New Domain - Time for Fetchmail and IMAP

I registered for a new domain the other day. I had been using a .name domain, but Network Solutions can't seem to get its service act together. I'm tired of waiting on them to provide POP access to my mail.

So with the new domain comes a new email store. I figured that rather than setup the account on the current IMAP server (that I hope to soon retire), I would just fire up fetchmail on the new box and access via IMAP.

IMAP was the easy part. I modified the file /etc/xinetd.d/imap and changed disabled = yes to disabled = no, and restarted xinetd using service xinetd restart. I started Thunderbird on my desktop and configured the new server without incident.

Next, I setup my fetchmail configuration account. After going through all kinds of heartache earlier, I knew that .fetchmailrc should be located in /root. I setup the account with the new domain. Also, I added my gmail account. I had configured POP access last month, but haven't ever tried it out. This page shows a sample fetchmail configuration for gmail. I didn't use the uidl and fetchall options. They don't seem to be required for this setup. We'll see. Here's my config:

poll pop.gmail.com protocol POP3 port 995 user ‘xxx@gmail.com‘ password ‘xxx‘ is ‘xxx‘ here ssl

So next, I started fetchmail in root as a daemon process that should run every 15 minutes:

fetchmail -d 900

Unfortunately, I can't find fetchmail running as a service. However, when I tried to start it again, I was told that it was already running as a background. I told it to quit:

fetchmail -q

I checked, and the fetchmail-daemon package is installed.

A little more research (by looking at the server where fetchmail works), and I see that I forgot to setup /etc/fetchmailrc/. It includes the line set daemon = 900. After adding this and restarting, fetchmail shows up as a service.

Changing gears, I tried running fetchmail without the daemon mode - just to see if the configuration was working.

fetchmail -v

runs it in verbose mode, so that I can see the commands and results. I was able to connect to both servers (although gmail shows 13 messages where I only see two). However, no mail was transferred and the error SMTP connect to localhost failed was returned. Does this mean that I'm not running a mail program?

More tomorrow...

What's Next?

I know that I've been slacking off a little on this project, but work has been busy and I've been tired. After a long day of working on computer problems, it's tough to come home and think about computer problems. Things should level off soon once we are back to full staff.

Here's what's coming up:

Backup Procedure

I want to automatically copy files from the file server to the 2nd partition on my desktop. I hope to figure out a way to do some sort of "grandfather" plan, where I keep the last three backups.

IMAP

My daughter is getting her first email account for her birthday next month, so I will probably set her up first. Mine should be easy to move, as should my son's accounts. For my wife, it has to be totally transparent. I've been thinking about getting her a new address, so this may be the time.

Firewall

Before I setup IMAP to talk with the outside world (for the webmail connection), I need to setup a simple firewall using IPTABLES. After that I may investigate using something a little more solid. We'll see.

More as I think of it.

Playing with Samba/Linux File Security

As I mentioned earlier, we're having trouble working with the file server. We are used to having pretty much free reign in each others' directories and in the shared directories (pictures, music, downloads, etc.). This morning, I have time to play with things a bit.

First, I'm working on accessing the existing shared files and folders. Working with the Pictures directory, I first changed the group from root to users:

chgrp users Pictures -R

The -R parameter makes the command recursive - travelling through all of the subdirectories and making the group change on all files.

Next, I changed the file permissions from 0755 to 0775, which gives everyone in the users group write access.

chmod 0775 Pictures -R

Seems to work OK. We can now create directories and files in the Pictures directory.

To have these file permissions applied to new files automatically, I'm adding/changing these lines in /etc/samba/smb.conf.

In [files]:
create mask = 0775
directory mask = 0775

I restarted the Samba service and things work as expected. However, the new objects have the group set to the user name, not the users group. Adding one more line to the share configuration seems to have fixed that:

force group = users

Next, I'll tackle the user directories. Remember that I have a kind of complicated directory structure. The [homes] share is mapped to /home/Documents/%u, where Documents is a folder created by Mandrake when the user first logs in. This folder also shows up as a folder with the user's name in the [files] share. This means that there are two paths to the folder, and therefore, two ways to create a file in the folder. If the user comes in via the [files] share, the permission and group settings defined above will be enforced. This is fine, since we want files created by others to also be modifiable by others.

However, I also want to allow for private files and folders. I've setup a folder called private with a permission setting of 0700. Using hide unreadable = yes in the [files] share configuration, other users don't even know it is there. If I create new files in this folder, they should use the 0700 permission level, instead of the 0775 level prescribed in [files].

Here's the setup:

• Permissions on the Documents folder, and the named folder in /export are set to 0770 with the group set to users.
• The private folder is set to 0700 and the group is set to the user's group.
• The configuration in smb.conf includes inherit permissions = yes

So, if I create a file via the [files] share, all works as expected. But if I create a file via the [homes] share, the permissions are set (via inherit permissions), but the group is not. I want the file to inherit the group of the directory, but there doesn't seem to be an inherit group setting in Samba.

I guess I'll keep researching. Your comments are always appreciated.

File Security Issues

So, I'm having trouble using my new file shares. I need to figure out Linux file security, groups, Samba security, and default masks.

Unfortunately, I didn't have time this weekend to work on it. Hopefully, I'll have some down time during the X-mas break.

Recovering Lost Root Password

I hope this never happens to me - or to you. But, if it does, we have the solution at the ready.

This article from Linux Pipeline covers how to recover a system once the root password is lost.

Here is the meat of the article:

Lost Root Password
IMPORTANT: Physically disconnect your PC from the network and the Internet -- pull the Ethernet cable out, eject the wireless card, whatever. Just make sure you're offline. This is to protect your PC from possible Internet-borne attack while you're repairing the password. Please heed this warning and follow this safety procedure. Linux is vulnerable during these steps.

Follow this two-step process. Because the first step varies from distro to distro, we're presenting several alternatives, including an advanced version. The second step is pretty much the same across the board.

Step 1: Red Hat and Mandrake
Start with install CD #1 and boot with it. As the first screen appears, press F2 and type:

rescue (Type "linux rescue" for Red Hat.)

The computer should boot into rescue mode. The screen will display several options. Select: "mount the existing partitions" and go to the shell/console prompt. (Mandrake users: Boot into "failsafe" from the Lilo menu instead.)

Step 1: SuSE
Boot from your first install CD and press F1 at the first screen, then choose "Rescue System" from the menu and at the prompt type:

root (You do not need a password.)

Step 1: Other Distros
Boot from your first install CD (or any live CD like Knoppix) and at the boot prompt type:

linux single (For Knoppix type "knoppix single" without the quotes.)

The computer will boot in single user mode. You will see an odd looking prompt that might look something like: "sh-2.05b#".

Step 1: Advanced Alternative

If you're a regular reader of Scot's Newsletter and you carried out the Rescue CD Linux Explorers tip from the last newsletter issue, you already have a Linux rescue CD, which is required for this alternative to Step 1.

By booting with your rescue CD (or to a live Linux CD, such as Knoppix), you can bypass Step 1, mount the partition and, while logged in as root, skip right to Step 2 and make the changes to the files Step 2 requires.

Step 2
After following Step 1 as appropriate, type the following at the prompt:

# cd /etc (For Knoppix, first you must change directory to the partition with your lost-password distro.)

Step 2 requires you to make changes to these two files: "passwd" and "shadow." Type this line:

# vi passwd (This opens the file with the Vi editor.)

Next, press the I key, which places the Vi editor in Insert mode.

For more on the Vi editor, see the Vi Editor edition of Tips for Linux Explorers.

The first line of the passwd file will probably look like this:

root:x:0:0:root:/root:/bin/bash

Carefully delete the "x" after "root:" being sure to leave the colons in place. The first line should now read:

root::0:0:root:/root:/bin/bash

Save the file by pressing the Escape key and then typing:

ZZ

To edit the second file, type:

# vi shadow

Press the I key to place the Vi editor in Insert mode.

The first line of the shadow file is a long scrambled string of characters. Change it to:

root:::: (That's four colons.)

Save the file by pressing the Escape key and then typing:

ZZ

Now you can reboot your computer. Log in as your normal user, open a console, and type:

$ su
# passwd

And set the new root password. Log out as root:

Ctrl-D

And the job is done!

The Boot Process

I stumbled upon a link that explains the Linux boot process.

Neat stuff.

All Files Copied

After fixing my wife's username issues, I was able to copy the last of the files (her folder) to the new server. However, the old server locked up both times that I tried to copy all of the files at once. So, I began copying one folder at a time. The first few folders went well, but the 4th one locked up the old server again. After rebooting (again!) I skipped to the next folder, and everyting was fine.

I copied all of the other folders and files to the new server, and then tried the new folder one more time. Lock up!! The folder has a very long name that include several puctuation marks. It was created when someone tried to save a web page with graphics, and it only contains 5 small JPG files. I made a folder on the new server with a shorter, less-punctuated name, and copied the files in. Success!

The only thing left on the old server are files from older PCs that I have carried forward over the years. I'll go through these sometime before I wipe the drive and use it for something else. (20GB - It's so small it's cute!)

Changing a Win2K Username

As I mentioned last time, my wife's username on her machine didn't match the username on the Linux machine. I was worried that I would have to transfer her mail, bookmarks, software, etc to the new username. However, a little research showed a better way.

MalekTips had this hint that, even though it was written about WinXP, showed the simple steps to change a username. Basically, I brought up the user properties and typed in the new name. No software reinstalls, email imports or anything else.

When I tried to connect to the server, it still asked for a password each time, since there was no password on her desktop. I changed her password to match the Linux login, and all is well. Her machine is setup to not require a login, so she is ready to go as it powers up.

Old Fileserver is Dying

I've had to reboot the Win98 file server several times today. I think this is the day to move all of the files to the new system. I've got recent backups, but I don't want to lose the more recent stuff (a few days of pictures and web updates).

I'll copy each user's files one at a time, and switch their drive mappings as I go.

As I begin to copy files, the server has locked up again. Could be a long evening.

I've got my daughter's files copied, and mine and my son's are in progress.

There's a bit of a problem for my wife's machine. Her machine login isn't the same as the Linux username. Since the Linux username matches her email name, I'd like to keep it as is. This means that I have to change her Win2000 username, which will be a big pain. I have to move her Outlook Express settings, reinstall some software, move icons and favorites, and generally redo all kinds of things. This won't get done tonight!

I'm going to start the 7GB copy of the photos next. It will probably take several hours. I hope it will be done by morning.

Line Up

Here's a shot of the machines I've been talking so much about. All except for the first are running headless.



From the left, we first see the new desktop machine. Next, is the Compaq Presario that is the old desktop machine and the new Linux server. On the other side of the desk leg, we find the existing file server (Gateway) and the Linux IMAP server (Sony).

On top of the Sony I've located the DSL modem, router, and hub. The router has 4 10/100 ports and the hub has 5. With the 7 machines in the house, all are full. All of the machines have 100base-TX NICs except for the Gateway.

Installing Firefox - Configuring URPMI

It all started with me wanting to install Firefox on the Linux server - not so much to use it, just to try installing.

So, I downloaded the Linux tarball from the Mozilla Firefox download site. I was able to extract the install files, but had trouble running the install.

First, I tried installing from the graphical interface. I'm using Gnome (mostly because I think it looks better). Apparently, I don't know how to run a script or program as root in Gnome. I was finally able to run it under my username, and it installed fine. Once I found the executable and added it to the menu, I was ready to go... except ...other users couldn't see the program. It installed in my home directory tree. Not acceptable.

Next, I thought I would try running the install via a command prompt. I logged in as root and attempted to run the script. Bash kept telling me that the command was not found. No idea what command it was referring to.

When in doubt, I turn to Google for research. I searched for install firefox mandrake, and found this link. A poster suggested using URPMI to install it. I entered the command urpmi mozilla-firefox, but it couldn't find the package. It was time to configure URPMI.

The Easy URPMI page was suggested. This is a cool little page that suggests hosts for the various versions of Mandrake Linux and composes the URPMI configuration commands. I entered my selections and it gave me instructions. Also, there was a note at the bottom of the page:

Also, you might want to type urpmi.removemedia -a first, in order to reinitialize urpmi's setup.

I figured that I wanted to start fresh, so I ran the command. It promptly deleted the Installation CDs from the list of available media!

Now, I had to figure out how to get them back. Another search found help from LinuxQuestions.org - URPMI Install CD List. The suggested command didn't work, but a little man reading helped me form this command: urpmi.addmedia InstallationCD1 removable:///mnt/cdrom. I ran this for each of the three CDs. I haven't tested it yet.

Anyway, back to the install. Below are the commands suggested by Easy URPMI:


urpmi.addmedia plf http://plf.acnova.com/mandrake/10.0 with hdlist.cz

urpmi.addmedia main
ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/devel/10.0/i586/Mandrake/RPMS with ../base/hdlist.cz

urpmi.addmedia contrib ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/devel/10.0/contrib/i586 with ../../i586/Mandrake/base/hdlist2.cz

urpmi.addmedia jpackage ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/devel/10.0/contrib/jpackage/i586 with ../../../i586/Mandrake/base/hdlist3.cz

urpmi.addmedia club ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/devel/testing/Mandrakeclub/10.0 with hdlist.cz


All of these addmedia commands take a little time as the program reads package lists and builds indexes.

Finally, it's time to run the command. I refer back to the post mentioned earlier:

Then open terminal, su to root and type 'urpmi mozilla-firefox' and then "tada!" you have Firefox

I ran the command, and ... no tada! no Firefox! It took a while to find the executable, and even longer to find an icon. Why wouldn't the install at least attempt to create a link in a menu or on the desktop? This is why Linux is having trouble gaining a foothold on the desktop! I'm glad I'm doing mostly server stuff. The command line serves me well.

This process has been stretched out over a couple of days (due to work, family, sleep, quality TV time, trombone washing, etc), so I was quite ready to actually run the program. I fired it up, and the first page I saw was a warning to upgrade right away. Apparently, the version was 0.8! I was directed to the Mozilla site to download the latest tarball (do you see an endless loop forming here?)

I think instead I will wait until I stumble across an RPM for v1.0. Then, I get to learn about the wonderful world of upgrading!



UPDATE:
I guess I spoke too soon concerning the Firefox menu icon. Apparently, I have to log out and back in to see the changes. (A lot less annoying than not having an icon at all, but still annoying.) The menu item for Firefox is available in Gnome, KDE, and IceWM. Sorry for the rant.