Re: [CentOS] vfstp and renaiming of files with ftp client
Am 13.07.17 um 17:10 schrieb Tris Hoar: > On 13/07/2017 14:38, Götz Reinicke - IT Koordinator wrote: >> Am 13.07.17 um 14:46 schrieb Pete Biggs: I have a vsftp server and two users for up and download. If user Alice uploads a file, the owner is set to Alice as expected "-rw-r--r-- alice ftpuploadgroup" Now Bob can login to the same folder and is able to rename the uploaded file. Bob can also rename an uploaded folder, but can't rename a file in that folder I'm confused, as I don't get why this is possible at all. >>> What are the permissions and ownership on the directory the uploads go >>> in? If its group is 'ftpuploadgroup' and has group write permissions >>> than any member of that group can rename files in that directory. If a >>> user creates a directory, then that will have rwxr-xr-x permissions so >>> they won't be able to rename files within that directory. >> >> The permissions for the upload folder are drwx-wx--- and the owner is >> Bob group is ftpuploadgroup >> >> Alice is member of that group, but should only drop files in. >> >> The files are ownd by Alice, and I'm bit iritated, taht Bob can rename >> tham ... as Bob only has read permision (from the group) >> >> The files in a subfolder have the same permissions and Bob cant change >> tham... >> >> >> Thanks for your feedback . /G >> >> > > He does not have read only permission from the group. He is the folder > owner and so can change things within that folder. You need to change > the folder to something other than Bob. > The sub dir does not have the same permissions. Alice is the owner. > > What is the end goal you want. E.g. Bob and Alice and can upload, Bob > can read files both he and Alice upload but Alice can only read her > files. Perhaps we can suggest permissions that would do what you want? Thanks Tris, thanks Peter, the goal is, that the FTP server is a Dropbox for Alice, so she can upload files and folders and is not able to see the uploaded files (drwx-wx--- for the main older). Bob should be able to rename the files and folders by ftp. (and of course be able to download them.) If this is not possible with the standad permissions, I'm fine, in the past Users did not try to upload folders and others did not rename ...Than we look for an other workflow. But hey, may be you have an idea on a god permission set. Regards . Götz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix fails after reboot
I am running CentOS 7 as an outbound gateway using Postfix, OpenDKIM, and SASLAuthd. The trouble is Postfix fails if OpenDKIM and SASLAuthd aren’t already running and I have to manually restart these services in order. My question is, should I modify my After line in the “[Unit]” section of my postfix.service file to read “After=syslog.target network.target opendkim.service saslauthd.service” or is there a better way to accomplish this? --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] New upstream URLs for CentOS update announcements
On 07/13/2017 02:31 PM, Leonard den Ottolander wrote: > Hi, > > On Wed, 2017-07-05 at 13:25 -0500, Johnny Hughes wrote: >> We are changing the URLs for new CentOS updates from the current link >> types (example): >> >> https://rhn.redhat.com/errata/RHSA-2017-1679.html >> >> to these type of links instead (example): >> >> https://access.redhat.com/errata/RHSA-2017:1679 > > First updates after this announcement did use the new url format, but > this has not been the case with the updates that were announced > yesterday. Perhaps some administrative issue that still needs to be > fixed? Yeah .. I did not shift the new script to default. It has been done now, so the new updates with have the new links. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] New upstream URLs for CentOS update announcements
Hi, On Wed, 2017-07-05 at 13:25 -0500, Johnny Hughes wrote: > We are changing the URLs for new CentOS updates from the current link > types (example): > > https://rhn.redhat.com/errata/RHSA-2017-1679.html > > to these type of links instead (example): > > https://access.redhat.com/errata/RHSA-2017:1679 First updates after this announcement did use the new url format, but this has not been the case with the updates that were announced yesterday. Perhaps some administrative issue that still needs to be fixed? Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vfstp and renaiming of files with ftp client
> > The permissions for the upload folder are drwx-wx--- and the owner is > Bob group is ftpuploadgroup > > Alice is member of that group, but should only drop files in. > > The files are ownd by Alice, and I'm bit iritated, taht Bob can rename > tham ... as Bob only has read permision (from the group) A directory is just a special file which holds information on other files (such as names and the inodes those names point to). As such in order to rename a file you need write permission to the directory special file (i.e. '.') - the ownership and permissions of the file in question are not involved in renaming. > > The files in a subfolder have the same permissions and Bob cant change > tham... > Because Bob does not have write permission to the directory. As someone else said, tell us what your aim is and we can try and tell you what file/directory permissions need to be applied. It may be that what you are trying to do is not possible within the standard Unix permissions, but some filesystems have extended ACLs which could help. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vfstp and renaiming of files with ftp client
On 13/07/2017 14:38, Götz Reinicke - IT Koordinator wrote: Am 13.07.17 um 14:46 schrieb Pete Biggs: I have a vsftp server and two users for up and download. If user Alice uploads a file, the owner is set to Alice as expected "-rw-r--r-- alice ftpuploadgroup" Now Bob can login to the same folder and is able to rename the uploaded file. Bob can also rename an uploaded folder, but can't rename a file in that folder I'm confused, as I don't get why this is possible at all. What are the permissions and ownership on the directory the uploads go in? If its group is 'ftpuploadgroup' and has group write permissions than any member of that group can rename files in that directory. If a user creates a directory, then that will have rwxr-xr-x permissions so they won't be able to rename files within that directory. The permissions for the upload folder are drwx-wx--- and the owner is Bob group is ftpuploadgroup Alice is member of that group, but should only drop files in. The files are ownd by Alice, and I'm bit iritated, taht Bob can rename tham ... as Bob only has read permision (from the group) The files in a subfolder have the same permissions and Bob cant change tham... Thanks for your feedback . /G He does not have read only permission from the group. He is the folder owner and so can change things within that folder. You need to change the folder to something other than Bob. The sub dir does not have the same permissions. Alice is the owner. What is the end goal you want. E.g. Bob and Alice and can upload, Bob can read files both he and Alice upload but Alice can only read her files. Perhaps we can suggest permissions that would do what you want? Regards, Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vfstp and renaiming of files with ftp client
Am 13.07.17 um 14:46 schrieb Pete Biggs: >> I have a vsftp server and two users for up and download. >> >> If user Alice uploads a file, the owner is set to Alice as expected >> "-rw-r--r-- alice ftpuploadgroup" >> >> Now Bob can login to the same folder and is able to rename the uploaded >> file. >> >> Bob can also rename an uploaded folder, but can't rename a file in that >> folder >> >> I'm confused, as I don't get why this is possible at all. >> > What are the permissions and ownership on the directory the uploads go > in? If its group is 'ftpuploadgroup' and has group write permissions > than any member of that group can rename files in that directory. If a > user creates a directory, then that will have rwxr-xr-x permissions so > they won't be able to rename files within that directory. The permissions for the upload folder are drwx-wx--- and the owner is Bob group is ftpuploadgroup Alice is member of that group, but should only drop files in. The files are ownd by Alice, and I'm bit iritated, taht Bob can rename tham ... as Bob only has read permision (from the group) The files in a subfolder have the same permissions and Bob cant change tham... Thanks for your feedback . /G ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vfstp and renaiming of files with ftp client
> > I have a vsftp server and two users for up and download. > > If user Alice uploads a file, the owner is set to Alice as expected > "-rw-r--r-- alice ftpuploadgroup" > > Now Bob can login to the same folder and is able to rename the uploaded > file. > > Bob can also rename an uploaded folder, but can't rename a file in that > folder > > I'm confused, as I don't get why this is possible at all. > What are the permissions and ownership on the directory the uploads go in? If its group is 'ftpuploadgroup' and has group write permissions than any member of that group can rename files in that directory. If a user creates a directory, then that will have rwxr-xr-x permissions so they won't be able to rename files within that directory. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] vfstp and renaiming of files with ftp client
Hi, I have a vsftp server and two users for up and download. If user Alice uploads a file, the owner is set to Alice as expected "-rw-r--r-- alice ftpuploadgroup" Now Bob can login to the same folder and is able to rename the uploaded file. Bob can also rename an uploaded folder, but can't rename a file in that folder I'm confused, as I don't get why this is possible at all. Some vsftp magic? :) Can someone explain that to me? Thanks and regards . Götz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 149, Issue 3
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2017:1722 CentOS 6 cloud-init BugFix Update (Johnny Hughes) 2. CESA-2017:1721 Moderate CentOS 6 httpd Security Update (Johnny Hughes) 3. CESA-2017:1723 Important CentOS 6 kernel Security Update (Johnny Hughes) 4. CEBA-2017:1726 CentOS 6 procps BugFix Update (Johnny Hughes) 5. CEBA-2017:1729 CentOS 6 createrepo BugFix Update (Johnny Hughes) 6. CEBA-2017:1725 CentOS 6 iscsi-initiator-utils BugFix Update (Johnny Hughes) 7. CEBA-2017:1728 CentOS 6 ksh BugFix Update (Johnny Hughes) 8. CEBA-2017:1727 CentOS 6 selinux-policy BugFix Update (Johnny Hughes) -- Message: 1 Date: Wed, 12 Jul 2017 17:43:28 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2017:1722 CentOS 6 cloud-init BugFix Update Message-ID: <20170712174328.ga28...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2017:1722 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1722.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 331686a582aa27ec0d35a0049014faeb7286ad1cd9904c70d571604a35eaa1ad cloud-init-0.7.5-8.el6.centos.i686.rpm x86_64: 4ae9d1c89fc35a43d4ce377bdf7fc6ad5c80ce4a08d0bea0f7134e6f84c11582 cloud-init-0.7.5-8.el6.centos.x86_64.rpm Source: 71cefe8ff6acf44ca059a2efaa3ab5f5e549a6dc8d81e407ea593e6994449393 cloud-init-0.7.5-8.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS -- Message: 2 Date: Wed, 12 Jul 2017 17:44:05 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2017:1721 Moderate CentOS 6 httpd SecurityUpdate Message-ID: <20170712174405.ga29...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2017:1721 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1721.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d67958d7dfee6ea10ce3c5316dd69c36272a4e3484412d4a188277c8de69dfb4 httpd-2.2.15-60.el6.centos.4.i686.rpm 2485c99b0ab99176f9ad64f968a7c8a7c08491c368d6fc73480a9ea992472a97 httpd-devel-2.2.15-60.el6.centos.4.i686.rpm 260beddfb87916985f7e55cc9d45e0265d8eda006ee8158083194d3220b53478 httpd-manual-2.2.15-60.el6.centos.4.noarch.rpm a8f81b5f6b15a904333e629b75bcd0d6cd414c32792ece82686ff1d465d510b6 httpd-tools-2.2.15-60.el6.centos.4.i686.rpm 6c8454aec313335dcb390a92a5764f91ade08e059c953d8f07d8dfa3eb7f59f3 mod_ssl-2.2.15-60.el6.centos.4.i686.rpm x86_64: 7b10e1b00cebb3e6304e396297bac8dc746412036bda4d55eb29f4c5aabd0ea5 httpd-2.2.15-60.el6.centos.4.x86_64.rpm 2485c99b0ab99176f9ad64f968a7c8a7c08491c368d6fc73480a9ea992472a97 httpd-devel-2.2.15-60.el6.centos.4.i686.rpm 7b3829f2d1e5927214553715a7e9153f966874608157e88ea82fe56d550dbdf1 httpd-devel-2.2.15-60.el6.centos.4.x86_64.rpm 260beddfb87916985f7e55cc9d45e0265d8eda006ee8158083194d3220b53478 httpd-manual-2.2.15-60.el6.centos.4.noarch.rpm 90191f093fc7ed347e2468b2bedcc5d7dc3494b5a1815a0c830ece6d6ebd0da7 httpd-tools-2.2.15-60.el6.centos.4.x86_64.rpm 3ffce948b51b86b69701b0d2daf9586b0d94a018fc2a045463be77d3bbb72831 mod_ssl-2.2.15-60.el6.centos.4.x86_64.rpm Source: 27cd33d1b5c21503407b0fbcd1e30df8c4a712e00181a3411d76f9012d25e388 httpd-2.2.15-60.el6.centos.4.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS -- Message: 3 Date: Wed, 12 Jul 2017 17:45:55 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2017:1723 Important CentOS 6 kernel SecurityUpdate Message-ID: <20170712174555.ga29...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2017:1723 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1723.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 927051b28b0e44d5e74a1a4d367a7a874cd9b225cff8c22fcbc1baf59b99a41b kernel-2.6.32-696.6.3.el6.i686.rpm b12d1db312fa2114674a8389513ede10b44a1dbd
Re: [CentOS] Update of cloud-init in CentOS 7 Extras
> On 13 Jul 2017, at 01:55, Johnny Hughes wrote: > > On 07/12/2017 02:02 PM, Pierre Riteau wrote: >> Hello, >> >> The version of cloud-init packaged in CentOS 7 Extras is rather old (0.7.5, >> which was released in 2014). It is missing some functionality that we would >> like to use, as well as important bug fixes. >> Before I tackle rebuilding the package myself, I would like to know if there >> is a plan to update extras to a newer cloud-init version, or if has anyone >> has already updated cloud-init and would be happy to share the spec? >> > > I have just created a newer one for testing .. it is here: > > > https://buildlogs.centos.org/c7-extras/cloud-init/20170705233059/0.7.9-3.el7.centos.x86_64/ > > See if that one works for you and provide us some feedback .. it is > version 0.7.9-3.el7.centos > > Once we get some positive feedback and work out any bugs, this one will > get released. Thanks a lot Johnny! We will test and report our findings :-) Pierre Riteau Chameleon Lead DevOps Engineer ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync Error: Centos Mirror
On 12/07/17 08:44, Unsub Shafiq wrote: > Hi, > > I have recently been receiving the following errors when using rsync to > update my centos local repositories; > > rsync: send_files failed to open "/7/atomic/x86_64/repo/tmp/tmp.HBjcIF" > (in centos): Permission denied (13) > rsync: send_files failed to open "/7/atomic/x86_64/repo/tmp/tmp.SWIH0I" > (in centos): Permission denied (13) > > I have checked and the user that runs the rsync script has all > permissions to read and write into the destination folder (centos). What > may be the problem? > > Any help is appreciated. > It was an issue how the tree was generated so it's now fixed at the build side : https://github.com/CentOS/sig-atomic-buildscripts/pull/284 -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7, NM, and IPv6
On 12/07/17 16:13, m.r...@5-cent.us wrote: > Hi, folks, > >I and the other admin here have just been assigned a mission... here's > what's happening: only very recently - the last week? our CentOS 7 > boxes, or at least some of them, will lose their IPv6 addresses, and > not get it back. > >1. We're running dibbler on the same box that serves DHCP. >2. It's been working for many months. >3. The lease file remains in place. >4. It appears to try, several times, and then give up - as our >manager puts it, "I to renew the lease", "Here it is","Nope, >don't like that, try again", and eventually, after 4 or 5 or >so tries, gives up. > >One very show-stopping result of this is that NFS starts timing out. > >So: has anyone else seen this behaviour recently, and does anyone have > some idea of what might be going on here? > >mark > I admit that I'm a big fan of either static ipv6 or then just slaac/radvd for automatic addr assignement. But I was faced once with that dibbler problem, but don't know how the dibbler daemon was configured (nor how it's configured at your side either). From the discussion I had with the DC support people (online.net, hosting company in France) they wanted me to use a dibbler client, which I didn't want to, and they wanted me to specific the DUID that dibbler at the server side would use to recognize the dhclient request. So here is what I did (worth knowing that ipv6.method is set to 'ignore' from a NM PoV) : create the /etc/dhcp/dhclient.d/dhclient6.conf : interface "eth0" { send dhcp6.client-id my:long:duid:id:that:dibbler:wants:bla:etc ; } And then "plumb" it in a NetworkManager dispatcher.d script (I *really* like dispatcher.d script as you can take action when some interface are up/down, etc ): /etc/NetworkManager/dispatcher.d/99-ipv6-online.sh : #!/bin/bash IF=$1 STATUS=$2 if [[ "$IF" = "eth0" && "$STATUS" = "up" ]] ; then logger "IF $IF status changed to $STATUS" sleep 10 logger launching ipv6 client for $IF /usr/sbin/dhclient -cf /etc/dhcp/dhclient.d/dhclient6.conf -6 -P -v eth0 -nw fi YMMV but I hope that it will help you PS : never looked at this again but maybe NM has now a way to specify that directly ? -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog stops logging on service reload?
On 09/07/17 18:37, John Jasen wrote: > I have multiple servers running stock CentOS 7 rsyslog 7.4.7-16.el7, > which are configured to log locally and over TCP to a remote logserver, > also running stock CentOS 7 rsyslog. The remote server uses imptcp to > receive, and pretty basic rules to parse and commit to disk. > > I have several systems that log prolifically, but periodically, they > stop soon after the remote log server HUPs (daily logrotate). Very soon > after they stop logging (completely, even to local files), the services > on these systems block, and our monitoring system starts alerting. > Restarting rsyslog on the clients proves ineffectual. > > The situation may clear itself without intervention after 90 minutes to > several hours. > > However, this does not happen on all client systems in a similar > situation (CentOS 7, large volume of constant log data); nor does it > happen daily. > > Any ideas as to what's going on? > > Thanks in advance. > Sorry for the late answer, but can you give more details ? I remember having seen that kind of issue only when sending other logs that the default one (so when using imfile plugin, tracking other files like httpd logs as an example) What are your rules ? How is the network between all those nodes ? I had also an issue over "unreliable" network with buffer/queue and also when the receiver had his main msg queue size too small. Some parameters that can help (?) : # sender size $WorkDirectory /var/lib/rsyslog # default location for work (spool) files $ActionQueueType LinkedList # use asynchronous processing $ActionQueueFileName forwardqueue # set file name, also enables disk mode $ActionResumeRetryCount -1 # infinite retries on insert failure $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down # receiver side $MainMsgQueueSize 10 -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7, NM, and IPv6
On Wed, 12 Jul 2017 19:22:20 -0400 mark wrote: > On 07/12/17 12:09, Gordon Messmer wrote: > > On 07/12/2017 07:13 AM, m.r...@5-cent.us wrote: ... > > NM tends to log fairly verbose information. It sounds like you've > > looked at the network traffic. Have you looked at the logs on the > > affected systems? ... > Next, there is *nothing*, not in dmesg*, not in /var/log/messages, to > indicate when it failed, nor any failure message. No indication why > the daemon didn't restart it. > > * Ok, I've got one good thing to say about C7: dmesg -H. Love it. Maybe I can get that up to two good things... # journalctl -u NetworkManager # with optional -r for newest first Is rather convenient when looking for logs for a specific unit/service. A small added complexity is that there are two typically active units. "NetworkManager.service" and "NetworkManager-dispatcher.service" (.service can be omitted). /Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos