Best of Technical Support

Various

Issue #67, November 1999

Our experts answer your technical questions.

Synchronizing Clocks

I would like to know how best to synchronize the clocks of the various Linux boxes (various kernels and distributions) on my LAN. —John Morley, jmorley@grafton.demon.co.uk

You should try NTP: www.eecis.udel.edu/~ntp. NTP software is included in common Linux distributions such as Red Hat. —Pierre Ficheux, pficheux@com1.fr

I personally run rdate from my computer's crontab. This gives me an accuracy within one second, which is satisfactory for normal interactive use of the net.—Alessandro Rubini, rubini@prosa.it

This is definitely a useful thing to do wherever you have more than one server, but there are many ways to accomplish it. The most common is to use the timed daemon. Read the man page of the daemon for a detailed description of how to use it. FYI, there are other programs you can download that will do the same job with slightly different features, but since timed is present on almost all modern UNIX systems, it's the best place to start. —Chad Robinson, chadr@brt.com

Kernel, Modules, Mouse

I am using SuSE Linux 6.1. I defined a new kernel configuration (using make xconfig). If I enable “modules” support, my mouse does not operate. Using exactly the same configuration but creating “monolithic” kernel (meaning that I changed all m's into y's) works fine. I spent a lot of time on this problem and got no results. Do you have any ideas? —Mark Shahaf, mshahaf@ibm.net

You likely have a problem with module autoloading. Try loading the module for your mouse by hand: modprobe psaux for example. Also, if the problem affects only your mouse, you can use modules but compile it in the kernel. Since you probably use the mouse all the time and the code isn't too big, you might as well compile it in the kernel. —Marc Merlin, merlin@varesearch.com

If the mouse driver is compiled as a module, you should load the module in order to be able to use the mouse. Try insmod psaux (or insmod serial if it is a serial mouse), or configure kmod to load it automatically. —Alessandro Rubini, rubini@prosa.it

startx and Colormaps

I am running Red Hat Linux 6.0. If I run in full multiuser mode (by setting the run level in the inittab file to 3), I can execute startx - -bpp 32 and have all the necessary colors displayed. However, if I change the run level from 3 to 5 in the inittab file to run X11 automatically, I receive the following results when I try to load some GUI applications:

Warning: Cannot allocate colormap entry for "gray71"
Warning: Cannot allocate colormap entry for "AntiqueWhite3"
Warning: Cannot allocate colormap entry for "AntiqueWhite2"
...

This happens even though I have already modified the last line in the /etc/X11/xdm/Xservers as follows:

:0 local /usr/X11R6/bin/X -bpp 32
Any suggestions please? —Mohsen Madi, mmadi@cs.umanitoba.ca

This is exactly what you are supposed to do if you use xdm. However, if you use gdm (the default in Red Hat 6.0), you now need to edit /etc/X11/gdm/gdm.conf. You will find this section:

[servers]
0=/usr/bin/X11/X

Just add your -bpp 32 there. —Marc Merlin, merlin@varesearch.com

Another startx Problem

When I type startx as a regular user, after the initialization of card, I receive this response:

X11TransSocketUNIXConnect : Can't connect: errno = 111
giving up
xinit: Connection refused(errno 111) unable to connect to X server
xinit: no such process(errno 3) server error
X11TransSocketUNIXConnect : Can't connect: errno = 111

I am running XF86 3.3.3.1-49. I found this very same post in the magazine I get; however, mine is a bit odd. I can run X as root with no problem. I have permissions set for all users to execute X, but things aren't going that way.

On another note, I downloaded the bz2 package of 2.2.10 and installed it. I added support for the /proc file system, for my Linux box to act mainly as a router, for forwarding, firewalling, masquerading and the extra networking goodies. However, when I rebooted, I had no /sys subdirectory under /proc. I do have the /proc directory tree, though. I can start the firewall with no problem and pass arguments to ipchains. When I run uname -a, I get this output:

Linux digitalklown.net 2.2.10 #1 Mon Jul 26 21:17:02 CDT 1999 i586 unknown
running rh6.0

—Jason Helfman, deklown@digitalklown.net

The reason you don't have /proc/sys is that you forgot to add sysctl support in the General setup section of the kernel configuration. When you face unknown problems like this, your best bet is to make sure your 2.2.10 tree is clean by typing make distclean (this will erase your .config file which contains all the compilation options you chose, so if your current copy is there, save it first). If you do have a .config file, now you can copy it into your 2.2.10 tree and build your kernel with the usual make clean (although useless here, since we just did make distclean); make dep; make install; make modules; make modules_install. If you do not have a .config you can get the .config Red Hat used for their kernel by installing the kernel sources by going to /usr/src/linux-version and typing make oldconfig. This will generate a .config in the same directory, and you'll be able to move it to your new 2.2.10 tree.

Following the above procedure should insure that you have a sane set of options selected in your kernel and that the kernel you end up with is built correctly. —Marc Merlin, merlin@varesearch.com

With startx, you fire both the X server and a set of default clients. The errors you report are the clients' errors, which show that the server is not running. You should look earlier on your screen to find why the server failed.

If the server is actually running, then you may have authorization problems. Please check whether your xauth setup is wrong or other authorization means are running and misconfigured. The /proc/sys tree is part of the sysctl implementation. If you didn't enable sysctl when configuring the kernel, no such tree is there. —Alessandro Rubini, rubini@prosa.it

SIS Drivers Problem

I installed Red Hat Linux 5.0 on my system which has a Cirrus Logic VGA card. I installed the X Window System and am running it with success. In my office, most of the systems have SIS 6215 VGA cards, and Linux 5.0 does not support this. I downloaded SIS drivers from Red Hat's site. I am using the PC-quest Red Hat Linux 5.0 CD which does not have SIS drivers. How do I insert the SIS drivers during installation, since I am installing from CD? Please clarify my doubts on how third-party drivers should be installed without CD during installation. —Munnangi Reddy, rajasekhara_m@hotmail.com

You can't. However, the installation doesn't use graphics, so you can install the system anyway. After installing, you can upgrade your X packages by installing the new RPM file using

rpm -i package

—Alessandro Rubini, rubini@prosa.it

If you want to use new XFree86-supported cards, you should upgrade both the XFree86 server (XFree86-SVGA...) and the Xconfigurator utility, which is used in order to generate an XF86Config file. All these packages are available from the Red Hat FTP server. —Pierre Ficheux, pficheux@com1.fr

PPP Advanced Question

I am using Red Hat version 6.0. I have PPP configured and working for dial-out to my ISP. It uses a dynamic IP address assigned by the server. I also wish to allow dial-in on the same system to allow for administration and tech support. The documentation states that you put the IP address you wish to assign to the port for dial-in users in the /etc/ppp/options.ttySx file. However, as long as I put an IP number in the file which corresponds with the dial-out port, my PPP dial-out fails. I know it is possible to support both dial-in and dynamic dial-out on the same port. The PPP HOWTOs state that it can be done. What do I have to do to get it to work?

Note: the options.ttySx file has only the single entry. All other options are in the options file. —Gerry George, ggeorge@digisolv.com

Actually, you would do this only if you have multiple serial ports and modems and you want to assign IP addresses dynamically to your users. If you have only one modem, you can simply assign the IP on the PPP command line. You could create a PPP user in /etc/password which launches this script in lieu of a shell:

#!/bin/sh
IFS=" "
export IFS
/usr/bin/mesg n
stty -tostop -echo
exec /usr/sbin/pppd modem crtscts proxyarp -d\
  -detach moremagic:ppp-guest

—Marc Merlin, merlin@varesearch.com

Multiple Authorized Users

We have several labs of Linux boxes available for student use at the University of Arizona Physics Dept., as well as a couple of older SPARCs which we are bringing somewhat up to date with the latest Linux releases. We have some security concerns about LILO and SILO. Several of these machines' consoles are openly available to the students, and we have been worried about the students forcing a reboot and bringing up Linux in single-user mode, gaining total access to the system. Admittedly, not much damage can be done from most of the machines, as most simply map their drives to the user directory of a more secure machine, but it's still a concern.

We've added the “password=/password/” and “restricted” lines to the respective /etc/lilo.conf and /etc/silo.conf files on each machine (and naturally added password protection to the BIOS to not allow booting from floppy); however, both lilo.conf and silo.conf are still readable to the average user. We want to retain the single-user mode availability for the lab crew and keep items contained in these config files, such as the image locations, available to those lab crew members without the security to modify the files. Is there a way to do this and yet prevent anyone from reading the password lines in lilo.conf/silo.conf? Should we forego using LILO/SILO altogether and use something else? —Sam Hart, hart@physics.arizona.edu

Using another boot loader would be a good idea, but there's an alternative. The LILO configuration file is used ONLY when you actually run the LILO command. It's not required at boot time. Thus, you could put the file onto a floppy that only your lab crew has access to. They can mount it when necessary and use the -C option to specify its location when updating a kernel or changing a boot option. —Chad Robinson, chadr@brt.com

I would get the source code from SILO and LILO and hard-code the password in there (make sure, then, that the binary is a 700, so that a user cannot run strings on them). —Marc Merlin, merlin@varesearch.com

Samba Problem

I have installed Samba 1.9.15p8 and I couldn't write to the Win98 PC. I am running Slackware 2.0.36. From the Linux box, I could read/write to Win98 box. From the Win98 box, I could read from my Linux box but not write. Any ideas?

(my /etc/smb.conf)
[public]
   path = /
   public = yes
   only guest = no
   writable = yes
   printable = no

—Hoo Kok Mun, hkmun@pacific.net.sg

Maybe you have some problems with Linux access rights on /. If you want to set up a public read/write directory, you should use a public directory such as /tmp. Here is my smb.conf config for /tmp:

[Tmp]
   comment = Temporary partition (rw)
   path = /tmp
   read only = no
   guest ok = yes
   case sensitive = no
   mangle case = yes
   preserve case = yes

If you want to test SAMBA more heavily from Win98, you may need to configure user access and passwords. Just add the following section in smb.conf:

[homes]
   guest ok = no
   read only = no

Don't forget Win98 uses encrypted passwords, so you should add the following lines in the [global] section of your smb.conf:

[global]
   security = share
   encrypt passwords = yes
   smb passwd file = /etc/smbpasswd

and add users and passwords with the smbpasswd command. —Pierre Ficheux, pficheux@com1.fr