Category Archives: System administration

System administration-related

dxcmd error “Unable to initialize DClient” caused by config file permissions

Attempting to run dxcmd was yielding this error on one of our IDM servers:


DirXML Command Line Utility
version 4.0.2.1
Copyright (C) 2003-2011 Novell Inc., All Rights Reserved

Enter user name: foo.user
Enter user’s password:
java.lang.Error: Unable to initialize DClient
at novell.jclient.JClient.initializeDclient(Native Method)
at novell.jclient.JClient.initialize(JClient.java:906)
at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:419)
at com.novell.nds.dirxml.util.DxCommand.main(DxCommand.java:391)

Using the command

strace -f dxcmd -user foo.user -password S00perS33cr3t

turned up a “permission denied” error while trying to open /etc/opt/novell/nici64.cfg. On other servers, that file was world-readable; on the problem server, it was owner- and group-readable only.

The chosen fix was to remove world-readable attribute on all servers, and use “sudo dxcmd” to eliminate the file permissions problem.

Keyboard mapping problem in Ubuntu VNC session

New hard drive in my home PC = upgrade to/new install of Ubuntu 9.10 last night.

I set up tightvncserver and all worked fine from home when I tested it last night. Today from my Macbook at work, though, odd keyboard mapping prevented using a VNC session.

A little searching online reveals that tightvncserver is apparently built with an old version of XFree. Removing tightvncserver and using vnc4server instead solved the problem.

Deleting sendmail file pairs based on content

This one-liner will identify files containing a string, and then use some bash string manipulation to generate a wildcard for the pair of files sendmail creates for each message (dfn for message content, and Qfn for headers). This assumes you’re running it in the mail queue directory (/var/spool/mqueue for example).


for f in `grep -l -i viagra *`; do t=${f:10:6}; rm -f *${t}; done

The ${f:10:6} extracts the last 6 characters of the filename, then the rm command prepends that with the wildcard.

Some sample output:


[root@mail mqueue]# grep -l -i cialis *
dfn7U8Rc3X020530
dfn7UD7BUh015512
dfn7VELCbV031687

But there are actually six files:


[root@mail mqueue]# ls -l | egrep "020530|015512|031687"
-rw------- 1 root smmsp 2062 Aug 30 01:27 dfn7U8Rc3X020530
-rw------- 1 root smmsp 2232 Aug 30 06:07 dfn7UD7BUh015512
-rw------- 1 root smmsp 2069 Aug 31 07:21 dfn7VELCbV031687
-rw------- 1 root smmsp 825 Aug 30 01:27 Qfn7U8Rc3X020530
-rw------- 1 root smmsp 837 Aug 30 06:07 Qfn7UD7BUh015512
-rw------- 1 root smmsp 810 Aug 31 07:21 Qfn7VELCbV031687

So we run the command, using cialis:


for f in `grep -l -i cialis *`; do t=${f:10:6}; rm -f *${t}; done

Then there are no more files 🙂


[root@mail mqueue]# for f in `grep -l -i cialis *`; do t=${f:10:6}; rm -f *${t}; done
[root@mail mqueue]# grep -l -i cialis *
[root@mail mqueue]#

One-liner to count current IP connections

A quick one-liner to show the IP addresses with an established connection to your server, sorted in order:

netstat -ant | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr

If you care only about a certain TCP port, say 80 for web traffic, the command becomes:

netstat -ant | grep :80 | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr

Output would look like:


36 14.21.23.10
8 14.21.23.107
7 14.21.23.114
6 14.21.2.34
5 14.21.23.108
5 14.21.23.106
5
2 14.21.13.120
1 14.21.2.23
1 14.21.13.147
1 14.21.13.130
1 14.21.13.128
1 14.21.13.122
1 14.21.13.118
1 14.21.13.112

Continue reading One-liner to count current IP connections

sudo and local passwords vs SSH

Just tracked down a problem with sudo at work. The error message

sudo: pam_authenticate: Module is unknown

would show up when doing “sudo su -”

An initial strace shows that libkeyutils was being looked for:

open("/lib64/tls/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fffe8902810) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib64/x86_64/libkeyutils.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fffe8902810)   = -1 ENOENT (No such file or directory)

but was not installed on the server. A “correct” server shows:

[root@host ~]# rpm -qa | grep keyutils|sort
keyutils-libs-1.2-1.el5
keyutils-libs-1.2-1.el5
keyutils-libs-devel-1.2-1.el5
keyutils-libs-devel-1.2-1.el5

Without keyutils installed, the SSH keys we had set up weren’t able to be processed. PAM then fell back to local passwords, which was not set for the particular user in question.

Anyway, just hoping this helps someone else in the future.