spugbrap’s blog

This afternoon, at work, a dialog popped up from the LANDesk Security and Patch Manager. That’s fine, and all, I don’t mind having the IT people making security patches automatically get installed on my work laptop, when I’m at work.

But, what pisses me off is the dialog that it gave me:

At first glance, it looked like it was giving me up to 2 hours to get to a stopping point in my work, before it would force the update to take place. I’m not thrilled with having a deadline before a forced upgrade, but I understand that the sysadmins have tens of thousands of workstations to maintain security on, and the laptop belongs to the company, and so forth. At least this was nicer than forcing the update to happen right away, right?

But then I tried to go back to my work, and it showed its true colors. The stupid LANDesk countdown window (and its parent window) are “always on top”, and do not respond to Minimize messages. There is no minimize icon on the window’s title bar, and the “Show Desktop” shortcut (which usually minimizes everything, even things that don’t have ‘minimize’ options of their own) was ineffective against this LANDesk dialog.

Without getting this dialog to go away, getting any more work done was going to be difficult. :( I did figure out that I could drag that window out of the way, so the leftmost edge of it was just barely visible on the rightmost edge of my screen. Also, my TextPad window had an Always on Top option, which allowed me to bring it above the LANDesk window. But I was already distracted from my work, so I decided to take a couple screenshots, blog about this, and tell it to go ahead and install.

This will not be of use to many, if any, but I expended effort trying to figure out how to solve this today, so I’m posting it here for future reference, if nothing else.

Today, at work, I ssh’d to my home computer, and tried to run ‘screen -r -d‘, to reattach to an existing session of gnu screen at home. Here’s what happened:

$ screen -r -d
There is no screen to be detached.

I knew this was not true, so I tried this:
$ screen -list
No Sockets found in /tmp/uscreens/S-myusername.

I didn’t believe it, because I knew I had an existing session open, so I looked for myself:
$ ls -l /tmp/uscreens/S-myusername/
total 2
-rw——- 1 myusername None 54 Jul 24 14:35 1696.tty0.spugbrap-home
-rw——- 1 myusername None 54 Aug 2 14:19 3500.tty0.spugbrap-home

I saw it right there, so I looked to see if one of the processes that I had running in my existing screen session was still running:
$ ps | grep perl
3204 368 3204 1760 13 1003 14:20:05 /usr/bin/perl

Sure enough, there it was… So, I took a look at my SockDir on my laptop, at work, to see if permissions might be involved in some way:
$ ls -l /tmp/uscreens/S-myusername/
total 3
srwx—— 1 myusername None 53 Aug 2 14:18 2568.tty1.dave-laptop
srw——- 1 myusername None 53 Jul 4 01:05 3600.tty1.dave-laptop
srw——- 1 myusername None 53 May 15 15:42 960.tty1.dave-laptop

Ah hah! There was a difference! The ’s’ at the beginning of the permissions list on my laptop’s SockDir contents, but not on my home machine’s.

So, I went searching for what the heck that ’s’ stands for, since usually, if anything, I either see an ‘l’ (L) or a ‘d’. I checked the help, info, and man pages for ‘ls’ and ‘chmod’, but didn’t find anything that actually matched this flag. The closet thing was ’suid + executable’, but when I tried to chmod that onto one of my files, the permissions showed ‘-rws——’, which is not what I was looking for.

A google search or two, for things like ‘srwx——‘, ‘srw——-‘, ‘srwx srw‘, ‘cygwin srw‘, etc. didn’t turn up anything useful - at least not in the first pages of results.

I tried looking at my laptop’s SockDir in windows explorer, and looking at the advanced security properties of one of the files. Nothing looked interesting. Then I looked at it from a command prompt (4nt), and saw this:
[c:\]dir c:\cygwin\tmp\uscreens\S-myusername
[…]
0 bytes in 0 files and 2 dirs

Oops, let’s try with ‘attrib’ instead of ‘dir’:
[c:\]attrib c:\cygwin\tmp\uscreens\S-myusername
__SA_ C:\cygwin\tmp\uscreens\S-myusername\2568.tty1.dave-laptop
__SA_ C:\cygwin\tmp\uscreens\S-myusername\3600.tty1.dave-laptop
__SA_ C:\cygwin\tmp\uscreens\S-myusername\960.tty1.dave-laptop

Ah hah! The ’system’ and ‘archive’ attributes were set on these files. So, I verified that these flags were NOT set on the files on my home machine:
$ attrib “c:\\cygwin\\tmp\\uscreens\\S-myusername\*”
C:\cygwin\tmp\uscreens\S-myusername\1696.tty0.spugbrap-home
C:\cygwin\tmp\uscreens\S-myusername\3500.tty0.spugbrap-home

Sure enough, there’s the difference. So, I set the ’system’ attribute on those files (didn’t bother with ‘archive’ attribute, though I’m not sure what causes it to be there on my laptop but not on my home):
$ attrib +”c:\\cygwin\\tmp\\uscreens\\S-myusername\*”

Verified that it worked:
srw——- 1 myusername None 54 Jul 24 14:35 1696.tty0.spugbrap-home
srw——- 1 myusername None 54 Aug 2 14:19 3500.tty0.spugbrap-home

Then, I tried connecting to my existing session, and it succeeded.

While preparing this post, I experimented a little bit more, and noticed that, for some reason, my home pc is not creating these screen socket files with the required ’system’ attribute at all, anymore. I’m not sure why this is happening, now, because I can’t think of anything I’ve done, recently, that might have caused any different behavior as far as permissions and such.

I will post again if I figure this out, but for now I am content with adjusting the attribute manually. In theory, I can keep each screen session alive until my next reboot (which is rare), so I shouldn’t have to do too many manual adjustments like this. I also welcome any comments on how to solve this problem, or any other useful tips for effectively using gnu screen in cygwin.

This is far from complete, and could use a lot of detail such as links
to the web sites I mention in here, etc. Maybe I’ll update it later
with that information.

- can’t write to NTFS in Parallel Knoppix
- openmosix terminal server lets slave nodes boot from image stored on
master HD, but that requires:
- slave notes have network boot capability (PXE)
- may require BIOS flash upgrade
- may need to change options in BIOS setup
- enable network boot/PXE option
- change boot order to try network first
- master needs to load drivers for relevant NICs on slaves
- sometimes challenging to find which driver
- pcimodules
- dmesg
- lspci -v
- creative google searching
- drivers in other OSes on that machine may provide clues
as to exactly which model number/chipset/etc. a NIC is, so you can
then google those numbers in search of info on which driver to use in
knoppix.. check hardware properties in windows device manager, etc.,
and look at driver versions/details.
- checking all drivers in list requires much more disk space on master
- GUI driver checkbox list very slow
- i liked to just edit the terminal server startup script,
modifying the regular expression that checks certain checkboxes on the
list by default. but that was probably more trouble than it was worth
to try and tell someone else to do.
- if BIOS doesn’t support PXE, download driver in a boot disk
image from the etherboot project, at http://rom-o-matic.net, then
write that image to a floppy with RAWRITE tool, and boot a slave from
that floppy.
- need to copy cd image to master HD for slaves to remote-mount
- plug master and slaves into one hub/switch, isolated from internet,
etc, and disable any network hardware that is not relevant. this may
not be required, but it simplifies things, so it’s more likely to
work.
- couldn’t get parallelknoppix to use my USB HD with FAT partition for
permanent storage for the terminal server. could use the drive
normally in parallelknoppix, but not for the main purpose i needed
non-NTFS storage for.
- machines with too little memory couldn’t have a large enough ram
disk, so they didn’t want to be master

- tried in vain to get clusterknoppix or parallelknoppix working on my
network at home, attempting with 6 different machines, in various
combinations, spending a total of probably 40 hours on this task. it
pains me to say that I never did get a useful cluster working at home.
luckily, our group was able to get one working between our 4 laptops,
in a matter of only about 4 hours, including recording a 30 minute
video of the process after somewhat perfecting it.

- when a master’s terminal server is running and slaves are connected,
they mount a directory on the master, and they are able to read/write
files anywhere in that directory tree. supposedly this is not
designed to be secure, it’s designed to be quick and easy and used in
environments that are as secure as they need to be.

- ClusterKnoppix
- hardware support nicer for me (such as mouse buttons)
- includes CaptiveNTFS for mounting NTFS partitions read/write
instead of read-only
- openmosix viewer seemed to automatically see other
ClusterKnoppix machines on the LAN, and automatically clustered them
and showed their processor usage in the one viewer window, but that
only worked for me two weeks ago. last week when I tried again, I
couldn’t get any 2 machines in my house to recognize each other as
nodes to cluster.

- challenges I encountered with Fedora:
- tried to install fedora on several machines, but the only
install that really worked out well was on a machine that I dedicated
to fedora.
- I let fedora start with an empty hard disk and partition it
automatically, etc. that machine worked out fine, and that’s what I
ended up doing my individual assignment on.
- was able to easily:
- use sendmail for local email
- create samba shares that my windows machines could mount
- read ntfs, and write ntfs as well after i played
with the mount command/options
- set up web server, vnc server, etc
- one machine took 7 hours to install from the 4 fedora CDs.
painful. then, it was not even able to start up after the install.
kept hanging during the fedora startup sequence.
- another machine had the same kind of hanging issue, but did
not take nearly as long to install initially.
- tried obsessively to get fedora to install and boot off of
an external USB hard drive.
- various discussion threads can be found by googling
which explain step-by-step how people have accomplished this.
- it was not simple/straightforward whatsoever, and I
never did get it to work, after spending probably 20+ hours on it over
the course of several days.
- getting it to install on the usb drive was the easy
part. getting it to boot from it was not.
- the main reason for trying to do this was because most
of my machines only have NTFS partitions, and fedora wasn’t crazy
about that fact. so I wanted to be able to install it on FAT or ext3
partitions on the external HD, so I could avoid messing with my work
laptop’s hard drive and stuff.
- managed to corrupt the MBR on my work laptop in the process
- found useful NT admin password resetter tool, which
allowed me to then boot from the windows XP setup CD and go into the
Recovery Console, where the FIXMBR command saved me.
- two other machines at home were disqualified by the fact
that they only had NTFS partitions.

Sybase (ASE 12.5) error message I was getting when trying to modify a column’s metadata/attributes:
The ’select into’ database option is not enabled for database ‘myDbName’. ALTER TABLE with data copy cannot be done.
Set the ’select into’ database option and re-run.

Solution that worked for me (including the column-altering command in the middle):

USE master;
EXEC sp_dboption “myDbName”,”select into/bulkcopy”,true;
COMMIT;
USE myDbName;
ALTER TABLE myTableName
MODIFY myColumnName varchar(60) NOT NULL;
USE master;
EXEC sp_dboption “myDbName”,”select into/bulkcopy”,false;
COMMIT;

References:

Ed Barlow’s “fix_db.pl” script, which I happened to find the solution in when grepping my local machine.
http://www.edbarlow.com/document/utilities/readme.htm This page, where I stumbled across the solution eventually, as one of many google search results. I had result pages open in several windows, and was looking through them when I noticed the grep results.
http://www.devx.com/vb2themax/Tip/18583