Peter's Linux Q&A

  1. Netscape looks awful on Linux! How can I get better fonts for Netscape? They suck on Linux!
  2. Why does Netscape Communicator 4.5 crash everytime I click on a mailto: link?
  3. How can I get Netscape Communicator to auto-complete entries made into the URL box on Linux?
  4. How do I get PPP up and running on Linux?
  5. Is there a Eudora type program for Linux so I can download my email to home?
  6. Can fetchmail be used for multiple users?
  7. How can I tell Mutt to not sign PGP to a particular recipient, like a mailing list?
  8. How do I get rotating sigs?
  9. Is there an ICQ client for Linux?
  10. How do I disable telneting to my machine for certain accounts? How do I disable ALL telneting to my machine?
  11. How can I log into my own machine as root? It doesn't seem to work!
  12. What is identd?
  1. Netscape looks awful on Linux! How can I get better fonts for Netscape? They suck on Linux!
    The first thing you can try to do is to get the URW fonts which are a free replacement for the default X fonts. Then add them to your fontpath in XF86config or the equivalent file for your XServer:

    FontPath "/usr/X11R6/lib/X11/fonts/misc:unscaled"
    FontPath "/usr/X11R6/lib/X11/fonts/75dpi:unscaled"
    FontPath "/usr/X11R6/lib/X11/fonts/100dpi:unscaled"
    FontPath "/usr/X11R6/lib/X11/fonts/URW"

    The unscaled after the first lines means any applications uses bitmap fonts (unscaled) if they match in size, otherwise they use the URW replacements.

    Get these fonts at GIMP's site, http://ftp.gimp.org/fonts.html. According to that web page, these are the same fonts that are distributed with Ghostscript, so you probably already have these fonts.

    The next thing you can do is to get Microsoft's excellent TrueType fonts working by installing a Truetype X-font server for X. This will allow Netscape (and other X clients like The Gimp and Star Office) to access true type fonts as well as the native X fonts. It improves things considerably. In fact, after installing xfstt, I'm completely happy with my fonts in Netscape (and I'm picky about fonts!).

    There are two Truetype font servers available, each of which is reasonably simple to install -- xfsft and xfstt. xfstt is a server that runs on top of X. It's supposed to be easier to install and get going but is also supposed to have some small incompatibilities (I haven't met anyone who has made an issue of the incompatibilities). xfsft is supposed to be more like a patch to X and is `in tune' with the X philosophy, but is supposed to be harder to install.

    You'll find them both at: ftp://metalab.unc.edu/pub/Linux/X11/fonts
    You can get xfstt from: ftp://rpmfind.net/linux/contrib/libc6/i386/xfstt-0.9.10-1.i386.rpm
    You can get xfsft from: http://www.dcs.ed.ac.uk/home/jec/programs/xfsft/
    You can get xfstt from ftp://sunsite.unc.edu/pub/Linux/X11/fonts/

    After installing one of these servers, you'll need some TT fonts. The xfstt FAQ contains many, many links to websites that allow TT font downloads. In fact, if you search Yahoo or dejanews.com, you'll find hundreds of TT fonts on the web; maybe even thousands. Another place to look is at Satan's web site: http://www.microsoft.com/typography/fontpack/default.htm. They're free for personal use, but may not be redistributed. The Windows 3.1 files are self-extracting PKZIP files with .exe extensions. The Linux version of InfoZip's unzip can handle them fine. You can't extract the win95 version of these font packages.

    Of course you have friends with Windows. All the fonts are located in a centralized directory; you can simply copy them from their computer to yours via floppy, removable media, network connection or whatever.


  2. Why does Netscape Communicator 4.5 crash everytime I click on a mailto: link?
    According to Netscape, this was a bug that was reported the first day that Netscape Communicator 4.5 came out. It was fixed when 4.51 came out, in March 99. Other than using a different version of Netscape, here is a workaround by Fred Wilson Horch at EcoAccess:

    I'm running RedHat 5.2 (2.0.36) and the glibc version of Netscape 4.5. Once I open Messenger (I can open then close it), mailto: links work. Otherwise, I get the same problem.

    I assume the Messenger component initializes something. I found it so annoying that I've configured Netscape to start up Messenger by default (under Edit -> Preferences -> Appearance).


  3. How can I get Netscape Communicator to auto-complete entries made into the URL box on Linux?
    Only Netscape 6 and higher does this on Linux; none of the other Netscapes autocomplete the URL.


  4. How do I get PPP up and running on Linux?
    This is a document that I wrote specifically for UCD students, the UCD PPP HOWTO , but it's easy to read and well explained. You can most certainly follow the instructions and tailor them to suit your needs. Note--this was meant to get you up and running. It's not supposed to be a treatiste on how to IP Masquerade or setup a home PPP server. Look at the voluminous PPP HOWTO for advanced configurations.


  5. Is there a Eudora type program for Linux? Can I get my email downloaded to home?
    Of course you can. This is linux, remember? The utility you're looking for is called fetchmail. Add the following line to your ppp-on script:
    /usr/bin/fetchmail -d 60
    The -d option starts fetchmail in daemon mode, polling for new mail (in the example above) every 60 seconds. You will want to put the following line in your ppp-off script:
    /usr/bin/fetchmail --quit
    Surprisingly, this shuts down the daemon. Lastly, you'll want to create a .fetchmailrc in your home directory which looks something like:

    # fetchmailrc written by Peter Jay Salzman Feb 1999
    # Comments begin with pound. On the poll line the words and,with,has,wants
    # and options are ignored as are :; and , for the rc to resemble English.
    # protocol can be abbreviated as proto.

    poll landau.ucdavis.edu with protocol POP3
    user YY
    pass XX
    fetchall

    where YY is you username and XX is your password. The fetchall command fetches all your mail (duh) and landau.ucdavis.edu is the name of my POP3 mail server. You'll need to change the details, but this should give you an idea of what the basics look like.


  6. Can fetchmail be used for multiple users?
    This is linux--of course it can! In fact, it works wonderfully for multiple users and is easier than Eudora! Here's a portion from an example fetchmailrc file:

    # fetchmailrc written by Peter Jay Salzman Feb 1999

    poll mail.server.edu with protocol POP3
    user bill_gates with pass password is the_devil here
    user jack_tripper with pass ThreeCompany is jack_tripper here
    user daffyduck with password SuCcutash is root here
    fetchall


  7. How can I tell Mutt to not sign PGP to a particular recipient, like a mailing list?
    You do this by using a send-hook. If you don't want to PGP sign your email going to the sabmag mailinglist, put this in your muttrc,
    send-hook 'SABMAG@MITVMA.MIT.EDU' "set pgp_autosign=no"
    and every message you send to sabmag will NOT automagically be signed. Note that if you simply put
    set pgp_autosign=no
    then none of your emails will be signed unless you want them to be signed (default is to hit "p" before you send the message).


  8. How do I get rotating sigs?
    You can get this type of behavior by writing a perl script that uses named pipes (also known as FIFOs). Basically you convert your .sig file into a named pipe and then have a perl script (or other small program) that acts as a daemon and sits in a loop writing randomly selected signatures into .signature (re-opening and closing the file for each signature). When another program (e.g. mutt) wants to get your signature, it opens .sig for reading and reads until it hits EOF. The reading program never even knows that .signature isn't a regular file. When a program (in this case the daemon) tries to open a named pipe for writing, the operating system causes the function call to block until there is actually another program on the other side trying to read from the named pipe, so your daemon isn't actually spinning around inside an infinite loop if no programs are reading your signature.

    Here's an example of a signature daemon (written in perl) that basically does what you want. There may be some minor bugs in it that need to be ironed out, but it should give you the general idea. 

    #!/usr/bin/perl

use strict; 
my $NAMED_PIPE = "signature_file";
my $SIG_DB = "sigs.txt";
my $SIG_DELIM = "<<SIG>>";    ### Delimiter in sig database

my @allsigs;                  ### List of all signatures
my @cursig;                   ### Lines of signature being read from DB

### Make sure the named pipe exists.  If not, set it up.
unless (-p $NAMED_PIPE) {
  system("rm $NAMED_PIPE") if -e $NAMED_PIPE;
  if (system("mkfifo $NAMED_PIPE")) {
    die "Couldn't make named pipe ($NAMED_PIPE)\n";
  }
}

### Read in possible signatures.
open(SIGDB,$SIG_DB) || die "Can't open signature database: $!\n";
while(my $line = <SIGDB>) {
  if ($line =~ /$SIG_DELIM/) {
    push(@allsigs,join("",@cursig));
    @cursig = ();
    next;
  }
  push(@cursig, $line);
}
push(@allsigs,join("",@cursig));


### Loop forever
while(1) {
  open(SIG,">signature_file") || die "Can't write to named pipe.\n";

  ### Pick a signature file somehow...
  my $sig = $allsigs[rand(scalar(@allsigs))];

  ### Send it to the named pipe
  print SIG $sig;

  ### Close the named pipe (the current program will think it has read the
  ### entire file.
  close(SIG);

  ### Prevent the next pipe we open from catching the end of the current
  ### request.
  sleep 1;

}
    Create a .muttsig file that contains:
    fortune ~/data/mysigs
    Also, in my .muttrc add this line:
    set signature=~/.muttsig|
    The fortune program can be used to create your own fortune database of sigs (takes a bit of work, but not too hard). You can write a shell program or perl program that generates the sig.


  9. Is there an ICQ client for Linux?
    First check out http://www.portup.com/~gyandl/icq/. This page has many, if not all, the Linux ICQ clients. Here are some of the individual ones that I know of:
    1. kicq
    2. kxicq
    3. xicq
    4. gicq
    5. licq: http://www.licq.org
    You can get most of these at http://www.linuxapps.com.


  10. How do I disable telneting to my machine for certain accounts? How do I disable ALL telneting to my machine?
    You can disable all telneting to your machine by editing /etc/inetd.conf. You can allow access to your machine on a per-user basis by editing /etc/security/access.conf.


  11. How can I log into my own machine as root? It doesn't seem to work!
    This is done for security. If you really want to be able to log in as root, and don't mind the possible consequences (I highly advise against it), you can change this behavior of telnet. There's a file called /etc/securetty which defines which terminals a root user may log into. Make sure that ttyp0, ttyp1, etc are defined in that file. Each telnet session uses one of these terminals, so define several of them. For example, if you only define those two, if 2 users telnet to your machine, you'll be given ttyp2 and therefore will not be allowed to telnet in as root.


  12. What is identd?
    Identd identifies the username of a process owning a specific TCP/IP connection. It is usually run via inetd and listens on port 113. It is a snitch, and about as trustworthy as one.

    Identd should not be used as a method of authentication; anyone with root access can alter their identd response. On many systems (such as FreeBSD and Windows) even a non-privledged user can specify whatever identd response they want. The protocol is most useful on multiuser systems as a method of tracking down problem users. If one of your users is causing problems on another system, that system's admin can inform you of the username of the specific user causing problems, saving you a lot of legwork.

    Since the client assumes the identd daemon is trustworthy, it is inappropriate as a security protocol, but it sometimes is used as one. (E.g. SOCKS firewall proxies may require satisfactory ident response to allow connections. Since Windows 9x machines don't support it (no concept of user), most SOCKS firewall configurations don't require it anymore.) The RFC suggests it is useful for auditing.... I think that is optimistic.

    Example:
    Pete Salzman, having logged in as psalzman on his home linux box, proceeds to use his web browser to point at www.snoop.com

    www.snoop.com is a paranoid company and wants to know the username of whoever just accessed their webpage. They query port 113 on Pete's box (identd's port), providing it with the source port Pete connected with.

    Identd looks up the username associated with that source port, and says "psalzman" to caller, and exits.

    Should you run identd? That's really a judgement call. On systems with many users, the benefits could be great, but it doesn't serve any particular purpose on a single user box. Not running identd may limit your ability to connect to certain servers - many IRC and some FTP servers don't allow, or severly restrict, non-identd'd connections, for example. However, running it means leaving a service open to the outside world, with all the security risks that entails.

    Another thing to consider is that identd can allow attackers to find out valuable information about your system, such as whether a certain service is running as root, the operating system you are running, and the usernames of your users. Consider running identd with the -n flag, which sends userid numbers instead of usernames.

Please report bugs, problems or broken links to me.