36 mkhybrid

-rws--x--- 2 root cdrecording 456777 Dec 23 06:36 mkisofs

-rws--x--- 1 root cdrecording 150284 Dec 23 06:36 readcd

Enabling/Disabling System Services

/usr/sbin/ntsysv and then: spacebar to make selections, tab to get to OK button.

Finding out who is locking a device [e.g. /dev/dsp]

Run /sbin/fuser -v /dev/dsp

If a process is shown, kill it, or, find out what app is doing it [e.g. ps -ef | grep xxxx where xxxx is the number that /sbin/fuser has shown].

Find the largest file in directory

Top 10 files in KB:

find . -printf '%k %p\n'|sort -nr|head

Largest directory:

du -S | sort -n

up2date Fedora Core mirror sources

edit /etc/sysconfig/rhn/sources

e.g. to use faster mirror, such as stanford, edit as follows:

### an yum style repo

### format:

### type channel-label url

#yum fedora-core-1 http://fedora.redhat.com/releases/fedora-core-1

#yum updates-released http://fedora.redhat.com/updates/released/fedora-core-1

#yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1

yum fedora-core-1 ftp://linux.stanford.edu/pub/mirrors/fedora/linux/core/1/i386/os

yum updates-released ftp://linux.stanford.edu/pub/mirrors/fedora/linux/core/updates/1/i386

Firefox stuff

Grayed out "Open with" or "Save to disk" OK button

The problem lies in the MIMETYPES.

1. Exit Firefox

2. Navigate to your $HOME/.mozilla/firefox/default.m0t/

3. Open mimeTypes.rdf

4. Do a search for the filetype that isnt working (for example pdf)

5. Delete that section e.g.:

<RDF:Description RDF:about="urn:mimetype:handler:application/pdf"

NC:alwaysAsk="false"

NC:useSystemDefault="true">

<NC:externalApplication RDF:resource="urn:mimetype:externalApplication:application/pdf"/>

</RDF:Description>

6. Repeat until all references to that filetype are removed.

7. Save file, and restart Firefox.

Speed up firefox for broadband:

1.Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:

network.http.pipelining, network.http.proxy.pipelining, network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set "network.http.pipelining" to "true"

Set "network.http.proxy.pipelining" to "true"

Set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it receives.

Device Ownership [share the audio devices among multiple users]

Edit /etc/security/console.perms like this:

<snip>

# permission definitions

<snip>

<console> 0660 <sound> 0600 root.cdrecording

<snip>

Where users that should be allowed access to the device are members of the cdrecording group.

Explanation from RedHat's manual:

When a user logs into a machine under Red Hat Linux, the pam_console.so module is called by login or the graphical login programs, gdm and kdm. If this user is the first user to log in at the physical console—called the console user—the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. Once the user has logged out, ownership of the devices reverts back to the root user.

The devices affected include, but are not limited to, sound cards, diskette drives, and CD-ROM drives. This allows a local user to manipulate these devices without attaining root, thus simplifying common tasks for the console user. By modifying the file /etc/security/console.perms, the administrator can edit the list of devices controlled by pam_console.so.

FC3 and nVidia drivers

Nvidia drivers can provide the following error message to non root user:

Error: Could not open /dev/nvidiactl because the permissions are too resticitive. Please see the FREQUENTLY ASKED QUESTIONS section of /usr/share/doc/NVIDIA_GLX-1.0/README for steps to correct.

The suggested solution is to open the file /etc/security/console.perms then you should edit the file and remove the line that starts with "<dri>". I had to remove one other <dri> line. root was the only user I could log in with. my username just flashed a quick CRITICAL message. commenting out the line fixed this problem. I also had the problem of the permission not staying permantently set. The suggestion in the readme file didn't help. What you need to do is edit the file:

/etc/udev/permissions.d/50-udev.permissions and make the nvidia line look like this:

nvidia*:root:root:0666

This page last updated on 04/21/06