Re: [CentOS] SOLVED: CentOS 7 CUPS: where queue defaults are stored?

[Ian Mortimer]

On Sat, 10 Oct 2015, Valeri Galtsev wrote:


Still: is there more elegant way to replicate CUPS configuration, than
just copy /etc/cups ?


man lpadmin
man lpoptions


---
Ian
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vino-server on Centos 6.7

[Milton Plasencia]

Thanks a lot to Gordon and Mike,

Yes, is correct when i uncheck the ‘Allow” i was connected, 
after googling i find the command gconftool-2 and all is OK.

I want learning about vnc, have you some suggestion where i can find
good material?

Cheers,

M.

> On Oct 9, 2015, at 18:49, Mike - st257  wrote:
> 
> On Fri, Oct 9, 2015 at 12:29 PM, Gordon Messmer  >
> wrote:
> 
>> On 10/08/2015 05:43 PM, Milton Plasencia wrote:
>> 
>>> I uncheck only Allow other users “view” and leave without change
>>> “control” your desktop,
>>> and the screen (active session) remain freeze, close the connection and
>>> now i can not
>>> do a new connection, i remain out.
>>> 
>>> i must wait the next Monday when i back to office or i can do something
>>> through ssh?
>>> 
>> 
>> You can re-enable it over ssh.  As Mike very nearly suggested:
>> $ gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
>> 
> 
> Ah, shucks - I set it to false ... hah!
> Thanks for catching that, Gordon!
> 
> 
>> 
>> You didn't mention, originally, that you're interacting with this desktop
>> over VNC.
>> 
>> I'm not sure why you think the VNC server is using too much memory or CPU
>> time.  You might be able to reduce it with a lightweight desktop like XFCE,
>> or not, depending on what applications you're using.  VNC is not especially
>> lightweight.
>> 
>> ___
>> CentOS mailing list
>> CentOS@centos.org 
>> https://lists.centos.org/mailman/listinfo/centos 
>> 
>> 
> 
> 
> 
> -- 
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org 
> https://lists.centos.org/mailman/listinfo/centos 
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Annoying license at install

[david]

At 08:37 AM 10/9/2015, you wrote:


Op 9-okt.-2015 17:17 schreef david :
>
> Folks
>
> I have several remotely-located servers, donated by folks not all of
> whom are computer geeks, let-alone Linux aware.  In earlier versions
> of Centos, I directed them to perform a minimal NetInstall (not too
> difficult to direct over the phone), and then issue two commands
> after the first boot.  One was a 'curl' to download a script of mine,
> and the second was a dot-command to run it.  A few reboots followed
> in close succession, and I directed them to logon as root, and issue
> a simple dot-command.  The personal intervention ended usually within
> an hour, since I had ssh access to the system and root, and could
> complete the installation and tailoring completely remotely.  I would
> only need their intervention in the case of problems.  In many cases,
> I've not needed to invoke that help for a year or more.
>
> This scheme worked well until I decided to add support of graphical
> desktops on the systems in Centos 7, as I had in Centos 6.  Once
> those packages were installed, further non-intuitive on-site
> intervention was required at next reboot to approve licenses.  Remote
> ssh logins didn't work until that was done.
>
> These licenses needed to be approved on the local console.  This is
> quite annoying and places more demands upon my remote friend.  In
> some cases, the console and keyboard had been removed and the box had
> been placed in the closet.
>
> I am seeking a way to reduce or eliminate this annoyance.  The best
> would be to find some way to 'pre-approve' the license agreement in
> my customizing scripts.  Failing that, it would be nice to be able to
> approve these scripts from a remote ssh logon.  I am reluctant to
> deploy Centos 7 without GUI support (I use x2go sometimes), and am
> thus reluctant to deploy centos 7 at this point.
>
> Advice and comments welcome
>
> David
> San Francisco
>
>

Hello,

is switching to Mate an option for you?

Greetings, j.


Interesting thought.  I'm trying it and will report results on the list.

David 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vino-server on Centos 6.7

[Mike - st257]

On Fri, Oct 9, 2015 at 12:29 PM, Gordon Messmer 
wrote:

> On 10/08/2015 05:43 PM, Milton Plasencia wrote:
>
>> I uncheck only Allow other users “view” and leave without change
>> “control” your desktop,
>> and the screen (active session) remain freeze, close the connection and
>> now i can not
>> do a new connection, i remain out.
>>
>> i must wait the next Monday when i back to office or i can do something
>> through ssh?
>>
>
> You can re-enable it over ssh.  As Mike very nearly suggested:
> $ gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
>

Ah, shucks - I set it to false ... hah!
Thanks for catching that, Gordon!


>
> You didn't mention, originally, that you're interacting with this desktop
> over VNC.
>
> I'm not sure why you think the VNC server is using too much memory or CPU
> time.  You might be able to reduce it with a lightweight desktop like XFCE,
> or not, depending on what applications you're using.  VNC is not especially
> lightweight.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vino-server on Centos 6.7

[Gordon Messmer]

On 10/08/2015 05:43 PM, Milton Plasencia wrote:

I uncheck only Allow other users “view” and leave without change “control” your 
desktop,
and the screen (active session) remain freeze, close the connection and now i 
can not
do a new connection, i remain out.

i must wait the next Monday when i back to office or i can do something through 
ssh?


You can re-enable it over ssh.  As Mike very nearly suggested:
$ gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true

You didn't mention, originally, that you're interacting with this 
desktop over VNC.


I'm not sure why you think the VNC server is using too much memory or 
CPU time.  You might be able to reduce it with a lightweight desktop 
like XFCE, or not, depending on what applications you're using.  VNC is 
not especially lightweight.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Annoying license at install

[Gordon Messmer]

On 10/09/2015 08:46 AM, John Hodrien wrote:

I install with kickstart with:

eula --agreed
firstboot --disable 


Since David has people download and run a script, I'm inclined to 
believe he's not using kickstart.  But he should. :)


Using kickstart, all of those scripts can be run in the "%post" 
post-install section, and the system will be fully configured when it 
boots for the first time.  As John pointed out, the eula and other 
"firstboot" tasks can be disabled in the kickstart configuration.


In the meantime, David should be able to disable the license prompt 
after installing the graphical desktop packages:


# systemctl disable initial-setup-text
# systemctl disable initial-setup-graphical

kickstart reference:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-kickstart-syntax.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] SOLVED: CentOS 7 CUPS: where queue defaults are stored?

[Valeri Galtsev]

Dear All,

Please, ignore me. All settings are indeed in /etc/cups.

Solution in my case was: calm down, go across the hallway and get yourself
coffee, drink it and do something else for 5 min (maybe write "person in
distress" e-mail...). And all will be what is expected after that.

Still: is there more elegant way to replicate CUPS configuration, than
just copy /etc/cups ?

Thnaks.
Valeri

On Fri, October 9, 2015 10:39 am, Valeri Galtsev wrote:
> Dear Experts,
>
> CentOS 7 outsmarted me (again...).
>
> Could someone tell me where cups print queues' default settings are
> stored?
>
> In the past I was doing rather trivial thing: I was setting up prototype
> machine (making kickstart file based on it), then I was configuring all
> printers on prototype machine. After which (with cups daemon stopped) I
> was just packing /etc/cups (and maybe /usr/share/cups/model if extra ppd's
> were added). Then as a post-install I was just moving /etc/cups off the
> way, and unpacking /etc/cups, and all my printer configuration was there
> on newly built machine. Not anymore! After done what is described above I
> indeed have all printers, but queue defaults a weird: "double sided short
> edge" instead of "double sided long edge" as was configured on the
> prototype machine. What is more setting off is: recursive grep of /etc
> does not reveal files containing these settings (OK, OK, I know, I'm
> stupid, I don't know what pattern to grep for, but they are definitely not
> in /etc/cups AFAIK, or at leas not as ASCII...).
>
> Any insight into the system with - *cough* *cough* - binary configuration
> files?
>
> Incidentally, how do _you_ replicate CUPS configuration on CentOS 7 ?
>
> Thanks a lot for your help !
>
> Valeri
>
> 
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Annoying license at install

[John Hodrien]

On Fri, 9 Oct 2015, Johan Vermeulen wrote:


is switching to Mate an option for you?


I'm also not entirely sure which bit is causing you the bother, so I'm not
sure what to advise.

I install with kickstart with:

eula --agreed
firstboot --disable

I create /etc/gdm/custom.conf in %post:

[daemon]
InitialSetupEnable=False

I think that's my lot.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7 CUPS: where queue defaults are stored?

[Valeri Galtsev]

Dear Experts,

CentOS 7 outsmarted me (again...).

Could someone tell me where cups print queues' default settings are stored?

In the past I was doing rather trivial thing: I was setting up prototype
machine (making kickstart file based on it), then I was configuring all
printers on prototype machine. After which (with cups daemon stopped) I
was just packing /etc/cups (and maybe /usr/share/cups/model if extra ppd's
were added). Then as a post-install I was just moving /etc/cups off the
way, and unpacking /etc/cups, and all my printer configuration was there
on newly built machine. Not anymore! After done what is described above I
indeed have all printers, but queue defaults a weird: "double sided short
edge" instead of "double sided long edge" as was configured on the
prototype machine. What is more setting off is: recursive grep of /etc
does not reveal files containing these settings (OK, OK, I know, I'm
stupid, I don't know what pattern to grep for, but they are definitely not
in /etc/cups AFAIK, or at leas not as ASCII...).

Any insight into the system with - *cough* *cough* - binary configuration
files?

Incidentally, how do _you_ replicate CUPS configuration on CentOS 7 ?

Thanks a lot for your help !

Valeri


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Annoying license at install

[Johan Vermeulen]

Op 9-okt.-2015 17:17 schreef david :
>
> Folks 
>
> I have several remotely-located servers, donated by folks not all of 
> whom are computer geeks, let-alone Linux aware.  In earlier versions 
> of Centos, I directed them to perform a minimal NetInstall (not too 
> difficult to direct over the phone), and then issue two commands 
> after the first boot.  One was a 'curl' to download a script of mine, 
> and the second was a dot-command to run it.  A few reboots followed 
> in close succession, and I directed them to logon as root, and issue 
> a simple dot-command.  The personal intervention ended usually within 
> an hour, since I had ssh access to the system and root, and could 
> complete the installation and tailoring completely remotely.  I would 
> only need their intervention in the case of problems.  In many cases, 
> I've not needed to invoke that help for a year or more. 
>
> This scheme worked well until I decided to add support of graphical 
> desktops on the systems in Centos 7, as I had in Centos 6.  Once 
> those packages were installed, further non-intuitive on-site 
> intervention was required at next reboot to approve licenses.  Remote 
> ssh logins didn't work until that was done. 
>
> These licenses needed to be approved on the local console.  This is 
> quite annoying and places more demands upon my remote friend.  In 
> some cases, the console and keyboard had been removed and the box had 
> been placed in the closet. 
>
> I am seeking a way to reduce or eliminate this annoyance.  The best 
> would be to find some way to 'pre-approve' the license agreement in 
> my customizing scripts.  Failing that, it would be nice to be able to 
> approve these scripts from a remote ssh logon.  I am reluctant to 
> deploy Centos 7 without GUI support (I use x2go sometimes), and am 
> thus reluctant to deploy centos 7 at this point. 
>
> Advice and comments welcome 
>
> David 
> San Francisco 
>
>

Hello,

is switching to Mate an option for you?

Greetings, j.
 ___ 
> CentOS mailing list 
> CentOS@centos.org 
> https://lists.centos.org/mailman/listinfo/centos 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Annoying license at install

[david]

Folks

I have several remotely-located servers, donated by folks not all of 
whom are computer geeks, let-alone Linux aware.  In earlier versions 
of Centos, I directed them to perform a minimal NetInstall (not too 
difficult to direct over the phone), and then issue two commands 
after the first boot.  One was a 'curl' to download a script of mine, 
and the second was a dot-command to run it.  A few reboots followed 
in close succession, and I directed them to logon as root, and issue 
a simple dot-command.  The personal intervention ended usually within 
an hour, since I had ssh access to the system and root, and could 
complete the installation and tailoring completely remotely.  I would 
only need their intervention in the case of problems.  In many cases, 
I've not needed to invoke that help for a year or more.


This scheme worked well until I decided to add support of graphical 
desktops on the systems in Centos 7, as I had in Centos 6.  Once 
those packages were installed, further non-intuitive on-site 
intervention was required at next reboot to approve licenses.  Remote 
ssh logins didn't work until that was done.


These licenses needed to be approved on the local console.  This is 
quite annoying and places more demands upon my remote friend.  In 
some cases, the console and keyboard had been removed and the box had 
been placed in the closet.


I am seeking a way to reduce or eliminate this annoyance.  The best 
would be to find some way to 'pre-approve' the license agreement in 
my customizing scripts.  Failing that, it would be nice to be able to 
approve these scripts from a remote ssh logon.  I am reluctant to 
deploy Centos 7 without GUI support (I use x2go sometimes), and am 
thus reluctant to deploy centos 7 at this point.


Advice and comments welcome

David
San Francisco

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] vino-server on Centos 6.7

[Mike - st257]

On Thu, Oct 8, 2015 at 8:43 PM, Milton Plasencia 
wrote:

> I uncheck only Allow other users “view” and leave without change “control”
> your desktop,
> and the screen (active session) remain freeze, close the connection and
> now i can not
> do a new connection, i remain out.
>
> i must wait the next Monday when i back to office or i can do something
> through ssh?
>
> M.
>

Gconftool can be used via SSH.
[ Untested, use at your own risk. ]

gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled false

[0]
http://linuxexplore.com/tips-tricks/configure-remote-desktop-from-command-line/
[1] https://access.redhat.com/solutions/346033
[2] https://projects.gnome.org/gconf/


>
> > On Oct 9, 2015, at 01:42, Gordon Messmer 
> wrote:
> >
> > On 10/08/2015 11:41 AM, Milton Plasencia wrote:
> >> Excuse me, i not find the gnome control panel, where is it? or how to
> call from the command line?
> >
> > System → Preferences → Remote Desktop from the user menu.  Under
> Sharing, uncheck the box labeled Allow other users to view your desktop.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 SSHD chroot SELinux problem

[Mark Tinberg]

> On Oct 9, 2015, at 7:58 AM, James B. Byrne  wrote:
> 
> allow syslogd_t user_home_t:dir write;
> 

The easiest way to fix this would be to use chcon to change the file context of 
the syslog socket in the chroot directory to be like the main /dev/log, and any 
log files and directories to the same type as the main system, instead of the 
user_home_t types that get created by default.

— 
Mark Tinberg, System Administrator
Division of Information Technology - Network Services
University of Wisconsin - Madison
mark.tinb...@wisc.edu

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-6 SSHD chroot SELinux problem

[m . roth]

James,

   I don't have an answer, but you'll note that I replied to both the
CentOS list, and the more appropriate selinux list. Folks like Dan
Walsh are responders there.

   mark

James B. Byrne wrote:
> I run a sshd host solely to allow employees to tunnel secure
> connections to our internal hosts. Some of which do not support
> encrypted protocols.  These connections are chroot'ed via the
> following in /etc/ssh/sshd_config
>
> Match Group !wheel,!xx,y
> AllowTcpForwarding yes
> ChrootDirectory /home/y
> X11Forwarding yes
>
> Where external users belong to group y (primary).
>
> We have a problem with SELinux in that chrooted users cannot tunnel
> https requests unless SELinux is set to permissive (or turned off
> altogether).  This problem does not evidence itself unless the account
> is chrooted.
>
> The output from audit2allow is this:
>
> sudo audit2allow -l -a
>
>
> #= chroot_user_t ==
> allow chroot_user_t cyphesis_port_t:tcp_socket name_connect;
> allow chroot_user_t user_home_t:chr_file open;
>
> #= syslogd_t ==
> # The source type 'syslogd_t' can write to a 'dir' of the
> following types:
> # var_log_t, var_run_t, syslogd_tmp_t, syslogd_var_lib_t,
> syslogd_var_run_t, innd_log_t, device_t, tmp_t, logfile,
> cluster_var_lib_t, cluster_var_run_t, root_t, krb5_host_rcache_t,
> cluster_conf_t, tmp_t
>
> allow syslogd_t user_home_t:dir write;
>
>
> My questions are:
>
> Do SE booleans settings exist that permit chrooted ssh access to
> forward https and log the activity?  If so then what are they?
>
> If not, then have I made a configuration error in sshd_config?  What
> is it?
>
> If not, then is this a defect in the SELinux policy?
>
> If not, then What are the implications of creating a custom policy to
> handle this using the output given above?
>
>
>
> --
> ***  e-Mail is NOT a SECURE channel  ***
> Do NOT transmit sensitive data via e-Mail
> James B. Byrnemailto:byrn...@harte-lyne.ca
> Harte & Lyne Limited  http://www.harte-lyne.ca
> 9 Brockley Drive  vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada  L8E 3C3
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-6 SSHD chroot SELinux problem

[James B. Byrne]

I run a sshd host solely to allow employees to tunnel secure
connections to our internal hosts. Some of which do not support
encrypted protocols.  These connections are chroot'ed via the
following in /etc/ssh/sshd_config

Match Group !wheel,!xx,y
AllowTcpForwarding yes
ChrootDirectory /home/y
X11Forwarding yes

Where external users belong to group y (primary).

We have a problem with SELinux in that chrooted users cannot tunnel
https requests unless SELinux is set to permissive (or turned off
altogether).  This problem does not evidence itself unless the account
is chrooted.

The output from audit2allow is this:

sudo audit2allow -l -a


#= chroot_user_t ==
allow chroot_user_t cyphesis_port_t:tcp_socket name_connect;
allow chroot_user_t user_home_t:chr_file open;

#= syslogd_t ==
# The source type 'syslogd_t' can write to a 'dir' of the
following types:
# var_log_t, var_run_t, syslogd_tmp_t, syslogd_var_lib_t,
syslogd_var_run_t, innd_log_t, device_t, tmp_t, logfile,
cluster_var_lib_t, cluster_var_run_t, root_t, krb5_host_rcache_t,
cluster_conf_t, tmp_t

allow syslogd_t user_home_t:dir write;


My questions are:

Do SE booleans settings exist that permit chrooted ssh access to
forward https and log the activity?  If so then what are they?

If not, then have I made a configuration error in sshd_config?  What
is it?

If not, then is this a defect in the SELinux policy?

If not, then What are the implications of creating a custom policy to
handle this using the output given above?



-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PV AMI for CentOS 7

[Karanbir Singh]

On 23/09/15 19:58, Jo Rhett wrote:
> On Sep 23, 2015, at 9:03 AM, Karanbir Singh  wrote:
>> On 22/09/15 22:37, Jo Rhett wrote:
>>> Is there any chance we could get a PV AMI for CentOS 7 to match the HVM 
>>> version at 
>>> https://aws.amazon.com/marketplace/pp/B00O7WM7QW/ref=srh_res_product_title?ie=UTF8&sr=0-2&qid=1442957668341
>>>
>>> We have prepurchased reserved instances based on older PV machines (m1, c1, 
>>> etc) It would be very very helpful to have a PV AMI so we could migrate to 
>>> CentOS 7 on those image types.
>>>
>>> https://bugs.centos.org/view.php?id=9499 
>>> 
>>>
>>
>> definitely willing to have a go at this, but there hasent been a huge
>> request for the pv ami's; also when we tried this back in the early
>> centos7 days, there were a string of issues.
> 
> 
> Thanks! I’m happy to be a testing ground, will definitely give you good 
> feedback, and can even give you access to a test node if you need one ;)
> 

just done some builds and had some success on PV instances locally, can
you drop me an email at kbsingh_centos.org and we can get you setup and
maybe get some testing / feedback from your instances as well ( I am not
tesing on ec2 itself ).

regards,

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos