Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

The problem with google analytic when you run your own server

On my website www.ribalba.de I run google analytic which lets me see how many people look at my website where they come from and what they are looking for. Not that it really matters but I am just interested in why people would want to read about me. Assuming I should only be interesting for about 50 (+/-) people in the World. But I also run some analyzers on my web server log files and it turns out that the main thing my server is doing is serving files I have outside of my wiki (which I use for my site) they are files that I just have in folders and that can be accessed through directory listing turned on. But these are never accounted for in analytics. So if I direct my browser to http://www.ribalba.de it will be saved in analytics but when I goto http://www.ribalba.de/geek it does not. So in some respect analytics is giving me a wrong picture. Further image downloads from my server are not displayed. So not really useful as you are forgetting a huge junk of data and so your analysis of your site is bound to be wrong.

wrong start data => wrong conclusion

Maybe Google should offer a method by which I can upload the log-files after logrotate has run and so the file is not used anymore. So always take with a grain of salt what google is trying to tell you.
at 1 comment:
Labels: , , , , ,

Trac with lighttpd on CentOS

I spent a few hours today trying to figure out how to get trac working with lighttpd on CentOS with the standard packages from rpmforge. Like always this seams to be quite easy but then you spend ages on the little things.

First of all you need to install trac via yum which is quite easy: yum install trac
This is assuming you have lighttpd already installed

So here is the section you have to put in your /etc/lighttpd/lighttpd.conf you will also have to enable a few modules at the start most notably mod_fastcgi but please always check that you have all the modules enabled.

$HTTP["host"] == "trac.mypage.org" {

url.rewrite = ( "^/$" => "/root")

server.document-root = "/var/www/trac"
alias.url = (
"/trac_prefix/chrome/common/" => "/usr/lib/python2.4/site-packages/trac/htdocs/",
)

# rewrite for multiple svn project
url.rewrite-final = (
"^/trac_prefix/[^/]+/chrome/common/(.*)" => "/chrome/common/$1",
)

$HTTP["url"] =~ "^/trac_prefix/chrome/" {
}
else $HTTP["url"] =~ "^/root" {
fastcgi.server = (
"/root" => ( # if trac_prefix is empty, use "/"
(
# options needed to have lighty spawn trac
"bin-path" => "/usr/lib/python2.4/site-packages/trac/web/fcgi_frontend.py",
"min-procs" => 1,
"max-procs" => 1,
"bin-environment" => (
"TRAC_ENV_PARENT_DIR" => "/var/trac/",
),

# options needed in all cases
"socket" => "/tmp/trac.sock",
"check-local" => "disable",

# optional
"disable-time" => 1,

# needed if trac_prefix is empty; and you need >= 1.4.23
"fix-root-scriptname" => "enable",
),
),
)
}
}


There is nothing special with the paths and the rest if quite standard. The one thing to note is that I couldn't get trac to live properly in the root directory. As soon as you select a project it will error => So we rewrite the url to add "root" to the end. The rest should be pretty straight forward. There is no authentication in this example but this will follow in a further post.
at No comments:
Labels: ,

A funny pic from LinuxTag


As many people know I like to drink and I like CentOS.
at No comments:
Labels: , ,

change ssh port

The server I mainly work on has been the target of many port scan attacks. Further as soon as these script kiddies notice that the SSH port is open they try all sorts of username and password combos. This is quite annoying as it clogs up the log files and if something serious happens you might not see it due to all the clutter. So we (the server users) decided to put SSH on some weird port. Now I had the problem that all my scripts and my svn repositories where relying on SSH to be the standard port. Changing this in all my machines would have been a massive pain. So I remembered that you can specify some information in ~/.ssh/config 
And here we go. This is all you need to change the port. As my home directory is synced between all my machines this change made the server available over the weird port but it still looks as if it would be the standard one to all the programs.
$ cat ~/.ssh/config
host mysnvserver.net
   Hostname mysvnserver.net
   Port 54321

at No comments:
Labels: , ,

lacheck port

And another port. This time a very useful little tool if you create latex documents.
Lacheck
LaCheck is a general purpose consistency checker for LaTeX documents.
It reads a LaTeX document and displays warning messages, if it finds
bad sequences. It should be noted, that the badness is very subjective.
LaCheck is designed to help find common mistakes in LaTeX documents,
especially those made by beginners.

Source RPM can be found at www.ribalba.de/geek/port/lacheck-1.26-1.src.rpm

Update: This RPM has been added to rpmforge
at No comments:
Labels: , , ,

Think multi core!

Just another hacking tip.
I normally write little bash scripts that do repeating jobs for me and I wrote a little script (simplified):
for i in `seq 100`; do ./ogp.py $i ; done
Very simple you would say. But where is the problem with this? This only uses one CPU core at a time. I normally work on a 2 core machine but I will be buying a 8 core soon. So this script only uses one. So now my script looks like this:
for i in `seq 100`; do ./ogp.py $i & done
Can you spot the difference. Now I background the job (&) and the loop continues to run. I will not clog up the process ques as the program only runs
$time ./ogp.py 1

real    0m0.034s
user    0m0.025s
sys     0m0.008s

But it makes some difference. No backgrounding:
$ time ./gentest

real    0m2.206s
user    0m1.479s
sys     0m0.727s
And backgrounding 
$ time ./gentest

real    0m1.128s
user    0m1.469s
sys     0m0.734s

So even with bash scripts you have to take the increase in core count serious.
Note: You don't need the line terminating ';' anymore as '&' acts as a line terminator too. So
for i in `seq 100`; do ./ogp.py $i &; done
Would be wrong
at No comments:
Labels: ,

xpdf in CentOs

I wanted Xpdf on my Centos machine, but I could not find a binary that had the newest patch level. So I used http://mbrisby.blogspot.com/2007/06/xpdf.html and extended it. I respect poppler and just add the program xpdf. Further I patch some known bugs.
Download the source rpm here : xpdf-3.02-5.src.rpm

Thank you Carl for the nice spec file. Here is my extended one.

%define _prefix /usr
%define _version 3.02

Summary:   open source viewer for Portable Document Format (PDF) files
Name:      xpdf
Version:   %{_version}
Release:   5
Source0:    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02.tar.gz
URL:       http://www.foolabs.com/xpdf/
Group:     Applications/Publishing
License:   GPLv2
Patch0:     ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Patch1:     ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Patch2:     patch-doc_sample-xpdfrc
Patch3:     patch-xpdf_Object_h
BuildRoot: %{_topdir}/BUILD/%{name}-buildroot
Prefix:    %{_prefix}



#Requires:  t1lib
Requires:  freetype > 2.0.5
Requires:  htmlview
Requires: urw-fonts
Requires: xdg-utils
Requires: poppler-utils
Requires: xorg-x11-fonts-ISO8859-1-75dpi

BuildRequires:  t1lib
BuildRequires: wxGTK
BuildRequires: t1lib-devel
BuildRequires: libpaper-devel
BuildPrereq: openmotif-devel
BuildPrereq: libX11-devel
BuildPrereq: freetype-devel >= 2.1.7
BuildPrereq: fileutils

%description
Xpdf is an open source viewer for Portable Document Format (PDF)
files.  (These are also sometimes also called 'Acrobat' files, from
the name of Adobe's PDF software.)  The Xpdf project also includes a
PDF text extractor, PDF-to-PostScript converter, and various other
utilities.

Xpdf runs under the X Window System on UNIX, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Xpdf is designed to be small and efficient.  It can use Type 1 or
TrueType fonts.

%prep
%setup -q
%patch -p1

%build

./configure --prefix=%{_prefix} --mandir=%{_mandir} --sysconfdir=/etc --with-freetype2-includes=/usr/include/freetype2

# ./configure \
#    --prefix=%{_prefix}
#    --mandir=%{_mandir}
#    --sysconfdir=/etc
#    --enable-multithreaded \
#    --enable-wordlist \
#    --with-x \
#    --with-gzip \
#    --enable-opi \
# #     --with-appdef-dir=%{_datadir}/X11/app-defaults/ \
#    --without-Xp-library \
#    --with-t1-library \
#    --with-freetype2-includes=/usr/include/freetype2/

make

%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install

#poppler does this now. Stupid but works
rm $RPM_BUILD_ROOT%{_bindir}/pdffonts
rm $RPM_BUILD_ROOT%{_bindir}/pdfimages
rm $RPM_BUILD_ROOT%{_bindir}/pdfinfo
rm $RPM_BUILD_ROOT%{_bindir}/pdftops
rm $RPM_BUILD_ROOT%{_bindir}/pdftotext
rm $RPM_BUILD_ROOT%{_bindir}/pdftoppm

rm $RPM_BUILD_ROOT%{_mandir}/man1/pdffonts.1*
rm $RPM_BUILD_ROOT%{_mandir}/man1/pdfimages.1*
rm $RPM_BUILD_ROOT%{_mandir}/man1/pdfinfo.1*
rm $RPM_BUILD_ROOT%{_mandir}/man1/pdftops.1*
rm $RPM_BUILD_ROOT%{_mandir}/man1/pdftotext.1*
rm $RPM_BUILD_ROOT%{_mandir}/man1/pdftoppm.1*


%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%doc ANNOUNCE COPYING CHANGES INSTALL README
%{_prefix}/bin/*
%{_mandir}/man1/*
%{_mandir}/man5/xpdfrc*
/etc/xpdfrc

%changelog
* Thu Nov 20 2008 Hoffmann Geerd-Dietger 
- added 3.02pl2.patch
* Fri Aug 24 2007 Martin Brisby 
- added 3.02pl1 patch
* Sat Jun 16 2007 Martin Brisby 
- initial specfile



If you want to avoid the Pdf passwords I recommend to add this patch:

$OpenBSD: patch-xpdf_XRef_cc,v 1.4 2008/04/25 19:19:05 deanna Exp $
--- xpdf/XRef.cc.orig Thu Apr 24 19:13:00 2008
+++ xpdf/XRef.cc Thu Apr 24 19:50:06 2008
@@ -771,19 +771,19 @@ void XRef::setEncryption(int permFlagsA, GBool ownerPa
}

GBool XRef::okToPrint(GBool ignoreOwnerPW) {
-  return (!ignoreOwnerPW && ownerPasswordOk) || (permFlags & permPrint);
+  return (1);
}

GBool XRef::okToChange(GBool ignoreOwnerPW) {
-  return (!ignoreOwnerPW && ownerPasswordOk) || (permFlags & permChange);
+  return (1);
}

GBool XRef::okToCopy(GBool ignoreOwnerPW) {
-  return (!ignoreOwnerPW && ownerPasswordOk) || (permFlags & permCopy);
+  return (1);
}

GBool XRef::okToAddNotes(GBool ignoreOwnerPW) {
-  return (!ignoreOwnerPW && ownerPasswordOk) || (permFlags & permNotes);
+  return (1);
}

Object *XRef::fetch(int num, int gen, Object *obj) {

at No comments:
Labels: , ,

Ubuntu is really helping Linux

I have been reading the core-utils mailing list for some time now and once in a while someone posts something that has nothing to do with core-utils. I don't know how they come to this specific list but they do. But this one just made me laugh out loud:
Oreste Fri, Oct 17, 2008 at 10:06 AM
Reply-To: oregferra@yahoo.it
To: bug-coreutils@gnu.org, coreutils@gnu-org

I am new to Linux. 20 day ago I installed Ubuntu 8.04 and enjoyed it. 3 days ago I downloaded the recommended updates (120 Mega), after that I also installed Wine, a version found on a magazine I think it was 1.01 or similar).
Now when I start ubuntu, after the request of inserting name and password I receive the following message:
"user's $Home/.dmrc file being ignored. This prevents the default session and language from being saved. File should be owned by user and have 644 permissions. User's $Home directory must be owned by user and not writable by other users".

When I press OK, after a few seconds a second message appears:
"The Gnome session manager was unable to lock the file '/home/oreste/.Iceauthority! Please report this as a gnome bug"

And after that everything goes back to the request of name and password. I tried different sessions but with no result. Of course I do not know how to use the line commands.
Please Help
Oreste

I love quite a few things with this mail. But clearly the best are
  • Of course I do not know how to use the line commands
  • Please report this as a gnome bug
  • Please Help
Who helped me when I got into these problems when I started Linux. I started learning the command line. There was no other way. I really don't like how these Windows users are changing to Linux to be different and then don't want to put in the work to learn it. I also don't like these people from Ubuntu acting like Linux is Windows. It's not. If you want to be different from the Linux crowd buy a Mac. And wait 24 hours for your home dir to be deleted. (See next post)

By the way here is a solution for your problem http://ubuntuforums.org/showthread.php?t=727677
or google is your friend.
at 2 comments:
Labels: , , ,

Why Debian is not Ubuntu and vice versa

Reading the arch Linux newsletter (http://www.archlinux.org/static/newsletters/newsletter-2008-Aug-04.html) and talking to some of my friends. I was noticing that many people now see ubuntu as debian, they are now seen as one thing. Many people that complain about ubuntu could just run debian. It has been quite a long time since I had a debian install but I think you can even install it without X. So if you don't want the bloated windows copy, that ubuntu is, but you still like the pakages why not install debian. Ubuntu might be using debian as a base source of packages but please don't say
(As of this writing, I'm still unaware of any bloat-free editions of Ubuntu.)
beacuse that is debian.
at No comments:
Labels:

Democratic Linux

All the current Linux, BSD distributions I know are pretty much dictatorships. There is either one person or a small group of developers that make all the important decisions. The most important group of people is mostly never asked about the change, the users. The attitude is we
"We make it, you deal with it" + "By all means you can always fork it and make your own distro"

From : http://www.eubios.info/biodict.htm
DICTATORSHIP : When dictatorship relates to a mode of governing in modern states, it labels the unrestricted power of one person (or a group of individuals), who actually monopolizes and exercises all political powers. Dictators shape rules without being subjugated to them, and their actions cannot be sanctioned by anyone. All these features stand in sharp contrast to DEMOCRACY. Dictatorship can also refer to a particular mode of exercising power within a community or an ad hoc group of people, which is unrestrained by exterior forces and not dependent on the will formation within the group. (BP)

I think this fits pretty much all *NIX distros, I know of. So why has no one come up with the idea of having a democratic distro. Where the users can vote on what they want the developers to do. This of course might not be as fun for the developers, but surly you can get a better OS out of this.
So my idea is that with the install you get a little vote tool. Here you can get some information on what you can vote on and then you submit your vote to a central server. Through this the developers can get a good impression on what the community wants.
Of course there are some problems:
  • How can you be sure no one has n virtual machines and votes n times
  • What should you be able to vote for (People, package changes, etc ..)
  • Should it be more like direct democracy or do you vote a representative every n months
  • etc...
I will try to investigate a little more. But why can something that works in the real world not work in a distro. I think this would give the users a feeling of being involved in the distro even without writing code.
at 1 comment:
Labels: , ,

atime

Quite a few times now I had to time a program and take the average execution time. I normally did this with a little bash loop and then used a rough estimate or gnuplot to tell me the average runtime. Now I wrote a little python script that does exactly that. So you give it a number of loops and the program to execute.
$  ./atime.py 4 "sleep 0.5"
real 0.5
user 0.0
sys 0.0

for now you have to put the commands in quotes so it will pass in the whole command. Further be carefull not to loop to many times. Error catching works on a very rudenmental level. 
$  ./atime.py 4 "xyz"
A error in the command has happend
/bin/sh: xyz: command not found

So if for your next assignment you need to take the average value of a program run time try atime.


 1 #!/usr/bin/python
 2 # A little tool that takes in a count and a command to
 3 # run and averages the execution time
 4 # ribalba@gmail.com
 5 
 6 import sys;
 7 import string;
 8 import os;
 9 
10 av_real = av_user = av_sys= 0
11 
12 looptimes = string.atoi(sys.argv[1])
13 
14 for i in xrange(looptimes):
15     commandout = os.popen3("time -p " + sys.argv[2])
16     sys.stdout.write ( commandout[1].read(),);
17     steddout = commandout[2].readlines()
18     if (len (steddout) > 3):
19         sys.stderr.write("A error in the command has happend\n")
20         sys.stderr.write(steddout[0] + "\n")
21         sys.exit()
22     av_real += (string.atof(steddout[0].split()[1]) / looptimes)
23     av_user += (string.atof(steddout[1].split()[1]) / looptimes)
24     av_sys += (string.atof(steddout[2].split()[1]) / looptimes)
25 else:
26   sys.stderr.write("real " + str(av_real) + "\n")
27   sys.stderr.write("user " + str(av_user) + "\n")
28   sys.stderr.write("sys " + str(av_sys ) + "\n")

[DOWNLOAD]
at No comments:
Labels: , , ,

Why there are two kinds of programmers

Nowadays Java is taught in most universities. After talking to many young programmers at work and reading this article on how to recognise a good programmer I have realised that you can’t call everyone a "programmer" anymore. You have to differentiate between people that program and people that know how to use libraries. At my work, people who only know Java and call them self computing professionals are laughed at (The story of an A student that didn’t know what a call stack was, is still told). This is due to the fact that if you write Java programs you actually only import the needed library and then use them. So when you learn Java you surely learn how the Object Oriented model works but that is about it. This is not specific to Java. If you look at Python, Perl or Ruby you can always see that all the low level stuff is already done for you. Just take the classic example of a linked list. I was talking to a German Computing student about the performance of a hash map to a linked list. It turned out he knew the concept but he had never programmed one before. He argued that nowadays programmers don’t have to know this because libraries will give this functionality to you. I don’t want to say that this is good or bad, but surly someone who doesn’t understand how pointers work will write different programs than someone who does. Maybe it is just a different approach. I learnt C way before any high level language. And even in Pascal I embedded Assembly to support my mouse. So I learnt programming from the bottom -> up. From low level (Assembly) to high level (Ruby). But library programmers will have to learn top to bottom, if they ever want/have to do something low level. So in short:

Library Programmers
  • Know very well how to use specific libraries for specific programming languages

  • Don’t really care too much about memory / CPU performance

  • “Get the job done” attitude

Low Programmers
  • Understand pointers (had the “pointer moment” as I call it)

  • Care, maybe too much, about performance

  • Care about writing “nice” programs


I still personally think that a bottom -> up approach will give you a more solid understanding of the high level languages.
I am starting to understand that programming is not about people that started with Pascal or Basic when they were nine. Programming has become a career choice. People are now studying computing because they think they can get a well paid laid back job afterwards. Of course this is annoying us passionate programmers that spent their childhood learning how to write slim quick code, because these are our values.
So if someone comes up to you and sais “I am a programmer, but I only know Java” Don’t condemn him right away. He is just a library programmer, if this is good or bad time will show.
at 1 comment:
Labels: , , , , ,

id -G funny group

I don't know if this is really a bug. But I would like to request some comments

On a system with afs, if you run

$ id -G
500 1102830893

you will get this very big number at the end.

$ id -G `whoami`
500

will not show this number. This is due to afs creating a group in
memory that is not in /etc/group . This of course becomes more
interesting if you run :

$ id -Gn
me id: cannot find name for group ID 1102830893
1102830893

groups behaves in the same way :
$ groups
me id: cannot find name for group ID 1102830893
1102830893

If you look into the id.c you can see why this is happening:
if (argc - optind == 1)
{
struct passwd *pwd = getpwnam (argv[optind]); /* Will go of to
/etc/nsswitch.conf and appropriate*/
if (pwd == NULL)
error (EXIT_FAILURE, 0, _("%s: No such user"), argv[optind]);
ruid = euid = pwd->pw_uid;
rgid = egid = pwd->pw_gid;
}
else
{
euid = geteuid (); /* glibc will do this */
ruid = getuid ();
egid = getegid ();
rgid = getgid ();
}

This is very easy to fix. I have already done this and it works.

I am aware that this is actually a problem of afs and not coreutils.

Hope this might help someone who is confused about that group :)
at 1 comment:
Labels: , , , ,

Rant about GNU again

I was just looking at OpenCVS and was browsing the OpenBSD cvs repro. Then I found the little program true. A while ago I looked at this in coreutils. And it was a 81 line program. That was basically true and false in one program depending on a #define [link]. Let's say a non self explanetory program at first sight. So now I was interrested how OpenBSD would do such a thing.
#! /bin/sh
#       $OpenBSD: true.sh,v 1.2 1996/06/26 05:32:50 deraadt Exp $

exit 0

#! /bin/sh
#       $OpenBSD: false.sh,v 1.2 1996/06/26 05:32:50 deraadt Exp $

exit 1
That was it. As easy as that.
A nother WHY do we use coreutils.
at No comments:
Labels: , ,

Why Gentoo is dead :(

I finally removed myself from all the Gentoo mailing lists. I did this with some sad thoughts. I had been using gentoo for almost 4 Years and it tough me quite a lot about Linux. Unfortunately I have been seeing the Gentoo project die over the past Year or so. After going to the Gentoo UK meeting in 2006 I noticed that nothing important / technical was discussed. It was all about the flame wars going on on the mailing lists. "How do we get more girls into gentoo? etc..". My friends that joined me, are still joke about it (Thx Will + Edd). Already then I could see the crumbling of the base. After some time I noticed that more and more packages where without developers and people didn't answer emails anymore. Version didn't get updated. That was the time when I decided I had to move. Then packages.gentoo.org went down without a replacement. This was a big shock, that this had happened, as everyone I knew was using this too look for packages. I moved on but still read the newsletters and the mailing list. Then the weekly newsletter stopped coming and the mailing list became a collection of `packages up for grabs`. Further they dropped the spark architecture due to all the developers leaving. Then a friend told me that they pushed out a broken update for expat. After flaming down Daniel Robbins offer to come back to gentoo and help it to recover 2 times gentoo was doomed. I could go on for ever with what went wrong. But I think the gentoo people should have taken the BSD attitude a little more serious
"SHUT UP AND CODE"
And stay a distro for geeks and not try to get into the ubuntu market. Because of this hacking wasn't fun anymore.
No I only have to administer 2 more gentoo boxes that I don't update anymore and am waiting till I can replace them with something alive.

Update:
It seams like the gentoo people are noticing that have a problem:
http://spyderous.livejournal.com/95715.html

After reading some comments I must say I changed to arch about 6 month ago and I love it.
I know someone is going to post a reply telling me that this is all not true and anyway it is my fault but I am just going to delete it without reading that crap.
at 10 comments:
Labels: ,

Eclipse fu*king sweet feature

For Java programming I use eclipse because of laziness. Now I tripped over a really nice feature. If you press the key and hover over a method it becomes underlined by a little blue line. I normally used this to jump around in my own classes. Just now by accident I clicked on the String.concat method and eclipse showed me the source of java.lang.String. So I could actually read what the String class does. This is really sweet as through this you can actually learn how Java works.
Well done eclipse.
I have been trying eclipse with c{\ and,++} but it really couldn't convince me there. But Java and eclipse just work so nicely.

Buy the way, i tried NetBeans (6.0.1) and it is still utter crap.
bash-3.00$ strace -p 2564
Process 2564 attached - interrupt to quit
[ Process PID=2564 runs in 32 bit mode. ]
futex(0xf7fc9be8, FUTEX_WAIT, 2565, NULL
at 1 comment:
Labels: ,

Thats why I hate ubuntu


After a system update I was confronted with this. I though Ubuntu was Linux and not Windows. Why would you need to restart Linux.

at 3 comments:
Labels:

pam_filter not working

So here is the problem you want to limit your cluster to a special user group. You have everything LDAP managed and use pam_ldap for authentication. But when you edit the /etc/ldap.conf and set a pam_filter nothing happens. First of all the the syntax of pam_filter :
(|(gidNumber=1028)(gidNumber=1160))
Will not work
Literally only
pam_filter gidNumber=1028
Will work. This is the way they stupidly implemented it
      else if (!strcasecmp (k, "pam_filter"))
 {
   CHECKPOINTER (result->filter = strdup (v));
 }

where v is everything after the ' '

   while (*v != '\0' && *v != ' ' && *v != '\t')
 v++;

   *(v++) = '\0';

For those that know C
So you can give it one value max. Now you have to modify the /etc/pam.d/system-auth file. The default configuration is:
[root@lxb5477 ~]# cat /etc/pam.d/system-auth.back | grep ldap
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
session     optional      /lib/security/$ISA/pam_ldap.so

But of course a optional is not really enough. You, of course, want that if the user doesn't fulfill your filter he should be chucked into nirvana. So change to:
[root@lxb5477 ~]# cat /etc/pam.d/system-auth | grep ldap
auth        required    /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_ldap.so
password    requried    /lib/security/$ISA/pam_ldap.so use_authtok
session     required      /lib/security/$ISA/pam_ldap.so

Through this if ldap fails the login fails.

But be aware that in /etc/nsswitch.conf files is before ldap
passwd:     files ldap
shadow:     files ldap
group:      files ldap

Otherwise you have locked yourself out :)
at 3 comments:
Labels: , ,

strcpy fu**ing easy

While trying to optimize some c code I had a look at the strcpy.c file and was astonished what to see there:

do
 {
   c = *s++;
   s[off] = c;
 }
while (c != '\0');

This is pretty much it. Some boundary checks. But THAT is it. And nearly all the files in glibc/string are like that.

update: (thx to Edd) the OpenBSD way of doing it
char *
strcpy(char *to, const char *from)
{
      char *save = to;

      for (; (*to = *from) != '\0'; ++from, ++to);
      return(save);
}

at No comments:
Labels: , ,

/dev/dog

After reading a post on edd's blog about a cat and that it wasn't a device I though ?Why not?
14:12 <> the cat is not a device driver ffs
14:13 < #4> cat /dev/cat ;)
So her you go. Now you can have a device called dog in Linux and feed it with
echo "Food" > /dev/dog
cat /dev/dog

If you want more features just tell me :)

 1: /*
 2:  * The Dog kernel module
 3:  * Creates a /dev/dog
 4:  *
 5:  * Hoffmann Geerd-Dietger 
 6:  * Thx to:
 7:  * Valerie Henson 
 8:  *
 9:  */
10: #define BUFFER 80
11: 
12: #include <linux/fs.h>
13: #include <linux/init.h>
14: #include <linux/miscdevice.h>
15: #include <linux/module.h>
16: #include <asm/uaccess.h>
17: 
18: MODULE_LICENSE("DUAL GPL/BSD");
19: MODULE_AUTHOR("Hoffmann Geerd-Dietger ");
20: MODULE_DESCRIPTION("A little dog living in /dev");
21: MODULE_VERSION("0.1");
22: 
23: 
24: static char hello_str[BUFFER]="Hello Master, just echo to me and then cat\n";
25: 
26: static ssize_t dog_write(struct file *filp, const char __user *buff,
27:                            size_t count, loff_t *offp)
28: {
29:   /* We don't care just chop it off */
30:   if (count >= BUFFER)
31:     count = BUFFER;
32: 
33:   if (copy_from_user(hello_str,buff, count))
34:     return -EINVAL;
35: 
36:   return count;
37: }
38: 
39: 
40: static ssize_t dog_read(struct file * file, char * buf,
41:                           size_t count, loff_t *ppos)
42: {
43: 
44:   if (count < BUFFER)
45:     return -EINVAL;
46: 
47:   if (*ppos != 0)
48:     return 0;
49: 
50:   if (copy_to_user(buf, hello_str, BUFFER))
51:     return -EINVAL;
52: 
53:   *ppos =  BUFFER;
54: 
55:   return BUFFER;
56: }
57: 
58: 
59: static const struct file_operations dog_fops = {
60:   .owner    = THIS_MODULE,
61:   .read     = dog_read,
62:   .write    = dog_write,
63: };
64: 
65: static struct miscdevice dog_dev = {MISC_DYNAMIC_MINOR,"dog",&dog_fops };
66: 
67: static int __init
68: dog_init(void)
69: {
70:   int ret;
71: 
72:   ret = misc_register(&dog_dev);
73:   if (ret)
74:     printk(KERN_ERR
75:            "Unable to register \"Dog\" misc device\n");
76: 
77:   printk("dog: Woof Woof\n");
78: 
79:   return ret;
80: }
81: 
82: module_init(dog_init);
83: 
84: static void __exit
85: dog_exit(void)
86: {
87:   misc_deregister(&dog_dev);
88:   printk("dog: Grrrrrrrrrrrrrrrrr");
89: }
90: 
91: module_exit(dog_exit); 


Makefile:

obj-m := dog_dev.o

KDIR  := /lib/modules/$(shell uname -r)/build
PWD   := $(shell pwd)

default:
      $(MAKE) -C $(KDIR) M=$(PWD) modules


Of course you have to insmod the module
at No comments:
Labels: ,
Subscribe to: Posts (Atom)