Linuxconf 1.10r26


Some work in progress

Linuxconf 1.10r26 features some new modules which are now operational. These could be enhances (endless :-) )

The most important part of this release is not that visible. This is the integration into the forthcoming Red-Hat 5.1. The changes allows a distribution specific module to tailor few aspect of Linuxconf to achieve better compatibility, but more importantly, an easier upgrade path for the non-Linuxconf user who will be moving to Linuxconf.

This work explain why it took so long to get 1.10r26 after 1.10r8.

User interface

remadmin

remadmin used to be the GUI front-end of Linuxconf. It is now a script which select an available front-end. It is located in /bin. The original GUI front-end has been renamed to wxxt-linuxconf. This has been done because more front-ends have been developed. With Red-Hat 5.1, one called gnome-linuxconf will be shipped. This is a GUI front-end build on Gtk. Another one called newt-Linuxconf is a text based front-end which will override the normal ncurses text mode of Linuxconf.

The usage of a front-end even in text mode is nice as it allows efficient remote administration even in text mode.

remadmin was turned into a script as we believe other front-end will be developed (The Java one should be completed one day). One front-end for Kde is in the making also.

The GUI protocol

Some enhancement have been made to the GUI protocol with new widget types and some cleanup of the protocol itself. For sure, you have to upgrade linuxconf-gui for it to work with Linuxconf 1.10r26. Those interest in writing a front-end for Linuxconf should look at this document to learn more.

A new utility called guidump can be used with guispy to transform numeric op-codes into ASCII commands. This make the conversation between Linuxconf and the front-end more readable.

The html mode

Some bugs were fixed in the html mode. The output was lacking some escape sequence which was confusing (rightfully) the browsers. Some dialogs had problems as well, especially the dialogs for relay control in the Sendmail configuration.

The text (ncurses) mode

A bug was fixed preventing Linuxconf from scaling its text windows properly.

Language support

The LANG environment variable is now supported. You can still control the language from the features menu. So Linuxconf will switch to the proper language (if available) auto-magically.

Email configuration

Email aliases co-manager

The concept of User account co-manager has been applied to email aliases as well. Now the normal user account dialog contains a new section for email alias. You can set the email alias of a user right from this dialog. Handy. Further, both /etc/aliases and /etc/mail/virtusertable are managed transparently, so you can assign to a user a fully qualified email alias (joe@domain.com).

This co-manager technology demonstrates how any component or module can value add to the user account dialog. See the pppdialin module (describe below) as a very small example showing how it works.

Expensive mailer for Sendmail

The concept of expensive mailer has been used in the sendmail.cf generation. People using a non-dedicated Internet connection may want to define an email gateway with the protocol esmtprem (expensive SMTP). Sendmail only transmit to this gateway on queue run. This should solve the problem of diald user who are facing regular connection for nothing each time a local mail is deliver. Comments on this strategy are more than welcome. People running servers connected to the net won't see any difference though.

/etc/mail/virtusertable

This file was half supported by Linuxconf but sendmail.cf generation was broken. Linuxconf now properly generate the rules needed to support virtusertable. This file can be used as a way (with some limitation) to emulate virtual email domains. With the concept of co-manager, this strategy is more manageable.

vpop3d

vpop3d has been enhanced to support IP-less virtual email domains. Normally, with vpop3d, you need one IP number per domain. For many organization, this becomes prohibitive. The POP protocol does not provide any way to pass domain information. There is no concept of header like the http protocol. The trick to support IP-less virtual email domain is by encoding the domain in the user account.

When setting virtual domain, they can all share the same IP number. So mail.domain1.com can point to the same IP number as mail.domain2.com. The trick is to tell to user joe member of domain1.com that his POP account is joe/domain1.com while user joe, member of domain2.com has joe/domain2.com. The slash is processed by vpop3d and it assumes that the domain name follow.

For sure, it requires that you tell your users a little more:

	Your email address is joe@domain1.com and your pop account
	is joe/domain1.com and the pop server is mail.domain1.com.
	

Not to bad, but still simpler than using virtusertable where the email address is sometime unrelated to the pop account.

Usage of smrsh instead of /bin/sh

If the special shell /usr/sbin/smrsh is installed, a sendmail.cf will be generated to use it instead of /bin/sh. This is used for the prog mailer (aliases to filter programs).

Fire-walling

Fire-walling rules now support negative rules. The logic of Linuxconf rules are that the default policy is "deny" and each rules "opens" a hole in the firewall. Negative rules are needed to create exceptions.

Networking

dhcp support

The dhcp support is now operational (basic host information). There is still a glitch as Linuxconf requires an IP number. For now provide one...

PPP/Slip dial-out

A new field has been added to the dialog called "pre-disconnect command". You can use that to record a command which will be executed just before shutting down the link. Currently, this is supported only for manual connection. I was told that a new version of diald (on demand dialing) supported this concept, but could not figure out how. If you have a clue about this, please let me know.

IP forwarding

The dialog where you set the default route has been enhanced. There is now a check-box to control the IP forwarding feature of the kernel. Turning this box off kills all routing. The behavior of Linuxconf is not to affect the kernel unless you have visited this dialog once. The idea is that an update to this new Linuxconf won't kill your favorite router :-).

Note that the standard for this is to be off on a new box. A linux host must be explicitly configured as a router.

System profile versioning

Various little glitches were fixed in this area. The worst one was that the profile definitions were archived!! This took a while to explain the fact that switching between to profile was producing strange results :-(.

Two small enhancements were done. When you boot, the askrunlevel menu now tell you what is the current profile. This is handy to know, since you can switch system profile right there, at boot time.

And Linuxconf now shows you what is the current profile and what was the previous active profile when you switch profile.

User accounts

Group management

/etc/group is not sorted anymore. The special NIS entry is properly preserved (at the end of at the beginning). New group are allocated above 500.

New command line options have been added to the userconf command

	userconf --addgroup group
	userconf --delgroup group
	

Enhanced filter for account selection

You can now select a list of account by providing

By entering a * at the login id or full name, you can select a string anywhere. The prefix is taken as a sub-string in that case.

dhcpd module

This module has been enhanced. It can not only edit the /etc/dhcpd.conf file, but will compute the proper startup command line. It sets also the needed special routes (255.255.255.255) all by itself. This makes installation of a dhcp server painless.

Samba module

The module now support properly the new smb.conf format with two type of comments (; and #).

The dialog for the special homes share is now done.

New modules

pppdialin

A new module have been created to solve the ppp dialin configuration. This module makes use of a new gadget called user account co-managers.

Unlike other modules, this one does not have its own menu entry, nor any command lines. It simply enhance the current PPP user account dialog, by adding 3 sections: ppp options, routing and IPX setup. The information collected by this module is stored in /etc/pppdialin.conf.

A companion utility called /usr/lib/linuxconf/lib/pppparms can extract the information in a format suitable to cooperate in a shell script. A sample shell script /usr/lib/linuxconf/lib/ppplogin is supplied.

In fact this is not a sample ppplogin, but could very well become the only ppp login script you will ever needed, since it behaves according to the information collected by the pppdialin module.

The pppparms usage is

	pppparms pppdopt account default-account
	pppparms routing account
	

The first reports the pppd options needed in the ppplogin script while the other reports the routing needed in the ip-up script. Just run the command with suitable option to see the list of shell assignment it generates.

One may ask how this works for PAP connections (autoPPP connections). It does not work. Only a few features are usable since when the paplogin script calls pppd, we do not know who is the user. Once this pppdialin module will be iron out, we will attack the task of making pppd able to receive new options right after PAP authentication.

This is a new module, so test it out.

mailsql

This work in progress project is not completed. The idea is to use an SQL server to store personal folder. It is believed that such a solution would yield a very high level of performance for people dealing with a large set of accounts.

Currently, the vdeliver_sql utility is working and a vpop3d_sql is almost completed.

squid

A module to manage squid, the proxy + cache server has been started. For now, it is functional but let you edit a limited amount of features. Somebody is working on this to incorporate a nice interface for ACL management as well as inter-cache configuration.

treemenu

This module is now operational. It may be fold in the core of Linuxconf. Currently, it is only useful in text mode since no front-ends (GUI) currently support its protocol. A special HTML mode will be created to support it.

To use it for now, you type

	linuxconf --modulemain treemenu
	

Or you can do (if you expect to use that a lot)

	ln -s /bin/linuxconf /bin/treemenu
	treemenu
	

Note that this symlink tricks works with any module which has a command line (such as the usermenu module below).

usermenu

The usermenu module allows the administrator to define a restricted view of the Linuxconf menus. You can define several menus. For each menus, Linuxconf presents a dialog where you see all the menu options of Linuxconf. You simply select which option (check boxes) you want in your menu. You give it an ID and a title and that's it.

For each menu, Linuxconf defines a special privilege. This privilege provide access to the menu. It only control this. To do any useful work with the option selected in this menu, a normal user will need other privilege.

A user only need this special privilege to get in. He does not need the "Linuxconf access" privilege. This is a way to

There is no help written for this module unfortunately. Once a menu is created, you have two ways to reach it.

xterminals

I have created an install kit to manage linux based X terminal (NFS rooted). You can find this kit at ftp://ftp.solucorp.qc.ca/pub/xterm . This kit is quite functional and let you turn a bunch of PCs into X terminals in no time. Ideal for office and classroom, especially if the PCs are under-powered. An old 486 does a wonderful X terminal for office work and other desktop task. Even a 386/4megs will do fine with Netscape.

The module itself is not advanced at all but is expect to simplify installation of the kit.

Comments are welcome!

Translations

I have received various updates for the translation effort, notably from the German people and from the French. As far as I can tell the French translation is completed, including the help screens (at least the one which are not missing from the English version. Any volunteer to tackle this task ?).