Category Archives: Linux/Unix

Xorg config silently got better

Since my first XFree86 (v3), I got used to the annoying /etc/X11/XF86Config file (now /etc/X11/xorg.conf), and I didn't notice that editing this file already belongs to the dinosaurs era. Quite silently, new features emerged and gave better ways to configure X, in particular screen resolutions. I'll sum up what I've found out today, in a bullet fasion:

  • The modern xorg actually no longer needs the xorg.conf file. xorg simply knows what to do automagically :). xorg.conf file can be used though, for overriding the defaults. Still, only the overrided stuff can be written, and the file is still small and readable.
  • xrandr --mode changes the resolution on the fly (not permanently though), from a list of given resolution. Thank you, HP, this time you did something good 🙂
    • xrandr --newmode , xrandr --addmode: add new resolutions to that list.
    • Still, X may have an upper resolution limit which it won't let you pass. It can be increased by adding a "Virtual" line to xorg.conf (Screen section -> Display subsection). i.e. "Virtual 1280 768" would set a maximum resolution of 1280x768.
  • cvt is a cool tool for generating Mode Lines, simply amazing! Needed for xrandr --newmode command.
  • Setting a new resolution permanently: this Ubuntu howto suggests to simply add the correct xrandr commands (i.e. xrandr --mode 1280x768) to the ~/.xprofile script. These commands would run right after each X login for that specific user. (There's probably a system-wide equivalent)
    • GNOME (and probably KDE as well) has its own resolution settings, which seems to override the xrandr change. So if using GNOME, configuration should be simply changed from within the GNOME tools..

Good stuff. It's always nice to see how things got better in few years. Still, in my opinion xorg has many problems (and slow development cycle), and might be the weakest link on Linux desktops. Goodbye!

/etc/mtab weirdness

There are many ways to fetch the list of currently-mounted-devices: read the files /etc/mtab, /proc/mounts, or exec /bin/mount, /bin/df.

I've been arguing with a colleague (Yaniv), that relying on /etc/mtab is no much worse than relying on /proc/mounts. But after we inspected it on Linux & Solaris (/etc/mnttab), I figured out that I was pretty wrong, and learned some new surprising facts:

On Linux:

  • /proc/mounts is a read-only, kernel-generated file.
  • /etc/mtab (Linux) is a regular file. It's kept up-to-date because the mount/umount commands modify it. It can be modified by a root user, moved and even deleted!
  • df command is using /etc/mtab, thus after rm'ing /etc/mtab, df would stop functioning.
  • mount command doesn't care about /etc/mtab, probably uses /proc/mounts or some internal kernel structure.

On Solaris (prepare for some weird stuff now):

  • Solaris has got /etc/mnttab, but no /proc/mounts equivalent.
  • /etc/mnttab is a mounted filesystem, of the mntfs type. So it's somewhat similar to /proc/mounts on Linux. It cannot be modified.
  • /etc/mnttab is actually a directory! (a mount point has to be a directory..)
  • /etc/mnttab can be unmounted, renamed, rmdir'd (when unmounted) and mounted anywhere else.
  • both df and mount rely on /etc/mnttab, thus not functioning when it's absent


  • /etc/mnttab, which is a regular file, is similar to /etc/mtab on Linux.

And on another, non-related subject: looks like Debian Lenny has got only 80 bugs to go (as of 19/01/09)! Go Lenny!

Init script dependency

"Behind my back", a new feature was added to LSB specification and to Debian Lenny accordingly: Init scripts dependency.

The new LSB defines new fields for init script headers: Required, Should (like Required but only if installed) and Provides. This means that the init system should take care of ordering the init scripts according to their dependencies (i.e. "NFS" service requires "portmap" service which requires network and thus order should be Network -> Portmap -> NFS). This eliminates the need to give funny "K01/S99"-style numbers manually to each service.

Cool. But is it enough? The init system is several decades old. Maybe we need something revolutionary such as Upstart or Solaris SMF. Features like starting/stopping independent services in parallel, service monitoring (watchdog/keepalive), or other crazy ideas that Upstart & SMF implement.

Ubuntu's Upstart was adopted also by Fedora 9; this means that RHEL6 might use Upstart as well. In that case, the revolution is over.. Debian, SuSE (and Windows maybe? 🙂 ) would probably follow.

WordPress 2.5.1-6 is broken on Debian sid

Update: 2.5.1-7 fixes the issue.

I always say "Debian unstable" should be renamed to "Debian stable" (and Debian stable -> deprecated), because it hardly ever gets broken.

Well, this time of the year has come. WordPress got a security update backported from 2.6.1->2.5.1, but.. only half-baked 🙂 (some functions are missing)

The bad version is easily recognizable by this PHP error:

A debian bug has already been opened.

LDAP default "bind=hard" policy is problematic

/etc/ldap.conf (CentOS/RHEL) and /etc/libnss-ldap.conf (Debian) has an interesting line:

# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
# bind_policy hard

By default (when commented out) it is set to hard. This means that LDAP queries would wait & retry a long period if LDAP server is down. soft means try once, and return even if failed.

Then yet again we get the chicken & egg problem.

Long story short: on an LDAP-client+server machine, services that start before LDAP would simply freeze for a long period, if they resolve user/group names. On CentOS it happens with the dbus service. (Even if user/group are set locally on passwd/group, an LDAP query would be triggered to find additional group membership).

By the way, on Debian "hard" policy differs from CentOS's "hard" policy. Debian waits a few seconds while CentOS waits about 2 minutes. The "how long should I wait" params are set in the code (ldap-nss.h), and can't be tuned from the config file.

So as a workaround I've set "bind_policy soft" on my LDAP server+client; but I believe that a better solution should be done. Either:

  • Default should be soft (just like DNS default)
  • CentOS timeout should be lower, like Debian
  • Timeouts should be tuneable through the config file

First two bullets are probably "management decisions", but I'll add the 3rd bullet to my TODO 🙂

Per directory quota: not just a dream

Ext3 and many other popular filesystems allow per-user and per-group quota. In some cases, a "per directory tree quota" is needed: doesn't matter who writes the files, limit a directory tree from growing to a size of more than X bytes.

As I see it, it can be good for many cases, either limiting a directory from exploding (Lior wrote about a similar problem a few weeks ago), or simply allocating space per team-projects on a file server.

As far as I knew, the only UNIX FS that implemented this feature was Sun's unpopular SAMFS/QFS. However, I've just stumbled upon this man page and was surprised to find out that the good old (well, at least old 🙂 ) XFS does that already!

A quick "howto use project quota" cookbook:

1. Make the filesystem and mount it:

> mkfs.xfs /dev/loop0
> mount /dev/loop0 /mnt/tmp -o pquota

2. Create a project named "project1", which is the "/mnt/tmp/tree1" tree:

> echo "11:/mnt/tmp/tree1" >> /etc/projects
> echo "project1:11" >> /etc/projid
> xfs_quota -x -c 'project -s project1' /mnt/tmp

3. Set the tree quota to 2 MB:

> xfs_quota -x -c 'limit -p bhard=2m project1' /mnt/tmp

4. That's it.. Now let's make some tests:

> dd if=/dev/zero of=/mnt/tmp/tree1/aaa count=10 bs=1024k
dd: writing `aaa': No space left on device
2+0 records in
1+0 records out

2093056 bytes (2.1 MB) copied, 1.51164 s, 1.4 MB/s

> touch fdsa
touch: cannot touch `fdsa': Disk quota exceeded

5. And there's also a nice report! (looks nicer with a fixed-width console font)

> xfs_quota -x -c 'report /mnt/tmp'
Project quota on /mnt/tmp (/dev/loop0)
Project ID       Used       Soft       Hard    Warn/Grace
---------- --------------------------------------------------
project1         2044          0       2048     00 [--------]
project2            0          0          0     00 [--------]

More useful keyboard shortcuts; Apache evilness

As a sequel to this browser shortcuts post, here're two new shortcuts that rocked my world (ok, almost..) :

  1. F4: opens a select box. Seems like a standard for all UIs! (Windows/Linux at least)
  2. Tick (') key in FireFox: would switch to 'search' mode just like slash (/), but would search for links only. Just type the beginning of the link's name and hit Enter.

Do you know any other shocking keyboard shortcuts?

On a completely other subject, I was fighting (along with a collegue) today with Apache httpd's configuration. The web server seemed to "automatically guess" URLs in a weird fashion.

The cause is that we had the MultiViews feature enabled. With MultiViews, when a URL points to a nonexisting file, i.e. http://mydomain/my/file, apache tries to look for an existing file which looks similar to the directory (I won't describe here the exact algorithm), i.e. http://mydomain/my.php. Then it loads it instead, and the user doesn't get 404.

Maybe some people need it.. but it's also weird and error-prone..

Configuring sendmail as an MSA

[Disclaimer: sendmail is very complicated, and I lack some knowledge. The following solution might be even bad, although it works (tm). Please post comments if you know better ways, and I'll update the post]

I was looking for a quick n' simple SMTP solution for sending mails only. Requirements:

  • A service that'll simply accept mails submitted locally and maintain a queue of mails-for-sending.
  • It'll then send the mails by SMTP directly to the target servers (i.e.
  • It should retry for a few days, if failed sending due to a local (dead connection) or remote problem.
  • A bizarre one: it should be listening on a port other than 25, because another daemon uses it already. I know it's nonstandard and doesn't make sense, but should be possible..

Apparently what I was looking for is an Mail Submission Agent (MSA), which also takes care of delivering the mail. Also there's a standard port for mail submission: 587 (submission).

Continue reading

An annoying keyboard layout bug

For many months(!) now, once a while my CTRL/ALT keys just stop functioning. Running xmodmap returns a list of empty modifiers (no Ctrl/Alt attached to them).

Recently I've got the feeling that VMware server console is the one to blame, and a long search on the web revealed this ubuntu bug, In which Pete describes exactly how to reproduce:

  • In VMware console, put the mouse inside the guest machine
  • Hold the Ctrl key down
  • Take the mouse out of the guest machine
  • Leave the Ctrl key
  • Run xmodmap and viola, it's empty!

(To get the modifiers back run something like xmodmap /usr/share/xmodmap/

The bug is reported to Ubuntu, but it's something bigger - I'm experiencing it in Debian (can you reproduce it on another distro?).

I wonder who should I report it to: it might be a bug in Xorg, Linux Kernel (usb keyboard driver), or even just a VMware bug (less likely though).

Update: actually I think that this is the relevant bug, and not the one I originally linked to.