How to make your own package CD for offline use

If you can't use the DVD images for some reason or want to help a friend with low internet bandwidth, here's a quick'n'dirty way to make your own transportable package CD:

1. Download all needed packages.
2. Put them all in one directory.
3. Open a terminal window, cd to the directory.
4. Enter the following command :
   

   $ dpkg-scanpackages . /dev/null | gzip > Packages.gz

5. Burn the directory on CD.
   

You can later add the CD as a package source with the command:

$ sudo apt-cdrom add

The 'add' option is used to add a new disc to the source list. It will unmount the CDROM device, prompt for a disk to be inserted and then proceed to scan it and copy the index files. If the disk does not have a proper disk directory structure, you will be prompted for a descriptive title. APT uses a CDROM ID to track which disc is currently in the drive and maintains a database of these IDs in /var/lib/apt/cdroms.list .

Note: This tip is specific to Ubuntu Linux but can be used for other debian based distros too.

Convert between RPM, Deb and tgz package formats

If you are using a debian (based) linux distribution like Ubuntu, then you will not be able to use the rpm command to install software in RPM format because Debian uses its own package management called dpkg. But there is an experimental software called Alien, that converts between the rpm, Debian deb,stampede slp, and slackware tgz file formats.

For example, if I want to install Inkscape which is in a binary RPM format in Ubuntu (or any debian distro), I use the following command:

# alien -i inkscape-2.1.3.rpm

The above command will unpack the rpm package into a directory, create a deb package and then install it on your system. Ofcourse, you can uninstall the package at a later date by using the relevent dpkg command.

SUDO - Give selective super user powers to users or a group of users

Sudo is a program which can be used by normal users to execute programs as super user or any other user - provided they are given the rights to do so. Sudo access is controlled by /etc/sudoers . The users listed in /etc/sudoers file can execute commands with an effective user id of 0 and a group id of root's group. This file should be edited with visudo, an editor and syntax checker. /etc/sudoers file contains mappings of variables to reference groups of users, hosts, or commands. To give a specific group of users limited root privileges, edit the file with visudo as follows:

# visudo

In the user alias specification section, list users and groups allowed to use the sudo command:

#FILE: /etc/sudoers
User_Alias LIMITEDTRUST=user1,user2,group1

In the command alias specification section, list the commands specifically allowed or denied execution as root:

Cmnd_Alias PROGRAMS=/etc/rc.d/init.d/httpd,/sbin/shutdown -h now
Cmnd_Alias SHELLS=/bin/sh,/bin/bash

In the user privilege specification section, list the users and groups allowed to use sudo and the commands that they may use:

LIMITEDTRUST ALL=PROGRAMS

Which means, the users user1, user2 and members in the group group1 are allowed to use sudo only with the commands listed in PROGRAMS.

user3 ALL=ALL !SHELLS

User3 is allowed execution of all programs other than those listed under SHELLS.

%group2 station1=ALL !SHELLS

This decleration means that every member of the group2 group can use sudo with every command when they are logged into station1. The only commands they may not use are /bin/sh and /bin/bash.

Note: An administrator will be contacted if a user not listed in /etc/sudoers attempts to use sudo.

Update (18th Dec 2005): Also visit SUDO home page

NIS - Client and Server Configuration

Network Information Service (NIS) is the traditional directory service on *nix platforms. The setup of NIS is relatively simple when compared to other directory services like LDAP. NIS stores administrative files like /etc/passwd, /etc/hosts and so on in Berkeley DB files. This data is made available over the network to all the clients that are connected to the NIS domain.

Drawback : The network connection is not encrypted and all transactions - including passwords - are sent in clear text.

Configuring an NIS Server

• Make sure the following packages are installed in your machine:
  

  ypserv : Contains the NIS server daemon (ypserv) and the NIS password daemon (yppasswdd).
  

  portmap : mandatory

  The yppasswdd daemon enables the NIS server to change the NIS database and password database information, at the client's request. In order to change your NIS password, the yppasswdd daemon must be running on the master server. From the client, one must use yppasswd to update a password within the NIS domain.
  


• Insert the following line in the /etc/sysconfig/network file:
  

  NISDOMAIN=mynisdomain



• Specify the networks you wish NIS to recognize in /var/yp/securenets .
  
  Eg:
  

  # Permit access to localhost:
host 127.0.0.1

#Permit access to xyz.com network:
255.255.255.0 192.168.0.0



• Insert the following lines in the /var/yp/Makefile :
  

  NOPUSH=true # Only if you have only a master NIS server else if you have even one slave server, set it to false
MERGE_GROUP=false # If you have any group passwords in /etc/gshadow that need to be merged into the NIS group map, set it to true.
MERGE_PASSWD=false # Set to true if you want to merge encrypted passwords from /etc/shadow into the NIS passwd map.

  
  Uncomment the following line :
  

  all: passwd group hosts netid ...



• If you have slave NIS servers then enter their names in /var/yp/ypservers .


• Finally run the following command:
  

  # /usr/lib/yp/ypinit -m

Configuring a slave NIS server

• Install ypserv package on the slave server.
  
• Make sure you have the name of the slave server listed in /var/yp/ypservers on the master server.
• Now issue the command :
  

  # /usr/lib/yp/ypinit -s masterserver

• Make sure the NOPUSH value in the /var/yp/Makefile on the master server is set to "false". Then when the master server's databases are updated, a call to the yppush executable will be made. yppush is responsible for transferring the updated contents from the master to the slaves. Only transfers within the same domain are made with yppush.
• Lastly start ypserv and yppasswdd daemons
  

  # service ypserv start
# service yppasswdd start

Configuring an NIS client

• Make sure the following packages are installed on your machine:
  ypbind - NIS client daemon
  authconfig - used for automatic configuration of NIS client.
  
  yp-tools: Contains utilities like ypcat, yppasswd, ypwhich and so on used for viewing and modifying the user account details within the NIS server.
  
  portmap (mandatory)
• There are two methods to configure an NIS client.
  
  • Method 1: Manual method
    
    • Enter the following line in the /etc/sysconfig/network file:
      

      NISDOMAIN=mynisdomain

    • Append the following line in /etc/yp.conf :
      

      domain mynisdomain server 192.168.0.1 # replace this with your NIS server address.

    • Make sure the following lines contain 'nis' as an option in the file /etc/nsswitch.conf file:
      

      passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
networks: files nis
protocols: files nis
publickey: nisplus
automount: files nis
netgroup: files nis
aliases: files nisplus

    • Finally restart ypbind and portmap.
      
  • Method 2: Run authconfig and follow directions.
• To check if you have succesfully configured NIS client, execute the following :
  

  # ypcat passwd

  The output will be the contents of the /etc/passwd file residing on the NIS server having user IDs greater than or equal to 500.

Sendmail Configuration - Relevent details

Sendmail is configured by editing the sendmail.mc file and then using the m4 program to write the contents to the sendmail.cf file. In the previous post, I had explained the working of sendmail in general as well as the configuration files used in sendmail.

Here I will list some of the configuration details of the sendmail.mc file.

For inserting comments in the file, you precede the line with 'dnl' - which literally means Delete-characters-to-NewLine. The file sendmail.mc is liberally commented and is very easy to follow.

Often, clients do not accept incoming mail themselves. A central mail server accepts all incoming mail and relays all outgoing mail. Client workstations "masquerade" as that mail server or as the domain (which has an appropriate MX record). This can be set up on the client by adding a few lines to the sendmail.mc file and regenerating the sendmail.cf file.

To forward all incoming mail to the central mail server - say mail.centralserver.com , uncomment the following line:

define('MAIL_HUB', 'mail.centralserver.com') dnl

Note : Central mail server's /etc/mail/local-host-names file must include the name of the host to which the incoming mail is addressed for this to work.

To deliver local mail locally but relay outgoing mail through mail.centralserver.com, set :

define('SMART_HOST','mail.centralserver.com') dnl

Note: The central mail server must allow the client host to relay through it (usually by setting up the server's /etc/mail/access file ) for this to work.

To masquerade addresses so that mail sent by a user at your host looks like it actually came from user@centralserver.com, set:

MASQUERADE_AS(`centralserver.com') dnl
FEATURE('allmasquerade') dnl
FEATURE('masquerade_envelope') dnl

It is often a good idea to not masquerade mail sent by certain users on your host - eg: root, postmaster and mailer-daemon. You can set this up with EXPOSED_USER directives:

EXPOSED_USER('root')dnl

To reduce spam on your machine:

FEATURE('dnsbl') dnl

The above line is used to check a DNS based blackhole list to reject connections from known spammers. By default, it points at a subscription service run by MAPS, but can take an argument to point at other blackhole lists. The above line can be specified several times to point to multiple lists. This feature is not enabled by default.

FEATURE('relay_based_on_MX') dnl

Automatically allows relaying if sendmail server is listed as the target domain's MX record.

Suppose you want to block mail destined for certain recipients; this can be achieved by uncommenting the following line:

FEATURE('blacklist_recipients') dnl

From now onwards, all entries listed in the /etc/mail/access file that has a REJECT or returns an ERROR code will be a blacklisted recipient. Enabled by default in sendmail.

If you want to receive mail from outside sources (disabled by default) then you have to comment out the following line:

dnl DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA') dnl

This removes the loopback restriction to accept email from internet or intranet.

These are only a few important configuration details. There are lots more which you can find in the sendmail.mc file. Usually sendmail starts working out of the box. Which means, you just install it and it starts working right away. And you only need to configure it if you need certain features like those listed above.

Sendmail - The versatile mail server

Sendmail is the default mail server installed in linux. It acts as both an MTA (Mail Transport Agent) as well as an MDA (Mail Delivery Agent).

What happens when you send an email ?

• Your email client - which is the Mail User Agent (MUA) passes message to its conmfigured MTA, usually a central mail gateway.
• The MTA routes message to the destination, forwarding to other intermediate MTAs as is necessary.
• Domain or destination MTA passes the message to the Mail Delivery Agent (MDA).
• Finally user recieves the message.
  

Coming back to sendmail - In Redhat based linux distributions, you have to make sure that there are 3 rpm packages installed for successful implementation of sendmail. They are :

1. sendmail
2. sendmail-cf and
3. sendmail-doc
   

Configuration files

• /etc/mail/sendmail.cf - This is the main configuration file for sendmail. It contains amoung other things, domain alias directives, header rewriting directives, relaying rules and so on. Usually you do not edit this file directly; but modify the /etc/mail/sendmail.mc file and then incorporate the changes into sendmail.cf by using the m4 command.
• /etc/mail/submit.cf - This file is used when sendmail is called by a user program. Normally it does not need modification.
• /etc/aliases - This file defines a list of local user aliases. For example, you can make root's mail be redirected to another user and so on. This file has to be hashed to the aliases.db format by running the newaliases command each time it is changed.
• /etc/mail/ - This directory contains access control, virtual user database and the above mentioned configuration source files. Note: If you change the contents of the files in this directory, you have to rehash the database by running the make command in the directory. Some of the important files in this directory are as follows:
  
  • local-host-aliases - This file lists all the aliases and domains which the mail server will accept in an incomming e-mail address for local delivery.
  • virtusertable - This file maps an email address to a local user. For example, you can send an incomming email to the target specified or forward it to another address.
  • access - The contents of this file acts as a filter which decides whether any mail from some user, domain or IP subnet has to be accepted, relayed or rejected. The file contents are divided into two columns. the first column lists the email address/IP address/domain ; and the second column specifies the action that is to be taken.
    
    The second column of this file can be one of a few different values:
    
    • REJECT - Rejects the sender with a general purpose message.
    • OK - Accepts mail (for recipt, not relay)
    • RELAY - Accepts mail for relaying to another server.
    • DISCARD - Discard the message completely
    • ERROR:550 your message - Like REJECT but returns with your specific message.
      

Modifying the sendmail.cf file

You do not modify the sendmail.cf file directly. But you make changes to the sendmail.mc file in the /etc/mail/ directory and then run the command :

# m4 sendmail.mc > sendmail.cf

Then restart the sendmail daemon.

# service sendmail restart

Debugging Sendmail
Check if sendmail is identifying your station's hostname correctly:

# sendmail -d0 < /dev/null

Version 8.12.11

Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT

============ SYSTEM IDENTITY (after readcf) =======
(short domain name) $w = localhost
(canonical domain name) $j = localhost.localdomain
(subdomain name) $m = localdomain
(node name) $k = localhost.localdomain
===================================================

Recipient names must be specified

/etc/mail/local-host-names must contain server's name and aliases

View SMTP exchange with local relay

# mail -v user

View messages queued for future delivery

# mailq

By default the above command displays the queue of messages waiting to be processed by your local MTA for delivery or relay to a remote MTA. Messages can sit in this queue for a long time if the remote host is refusing.

# mailq -Ac

This command displays the queue of messages waiting to be sent by your MSP to the local MTA relay. Messages can sit in this queue for a long time if your local host is having problems with name resolution.

View log in realtime

# tail -f /var/log/maillog

During any server configuration or testing, monitoring the appropriate logs with 'tail -f' can be invaluable.

Change your Mail Transport Agent (MTA) from Sendmail to Postfix and vice versa

Linux distributions like RedHat and Fedora ship with two Mail Transport Agents (MTAs) - sendmail and postfix . But at a time, you can use only one of the two - ie either sendmail or postfix. You can switch between the two very easily by using the 'alternatives' command.

With alternatives, an executable with a generic name on the filesystem is used to access a particular service. This executable is really a symbolic link to another symlink in the /etc/alternatives/ directory. For example, the '/usr/bin/sendmail' is actually a symbolic link to /etc/alternatives/mta . In order to select between sendmail or postfix, we just change the symlink for the /etc/alternatives/mta . This is normally done with the alternatives command. Here are some examples:

To display which MTA alternative is in use:

# alternatives --display mta

To choose from the available MTA alternatives from the command line :

# alternatives --config mta

To setup Postfix as the default mail system:

# alternatives --set mta

GUI Option

RedHat/Fedora has got a GUI for switching between the MTA's which is redhat-switch-mail.

Redirecting root's mail to another user account

Suppose all root's mail on your system is to be redirected to another account say 'ravi@yahoo.com' . This is achieved by modifying the /etc/aliases file and appending a line as follows:


#FILE: /etc/aliases
root: ravi@yahoo.com


Now, run the 'newaliases' command to convert the changed /etc/aliases file to the aliases.db database format.

$ newaliases

NOTE: You have to run the command newaliases each and every time you modify the /etc/aliases file.

Special shell variables used in shell scripts

These are the special shell variables which can be used in shell scripts in Linux.

$# The number of arguments.
$@ All arguments, as separate words.
$* All arguments, as one word.
$$ ID of the current process.
$? Exit status of the last command.
$0,$1,..$9,${10},${11}…${N} Positional parameters. After “9″ you must use the ${k} syntax.

For example, if you create a shell script as follows :

#!/bin/sh
#File: test.sh
echo $$

Now if you execute it, then you will find that it will print the program 'test.sh' process ID.

"Shutdown" and "Restart Computer" options in KDE

In Fedora, if you are using KDE, there is no option called "Shut Down" or "Restart Computer" , like you have in GNOME. This is because Fedora and RedHat uses Gnome Display Manager (GDM) as its underlying display manager ; even when you are using KDE.

To change the display manager in Fedora, append the following line in the /etc/sysconfig/desktop file :

#File: /etc/sysconfig/desktop
DISPLAYMANAGER="KDE"

... and restart X. Now you will have the option for shutting down and rebooting your machine in KDE.