From tom@stvincents.nsw.edu.au Mon Mar 3 07:52:01 2003 Received: from mail.stvincents.nsw.edu.au ([203.102.161.86]) by digital.linux.org.au (8.12.6/8.12.6/Debian-8) with ESMTP id h22NpoKW007999 for ; Mon, 3 Mar 2003 07:52:01 +0800 Received: from 2003GHOST ([128.0.5.10]) by mail.stvincents.nsw.edu.au (8.9.3/8.9.3) with SMTP id KAA14782 for ; Mon, 3 Mar 2003 10:47:41 +1100 Message-ID: <006801c2e116$38b76b70$0a050080@2003GHOST> From: "Tom Doyle" To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0065_01C2E172.6B4301B0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: [Lias] Apache Directory Directives - Sub-dir override Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Mon Mar 3 07:53:01 2003 X-Original-Date: Mon, 3 Mar 2003 10:48:26 +1100 This is a multi-part message in MIME format. ------=_NextPart_000_0065_01C2E172.6B4301B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all, Another week another challenge... I have setup password protection on our apache server, using = mod_auth_pam. It works! I have set it at the root "/" level which applies to all = sub-directories. I am trying to overwrite this so that a particular directory is not = prompted for a password. It still asks for a password however after = making the following changes to httpd.conf: Options FollowSymLinks AllowOverride AuthConfig AuthType Basic AuthName "St Vincent's College Intranet" require valid-user Options FollowSymLinks AllowOverride None Order deny,allow Allow from all Can anyone see a problem with this. Your expertise is appreciated... Cheers, Tom. ------=_NextPart_000_0065_01C2E172.6B4301B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi all,

Another week another = challenge...

I have setup password protection on our = apache=20 server, using mod_auth_pam. It works!

I have set it at the root "/" level = which applies=20 to all sub-directories.

I am trying to overwrite this so that a = particular=20 directory is not prompted for a password. It still asks for a password = however=20 after making the following changes to httpd.conf:

<Directory = />
    Options=20 FollowSymLinks
    AllowOverride=20 AuthConfig
        AuthType=20 Basic
        AuthName "St = Vincent's=20 College Intranet"
        require=20 valid-user
</Directory>

<Directory=20 "/usr/local/apache/htdocs/sport">
    Options=20 FollowSymLinks
    AllowOverride = None
   =20 Order deny,allow
    Allow from=20 all
</Directory>

Can anyone see a problem with this. = Your expertise=20 is appreciated...

Cheers,

Tom.

------=_NextPart_000_0065_01C2E172.6B4301B0-- From tom@stvincents.nsw.edu.au Tue Mar 4 11:19:17 2003 Received: from mail.stvincents.nsw.edu.au ([203.102.161.86]) by digital.linux.org.au (8.12.6/8.12.6/Debian-8) with ESMTP id h243ItKW032402 for ; Tue, 4 Mar 2003 11:19:14 +0800 Received: from 2003GHOST ([128.0.5.10]) by mail.stvincents.nsw.edu.au (8.9.3/8.9.3) with SMTP id OAA09731 for ; Tue, 4 Mar 2003 14:14:26 +1100 Message-ID: <017201c2e1fc$4c088470$0a050080@2003GHOST> From: "Tom Doyle" To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_016F_01C2E258.7B96E040" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 11:20:02 2003 X-Original-Date: Tue, 4 Mar 2003 14:15:17 +1100 This is a multi-part message in MIME format. ------=_NextPart_000_016F_01C2E258.7B96E040 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I solved it! I need to add: Satisfy All to the end of my directive for sport. Cheers, Tom. Hi all, Another week another challenge... I have setup password protection on our apache server, using = mod_auth_pam. It works! I have set it at the root "/" level which applies to all = sub-directories. I am trying to overwrite this so that a particular directory is not = prompted for a password. It still asks for a password however after = making the following changes to httpd.conf: Options FollowSymLinks AllowOverride AuthConfig AuthType Basic AuthName "St Vincent's College Intranet" require valid-user Options FollowSymLinks AllowOverride None Order deny,allow Allow from all Can anyone see a problem with this. Your expertise is appreciated... Cheers, Tom. ------=_NextPart_000_016F_01C2E258.7B96E040 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I solved it!

I need to add:

Satisfy All to the end of my = <Directory>=20 directive for sport.

Cheers,

Tom.

Hi all,

Another week another = challenge...

I have setup password protection on = our apache=20 server, using mod_auth_pam. It works!

I have set it at the root "/" level = which=20 applies to all sub-directories.

I am trying to overwrite this so = that a=20 particular directory is not prompted for a password. It still asks = for a=20 password however after making the following changes to=20 httpd.conf:

<Directory = />
   =20 Options FollowSymLinks
    AllowOverride=20 AuthConfig
        AuthType=20 Basic
        AuthName "St = Vincent's=20 College Intranet"
        = require=20 valid-user
</Directory>

<Directory=20 "/usr/local/apache/htdocs/sport">
    Options=20 FollowSymLinks
    AllowOverride=20 None
    Order deny,allow
    = Allow from=20 all
</Directory>

Can anyone see a problem with this. = Your=20 expertise is appreciated...

Cheers,

Tom.

------=_NextPart_000_016F_01C2E258.7B96E040-- From lesbell@lesbell.com.au Tue Mar 4 11:57:19 2003 Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h243v40P010630 for ; Tue, 4 Mar 2003 11:57:18 +0800 Subject: Re: [Lias] FYI: Apache Directory Directives - Sub-dir override To: "Tom Doyle" Cc: lias@lists.linux.org.au X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: "Les Bell" X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.10 |March 22, 2002) at 04/03/2003 03:01:36 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 11:58:01 2003 X-Original-Date: Tue, 4 Mar 2003 14:57:01 +1100 Glad to see you solved it, Tom. I'm working on an intranet server design for my daughter's school, and will probably need mod_auth_pam, so I've saved your notes for future reference. Thanks for posting the solution! Best, --- Les Bell, CISSP [http://www.lesbell.com.au] From tom@stvincents.nsw.edu.au Tue Mar 4 12:26:51 2003 Received: from mail.stvincents.nsw.edu.au ([203.102.161.86]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h244Qe0P013877 for ; Tue, 4 Mar 2003 12:26:50 +0800 Received: from 2003GHOST ([128.0.5.10]) by mail.stvincents.nsw.edu.au (8.9.3/8.9.3) with SMTP id PAA13709 for ; Tue, 4 Mar 2003 15:22:26 +1100 Message-ID: <01c701c2e205$c9ad5910$0a050080@2003GHOST> From: "Tom Doyle" To: References: Subject: Re: [Lias] FYI: Apache Directory Directives - Sub-dir override MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 12:27:02 2003 X-Original-Date: Tue, 4 Mar 2003 15:23:20 +1100 I don't know much (anything) about LDAP... Can this work with NT domain and Unix? T. ----- Original Message ----- From: "Gary Reynolds" To: "Les Bell" Cc: "Tom Doyle" ; Sent: Tuesday, March 04, 2003 3:18 PM Subject: Re: [Lias] FYI: Apache Directory Directives - Sub-dir override > I would suggest setting up an ldap server, and authenticating users > against it (via PAM for shell access, or auth_ldap for Apache). It is so > much more flexible than having system users as your authentication > mechanism. > > My 2c. > > G. > > On Tue, 4 Mar 2003, Les Bell wrote: > > > > > Glad to see you solved it, Tom. I'm working on an intranet server design > > for my daughter's school, and will probably need mod_auth_pam, so I've > > saved your notes for future reference. Thanks for posting the solution! > > > > Best, > > > > --- Les Bell, CISSP > > [http://www.lesbell.com.au] > > > > > > _______________________________________________ > > lias mailing list > > lias@lists.linux.org.au > > http://lists.linux.org.au/listinfo/lias > > > From lesbell@lesbell.com.au Tue Mar 4 12:38:11 2003 Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h244bt0P015166 for ; Tue, 4 Mar 2003 12:38:10 +0800 Subject: Re: [Lias] FYI: Apache Directory Directives - Sub-dir override To: Gary Reynolds Cc: lias@lists.linux.org.au, Tom Doyle X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: From: "Les Bell" X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.10 |March 22, 2002) at 04/03/2003 03:42:29 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 12:39:02 2003 X-Original-Date: Tue, 4 Mar 2003 15:37:54 +1100 Gary Reynolds wrote: >> I would suggest setting up an ldap server, and authenticating users against it (via PAM for shell access, or auth_ldap for Apache). It is so much more flexible than having system users as your authentication mechanism. << You make a compelling argument, Gary. That would certainly be easier to do with RH 7.3, which is what I'm planning to use as the basis for this setup, and which doesn't include mod_auth_pam by default. Another consideration would be the need to integrate with the school's existing NT server setup - I haven't even *looked* at that yet (and I'm not sure I want to). The goal is to give each kid a home directory (which includes a "public_html" directory, actually renamed to "website") so that we can avoid problems with shared access, kids over-writing each others' work, etc. I think the easiest way to do this will be to configure the Linux box as a domain controller, and just ignore the NT box altogether. Or use NT as the domain controller, create accounts on both and make the Linux box a member of the domain. Urk . . suddenly, my brain hurts - the last time I read the NT WRK networking documentation, I concluded that it was written by a clueless moron, and I doubt things have improved much. . . >> My 2c. << Money well spent. Thanks, Best, --- Les Bell, CISSP [http://www.lesbell.com.au] From andrew.dorrell@cisra.canon.com.au Tue Mar 4 13:21:18 2003 Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h245L50P019740 for ; Tue, 4 Mar 2003 13:21:18 +0800 Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254]) by a.mx.canon.com.au (Postfix) with ESMTP id 3E4C7A8C1F for ; Tue, 4 Mar 2003 05:21:05 +0000 (UTC) Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134]) by ivory.research.canon.com.au (Postfix) with ESMTP id 91E9F5713; Tue, 4 Mar 2003 16:15:37 +1100 (EST) Message-ID: <3E6437C1.4080900@cisra.canon.com.au> From: Andrew Dorrell Organization: CISRA User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: lias@lists.linux.org.au Content-Type: multipart/mixed; boundary="------------080507040202060703080102" Subject: [Lias] anyone running sendmail? Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 13:22:03 2003 X-Original-Date: Tue, 04 Mar 2003 16:21:05 +1100 This is a multi-part message in MIME format. --------------080507040202060703080102 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit FYI this security alert came my way today... pretty serious one... see also http://www.redhat.com/support/alerts/sendmail_vulnerability.html -- Andrew Dorrell PhD. Senior Research Engineer Canon Information Systems Research Australia Phone: 61 2 9805 2224 1 Thomas Holt Drive, North Ryde, NSW 2113. Fax: 61 2 9805 2865 --------------080507040202060703080102 Content-Type: text/plain; name="alert" Content-Transfer-Encoding: 8bit Content-Disposition: inline; filename="alert" >From sans@sans.org Tue Mar 4 16:12:55 2003 Date: Mon, 3 Mar 2003 15:11:07 -0700 (MST) From: The SANS Institute To: andrew dorrell Subject: SANS Alert - Critical Vulnerability in Sendmail and a Snort Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SANS Alert 2003-03-03 Critical vulnerability in all versions of SENDMAIL Plus a Snort Vulnerability And an invitation to a web broadcast on the vulnerabilities The Sendmail Vulnerability What systems are affected? UNIX and Linux Systems running sendmail - probably even those that are not mail servers. Level: CRITICAL - affords root or superuser access when sendmail is running with those privileges. A new critical vulnerability has been discovered in Sendmail. The UNIX and Linux vendors have been working feverishly to get a patch ready and most are available now. Sendmail is too big a target for attackers to ignore, so it makes sense to act immediately to protect your systems. In this note you will find: (1) The invitation to the webcast covering both vulnerabilities (2) DHS/NIPC Advisory 03-004 Remote Sendmail Header Processing Vulnerability (3) A description of what government and industry did to try to mitigate damage from this newly discovered vulnerability. (4) The Department of Homeland Security Alert on the Snort Vulnerability ******************************************************** SANS Web Broadcast (free) on the Sendmail Vulnerability and the Snort Vulnerability Date: March 3, 2003 (today) Time: 7 PM EST (0000 UTC) Register at: http://www.sans.org/webcasts/030303.php There is an absolute limit of 2,000 people on the live program to ensure quality audio, but the archive will be available about 5 hours later for anyone who does not get a reservation. Featuring the ISS X-Force folks (ISS discovered the vulnerability), Hal Pomeranz (sendmail expert) and Marty Roesch, author of Snort, will brief you on the Snort vulnerability. Below you'll find the Department of Homeland Security advisory followed by a brief description of what happened behind the scenes inside the government followed by the DHS Snort vulnerability alert. *********************************************************************** Here's the DHS/NIPC Advisory Remote Sendmail Header Processing Vulnerability SUMMARY: The Department of Homeland Security (DHS), National Infrastructure Protection Center (NIPC) is issuing this advisory to heighten awareness of the recently discovered Remote Sendmail Header Processing Vulnerability (CAN-2002-1337). NIPC has been working closely with the industry on vulnerability awareness and information dissemination. The Remote Sendmail Header Processing Vulnerability allows local and remote users to gain almost complete control of a vulnerable Sendmail server. Attackers gain the ability to execute privileged commands using super-user (root) access/control. This vulnerability can be exploited through a simple e-mail message containing malicious code. Sendmail is the most commonly used Mail Transfer Agent and processes an estimated 50 to 75 percent of all Internet e-mail traffic. System administrators should be aware that many Sendmail servers are not typically shielded by perimeter defense applications. A successful attacker could install malicious code, run destructive programs and modify or delete files. Additionally, attackers may gain access to other systems thru a compromised Sendmail server, depending on local configurations. Sendmail versions 5.2 up to 8.12.8 are known to be vulnerable at this time. DESCRIPTION: The Remote Sendmail Header Processing Vulnerability is exploited during the processing and evaluation of e-mail header fields collected during an SMTP transaction. Examples of these header fields are the "To", "From" and "CC" lines. The crackaddr() function in the Sendmail headers.c file allows Sendmail to evaluate whether a supplied address or list of addresses contained in the header fields is valid. Sendmail uses a static buffer to store processed data. It detects when the static buffer becomes full and stops adding characters. However, Sendmail continues processing data and several security checks are used to ensure that characters are parsed correctly. The vulnerability allows a remote attacker to gain access to the Sendmail server by sending an e-mail containing a specially crafted address field which triggers a buffer overflow. RECOMMENDATION: Due to the seriousness of this vulnerability, the NIPC is strongly recommending that system administrators who employ Sendmail take this opportunity to review the security of their Sendmail software and to either upgrade to Sendmail 8.12.8 or apply the appropriate patch for older versions as soon as possible. Patches for the vulnerability are available from Sendmail, from ISS who discovered the vulnerability and from vendors whose applications incorporate Sendmail code, including IBM, HP, SUN, Apple and SGI. Other vendors will release patches in the near future. The primary distribution site for Sendmail is: http://www.sendmail.org Patches and information are also available from the following sites: The ISS Download center http://www.iss.net/download IBM Corporation http://www.ibm.com/support/us/ Hewlett-Packard , Co. http://www.hp.com Silicon Graphics Inc. http://www.sgigate.sgi.com Apple Computer, Inc. http://www.apple.com/ Sun Microsystems, Inc. http://www.sun.com/service/support/ Common Vulnerabilities and Exposure (CVE) Project http://CVE.mitre.org As always, computer users are advised to keep their anti-virus and systems software current by checking their vendor's web sites frequently for new updates and to check for alerts put out by the DHS/NIPC, CERT/CC, ISS and other cognizant organizations. The DHS/NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) and other appropriate authorities. Recipients may report incidents online to http://www.nipc.gov/incident/cirr.htm. The DHS/NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov. ==== Background on government/industry cooperation to mitigate damage The Sendmail Vulnerability Announced Today, March 3, 2003 How Well Did The Cyber Defense Community Do? Today, hundreds of thousands of people learned of a vulnerability in the sendmail program which is widely used for Internet mail handling. A vulnerability in such a widely used open source software program presents difficult challenges for the cyber defense community - including the need to get more than twenty different software organizations to act quickly and silently to develop patches. Three primary actions are required to respond effectively to such a vulnerability: 1. Verify that the vulnerability exists and is important. 2. Contact the key technical personnel at each of the software companies and other groups that distribute sendmail (either alone or with other software) and ensure that they develop and test patches and make them ready for widespread distribution. 3. Plan and execute an early warning and distribution strategy that enables critical infrastructure organizations in the US and in partner countries to be prepared for rapid deployment of the patches once they are ready.� This must be accomplished without leaking data about the vulnerability to the black hat community that exploits such vulnerabilities by creating worms like Code Red, Slapper, and Slammer. When possible, several other actions may be appropriate: 4. Provide military and other very sensitive organizations with early access to the patches so their systems can be protected even before public disclosure of the vulnerability. 5. Use sensor networks with smart filters to test for exploitation. 6. Develop and distribute filters that can block the offending packets to protect systems that cannot or will not install patches immediately. On Saturday, March 1, 2003, the US Department of Homeland Security became fully operational, although the elements of the new department had been working together for several weeks.� In cybersecurity, the new Department brings together four highly visible cybersecurity agencies: (1) The National Infrastructure Protection Center from the FBI, (2) FedCIRC from the General Services Administration, (3) the National Communications System program from the US Department of Defense, and (4) the Critical Infrastructure Assurance Office from the Department of Commerce. Today's disclosure of a vulnerability in sendmail offers the opportunity to see how quickly and effectively the cyber defense community, led by this new Department, can respond to important threats. Sendmail's vulnerability offers a legitimate test because sendmail handles a large amount of Internet mail traffic and is installed on at least 1.5 million Internet-connected systems. More than half of the large ISPs and Fortune 500 companies use sendmail, as do tens of thousands of other organizations. A security hole in sendmail affects a lot of people and demands their immediate attention. You can draw your own conclusion on how well the problem is being handled. Here are the facts: 1. On Friday, February 14, telephone calls to the Department of Homeland Security (DHS) and the White House Office of Cyberspace Security alerted the US government to a suspected sendmail vulnerability. The source of the data was Internet Security Systems (ISS), a well-respected security firm with solid security research credentials, giving the data an initial base level of credibility. However, to be more certain, DHS technical experts reviewed the details of the vulnerability and especially the tests that ISS had run to prove the existence and severity of the vulnerability. They were convinced. 2. Almost immediately the DHS/White House team, working with ISS, contacted vendors that distribute sendmail, including Sun, IBM, HP, and SGI, as well as the Sendmail Consortium, the organization that develops the open source version of sendmail that is the core of sendmail distributed with both free and commercial operating systems. Partially because of government involvement, but primarily because the vulnerability involved the widely used sendmail package, the vendors immediately started working together on patches. 3. The DHS/White House staff contacted and shared what they knew with the US Department of Defense and the Federal CIO Council. Through the Federal CIO Council, the US FedCIRC and US Office of Management and Budget were added to the coordinating team. Together the government planners, ISS, and the vendors developing patches worked out a plan for public dissemination of the vulnerability information and patch distribution. 4. To help ensure that the open source LINUX and BSD distributions (Red Hat, SUSE, OpenBSD, etc.) developed patches, the Computer Emergency Response Team at Carnegie Mellon University (CERT/CC) was brought into the project. CERT/CC deployed its formalized process to inform the LINUX and BSD distribution developers and to assist them in getting the corrected source code and any additional knowledge needed to create the patch. CERT/CC (which is funded, in part, by two organizations being merged into DHS and by the DoD) also created an advisory to educate system administrators and the security community in general on the vulnerability, on which systems are affected, and on where to get the patches for each affected system. 5. Some of the large commercial vendors developed the patches very quickly, but the delayed notice to smaller sources of sendmail distributions and limited resources at those organizations meant that not all the patches would be ready by early in the week of February 23. The coordinating group faced a decision of whether to release data about the exploit before most patches were ready or to wait. The answer depended on whether they had reason to believe an exploit was already being used by attackers. They had two sources of information that led them to conclude waiting an extra week was acceptable. First, people who monitored the hacker discussion groups reported that this vulnerability did not seem to be one that was being discussed. Second, the organization that discovered the vulnerability, ISS, had deployed sensors for the exploit in a number of places around the world. Those sensors were showing no exploits. Based on both sets of data, the coordination group decided to schedule the announcement for Monday, March 3. A second-order reason to schedule a Monday announcement was that some members of the team believed that Monday-Tuesday announcements generate more rapid and complete patching than announcements made late in the week. 6. Since some of the patches were ready, the coordination group decided to provide what was available to the US DoD so that military sites could have the protection as early as possible. The military distributions took place on or around February 25 and 26. 7. On February 27 and 28, government groups in the US and in several other countries were given early warnings, without details about how the vulnerability could be exploited, to help them plan for rapid deployment of the patches when they were released on March 3. In addition to the Chief Information Officers of US Cabinet level departments, and the directors or deputy directors of national cyber security offices in several other countries, the officers of the critical infrastructure Information Sharing And Analysis Centers (ISACs) were also briefed so they could be ready for rapid information distribution to commercial organizations such as banks and utilities, that comprise the critical infrastructure. 8. On March 3, beginning about 10 am EST, alerts began flowing to federal agencies from FedCIRC and to the critical infrastructure companies from the ISACs. At noon, ISS released their advisory, followed by CERT/CC's general release. Once the data was public, the SANS Institute also issued a release and scheduled free web-based education programs. ==== DHS/NIPC Advisory 03-003 Snort Buffer Overflow Vulnerability The Department of Homeland Security (DHS), National Infrastructure Protection Center (NIPC) has been informed of a recently discovered serious vulnerability in Snort, a widely used Intrusion Detection System, IDS. DHS/NIPC has been working closely with the Internet security industry on vulnerability awareness and is issuing this advisory in conjunction with public announcements. Snort is available in open source and commercial versions form Sourcefire, a privately held company headquartered in Columbia, MD. Details are available from Sourcefire. See Snort Vulnerability Advisory [SNORT-2003-001]. The affected Snort versions include all version of Snort from version 1.8 through current. Snort 1.9.1 has been released to resolve this issue. The vulnerability was discovered by Internet Security Systems (ISS), and is a buffer overflow in the Snort Remote Procedure Call, RPC, normalization routines. This buffer overflow can cause snort to execute arbitrary code embedded within sniffed network packets. Depending upon the particular implementation of Snort this may give local and remote users almost complete control of a vulnerable machine. The vulnerability is enabled by default. Mitigation instructions for immediate protections prior to installing patches or upgrading are described in the Snort Vulnerability Advisory. Due to the seriousness of this vulnerability, the DHS/NIPC strongly recommends that system administrators or security managers who employ Snort take this opportunity to review their security procedures and patch or upgrade software with known vulnerabilities. Sourcefire has acquired additional bandwidth and hosting to aid users wishing to upgrade their Snort implementation. Future information can be found at: http://www.sourcefire.com/ As always, computer users are advised to keep their anti-virus and systems software current by checking their vendor's web sites frequently for new updates and to check for alerts put out by the DHS/NIPC, CERT/CC, ISS and other cognizant organizations. The DHS/NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) and other appropriate authorities. Recipients may report incidents online to http://www.nipc.gov/incident/cirr.htm. The DHS/NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov. == end == -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Y7oL+LUG5KFpTkYRAh6ZAJ9oWXqnCwZyP4Wxla1HUbMOcjdlSwCfboS8 wnLCqqyaA0+Dpcn9gUI7yxo= =cIQn -----END PGP SIGNATURE----- --------------080507040202060703080102-- From sbryan@olmc.nsw.edu.au Tue Mar 4 15:29:57 2003 Received: from mail022.syd.optusnet.com.au (mail022.syd.optusnet.com.au [210.49.20.149]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h247Tk0P001025 for ; Tue, 4 Mar 2003 15:29:57 +0800 Received: from blondie (c18232.thorn1.nsw.optusnet.com.au [211.28.217.80]) by mail022.syd.optusnet.com.au (8.11.6/8.11.6) with ESMTP id h247TCw11066; Tue, 4 Mar 2003 18:29:12 +1100 Received: from simon ([192.168.99.11]) by blondie (8.11.6/8.11.6) with SMTP id h24HKKN01861; Tue, 4 Mar 2003 17:20:20 GMT Reply-To: From: "Simon Bryan" To: "Les Bell" , "Gary Reynolds" Cc: , "Tom Doyle" Subject: RE: [Lias] FYI: Apache Directory Directives - Sub-dir override Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: Importance: Normal Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Tue Mar 4 15:30:02 2003 X-Original-Date: Tue, 4 Mar 2003 18:29:20 +1100 > The goal is to give each kid a home directory (which includes a > "public_html" directory, actually renamed to "website") so that we can > avoid problems with shared access, kids over-writing each others' work, > etc. I think the easiest way to do this will be to configure the Linux box > as a domain controller, and just ignore the NT box altogether. Or > use NT as > the domain controller, create accounts on both and make the Linux box a > member of the domain. Urk . . suddenly, my brain hurts - the last time I > read the NT WRK networking documentation, I concluded that it was written > by a clueless moron, and I doubt things have improved much. . . This is very achievable and must be simple cause I have done it - with lots of input from lists like this. Basically I have the users and passwords on NT, users only on the Linux server with their home direcotries. Running SAMBA to share the home directories back to the Windows system using the 'homes' share, map a drive on login to the home directory on the SAMBA server using the %U variable From parkeshs@ozemail.com.au Mon Mar 10 13:05:27 2003 Received: from itumx2.dmzs.det.nsw.edu.au (itumx2.det.nsw.edu.au [153.107.41.144]) by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2A55H0P026468 for ; Mon, 10 Mar 2003 13:05:27 +0800 Received: from itfsmtp1.central.det.win (itfsmtp1.det.nsw.edu.au [153.107.8.31]) by itumx2.dmzs.det.nsw.edu.au (8.12.8/8.12.8) with ESMTP id h2A55BZM006517 for ; Mon, 10 Mar 2003 16:05:11 +1100 (EST) Received: from librarian (Not Verified[10.12.217.74]) by itfsmtp1.central.det.win with MailMarshal (v5,0,3,78) id ; Mon, 10 Mar 2003 16:05:10 +1100 From: "Parkes High School" To: Message-ID: <001001c2e6c2$1ab998d0$4ad90c0a@librarian> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0011_01C2E71E.4E2A10D0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Subject: [Lias] unsettling messages Sender: lias-admin@lists.linux.org.au Errors-To: lias-admin@lists.linux.org.au X-BeenThere: lias@lists.linux.org.au X-Mailman-Version: 2.0.13 Precedence: bulk List-Unsubscribe: , List-Id: Linux in Australian Schools List-Post: List-Help: List-Subscribe: , List-Archive: Date: Mon Mar 10 13:06:02 2003 X-Original-Date: Mon, 10 Mar 2003 16:01:25 +1100 This is a multi-part message in MIME format. ------=_NextPart_000_0011_01C2E71E.4E2A10D0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Mandrake 7.2 box acting as proxy server running squid Messages are: Dameon.crt mon1228: failure for servers smtp 1047258476 local host Dameon.crt mon1228: failure for servers smtp 1047259077 local host Repeated with other numbers at the end Then calling alert qpage.alert for servers/smtp (usr/lib/mon/alert.d/qpage.alert,mis-pages@domain.com) localhost. I have a feeling this is not good. Can anyone interpret just how bad this might be? Peter ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ********************************************************************** ------=_NextPart_000_0011_01C2E71E.4E2A10D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Mandrake 7.2 box acting as proxy server running= =20squid

Messages are:

Dameon.crt mon1228: failure for servers smtp 1047258476 local host

Dameon.crt mon1228: failure for servers smtp 1047259077 local host

Repeated with other numbers at the end

Then calling alert qpage.alert for servers/smtp= (usr/lib/mon/alert.d/qpage.alert,mis-pages@domain.com) localhost.<= /font>

I have a feeling this is not good.

Can anyone interpret just how bad this might be= ?

Peter

********************************************************************=
**
This message is intended for the addressee named and may containprivileged information or confidential information or both. If you
ar=
e not the intended recipient please delete it and notify the sender.
*=
*********************************************************************

------=_NextPart_000_0011_01C2E71E.4E2A10D0--

From parkeshs@ozemail.com.au Tue Mar 11 09:04:17 2003
Received: from itumx1.dmzs.det.nsw.edu.au (itumx1.det.nsw.edu.au [153.107.41.16])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B1450P021581
	for ; Tue, 11 Mar 2003 09:04:17 +0800
Received: from itfsmtp2.central.det.win (itfsmtp2.det.nsw.edu.au [153.107.8.32])
	by itumx1.dmzs.det.nsw.edu.au (8.12.8/8.12.8) with ESMTP id h2B13hlE503048
	for ; Tue, 11 Mar 2003 12:03:43 +1100 (EST)
Received: from librarian (Not Verified[10.12.217.74]) by itfsmtp2.central.det.win with MailMarshal (v5,0,3,78)
	id ; Tue, 11 Mar 2003 08:34:40 +1100
From: "Parkes High School" 
To: 
Message-ID: <000b01c2e74c$50d2acb0$4ad90c0a@librarian>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000C_01C2E7A8.844324B0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Subject: [Lias] RH 7.1 control panel
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 09:05:02 2003
X-Original-Date: Tue, 11 Mar 2003 08:30:45 +1100

This is a multi-part message in MIME format.

------=_NextPart_000_000C_01C2E7A8.844324B0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Where can I find the part of control panel where I set the services to
start at boot.  Running RH 7.1

Peter Hughes

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************

------=_NextPart_000_000C_01C2E7A8.844324B0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Where can I find the part of control panel wher=
e I
set the services to start at boot.  Running RH 7.1=

Peter Hughes

********************************************************************=
**
This message is intended for the addressee named and may containprivileged information or confidential information or both. If you
ar=
e not the intended recipient please delete it and notify the sender.
*=
*********************************************************************

------=_NextPart_000_000C_01C2E7A8.844324B0--

From lesbell@lesbell.com.au Tue Mar 11 09:16:56 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B1Ge0P022968
	for ; Tue, 11 Mar 2003 09:16:55 +0800
Subject: Re: [Lias] RH 7.1 control panel
To: "Parkes High School" 
Cc: lias@lists.linux.org.au
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.10
 |March 22, 2002) at 11/03/2003 12:21:28 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 09:25:34 2003
X-Original-Date: Tue, 11 Mar 2003 12:16:41 +1100

Try ntsysv, ksysv, tksysv or finally, the chkconfig command.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell@cisra.canon.com.au Tue Mar 11 09:42:41 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B1gV0P025792
	for ; Tue, 11 Mar 2003 09:42:41 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP id 06C2DA8C11
	for ; Tue, 11 Mar 2003 01:42:31 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id 204CC5708; Tue, 11 Mar 2003 12:36:49 +1100 (EST)
Message-ID: <3E6D3F06.20205@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
Cc: lias@lists.linux.org.au
Subject: Re: [Lias] RH 7.1 control panel
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 09:43:02 2003
X-Original-Date: Tue, 11 Mar 2003 12:42:30 +1100

Les Bell wrote:
> Try ntsysv, ksysv, tksysv or finally, the chkconfig command.

Or look for a SysV-Init editor in the menu

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From ches@perlboy.org Tue Mar 11 09:50:56 2003
Received: from mailhub2.uq.edu.au (mailhub2.uq.edu.au [130.102.5.59])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B1oi0P026703
	for ; Tue, 11 Mar 2003 09:50:56 +0800
Received: from ches.lovethisuni.org (emc-203-100-22-23.resnet.uq.edu.au [203.100.22.23])
	by mailhub2.uq.edu.au (8.12.8/8.12.8) with ESMTP id h2B1oe6Q010380;
	Tue, 11 Mar 2003 11:50:40 +1000 (EST)
Subject: Re: [Lias] RH 7.1 control panel
From: Robert McLeay 
To: Les Bell 
Cc: lias@lists.linux.org.au
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: 
Message-Id: <1047346947.1454.4.camel@ches.lovethisuni.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.21
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 09:51:01 2003
X-Original-Date: 11 Mar 2003 11:42:27 +1000

ntsysv should work.

Alternatively, to switch off a service, you could 

/etc/rc[runlevel].d/[xx is an integer]servicename stop
rm /etc/rc[runlevel].d/[xx is an integer]servicename

I'd probably recommend that you stick on webmin (google for it), as it's
really very good - make sure to enable SSL though.

Then you'll be able to admin all sorts of things at
https://server:10000/

Robert.

On Tue, 2003-03-11 at 11:16, Les Bell wrote:
> Try ntsysv, ksysv, tksysv or finally, the chkconfig command.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell@lesbell.com.au Tue Mar 11 10:07:46 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B27U0P028506
	for ; Tue, 11 Mar 2003 10:07:46 +0800
Subject: Re: [Lias] RH 7.1 control panel
To: Robert McLeay 
Cc: lias@lists.linux.org.au
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.10
 |March 22, 2002) at 11/03/2003 01:12:19 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 10:08:01 2003
X-Original-Date: Tue, 11 Mar 2003 13:07:26 +1100

Robert McLeay  wrote:

>>
I'd probably recommend that you stick on webmin (google for it), as it's
really very good - make sure to enable SSL though.
<<

Sorry, you're a bit late in selling me a copy of Webmin - see
http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/97e8323a9cb248beca256caf0019668c?OpenDocument

I'll second that opinion, though. ;)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ches@perlboy.org Tue Mar 11 11:05:25 2003
Received: from mailhub2.uq.edu.au (mailhub2.uq.edu.au [130.102.5.59])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B35F0P002227
	for ; Tue, 11 Mar 2003 11:05:25 +0800
Received: from ches.lovethisuni.org (emc-203-100-22-23.resnet.uq.edu.au [203.100.22.23])
	by mailhub2.uq.edu.au (8.12.8/8.12.8) with ESMTP id h2B35E6Q029884
	for ; Tue, 11 Mar 2003 13:05:14 +1000 (EST)
Subject: Re: [Lias] RH 7.1 control panel
From: Robert McLeay 
To: lias@lists.linux.org.au
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: 
Message-Id: <1047351410.1454.15.camel@ches.lovethisuni.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.21
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 11:06:01 2003
X-Original-Date: 11 Mar 2003 12:56:50 +1000

Selling you a copy?

Ain't it free as in beer *and* speech? ;)

Unlike that webserver running Lotus-Domino... now where is it again? :-p

38.7 day average uptime too :)

What does that make my server? (Hardware supplied by www.citg.uq.edu.au
- they didn't give us enough RAM) - 109 days all through the testing
phase and running a low hit mod_perl/mysql site, and then 15 minutes
after it went from a static "coming-soon" style page to live
mod_perl/mysql it died.

Guess it got a bit too much traffic :-/ Thankfully we've got the RAM
now.

Seriously, though, I wonder how accurate those TCP sequence numbers
relate to uptime. I know that NMap always gives out the incorrect uptime
when scanning the computer I'm sitting at.

Regards,

Robert.

On Tue, 2003-03-11 at 12:07, Les Bell wrote:
> Robert McLeay  wrote:
> 
> >>
> I'd probably recommend that you stick on webmin (google for it), as it's
> really very good - make sure to enable SSL though.
> <<
> 
> Sorry, you're a bit late in selling me a copy of Webmin - see
> http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/97e8323a9cb248beca256caf0019668c?OpenDocument
> 
> I'll second that opinion, though. ;)
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell@lesbell.com.au Tue Mar 11 11:30:52 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2B3Uf0P004941
	for ; Tue, 11 Mar 2003 11:30:51 +0800
Subject: Re: [Lias] RH 7.1 control panel
To: Robert McLeay 
Cc: lias@lists.linux.org.au
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.10
 |March 22, 2002) at 11/03/2003 02:35:25 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Tue Mar 11 11:31:02 2003
X-Original-Date: Tue, 11 Mar 2003 14:30:42 +1100

Robert McLeay  wrote:

>>
Selling you a copy?

Ain't it free as in beer *and* speech? ;)
<<

Sure is, but a little sales spiel doesn't hurt free software!

>>
Seriously, though, I wonder how accurate those TCP sequence numbers
relate to uptime. I know that NMap always gives out the incorrect uptime
when scanning the computer I'm sitting at.
<<

Dunno. I think that in theory, TCP initial sequence numbers are supposed to
be pseudo-random. Real-world is a different matter, though.

>>
38.7 day average uptime too :)
<<

Don't read too much into it; I've applied various kernel patches for
security, and at least once, recently, when the Domino server threads
froze, the quickest way to fix it was just to bounce the server. So 38.7
days is probably about right, and ain't too bad considering the workload on
the box.

I used to be quite manic about uptimes - the Domino server got up to 160
days or so at one point, and I was *so* chuffed about that - but I got
caught out badly when a glibc patch I installed wasn't picked up until I
bounced the server, something like six weeks later, and Domino linked with
the new glibc for the first time and promptly fell over. I wasted so much
time backing out other patches that now I'm a lot better organised in my
"configuration management" and will not wince at rebooting the server just
so I can be *sure* that all the patches are still flying in formation.
Better to sleep soundly than suffer uptime hubris. ;)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lias@draxsen.com Wed Mar 12 10:02:33 2003
Received: from smtp0.adl1.internode.on.net (smtp0.adl1.internode.on.net [203.16.214.194])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2C2290P016939
	for ; Wed, 12 Mar 2003 10:02:33 +0800
Received: from neo.draxsen.com (ppp1603.nsw.padsl.internode.on.net [150.101.113.66])
	by smtp0.adl1.internode.on.net (8.12.4/8.12.4) with ESMTP id h2C2282c060746
	for ; Wed, 12 Mar 2003 12:32:08 +1030 (CST)
Received: from draxsen.com (rivendell [192.168.1.201])
	by neo.draxsen.com (8.12.5/8.12.5) with ESMTP id h2C2278a016526
	for ; Wed, 12 Mar 2003 13:02:08 +1100
Message-ID: <3E6E951F.5080201@draxsen.com>
From: Phil Scarratt 
Organization: Draxsen Technologies
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-au, en-us, en
MIME-Version: 1.0
To: LIAS 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Lias] Anti-virus
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 12 10:03:42 2003
X-Original-Date: Wed, 12 Mar 2003 13:02:07 +1100

Hi all

I need to install some sort of AV software on the network with Linux
servers (RH7.3) & Windoze workstations.

Will an AV solution on the Linux servers do or will the Windoze
workstations need clients on them as well (eg Norton AV) as is my
understanding?

What are people doing in similar situations?

Thanks in advance.

Fil
-- 
Phil Scarratt
Draxsen Technologies

From lias@draxsen.com Wed Mar 12 14:31:14 2003
Received: from smtp0.adl1.internode.on.net (smtp0.adl1.internode.on.net [203.16.214.194])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-1) with ESMTP id h2C6V20P014010
	for ; Wed, 12 Mar 2003 14:31:14 +0800
Received: from neo.draxsen.com (ppp1603.nsw.padsl.internode.on.net [150.101.113.66])
	by smtp0.adl1.internode.on.net (8.12.4/8.12.4) with ESMTP id h2C6V12c051316
	for ; Wed, 12 Mar 2003 17:01:02 +1030 (CST)
Received: from draxsen.com (rivendell [192.168.1.201])
	by neo.draxsen.com (8.12.5/8.12.5) with ESMTP id h2C6V08a016703
	for ; Wed, 12 Mar 2003 17:31:01 +1100
Message-ID: <3E6ED424.9020204@draxsen.com>
From: Phil Scarratt 
Organization: Draxsen Technologies
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-au, en-us, en
MIME-Version: 1.0
To: LIAS 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Lias] Anti-virus
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 12 14:34:21 2003
X-Original-Date: Wed, 12 Mar 2003 17:31:00 +1100

Thanks to all who replied. It is much appreciated.

Fil

-------- Original Message --------
Subject: Anti-virus
Date: Wed, 12 Mar 2003 13:01:45 +1100
From: Phil Scarratt 
Organization: Draxsen Technologies
To: LIAS 

Hi all

I need to install some sort of AV software on the network with Linux
servers (RH7.3) & Windoze workstations.

Will an AV solution on the Linux servers do or will the Windoze
workstations need clients on them as well (eg Norton AV) as is my
understanding?

What are people doing in similar situations?

Thanks in advance.

Fil
-- 
Phil Scarratt
Draxsen Technologies

From parkeshs@ozemail.com.au Mon Mar 17 05:29:55 2003
Received: from itumx2.dmzs.det.nsw.edu.au (itumx2.det.nsw.edu.au [153.107.41.144])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2GLTjto004549
	for ; Mon, 17 Mar 2003 05:29:55 +0800
Received: from itfsmtp2.central.det.win (itfsmtp2.det.nsw.edu.au [153.107.8.32])
	by itumx2.dmzs.det.nsw.edu.au (8.12.8/8.12.8) with ESMTP id h2GLTcZM355565
	for ; Mon, 17 Mar 2003 08:29:38 +1100 (EST)
Received: from librarian (Not Verified[10.12.217.74]) by itfsmtp2.central.det.win with MailMarshal (v5,0,3,78)
	id ; Mon, 17 Mar 2003 08:29:38 +1100
From: "Parkes High School" 
To: 
Message-ID: <000301c2ec02$99423d20$4ad90c0a@librarian>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0004_01C2EC5E.CCB2B520"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Subject: [Lias] libcrypto
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 17 05:30:02 2003
X-Original-Date: Mon, 17 Mar 2003 08:25:42 +1100

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C2EC5E.CCB2B520
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I'm setting up a machine as a mail server - RH 7.1

Have uninstalled  (rpm -e) sendmail and installed postfix.

When checking dependencies it tells me postfix needs libcrypto.so.0 and
libssl.so.0

Downloaded openssl-0 9.6-2.i386.rpm and installed it. Then got some
endless loop involving other packages requiring libcrypto.so.1

Is it possible to have 2 versions of openssl on the same machine?

Peter 

Parkes High

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************

------=_NextPart_000_0004_01C2EC5E.CCB2B520
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I’m setting up a machine as a mail server=
=20–
RH 7.1

Have uninstalled  (rpm –e) sendmail =
and
installed postfix.

When checking dependencies it tells me postfix =
needs
libcrypto.so.0 and libssl.so.0

Downloaded openssl-0 9.6-2.i386.rpm and install=
ed it.
Then got some endless loop involving other packages requiring libcrypto.s=
o.1

Is it possible to have 2 versions of openssl on=
=20the
same machine?

Peter 

Parkes High

********************************************************************=
**
This message is intended for the addressee named and may containprivileged information or confidential information or both. If you
ar=
e not the intended recipient please delete it and notify the sender.
*=
*********************************************************************

------=_NextPart_000_0004_01C2EC5E.CCB2B520--

From ken_yap@users.sourceforge.net Mon Mar 17 06:42:44 2003
Received: from mta03ps.bigpond.com (mta03ps.bigpond.com [144.135.25.135])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2GMgXto012563
	for ; Mon, 17 Mar 2003 06:42:43 +0800
Received: from ken.ken.com.au ([144.135.25.75]) by
          mta03ps.bigpond.com (Netscape Messaging Server 4.15 mta03ps Jul
          16 2002 22:47:55) with SMTP id HBV5QU00.48N for
          ; Mon, 17 Mar 2003 08:42:30 +1000 
Received: from CPE-144-136-73-7.nsw.bigpond.net.au ([144.136.73.7]) by psmam03bpa.bigpond.com(MailRouter V3.2g 89/8749516); 17 Mar 2003 08:42:30
Received: from ken.ken.com.au (localhost [127.0.0.1])
	by ken.ken.com.au (Postfix on SuSE Linux 8.1 (i386)) with ESMTP id 09C5B406B
	for ; Mon, 17 Mar 2003 09:42:25 +1100
To: Linux in Australian Schools 
Subject: Re: [Lias] libcrypto 
From: ken_yap@users.sourceforge.net
In-reply-to: Your message of Mon, 17 Mar 2003 08:25:42 +1100.
             <000301c2ec02$99423d20$4ad90c0a@librarian> 
Content-type: text/plain; charset="iso-8859-1"
X-Message-Flag: http://democracymeansyou.com/satire/explainified.htm
X-Face: bak'McMAD{%JrA$mQ(j_Ex_o?a/F8/Ntng*t2KX(NcfGalVs^Ke^C61:F
Message-Id: <20030316224225.09C5B406B@ken.ken.com.au>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 17 06:43:02 2003
X-Original-Date: Mon, 17 Mar 2003 09:42:24 +1100

>I'm setting up a machine as a mail server - RH 7.1
>
>Have uninstalled  (rpm -e) sendmail and installed postfix.
>
>When checking dependencies it tells me postfix needs libcrypto.so.0 and
>libssl.so.0
>
>Downloaded openssl-0 9.6-2.i386.rpm and installed it. Then got some
>endless loop involving other packages requiring libcrypto.so.1
>
>Is it possible to have 2 versions of openssl on the same machine?

This often happens with old distros where one package (in this case
postfix) gets out of sync with others due to upgrades.

In situations like these, I take the .src.rpm and build a binary rpm
from that, then it uses whatever shared libraries are actually
installed.

You say you're setting up. If you started off with a bare machine, then
why not install the most recent distro? 7.1 will probably be taken off
support within a year, though I expect they will release patches for the
most urgent holes after that.

From ken_yap@users.sourceforge.net Wed Mar 19 12:19:57 2003
Received: from mta05bw.bigpond.com (mta05bw.bigpond.com [139.134.6.95])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2J4Jjto027795
	for ; Wed, 19 Mar 2003 12:19:57 +0800
Received: from ken.ken.com.au ([144.135.24.81]) by
          mta05bw.bigpond.com (Netscape Messaging Server 4.15 mta05bw Jul
          16 2002 22:47:55) with SMTP id HBZAOR00.83A for
          ; Wed, 19 Mar 2003 14:19:39 +1000 
Received: from CPE-144-136-73-7.nsw.bigpond.net.au ([144.136.73.7]) by bwmam05bpa.bigpond.com(MailRouter V3.2g 44/108809); 19 Mar 2003 14:19:39
Received: from ken.ken.com.au (localhost [127.0.0.1])
	by ken.ken.com.au (Postfix on SuSE Linux 8.1 (i386)) with ESMTP id 08A6D4E87
	for ; Wed, 19 Mar 2003 15:19:39 +1100
To: Linux in Australian Schools 
From: ken_yap@users.sourceforge.net
Content-type: text/plain; charset="iso-8859-1"
X-Message-Flag: http://www.responsibility.com.au/images/stickers/no-howard.gif
X-Face: bak'McMAD{%JrA$mQ(j_Ex_o?a/F8/Ntng*t2KX(NcfGalVs^Ke^C61:F
Message-Id: <20030319041939.08A6D4E87@ken.ken.com.au>
Subject: [Lias] NT ed dept signgs up for OpenOffice
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 19 12:20:01 2003
X-Original-Date: Wed, 19 Mar 2003 15:19:38 +1100

http://australianit.news.com.au/articles/0,7204,6116633%5E15306%5E%5Enbv%5E,00.html

From tgunter@lisp.com.au Wed Mar 26 13:07:51 2003
Received: from simba.lisp.com.au (simba.lisp.com.au [202.22.170.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with SMTP id h2Q57eto031538
	for ; Wed, 26 Mar 2003 13:07:51 +0800
Received: (qmail 17593 invoked by uid 52); 26 Mar 2003 05:07:38 -0000
Received: from tig2-98.bath.lisp.com.au (HELO lisp.lisp.com.au) (202.22.171.228)
  by 0 with SMTP; 26 Mar 2003 05:07:38 -0000
Message-ID: <001201c2f357$18ea2e60$e4ab16ca@lisp.com.au>
From: "Trevor Gunter" 
To: "LIAS" 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000F_01C2F3B3.4BCCBE40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Subject: [Lias] Problem with proxy
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 26 13:08:23 2003
X-Original-Date: Wed, 26 Mar 2003 16:18:11 +1100

This is a multi-part message in MIME format.

------=_NextPart_000_000F_01C2F3B3.4BCCBE40
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all

Have just got some problems with the schools proxy RH7, squid etc

Machine appeared to freeze about 30 mins ago. Basically a who lot of =
gobbydegook on the screen that made little sense to me. Immediate =
thought. This doesn't look good.

Upon restarting get the following message

/var contains a file system with errors, check forced.
/var:
Inode 30383 has illegal block(s)

/var: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
            (i.e., without -a or -p options)

***An error occurred during the file system check.
***Dropping you to a shell; the system will reboot
***When you leave the shell.

Give root password for maintenanc
(or type Control-D for normal operations:

Thats it
I've read up in the manual about fsck but it doesn't make a lot of =
sense. Have run fsck with appropriate switches but I just get more info =
about errors in /var

Any ideas appreciated. I can rebuild the server in an hour or so but I'd =
like to learn how to solve problems. How fatal is this error?

Thanks

Trevor

------=_NextPart_000_000F_01C2F3B3.4BCCBE40
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi all

Have just got some problems with the schools proxy =
RH7, squid=20
etc

Machine appeared to freeze about 30 mins ago. =
Basically a who=20
lot of gobbydegook on the screen that made little sense to me. Immediate =

thought. This doesn't look good.

Upon restarting get the following =
message

/var contains a file system with errors, check=20
forced.
/var:
Inode 30383 has illegal block(s)

/var: UNEXPECTED INCONSISTENCY; RUN fsck=20
MANUALLY.
        =
   =20
(i.e., without -a or -p options)

***An error occurred during the file system=20
check.
***Dropping you to a shell; the system will=20
reboot
***When you leave the shell.

Give root password for maintenanc
(or type Control-D for normal =
operations:

Thats it
I've read up in the manual about fsck but it doesn't =
make a=20
lot of sense. Have run fsck with appropriate switches but I just get =
more info=20
about errors in /var

Any ideas appreciated. I can rebuild the server in =
an hour or=20
so but I'd like to learn how to solve problems. How fatal is this=20
error?

Thanks

Trevor

------=_NextPart_000_000F_01C2F3B3.4BCCBE40--

From tom@stvincents.nsw.edu.au Wed Mar 26 19:49:00 2003
Received: from mail.stvincents.nsw.edu.au ([203.102.161.86])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2QBmnto009365
	for ; Wed, 26 Mar 2003 19:48:59 +0800
Received: from TOMXP ([192.168.110.184])
	by mail.stvincents.nsw.edu.au (8.9.3/8.9.3) with SMTP id WAA08444
	for ; Wed, 26 Mar 2003 22:42:35 +1100
Reply-To: 
From: "Tom Doyle" 
To: "LIAS" 
Subject: RE: [Lias] Problem with proxy
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0034_01C2F3E9.53676610"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <001201c2f357$18ea2e60$e4ab16ca@lisp.com.au>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 26 19:49:02 2003
X-Original-Date: Wed, 26 Mar 2003 22:44:53 +1100

This is a multi-part message in MIME format.

------=_NextPart_000_0034_01C2F3E9.53676610
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Bad sectors or the like??  I would like to know what thats all about too!

T.
  -----Original Message-----
  From: lias-admin@lists.linux.org.au
[mailto:lias-admin@lists.linux.org.au]On Behalf Of Trevor Gunter
  Sent: Wednesday, 26 March 2003 4:18 PM
  To: LIAS
  Subject: [Lias] Problem with proxy

  Hi all

  Have just got some problems with the schools proxy RH7, squid etc

  Machine appeared to freeze about 30 mins ago. Basically a who lot of
gobbydegook on the screen that made little sense to me. Immediate thought.
This doesn't look good.

  Upon restarting get the following message

  /var contains a file system with errors, check forced.
  /var:
  Inode 30383 has illegal block(s)

  /var: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
              (i.e., without -a or -p options)

  ***An error occurred during the file system check.
  ***Dropping you to a shell; the system will reboot
  ***When you leave the shell.

  Give root password for maintenanc
  (or type Control-D for normal operations:

  Thats it
  I've read up in the manual about fsck but it doesn't make a lot of sense.
Have run fsck with appropriate switches but I just get more info about
errors in /var

  Any ideas appreciated. I can rebuild the server in an hour or so but I'd
like to learn how to solve problems. How fatal is this error?

  Thanks

  Trevor

------=_NextPart_000_0034_01C2F3E9.53676610
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Bad=20
sectors or the like??  I would like to know what thats all about=20
too!

T.

  -----Original Message-----
From:=20
  lias-admin@lists.linux.org.au =
[mailto:lias-admin@lists.linux.org.au]On=20
  Behalf Of Trevor Gunter
Sent: Wednesday, 26 March 2003 =
4:18=20
  PM
To: LIAS
Subject: [Lias] Problem with=20
  proxy

  Hi all

  Have just got some problems with the schools proxy =
RH7,=20
  squid etc

  Machine appeared to freeze about 30 mins ago. =
Basically a=20
  who lot of gobbydegook on the screen that made little sense to me. =
Immediate=20
  thought. This doesn't look good.

  Upon restarting get the following =
message

  /var contains a file system with errors, check=20
  forced.
  /var:
  Inode 30383 has illegal block(s)

  /var: UNEXPECTED INCONSISTENCY; RUN fsck=20
  MANUALLY.
          =
   =20
  (i.e., without -a or -p options)

  ***An error occurred during the file system=20
  check.
  ***Dropping you to a shell; the system will=20
  reboot
  ***When you leave the shell.

  Give root password for maintenanc
  (or type Control-D for normal =
operations:

  Thats it
  I've read up in the manual about fsck but it =
doesn't make a=20
  lot of sense. Have run fsck with appropriate switches but I just get =
more info=20
  about errors in /var

  Any ideas appreciated. I can rebuild the server in =
an hour=20
  or so but I'd like to learn how to solve problems. How fatal is this=20
  error?

  Thanks

  Trevor

------=_NextPart_000_0034_01C2F3E9.53676610--

From tgunter@lisp.com.au Wed Mar 26 20:09:06 2003
Received: from simba.lisp.com.au (simba.lisp.com.au [202.22.170.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with SMTP id h2QC8qto011583
	for ; Wed, 26 Mar 2003 20:09:06 +0800
Received: (qmail 9448 invoked by uid 52); 26 Mar 2003 12:08:51 -0000
Received: from tig1-77.bath.lisp.com.au (HELO m8e6x9) (202.22.171.87)
  by 0 with SMTP; 26 Mar 2003 12:08:51 -0000
Message-ID: <001a01c2f38f$1b03c520$57ab16ca@m8e6x9>
From: "Trevor Gunter" 
To: "Lias" 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Subject: [Lias] Thanks for help re Proxy
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 26 20:10:01 2003
X-Original-Date: Wed, 26 Mar 2003 22:59:06 +1100

Thank you all who responded to my call.

running the command

e2fsck /dev/hda7

and saying "yes" to everything fixed the problem.

Could this problem be related to the squid cache growing too large or having
some other problem with squid?

Thanks again

Trevor

From vk4kij@deadrelos.com Wed Mar 26 20:28:22 2003
Received: from vk4kij.deadrelos.com (IDENT:0@[203.42.11.25])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2QCSAto013762
	for ; Wed, 26 Mar 2003 20:28:20 +0800
Received: from vk4kij.deadrelos.com (IDENT:1000@localhost [127.0.0.1])
	by vk4kij.deadrelos.com (8.12.8/8.12.4) with ESMTP id h2QCS5mK008184
	for ; Wed, 26 Mar 2003 22:28:05 +1000
Received: from localhost (vk4kij@localhost)
	by vk4kij.deadrelos.com (8.12.8/8.12.4/Submit) with ESMTP id h2QCS4V5008181
	for ; Wed, 26 Mar 2003 22:28:04 +1000
X-Authentication-Warning: vk4kij.deadrelos.com: vk4kij owned process doing -bs
From: Ian Johnson 
To: lias@lists.linux.org.au
Subject: Re: [Lias] Thanks for help re Proxy
In-Reply-To: <001a01c2f38f$1b03c520$57ab16ca@m8e6x9>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Wed Mar 26 20:29:01 2003
X-Original-Date: Wed, 26 Mar 2003 22:28:04 +1000 (EST)

I've found, some time ago so it may not be that relevent now, that you
can't trust the squid cache when it's not in a partition all by itself.

It seemed to me that squid didn't check the actual free space of the file
system, & believed what was in it's config file, ie. you gave it 1GB of
space to use, even though only 900MB are left on the file system.

I have a couple dozen squid proxies scattered around, all with a cache
partition & have had no problems.

On Wed, 26 Mar 2003, Trevor Gunter wrote:

> Thank you all who responded to my call.
>
> running the command
>
> e2fsck /dev/hda7
>
> and saying "yes" to everything fixed the problem.
>
> Could this problem be related to the squid cache growing too large or having
> some other problem with squid?
>
> Thanks again
>
> Trevor
>
>
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
>

-- 
Catch you later,  |InterNet - 
                 || AmprNet - 
      Ian.      |||    AX25 - 
             "Never apply a Star Trek solution to a Babylon 5 problem!"

From gary@touch.asn.au Thu Mar 27 04:44:39 2003
Received: from lorica.ucc.usyd.edu.au (lorica.ucc.usyd.edu.au [129.78.64.15])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2QKiTto000425
	for ; Thu, 27 Mar 2003 04:44:39 +0800
Received: from touch.asn.au (res78-55.suv.org.usyd.edu.au [172.17.128.55])
	by lorica.ucc.usyd.edu.au (8.12.6/8.12.6) with ESMTP id h2QKiSNK024492
	for ; Thu, 27 Mar 2003 07:44:28 +1100 (EST)
Message-ID: <3E82112D.6010001@touch.asn.au>
From: Gary Reynolds 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: lias@lists.linux.org.au
Subject: Re: [Lias] Thanks for help re Proxy
References: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-RAVMilter-Version: 8.4.1(snapshot 20020919) (lorica)
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Thu Mar 27 04:45:01 2003
X-Original-Date: Thu, 27 Mar 2003 07:44:29 +1100

Since the operating system handles all disk IO, it's not like squid can 
just go trying to write off the end if the partition or anything like that.

Squid will make a filesystem call, and the OS will return an error code. 
 First year university students know how to check these codes, I doubt 
that a package like squid wouldn't pay attention to them.

More than likely the disk is faulty, plain and simple. I would be 
looking into adding a new drive, salvaging your data, and getting rid of 
the old one (depending on how critical your data on that disk is).

G.

Ian Johnson wrote:

>I've found, some time ago so it may not be that relevent now, that you
>can't trust the squid cache when it's not in a partition all by itself.
>
>It seemed to me that squid didn't check the actual free space of the file
>system, & believed what was in it's config file, ie. you gave it 1GB of
>space to use, even though only 900MB are left on the file system.
>
>I have a couple dozen squid proxies scattered around, all with a cache
>partition & have had no problems.
>  
>

From craig@postnewspapers.com.au Thu Mar 27 09:53:08 2003
Received: from postnewspapers.com.au (i125-043.nv.iinet.net.au [203.59.125.43])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2R1qvto000863
	for ; Thu, 27 Mar 2003 09:53:08 +0800
Received: from postnewspapers.com.au [10.0.0.4] by postnewspapers.com.au [10.0.0.2]
	with SMTP (MDaemon.v3.5.8.R)
	for ; Thu, 27 Mar 2003 09:52:12 +0800
Message-ID: <3E825953.6060802@postnewspapers.com.au>
From: Craig Ringer 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: lias@lists.linux.org.au
Subject: Re: [Lias] Thanks for help re Proxy
References:  <3E82112D.6010001@touch.asn.au>
In-Reply-To: <3E82112D.6010001@touch.asn.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-MDRemoteIP: 10.0.0.4
X-Return-Path: craig@postnewspapers.com.au
X-MDaemon-Deliver-To: lias@lists.linux.org.au
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Thu Mar 27 09:54:02 2003
X-Original-Date: Thu, 27 Mar 2003 09:52:19 +0800

> Squid will make a filesystem call, and the OS will return an error code. 
> First year university students know how to check these codes, I doubt 
> that a package like squid wouldn't pay attention to them.

In my experience, squid dies silently when it runs out of disk space. As 
a result, the first warning you get is the users. Of course, I'm always 
running gkrellm etc and keeping an eye on free disk space using the snmp 
module for gkrellm, so I haven't had it happen in production use. Oh, 
execept once, where something went runaway and filled up /var with 
syslog messages.

Ideally, squid could email the admin saying "Arrggh, out of disk space 
in cach directory /var/cache/squid. Going to passthrough mode, will not 
add to cache until some space is freed."

> More than likely the disk is faulty, plain and simple. I would be 
> looking into adding a new drive, salvaging your data, and getting rid of 
> the old one (depending on how critical your data on that disk is).

Possible ... but he did mention a crash, probably a kernel panic by the 
sounds of things. Did it look a bit like this:

Unable to handle kernel NULL pointer dereference at virtual address 
00000002c
c026d0c9
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[]    Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010206
eax: 00000028   ebx: dfccc3a8   ecx: 01800204   edx: 00000001
esi: dfccc3a8   edi: dfc265a0   ebp: 00000000   esp: defe5da8
ds: 0018   es: 0018   ss: 0018
Process syslogd (pid: 281, stackpage=defe5000)
Stack: c15d957c dfc265a0 c15d9560 00000000 df381018 c01da1dc dfccc3c0 
dfc26620
        dfccc3e0 dfccc380 dfc0c1e0 00000000 c026d750 c15d9560 dfc265a0 
00000001
        c15d957c c15d9560 00000001 00000000 00000008 c038e600 00000000 
c026d9c2
Call Trace:    [] [] [] [] 
[]
   [] [] [] [] [] 
[]
   [] [] [] [] []
Code: 8b 2c 90 8b 44 24 28 c1 e9 08 83 e1 0f d3 ed 83 e5 01 c7 44

because if so, it was probably a kernel panic that took it down. The 
reason for the file system corruption in this case is usually that the 
fs was in the middle of writing data to the disk when the machine crashed.

Journalling filesystems like reiserfs and ext3 are designed to help 
prevent this problem. If you have a vaguely recent distro with a 2.4 
kernel, you should be able to convert your existing filesystems from 
ext2 to ext3 relatively easily.... after you back up, just to make sure. 
There's plenty of info on the 'net about how to do this.

Craig Ringer
IT Manager
POST Newspapers

From tgunter@lisp.com.au Thu Mar 27 15:45:50 2003
Received: from simba.lisp.com.au (simba.lisp.com.au [202.22.170.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with SMTP id h2R7jdto006183
	for ; Thu, 27 Mar 2003 15:45:50 +0800
Received: (qmail 889 invoked by uid 52); 27 Mar 2003 07:45:36 -0000
Received: from tig1-76.bath.lisp.com.au (HELO m8e6x9) (202.22.171.86)
  by 0 with SMTP; 27 Mar 2003 07:45:36 -0000
Message-ID: <003201c2f433$7d825c80$56ab16ca@m8e6x9>
From: "Trevor Gunter" 
To: "Lias" 
References:  <3E82112D.6010001@touch.asn.au> <3E825953.6060802@postnewspapers.com.au>
Subject: Re: [Lias] Thanks for help re Proxy
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Thu Mar 27 15:46:02 2003
X-Original-Date: Thu, 27 Mar 2003 18:35:49 +1100

Craig

What you have put below is very similar to what was on the screen when it
crashed at first.

Just a comment though. I don't know how many teachers are on the Lias list
but it seems to only get rarely used. Each time I have asked for help it has
been very forthcoming and appreciated. I know that the questions I ask (and
maybe others) are at time simplistic for all the Linux gurus out there but
those of us who need the help are most often teachers first and that's what
we are skilled at (hopefully). I spend half my time teaching, half my time
managing the Novell network and another half fixing everybodies minutae
problems. Learning more Linux stuff comes in the "find out when I need to"
basket.

I know that's a poor excuse and I appreciate all of you not treating those
teachers on this list who have varying levels of Linux skills (usually low)
as newbies. However, I find that a lot of what people recommend for me to
do, I will try and often bumble through, but what some have suggested I have
little idea of what it means or even how to do it. I know this comes in the
category of RTFM and I do try, but there are just so many hours in the day
and we are teachers first trying to integrate Linux into schools in varying
ways.

I'm out at Bathurst and Peter Hughes who also subscribes to this list is at
Forbes. We're not exactly flushed with Linux experts in schools out here.
We're probably it, but I feel like a dill at times. I know that I am not
keeping up with Linux trends, ideas etc. What can we do in this regard. We
are being very reactive to Linux in schools, I'd like to be more proactive.

Please be gentle with us poor teachers and thanks again for the help.

Trevor

> Unable to handle kernel NULL pointer dereference at virtual address
> 00000002c
> c026d0c9
> *pde = 00000000
> Oops: 0000
> CPU:    0
> EIP:    0010:[]    Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010206
> eax: 00000028   ebx: dfccc3a8   ecx: 01800204   edx: 00000001
> esi: dfccc3a8   edi: dfc265a0   ebp: 00000000   esp: defe5da8
> ds: 0018   es: 0018   ss: 0018
> Process syslogd (pid: 281, stackpage=defe5000)
> Stack: c15d957c dfc265a0 c15d9560 00000000 df381018 c01da1dc dfccc3c0
> dfc26620
>         dfccc3e0 dfccc380 dfc0c1e0 00000000 c026d750 c15d9560 dfc265a0
> 00000001
>         c15d957c c15d9560 00000001 00000000 00000008 c038e600 00000000
> c026d9c2
> Call Trace:    [] [] [] []
> []
>    [] [] [] [] []
> []
>    [] [] [] [] []
> Code: 8b 2c 90 8b 44 24 28 c1 e9 08 83 e1 0f d3 ed 83 e5 01 c7 44
>
>
> because if so, it was probably a kernel panic that took it down. The
> reason for the file system corruption in this case is usually that the
> fs was in the middle of writing data to the disk when the machine crashed.
>
> Journalling filesystems like reiserfs and ext3 are designed to help
> prevent this problem. If you have a vaguely recent distro with a 2.4
> kernel, you should be able to convert your existing filesystems from
> ext2 to ext3 relatively easily.... after you back up, just to make sure.
> There's plenty of info on the 'net about how to do this.
>
> Craig Ringer
> IT Manager
> POST Newspapers
>
>
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
>
>

From lesbell@lesbell.com.au Thu Mar 27 16:28:53 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2R8SRto010725
	for ; Thu, 27 Mar 2003 16:28:52 +0800
Subject: Re: [Lias] Thanks for help re Proxy
To: "Trevor Gunter" 
Cc: "Lias" 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 27/03/2003 07:33:58 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Thu Mar 27 16:29:02 2003
X-Original-Date: Thu, 27 Mar 2003 19:28:20 +1100

"Trevor Gunter"  wrote:

>>
I know that's a poor excuse and I appreciate all of you not treating those
teachers on this list who have varying levels of Linux skills (usually low)
as newbies. However, I find that a lot of what people recommend for me to
do, I will try and often bumble through, but what some have suggested I
have
little idea of what it means or even how to do it. I know this comes in the
category of RTFM and I do try, but there are just so many hours in the day
and we are teachers first trying to integrate Linux into schools in varying
ways.
<<

It's the same for everyone, Trevor, even those of us who've been doing this
for years. I spent a couple of hours this afternoon screwing around trying
to fix a Samba/WinNT printer problem. I guess one answer is something that
we started years ago on the caldera-users list (back when Caldera were a
reasonable company with a nice distro): someone collated the replies on the
list and produced a "Step By Step" ("SxS") web site that gave detailed
instructions on how to set various things up.

Perhaps something similar would help here. I know that I face the same
problem from the other side - I set up a Squid proxy for my kids' school,
and sooner or later will have to hand over responsibility for it to someone
else. Before that happens, I suspect I'll have to train them, as well as
completely documenting the setup.

Now I've made another rod for my own back, by proposing that the school set
out to get some return on its $25,000 investment in LAN cabling by
installing an intranet server. I threw together a prototype, running under
VMWare on my laptop, brainstormed what it should do (mind map at
http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
the school on the idea, with implementation planned for next term.

This thing involves configuration of Apache, Samba, some CGI programs,
Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
document it in detail, in the SxS style, as otherwise the moment I try to
hand it over to someone else, it will start to fall apart. I'll write up
some articles and post them on my site initially, and if anyone finds them
useful, terrific. To be honest, I think whoever takes it over will need
support from a community around Lias, and if I can encourage others to
implement similar systems, that will be great.

With that in mind, I'll let this list know when I start posting articles. I
also expect to spend a day or two setting installing and configuring the
server, and if anyone in the Sydney area wants to lend a hand and see how
it all goes together, they're welcome to come around and take notes.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ches@perlboy.org Thu Mar 27 19:43:17 2003
Received: from mailhub2.uq.edu.au (mailhub2.uq.edu.au [130.102.5.59])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2RBh4to031348
	for ; Thu, 27 Mar 2003 19:43:17 +0800
Received: from ches.lovethisuni.org (emc-203-100-22-23.resnet.uq.edu.au [203.100.22.23])
	by mailhub2.uq.edu.au (8.12.8/8.12.8) with ESMTP id h2RBh2Pi026968;
	Thu, 27 Mar 2003 21:43:02 +1000 (EST)
Subject: Re: [Lias] Thanks for help re Proxy
From: Robert McLeay 
To: Les Bell 
Cc: Trevor Gunter , Lias 
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: 
Message-Id: <1048765359.4112.18.camel@ches.lovethisuni.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.21
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Thu Mar 27 19:44:02 2003
X-Original-Date: 27 Mar 2003 21:42:39 +1000

Hi all,

Sounds really good.

I don't know whether the time and investment in setting up an new system
would be worth it to be honest.

I'd suggest that for mail/web/mysql/dns that you grab a copy of
single-domain (freeware) PSA from www.plesk.com .

I admin shared hosting servers to keep the food/beer flowing, and Plesk
is a dream to install/run/admin/manage, compared to Ensim/CPanel
(please, please, please, don't use CPanel - urrgggh - fixing it all
arvo)

Sounds and looks like a really idea.

Robert.

On Thu, 2003-03-27 at 18:28, Les Bell wrote:
> "Trevor Gunter"  wrote:
> 
> >>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in varying
> ways.
> <<
> 
> It's the same for everyone, Trevor, even those of us who've been doing this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
> 
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
> 
> Now I've made another rod for my own back, by proposing that the school set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
> the school on the idea, with implementation planned for next term.
> 
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
> 
> With that in mind, I'll let this list know when I start posting articles. I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell@lesbell.com.au Fri Mar 28 05:57:43 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2RLvSto030152
	for ; Fri, 28 Mar 2003 05:57:42 +0800
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
To: Robert McLeay 
Cc: Lias , Trevor Gunter 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 09:02:50 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 05:58:01 2003
X-Original-Date: Fri, 28 Mar 2003 08:57:18 +1100

Robert McLeay  wrote:

>>
Sounds really good.

I don't know whether the time and investment in setting up an new system
would be worth it to be honest.

I'd suggest that for mail/web/mysql/dns that you grab a copy of
single-domain (freeware) PSA from www.plesk.com .

I admin shared hosting servers to keep the food/beer flowing, and Plesk
is a dream to install/run/admin/manage, compared to Ensim/CPanel
(please, please, please, don't use CPanel - urrgggh - fixing it all
arvo)
<<

Hmm. I hadn't thought of Plesk, to be honest - always seen it as more
oriented to the hosting business market, and so I'd planned on using Webmin
(http://www.webmin.com). I suspect it would provide a better interface for
email management, especially, but I think, on balance, I'll stick with
Webmin for the time being, mainly on account of familiarity. Also, since
Webmin is open source Perl code, I stand a better chance of hacking in the
appropriate changes or even a module for this specific "application".

To be honest, it's a pretty simple setup. The major trick is going to be
setting up a schema to allow for the kids to be members of the appropriate
groups - e.g. their class, which will change each year, project groups,
etc. - together with some scripts to automate their management.

For my simple "sales demo" at our computer committee meeting, I created a
few demo accounts in advance. I'd already modified /etc/skel so that each
kids' home directory had the appropriate folders created, including one
called "website" which is actually the Apache "public_html" directory. Then
I demo'ed manually creating a new user within Webmin, which automatically
takes care of setting up the appropriate smbpasswd entry as well, and
showed a default kid's home page, then edited that from within Windows. In
real life, the accounts will need to be created using a batch import
technique (Webmin has one) and ideally, automatically managed from that
point onwards.

>>
Sounds and looks like a really idea.
<<

Please, please tell me there's a "good" in there somewhere! 

I'll post another email to this list detailing features I'm aiming for. The
intention is not to create a completely off-the-shelf turnkey package or
(heaven help us!) another distribution, but instead to write up some
articles on how to do these things. That's how I make my living, and who
knows?, if a magazine somewhere picks up an article or two out of it, my
kids will get to eat that month.  However, along the way, I'm happy to
put what I've done up on the web so people can benefit immediately, and
equally I'd be really pleased to accept suggestions, feature requests, and
pointers to better ways of doing things.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From sbryan@olmc.nsw.edu.au Fri Mar 28 05:58:16 2003
Received: from postoffice.remex.com.au (postoffice1.remex.com.au [203.41.10.200])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2RLw3to030226
	for ; Fri, 28 Mar 2003 05:58:15 +0800
Received: from olmcpad1.remex.com.au (olmcpad1.remex.com.au [10.192.0.1])
	by postoffice.remex.com.au (8.11.6/8.11.6) with ESMTP id h2RLxU209136;
	Fri, 28 Mar 2003 08:59:30 +1100
Received: from gatekeeper.olmc.nsw.edu.au ([10.192.0.15])
	by olmcpad1.remex.com.au (8.11.6/8.11.6) with ESMTP id h2RLxRh17201;
	Fri, 28 Mar 2003 08:59:27 +1100
Received: from simon ([10.192.1.14])
	by gatekeeper.olmc.nsw.edu.au (8.11.6/8.11.6) with SMTP id h2SIvql32602;
	Fri, 28 Mar 2003 08:57:52 -1000
Reply-To: 
From: "Simon Bryan" 
To: "Trevor Gunter" , "Lias" 
Subject: RE: [Lias] Thanks for help re Proxy
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <003201c2f433$7d825c80$56ab16ca@m8e6x9>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 06:00:02 2003
X-Original-Date: Fri, 28 Mar 2003 08:58:19 +1100

> Just a comment though. I don't know how many teachers are on the Lias list
> but it seems to only get rarely used. Each time I have asked for
> help it has
> been very forthcoming and appreciated. I know that the questions
> I ask (and
> maybe others) are at time simplistic for all the Linux gurus out there but
> those of us who need the help are most often teachers first and
> that's what
> we are skilled at (hopefully). I spend half my time teaching, half my time
> managing the Novell network and another half fixing everybodies minutae
> problems. Learning more Linux stuff comes in the "find out when I need to"
> basket.

There are a lot of teachers I believe on this list as well as a few Linux
gurus, I am not one, but am luck enough to not have a teaching load anymore
so have more time than most to work through problems. The few gurus that are
here are also very responsive as you note.

>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills
> (usually low)
> as newbies.
That is what this list is for, if you want to see real 'geeky' linux stuff
have a look at the SLUG list :-)
Should note that they are alos very helpful

However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have
> suggested I have
> little idea of what it means or even how to do it. I know this
> comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools
> in varying
> ways.

I like Les suggestion of having a step by step process for teachers (not for
the experts).
I have started a similar system here and will look at how I can put it
on-line for everyone if people think that will help.

> I'm out at Bathurst and Peter Hughes who also subscribes to this
> list is at
> Forbes. We're not exactly flushed with Linux experts in schools out here.
> We're probably it, but I feel like a dill at times. I know that I am not
> keeping up with Linux trends, ideas etc. What can we do in this regard. We
> are being very reactive to Linux in schools, I'd like to be more
> proactive.
The advantage of Linux is that if it is a server on the internet then you
don't need a Linux expert nearby. I had two people workingon my systems
recently, one is in Ireland the other I think is in Sydney (but I am not
sure).

_________________________________________
Simon Bryan
IT Manager
OLMC Parramata
ICQ#: 137562751
_________________________________________

From lesbell@lesbell.com.au Fri Mar 28 07:37:13 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2RNb2to008480
	for ; Fri, 28 Mar 2003 07:37:12 +0800
To: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 10:42:20 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Subject: [Lias] School Intranet Server - Functionality & Requirements
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 07:38:02 2003
X-Original-Date: Fri, 28 Mar 2003 10:36:56 +1100

As I mentioned in an earlier email, I'm currently working on a school
intranet server design, and planning to write up how it's done, so that I
can pass documentation to those who follow. In the spirit of sharing, I've
documented the broad direction our project is heading in, and from this you
can see the documentation I'll be writing up ("How to Set Up Personal Home
Pages in Apache", "How to Set Up Users and Groups for a School", etc.).
Yes, I know there's excellent documentation for some of these techniques in
the HOWTO's and the Apache project site, etc. but the goal here is to write
up some articles that document approaches that are school- and
teacher-specific, and aren't meant for Linux gurus.

These are my thoughts, based on a brainstorming session I did a few weeks
ago. I realised that "our" school (actually, my daughter's - I'm on the
computer committee of the P and C) had spent close to $30,000 on cabling
throughout the school, but still was not effectively leveraging that
investment with services like email. In particular, all the machines in the
computer room were set to use Google as their home page, and I would
really, *really* like to see a home page which reflects pride in the
school, the kids' accomplishments, etc. and could even be used to broadcast
news.

Bear in mind this is a primary school, so it has initially been designed
with this in mind. The result of the "brainstorming" was a mind map which
is published at http://ffps.lesbell.com.au/pandc/schoolserver , which
should be viewed as a companion to this document.

                  ---------------------------------------

Requirements for a School Intranet Server

Web Server

I put this in as an early requirement, for the obvious reason that it
provides a school home page which can be used throughout the school.
Additionally, for young children, the web browser provides a nice, easy
interactive environment in which younger children can learn basic mouse and
keyboard skills.

Other obvious applications include class home pages, home pages for sports
teams, projects, etc. I've also set out to provide personal home page
capabilities through enabling the Apache "public_html" directory
capability, except that I've renamed it "website" for simplicity. By
sharing each user's home directory with Samba, we can be agnostic about web
development tools so kids can use Word, Powerpoint, etc. and I hope to
maintain compatibility with tools like EduWeb.

Our goal is for implementation of a home page during term 2, and the
children are currently taking part in a competitiion to generate artwork
for this.

One benefit of implementing a full web server, rather than loading pages
using "file:" URL's is the ability to run CGI programs on the server. I
initially demonstrated this using a painfully simple "Hangman" game, but
the teachers I presented to were quite excited at the notion of simple
games and educational programs. One that appeals to me is the maintenance
of an event calendar, as the maintenance of a static HTML page - even using
Javascript and CSS - is quite painful.

Email

The primary users here, initially, would be staff. However, I feel that
email usage is an essential skill to teach our children, including
effective/efficient usage habits, as well as the difference between spoken
and written communication and how inappropriate use can lead to flame wars.

Initial implementation is to be within the school only, with no gateway to
the outside world, in order to minimize security/privacy concerns. However,
I expect staff will want to send email globally and this will quickly cause
confusion, so implementation of a connection to the Internet via a DET
(NSW) gateway will probably be a high priority.

I have demonstrated content filtering, with a simple procmail recipe to
block an email with offensive language in it. However, I'm a procmail
novice and am looking for better recipes to (ideally) redirect
inappropriate material to the appropriate teacher for action.

Since users do not have a dedicated computer, it is not possible to
configure a conventional email client with the appropriate user ID,
password etc. for POP/IMAP access (except teachers, perhaps). I am
therefore planning on using a web interface for email. My initial
demonstration was based on Usermin, a companion "product" to the Webmin web
administration tool (http://www.webmin.com) which allows users to change
their own passwords, etc. However, I believe the Webmin mail interface is a
little too complex for primary school kids, and am looking for suggestions
for a simple web mail interface.

File Server

Most of the applications the children use are the usual Microsoft Office
desktop apps, along with games, educational software, etc. It is therefore
easy for them to save their work to a shared drive. Currently, the school
does not have any user accounts for the children (nor for the teachers, I
suspect) and so all directories are shared, leading to occasional (but
increasingly frequent, I suspect) dramas when one student overwrites or
deletes another's work.

I have therefore designed a scheme in which each student has a home
directory, provided by a Samba server. For the younger children, the
accounts have no passwords - I have horrible visions of most of each
computer lesson being devoted to password resetting - but I feel that for
the older children, the notion of using a password to achieve privacy is an
important lesson which should be learned at a young age (say 8 or 9).

The computer teacher at our school has been trying to introduce the notion
of using folders to keep work organized, and I am supporting that by
providing a standard set of folders for every account, created from
/etc/skel (Art, Poems, PP, Stories, etc. but this is obviously easily
customizable).

It should be possible to allow shared access to class folders and web sites
through membership in Linux groups. However, I suspect that a special tool
or script will be necessary to deal with moving students (and their files)
between groups at the beginning of each school year.

Administration

Administration really needs to be through a web-based interface, for
simplicity. My prototype uses Webmin (http://www.webmin.com) and
capitalizes on a couple of Webmin-specific features (e.g. automatic
synchronization of Samba passwords and integration with Usermin) but I'm
open to other suggestions. One benefit of Webmin is that it is open source
(written in Australia) and there is a well-documented API for the coding of
additional modules which could be used to support functionality like
associating students with classes, projects, etc.

One problem is that the school is well within the NSW DET firewall, so that
parents (who provide the tech support expertise) cannot access it via the
Internet. With this in mind, I am proposing to use Red Hat as the platform
for our implementation and register the machine with Red Hat Network so
that upgrades can be applied remotely (I've done this with our squid proxy
and it works well). However, I should be able to devise a scheme for
dial-in access with strong authentication which will allow external access
by authorised administrators and hopefully won't set off alarm bells at DET
(I'm a security professional and yes, I *know* modems inside the firewall
are generally a bad idea, but . . .).

                  ---------------------------------------

Enough said! If anyone can use any of this stuff as is, please let me know
and I'll prioritise writing it up and putitng it on the web. More to the
point, if anyone has any ideas or suggestions, based on their experience,
or can point me to tools for email content filtering, web mail, etc.
appropriate to schools, I'd love to hear from them. Also, remember, I'm a
technical type, not a teacher (except of adults) so comments from teachers
along the lines of "that sounds good in theory, but in the real world, it
won't work" are also welcome. While focused on the immediate project at
"our" school, I'd feel better if whatever I do is of general use and
benefits the wider community.

There's a whole bunch of ancillary issues to be dealt with, too. For
example, I've run a basic HTML editing class at our school, and would
happily run a basic class on Linux administration for teachers and parents.
As I say, I have to do *something* to ensure that the torch gets passed
when my daughter goes to secondary school and we move on as a family.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]

From ches@perlboy.org Fri Mar 28 08:02:51 2003
Received: from mailhub2.uq.edu.au (mailhub2.uq.edu.au [130.102.5.59])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S02dto011226
	for ; Fri, 28 Mar 2003 08:02:50 +0800
Received: from ches.lovethisuni.org (emc-203-100-22-23.resnet.uq.edu.au [203.100.22.23])
	by mailhub2.uq.edu.au (8.12.8/8.12.8) with ESMTP id h2S02cPi019552;
	Fri, 28 Mar 2003 10:02:38 +1000 (EST)
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
From: Robert McLeay 
To: Les Bell 
Cc: Lias 
In-Reply-To: 
References: 
Content-Type: text/plain
Organization: 
Message-Id: <1048809751.14265.12.camel@ches.lovethisuni.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.21
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 08:03:02 2003
X-Original-Date: 28 Mar 2003 10:02:32 +1000

>  However, I believe the Webmin mail interface is a
> little too complex for primary school kids, and am looking for suggestions
> for a simple web mail interface.

Pine? ;) No, seriously, at uni, Pine prompts for and authenticates on your 
username/pass using IMAP (so it doesn't matter which unix box you're logged into.
If possible, why not setup a normal mail client (eg outlook, eudora etc) to do 
this?

Please, please, please disable HTML email by default though, and tell the 
children about how evil it is before they get the 'outlook express ivy-leaf 
border' disease.

Robert.

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 09:14:27 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1EGto018867
	for ; Fri, 28 Mar 2003 09:14:27 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP
	id 187DCA8D9A; Fri, 28 Mar 2003 01:14:16 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id 46243599E; Fri, 28 Mar 2003 12:13:47 +1100 (EST)
Message-ID: <3E83A1E5.5010305@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Les Bell 
Cc: Robert McLeay , Lias ,
   Trevor Gunter 
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:15:02 2003
X-Original-Date: Fri, 28 Mar 2003 12:14:13 +1100

Managing users and passwords is a real point of diversity that I think 
we could really do some good for:

(BTW the following is a list of points for discussion not direct advice 
to anyone)

1. I setup my last server to use smb for all authentication (thanks to 
PAM). I did this because it was the quickest way to unify things but I 
susspect that a system base on LDAP would have been a better one?  This 
seemed much harder but may have given much better mac integration.

2. I have also made a modified /etc/skel.  In the shareing of home 
directories via smb and netatalk I make it a rule _not_ to share the 
home folder but one or more subdirectories of it - in particular 
"Documents" and "public_html"

3. On PCs I can then have a startup script to map the users 
$(HOME)/documents to h: and leave a shortcut to "My network folder" -> 
h: in the global desktop configuration.

4. On the last server I did I setup scripts to setup new teacher and 
sudent accounts - creating the required directories etc to implement a 
heirachy of access:

teacher has access to their own private space
                       plus student home directories
                       plus teacher share
                       plus student share

students have access to private file space plus student share

admin (office staff account) has access to private space plus admin share

teachers can be added to an admin group which gives them access to the 
admin share

There was quite a bit of work involved in setting this up (and working 
it out!) and I would like to find a way to share the results - perhaps 
they can be developed further?  One of the problems however is that I 
only get access to the installed system on occation as it is firewalled 
(of course) by DET... so a wiki might be a great help here.

Les Bell wrote:
> Robert McLeay  wrote:
> 
> 
> Sounds really good.
> 
> I don't know whether the time and investment in setting up an new system
> would be worth it to be honest.
> 
> I'd suggest that for mail/web/mysql/dns that you grab a copy of
> single-domain (freeware) PSA from www.plesk.com .
> 
> I admin shared hosting servers to keep the food/beer flowing, and Plesk
> is a dream to install/run/admin/manage, compared to Ensim/CPanel
> (please, please, please, don't use CPanel - urrgggh - fixing it all
> arvo)
> <<
> 
> Hmm. I hadn't thought of Plesk, to be honest - always seen it as more
> oriented to the hosting business market, and so I'd planned on using Webmin
> (http://www.webmin.com). I suspect it would provide a better interface for
> email management, especially, but I think, on balance, I'll stick with
> Webmin for the time being, mainly on account of familiarity. Also, since
> Webmin is open source Perl code, I stand a better chance of hacking in the
> appropriate changes or even a module for this specific "application".
> 
> To be honest, it's a pretty simple setup. The major trick is going to be
> setting up a schema to allow for the kids to be members of the appropriate
> groups - e.g. their class, which will change each year, project groups,
> etc. - together with some scripts to automate their management.
> 
> For my simple "sales demo" at our computer committee meeting, I created a
> few demo accounts in advance. I'd already modified /etc/skel so that each
> kids' home directory had the appropriate folders created, including one
> called "website" which is actually the Apache "public_html" directory. Then
> I demo'ed manually creating a new user within Webmin, which automatically
> takes care of setting up the appropriate smbpasswd entry as well, and
> showed a default kid's home page, then edited that from within Windows. In
> real life, the accounts will need to be created using a batch import
> technique (Webmin has one) and ideally, automatically managed from that
> point onwards.
> 
> 
> Sounds and looks like a really idea.
> <<
> 
> Please, please tell me there's a "good" in there somewhere! 
> 
> I'll post another email to this list detailing features I'm aiming for. The
> intention is not to create a completely off-the-shelf turnkey package or
> (heaven help us!) another distribution, but instead to write up some
> articles on how to do these things. That's how I make my living, and who
> knows?, if a magazine somewhere picks up an article or two out of it, my
> kids will get to eat that month.  However, along the way, I'm happy to
> put what I've done up on the web so people can benefit immediately, and
> equally I'd be really pleased to accept suggestions, feature requests, and
> pointers to better ways of doing things.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 09:26:29 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1QFto020163
	for ; Fri, 28 Mar 2003 09:26:29 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP
	id CDE30A8D9C; Fri, 28 Mar 2003 01:26:14 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id B43135993; Fri, 28 Mar 2003 12:25:48 +1100 (EST)
Message-ID: <3E83A4B6.1030506@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Les Bell 
Cc: Lias 
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:27:01 2003
X-Original-Date: Fri, 28 Mar 2003 12:26:14 +1100

Interesting comments on email.  My experience: don't touch it.

DET provides their own webmail interface for staff and is looking at 
expanding it.  I don't like their system much but they maintain it. 
Anything you add will only cause confusion (sorry - I've just been there 
...several times)  You will also run into duty of care concerns with 
email as it is difficult (impossible) for teachers to monitor what the 
kids are doing with it.

Setting up an intra-net homepage is practical and a very good idea IMO - 
  put a form on it for a google safe search.... One thing I also setup 
in the past was a page that teachers could add bookmarks to (via a 
frm/cgi interface)... I'm moving away from this however towards things 
like wiki (for better or worse)

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From pgear@redlands.qld.edu.au Fri Mar 28 09:27:36 2003
Received: from sg-redlands.clients.multiemedia.com ([202.5.161.80])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1ROto020276
	for ; Fri, 28 Mar 2003 09:27:35 +0800
Received: from MAIL.REDLANDS.QLD.EDU.AU (unknown [202.5.161.83])
	by sg-redlands.clients.multiemedia.com (Postfix) with ESMTP id E761C88
	for ; Fri, 28 Mar 2003 12:27:15 +1100 (EST)
Received: from BORDER/SpoolDir by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48);
    28 Mar 03 11:29:42 +1000
Received: from SpoolDir by BORDER (Mercury 1.48); 28 Mar 03 11:29:34 +1000
Received: from redlands.qld.edu.au (10.0.0.63) by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48) with ESMTP;
    28 Mar 03 11:29:26 +1000
Message-ID: <3E83A5DE.5030705@redlands.qld.edu.au>
From: Paul Gear 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: Lias 
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
References:  <1048809751.14265.12.camel@ches.lovethisuni.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:28:01 2003
X-Original-Date: Fri, 28 Mar 2003 11:31:10 +1000

Robert McLeay wrote:

>...
>Please, please, please disable HTML email by default though, and tell the 
>children about how evil it is before they get the 'outlook express ivy-leaf 
>border' disease.
>

Amen, brother!  Preach on!

:-)

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From lesbell@lesbell.com.au Fri Mar 28 09:32:10 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1Vvto020848
	for ; Fri, 28 Mar 2003 09:32:10 +0800
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
To: Andrew Dorrell 
Cc: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 12:37:18 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:33:02 2003
X-Original-Date: Fri, 28 Mar 2003 12:31:04 +1100

Andrew Dorrell  wrote a lot of good
points in that last post, so I'm going to make several replies dealing with
authentication, SMB shares and access control as separate threads:

>>
1. I setup my last server to use smb for all authentication (thanks to
PAM). I did this because it was the quickest way to unify things but I
susspect that a system base on LDAP would have been a better one?  This
seemed much harder but may have given much better mac integration.
<<

I think authentication is going to be a thorny issue. Our school has an NT
domain, but I'm not sure to what extent it's making use of user accounts
for authentication (the kids just log on with generic "workstation1",
"workstation2", etc. id's) and I haven't paid that much attention to
fitting in with it. To be honest, it's been there for so long, under the
control of various people with less than adequate training, that it's
probably a bit of a mess and it would be better to have workstations
authenticate to the Samba server, where we're starting with a clean slate
(not to mention the benefit of this discussion).

LDAP is a good option, especially when there is a need for cross-platform
authentication. Is anybody out there using it in practice? I've had it on
my to-do list for some time now, especially since our intranet is based on
Lotus Domino, which provides an LDAP server, but I'm about as far from
getting started on it as I was eighteen months ago.

Given that every user on a small setup would have a home directory, the
simplest approach would be to use useradd (or the equivalent in Webmin)
with shadow password authentication. What are the benefits of LDAP over
this?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell@lesbell.com.au Fri Mar 28 09:39:56 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1dkto021709
	for ; Fri, 28 Mar 2003 09:39:56 +0800
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
To: Andrew Dorrell 
Cc: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 12:45:03 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:40:02 2003
X-Original-Date: Fri, 28 Mar 2003 12:39:46 +1100

Andrew Dorrell  wrote:

>>
2. I have also made a modified /etc/skel.  In the shareing of home
directories via smb and netatalk I make it a rule _not_ to share the
home folder but one or more subdirectories of it - in particular
"Documents" and "public_html"
<<

Why was that, Andrew? I've shared home directories directly, as that's
particularly easy to do - it's the Samba default behaviour, and the Windows
workstations then go ahead and create the "My Documents" folder, etc. The
only problem I see is the visibility of some Linux-related hidden files,
but those can be made to disappear (with a Samba setting? I need to
document this for my *own* benefit as much as anyone else's!).

Doesn't sharing the subdirectories give rise to more complex drive mapping?
E.g.

My documents -> H:
My website -> W:

or some such?

>>
3. On PCs I can then have a startup script to map the users
$(HOME)/documents to h: and leave a shortcut to "My network folder" ->
h: in the global desktop configuration.
<<

This is an area I've found confusing and not all that well documented. When
I converted our local Samba workgroup to a domain a number of surprising
things happened, not least of which was the complete wiping out of my CFO's
(aka SWMBO's) work files. So, I'm looking for a good description of how the
Windows NT/2K Domain maps the "My Documents" folder on the 2K/ME/XP desktop
to the server. Any pointers to documents at the Microsoft Knowledge Base or
elsewhere would be a godsend, here.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell@lesbell.com.au Fri Mar 28 09:46:39 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1kRto022464
	for ; Fri, 28 Mar 2003 09:46:38 +0800
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
To: Andrew Dorrell 
Cc: Robert McLeay , Lias ,
   Trevor Gunter 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 12:51:45 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:47:02 2003
X-Original-Date: Fri, 28 Mar 2003 12:43:03 +1100

Andrew Dorrell  wrote:

>>
4. On the last server I did I setup scripts to setup new teacher and
sudent accounts - creating the required directories etc to implement a
heirachy of access:

teacher has access to their own private space
                       plus student home directories
                       plus teacher share
                       plus student share

students have access to private file space plus student share

admin (office staff account) has access to private space plus admin share

teachers can be added to an admin group which gives them access to the
admin share

There was quite a bit of work involved in setting this up (and working
it out!) and I would like to find a way to share the results - perhaps
they can be developed further?  One of the problems however is that I
only get access to the installed system on occation as it is firewalled
(of course) by DET... so a wiki might be a great help here.
<<

You beauty! There's a surprising amount of work here - it's quite literally
been an item in my to do list for the last few weeks, but I haven't had a
chance to work it out. So, yes, *please* write it up whenever you get time.
If we haven't got a wiki or something like it up and running by then, just
post it to the list as an interim measure, but keep a copy for later.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 09:51:54 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1pito023082
	for ; Fri, 28 Mar 2003 09:51:54 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP
	id 80AE3A8D9A; Fri, 28 Mar 2003 01:51:44 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id 672885996; Fri, 28 Mar 2003 12:51:18 +1100 (EST)
Message-ID: <3E83AAB0.1090202@cisra.canon.com.au>
From: Andrew Dorrell 
Reply-To: dorrell@research.canon.com.au
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Les Bell 
Cc: Lias 
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:52:01 2003
X-Original-Date: Fri, 28 Mar 2003 12:51:44 +1100

Les Bell wrote:
> Andrew Dorrell  wrote:
> 
> 
> 2. I have also made a modified /etc/skel.  In the shareing of home
> directories via smb and netatalk I make it a rule _not_ to share the
> home folder but one or more subdirectories of it - in particular
> "Documents" and "public_html"
> <<
> 
> Why was that, Andrew? I've shared home directories directly, as that's
> particularly easy to do - it's the Samba default behaviour, and the Windows
> workstations then go ahead and create the "My Documents" folder, etc. The
> only problem I see is the visibility of some Linux-related hidden files,
> but those can be made to disappear (with a Samba setting? I need to
> document this for my *own* benefit as much as anyone else's!).

This is true and I was perhaps over-zelous about this but I didn't want 
people to be able to remove their public_html folder or Mail folder for 
example.  Providing a drive mapping (as per your suggestion below just 
seemed more robust.... while directories such as Mail are only visible 
to the applications that actually use them.

It may have been better to use the veto files options... but there is 
setarate setup of that for both mac and windows file sharing.  The pros 
and cons are worth fleshing out.

> Doesn't sharing the subdirectories give rise to more complex drive mapping?
> E.g.
> 
> My documents -> H:
> My website -> W:
> 
> or some such?
> 
> 
> 3. On PCs I can then have a startup script to map the users
> $(HOME)/documents to h: and leave a shortcut to "My network folder" ->
> h: in the global desktop configuration.
> <<
> 
> This is an area I've found confusing and not all that well documented. When
> I converted our local Samba workgroup to a domain a number of surprising
> things happened, not least of which was the complete wiping out of my CFO's
> (aka SWMBO's) work files. So, I'm looking for a good description of how the
> Windows NT/2K Domain maps the "My Documents" folder on the 2K/ME/XP desktop
> to the server. Any pointers to documents at the Microsoft Knowledge Base or
> elsewhere would be a godsend, here.

I haven't played with that - rather I just put the shortcut to the 
network folder in the local machines "My Documents"... a cop-out perhaps 
  ... but its because I don't know the answer to your question ;-) (Plus 
I think its quite different between 98 / 2000/XP and I just don't have 
that much time to put into learning MS stuff)

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From lesbell@lesbell.com.au Fri Mar 28 09:58:13 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S1vuto023795
	for ; Fri, 28 Mar 2003 09:58:13 +0800
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
To: Andrew Dorrell 
Cc: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 01:03:20 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 09:59:02 2003
X-Original-Date: Fri, 28 Mar 2003 12:57:51 +1100

Andrew Dorrell  wrote:

>>
Interesting comments on email.  My experience: don't touch it.

DET provides their own webmail interface for staff and is looking at
expanding it.  I don't like their system much but they maintain it.
Anything you add will only cause confusion (sorry - I've just been there
...several times)  You will also run into duty of care concerns with
email as it is difficult (impossible) for teachers to monitor what the
kids are doing with it.
<<

Now that's useful to know! One problem I face is that, especially in a
primary school, the teachers themselves don't always know just what's
available, so I didn't even know about the DET staff webmail system. I have
heard about the upcoming expanded DET system which will provide some
facilities for student email etc. and will supplant some of what we're
doing, but I don't have firm scope and timeframe info - which is why I
decided to plough ahead and get something running in the short term. In any
case, I think there will always be scope for a system inside the school
which can run intranet applications.

>>
Setting up an intra-net homepage is practical and a very good idea IMO -
  put a form on it for a google safe search.... One thing I also setup
in the past was a page that teachers could add bookmarks to (via a
frm/cgi interface)... I'm moving away from this however towards things
like wiki (for better or worse)
<<

Heh. Google Safesearch is on there already, on my sample homepage. I'd love
to hear more about your bookmarks CGI app, though, as I can see that being
a popular feature. I've never implemented a wiki, but maybe it's time to
start. A wiki could allow kids (and teachers!) to learn about
computer-mediated communication, without a lot of the thorny problems of
email, couldn't it?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell@lesbell.com.au Fri Mar 28 10:17:07 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S2Gsto025861
	for ; Fri, 28 Mar 2003 10:17:06 +0800
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
To: Paul Gear 
Cc: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 01:22:15 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 10:18:01 2003
X-Original-Date: Fri, 28 Mar 2003 13:16:55 +1100

Paul Gear  wrote:

>>

Amen, brother!  Preach on!

<<

Hallehluah! I got an email yesterday, from a travel agent, that consisted
of a Word document and an "Email Cover Sheet". Dear, oh, dear!

We have *got* to teach kids about proper email usage. . .

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 11:07:44 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S37Xto031346
	for ; Fri, 28 Mar 2003 11:07:43 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP id D5B1CA8F09
	for ; Fri, 28 Mar 2003 03:07:32 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id A3B35599B; Fri, 28 Mar 2003 14:07:06 +1100 (EST)
Message-ID: <3E83BC74.3060307@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lias 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Lias] linux kernel security patches
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 11:08:02 2003
X-Original-Date: Fri, 28 Mar 2003 14:07:32 +1100

In case you have some hackers at your school:

  --Linux Kernel Vulnerability
(19 March 2003)
A vulnerability in the ptrace component of the 2.2 and 2.4 series
of Linux kernels could allow a local user to obtain root privileges.
RedHat has posted a patch for the flaw
http://news.com.com/2100-1016-993278.html
https://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 11:16:52 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S3Gdto032364
	for ; Fri, 28 Mar 2003 11:16:52 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP id 5A75FA8F09
	for ; Fri, 28 Mar 2003 03:16:39 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP id 2860059BE
	for ; Fri, 28 Mar 2003 14:16:13 +1100 (EST)
Message-ID: <3E83BE97.4030705@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lias 
Subject: Re: [Lias] Thanks for help re Proxy
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 11:17:02 2003
X-Original-Date: Fri, 28 Mar 2003 14:16:39 +1100

Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?

I'd like to suggest also that other's follow Trevor's lead and, when
they get a post they don't understand, don't be afraid to say so.  Many
of us have worked with teachers and in schools and understand the
difficulty in finding enough time to administer systems - let alone keep
up-to-date  with all the trends.  One of the reasons for this list is to
get together tech heads who are sympathetic to this - otherwise you
could just post to say *lug (your local linux users group)... but it is
difficult to know at what level to post your replies as there is *such*
a mix of experience levels

Regards

Les Bell wrote:
> "Trevor Gunter"  wrote:
> 
> 
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in varying
> ways.
> <<
> 
> It's the same for everyone, Trevor, even those of us who've been doing this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
> 
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
> 
> Now I've made another rod for my own back, by proposing that the school set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
> the school on the idea, with implementation planned for next term.
> 
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
> 
> With that in mind, I'll let this list know when I start posting articles. I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From lesbell@lesbell.com.au Fri Mar 28 11:34:39 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S3YRto001874
	for ; Fri, 28 Mar 2003 11:34:38 +0800
Subject: Hosting a Step-By-Step for Schools Site (was Re: [Lias] Thanks for help re
 Proxy)
To: Andrew Dorrell 
Cc: Lias 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 02:39:46 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 11:35:02 2003
X-Original-Date: Fri, 28 Mar 2003 14:34:16 +1100

Andrew Dorrell  wrote:

>>
Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?
<<

I discussed this earlier today with Simon Bryan at OLMC Parramatta. He has
a MySQL/PHP app developed there which they use to share technical
documentation. He says it's rough, but could be put up on the Internet.

I have a pair of Domino servers - one visible as http://www.lesbell.com.au
and http://ffps.lesbell.com.au ("our" school's development web site).
Domino provides wiki-like "discussion databases" which I can put up in a
few minutes, and it's particularly convenient for me as I can just sit at
the Notes client editing a document in a word-processor like environment,
hit "Save" and the document is published. See
http://www.lesbell.com.au/Home.nsf/Linux?OpenView for a very simple example
of how articles I write are automatically published to web.

The downside is that it's not FOSS, which might worry some people, and only
I would have access to the rich set of editing functionality in the Notes
client. On the other hand, if we do a "SxS" project and I take on editorial
responsibilities, that's the option I'd back since it's a highly productive
environment. I can also set up options like direct email submission to the
database with immediate web publication.

If I'm not editing and formatting the pages, then I'm certainly amenable to
using some other software. Wikis are good, but like all web-based systems,
people have to remember to go and look at them. For discussion, I prefer
mailing lists, as posts automatically land in front of subscribers. My
suggestion would be to use the Lias list to discuss stuff, and then use a
separate (database-driven?) site for publication of "Step-by-Step"
documents. But then, I don't know that much about wiki's. . .

Right now, I'm keeping anything I write in a Domino database; when we get
to the stage of having documents from other contributors, I'll devote an
hour or so to tidying that up and providing an open submission mechanism,
and then we'll compare options and see where to go next. I can export or
import stuff, whichever way it goes.

Also, since Lias is a Linux Australia venture, and I understand that LA is
fairly well cashed-up at the moment, perhaps we could count on them to
provide a host for a wiki?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From tom@stvincents.nsw.edu.au Fri Mar 28 11:36:30 2003
Received: from mail.stvincents.nsw.edu.au ([203.102.161.86])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S3Yoto001910
	for ; Fri, 28 Mar 2003 11:35:18 +0800
Received: from TOMXP ([128.0.0.18])
	by mail.stvincents.nsw.edu.au (8.9.3/8.9.3) with SMTP id OAA22552
	for ; Fri, 28 Mar 2003 14:31:11 +1100
Reply-To: 
From: "Tom Doyle" 
To: "Lias" 
Message-ID: 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <3E83BE97.4030705@cisra.canon.com.au>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Subject: [Lias] (no subject)
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 11:37:02 2003
X-Original-Date: Fri, 28 Mar 2003 14:30:11 +1100

Can I just say that when you click reply to a post on this forum, it replies
to the originator of the post and NOT the list. This is a problem as lots of
advice is lost to the whole community. Can this be changed to default the
reply to the list?

2Cents-Tom.

-----Original Message-----
From: lias-admin@lists.linux.org.au
[mailto:lias-admin@lists.linux.org.au]On Behalf Of Andrew Dorrell
Sent: Friday, 28 March 2003 2:17 PM
To: Lias
Subject: Re: [Lias] Thanks for help re Proxy

Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?

I'd like to suggest also that other's follow Trevor's lead and, when
they get a post they don't understand, don't be afraid to say so.  Many
of us have worked with teachers and in schools and understand the
difficulty in finding enough time to administer systems - let alone keep
up-to-date  with all the trends.  One of the reasons for this list is to
get together tech heads who are sympathetic to this - otherwise you
could just post to say *lug (your local linux users group)... but it is
difficult to know at what level to post your replies as there is *such*
a mix of experience levels

Regards

Les Bell wrote:
> "Trevor Gunter"  wrote:
>
>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually
low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in
the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in
varying
> ways.
> <<
>
> It's the same for everyone, Trevor, even those of us who've been doing
this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on
the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
>
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to
someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
>
> Now I've made another rod for my own back, by proposing that the school
set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now
sold
> the school on the idea, with implementation planned for next term.
>
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
>
> With that in mind, I'll let this list know when I start posting articles.
I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
>
> Best,
>
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
>
>
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

--
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

_______________________________________________
lias mailing list
lias@lists.linux.org.au
http://lists.linux.org.au/listinfo/lias

From ken_yap@users.sourceforge.net Fri Mar 28 11:51:27 2003
Received: from mta02bw.bigpond.com (mta02bw.bigpond.com [144.135.24.138])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S3pHto003786
	for ; Fri, 28 Mar 2003 11:51:27 +0800
Received: from ken.ken.com.au ([144.135.24.78]) by
          mta02bw.bigpond.com (Netscape Messaging Server 4.15 mta02bw Jul
          16 2002 22:47:55) with SMTP id HCFXDA00.2UC for
          ; Fri, 28 Mar 2003 13:51:10 +1000 
Received: from CPE-144-136-73-7.nsw.bigpond.net.au ([144.136.73.7]) by bwmam04bpa.bigpond.com(MailRouter V3.2g 35/5338553); 28 Mar 2003 13:51:48
Received: from ken.ken.com.au (localhost [127.0.0.1])
	by ken.ken.com.au (Postfix on SuSE Linux 8.1 (i386)) with ESMTP id 7ED602226
	for ; Fri, 28 Mar 2003 14:51:09 +1100
To: Linux in Australian Schools 
Reply-To: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject) 
From: ken_yap@users.sourceforge.net
In-reply-to: Your message of Fri, 28 Mar 2003 14:30:11 +1100.

Content-type: text/plain; charset="iso-8859-1"
X-Face: bak'McMAD{%JrA$mQ(j_Ex_o?a/F8/Ntng*t2KX(NcfGalVs^Ke^C61:F
Message-Id: <20030328035109.7ED602226@ken.ken.com.au>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 11:52:02 2003
X-Original-Date: Fri, 28 Mar 2003 14:51:09 +1100

>Can I just say that when you click reply to a post on this forum, it replies
>to the originator of the post and NOT the list. This is a problem as lots of
>advice is lost to the whole community. Can this be changed to default the
>reply to the list?

No, the accumulated wisdom on mailing lists is that once in a while a
reply that was meant to be private will get sent to the list by accident
and embarrass the participants. Or worse.

Either the OP should set a Reply-To:, as I normally do, or the responder
should edit the destinations. In any case I always check the
destinations before I hit send, everyone should. And please check your
Subject: line too.

From jon@cybersite.com.au Fri Mar 28 12:04:52 2003
Received: from notebook.cybersite.com.au ([203.217.63.46])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S44dto005300
	for ; Fri, 28 Mar 2003 12:04:51 +0800
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by notebook.cybersite.com.au (Postfix) with ESMTP
	id D10F5A57B; Fri, 28 Mar 2003 15:02:05 +1100 (EST)
Subject: Re: [Lias] Thanks for help re Proxy
From: Jonathon Coombes 
To: Andrew Dorrell 
Cc: lias@lists.linux.org.au
In-Reply-To: <3E83BE97.4030705@cisra.canon.com.au>
References:  
	<3E83BE97.4030705@cisra.canon.com.au>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8-3mdk 
Message-Id: <1048824125.2612.45.camel@notebook.cybersite.com.au>
Mime-Version: 1.0
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:05:01 2003
X-Original-Date: 28 Mar 2003 15:02:05 +1100

On Fri, 2003-03-28 at 14:16, Andrew Dorrell wrote:
> Les I think this is a great idea and would encourage you to do it.
> Perhaps if one of us could setup a wiki-web (see fr example
> http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
> provide an effective means for having such documentation maintained by
> the whole community?

A great idea, but could I suggest another alternative for the
Wiki software. The one I would recommend is
http://tikiwiki.sourceforge.net. It is very actively developed,
provides extensive value-add features to the wiki, and I have
used it in a number of projects myself :)

If interested, I can setup a site for people to use.

Regards,
Jonathon

From pgear@redlands.qld.edu.au Fri Mar 28 12:14:01 2003
Received: from sg-redlands.clients.multiemedia.com ([202.5.161.80])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4Dgto006293
	for ; Fri, 28 Mar 2003 12:14:00 +0800
Received: from MAIL.REDLANDS.QLD.EDU.AU (unknown [202.5.161.83])
	by sg-redlands.clients.multiemedia.com (Postfix) with ESMTP id D307F88
	for ; Fri, 28 Mar 2003 15:13:35 +1100 (EST)
Received: from BORDER/SpoolDir by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48);
    28 Mar 03 14:16:02 +1000
Received: from SpoolDir by BORDER (Mercury 1.48); 28 Mar 03 14:15:58 +1000
Received: from redlands.qld.edu.au (10.0.0.63) by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48) with ESMTP;
    28 Mar 03 14:15:48 +1000
Message-ID: <3E83CCDF.30007@redlands.qld.edu.au>
From: Paul Gear 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject)
References: <20030328035109.7ED602226@ken.ken.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:14:01 2003
X-Original-Date: Fri, 28 Mar 2003 14:17:35 +1000

ken_yap@users.sourceforge.net wrote:

>>Can I just say that when you click reply to a post on this forum, it replies
>>to the originator of the post and NOT the list. This is a problem as lots of
>>advice is lost to the whole community. Can this be changed to default the
>>reply to the list?
>>    
>>
>
>No, the accumulated wisdom on mailing lists is that once in a while a
>reply that was meant to be private will get sent to the list by accident
>and embarrass the participants. Or worse.
>
>Either the OP should set a Reply-To:, as I normally do, or the responder
>should edit the destinations. In any case I always check the
>destinations before I hit send, everyone should. And please check your
>Subject: line too.
>

Agreed, but it's a matter of statistics.  I reply to the list rather 
more often than the sender, and i'm sure most others are the same.  I'd 
estimate 90-95% of replies i make are to the list...

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From lesbell@lesbell.com.au Fri Mar 28 12:32:52 2003
Received: from bifrost.lesbell.com.au (bifrost.lesbell.com.au [203.28.234.31])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4WWto008304
	for ; Fri, 28 Mar 2003 12:32:52 +0800
Subject: Re: [Lias] recipients Was: (no subject)
To: Paul Gear 
Cc: Linux in Australian Schools 
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: 
From: "Les Bell" 
X-MIMETrack: Serialize by Router on Bifrost/Les Bell and Associates Pty Ltd(Release 5.0.12
  |February 13, 2003) at 28/03/2003 03:38:00 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:33:02 2003
X-Original-Date: Fri, 28 Mar 2003 15:32:32 +1100

Paul Gear  wrote:

>>
Agreed, but it's a matter of statistics.  I reply to the list rather
more often than the sender, and i'm sure most others are the same.  I'd
estimate 90-95% of replies i make are to the list...
<<

Seconded. The vast majority of lists I use (and have used) default to reply
to the list. I expect reply-to-sender when using a list populated by
old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
.  . and damn! would you believe it - I just spotted that I clicked on
"Reply" rather than "Reply to All" and was about to reply off-list? Time to
copy the content, cancel, start a new reply to all, and paste, as I so
often do. . .

(And then I have to manually delete lias-admin@lists.linux.org.au, which my
UA picks up, for some reason. . .)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ken_yap@users.sourceforge.net Fri Mar 28 12:40:27 2003
Received: from mta03ps.bigpond.com (mta03ps.bigpond.com [144.135.25.135])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4eCto009180
	for ; Fri, 28 Mar 2003 12:40:26 +0800
Received: from ken.ken.com.au ([144.135.25.75]) by
          mta03ps.bigpond.com (Netscape Messaging Server 4.15 mta03ps Jul
          16 2002 22:47:55) with SMTP id HCFZMV00.6KT for
          ; Fri, 28 Mar 2003 14:40:07 +1000 
Received: from CPE-144-136-73-7.nsw.bigpond.net.au ([144.136.73.7]) by psmam03bpa.bigpond.com(MailRouter V3.2g 89/144155); 28 Mar 2003 14:40:06
Received: from ken.ken.com.au (localhost [127.0.0.1])
	by ken.ken.com.au (Postfix on SuSE Linux 8.1 (i386)) with ESMTP id 57DE124A3
	for ; Fri, 28 Mar 2003 15:40:06 +1100
To: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject) 
From: ken_yap@users.sourceforge.net
In-reply-to: Your message of Fri, 28 Mar 2003 15:32:32 +1100.

Content-type: text/plain; charset="iso-8859-1"
X-Face: bak'McMAD{%JrA$mQ(j_Ex_o?a/F8/Ntng*t2KX(NcfGalVs^Ke^C61:F
Message-Id: <20030328044006.57DE124A3@ken.ken.com.au>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:41:02 2003
X-Original-Date: Fri, 28 Mar 2003 15:40:06 +1100

>Seconded. The vast majority of lists I use (and have used) default to reply
>to the list. I expect reply-to-sender when using a list populated by
>old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
>.  . and damn! would you believe it - I just spotted that I clicked on
>"Reply" rather than "Reply to All" and was about to reply off-list? Time to
>copy the content, cancel, start a new reply to all, and paste, as I so
>often do. . .
>
>(And then I have to manually delete lias-admin@lists.linux.org.au, which my
>UA picks up, for some reason. . .)

You need a better MUA that's all. :-) And what's so hard about creating
an alias called lias and typing it into the To: or Cc: box?

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 12:46:18 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4k4to009860
	for ; Fri, 28 Mar 2003 12:46:18 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP
	id CEDEFA8F12; Fri, 28 Mar 2003 04:46:03 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id 84F3F5A03; Fri, 28 Mar 2003 15:45:37 +1100 (EST)
Message-ID: <3E83D38B.8090104@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jonathon Coombes 
Cc: lias@lists.linux.org.au
Subject: Re: [Lias] Thanks for help re Proxy
References:  	<3E83BE97.4030705@cisra.canon.com.au> <1048824125.2612.45.camel@notebook.cybersite.com.au>
In-Reply-To: <1048824125.2612.45.camel@notebook.cybersite.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:47:02 2003
X-Original-Date: Fri, 28 Mar 2003 15:46:03 +1100

Jonathon Coombes wrote:

> A great idea, but could I suggest another alternative for the
> Wiki software. The one I would recommend is
> http://tikiwiki.sourceforge.net. It is very actively developed,
> provides extensive value-add features to the wiki, and I have
> used it in a number of projects myself :)

Looks cool - haven't seen it before either :-O

I'll give it a whirl.  Certainly phpwiki is a little lame and twiki a 
little complicated to setup and configure

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From leon@cyberknights.com.au Fri Mar 28 12:54:18 2003
Received: from home.dy.cyberknights.com.au (baboon008.arach.net.au [203.34.17.8])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4s5to010778
	for ; Fri, 28 Mar 2003 12:54:17 +0800
Received: from leon (localhost.localdomain [127.0.0.1])
	by home.dy.cyberknights.com.au (Postfix) with ESMTP id D278E13D36
	for ; Fri, 28 Mar 2003 00:02:19 -0500 (EST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Leon Brooks 
Organization: CyberKnights - modern tools, traditional dedication
To: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject)
User-Agent: KMail/1.4.3
References: <20030328035109.7ED602226@ken.ken.com.au> <3E83CCDF.30007@redlands.qld.edu.au>
In-Reply-To: <3E83CCDF.30007@redlands.qld.edu.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200303281302.19445.leon@cyberknights.com.au>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:55:02 2003
X-Original-Date: Fri, 28 Mar 2003 13:02:19 +0800

On Friday 28 March 2003 12:17, Paul Gear wrote:
> ken_yap@users.sourceforge.net wrote:
>> No, the accumulated wisdom on mailing lists is that once in a while a
>> reply that was meant to be private will get sent to the list by accident
>> and embarrass the participants. Or worse.

>> Either the OP should set a Reply-To:, as I normally do, or the responder
>> should edit the destinations. In any case I always check the
>> destinations before I hit send, everyone should. And please check your
>> Subject: line too.

> Agreed, but it's a matter of statistics.  I reply to the list rather
> more often than the sender, and i'm sure most others are the same.  I'd
> estimate 90-95% of replies i make are to the list...

Most of the lists I inhabit are set to reply-to-list, as are all of the lists 
I manage. In most places, the lists which don't do this are announce-style 
lists. I notice clear exceptions among the Debian community and (probably 
consequentially) on LA's server. OTToMH, my config there for ALLIES says 
reply-to-list but warns of this in the sign-on message.

I always expect replies to go to the list. Sending private email is a 
deliberate act for me. However, for someone not expecting reply-to-list, you 
can create an awful lot of damage instantly with a thoughtless `private' 
email which you actually send to the list.

So... I favour reply-to-list, but I don't favour switching over a list whose 
denizens are *used*to* reply-to-sender.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Committee Member, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Committee Member, Linux Australia

From andrew.dorrell@cisra.canon.com.au Fri Mar 28 12:56:47 2003
Received: from a.mx.canon.com.au (a.mx.canon.com.au [203.12.172.4])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S4ubto011070
	for ; Fri, 28 Mar 2003 12:56:47 +0800
Received: from ivory.research.canon.com.au (canonex.research.canon.com.au [203.12.172.254])
	by a.mx.canon.com.au (Postfix) with ESMTP
	id 461D5A8F1F; Fri, 28 Mar 2003 04:56:37 +0000 (UTC)
Received: from cisra.canon.com.au (ormai.research.canon.com.au [10.2.2.134])
	by ivory.research.canon.com.au (Postfix) with ESMTP
	id EA06D59E9; Fri, 28 Mar 2003 15:56:10 +1100 (EST)
Message-ID: <3E83D605.8030405@cisra.canon.com.au>
From: Andrew Dorrell 
Organization: CISRA
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ken_yap@users.sourceforge.net
Cc: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject)
References: <20030328044006.57DE124A3@ken.ken.com.au>
In-Reply-To: <20030328044006.57DE124A3@ken.ken.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 12:57:02 2003
X-Original-Date: Fri, 28 Mar 2003 15:56:37 +1100

>>Seconded. The vast majority of lists I use (and have used) default to reply
>>to the list. I expect reply-to-sender when using a list populated by
>>old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
>>.  . and damn! would you believe it - I just spotted that I clicked on
>>"Reply" rather than "Reply to All" and was about to reply off-list? Time to
>>copy the content, cancel, start a new reply to all, and paste, as I so
>>often do. . .

Have to admit - I'd rather the "reply" buton to send to the list also... 
partly because that's how al the lists here at work are configured - so 
lias always throws me

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From ken_yap@users.sourceforge.net Fri Mar 28 13:04:41 2003
Received: from mta05ps.bigpond.com (mta05ps.bigpond.com [144.135.25.137])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2S54Vto011942
	for ; Fri, 28 Mar 2003 13:04:41 +0800
Received: from ken.ken.com.au ([144.135.25.72]) by
          mta05ps.bigpond.com (Netscape Messaging Server 4.15 mta05ps Jul
          16 2002 22:47:55) with SMTP id HCG0RI00.930 for
          ; Fri, 28 Mar 2003 15:04:30 +1000 
Received: from CPE-144-136-73-7.nsw.bigpond.net.au ([144.136.73.7]) by psmam02bpa.bigpond.com(MailRouter V3.2g 80/198466); 28 Mar 2003 15:04:30
Received: from ken.ken.com.au (localhost [127.0.0.1])
	by ken.ken.com.au (Postfix on SuSE Linux 8.1 (i386)) with ESMTP id E44EF2226
	for ; Fri, 28 Mar 2003 16:04:29 +1100
To: Linux in Australian Schools 
Subject: Re: [Lias] recipients Was: (no subject) 
From: ken_yap@users.sourceforge.net
In-reply-to: Your message of Fri, 28 Mar 2003 13:02:19 +0800.
             <200303281302.19445.leon@cyberknights.com.au> 
Content-type: text/plain; charset="iso-8859-1"
X-Face: bak'McMAD{%JrA$mQ(j_Ex_o?a/F8/Ntng*t2KX(NcfGalVs^Ke^C61:F
Message-Id: <20030328050429.E44EF2226@ken.ken.com.au>
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Fri Mar 28 13:05:01 2003
X-Original-Date: Fri, 28 Mar 2003 16:04:29 +1100

>So... I favour reply-to-list, but I don't favour switching over a list whose 
>denizens are *used*to* reply-to-sender.

Here's an offer to any list member: Take over management of this list
from me if you wish (oh please, take the spam :-), then you are welcome
to initiate a change in the reply policy.

From craig@postnewspapers.com.au Mon Mar 31 01:13:08 2003
Received: from mulgara.westnet.com.au (mulgara.westnet.com.au [203.10.1.6])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2UHCwto032615
	for ; Mon, 31 Mar 2003 01:13:08 +0800
Received: from firewall (unknown [172.22.132.92])
	by mulgara.westnet.com.au (Postfix) with ESMTP id AF90E2FBC7
	for ; Mon, 31 Mar 2003 01:12:58 +0800 (WST)
Received: from [192.168.0.4] (helo=postnewspapers.com.au)
	by firewall with esmtp (Exim 3.35 #1 (Debian))
	id 18zgMf-0003P5-00
	for ; Mon, 31 Mar 2003 01:13:01 +0800
Message-ID: <3E872561.80909@postnewspapers.com.au>
From: Craig Ringer 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lias 
Subject: Re: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
References: 
In-Reply-To: 
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 31 01:14:02 2003
X-Original-Date: Mon, 31 Mar 2003 01:12:01 +0800

> LDAP is a good option, especially when there is a need for cross-platform
> authentication. Is anybody out there using it in practice? 

I have it running for authentication of linux users between two 
machines, however I haven't yet tried to merge in NT domain 
authentication. I'm not sure its worth it, the users all use different 
machines.

> Given that every user on a small setup would have a home directory, the
> simplest approach would be to use useradd (or the equivalent in Webmin)
> with shadow password authentication. What are the benefits of LDAP over
> this?

All users can log in at all machines with the same user ID and password. 
If you enable shared home directories over (eg) auto-mounted NFS, they 
get the same homedirs too. This can have some issues with differing app 
version not liking each other's .folders (mozilla, for example), though.

Centralized management. You can replicate to one or more slave servers 
so losing the master server won't prevent users from logging in.

If you don't have multiple machines and don't expect to need them 
anytime soon, don't bother. At least using openldap/slapd its quite 
fiddly to get started, though it works well once its up and running.

Craig

From craig@postnewspapers.com.au Mon Mar 31 01:15:35 2003
Received: from mulgara.westnet.com.au (mulgara.westnet.com.au [203.10.1.6])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2UHFPto000418
	for ; Mon, 31 Mar 2003 01:15:35 +0800
Received: from firewall (unknown [172.22.132.92])
	by mulgara.westnet.com.au (Postfix) with ESMTP id AE732311EF
	for ; Mon, 31 Mar 2003 01:15:26 +0800 (WST)
Received: from [192.168.0.4] (helo=postnewspapers.com.au)
	by firewall with esmtp (Exim 3.35 #1 (Debian))
	id 18zgP3-0003QG-00
	for ; Mon, 31 Mar 2003 01:15:29 +0800
Message-ID: <3E8725F6.3080600@postnewspapers.com.au>
From: Craig Ringer 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Lias 
Subject: Re: [Lias] School Intranet Server - Functionality & Requirements
References:  <1048809751.14265.12.camel@ches.lovethisuni.org>
In-Reply-To: <1048809751.14265.12.camel@ches.lovethisuni.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 31 01:16:01 2003
X-Original-Date: Mon, 31 Mar 2003 01:14:30 +0800

>> However, I believe the Webmin mail interface is a
>>little too complex for primary school kids, and am looking for suggestions
>>for a simple web mail interface.

squirrelmail comes to mind, but I've never really used it much.

> Please, please, please disable HTML email by default though, and tell the 
> children about how evil it is before they get the 'outlook express ivy-leaf 
> border' disease.

*lol* Just wait for the "tablet PC" with MS Windows to become more 
widespread. Looking forward to "handwriting email" on mailing lists? 
After all, why go through the handwriting recognition when you can post 
a nice image... everybody can read your writing, obviously. *sigh*. 
Handwriting email was a /bad/ idea.

Craig

From pgear@redlands.qld.edu.au Mon Mar 31 07:32:39 2003
Received: from sg-redlands.clients.multiemedia.com ([202.5.161.80])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2UNWPto007617
	for ; Mon, 31 Mar 2003 07:32:38 +0800
Received: from MAIL.REDLANDS.QLD.EDU.AU (unknown [202.5.161.83])
	by sg-redlands.clients.multiemedia.com (Postfix) with ESMTP id 220439B
	for ; Mon, 31 Mar 2003 09:32:17 +1000 (EST)
Received: from BORDER/SpoolDir by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48);
    31 Mar 03 09:34:43 +1000
Received: from SpoolDir by BORDER (Mercury 1.48); 31 Mar 03 09:34:13 +1000
Received: from redlands.qld.edu.au (10.0.0.63) by MAIL.REDLANDS.QLD.EDU.AU (Mercury 1.48) with ESMTP;
    31 Mar 03 09:34:10 +1000
Message-ID: <3E877F8C.4000105@redlands.qld.edu.au>
From: Paul Gear 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
X-Accept-Language: en, en-us
MIME-Version: 1.0
To: lias@lists.linux.org.au
Subject: Re: [Lias] linux kernel security patches
References: <3E83BC74.3060307@cisra.canon.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 31 07:33:02 2003
X-Original-Date: Mon, 31 Mar 2003 09:36:44 +1000

Andrew Dorrell wrote:

> In case you have some hackers at your school:

BTW, that's "crackers", not "hackers".  Hackers build things, crackers 
break things.  :-)

http://catb.org/esr/jargon/html/entry/hacker.html

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From ches@perlboy.org Mon Mar 31 09:10:59 2003
Received: from mailhub2.uq.edu.au (mailhub2.uq.edu.au [130.102.5.59])
	by digital.linux.org.au (8.12.8/8.12.8/Debian-2) with ESMTP id h2V1AHto018051
	for ; Mon, 31 Mar 2003 09:10:58 +0800
Received: from ches.lovethisuni.org (emc-203-100-22-23.resnet.uq.edu.au [203.100.22.23])
	by mailhub2.uq.edu.au (8.12.8p1/8.12.8) with ESMTP id h2V1AEmC007785;
	Mon, 31 Mar 2003 11:10:14 +1000 (EST)
Subject: Re: [Lias] linux kernel security patches
From: Robert McLeay 
To: Paul Gear 
Cc: lias@lists.linux.org.au
In-Reply-To: <3E877F8C.4000105@redlands.qld.edu.au>
References: <3E83BC74.3060307@cisra.canon.com.au>
	 <3E877F8C.4000105@redlands.qld.edu.au>
Content-Type: text/plain
Organization: 
Message-Id: <1049073009.1519.64.camel@ches.lovethisuni.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.21
Sender: lias-admin@lists.linux.org.au
Errors-To: lias-admin@lists.linux.org.au
X-BeenThere: lias@lists.linux.org.au
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: ,

List-Id: Linux in Australian Schools 
List-Post: 
List-Help: 
List-Subscribe: ,

List-Archive: 
Date: Mon Mar 31 09:11:02 2003
X-Original-Date: 31 Mar 2003 11:10:09 +1000

The kernel would be the bit that I'd be least worried about, personally.

If you've got any student at your school who's able to exploit kernel
level holes like that, you probably want them to have root, as you'll
get a really secure box. Hacker pride (as most crackers - not s'kiddiots
- are also hackers) :)

Robert.

On Mon, 2003-03-31 at 09:36, Paul Gear wrote:
> Andrew Dorrell wrote:
> 
> > In case you have some hackers at your school:
> 
> 
> BTW, that's "crackers", not "hackers".  Hackers build things, crackers 
> break things.  :-)
> 
> http://catb.org/esr/jargon/html/entry/hacker.html
> 
> -- 
> Paul Gear
> Manager IT Operations
> Redlands College
> 38 Anson Road, Wellington Point 4160
> 07 3286 0271
> (Please send attachments in portable formats such as PDF or HTML.)
> 
> 
> 
> _______________________________________________
> lias mailing list
> lias@lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From tom at stvincents.nsw.edu.au  Mon Mar  3 07:53:01 2003
From: tom at stvincents.nsw.edu.au (Tom Doyle)
Date: Mon Mar  3 07:53:01 2003
Subject: [Lias] Apache Directory Directives - Sub-dir override
Message-ID: <006801c2e116$38b76b70$0a050080@2003GHOST>

Hi all,

Another week another challenge...

I have setup password protection on our apache server, using mod_auth_pam. It works!

I have set it at the root "/" level which applies to all sub-directories.
I am trying to overwrite this so that a particular directory is not prompted for a password. It still asks for a password however after making the following changes to httpd.conf:

    Options FollowSymLinks
    AllowOverride AuthConfig
        AuthType Basic
        AuthName "St Vincent's College Intranet"
        require valid-user

    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all

Can anyone see a problem with this. Your expertise is appreciated...

Cheers,
Tom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030303/974ea35a/attachment.htm 

From tom at stvincents.nsw.edu.au  Tue Mar  4 11:20:02 2003
From: tom at stvincents.nsw.edu.au (Tom Doyle)
Date: Tue Mar  4 11:20:02 2003
Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override
References: 
Message-ID: <017201c2e1fc$4c088470$0a050080@2003GHOST>

I solved it!

I need to add:

Satisfy All to the end of my  directive for sport.

Cheers,
Tom.
    Hi all,

    Another week another challenge...

    I have setup password protection on our apache server, using mod_auth_pam. It works!

    I have set it at the root "/" level which applies to all sub-directories.
    I am trying to overwrite this so that a particular directory is not prompted for a password. It still asks for a password however after making the following changes to httpd.conf:

        Options FollowSymLinks
        AllowOverride AuthConfig
            AuthType Basic
            AuthName "St Vincent's College Intranet"
            require valid-user

        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Allow from all

    Can anyone see a problem with this. Your expertise is appreciated...

    Cheers,
    Tom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030304/c627aafd/attachment.htm 

From lesbell at lesbell.com.au  Tue Mar  4 11:58:01 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Tue Mar  4 11:58:01 2003
Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override
Message-ID: 

Glad to see you solved it, Tom. I'm working on an intranet server design
for my daughter's school, and will probably need mod_auth_pam, so I've
saved your notes for future reference. Thanks for posting the solution!

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From tom at stvincents.nsw.edu.au  Tue Mar  4 12:27:02 2003
From: tom at stvincents.nsw.edu.au (Tom Doyle)
Date: Tue Mar  4 12:27:02 2003
Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override
References: 
Message-ID: <01c701c2e205$c9ad5910$0a050080@2003GHOST>

I don't know much (anything) about LDAP... Can this work with NT domain and
Unix?

T.

----- Original Message -----
From: "Gary Reynolds" 
To: "Les Bell" 
Cc: "Tom Doyle" ; 
Sent: Tuesday, March 04, 2003 3:18 PM
Subject: Re: [Lias] FYI: Apache Directory Directives - Sub-dir override

> I would suggest setting up an ldap server, and authenticating users
> against it (via PAM for shell access, or auth_ldap for Apache). It is so
> much more flexible than having system users as your authentication
> mechanism.
>
> My 2c.
>
> G.
>
> On Tue, 4 Mar 2003, Les Bell wrote:
>
> >
> > Glad to see you solved it, Tom. I'm working on an intranet server design
> > for my daughter's school, and will probably need mod_auth_pam, so I've
> > saved your notes for future reference. Thanks for posting the solution!
> >
> > Best,
> >
> > --- Les Bell, CISSP
> > [http://www.lesbell.com.au]
> >
> >
> > _______________________________________________
> > lias mailing list
> > lias at lists.linux.org.au
> > http://lists.linux.org.au/listinfo/lias
> >
>

From lesbell at lesbell.com.au  Tue Mar  4 12:39:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Tue Mar  4 12:39:02 2003
Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override
Message-ID: 

Gary Reynolds  wrote:

>>
I would suggest setting up an ldap server, and authenticating users
against it (via PAM for shell access, or auth_ldap for Apache). It is so
much more flexible than having system users as your authentication
mechanism.
<<

You make a compelling argument, Gary. That would certainly be easier to do
with RH 7.3, which is what I'm planning to use as the basis for this setup,
and which doesn't include mod_auth_pam by default. Another consideration
would be the need to integrate with the school's existing NT server setup -
I haven't even *looked* at that yet (and I'm not sure I want to).

The goal is to give each kid a home directory (which includes a
"public_html" directory, actually renamed to "website") so that we can
avoid problems with shared access, kids over-writing each others' work,
etc. I think the easiest way to do this will be to configure the Linux box
as a domain controller, and just ignore the NT box altogether. Or use NT as
the domain controller, create accounts on both and make the Linux box a
member of the domain. Urk . . suddenly, my brain hurts - the last time I
read the NT WRK networking documentation, I concluded that it was written
by a clueless moron, and I doubt things have improved much. . .

>>
My 2c.
<<

Money well spent. Thanks,

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell at cisra.canon.com.au  Tue Mar  4 13:22:03 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Tue Mar  4 13:22:03 2003
Subject: [Lias] anyone running sendmail?
Message-ID: <3E6437C1.4080900@cisra.canon.com.au>

FYI this security alert came my way today... pretty serious one... see also

http://www.redhat.com/support/alerts/sendmail_vulnerability.html

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: alert
Url: http://lists.linux.org.au/pipermail/lias/attachments/20030304/6ee01ea2/attachment.txt 

From sbryan at olmc.nsw.edu.au  Tue Mar  4 15:30:02 2003
From: sbryan at olmc.nsw.edu.au (Simon Bryan)
Date: Tue Mar  4 15:30:02 2003
Subject: [Lias] FYI: Apache Directory Directives - Sub-dir override
In-Reply-To: 
Message-ID: 

> The goal is to give each kid a home directory (which includes a
> "public_html" directory, actually renamed to "website") so that we can
> avoid problems with shared access, kids over-writing each others' work,
> etc. I think the easiest way to do this will be to configure the Linux box
> as a domain controller, and just ignore the NT box altogether. Or
> use NT as
> the domain controller, create accounts on both and make the Linux box a
> member of the domain. Urk . . suddenly, my brain hurts - the last time I
> read the NT WRK networking documentation, I concluded that it was written
> by a clueless moron, and I doubt things have improved much. . .

This is very achievable and must be simple cause I have done it - with lots
of input from lists like this.
Basically I have the users and passwords on NT, users only on the Linux
server with their home direcotries.
Running SAMBA to share the home directories back to the Windows system using
the 'homes' share, map a drive on login to the home directory on the SAMBA
server using the %U variable

From parkeshs at ozemail.com.au  Mon Mar 10 13:06:02 2003
From: parkeshs at ozemail.com.au (Parkes High School)
Date: Mon Mar 10 13:06:02 2003
Subject: [Lias] unsettling messages
Message-ID: <001001c2e6c2$1ab998d0$4ad90c0a@librarian>

Mandrake 7.2 box acting as proxy server running squid

Messages are:

Dameon.crt mon1228: failure for servers smtp 1047258476 local host

Dameon.crt mon1228: failure for servers smtp 1047259077 local host

  Repeated with other numbers at the end

Then calling alert qpage.alert for servers/smtp
(usr/lib/mon/alert.d/qpage.alert,mis-pages at domain.com) localhost.

I have a feeling this is not good.

Can anyone interpret just how bad this might be?

Peter

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030310/84ba31af/attachment.htm 

From parkeshs at ozemail.com.au  Tue Mar 11 09:05:02 2003
From: parkeshs at ozemail.com.au (Parkes High School)
Date: Tue Mar 11 09:05:02 2003
Subject: [Lias] RH 7.1 control panel
Message-ID: <000b01c2e74c$50d2acb0$4ad90c0a@librarian>

Where can I find the part of control panel where I set the services to
start at boot.  Running RH 7.1

Peter Hughes

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030311/cdea51f6/attachment.htm 

From lesbell at lesbell.com.au  Tue Mar 11 09:25:34 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Tue Mar 11 09:25:34 2003
Subject: [Lias] RH 7.1 control panel
Message-ID: 

Try ntsysv, ksysv, tksysv or finally, the chkconfig command.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell at cisra.canon.com.au  Tue Mar 11 09:43:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Tue Mar 11 09:43:02 2003
Subject: [Lias] RH 7.1 control panel
In-Reply-To: 
References: 
Message-ID: <3E6D3F06.20205@cisra.canon.com.au>

Les Bell wrote:
> Try ntsysv, ksysv, tksysv or finally, the chkconfig command.

Or look for a SysV-Init editor in the menu

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From ches at perlboy.org  Tue Mar 11 09:51:01 2003
From: ches at perlboy.org (Robert McLeay)
Date: Tue Mar 11 09:51:01 2003
Subject: [Lias] RH 7.1 control panel
In-Reply-To: 
References: 
Message-ID: <1047346947.1454.4.camel@ches.lovethisuni.org>

ntsysv should work.

Alternatively, to switch off a service, you could 

/etc/rc[runlevel].d/[xx is an integer]servicename stop
rm /etc/rc[runlevel].d/[xx is an integer]servicename

I'd probably recommend that you stick on webmin (google for it), as it's
really very good - make sure to enable SSL though.

Then you'll be able to admin all sorts of things at
https://server:10000/

Robert.

On Tue, 2003-03-11 at 11:16, Les Bell wrote:
> Try ntsysv, ksysv, tksysv or finally, the chkconfig command.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell at lesbell.com.au  Tue Mar 11 10:08:01 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Tue Mar 11 10:08:01 2003
Subject: [Lias] RH 7.1 control panel
Message-ID: 

Robert McLeay  wrote:

>>
I'd probably recommend that you stick on webmin (google for it), as it's
really very good - make sure to enable SSL though.
<<

Sorry, you're a bit late in selling me a copy of Webmin - see
http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/97e8323a9cb248beca256caf0019668c?OpenDocument

I'll second that opinion, though. ;)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ches at perlboy.org  Tue Mar 11 11:06:01 2003
From: ches at perlboy.org (Robert McLeay)
Date: Tue Mar 11 11:06:01 2003
Subject: [Lias] RH 7.1 control panel
In-Reply-To: 
References: 
Message-ID: <1047351410.1454.15.camel@ches.lovethisuni.org>

Selling you a copy?

Ain't it free as in beer *and* speech? ;)

Unlike that webserver running Lotus-Domino... now where is it again? :-p

38.7 day average uptime too :)

What does that make my server? (Hardware supplied by www.citg.uq.edu.au
- they didn't give us enough RAM) - 109 days all through the testing
phase and running a low hit mod_perl/mysql site, and then 15 minutes
after it went from a static "coming-soon" style page to live
mod_perl/mysql it died.

Guess it got a bit too much traffic :-/ Thankfully we've got the RAM
now.

Seriously, though, I wonder how accurate those TCP sequence numbers
relate to uptime. I know that NMap always gives out the incorrect uptime
when scanning the computer I'm sitting at.

Regards,

Robert.

On Tue, 2003-03-11 at 12:07, Les Bell wrote:
> Robert McLeay  wrote:
> 
> >>
> I'd probably recommend that you stick on webmin (google for it), as it's
> really very good - make sure to enable SSL though.
> <<
> 
> Sorry, you're a bit late in selling me a copy of Webmin - see
> http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/97e8323a9cb248beca256caf0019668c?OpenDocument
> 
> I'll second that opinion, though. ;)
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell at lesbell.com.au  Tue Mar 11 11:31:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Tue Mar 11 11:31:02 2003
Subject: [Lias] RH 7.1 control panel
Message-ID: 

Robert McLeay  wrote:

>>
Selling you a copy?

Ain't it free as in beer *and* speech? ;)
<<

Sure is, but a little sales spiel doesn't hurt free software!

>>
Seriously, though, I wonder how accurate those TCP sequence numbers
relate to uptime. I know that NMap always gives out the incorrect uptime
when scanning the computer I'm sitting at.
<<

Dunno. I think that in theory, TCP initial sequence numbers are supposed to
be pseudo-random. Real-world is a different matter, though.

>>
38.7 day average uptime too :)
<<

Don't read too much into it; I've applied various kernel patches for
security, and at least once, recently, when the Domino server threads
froze, the quickest way to fix it was just to bounce the server. So 38.7
days is probably about right, and ain't too bad considering the workload on
the box.

I used to be quite manic about uptimes - the Domino server got up to 160
days or so at one point, and I was *so* chuffed about that - but I got
caught out badly when a glibc patch I installed wasn't picked up until I
bounced the server, something like six weeks later, and Domino linked with
the new glibc for the first time and promptly fell over. I wasted so much
time backing out other patches that now I'm a lot better organised in my
"configuration management" and will not wince at rebooting the server just
so I can be *sure* that all the patches are still flying in formation.
Better to sleep soundly than suffer uptime hubris. ;)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lias at draxsen.com  Wed Mar 12 10:03:42 2003
From: lias at draxsen.com (Phil Scarratt)
Date: Wed Mar 12 10:03:42 2003
Subject: [Lias] Anti-virus
Message-ID: <3E6E951F.5080201@draxsen.com>

Hi all

I need to install some sort of AV software on the network with Linux
servers (RH7.3) & Windoze workstations.

Will an AV solution on the Linux servers do or will the Windoze
workstations need clients on them as well (eg Norton AV) as is my
understanding?

What are people doing in similar situations?

Thanks in advance.

Fil
-- 
Phil Scarratt
Draxsen Technologies

From lias at draxsen.com  Wed Mar 12 14:34:21 2003
From: lias at draxsen.com (Phil Scarratt)
Date: Wed Mar 12 14:34:21 2003
Subject: [Lias] Anti-virus
Message-ID: <3E6ED424.9020204@draxsen.com>

Thanks to all who replied. It is much appreciated.

Fil

-------- Original Message --------
Subject: Anti-virus
Date: Wed, 12 Mar 2003 13:01:45 +1100
From: Phil Scarratt 
Organization: Draxsen Technologies
To: LIAS 

Hi all

I need to install some sort of AV software on the network with Linux
servers (RH7.3) & Windoze workstations.

Will an AV solution on the Linux servers do or will the Windoze
workstations need clients on them as well (eg Norton AV) as is my
understanding?

What are people doing in similar situations?

Thanks in advance.

Fil
-- 
Phil Scarratt
Draxsen Technologies

From parkeshs at ozemail.com.au  Mon Mar 17 05:30:02 2003
From: parkeshs at ozemail.com.au (Parkes High School)
Date: Mon Mar 17 05:30:02 2003
Subject: [Lias] libcrypto
Message-ID: <000301c2ec02$99423d20$4ad90c0a@librarian>

I'm setting up a machine as a mail server - RH 7.1

Have uninstalled  (rpm -e) sendmail and installed postfix.

When checking dependencies it tells me postfix needs libcrypto.so.0 and
libssl.so.0

Downloaded openssl-0 9.6-2.i386.rpm and installed it. Then got some
endless loop involving other packages requiring libcrypto.so.1

Is it possible to have 2 versions of openssl on the same machine?

Peter 

Parkes High

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030317/c1e9c5fa/attachment.htm 

From ken_yap at users.sourceforge.net  Mon Mar 17 06:43:02 2003
From: ken_yap at users.sourceforge.net (ken_yap at users.sourceforge.net)
Date: Mon Mar 17 06:43:02 2003
Subject: [Lias] libcrypto 
In-Reply-To: Your message of Mon, 17 Mar 2003 08:25:42 +1100.
             <000301c2ec02$99423d20$4ad90c0a@librarian> 
Message-ID: <20030316224225.09C5B406B@ken.ken.com.au>

>I'm setting up a machine as a mail server - RH 7.1
>
>Have uninstalled  (rpm -e) sendmail and installed postfix.
>
>When checking dependencies it tells me postfix needs libcrypto.so.0 and
>libssl.so.0
>
>Downloaded openssl-0 9.6-2.i386.rpm and installed it. Then got some
>endless loop involving other packages requiring libcrypto.so.1
>
>Is it possible to have 2 versions of openssl on the same machine?

This often happens with old distros where one package (in this case
postfix) gets out of sync with others due to upgrades.

In situations like these, I take the .src.rpm and build a binary rpm
from that, then it uses whatever shared libraries are actually
installed.

You say you're setting up. If you started off with a bare machine, then
why not install the most recent distro? 7.1 will probably be taken off
support within a year, though I expect they will release patches for the
most urgent holes after that.

From ken_yap at users.sourceforge.net  Wed Mar 19 12:20:01 2003
From: ken_yap at users.sourceforge.net (ken_yap at users.sourceforge.net)
Date: Wed Mar 19 12:20:01 2003
Subject: [Lias] NT ed dept signgs up for OpenOffice
Message-ID: <20030319041939.08A6D4E87@ken.ken.com.au>

http://australianit.news.com.au/articles/0,7204,6116633%5E15306%5E%5Enbv%5E,00.html

From tgunter at lisp.com.au  Wed Mar 26 13:08:23 2003
From: tgunter at lisp.com.au (Trevor Gunter)
Date: Wed Mar 26 13:08:23 2003
Subject: [Lias] Problem with proxy
Message-ID: <001201c2f357$18ea2e60$e4ab16ca@lisp.com.au>

Hi all

Have just got some problems with the schools proxy RH7, squid etc

Machine appeared to freeze about 30 mins ago. Basically a who lot of gobbydegook on the screen that made little sense to me. Immediate thought. This doesn't look good.

Upon restarting get the following message

/var contains a file system with errors, check forced.
/var:
Inode 30383 has illegal block(s)

/var: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
            (i.e., without -a or -p options)

***An error occurred during the file system check.
***Dropping you to a shell; the system will reboot
***When you leave the shell.

Give root password for maintenanc
(or type Control-D for normal operations:

Thats it
I've read up in the manual about fsck but it doesn't make a lot of sense. Have run fsck with appropriate switches but I just get more info about errors in /var

Any ideas appreciated. I can rebuild the server in an hour or so but I'd like to learn how to solve problems. How fatal is this error?

Thanks

Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030326/c70695e0/attachment.htm 

From tom at stvincents.nsw.edu.au  Wed Mar 26 19:49:02 2003
From: tom at stvincents.nsw.edu.au (Tom Doyle)
Date: Wed Mar 26 19:49:02 2003
Subject: [Lias] Problem with proxy
In-Reply-To: <001201c2f357$18ea2e60$e4ab16ca@lisp.com.au>
Message-ID: 

Bad sectors or the like??  I would like to know what thats all about too!

T.
  -----Original Message-----
  From: lias-admin at lists.linux.org.au
[mailto:lias-admin at lists.linux.org.au]On Behalf Of Trevor Gunter
  Sent: Wednesday, 26 March 2003 4:18 PM
  To: LIAS
  Subject: [Lias] Problem with proxy

  Hi all

  Have just got some problems with the schools proxy RH7, squid etc

  Machine appeared to freeze about 30 mins ago. Basically a who lot of
gobbydegook on the screen that made little sense to me. Immediate thought.
This doesn't look good.

  Upon restarting get the following message

  /var contains a file system with errors, check forced.
  /var:
  Inode 30383 has illegal block(s)

  /var: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
              (i.e., without -a or -p options)

  ***An error occurred during the file system check.
  ***Dropping you to a shell; the system will reboot
  ***When you leave the shell.

  Give root password for maintenanc
  (or type Control-D for normal operations:

  Thats it
  I've read up in the manual about fsck but it doesn't make a lot of sense.
Have run fsck with appropriate switches but I just get more info about
errors in /var

  Any ideas appreciated. I can rebuild the server in an hour or so but I'd
like to learn how to solve problems. How fatal is this error?

  Thanks

  Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/lias/attachments/20030326/f28a3512/attachment.htm 

From tgunter at lisp.com.au  Wed Mar 26 20:10:01 2003
From: tgunter at lisp.com.au (Trevor Gunter)
Date: Wed Mar 26 20:10:01 2003
Subject: [Lias] Thanks for help re Proxy
Message-ID: <001a01c2f38f$1b03c520$57ab16ca@m8e6x9>

Thank you all who responded to my call.

running the command

e2fsck /dev/hda7

and saying "yes" to everything fixed the problem.

Could this problem be related to the squid cache growing too large or having
some other problem with squid?

Thanks again

Trevor

From vk4kij at deadrelos.com  Wed Mar 26 20:29:01 2003
From: vk4kij at deadrelos.com (Ian Johnson)
Date: Wed Mar 26 20:29:01 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: <001a01c2f38f$1b03c520$57ab16ca@m8e6x9>
Message-ID: 

I've found, some time ago so it may not be that relevent now, that you
can't trust the squid cache when it's not in a partition all by itself.

It seemed to me that squid didn't check the actual free space of the file
system, & believed what was in it's config file, ie. you gave it 1GB of
space to use, even though only 900MB are left on the file system.

I have a couple dozen squid proxies scattered around, all with a cache
partition & have had no problems.

On Wed, 26 Mar 2003, Trevor Gunter wrote:

> Thank you all who responded to my call.
>
> running the command
>
> e2fsck /dev/hda7
>
> and saying "yes" to everything fixed the problem.
>
> Could this problem be related to the squid cache growing too large or having
> some other problem with squid?
>
> Thanks again
>
> Trevor
>
>
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
>

-- 
Catch you later,  |InterNet - 
                 || AmprNet - 
      Ian.      |||    AX25 - 
             "Never apply a Star Trek solution to a Babylon 5 problem!"

From gary at touch.asn.au  Thu Mar 27 04:45:01 2003
From: gary at touch.asn.au (Gary Reynolds)
Date: Thu Mar 27 04:45:01 2003
Subject: [Lias] Thanks for help re Proxy
References: 
Message-ID: <3E82112D.6010001@touch.asn.au>

Since the operating system handles all disk IO, it's not like squid can 
just go trying to write off the end if the partition or anything like that.

Squid will make a filesystem call, and the OS will return an error code. 
 First year university students know how to check these codes, I doubt 
that a package like squid wouldn't pay attention to them.

More than likely the disk is faulty, plain and simple. I would be 
looking into adding a new drive, salvaging your data, and getting rid of 
the old one (depending on how critical your data on that disk is).

G.

Ian Johnson wrote:

>I've found, some time ago so it may not be that relevent now, that you
>can't trust the squid cache when it's not in a partition all by itself.
>
>It seemed to me that squid didn't check the actual free space of the file
>system, & believed what was in it's config file, ie. you gave it 1GB of
>space to use, even though only 900MB are left on the file system.
>
>I have a couple dozen squid proxies scattered around, all with a cache
>partition & have had no problems.
>  
>

From craig at postnewspapers.com.au  Thu Mar 27 09:54:02 2003
From: craig at postnewspapers.com.au (Craig Ringer)
Date: Thu Mar 27 09:54:02 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: <3E82112D.6010001@touch.asn.au>
References:  <3E82112D.6010001@touch.asn.au>
Message-ID: <3E825953.6060802@postnewspapers.com.au>

> Squid will make a filesystem call, and the OS will return an error code. 
> First year university students know how to check these codes, I doubt 
> that a package like squid wouldn't pay attention to them.

In my experience, squid dies silently when it runs out of disk space. As 
a result, the first warning you get is the users. Of course, I'm always 
running gkrellm etc and keeping an eye on free disk space using the snmp 
module for gkrellm, so I haven't had it happen in production use. Oh, 
execept once, where something went runaway and filled up /var with 
syslog messages.

Ideally, squid could email the admin saying "Arrggh, out of disk space 
in cach directory /var/cache/squid. Going to passthrough mode, will not 
add to cache until some space is freed."

> More than likely the disk is faulty, plain and simple. I would be 
> looking into adding a new drive, salvaging your data, and getting rid of 
> the old one (depending on how critical your data on that disk is).

Possible ... but he did mention a crash, probably a kernel panic by the 
sounds of things. Did it look a bit like this:

Unable to handle kernel NULL pointer dereference at virtual address 
00000002c
c026d0c9
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[]    Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010206
eax: 00000028   ebx: dfccc3a8   ecx: 01800204   edx: 00000001
esi: dfccc3a8   edi: dfc265a0   ebp: 00000000   esp: defe5da8
ds: 0018   es: 0018   ss: 0018
Process syslogd (pid: 281, stackpage=defe5000)
Stack: c15d957c dfc265a0 c15d9560 00000000 df381018 c01da1dc dfccc3c0 
dfc26620
        dfccc3e0 dfccc380 dfc0c1e0 00000000 c026d750 c15d9560 dfc265a0 
00000001
        c15d957c c15d9560 00000001 00000000 00000008 c038e600 00000000 
c026d9c2
Call Trace:    [] [] [] [] 
[]
   [] [] [] [] [] 
[]
   [] [] [] [] []
Code: 8b 2c 90 8b 44 24 28 c1 e9 08 83 e1 0f d3 ed 83 e5 01 c7 44

because if so, it was probably a kernel panic that took it down. The 
reason for the file system corruption in this case is usually that the 
fs was in the middle of writing data to the disk when the machine crashed.

Journalling filesystems like reiserfs and ext3 are designed to help 
prevent this problem. If you have a vaguely recent distro with a 2.4 
kernel, you should be able to convert your existing filesystems from 
ext2 to ext3 relatively easily.... after you back up, just to make sure. 
There's plenty of info on the 'net about how to do this.

Craig Ringer
IT Manager
POST Newspapers

From tgunter at lisp.com.au  Thu Mar 27 15:46:02 2003
From: tgunter at lisp.com.au (Trevor Gunter)
Date: Thu Mar 27 15:46:02 2003
Subject: [Lias] Thanks for help re Proxy
References:  <3E82112D.6010001@touch.asn.au> <3E825953.6060802@postnewspapers.com.au>
Message-ID: <003201c2f433$7d825c80$56ab16ca@m8e6x9>

Craig

What you have put below is very similar to what was on the screen when it
crashed at first.

Just a comment though. I don't know how many teachers are on the Lias list
but it seems to only get rarely used. Each time I have asked for help it has
been very forthcoming and appreciated. I know that the questions I ask (and
maybe others) are at time simplistic for all the Linux gurus out there but
those of us who need the help are most often teachers first and that's what
we are skilled at (hopefully). I spend half my time teaching, half my time
managing the Novell network and another half fixing everybodies minutae
problems. Learning more Linux stuff comes in the "find out when I need to"
basket.

I know that's a poor excuse and I appreciate all of you not treating those
teachers on this list who have varying levels of Linux skills (usually low)
as newbies. However, I find that a lot of what people recommend for me to
do, I will try and often bumble through, but what some have suggested I have
little idea of what it means or even how to do it. I know this comes in the
category of RTFM and I do try, but there are just so many hours in the day
and we are teachers first trying to integrate Linux into schools in varying
ways.

I'm out at Bathurst and Peter Hughes who also subscribes to this list is at
Forbes. We're not exactly flushed with Linux experts in schools out here.
We're probably it, but I feel like a dill at times. I know that I am not
keeping up with Linux trends, ideas etc. What can we do in this regard. We
are being very reactive to Linux in schools, I'd like to be more proactive.

Please be gentle with us poor teachers and thanks again for the help.

Trevor

> Unable to handle kernel NULL pointer dereference at virtual address
> 00000002c
> c026d0c9
> *pde = 00000000
> Oops: 0000
> CPU:    0
> EIP:    0010:[]    Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010206
> eax: 00000028   ebx: dfccc3a8   ecx: 01800204   edx: 00000001
> esi: dfccc3a8   edi: dfc265a0   ebp: 00000000   esp: defe5da8
> ds: 0018   es: 0018   ss: 0018
> Process syslogd (pid: 281, stackpage=defe5000)
> Stack: c15d957c dfc265a0 c15d9560 00000000 df381018 c01da1dc dfccc3c0
> dfc26620
>         dfccc3e0 dfccc380 dfc0c1e0 00000000 c026d750 c15d9560 dfc265a0
> 00000001
>         c15d957c c15d9560 00000001 00000000 00000008 c038e600 00000000
> c026d9c2
> Call Trace:    [] [] [] []
> []
>    [] [] [] [] []
> []
>    [] [] [] [] []
> Code: 8b 2c 90 8b 44 24 28 c1 e9 08 83 e1 0f d3 ed 83 e5 01 c7 44
>
>
> because if so, it was probably a kernel panic that took it down. The
> reason for the file system corruption in this case is usually that the
> fs was in the middle of writing data to the disk when the machine crashed.
>
> Journalling filesystems like reiserfs and ext3 are designed to help
> prevent this problem. If you have a vaguely recent distro with a 2.4
> kernel, you should be able to convert your existing filesystems from
> ext2 to ext3 relatively easily.... after you back up, just to make sure.
> There's plenty of info on the 'net about how to do this.
>
> Craig Ringer
> IT Manager
> POST Newspapers
>
>
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
>
>

From lesbell at lesbell.com.au  Thu Mar 27 16:29:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Thu Mar 27 16:29:02 2003
Subject: [Lias] Thanks for help re Proxy
Message-ID: 

"Trevor Gunter"  wrote:

>>
I know that's a poor excuse and I appreciate all of you not treating those
teachers on this list who have varying levels of Linux skills (usually low)
as newbies. However, I find that a lot of what people recommend for me to
do, I will try and often bumble through, but what some have suggested I
have
little idea of what it means or even how to do it. I know this comes in the
category of RTFM and I do try, but there are just so many hours in the day
and we are teachers first trying to integrate Linux into schools in varying
ways.
<<

It's the same for everyone, Trevor, even those of us who've been doing this
for years. I spent a couple of hours this afternoon screwing around trying
to fix a Samba/WinNT printer problem. I guess one answer is something that
we started years ago on the caldera-users list (back when Caldera were a
reasonable company with a nice distro): someone collated the replies on the
list and produced a "Step By Step" ("SxS") web site that gave detailed
instructions on how to set various things up.

Perhaps something similar would help here. I know that I face the same
problem from the other side - I set up a Squid proxy for my kids' school,
and sooner or later will have to hand over responsibility for it to someone
else. Before that happens, I suspect I'll have to train them, as well as
completely documenting the setup.

Now I've made another rod for my own back, by proposing that the school set
out to get some return on its $25,000 investment in LAN cabling by
installing an intranet server. I threw together a prototype, running under
VMWare on my laptop, brainstormed what it should do (mind map at
http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
the school on the idea, with implementation planned for next term.

This thing involves configuration of Apache, Samba, some CGI programs,
Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
document it in detail, in the SxS style, as otherwise the moment I try to
hand it over to someone else, it will start to fall apart. I'll write up
some articles and post them on my site initially, and if anyone finds them
useful, terrific. To be honest, I think whoever takes it over will need
support from a community around Lias, and if I can encourage others to
implement similar systems, that will be great.

With that in mind, I'll let this list know when I start posting articles. I
also expect to spend a day or two setting installing and configuring the
server, and if anyone in the Sydney area wants to lend a hand and see how
it all goes together, they're welcome to come around and take notes.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ches at perlboy.org  Thu Mar 27 19:44:02 2003
From: ches at perlboy.org (Robert McLeay)
Date: Thu Mar 27 19:44:02 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: 
References: 
Message-ID: <1048765359.4112.18.camel@ches.lovethisuni.org>

Hi all,

Sounds really good.

I don't know whether the time and investment in setting up an new system
would be worth it to be honest.

I'd suggest that for mail/web/mysql/dns that you grab a copy of
single-domain (freeware) PSA from www.plesk.com .

I admin shared hosting servers to keep the food/beer flowing, and Plesk
is a dream to install/run/admin/manage, compared to Ensim/CPanel
(please, please, please, don't use CPanel - urrgggh - fixing it all
arvo)

Sounds and looks like a really idea.

Robert.

On Thu, 2003-03-27 at 18:28, Les Bell wrote:
> "Trevor Gunter"  wrote:
> 
> >>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in varying
> ways.
> <<
> 
> It's the same for everyone, Trevor, even those of us who've been doing this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
> 
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
> 
> Now I've made another rod for my own back, by proposing that the school set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
> the school on the idea, with implementation planned for next term.
> 
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
> 
> With that in mind, I'll let this list know when I start posting articles. I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
-- 

From lesbell at lesbell.com.au  Fri Mar 28 05:58:01 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 05:58:01 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
Message-ID: 

Robert McLeay  wrote:

>>
Sounds really good.

I don't know whether the time and investment in setting up an new system
would be worth it to be honest.

I'd suggest that for mail/web/mysql/dns that you grab a copy of
single-domain (freeware) PSA from www.plesk.com .

I admin shared hosting servers to keep the food/beer flowing, and Plesk
is a dream to install/run/admin/manage, compared to Ensim/CPanel
(please, please, please, don't use CPanel - urrgggh - fixing it all
arvo)
<<

Hmm. I hadn't thought of Plesk, to be honest - always seen it as more
oriented to the hosting business market, and so I'd planned on using Webmin
(http://www.webmin.com). I suspect it would provide a better interface for
email management, especially, but I think, on balance, I'll stick with
Webmin for the time being, mainly on account of familiarity. Also, since
Webmin is open source Perl code, I stand a better chance of hacking in the
appropriate changes or even a module for this specific "application".

To be honest, it's a pretty simple setup. The major trick is going to be
setting up a schema to allow for the kids to be members of the appropriate
groups - e.g. their class, which will change each year, project groups,
etc. - together with some scripts to automate their management.

For my simple "sales demo" at our computer committee meeting, I created a
few demo accounts in advance. I'd already modified /etc/skel so that each
kids' home directory had the appropriate folders created, including one
called "website" which is actually the Apache "public_html" directory. Then
I demo'ed manually creating a new user within Webmin, which automatically
takes care of setting up the appropriate smbpasswd entry as well, and
showed a default kid's home page, then edited that from within Windows. In
real life, the accounts will need to be created using a batch import
technique (Webmin has one) and ideally, automatically managed from that
point onwards.

>>
Sounds and looks like a really idea.
<<

Please, please tell me there's a "good" in there somewhere! 

I'll post another email to this list detailing features I'm aiming for. The
intention is not to create a completely off-the-shelf turnkey package or
(heaven help us!) another distribution, but instead to write up some
articles on how to do these things. That's how I make my living, and who
knows?, if a magazine somewhere picks up an article or two out of it, my
kids will get to eat that month.  However, along the way, I'm happy to
put what I've done up on the web so people can benefit immediately, and
equally I'd be really pleased to accept suggestions, feature requests, and
pointers to better ways of doing things.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From sbryan at olmc.nsw.edu.au  Fri Mar 28 06:00:02 2003
From: sbryan at olmc.nsw.edu.au (Simon Bryan)
Date: Fri Mar 28 06:00:02 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: <003201c2f433$7d825c80$56ab16ca@m8e6x9>
Message-ID: 

> Just a comment though. I don't know how many teachers are on the Lias list
> but it seems to only get rarely used. Each time I have asked for
> help it has
> been very forthcoming and appreciated. I know that the questions
> I ask (and
> maybe others) are at time simplistic for all the Linux gurus out there but
> those of us who need the help are most often teachers first and
> that's what
> we are skilled at (hopefully). I spend half my time teaching, half my time
> managing the Novell network and another half fixing everybodies minutae
> problems. Learning more Linux stuff comes in the "find out when I need to"
> basket.

There are a lot of teachers I believe on this list as well as a few Linux
gurus, I am not one, but am luck enough to not have a teaching load anymore
so have more time than most to work through problems. The few gurus that are
here are also very responsive as you note.

>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills
> (usually low)
> as newbies.
That is what this list is for, if you want to see real 'geeky' linux stuff
have a look at the SLUG list :-)
Should note that they are alos very helpful

However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have
> suggested I have
> little idea of what it means or even how to do it. I know this
> comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools
> in varying
> ways.

I like Les suggestion of having a step by step process for teachers (not for
the experts).
I have started a similar system here and will look at how I can put it
on-line for everyone if people think that will help.

> I'm out at Bathurst and Peter Hughes who also subscribes to this
> list is at
> Forbes. We're not exactly flushed with Linux experts in schools out here.
> We're probably it, but I feel like a dill at times. I know that I am not
> keeping up with Linux trends, ideas etc. What can we do in this regard. We
> are being very reactive to Linux in schools, I'd like to be more
> proactive.
The advantage of Linux is that if it is a server on the internet then you
don't need a Linux expert nearby. I had two people workingon my systems
recently, one is in Ireland the other I think is in Sydney (but I am not
sure).

_________________________________________
Simon Bryan
IT Manager
OLMC Parramata
ICQ#: 137562751
_________________________________________

From lesbell at lesbell.com.au  Fri Mar 28 07:38:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 07:38:02 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
Message-ID: 

As I mentioned in an earlier email, I'm currently working on a school
intranet server design, and planning to write up how it's done, so that I
can pass documentation to those who follow. In the spirit of sharing, I've
documented the broad direction our project is heading in, and from this you
can see the documentation I'll be writing up ("How to Set Up Personal Home
Pages in Apache", "How to Set Up Users and Groups for a School", etc.).
Yes, I know there's excellent documentation for some of these techniques in
the HOWTO's and the Apache project site, etc. but the goal here is to write
up some articles that document approaches that are school- and
teacher-specific, and aren't meant for Linux gurus.

These are my thoughts, based on a brainstorming session I did a few weeks
ago. I realised that "our" school (actually, my daughter's - I'm on the
computer committee of the P and C) had spent close to $30,000 on cabling
throughout the school, but still was not effectively leveraging that
investment with services like email. In particular, all the machines in the
computer room were set to use Google as their home page, and I would
really, *really* like to see a home page which reflects pride in the
school, the kids' accomplishments, etc. and could even be used to broadcast
news.

Bear in mind this is a primary school, so it has initially been designed
with this in mind. The result of the "brainstorming" was a mind map which
is published at http://ffps.lesbell.com.au/pandc/schoolserver , which
should be viewed as a companion to this document.

                  ---------------------------------------

Requirements for a School Intranet Server

Web Server

I put this in as an early requirement, for the obvious reason that it
provides a school home page which can be used throughout the school.
Additionally, for young children, the web browser provides a nice, easy
interactive environment in which younger children can learn basic mouse and
keyboard skills.

Other obvious applications include class home pages, home pages for sports
teams, projects, etc. I've also set out to provide personal home page
capabilities through enabling the Apache "public_html" directory
capability, except that I've renamed it "website" for simplicity. By
sharing each user's home directory with Samba, we can be agnostic about web
development tools so kids can use Word, Powerpoint, etc. and I hope to
maintain compatibility with tools like EduWeb.

Our goal is for implementation of a home page during term 2, and the
children are currently taking part in a competitiion to generate artwork
for this.

One benefit of implementing a full web server, rather than loading pages
using "file:" URL's is the ability to run CGI programs on the server. I
initially demonstrated this using a painfully simple "Hangman" game, but
the teachers I presented to were quite excited at the notion of simple
games and educational programs. One that appeals to me is the maintenance
of an event calendar, as the maintenance of a static HTML page - even using
Javascript and CSS - is quite painful.

Email

The primary users here, initially, would be staff. However, I feel that
email usage is an essential skill to teach our children, including
effective/efficient usage habits, as well as the difference between spoken
and written communication and how inappropriate use can lead to flame wars.

Initial implementation is to be within the school only, with no gateway to
the outside world, in order to minimize security/privacy concerns. However,
I expect staff will want to send email globally and this will quickly cause
confusion, so implementation of a connection to the Internet via a DET
(NSW) gateway will probably be a high priority.

I have demonstrated content filtering, with a simple procmail recipe to
block an email with offensive language in it. However, I'm a procmail
novice and am looking for better recipes to (ideally) redirect
inappropriate material to the appropriate teacher for action.

Since users do not have a dedicated computer, it is not possible to
configure a conventional email client with the appropriate user ID,
password etc. for POP/IMAP access (except teachers, perhaps). I am
therefore planning on using a web interface for email. My initial
demonstration was based on Usermin, a companion "product" to the Webmin web
administration tool (http://www.webmin.com) which allows users to change
their own passwords, etc. However, I believe the Webmin mail interface is a
little too complex for primary school kids, and am looking for suggestions
for a simple web mail interface.

File Server

Most of the applications the children use are the usual Microsoft Office
desktop apps, along with games, educational software, etc. It is therefore
easy for them to save their work to a shared drive. Currently, the school
does not have any user accounts for the children (nor for the teachers, I
suspect) and so all directories are shared, leading to occasional (but
increasingly frequent, I suspect) dramas when one student overwrites or
deletes another's work.

I have therefore designed a scheme in which each student has a home
directory, provided by a Samba server. For the younger children, the
accounts have no passwords - I have horrible visions of most of each
computer lesson being devoted to password resetting - but I feel that for
the older children, the notion of using a password to achieve privacy is an
important lesson which should be learned at a young age (say 8 or 9).

The computer teacher at our school has been trying to introduce the notion
of using folders to keep work organized, and I am supporting that by
providing a standard set of folders for every account, created from
/etc/skel (Art, Poems, PP, Stories, etc. but this is obviously easily
customizable).

It should be possible to allow shared access to class folders and web sites
through membership in Linux groups. However, I suspect that a special tool
or script will be necessary to deal with moving students (and their files)
between groups at the beginning of each school year.

Administration

Administration really needs to be through a web-based interface, for
simplicity. My prototype uses Webmin (http://www.webmin.com) and
capitalizes on a couple of Webmin-specific features (e.g. automatic
synchronization of Samba passwords and integration with Usermin) but I'm
open to other suggestions. One benefit of Webmin is that it is open source
(written in Australia) and there is a well-documented API for the coding of
additional modules which could be used to support functionality like
associating students with classes, projects, etc.

One problem is that the school is well within the NSW DET firewall, so that
parents (who provide the tech support expertise) cannot access it via the
Internet. With this in mind, I am proposing to use Red Hat as the platform
for our implementation and register the machine with Red Hat Network so
that upgrades can be applied remotely (I've done this with our squid proxy
and it works well). However, I should be able to devise a scheme for
dial-in access with strong authentication which will allow external access
by authorised administrators and hopefully won't set off alarm bells at DET
(I'm a security professional and yes, I *know* modems inside the firewall
are generally a bad idea, but . . .).

                  ---------------------------------------

Enough said! If anyone can use any of this stuff as is, please let me know
and I'll prioritise writing it up and putitng it on the web. More to the
point, if anyone has any ideas or suggestions, based on their experience,
or can point me to tools for email content filtering, web mail, etc.
appropriate to schools, I'd love to hear from them. Also, remember, I'm a
technical type, not a teacher (except of adults) so comments from teachers
along the lines of "that sounds good in theory, but in the real world, it
won't work" are also welcome. While focused on the immediate project at
"our" school, I'd feel better if whatever I do is of general use and
benefits the wider community.

There's a whole bunch of ancillary issues to be dealt with, too. For
example, I've run a basic HTML editing class at our school, and would
happily run a basic class on Linux administration for teachers and parents.
As I say, I have to do *something* to ensure that the torch gets passed
when my daughter goes to secondary school and we move on as a family.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]

From ches at perlboy.org  Fri Mar 28 08:03:02 2003
From: ches at perlboy.org (Robert McLeay)
Date: Fri Mar 28 08:03:02 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
In-Reply-To: 
References: 
Message-ID: <1048809751.14265.12.camel@ches.lovethisuni.org>

>  However, I believe the Webmin mail interface is a
> little too complex for primary school kids, and am looking for suggestions
> for a simple web mail interface.

Pine? ;) No, seriously, at uni, Pine prompts for and authenticates on your 
username/pass using IMAP (so it doesn't matter which unix box you're logged into.
If possible, why not setup a normal mail client (eg outlook, eudora etc) to do 
this?

Please, please, please disable HTML email by default though, and tell the 
children about how evil it is before they get the 'outlook express ivy-leaf 
border' disease.

Robert.

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 09:15:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 09:15:02 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
In-Reply-To: 
References: 
Message-ID: <3E83A1E5.5010305@cisra.canon.com.au>

Managing users and passwords is a real point of diversity that I think 
we could really do some good for:

(BTW the following is a list of points for discussion not direct advice 
to anyone)

1. I setup my last server to use smb for all authentication (thanks to 
PAM). I did this because it was the quickest way to unify things but I 
susspect that a system base on LDAP would have been a better one?  This 
seemed much harder but may have given much better mac integration.

2. I have also made a modified /etc/skel.  In the shareing of home 
directories via smb and netatalk I make it a rule _not_ to share the 
home folder but one or more subdirectories of it - in particular 
"Documents" and "public_html"

3. On PCs I can then have a startup script to map the users 
$(HOME)/documents to h: and leave a shortcut to "My network folder" -> 
h: in the global desktop configuration.

4. On the last server I did I setup scripts to setup new teacher and 
sudent accounts - creating the required directories etc to implement a 
heirachy of access:

teacher has access to their own private space
                       plus student home directories
                       plus teacher share
                       plus student share

students have access to private file space plus student share

admin (office staff account) has access to private space plus admin share

teachers can be added to an admin group which gives them access to the 
admin share

There was quite a bit of work involved in setting this up (and working 
it out!) and I would like to find a way to share the results - perhaps 
they can be developed further?  One of the problems however is that I 
only get access to the installed system on occation as it is firewalled 
(of course) by DET... so a wiki might be a great help here.

Les Bell wrote:
> Robert McLeay  wrote:
> 
> 
> Sounds really good.
> 
> I don't know whether the time and investment in setting up an new system
> would be worth it to be honest.
> 
> I'd suggest that for mail/web/mysql/dns that you grab a copy of
> single-domain (freeware) PSA from www.plesk.com .
> 
> I admin shared hosting servers to keep the food/beer flowing, and Plesk
> is a dream to install/run/admin/manage, compared to Ensim/CPanel
> (please, please, please, don't use CPanel - urrgggh - fixing it all
> arvo)
> <<
> 
> Hmm. I hadn't thought of Plesk, to be honest - always seen it as more
> oriented to the hosting business market, and so I'd planned on using Webmin
> (http://www.webmin.com). I suspect it would provide a better interface for
> email management, especially, but I think, on balance, I'll stick with
> Webmin for the time being, mainly on account of familiarity. Also, since
> Webmin is open source Perl code, I stand a better chance of hacking in the
> appropriate changes or even a module for this specific "application".
> 
> To be honest, it's a pretty simple setup. The major trick is going to be
> setting up a schema to allow for the kids to be members of the appropriate
> groups - e.g. their class, which will change each year, project groups,
> etc. - together with some scripts to automate their management.
> 
> For my simple "sales demo" at our computer committee meeting, I created a
> few demo accounts in advance. I'd already modified /etc/skel so that each
> kids' home directory had the appropriate folders created, including one
> called "website" which is actually the Apache "public_html" directory. Then
> I demo'ed manually creating a new user within Webmin, which automatically
> takes care of setting up the appropriate smbpasswd entry as well, and
> showed a default kid's home page, then edited that from within Windows. In
> real life, the accounts will need to be created using a batch import
> technique (Webmin has one) and ideally, automatically managed from that
> point onwards.
> 
> 
> Sounds and looks like a really idea.
> <<
> 
> Please, please tell me there's a "good" in there somewhere! 
> 
> I'll post another email to this list detailing features I'm aiming for. The
> intention is not to create a completely off-the-shelf turnkey package or
> (heaven help us!) another distribution, but instead to write up some
> articles on how to do these things. That's how I make my living, and who
> knows?, if a magazine somewhere picks up an article or two out of it, my
> kids will get to eat that month.  However, along the way, I'm happy to
> put what I've done up on the web so people can benefit immediately, and
> equally I'd be really pleased to accept suggestions, feature requests, and
> pointers to better ways of doing things.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 09:27:01 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 09:27:01 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
In-Reply-To: 
References: 
Message-ID: <3E83A4B6.1030506@cisra.canon.com.au>

Interesting comments on email.  My experience: don't touch it.

DET provides their own webmail interface for staff and is looking at 
expanding it.  I don't like their system much but they maintain it. 
Anything you add will only cause confusion (sorry - I've just been there 
...several times)  You will also run into duty of care concerns with 
email as it is difficult (impossible) for teachers to monitor what the 
kids are doing with it.

Setting up an intra-net homepage is practical and a very good idea IMO - 
  put a form on it for a google safe search.... One thing I also setup 
in the past was a page that teachers could add bookmarks to (via a 
frm/cgi interface)... I'm moving away from this however towards things 
like wiki (for better or worse)

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From pgear at redlands.qld.edu.au  Fri Mar 28 09:28:01 2003
From: pgear at redlands.qld.edu.au (Paul Gear)
Date: Fri Mar 28 09:28:01 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
References:  <1048809751.14265.12.camel@ches.lovethisuni.org>
Message-ID: <3E83A5DE.5030705@redlands.qld.edu.au>

Robert McLeay wrote:

>...
>Please, please, please disable HTML email by default though, and tell the 
>children about how evil it is before they get the 'outlook express ivy-leaf 
>border' disease.
>

Amen, brother!  Preach on!

:-)

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From lesbell at lesbell.com.au  Fri Mar 28 09:33:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 09:33:02 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
Message-ID: 

Andrew Dorrell  wrote a lot of good
points in that last post, so I'm going to make several replies dealing with
authentication, SMB shares and access control as separate threads:

>>
1. I setup my last server to use smb for all authentication (thanks to
PAM). I did this because it was the quickest way to unify things but I
susspect that a system base on LDAP would have been a better one?  This
seemed much harder but may have given much better mac integration.
<<

I think authentication is going to be a thorny issue. Our school has an NT
domain, but I'm not sure to what extent it's making use of user accounts
for authentication (the kids just log on with generic "workstation1",
"workstation2", etc. id's) and I haven't paid that much attention to
fitting in with it. To be honest, it's been there for so long, under the
control of various people with less than adequate training, that it's
probably a bit of a mess and it would be better to have workstations
authenticate to the Samba server, where we're starting with a clean slate
(not to mention the benefit of this discussion).

LDAP is a good option, especially when there is a need for cross-platform
authentication. Is anybody out there using it in practice? I've had it on
my to-do list for some time now, especially since our intranet is based on
Lotus Domino, which provides an LDAP server, but I'm about as far from
getting started on it as I was eighteen months ago.

Given that every user on a small setup would have a home directory, the
simplest approach would be to use useradd (or the equivalent in Webmin)
with shadow password authentication. What are the benefits of LDAP over
this?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell at lesbell.com.au  Fri Mar 28 09:40:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 09:40:02 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
Message-ID: 

Andrew Dorrell  wrote:

>>
2. I have also made a modified /etc/skel.  In the shareing of home
directories via smb and netatalk I make it a rule _not_ to share the
home folder but one or more subdirectories of it - in particular
"Documents" and "public_html"
<<

Why was that, Andrew? I've shared home directories directly, as that's
particularly easy to do - it's the Samba default behaviour, and the Windows
workstations then go ahead and create the "My Documents" folder, etc. The
only problem I see is the visibility of some Linux-related hidden files,
but those can be made to disappear (with a Samba setting? I need to
document this for my *own* benefit as much as anyone else's!).

Doesn't sharing the subdirectories give rise to more complex drive mapping?
E.g.

My documents -> H:
My website -> W:

or some such?

>>
3. On PCs I can then have a startup script to map the users
$(HOME)/documents to h: and leave a shortcut to "My network folder" ->
h: in the global desktop configuration.
<<

This is an area I've found confusing and not all that well documented. When
I converted our local Samba workgroup to a domain a number of surprising
things happened, not least of which was the complete wiping out of my CFO's
(aka SWMBO's) work files. So, I'm looking for a good description of how the
Windows NT/2K Domain maps the "My Documents" folder on the 2K/ME/XP desktop
to the server. Any pointers to documents at the Microsoft Knowledge Base or
elsewhere would be a godsend, here.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell at lesbell.com.au  Fri Mar 28 09:47:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 09:47:02 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
Message-ID: 

Andrew Dorrell  wrote:

>>
4. On the last server I did I setup scripts to setup new teacher and
sudent accounts - creating the required directories etc to implement a
heirachy of access:

teacher has access to their own private space
                       plus student home directories
                       plus teacher share
                       plus student share

students have access to private file space plus student share

admin (office staff account) has access to private space plus admin share

teachers can be added to an admin group which gives them access to the
admin share

There was quite a bit of work involved in setting this up (and working
it out!) and I would like to find a way to share the results - perhaps
they can be developed further?  One of the problems however is that I
only get access to the installed system on occation as it is firewalled
(of course) by DET... so a wiki might be a great help here.
<<

You beauty! There's a surprising amount of work here - it's quite literally
been an item in my to do list for the last few weeks, but I haven't had a
chance to work it out. So, yes, *please* write it up whenever you get time.
If we haven't got a wiki or something like it up and running by then, just
post it to the list as an interim measure, but keep a copy for later.

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 09:52:01 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 09:52:01 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
In-Reply-To: 
References: 
Message-ID: <3E83AAB0.1090202@cisra.canon.com.au>

Les Bell wrote:
> Andrew Dorrell  wrote:
> 
> 
> 2. I have also made a modified /etc/skel.  In the shareing of home
> directories via smb and netatalk I make it a rule _not_ to share the
> home folder but one or more subdirectories of it - in particular
> "Documents" and "public_html"
> <<
> 
> Why was that, Andrew? I've shared home directories directly, as that's
> particularly easy to do - it's the Samba default behaviour, and the Windows
> workstations then go ahead and create the "My Documents" folder, etc. The
> only problem I see is the visibility of some Linux-related hidden files,
> but those can be made to disappear (with a Samba setting? I need to
> document this for my *own* benefit as much as anyone else's!).

This is true and I was perhaps over-zelous about this but I didn't want 
people to be able to remove their public_html folder or Mail folder for 
example.  Providing a drive mapping (as per your suggestion below just 
seemed more robust.... while directories such as Mail are only visible 
to the applications that actually use them.

It may have been better to use the veto files options... but there is 
setarate setup of that for both mac and windows file sharing.  The pros 
and cons are worth fleshing out.

> Doesn't sharing the subdirectories give rise to more complex drive mapping?
> E.g.
> 
> My documents -> H:
> My website -> W:
> 
> or some such?
> 
> 
> 3. On PCs I can then have a startup script to map the users
> $(HOME)/documents to h: and leave a shortcut to "My network folder" ->
> h: in the global desktop configuration.
> <<
> 
> This is an area I've found confusing and not all that well documented. When
> I converted our local Samba workgroup to a domain a number of surprising
> things happened, not least of which was the complete wiping out of my CFO's
> (aka SWMBO's) work files. So, I'm looking for a good description of how the
> Windows NT/2K Domain maps the "My Documents" folder on the 2K/ME/XP desktop
> to the server. Any pointers to documents at the Microsoft Knowledge Base or
> elsewhere would be a godsend, here.

I haven't played with that - rather I just put the shortcut to the 
network folder in the local machines "My Documents"... a cop-out perhaps 
  ... but its because I don't know the answer to your question ;-) (Plus 
I think its quite different between 98 / 2000/XP and I just don't have 
that much time to put into learning MS stuff)

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From lesbell at lesbell.com.au  Fri Mar 28 09:59:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 09:59:02 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
Message-ID: 

Andrew Dorrell  wrote:

>>
Interesting comments on email.  My experience: don't touch it.

DET provides their own webmail interface for staff and is looking at
expanding it.  I don't like their system much but they maintain it.
Anything you add will only cause confusion (sorry - I've just been there
...several times)  You will also run into duty of care concerns with
email as it is difficult (impossible) for teachers to monitor what the
kids are doing with it.
<<

Now that's useful to know! One problem I face is that, especially in a
primary school, the teachers themselves don't always know just what's
available, so I didn't even know about the DET staff webmail system. I have
heard about the upcoming expanded DET system which will provide some
facilities for student email etc. and will supplant some of what we're
doing, but I don't have firm scope and timeframe info - which is why I
decided to plough ahead and get something running in the short term. In any
case, I think there will always be scope for a system inside the school
which can run intranet applications.

>>
Setting up an intra-net homepage is practical and a very good idea IMO -
  put a form on it for a google safe search.... One thing I also setup
in the past was a page that teachers could add bookmarks to (via a
frm/cgi interface)... I'm moving away from this however towards things
like wiki (for better or worse)
<<

Heh. Google Safesearch is on there already, on my sample homepage. I'd love
to hear more about your bookmarks CGI app, though, as I can see that being
a popular feature. I've never implemented a wiki, but maybe it's time to
start. A wiki could allow kids (and teachers!) to learn about
computer-mediated communication, without a lot of the thorny problems of
email, couldn't it?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From lesbell at lesbell.com.au  Fri Mar 28 10:18:01 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 10:18:01 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
Message-ID: 

Paul Gear  wrote:

>>

Amen, brother!  Preach on!

<<

Hallehluah! I got an email yesterday, from a travel agent, that consisted
of a Word document and an "Email Cover Sheet". Dear, oh, dear!

We have *got* to teach kids about proper email usage. . .

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 11:08:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 11:08:02 2003
Subject: [Lias] linux kernel security patches
Message-ID: <3E83BC74.3060307@cisra.canon.com.au>

In case you have some hackers at your school:

  --Linux Kernel Vulnerability
(19 March 2003)
A vulnerability in the ptrace component of the 2.2 and 2.4 series
of Linux kernels could allow a local user to obtain root privileges.
RedHat has posted a patch for the flaw
http://news.com.com/2100-1016-993278.html
https://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 11:17:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 11:17:02 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: 
References: 
Message-ID: <3E83BE97.4030705@cisra.canon.com.au>

Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?

I'd like to suggest also that other's follow Trevor's lead and, when
they get a post they don't understand, don't be afraid to say so.  Many
of us have worked with teachers and in schools and understand the
difficulty in finding enough time to administer systems - let alone keep
up-to-date  with all the trends.  One of the reasons for this list is to
get together tech heads who are sympathetic to this - otherwise you
could just post to say *lug (your local linux users group)... but it is
difficult to know at what level to post your replies as there is *such*
a mix of experience levels

Regards

Les Bell wrote:
> "Trevor Gunter"  wrote:
> 
> 
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in varying
> ways.
> <<
> 
> It's the same for everyone, Trevor, even those of us who've been doing this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
> 
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
> 
> Now I've made another rod for my own back, by proposing that the school set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now sold
> the school on the idea, with implementation planned for next term.
> 
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
> 
> With that in mind, I'll let this list know when I start posting articles. I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From lesbell at lesbell.com.au  Fri Mar 28 11:35:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 11:35:02 2003
Subject: Hosting a Step-By-Step for Schools Site (was Re: [Lias] Thanks for help re
 Proxy)
Message-ID: 

Andrew Dorrell  wrote:

>>
Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?
<<

I discussed this earlier today with Simon Bryan at OLMC Parramatta. He has
a MySQL/PHP app developed there which they use to share technical
documentation. He says it's rough, but could be put up on the Internet.

I have a pair of Domino servers - one visible as http://www.lesbell.com.au
and http://ffps.lesbell.com.au ("our" school's development web site).
Domino provides wiki-like "discussion databases" which I can put up in a
few minutes, and it's particularly convenient for me as I can just sit at
the Notes client editing a document in a word-processor like environment,
hit "Save" and the document is published. See
http://www.lesbell.com.au/Home.nsf/Linux?OpenView for a very simple example
of how articles I write are automatically published to web.

The downside is that it's not FOSS, which might worry some people, and only
I would have access to the rich set of editing functionality in the Notes
client. On the other hand, if we do a "SxS" project and I take on editorial
responsibilities, that's the option I'd back since it's a highly productive
environment. I can also set up options like direct email submission to the
database with immediate web publication.

If I'm not editing and formatting the pages, then I'm certainly amenable to
using some other software. Wikis are good, but like all web-based systems,
people have to remember to go and look at them. For discussion, I prefer
mailing lists, as posts automatically land in front of subscribers. My
suggestion would be to use the Lias list to discuss stuff, and then use a
separate (database-driven?) site for publication of "Step-by-Step"
documents. But then, I don't know that much about wiki's. . .

Right now, I'm keeping anything I write in a Domino database; when we get
to the stage of having documents from other contributors, I'll devote an
hour or so to tidying that up and providing an open submission mechanism,
and then we'll compare options and see where to go next. I can export or
import stuff, whichever way it goes.

Also, since Lias is a Linux Australia venture, and I understand that LA is
fairly well cashed-up at the moment, perhaps we could count on them to
provide a host for a wiki?

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From tom at stvincents.nsw.edu.au  Fri Mar 28 11:37:02 2003
From: tom at stvincents.nsw.edu.au (Tom Doyle)
Date: Fri Mar 28 11:37:02 2003
Subject: [Lias] (no subject)
In-Reply-To: <3E83BE97.4030705@cisra.canon.com.au>
Message-ID: 

Can I just say that when you click reply to a post on this forum, it replies
to the originator of the post and NOT the list. This is a problem as lots of
advice is lost to the whole community. Can this be changed to default the
reply to the list?

2Cents-Tom.

-----Original Message-----
From: lias-admin at lists.linux.org.au
[mailto:lias-admin at lists.linux.org.au]On Behalf Of Andrew Dorrell
Sent: Friday, 28 March 2003 2:17 PM
To: Lias
Subject: Re: [Lias] Thanks for help re Proxy

Les I think this is a great idea and would encourage you to do it.
Perhaps if one of us could setup a wiki-web (see fr example
http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
provide an effective means for having such documentation maintained by
the whole community?

I'd like to suggest also that other's follow Trevor's lead and, when
they get a post they don't understand, don't be afraid to say so.  Many
of us have worked with teachers and in schools and understand the
difficulty in finding enough time to administer systems - let alone keep
up-to-date  with all the trends.  One of the reasons for this list is to
get together tech heads who are sympathetic to this - otherwise you
could just post to say *lug (your local linux users group)... but it is
difficult to know at what level to post your replies as there is *such*
a mix of experience levels

Regards

Les Bell wrote:
> "Trevor Gunter"  wrote:
>
>
> I know that's a poor excuse and I appreciate all of you not treating those
> teachers on this list who have varying levels of Linux skills (usually
low)
> as newbies. However, I find that a lot of what people recommend for me to
> do, I will try and often bumble through, but what some have suggested I
> have
> little idea of what it means or even how to do it. I know this comes in
the
> category of RTFM and I do try, but there are just so many hours in the day
> and we are teachers first trying to integrate Linux into schools in
varying
> ways.
> <<
>
> It's the same for everyone, Trevor, even those of us who've been doing
this
> for years. I spent a couple of hours this afternoon screwing around trying
> to fix a Samba/WinNT printer problem. I guess one answer is something that
> we started years ago on the caldera-users list (back when Caldera were a
> reasonable company with a nice distro): someone collated the replies on
the
> list and produced a "Step By Step" ("SxS") web site that gave detailed
> instructions on how to set various things up.
>
> Perhaps something similar would help here. I know that I face the same
> problem from the other side - I set up a Squid proxy for my kids' school,
> and sooner or later will have to hand over responsibility for it to
someone
> else. Before that happens, I suspect I'll have to train them, as well as
> completely documenting the setup.
>
> Now I've made another rod for my own back, by proposing that the school
set
> out to get some return on its $25,000 investment in LAN cabling by
> installing an intranet server. I threw together a prototype, running under
> VMWare on my laptop, brainstormed what it should do (mind map at
> http://ffps.lesbell.com.au/pandc/schoolserver/index.html) and have now
sold
> the school on the idea, with implementation planned for next term.
>
> This thing involves configuration of Apache, Samba, some CGI programs,
> Webmin and Usermin, procmail, and a bunch of other stuff. I've decided to
> document it in detail, in the SxS style, as otherwise the moment I try to
> hand it over to someone else, it will start to fall apart. I'll write up
> some articles and post them on my site initially, and if anyone finds them
> useful, terrific. To be honest, I think whoever takes it over will need
> support from a community around Lias, and if I can encourage others to
> implement similar systems, that will be great.
>
> With that in mind, I'll let this list know when I start posting articles.
I
> also expect to spend a day or two setting installing and configuring the
> server, and if anyone in the Sydney area wants to lend a hand and see how
> it all goes together, they're welcome to come around and take notes.
>
> Best,
>
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
>
>
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias

--
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

_______________________________________________
lias mailing list
lias at lists.linux.org.au
http://lists.linux.org.au/listinfo/lias

From ken_yap at users.sourceforge.net  Fri Mar 28 11:52:02 2003
From: ken_yap at users.sourceforge.net (ken_yap at users.sourceforge.net)
Date: Fri Mar 28 11:52:02 2003
Subject: [Lias] recipients Was: (no subject) 
In-Reply-To: Your message of Fri, 28 Mar 2003 14:30:11 +1100.

Message-ID: <20030328035109.7ED602226@ken.ken.com.au>

>Can I just say that when you click reply to a post on this forum, it replies
>to the originator of the post and NOT the list. This is a problem as lots of
>advice is lost to the whole community. Can this be changed to default the
>reply to the list?

No, the accumulated wisdom on mailing lists is that once in a while a
reply that was meant to be private will get sent to the list by accident
and embarrass the participants. Or worse.

Either the OP should set a Reply-To:, as I normally do, or the responder
should edit the destinations. In any case I always check the
destinations before I hit send, everyone should. And please check your
Subject: line too.

From jon at cybersite.com.au  Fri Mar 28 12:05:01 2003
From: jon at cybersite.com.au (Jonathon Coombes)
Date: Fri Mar 28 12:05:01 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: <3E83BE97.4030705@cisra.canon.com.au>
References:  
	<3E83BE97.4030705@cisra.canon.com.au>
Message-ID: <1048824125.2612.45.camel@notebook.cybersite.com.au>

On Fri, 2003-03-28 at 14:16, Andrew Dorrell wrote:
> Les I think this is a great idea and would encourage you to do it.
> Perhaps if one of us could setup a wiki-web (see fr example
> http://www.twiki.org or http://phpwiki.sourceforge.net/) this would
> provide an effective means for having such documentation maintained by
> the whole community?

A great idea, but could I suggest another alternative for the
Wiki software. The one I would recommend is
http://tikiwiki.sourceforge.net. It is very actively developed,
provides extensive value-add features to the wiki, and I have
used it in a number of projects myself :)

If interested, I can setup a site for people to use.

Regards,
Jonathon

From pgear at redlands.qld.edu.au  Fri Mar 28 12:14:01 2003
From: pgear at redlands.qld.edu.au (Paul Gear)
Date: Fri Mar 28 12:14:01 2003
Subject: [Lias] recipients Was: (no subject)
References: <20030328035109.7ED602226@ken.ken.com.au>
Message-ID: <3E83CCDF.30007@redlands.qld.edu.au>

ken_yap at users.sourceforge.net wrote:

>>Can I just say that when you click reply to a post on this forum, it replies
>>to the originator of the post and NOT the list. This is a problem as lots of
>>advice is lost to the whole community. Can this be changed to default the
>>reply to the list?
>>    
>>
>
>No, the accumulated wisdom on mailing lists is that once in a while a
>reply that was meant to be private will get sent to the list by accident
>and embarrass the participants. Or worse.
>
>Either the OP should set a Reply-To:, as I normally do, or the responder
>should edit the destinations. In any case I always check the
>destinations before I hit send, everyone should. And please check your
>Subject: line too.
>

Agreed, but it's a matter of statistics.  I reply to the list rather 
more often than the sender, and i'm sure most others are the same.  I'd 
estimate 90-95% of replies i make are to the list...

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From lesbell at lesbell.com.au  Fri Mar 28 12:33:02 2003
From: lesbell at lesbell.com.au (Les Bell)
Date: Fri Mar 28 12:33:02 2003
Subject: [Lias] recipients Was: (no subject)
Message-ID: 

Paul Gear  wrote:

>>
Agreed, but it's a matter of statistics.  I reply to the list rather
more often than the sender, and i'm sure most others are the same.  I'd
estimate 90-95% of replies i make are to the list...
<<

Seconded. The vast majority of lists I use (and have used) default to reply
to the list. I expect reply-to-sender when using a list populated by
old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
.  . and damn! would you believe it - I just spotted that I clicked on
"Reply" rather than "Reply to All" and was about to reply off-list? Time to
copy the content, cancel, start a new reply to all, and paste, as I so
often do. . .

(And then I have to manually delete lias-admin at lists.linux.org.au, which my
UA picks up, for some reason. . .)

Best,

--- Les Bell, CISSP
[http://www.lesbell.com.au]

From ken_yap at users.sourceforge.net  Fri Mar 28 12:41:02 2003
From: ken_yap at users.sourceforge.net (ken_yap at users.sourceforge.net)
Date: Fri Mar 28 12:41:02 2003
Subject: [Lias] recipients Was: (no subject) 
In-Reply-To: Your message of Fri, 28 Mar 2003 15:32:32 +1100.

Message-ID: <20030328044006.57DE124A3@ken.ken.com.au>

>Seconded. The vast majority of lists I use (and have used) default to reply
>to the list. I expect reply-to-sender when using a list populated by
>old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
>.  . and damn! would you believe it - I just spotted that I clicked on
>"Reply" rather than "Reply to All" and was about to reply off-list? Time to
>copy the content, cancel, start a new reply to all, and paste, as I so
>often do. . .
>
>(And then I have to manually delete lias-admin at lists.linux.org.au, which my
>UA picks up, for some reason. . .)

You need a better MUA that's all. :-) And what's so hard about creating
an alias called lias and typing it into the To: or Cc: box?

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 12:47:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 12:47:02 2003
Subject: [Lias] Thanks for help re Proxy
In-Reply-To: <1048824125.2612.45.camel@notebook.cybersite.com.au>
References:  	<3E83BE97.4030705@cisra.canon.com.au> <1048824125.2612.45.camel@notebook.cybersite.com.au>
Message-ID: <3E83D38B.8090104@cisra.canon.com.au>

Jonathon Coombes wrote:

> A great idea, but could I suggest another alternative for the
> Wiki software. The one I would recommend is
> http://tikiwiki.sourceforge.net. It is very actively developed,
> provides extensive value-add features to the wiki, and I have
> used it in a number of projects myself :)

Looks cool - haven't seen it before either :-O

I'll give it a whirl.  Certainly phpwiki is a little lame and twiki a 
little complicated to setup and configure

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From leon at cyberknights.com.au  Fri Mar 28 12:55:02 2003
From: leon at cyberknights.com.au (Leon Brooks)
Date: Fri Mar 28 12:55:02 2003
Subject: [Lias] recipients Was: (no subject)
In-Reply-To: <3E83CCDF.30007@redlands.qld.edu.au>
References: <20030328035109.7ED602226@ken.ken.com.au> <3E83CCDF.30007@redlands.qld.edu.au>
Message-ID: <200303281302.19445.leon@cyberknights.com.au>

On Friday 28 March 2003 12:17, Paul Gear wrote:
> ken_yap at users.sourceforge.net wrote:
>> No, the accumulated wisdom on mailing lists is that once in a while a
>> reply that was meant to be private will get sent to the list by accident
>> and embarrass the participants. Or worse.

>> Either the OP should set a Reply-To:, as I normally do, or the responder
>> should edit the destinations. In any case I always check the
>> destinations before I hit send, everyone should. And please check your
>> Subject: line too.

> Agreed, but it's a matter of statistics.  I reply to the list rather
> more often than the sender, and i'm sure most others are the same.  I'd
> estimate 90-95% of replies i make are to the list...

Most of the lists I inhabit are set to reply-to-list, as are all of the lists 
I manage. In most places, the lists which don't do this are announce-style 
lists. I notice clear exceptions among the Debian community and (probably 
consequentially) on LA's server. OTToMH, my config there for ALLIES says 
reply-to-list but warns of this in the sign-on message.

I always expect replies to go to the list. Sending private email is a 
deliberate act for me. However, for someone not expecting reply-to-list, you 
can create an awful lot of damage instantly with a thoughtless `private' 
email which you actually send to the list.

So... I favour reply-to-list, but I don't favour switching over a list whose 
denizens are *used*to* reply-to-sender.

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Committee Member, Perth Linux User Group
http://slpwa.asn.au/            Committee Member, Linux Professionals WA
http://linux.org.au/            Committee Member, Linux Australia

From andrew.dorrell at cisra.canon.com.au  Fri Mar 28 12:57:02 2003
From: andrew.dorrell at cisra.canon.com.au (Andrew Dorrell)
Date: Fri Mar 28 12:57:02 2003
Subject: [Lias] recipients Was: (no subject)
In-Reply-To: <20030328044006.57DE124A3@ken.ken.com.au>
References: <20030328044006.57DE124A3@ken.ken.com.au>
Message-ID: <3E83D605.8030405@cisra.canon.com.au>

>>Seconded. The vast majority of lists I use (and have used) default to reply
>>to the list. I expect reply-to-sender when using a list populated by
>>old-time, died-in-the-wool *ix diehards, but this isn't that kind of list .
>>.  . and damn! would you believe it - I just spotted that I clicked on
>>"Reply" rather than "Reply to All" and was about to reply off-list? Time to
>>copy the content, cancel, start a new reply to all, and paste, as I so
>>often do. . .

Have to admit - I'd rather the "reply" buton to send to the list also... 
partly because that's how al the lists here at work are configured - so 
lias always throws me

-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

From ken_yap at users.sourceforge.net  Fri Mar 28 13:05:01 2003
From: ken_yap at users.sourceforge.net (ken_yap at users.sourceforge.net)
Date: Fri Mar 28 13:05:01 2003
Subject: [Lias] recipients Was: (no subject) 
In-Reply-To: Your message of Fri, 28 Mar 2003 13:02:19 +0800.
             <200303281302.19445.leon@cyberknights.com.au> 
Message-ID: <20030328050429.E44EF2226@ken.ken.com.au>

>So... I favour reply-to-list, but I don't favour switching over a list whose 
>denizens are *used*to* reply-to-sender.

Here's an offer to any list member: Take over management of this list
from me if you wish (oh please, take the spam :-), then you are welcome
to initiate a change in the reply policy.

From craig at postnewspapers.com.au  Mon Mar 31 01:14:02 2003
From: craig at postnewspapers.com.au (Craig Ringer)
Date: Mon Mar 31 01:14:02 2003
Subject: School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)
In-Reply-To: 
References: 
Message-ID: <3E872561.80909@postnewspapers.com.au>

> LDAP is a good option, especially when there is a need for cross-platform
> authentication. Is anybody out there using it in practice? 

I have it running for authentication of linux users between two 
machines, however I haven't yet tried to merge in NT domain 
authentication. I'm not sure its worth it, the users all use different 
machines.

> Given that every user on a small setup would have a home directory, the
> simplest approach would be to use useradd (or the equivalent in Webmin)
> with shadow password authentication. What are the benefits of LDAP over
> this?

All users can log in at all machines with the same user ID and password. 
If you enable shared home directories over (eg) auto-mounted NFS, they 
get the same homedirs too. This can have some issues with differing app 
version not liking each other's .folders (mozilla, for example), though.

Centralized management. You can replicate to one or more slave servers 
so losing the master server won't prevent users from logging in.

If you don't have multiple machines and don't expect to need them 
anytime soon, don't bother. At least using openldap/slapd its quite 
fiddly to get started, though it works well once its up and running.

Craig

From craig at postnewspapers.com.au  Mon Mar 31 01:16:01 2003
From: craig at postnewspapers.com.au (Craig Ringer)
Date: Mon Mar 31 01:16:01 2003
Subject: [Lias] School Intranet Server - Functionality & Requirements
In-Reply-To: <1048809751.14265.12.camel@ches.lovethisuni.org>
References:  <1048809751.14265.12.camel@ches.lovethisuni.org>
Message-ID: <3E8725F6.3080600@postnewspapers.com.au>

>> However, I believe the Webmin mail interface is a
>>little too complex for primary school kids, and am looking for suggestions
>>for a simple web mail interface.

squirrelmail comes to mind, but I've never really used it much.

> Please, please, please disable HTML email by default though, and tell the 
> children about how evil it is before they get the 'outlook express ivy-leaf 
> border' disease.

*lol* Just wait for the "tablet PC" with MS Windows to become more 
widespread. Looking forward to "handwriting email" on mailing lists? 
After all, why go through the handwriting recognition when you can post 
a nice image... everybody can read your writing, obviously. *sigh*. 
Handwriting email was a /bad/ idea.

Craig

From pgear at redlands.qld.edu.au  Mon Mar 31 07:33:02 2003
From: pgear at redlands.qld.edu.au (Paul Gear)
Date: Mon Mar 31 07:33:02 2003
Subject: [Lias] linux kernel security patches
References: <3E83BC74.3060307@cisra.canon.com.au>
Message-ID: <3E877F8C.4000105@redlands.qld.edu.au>

Andrew Dorrell wrote:

> In case you have some hackers at your school:

BTW, that's "crackers", not "hackers".  Hackers build things, crackers 
break things.  :-)

http://catb.org/esr/jargon/html/entry/hacker.html

-- 
Paul Gear
Manager IT Operations
Redlands College
38 Anson Road, Wellington Point 4160
07 3286 0271
(Please send attachments in portable formats such as PDF or HTML.)

From ches at perlboy.org  Mon Mar 31 09:11:02 2003
From: ches at perlboy.org (Robert McLeay)
Date: Mon Mar 31 09:11:02 2003
Subject: [Lias] linux kernel security patches
In-Reply-To: <3E877F8C.4000105@redlands.qld.edu.au>
References: <3E83BC74.3060307@cisra.canon.com.au>
	 <3E877F8C.4000105@redlands.qld.edu.au>
Message-ID: <1049073009.1519.64.camel@ches.lovethisuni.org>

The kernel would be the bit that I'd be least worried about, personally.

If you've got any student at your school who's able to exploit kernel
level holes like that, you probably want them to have root, as you'll
get a really secure box. Hacker pride (as most crackers - not s'kiddiots
- are also hackers) :)

Robert.

On Mon, 2003-03-31 at 09:36, Paul Gear wrote:
> Andrew Dorrell wrote:
> 
> > In case you have some hackers at your school:
> 
> 
> BTW, that's "crackers", not "hackers".  Hackers build things, crackers 
> break things.  :-)
> 
> http://catb.org/esr/jargon/html/entry/hacker.html
> 
> -- 
> Paul Gear
> Manager IT Operations
> Redlands College
> 38 Anson Road, Wellington Point 4160
> 07 3286 0271
> (Please send attachments in portable formats such as PDF or HTML.)
> 
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias
--