Linuxconf 1.9r22 (test release)

This is a fairly important test release for Linuxconf. There are many many small changes with interesting added functionalities. Most of the changes are directed by the upcoming GUI. While the GUI involves a lot of coding, most of the changes are enhancement that shows on all user interfaces (Text and HTML). Linuxconf's virtual toolkit is a fairly proven concept.

This release incorporate a new technology which allows a better integration with current linux distribution. This is the first release of Linuxconf with this technology. We are anticipating few adjustments. This technology change should have NO effect on current Linuxconf installation. Tester may upgrade without fear.

System V init script compatibility

One of the major gripe many people have with Linuxconf is the bad integration with Sysv Init scripts. Linuxconf provides an enhance system to boot and control your computer. Yet, the total incompatibility with the Sysv init script is causing some annoyance and surprises. So far, most distribution around (Debian, Redhat, SuSE at least) are using this technology. The advantage of the SysV init scripts are simple to understand

Each package provides its startup scripts. Adding and removing a package is easy and does not interfere with other packages startup mecanism. Each startup scripts is thrown in a special directory and that's about it.
The concept is simple

The disadvantage of this technology is simply that it lacks some finish. It is too simple. Basically, when a system based on SysV init script boots, it picks a directory associated to a run-level and execute every scripts in it one after the other without much checking. The scripts are then

allowed to produce error messages at the console without logging at all.
allowed to fail without further notification to the admin.
allowed to "lock" and let the admin wait until they feel like unlocking (doing a timeout generally).

Further these scripts do not provide any clue to control a package once the system is booted. The scripts allow one to stop and restart a service but does not tell the admin that it has to be done.

While this technology is bare-bone, this is what is out there (and this is equivalent with what is used on almost any OS BTW).

For a long time, we had no clue about how to make Linuxconf compatible with this technology, while preserving its added values. Now we know. After much exchanges with different linuxconf's users (especially Debian users), we have come up with a solution.

This solution has many impacts:

The amount of system files modification needed to fully install Linuxconf have been reduced. Here is a table showing what had to be done and what has to be done now (on Redhat system, equivalent files exist on other distribution)

File	Before 1.9r22	Now
/etc/inittab	Had to be replaced	No changes needed
first boot script /etc/rc.d/rc.sysinit	/sbin/askrunlevel is appended	Same as before
Master boot script /etc/rc.d/rc	Totally replaced by a rc.M	Slightly modified

The modification done may be left there, This means that a distribution may be created "Linuxconf" ready. For example the modification necessary on Debian and RedHat systems are so small that some people advocate that those distribution should be deliver with the modification "pre-installed". This would mean that installing Linuxconf would not modify any system file.
When you install a new package, Linuxconf will know how to handle it.
The /usr/lib/linuxconf directory now contain one directory for distribution specific files. There is currently one for Debian, one for SuSE and one for RedHat. This will allows delivery of different permissions sets and paths for each distribution. It should be noted that whatever you may read on the net, linux distribution are quite similar in term of files and packages location.
Linuxconf picks the proper directory based on one optional line in /etc/conf.linuxconf. It goes like
```
    LINUXCONF.distribution dir_name
		
```
In the distribution specific directory, there is a file called scripts-equiv which related the name of Sysv init script to built-in services of Linuxconf. This is a simple ASCII file. Here is the one for RedHat.
```
    #sysv Linuxconf
    network       network
    nfsfs         mountnet
    cron          crond
    syslog        syslog
    portmap       portmap
    inet          inetd
    lpd.init      lpd
    named.init    named
    amd           amd
    sendmail      sendmail
    nfs           nfs
    keytable      keytable 
		
```
When Linuxconf is executing a scripts in the proper run-level directory, if it finds that there is a built-in equivalent or a dropin with the same name, it will use the built-in strategy or the dropin instead of the init script.

This strategy is new and so far has been tested only on RedHat system (4.1 and 4.2). Applying that to Debian and SuSe (and others) should be very easy. At this point, I am waiting for Debian and SuSE users (already using linuxconf) to test this strategy and comment on it so I can change the current installation procedure of linuxconf so it defaults to this technology.

I am supplying some diff to help people test this new stuff on their system. These diff are done against RedHat 4.1 but are so simple, you should be able to copy the idea by hand.

    *** rc.d.old/rc.sysinit	Sun Dec 22 12:10:37 1996
    --- rc.d/rc.sysinit	Wed Jun 11 14:47:13 1997
    ***************
    *** 187,189 ****
    --- 187,194 ----
      # Feed entropy into the entropy pool
      /etc/rc.d/init.d/random start
  
    + if [ -x /sbin/askrunlevel ] ; then
    +    echo Executing /sbin/askrunlevel
    +    echo
    +    /sbin/askrunlevel
    + fi
    *** rc.d.old/rc	Mon Sep  9 14:43:00 1996
    --- rc.d/rc	Wed Jun 11 15:03:48 1997
    ***************
    *** 24,29 ****
    --- 24,33 ----
    
      # Is there an rc directory for this new runlevel?
      if [ -d /etc/rc.d/rc$runlevel.d ]; then
    +    if [ $runlevel != 6 -a $runlevel != 1 -a  -x /bin/netconf ] ; then
    +        /bin/netconf --bootrc /etc/rc.d/rc$runlevel.d
    +        exit
    +    fi
      # First, run the KILL scripts.
      for i in /etc/rc.d/rc$runlevel.d/K*; do
      # Check if the script is there.

LILO

Linuxconf now support the initrd option in lilo. It does not yet support automatic generation and update of initial ramdisk but something pretty neat is coming. Stay tune.

For now, the dialog has been enhanced so you can at least enter the path of this file.

DNS

Reverse mapping cleanup

When updating a DNS entry, Linuxconf now do on more cleanup for the reverse mapping. When setting a hostname's IP addresses, Linuxconf was erasing all PTR records associated with this hostname and redoing the PTR records with the new IPs. Now it also erases all PTR records associated with the new IPs prior to redoing the PTR records. This insure uniqueness of the PTR records.

This solve a problem very few people have seen. This was happening when you were moving one host from one domain to another for example.

More checks in the dialog

Linuxconf now check that if an entry is a nickname, it can have an IP also and can't be an MX record.

Networking

PPP dialout

Important new features have been added here. The netconf --connect is now smarter. It terminates only when the link is up or the connection has failed. It also return useful exit code. This allows scripts like theses.

    if netconf --connect config
    then
        do_something
        netconf --disconnect config
    fi

This works for manual and on demand configuration. A success exit code is also returned when the link is already UP

In the PPP dialout dialog, there is now two new entries allowing you to enter a command to execute when the link is up and a command to execute when the link is down.

In the chat section, there is a new optional field called trigger. This is used for chat to ISP offering shell account. After you get a prompt, you must issue a command which I called the trigger.

vpop3d enhancements

There were problem with vpop3d (and the official pop3d also) about folder corruption/duplication when simultaneous connection were done on a single account. This new vpop3d establish a lock preventing multiple instance. This avoid the problem, but does not cure completely the cause. This problem is happening because some POP clients sometime are not able to down-load completely an incoming folder. The user wait for some time, kills the connection and try to reload. The reason why some POP client are failing is not yet known.

The lock strategy used could be fold into the official pop3d daemon in no time. Please email me.

vpop3d has also a nice little feature. It clearly identify the domain it is serving in its greeting. The most common errors when setting up a virtual email domain are generally related to improper DNS setup and particularly improper reverse mapping. The problem is enhanced because of the lack of proper testing tools. An email client is a very bad testing tool as it reports too little information. There is one nice test tool which will show clearly what is going on: It is telnet. Here is an example of its use in this case. Lets create a virtual domain called toto.com. We have defined the domain in our DNS. We have defined mail.toto.com as the virtual server with proper reverse mapping. Then we do

    $ telnet mail.toto.com pop-3
    Trying 192.168.1.21...
    Connected to mail.toto.com.
    Escape character is '^]'.
    +OK Virtual toto.com POP3 Server (Version 1.004) ready.
    user jack
    +OK please send PASS command
    pass dummy
    +OK 0 messages ready for jack in /var/spool/vmail/toto.com//jack

We should see immediately the greeting of vpop3d announcing that it is performing for the toto.com domain. If this is not the case, we have something wrong with the DNS. If we are in (see proper greeting) and the user and pass command did succeed, all is fine and the normal POP client will be happy.

vdeliver

There was a bug in vdeliver when resolving aliases. Mostly an alias for a user account could not include the account itself. vdeliver was not catching this situation and was looping and looping. Now this is fixed and operate like normal aliases.

Fire-walling

Port redirection support has been added in the inputing rule. This is useful to do transparent http proxying for one. It does not work on 2.0.30 btw (a bug). Works ok on 2.0.27 and is supposed to be fixed in the upcoming 2.0.31.

The main setup let you load the 6 special masquerading modules. For the IRC masquerading modules, you can control the ports which are masquerade.

Filesystems

Fixperm

Linuxconf was improperly fixing permission of file when they were a symbolic links. Now it follows the link and fix the proper file.

/etc/fstab

Entry of type ignore are now properly ignored!

User interface

General

Many enhancements have been done to the user interface. While they were done for the upcoming GUI version, they are nice addition to the text and HTML version. This includes

Some columns headings in selection list. These heading make the list more appealing. Using this, many list have been enhance to provide more information. For example, when you select a PPP dial-out configuration, the list shows for each entry:
- Name of the config
- Type: Login, PAP, Chap ...
- Operation mode: On demand, manual, 24/24
- Status: Is it currently connected or not
The heading strategy has some influence on the layout of many dialogs, making them much easier to read.
Write protect field are no more "selectable" with the cursor. You now jump over those fields.

The GUI is still not operational :-( Quite a few enhancement has been made to it and we are closing the gap. This is delivered with Linuxconf 1.9r22, but disabled. Those who want to play with it can do it anytime. Be aware that while you can navigate from dialog to dialog, you can't modify anything yet. To play with it, you simply do

Install the Java Developer's Kit (1.0.2 or 1.1).
Set the environment variable LNXCF_JAVA
export LNXCF_JAVA=on
Run Linuxconf as root. Linuxconf expect to find the Java runtime as /usr/bin/java.

HTML

The first page for the HTML mode now has two links. One let you start Linuxconf and the other let you enter some special entries of the HTML mode. Here are the entries

User may change their password directly
Direct link to the vdomain administration and password management
Direct link to user accounts management

Menu reorganizations

The basic host information has been removed from the main menu. It was already in the networking menu. The Other hosts and Other networks has been moved at the end of the networking menu as they are barely used.

Sendmail

Management of the mail.local mailer was not effective.

Complex routing had a bug when one wanted to redirect a complete domain to another domain. Some combination were generating improper sendmail.cf configuration.

It is possible to control the start user ID for vdomain. Linuxconf used to allocate them starting at 60,000. You can pick the one you want now. This was asked for people dealing with user quotas.

MISC

GLIBC

Some fixes were done to let Linuxconf compile on GLIBC based systems (The coming thing). With this release, this should mean that Linuxconf may work on Alphas. Who knows. I don't have such a beast though.

dropin

It is possible to fix problem in a dropin at activation time. If there is any problem, you are thrown in the edit dialog and you are allowed to do modification on the spot.

Control service activities

This screen now contain the dropins and all the internal services of Linuxconf. So you can disable whatever you want from there.

Scheduled tasks

A minor bug in this feature was preventing Linuxconf from updating a crontab when it was launch by a normal user (Linuxconf is normally installed as a setuid program).

passwd command

The passwd command supplied with Linuxconf has been enhanced. passwd -h or passwd --help show the options. Some are useful to automate some tasks. Here it is:

    passwd (without argument)
        Change your own password
    passwd user_account
        Change interactivly this user account password
    passwd -h
    passwd --help
        Print this screen
    passwd -l user_account
        Lock the account
    passwd -P user_account
        Change the password from a pipe
        echo new_passwd | passwd -P user_account
    passwd -u user_account
        Unlock the account
        (Only available with shadow password)