Telinit question (affects X and networking) - X

This is a discussion on Telinit question (affects X and networking) - X ; Hello, I'm running Debian 3.0 and Mandrake 9.0--the following problem persists under both of them. I've set up my runlevels so that I can conveniently switch off all networking and related services when I don't need them, for security considerations. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Telinit question (affects X and networking)

  1. Telinit question (affects X and networking)


    Hello,

    I'm running Debian 3.0 and Mandrake 9.0--the following problem persists
    under both of them.

    I've set up my runlevels so that I can conveniently switch off all
    networking and related services when I don't need them, for security
    considerations. As such, runlevel 2 has no networking, and runlevel
    3 has full networking (setting up interfaces, sshd, xinetd). I'm
    booting into runlevel 2 by default, and when I need the network, I just
    issue the command "telinit 3". Then "telinit 2" drops me back to no
    network. Here is the list of my rc2.d and rc3.d directories for the
    exact services (under Mandrake):

    $ ls /etc/rc[23].d
    /etc/rc2.d:
    K09dm@ K50xinetd@ K90network@ S17alsa@ S20xfs@ S95kheader@
    K15numlock@ K60atd@ S12syslog@ S18sound@ S75keytable@ S99devfsd@
    K45sshd@ K89internet@ S15gpm@ S20random@ S90crond@ S99local@

    /etc/rc3.d:
    K09dm@ S12syslog@ S18sound@ S40atd@ S75keytable@ S95kheader@
    S10network@ S15gpm@ S20random@ S55sshd@ S85numlock@ S99devfsd@
    S11internet@ S17alsa@ S20xfs@ S56xinetd@ S90crond@ S99local@

    The problem is that this only works when I use telinit under the virtual
    terminals. Normally, the services are printed out as they are
    started/stopped indicating if the command was successful. But when I
    try to do the same from X11 (I just launch it with startx, and su to
    root in an xterm), "telinit 2" and "telinit 3" apparently have no
    effect; nothing is printed out, and the prompt reappears
    instantaneously. Services are not affected. Curiously, when I go back
    to the virtual terminals while X is still running and issue the commands
    there--they're working.

    Can anyone explain why telinit is not working in an xterm, and how to
    correct this?

    Thanks,

    Gergo


  2. Re: Telinit question (affects X and networking)

    On Wed, 30 Jun 2004, Gergely Korodi wrote:
    >
    > I'm running Debian 3.0 and Mandrake 9.0--the following problem persists
    > under both of them.
    >
    > I've set up my runlevels so that I can conveniently switch off all
    > networking and related services when I don't need them, for security
    > considerations. As such, runlevel 2 has no networking, and runlevel
    > 3 has full networking (setting up interfaces, sshd, xinetd). I'm
    > booting into runlevel 2 by default, and when I need the network, I just
    > issue the command "telinit 3". Then "telinit 2" drops me back to no
    > network. Here is the list of my rc2.d and rc3.d directories for the
    > exact services (under Mandrake):
    >
    > $ ls /etc/rc[23].d
    > /etc/rc2.d:
    > K09dm@ K50xinetd@ K90network@ S17alsa@ S20xfs@ S95kheader@
    > K15numlock@ K60atd@ S12syslog@ S18sound@ S75keytable@ S99devfsd@
    > K45sshd@ K89internet@ S15gpm@ S20random@ S90crond@ S99local@
    >
    > /etc/rc3.d:
    > K09dm@ S12syslog@ S18sound@ S40atd@ S75keytable@ S95kheader@
    > S10network@ S15gpm@ S20random@ S55sshd@ S85numlock@ S99devfsd@
    > S11internet@ S17alsa@ S20xfs@ S56xinetd@ S90crond@ S99local@
    >
    > The problem is that this only works when I use telinit under the virtual
    > terminals. Normally, the services are printed out as they are
    > started/stopped indicating if the command was successful. But when I
    > try to do the same from X11 (I just launch it with startx, and su to
    > root in an xterm), "telinit 2" and "telinit 3" apparently have no
    > effect; nothing is printed out, and the prompt reappears
    > instantaneously. Services are not affected. Curiously, when I go back
    > to the virtual terminals while X is still running and issue the commands
    > there--they're working.
    >
    > Can anyone explain why telinit is not working in an xterm, and how to
    > correct this?


    I could be wrong, but doesn't X require networking (port 6000 on
    localhost). So it would be kind of foolish to kill networking from X
    which would render X unusable. Maybe the system recognizes that this
    would render your current terminal unusable and therefore saves you from
    making such an error.

    For example some people have problems when they or something (like dhcp)
    changes their hostname on the fly, because that new hostname may not have
    permission (xauth) to access that X server or the system may not be able
    to find a local IP for the new hostname.

    --
    David Efflandt - All spam ignored http://www.de-srv.com/

  3. Re: Telinit question (affects X and networking)

    > I could be wrong, but doesn't X require networking (port 6000 on
    > localhost). So it would be kind of foolish to kill networking from X
    > which would render X unusable. Maybe the system recognizes that this
    > would render your current terminal unusable and therefore saves you from
    > making such an error.

    Actually, it is only needed for remote logins. And if you make a
    firewall, you can safely allow all traffic in and out on the lo
    interface, while eth0 is more or less blocked. You can also start the X
    server with "-nolisten tcp" to disable listening on 6000 completely (I
    do it that way, even though I have a firewall).

    > For example some people have problems when they or something (like dhcp)
    > changes their hostname on the fly, because that new hostname may not have
    > permission (xauth) to access that X server or the system may not be able
    > to find a local IP for the new hostname.

    That's true. If you change the hostname from an xterm, you will not be
    able to start any new X programs etc. until the X server is restarted
    (or perhaps one could just regenerate the authentication files - I'm not
    sure).

    Michal

  4. Re: Telinit question (affects X and networking)

    On Wed, 30 Jun 2004 22:05:04 +0300,
    Gergely Korodi , in
    wrote:

    >+ Can anyone explain why telinit is not working in an xterm, and how to
    >+ correct this?


    I can verify that telinit is *mostly* not working in an xterm. I can
    replicate the behaviour you see with telinit 2/3, but telinit 1 does
    indeed drop you into single-user mode.

    Nothing in the man page indicates what behaviour to expect when
    running in an xterm.

    James
    --
    Consulting Minister for Consultants, DNRC
    I can please only one person per day. Today is not your day. Tomorrow
    isn't looking good, either.
    I am BOFH. Resistance is futile. Your network will be assimilated.

  5. Re: Telinit question (affects X and networking)

    Gergely Korodi wrote:
    [snip]
    >The problem is that this only works when I use telinit under the virtual
    >terminals. Normally, the services are printed out as they are
    >started/stopped indicating if the command was successful. But when I
    >try to do the same from X11 (I just launch it with startx, and su to
    >root in an xterm), "telinit 2" and "telinit 3" apparently have no
    >effect; nothing is printed out, and the prompt reappears
    >instantaneously. Services are not affected. Curiously, when I go back
    >to the virtual terminals while X is still running and issue the commands
    >there--they're working.
    >
    >Can anyone explain why telinit is not working in an xterm, and how to
    >correct this?


    This is a simple question with a surprisingly complicated answer. The
    messages that you (don't) see are actually log messages: that story
    is told in places like syslog(3), syslogd(8), syslogd.conf(5), and
    wherever /dev/console is documented.

    Real security requires an intrusion-detection system, and it requires
    analyzing logs: this is when you get to know the above pages quite
    well. I don't want to pursue that path today.

    So the weasel answer is that many sysadmins learn to run xterm -C as a
    small window on their desktops, and use it as an output-only window
    (although it will take input). It is here that you will see things
    like messages from init(8).


+ Reply to Thread