1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Broken hard link handling with sshfs
</title>
11 <link>http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html
</guid>
13 <pubDate>Mon,
30 Aug
2010 19:
30:
00 +
0200</pubDate>
15 <p
>Just got an email from Tobias Gruetzmacher as a followup on my
16 <a href=
"http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html
">previous
17 post about sshfs
</a
>. He reported another problem with sshfs. It
18 fail to handle hard links properly. A simple way to spot this is to
19 look at the . and .. entries in the directory tree. These should have
20 a link count
>1, but on sshfs the count is
1. I just tested to see
21 what happen when trying to hardlink, and this fail as well:
</p
>
25 ln: creating hard link `bar
' =
> `foo
': Function not implemented
29 <p
>I have not yet found time to implement a test for this in my file
30 system test code, but believe having working hard links is useful to
31 avoid surprised unix programs. Not as useful as working file locking
32 and symlinks, which are required to get a working desktop, but useful
33 nevertheless. :)
</p
>
35 <p
>The latest version of the file system test code is available via
37 <a href=
"http://github.com/gebi/fs-test
">http://github.com/gebi/fs-test
</a
></p
>
42 <title>Sikkerhetsteateret på flyplassene fortsetter
</title>
43 <link>http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html
</link>
44 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html
</guid>
45 <pubDate>Sat,
28 Aug
2010 10:
40:
00 +
0200</pubDate>
47 <p
>Jeg skrev for et halvt år siden hvordan
48 <a href=
"http://people.skolelinux.org/pere/blog/Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html
">samfunnet
49 kaster bort ressurser på sikkerhetstiltak som ikke fungerer
</a
>. Kom
51 <a href=
"http://www.askthepilot.com/essays-and-stories/terrorism-tweezers-and-terminal-madness-an-essay-on-security/
">historie
52 fra en pilot fra USA
</a
> som kommenterer det samme. Jeg mistenker det
53 kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har
54 veldig sans for piloten omtalt i
<a
55 href=
"http://www.aftenposten.no/nyheter/iriks/article2057501.ece
">Aftenposten
</a
> 2007-
10-
23,
56 og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir
57 ikke meg trygghetsfølelse på flyplassene når jeg ser at
58 flyplassadministrasjonen kaster bort folk, penger og tid på tull i
59 stedet for ting som bidrar til reell økning av sikkerheten. Det
60 forteller meg jo at vurderingsevnen til de som burde bidra til økt
61 sikkerhet er svært sviktende, noe som ikke taler godt for de andre
64 <p
>Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut
65 fra Internet som forklarte hva som er galt med sikkerhetsopplegget på
66 flyplassene, og folk skrev ut og la en bunke på flyplassene når de
67 passerte. Kanskje det ville fått flere til å få øynene opp for
70 <p
>Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg
71 forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det
72 er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de
73 delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og
74 at dette går ut over inntjeningen til flyselskapene. Det er antagelig
75 en god ting sett fra et miljøperspektiv, men det er en annen sak.
</p
>
80 <title>Skolelinux i Osloskolen
</title>
81 <link>http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html
</link>
82 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html
</guid>
83 <pubDate>Thu,
26 Aug
2010 22:
25:
00 +
0200</pubDate>
85 <p
>Denne høsten skal endelig alle Osloskolene få mulighet til å bruke
86 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
>. Ny IT-løsning
87 har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før
88 sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i
89 høst. På alle skolene skal en kunne velge ved installasjon om en skal
90 ha Windows eller Skolelinux på maskinene, og en kan i tillegg
91 PXE-boote maskinene over nett som tynne klienter eller diskløse
92 arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i
93 bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg.
95 <a href=
"http://www.logica.no/
">Logica
</a
> med
96 <a href=
"http://www.slxdrift.no/
">Skolelinux Drift AS
</a
> som
97 underleverandør, og jeg har vært involvert i utviklingen av løsningen
98 via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er
99 fantastisk at Skolelinux er kommet så langt siden vi startet i
2001 at
100 alle elevene i Osloskolene nå skal få mulighet til å bruke
101 løsningen. Jeg håper de vil sette pris på alle de
102 <a href=
"http://www.skolelinux.no/linux-signpost/
">fantastiske
103 brukerprogrammene
</a
> som er tilgjengelig i Skolelinux.
</p
>
108 <title>Broken umask handling with sshfs
</title>
109 <link>http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html
</link>
110 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html
</guid>
111 <pubDate>Thu,
26 Aug
2010 13:
30:
00 +
0200</pubDate>
113 <p
>My file system sematics program
114 <a href=
"http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
">presented
115 a few days ago
</a
> is very useful to verify that a file system can
116 work as a unix home directory,and today I had to extend it a bit. I
'm
117 looking into alternatives for home directory access here at the
118 University of Oslo, and one of the options is sshfs. My friend
119 Finn-Arne mentioned a while back that they had used sshfs with Debian
120 Edu, but stopped because of problems. I asked today what the problems
121 where, and he mentioned that sshfs failed to handle umask properly.
122 Trying to detect the problem I wrote this addition to my fs testing
126 mode_t touch_get_mode(const char *name, mode_t mode) {
128 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
132 if (-
1 != fstat(fd,
&statbuf)) {
133 retval = statbuf.st_mode
& 0x1ff;
140 /* Try to detect problem discovered using sshfs */
141 int test_umask(void) {
142 printf(
"info: testing umask effect on file creation\n
");
144 mode_t orig_umask = umask(
000);
146 if (
0666 != (newmode = touch_get_mode(
"foobar
",
0666))) {
147 printf(
" error: Wrong file mode %o when creating using mode
666 and umask
000\n
",
151 if (
0660 != (newmode = touch_get_mode(
"foobar
",
0666))) {
152 printf(
" error: Wrong file mode %o when creating using mode
666 and umask
007\n
",
160 int main(int argc, char **argv) {
167 <p
>Sure enough. On NFS to a netapp, I get this result:
</p
>
170 Testing POSIX/Unix sematics on file system
171 info: testing symlink creation
172 info: testing subdirectory creation
173 info: testing fcntl locking
174 Read-locking
1 byte from
1073741824
175 Read-locking
510 byte from
1073741826
176 Unlocking
1 byte from
1073741824
177 Write-locking
1 byte from
1073741824
178 Write-locking
510 byte from
1073741826
179 Unlocking
2 byte from
1073741824
180 info: testing umask effect on file creation
183 <p
>When mounting the same directory using sshfs, I get this
187 Testing POSIX/Unix sematics on file system
188 info: testing symlink creation
189 info: testing subdirectory creation
190 info: testing fcntl locking
191 Read-locking
1 byte from
1073741824
192 Read-locking
510 byte from
1073741826
193 Unlocking
1 byte from
1073741824
194 Write-locking
1 byte from
1073741824
195 Write-locking
510 byte from
1073741826
196 Unlocking
2 byte from
1073741824
197 info: testing umask effect on file creation
198 error: Wrong file mode
644 when creating using mode
666 and umask
000
199 error: Wrong file mode
640 when creating using mode
666 and umask
007
202 <p
>So, I can conclude that sshfs is better than smb to a Netapp or a
203 Windows server, but not good enough to be used as a home
206 <p
>Update
2010-
08-
26: Reported the issue in
207 <a href=
"http://bugs.debian.org/
594498">BTS report #
594498</a
></p
>
209 <p
>Update
2010-
08-
27: Michael Gebetsroither report that he found the
210 script so useful that he created a GIT repository and stored it in
211 <a href=
"http://github.com/gebi/fs-test
">http://github.com/gebi/fs-test
</a
>.
</p
>
216 <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge
</title>
217 <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</link>
218 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</guid>
219 <pubDate>Mon,
23 Aug
2010 19:
30:
00 +
0200</pubDate>
221 <p
>I Norge pågår en prosess for å
222 <a href=
"http://www.e-valg.dep.no/
">innføre elektronisk
223 stemmegiving
</a
> ved kommune- og stortingsvalg. Dette skal
224 introduseres i
2011. Det er all grunn til å tro at valg i Norge ikke
225 vil være til å stole på hvis dette blir gjennomført. Da det hele var
226 oppe til høring i
2006 forfattet jeg
227 <a href=
"http://www.nuug.no/dokumenter/valg-horing-
2006-
09.pdf
">en
228 høringsuttalelse fra NUUG
</a
> (og EFN som hengte seg på) som skisserte
229 hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
230 og elektronisk stemmegiving mangler flere av disse. Elektronisk
231 stemmegiving er for alle praktiske formål å putte ens stemme i en sort
232 boks under andres kontroll, og satse på at de som har kontroll med
233 boksen er til å stole på - uten at en har mulighet til å verifisere
234 dette selv. Det er ikke slik en gjennomfører demokratiske valg.
</p
>
236 <p
>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
237 må fungere for at også ikke-krypografer skal kunne delta, har det vært
238 mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
240 <a href=
"http://wiki.nuug.no/uttalelser/
2006-elektronisk-stemmegiving
">liten
241 samling referanser
</a
> finnes på NUUGs wiki. Den siste er fra India,
242 der valgkomisjonen har valgt
243 <a href=
"http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source
">å
244 pusse politiet på en forsker
</a
> som har dokumentert svakheter i
245 valgsystemet.
</p
>
247 <p
>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
248 med teknobabbel for å få befolkningen til å tro at dette skal bli
249 sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
250 valgene i Norge, og bør ikke innføres.
</p
>
252 <p
>Den offentlige diskusjonen blir litt vanskelig av at media har
253 valgt å kalle dette
"evalg
", som kan sies å både gjelde elektronisk
254 opptelling av valget som Norge har gjort siden
60-tallet og som er en
255 svært god ide, og elektronisk opptelling som er en svært dårlig ide.
256 Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
257 mot
"evalg
", og jeg forsøker derfor å være klar på at jeg snakker om
258 elektronisk stemmegiving og unngå begrepet
"evalg
".
</p
>
263 <title>Robot, reis deg...
</title>
264 <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</link>
265 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</guid>
266 <pubDate>Sat,
21 Aug
2010 22:
10:
00 +
0200</pubDate>
268 <p
>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
269 har brukt noen timer til å google etter interessante referanser og
270 aktuell kildekode for bruk på Linux. Det mest lovende så langt er
271 <a href=
"http://ispykee.toyz.org/
">ispykee
</a
>, som har en
272 BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
273 lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
274 å fjernstyre roboten. Linux-daemonen implementerer deler av
275 protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
276 kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
277 måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
278 den lytter på IP-port
9000 og
9001, gikk jeg i gang med å finne ut
279 hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
280 av protokollen er publisert av produsenten med GPL-lisens, slik at det
281 er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
282 for Android som så ganske snasen ut, men fant ingen kildekode for
283 denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
284 utgangspunkt i den.
</p
>
286 <p
>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
287 tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
288 til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
289 som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
290 (act, forward, right, left, etc). Det involverte i praksis å bytte ut
291 socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
292 klienten om til en tjener.
</p
>
294 <p
>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
295 skrudd sammen resten av roboten for å få montert kamera og plastpynten
296 (armer, plastfiber for lys). Nå er det hele montert, og roboten er
297 klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
298 før det blir praktisk, men de bitene av protokollen er ikke
299 implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
300 eller en windows-maskin, eller implementere det selv.
</p
>
302 <p
>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
303 samle notater og referanser på
<a
304 href=
"http://wiki.nuug.no/grupper/robot/
">NUUGs wiki
</a
>. Ta en titt
305 der hvis du er nysgjerrig.
</p
>
310 <title>2 Spykee-roboter i hus, nå skal det lekes
</title>
311 <link>http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</link>
312 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</guid>
313 <pubDate>Wed,
18 Aug
2010 13:
30:
00 +
0200</pubDate>
315 <p
>Jeg kjøpte nettopp to
316 <a href=
"http://www.spykee-robot.com/
">Spykee
</a
>-roboter, for test og
317 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
318 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
319 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
320 en liten stabel på lager som de ikke hadde klart å selge ut etter
321 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
322 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
323 det blir morsomt å se hva vi får ut av dette.
</p
>
325 <p
>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
326 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
327 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
328 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
329 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
330 firmwaren. :)
</p
>
333 <li
><a href=
"http://en.wikipedia.org/wiki/Spykee
">Wikipedia-oppføring
</a
></li
>
334 <li
><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html
">Nedlasting av firmware-kilden
</a
></li
>
335 <li
><a href=
"http://wiki.nuug.no/grupper/robot
">prosjektwiki hos NUUG
</a
></li
>
341 <title>Rob Weir: How to Crush Dissent
</title>
342 <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</link>
343 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</guid>
344 <pubDate>Sun,
15 Aug
2010 22:
20:
00 +
0200</pubDate>
346 <p
>I found the notes from Rob Weir on
347 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/VGb23-kta8c/how-to-crush-dissent.html
">how
348 to crush dissent
</a
> matching my own thoughts on the matter quite
349 well. Highly recommended for those wondering which road our society
350 should go down. In my view we have been heading the wrong way for a
356 <title>No hardcoded config on Debian Edu clients
</title>
357 <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</link>
358 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</guid>
359 <pubDate>Mon,
9 Aug
2010 20:
15:
00 +
0200</pubDate>
361 <p
>As reported earlier, the last few days I have looked at how Debian
362 Edu clients are configured, and tried to get rid of all hardcoded
363 configuration settings on the clients. I believe the work to be
364 mostly done, and the clients seem to work just fine with dynamically
365 generated configuration.
</p
>
367 <p
>What is the point, you might ask? The point is to allow a Debian
368 Edu desktop to integrate into an existing network infrastructure
369 without any manual configuration.
</p
>
371 <p
>This is what happens when installing a Debian Edu client here at
372 the University of Oslo using PXE. With the PXE installation, I am
373 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
374 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
375 accept to reformat the hard drive (yes), if I want to submit info to
376 popcon.debian.org (no) and root password (secret). After answering
377 these questions, the installer goes ahead and does its thing, and
378 after around
50 minutes it is done. I press enter to finish the
379 installation, and the machine reboots into KDE. When the machine is
380 ready and kdm asks for login information, I enter my university
381 username and password, am told by kdm that a local home directory has
382 been created and that I must log in again, and finally log in with the
383 same username and password to the KDE
4.4 desktop. At no point during
384 this process did it ask for university specific settings, and all the
385 required configuration was dynamically detected using information
386 fetched via DHCP and DNS. The roaming workstation is now ready for
389 <p
>How was this done, you might wonder? First of all, here is the
390 list of things that need to be configured on the client to get it
391 working properly out of the box:
</p
>
394 <li
>IP address/netmask and DNS server.
</li
>
395 <li
>Web proxy URL.
</li
>
396 <li
>LDAP server for NSS directory information (user, group, etc).
</li
>
397 <li
>Kerberos server for PAM password checking.
</li
>
398 <li
>SMB mount point to access the network home directory. (*)
</li
>
399 <li
>Central syslog server to send syslog messages to. (*)
</li
>
400 <li
>Sitesummary collector URL to submit info to central server. (*)
</li
>
403 <p
>(Hm, did I forget anything? Let me knew if I did.)
</p
>
405 <p
>The points marked (*) are not required to be able to use the
406 machine, but needed to provide central storage and allowing system
407 administrators to track their machines. Since yesterday, everything
408 but the sitesummary collector URL is dynamically discovered at boot
409 and installation time in the svn version of Debian Edu.
</p
>
411 <p
>The IP and DNS setup is fetched during boot using DHCP as usual.
412 When a DHCP update arrives, the proxy setup is updated by looking for
413 http://wpat/wpad.dat and using the content of this WPAD file to
414 configure the http and ftp proxy in /etc/environment and
415 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
416 hook to ensure that the client stops using the Debian Edu proxy when
417 it is moved outside the Debian Edu network, and instead uses any local
418 proxy present on the new network when it moves around.
</p
>
420 <p
>The DNS names of the LDAP, Kerberos and syslog server and related
421 configuration are generated using DNS information at boot. First the
422 installer looks for a host named ldap in the current DNS domain. If
423 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
424 LDAP server is found, its root DSE entry is requested and the
425 attributes namingContexts and defaultNamingContext are used to
426 determine which LDAP base to use for NSS. If there are several
427 namingContexts attibutes and the defaultNamingContext is present, that
428 LDAP subtree is used as the base. If defaultNamingContext is missing,
429 the subtrees listed as namingContexts are searched in sequence for any
430 object with class posixAccount or posixGroup, and the first one with
431 such an object is used as the LDAP base. For Kerberos, a similar
432 search is done by first looking for a host named kerberos, and then
433 for the _kerberos._tcp SRV record. I
've been unable to find a way to
434 look up the Kerberos realm, so for this the upper case string of the
435 current DNS domain is used.
</p
>
437 <p
>For the syslog server, the hosts syslog and loghost are searched
438 for, and the _syslog._udp SRV record is consulted if no such host is
439 found. This algorithm works for both Debian Edu and the University of
440 Oslo. A similar strategy would work for locating the sitesummary
441 server, but have not been implemented yet. I decided to fetch and
442 save these settings during installation, to make sure moving to a
443 different network does not change the set of users being allowed to
444 log in nor the passwords required to log in. Usernames and passwords
445 will be cached by sssd when the user logs in on the Debian Edu
446 network, and will not change as the laptop move around. For a
447 non-roaming machine, there is no caching, but given that it is
448 supposed to stay in place it should not matter much. Perhaps we
449 should switch those to use sssd too?
</p
>
451 <p
>The user
's SMB mount point for the network home directory is
452 located when the user logs in for the first time. The LDAP server is
453 consulted to look for the user
's LDAP object and the sambaHomePath
454 attribute is used if found. If it isn
't found, the home directory
455 path fetched from NSS is used instead. Assuming the path is of the
456 form /site/server/directory/username, the second part is looked up in
457 DNS and used to generate a SMB URL of the form
458 smb://server.domain/username. This algorithm works for both Debian
459 edu and the University of Oslo. Perhaps there are better attributes
460 to use or a better algorithm that works for more sites, but this will
461 do for now. :)
</p
>
463 <p
>This work should make it easier to integrate the Debian Edu clients
464 into any LDAP/Kerberos infrastructure, and make the current setup even
465 more flexible than before. I suspect it will also work for thin
466 client servers, allowing one to easily set up LTSP and hook it into a
467 existing network infrastructure, but I have not had time to test this
470 <p
>If you want to help out with implementing these things for Debian
471 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
473 <p
>Update
2010-
08-
09: Simon Farnsworth gave me a heads-up on how to
474 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
475 before falling back to the upper case DNS domain name. Will have to
476 implement it for Debian Edu. :)
</p
>
481 <title>Testing if a file system can be used for home directories...
</title>
482 <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</link>
483 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</guid>
484 <pubDate>Sun,
8 Aug
2010 21:
20:
00 +
0200</pubDate>
486 <p
>A few years ago, I was involved in a project planning to use
487 Windows file servers as home directory servers for Debian
488 Edu/Skolelinux machines. This was thought to be no problem, as the
489 access would be through the SMB network file system protocol, and we
490 knew other sites used SMB with unix and samba as the file server to
491 mount home directories without any problems. But, after months of
492 struggling, we had to conclude that our goal was impossible.
</p
>
494 <p
>The reason is simply that while SMB can be used for home
495 directories when the file server is Samba running on Unix, this only
496 work because of Samba have some extensions and the fact that the
497 underlying file system is a unix file system. When using a Windows
498 file server, the underlying file system do not have POSIX semantics,
499 and several programs will fail if the users home directory where they
500 want to store their configuration lack POSIX semantics.
</p
>
502 <p
>As part of this work, I wrote a small C program I want to share
503 with you all, to replicate a few of the problematic applications (like
504 OpenOffice.org and GCompris) and see if the file system was working as
505 it should. If you find yourself in spooky file system land, it might
506 help you find your way out again. This is the fs-test.c source:
</p
>
510 * Some tests to check the file system sematics. Used to verify that
511 * CIFS from a windows server do not work properly as a linux home
513 * License: GPL v2 or later
515 * needs libsqlite3-dev and build-essential installed
516 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
519 #define _FILE_OFFSET_BITS
64
520 #define _LARGEFILE_SOURCE
1
521 #define _LARGEFILE64_SOURCE
1
523 #define _GNU_SOURCE /* for asprintf() */
525 #include
&lt;errno.h
>
526 #include
&lt;fcntl.h
>
527 #include
&lt;stdio.h
>
528 #include
&lt;string.h
>
529 #include
&lt;stdlib.h
>
530 #include
&lt;sys/file.h
>
531 #include
&lt;sys/stat.h
>
532 #include
&lt;sys/types.h
>
533 #include
&lt;unistd.h
>
537 * Test sqlite open, as done by gcompris require the libsqlite3-dev
538 * package and linking with -lsqlite3. A more low level test is
540 * See also
&lt;URL: http://www.sqlite.org./faq.html#q5
>.
542 #include
&lt;sqlite3.h
>
543 #define CREATE_TABLE_USERS \
544 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT );
"
545 int test_sqlite_open(void) {
547 char *name =
"testsqlite.db
";
550 int rc = sqlite3_open(name,
&db);
552 printf(
"error: sqlite open of %s failed: %s\n
", name, sqlite3_errmsg(db));
558 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,
0,
&zErrMsg);
559 if( rc != SQLITE_OK ){
560 printf(
"error: sqlite table create failed: %s\n
", zErrMsg);
564 printf(
"info: sqlite worked\n
");
568 #endif /* TEST_SQLITE */
571 * Demonstrate locking issue found in gcompris using sqlite3. This
572 * work with ext3, but not with cifs server on Windows
2003. This is
573 * done in the sqlite3 library.
575 *
&lt;URL:http://www.cygwin.com/ml/cygwin/
2001-
08/msg00854.html
> and the
576 * POSIX specification
577 *
&lt;URL:http://www.opengroup.org/onlinepubs/
009695399/functions/fcntl.html
>.
579 int test_gcompris_locking(void) {
581 char *name =
"testsqlite.db
";
583 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE,
0644);
584 printf(
"info: testing fcntl locking\n
");
586 fl.l_whence = SEEK_SET;
588 printf(
" Read-locking
1 byte from
1073741824");
589 fl.l_start =
1073741824;
592 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
594 printf(
" Read-locking
510 byte from
1073741826");
595 fl.l_start =
1073741826;
598 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
600 printf(
" Unlocking
1 byte from
1073741824");
601 fl.l_start =
1073741824;
604 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
606 printf(
" Write-locking
1 byte from
1073741824");
607 fl.l_start =
1073741824;
610 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
612 printf(
" Write-locking
510 byte from
1073741826");
613 fl.l_start =
1073741826;
615 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
617 printf(
" Unlocking
2 byte from
1073741824");
618 fl.l_start =
1073741824;
621 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
628 * Test if permissions of freshly created directories allow entries
629 * below them. This was a problem with OpenOffice.org and gcompris.
630 * Mounting with option
'sync
' seem to solve this problem while
631 * slowing down file operations.
633 int test_subdirectory_creation(void) {
635 char *path = strdup(
"test
");
638 printf(
"info: testing subdirectory creation\n
");
639 for (level =
0; level
&lt; LEVELS; level++) {
640 char *newpath = NULL;
641 if (-
1 == mkdir(path,
0777)) {
642 printf(
" error: Unable to create directory
'%s
': %s\n
",
643 path, strerror(errno));
646 asprintf(
&newpath,
"%s/%s
", path,
"test
");
654 * Test if symlinks can be created. This was a problem detected with
657 int test_symlinks(void) {
658 printf(
"info: testing symlink creation\n
");
659 unlink(
"symlink
");
660 if (-
1 == symlink(
"file
",
"symlink
"))
661 printf(
" error: Unable to create symlink\n
");
665 int main(int argc, char **argv) {
666 printf(
"Testing POSIX/Unix sematics on file system\n
");
668 test_subdirectory_creation();
671 #endif /* TEST_SQLITE */
672 test_gcompris_locking();
677 <p
>When everything is working, it should print something like
681 Testing POSIX/Unix sematics on file system
682 info: testing symlink creation
683 info: testing subdirectory creation
685 info: testing fcntl locking
686 Read-locking
1 byte from
1073741824
687 Read-locking
510 byte from
1073741826
688 Unlocking
1 byte from
1073741824
689 Write-locking
1 byte from
1073741824
690 Write-locking
510 byte from
1073741826
691 Unlocking
2 byte from
1073741824
694 <p
>I do not remember the exact details of the problems we saw, but one
695 of them was with locking, where if I remember correctly, POSIX allow a
696 read-only lock to be upgraded to a read-write lock without unlocking
697 the read-only lock (while Windows do not). Another was a bug in the
698 CIFS/SMB client implementation in the Linux kernel where directory
699 meta information would be wrong for a fraction of a second, making
700 OpenOffice.org fail to create its deep directory tree because it was
701 not allowed to create files in its freshly created directory.
</p
>
703 <p
>Anyway, here is a nice tool for your tool box, might you never need
706 <p
>Update
2010-
08-
27: Michael Gebetsroither report that he found the
707 script so useful that he created a GIT repository and stored it in
708 <a href=
"http://github.com/gebi/fs-test
">http://github.com/gebi/fs-test
</a
>.
</p
>
projects / homepage.git / blob