Re: throttle pop3 access
On Wed, 2002-06-26 at 20:16, Tinus Nijmeijers wrote: On Wed, 2002-06-26 at 11:11, Roger Abrahamsson wrote: I'm having the problem that users are checking their mail (pop3) every other minute or so. suddenly blocked.. change password or whatever, and then restore it 5/10 minutes yes. seems more expensive than just letting them carry on though. And you are missing a good Customer Service delivery opportunity that works in both the commercial and non-profit worlds. You report the effect on your services by the configuration on the computer that they use. Inform them it needs to be brought up to date, and then deliver your selected means of getting the client side working properly with your servers. Automate the detection of frequent checkers if you wish but send them email, they do want to get some. Turn it into a positive experience by being proactive using email itself. We have been very successful with a 5 - 10 minute phone call, as a local provider providing the local service edge. We have had some reasonable success with specific instructions via email, but you need to know the software they use and version to do it correctly. For many, I would imagine language would be an issue. It is a one time fix, giving you an opportunity to display both your concern for service and your technical competence. Or be a BOFH. Gerard -- Bowman said: So you put it with the players, they are the one that decide the games. Naturally, the coach has a game plan, and it has to be exercised or executed. But I remember saying the players have to get it on their own. -- Scotty Bowman, coach of the Stanley Cup winning Detroit Red Wings -- The Chronicle-Hearld/The Mail Star, Halifax NS. June 15, 2002. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: throttle pop3 access
On Wed, 2002-06-26 at 20:16, Tinus Nijmeijers wrote: On Wed, 2002-06-26 at 11:11, Roger Abrahamsson wrote: I'm having the problem that users are checking their mail (pop3) every other minute or so. suddenly blocked.. change password or whatever, and then restore it 5/10 minutes yes. seems more expensive than just letting them carry on though. And you are missing a good Customer Service delivery opportunity that works in both the commercial and non-profit worlds. You report the effect on your services by the configuration on the computer that they use. Inform them it needs to be brought up to date, and then deliver your selected means of getting the client side working properly with your servers. Automate the detection of frequent checkers if you wish but send them email, they do want to get some. Turn it into a positive experience by being proactive using email itself. We have been very successful with a 5 - 10 minute phone call, as a local provider providing the local service edge. We have had some reasonable success with specific instructions via email, but you need to know the software they use and version to do it correctly. For many, I would imagine language would be an issue. It is a one time fix, giving you an opportunity to display both your concern for service and your technical competence. Or be a BOFH. Gerard -- Bowman said: So you put it with the players, they are the one that decide the games. Naturally, the coach has a game plan, and it has to be exercised or executed. But I remember saying the players have to get it on their own. -- Scotty Bowman, coach of the Stanley Cup winning Detroit Red Wings -- The Chronicle-Hearld/The Mail Star, Halifax NS. June 15, 2002. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Analog ( + Report Magic)
On Sun, 2002-06-16 at 07:37, Martin WHEELER wrote: On Sun, 16 Jun 2002, SZALAY Attila wrote: The ownership and the restrictions are not what analog expects. If you run analog through a cgi script @ http, then the logfiles MUST have chmod 644 with any ownership, or have a 640 with at least chgrp www-data. OK. Leaving ownership.group at root.adm, and chmodding all files to 644 gives me readable output. But how do I guarantee that all future log files will be generated 644? (Alternatively, in group www-data.) Currently, they're being generated 640. Any clues gratefully appreciated. Apache's logs are root.adm 540. 540??? Sorry -- brain-fart. Meant 640. The permissions are set by logrotate. According to the Apache's changelog.Debian.gz, the switch from savelog happened December 2001. You would control the log file permissions and ownerships by editing /etc/logrotate.d/apache -- We just need to figure out which pieces to apply in various combinations to optimally meet the needs of our different user communities. -- Bdale Garbee, Debian Project Leader http://www.debian.org/vote/2002/platforms/bdale -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Analog ( + Report Magic)
On Sun, 2002-06-16 at 07:37, Martin WHEELER wrote: On Sun, 16 Jun 2002, SZALAY Attila wrote: The ownership and the restrictions are not what analog expects. If you run analog through a cgi script @ http, then the logfiles MUST have chmod 644 with any ownership, or have a 640 with at least chgrp www-data. OK. Leaving ownership.group at root.adm, and chmodding all files to 644 gives me readable output. But how do I guarantee that all future log files will be generated 644? (Alternatively, in group www-data.) Currently, they're being generated 640. Any clues gratefully appreciated. Apache's logs are root.adm 540. 540??? Sorry -- brain-fart. Meant 640. The permissions are set by logrotate. According to the Apache's changelog.Debian.gz, the switch from savelog happened December 2001. You would control the log file permissions and ownerships by editing /etc/logrotate.d/apache -- We just need to figure out which pieces to apply in various combinations to optimally meet the needs of our different user communities. -- Bdale Garbee, Debian Project Leader http://www.debian.org/vote/2002/platforms/bdale -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webmail
On Sun, 2002-06-16 at 18:09, Russell Coker wrote: What's a good webmail system to use? There are several in Debian, I've had experience with IMP, but that experience has been mostly painful. Upgrading it is always difficult, and the packages insist on Postgresql even though it's not needed at all unless you have a cluster. How do the other webmail systems compare? Calendaring support which integrates with Outlook would be a bonus, but apart from that I just need basic functionality. I have tried most Debianized Webmail package combinations. For only email and throwing in calendaring support, you are describing the sqwebmail with courier-pcp (Personal Calendaring Protocol). The sqlwebmail package actually has the documentation for PCP. It is a logical extension to also use the courier-imap and pop servers which will also require the courier-authdaemon package. OTOH, that gives you a basketful of authentication mechanisms. Disclaimer: I have not used courier-pcp (yet) and have not had the courier packages under load. However, all courier packages install cleanly (woody), are relatively easy to configure, and of course, use the Maildir storage format. The calendar goes in there as well. The IMAP/POP combination was the only combined solution I found without some sort of conflict or complexity. Still prefer Postfix as the mail server. My testing phase is complete, deployment awaits time and energy. And I certainly have do not have the potential user base on a scale that you have reported to this list on earlier occasions. -- We just need to figure out which pieces to apply in various combinations to optimally meet the needs of our different user communities. -- Bdale Garbee, Debian Project Leader http://www.debian.org/vote/2002/platforms/bdale -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: multiple mysql daemons in process
On Tue, 2002-04-23 at 06:46, Ulf Rompe wrote: Patrick Hsieh [EMAIL PROTECTED] writes: I have 38 mysqld processes running in one single machine, is it normal? It depends. on the number of persistent connections, mostly. Otherwise, the child process retires. mysqladmin processlist will tell you what is going on. CPU states: 3.2% user, 4.3% system, 0.0% nice, 92.5% idle Mem:900464K total, 840808K used,59656K free, 277532K buffers Swap: 498004K total, 327808K used, 170196K free, 221132K cached I'd be concerned with the amount of swap in use. Something was looking for a lot of RAM at some time. I'd look for things like a bunch of Apache threads with open connections to a large table and hanging on for longer than I would like. Then adjust the appropriate parameters, probably some in the MySQL config and some in Apache. If not Apache, the mysqladmin command above will tell you what is using all those processes. Gerard -- We just need to figure out which pieces to apply in various combinations to optimally meet the needs of our different user communities. -- Bdale Garbee, New Debian Project Leader http://www.debian.org/vote/2002/platforms/bdale -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache with htpasswd without htaccess
On Thu, 2002-02-07 at 19:39, Rudi wrote: Hi Piotr, Sorry my reply wasn't exact either. I should read you email more closely - sorry. Looks like you may need a web scripting language like php, coldfuison, perl etc, etc. You may want to use webmin. -- Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache with htpasswd without htaccess
On Thu, 2002-02-07 at 19:39, Rudi wrote: Hi Piotr, Sorry my reply wasn't exact either. I should read you email more closely - sorry. Looks like you may need a web scripting language like php, coldfuison, perl etc, etc. You may want to use webmin. -- Gerard MacNeil System Administrator
Re: Apache bandwidth limitation
On Fri, 13 Jul 2001 12:30:46 +0200 (CEST), Przemyslaw Wegrzyn [EMAIL PROTECTED] wrote: On Fri, 13 Jul 2001, ARAKI Yasuhiro wrote: Florian, I suggest you to check mod_throttle(http://www.snert.com/Software/mod_throttle/) or mod_bandwidth(http://www.cohprog.com). Both modules has not been debianized yet. Huh ? They are in apache packages ! They are in woody/sid, not potato, iirc. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Email Hosting, IMAP and LDAP - advise needed
On 11 Jul 2001 16:48:00 +0200, Ramin Motakef [EMAIL PROTECTED] wrote: The next question: How do people organize the LDAP tree? I´ ve searched around the Internet, found lot of infos on LDAP, but not a concrete example of LDAP driven email solution. So, if you have links, or like to share your setup, please respond. Check this list's archives. It was discussed quite extensively a while back. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Email Hosting, IMAP and LDAP - advise needed
On 11 Jul 2001 16:48:00 +0200, Ramin Motakef [EMAIL PROTECTED] wrote: The next question: How do people organize the LDAP tree? I´ ve searched around the Internet, found lot of infos on LDAP, but not a concrete example of LDAP driven email solution. So, if you have links, or like to share your setup, please respond. Check this list's archives. It was discussed quite extensively a while back. Gerard MacNeil System Administrator
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 15:59:34 -0400, Jeff S Wheeler [EMAIL PROTECTED] wrote: I have been reading this thread and noticed no one has suggested the MAC address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 15:59:34 -0400, Jeff S Wheeler [EMAIL PROTECTED] wrote: I have been reading this thread and noticed no one has suggested the MAC address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 14:30:33 +0300, [EMAIL PROTECTED] (Sami Haahtinen) wrote: On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote: Besides, the bad guys may choose not to use DHCP - this is entirely up to the config on the client machines. but if you make dynamic firewall rules based on the leases file, blocking all outside traffic, it would be efficient enough. Yes, do routing by host /32 rather than network /24. Or you can subnet depending on your hardware configuration. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 14:30:33 +0300, [EMAIL PROTECTED] (Sami Haahtinen) wrote: On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote: Besides, the bad guys may choose not to use DHCP - this is entirely up to the config on the client machines. but if you make dynamic firewall rules based on the leases file, blocking all outside traffic, it would be efficient enough. Yes, do routing by host /32 rather than network /24. Or you can subnet depending on your hardware configuration. Gerard MacNeil System Administrator
Re: system mirror
On Thu, 26 Apr 2001 17:37:56 +0200, Marek L. Kozak [EMAIL PROTECTED] wrote: Hello, I please advice me and answer to these questions: 1. what kind of software will be suitable to mirror the system running Apache + PHP + SQL database + MTA with virtual domains. rsync with ssh, you can sync either way, only update what you need to. Get it all set up properly, then run a cron to sync, check your cron logs regularly. 2. what kind of connection is needed for systems with say 1000 accounts if mirror would have to be on other networks (different ISP's) You could get away with a dialup connection ... put that in the cron as well :-) It would really depend on how active your accounts are. Check the files that you would be updating every day for at least a week. Find out which ones change (aide can help there), do some calculations and figure out what your data traffic will be and what time constraints you are under. Then shop for the bandwidth that will do the job with some numbers that count. -- Gerard MacNeil System Administrator
Online Translation Services
On Thu, 26 Apr 2001 11:30:04 -0700, Mike Fedyk [EMAIL PROTECTED] wrote: Run this through the altavista translator Anyone have an url? One for the archive: AltaVista - World / Translate - http://babelfish.altavista.com/translate.dyn PROMT's Online Translator - http://www.translate.ru Free Translation - http://www.freetranslation.com/ Thanks for the new one. -- Gerard MacNeil System Administrator
Re: logcheck
On Thu, 21 Sep 2000, [EMAIL PROTECTED] wrote: Hey Russel and Group, Thanks for the continuing discussion. Nobody suing to root is not non-threatening! Ideally you would have a group wheel or root required for su to root to prevent this. Currently I haven't as I haven't got the PAM setup for it going yet. PAM is acronym for 'password authentication mode' ? I know that BSD uses a wheel group that needs to be enacted before a su can happen. What means are you considering doing this? PAM has support for it using pam_wheel.so Also, would something be running from cron that does this every morning at 6:23 AM? As user nobody su'ing to root, it sounds like cron bulding the slocate database. Anyone know how I can investigate furthur? Look in /etc/crontab, /etc/cron.daily, /etc/cron.d -- --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logcheck
On Thu, 21 Sep 2000, [EMAIL PROTECTED] wrote: Hey Russel and Group, Thanks for the continuing discussion. Nobody suing to root is not non-threatening! Ideally you would have a group wheel or root required for su to root to prevent this. Currently I haven't as I haven't got the PAM setup for it going yet. PAM is acronym for 'password authentication mode' ? I know that BSD uses a wheel group that needs to be enacted before a su can happen. What means are you considering doing this? PAM has support for it using pam_wheel.so Also, would something be running from cron that does this every morning at 6:23 AM? As user nobody su'ing to root, it sounds like cron bulding the slocate database. Anyone know how I can investigate furthur? Look in /etc/crontab, /etc/cron.daily, /etc/cron.d -- --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: cron perl script won't sendmail
On Sun, 27 Aug 2000, Security wrote: crond likes full pathnames is my first thought. Thats likely why it works from the command line and not crond. Tom Any ideas why the following won't actually send email when run from cron: #!/usr/bin/perl # open(SENDMAIL,"|sendmail $recipient"); crond runs with the compiled-in default PATH of the shell, usually PATH=/bin:/usr/bin "sendmail" is elsewhere. Using full pathnames to programs is a common solution. The alternative is to explicitly set a PATH in the script. ------- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cron perl script won't sendmail
On Sun, 27 Aug 2000, Security wrote: crond likes full pathnames is my first thought. Thats likely why it works from the command line and not crond. Tom Any ideas why the following won't actually send email when run from cron: #!/usr/bin/perl # open(SENDMAIL,|sendmail $recipient); crond runs with the compiled-in default PATH of the shell, usually PATH=/bin:/usr/bin sendmail is elsewhere. Using full pathnames to programs is a common solution. The alternative is to explicitly set a PATH in the script. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: IP addresses
On Sat, 19 Aug 2000, Andrius Kasparavicius wrote: hello, maybe somewhere is information about how many IP addresses is used as network and broadcast address today? How many addresses is unused yet? When has been created IPv4? http://www.nua.ie/surveys/ would be a good place to start looking. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: fiber
On Tue, 25 Jul 100, Allen Ahoffman wrote: Can someone comment here on reasons to use fiber for network cable now instead of old style standard cat5 cable? I see lots of fiber equipment out there but 100mbps is 100mbps right? Is fiber economical when you get into over 100mbps situations? thanks. I have read that you must ensure that the wires in the cat5 must be twisted all the way to the termination points to ensure reliabilty. You are dependent on the manufacturing quality of the wire. In many environments, the wires themselves are subjected to hazards, increasing risk. I would expect that fiber (I know nothing about ... would like to know) lowers this risk. Capacity for the future would also be an issue. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: FW: Some problem????...
On Thu, 20 Jul 2000, Jerzy Miszczyk wrote: Hi there... I try to connect with illegal 192.168.10.x (Net2) network to a legal 196.25.147.x (Net1) network with an analog leased line and PPP: | | | | | | A---PPP---B | | Net1 Net2 I configured A-PPP with address 192.168.11.1 and B-PPP with address 192.168.11.2. Machine A runs masquerading for 192.168.11.0 network. Machine B talks to internet without any problems but the rest of the Net2 does not The rest of the computers on Net2 should set 192.168.11.2 as their default gateway and have addresses in the 192.168.11.xxx range. They will route everything to B which sends it to A. You need to have the appropriate kernel features enabled on both A and B. If you want the computers on Net2 to have servers that answer on the 'net, you have to enable ip-port-forwarding on A and use NAT to translate the addresses in that direction. ipchains is your friend. 192.168.xx.xx can be called Internet non-routable quite safely. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
RE: Virtual Domain Solution
On Sat, 8 Jul 2000, Mike Bennett wrote: - The small ones do it all manually. This is a nightmare as numbers grow. Something like I did, a little script here and there, various things configured such that it is easier to copy and paste than work out the programming logic, with hard coded IP Addresses, Modem Identifiers Accounting Info/etc. all over the place in our own mix of applications. "Add a new domain and virtual web server". The software could handle that. They don't necessarily need to know that this task involves manipulating DNS zone files and adding a virtual host entry to a web server. The software should handle those real things. On Fri, 7 Jul 2000 [EMAIL PROTECTED] wrote: That's really not too hard. Tedious yes because there are endless things to do. And we've been at it seven years. Our system is build around mysql and an ncurses interface. It's really just selecting account records and passing arguments to perl scripts. The front office can register domains, add users, change passwords, install mailmaps and so forth. Trust me, they are not technical. :^) I've followed the same approach using a Web Page interface. The Admin guys are really just making MySQL database entries. System programs (those scripts :-) read the data and do the dirty work. Some programs are run through cron ... or I get an email request. Log what gets done when. I can share with you our huge mistake: we started with account=unix userid. Don't do that! Now we have master accounts that have secondary accounts; those may have any number of services attached. 100% solid advise. Have your system generate a unique ID for a new account to use as a primary DB key and tie all your account records to it. Permanently retire the ID when the account laspses. Let your accounting people worry about whether or not accounts are paid and you worry about keeping the service records in sync with the accounting ones. ------- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Virtual Domain Solution
On Sat, 8 Jul 2000, Mike Bennett wrote: - The small ones do it all manually. This is a nightmare as numbers grow. Something like I did, a little script here and there, various things configured such that it is easier to copy and paste than work out the programming logic, with hard coded IP Addresses, Modem Identifiers Accounting Info/etc. all over the place in our own mix of applications. Add a new domain and virtual web server. The software could handle that. They don't necessarily need to know that this task involves manipulating DNS zone files and adding a virtual host entry to a web server. The software should handle those real things. On Fri, 7 Jul 2000 [EMAIL PROTECTED] wrote: That's really not too hard. Tedious yes because there are endless things to do. And we've been at it seven years. Our system is build around mysql and an ncurses interface. It's really just selecting account records and passing arguments to perl scripts. The front office can register domains, add users, change passwords, install mailmaps and so forth. Trust me, they are not technical. :^) I've followed the same approach using a Web Page interface. The Admin guys are really just making MySQL database entries. System programs (those scripts :-) read the data and do the dirty work. Some programs are run through cron ... or I get an email request. Log what gets done when. I can share with you our huge mistake: we started with account=unix userid. Don't do that! Now we have master accounts that have secondary accounts; those may have any number of services attached. 100% solid advise. Have your system generate a unique ID for a new account to use as a primary DB key and tie all your account records to it. Permanently retire the ID when the account laspses. Let your accounting people worry about whether or not accounts are paid and you worry about keeping the service records in sync with the accounting ones. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: named help please
On Sun, 25 Jun 2000, Bill wrote: I am continually getting the following message, named[479]: XSTATS 961857757 961854157 RR=561 RNXD=68 RFwdR=397 RDupR=12 RFail=23 RFErr=0 RErr=0 RAXFR=0 RLame=7 ROpts=0 SSysQ=108 SAns=3050 SFwdQ=409 SDupQ=82 SErr=0 RQ=3501 RIQ=0 RFwdQ=0 RDupQ=30 RTCP=24 SFwdR=397 SFail=0 SFErr=0 SNaAns=837 SNXD=194 It's a statistical report generated when named flushes it's cache. Is this something to worry about, No, unless the *Err numbers concern you. if so can someone please tell me how to remedy? Run: apt-get install bind-doc You could do some service delivery analysis with the numbers. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: secret data for php pages
On Wed, 7 Jun 2000, Robert Varga wrote: On Wed, 7 Jun 2000, Fraser Campbell wrote: Robert Varga wrote: What I need is a way to provide separate mysql databases to all virtualhosts and webserver users, without a possibility for them to access each other's databases. Create a unique database for each site. Grant access to it from localhost (and others if necessary) to a unique user. The problem is that anyone who can put up a php page can download every php page _source_ there is on the webserver (see my initial post). Therefore the password is retrievable this way. I set a global variables in /etc/php3/apache/php3.ini safe_mode = on auto_prepend_file = www-data.php3 ; www-data owned empty file for ; security The empty www-data.php3 is owned by 'www-data'. All *.php3 files served must be owned by www-data to be served unless I override the prepend in the Apache *.conf files. This config prevents just anybody putting up a *.php3 file and having it do anything. In /etc/apache/*.conf, I put values for php3_include_path PATH php3_auto_prepend_fileFILE in appropriate Directory, Location and VirtualHost directive sections. PHP4 has a different format php_value include_path PATH php_value auto_prepend_file FILE MySql permissions can control who can acccess what database for users logged in. Via the Web, the URL will determine which file is prepended, setting the web based authentication. The auto_prepend_file's should be located in a non-servable directory as it will contains the passwords you assign. Also, have a look at the 'phplib' deb package for ideas. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: Logging a POP3 session
On Wed, 17 May 2000, Chris Wagner wrote: CuCiPOP tells you how many messages were downloaded by default. :) With Qpopper, you need to use the '-s' command line switch to log statistics at the daemon.notice level. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: Debian vs Red Hat??? I need info.
Previously Chip Salzenberg wrote: Actually, from what I've been told, rpm has at least one serious technical flaw: The order of execution for pre-install and post-install scripts is nonsensical for upgrades. On Thu, 18 May 2000, Wichert Akkerman wrote: I wouldn't call it nonsensical, but the way dpkg does it is definitely more robust. I need to take another close look at how rpm and dpkg differ in this respect anyway, so if people are interested in the little details I might be willing to write a little comparison about it.. On Thu, 18 May 2000, Stephen A. Witt wrote: I, for one, would be very interested in this comparison. Like many others, installed Slackware as my first Linux installation. I went looking for something better and found Debian. The package management has consistently improved over the years. I have only one RedHat installation, and studied the various package management tools they had available. The focus of the tools appeared to assume that you had a full distribution available locally. With 'kickstart', that perspective would be consistent the requirement to deploy file and print servers on a LAN. For updating, I used 'rpmfind' like I would 'apt-get' ... but found no equivilent to 'dselect'. Dpkg/Apt is stiving to be able to update a running system on the fly. It routinely provides me a list of both new and updated packages. Most security fixes are in before I get email from the redhat-security mailing list. I recently completed an upgrade from a slink (2.0.34 kernel) to potato (2.2.14) with minor trouble ... that I could have avoided if I was more skillful. What I like most about Debian Package distribution is the classifications of main, non-free, contrib and non-US. It tells me something very important about the software I am using. It represents to me a practical implementation of the goals of the Software in the Public Interest. This organization extends and expands on the objectives of the Free Software Foundation, makes it possible for our small business to exist and is, for me, the Open Source guarantee. For pre/post install questions, I am most interested in how closely any given installed package adheres to the Filesystem Hierarchy Standard (FHS). Portability between packaging systems as defined by support for the FHS would appear to be a valid evaluation criteria. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: it's safe to run a web hosting server with the unstable distributions ?
On Mon, 10 Apr 2000, John Haggerty wrote: Is there a good example of something in debian breaking a general script/program server side? In the past, the upgrade of libmysqlclient.so.6 caused grief for most packages that version-depended on libmysqlclient.so.4. Having a non-production computer that gets upgraded first (personal discipline) lets you avoid some bad timing upgrades. I use my own box for that. With Debian, besides the stable and unstable distros, there is also frozen ... the soon-to-be-stable (AKA potato) that has been in code freeze since Jan 16. Usually (I've been through a couple), by the time it is frozen for a while the most significant problems have been eliminated. It seems to me that most of the time the dist is in frozen, the maintainers are concentrating on ensuring all the package inter-dependencies are resolved ... and slipping in bugfixes from upstream maintainers. If I was to do a new distribution install today, I would go with frozen. It has the 2.2.x kernel, the recent glibc and some configuration stuff which will ease future maintenance. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
Re: logging of pop connections
On Mon, 6 Mar 2000, t s a d i wrote: hello, this line's from my /var/log/daemon.log Mar 7 12:00:52 bangus in.qpopper[994]: connect from 208.232.225.113 i tried reading 'man syslog' but i cant clearly understand it yet. can someone help me on what should i do so that i will know what was the username of that someone who connectec to the pop3 service ? It indicates a POP connection from that address. If you did not get anything else in the log file, then the user was authenticated by your server and you should have nothing to worry about. It does not tell you whether any mail was fetched. To find out who (and how often), you need to tell qpopper to log statistics. From 'man qpopper': The -s flag turns on statistics logging using syslog(8) At the end of each popper session, the following informa tion is logged: username, number of messages deleted, num ber of bytes deleted, number of message left on server, number of bytes left on server. --- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca