ProductsDesktop Server For Scientific Computing For IBM POWER For IBM System z For SAP Business Applications Red Hat Network Satellite ManagementExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportWeb Server Developer Studio Portfolio Edition JBoss Operations Network FuseSource Integration Products Web Framework Kit Application Platform Data Grid Portal Platform SOA Platform Business Rules Management System (BRMS) Data Services Platform Messaging JBoss Community or JBoss enterprise
SolutionsApplication development Business process management Enterprise application integration Interoperability Operational efficiency Security VirtualizationMigrate to Red Hat Enterprise Linux Systems management Upgrading to Red Hat Enterprise Linux JBoss Enterprise Middleware IBM AIX to Red Hat Enterprise Linux HP-UX to Red Hat Enterprise Linux Solaris to Red Hat Enterprise Linux UNIX to Red Hat Enterprise Linux Start a conversation with Red Hat Migration services
TrainingPopular and new courses JBoss Middleware Administration curriculum Core System Administration curriculum JBoss Middleware Development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing and Virtualization curriculum
ConsultingStandard Operating Environment (SOE) Strategic Migration Planning Service-oriented architecture (SOA) Enterprise Data Solutions Business Process Management
Issue #17 March 2006
- What is virtualization?
- An interview with Brian Stein
- Virtualization Resource Center goes live
- Introduction to DocBook XML, part 2
- Risk Report: A year of Red Hat Enterprise Linux 4
- Video: Red Hat Summit Nashville
- LibriVox gives books a voice in the public domain
- See you at the Summit: Eben Moglen
- Developers: Come play with us and build the future
- Book review: Active Liberty
- Video: Skanska
- Book review: Linux Patch Management
- Podcast: So you'd like to contribute to open source software
From the Inside
In each Issue
- Editor's blog
- Red Hat speaks
- Ask Shadowman
- Tips & tricks
- Fedora status report
- Podcast (XML)
- Magazine archive
Shadowman is waiting for Fedora Core 5. And he knows he's not the only one. It's coming any day now. Yes, sir... any day now.
When it comes, you'll know it, you Linux freaks. It'll hit you like a bus full of kernel developers. It'll make you weep with joy. It'll whiten your teeth and shrink your waistline. It's just about everything that is beautiful and pure in the free and/or open source world.
You want a nice steaming cup of free Java? It's in there. You want some sweet new candy for your eyeballs? Have a look-see. You want a security blanket to protect you from the big scary world? Snuggle up. You want to run machines inside of machines inside of machines like those Russian nesting dolls? Play to your heart's content.
Yes sir... any day now. Isn't the waiting the best part? Nothing like a little tension to keep things all tingly and exciting. You know what Shadowman's saying.
Got a question that you'd like Shadowman to answer? Ask him.
Please help me configure qmail to replace sendmail for Red Hat ES4.
To which Shadowman replies:
Vishal, there are some things that Shadowman can't help you with. Sadly, qmail is one of those things.
Not that qmail isn't great, because it is. Some of Shadowman's best friends run their mail servers on qmail; it's lightweight and speedy and powerful. A great little mail transfer agent.
Unfortunately, it's not quite... exactly... free.
See, here's the thing: Shadowman takes his software licensing pretty seriously. Whether it's licensed GPL or BSD, "free" or "open source", all of Shadowman's favorite software projects share one thing in common: they grant broad rights to their users, allowing them to use, modify, and redistribute the bits freely.
It's on that last point -- redistribution -- that qmail takes a different stand. The license for qmail is very particular, and specifically prohibits repackaged binary versions of qmail. That includes RPMs, and Debian packages too, for that matter -- which certainly annoys some people in the Debian community.
One thing's for sure, though: be sure to blast every trace of sendmail, or any other mail transfer agent, if you expect to get qmail to work.
What is the default firewall shipped with Red Hat Enterprise Linux AS v.4? what is the service name so that I can check if it's running?
To which Shadowman replies:
Time to learn about iptables, Ed. And rather than bore you and other readers with lots of arcana, Shadowman will give you two simple answers.
Answer 1: the link to the iptables documentation for RHEL4.
Answer 2: as root, "/sbin/service iptables status".
An astute reader asked:
How does an ordinary user manage to use finger?
ls -l /usr/bin/finger -rwx--x--x 1 root root 23088 Mar 4 2005 /usr/bin/finger
To which Shadowman replies:
Hoisted on his own petard again, Shadowman is.
A wise man once told Shadowman, many years ago, never to set executables as execute-only files -- "avoid the 111 permission, young Shadowman, because it will cause you nothing but grief in the long term," this wise man said to Shadowman. And Shadowman, ever the trusting soul, believed the wise man's counsel.
Years passed, and this wise counsel took on the patina of well-established truth. This truth was reinforced by the permissions of just about every bin directory that Shadowman ever came across.
But an alert reader points out the anomalous case of finger:
[shadowman@localhost bin]$ ls -l /usr/bin | grep x--x--x -rwx--x--x 1 root root 19120 Mar 4 2005 finger [shadowman@localhost bin]$ finger shadowmn Login: shadowmn Name: (null) Directory: /home/shadowmn Shell: /bin/bash On since Mon Mar 13 08:00 (EST) on :0 (messages off) On since Mon Mar 13 08:01 (EST) on pts/1 from :0.0 No mail. Plan: To figure out why it is, exactly, that finger is the only application in /usr/bin with -rwx--x--x permissions.
So finger runs perfectly well, even though Shadowman doesn't actually have read permissions on finger. Hmm.
Obviously, Shadowman has become enamored with an utterly false truth. Witness Shadowman's new experiments in fact:
[root@localhost bin]# ls -l ls -rwxr-xr-x 1 root root 91012 May 25 2005 ls [root@localhost bin]# chmod 111 ls [root@localhost bin]# ls -l ls ---x--x--x 1 root root 91012 May 25 2005 ls [root@localhost bin]#
All great truths raise more questions than they answer, though, and Shadowman is stumped. So Shadowman asks various smart people, "why is the permission for finger set to 711 by default, when the vast majority of applications are set to 755?" And various smart people answer, "Huh. Dunno. It works, though. Why do you care?"
Shadowman cares because Shadowman's entire foundation has been shaken, and now Shadowman has no choice but to consult a higher power -- his readers.
Shadowman asks his readers:
Why is the permission for finger set to 711 by default, when the vast majority of applications are set to 755?