[CentOS] CentOS-announce Digest, Vol 119, Issue 8
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2015:0074 Important CentOS 6 jasper Security Update
(Johnny Hughes)
2. CESA-2015:0074 Important CentOS 7 jasper Security Update
(Johnny Hughes)
3. CEBA-2015:0073 CentOS 6 kdebase-workspace BugFix Update
(Johnny Hughes)
--
Message: 1
Date: Thu, 22 Jan 2015 22:28:13 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:0074 Important CentOS 6 jasper
SecurityUpdate
Message-ID: <2015012813.ga10...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2015:0074 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0074.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
02f67d2e5b95c3deac8b8fe531bd0ed1a64b84565c54f6a6a8751bbbca7b6d8f
jasper-1.900.1-16.el6_6.3.i686.rpm
16d4410c882cc8170de29dfe23eb2e157e3c28dbe5171c91adf797d33ea2ffe8
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
867485f066f16b8d4067771a01f6f8c60dda135f27c5a6441b2089d8e9255533
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
a66de49b3222920f133dffba8a0e29ed3088cbb9789e213dff39fa49fc24ee26
jasper-utils-1.900.1-16.el6_6.3.i686.rpm
x86_64:
1c5deb1cb8023125cf8e4e9b925b587b8192add3b2a1067e31cb057b961e795e
jasper-1.900.1-16.el6_6.3.x86_64.rpm
16d4410c882cc8170de29dfe23eb2e157e3c28dbe5171c91adf797d33ea2ffe8
jasper-devel-1.900.1-16.el6_6.3.i686.rpm
03b77c531aa6a9d8faaa3582903a9f8c0925efd1e08acc955e12d95566754bf6
jasper-devel-1.900.1-16.el6_6.3.x86_64.rpm
867485f066f16b8d4067771a01f6f8c60dda135f27c5a6441b2089d8e9255533
jasper-libs-1.900.1-16.el6_6.3.i686.rpm
f97f6af75d7ac6140e4f126e4e34b8e5b2eba7a0c6ed65694cecaaf88100d806
jasper-libs-1.900.1-16.el6_6.3.x86_64.rpm
206e28a1040407e452f65cfcc02db518c5737455c620c2e5ef87703ddfa4559d
jasper-utils-1.900.1-16.el6_6.3.x86_64.rpm
Source:
28ef9fb9cc889fc9f43cd360125de42994829a92c5ede0b3d82dc9e0159f4605
jasper-1.900.1-16.el6_6.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Fri, 23 Jan 2015 15:54:08 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:0074 Important CentOS 7 jasper
SecurityUpdate
Message-ID: <20150123155408.ga37...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2015:0074 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0074.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
5b88566c2ddeadebd75404b5c572a7025b4c89f322a43701bd1db8294685d916
jasper-1.900.1-26.el7_0.3.x86_64.rpm
cb9bc4503d074241ba6fe951f85903084422a23dd65407a7ddd76af60e2bb93b
jasper-devel-1.900.1-26.el7_0.3.i686.rpm
e63daafdff55024ce4f9452433e61eb43c86cbb56b563f20d70545a1bd54afcf
jasper-devel-1.900.1-26.el7_0.3.x86_64.rpm
4b81e3e4c62e0d3693e0967515125e0b2438874a235dfc6f902a49c2be4330df
jasper-libs-1.900.1-26.el7_0.3.i686.rpm
9c513640ff30310e1d970475380243698f0ecaa9471124113b88f6d29fddfa70
jasper-libs-1.900.1-26.el7_0.3.x86_64.rpm
b7e708b3c4e49933f43bcd7c32adfb03d50004c55cf326514d2f5b08daae3ae8
jasper-utils-1.900.1-26.el7_0.3.x86_64.rpm
Source:
ccdfae3a689ce539c3d93553f2818da2e91e66e2ad937620922c6dad2dd7b765
jasper-1.900.1-26.el7_0.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Fri, 23 Jan 2015 20:56:31 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2015:0073 CentOS 6 kdebase-workspace
BugFix Update
Message-ID: <20150123205631.ga43...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2015:0073
Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0073.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8a1356d08f63c605eb6948fa92aca7e36d395939a7e364b655785b88b8d03728
kdebase-workspace-4.3.4-29.el6_6.i686.rpm
274ffb2b84b1da4375a36160252e63fde314530b3118356863159dc88d28972e
kdebase-workspace-akonadi-4.3.4-29.el6_6.i686.rpm
bd5b1ca0e1f6c3e1cf9e1c07b82b974e6a1947934
Re: [CentOS] VLAN issue
Do you need the whole configuration? On the switch end, we have the relevant VLAN (VLAN 48) with the assigned IP address of 192.168.48.101 and the range of ports (Gi1/0/1 - Gi1/0/8) assigned to that VLAN. Seems - and acts - like a legitimate setup and works fine, except for this particular instance. Thanks. Boris. On Fri, Jan 23, 2015 at 8:54 PM, Dennis Jacobfeuerborn < denni...@conversis.de> wrote: > We have lots of servers with a similar setup (i.e. tagged vlans and no > ip on eth0) and this works just fine. > > What is the actual vlan configuration on your switchport? > > Regards, > Dennis > > On 24.01.2015 01:34, Boris Epstein wrote: > > Steve, > > > > Thanks, makes sense. > > > > I just don't see why I have to effectively waste an extra IP address to > get > > my connection established. > > > > Boris. > > > > > > On Fri, Jan 23, 2015 at 7:16 PM, Stephen Harris > wrote: > > > >> On Fri, Jan 23, 2015 at 07:10:57PM -0500, Boris Epstein wrote: > >> > >>> This makes two of us. I've done everything as you have described and it > >>> simply does not work. > >> > >> Are you actually seeing VLAN tagged traffic, or is the cisco switch > >> just providing a normal stream? > >> > >> At work we have hundreds of VLANs, but the servers don't get configured > >> for this; we just configure them as normal; ie eth0. The network > >> infrastructure does the VLAN decoding, the server doesn't have to. > >> > >> Try configuring the machine as if it was a real LAN and forget about > >> the VLAN. > >> > >> If that doesn't work then what does 'tcpdump -i eth0' show you? > >> > >> -- > >> > >> rgds > >> Stephen > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN issue
Hi Boris, Is the switch port mode tagged or untagged. Thanks, Andrew On 24 January 2015 at 13:35, Boris Epstein wrote: > Do you need the whole configuration? On the switch end, we have the > relevant VLAN (VLAN 48) with the assigned IP address of 192.168.48.101 and > the range of ports (Gi1/0/1 - Gi1/0/8) assigned to that VLAN. > > Seems - and acts - like a legitimate setup and works fine, except for this > particular instance. > > Thanks. > > Boris. > > On Fri, Jan 23, 2015 at 8:54 PM, Dennis Jacobfeuerborn < > denni...@conversis.de> wrote: > > > We have lots of servers with a similar setup (i.e. tagged vlans and no > > ip on eth0) and this works just fine. > > > > What is the actual vlan configuration on your switchport? > > > > Regards, > > Dennis > > > > On 24.01.2015 01:34, Boris Epstein wrote: > > > Steve, > > > > > > Thanks, makes sense. > > > > > > I just don't see why I have to effectively waste an extra IP address to > > get > > > my connection established. > > > > > > Boris. > > > > > > > > > On Fri, Jan 23, 2015 at 7:16 PM, Stephen Harris > > wrote: > > > > > >> On Fri, Jan 23, 2015 at 07:10:57PM -0500, Boris Epstein wrote: > > >> > > >>> This makes two of us. I've done everything as you have described and > it > > >>> simply does not work. > > >> > > >> Are you actually seeing VLAN tagged traffic, or is the cisco switch > > >> just providing a normal stream? > > >> > > >> At work we have hundreds of VLANs, but the servers don't get > configured > > >> for this; we just configure them as normal; ie eth0. The network > > >> infrastructure does the VLAN decoding, the server doesn't have to. > > >> > > >> Try configuring the machine as if it was a real LAN and forget about > > >> the VLAN. > > >> > > >> If that doesn't work then what does 'tcpdump -i eth0' show you? > > >> > > >> -- > > >> > > >> rgds > > >> Stephen > > >> ___ > > >> CentOS mailing list > > >> CentOS@centos.org > > >> http://lists.centos.org/mailman/listinfo/centos > > >> > > > ___ > > > CentOS mailing list > > > CentOS@centos.org > > > http://lists.centos.org/mailman/listinfo/centos > > > > > > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN issue
Hi Boris, what I'd like to know is the actual VLAN configuration of the switch port (link-type and tagged and untagged VLANs). When I look at the switchport coniguration here I get (among other things): ... Port link-type: trunk Tagged VLAN ID : 8, 1624 Untagged VLAN ID : 10 ... Here is my suspicion: Your ports have an access link-type with an untagged VLAN ID of 48. That would explain why the moment you configure an IP from that VLAN on eth0 you get connectivity because then the packets the Linux box sends are untagged as the switch would expect them to be. If you only put an address on eth0.48 then the packets get tagged by Linux but if the switch port is not configured to receive the packets for VLAN 48 as tagged then it will simply drop these packets and you will not get connectivity. So getting the actual VLAN config of the switch port would help to determine if the switch actually expects to receive the packets the way you send them from the Linux box. Regards, Dennis So if you On 24.01.2015 13:35, Boris Epstein wrote: > Do you need the whole configuration? On the switch end, we have the > relevant VLAN (VLAN 48) with the assigned IP address of 192.168.48.101 and > the range of ports (Gi1/0/1 - Gi1/0/8) assigned to that VLAN. > > Seems - and acts - like a legitimate setup and works fine, except for this > particular instance. > > Thanks. > > Boris. > > On Fri, Jan 23, 2015 at 8:54 PM, Dennis Jacobfeuerborn < > denni...@conversis.de> wrote: > >> We have lots of servers with a similar setup (i.e. tagged vlans and no >> ip on eth0) and this works just fine. >> >> What is the actual vlan configuration on your switchport? >> >> Regards, >> Dennis >> >> On 24.01.2015 01:34, Boris Epstein wrote: >>> Steve, >>> >>> Thanks, makes sense. >>> >>> I just don't see why I have to effectively waste an extra IP address to >> get >>> my connection established. >>> >>> Boris. >>> >>> >>> On Fri, Jan 23, 2015 at 7:16 PM, Stephen Harris >> wrote: >>> On Fri, Jan 23, 2015 at 07:10:57PM -0500, Boris Epstein wrote: > This makes two of us. I've done everything as you have described and it > simply does not work. Are you actually seeing VLAN tagged traffic, or is the cisco switch just providing a normal stream? At work we have hundreds of VLANs, but the servers don't get configured for this; we just configure them as normal; ie eth0. The network infrastructure does the VLAN decoding, the server doesn't have to. Try configuring the machine as if it was a real LAN and forget about the VLAN. If that doesn't work then what does 'tcpdump -i eth0' show you? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix (I think) problem
I'm getting repeated email (KMail) error messages about one apparently over-large post: -- Received: from helen.gayleard.com (localhost.localdomain [127.0.0.1]) by helen.gayleard.com (Postfix) with ESMTP id E4500294A0 for ; Sat, 24 Jan 2015 14:00:05 + (GMT) Received: (from tim@localhost) by helen.gayleard.com (8.14.4/8.14.4/Submit) id t0OE02Ie006372; Sat, 24 Jan 2015 14:00:02 GMT Date: Sat, 24 Jan 2015 14:00:02 + X-Authentication-Warning: helen.gayleard.com: tim set sender to root using - f From: Cron Daemon To: t...@helen.gayleard.com Subject: Cron /usr/bin/fetchmail -s mail.eircom.net fetchmail: SMTP error: 552 5.3.4 Message size exceeds fixed limit fetchmail: mail from mailer-dae...@helen.gayleard.com bounced to bibliot...@comune.anghiari.ar.it -- I've appended mailbox_size_limit = 2000 to /etc/posfix/main.cf (and re-started postfix) but this does not seem to have done the trick. I get this email by fetchmail, and it goes to dovecot from which I retrieve it on my laptop. So I'm not entirely clear where the problem occurs. I would delete the email if I could find it, but it does not appear to be in my Maildir, or in /var/spool/ . Is there some way I can stop these messages, please? -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
Am 24.01.2015 um 16:10 schrieb Timothy Murphy: I'm getting repeated email (KMail) error messages about one apparently over-large post: -- Received: from helen.gayleard.com (localhost.localdomain [127.0.0.1]) by helen.gayleard.com (Postfix) with ESMTP id E4500294A0 for ; Sat, 24 Jan 2015 14:00:05 + (GMT) Received: (from tim@localhost) by helen.gayleard.com (8.14.4/8.14.4/Submit) id t0OE02Ie006372; Sat, 24 Jan 2015 14:00:02 GMT Date: Sat, 24 Jan 2015 14:00:02 + X-Authentication-Warning: helen.gayleard.com: tim set sender to root using - f That's Sendmail, NOT Postfix! From: Cron Daemon To: t...@helen.gayleard.com Subject: Cron /usr/bin/fetchmail -s mail.eircom.net fetchmail: SMTP error: 552 5.3.4 Message size exceeds fixed limit fetchmail: mail from mailer-dae...@helen.gayleard.com bounced to bibliot...@comune.anghiari.ar.it -- I've appended mailbox_size_limit = 2000 to /etc/posfix/main.cf (and re-started postfix) but this does not seem to have done the trick. main.cf doesn't matter because Sendmail is the MTA acting here. I get this email by fetchmail, and it goes to dovecot from which I retrieve it on my laptop. So I'm not entirely clear where the problem occurs. I would delete the email if I could find it, but it does not appear to be in my Maildir, or in /var/spool/ . Is there some way I can stop these messages, please? See above comments. If you want to run Postfix instead of Sendmail, then run alternatives --config mta and set Postfix to be the active MTA. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
Hey guys, Unless you're using auditd (or a similar service) to watch the file, no. You could probably use the logs and `last` to see who was logged in at the time and make a guess. Also, you can look into shell history files (though that might be cleaned by users). Admin is allowed to do that when investigates incident. One more thing: if "access" constitutes execution of that file, you can use lastcomm (if process accounting is enabled on the system). This only tells you the command name (not its arguments) - so if your file is command and you are interested who executed it and when lastcomm is your friend. Thanks for these suggestions! But one thing that I should have mentioned is that it's not a user logging into the system that's accessing that file. It's actually a php script that's trying to read from it. The script is failing to pull information from the file, and failing. It's trying to access the file as a user account that exists on the system . And we're seeing 'access denied' messages in the apache error logs. An important difference, that I should have mentioned. Sorry about that! So I'm thinking if I can watch the file using auditd, I can see attempts by the user the script runs as in accessing the file? Thanks Tim On Fri, Jan 23, 2015 at 4:23 PM, Valeri Galtsev wrote: > > On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: > > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: > >> Is there any way to find out the last user to access a file on a CentOS > >> 6.5 system? > > > > Unless you're using auditd (or a similar service) to watch the file, > > no. You could probably use the logs and `last` to see who was logged > > in at the time and make a guess. > > > > Also, you can look into shell history files (though that might be cleaned > by users). Admin is allowed to do that when investigates incident. > > One more thing: if "access" constitutes execution of that file, you can > use lastcomm (if process accounting is enabled on the system). This only > tells you the command name (not its arguments) - so if your file is > command and you are interested who executed it and when lastcomm is your > friend. > > Good luck! > > Valeri > > > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Sat, January 24, 2015 11:27 am, Tim Dunphy wrote: > Hey guys, > > Unless you're using auditd (or a similar service) to watch the file, > no. You could probably use the logs and `last` to see who was logged > in at the time and make a guess. > > > > Also, you can look into shell history files (though that might be cleaned > by users). Admin is allowed to do that when investigates incident. > One more thing: if "access" constitutes execution of that file, you can > use lastcomm (if process accounting is enabled on the system). This only > tells you the command name (not its arguments) - so if your file is > command and you are interested who executed it and when lastcomm is your > friend. > > > > Thanks for these suggestions! But one thing that I should have mentioned > is > that it's not a user logging into the system that's accessing that file. > It's actually a php script that's trying to read from it. The script is > failing to pull information from the file, and failing. It's trying to > access the file as a user account that exists on the system . And we're > seeing 'access denied' messages in the apache error logs. If it is php script that runs by web server then the user web server daemon runs as will be the one who needs access. On centos with apache web server it is usually unprivileged user "apache (as apache starts as privileges user root to read certificate secret key, then drops privileges). You need to have file in question be readable as apache. Easy debugging would be: get root shell, then su - apache cat /path/to/file/in/question (assuming it is ASCII text file). One other thing I would try: disable selinux, and see if that lets apache read file, e.g.: setenforce 0 Also: posting relevant "access denied" lines from web server logs may help other to spot something. Valeri > > An important difference, that I should have mentioned. Sorry about that! > So > I'm thinking if I can watch the file using auditd, I can see attempts by > the user the script runs as in accessing the file? > > Thanks > Tim > > On Fri, Jan 23, 2015 at 4:23 PM, Valeri Galtsev > > wrote: > >> >> On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: >> > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: >> >> Is there any way to find out the last user to access a file on a >> CentOS >> >> 6.5 system? >> > >> > Unless you're using auditd (or a similar service) to watch the file, >> > no. You could probably use the logs and `last` to see who was logged >> > in at the time and make a guess. >> > >> >> Also, you can look into shell history files (though that might be >> cleaned >> by users). Admin is allowed to do that when investigates incident. >> >> One more thing: if "access" constitutes execution of that file, you can >> use lastcomm (if process accounting is enabled on the system). This only >> tells you the command name (not its arguments) - so if your file is >> command and you are interested who executed it and when lastcomm is your >> friend. >> >> Good luck! >> >> Valeri >> >> >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
On 01/24/2015 09:10 AM, Timothy Murphy wrote: I'm getting repeated email (KMail) error messages about one apparently over-large post: -- Received: from helen.gayleard.com (localhost.localdomain [127.0.0.1]) by helen.gayleard.com (Postfix) with ESMTP id E4500294A0 for ; Sat, 24 Jan 2015 14:00:05 + (GMT) Received: (from tim@localhost) by helen.gayleard.com (8.14.4/8.14.4/Submit) id t0OE02Ie006372; Sat, 24 Jan 2015 14:00:02 GMT Date: Sat, 24 Jan 2015 14:00:02 + X-Authentication-Warning: helen.gayleard.com: tim set sender to root using - f From: Cron Daemon To: tim at helen.gayleard.com Subject: Cron /usr/bin/fetchmail -s mail.eircom.net fetchmail: SMTP error: 552 5.3.4 Message size exceeds fixed limit fetchmail: mail from MAILER-DAEMON at helen.gayleard.com bounced to biblioteca at comune.anghiari.ar.it -- It looks to me like a cron job on helen.gayleard.com attempting to fetch mail from mail.eircom.net encountered a message larger than the limit set in the local .fetchmailrc file. The oversized message should be at mail.eircom.net in whatever mailbox fetchmail was configured to poll at that server. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
On 01/24/2015 07:10 AM, Timothy Murphy wrote: mailbox_size_limit = 2000 I think you meant message_size_limit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VLAN issue
Andrew and Dennis are spot on. Their conclusions about your server being connected to an access port and not a trunk port would be my conclusion as well. On Sat, Jan 24, 2015 at 9:11 AM, Dennis Jacobfeuerborn < denni...@conversis.de> wrote: > Hi Boris, > what I'd like to know is the actual VLAN configuration of the switch > port (link-type and tagged and untagged VLANs). When I look at the > switchport coniguration here I get (among other things): > > ... > Port link-type: trunk > Tagged VLAN ID : 8, 1624 > Untagged VLAN ID : 10 > ... > > Here is my suspicion: > Your ports have an access link-type with an untagged VLAN ID of 48. That > would explain why the moment you configure an IP from that VLAN on eth0 > you get connectivity because then the packets the Linux box sends are > untagged as the switch would expect them to be. If you only put an > address on eth0.48 then the packets get tagged by Linux but if the > switch port is not configured to receive the packets for VLAN 48 as > tagged then it will simply drop these packets and you will not get > connectivity. > Additionally, the switch should gripe about 802.1q BPDUs. Check the in-memory system log (or syslog server if you have configured that). show logging | i 1Q Example: 1w1d: %SPANTREE-2-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/2 on vlan 100. > > So getting the actual VLAN config of the switch port would help to > determine if the switch actually expects to receive the packets the way > you send them from the Linux box. > > +1 Let's see the config for the switch port your server is connected to. -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
Alexander Dalloz wrote: > Am 24.01.2015 um 16:10 schrieb Timothy Murphy: >> I'm getting repeated email (KMail) error messages >> about one apparently over-large post: >> -- >> Received: from helen.gayleard.com (localhost.localdomain [127.0.0.1]) by >> helen.gayleard.com (Postfix) with ESMTP id E4500294A0 for >> ; Sat, 24 Jan 2015 >> 14:00:05 + (GMT) Received: (from tim@localhost) by helen.gayleard.com >> (8.14.4/8.14.4/Submit) id t0OE02Ie006372; Sat, 24 Jan 2015 14:00:02 GMT >> Date: Sat, 24 Jan 2015 14:00:02 + >> X-Authentication-Warning: helen.gayleard.com: tim set sender to root >> using - f > > That's Sendmail, NOT Postfix! I did wonder. However, see the reference to Postfix above. Also, sendmail is not running on this server: [tim@helen ~]$ sudo service sendmail status sendmail is stopped sm-client is stopped -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
Gordon Messmer wrote: > On 01/24/2015 07:10 AM, Timothy Murphy wrote: >>mailbox_size_limit = 2000 > > I think you meant message_size_limit. Actually, I appended both to /etc/postfix/mail.cf -- mailbox_size_limit = 2000 message_size_limit = 1900 - -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
On Sat, January 24, 2015 6:39 pm, Timothy Murphy wrote: > Gordon Messmer wrote: > >> On 01/24/2015 07:10 AM, Timothy Murphy wrote: >>>mailbox_size_limit = 2000 >> >> I think you meant message_size_limit. > > Actually, I appended both to /etc/postfix/mail.cf > -- > mailbox_size_limit = 2000 > message_size_limit = 1900 > - > You can do mailbox_size_limit = 0 which will mean "unlimited" Just mentioning. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix (I think) problem
On 01/24/2015 04:39 PM, Timothy Murphy wrote: Actually, I appended both to /etc/postfix/mail.cf -- mailbox_size_limit = 2000 message_size_limit = 1900 - I don't know how big your mailbox is, but that seems like kind of a small limit. In particular, I think you'd want it to be substantially larger than a single message. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find out who accessed a file
On Sat, Jan 24, 2015 at 12:32:01PM -0600, Valeri Galtsev wrote: > One other thing I would try: disable selinux, and see if that lets > apache read file, e.g.: > > setenforce 0 Setting SELinux to permissive temporarily is a good start, although it's also helpful to check the audit logs, with: ausearch -m avc -ts today ...to see if SELinux prevented access today. It's quite likely SELinux preventing access, particularly if you're using PHP to read a file that's not in one of the standard WWW paths that the web server is allowed to access. SELinux prevents the web server from reading, writing or executing files outside of a fairly select few locations. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Display configuration for greeter??
With dual monitors, how do I control which monitor will get the greeter display. I would really like to configure the screens as mirrored. Trying to log in when the monitor with the greeter is not visible is very trying. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Display configuration for greeter??
On 01/24/2015 08:57 PM, Robert Nichols wrote: With dual monitors, how do I control which monitor will get the greeter display. I would really like to configure the screens as mirrored. Trying to log in when the monitor with the greeter is not visible is very trying. This is in CentOS 6. Sorry, forgot to say that. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] C5 & C6 : useradd
useradd --help -d, --home-dir HOME_DIR home directory for the new user account -M, do not create user's home directory yet useradd -M -s /sbin/nologin FRED produces in /etc/passwd fred:x:504:504::/home/fred:/sbin/nologin Trying again with useradd -d /dev/null -s /sbin/nologin doris gives a CLI message useradd: warning: the home directory already exists. Not copying any file from skel directory into it. and in /etc/password doris:x:505:505::/dev/null:/sbin/nologin QUESTION What is the 'official' method of creating a user with no home directory and no log-on ability ? Thank you. -- Paul. England, EU. Je suis Charlie. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On 25.01.2015 04:30, Always Learning wrote: > > useradd --help > > -d, --home-dir HOME_DIR home directory for the new user account > -M, do not create user's home directory > yet > useradd -M -s /sbin/nologin FRED > > produces in /etc/passwd > > fred:x:504:504::/home/fred:/sbin/nologin > > Trying again with > > useradd -d /dev/null -s /sbin/nologin doris > > gives a CLI message > > useradd: warning: the home directory already exists. > Not copying any file from skel directory into it. > > and in /etc/password > > doris:x:505:505::/dev/null:/sbin/nologin > > QUESTION > > What is the 'official' method of creating a user with no home directory > and no log-on ability ? Your first invocation seemed to look fine. What result do you expect to get? Every user needs a home directory in /etc/passwd even if it doesn't exist. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On Sun, 2015-01-25 at 04:38 +0100, Dennis Jacobfeuerborn wrote: > On 25.01.2015 04:30, Always Learning wrote: > > > > useradd --help > > > > -d, --home-dir HOME_DIR home directory for the new user account > > -M, do not create user's home directory > > yet > > useradd -M -s /sbin/nologin FRED > > > > produces in /etc/passwd > > > > fred:x:504:504::/home/fred:/sbin/nologin > > > > Trying again with > > > > useradd -d /dev/null -s /sbin/nologin doris > > > > gives a CLI message > > > > useradd: warning: the home directory already exists. > > Not copying any file from skel directory into it. > > > > and in /etc/password > > > > doris:x:505:505::/dev/null:/sbin/nologin > > > > QUESTION > > > > What is the 'official' method of creating a user with no home directory > > and no log-on ability ? > > Your first invocation seemed to look fine. What result do you expect to > get? Every user needs a home directory in /etc/passwd even if it doesn't > exist. Guten Morgen Denis, Aber/But . -M, do not create user's home directory so why do I see in /etc/passwd fred:x:504:504::/home/fred:/sbin/nologin Should the 'correct' entry be:- fred:x:504:504:::/sbin/nologin ? OK, I can use -d /nix but what should -M actually do ? -- Regards, Paul. England, EU. Je suis Charlie. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On Sun, Jan 25, 2015 at 03:43:06AM +, Always Learning wrote: > -M, do not create user's home directory > > so why do I see in /etc/passwd > > fred:x:504:504::/home/fred:/sbin/nologin -M stops it doing a "mkdir" to create the actual directory in the filesystem > Should the 'correct' entry be:- > > fred:x:504:504:::/sbin/nologin ? No; that's invalid. There must be an entry in the home directory field. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On Sat, 2015-01-24 at 22:45 -0500, Stephen Harris wrote: > On Sun, Jan 25, 2015 at 03:43:06AM +, Always Learning wrote: > > Should the 'correct' entry be:- > > > > fred:x:504:504:::/sbin/nologin ? > > No; that's invalid. There must be an entry in the home directory field. Thanks Stephen and Dennis for the helpful explanation. I will use:useradd -d /dev/null -s /sbin/nologin snowman -- Regards, Paul. England, EU. Je suis Charlie. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On Sat, January 24, 2015 9:54 pm, Always Learning wrote: > > On Sat, 2015-01-24 at 22:45 -0500, Stephen Harris wrote: > >> On Sun, Jan 25, 2015 at 03:43:06AM +, Always Learning wrote: > >> > Should the 'correct' entry be:- >> > >> >fred:x:504:504:::/sbin/nologin ? >> >> No; that's invalid. There must be an entry in the home directory field. > > Thanks Stephen and Dennis for the helpful explanation. > > I will use:useradd -d /dev/null -s /sbin/nologin snowman > Interesting. I'm usually putting slightly more effort in creation of such users. I do create them with regular command /usr/sbin/useradd -s /sbin/nologin -c "Whatever user or something" whatever /usr/sbin/usermod -d /var/nonexistent whatever /bin/rm -rf /home/whatever /bin/rm -f /var/spool/mail/whatever (I made sure once /var/whatever does not exist). I wonder, under which circumstances pointing to /dev/null as to such user's home directory is preferable compared to pointing to place that doesn't exist on file system. I don't know where I picked up a habit pointing to nonexistent place as home directory for such user. I do know though why I type the whole path beginning with leading slash for commands I execute as almighty user root ;-) Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 & C6 : useradd
On 25.01.2015 04:54, Always Learning wrote: > > On Sat, 2015-01-24 at 22:45 -0500, Stephen Harris wrote: > >> On Sun, Jan 25, 2015 at 03:43:06AM +, Always Learning wrote: > >>> Should the 'correct' entry be:- >>> >>> fred:x:504:504:::/sbin/nologin ? >> >> No; that's invalid. There must be an entry in the home directory field. > > Thanks Stephen and Dennis for the helpful explanation. > > I will use:useradd -d /dev/null -s /sbin/nologin snowman You can add the -M option too which should get rid of the warning messages (though I have not tested this). Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
