The Answer Guy Issue 17

From:Wietse Venema,

wietse@wzv.win.tue.nl
Do you know where there are any working examples of this and the twist option posted to the ‘net? I fight with some of these and don’t seem to get the right results.

Use « twist » to run a service that depends on destination address: fingerd@host1: ALL: twist /some/where/fingerd-for-host1

What I’d like is an example that drops someone into a chroot’d jail as « nobody » or « guest » and running a copy of lynx if they are from one address — but lets them log in a a normal user if they are from an internal address. (We’ll assume a good anti-spoofing packet-filter on the router(s)).

I have a little program called chrootuid that you could use.

Did you ever add the chrootuid functionality to tcpd?

I would do that if there was a performance problem. Two small programs really is more secure than a bigger one.

How would you feel about an option to combine the hosts.allow and hosts.deny into just tcpd.conf?

What about compatibility with 1 million installations world-wide?

(I know I can already put all the ALLOW and DENY directives in a single file — and I’m not much of a programmer but even *I* could patch my own copy to change the filename — I’m just talking about the general case).

This is because the language evolved over time. Compatibility can become a pain in the rear.

— Weitse

Automatic File Transfer

From:Kenneth Ng, kenng@kpmg.com
In Linux Gazette, there is a mention of how to transfer files automatically using ftp. Here is how:

 
 #!/bin/csh
 ftp -n remote.site  /root/tapes.contents/.....

…. where the contents list is named something like:


                antares-X.19970408

…. which is a hostname, a volume (tape) number and a date in YYYYMMDD format (for proper collation — sorting).

READ  About | Medasys Digital Dystems

To do a differential I use something like:

        find / -newer /root/tape.contents/....  \
                        | egrep -v "^(/tmp|/proc|/var/spool/news)" \
                        | tar czTf - /mnt/mo/diff.`date +%Y%m%d`.tar

… (actually it’s more complicated than that since I build the list and compute the size — and do some stuff to make sure that the right volume is on the Magneto Optical drive — and mail nastygrams to myself if the differential won’t fit on that volume — if the volume is the most recent one (I don’t overwrite the most recent — I rotate through about three generations) — etc).

However this is the core of a differential backup. If you wanted an incremental — you’d supply a different file to the -newer switch on your find command.

The difference between differential and incremental is difficult to explain briefly (I spent about a year explaining it to customers of the Norton Backup). Think of it this way:

If you have a full — you can just restore that.

If you have a full, and a series of differentials, you can restore the most recent full, and the most recent differential (any older fulls or differentials are unneeded)

If you have a full and a series of incrementals you need to restore the most recent full, and each subsequent incremental — in order until the most Recent.

It’s possible (even sensible in some cases) to use a hybrid of all three methods. Let’s say you have a large server that takes all day and a rack full of tapes to do a full backup. You might be able to do differentials for a week or two on a single tape per night. When that fills up you might do an incremental, and then go back to differentials. Doing this to a maximum of three incrementals might keep your all day backup marathons down to once a month. The restore must go through the « hierarchy » of media in the correct order — most recent full, each subsequent incremental in order, and finally the most recent differential that was done after that.

READ  Upgrading Your linux Distribution mini-HOWTO: Delete the linux partitions with fdisk and recreate them.

(Personally, I avoid such complicated arrangements like the plague. However they are necessary in some sites.)

— Jim

Answer Guy #1, January 1997
Answer Guy #2, February 1997
Answer Guy #3, March 1997
Answer Guy #4, April 1997

indexnew-8416622 homenew-7858742 back2-3338887 fwd-5397933