Open Source

Using Kondara MNU/Linux Server 2000

Vincent Danen thinks Kondara is on the right track marketing MNU/Linux Server 2000 toward the server market, but he ran into some serious installation snags.

I was recently given the opportunity to install and play with the new Kondara MNU/Linux Server 2000 Linux operating system. This is the latest version of Kondara MNU/Linux by the Kondara Project and Digital Factory USA. For those of you wondering what MNU is (we’re all used to seeing GNU Linux), it stands for “Mount is Not Umount” and is also said to be the expression of a sound made when you touch a penguin (I have been unable to verify this, however).

The biggest selling point of Kondara over other distributions is its server capabilities. Kondara is geared toward Linux servers and provides the basics, such as sendmail, Apache, Samba, bind, NFS support, and so on. But what seems to be even bigger than this is a suite of tools Kondara uses called mph. This suite of GUI tools was written by the Kondara Project for Kondara MNU/Linux and consists of the following:
  • mph-kernel: Customizes kernel packages
  • mph-user: User management
  • mph-sysv: Sets up system services
  • mph-backup: Easy system backup tool
  • mph-dns: Sets up Domain Name Service systems
  • mph-host: Sets up access control using Port Mapper
  • mph-nfs: Sets up NFS
  • mph-sendmail: Sets up sendmail
  • mph-apache: Sets up the Apache Web server
  • mph-ipfwadm: Sets up the system firewall

From the sound of it, this is a very impressive set of administrative tools. Kondara also provides the swat package for Samba management. The whole Kondara distribution is very server-centric, and they even boast that the kernel has been fine-tuned specifically for server environments. The minimum requirements for Kondara MNU/Linux are a Pentium-class system or higher, 64 MB RAM, and 1.2 GB of free drive space. The retail box also includes four CDs: the first for i586 computers, the second for the Alpha platform, the third containing source code, and the fourth containing some third-party applications.

Kondara installation

Figure A
Figure A shows the user administration tool available during installation.

After booting off the CD-ROM, you are immediately presented with a choice of either a text-based or GUI installer. After selecting the one you want to use (I chose the GUI), your standard kernel loading messages appear. The first menu after this asks which language you wish to use during the installation: English or Japanese. It should be noted that Kondara MNU/Linux seems to have started as a Japanese port of Red Hat, which may explain why the text installer is basically Red Hat’s text installer with Kondara’s options.

The GUI installer is quite nice. It’s not very colorful, but it’s very easy to read and understand and includes a nice Help window. For this installation, I chose the Server class (you can choose among Server, Custom, GNOME Workstation, and KDE Workstation). Since Kondara is targeting the server market, I wanted to see how it handles as a server. I was also very excited to see these mph tools.

This version of Kondara uses the 2.2.16 Linux kernel, and as a result, they included support for ReiserFS. Very nice. The drive partitioning utility is basically a graphical Disk Druid, which is nice because anyone coming from a Red Hat background will be familiar with Disk Druid.

After creating a 15-MB /boot partition, a 48-MB swap partition, and a 1.5-GB root partition, I answered a few more questions, primarily dealing with time zone information and network information. (Edmonton [where I live] was listed as being in America. It’s in Canada! I couldn’t believe the error. This is a personal gripe, though, and doesn’t reflect on the product itself. Honest.)

The installer also asks for a root password and gives you the opportunity to define the number of users you want to set up on the system. I was a little surprised that it only asked for the login name, password, and real name, without asking what type of shell should be used. Finally, it asks about installing XFree86 3.3.6. For some reason, I could not get any of the X tests to work properly at this point. I ended up selecting a generic Multisync monitor and telling the installer to skip the X tests. This was no big deal as I’m (unfortunately) used to configuring X after installation anyway. Once this was complete, the package installation began. I had a little dependency issue, however, which surprised me. I was not once given a choice about what packages to install, so I am assuming that the Server install class has a preselected set of packages. In light of this, one would assume that there should be no dependency issues since the user can’t change anything.

Post-installation trouble
After the installation was complete, I booted into my freshly installed Kondara MNU/Linux system prepared to fire up X and check out these new GUI tools. This is where my problems began. The startx command was not found. So, after looking at the manuals (which, by the way, are magnificent), I found that I needed to run a desktop-chooser called sdr. This allows you to choose the screen language to be used (Japanese or English) and what desktop environment you want (GNOME, Enlightenment, Sawmill, and a few others). The closest I got to the sdr program, however, was the screenshot in the documentation. For some reason sdr was not on the system, either.

I was understandably confused. I had no means of getting into X. For a server, I would not consider this to be a bad thing, generally speaking. However, all of these neat-sounding mph tools are GUI tools, and this implies that one needs X to run them. Obviously, I could edit configuration files by hand and be a happy camper, but that was not the point of my exercise. I was looking at Kondara for what it had that was new and different from other distributions, and the mph tools were the big things.

Since Kondara is based on Red Hat, it also used RPM packages, so I did a quick scan of the packages that were installed. Much to my shock, I found four packages dealing with XFree86 installed: XFree86-libs, XFree86-xfs, XFree86-75dpi-fonts, and XFree86-jpfonts. Now, as much as libraries, the xfs font server, and fonts are necessary, without having a server installed, there isn’t much point to them. Digging even further, I found that the package that included the sdr utility wasn’t installed, nor were any window managers. This seemed like an extremely huge error, and since I have found that most huge errors originate from behind the keyboard, I set out to reinstall Kondara and pay a little more attention.

After the reinstall, once again selecting Server class, I ended up in the same spot. Still no X, no window managers, nothing to let me use the mph GUI tools. In fact, those tools were not even installed! I think if Kondara wants to sell a set of tools to the server market, they should make sure that the environment exists in a Server class install so that people can use those tools. They should also make sure those tools are installed!

I had neither the time nor the patience to sit and install the XFree86 RPMs and satisfy the dependencies manually. In fact, I shouldn’t have had to do this. So I went back to the beginning (again) and selected the GNOME Workstation. At least with this install class, I was guaranteed to have X and a desktop environment installed and (I hoped) those administrative tools.

The mph suite of tools
Once everything was installed, I was disappointed to find that they had not even included the mph_admin (or any other mph tools) in the GNOME menus. I had to start mph_admin from an xterm.

Figure B
The main mph window.

Once mph_admin was started, it provided an easy interface to the other mph tools, which were all grouped together. The first item in the left-hand menu window was the System Services item, which is similar to the Control Service Activity in the linuxconf Control Panel. It showed the different services installed, their current state, and the runlevels in which they are invoked. You can edit each entry, but the only thing you can change is the runlevel in which to start the service, selectable from runlevel 2 through runlevel 5.

The next item on the list is entitled Backup File System (important for any system administrator). The first field is entitled Output and points to a system device (/dev/st0 by default). Below that is a tree display of the file system, which allows you to Mark and Unmark specific directories for backup. While looking around to see what did the actual backup, I found a 0 byte README file (how useful is this?) in the /usr/doc/mph_backup_0.1/ directory. I can only assume that mph_backup uses tar to perform the backup.

mph_backup is a nice looking tool that makes it easy to select which directory you want to back up (and includes a Backup button to start tar, which I assume dumps the archive directly to the tape). The only thing missing is a similar tool called mph_recover or something similar to restore your backups, a concept which is not mentioned at all in the manuals.

The third item on the list is User Accounts. This is a very slick interface that ties in with a number of services. You can select the username from the pull-down list, which makes it easy to edit users. There are also a number of tabs at the bottom of the window that allow you to configure certain options. The first tab allows you to enable or disable FTP access to the machine, and it also allows you to jail the user in their home directory using chroot. This is the first time I've seen this. The FTP server that Kondara installs is wu_ftpd, so the more security enhancements, the better. You can also configure the user's APOP account settings for POP3 e-mail. There is a Sudoers setting, which allows you to configure sudo access. This is a nice feature, but nowhere is there an easy way to configure sudo, which would be nice as well. You can also configure additional groups for the user and e-mail aliases.

The Access Control, or mph_host tool, basically configures Port Mapper. You can specify a program (like in.ftpd), and then select whether you will allow all hosts, local domain only, or specific hosts that you choose. You can also enter a command in the Booby Trap field, which is run when a host is denied access to the system. It can be something malicious or something as simple as mailing root. According to the example in the manual, you can use meta characters (the manual shows %d and %h), but nowhere is it documented what these meta characters actually translate into. The other downfall is that you need to know the name of the program to which you want to apply Access Control. This means you need to start poking around in /etc/inetd.conf to find out what services are installed and used on the system. For someone new to Linux servers, this can cause a problem. Without knowing it, someone could leave a wide hole in their system because they didn't apply Access Control to a service they didn't know was installed and running, or simply didn't know the name of.

The Mail Transport, or mph_sendmail tool, is the fifth item on the list. Considering how difficult sendmail is to configure to begin with, I felt quite cheated when I looked at this option. All it does is allow you to specify the domain name to accept mail for, and what domains or IP addresses you allow to send mail through your server. While this is somewhat useful, it would have been quite gratifying to see some more detailed configuration items, perhaps dealing with mail routes and so forth. To give them credit, the user-based mail settings are all configured through the User Accounts section.

The NFS Export option, which uses the mph_nfs tool, is more to my liking. It provides a nice, easy way to specify a path to export, and then for each path allows you to select the client host and then the options for that client (whether they can write, have root privileges, and so forth).

The Apache Config is useful, but only for defining .htaccess control. You can add users with their passwords via the interface, as well as change passwords. You can also go through a tree listing of the Web site file hierarchy and easily apply authentication on a per-directory basis. This makes .htaccess extremely simple to use. But that's about the extent of what you can configure. Perhaps this option should have been called Apache Access Control, since there is very little Apache configuration it allows you to do. In fact, all you can configure for Apache is the server name and the administrator's e-mail address.

The next setting is for DNS Setting. This looked like it could be quite promising, but for some reason it never came up. Trying to start the mph_dns tool on its own resulted in a segmentation fault, so I couldn't even look at it.

The second to last configuration item is Firewall Setting, or the mph_ipfwadm tool. The name of the tool had me a little confused since Kondara uses ipchains, but don't let the name of the tool fool you. It does configure ipchains, not ipfwadm. You can add your four basic rules: Allow, Deny, Reject, and Masquerade. You can also supply a source IP address and netmask, as well as the destination IP address and netmask. This makes creating firewalls much simpler. However, they missed specifying ports in the configuration tool. Rules on simple source/destination rules are good, but the blocking of specific ports is important as well. Since ipchains can do this easily, I fail to see why there is no selectable port option.

The final configuration option is mph_kernel, or the Kernel Setting. This tool impressed me. It's a much easier and cleaner method of selecting kernel options that will allow you to easily compile custom kernels. It allows you to select Network Interface Card, SCSI Card, File Systems, RAID System, and other options. They even include a window that displays progress information as you compile the kernel, so you can do the entire compile process from within mph_kernel. This tool I really like.

Finally, after touring the mph_admin tool, I was rather shocked to find that none of the server’s mph_admin configures were even installed! The mph_apache tool configures Apache (which was not installed), the mph_kernel tool configures the Linux kernel (which was installed, as were the kernel headers, but no kernel source code), the mph_nfs tool configures knfsd, which was not installed, the mph_sendmail tool configures sendmail, which was likewise absent. bind was not installed, which mph_dns configures, and neither was wu_ftpd, which is used by the FTP portion of the user configuration.

My question is this: Kondara MNU/Linux seems to be geared toward the server market. I think this is excellent, but I think they approach it backwards. The server setting installs the servers, but does not install the configuration tools or X11 (which would be required for those tools). The Workstation setting installs X11 and the configuration tools, but not the servers on which the tools work! I'm sure I'm not the only person who finds this approach highly irregular. Regardless of which setting you choose, the end user has to install more packages to make it a server system that can be configured with the custom configuration tools. Choose your evil: Select Server and manually install X11 and the configuration tools with all their dependencies, or select Workstation and manually install the servers along with their dependencies. Regardless of which approach you take, there is work to be done to make it useable as the server that the name Kondara/MNU Linux 2000 Server advertises.

This leads me to a statement on the back of the box which claims: If you want a reliable and easy way to configure Linux servers, Kondara MNU/Linux 2000 Server is it. Our original tool mph allows your network administrator to configure web, mail and file servers using a graphical user interface (GUI) which saves time and effort. Digital Factory has fine tuned the kernel specifically for server environments.

What they fail to mention is the horrendous amount of work required to use the mph tool on actual servers! Unless there is a method to remotely administer servers using mph that I missed (which I don't think I did), the statement on the box is entirely misleading and will cause the said network administrator more grief than benefit.

While I think that Kondara is perhaps on the right track in trying to make system administration easier, they've gone about it completely the wrong way. One can only hope that Kondara MNU/Linux Server 2001 will get right what this edition got horribly wrong.

Vincent Danen, a native Canadian in Edmonton, Alberta, is an avid Linux "revolutionary" and a firm believer in the Open Source philosophy. He attempts to contribute to the Linux cause in as many ways as possible, from his Freezer Burn Web site to local advocacy in his hometown. Owner of a Linux consulting firm, Vincent is also the security updates manager for MandrakeSoft, creators of the Linux-Mandrake operating system. Vincent is a certified Linux Administrator by

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

About Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks

Free Newsletters, In your Inbox