Best of Technical Support
Distributing /etc/shadow
I am hunting for a utility that I think already must exist somewhere. Here is the problem. Government computers need to have all passwords updated more frequently these days, including the root password. Until now, we had so many flavors of hardware and OSes that the thought of SSHing a copy of /etc/shadow or /etc/passwd to all machines was a moot point, simply because the different OSes required different entries for root. Overwriting the root entry on a machine with the syntax for the wrong OS was not worth it. I suppose the biggest problem with doing a blind overwriting of the files would result in possibly incorrect shells or login paths for root. However, we have been working at getting rid of all of the non-PC workstations we had (SGIs, Suns, HPs and so on) so we can attack the virus and patches problems with hopefully one OS to worry about. This means we simply can plop a new copy of the root entry for /etc/shadow or /etc/passwd to all machines via SSH.
Do you know if such a tool
exists? I imagine some sort of script has been
written that can be tweaked easily to propagate
the changes. Some machines are on a domain with a
DNS server. The ones not running DNS are running
NIS. I am not familiar with the DNS ones yet, but I
know the ones running NIS still have to have
root changed locally. So far, we have been telnetting
or SSHing to each machine one at a time to get the new
root password in, because the root password won't map
to each machine. The machines need the root accounts
updated, especially if we were to need to go to single-user mode.
—
Irene Paradis
irene.paradis@us.army.mil
NIS has been used classically to solve this problem. However, there is
really only one solution for the root password: you should update the
/etc/shadow file. You also could use a RADIUS server.
—
Christopher Wingert
cwingert@qualcomm.com
You can use rdist to push many copies of a file out
to your hosts. See www.magnicomp.com/rdist.
Alternatively, you could disable, or “star out” the
root password by putting a * in the encrypted password
field of /etc/shadow, and use sudo for everything.
—
Don Marti
dmarti@ssc.com
How to Pass an Option to the Kernel?
What does the “Try linux noacpi,
linux disableapic and linux
noacpi disableapic” suggestion on page 72 of the October 2004 issue mean
in response to a Fedora install question? My
AMD dual-MP 2800+ regularly crashes and screen dumps. I just noticed a
comment about acpi or apic—I need to read and record next
time—on the
last screen dump. Having just read the article, I was excited to reboot
and try those commands, but I couldn't locate them.
—
Doug Baker
cfdbaker@qwest.net
You are asked to pass noacpi or
ldisableapic or
noacpi disableapic as a command-line option to the
kernel. When the bootloader, GRUB or LILO, is asking
which OS or kernel to boot, you can
add these options. On LILO, press Ctrl-X to get a command line,
and then type linux noacp. I
am assuming that Linux is one of the options in the
LILO menu.
If this works outs for you, you can add this to
/etc/lilo.conf permanently.
—
Usman Ansari
usmansansari@yahoo.com
On the GRUB bootloader, the default for
Fedora, the process is similar. Check out
the Unofficial Fedora FAQ at
www.fedorafaq.org/#otherinstall.
—
Don Marti
dmarti@ssc.com
Testing CPU under Different Loads
I frequently test Linux machines as part of my job and am looking
for a way to load the CPU smoothly from 0% to 100% to see what happens
to certain applications. When I try to apply a smoothly ramping CPU load,
I usually get either 0% or 100% CPU usage. If I try to sleep for very
small increments, I get 0% alternating with 100%. Do you know of any tool
or proven way to ramp the CPU?
—
Patrick Killelea
p@patrick.net
You could run a program that alternates some CPU-intensive task, such as generating pseudorandom numbers, with calls to usleep. Tweaking the values of BUFSIZE and USLEEP in this program lets me get a range of CPU loads:
/* Build with 'gcc -Wall load.c -o load' */ #include <stdio.h> #include <unistd.h> #include <fcntl.h> #define BUFSIZE 1024 #define USLEEP 10000 char buf[BUFSIZE]; int main (int argc, char **argv) { int f; f = open("/dev/urandom", O_RDONLY); while (1) { read(f, &buf, BUFSIZE); usleep(USLEEP); } return 0; }
Thanks to Greg Kroah-Hartman for cleaning up the above code. See man
usleep. To exercise individual CPUs on an SMP machine, try the CPU
affinity system calls covered in Robert Love's article “CPU
Affinity” in the July 2003 issue.
—
Don Marti
dmarti@ssc.com
Single-User Mode
How can I enter single-user mode, runlevel 1, at
boot time?
—
Arthur Schroeder
showmeyr@yahoo.com
Edit your boot line in GRUB and add a single to the command line.
—
Christopher Wingert
cwingert@qualcomm.com
You can type single at the LILO
or GRUB prompt to boot your Linux machine into single-user mode. If you
always want to boot in single-user mode for some reason, you can modify
LILO or GRUB and pass single as an option to the kernel. Or, you can modify
the /etc/inittab file. There is a line at the top of this file—mine
reads id:3:initdefault on my Red Hat 9.0 Linux
box—in which you can
replace 3 with 1.
—
Usman Ansari
usmansansari@yahoo.com
Luke 5:37–38
I am attempting to install Red Hat Linux 7.1 on my
new Dimension 4600 Dell computer. The installation CD
starts, and I have the option to choose the kind of
installation I want. Whatever I choose, after
the computer starts to recognize my hardware—it
recognizes my CD-ROM and hard drives—it stops and
freezes. I can do nothing but turn off
my computer.
—
Joe Pietro
jm_pietro@hotmail.com
Before you waste too much time,
you should use a newer Linux distribution. Red Hat
7.1 is several years old. Chances are you will
have much better luck with a newer version. I
suggest you use Fedora Core 2. Fedora Core,
a branch of Red Hat, always has supported
Dell hardware for the most part. You can download
it from www.redhat.com.
—
Usman Ansari
usmansansari@yahoo.com
Red Hat 7.1 has no active source of security updates. It
sounds like your hardware has some security sense. See fedoralegacy.org for support for older versions of Red
Hat Linux. If you want a quick check on whether hardware is working and
Linux-compatible before installing, try the bootable CD distribution
Knoppix from knoppix.org first.
—
Don Marti
dmarti@ssc.com
Setting Serial Ports for USB-to-Serial Adapters
I have an application that attaches to multiple remote serial devices
via multiple USB to serial adapters. Is there a way to specify that each
USB device enumerates as a specific USB serial port, regardless of the order
in which the USB ports are connected? For example, I always want USB port
x to enumerate as
/dev/usb/ttyUSBy.
Because this application will be hosted in more than 200 locations, and it is
possible that the USB serial adapter might be replaced or upgraded with a
newer unit, solutions based on serial numbers of the USB device are not
optimum.
—
Jeff Dennison
If you are using the 2.6 kernel, udev can do this matching for you.
Simply define a rule based on something unique for a
specific USB-to-serial device and use that to name the device. You
mention that serial numbers will not work for you—try using the
topology of the USB device or something else that you can determine is
unique—uniqueness is the key here.
If you are using the 2.4 kernel, good luck. You can muck around in the
/proc/tty/drivers/usb-serial directory to try to determine which device
is attached to which /dev/ttyUSB node, but it's a bit difficult—one big reason to switch to a 2.6 kernel.
—
Greg Kroah-Hartman
greg@kroah.com
Setting Compiler Options for Gentoo
I'm a newbie trying to install Gentoo from a live CD using
a stage3 tarball. I've managed to get to the stage for optimizing my
distro. I'm supposed to flag various options using GCC make.
I need only enough to get working and understand the
basics at this time. Any advice?
—
Rebelrouser
Rebelrouser@blueyonder.co.uk
Stick to the settings already given for your live CD if you do not know
what to change. These settings already are present in the /etc/make.conf
file. Consult the Gentoo installation guide for more information on
this and how to install Gentoo properly.
—
Greg Kroah-Hartman
greg@kroah.com
Fedora Install Hangs
I am installing Fedora. During installation, at
Display Setting for the monitor, I choose color depth 256 and click OK.
But then my screen freezes and the display is unreadable (blue screen).
I don't have any command prompt. Please help.
—
Chris
fiston63@hotmail.com
You can decline to configure the graphics card and X. Once you have booted
after the installation is complete, try to configure X. Use the
lspci -vvv command to see what kind of card you have. If support for
your video card is not present, try the manufacturer's Web site for
available drivers.
—
Usman Ansari
usmansansari@yahoo.com
Faking Out the Oracle Installer
Does anyone know of a way to fool the Oracle
10g installer into thinking Slackware is Red Hat, so
it at least tries to install? If not, does anyone know
how it detects that Red Hat isn't there?
—
Blake Tullysmith
bdt@vipretech.com
You can use a tool called strace on the installer:
# strace oracle-installer
From here, you can figure out what the program is looking for when it
refuses to install.
—
Christopher Wingert
cwingert@qualcomm.com