From:Wietse Venema,
wietse@wzv.win.tue.nl
Do you know where there are any working examples of this and the twist option posted to the ‘net? I fight with some of these and don’t seem to get the right results.
Use « twist » to run a service that depends on destination address: fingerd@host1: ALL: twist /some/where/fingerd-for-host1
What I’d like is an example that drops someone into a chroot’d jail as « nobody » or « guest » and running a copy of lynx if they are from one address — but lets them log in a a normal user if they are from an internal address. (We’ll assume a good anti-spoofing packet-filter on the router(s)).
I have a little program called chrootuid that you could use.
Did you ever add the chrootuid functionality to tcpd?
I would do that if there was a performance problem. Two small programs really is more secure than a bigger one.
How would you feel about an option to combine the hosts.allow and hosts.deny into just tcpd.conf?
What about compatibility with 1 million installations world-wide?
(I know I can already put all the ALLOW and DENY directives in a single file — and I’m not much of a programmer but even *I* could patch my own copy to change the filename — I’m just talking about the general case).
This is because the language evolved over time. Compatibility can become a pain in the rear.
— Weitse
Automatic File Transfer
From:Kenneth Ng, kenng@kpmg.com
In Linux Gazette, there is a mention of how to transfer files automatically using ftp. Here is how:
#!/bin/csh ftp -n remote.site /root/tapes.contents/.....
…. where the contents list is named something like:
antares-X.19970408
…. which is a hostname, a volume (tape) number and a date in YYYYMMDD format (for proper collation — sorting).
To do a differential I use something like:
find / -newer /root/tape.contents/.... \
| egrep -v "^(/tmp|/proc|/var/spool/news)" \
| tar czTf - /mnt/mo/diff.`date +%Y%m%d`.tar
… (actually it’s more complicated than that since I build the list and compute the size — and do some stuff to make sure that the right volume is on the Magneto Optical drive — and mail nastygrams to myself if the differential won’t fit on that volume — if the volume is the most recent one (I don’t overwrite the most recent — I rotate through about three generations) — etc).
However this is the core of a differential backup. If you wanted an incremental — you’d supply a different file to the -newer switch on your find command.
The difference between differential and incremental is difficult to explain briefly (I spent about a year explaining it to customers of the Norton Backup). Think of it this way:
If you have a full — you can just restore that.
If you have a full, and a series of differentials, you can restore the most recent full, and the most recent differential (any older fulls or differentials are unneeded)
If you have a full and a series of incrementals you need to restore the most recent full, and each subsequent incremental — in order until the most Recent.
It’s possible (even sensible in some cases) to use a hybrid of all three methods. Let’s say you have a large server that takes all day and a rack full of tapes to do a full backup. You might be able to do differentials for a week or two on a single tape per night. When that fills up you might do an incremental, and then go back to differentials. Doing this to a maximum of three incrementals might keep your all day backup marathons down to once a month. The restore must go through the « hierarchy » of media in the correct order — most recent full, each subsequent incremental in order, and finally the most recent differential that was done after that.
(Personally, I avoid such complicated arrangements like the plague. However they are necessary in some sites.)
— Jim
Answer Guy #1, January 1997
Answer Guy #2, February 1997
Answer Guy #3, March 1997
Answer Guy #4, April 1997
