Netwok Gotcha While Upgrading To openSUSE 11.2

Upgraded my machine from openSUSE 11.1 to 11.2. And bumped royally into bnc#546575. There's a typo in /etc/udev/rules/70-persistent-net.rules (an apparent holdout from openSUSE 10.x). So if your machine has a manually configured IP address, check /etc/udev/rules/70-persistent-net.rules before you update. If it contains the string ATTRS{address}, edit it so that it becomes ATTR{address}. Now the network configuration will be preserved after the upgrade.

SSH Works, SCP/SFTP Fails? Check all login scripts

Gaah! Some fool snuck an unconditional echo statement in a global profile. Surefire way to get scp and sftp to stop working. Lines that produce output, or exec statements should be conditionally placed in shell startup scripts. It's best not to have these lines take effect for non-interactive shells. I like to test "$0" to see if it begins with a '-' to determine if a shell is a login shell, and process the rest of the script accordingly. In bash:

case $0 in
-*) # Login shell
    ;;
 *) # non-interactive shell
    ;;
esac

In csh:

switch ($0)
       case -*:
          # login shell stuff

          breaksw
       default:
          # non-interactive stuff
          breaksw
endsw

bash {2..4} Variable Indirection

Bash v4 uses new quoting syntax, $"...", to do locale-specific string translation. Some scripts of mine that used bash-1.14 style variable indrection need to change. I was doing something like this to get the value of a variable whose name is the value of a second variable:

eval var2=$"$var1"

Turns out a variable indirection feature has been around since bash 2! Sheesh!

var2=${!var1}

is the official way to do this. Alternately this should also do:

eval var2=\$${var1}

HOWTO Check if a user or group already exists

Dont directly check with /etc/passwd, or /etc/group for existence of a user or group. This wont look up NIS database entries. A better way is to use getent, part of glibc. Lookup database entry for an existing user:

getent passwd username1 [username2 ...]

Lookup database entry for an existing group:

getent group groupname1 [groupname2 ...]

Identifying Linux distributor and version

The Linux Standard Base makes it really easy to identify the Linux distributor and version for LSB compliant. If the lsb package is installed (redhat-lsb, lsb, asianux-lsb, ...), just run:

lsb_release -i -d

or

lsb_release -a

KDM and XDMCP

After installing OpenSuse 11.1, I wanted to configure my favorite handcrafted WoW login theme, darkportal. The problem was I couldn't preview it without logging off. No problem - I just need to fire up Xephyr and check. So I enabled XDMCP thru the /etc/sysconfig editor, and ran:

xephyr -query localhost -screen 1280x1024 :1

Got a blank screen for my efforts. Grrrr... I ran:

netstat -aunp | grep ":177"

only to figure that kdm was listening at port 177 over IPv6! Recalling an old KDE bug, I edited /etc/X11/xdm/Xaccess to read:

LISTEN 0.0.0.0

and restarted kdm. That did the trick - phew!

[Fix] Slow browsing on Suse 10.2 for some sites

I went fairly bananas trying to figure out why OpenSuse 10.2 was frigging slow on some web sites and not so bad on others. Looking at forums, I ended up disabling ipv6 in Firefox, then disabling ipv6 all together. It didn't help. Eventually, it turned out that the MTU was the problem. It was set to 1500. It required to be brought down to 1492. I couldn't figure that earlier, because our firewall blindly drops all icmp packets. A quick

ifconfig eth0 mtu 1492

or alternately

ip link set eth0 mtu 1492

fixed the problem. Phew! [Hey you newbie network admin types: Set your f/w to allow ICMP unreachable -- fragmentation needed messages. These are type 3, code 4 messages. Don't just blindly block ICMP because you read somewhere that it's unsafe. i.e. in Linux:

iptables -A FORWARD -p icmp --icmp-type fragmentation-needed -j ACCEPT
iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT
...
iptables -A FORWARD -p icmp -j DROP
iptables -A INPUT -p icmp -j DROP

]

Making ntsysv/chkconfig compatible rc scripts

To make a startup/shutdown script that can be used with ntsysv or chkconfig, the script must follow the template:
#!
#
# chkconfig: runlevel startpriority stoppriority
# description: brief, possibly multi-line description \
# follows

For example:
#!/bin/bash
#
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: OpenSSH server daemon


Sharing the GNOME desktop

GNOME now has a built-in VNC service called vino. It's there in Applications->Preferences-> Remote Desktop. Unlike VNC server, the display number used with this desktop is :0.

Resizing mounted partitions

Starting with kernel version 2.6.10, you can resize ext3 partitions using resize2fs program (part of e2fsprogs). While resize2fs could be used to shrink and grow ext3 partitions, the one bundled with e2fsprogs-1.36+ can apparently resize even mounted partitions! Woo hoo!