Adminlog for Gihan's Pink Tie Linux 9

Return to Gihan Marasingha’s home page.

System Specifications

Processor: Pentium II (Deschutes) 350MHz, cache size 512Kb
Memory: 192Mb (3 x 64Mb DIMM, PC100 (?))
Chipsets: Intel 440 BX AGPset, Intel PIIX4E PCI set

PCI devices

Vendor ID

Device ID





IDE controller




Serial Bus Controller




Multimedia Device




Network Controller




Display Controller



  1. Pioneer CD-ROM ATAPI Model (DR-A045) 0105

  2. Fujitsu MPB3043ATU, serial #05306091, ~ 4118Mb

  3. Quantum Fireball CR4.3A, ~4111Mb

Drive 2) is the primary master /dev/hda, 1) is the primary slave /dev/hdb, 3) is the secondary master /dev/hdc.

Other Items

Sound Card: Creative Labs CT4810 (Ensoniq, AudioPCI, etc.)
Video Card: ATI Rage IIC
Ethernet Card: 3Com Etherlink XL PCI, 3C900-COMBO
Monitor: Compaq V500
Modem: Diamond Multimedia, “SupraExpress 336e V+Intl” PnP
Printer: HP Deskjet 550C

Initial Installation of Computer


I removed the Fujitsu 4.3Gb hard drive from my old computer and installed it in the new computer – the installation required me to remove the hard drive cage from the new computer. I had to cut a ‘shopping tag’ to release power cables. I set up the hard drive as master on the primary IDE controller. I installed the Pioneer CD-ROM from the old computer into the new computer as slave on the primary IDE controller. I installed a 64Mb DIMM.


I auto-detected hard drives and turned on ‘Quick POST’.


To start with, the machine hung during the boot process, after printing out ‘LI’ (suggesting that LILO was causing the problems). I booted with a Windows 95 boot floppy and tried to run Windows, resulting in a ‘VFAT Device Initialization Failure’ message. I replaced the master boot program with FDISK \MBR and the machine booted up.

While loading Windows, I received an error stating that Windows would be using ‘MS-DOS compatibility mode’ on the hard drives. I downloaded the following drivers and applications:

I fixed the ‘MS-DOS compatibility’ problem by deleting the NOIDE value for the registry entry:




I reinstalled Pink Tie after somehow buggering up my root partition. I had a large Windows partition on /dev/hda1 and a Linux swap partition of size 250Mb on /dev/hda2. I installed Pink Tie from the install CD. I had problems with the installation if I rebooted from Windows, but things worked fine if I shut down the machine, then restarted it.

I left alone /dev/hda, which contains the swap partition mentioned above. I created a new partition on /dev/hdc, mounted on boot, size 100Mb. I created a /home partition of size 400Mb and a root partition of size 3611Mb (the maximum possible).

I altered the Network Device eth0 so that it would not be activated on boot. I customized the package list as follows:

I had already made a boot diskette, so I skipped this stage.

Chose ATI Mach 64 Rage IIC, 4Mb video card, and DDC Probed Monitor – Compaq V500.


New account for gihan. Didn’t enable network time protocol Chose not to register my system, go to to do this. Ran updatedb as root to create database for the locate program (see if I can automate this at boot-up, maybe install a package).

Went to /usr/bin, did

chmod +s kppp
chmod +s pppd

This is to make kppp and pppd suid root, so that any users can use them. I created the file /etc/kppp.allow, containing the text:

# /etc/kppp.allow
# comment lines like this are ignored
# as well as empty lines


this ensures that only gihan can use kppp.

Created /mnt/win. Added the following to /etc/fstab:

/dev/hda1 /mnt/win vfat rw,noauto,user,async 0 0

Downloaded auctex_11.13-1.noarch.rpm from Installed it with:

rpm -i auctex_11.1301.noarch.rpm

In order to be able to use my Windows key as a meta key, I added the following to the Input Device Keyboard0 section of /etc/X11/XF86Config:

Option “XkbOptions” “altwin:meta_win”

I registered my red hat by clicking on the flashing red exclamation mark on the panel. Added Red Hat Inc. to my GPG ring. N.B. Type rhb_register to get System Profile (i.e. set of rpms). I created a red hat update account with username gihanuk. I called the profile gihanprofile.


I created a group called windows with Start -> System Settings -> Users and Groups, and added gihan to this group. I changed the entry for /mnt/win to:

/dev/hda1 /mnt/win vfat rw,async,umask=007,gid=501

note that 501 is the gid of the group windows. Now only members of the windows group have access to my windows partition. For more information on these options, read the mount(8) man page.

I carried out a few miscellaneous modifications:


I set up my printer. Did this by going to Start -> System Settings -> Printer. For a name, I chose HPD550C, queue type : locally-connected, on /dev/lp0. Chose printer type HP Desk Jet 550C. I then editied the configuration so that the driver would send a form feed after each page.

I installed efax (an easy fax server) from red hat install disk 2 with

rpm -i efax_0.9_18.i386.rpm

I also installed ghostview from install disk 2 with

rpm -i gv_3.5.8-22.i386.rpm

In order to send faxes, please see the man page for fax. The reason I chose to download gv is because there seem to be some problems displaying graphics with kghostview.

I wanted to be able to use the kprinter dialog from within OpenOffice, so I went to /usr/lib/openoffice and ran ./spadmin. I created a new printer, using the Generic Printer driver, with command line kprinter --stdin, called it kprinter, and set it up as the default. N.B. if an OpenOffice document contains graphics, make sure to include them in printing using the options dialog of the print dialog.

Sidebar: rpm usage

The red hat package mangager can be invoked in a number of different ‘modes’. These include: query, install, verify (and others which I have yet to use :)

Let us examine the query mode first, as it is the most complicated. The query mode requires certain select-options. These are options designed to select the package(s) which are to be queried. Query also has query-options. These are specific actions to process for each selected package.


$ rpm -q gcc

Here, I am using query mode (the -q), the select-option is just the name of the package. Note that I do not need to include the version number. There is no query-option. The default is just to print out the names of the packages.

$ rpm -q foo
package foo is not installed

This is what happens if you select an uninstalled package.

$ rpm -qp vte-0.10.25-1.i386.rpm

Here, vte-0.10.25-1.i386.rpm is an uninstalled rpm package in the current directory. The -p select option is used to select such a file.

$ rpm -q gcc –info
Name : gcc Relocations: (not relocateable)
Version : 3.2.2 Vendor: Red Hat, Inc.
Release : 5 Build Date: Tue 25 Feb 2003 13:53:15 GMT
Install Date: Wed 27 Aug 2003 11:14:22 BST Build Host:
Group : Development/Languages Source RPM: gcc-3.2.2-5.src.rpm
Size : 11592745 License: GPL
Signature : DSA/SHA1, Tue 25 Feb 2003 15:04:13 GMT, Key ID 219180cddb42a60e
Packager : Red Hat, Inc. <>
Summary : The GNU cc and gcc C compilers.
Description :
The gcc package includes the cc and gcc GNU compilers for compiling C

Here is an example of a query-option. The option in this case is --info, and shows information about the package.

Please read the rpm man page for more details about modes and options. Have fun!


Made /usr/bin/gpg suid root. Created a gpg key pair with:

gpg –-gen-key

Chose DSA and ElGamal key algorithms. Chose pair of keys of size 1024 bits, expiration 6 months hence, Friday 24 Feb 2004 (in retrospect, I should have chosen several years...).

I entered this data into Evolution. I sent my public key to a keyserver with (but see the note for 5/09/03):

gpg –-send-keys –keyserver B3FC1C7A


Installed xloadimage-4.1-27.i386.rpm, and xscreensaver-4.07-2.i386.rpm (need xloadimage for xscreensaver).

Changed /usr/share/emacs/site-lisp/tex-site.el so that it would use kdvi instead of xdvi (see the Installation section of the auctex info page). I basicalled copied the material from /usr/share/emacs/site-lisp/auctex/tex.el which mentioned xdvi into tex-site.el and changed xdvi into kdvi.

I modified .emacs to give a link between emacs and kdvi. See the kdvi help file: Using Inverse Search -> Setting up your editor -> Emacs.

I also added a forward search facility, again see the relevant section of the kdvi help file. Note that forward search doesn’t seem to work too well.

From Mozilla, I decided to trust the OUCS Certificate Authority for identfying web sites (got this from


I gave Elliott Nichol my GPG fingerprint. He downloaded my public key from a server and checked it with my fingerprint. He emailed me his public key, having encrypted it with my public key. I saved the email as nichol.eml and imported it with:

gpg –-decrypt nichol.eml | gpg --import

I signed Elliott’s key with:

gpg --sign-key Elliott

I then sent it to a keyserver with:

gpg --keyserver --send-keys Nichol

I downloaded the Cisco VPN (Virtual Private Network) client for Linux/Solaris from the OUCS website. I applied for an OUCS Remote Access account.

Before installing the VPN software, I needed to have the kernel source. I ran Start-> System Settings-> Add/Remove Applications and chose Development-> Kernel Development.

I untarred the vpnclient package into /tmp, and ran vpn_install as root. I used the following install options:

Directory in which to store binaries


Start VPN at boot up?


Kernel source directory


Notes :

I edited the file oucs.pcf (download from the OUCS ftp site, along with the source code) to include my user name & group password. I copied this file into the directory /etc/CiscoSystemsVPNClient/Profiles/

In order to get vpnclient to work, I needed to alter my firewall configuration with /usr/sbin/lokkit. I chose a customized confiugration based on medium, and allowed port 500:udp, by typing in 500:udp in the ‘other ports’ section.

I restarted iptables with (note: I now believe the following step is unecessary -- lokkit does it for you):

/etc/rc.d/init.d/iptables restart

Firewall works OK! To use vpnclient, type:

vpnclient connect oucs

I then logged on to OUCS and changed the password.

Finally, I copied the source tarball and documetation to /usr/src/vpnclient


I download Steve Woltering’s key from, saved it as steve.key, then imported it with:

gpg --import steve.key

Finally, I checked Elliott’s signature on Steve’s key by doing

gpg --edit-key Steve

and issuing the command check

I then signed the key (as with Elliott’s key). I found that the best way to send the key to the keyserver was directly, by exporting an ASCII armoured version then copying directly to the website (in this case The command for exporting is:

gpg --armour --export Steve


I created a new user called maggi, from Start -> System Settings -> Users and Groups. I added maggi to /etc/kppp.allow


I created a new user called evelyn (the process is described in the 06/09/03 entry). I added evelyn to /etc/kppp.allow.


I installed tetex-doc from installation disk 3 with:

rpm -i tetex-doc-1.0.7-66.i386.rpm

I changed the file /usr/lib/openoffice/program/sofficerc to contain the text:


this ensures that OpenOffice doesn’t show its splash screen on load-up.


I went to Start -> System Settings -> Network and edited the entry for the 3Com etherlink ethernet card so that it would start when I booted the machine. Note that for this to work properly, I first had to connect my card to my new Netgear DG814 Router with an ethernet cable. Note also that it didn’t work with the cable supplied by Netgear. If I wish to use my old dial-up modem, I first have to deactivate the ethernet card (but see 25/09/03 below).


Installed maple9. I installed it in the directory /usr/local/maple9 (installed as root). I then went to /usr/bin and made the following symbolic links:

ln --symbolic /usr/local/maple9/bin/maple maple
ln --symbolic /usr/local/maple9/bin/xmaple xmaple

Finally, I added maple9 items to my panel menu. N.B. use maple -cw for the classic worksheet interface.

To solve the problem with having to deactivate the ethernet card before using my modem, I did the following:

I went to Start -> System Settings -> Network. I created a new device, a modem. After creating the device, I went to the hardware tab and modifed the settings for ‘generic modem’ to give it hardware flow control and a baud rate of 115200. Now to activate the modem, I merely need to go to Start -> System Tools -> Network Device Control (instead of kppp).


Set up broadband -- a real pain in the ass.

I first took down the firewall with /usr/sbin/lokkit (see above).

The router would not detect the WAN when it was connected to the extension socket in our study. I therefore connected it to the socket in Evelyn’s bedroom, running an extension lead over to our study (so the router is in our study). I set up the router with the web interface, using the setup wizard. I saved the configuration to the file ~/broadband/netgear.cfg.

In order to get Internet Explorer to understand the network (on Maggie’s machine), I went to Internet Options->Connections and selected ‘Never dial a connection’. To get it to work on my Linux box, I went to Start->System Settings->Network. I selected the eth0 ethernet device and edited it by entering in my static IP address (but see below).

There were some problems (loose cable). While fixing the problems, I edited the eth0 device again, and chose to ‘Automatically obtain IP address settings with DHCP’ and to ‘Automatically obtain DNS information from provider’. I now need to put the firewall back up. I did this by using /usr/sbin/lokkit, exactly as described in 03/09/03.


I went to the red hat network ( and downloaded the new up2date rpms (these being up2date and up2date-gnome). I checked the md5 sums and installed them with:

rpm -Fvh up2date-*

I then updated my package list with:

up2date -p

I then did the update by running the rhn panel applet rhn-applet-gui. I chose to install all the packages (except the kernel packages). This took some time! (approx 2 hours)

After insatlling the new up2date packages, I had problems running rhn-applet-gui. It would come up with an error message about configuation problems. I found a solution at the website

It suggested that I run:

killall gconfd-1

This appears to have fixed the problem.

I downloaded the alien rpm from, and installed it.

I downloaded timidity++-2.11.3-6.i386.rpm (though I had a local copy...) and installed it. Now MIDI works just fine (except that I need to somehow hook it into arts...).

I downloaded and installed the mpeg video and audio player xine from the red hat website. xine is pretty buggy, so I will probably get something else. Indeed, I found something better, namely VLC (VideoLAN Client), on

I needed to download quite a few rpms to get VLC to work, these were:

Required libraries and codecs:

I installed them with rpm -U *.rpm

I finally erased xine!

I wanted to install RealPlayer. I found an appropriate rpm, namely RealPlayer9- This rpm required a file, to be found in openmotif21, which I installed from the Red Hat install disk 2, with:

rpm -Uvh openmotif21-2.1.30-8.i386.rpm

I then installed RealPlayer9. It works, but much slower than the Windows version.


I downloaded a Macromedia Flash plugin for Mozilla 1.1 for Red Hat 9 from I installed it with:

rpm -Uvh flash-plugin-6.0.79-1.i386.rpm

I also used up2date to get new versions of openssl and openssl_devel.

I installed ximian evolution 1.4.4 from their website, by running

wget -q -O - |sh

as root, hopefully this should clear up the ping problem.


Used lokkit to let ssh through the firewall (in addition to 500:udp). Also enabled port forwarding on the router, for port 22 (N.B. for the IP address, I needed to enter the private IP address of my computer). Note that the RSA key fingerprint for my host is:


I discovered this simply by trying to connect to my host and reading the error message!


Changeed the file /etc/ssh/sshd_config by adding the line

PermitRootLogin no


I wanted to get timidity++ to ‘hook into’ my sound server, so I tried the following:

Installed the timidity++ source rpm from the source cdroms. Note that this installs into


I copied the files to a temp directory and decompressed the tarball. I ran ./configure --help to show me which options I needed. Having done this, I returned to


and edited timidity++.spec by changing the ./config lines to:

./configure --enable-dynamic \
--enable-audio=oss,arts,esd,vorbis,alsa \ --enable-ncurses --enable-slang \
--enable-vt100 \
--enable-server --enable-network \
--without-x \

I then ran rpmbuild -bb timidity++.spec, but I received an error message telling me that arts-devel and esound-devel were required. I installed these rpms, along with audiofile-devel (which was required by esound-devel). I then ran rpmbuild -bb timidity++.spec once more. This chundered along for a while, then spewed out some errors. Looking carefully, I realised that the errors were due to the fact that it libasound, alsaseq_c.c was missing (i.e. I need to install the alsa library). I uninstalled arts-devel, esound-devel an audiofile-devel. Have to try again another day!

Addendum: I had to reinstall arts-devel after xmms started complaining:

[gihan@localhost media]$ arts_init error: loading the aRts backend "/usr/lib/" failed

I thought: at the same time, why don’t I enable xmms to play mp3’s? So I went to and downloaded and installed the file xmms-mpg123-1.2.7-21.i386.rpm


Set-up ntp stuff. Went to Start->System Settings->Date & Time and chose to use NTP, with NTP server


I changed my DHCP hostname to gauss by going to Start-> System Settings -> Network. I chose the eth0 device, and edited it appropriately.
I installed the kdepim package from my install disks.


I installed the enigmail gpg plugin for Mozilla by visiting as root, and choosing the appropriate installs for Red Hat 9 and Mozilla 1.2.1.
I altered my firewall with /usr/sbin/lokkit by adding port 6587 to the list (port 6587 is for my game konnect4!). I changed the local hostname to gauss.localdomain with Start -> System Settings -> Network.
I manually edited the file /etc/hosts and added the line:
a.b.c.d gauss.localdomain gauss
where a.b.c.d is my private IP address.


I wanted to set up sendmail to send email over the Internet. I installed the packages sendmail-cf and sendmail-doc from my CDs. The Red Hat Network Alert Icon indicated that I needed to update these packages, so I did.


Changed the hostname to with Start->System Settings->Network and the DNS tab.


Installed koffice and quanta (the latter being an HTML editor).  May decide to remove koffice and quanta later!


Enabled port forwarding for SMTP on my router. Let SMTP through my firewall with lokkit.


Generated ssh keys on kyle and copied them to my local machine. This simplifies logging in to my local machine. See the maths institute computing FAQs for more information.


Note that another way to send emails is as follows:

/usr/sbin/sendmail -t
From: Gihan Marasingha <>
Subject: Email from Gihan.
This is the body of the very important email from Gihan.
End the email with Ctrl-D. Note that the use of -f results in an X-Authentication-Warning.

I changed the hostname/domain back to gauss.localdomain, as described on 14/10/03.

Generated ssh keys on my local machine and transfered them over to my maths institute account. This simplifies logging in to my maths account.

I created a file called syncthesis in the /etc/cron.daily directory with permissions 755 and with the following content:

/home/gihan/bin/localtomaths > /dev/null 2>&1
/home/gihan/bin/mathstolocal > /dev/null 2>&1
This is used for synchronizing my maths institute account with my local copy.


I wanted to enable full-duplex on my Ethernet card. Had to do this from Windows! Went to and chose the 3C900B-COMBO. I downloaded the utility program windiags.exe. This archive contained the program update.exe. Running update.exe /diag installed the diagnostics software, from which I could enable full-duplex support. Note that Pink Tie didn't pick up the NIC the first time I rebooted the machine after the switch.

I tried to remove the games from my system with the Add/Remove packages program. This failed due to dependency problems (kdegames is needed by kdeaddons). So I used rpm -e to manually uninstall the packages joystick, Maelstrom, chromium, freeciv, gnome-games, tuxracer and xboard. The kdegames package still remains on my computer.


I wanted to install the ethereal network analyser. I installed it from my red hat CDs. It required the net-snmp and libpcap packages, which I also installed. I also installed the ethereal-gnome package.


I disabled SMTP port forwarding on the router and changed my firewall to block port 25.


I installed the source code package for xscreensaver (so that I can figure out how to turn my program fire into a screensaver. Note the code for xflame).


I installed Adobe Acrobat 5.08. I did this by downloading the appropriate tarball from Adobe's website, then running the install script as root. This insalled the reader into /usr/local/Acrobat5/. I created a symbolic link with:

ln --symbolic /usr/local/Acrobat5/bin/acroread /usr/bin/
Note that running acroread didn't work initially. I searched the web and found that the environment variable LANG should be set to C, i.e. type
export LANG
at the shell. I may want to put this in my .bashrc script, or something!

To get the mozilla plugin working I did:

ln -s /usr/local/Acrobat5/Browsers/intellinux/ /usr/lib/mozilla/plugins/
I also added the line export LANG=C to my ~/.bashrc file.

I didn't much like RealPlayer9, so I decided to try out RealPlayer 8. First, I removed RealPlayer9 with rpm -e RealPlayer9. Then I downloaded RealPlayer 8. I found the rpm by going to about:plugins in mozilla and following links till I got to the right place. I downloaded the file, then executed:

mv rp8_linux20_libc6_i386_cs2_rpm rp8.linux20.libc6.i386.cs2.rpm
rpm -ivh rp8.linux20.libc6.i386.cs2.rpm
Note that RealPlayer 8 has problems with Red Hat 9 (something to do with NTPL, whatever that is). So to get it to work, you have to do set the following environment variable:
export LD__ASSUME_KERNEL=2.2.5
What I did was to rename the realplay binary (in /usr/lib/RealPlayer8) to realplay.orig, then create a file in /usr/lib/RealPlayer8 called realplay and having the following content:
export LD_ASSUME_KERNEL=2.2.5
exec realplay.orig $*
I also changed it's mode to 755.


Ran the red hat update agent. Updated coreutils, cups, ethereal, etc.

Changed my screen resolution to 1024x768 with the red hat Display tool (Start -> System Settings -> Display)


Installed MozillaFirebird and thunderbird into directories in /usr/local, I made sybolic links to the binaries in /usr/bin.

Removed evolution with rpm.

I removed the openoffice-1.0.2-4 rpm package in preparation for installing openoffice 1.1.0. I downloaded the openoffice 1.1.0 tarball, unpacked it and installed it with the enclosed install script (as root of course!). I then performed a user install by deleting my ~/.openoffice directory and running the setup script in /usr/local/OpenOffice.org1.1.0/


Removed the file syncthesis, mentioned in 18/10/03, as it didn't seem to be doing anything. I instead created a file called syncthesis in ${HOME}/bin/ which basically does the same thing.


I downloaded the latest gnucash rpm for Red Hat 9 (which is gnucash-1.8.7-1.9.i386.rpm), and I installed it with:

rpm -Fvh gnucash-1.8.7-1.9.i386.rpm


Downloaded 'John the Ripper' password cracker and built it with

make linux-x86-mmx-elf


Installed the samba, samba-client, samba-common and redhat-config-samba rpms from the distribution cds.

I used redhat-config-samba to set up a samba account for maggi.


Inserted the line OEMComputer.localdomain OEMComputer
into my /etc/hosts file

I had previously updated my kernel to version 2.4.20-24.9 due to a security vulnerability in the previous version. This broke my vpn package, so I downloaded and installed the new kernel source from the red hat network.

I downloaded the new Cisco vpn client from the OUCS ftp site. The new version is 4.0.1.A-k9. I extracted the tarball and ran the vpn_uninstall script (from the tarball) to remove the previous version. I then ran the install script vpn_install and chose the default compile options. I entered mycopied the files oucs.pcf from the distribution to /etc/CiscoSystemsVPNClient/Profiles/. I started the vpn module with /etc/init.d/vpnclient_init start. I changed the permissions of /etc/CiscoSystemsVPNClient and its subdirectories/files to be more restricitive. Finally, I deleted the contents of /usr/src/vpnclient and copied the tarball and documentation for the new version into /usr/src/vpnclient.


Decided to install Apache. I used the "Add or Remove Programs" program to install the following rpms: gd, httpd, httpd-manual, hwcrypto, mod_perl, mod_python, mod_ssl, php, php-imap, php-ldap, squid, tux and webalizer.

To start Apache, run /usr/sbin/apachectl start as root. You can figure out how to stop it!

I modified /etc/httpd/conf/httpd.conf by changing the value of ServerAdmin to my cwc email addresss, I also commented out the

UserDir disable
line and uncommented the
UserDir public_html
line. This means that to get to userA's webpage, point your browser at http://a.b.c.d/~userA/ and userA should put their files in ~/userA/public_html. I created such a directory and changed permissions appropriately (had to make my home directory world-executable and the public_html directory have permissions 755). I let http through the firewall with lokkit.

I installed the mysql rpm. I had to install perl-DBD-MySQL and perl-DBI at the *same time* (i.e. with one invokation of rpm) for this to work. I installed the mysql-server rpm. N.B. to start mysql, run /etc/rc.d/init.d/mysqld start. I installed the php-mysql package.


In order to get swat to actually work, I used the redhat-config-services program, and ticked off swat. Need to do something to xinetd if I watned to enable it manually.


Decided to go with unencrypted passwords with samba, so I modified the HKLM\System\CurrentControlSet\Services\VxD\VNETSUP registry entry on the client computer by adding the DWORD EnablePlainTextPassword with value 1.

I used swat to configure my samba system. I used the wizard and chose:

Server Type:Stand Alone
Configure WINS As:Not Used
Expose Home Directories:Yes

I then went to the password section and created a password for maggi.


My printing was real slow so I decided to try a different driver. I went to Start->System Settings->Printing and changed the driver to cdj550. This seems to have made an improvement.