DNS与IP之间的互查

最近, 公司将搬迁到新大楼, 这也是烦SA的事情.

本人很懒, 平时都是不喜欢去记录一些机器配置变化的. 就算是自己为机器申请的

这可好了, 搬迁机器都要变化IP, 域名需要申请变化!

一个个找email是不靠谱的.

就自己找了个程序去跑, (^_^) 一身轻松

import os, sys
import re


regx = r"PTR.*?\b(?P<dns>(\w*\.){4})"
pattern = re.compile(regx)

def LookUpDns(Ip):
ANSWER = os.popen("dig -x %s" % Ip).read()
#print regx
match = pattern.search(ANSWER)
if match:
print "%s => %s" % (Ip, match.group("dns"))

BTW::

关于dig的使用手册: http://www.madboa.com/geek/dig/

XGL与AIGLX

前几天在搞Xorg-server和compiz, 就会被扯进3D的技术世界中.

要在linux下使用3D的特效, 都是需要使用OpenGL的. 对于怎么使用OpenGL, 有两种方法:

There are two ways in which a windowing system can allow an OpenGL implementation to talk to the graphics card.

The first is to specify the OpenGL command stream in a portable network-neutral manner using a client/server implementation similar to the X11 drawing routines. This method, used by AIGLX, is indirect in that the drawing commands are sent to the X server and then the X server sends them along to the graphics card.

The second way, which is at the base of Xgl, is to open a window and then allow the OpenGL library to send commands directly to the graphics card.

从上面的文字中看出, 就是直接与间接的区别.

两种方式需要不同的图形服务程序去支持.

对于直接的方法, 是使用一个叫XGL的服务程序, Xgl is an X server architecture designed to take advantage of modern graphics cards via their OpenGL drivers

间接的方法就是使用现在广泛使用的xorg-server, 那么要xorg-server接受OpenGL指令, 还是需要一定的扩展的, 这就是GLX (initialism for "OpenGL Extension to the X Window System") provides the binding connecting OpenGL and the X Window System: it enables programs wishing to use OpenGL to do so within a window provided by the X Window System.

http://en.wikipedia.org/wiki/AIGLX
http://www.gentoo-wiki.info/XGL
http://en.wikipedia.org/wiki/XGL
http://www.gentoo-wiki.info/AIGLX

对openoffice有点好感

对openoffice有点好感还是头一次, 之前在2.0时代的OOo看上去就很人不舒服的感觉. 更不用说使用它进行烦人的文字和表格处理了.

虽然本人是CLI风格的家伙, 但是本人对外观的需求还是有的, 所谓: "人要脸, 树要皮"嘛. 本人的terminal的外观可是很好看的呀(^_^)

有了好感, 那么.....就会对它想入非非的了.......

首先出现在头脑中的是openoffice的表格与database结合了. 因为使用xlrd, pyExcelerator, xlwt有点不爽.

加上学习学习DB还是很好的. 人差的就是借口 (^_^), 有借口人就不会懒啦

在看OpenOffice与数据connect时, 首先出现在眼前的便是:
* ODBC
* unixODBC
* 具体的DB的ODBC, 比如:sqliteODBC, myODBC等等.

三者的关系:
1. ODBC
ODBC在wikipedia上的描述:
ODBC uses as its basis the various Call Level Interface (CLI) specifications from the SQL Access Group, The Call Level Interface (CLI) is a software standard defined in ISO/IEC 9075-3:2003.
应该这样理解:ODBC是一套ISO标准, 存在于描述文字中
2. unixODBC
unixODBC是在unix下的一套实现, 已经把标准使用代码实现出来.

3. 具体的DB的ODBC
这就是具体的DB使用unixODBC接口实现的应用接口


正在学习OpenOffice与DB的联系

又是烧钱!

我的耳朵听不出好与不好的耳机, 只知道重音与高音

本想去买一个mp3的线控耳机的(可以next, back, suspend之类操作的线控), 后来想了想, 本人的GoGear应该是不支持这样的操作的, 专竟是外界发来的指令.


当时一头脑发热, 跑到了电脑城, 找了间耳机专买店就吹了起来.

加上不是很理性, 就买了如下的设备:
http://panasonic.cn/products/digital_av/accessories/earphone/RP-HX70

当时下决心买这种headphone, 不去买earphone, 主要是因为想到使用这个东西和电脑看电影应该比earphone爽.

所以........ 烧钱了.......

ls与less的故事

ls可以使输出的数据有颜色, 如:

ls -G /

但是当ls的输出被重定向到less命令后会怎么样呢?

呃..... 没有了颜色, 等于使用不使用-G都是一样的后果.

当然, 可以安装一个有颜色的less, 这就没有什么好说的, 再向下看也就没有意义了.

晚上, 无意中发现ls命令早已经很好的解决这个问题了, 如下:

ls -F / |less

关于-F的作用:
-F, --classify
append indicator (one of */=>@|) to entries

发现了这种用法后, 心中一顿惊讶呀, GNU的工具太无敌了! 考虑的情况可以说是一切变态需求

emerge学习

使用gentoo有一段时间了, 其实还不是很不解它的包机制. 最近常使用, 就随便记录一点点笔记.( 记性一天比一天差了 )

emerge是gentoo的用户级接口. 如下:

emerge [options] [action] [ebuild | tbz2file | file | set | atom] ...

optins和action就常见了, 是命令行的就会有一两个的. 重点在于后面的ebuild, tbz2file等等几个概念.

[ ... | ... | ...]这种结构表示多选一, 就是只为能其中的一种.

命令行最后的"..."表示还可以重复使用前的选项,这里指的是[...]结构

emerge对ebuild的定义为:
1. ebuild, 有几种情况: 包名, 分类/包名, 或者是直接是*.build的完整路径, 这种是最常使用的

2. tbz2file, 这种还不清楚, 不知道是不安装二进制的包.

3. set, 中文也叫集合. 还是比较好理解, 见: A set is a convenient shorthand for a large group of packages. Two sets are currently available: system and world. 这样的集合是早有的. 知道目前只有system和world这两个set就算了解了

4. atom, 什么叫atom? 在portage的man手册中这样描述:
DEPEND atom
A string which matches a package. It is of the form category/package. It may also
contain optional logical operators and versions.
More reading: ebuild(5)

atom重点是有逻辑操作与版本的, 更的信息应该参看ebuild中的DEPEND atom一节.

本人觉得atom这个概念很复杂.


不同的包使用不同的USE, 有如下文件:
/etc/make.profile/
package.use
package.use.force
package.use.mask
文件内的内容:
# force docs for GTK 2.x
=x11-libs/gtk+-2* doc
# unforce mysql support for QT
x11-libs/qt -mysql


还有一个概念: slot , 什么叫slot?
With Portage different versions of a single package can coexist on a system. While other distributions tend to name their package to those versions (like freetype and freetype2) Portage uses a technology called SLOTs. An ebuild declares a certain SLOT for its version. Ebuilds with different SLOTs can coexist on the same system. For instance, the freetype package has ebuilds with SLOT="1" and SLOT="2".

可见, slot是very powerful的东西

如下:
Atom Slots
Beginning with EAPI 1, any atom can be constrained to match a specific SLOT.
This is accomplished by appending a colon followed by a SLOT:
x11-libs/qt:3
~x11-libs/qt-3.3.8:3
>=x11-libs/qt-3.3.8:3
=x11-libs/qt-3.3*:3

升级firefox到最新版本

这两天, 打开firefox老是提示有新版本更新, 于是就开始了:

sudo autounmask www-client/mozilla-firefox-bin-3.0.9

sudo emerge -av www-client/mozilla-firefox-bin

xfce4.4升级到xfce4.6

发现这几天都是升级! 难道是ubuntu新版本发布带来的冲动?

使用emerge包管理方式升级, 其中, 为了方便, 使用到了autounmask这个工具

如下是旧版时:

jessinio@nio-laptop ~ $ sudo emerge -av xfce4

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] xfce-base/xfce4-4.4.3 USE="alsa cups -minimal -oss -xscreensaver" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB


可以知道xfce4套件的放置位置: /usr/portage/xfce-base/xfce4
jessinio@nio-laptop ~ $ ls /usr/portage/xfce-base/xfce4
ChangeLog Manifest metadata.xml xfce4-4.4.3.ebuild xfce4-4.6.1.ebuild

可以确认, portage tree中有xfce4-4.6.1

使用autounmask列出指定版本相关的包:
jessinio@nio-laptop ~ $ sudo autounmask xfce-base/xfce4-4.6.1

autounmask version 0.23 (using PortageXS-0.02.09 and portage-2.1.6.7)

* Using repository: /usr/portage

* Using package.keywords file: /etc/portage/package.keywords
* Using package.unmask file: /etc/portage/package.unmask

* Unmasking xfce-base/xfce4-4.6.1 and its dependencies.. this might take a while..

* Added '=xfce-base/xfce4-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfce4-settings-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfce4-panel-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=x11-themes/gtk-engines-xfce-2.6.0 ~x86' to /etc/portage/package.keywords
* Added '=x11-themes/xfwm4-themes-4.6.0 ~x86' to /etc/portage/package.keywords
* Added '=xfce-extra/xfce4-appfinder-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=net-print/xfprint-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/thunar-1.0.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfce4-session-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfdesktop-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=app-office/orage-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfwm4-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-base/xfce-utils-4.6.1 ~x86' to /etc/portage/package.keywords
* Added '=xfce-extra/xfce4-mixer-4.6.1 ~x86' to /etc/portage/package.keywords
* done!
autoumask就会把上面指定的版本号加入到/etc/portage/package.keywords文件中

发现emerge 还是会有其它的包也需要指定版本的, 如:

jessinio@nio-laptop ~ $ sudo emerge -av xfce4

These are the packages that would be merged, in order:

Calculating dependencies... done!

!!! All ebuilds that could satisfy ">=xfce-base/libxfce4util-4.6.1" have been masked.
!!! One of the following masked packages is required to complete your request:
- xfce-base/libxfce4util-4.6.1 (masked by: ~x86 keyword)

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
(dependency required by "xfce-extra/xfce4-mixer-4.6.1" [ebuild])
(dependency required by "xfce-base/xfce4-4.6.1" [ebuild])
(dependency required by "xfce4" [argument])


这时就需要一个个的autounmask了, 没有发现autounmask没有把全部的依赖都解决. 烦!!!

正找到可以全部依赖都可以解决的方法

对compiz有不乱,,,,

不理解compiz.....

之前安装了x11-wm/compiz

运行compiz命令出Fate Error
运行compiz-manager后, 就没有window manager! 就算是使用了--replace参数启动也是一样, 没有window manager!

只能安装x11-wm/compiz-fusion, 然后运行window-manager就OK了, why???

算了, 对它没有兴趣. 附上compiz的merge 历史

intel驱动与xorg之间的问题

前天, 由于手热, 一把火把xorg和world都update到最新版本了.

于是..... 开始乱来了, 首先, 需要make差不多200个包!

然后, 又开始搞compiz了!

把compiz-fusion安装了, 就是NN的那个慢呀!

3D没有开?

emerge了xorg-server不知道多少次, 使用了所有有可疑的USE, 还是不行.

参照了http://en.gentoo-wiki.com/wiki/Intel_GMA

3D功能开了呀! 就是NND不行

glxgears得到的53.610 FPS, 运行compiz-manager还是很慢

无奈之下, 跑到了http://en.gentoo-wiki.com/wiki/Intel_GMA

看到:
The latest release is xf86-video-intel-2.6.2, which requires xorg-server 1.6.0 or newer.

我日, emerge的xorg不一样的:
jessinio@nio-laptop ~ $ equery list|grep xorg-server
x11-base/xorg-server-1.5.3-r5
jessinio@nio-laptop ~ $ equery list|grep video-intel
x11-drivers/xf86-video-intel-2.6.3


什么意思? gentoo的包超前了??

不理, 降驱动!
jessinio@nio-laptop /usr/portage/x11-drivers/xf86-video-intel $ sudo ebuild xf86-video-intel-2.5.1-r1.ebuild merge


安装后, 使用glxgears还是一样60FPS的样子, 当是运行compiz-fusion可以很流利!

Yes!! 驱动与xorg之间有个问题, 具体不知道.

升级xorg-server

eselecte news中看到xorg有新版本了.

加上firefox在浏览一些网站是会崩溃.


有时间, 于是折腾的想法出来了:

# emerge -av xorg-server

......

Total: 30 packages (25 upgrades, 5 new, 2 uninstalls), Size of downloads: 17,568 kB
Conflict: 2 blocks

!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:

x11-libs/libX11:0

('installed', '/', 'x11-libs/libX11-1.1.4', 'nomerge') pulled in by
x11-libs/libX11[xcb] required by ('installed', '/', 'x11-wm/compiz-0.7.8', 'nomerge')
(and 76 more)

('ebuild', '/', 'x11-libs/libX11-1.1.5', 'merge') pulled in by
>=x11-libs/libX11-1.1.5 required by ('ebuild', '/', 'x11-base/xorg-server-1.5.3-r5', 'merge')
(and 76 more)


It may be possible to solve this problem by using package.mask to
prevent one of those packages from being selected. However, it is also
possible that conflicting dependencies exist such that they are
impossible to satisfy simultaneously. If such a conflict exists in the
dependencies of two different packages, then those packages can not be
installed simultaneously.

For more information, see MASKED PACKAGES section in the emerge man page
or refer to the Gentoo Handbook.


把x11-wm/compiz-0.7.8删除了:
# emerge -C x11-wm/compiz-0.7.8

再次升级:
# emerge -av xorg-server

OK!

emerge完后, 有一个提示:

* IMPORTANT: 2 config files in '/etc' need updating.
* See the CONFIGURATION FILES section of the emerge
* man page to learn how to update config files.


这时就需要伟大的man:
# man emerge

在CONFIGURATION FILES节中:
Tools such as dispatch-conf, cfg-update, and etc-update are also available to aid in the merging of these files. They provide interac-
tive merging and can auto-merge trivial changes.


看dispatch-conf和env-update的man吧


安装完touchpad使用不了

看了一下syntipcs后, 没有什么问题.

决定重新make一次:
# emerge -av syntipcs

出了问题@!!!!

emerge -C syntipcs后重新emerge -av还是不行

然后使用revdep-rebuild

说: libX11没有少了使用xcb标志, 有一些包无emerge

只能重新emerge一次libX11

# sudo USE="xcb" emerge -av libX11

make: *** [synaptics.o] Error 1
*
* ERROR: x11-drivers/synaptics-0.14.6 failed.
* Call stack:
* ebuild.sh, line 49: Called src_compile
* environment, line 2109: Called die
* The specific snippet of code:
* emake || die
* The die message:
* (no error message)
*
* If you need support, post the topmost build error, and the call stack if
* relevant.
* A complete build log is located at
* '/var/tmp/portage/x11-drivers/synaptics-0.14.6/temp/build.log'.
* The ebuild environment file is located at
* '/var/tmp/portage/x11-drivers/synaptics-0.14.6/temp/environment'.


无奈下使用xorg-server的标志去安装:
#sudo INPUT_DEVICES="synaptics" emerge -av xorg-server

安装完后又可以使用了 -_-!!

两种安装方式有什么区别呢? 下面是不同方法使用的不包:

* x11-drivers/synaptics
Latest version available: 0.14.6
Latest version installed: [ Not Installed ]
Size of files: 123 kB
Homepage: http://w1.894.telia.com/~u89404340/touchpad/
Description: Driver for Synaptics touchpads
License: GPL-2

* x11-drivers/xf86-input-synaptics
Latest version available: 1.0.0
Latest version installed: 1.0.0
Size of files: 279 kB
Homepage:
http://cgit.freedesktop.org/xorg/driver/xf86-input-synaptics/
Description: Driver for Synaptics touchpads
License: MIT


奶奶的: MIT vs. GPL

NFS上的root用户

# sudo cp -p Microsoft\ Excel\ 工作表.xls root_change.xls
cp: failed to preserve ownership for `root_change.xls': Operation not permitted

表示, NFS上文件的属主不能为root

# sudo chmod 666 Microsoft\ Excel\ 工作表.xls
chmod: changing permissions of `Microsoft Excel 工作表.xls': Operation not permitted

也不认root用户, 上面的其实如下面的处理是一样的:
# ls -al Microsoft\ Excel\ 工作表.xls
-rw-rw-rw- 1 jessinio nogroup 13824 2009-04-15 10:39 Microsoft Excel 工作表.xls
# su www-data
$ chmod 666 Microsoft\ Excel\ 工作表.xls
www-data@laptop:/nfs$ chmod 666 Microsoft\ Excel\ 工作表.xls
chmod: changing permissions of `Microsoft Excel 工作表.xls': Operation not permitted

操作NFS上的文件之前, 需要判断提交RPC操作请求的用户的(owner:group)与文件的owner:group之间的关系. 如果jessinio用户提交的RPC操作请求是对文件有权限的话, 就可以操作, 如果没有权限的话, 就Error了! 这样的操作用户与NFS的client为主

如果是root用户提交RPC操作请求的话, 全被map到nobody用户了. 这个是防止安全问题存在的.

但是迁移数据, 就是需要cp -p 功能!

这个需求怎么处理呢? 英文描述:
How do I copy files to a NFS mount directory and also preserve the group and user ownership of the files ?

解决这个问题的基本方法有两个, 就是使用setuid( )不断切变用户, 不过这样的脚本写得也是很累的. 还有一个方法: 就是想办法让NFS认得了root用户.

一般情况下, NFS不认root用户这样的做到的:
By default root on a client is mapped to user nobody on an NFS server. This is a security measure.

要做的就是让NFS在exports时, 把root用户map到root. just do this:

NFS Server terminal:

/data0 192.168.52.139(rw,sync,no_subtree_check,no_root_squash)

NFS client terminal:

jessinio@:~$ sudo mount -t nfs 192.168.52.96:/data0 /mnt/nfs/
jessinio@~$ cd /mnt/nfs/
jessinio@:/mnt/nfs$ sudo touch root_permission.txt
jessinio@:/mnt/nfs$ ls -al
-rw------- 1 nobody nogroup 13824 2009-04-15 10:39 root_change.xls
-rw-r--r-- 1 root root 0 2009-04-23 11:32 root_permission.txt


测试cp -p的功能:

jessinio@:/mnt/nfs$ mkdir backup
jessinio@:/mnt/nfs$ sudo cp -rp /mnt/uss/sop /mnt/nfs/backup
cp: cannot open `/mnt/uss/sop/liangqingxi/group.txt' for reading: Permission denied

jessinio@:/mnt/nfs$ ls -al backup/sop/
total 28
drwxrwxr-x 7 root sop 4096 2009-04-20 17:40 .
drwxr-xr-x 3 jessinio jessinio 4096 2009-04-23 11:52 ..
drwxrwxr-x 2 liangqingxi 1009 4096 2009-04-17 16:58 liang
drwxrwxr-x 3 liangqingxi 1009 4096 2009-04-17 17:57 liang_create
drwxr-xr-x 2 liangqingxi over 4096 2009-04-20 11:04 liangqingxi
drwxrwxr-x 2 liangqingxi 1009 4096 2009-04-17 16:58 smb_write
drwxr-xr-x 2 liangqingxi sop 4096 2009-04-18 16:39 sop

文件的owner:group被保留了, 现在只是把上面的一个error了. 那又是为什么呢?

如下:
jessinio@:/mnt/nfs$ ls -al /mnt/uss/sop/liangqingxi/group.txt
-rwxrw---- 1 liangqingxi sop 0 2009-04-20 11:04 /mnt/uss/sop/liangqingxi/group.txt

mount的关系:
192.168.52.139:/tmp/smb on /mnt/local type nfs (rw,addr=192.168.52.139)
192.168.58.79:/data2a/data2a on /mnt/uss type nfs (rw,addr=192.168.58.79)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
192.168.52.96:/data0 on /mnt/nfs type nfs (rw,addr=192.168.52.96)

总体如下:
input = NFS::58.79:/mnt/uss
output = NFS::52.96:/mnt/nfs

因为input的别一个root被map的所以root就没有读的权限, 所以出错!

rpm包管理与yum命令

在工作中, 怎么也会碰到redhat系的系统的, redhat系的影响很大

为了方便工作, 还要需要记得一些此系统的方法, 免得哪天碰上了不会"慌"

其实, 这些都是老掉牙的东西了, 只是本人没有使用, 觉得慌, 这是回顾一下

首先是看man手册了, 首次打开rpm的man, 看到的是我最喜欢的命令行手册布局:

分类出几大类argument, 然后, 不同的argument有不同的options

第一类: QUERYING AND VERIFYING
第二类: INSTALLING, UPGRADING, AND REMOVING
第三类: MISCELLANEOUS

然后是不同的options(按类分):
1. select-options
2. query-options
3. verify-options
4. install-options

奶奶的十分好的man手册

这种结构与svn命令的差不多, svn的第一个是sub-command, 然后是option.
思想相同: 分类



最常使用的几个方法
安装

I 查询
1. 查询rpm系统已经安装了哪些包:
# rpm --query --all

其中, query是表示使用rpm的查询功能, --all是对query行为的补充.

2. 查询某个包包含的文件.
2.1 已经安装的包:
# rpm --query --list perl-LDAP-0.31-5

2.2 没有安装的包:
# rpm --query --list --provides ./nasm-0.98.38-3.FC3.i386.rpm

II 安装与删除
# rpm --install ./nasm-0.98.38-3.FC3.i386.rpm
# rpm --erase ./nasm-0.98.38-3.FC3.i386.rpm

其它的就不用理了, 还没有那需求 ^_^

yum命令

增加中........



BTW::

很少使用redhat系的用户应该注意到一点: 默认的$PATH是不包括/sbin;/usr/sbin等等sbin目录的! ( 我很恶心这种做法!! ), 本人常常被这点鸟东西搞得不知所措

尝试别的输入法系统

之前, 使用第一个linux输入法是fcitx, 这个输入存在比较多的问题, 不过, 它的存在很有意义

再后, 开始使用scim. 比较满意. 但是老是被它那几个环境变量搞烦, 到现在我都不能在urxvt中使用scim( 曾经配置过一次 , 之后再出没有出现过 , 很郁闷 )

今天好奇, 安装了另一个输入法系统: ibus

主要动力是我怎么都不能把scim配置成immodule的方式, google了一把也没有找到( 同事就是使用这种方式, 这种方式是不要使用环境变量去控制的, 问题是同事自己都不知道怎么配置的)

使用起来, 还比较满意.

比较高兴的是ibus可以方便在urxvt环境中使用!

ibus使用的环境变量很少

还是python的, 理想下是有hack的可能 ^_^, 至少不用去看C ( 现在实在没有时间 )

BTW:
emerge后的ibus-table没有五笔table, 本人使用的table也是scim自带的table

emerge的通知方式

使用gentoo有一段时间了, 但是很少去安装软件( -_- 发现有shell后, 对其它的软件需求变少了很多 )

今天使用emerge时, 出现了平时没有的东西:

* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
于是按提示操作:

jessinio@nio-laptop /tmp $ sudo eselect news
Usage: eselect news

Standard actions:
help Display help text
usage Display usage information
version Display version information

Extra actions:
count Show number of unread news items
list List news items
purge Purge read news items
read Read a news item
target News item ID (from 'list' action), or the special item 'new', to list all new news items, or 'all', to show all items
unread Unread a news item
target News item ID (from 'list' action), or the special item 'all', to mark all items as unread

jessinio@nio-laptop /tmp $ sudo eselect news list
Unread news items:
2009-04-06-x_server-1_5 Migration to X.org Server 1.5
Read news items:
(none found)

jessinio@nio-laptop /tmp $ sudo eselect news read 2009-04-06-x_server-1_5
2009-04-06-x_server-1_5
Title Migration to X.org Server 1.5
Author Remi Cardona
Author Christian Faulhammer
Posted 2009-04-06
Revision 1

A lot of changes regarding device recognition and use by the X server
have been introduced in the 1.5 update. As that version is going
stable on all architectures, users should read the upgrade guide [0]
before actually updating the package.

[0] http://www.gentoo.org/proj/en/desktop/x/x11/xorg-server-1.5-upgrade-guide.xml


说X server有更新, 马上查一下自己的X server:
jessinio@nio-laptop /tmp $ Xorg -version

X Window System Version 1.3.0
Release Date: 19 April 2007
X Protocol Version 11, Revision 0, Release 1.3
Build Operating System: UNKNOWN
Current Operating System: Linux nio-laptop 2.6.27-gentoo-r7 #6 SMP Fri Mar 13 10:11:39 CST 2009 i686
Build Date: 27 December 2008
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Module Loader present


^_^ 还有这种通知方式的, NND

NFS与文件锁

要在NFS文件系统上使用文件锁, 是需要client端和server端都运行着如下程序:
[jessinio@storage0 ~]$ ps auxwww|grep rpc
root 739 0.0 0.0 5736 1588 ?? Ss 18Feb09 0:03.99 /usr/sbin/rpcbind
root 804 0.0 0.0 266776 1540 ?? Ss 18Feb09 0:02.94 /usr/sbin/rpc.statd
root 810 0.0 0.0 5752 1872 ?? Ss 18Feb09 1:21.82 rpc.lockd: server (rpc.lockd)
daemon 816 0.0 0.0 5752 1884 ?? I 18Feb09 0:00.03 rpc.lockd: client (rpc.lockd)


否则无法使用文件锁, 例子如下:

jessinio@192.168.55.140 /mnt/test_lock$ svnsync init file:///mnt/test_lock/test_repo http://svn.rdev.xxx.net/matter http://svn.rdev.xxx.net/matter --username liangqingxi
svnsync: Can't get exclusive lock on file '/mnt/test_lock/test_repo/db/write-lock': Operation not supported

要在NFS上正常使用文件锁除了上面说的使用rpc系统的程序之外, 还有一种BT的方法:

如下是FreeBSD的mount_nfs的man描述:

-L Do not forward fcntl(2) locks over the wire. All locks will be
local and not seen by the server and likewise not seen by other
NFS clients. This removes the need to run the rpcbind(8) service
and the rpc.statd(8) and rpc.lockd(8) servers on the client.
Note that this option will only be honored when performing the
initial mount, it will be silently ignored if used while updating
the mount options.

linux下, 没有看到这个参数, 只看到一个貌似的:

mand Allow mandatory locks on this filesystem. See fcntl(2)

samba3 document note

winbind
Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules (PAMs), and the name service switch (NSS) to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine.

total:
Those tech will be used
1. M$ RPC(implementate by winbind)
2. PAM
3. NSS

I:
if windows is primary domain controler, samba is slave domain, so samba need to get users and groups map to system(by M$ RPC calls and nsswitch), user authentic password stay in windows machine(like AD), user login linux use PAM module

We divide the unified logon problem for UNIX machines into three smaller problems:

* Obtaining Windows NT user and group information.
* Authenticating Windows NT users.
* Password changing for Windows NT users.

II:
if samba is primary domain controler, windows is slave domain, so windows need to get users and groups information to system, user authentic password stay in linux machine(like LDAP), user login windows use M$ RPC


what is M$ RPC calls ?

the Microsoft Remote Procedure Call (MSRPC) system, is used for most network-related operations between Windows NT machines, including remote management, user authentication, and print spooling. Although initially this work was done to aid the implementation of Primary Domain Controller (PDC) functionality in Samba, it has also yielded a body of code that can be used for other purposes. just like winbind,
Winbind uses various MSRPC calls to enumerate domain users and groups and to obtain detailed information about individual users or groups. Other MSRPC calls can be used to authenticate NT domain users and to change user passwords. By directly querying a Windows PDC for user and group information, Winbind maps the NT account information onto UNIX user and group names.


域用户在域森林中使用RPC去认证

what is NSS? (Name Service Switch)

below description is got on wikipedia web:

In Unix-like operating systems, the Name Service Switch (NSS) allows Unix configuration databases to be provided by different sources

how many kind sources was supported by NSS ? default, you can check is from /etc/nsswitch.conf

when system user or program want to lookup information database, it will be hook into the operating system at a low level


BTW:
what different between C standard library and GNU C Library ?


what is PAM ? (Pluggable Authentication Modules)

what is NIS+ ?

LDAP认证的samba时的@group与inherit group

搞了N天的samba, 怎么学都觉得samba是一个无底洞.

主要问题有两个.

第一个: 限制用户登陆时使用@group_name的方法出问题
valid users = @sop
不行. 但是如下的几种方法是可以的:

valid users = @"Domain Users"
或者是:
vaild users = liangqingxi

从如下命令中得到提示:
jessinio@machine:/mnt/uss/sop$ sudo net groupmap list

.....(some words)
kspeg (S-1-5-21-1087281994-2111277646-1653592359-1001) -> usbfs
.....(some words)


kspeg被map到usbfs了, 有点与众不同. 于是测试一下:
valid users = @usbfs

可以登陆! -_-! 使用ldap认证的samba的组还是需要/etc/group文件的?

问题是Domain Users也不存在于/etc/group文件, 为什么@后又可以登陆呢?


第二个问题: 用户创建的文件不能inherit父目录的!
-_-! 这个可是使用samba作用文件共享的一个重要功能呀! 没有了它, 就没法实现复杂的权限控制, 还有个屁用.

被烦了不知道多少天! 每天都在想着PPC到底能不能完成.

在google了N天, 都是只有如下几个选项:
acl group control = Yes
inherit owner = user_name
inherit permissions = Yes
inherit acls = Yes
force group = group_name

都些选项都无法替代inherit group(不存在, 我自己起的名)! 如何都到inherit group的效果呢?

jessinio@laptop:~$ mkdir test
jessinio@laptop:~$ sudo chown :sambashare test
jessinio@laptop:~$ cd test/
jessinio@laptop:~$ sudo chmod g+s test
jessinio@laptop:~$ cd test/
jessinio@laptop:~/test$ ls -al
total 8
drwxr-sr-x 2 jessinio sambashare 4096 2009-04-20 09:55 .
drwxr-xr-x 6 jessinio jessinio 4096 2009-04-20 09:55 ..
jessinio@laptop:~/test$ id
uid=1000(jessinio) gid=1000(jessinio) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),113(lpadmin),114(admin),1000(jessinio)
jessinio@laptop:~/test$ touch inherit_group
jessinio@laptop:~/test$ ls -al
total 8
drwxr-sr-x 2 jessinio sambashare 4096 2009-04-20 09:56 .
drwxr-xr-x 6 jessinio jessinio 4096 2009-04-20 09:55 ..
-rw-r--r-- 1 jessinio sambashare 0 2009-04-20 09:56 inherit_group

可以看到, 新创建的文件不是默认的jessinio:jessinio, 变成了jessinio:sambashare, 这时jessinio是可以不在sambashare组中的(由id命令可以看到)

BWT: 难道这也是samba中的unix的原则(这样的事情应该给文件系统)? -_-! 太汗了, 为什么不加多个inherit group选项呢?


发现有一个有意思的事: samba也有hook!不过只是寥寥的几个hook.如:
root preexec = /path/to/script


真希望samba能提供多一点的hook, 方便使用 ^_^

[分享] 中国人的一个特点

从一篇文章中看到, 这个特点分析得很深入, 也很有意思, 内容如下:

中国人有着悠久的传统，每天在书包里带一块砖，用饭盒打一盒单位的水泥回家，经过数月之功，修建一个自己家的小厨房。对于分享和探索，中国人没有多少兴趣。但是，对于像个搬仓鼠一样把外面的资源弄回自己的小家，却人人都有浓厚的兴趣。

祝君好运

又一个同事将要离开公司. 踏向自己更高的方向.

望朋友一路顺风. 有缘再见.

web2py, wget与vim的故事

工作中, 同事使用web2py开发项目, 但是在生产环境中又不方便每个人都有登陆的权限.

看到同事每天来问我要web2py的error, 烦死了. 结果就这样做了:

在http服务器使用auto index把目录的内容发布出去, 下面是apache的配置:

alias /err "/data0/ksmatrix/web2py_for_test/applications/staff/errors/"
<Directory "/data0/ksmatrix/web2py_for_test/applications/staff/errors/">
Options Indexes FollowSymLinks
order allow,deny
allow from all
</Directory>



这样同事就可以使用http去得到error信息了.

但是浏览器中看这个的日志很难看!! -_-

还好, 同事们都是使用vim的, 推介他们一种好的方法:

# wget http://domain/path/to/error/file -O /dev/stdout |vim -


哈哈哈, 使用vim看http中的web2py日志吧! 我也可以省事了 ^_^

symbian原来是使用UTF-8的

嵌入式设备, 一直以为有中文的都是使用FAT32和GB*编码的.

结果在mount中使用codepage参数后, 手机内的中文文件成了乱码.

不使用就正常, -_-! 但是本人的philips mp3就是使用GB*的.

LANMAN and NT password hash

在samba的schema中, 有两个entry:
1. SambaNTPassword
2. SambaLMPassword

这两个hash的计算方法可以使用perl的包得到:
* Crypt::SmbHash
包的说明: http://manpages.ubuntu.com/manpages/jaunty/man3/Crypt::SmbHash.3pm.html


如:
my ($sambaLMPassword,$sambaNTPassword) = ntlmgen $pass; (来自smbldap-passwd程序)

发现python世界也有这种好货! ^_^, 发现外国的开源精神NND牛B! 应该向大家好好学习呀

主页地址: http://barryp.org/software/py-smbpasswd

下面是包的使用方法:

import smbpasswd

passwd = 'mypassword'

print 'LANMAN hash is', smbpasswd.lmhash(passwd)              
print 'NT hash is', smbpasswd.nthash(passwd)

print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)

BTW::
* ubuntu的用户可以方便安装这样的包: # apt-get install python-smbpasswd

python-ldap

一: Connection

二: binding

authentication mechanism:
1. credential
1. SASL

三: Synchronous and Asynchronous
First, for many Python LDAP functions, including almost all of the LDAP operations, there are both synchronous and asynchronous versions.
Synchronous versions, which will block until the server returns a result, have method names that end with _s.

The other operations – those that do not end with _s – are asynchronous. An asynchronous message will begin an operation, and then return control to the program.
The operation will continue in the background. It is the responsibility of the program to periodically check on the operation to see if it has been completed.
异步方式的使用：
>>> con.simple_bind( dn, pw )
8
>>> con.result(8)
(97, [ ])

使用异步需要注意到如下：
1. annot call result() with the same message ID multiple times.
2. The consequence of doing this is that all of the results will be stored until they are fetched. This consumes memory, and can lead to confusing results if result() or result( ldap.RES_ANY ) is called.

related docs: http://www.packtpub.com/article/installing-and-configuring-the-python-ldap-library-and-binding-to-an-ldap-directory