Best of Technical Support

Distributing /etc/shadow

I am hunting for a utility that I think already must exist somewhere. Here is the problem. Government computers need to have all passwords updated more frequently these days, including the root password. Until now, we had so many flavors of hardware and OSes that the thought of SSHing a copy of /etc/shadow or /etc/passwd to all machines was a moot point, simply because the different OSes required different entries for root. Overwriting the root entry on a machine with the syntax for the wrong OS was not worth it. I suppose the biggest problem with doing a blind overwriting of the files would result in possibly incorrect shells or login paths for root. However, we have been working at getting rid of all of the non-PC workstations we had (SGIs, Suns, HPs and so on) so we can attack the virus and patches problems with hopefully one OS to worry about. This means we simply can plop a new copy of the root entry for /etc/shadow or /etc/passwd to all machines via SSH.

Do you know if such a tool exists? I imagine some sort of script has been written that can be tweaked easily to propagate the changes. Some machines are on a domain with a DNS server. The ones not running DNS are running NIS. I am not familiar with the DNS ones yet, but I know the ones running NIS still have to have root changed locally. So far, we have been telnetting or SSHing to each machine one at a time to get the new root password in, because the root password won't map to each machine. The machines need the root accounts updated, especially if we were to need to go to single-user mode.

—
Irene Paradis


irene.paradis@us.army.mil

NIS has been used classically to solve this problem. However, there is really only one solution for the root password: you should update the /etc/shadow file. You also could use a RADIUS server.

—
Christopher Wingert


cwingert@qualcomm.com

You can use rdist to push many copies of a file out to your hosts. See www.magnicomp.com/rdist. Alternatively, you could disable, or “star out” the root password by putting a * in the encrypted password field of /etc/shadow, and use sudo for everything.

—
Don Marti


dmarti@ssc.com

How to Pass an Option to the Kernel?

What does the “Try linux noacpi, linux disableapic and linux noacpi disableapic” suggestion on page 72 of the October 2004 issue mean in response to a Fedora install question? My AMD dual-MP 2800+ regularly crashes and screen dumps. I just noticed a comment about acpi or apic—I need to read and record next time—on the last screen dump. Having just read the article, I was excited to reboot and try those commands, but I couldn't locate them.

—
Doug Baker


cfdbaker@qwest.net

You are asked to pass noacpi or ldisableapic or noacpi disableapic as a command-line option to the kernel. When the bootloader, GRUB or LILO, is asking which OS or kernel to boot, you can add these options. On LILO, press Ctrl-X to get a command line, and then type linux noacp. I am assuming that Linux is one of the options in the LILO menu. If this works outs for you, you can add this to /etc/lilo.conf permanently.

—
Usman Ansari


usmansansari@yahoo.com

On the GRUB bootloader, the default for Fedora, the process is similar. Check out the Unofficial Fedora FAQ at www.fedorafaq.org/#otherinstall.

—
Don Marti


dmarti@ssc.com

Testing CPU under Different Loads

I frequently test Linux machines as part of my job and am looking for a way to load the CPU smoothly from 0% to 100% to see what happens to certain applications. When I try to apply a smoothly ramping CPU load, I usually get either 0% or 100% CPU usage. If I try to sleep for very small increments, I get 0% alternating with 100%. Do you know of any tool or proven way to ramp the CPU?

—
Patrick Killelea


p@patrick.net

You could run a program that alternates some CPU-intensive task, such as generating pseudorandom numbers, with calls to usleep. Tweaking the values of BUFSIZE and USLEEP in this program lets me get a range of CPU loads:

/* Build with 'gcc -Wall load.c -o load' */
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>

#define BUFSIZE 1024
#define USLEEP 10000

char buf[BUFSIZE];

int main (int argc, char **argv)
{
        int f;
        f = open("/dev/urandom", O_RDONLY);
        while (1) {
                read(f, &buf, BUFSIZE);
                usleep(USLEEP);
        }
        return 0;
}

Thanks to Greg Kroah-Hartman for cleaning up the above code. See man usleep. To exercise individual CPUs on an SMP machine, try the CPU affinity system calls covered in Robert Love's article “CPU Affinity” in the July 2003 issue.

—
Don Marti


dmarti@ssc.com

Single-User Mode

How can I enter single-user mode, runlevel 1, at boot time?

—
Arthur Schroeder


showmeyr@yahoo.com

Edit your boot line in GRUB and add a single to the command line.

—
Christopher Wingert


cwingert@qualcomm.com

You can type single at the LILO or GRUB prompt to boot your Linux machine into single-user mode. If you always want to boot in single-user mode for some reason, you can modify LILO or GRUB and pass single as an option to the kernel. Or, you can modify the /etc/inittab file. There is a line at the top of this file—mine reads id:3:initdefault on my Red Hat 9.0 Linux box—in which you can replace 3 with 1.

—
Usman Ansari


usmansansari@yahoo.com

Luke 5:37–38

I am attempting to install Red Hat Linux 7.1 on my new Dimension 4600 Dell computer. The installation CD starts, and I have the option to choose the kind of installation I want. Whatever I choose, after the computer starts to recognize my hardware—it recognizes my CD-ROM and hard drives—it stops and freezes. I can do nothing but turn off my computer.

—
Joe Pietro


jm_pietro@hotmail.com

Before you waste too much time, you should use a newer Linux distribution. Red Hat 7.1 is several years old. Chances are you will have much better luck with a newer version. I suggest you use Fedora Core 2. Fedora Core, a branch of Red Hat, always has supported Dell hardware for the most part. You can download it from www.redhat.com.

—
Usman Ansari


usmansansari@yahoo.com

Red Hat 7.1 has no active source of security updates. It sounds like your hardware has some security sense. See fedoralegacy.org for support for older versions of Red Hat Linux. If you want a quick check on whether hardware is working and Linux-compatible before installing, try the bootable CD distribution Knoppix from knoppix.org first.

—
Don Marti


dmarti@ssc.com

Setting Serial Ports for USB-to-Serial Adapters

I have an application that attaches to multiple remote serial devices via multiple USB to serial adapters. Is there a way to specify that each USB device enumerates as a specific USB serial port, regardless of the order in which the USB ports are connected? For example, I always want USB port x to enumerate as /dev/usb/ttyUSBy. Because this application will be hosted in more than 200 locations, and it is possible that the USB serial adapter might be replaced or upgraded with a newer unit, solutions based on serial numbers of the USB device are not optimum.

—
Jeff Dennison

If you are using the 2.6 kernel, udev can do this matching for you. Simply define a rule based on something unique for a specific USB-to-serial device and use that to name the device. You mention that serial numbers will not work for you—try using the topology of the USB device or something else that you can determine is unique—uniqueness is the key here. If you are using the 2.4 kernel, good luck. You can muck around in the /proc/tty/drivers/usb-serial directory to try to determine which device is attached to which /dev/ttyUSB node, but it's a bit difficult—one big reason to switch to a 2.6 kernel.

—
Greg Kroah-Hartman


greg@kroah.com

Setting Compiler Options for Gentoo

I'm a newbie trying to install Gentoo from a live CD using a stage3 tarball. I've managed to get to the stage for optimizing my distro. I'm supposed to flag various options using GCC make. I need only enough to get working and understand the basics at this time. Any advice?

—
Rebelrouser


Rebelrouser@blueyonder.co.uk

Stick to the settings already given for your live CD if you do not know what to change. These settings already are present in the /etc/make.conf file. Consult the Gentoo installation guide for more information on this and how to install Gentoo properly.

—
Greg Kroah-Hartman


greg@kroah.com

Fedora Install Hangs

I am installing Fedora. During installation, at Display Setting for the monitor, I choose color depth 256 and click OK. But then my screen freezes and the display is unreadable (blue screen). I don't have any command prompt. Please help.

—
Chris


fiston63@hotmail.com

You can decline to configure the graphics card and X. Once you have booted after the installation is complete, try to configure X. Use the lspci -vvv command to see what kind of card you have. If support for your video card is not present, try the manufacturer's Web site for available drivers.

—
Usman Ansari


usmansansari@yahoo.com

Faking Out the Oracle Installer

Does anyone know of a way to fool the Oracle 10g installer into thinking Slackware is Red Hat, so it at least tries to install? If not, does anyone know how it detects that Red Hat isn't there?

—
Blake Tullysmith


bdt@vipretech.com

You can use a tool called strace on the installer:

# strace oracle-installer

From here, you can figure out what the program is looking for when it refuses to install.

—
Christopher Wingert


cwingert@qualcomm.com