 Questions
and Answers
Amy Rich
Q We've finally upgraded our Web
browser software on our user machines (FreeBSD 4.7-STABLE, if it
matters) from Netscape 4.x to Mozilla 1.1. My users are unhappy
with two key things, though. They are used to using the backspace
key as page up, and opening new Web locations with ALT-o. Neither
of these things works anymore, and I've been unable to find a way
to change the default behavior from ALT-o doing an Open File, and
backspace doing nothing at all. Do you have any pointers on how
to customize these things? I've already dug through tons of documentation
on Mozilla's Web pages and am more dazed than helped.
A Since you said that ALT-o does
an Open File, I'm guessing that you've already figured out that
to change the default accel modifier key from Control to ALT, you
must add the following to the users' prefs.js files:
user_pref("ui.key.accelKey", 18);
user_pref("ui.key.menuAccessKey", 0);
The first line changes the accel key to ALT (as far as I know, the
name for the key, VK_ALT, doesn't work yet), and the second line turns
off the ALT menu access.
To change the Open Location key sequence back to ALT-o, you need
to change /usr/X11R6/lib/mozilla/chrome/comm.jar. First, unzip comm.jar:
unzip comm.jar
This should leave you with a directory called content. Edit the file
/usr/X11R6/lib/mozilla/chrome/content/navigator/navigatorOverlay.xul.
Since ALT-o is already claimed by Open File, we'll change Open File
to be Shift-ALT-o. Change the following lines:
<key id="openLocationKb" key="&openCmd.commandkey;" \
command="Browser:Open" modifiers="accel,shift"/>
<key id="openFileKb" key="&openFileCmd.commandkey;" \
command="Browser:OpenFile" modifiers="accel"/>
to:
<key id="openLocationKb" key="o" command="Browser:Open" \
modifiers="accel"/>
<key id="openFileKb" key="&openFileCmd.commandkey;" \
command="Browser:OpenFile" modifiers="accel,shift"/>
Instead of specifying the actual ASCII character o in the openLocationKb
tag, you can use key="&openFileCmd.commandkey;" (which is currently
defined as "o"), but I'd be more concerned about that changing in
the future and just stick with hard-coding key="o".
Now move the old jar file aside, and create the new one from your
recently edited files:
cd /usr/X11R6/lib/mozilla/chrome/
mv comm.jar comm.jar.orig
zip -r comm.jar content
rm -rf content
To address the issue of using backspace as PageUp, create the file
/usr/X11R6/lib/mozilla/res/builtin/userHTMLBindings.xml with the following
contents:
<bindings id="htmlBindings"
xmlns="http://www.mozilla.org/xbl"
xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<binding id="browserUser">
<handlers>
<handler event="keypress" keycode="VK_BACK" command="cmd_scrollPageUp" />
</handlers>
</binding>
</bindings>
For more information on the specific customizations you can make to
the key bindings, take a look at:
http://www.mozilla.org/unix/customizing.html
When you next start Mozilla, you should have the functionality your
users are after.
Q I've installed a homegrown syslog
daemon that will handle correlating syslog entries from many hosts
into various files. I'm looking for a way to generate a bunch of
syslog messages on each of my machines to test the new syslog daemon,
but I don't want to actually cause hardware or software failures,
per se. Do you know of some sort of program or script I can use
create my own syslog entries to test things out?
A Most UNIX distributions come
with a program called logger, an interactive interface to the syslog
daemon. Assuming you're still using the same sorts of constructs
in your homegrown syslogd, then this should also work for you.
Q We're on a very tight budget at
work, and as part of this, management has decreed that the machine
room will no longer have 24x7 air conditioning during the winter
months. Their reasoning is that it's cold enough outside that we
shouldn't have to cool the machine room. Obviously, I think this
reasoning is ludicrous, but I'm stuck with it. I want to make sure
that if the machine room does get too warm, someone is notified
and can manually take care of things. I hope this will have the
added benefit of showing management how wrong they are when we can
graph out some stats for them and show them how often the room overheats.
Can you suggest what software and hardware I might need to accomplish
this sort of monitoring? We have a variety of Sun machines that
we could add something onto, if need be.
A Depending on what type of Sun
hardware you have, you can get temperature information about the
CPU and various boards inside the machine (which is what you're
really interested in, not the ambient temperature of the room) from
the output of /usr/platform/'/bin/uname -i'/sbin/prtdiag -v.
You can only get environmental output from the larger Ultra SPARC
hardware, though.
Another option for which you may already have the hardware is
monitoring the environmental conditions from your UPS. Many larger
UPSes can be polled via SNMP and will contain information about
room temperature. The same goes for a variety of networking equipment.
If you can use existing hardware to obtain your temperature information,
you can write a script that will tie into your monitoring system
or, if you don't have one, just page or email you directly. If you
need to roll your own monitoring scripts, something like Expect
comes in very handy.
If you don't have anything that can already read the temperature
for you, then you can purchase an RS-232 monitor and hook it up
to one of your Suns. You can also get Ethernet-based monitors that
will just plug into your network. Generally, you need a modem to
go along with them if you want them to directly page you. Some commercially
available products are:
http://www.sensorsoft.com/product.html
http://www.netbotz.com/products/wall.html
http://www.netbotz.com/products/rack.html
A company called Spiderplant used to put out a product called the
Hot Little Therm. Sadly, Spiderplant has suspended operations and
is no longer selling these, but you might be able to find one used.
Or, their site includes directions for making your own, if you're
so inclined:
http://www.spiderplant.com/hlt/doc/manv9html/manv93.html#Schematic
Q I've just been hired at a company
that has an Extreme Alpine 3808 switch to which they have no admin
password. Is there a way to recover it?
A You need physical access to the
machine to recover the password. Connect to the console port on
the switch and use some sort of terminal emulation software. The
RS-232 settings you want are 8n1, no flow control. Once you've established
a serial connection to the switch, you need to do a hard reboot
(power cycle) while holding down the space bar. This should bring
up the bootrom menu. If you type "h" at the Bootrom-> prompt,
you should see the following menu:
1: Select primary code image
2: Select secondary code image
3: Select primary configuration
4: Select secondary configuration
b: Change baud rate
d: Force default configuration
f: Boot on board flash
h: Help
k: Erase selected configuration
p: Boot PCMCIA cards:
s: Load code image from serial port using XMODEM
Choose option "1," the primary code image. After the image has
been selected, choose "k" to erase it. If you're trying to reset
the switch to factory defaults, choose the secondary code image
and then choose "k" to erase that as well. When you're done erasing
the code images, choose "d" to force the default configuration and
then "f" to boot the onboard flash. After the switch resets, enter
"admin" at the login prompt. Hit enter twice to enter a blank password
at the password prompt. You should then be logged in with admin
access.
Q I'm running FreeBSD 4.6-STABLE,
and I'm removing a number of files that I don't want or need, like
rcp. I'm unable to delete /bin/rpc, though. I get:
rm /bin/rcp
rm: remove write-protected file '/bin/rcp'? y
rm: cannot unlink '/bin/rcp': Operation not permitted
Why am I unable to remove this file? Is there something wrong with
my install or hardware?
A The system immutable flag is
set on /bin/rcp. If you have kern_securelevel_enable=YES and kern_securelevel
set to something other than -1 or 0 in /etc/rc.conf, then you must
boot to single-user mode to remove the file. If you don't have kern_securelevel_enable=YES
or kern_securelevel is set to -1 or 0, then you can do the following
to remove the file:
chflags noschg /bin/rcp
rm /bin/rcp
In FreeBSD 4.7 and later, you can use ls to view the flags
set on the files:
ls -lo /bin/rcp
There's also a clearer message when you try to remove a file that
has schg set on it:
rm /bin/rcp
override r-sr-xr-x root/wheel schg for /bin/rcp?
Q We have a large number of Sun E250s
that we just purchased from a failed dotcom. Unlike our Netras, these
don't have LOM for remote administration. Is there some sort of setting
or program I can change or install to get similar functionality?
A Take a look at Sun's Remote System
Control (RSC):
http://docs.sun.com/db/coll/383.1?q=E250+RSC
The RSC software works with the System Service Processor (SSP) on
the Sun E250 main logic board. You can access RSC using an Ethernet
connection, and you can also install a dedicated modem connected to
the RSC serial port for dial-up access. For increased security, you
can specify the sys admin's dial-back number if the modem supports
this feature.
Q I have an AIX 4.3 box and a Red
Hat 7 box sitting on different networks, connected by an IPSec tunnel.
Things like NFS over TCP seem to work fine but interactive sessions
like ssh on the AIX side frequently die with an EMSGSIZE error.
It appears that something is misconfigured, but I'm not sure what.
Any pointers?
A It sounds like you're having
Path MTU Discovery issues. For two hosts communicating across a
network, a transmitted packet becomes fragmented if its size is
greater than the smallest MTU of any network in the path. Because
packet fragmentation can result in reduced network performance,
it is desirable to avoid fragmentation by transmitting packets with
a size is no greater than the smallest MTU in the network path.
This size is called the path MTU. Since routes can change dynamically,
the path MTU value for a path might also change over time. Decreases
in the path MTU value will result in packet fragmentation and a
possible loss of connection.
To fix this, turn off the active PMTUD on both the Linux box and
the AIX box, and see if that helps. I think you can do this on the
Linux box by creating the file /proc/sys/net/ipv4/ip_no_pmtu_disc
with the contents of 1. For AIX, the path MTU discovery can be disabled
for TCP and UDP applications by modifying the tcp_pmtu_discover
and udp_pmtu_discover options of the no command. These commands
can be put at the end of /etc/rc.tcpip, for example:
/usr/sbin/no -o tcp_pmtu_discover=0
/usr/sbin/no -o udp_pmtu_discover=0
When enabled for TCP, path MTU discovery will automatically force
the size of all packets transmitted by TCP applications to not exceed
the path MTU.
Since UDP applications themselves determine the size of their
transmitted packets, UDP applications must be specifically written
to utilize path MTU information by using the IP_FINDPMTU socket
option, even if the udp_pmtu_discover no option is enabled.
By default, the tcp_pmtu_discover and udp_pmtu_discover
options are disabled on AIX 4.2.1 through AIX 4.3.1, and enabled
on AIX 4.3.2 and later. Most likely, you are running AIX 4.3.2 or
later and have not changed the default settings.
Q I'm running Bind 8.2.4 on a Sun
Netra T1 running Solaris 8. I've put a new NS record for an Active
Directory subdomain into the zone file for my.domain. The zone loads
fine, queries to the master work fine, but slave machines don't
have the NS record in the zone file. I've verified that the slaves
are actually getting the latest version of the zone file by watching
the AXFR take place and looking at the serial number before and
after the transfer. There are no errors in the log files that I
can see. I'm wondering if Bind is having a problem with the Active
Directory names (since they do have underscores in them) and is
just not putting out any error messages. Any way I can further debug
and fix this?
A You're correct in your assessment
of the problem. Bind, in later versions, is strict about ignoring
hosts with underscores in them (compliance with RFC 2181). If you
can, change the underscores to hyphens. If you can't change them
because of the installed Active Directory user base, you can get
around this issue by doing the following in /etc/named.conf:
options { check-names ignore; };
You can limit this statement to the scope of a zone {} block if you
want to skip checking names for ONLY your Active Directory zones.
You can at least check your other zones for compliance if you have
things separated. If you don't have your Active Directory zones separated
from the rest of your zones, I would highly suggest doing so.
Q What's the best way to load new
configs/policies into NetScreen?
A You can pull your config changes
over from another machine via TFTP. This machine you TFTP from must
be listed in the manager-ip list first:
set admin manager-ip <ip> <netmask>
save config from tftp <ip> <file> to flash
After pulling over the new config information, I highly recommend
a reboot if you can afford the small bit of downtime. If you want
to merge the new config with your running one, there is also an option
to do:
save config from tftp <ip> <file> merge
Amy Rich, president of the Boston-based Oceanwave Consulting, Inc.
(http://www.oceanwave.com), has been a UNIX systems administrator
for more than 10 years. She received a BSCS at Worcester Polytechnic
Institute, and can be reached at: qna@oceanwave.com.
| 
