Hello,

I'm running Debian 3.0 and Mandrake 9.0--the following problem persists
under both of them.

I've set up my runlevels so that I can conveniently switch off all
networking and related services when I don't need them, for security
considerations. As such, runlevel 2 has no networking, and runlevel
3 has full networking (setting up interfaces, sshd, xinetd). I'm
booting into runlevel 2 by default, and when I need the network, I just
issue the command "telinit 3". Then "telinit 2" drops me back to no
network. Here is the list of my rc2.d and rc3.d directories for the
exact services (under Mandrake):

$ ls /etc/rc[23].d
/etc/rc2.d:
K09dm@ K50xinetd@ K90network@ S17alsa@ S20xfs@ S95kheader@
K15numlock@ K60atd@ S12syslog@ S18sound@ S75keytable@ S99devfsd@
K45sshd@ K89internet@ S15gpm@ S20random@ S90crond@ S99local@

/etc/rc3.d:
K09dm@ S12syslog@ S18sound@ S40atd@ S75keytable@ S95kheader@
S10network@ S15gpm@ S20random@ S55sshd@ S85numlock@ S99devfsd@
S11internet@ S17alsa@ S20xfs@ S56xinetd@ S90crond@ S99local@

The problem is that this only works when I use telinit under the virtual
terminals. Normally, the services are printed out as they are
started/stopped indicating if the command was successful. But when I
try to do the same from X11 (I just launch it with startx, and su to
root in an xterm), "telinit 2" and "telinit 3" apparently have no
effect; nothing is printed out, and the prompt reappears
instantaneously. Services are not affected. Curiously, when I go back
to the virtual terminals while X is still running and issue the commands
there--they're working.

Can anyone explain why telinit is not working in an xterm, and how to
correct this?

Thanks,

Gergo

On Wed, 30 Jun 2004, Gergely Korodi <gergely.korodi@tut.fi> wrote:
>
> I'm running Debian 3.0 and Mandrake 9.0--the following problem persists
> under both of them.
>
> I've set up my runlevels so that I can conveniently switch off all
> networking and related services when I don't need them, for security
> considerations. As such, runlevel 2 has no networking, and runlevel
> 3 has full networking (setting up interfaces, sshd, xinetd). I'm
> booting into runlevel 2 by default, and when I need the network, I just
> issue the command "telinit 3". Then "telinit 2" drops me back to no
> network. Here is the list of my rc2.d and rc3.d directories for the
> exact services (under Mandrake):
>
> $ ls /etc/rc[23].d
> /etc/rc2.d:
> K09dm@ K50xinetd@ K90network@ S17alsa@ S20xfs@ S95kheader@
> K15numlock@ K60atd@ S12syslog@ S18sound@ S75keytable@ S99devfsd@
> K45sshd@ K89internet@ S15gpm@ S20random@ S90crond@ S99local@
>
> /etc/rc3.d:
> K09dm@ S12syslog@ S18sound@ S40atd@ S75keytable@ S95kheader@
> S10network@ S15gpm@ S20random@ S55sshd@ S85numlock@ S99devfsd@
> S11internet@ S17alsa@ S20xfs@ S56xinetd@ S90crond@ S99local@
>
> The problem is that this only works when I use telinit under the virtual
> terminals. Normally, the services are printed out as they are
> started/stopped indicating if the command was successful. But when I
> try to do the same from X11 (I just launch it with startx, and su to
> root in an xterm), "telinit 2" and "telinit 3" apparently have no
> effect; nothing is printed out, and the prompt reappears
> instantaneously. Services are not affected. Curiously, when I go back
> to the virtual terminals while X is still running and issue the commands
> there--they're working.
>
> Can anyone explain why telinit is not working in an xterm, and how to
> correct this?

I could be wrong, but doesn't X require networking (port 6000 on
localhost). So it would be kind of foolish to kill networking from X
which would render X unusable. Maybe the system recognizes that this
would render your current terminal unusable and therefore saves you from
making such an error.

For example some people have problems when they or something (like dhcp)
changes their hostname on the fly, because that new hostname may not have
permission (xauth) to access that X server or the system may not be able
to find a local IP for the new hostname.

--
David Efflandt - All spam ignored http://www.de-srv.com/

> I could be wrong, but doesn't X require networking (port 6000 on
> localhost). So it would be kind of foolish to kill networking from X
> which would render X unusable. Maybe the system recognizes that this
> would render your current terminal unusable and therefore saves you from
> making such an error.
Actually, it is only needed for remote logins. And if you make a
firewall, you can safely allow all traffic in and out on the lo
interface, while eth0 is more or less blocked. You can also start the X
server with "-nolisten tcp" to disable listening on 6000 completely (I
do it that way, even though I have a firewall).

> For example some people have problems when they or something (like dhcp)
> changes their hostname on the fly, because that new hostname may not have
> permission (xauth) to access that X server or the system may not be able
> to find a local IP for the new hostname.
That's true. If you change the hostname from an xterm, you will not be
able to start any new X programs etc. until the X server is restarted
(or perhaps one could just regenerate the authentication files - I'm not
sure).

Michal

On Wed, 30 Jun 2004 22:05:04 +0300,
Gergely Korodi <gergely.korodi@tut.fi>, in
<eVDEc.289$cV7.136@reader1.news.jippii.net> wrote:

>+ Can anyone explain why telinit is not working in an xterm, and how to
>+ correct this?

I can verify that telinit is *mostly* not working in an xterm. I can
replicate the behaviour you see with telinit 2/3, but telinit 1 does
indeed drop you into single-user mode.

Nothing in the man page indicates what behaviour to expect when
running in an xterm.

James
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

Gergely Korodi <gergely.korodi@tut.fi> wrote:
[snip]
>The problem is that this only works when I use telinit under the virtual
>terminals. Normally, the services are printed out as they are
>started/stopped indicating if the command was successful. But when I
>try to do the same from X11 (I just launch it with startx, and su to
>root in an xterm), "telinit 2" and "telinit 3" apparently have no
>effect; nothing is printed out, and the prompt reappears
>instantaneously. Services are not affected. Curiously, when I go back
>to the virtual terminals while X is still running and issue the commands
>there--they're working.
>
>Can anyone explain why telinit is not working in an xterm, and how to
>correct this?

This is a simple question with a surprisingly complicated answer. The
messages that you (don't) see are actually log messages: that story
is told in places like syslog(3), syslogd(8), syslogd.conf(5), and
wherever /dev/console is documented.

Real security requires an intrusion-detection system, and it requires
analyzing logs: this is when you get to know the above pages quite
well. I don't want to pursue that path today.

So the weasel answer is that many sysadmins learn to run xterm -C as a
small window on their desktops, and use it as an output-only window
(although it will take input). It is here that you will see things
like messages from init(8).