Boas Férias
LOJADOTELEMOVEL.com -- A maior loja Portuguesa de acessórios e telemóveis Qualidade e garantia de um bom serviço -- Esta semana NÂO PERCA: * * CAMPANHA DE VERÃO * * Na compra de uma Bolsa 100% pele Genuina Pierre Cardin recebe um prático necessaire (bolsa) para levar o seu telemóvel para a praia. Compre aqui: http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3739SESSAO= ++ CARCAÇAS PARA O ALCATEL 511 (de fácil instalação) ++ http://www.lojadotelemovel.com/default.php3?cPath=509_582SESSAO= ++ CANSADO DO SEU VELHO MOTOROLA V3688 ? ++ Converta-o num moderno Motorola V66. Saiba como... http://www.lojadotelemovel.com/default.php3?cPath=509_542SESSAO= ++ VAI DE FÉRIAS? ++ Não se preocupe com a bateria do seu telemóvel. A lojadotelemovel.com lança em Portugal carregadores manuais de bateria e que dispoêm de lanterna. Ideal para Actividades ao Ar Livre. http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3624SESSAO= ++ CHE GUEVARA EM CARCAÇAS PARA O SEU TELEMÓVEL. ++ O mitico Che agora no seu telemóvel. Escolha o modelo, e veja a carcaça respectiva: http://www.lojadotelemovel.com/default.php3?cPath=509SESSAO= ++ VEJA AINDA: - Auriculares desde 6,99 -Carregadores de Isqueiro a 7,99 e muito mais baixas de preços: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ DIGA NÃO ÀS MULTAS ++ Não conduza ao telemóvel. Fuja às multas e respeite o transito: Kit de Mãos Livres de Viatura de excelente qualidade. Disponível para todos os telemoveis: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ SPIDER MAN ++ o Spider Man ataca, agora com capas personalizadas do seu herói da Banda desenhada e que agora chega às salas de cinema: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ NÃO ENCONTROU O QUE DESEJAVA ++ Temos mais de 5.000 artigos em stock. Contacte-nos pelo TLM 933265706 Cratos pela atenção H. Cardoso http://www.lojadotelemovel.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
hello, On Thu, 4 Jul 2002, Rajeev Sharma wrote: it shows 1% data loss and some time 0% data loss.. i have checked my cables,switch ...but no use check the duplex negotiation... for better performance usually you should force to 100mbit/FullDuplex both the switch port and the server nic (use the mii-tool or the eth kernel module parameter on the linux side) -- bye, emilio brambilla -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Admin for E-MAIL users only
What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
Wide questionthis is refering to riddle If all can be done through webmin, then through webmin it is /riddle El jue, 04-07-2002 a las 11:55, rj escribió: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
On Thu, 2002-07-04 at 12:55, rj wrote: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? sudo. We write a couple of wrapper scripts around adduser (it does a few other things as well) and allow access to it through sudo. An even better (or at least potentially easier) method put the users in a database or LDAP. Most MTA and Linux itself support lookups of aliases and users in this fashion, wrapping a web interface around a db (and likely LDAP) isn't too hard. Fraser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
Hi, I suggest you check the duplex mode on your ethernet interface and your switch. I had a problem similar to yours just a couple of months ago, and tracked it down to the interface auto-negotiating into half instead of full duplex. On a busy ethernet interface that can cause enough collisions to affect TCP throughput substantially, due to that small amount of packet loss. Unfortunately under Linux there is no good way to find out the link speed and duplex condition portably among different ethernet adapters, at least that I am aware of. Here is what I do: $ dmesg |egrep eth[0-2] eth1: Intel Corp. 82557 [Ethernet Pro 100], 00:A0:C9:39:4C:2C, IRQ 19. eth2: ns83820 v0.15: DP83820 v1.2: 00:40:f4:17:74:8a io=0xfebf9000 irq=16 f=h,sg eth2: link now 1000 mbps, full duplex and up. Also unfortunately, most ethernet drivers don't bother reporting this, although you can hack it into your drivers if it is important to you. But another good way to check is to examine your switch: switch0#sh int fa0/2 ... Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX ... This shows 100/full auto-negotiated. Really, this is a bad thing to do, as we should be setting all our ports to 100/full in the configuration, but it probably won't be done until it bites us in the ass. :-) switch0#sh int fa0/24 ... Full-duplex, 100Mb/s, 100BaseTX/FX ... This is a port which has been fixed to 100/full, because it *did* bite us in the ass. It's an uplink to a router and does several mbits/sec 24x7, and that packet loss affected all the TCP sessions going over it, limiting them to around 400Kbits/sec throughput due to TCP backoff :-( I hope this is helpful. -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ On Wed, 2002-07-03 at 22:20, Rajeev Sharma wrote: hi all I am stuck with a problem of my network.. my one debian box is very unstable ..some time it transfer data smoothly(997.0 kB/s)and sometime it hanged up at 123.0 kB/s.. and when i use ping -f 192.168.x.x it shows 1% data loss and some time 0% data loss.. i have checked my cables,switch ...but no use pliz help me **snip** msg06679/pgp0.pgp Description: PGP signature
Re: transfer rate
Hi All, Further to what Jeff said I can also recommend a utility called mii-diag. Simply running this utility will enable you to see the currently selected media type. Use mii-diag -h to see full options. It also allows you to set the media type. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Novidades de Verao
LOJADOTELEMOVEL.com -- A maior loja Portuguesa de acessórios e telemóveis Qualidade e garantia de um bom serviço -- Esta semana NÃO PERCA: * * CAMPANHA DE VERÃO * * Na compra de uma Bolsa 100% pele Genuina Pierre Cardin recebe um prático necessaire (bolsa) para levar o seu telemóvel para a praia. Compre aqui: http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3739SESSAO= ++ CARCAÇAS PARA O ALCATEL 511 (de fácil instalação) ++ http://www.lojadotelemovel.com/default.php3?cPath=509_582SESSAO= ++ CANSADO DO SEU VELHO MOTOROLA V3688 ? ++ Converta-o num moderno Motorola V66. Saiba como... http://www.lojadotelemovel.com/default.php3?cPath=509_542SESSAO= ++ VAI DE FÉRIAS? ++ Não se preocupe com a bateria do seu telemóvel. A lojadotelemovel.com lança em Portugal carregadores manuais de bateria e que dispoêm de lanterna. Ideal para Actividades ao Ar Livre. http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3624SESSAO= ++ CHE GUEVARA EM CARCAÇAS PARA O SEU TELEMÓVEL. ++ O mitico Che agora no seu telemóvel. Escolha o modelo, e veja a carcaça respectiva: http://www.lojadotelemovel.com/default.php3?cPath=509SESSAO= ++ VEJA AINDA: - Auriculares desde ?6,99 -Carregadores de Isqueiro a ?7,99 e muito mais baixas de preços: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ DIGA NÃO ÀS MULTAS ++ Não conduza ao telemóvel. Fuja às multas e respeite o transito: Kit de Mãos Livres de Viatura de excelente qualidade. Disponível para todos os telemoveis: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ SPIDER MAN ++ o Spider Man ataca, agora com capas personalizadas do seu herói da Banda desenhada e que agora chega às salas de cinema: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ NÃO ENCONTROU O QUE DESEJAVA ++ Temos mais de 5.000 artigos em stock. Contacte-nos pelo TLM 933265706 Gratos pela atenção http://www.lojadotelemovel.com - Esta informacao e enviada a todos os subscritores. Caso nao pretenda receber mais informacoes visite-nos em http://www.lojadotelemovel.com e insira o seu endereço na caixa apropriada. - lojadotelemovel.com #1 em telemoveis e acessorios -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: transfer rate
-)Try changing the network cable anyway. If the wrong pairs are used for -)twisted pair (10base-T) then the cable may produce some of the symptoms you -)describe. i have changed my network cable (both patch cord and wire from swith to I/O box) But nop...things are same .. mainly problem is with data transfer on ftp and NFS... it become very slow...(99 kB/s ).. ... -- !!Using Linux!! Compiling Yourself With Linux \ http://www.deeproot.co.in Rajeev Sharma \ \ \ DeepRoot Linux Pvt.Ltd. [EMAIL PROTECTED] \- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Boas Férias
LOJADOTELEMOVEL.com -- A maior loja Portuguesa de acessórios e telemóveis Qualidade e garantia de um bom serviço -- Esta semana NÂO PERCA: * * CAMPANHA DE VERÃO * * Na compra de uma Bolsa 100% pele Genuina Pierre Cardin recebe um prático necessaire (bolsa) para levar o seu telemóvel para a praia. Compre aqui: http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3739SESSAO= ++ CARCAÇAS PARA O ALCATEL 511 (de fácil instalação) ++ http://www.lojadotelemovel.com/default.php3?cPath=509_582SESSAO= ++ CANSADO DO SEU VELHO MOTOROLA V3688 ? ++ Converta-o num moderno Motorola V66. Saiba como... http://www.lojadotelemovel.com/default.php3?cPath=509_542SESSAO= ++ VAI DE FÉRIAS? ++ Não se preocupe com a bateria do seu telemóvel. A lojadotelemovel.com lança em Portugal carregadores manuais de bateria e que dispoêm de lanterna. Ideal para Actividades ao Ar Livre. http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3624SESSAO= ++ CHE GUEVARA EM CARCAÇAS PARA O SEU TELEMÓVEL. ++ O mitico Che agora no seu telemóvel. Escolha o modelo, e veja a carcaça respectiva: http://www.lojadotelemovel.com/default.php3?cPath=509SESSAO= ++ VEJA AINDA: - Auriculares desde 6,99 -Carregadores de Isqueiro a 7,99 e muito mais baixas de preços: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ DIGA NÃO ÀS MULTAS ++ Não conduza ao telemóvel. Fuja às multas e respeite o transito: Kit de Mãos Livres de Viatura de excelente qualidade. Disponível para todos os telemoveis: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ SPIDER MAN ++ o Spider Man ataca, agora com capas personalizadas do seu herói da Banda desenhada e que agora chega às salas de cinema: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ NÃO ENCONTROU O QUE DESEJAVA ++ Temos mais de 5.000 artigos em stock. Contacte-nos pelo TLM 933265706 Cratos pela atenção H. Cardoso http://www.lojadotelemovel.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
hello, On Thu, 4 Jul 2002, Rajeev Sharma wrote: it shows 1% data loss and some time 0% data loss.. i have checked my cables,switch ...but no use check the duplex negotiation... for better performance usually you should force to 100mbit/FullDuplex both the switch port and the server nic (use the mii-tool or the eth kernel module parameter on the linux side) -- bye, emilio brambilla -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[ANNOUNCE] Freeside 1.4.0beta1, open-source billing for ISPs
Hi, I'm pleased to announce the first beta release of Freeside 1.4.0. Freeside is a web-based, open-source billing and account administration package for ISPs, web hosts, and similar businesses. You can see a web demo, read the documentation, and download the new beta at http://www.sisd.com/freeside/. ObDebian: Although Freeside is not yet packaged, the dependancies are available in unstable and woody. Major new features in 1.4.0 include: - Billing engine has been rewritten and now has support for easily added price plans. Included price plans include anniversary billing, 1st-of-the-month billing (pro-rated and subscription), free for N days, commissions for referrals and per-minute/per-hour charges. - Customer-to-customer referrals, tracking and commissions. - Configurable invoice events triggered for delinquent customers can re-send invoices, suspend accounts, charge late fees, and so on. - Export and provisioning system has been rewritten. New provisioning methods can now be plugged-in for any service type. Included exports include BSD and Linux password files, configurable shell commands, RADIUS (both text and SQL, including groups), BIND configuration files, Cyrus, vpopmail, and many others. - Complete set of history tables tracking all changes to the database. - Job queue with display and retry for provisioning tasks. - UI overhaul - easier to navigate and use. Quick package order and one-time charges. Separate billing and service contact information. Customer comments. - Performance optimizations. - Financials have been rewritten. Apply payments and credits against specific invoices (in whole or in part), or have the system apply automatically. - Texas tax. - Improved documentation and easier install. -- _ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [ANNOUNCE] Freeside 1.4.0beta1, open-source billing for ISPs
also sprach Ivan Kohler [EMAIL PROTECTED] [2002.07.04.1405 +0200]: ObDebian: Although Freeside is not yet packaged, the dependancies are available in unstable and woody. i'll package it if you wish. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] when a woman marries again it is because she detested her first husband. when a man marries again it is because he adored his first wife. women try their luck; men risk theirs. -- oscar wilde pgpIJmcsHzKzs.pgp Description: PGP signature
Re: [ANNOUNCE] Freeside 1.4.0beta1, open-source billing for ISPs
On Thu, Jul 04, 2002 at 02:53:59PM +0200, martin f krafft wrote: also sprach Ivan Kohler [EMAIL PROTECTED] [2002.07.04.1405 +0200]: ObDebian: Although Freeside is not yet packaged, the dependancies are available in unstable and woody. i'll package it if you wish. Very much so, yes. There's a woefully incomplete and out-of-date debian/ directory in the distibution - the only thing of note is debian/control, which had my preliminary thoughts on how to separate the distribution into different target packages. I also sent a message to the debian-perl list recently regarding ready-to-use packaging of mod_perl applications; you can dig it out of the archives or I'd be happy to send it. -- _ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Admin for E-MAIL users only
What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
Wide questionthis is refering to riddle If all can be done through webmin, then through webmin it is /riddle El jue, 04-07-2002 a las 11:55, rj escribió: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
On Thu, 2002-07-04 at 12:55, rj wrote: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? sudo. We write a couple of wrapper scripts around adduser (it does a few other things as well) and allow access to it through sudo. An even better (or at least potentially easier) method put the users in a database or LDAP. Most MTA and Linux itself support lookups of aliases and users in this fashion, wrapping a web interface around a db (and likely LDAP) isn't too hard. Fraser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
Hi, I suggest you check the duplex mode on your ethernet interface and your switch. I had a problem similar to yours just a couple of months ago, and tracked it down to the interface auto-negotiating into half instead of full duplex. On a busy ethernet interface that can cause enough collisions to affect TCP throughput substantially, due to that small amount of packet loss. Unfortunately under Linux there is no good way to find out the link speed and duplex condition portably among different ethernet adapters, at least that I am aware of. Here is what I do: $ dmesg |egrep eth[0-2] eth1: Intel Corp. 82557 [Ethernet Pro 100], 00:A0:C9:39:4C:2C, IRQ 19. eth2: ns83820 v0.15: DP83820 v1.2: 00:40:f4:17:74:8a io=0xfebf9000 irq=16 f=h,sg eth2: link now 1000 mbps, full duplex and up. Also unfortunately, most ethernet drivers don't bother reporting this, although you can hack it into your drivers if it is important to you. But another good way to check is to examine your switch: switch0#sh int fa0/2 ... Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX ... This shows 100/full auto-negotiated. Really, this is a bad thing to do, as we should be setting all our ports to 100/full in the configuration, but it probably won't be done until it bites us in the ass. :-) switch0#sh int fa0/24 ... Full-duplex, 100Mb/s, 100BaseTX/FX ... This is a port which has been fixed to 100/full, because it *did* bite us in the ass. It's an uplink to a router and does several mbits/sec 24x7, and that packet loss affected all the TCP sessions going over it, limiting them to around 400Kbits/sec throughput due to TCP backoff :-( I hope this is helpful. -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ On Wed, 2002-07-03 at 22:20, Rajeev Sharma wrote: hi all I am stuck with a problem of my network.. my one debian box is very unstable ..some time it transfer data smoothly(997.0 kB/s)and sometime it hanged up at 123.0 kB/s.. and when i use ping -f 192.168.x.x it shows 1% data loss and some time 0% data loss.. i have checked my cables,switch ...but no use pliz help me **snip** pgpYUOTYpLYRj.pgp Description: PGP signature
Re: transfer rate
Hi All, Further to what Jeff said I can also recommend a utility called mii-diag. Simply running this utility will enable you to see the currently selected media type. Use mii-diag -h to see full options. It also allows you to set the media type. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Novidades de Verao
LOJADOTELEMOVEL.com -- A maior loja Portuguesa de acessórios e telemóveis Qualidade e garantia de um bom serviço -- Esta semana NÃO PERCA: * * CAMPANHA DE VERÃO * * Na compra de uma Bolsa 100% pele Genuina Pierre Cardin recebe um prático necessaire (bolsa) para levar o seu telemóvel para a praia. Compre aqui: http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3739SESSAO= ++ CARCAÇAS PARA O ALCATEL 511 (de fácil instalação) ++ http://www.lojadotelemovel.com/default.php3?cPath=509_582SESSAO= ++ CANSADO DO SEU VELHO MOTOROLA V3688 ? ++ Converta-o num moderno Motorola V66. Saiba como... http://www.lojadotelemovel.com/default.php3?cPath=509_542SESSAO= ++ VAI DE FÉRIAS? ++ Não se preocupe com a bateria do seu telemóvel. A lojadotelemovel.com lança em Portugal carregadores manuais de bateria e que dispoêm de lanterna. Ideal para Actividades ao Ar Livre. http://www.lojadotelemovel.com/product_info.php3?cPath=5products_id=3624SESSAO= ++ CHE GUEVARA EM CARCAÇAS PARA O SEU TELEMÓVEL. ++ O mitico Che agora no seu telemóvel. Escolha o modelo, e veja a carcaça respectiva: http://www.lojadotelemovel.com/default.php3?cPath=509SESSAO= ++ VEJA AINDA: - Auriculares desde ?6,99 -Carregadores de Isqueiro a ?7,99 e muito mais baixas de preços: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ DIGA NÃO ÀS MULTAS ++ Não conduza ao telemóvel. Fuja às multas e respeite o transito: Kit de Mãos Livres de Viatura de excelente qualidade. Disponível para todos os telemoveis: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ SPIDER MAN ++ o Spider Man ataca, agora com capas personalizadas do seu herói da Banda desenhada e que agora chega às salas de cinema: http://www.lojadotelemovel.com/default.php3?cPath=3SESSAO= ++ NÃO ENCONTROU O QUE DESEJAVA ++ Temos mais de 5.000 artigos em stock. Contacte-nos pelo TLM 933265706 Gratos pela atenção http://www.lojadotelemovel.com - Esta informacao e enviada a todos os subscritores. Caso nao pretenda receber mais informacoes visite-nos em http://www.lojadotelemovel.com e insira o seu endereço na caixa apropriada. - lojadotelemovel.com #1 em telemoveis e acessorios -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Users deleting public_html and log causing Apache to fail startup
Hi all, The users that know too much keep on deleting their directories that Apache uses to load up files from. For example, assume the user directory is /home/username/public_html (for the HTML docs), and /home/username/log (for the LOG files). If the user deletes /home/username/log, or public_html, Apache won't load. And it doesn't give a useful error most times unless you start investigating. There doesn't seem a way to make Apache handle the situation gracefully, by either skipping over that virtualhost, or perhaps ignoring the error, or something. It just fails to load as is. I've thought of a few workarounds... but i'm sure you guys have had the above experience and already have great solutions, so why re-invent the wheel (the answer is probably so obvious too ;-) ). So, how would you handle the above? Thanks in advance! Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, 05 Jul 2002, Jason Lim wrote: The users that know too much keep on deleting their directories that Apache uses to load up files from. For example, assume the user directory is /home/username/public_html (for the HTML docs), and /home/username/log (for the LOG files). So, how would you handle the above? The user may not remove their document root and the user only has read access to their log directory. Simple as that. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpesenVQDWmn.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
log directory read only Yeap... that can be done easily... chmod a-w log. The user may not remove their document root How do you do that, while allowing them full access to that directory? - Original Message - From: Peter Palfrader [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Friday, July 05, 2002 9:20 AM Subject: Re: Users deleting public_html and log causing Apache to fail startup On Fri, 05 Jul 2002, Jason Lim wrote: The users that know too much keep on deleting their directories that Apache uses to load up files from. For example, assume the user directory is /home/username/public_html (for the HTML docs), and /home/username/log (for the LOG files). So, how would you handle the above? The user may not remove their document root and the user only has read access to their log directory. Simple as that. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, 05 Jul 2002, Jason Lim wrote: log directory read only Yeap... that can be done easily... chmod a-w log. The user may not remove their document root How do you do that, while allowing them full access to that directory? They don't have write access to its parent directory: [EMAIL PROTECTED]:~/test$ mkdir public_html [EMAIL PROTECTED]:~/test$ sudo chown root. . [EMAIL PROTECTED]:~/test$ rmdir public_html rmdir: `public_html': Permission denied [EMAIL PROTECTED]:~/test$ ls -la total 16 drwxrwxr-x3 root root 4096 Jul 5 02:28 ./ drwxr-xr-x 135 weasel weasel 8192 Jul 5 02:28 ../ drwxrwxr-x2 weasel weasel 4096 Jul 5 02:28 public_html/ [ please remove the mail you replied to from the bottom of your messages. Only quoting the necessary parts in the right place. Thanks.] yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpLeU7XeH58l.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
On Thu, 04 Jul 2002, Chris Wagner wrote: On Fri, 05 Jul 2002, Jason Lim wrote: They don't have write access to its parent directory: [EMAIL PROTECTED]:~/test$ mkdir public_html [EMAIL PROTECTED]:~/test$ sudo chown root. . [EMAIL PROTECTED]:~/test$ rmdir public_html rmdir: `public_html': Permission denied [EMAIL PROTECTED]:~/test$ ls -la total 16 drwxrwxr-x3 root root 4096 Jul 5 02:28 ./ drwxr-xr-x 135 weasel weasel 8192 Jul 5 02:28 ../ drwxrwxr-x2 weasel weasel 4096 Jul 5 02:28 public_html/ To go into some details, I have a setup like this: (owned by) (directory) root client1/ root client1/logs/ root client1/site1/ client1 client1/site1/cgi-bin/ client1 client1/site1/htdocs/ root client1/site2/ client1 client1/site2/cgi-bin/ client1 client1/site2/htdocs/ root client1/site3/ client1 client1/site3/cgi-bin/ client1 client1/site3/htdocs/ root client1/site4/ client1 client1/site4/cgi-bin/ client1 client1/site4/htdocs/ root client2 root client2/logs/ root client2/site1/ client2 client2/site1/cgi-bin/ client2 client2/site1/htdocs/ root client2/site2/ client2 client2/site2/cgi-bin/ client2 client2/site2/htdocs/ [..] But won't rmdir . succeed if they are in the public_html directory? rmdirs _below_ client1/site1/cgi-bin/ and client1/site1/htdocs/ would all work. rmdirs of client1/site1/htdocs/, or client1/site1/cgi-bin/ themselves will not work as that requires modifying the parent directory (client1/site1) for which the client has no write priviliges. [that quoting thing goes for you too] yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgp54ATBTY9th.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
But won't rmdir . succeed if they are in the public_html directory? rmdirs _below_ client1/site1/cgi-bin/ and client1/site1/htdocs/ would all work. rmdirs of client1/site1/htdocs/, or client1/site1/cgi-bin/ themselves will not work as that requires modifying the parent directory (client1/site1) for which the client has no write priviliges. -- With that wouldn't the client be unable to mkdir client1/site1/testdir ? Since client1/site1 is owned by root, and only client1/site1/cgi-bin and client1/site1/htdocs are owned by the user, the user could only create directories in those 2 directories, and anywhere else they cannot? If that were true, that wouldn't be an optimal solution, because the clients tend to also want to put stuff in directories not accessable by the web at all. Sometimes, for example, they mkdir client1/site1/creditcarddetails or something like that, so it is outside the htdocs directory, but accessable to them via SSH or FTP or something. I was just thinking about (using your examples) making the htdocs and cgi-bin directories immutable (+i). However, I am not very familiar with using those flags so Im not certain as to what consequences that would have... making it immutable means that the directory won't be able to be deleted, but files CAN be added/deleted within the immutable directory directory, right? - Original Message - From: Peter Palfrader [EMAIL PROTECTED] To: Chris Wagner [EMAIL PROTECTED] Cc: debian-isp@lists.debian.org Sent: Friday, July 05, 2002 11:12 AM Subject: Re: Users deleting public_html and log causing Apache to fail startup -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, Jul 05, 2002 at 11:38:53AM +1000, Jason Lim wrote: But won't rmdir . succeed if they are in the public_html directory? [...] I was just thinking about (using your examples) making the htdocs and cgi-bin directories immutable (+i). However, I am not very familiar with using those flags so Im not certain as to what consequences that would have... making it immutable means that the directory won't be able to be deleted, but files CAN be added/deleted within the immutable directory directory, right? I think the +t sticky bit is what you want. From the chmod man page; STICKY DIRECTORIES When the sticky bit is set on a directory, files in that directory may only be unlinked or renamed by root or their owner. (Without the sticky bit, anyone able to write to the directory can delete or rename files.) ... Given this, I would suggest something like this for an example user abo; minkirri:~$ dl total 2 drwxrws--t4 root abo81 Jul 5 13:13 ./ drwxrwsrwx6 root root 458 Jul 5 13:17 ../ drwxr-s---2 root abo35 Jul 5 13:13 log/ drwxrwsr-x2 root abo35 Jul 5 13:13 public_html/ Note that ~ only allows other execute access. This allows apache to access and serve ~/public_html, but no others can list ~. The +t setting means files in this directory can only be deleted/renamed by their owners. The g+s settings are there to ensure files in these directories are group abo. Note that ~, ~/log, and ~/public_html are root:abo. The group abo has read/write access to ~/public_html, but because abo doesn't own it he can't remove it. The group abo has only read access to ~/log and can't remove it either. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
You can make 3 predefined directories for each customer that they can't delete. One htdocs, logs, and stuff or something, for them to put all the non web accessible stuff in. Another thing you can do is create a wrapper script for the Apache startup that checks for the existence of all the essential directories and creates them if missing. At 11:38 AM 7/5/02 +1000, Jason Lim wrote: Since client1/site1 is owned by root, and only client1/site1/cgi-bin and client1/site1/htdocs are owned by the user, the user could only create directories in those 2 directories, and anywhere else they cannot? If that were true, that wouldn't be an optimal solution, because the clients tend to also want to put stuff in directories not accessable by the web at all. Sometimes, for example, they mkdir client1/site1/creditcarddetails or something like that, so it is outside the htdocs directory, but accessable to them via SSH or FTP or something. -- REMEMBER THE WORLD TRADE CENTER ---= WTC 911 =-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, Jul 05, 2002 at 01:33:55PM +1000, Donovan Baarda wrote: On Fri, Jul 05, 2002 at 11:38:53AM +1000, Jason Lim wrote: [...] Given this, I would suggest something like this for an example user abo; minkirri:~$ dl total 2 drwxrws--t4 root abo81 Jul 5 13:13 ./ drwxrwsrwx6 root root 458 Jul 5 13:17 ../ drwxr-s---2 root abo35 Jul 5 13:13 log/ drwxrwsr-x2 root abo35 Jul 5 13:13 public_html/ Slight refinement, change public_html to; drwxrwsr-t2 root abo35 Jul 5 13:13 public_html/ This allows root to create other directories in public_html like public_html that cannot be deleted by abo. The o+t,g+s combo is a nice one, because it allows group read/write access to the directory's contents, but the person who creates content in it is the only person who can rename/delete it. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, Jul 05, 2002 at 01:42:33PM +1000, Donovan Baarda wrote: On Fri, Jul 05, 2002 at 01:33:55PM +1000, Donovan Baarda wrote: [...] This allows root to create other directories in public_html like public_html that cannot be deleted by abo. The o+t,g+s combo is a nice ^ Ugh, should be public_html/cgi-bin. one, because it allows group read/write access to the directory's contents, but the person who creates content in it is the only person who can rename/delete it. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]