Restricting FTP Users in a chroot-ed Jail:
----------------------------------------------------------
We can specify an explicit list of local users to
chroot to their home directories by specifying,
chroot_list_enable=YES
in /etc/vsftpd/vsftpd.conf
more over we need to specify the list of
users which are to be chroot-ed,
in a file specified by
chroot_list_file.
If chroot_list_file=/etc/vsftpd/chroot_users
then we need to enter the users' names in /etc/vsftpd/chroot_users.
Restart the ftp server and login as those users.
Check whether they CD to other
directories. Theres an additional syntax in vsftpd.conf
which just reverse the default configuration just like
userlist_deny=NO does for access rights.
If, chroot_local_user=YES,
then users who are NOT listed in /etc/vsftpd/chroot_users would only be chrooted.
Saturday, June 28, 2008
Monday, June 16, 2008
GNU/Linux as an ADC member
Configuring GNU/Linux as an active directory member:
-----------------------------------------------------------------------------
This time we are doing the reverse of what we did in the last blog. Adding a GNU/Linux machine (RHEL 5.0) to an Win 2k3 Domain Controller.
Configure a M$ Windows 2003 Server as a Domain Controller(DC)
for the domain JOINME.COM. The Active Directory Server name is ads.joinme.com with an ip address of 172.24.10.1
Note: Active Directory howto can be found here
Samba server machine is RHEL 5.0 with SELinux in permissive mode.
To Readers: All those starting with # are run by root user and ;'s are comments inside the configuration files
#vim /etc/samba/smb.conf
;for better performance add this
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
;name of the domain we want to join
workgroup = JOINME
server string = Member of JOINME.COM
;this samba server is not the local master browser
;for the subnet. local master browser stores all the
;NetBIOS names of all other machines in the subnet.
local master = no
;this server does not act as a Domain Master Browser too.
;DMB stores the NetBIOS names of all
;machines in the network. DMB collates
;browselists from all local master browsers.
domain master = no
;never force an election on startup of the
;machine to become local/domain master browser.
preferred master = no
;do not act as a wins server. Let some other host take up that burden.
wins support = no
;then who is the WINS Server?
wins server = 172.24.10.1
;never try DNS queries when an unregistered NetBIOS name has been found.
dns proxy = no
;the kerberos realm to use
realm = JOINME.COM
;make this machine a member of domain
;in an ADS realm. Kerberos should be installed
;and properly configured.
;join to ADS using the 'net' command
security = ADS
;do username/password validation using the ADS
password server = 172.24.10.1
;the seperator to be used between the
;domain name and the username.
;used in conjuction with pam_winbind.so
winbind separator = +
;winbind should operate without domain component.
;JOINME/mj0vy should be treated as mj0vy.
winbind use default domain = yes
;userid/grpid allocation for mapping
;windows SIDs to unix userids/grpids
idmap uid = 27000-33000
idmap gid = 27000-33000
;donot know why this parameters are used. Will do some
;R&D and come up with the solution soon.
winbind enum users = yes
winbind enum groups = yes
;home directory to be used by the domain users
;when winbind creates the unix password
;database from the windows SIDs.
template homedir = /home/%U
template shell = /bin/bash
log file = /var/log/samba/%m.log
;maximum log file size in KB (5 MB here)
max log size = 5120
printcap name = /etc/printcap
load printers = no
These are the default shares configured already.
[homes]
comment = Home directories for the users.
browseable = no
writeable = yes
[printers]
comment = Connected Printers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes
Kerberos Configuration:
----------------------------------
The Kerberos system authenticates individual users in a network environment. After authenticatin yourself to kerberos, we can use network facilities (rcp,rsh) without having to present passwords to remote hosts, provided the remote hosts support Kerberos system.When we authenticate with kerberos, we will get an initial kerberos ticket. Kerberos uses this ticket for network utilies as rlogin and rcp. However the tickets expire, privileged tickets, those with 'root' instance expire in a few minutes, others might live for more than a day depending on the policy.
Commands 'kinit' and 'kdestroy' are used to initiate and destroy tickets respectievely.
#vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5libs.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = JOINME.COM
dns_lookup_realm = yes
dns_lookup_kdc = yes
ticket_lifetime = 24h
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Adding the GNU/Linux machine to Active Directory:
-------------------------------------------------------------------------
Start the samba service.
#/etc/init.d/smb start
Initiate a kerberos ticket
#kinit ADMINISTRATOR@JOINME.COM
enter the administrator password in the DC.
Note: Make sure the GNU/Linux machine and the ADS are
having the same time. Othewise some clock skew error
message may throw up!
Now join the machine to ADS.
#net ads join
Winbind Configuration:
----------------------
#vim /etc/nsswitch.conf
passwd: files winbind
shadow: files
hosts: files winbind
#vim /etc/sysconfig/samba
WINBINDOPTIONS = "-B"
Tweak The Name Service Caching Daemon(NSCD):
----------------------------------------------------------------------
enable-cache passwd no
enable-cache group no
enable-cache hosts no
Now restart the network service
#/etc/init.d/network restart
Configure the pam aware services to use the pam_winbind.so shared object.
#vim /etc/pam.d/login
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Now restart the samba and winbind daemon.
#/etc/init.d/smb restart
#/etc/init.d/winbind restart
#chkconfig smb on ; chkconfig winbind on
Testing the whole configuration:
--------------------------------
#getent passwd
#getent group
#wbinfo -u
this will display the domain users
#wbinfo -g
this will display the domain groups
Note: The domain and the users/groups will be
separated by a '+' sign which we specified
with 'winbind separator'
-----------------------------------------------------------------------------
This time we are doing the reverse of what we did in the last blog. Adding a GNU/Linux machine (RHEL 5.0) to an Win 2k3 Domain Controller.
Configure a M$ Windows 2003 Server as a Domain Controller(DC)
for the domain JOINME.COM. The Active Directory Server name is ads.joinme.com with an ip address of 172.24.10.1
Note: Active Directory howto can be found here
Samba server machine is RHEL 5.0 with SELinux in permissive mode.
To Readers: All those starting with # are run by root user and ;'s are comments inside the configuration files
#vim /etc/samba/smb.conf
;for better performance add this
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
;name of the domain we want to join
workgroup = JOINME
server string = Member of JOINME.COM
;this samba server is not the local master browser
;for the subnet. local master browser stores all the
;NetBIOS names of all other machines in the subnet.
local master = no
;this server does not act as a Domain Master Browser too.
;DMB stores the NetBIOS names of all
;machines in the network. DMB collates
;browselists from all local master browsers.
domain master = no
;never force an election on startup of the
;machine to become local/domain master browser.
preferred master = no
;do not act as a wins server. Let some other host take up that burden.
wins support = no
;then who is the WINS Server?
wins server = 172.24.10.1
;never try DNS queries when an unregistered NetBIOS name has been found.
dns proxy = no
;the kerberos realm to use
realm = JOINME.COM
;make this machine a member of domain
;in an ADS realm. Kerberos should be installed
;and properly configured.
;join to ADS using the 'net' command
security = ADS
;do username/password validation using the ADS
password server = 172.24.10.1
;the seperator to be used between the
;domain name and the username.
;used in conjuction with pam_winbind.so
winbind separator = +
;winbind should operate without domain component.
;JOINME/mj0vy should be treated as mj0vy.
winbind use default domain = yes
;userid/grpid allocation for mapping
;windows SIDs to unix userids/grpids
idmap uid = 27000-33000
idmap gid = 27000-33000
;donot know why this parameters are used. Will do some
;R&D and come up with the solution soon.
winbind enum users = yes
winbind enum groups = yes
;home directory to be used by the domain users
;when winbind creates the unix password
;database from the windows SIDs.
template homedir = /home/%U
template shell = /bin/bash
log file = /var/log/samba/%m.log
;maximum log file size in KB (5 MB here)
max log size = 5120
printcap name = /etc/printcap
load printers = no
These are the default shares configured already.
[homes]
comment = Home directories for the users.
browseable = no
writeable = yes
[printers]
comment = Connected Printers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes
Kerberos Configuration:
----------------------------------
The Kerberos system authenticates individual users in a network environment. After authenticatin yourself to kerberos, we can use network facilities (rcp,rsh) without having to present passwords to remote hosts, provided the remote hosts support Kerberos system.When we authenticate with kerberos, we will get an initial kerberos ticket. Kerberos uses this ticket for network utilies as rlogin and rcp. However the tickets expire, privileged tickets, those with 'root' instance expire in a few minutes, others might live for more than a day depending on the policy.
Commands 'kinit' and 'kdestroy' are used to initiate and destroy tickets respectievely.
#vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5libs.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = JOINME.COM
dns_lookup_realm = yes
dns_lookup_kdc = yes
ticket_lifetime = 24h
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Adding the GNU/Linux machine to Active Directory:
-------------------------------------------------------------------------
Start the samba service.
#/etc/init.d/smb start
Initiate a kerberos ticket
#kinit ADMINISTRATOR@JOINME.COM
enter the administrator password in the DC.
Note: Make sure the GNU/Linux machine and the ADS are
having the same time. Othewise some clock skew error
message may throw up!
Now join the machine to ADS.
#net ads join
Winbind Configuration:
----------------------
#vim /etc/nsswitch.conf
passwd: files winbind
shadow: files
hosts: files winbind
#vim /etc/sysconfig/samba
WINBINDOPTIONS = "-B"
Tweak The Name Service Caching Daemon(NSCD):
----------------------------------------------------------------------
enable-cache passwd no
enable-cache group no
enable-cache hosts no
Now restart the network service
#/etc/init.d/network restart
Configure the pam aware services to use the pam_winbind.so shared object.
#vim /etc/pam.d/login
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Now restart the samba and winbind daemon.
#/etc/init.d/smb restart
#/etc/init.d/winbind restart
#chkconfig smb on ; chkconfig winbind on
Testing the whole configuration:
--------------------------------
#getent passwd
#getent group
#wbinfo -u
this will display the domain users
#wbinfo -g
this will display the domain groups
Note: The domain and the users/groups will be
separated by a '+' sign which we specified
with 'winbind separator'
GNU/Linux as PDC for M$ Windows with samba
This blog throws light on configuring Samba as PDC for M$ Windows machines on your network. The Linux distribution used is RHEL 5.0.
Eventhough, this works quite well, samba developers need to work more to make it compatible with M$ Windows ADC. Hope all will enjoy this...
To Readers: All those starting with # are run by root user and ;'s are comments inside the configuration files
#vim /etc/samba/smb.conf
;start global configuration section.
[global]
netbios name = TIKANGA
;this samba machine is given a NETBIOS name.
workgroup = PSEUDO
;this samba server acts a PDC for the domain PSEUDO
encrypt passwords = yes
;encrypted password negotiation
domain master = yes
;the samba server handles browsing elections for the
;domain across multiple subnets
local master = yes
;this makes samba force an election when it starts up.
;this 'oc level' (follows below) parameters makes it win
;the election, as this value is higher than any other
;M$ server implementations.
;Note: Make sure no other samba machine is set with higher
;'os level' value than this.
preferred master = yes
;this also forces the election at startup
os level = 65
security = user
;samba will prompt for a username and password.
;security = domain | ads is used if another DC
;handles the logons.
domain logons = yes
;this makes samba handle domain logons.
logon path = \\%L\profiles\%u
;this parameter is necessay if we want to support
;roaming profiles for ;win200x/XP/NT clients.
;this actually expands to \\PSEUDO\profiles\username
;we have a sharename profiles coming later
;in the configuration file.
logon script = logon.bat
;name of the MS-DOS batch file which must be executed
;when client logs on to the domain. The path
;specified is relative to the [netlogon] share
;specified later.
logon drive = L:
;this allows the home directory (if exists) of the user
;to be connected to L: drive under My Computer on client.
time server = yes
;this samba machine advertises itself as a
;time server for the domain.
admin users = mj0vy
;this list of users who have administrative
;privilege in this domain, such as joining clients
;to the domain and make work the
;machine add script on the fly.
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
;each client is considered as a user and
;are added on the fly as each client tries
;to connect with the administrative user account.
;Start of shares
[netlogon]
path = /etc/samba/netlogon
writable = no
browseable = no
;the [netlogon] share is necessary for samba
;to handle domain logons as
;M$ clients need to contact it during the
;logon process and if this share is not
;present logon process would fail.
;For security reason, writable and
;browseable permissions are removed.
[profiles]
path = /etc/samba/profiles
browseable = no
writeable = yes
create mask = 0600
directory mask = 0700
;the [profiles] share is used to store
;the roaming profiles of the users.
;The path points to a directory on the samba
;server where the updated profiles are saved
;on each individual user logons.
;Clients must read and write
;to this share.
[homes]
read only = no
browseable = no
guest ok = no
map archive = yes
;guest logons are disabled and there will
;be no path parameter as it will be
;fetched from /etc/passwd.
[backups]
comment = A Test share to check logon scripts!
path = /backups/samba
valid users = mj0vy sujith sreejith
writeable = yes
create mask = 0765
;this share is actually used to check whether
;the logon script has worked successfully or not!
;In logon.bat file, we will be scpecifying to make
;this share available as K: drive in the
;My Computer of every client. Sticky Bit file
;permissions are recommended for file security.
Making the users and shares:
------------------------------------------
Add the administrator (mj0vy) who could add machine users on the fly. [admin users = mj0vy]
#useradd -d /dev/null -s /sbin/nologin mj0vy
Lock down his unix accound password for security reasons.
#passwd -l mj0vy
Make him a samba user.
#smbpasswd -a mj0vy
#smbpasswd -e mj0vy (this is not required in higher samba versions)
Make the domain users.
#useradd sujith
#passwd -l sujith
#smbpasswd -a sujith
#smbpasswd -e sujith
#useradd sreejith
#passwd -l sreejith
#smbpasswd -a sreejith
#smbpasswd -e sreejith
Now make the directories for [netlogon], [profiles] and [backups] shares.
#mkdir -m 777 /etc/samba/{netlogon,profiles}
#mkdir -p -m 1777 /backups/samba
Now make logon.bat file inside /etc/samba/netlogon and make it executable by the root user.
Note: Running dos2unix against this file is recommended.
#vim /etc/samba/netlogon/logon.bat
net use K: \\TIKANGA\backups
Now start the samba service
#/etc/init.d/smb start
#chkconfig smb on
Note: running smbtree command gives you a tree like view of all the domains, servers and shares on the servers.
Adding Windows clients:
-----------------------------------
Right click My Computer, Take Computer Name, click change.
In the 'Member of' field enter the samba domain 'PSEUDO'. This will prompt a username and password who could
add this machine to the domain. (mj0vy here). You will be prompted to restart the machine once you joined the Domain.
When the machine comes up, press Ctrl+Alt+Del (hardcore M$ Windows users must be used to this TRAP) and select PSEUDO insead of This Machine.
Try logging in as the samba users.
Hope you enjoyed reading...
~mj0vy
Eventhough, this works quite well, samba developers need to work more to make it compatible with M$ Windows ADC. Hope all will enjoy this...
To Readers: All those starting with # are run by root user and ;'s are comments inside the configuration files
#vim /etc/samba/smb.conf
;start global configuration section.
[global]
netbios name = TIKANGA
;this samba machine is given a NETBIOS name.
workgroup = PSEUDO
;this samba server acts a PDC for the domain PSEUDO
encrypt passwords = yes
;encrypted password negotiation
domain master = yes
;the samba server handles browsing elections for the
;domain across multiple subnets
local master = yes
;this makes samba force an election when it starts up.
;this 'oc level' (follows below) parameters makes it win
;the election, as this value is higher than any other
;M$ server implementations.
;Note: Make sure no other samba machine is set with higher
;'os level' value than this.
preferred master = yes
;this also forces the election at startup
os level = 65
security = user
;samba will prompt for a username and password.
;security = domain | ads is used if another DC
;handles the logons.
domain logons = yes
;this makes samba handle domain logons.
logon path = \\%L\profiles\%u
;this parameter is necessay if we want to support
;roaming profiles for ;win200x/XP/NT clients.
;this actually expands to \\PSEUDO\profiles\username
;we have a sharename profiles coming later
;in the configuration file.
logon script = logon.bat
;name of the MS-DOS batch file which must be executed
;when client logs on to the domain. The path
;specified is relative to the [netlogon] share
;specified later.
logon drive = L:
;this allows the home directory (if exists) of the user
;to be connected to L: drive under My Computer on client.
time server = yes
;this samba machine advertises itself as a
;time server for the domain.
admin users = mj0vy
;this list of users who have administrative
;privilege in this domain, such as joining clients
;to the domain and make work the
;machine add script on the fly.
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
;each client is considered as a user and
;are added on the fly as each client tries
;to connect with the administrative user account.
;Start of shares
[netlogon]
path = /etc/samba/netlogon
writable = no
browseable = no
;the [netlogon] share is necessary for samba
;to handle domain logons as
;M$ clients need to contact it during the
;logon process and if this share is not
;present logon process would fail.
;For security reason, writable and
;browseable permissions are removed.
[profiles]
path = /etc/samba/profiles
browseable = no
writeable = yes
create mask = 0600
directory mask = 0700
;the [profiles] share is used to store
;the roaming profiles of the users.
;The path points to a directory on the samba
;server where the updated profiles are saved
;on each individual user logons.
;Clients must read and write
;to this share.
[homes]
read only = no
browseable = no
guest ok = no
map archive = yes
;guest logons are disabled and there will
;be no path parameter as it will be
;fetched from /etc/passwd.
[backups]
comment = A Test share to check logon scripts!
path = /backups/samba
valid users = mj0vy sujith sreejith
writeable = yes
create mask = 0765
;this share is actually used to check whether
;the logon script has worked successfully or not!
;In logon.bat file, we will be scpecifying to make
;this share available as K: drive in the
;My Computer of every client. Sticky Bit file
;permissions are recommended for file security.
Making the users and shares:
------------------------------------------
Add the administrator (mj0vy) who could add machine users on the fly. [admin users = mj0vy]
#useradd -d /dev/null -s /sbin/nologin mj0vy
Lock down his unix accound password for security reasons.
#passwd -l mj0vy
Make him a samba user.
#smbpasswd -a mj0vy
#smbpasswd -e mj0vy (this is not required in higher samba versions)
Make the domain users.
#useradd sujith
#passwd -l sujith
#smbpasswd -a sujith
#smbpasswd -e sujith
#useradd sreejith
#passwd -l sreejith
#smbpasswd -a sreejith
#smbpasswd -e sreejith
Now make the directories for [netlogon], [profiles] and [backups] shares.
#mkdir -m 777 /etc/samba/{netlogon,profiles}
#mkdir -p -m 1777 /backups/samba
Now make logon.bat file inside /etc/samba/netlogon and make it executable by the root user.
Note: Running dos2unix against this file is recommended.
#vim /etc/samba/netlogon/logon.bat
net use K: \\TIKANGA\backups
Now start the samba service
#/etc/init.d/smb start
#chkconfig smb on
Note: running smbtree command gives you a tree like view of all the domains, servers and shares on the servers.
Adding Windows clients:
-----------------------------------
Right click My Computer, Take Computer Name, click change.
In the 'Member of' field enter the samba domain 'PSEUDO'. This will prompt a username and password who could
add this machine to the domain. (mj0vy here). You will be prompted to restart the machine once you joined the Domain.
When the machine comes up, press Ctrl+Alt+Del (hardcore M$ Windows users must be used to this TRAP) and select PSEUDO insead of This Machine.
Try logging in as the samba users.
Hope you enjoyed reading...
~mj0vy
Monday, December 31, 2007
Mask Me...!?!!!
echo "2007" > /dev/null
Years are going by... so does my age...! wish i could execute "chage -E never mj0vy"
In a way, 2007 was good for me...! Atleast i have started blogging. This year i could really catch up with linux to some extend...! Nothing more to say..!
Lets get into the matter,
Last week me and my friend Gigith were checking the mask flag in setfacl command...! we did some experimentation and finally came up with a good solution.
I assume you all know how to do basic things with setfacl.
i am starting by creating an empty file
#touch /myfile
Note: touch is used to update the timestamp of a file.
#chmod 750 /myfile
I have given the permission for group as read and write ( 4 + 1 )
I am granting full permission for the user tux in that file.
#setfacl -m u:redhat:rwx /myfile
Now the mask of the file would be assigned the maximum value , is rwx(7), but still the owning group's permission would still be read and write only.
#chmod 700 /myfile
Now i negated the permission of group from that file, resulting in the change of mask value from rw to null. But the important thing to note here is that, the owning groups permission would still be 5(r-x), as it was the permission given at the beginning of this setfacl testing operation. But the effective permission of the owning group and the named user would be the permission common between the owning group and the mask. So here, the effective permission would be - - - for both the owning group and named user.
Here the owning group is the group affiliated to /myfile and the named user is the user tux.
Note: whenever the setfacl command is invoked on the file /myfile, the mask is again changed to its maximum value.
Years are going by... so does my age...! wish i could execute "chage -E never mj0vy"
In a way, 2007 was good for me...! Atleast i have started blogging. This year i could really catch up with linux to some extend...! Nothing more to say..!
Lets get into the matter,
Last week me and my friend Gigith were checking the mask flag in setfacl command...! we did some experimentation and finally came up with a good solution.
I assume you all know how to do basic things with setfacl.
i am starting by creating an empty file
#touch /myfile
Note: touch is used to update the timestamp of a file.
#chmod 750 /myfile
I have given the permission for group as read and write ( 4 + 1 )
I am granting full permission for the user tux in that file.
#setfacl -m u:redhat:rwx /myfile
Now the mask of the file would be assigned the maximum value , is rwx(7), but still the owning group's permission would still be read and write only.
#chmod 700 /myfile
Now i negated the permission of group from that file, resulting in the change of mask value from rw to null. But the important thing to note here is that, the owning groups permission would still be 5(r-x), as it was the permission given at the beginning of this setfacl testing operation. But the effective permission of the owning group and the named user would be the permission common between the owning group and the mask. So here, the effective permission would be - - - for both the owning group and named user.
Here the owning group is the group affiliated to /myfile and the named user is the user tux.
Note: whenever the setfacl command is invoked on the file /myfile, the mask is again changed to its maximum value.
Monday, December 3, 2007
file: DRAG me into CD/RW :)
Its high time we must bid bye-byes to cdrecord and growisofs...!
Until yesterday were were using the ISO9660 filesystem for burning the CDs and DVDs. But from now, its an oblivion.... welcome UDF.. Universal Disk Format..!
UDF lets us write datas incrementally to a mounted filessytem.
For this to work you should have the udftools package installed on your system, one blank cdrw, distribution of linux with a 2.6 kernel ( i tested in RHEL 5.0 ).
you can get the udftools package from here
here we goooooooo
Step 1:
Insert the blank cdrw into the drive and using the cdrwtool command which
we got from the udftools package, we are doing to blank the cdrw first..
Assuming your cd-burner is connected as secondary master..(/dev/hdc)
#cdrwtool -d /dev/hdc -t 4 -l 3 -q
( man cdrwtool )
this would blank the cdrw. Please be patient, it might take SOME time..!
Step 2:
We need to associate the blank formatted media with a packet device using the command pktsetup.
#pktsetup dragme /dev/hdc
Step 3:
Now we need to format the media with the udf filesystem,
#mkudffs --media-type=cdrw --udfrev=0x0150 /dev/pktcdvd/dragme
Step 4:
Now we need to make a mountpoint, let me give it as /drag-n-drop
#mkdir /drag-n-drop
#mount -t udf -o rw /dev/pktcdvd/dragme /drag-n-drop
#chmod 777 /drag-n-drop
(If you want local uses also to drag-n-drop something into it)
Now try some drag and dropping into that mountpoint
Now about the unmounting,
Its always safe to sync before unmouting,
So,
#sync
#umount /dev/pktcdvd/dragme
Then we can release the device /dev/pktcdvd/dragme from the packet device association.
#pktsetup -d /dev/pktcdvd/dragme
NOTE: Its always good to mount the packet device with noatime mount option if you want to ignore the number of rewrites in your media.
Now if you want to mount this media in other machine,
make a packet device with pktsetup and associate it with the device of your cd-drive
#pktsetup dragger /dev/hdd
This will map /dev/pktcdvd/dragger with /dev/hdd
Now you can mount the packet device and use it
#mount -t udf /dev/pktcdvd/dragger /mnt
~mj0vy
Until yesterday were were using the ISO9660 filesystem for burning the CDs and DVDs. But from now, its an oblivion.... welcome UDF.. Universal Disk Format..!
UDF lets us write datas incrementally to a mounted filessytem.
For this to work you should have the udftools package installed on your system, one blank cdrw, distribution of linux with a 2.6 kernel ( i tested in RHEL 5.0 ).
you can get the udftools package from here
here we goooooooo
Step 1:
Insert the blank cdrw into the drive and using the cdrwtool command which
we got from the udftools package, we are doing to blank the cdrw first..
Assuming your cd-burner is connected as secondary master..(/dev/hdc)
#cdrwtool -d /dev/hdc -t 4 -l 3 -q
( man cdrwtool )
this would blank the cdrw. Please be patient, it might take SOME time..!
Step 2:
We need to associate the blank formatted media with a packet device using the command pktsetup.
#pktsetup dragme /dev/hdc
Step 3:
Now we need to format the media with the udf filesystem,
#mkudffs --media-type=cdrw --udfrev=0x0150 /dev/pktcdvd/dragme
Step 4:
Now we need to make a mountpoint, let me give it as /drag-n-drop
#mkdir /drag-n-drop
#mount -t udf -o rw /dev/pktcdvd/dragme /drag-n-drop
#chmod 777 /drag-n-drop
(If you want local uses also to drag-n-drop something into it)
Now try some drag and dropping into that mountpoint
Now about the unmounting,
Its always safe to sync before unmouting,
So,
#sync
#umount /dev/pktcdvd/dragme
Then we can release the device /dev/pktcdvd/dragme from the packet device association.
#pktsetup -d /dev/pktcdvd/dragme
NOTE: Its always good to mount the packet device with noatime mount option if you want to ignore the number of rewrites in your media.
Now if you want to mount this media in other machine,
make a packet device with pktsetup and associate it with the device of your cd-drive
#pktsetup dragger /dev/hdd
This will map /dev/pktcdvd/dragger with /dev/hdd
Now you can mount the packet device and use it
#mount -t udf /dev/pktcdvd/dragger /mnt
~mj0vy
Wednesday, November 21, 2007
LOG ME IN....!
This article just illustrates the use of the expect command used for automatic logging to a remote machine
without using the complex ssh key pair exchange and all...!
Make sure you have the expect package installed in your machine...
lets try for telnet login...
make a file by name telnetme
$vi telnetme
#!/usr/bin/expect
eval spawn telnet 10.0.0.27
set timeout 30
expect login:
send "
expect password:
send "
interact
Now set execute permission to the script and copy it to any of the directories in your PATH variable
For SSH Login theres a little change...
I am here making a file by nane sshme
$vi sshme
#!/usr/bin/expect
eval spawn ssh 10.0.0.27
set timeout 30
expect password:
send "
interact
NOTE: change the italicised strings with appropriate username and password
It is recommended that you give read permission only to the user who is using this script , otherwise all users could read the plain password entered
PS: Please extend the features of expect if someone knows it...
without using the complex ssh key pair exchange and all...!
Make sure you have the expect package installed in your machine...
lets try for telnet login...
make a file by name telnetme
$vi telnetme
#!/usr/bin/expect
eval spawn telnet 10.0.0.27
set timeout 30
expect login:
send "
expect password:
send "
interact
Now set execute permission to the script and copy it to any of the directories in your PATH variable
For SSH Login theres a little change...
I am here making a file by nane sshme
$vi sshme
#!/usr/bin/expect
eval spawn ssh 10.0.0.27
set timeout 30
expect password:
send "
interact
NOTE: change the italicised strings with appropriate username and password
It is recommended that you give read permission only to the user who is using this script , otherwise all users could read the plain password entered
PS: Please extend the features of expect if someone knows it...
Friday, October 26, 2007
#mv cds DVD
Hollaaaaaaaa....
Yesterday i was trying to make a DVD out of my 5 RHEL 5.0 CDs. During the process i ended up losing my two plain DVD's.
But the most interesting thing is that i finally found the solution :). And i thought i must publish it cause i dont want
any other person to have the same difficulties i encountered.
alrights, lets get started...
I am creating a directory to copy all the RHEL 5.0 CDs
#mkdir /tmp/RHEL5_DVD
Loop mount the individual ISO images to any directory
#mount -o loop /path/to/iso1.iso /mnt
then copy the first CD contents to /tmp/RHEL5_DVD
#cd /mnt
#cp -r * /tmp/RHEL5_DVD
make sure you copied the .discinfo file also
#cp .discinfo /tmp/RHEL5_DVD
now unmount /mnt and mount the second iso.
#mount -o loop /path/to/iso2.iso /mnt
then copy all the rpm files inside /mnt/Server to /tmp/RHEL5_DVD/Server
#cp /mnt/Server/*.rpm /tmp/RHEL5_DVD/Server
we need to append the contents of the TRANS.TBL file found inside /mnt/Server to that inside /tmp/RHEL5_DVD/Server
#cat /mnt/Server/TRANS.TBL >> /tmp/RHEL5_DVD/Server/TRANS.TBL
NOTE:We are going to make a single TRANS.TBL file with all the TRANS.TBL files inside every isos.
Do the same thing for third, fourth and fifth iso files.
while copying the fifth iso file's contents, you should copy the rpm files under /mnt/VT/ to /tmp/RHEL5_DVD/VT
and append the TRANS.TBL file found under /mnt/Server/VT to /tmp/RHEL5_DVD/VT/TRANS.TBL
Now edit the .discinfo file inside the directory /tmp/RHEL5_DVD
to change the fourth line from 1 to 1,2,3,4,5
NOTE: If you miss any cd number, then installation would prompt you to insert that cd.
So you must include all the cd numbers correctly!
Now we must create the ISO image of the /tmp/RHEL5_DVD directory.
Free some 3 GB space in your HDD as the entire build would make an iso file of size
no less than 2.6 GB.
#cd /tmp/RHEL5_DVD
I assume you are creating the iso image inside /DVD directory.
#mkisofs -o /DVD/rhel5dvd.iso -b isolinux/isolinux.bin -c isolinux/boot.cat
-no-emul-boot -boot-load-size 4 -boot-info-table -J -r .
NOTE the . at the end of the previous command which specifies the current directory.
the -b flag to mkisofs command specifies the path and filename of the boot
image to be used when making the bootable iso.
the -c flag specifies the path and filename of the boot
catalog.
Now to burn the DVD, use the growisofs command.
#growisofs -dvd-compat -Z /dev/dvdwriter-hdc=/DVD/rhel5dvd.iso
NOTE: dd (disk duplicator) command can also be used to burn the iso image.
#dd if=/DVD/rhel5dvd.iso of=/dev/dvdwriter-hdc obs=32k seek=0
(plain DVDs and DVD burners are not that cheap here in my locality.. :D)
consult the man page of dd for more information.
make changes to the DVD device. I have plugged the DVD as secondary master in
my desktop PC.
the = sign used in the growisofs command finalized the DVD disc.
linuxly yours....
~mj0vy
Yesterday i was trying to make a DVD out of my 5 RHEL 5.0 CDs. During the process i ended up losing my two plain DVD's.
But the most interesting thing is that i finally found the solution :). And i thought i must publish it cause i dont want
any other person to have the same difficulties i encountered.
alrights, lets get started...
I am creating a directory to copy all the RHEL 5.0 CDs
#mkdir /tmp/RHEL5_DVD
Loop mount the individual ISO images to any directory
#mount -o loop /path/to/iso1.iso /mnt
then copy the first CD contents to /tmp/RHEL5_DVD
#cd /mnt
#cp -r * /tmp/RHEL5_DVD
make sure you copied the .discinfo file also
#cp .discinfo /tmp/RHEL5_DVD
now unmount /mnt and mount the second iso.
#mount -o loop /path/to/iso2.iso /mnt
then copy all the rpm files inside /mnt/Server to /tmp/RHEL5_DVD/Server
#cp /mnt/Server/*.rpm /tmp/RHEL5_DVD/Server
we need to append the contents of the TRANS.TBL file found inside /mnt/Server to that inside /tmp/RHEL5_DVD/Server
#cat /mnt/Server/TRANS.TBL >> /tmp/RHEL5_DVD/Server/TRANS.TBL
NOTE:We are going to make a single TRANS.TBL file with all the TRANS.TBL files inside every isos.
Do the same thing for third, fourth and fifth iso files.
while copying the fifth iso file's contents, you should copy the rpm files under /mnt/VT/ to /tmp/RHEL5_DVD/VT
and append the TRANS.TBL file found under /mnt/Server/VT to /tmp/RHEL5_DVD/VT/TRANS.TBL
Now edit the .discinfo file inside the directory /tmp/RHEL5_DVD
to change the fourth line from 1 to 1,2,3,4,5
NOTE: If you miss any cd number, then installation would prompt you to insert that cd.
So you must include all the cd numbers correctly!
Now we must create the ISO image of the /tmp/RHEL5_DVD directory.
Free some 3 GB space in your HDD as the entire build would make an iso file of size
no less than 2.6 GB.
#cd /tmp/RHEL5_DVD
I assume you are creating the iso image inside /DVD directory.
#mkisofs -o /DVD/rhel5dvd.iso -b isolinux/isolinux.bin -c isolinux/boot.cat
-no-emul-boot -boot-load-size 4 -boot-info-table -J -r .
NOTE the . at the end of the previous command which specifies the current directory.
the -b flag to mkisofs command specifies the path and filename of the boot
image to be used when making the bootable iso.
the -c flag specifies the path and filename of the boot
catalog.
Now to burn the DVD, use the growisofs command.
#growisofs -dvd-compat -Z /dev/dvdwriter-hdc=/DVD/rhel5dvd.iso
NOTE: dd (disk duplicator) command can also be used to burn the iso image.
#dd if=/DVD/rhel5dvd.iso of=/dev/dvdwriter-hdc obs=32k seek=0
(plain DVDs and DVD burners are not that cheap here in my locality.. :D)
consult the man page of dd for more information.
make changes to the DVD device. I have plugged the DVD as secondary master in
my desktop PC.
the = sign used in the growisofs command finalized the DVD disc.
linuxly yours....
~mj0vy
Subscribe to:
Posts (Atom)
