Red Hat Enterprise Linux 4 customization
and Scientific Linux 4 customization
Author: L.S.Lowe. File: rhel4custom. This update: 20091111.
Part of Guide to the Local System.
This file is intended to be a list of customizations I applied to
a Red Hat Enterprise Linux 4 system (RHEL4)
and/or a Scientific Linux 4 system (SL4).
They should also be appropriate for CentOS and White Box Enterprise Linux.
This might have relevance for Fedora installations too.
The new or revised customizations are marked +.
This file started life based on my
RedHat Linux 9 customization page,
followed by my
RedHat Enterprise Linux 3 customization page,
and some left-overs from that may still be present.
For my local Linux desktops, it's superseded by my
Fedora 12 customization page.
These are the customisations that we apply to our systems
after doing a kickstart install, and as needed after that.
The files are distributed using rdist.
Some files are system configurations which are installed in place:
there may be an associated rdist action to restart a corresponding system service.
Other files are simply action scripts in the sense that rdist runs them
after transferring or updating them: these are mostly installed in /root/conf.
SL4x differences
See this document on Scientific Linux 4x differences.
+ comps package in SL4.8
In SL4.8, both architectures,
if you install Everything, then a missing package prevents a successful install.
This is because file SL/base/pgkorder lists package comps-48-0.20090709
whereas in directory SL/RPMS it is a later version:
comps-48-0.20090728 (i386) or comps-48-0.20090729 (x86_64).
Solution 1: use %packages --ignoremissing in the kickstart file.
Solution 2: exclude package comps in the kickstart file, and also
exclude the following which require it:
apt apt-autoupdate apt-devel apt-firstboot apt-scripts apt-sourceslist.
In either case, install them later (maybe in %post script) if you want them.
+ /bin/ksh
In SL4 there are two potential versions of the ksh shell: ksh93 and pdksh;
in fact if you install Everything, then both RPMs will be on the system,
though of course only one binary will be at /bin/ksh!
(RHEL4 has just the familiar pdksh).
With the ksh93 package then there was (in SL3, and maybe still is in SL4)
a potential problem for users who have /bin/ksh as their login shell.
That version doesn't appear to work properly, for me, when used in the X login sequence:
/etc/X11/xdm/Xsession -> /etc/X11/xinit/Xclients -> exec -l $SHELL -c ssh-agent ....
It's at that point that the user's profile should be executed, but it doesn't happen.
So instead, use pdksh, which does work, and suppress ksh93.
+ /etc/sysconfig/prelink
Prelinking appears to be on by default, in SL4 anyway, which causes problems with my
change distribution system, because prelinking makes binary files different on the
different machines. Also it affects binary verification for security purposes.
So for me, I've turned it off for the moment, and maybe will re-introduce it
in the future with a customised /etc/prelink.conf, to get some performance gain.
Turn it off by setting PRELINKING to no in the /etc/sysconfig/prelink file.
This is best done as part of installation %post processing, before
the cron.daily prelink script gets to run for the first time!
Alternatively, if that change is done later, then the prelinking
is undone on the next prelink cron job, which takes about a minute real time.
However, un-prelinking does not seem to be successful for all binaries
(eg mozilla/firefox).
+ kernel module ipw3945
The kernel module version supplied with SL44 for this in the original distro
didn't work when setting a WEP key and gave the following error message:
eth1: could not initialize WEP: load module ieee80211_crypt_wep
Error for wireless request "Set Encode" (8B2A) :
SET failed on device eth1 ; Operation not supported.
There was a version which worked, tucked away in a non-default directory.
However, since kernel-2.6.9-42.0.8, available 2007/02/01,
the provided package with name starting kernel-module-ipw3945 works.
A further problem with ipw3945 networking in this distribution is the reliance on
an install line in /etc/modprobe.conf to start the /sbin/ipw3945d daemon.
Although this works if a modprobe ipw3945 is done after boot,
it doesn't work at boot time:
investigation shows that /sbin/ipw3945d issues the following message (quietly!) and exits with code 3:
ERROR: Unable to create pid file '/var/run/ipw3945d.pid'
At the point in /etc/rc.d/rc.sysinit where networking modules are
loaded, the root file system is read-only and other local file systems
(if any) have not been mounted, so the pid file cannot be created.
A solution to this is to move the starting of /sbin/ipw3945d
to the end of /etc/rc.d/rc.sysinit (or later):
the following addition at the end of that script works:
echo $network | grep -q ipw3945 && /sbin/ipw3945d --quiet
Another problem for me when using WEP encryption,
with the ESSID and KEY properly set-up in the ifcfg-eth1 file,
was that the driver usually failed to kick the ipw3945 wireless interface
into action in the start-up sequence for network interfaces.
I guess this is a bug in the ipw3945d code or the firmware.
This problem was circumvented by arranging to restart the ipw3945d daemon soon
after the iwconfig key and essid has been set, and before
the dhclient tries to get the IP address.
So the following line was added at the end of script
/etc/sysconfig/network-scripts/ifup-wireless:
ipw3945d --isrunning && ipw3945d --kill && nice -n -10 ipw3945d --quiet
With a sufficiently recent version of ipw3945d, in both cases
a suitable --timeout option can be added.
These changes are intended to be tolerant of other wireless cards
(or no wireless card!).
* /etc/X11/Xresources
This update overcomes a problem with sub-pixel rendering of fonts on TFT flat-panel monitors
(also known as subpixel font anti-aliasing) when using the KDE interface.
In RedHat 9, fonts have nice anti-alias effects using grey pixels around font characters.
In RHEL4 and SL4, by default, KDE gives fonts which are anti-aliased using sub-pixel colors.
For me, this results in colour fringing round the font characters,
which may well not be intended, and which is a bit unpleasant, in my view.
This doesn't happen for Gnome.
The KDE Control Center Font settings for sub-pixel hinting have no effect.
Various ideas off the web of setting rgba:none in /etc/fonts/local.conf
also didn't work for me.
A comparison of xrdb -q output under KDE and under Gnome shows that Gnome sets
a resource Xft.rgba: none if sub-pixel rendering is off, and KDE doesn't.
A circumvention then is to add the line Xft.rgba: none
to /etc/X11/Xresources,
so that it is set for KDE as well as for Gnome.
* /usr/share/apps/kdesktop/DesktopLinks
This directory contains prototype desktop icons for a new KDE user.
Add a file USBdisk in the desktop format, which will then appear
(along with the other desktop files in this directory)
in a new user's Desktop folder.
Remove the file starthere.desktop which we don't use.
Modify file CD by changing Name=CD/DVD-ROM to something without a slash,
so that this file gets copied for a new user - otherwise it's omitted!
* /usr/share/fonts/MSfonts
This directory contains TrueType fonts originally from Microsoft,
such as Arial, Comic Sans MS and Verdana.
These are/were freely available from Microsoft, which is how I got mine,
from their Typography site.
Having created the /usr/share/fonts/MSfonts directory
and put the .ttf files there, I ran (in that current directory):
ttmkfdir > fonts.scale; mkfontdir; fc-cache
Simply adding this directory was sufficient for some applications like Mozilla
to find these fonts. For others,
I needed to chkfontpath -a /usr/share/fonts/MSfonts
which updates the /etc/X11/xfs/config file as well as telling the font server.
Microsoft TrueType fonts are also available as RPMs,
which do all the postinstall actions required too, from
this site.
The ttf files in these RPMs contain more international encodings than mine
(and so are quite a bit fatter).
* /etc/yum.conf
Updated to choose which mirrors we use for updating the system with yum.
The yum update to the latest RPMs first takes place as a %post-install operation
when our desktop PCs and worker nodes are initially loaded.
/etc/hosts
Customised to include local machines to reduce impact of DNS failure.
/etc/hosts.deny
Customised to ALL: ALL.
/etc/cron.allow
Customised to restrict who can use the crontab command (empty file means nobody).
/bin/ll
Provided as an effective alias for ls -l under any shell.
/root/conf/pineconfrc
Configures /etc/pine.conf for local conventions.
By providing this as a script, we avoid having to re-write every time
pine is upgraded.
/root/conf/afsrpmrc
Loads the openafs RPM if necessary. Already present for SL3.
/root/conf/afsconfrc
Configures AFS cell and cache.
/root/conf/anacronrc
Removes /usr/local directories from search PATH in /etc/anacrontab.
Don't know why they're there; cron doesn't have them so why should anacron?
/root/conf/cronrc
Deactivates cron actions in /etc/cron.d/ and /var/spool/cron/ for packages we don't use yet.
/root/conf/chkconfigrc
Configures local services on or off using /sbin/chkconfig.
/root/conf/hostnamerc
Configures hostname in /etc/sysconfig/network to have a consistent case and format across machines.
/root/conf/fontsrc
Changes the order of preference in /etc/X11/fs/config to choose 100dpi fonts before 75dpi ones.
* /etc/sysconfig/desktop
Set the default desktop and display-manager to KDE.
DESKTOP="KDE"
DISPLAYMANAGER="KDE"
/root/conf/iptablesrc
Chooses correct iptables setup for the target host.
/etc/sysconfig/iptablesdt
The normal configuration for /etc/sysconfig/iptables on our desktops.
/root/conf/passgr
Merges local groups into /etc/group.
/root/conf/passpw
Merges local users into /etc/passwd.
/etc/sysconfig/static-routes
Static routes for our desktops (if any).
/root/conf/fstabrc
Merges local /etc/fstab.{nfs,usb}* files into /etc/fstab.
/etc/fstab.nfs*
NFS entries to be merged into /etc/fstab
/etc/fstab.usb*
USB entries to be merged into /etc/fstab, like /mnt/usbdisk.
/etc/cron.daily/bham*
Local daily tasks.
/etc/log.d/conf/logwatch.conf
Customised so I'm not inundated by emails from logwatch on every desktop PC each morning:
just the important bits.
/etc/log.d/conf/services/sendmail.conf
See above.
A particular irritation is when logwatch sends information about the sendmail log
entries corresponding to the email it sent me about the sendmail log entries yesterday!
Removing this file or modifying what it looks for will fix this problem.
/etc/rc.d/rc.local
Local startup tasks.
/etc/rc.d/init.d/netfs
Tweak this system script to add the fork option to the mount:
mount -a -t nfs -F
Without this, if more than one file-server is not working at boot time,
then the mount(s) for each failed file-server
causes a wait of 7 minutes 18 seconds (or thereabouts),
so four would make about half-an-hour - irritating long!
Note that it's for each file-server and not for each file-system.
With the -F option, then the mounts for different file-servers are done in
parallel, so these long wait times do not accumulate.
/etc/resolv.conf
See /sbin/dhclient-script.
/etc/skel
Customized initial home directory files for new users.
/etc/logrotate.conf
Customized log rotation to keep logs by month and for longer.
/etc/mailcap
Customised /etc/mailcap calls /usr/local/bin/pdfviewer rather than /usr/bin/xpdf for PDF files,
allowing a user environment variable to choose between xpdf and acroread.
Also customised for OpenOffice equivalents to ms-word,
ms-excel and ms-powerpoint.
/etc/mailcap is used by the pine mail client by default.
It's also used by mozilla and SeaMonkey, and by Firefox from 2.0 onwards
(though not for example by Firefox 1.5, as noted below).
For these browsers, the variable which defines this file's location
can be found in an about:config listing.
/etc/profile
A worthy addition to /etc/profile or /etc/profile.d/something is
a check to see if the $HOME file system is full,
or if a hard quota limit has been exceeded.
A maxed-out $HOME can lead to several insidious errors without necessarily showing any relevant error message.
For example, when logging on to a server with a full $HOME file system,
ssh X11 forwarding can't be properly set up because $HOME/.Xauthority cannot be updated,
and when you later start an X application, you get the message:
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
If you successfully logon, despite running out of $HOME disk space or quota,
but then use an ssh command to somewhere else,
you're likely to get the following message from the ssh client command:
Warning: No xauth data; using fake authentication data for X11 forwarding.
/etc/syslog.conf
Customized system logging.
+ /etc/updatedb.conf
Updated to say DAILY_UPDATE=yes.
Customise which files are included in the default locate/slocate database.
For machines which are solely file-servers, add their mount point to PRUNEPATHS
so that exported file areas are not included, as users can't see this database anyway.
Note that even though this conf file
is sourced by the /etc/cron.daily/slocate.cron script,
updatedb appears to read it directly as well.
To give users similar info for those exported NFS disks,
our file-servers do a twice-weekly updatedb scan of each exported disk,
and write the resulting database to a special info directory on that exported disk.
Then we have a mylocate script for users,
which accesses that database to report on just that user's files.
I guess if performance was an issue, one could create
an individual slocate database for each user.
/etc/X11/xdm/kdmrc
Change the font size and heading text on the kdm login panel.
Also comment-out the section headed [Desktop0], because
changes in this section here do not work anyway, and the section name gives rise to the
syslog error message:
kdm_config[nnnn]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42
Instead, put any welcome-screen background changes in the file /etc/kde/kdm/backgroundrc.
Note that kdm runs because I have configured DISPLAYMANAGER in /etc/sysconfig/desktop.
/root/conf/kdmlistenrc
For hosts that I want to provide a local X-terminal XDMCP listener service,
this configures file /etc/X11/xdm/kdmrc to set Enable=true.
Note that kdm runs because I have configured DISPLAYMANAGER in /etc/sysconfig/desktop.
/etc/X11/xdm/Xaccess
Configured to limit access to XDMCP service to local X-terminals
(access also limited by iptables).
/sbin/dhclient-script
This script (amongst other things) creates a new /etc/resolv.conf file
when new information is received from the DHCP client daemon.
For me, I have customised it to add an extra line to /etc/resolv.conf:
options timeout:1 rotate
which sets a query time-out of 1 second
(default RES_TIMEOUT is 5 seconds, which is longer than the attention span of some users)
and rotate queries amongst the DNS nameservers.
/usr/bin/ps2pdfwr
The Postscript-to-PDF utilities (like ps2pdf) all use this ps2pdfwr script.
The default in Ghostscript is US-letter size paper.
By default, even with an A4 Postscript file,
a PDF file created by those utilities crops the top of each A4 page.
This can be corrected by the user by specifying
the papersize in the environmental variable GS_OPTIONS.
But locally I have added
export GS_OPTIONS=${GS_OPTIONS:--sPAPERSIZE=a4}
near the top of this script, to save the ordinary user some hassle.
This way it's easy enough for the expert user to override, on the odd
occasions that A4 is not required.
+ /usr/lib/sasl2/libsql.so
If the libraries in the cyrus-sasl-sql package are present,
then we get two warnings in the system log messages
every time a mail is sent, saying:
sendmail[nnnnn]: sql_select option missing
sendmail[nnnnn]: auxpropfunc error no mechanism available
The first message is from /usr/lib/sasl2/libsql.so
and the second from /usr/lib/libsasl2.so.
Both messages were suppressed by removing the cyrus-sasl-sql package, which
contains the first of these libraries, and which we weren't using anyway.
/usr/lib/mozilla/plugins/libflashplayer.so
Symbolic link to the macromedia flash plug-in, triggers installation
of the flash package for mozilla (download links
here).
/usr/lib/mozilla-1.4.3/defaults/pref/bham.js
Customised mozilla by adding a file of pref calls for local printers and a print.printer_list.
Also see /opt/Mozilla and /opt/Firefox below.
* /usr/share/applications/redhat-web.desktop
This file defines the desktop action when the web browser
front panel icon is clicked on.
Even though it is part of the htmlview package (which provides the
user with a configurable way of invoking their favourite browser),
it is actually a symbolic link to an action that always invokes mozilla!
My replacement for the above desktop file instead invokes htmlview.
Then the user can configure which browser by setting up a file
$HOME/.htmlviewrc: for example, to invoke firefox instead of
mozilla, it could contain:
X11BROWSER=firefox
htmlview is also invoked (for example) by mail clients like pine
on displaying an html file, because htmlview is defined in /etc/mailcap.
So the user gets a consistent browser.
* /usr/share/applnk-local
Directory containing our local KDE applications directories,
which are linked in to /var/lib/menu/kde/Applications.
/usr/share/icons/BHAM*
Extra local icons.
/usr/share/config/kcmartsrc
Added to configure the artsd sound server:
for example to turn off artsd completely by preventing it starting at KDE logon,
or to have a shorter suspend idle time.
The options can also be configured on a user-by-user basis by using
KDE Control Center -> Sound & Multimedia -> Sound System -> ARTs,
and the kcmartsrc file so created in $HOME/.kde/share/config could be used
as the model for the system-wide file.
/usr/share/config/kcmdisplayrc
Customized to use energy saving DPMS modes on monitors by default.
Customized so as not to exportKDEColors by default.
The original default gives rise to X11 resources being set up, which appear in a xrdb -query,
for applications like nedit and xwp/wordperfect which the user might never use, and sneakily also sets kprinter
as the default printer setting for acroread and gv.
The user can set the original default back if s/he wishes using KDE Control Centre -> Appearance & Themes -> Colors/Colours -> Apply colors to non-KDE applications.
The resource files are in /usr/share/apps/kdisplay/app-defaults.
+ /usr/share/config/kdesktoprc
Customised so that the default Wallpaper during the login session
start is as required.
By default, new users get automatic desktop icons for the CD-DVD device,
which don't correspond to desktop files in $HOME/Desktop.
This appears to be a change of default from previous RHEL versions.
We don't for the moment need this automatic icon just for the DVD device,
because this and other devices are already defined in our
locally-provided desktop files, so it would be confusing.
So in the [Devices] section of this file, set enabled=false.
On a user-by-user basis, this facility can be controlled in KDE Control Center
Desktop -> Behaviour -> Device Icons.
This file also controls whether user desktop icons get file-content
icon previews: add section [Desktop Icon] and add Preview=true
to override the default (no preview).
+ /usr/share/config/kdeglobals
Customized so that by default a single-click is required to start an application from an icon
rather than a double-click. I'm not in favour of this retro double-click!
[KDE]
SingleClick=false
Also change default Widget style.
Change the shortcut key combination for ending a KDE session
from Alt-Ctrl-Delete to Alt-Ctrl-End:
Ctl-Alt-Del is used by MS Windows client viewers to terminal servers, and users don't
want to have to learn new shortcuts just for when they're viewing from Linux.
[Global Shortcuts]
Logout=default(Alt+Ctrl+End)
The file manager konqueror does not generate preview icons by default now (unlike in RHEL3),
but may still read files to see if they contain thumbnails.
But many users might like to retain a meaningful last access time for files,
instead of the last access time being the last time the user used konqueror!
So turn konqueror previews and thumbnails off by default, by adding:
[PreviewSettings]
MaximumSize=0
file=false
UseFileThumbnails=false
+ /usr/share/config/kdeprintrc
It is no longer necessary to change the default Printsystem to CUPS:
it seems to be the default (unlike in earlier releases).
/usr/share/config/kickerrc
Customize our local kicker Panel:
demote those OpenOffice applications back to the start menu where they belong.
Also in section Buttons, set enableIconZoom=true
so that buttons on the kicker panel zoom larger when the mouse hovers over
them.
+ /usr/share/config/konsolerc
Remove the Menubar and Toolbar by default from konsole
(too confusing for users).
+ /usr/share/config/klaunchrc
When you start an application from the panel, by default the mouse cursor
changes to a blinking image associated with the application started.
If the application is a screen grabber then sometimes in the past
the grabbed image was somehow corrupted by this blinking cursor.
More to the point, it can be irritating!
To turn the facility off, in the [FeedbackStyle] section
of the above file, add BusyCursor=false, and
add a [BusyCursorSettings] section, with Blinking=false and Bouncing=false.
+ /usr/share/config/kpartsaverrc
Add customised files for this screensaver to show some pictures
rather than "The screen saver is not configured yet",
particularly when the screensaver was chosen randomly.
It used to be necessary to supply a kslideshowrc as well, but this now
has working default images.
/usr/share/config/kwinrc
Change the default PluginLib to kwin_keramik,
and window MoveMode and ResizeMode to Transparent rather than Opaque, by default.
+ /usr/bin/startkde
Customised to add xmessage commands for errors like
Not enough free disk space on /tmp,
rather than just dropping the user back to the login screen without visible comment.
/root/conf/screensaversrc
This renames files in
/usr/share/apps/kscreensaver/ScreenSavers/
like KSolarWinds.desktop and KFountain.desktop
to a non-desktop suffix, so that they aren't chosen by the random
screensaver choice, and don't appear in the screensaver chooser panel.
Some screensavers like SolarWinds are just too busy,
particularly for multi-user hosts!
* /root/conf/xfreerc
This chooses between several /etc/X11/XF86Config.versions according to the target,
depending on the graphics card and whether the PC has a wheel-mouse,
to set up the X server, and sets the default runlevel in /etc/inittab to 5.
It may be necessary to configure /etc/X11/XF86Config a bit by hand if
the particular keyboard is not our standard layout or language:
our default is Option "XkbLayout" "gb",
and also /etc/sysconfig/keyboard contains KEYTABLE="uk"
for text-mode sessions.
/var/mail
* /etc/rc.d/init.d/sendmail
A tiny modification of the sendmail start/stop script,
so that it doesn't start or kill the sendmail port 25 listener if DAEMON=no:
there's no reason to run that daemon if nothing arrives in the
/var/spool/mqueue queue, as in our configuration: see below.
* /etc/sysconfig/sendmail
Configuration file which sets DAEMON=no and SMQUEUE to 5 minutes
(this is the queue retry time for the submit sendmail daemon): see below.
* /etc/mail/submit.mc
A customized version of the sendmail local submit configuration,
so that it has FEATURE(`msp', `[my.mail.relay]') instead of [127.0.0.1].
It is unnecessary to configure /etc/mail/sendmail.mc: see below.
By default in RHEL, SL, and RedHat 9, outgoing email takes an
unnecessary extra hop, and there are two sendmail daemons.
A mail client (such as pine) invokes /usr/sbin/sendmail which
runs under user:group smmsp:smmsp (using configuration submit.mc)
to send email to localhost port 25.
A sendmail daemon (running under smmsp:smmsp and using configuration submit.mc)
runs to retry any mail
sitting in the /var/spool/clientmqueue directory
that failed to get through to this local port first time.
Another sendmail daemon (which uses configuration sendmail.mc)
is configured to listen on localhost port 25
and do the real work of mail relaying:
forwarding email to the local mail hub or to the big wide world,
first enqueuing it in /var/spool/mqueue.
Only if this host is a mailhub would it be configured to listen on
0.0.0.0:25 to receive email from the big wide world.
For our desktop clients, having a sendmail daemon listening to
localhost port 25 and running in root mode is unnecessary
and is potentially a security issue if a bug is found in sendmail.
So the submit.mc configuration file (see above) is set up so that the
email is forwarded to the local mailhub in one hop.
This has the side advantage that mailq -Ac will actually
show if mail is for some reason still on the local desktop -
not possible for the ordinary user if
the mail has disappeared and gone into the port 25 listener.
We just then have the one sendmail daemon
(non-root, using the configuration submit.mc)
to retry emails in /var/spool/clientmqueue
which failed first time to the local mailhub.
+ /etc/cups/client.conf
This is customised to define ServerName as the
name of our local CUPS server which handles the printer queues.
This removes the requirement for us to define all our network printers
on every desktop, or to run the cupsd daemon
on every desktop either: cups can be left chkconfig'd off.
The cups client commands, like lpr, then communicate with
just one server directly.
+ /etc/xinetd.d/cups-lpd
This file is customised on one server only, for our group.
We are using the lpd protocol
from our few Windows desktops and from laptop Windows systems
because it behaves better than ipp.
So we need to have xinetd and cups-lpd chkconfig'd on,
and /etc/hosts.allow configured to allow cups-lpd for our local subnet,
on one of our servers.
The default for cups-lpd is not to produce a banner-page.
In order to turn a banner-page on, the /etc/xinetd.d/cups-lpd file
needs the following addition:
server_args = -o job-sheets=standard,none
We substitute our local banner page for standard.
This feature now works in RHEL4/SL4: it didn't work in RHEL3/SL3.
* /usr/local
Distributed files for our local desktops.
* /usr/local/bin/acroread
This wrapper script was created to fix several problems with
Adobe Acrobat Reader (acroread) at version 5.
It is not really necessary for Adobe Acrobat Reader 7 (or later, hopefully).
First it unsets the LANG variable to allow acroread 5 to work,
avoiding Warning: charset UTF-8 not supported message and abort.
Also, mozilla invokes acroread (or our pdfviewer script)
without a current directory (this is still true at the time of writing),
which causes the acroread version 5 binary to fail,
so the acroread wrapper script does a cd "$PWD" which fixes the problem
if invoked by mozilla, and is harmless otherwise.
Also we have a feature to put debugging into effect (option -DEBUG acrodebug)
if the file /tmp/acro.debug exists.
* /opt/Adobe/Acrobat7.0
Acrobat Reader 7 (acroread) installation,
and version 5 in a similar directory.
These are as downloaded from
Adobe.
Version 7 at my current release (7.0.1) has a PostScript printing bug,
whereby some PDF files, which display perfectly correctly on the screen,
produce print output which is garbled and
where characters are replaced by substitute garbage characters
like "h" or "x". You would have thought that Adobe could get PostScript right!!
This error occurs on any of my printers, and when printing to a disk file,
and when using acroread in its -toPostScript non-GUI mode.
Analysing the PostScript output with the gs command shows lots of
undefined characters - "Substituting .notdef for A", for example -
but this is not a ghostscript problem because the
gibberish also occurs when printed on any genuine PostScript printer
in a direct way which never goes near ghostscript
or CUPS or any other such system.
Although some advice on the web is to re-set the LANG or other associated variables,
as noted above for the display-time problem with Acrobat Reader 5,
this did not work for me with Acrobat Reader 7 when printing.
The circumvention for this, I have found, is to tick the Save Printer Memory tick-box
at the bottom of the Print dialogue window. Then the print-out is perfect.
For non-GUI invocation with -toPostScript option, add the -saveVM option.
Presumably this then causes acroread in its PostScript output to specify font characters
in a different way which is not subject to the bug.
The other circumvention is of course to use xpdf.
A further bug with acroread 7 seems to occur when the -toPostScript option
is used without further arguments, that is, when used as a filter with
output to standard output.
The last portion of the PostScript output (a few thousand bytes) was missing:
the output size was an exact multiple of 8 kbytes,
presumably because of a failure to flush.
This does not happen when output is to a disk file.
With the older version Acrobat Reader 5, to avoid an error with some PDFs
(message says An error has occurred that may be fixed by installing the latest version of the Korean Language Support package)
I installed the Adobe
Korean font package.
* /opt/Mozilla-1.x.x/defaults/pref/bham.js
This added file contains additional pref() calls to add more printer command definitions.
It also sets the default paper size to A4:
pref("print.postscript.paper_size", "A4");
* /opt/Mozilla-1.x.x/plugins
This directory has some added symbolic links to Mozilla-compatible
plugins for Flash, Java, and RealPlayer. Depends on versions installed:
as of March 2005 these links are/were:
libflashplayer.so -> /usr/lib/flash-plugin/libflashplayer.so
libjavaplugin_oji.so -> /usr/java/jre1.5.0_01/plugin/i386/ns7/libjavaplugin_oji.so
mplayerplug-in.so -> /usr/lib/mozilla/plugins/mplayerplug-in.so
nphelix.so -> /opt/RealPlayer-10/mozilla/nphelix.so
nphelix.xpt -> /opt/RealPlayer-10/mozilla/nphelix.xpt
These all work well. It's said, though, that after a browser upgrade,
it's possible that a Java page can crash the browser.
This doesn't happen for a fresh user,
so maybe it would be sufficient to remove the user's pluginreg.dat
and/or plugins directory contents.
It's also possible to crash the browser on a Java page
if the user has set up a spoofed useragent string:
this caught me out recently, but it's a known problem
in Java initialisation.
+ /opt/Firefox-2.x.x.x
Firefox 2 was installed, initially at 2.0.0.3 version, because Firefox 2
supports settings located in /etc/mailcap, the normal system location
for relating mime-types to actual applications.
This facility, present in mozilla and later Seamonkey, seemed to have disappeared
in Firefox 1.5, as supplied in RHEL4, and FF ignored the file completely:
it never seemed to get read, despite being listed in about:config
under variable name helpers.global_mailcap_file as that name's default value.
+ /opt/Firefox-3.x
Firefox 3 was installed using the standard tar.bz2 file from mozilla.com.
Out of the box, this gives the following error message when started:
error while loading shared libraries: libpangocairo-1.0.so.0:
cannot open shared object file: No such file or directory
SL4/RHEL4 does have a pangocairo library, but it's not in the standard location.
But it's there as part of the frysk package. So the following addition makes it work:
export LD_LIBRARY_PATH=/usr/lib/frysk
* /opt/RealPlayer-10
The RealPlayer10 package was
downloaded from the Real website.
The older RealPlayer8 package, plus RV9 codecs,
was previously downloaded via this Netscape/Mozilla plugins web page.
Note it is necessary with KDE to ensure the artsd daemon is disabled or suspended
(artsshell suspend) while realplayer is running.
Although artsd starts with autosuspend 60 by default,
that doesn't mean that it's in the suspend state when you want it to be!
(Arts can be configured or turned off in a kcmartsrc file or
using Control Center: see above).
Alternatively could use the artsdsp command to start realplay - haven't tried that yet myself.
* /usr/lib/ICAClient
Triggers installation of the ICAClient rpm, for our Citrix server.
A customisation I have had to apply in our script which invokes the ICA client
is to disable the artsd daemon or suspend it (artsshell suspend)
while the ICA client is running (see realplayer comments above).
This appears to be necessary even if sound is disabled
in the user's ICA client configuration.
Otherwise a terminal server session can hang just after the point where
the user has logged in but before any desktop icons appear:
an strace shows that opening /dev/dsp was the last operation.
* /usr/bin/opera
* /usr/java
packages downloaded from Sun here.
* /usr/bin/gmplayer
packages downloaded starting from the
mplayerhq home page.
Also mplayer plugin package (to help with streaming) obtained from
this sourceforge site
or earlier versions
here.
* /usr/bin/X11/xv
* /usr/bin/qdel
The above files trigger installation of the corresponding package RPM(s).
Now some bugs
NFS file status not always updated
In my setup I use NFS version 3 over TCP to some file-servers
from my user desktop clients and from general-servers.
We've noticed that, if one of the NFS clients is creating a large
file, and this file is observed from another NFS client,
then the stat information on the observer is not updated:
the file-size remains at zero or some reduced value.
Also, if the original client changes the mode bits,
then these don't get updated on the observing client.
This should all be controlled by the NFS caching parameters
(for example, acregmax) but in SL4 these don't seem to be
obeyed. The status can be however forced to update by accessing
the file, eg cksum filename.
If the observing client is on SL3, then the status is updated
regularly, obeying the NFS caching parameters, as it should.
This is a little mystery that remains to be explained.
locate/slocate/mlocate issues
I've set things up so that my file servers create their
own locate databases, and then that information is made use of
in my own mylocate command.
But I now have some file servers which run RHEL5/SL5.
I've hit the issue that in RHEL5/SL5 the utility used to
create locate databases is now part of the mlocate rather than the slocate package,
and the format of the database has changed.
This means that those databases cannot be used from my SL4 desktops.
RAID issues
See this separate document.
Sound issues and ALSA versions
The version of ALSA audio support in RHEL4 is quite old now,
version 1.0.6 in RHEL4 compared with 1.0.16 at the time of writing
on the ALSA web site.
For me, there was an issue with support for the front microphone socket
for recent PCs with chip RealTek ALC850 / card Nvidia CK804.
So I got a near-latest version of the alsa-lib, alsa-utils, and
alsa-kmdl packages from http://atrpms.net/dist/el4/.
These worked without a hitch, integrating with the
existing /etc/modprobe.conf without change.
The front microphone socket could then be unmuted using amixer or alsamixer,
without problems.
Time-zone GMT incorrect for epoch second conversions
(This issue is fixed in RHEL 5).
The timezone GMT is configured incorrectly for dates
1968-10-27 to 1971-10-31.
In this period, the date command handles GMT times as if they are UTC+1,
which is incorrect: GMT is and always was UTC.
Although the UK trialled all-year daylight-saving time UTC+1 in that period,
that was called British Standard Time, not GMT.
This still matters because when converting present-day epoch-offset seconds
(such as in job manager log files)
into comprehensible dates, for example:
epochsec=$(date +%s); date -d "1970-01-01 00:00:00 UTC $epochsec seconds"
then you get the wrong result by an hour if you replace the UTC with GMT.
This bug is fixed in RHEL 5.
Now some hardware issues that had to be sorted out:
BIOS settings: legacy USB support
The following applies to RHEL3/SL3 systems.
We have not tested it on RHEL4/SL4 yet.
On our Intel blade servers we had occasional problems when rebooting:
the boot stalls, and can be stuck forever, soon after the
message Hugetlbfs mounted,
or the repeated message:
pc_keyb: controller jammed (0x1D).
For us, this occasional problem can be prevented completely by disabling
legacy USB support in the BIOS,
though other people suggest an alternative of adding a kernel parameter
of usb-handoff.
Another (probably related) problem is that keyboard input is sometimes
blocked after removing and then re-inserting a PS/2 keyboard lead,
which for my blades is connected to a Belkin KVM switch,
which then is unable to switch to another blade (even by selector button)!
Disabling USB legacy support also seems to stop that problem.
L.S.Lowe
Birmingham Particle Physics Group
