Re: [CentOS] Moving from mdadm raid 0 to single disk
On Jan 11, 2022, at 20:11, Alexandre Leonenko wrote: > Hopefully a quick question. I'm going to move the filesystem of a raid 0 > mdadm to a single disk. > The filesystem is just a data drive, can I just dd if=/dev/md0 of=/dev/sdc ? > Or should I rather rsync the files directly? You should use whatever appropriate tools to copy the files directly. The “dd” program is not a backup or data transfer program. It is especially bad for your request. If you did that, you’d be copying every bit on the disk, whether it is used or not. It would get hung up and exit prematurely if it encountered a bad sector (even if the filesystem had it marked in the list of bad blocks). It would create a disk layout that could potentially have significantly worse performance. Better to create a proper partition table and filesystem(s), optimized to the new disk, and use one of the many tools to copy over the actual data. Use the file system’s dump/restore, tar, rsync, etc. There are a small number of cases where “dd” is the right tool. Backups and data transfer is not one of them. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] something is hammering non-existant floppy
On Dec 11, 2021, at 23:19, Jon LaBadie wrote: > > On my CentOS7 system, I'm getting message sequences in > /var/log/message and in the journal that are nearly identical > to the sequence below. They come in multiple times per second. > > I've deleted the timestamps and system name from the messages. > > kernel: floppy0: Getstatus times out (0) on fdc 0 > kernel: kernel: floppy driver state > kernel: --- > kernel: now=4476158515 last interrupt=4476158452 diff=63 last called > handler=reset_interrupt [floppy] > kernel: timeout_message=floppy start > kernel: last output bytes: > kernel: 8 81 4388061306 > kernel: 3 80 4388061326 > kernel: d1 90 4388061326 > kernel: a 90 4388061326 > kernel: 7 90 4388061326 > kernel: 0 90 4388061326 > kernel: 8 81 4388061730 > kernel: 3 80 4388061751 > kernel: c1 90 4388061751 > kernel: 10 90 4388061751 > kernel: 7 80 4388061751 > kernel: 0 90 4388061751 > kernel: 8 81 4388062074 > kernel: 7 80 4388062075 > kernel: 0 90 4388062075 > kernel: 8 81 4388062399 > kernel: 8 80 4402157917 > kernel: 8 80 4402213377 > kernel: 8 80 4476158452 > kernel: 12 80 4476158471 > kernel: last result at 4476158452 > kernel: last redo_fd_request at 4476158471 > kernel: status=0 > kernel: fdc_busy=1 > kernel: timer_function=c01daf70 expires=2957 > kernel: cont=c01dc400 > kernel: current_req=9b0e72239c80 > kernel: command_status=-1 > kernel: > I persume something is trying to access the system's > floppy disk drive that does not exist. But I have > been unable to identify what's triggering all this > activity. > > Any suggestions? Any chance you have something like automount/autofs set up with a mountpoint for the floppy device? — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).
On Sat, Nov 13, 2021 at 12:02:24PM -0500, Jonathan Billings wrote: > You'll want to add to CFLAGS="-Wl,-rpath,/usr/lib64/openssl11", so the > linker adds the RPATH to the executable. The alternative is to set $LD_LIBRARY_PATH, of course, but that is often something that can pollute the environment, so any subshells will get confused and use your custom openssl and potentially break software. It'll get suggested though. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).
On Tue, Nov 09, 2021 at 06:17:32PM -0800, Gordon Messmer wrote: > On 11/9/21 09:30, Kaushal Shriyan wrote: > > #*./configure LDFLAGS="-L/usr/lib64/openssl11"* > > > I believe that at a minimum, you would need: > > ./configure LDFLAGS="-L/usr/lib64/openssl11" > CFLAGS="-I/usr/include/openssl11" > While you might be able to compile the software with those flags, you'll not be able to run anything with libraries out of the standard search path. And you don't want to add this openssl to the standard search path, because it will break packaged software. You'll want to add to CFLAGS="-Wl,-rpath,/usr/lib64/openssl11", so the linker adds the RPATH to the executable. Remember not to use this trick when creating RPMs, because that's generally frowned on and can make rpmbuild complain. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ifconfig not showing virtual IP when using NetworkManager
> On Oct 26, 2021, at 16:03, Jerry Geis wrote: > > When using NetworkManager instead of the ifcfg-eth1/eth0 files - I make a > nmcli connection and modify "Wired connection 1" +ipv4.addr IP/22 > kind of command - it works - which is great. It "adds" the virtual IP. > > However - when doing ifconfig that "virtual" IP does not show up. When > using NetworkManager - to add the virtual IP - how do I get that to show > using ifconfig also ? > it used to show as eth1:0 1.) The “ifconfig” command is deprecated. Use the “ip” command instead, or “nmcli” to interact with NetworkMamager. 2.) “ifconfig” can’t show multiple IPs on an interface, one of the reasons why it is deprecated. 3.) Don’t use “eth0:1” style virtual interfaces, that was a hack for ifconfig to support multiple IPs. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FYI, Chrome no longer supported on Centos7.
On Oct 22, 2021, at 15:33, Zube wrote: > > On Fri Oct 22 01:25:33 PM, m...@tdiehl.org wrote: > >> Hi, >> >> FYI, it looks like Google has decided to drop support for Chrome on Centos 7. >> >> (tigger pts9) # yum install google-chrome-stable >> Loaded plugins: changelog, fastestmirror, langpacks, nvidia, priorities >> Loading mirror speeds from cached hostfile >> * elrepo: mirror.pit.teraswitch.com >> 10 packages excluded due to repository priority protections >> Resolving Dependencies >> --> Running transaction check >> ---> Package google-chrome-stable.x86_64 0:95.0.4638.54-1 will be installed >> --> Processing Dependency: libc.so.6(GLIBC_2.18)(64bit) for package: >> google-chrome-stable-95.0.4638.54-1.x86_64 >> --> Finished Dependency Resolution >> Error: Package: google-chrome-stable-95.0.4638.54-1.x86_64 (google-chrome) >> Requires: libc.so.6(GLIBC_2.18)(64bit) >> You could try using --skip-broken to work around the problem >> (tigger pts9) # > > Looks like they are working on it: > > https://bugs.chromium.org/p/chromium/issues/detail?id=1261617 Good News! It looks like Google has a fix that will restore support for CentOS 7. https://bugs.chromium.org/p/chromium/issues/detail?id=1261617#c26 TL;DR: the fix will show up in the google-chrome-unstable package v97.0.4677.0. Eventually a fixed version will be available as the stable package. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FYI, Chrome no longer supported on Centos7.
On Fri, Oct 22, 2021 at 04:29:56PM -0400, m...@tdiehl.org wrote: > On Fri, 22 Oct 2021, Zube wrote: > > > On Fri Oct 22 01:25:33 PM, m...@tdiehl.org wrote: > > https://bugs.chromium.org/p/chromium/issues/detail?id=1261617 > > Thanks for the info. I missed that when I was googling for a solution. > Hopefully it will not take to long to fix. Don't hold your breath. If it doesn't make money for Google, they're not likely to make any effort. And Google is the king of killing products. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How do I install the "right" python3-tkinter in CentOS Stream 8?
On Sep 21, 2021, at 14:49, Steven Rosenberg wrote: > > In CentOS Stream 8, A yum upgrade just upgraded platform-python to > platform-python-3.6.8-41.el8.x86_64.rpm. The upgrade wouldn't go > through until I removed python3-tkinter-3.6.8-40.el8.x86_64. > > Now I want to reinstall python3-tkinter, and the only version yum is > offering is 3.6.8-40, and it offers to downgrade platform-python to > 3.6.8-41. > > > python3-tkinter-3.6.8-37.el8.x86_64.rpm > > python3-tkinter-3.6.8-38.el8.x86_64.rpm > > python3-tkinter-3.6.8-39.el8.x86_64.rpm > > python3-tkinter-3.6.8-40.el8.x86_64.rpm > > python3-tkinter-3.6.8-41.el8.x86_64.rpm > > How do I get yum/dnf to let me install the "right" one (3.6.8-41)? The python3-tkinter package is a sub package of the python3 source package, which includes platform-python. They are versioned together, so you can’t upgrade one without needing the updates for the other. Since python3-tkinter is in AppStream, maybe you don’t have that enabled? You need the 8Stream repo, not the one for base 8. See the spec file to see it is a sub package: https://git.centos.org/rpms/python3/blob/c8s/f/SPECS/python3.spec#_830 — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dcfldd
On Fri, Sep 03, 2021 at 12:58:14PM -0400, Jerry Geis wrote: > But the image was not actually written to the three disks. It still just > has a single partition - the default partition. Were the disks mounted when you wrote to them? Did you eject and re-insert them after writing to them? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading (?) from legacy boot to UEFI
On Aug 28, 2021, at 05:58, Rob Kampen wrote: > > As to the RH decision to default to a legacy boot / MBR oriented install > based upon size of disk ... words fail me. I don’t think that it chooses legacy boot based on the size of disk, but based on how you booted the installer. If you booted from the installer as a legacy boot item, it installs as a legacy bootloader, but if you disable the BIOS option to use a legacy bootloader, it will boot the installer as a UEFI boot and choose to install a UEFI grub2 setup. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading (?) from legacy boot to UEFI
On Aug 28, 2021, at 05:58, Rob Kampen wrote: > > Yeah, it is astounding to me that RH does not define their implementation of > the grub2 grub.cfg file with particular focus on the things that are > different between legacy boot and UEFI. Also what (if any) differences there > may be in the initramfs and vmlinuz files between the two boot options. then > we have the various .efi files with little or no documentation. So we are > left with anaconda I don’t think migrating from a legacy bootloader to UEFI (on the same hardware) is a common enough process to document. I do notice you have a kernel listed with a .efi extension, and I’ve never seen that before. Typically on a UEFI C7 system, all the kernels and initrds are in /boot. Only the EFI executables and supplementary grub files are in the /boot/efi volume (normally /boot/efi/EFI/CentOS). I don’t know where you got that kernel efi file. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Annoying shortcut
On Aug 26, 2021, at 22:33, mark wrote: > > For at least this year, I'm finding that whether I'm in LibreOffice, or > Thunderbird, or Firefox, if I do *something*, and I haven't identified what, > backspace will delete the entire word, though I haven't hit ctrl-bkspc. In > system settings, it should only be the ctrl-bkspc. > > Has anyone else seen this behavior? Sounds to me like you’ve enabled sticky keys: https://help.gnome.org/users/gnome-help/stable/a11y-stickykeys.html.en -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GNOME UI / gnome-shell broken
On Tue, Aug 24, 2021 at 08:07:10PM +0200, Felix Natter wrote:
>
> hello CentOS7 users,
>
> I have an up-to-date Scientific Linux 7 (_very_ similar to CentOS7).
>
> The problem is that if one user (we have central homes) logs into any
> machine, we only see a desktop with icons, but no window decorations or
> top/bottom bars ("panels") (for both gnome-classic and gnome3).
When you say you have "central homes", does that mean they're a
network filesystem? What kind of filesystem? If it's NFS, do you
have the use_nfs_home_dirs SELinux boolean enabled?
--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A Blast from the past
On Tue, Aug 17, 2021 at 05:02:02PM +0100, Mark Woolfson wrote: > Unfortunately the manufacturer of our application software will only support > it on RHEL/CentOS 7.0. I have asked and that is all they say. This is absurd. The 7.0 kernel has so many vulnerabilities that are well known and well documented, they're forcing you to run a kernel that can be trivially exploited. I would seriously push back with the manufacturer. Does it have a custom kernel module that it requires? Or did they only test it on RHEL or CentOS 7.0 and never updated their documentation? In the past, I've asked vendors that tried this kind of nonsense if they're willing to indemnify their customers for any security issues that arise as a result of using their product. Feel free to list all the CVEs in the current CentOS 7 kernel. I see there are 1,125 CVEs mentioned in the kernel changelog. It won't hold any legal water, most likely, but it might get someone to at least look closer at the issue. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newest kernel issue, C7
On Wed, Aug 04, 2021 at 09:38:11AM -0400, m.r...@5-cent.us wrote: > > On 2021-08-03 10:20, Jonathan Billings wrote: > > On Tue, Aug 03, 2021 at 10:17:09AM -0400, mark wrote: > > > Just fullyu updated yesterday. The reboot gets past Centos (core)... > > > and > > > reboots. Repeatedly. messages *look* as though it got up... and then > > > reboot. > > > > Are you booting into graphical.target (gdm) or multi-user.target (text > > login)? Have you removed 'rhgb quiet' from the kernel parameters to > > see what it is doing? Can you boot into the rescue target and poke > > around in the journal to see what's going on? > > Since I.m traveling, I.ll do some when I get home...but as a sysadmin, I > *always* remove the rhgb quiet. Iknow it got past the base, and had gotten > to welcome to:, Sometheing shortly after that, it reboots. Is there still > the interactive option? If so, I can use that... thanks No, there's no longer an interactive option, since it's no longer a linear boot. Any chance that you're seeing: Welcome to emergency mode! After logging in, type "journalctl -xb" I suspect that you're dropping into emergency mode, but it is failing to launch the login prompt and rebooting. You could append 'rd.break' to the kernel command line in grub2 to make the initramfs break before trying to switch over to the boot OS, so you could poke around a bit more. The OS is in the /sysroot dir, you can chroot and run commands like rpm -V and journalctl to see if there's any useful data. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newest kernel issue, C7
On Tue, Aug 03, 2021 at 10:17:09AM -0400, mark wrote: > Just fullyu updated yesterday. The reboot gets past Centos (core)... and > reboots. Repeatedly. messages *look* as though it got up... and then reboot. Are you booting into graphical.target (gdm) or multi-user.target (text login)? Have you removed 'rhgb quiet' from the kernel parameters to see what it is doing? Can you boot into the rescue target and poke around in the journal to see what's going on? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VzLinux - Opinions? Thoughs, Comments? - no microsoft involvement/contamination
On Wed, Jul 28, 2021 at 08:56:29AM -0400, mario juliano grande-balletta wrote: > > Anyone using or working with VzLinux, seems to be an upstream distro of > CentOS/RHEL and no vendors involved > Would love to hear experiences. > thanks! Please start a new thread rather than replying to an existing thread, thanks! For what its worth, I'm not sure what you mean in your subject about Microsoft involvement/contamination. What does that have to do with anything? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VzLinux - Opinions? Thoughs, Comments? - no microsoft involvement/contamination
On Wed, Jul 28, 2021 at 09:16:48AM -0500, Jon Pruente wrote: > No vendors? It's the product of a single vendor, the long running Linux > hypervisor platform creator Virtuozzo. They made it to run on their OpenVZ > hypervisor platform. > > https://www.virtuozzo.com/product-updates/virtuozzo-vzlinux-8-4-now-available/ And it does appear to be downstream from RHEL, another rebuild like Alma, Rocky, Springdale, etc. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hosts.deny, fail2ban etc.
On Jul 28, 2021, at 08:44, Jonathan Billings wrote: > > For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset > rather than iptables, which is more efficient. That’s in CentOS 7 though. CentOS 8 firewalld uses nft instead of the older netfilter (iptables/ipset) code. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hosts.deny, fail2ban etc.
On Jul 27, 2021, at 16:43, H wrote: > > |Running CentOS 7. I was under the impression - seemingly mistaken - that by > adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* would ban all > attempts from that network segment to connect to the server, ie before > fail2ban would (eventually) ban connection attempts. > > This, however, does not seem correct and I could use a pointer to correct my > misunderstanding. How is hosts.deny used and what have I missed? > > Is it necessary to run: > > iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP > > to drop incoming connection attempts from that subnet? Upstream openssh dropped support for tcp wrappers (hosts.deny) a while ago but RHEL had patched support back in for a while, but I believe it isn’t supported anymore. For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset rather than iptables, which is more efficient. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Difference between CentOS Linux and CentOS Stream
On Mon, Jul 19, 2021 at 09:31:30PM +0530, Kaushal Shriyan wrote: > I am confused between CentOS Linux and CentOS Stream as per > https://www.centos.org/download/. Please guide me on which one I need to > use in the production environment. Is there a difference between CentOS > Linux and CentOS Stream? > > Thanks in advance and I look forward to hearing from you. I think a lot of good answers can be found here: https://www.redhat.com/en/blog/faq-centos-stream-updates So, the short answer is that CentOS 8 goes end of life at the end of December, 2021. So it is fine for production use until that point. However, CentOS 8 Stream should be fine for most uses. My only concern will be for people who use 3rd-party kernel module repositories like ELRepo.org for support of their hardware (such as RAID drivers). ELrepo doesn't plan on building a kmod for the kernels in CentOS Stream, so it would be a painful transition from 8 to 8-stream. But if you aren't using any 3rd-party kernel modules, you should be fine. The Kmod SIG plans to try to build GPL'd kmods for CentOS Stream kernels, but we're just starting up now. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auditing all Linux clients with centralised server
On Fri, Jul 09, 2021 at 08:14:06AM -0400, mario juliano grande-balletta wrote: > WAKE UP! Whew, I needed a wake up call! I was falling asleep at my keyboard! In all seriousness, I think forwarding the audit logs works, and if you just want to track when users execute a program, you'll need to add an audit rule. I believe we had something like this in /etc/audit/rules.d/: -a exit,always -F arch=b64 -F euid>1000 -S execve -a exit,always -F arch=b32 -F euid>1000 -S execve This captured all execve() syscalls for users with an effective User ID greater than 1000 (so not to audit system processes). We didn't actually send it to a remote auditd server, though, because it was so chatty and we had a lot of users and workstations. We had an Elasticsearch cluster and sent the audit logs directly with logstash and then Beaver (https://python-beaver.readthedocs.io/en/latest/) This was done because we had redundant ingesters and a cluster of ES servers so logs were less likely to be dropped. Then we had some simple frontends for the ES cluster to make it so we could quickly bring up what processes a user ran on what system. (The kibana interface is nice but too complex for a super simple query like that.) Along with collecting OS statistics like load, memory use, etc., we could track what users ran and how much resources they used. Of course, at this job, we dropped all that and switched to Crowdstrike Falcon, a commercial security tool that does largely the same thing but with a proprietary LSM. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On Thu, Jul 08, 2021 at 08:39:19AM -0500, Valeri Galtsev wrote: > Well, I fled servers from CentOS to FreeBSD almost a decade ago. And > actually not From CentOS per se, but from Linux. One of the reasons > was: every 45 days on average: glibc or kernel update —> reboot. One > of my friends started using word “Lindoze”. Linux is perfect for > number crunchers and workstations. FreeBSD is waaay better for > servers. In my book that is. > > Just straightening small nuance. If you aren't rebooting your FreeBSD systems regularly, you're just as vulnerable. https://www.freebsd.org/security/advisories/ I see one less than 45 days ago that requires a reboot because of a kernel security measure bypass. Long uptimes are a thing of the past. Build redundancy into your infrastructure so you can handle reboots. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [C8 stream] update
On Thu, Jul 01, 2021 at 12:53:47PM +0200, Helmut Drodofsky wrote: > actual, C8 stream update only with > exclude platform-python-pip-9.0.3-20.el8.noarch net-snmp* ? I see all of these available in CentOS Stream 8: # dnf list platform-python-pip net-snmp\* Last metadata expiration check: 0:11:19 ago on Thu 01 Jul 2021 09:15:43 AM EDT. Installed Packages platform-python-pip.noarch 9.0.3-20.el8 @baseos Available Packages net-snmp.x86_64 1:5.8-22.el8 appstream net-snmp-agent-libs.i6861:5.8-22.el8 appstream net-snmp-agent-libs.x86_64 1:5.8-22.el8 appstream net-snmp-devel.i686 1:5.8-22.el8 appstream net-snmp-devel.x86_64 1:5.8-22.el8 appstream net-snmp-libs.i686 1:5.8-22.el8 baseos net-snmp-libs.x86_641:5.8-22.el8 baseos net-snmp-perl.x86_641:5.8-22.el8 appstream net-snmp-utils.x86_64 1:5.8-22.el8 appstream # grep -ri exclude /etc/dnf/ /etc/yum.repos.d/ # I'm not sure if I'm understanding your question. Are you missing them? Do you have dnf excludes defined somewhere? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with default shell
On Wed, Jun 23, 2021 at 03:13:23PM -0600, Warren Young wrote: > The question then is, do you really *want* local logins to require > the LDAP server to be up before it’ll accept a login? If an LDAP > package upgrade roaches things, do you want to be forced to reboot > into single-user mode to fix it? If there’s a network outage > between this box and the OpenLDAP server, are you going to wait to > log in locally as well until the network’s fixed? It isn't a bad idea to have users in LDAP, if you've got a redundant or clustered LDAP service, although I'd only suggest using LDAP for authorization (can the user log in? what groups are they in?) and not authentication (is the user who they claim to be?). I usually use Kerberos for authentication. In an enterprise environment, if the network is down, we don't want users logging in, because logging won't be collected and the user won't be able to use network resources anyway (such as network printers, home directory, licensed software, etc.). Admins typically have a local account defined but still use network authentication, but honestly, yes, we'd prefer to restrict local login authentication completely -- it makes it easier to manage access centrally. (I also took advantage of the fact that local users had a different GID to put them in a different SELinux confined user group, so they had different access rights anyway) We do this for servers and workstations. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pass on CentOS 7
On Wed, Jun 16, 2021 at 03:39:26PM +0200, wwp wrote: > I read here and there that `pass` is available for CentOS 7 through the > EPEL repository. In which I cannot find it :-). I see it available for > C8 but not C7. Was it removed? This is probably more appropriate for one of the EPEL lists, but: You can see in the epel7 branch for the 'pass' package: https://src.fedoraproject.org/rpms/pass/blob/epel7/f/dead.package that it refers to this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1639806 which says: The latest version of 'pass' uses the '-C' git option which is not available in the git version available on CentOS 7. so they removed it from epel7. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to get reliable/open source license manager
On May 28, 2021, at 08:49, qw wrote: > > I have developped one python application. I need open source license server > to manage the app via local network. Where can I get this kind of open source > project? If your code is written in Python, what’s to stop users from just rewriting the license check? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenSSH 8.6/8.6p1 on CentOS Linux release 7.9.2009 (Core)
On Tue, May 25, 2021 at 03:29:51PM +0530, Kaushal Shriyan wrote: > I am running openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release > 7.9.2009 (Core). Is there a plan to introduce OpenSSH 8.6/8.6p1 version > on CentOS Linux release 7.9.2009? > > #cat /etc/redhat-release > CentOS Linux release 7.9.2009 (Core) > #rpm -qa | grep -i ssh > openssh-clients-7.4p1-21.el7.x86_64 > libssh2-1.8.0-4.el7.x86_64 > openssh-7.4p1-21.el7.x86_64 > openssh-server-7.4p1-21.el7.x86_64 > # > > Please guide. Thanks in advance. > > More Info:- https://www.openssh.com/releasenotes.html It's unlikely. RHEL7/CentOS7 is in maintenance support mode, so no new major feature changes are expected. Only major security/bug fixes are expected to be introduced. See this chart for more details: https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle The version in CentOS 7 isn't simply the version from OpenSSH, many features and securify fixes have been backported in the past, so if there's something in particular you are looking for, please mention it. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IUS repository for CentOS Linux release 8.x
On Tue, May 18, 2021 at 11:19:17PM +0530, Kaushal Shriyan wrote: > I am running CentOS Linux release 8.3.2011. I am referring to > https://ius.io/setup to set up the IUS repo for CentOS 8.3. Is CentOS 8.x > not supported? No, they only have packages for EL7. Here is their reasoning: https://github.com/iusrepo/iusrepo.github.io/blob/main/markdown/faq.md#why-doesnt-ius-have-packages-for-rhel-8 -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using Cgroups in CentOS-7
On Tue, May 18, 2021 at 08:33:37AM +, Gestió Servidors wrote: > I want to limit CPUQuota and Memory using "Cgroups". After reading > some documents, it seems I need to modify "user.slice" systemd file > adding "CPUQuota=25%" (for example) but, after it, if I run a > "stress" with other user (not "root"), stress process takes 100% > CPU. I have noticed that rebooting system non-root user has % CPU > limited... but also root... so is it possible to configure that > limits to all users but non root? Make sure you also turn on CPUAccounting=true. Unfortunately, if you put any CPUQuota settings in user.slice, it will apply it as a group to all users (including root). So, every logged in user, in total, will not be able to use more than 25%, not per-user. (so, if two users start stressing the CPU, they'll each only be able to get around 12.5% each) CentOS 7 doesn't have a mechanism to set per-user CPU quota, that functionality wasn't introduced into a later version of systemd (it does work in CentOS 8, use user-.slice which is a "template" for user-1000.slice, user-1001.slice, user-999.slice, etc.) You can always set the resource control settings per-user by specifically writing a user-1000.slice, user-1001.slice, etc. What I did was write a systemd service that subscribed to the dbus messages for logins and activated the CPUQuota as the user logged in using systemctl --runtime. I had tens of thousands of users logging in via Active Directory, which changed constantly, so I couldn't hard-code anything. I suggest using the 'systemd-cgtop' command to look at what unit is using resources, it is helpful for debugging. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemd and 'Stale file handle' errors?
On Thu, May 13, 2021 at 02:15:15PM +, James Pearson wrote: > > I have a CentOS 7 system where I needed to restart chronyd - but the > systemctl restart failed with the error: > > systemd[1]: Starting NTP client/server... > systemd[43578]: Failed at step NAMESPACE spawning /usr/sbin/chronyd: Stale > file handle > systemd[1]: chronyd.service: control process exited, code=exited status=226 > > Turns out there are a couple of Stale NFS file handles from fuse > mounts (related to gvfsd) of sub directories under an NFS mounted > home directory server - but the home directory for the user in this > case, no longer exist (user has left) > > However, I have no idea why these 'Stale file handles' prevent a > service being started by systemd ? > > In this case, chronyd has nothing to do with NFS mounted user home > directories - so shouldn't really care ? > > I have tried everything I can think of to clear these stale mounts, > but with no luck > > Does anyone know why systemd complains about unconnected 'Stale file > handles' - and is there any way I can tell systemctl to start a > service regardless of these 'errors' ? > > Rebooting the host will be a last resort (the system is used by many > users) - but in the meantime, I've manually started the > /usr/sbin/chronyd binary directly, which runs fine So, the chronyd systemd unit looks like this: # /usr/lib/systemd/system/chronyd.service [Unit] Description=NTP client/server Documentation=man:chronyd(8) man:chrony.conf(5) After=ntpdate.service sntp.service ntpd.service Conflicts=ntpd.service systemd-timesyncd.service ConditionCapability=CAP_SYS_TIME [Service] Type=forking PIDFile=/var/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS ExecStartPost=/usr/libexec/chrony-helper update-daemon PrivateTmp=yes ProtectHome=yes ProtectSystem=full [Install] WantedBy=multi-user.target So, you'll notice there are "ProtectHome=yes" and "ProtectSystem=yes" settings in the Service section. This sets up a private namespace for the systemd unit so /home, /root and /run/user are made inaccessible and empty (ProtectHome), and /usr, /boot and /etc are read-only (ProtectSystem). It does this to reduce the ability of a malicious NTP server attacking the system through bogus NTP traffic (which is a real thing that can happen). Many systemd services limit their processes this way. I suspect that is why you're seeing stale file handle errors, the kernel can't set up the namespace for directories that are now stale on the system. You can probably just do a lazy unmount (umount -l) to make them go away until you reboot. You can also disable the namespaced directories by doing a 'systemctl edit chronyd.service' and setting the options to 'off', but you'll be reducing the security of your system. We've seen some weird stuff in the past related to this feature. For example, I couldn't unmount /home because a service with ProtectHome=read-only was running (cups), and 'fuser' and 'lsof' didn't show anything was using it. It's because the kernel namespace stuff operates as a mountpoint, so it's all kernel. Another fun issue I discovered is that we had some locally-developed services that used files in /tmp as a communication channel, and with PrivateTmp=yes set, they no longer could communicate. So it forced us to actually do the right thing and use more appropriate methods. It is kinda confusing but I do appreciate that I now have a lot of ways I can now lock down services beyond simple UNIX permissions. systemd is a rather neat init system. My complaints with it usually are with the parts that reach outside of being an init system (I'm looking at you, systemd-logind and systemd-resolved). -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yumex for CentOS 8.3
On May 8, 2021, at 21:57, Robert G. (Doc) Savage via CentOS wrote: > > On Sat, 2021-05-08 at 13:53 -0600, Frank Cox wrote: >>> On Sat, 08 May 2021 14:46:58 -0500 >>> Robert G. (Doc) Savage via CentOS wrote: >>> >>> CentOS 8.3, >> ... >>> yumex-3.0.15-1.el7.nux.noarch >> >> Centos 8.3 is not el7. > > Frank, > > Well rats. It seems dnfdragora didn't make it into EL or CentOS, I guess > there's no graphical package manager left. In addition, it appears you’ve added a Nux yum repo for el7 to your el8 system, so you need to fix that too. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
> On Apr 27, 2021, at 11:32, Johnny Hughes wrote: > > You would be hard pressed to find many FUNCTIONAL differences between > Stream and CentOS Linux // just as you would be hard pressed to find > many differences between RHEL 8.2 and RHEL 8.3, for example. > > Are there some differences? Sure. > > If people don't want stream, then by all means , use something else. This is true within the narrow scope of just CentOS/RHEL, but if, for example, you rely on ELrepo for kmods for hardware that Red Hat dropped support for, you’ll be sadly unable to use those kmods on Stream (elrepo isn’t supporting Stream[1]). There will also be inconsistencies with other third party repos and commercial software that focus exclusively on RHEL when Stream gets major version bumps ahead of RHEL. Certainly it will be an opportunity for those vendors to get their product working on Stream, so they’ll be prepared for the next RHEL release. But this is why people are calling it a beta test for RHEL. Yes, Steam running with only their core repos and software from within CentOS is tested and QA’d. But if you want to use Stream in a larger software context, be prepared for missing support and unexpected breakages. The only use I will consider Stream for will be as a test for upcoming RHEL releases, not as something I will ever want actual users to touch. (And maybe that’s ok) 1. http://elrepoproject.blogspot.com/2021/01/elrepo-and-centos-stream.html?m=1 -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with RequiresMountsFor defined in a systemd service
On Wed, Apr 21, 2021 at 07:36:26AM +, Carlos Lopez wrote: > > Hi all, > > I have setup a systemd service that needs to mount a NFS share before > starts. To accomplish this I have defined: > > RequiresMountsFor=/data/sysos > > As a dependency in [Unit] section but it doesn’t work. NFS share is defined > in fstab with “defaults,noauto” options also .. > > What am I doing wrong? How can I debug this? Having 'noauto' in the fstab options means that it can only be mounted explicitly, and not through automatic mounting (which is what systemd would do if you set it up as an automount). You need to either fix it so it gets mounted on demand, or use some other method to start it. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] include file
On Mon, Apr 19, 2021 at 02:28:19PM +0100, Mark Woolfson wrote: > I am trying to build some drivers under CentOS 8.3 using scripts which work > on CentOS 8.2. > > However, I am now missing the include file drm/drmP.h. > > Please can you tell me where I can find this file. I believe drm/drmP.h was removed from the kernel in the v5.5-ish era, so I suspect that part of the kernel must have been backported to the CentOS 8.3 kernels. You'll need to update your code to use the new drm subsystem. I believe the nvidia drivers had to do this too. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD
On Apr 4, 2021, at 14:08, Gordon Messmer wrote:
>> $ cat /etc/krb5.conf
>> [libdefaults]
>> default_ccache_name = KEYRING:persistent:%{uid}
>
> Specifically, I thought that sssd defaults to KCM storage for kerberos
> credentials, not the kernel keyring. You might be seeing an SELinux
> deny due to non-default ccache storage.
Only if sssd-kcm is installed. Otherwise the keyring is default. I normally use
the keyring on my systems. No selinux issues there.
--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.3
On Thu, Mar 18, 2021 at 04:44:18PM -, Mark Woolfson wrote: > I have a requirement to load CentOS 7.3 on to a server. I have the > distribution on a bootable USB key. I know this comes up on the list quite often, but if you want security updates for 7.3, you're going to end up with 7.9 + patches, so why are you making your life difficult and installing such an old release? If a vendor is telling you that you have to run a particular version, perhaps you should consider finding another vendor, the baseline 7.3 has a lot of glaring vulnerabilities in it that are readily exploitable. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel-devel package newer than installed kernel
On Mar 8, 2021, at 07:37, Mauricio Tavares wrote: > > Unfortunately, the latest kernel listed by rpm agrees with uname: > > [raub@testbox ~]$ rpm -qa kernel > kernel-4.18.0-193.el8.x86_64 > kernel-4.18.0-240.10.1.el8_3.x86_64 > [raub@testbox ~]$ It appears as though you don’t have all the latest package updates. Does “dnf upgrade” bring down a new kernel package? If not, do you have some local changes to your dnf config that might prevent kernel updates? Or an alternative CentOS repository that is out of date? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What to do when a selinux policy doesn't work?
On Feb 26, 2021, at 17:16, hw wrote: > Ejabberd is supposed to expire files when they are older than desired, and > selinux prevents it. How can I solve this problem other than by disabling > selinux or by deleting the files manually? It’s possible that you are only capturing part of the process, such as a stat() before unlink(), so it still fails. You need to capture the entire process. Temporarily set it to permissive (setenforce Permissive) and let it do what it does (is there a way to force it?). Then you should use ausearch to find the AVCs over the time period when it ran, and pipe that into audit2allow. HOWEVER... There’s probably a better solution than blindly creating a module. You need to figure out what the correct SELinux attribute to put on the directory so you don’t need a module. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On Thu, Feb 25, 2021 at 02:12:39PM +, J Martin Rushton via CentOS wrote: > I was recently looking at Raymond's book "The Art of UNIX Programming" from > 2003. He, along with contributors Thompson (inventor of UNIX), Kernigham (C > and AWK), Korn and others of that callibre, espouse creating "little tools" > that do one job reliably and well. The likes of Gnome or systemd certainly > would never fit into this philosophy. I really think we have lost a lot of > maintainability and ease of management over the last 20 years as > applications are stretched to do ever more. If every tool we used were self-contained, build-it-all-from-scratch, our desktops would be a huge mess. Nothing would work with another tool, you'd have widely varying user interfaces, you'd never have something like X11 or Wayland. Sure, that attitude is fine for command line tools, but a huge part of the open source world is taking advantage of toolkits provided to make life easier for the programmer. The world is a lot more complicated than in the K&R days. When I worked at Princeton, Kernighan was teaching courses using Python (and Go now, I think). (Really cool guy) Heck, 'systemd' is a really complicated beast, but it doesn't have a huge number of interconnected dependencies. I think bringing it up isn't really appropriate for this thread, since it actually does a pretty good job of keeping the requirements down, so it can run in minimal instances. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Date question
On Wed, Feb 17, 2021 at 01:57:50PM -0500, Jerry Geis wrote: > > SO from the man page on date I can do > > current=`TZ=":America/Indianapolis" date` > echo $current > current=`TZ=":America/Los_Angeles" date ` > echo $current > > And I get correct data. LA is 3 hours earlier. But doing this: > > current=`TZ=":America/Indianapolis" date +%s` > echo $current > current=`TZ=":America/Los_Angeles" date +%s` > echo $current > > I get the same data - its not 3 hours different. > > What am I not doing correct ? Check the man page for 'date'. %s is "seconds since 1970-01-01 00:00:00 UTC". Regardless of the time zone, the time in LA will still be the same number of seconds since Midnight, January 1st, 1970 in UTC as it was in Indianapolis. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing command line version of php for apache
On Feb 13, 2021, at 17:43, H wrote: > > But apache does not have a shell where I issue that command? And, a change > needs to survive a reboot. Perhaps it might help if you explained how the Apache user is running the commands? Cron job? Systemd service? The “scl” commands are used to run the alternative PHP, so how you run it is important. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On Thu, Feb 11, 2021 at 05:18:19PM +0100, Nicolas Kovacs wrote: > Le 11/02/2021 à 17:08, Simon Matter a écrit : > > But, I'm a bit shocked to find EPEL 8 in such a bad shape of brokenness > > and incompleteness > > I've come to the same conclusion. > > For the past couple years, my solution has been to use RHEL clones (CentOS and > Oracle Linux) on servers only (multi-user.target). > > I've moved all my graphical installations (workstation, laptops, desktop > clients) to OpenSUSE Leap + KDE. Its mostly fine if you use GNOME on RHEL/CentOS. They're packaged by Red Hat, they accept bug reports about issues and stuff like missing dependencies are worked out pretty quickly. In my experience, Red Hat doesn't do a ton of Desktop testing, they lean on Fedora ironing out all the bugs and lifting the fixes from there. Almost all of my bugs filed against desktop-related issues are either dropped as WONTFIX or are fixed when RHEL bumps their GNOME version to a newer release. For example: https://bugzilla.redhat.com/show_bug.cgi?id=1365967 It's too bad that RH doesn't really have much focus on Desktop/Workstation systems, because an enteprise workstation is actually a useful thing for people who need long term support (1-2 years at least) of a workstation. Ubuntu manages to do it, but unfortunately, most of our engineering software isn't supported on Ubuntu. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] el7 systemd service:: ensure var/log owner when User is specified
On Tue, Feb 09, 2021 at 07:21:40PM +0200, Adrian Sevcenco wrote: > Hi! Does anyone have an idea how can i (in a nice way [1]) to ensure > ownership/permissions of log directory in /var/log for a unit > that drops privileges to a user (with User=/Group=) > > [1] The ugly way being with script in StartPre and sudo in Start > so i want to use User= > I'm aware of LogsDirectory= but is not available on EL7 Running sudo in a systemd service seems like a bad idea and should be avoided. It'll require disabling the RequireTTY feature in the sudo configuration anyway. Newer versions of systemd support adding a + or ! at the beginning of the ExecStart= command to tell systemd to run with elevated privileges, so you could have: [Service] Type=oneshot User=testuser ExecStartPre=!mkdir -p /var/log/test ExecStartPre=!chown testuser /var/log/test ExecStart=/bin/sh -c 'date > /var/log/test/test.log' However, those features aren't introduced into systemd until ~v231 so it isn't in EL7. I think you will have to do something like: ExecStartPre=mkdir -p /var/log/test ExecStartPre=chown testuser /var/log/test ExecStart=su testuser -c 'date > /var/log/test/test.log' Just don't use sudo. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld - same source in different zones
On Mon, Feb 08, 2021 at 06:19:07PM +0100, Łukasz Posadowski wrote: > > > Hi. > > I have a little trouble with firewalld. I'm trying to open some ports > for monitoring server, but it's in the same network as "home" zone: > > Monitored host (192.168.111.60): > > lukasz @ strategie 17:52:19 ~ $ > -> sudo firewall-cmd --get-active > home > sources: 192.168.111.0/24 > (open ports 22, 80, 443) > monitoring > sources: 192.168.111.19 > (open ports: 5666) > public > interfaces: ens18 > (no open ports) > > --- > > Monitoring host (192.168.111.19): > > lukasz @ potemkin 17:57:25 ~ $ > -> telnet strategie.ping.local 5666 > Trying 192.168.111.60... > telnet: connect to address 192.168.111.60: No route to host > > lukasz @ potemkin 17:57:26 ~ $ > -> telnet strategie.ping.local 80 > Trying 192.168.111.60... > Connected to strategie.ping.local. > Escape character is '^]'. > ^] > telnet> Connection closed. > > --- > > I think there are conflicting rules on a monitored host, that: > - prevent access to 5666 from 192.168.111.0/24, > - give access to 5666 from 192.168.111.19 > and packets from potemkin are routed trough a home zone. > > I really would like to have dedicated "monitor" zone. Is there a way to > give "monitor" zone more priority, than "home"? I may end with OpenVPN > on potemkin and use 172.30.25.0/24 for monitoring, but, apart from > encryption aspect, it seems a little excessive. You can do it with rich rules, which have a priority. Basically, if you set priority to < 0, it goes into a _pre table which gets evaluated before the other zones: Blog about it: https://firewalld.org/2018/12/rich-rule-priorities Unfortunately, this was introduced in firewalld v0.7.0 which isn't in CentOS 7. I'm not sure if the functionality has been backported, but the firewalld.richlanguage man page on my c7 system doesn't mention it. It should work on CentOS 8+. Another solution is to set a direct rule, which is evaluated first. Lastly, its my experience that firewalld evaluates the configuration of zones lexically, so if the monitoring zone happens to sort (LANG=C) before the other zone, it'll be evaluated first. Don't trust that this behavior will always be the case. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Challenging times in trying to access oracle Linux documentation
On Feb 5, 2021, at 23:24, Frank Cox wrote: > We'll see discussion of Rocky Linux and Oracle Linux ramping up on this > mailing list over the course of the next year for the above reason. You can > stamp your little feet and say that such things don't belong here, or the > better option is to read what you're interested in and participate in the > discussions. Ignoring anything non-Centos and reading only Centos-specific > threads will likely be possible too if you really insist since a majority of > posters will probably put "Oracle" or "Rocky" or something like that into > their subject lines anyway. That’s a poor argument, you’re basically telling people that you can post about any topic unrelated to CentOS, and people can just read the CentOS related ones. 1.) you assume people will clearly label their off topic threads and 2.) as we’ve seen, those off topic threads often weave in and out of on-topic threads until a moderator tells you to take it to another venue. You’ll dilute the usefulness of this list to the point that it will be worthless for people who are interested in CentOS topics. You want a generic rhel clone list? Create one and post an announcement about it. If you want to talk about Rocky or Oracle Linux, use their lists. This list is for CentOS. I’m not thrilled with the direction CentOS is going, but I’m not going to poison the wells and salt the earth. The CentOS list has value for on topic conversation. > Again, Centos/Rocky/Oracle all share a similar-to-identical codebase, so most > of what's applicable to one will likely be applicable to all so I don't see > it as being a big deal. Perhaps there are going to be similar codebases, but the infrastructure and politics around each will vary widely. If you have a question that is codebase specific, then just ask it without talking about the distro it came from, but as soon as it becomes clear that it is infrastructure related, keep it on the appropriate list. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] msmilter doesn t start / Can't open PID file /run/MSMilter.pid
On Fri, Feb 05, 2021 at 03:13:18PM +0100, Ralf Prengel wrote: > > Hallo, > msmilter doesn t start. > Has anyone a hint for me? > I used this tutorial. > /run exists and selinux is disabled. Did you read the log output? (Also mentioned in the tutorial) It says you need to edit a file and add a line. I suggest giving that a try. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CESA-2021:0221 Important CentOS 7 sudo Security Update
On Wed, Jan 27, 2021 at 10:00:27AM -0800, Frank Liu wrote: > > Hi, > > Is there a reason why the update is not tagged as "security"? > > yum --security update sudo > ... > --> sudo-1.8.23-10.el7_9.1.x86_64 from updates removed (updateinfo) > --> sudo-1.8.23-9.el7.x86_64 from @base removed (updateinfo) > No packages needed for security; 1 packages available The CentOS repos have never included security metadata. yum-security is basically useless with the base CentOS repos (although they will pick up security repo metadata from EPEL if that is enabled). -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, Dec 08, 2020 at 11:15:04AM -0500, Rich Bowen wrote: > That page was never a contract. It's a web page published by an open source > project. Please do not misconstrue it as a contract. I don't think anyone seriously thought it was a contract. Open Source works largely on trust. Trust that the developers aren't going to intentionally harm their users, and the trust that those developers will provide a consistent product. Developers earn the trust of their users. Trust is the basic commodity for Open Source. That doesn't mean that open source providers always provide those things. There are many, many stories out there where upstream makes an abrupt change that their users dislike. And if you've broken that trust, end users are going to be wary of ever putting any more trust in the developers. Maybe the CentOS Stream thing will work out OK for everyone. But the way this was announced, there are a lot of people who have lost trust in CentOS and Red Hat. Changing the end of life for CentOS 8 has broken our trust in the project. I see a lot of promises that Stream will have better engagement with the community. Why would we trust these promises? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, Dec 08, 2020 at 10:28:30AM -0500, Phelps, Matthew wrote: > You have published a CentOS Lifecycle that states the EOL for CentOS 8 is > May 2029. (c.f. https://endoflife.software/operating-systems/linux/centos). > CentOS Stream *is not* CentOS 8. > > This announcement is a breach of that trust with your community, and could > be construed as a breach of contract with your users. > > Save this change for CentOS 9. Don't worry, it's been fixed. :/ https://git.centos.org/centos/centos.org/c/add15d276da60481d018d414493c8f5d4e630c16?branch=master diff --git a/_includes/centos-linux-download.html b/_includes/centos-linux-download.html index 4e8ce7f..63c5bd8 100644 --- a/_includes/centos-linux-download.html +++ b/_includes/centos-linux-download.html @@ -53,7 +53,8 @@ -31 May 2029 +31 December 2021 https://blog.centos.org/2020/12/future-is-centos-stream/";>* -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange RPM dependency observed in CentOS 7
On Tue, Dec 08, 2020 at 02:54:03PM +0100, Walter H. wrote: > Yes, then the interesting question, how can I make use of these > GeoIP-features when > doing these e.g. > > nslookup 200:470:17:55::1 > nslookup 222.10.10.1 > nslookup www.centos.org > host www.centos.org Looking at the source, it looks like the geoip-related functions are only called in the 'named' code and the libdns library. I don't see any features in dig, host or nslookup for looking up countries based on IP. However, the GeoIP package has a 'geoiplookup' command that looks up a country from an IP. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange RPM dependency observed in CentOS 7
On Tue, Dec 08, 2020 at 02:33:01PM +0100, Walter H. wrote: > can someone explain, why the two packages > - GeoIP > - geoipupdate > are needed when installing the bind-utils package? The bind-utils package requires 'libGeoIP.so.1()(64bit)', which is provided by the GeoIP package. The GeoIP package requires 'geoipupdate', which is provided by the geoipupdate package. % rpm -q --requires bind-utils|grep GeoIP libGeoIP.so.1()(64bit) % rpm -q --requires GeoIP | grep geoipupdate geoipupdate GeoIP provides a C library and a lookup tool to look up countries from an IP address. The bind-utils executables are all linked against libGeoIP.so.1, so I assume they use some functionality from that library. /usr/bin/geoipupdate is a tool to update the data files in the GeoIP package. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade OpenSSH version to the latest stable version on CentOS Linux release 7.9.2009 (Core).
On Dec 1, 2020, at 00:49, Peter wrote: > > On 1/12/20 4:04 pm, Kaushal Shriyan wrote: >> I am running CentOS Linux release 7.9.2009 (Core). Is there a way to >> upgrade OpenSSH version openssh-7.4p1-21.el7.x86_64 to the latest stable >> version openssh-server 8.4 using yum repositories or rpm binaries? > > No, 7.4p1-21 is the most recent up to date version in CentOS 7. See > https://access.redhat.com/security/updates/backporting/ for more info. Perhaps it would help to explain why you need the 8.4 release? I’d there a feature you need not in the version in C7? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Physical position of swap partition on the disk
On Mon, Nov 30, 2020 at 03:22:45PM +0100, Walter H. wrote: > is there a rule that says that the order of the partitions in the partition > table corresponds to the order of them itself on disk? > > no. > > keep in mind, that the order on disk can be something different then the > order in the partition table; No, but if my linux distro created out of order partition sequences on initial install I'd throw it in the trash. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Physical position of swap partition on the disk
On Nov 30, 2020, at 02:35, Nicolas Kovacs wrote: > > Yesterday while installing a fresh CentOS server, I wondered how big of a deal > the physical position of the swap partition on the disk is. > > Here's an example of a simple MBR partitioning scheme on a legacy BIOS machine > with a 60 GB SSD: > > * /dev/sda1: 500 MB /boot ext2 > * /dev/sda2: 4 GB swap > * /dev/sda3: 55 GB / ext4 > > In the old (Slackware) days, I created the partitions manually using fdisk. > > Now when I do something similar in Anaconda, I have to reason in terms of > mount > points. So in a similar order I create the /boot partition, the swap partition > and the root partition. > > What happens here is that Anaconda will always invert the root and swap > partitions and put the swap partition at the end of the disk. So my setup > looks > like this: > > * /dev/sda1: 500 MB /boot ext2 > * /dev/sda2: 55 GB / ext4 > * /dev/sda3: 4 GB swap > > I'd be curious to know what's the reason behind this, and if this kind of > configuration detail is really significant. When most of us had storage on rotational storage, the fastest, lowest latency access was close to the physical center of the disc, which corresponds to the start of the disk. You’d want swap to be highly responsive in case it was used for active processes. Now, SSDs don’t have the same physical characteristics, so it doesn’t matter. Also, cloud storage and virtual machines don’t even have real hardware. The partitioning is handled by different code starting in el7, and this seems to be the logic built in. I feel like it was written to assume that root and swap are on LVM. When it comes to resizing file systems, it might make sense to put the root ext4 at the end of the disk, so it is actually counterproductive to put swap at the end. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacing SW RAID-1 with SSD RAID-1
On Tue, Nov 24, 2020 at 12:18:57PM -0700, Warren Young wrote: > ZFS is ready today. I disagree. It is ready today only if you are willing to abandon Linux entirely and switch to BSD, or run a Linux distro like Ubuntu that is possibly violating a license. 3rd-party repositories that use dkms can be dangerous for a storage service, and I'd prefer to keep compilers out of my servers. I'm not willing to move away from CentOS and am ethically bound not to violate the GPL. I would say that unless the ZFS project can fix their license, then it would be ready for Linux. At least with Stratis, there's an attempt to work within the Linux world. I'm excited to see Fedora making btrfs as the default root filesystem, too. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Xorg --configure
On Mon, Nov 23, 2020 at 09:27:21AM -0600, Michael Hennebry wrote: > > I'm currently running Centos 8 off an SD card. > It, unlike F32, lets me use my monitor's full 1440 x 900. > > Both seem to use defaults and EDID, > but F32 gets it wrong and saddles me with 640 x 480 > when I can find the incantation to have it run at all. > The configuration files and directories I can find are pretty much empty. > > How do I add --configure to the Xorg command line? > 'Tis my understanding that would generate > a configuration file that I could port to F32. Are you sure it isn't dropping to basic VGA or VESA driver because the video card isn't supported in Fedora? Can you change the resolution through the control panel or xrandr? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Desktop Over NFS Home Blocked By Firewalld
On Nov 20, 2020, at 14:31, Michael B Allen wrote: > > Well I've managed to resolve the issue but I'm not entirely satisfied > with the solution. Apparently firewalld and iptables are at least > partially mutually exclusive such that changes to iptable have no > effect. That’s not strictly true, at least with firewalld and iptables. You added the iptables rule with -A (append). The firewalld rules add jump rules to the input table and your rule simply was never reached, because traffic was blocked in one of the earlier rules. This would be the case in any complex iptables config too. Had you really wanted to test something with iptables, use -I (insert) which puts it at the front of the rules. Obviously, the best thing to do is to use firewalld tools with firewalld. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel RST RAID 1, partition tables and UUIDs
On Sun, Nov 15, 2020 at 07:49:09PM -0500, H wrote: > > I have been having some problems with hardware RAID 1 on the > motherboard that I am running CentOS 7 on. After a BIOS upgrade of > the system, I lost the RAID 1 setup and was no longer able to boot > the system. The Intel RST RAID (aka Intel Matrix RAID) is also known as a fakeraid. It isn't a hardware RAID, but instead a software RAID that has a fancy BIOS interface. I believe that the mdadm tool can examine the RAID settings, and you can look at /proc/mdstat to see its status, although from what I remember from previous posts, it's better to just let the BIOS think it's a JBOD and use the linux software RAID tools directly. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update security updates only
On Nov 13, 2020, at 19:01, Eric Chennells wrote: > > Frank, > > Interesting thank you I didn't realize that. It used to be supported I > believe, and there is a lot of out of date 3rd party documentation floating > around google that suggests it does. > > Well it's just that many enterprises have policies which state that only > security updates should be installed, which I suspect is exactly why that > feature is no longer supported.. I don’t believe CentOS has ever supported it in any of the supported releases, although repos like EPEL do provide security metadata. RHEL supports the security flag to yum update, because they curate their repo metadata with that data, but it isn’t available to CentOS users. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run firefox via an ssh tunnel
On Thu, Nov 12, 2020 at 03:21:02PM -0500, Jonathan Billings wrote: > yum --setopt='proxy=socks5://localhost:8000' update It occurs to me that my private networks have working DNS, so if yours doesn't, you should use: yum --setopt='proxy=socks5h://localhost:8000' update (note the extra 'h' in the URI scheme) This means that the DNS lookups happen on the other side of the proxy, so the yum command doesn't need to do any DNS lookups. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run firefox via an ssh tunnel
On Thu, Nov 12, 2020 at 03:21:02PM -0500, Jonathan Billings wrote: > What part? For the first part, either define 'DynamicForward 8000' in > a Host section in ~/.ssh/config, or run 'ssh -D 8000 hostname' to set > it with command line options. Then just set your SOCKS5 proxy > settings in Firefox to localhost:8000. (I'm just using port 8000 as > an example here, it can be any unused port above 1024 for regular > users.) If you need a full tunnel (and not just HTTP) and don't have a VPN server, but you do have an SSH connection, I heartily recommend the tool 'sshuttle' (https://github.com/sshuttle/sshuttle, in EPEL). It requires root locally but not on the remote side. Then you can just use firefox without messing with proxy settings or anything. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run firefox via an ssh tunnel
On Thu, Nov 12, 2020 at 10:02:57AM -0700, S Bob wrote: > On 11/12/20 7:50 AM, Jonathan Billings wrote: > > If this is actually something you want to do with regularity, I > > suggest using the SSH SOCKS proxy (with the DynamicForward port), and > > configure Firefox to use the localhost:port as a SOCKS5 proxy. Then > > all traffic in firefox will be routed over the ssh connection. It > > won't break SNI and for the most part, everything will work in firefox > > as if you were connecting from the remote side of the connection. > > > > It works with yum and dnf too, where you can use RemoteForward to set > > up a proxy port on the remote side, set the 'proxy' settings in the > > configuration, and all yum/dnf traffic will go over the established > > SSH connection. Why would you do this? Well, if you've got a system > > that's sitting inside a private, not NAT'd network and your > > workstation/jumphost has a VPN enabled but you don't have it enabled > > on the remote side, you can update a system without doing a lot of > > complicated network magic. Now imagine using Ansible to do this, > > which is already setting up SSH sessions... > > > Sounds interesting, can you point me to any examples / how to's to set this > up? What part? For the first part, either define 'DynamicForward 8000' in a Host section in ~/.ssh/config, or run 'ssh -D 8000 hostname' to set it with command line options. Then just set your SOCKS5 proxy settings in Firefox to localhost:8000. (I'm just using port 8000 as an example here, it can be any unused port above 1024 for regular users.) For the second, it's largely the same thing, except you'd use 'RemoteForward 8000' or 'ssh -R 8000 hostname' with the command line, and on the remote side, set 'proxy=socks5://localhost:8000' in the yum.conf or dnf.conf, or set it on the command line with: yum --setopt='proxy=socks5://localhost:8000' update (replace 'yum' with 'dnf' for c8) If you are curious if it is actually doing anything, add a -v to your ssh connection and it'll send debugging information to your terminal, and you'll see each proxied connection from yum/dnf. For ansible to use it, you'd set 'ssh_connection' in your ansible.ini to have the extra -R option, and then deploy a yum/dnf config that uses the proxy. I've found this useful for managing some systems on our campus that are on a private LAN but are routed to campus only, so they can't reach 'the world' but my computer can. I would still recommend that people run their own private mirror if they are running their own private cluster but this is useful in a pinch. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] crontab query
On Wed, Nov 11, 2020 at 10:35:48AM -0600, Frank M. Ramaekers Jr. wrote: > > I need to schedule a process/program every hour on the hour between 9am and > 4pm on the 2nd through the 9th of each month except on Saturday and Sunday. > So, I tried this entry: > > 0 9-16 2-9 * 1-5 ./myprog.sh > > Unfortunately it runs outside of the 2nd through the 9th and still runs on > Sat. through Sun. > > Is there a way to do this (outside the program itself)? From the crontab(5) man page: Note: The day of a command's execution can be specified in the follow‐ ing two fields — 'day of month', and 'day of week'. If both fields are restricted (i.e., do not contain the "*" character), the command will be run when either field matches the current time. For example, "30 4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday. So it looks like it is going to run either time. A systemd timer might be able to be more exclusive, but parsing the 'systemd.time' man page makes my head hurt. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 vncserver
On Thu, Nov 12, 2020 at 09:12:42AM -0500, Jerry Geis wrote: > > I am trying to get vncserver working on CentOS 8. Fully updated. > > On the console - logged in as a normal user I run: > export DISPLAY=:0.0 > xhost + > /usr/bin/x0vncserver -display :0 -rfbport 5901 -passwordfile > /home/silentm/.vnc/passwd > > I get this error: > Invalid MIT-MAGIC-COOKIE-1 key/usr/bin/x0vncserver: unable to open display > ":0" > > Based on the error I changed the DISPLAY=:0 and tried again - but same > error. > > Am I doing something wrong? I dont really need this to start as a service > was just trying to start by hand. Is there an X11 server running, listening on display :0.0? It sounds like you said you logged in on the console, that sounds like you aren't running X yet, but are at the text console. If you want to run vncserver, I suggest using the xvnc@.service included in the package: https://git.centos.org/rpms/tigervnc/blob/c8/f/SOURCES/xvnc.service There are instructions in the comments. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run firefox via an ssh tunnel
On Thu, Nov 12, 2020 at 12:56:15PM +, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote: > > If the point is to access a specific web site only the remote > machine can get to, you can also do it with port forwarding: > ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine > and then locally run any browser, and access > https://localhost:443 > (assuming it's https. If it's plain http, use "http" and 80). Note > that you'll be breaking some aspects of https security such as > man-in-the-middle protection and perhaps others, and you'll need to > accept some security exceptions. > > This will be useful if the point is to get to a web site only only > the remote machine can connect to, but all the browser code/plugins > will be the local ones. If this is actually something you want to do with regularity, I suggest using the SSH SOCKS proxy (with the DynamicForward port), and configure Firefox to use the localhost:port as a SOCKS5 proxy. Then all traffic in firefox will be routed over the ssh connection. It won't break SNI and for the most part, everything will work in firefox as if you were connecting from the remote side of the connection. It works with yum and dnf too, where you can use RemoteForward to set up a proxy port on the remote side, set the 'proxy' settings in the configuration, and all yum/dnf traffic will go over the established SSH connection. Why would you do this? Well, if you've got a system that's sitting inside a private, not NAT'd network and your workstation/jumphost has a VPN enabled but you don't have it enabled on the remote side, you can update a system without doing a lot of complicated network magic. Now imagine using Ansible to do this, which is already setting up SSH sessions... -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run as root on reboot
On Oct 28, 2020, at 19:58, david wrote: > > Alas, I think rc.local has become irrelevant with systemd, which is most > Linux distros is the way forward. I suggest running: systemctl cat rc-local.service The trick is to make the /etc/rc.d/rc.local file executable. However, honestly, what you are asking for should be to create your own systemd service to launch on boot. Systemd service units are trivial to write. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] @Microknoppix
On Mon, Oct 26, 2020 at 12:35:33PM -0500, Michael Hennebry wrote: > Normally I run Centos 7, > but I accidently booted a German Knoppix OS. > I'm back to Centos 7, > but now my LXterms all have hennebry@Microknoppix on top. > WTF? How did that happen? > How do I fix it? > How do I make it not happen again? > What other trouble should I be looking for? > > I opened a couple LXterms, > looked at man pages and ran xrandr as root a few times. > Also I ran shutdown a couple times. > That's it. > I'm rather annoyed at the result. > I'm pretty sure Knoppix had to change > something it should not even have known about. Your Knoppix boot probably pushed a dynamic DNS update via DHCP to whatever hands out local DNS names on your LAN and now your local IP is resolving to that name. You probably need to update your hostname if you want it to be something else. dhclient (the DHCP client in CentOS 7) can also send dynamic dns updates when configured. (Look in the man page for dhclient.conf, I believe it is do-forward-updates.) -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 78 under CentOS 6 -- no sound?
On Mon, Oct 26, 2020 at 01:21:10PM +0100, Leon Fauster via CentOS wrote: > > Am 26.10.20 um 12:45 schrieb Jonathan Billings: > > On Oct 23, 2020, at 14:45, Leon Fauster via CentOS > > wrote: > > > Mozilla released version 68.12.0, on August 25, 2020 -> > > > https://www.mozilla.org/en-US/firefox/68.12.0/releasenotes/ > > > > > > RH has an ELS phase - if it gets fixed then only for paying customers. > > > > Amazingly it appears that Red Hat has released another Firefox: > > > > https://access.redhat.com/errata/RHSA-2020:4330 > > <https://access.redhat.com/errata/RHSA-2020:4330> > > > > and - sound issues fixed? I don't know. The changelog doesn't indicate anything about sound issues, just security fixes. Its unlikely that anything but security fixes are being tracked anymore. I don't have any CentOS6 systems left to test it on. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 78 under CentOS 6 -- no sound?
On Oct 23, 2020, at 14:45, Leon Fauster via CentOS wrote: > Mozilla released version 68.12.0, on August 25, 2020 -> > https://www.mozilla.org/en-US/firefox/68.12.0/releasenotes/ > > RH has an ELS phase - if it gets fixed then only for paying customers. Amazingly it appears that Red Hat has released another Firefox: https://access.redhat.com/errata/RHSA-2020:4330 -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache HTTPD not picking up environment variables.
On Fri, Oct 23, 2020 at 04:27:34PM +, Harold Pritchett wrote: > I'm trying to install DB2 on a CentOS 7 server. The problem I'm > seeing is that the Apache httpd server fails to pick up the db2 > environment variables. On an older version running under CentOS 5 > this was done by inserting the following lines into the httpd start > script in /etc/sysconfig/httpd: > > if test -f /db2home/db2inst1/sqllib/db2profile; then > . /db2home/db2inst1/sqllib/db2profile > fi > > Under CentOS 7's systemctl system this no longer works. I need a > clue as to where to start looking for where to put this so it will > be sourced when the Apache server starts. I have googled this and > can find nothing relevant. I even did a "find / -name httpd -print" > and didn't find anything looking promising. In non-systemd systems, httpd was started by a shell script (/etc/rc.d/init.d/httpd) which sourced the file /etc/sysconfig/httpd, so you could embed shell code in the file and it would be evaluated. In systemd systems, the httpd.service unit has: EnvironmentFile=/etc/sysconfig/httpd For systemd units, setting this will cause the systemd unit to read in the file for variables, but it ignores anything that isn't a simple 'foo=bar' syntax. It doesn't evaluate shell scripts. HOWEVER, the logic of your shell script is something that can be supported by systemd units. You can say: EnvironmentFile=-/db2home/db2inst1/sqllib/db2profile and it will only try to source that file for variables if it exists. So, what you should do is create a directory and file within it called: /etc/systemd/system/httpd.service.d/override.conf With these two lines in it: [Service] EnvironmentFile=-/db2home/db2inst1/sqllib/db2profile Then run (as root) 'systemctl daemon-reload', and it should conditionally load the environment variables on startup from that file if the file exists. This assumes that /db2home/db2inst1/sqllib/db2profile doesn't have more shell syntax in it, of course. See for more details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile= -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 78 under CentOS 6 -- no sound?
On Tue, Oct 20, 2020 at 12:56:38PM -0400, Yves Bellefeuille wrote: > Akemi Yagi wrote: > > > This issue? > > > > https://bugs.centos.org/view.php?id=17767 > > This is a huge bug! Using Firefox to watch videos is a basic activity. > > The bug with grub2 a few months ago was even more serious: it made > systems unbootable. It's discomfiting to see two major bugs so close > to each other. I'm less concerned with firefox being broken on 32-bit CentOS 6 systems when the platform is only going to live for another month. Frankly, I'm glad to see flash die just a little earlier. It's not really comparable to the terrible EFI/shim issue that happened, which was terrible for servers and workstations that can't be reached remotely because they're wedged in the boot, especially in these times when a lot of people are WFH. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox 78 under CentOS 6 -- no sound?
On Sat, Oct 17, 2020 at 10:26:50PM -0500, Robert Nichols wrote: > On 10/17/20 3:38 PM, Robert Heller wrote: > > I did a yum update on my CentOS 6 laptop and it upgraded Firefox to 78, and > > FF stopped seeing my mic and speakers. Is there some magic I need to do? > > As > > a short term (?) fix, I downgraded back to Firefox 68. My system is > > otherwise > > up-to-date. > > I'm seeing the same problem (I'm not using any mic) on several CentOS 6 > systems. > I posted about it here back on Sept. 29. > https://lists.centos.org/pipermail/centos/2020-September/351667.html > > Downgrading, and excluding the 78.3.0-1 from yum is my workaround. Well, the good news is you have over a month to migrate away from CentOS 6, which goes end of life at the end of November, 2020. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] system sounds
On Oct 13, 2020, at 23:03, R C wrote: > > been playing around a bit and noticed: > > > When I login as root, gnome, all the system sounds seem to be working. > > When I log in as a regelur user, the system sounds do't. So I guess it must > be a permissions issue somewhere that happened during/after the last update? I didn’t know it was even possible to use GNOME as root. It certainly is a terrible idea. It’s possible that the regular user not being able to use sounds might be an artifact of running GNOME as root, some permissions somewhere broken or a configuration file removed. You need to take a look at the systemd journal to see what errors pulseaudio is getting when you log in as the user. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mail server troubles
On Fri, Oct 09, 2020 at 02:23:20PM -0500, Valeri Galtsev wrote:
> Not for my users, thank you. My authenticated users send whatever they want
> without any filtering, scoring, scanning for virii (that is Latin plural for
> virus).
It might interest you to know that the plural for 'virus' is
'viruses'. The latin word it was derived from was a neuter term, so
you might say 'vira', but since it was derived from what meant
'poison' (like the word virulent) there wasn't really a plural used.
Also, the Romans hadn't figured out Germ Theory yet so they didn't
know it was composed of multiple small entities. Also, the word
'Viri' is the plural of the masculine word 'Vir' for 'Male human', so
it is confusing. ('vir' used in the words 'triumvir' or 'virile' /
'virility')
Chuck 'virii' in the bin with words like 'octopi'.
--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SEcontext setting failure on an external harddisk
On Oct 8, 2020, at 15:22, H wrote: > > I tried moving a PosgreSQL database to an external harddisk due to lack of > space on the main harddisks. Not the ideal solution of course but it should > work. However, on CentOS 7 the external harddisk is mounted under /run/media > and the user. I copied the postgresql database directory and made sure it is > owned recursively by postgres, changed the necessary settings in both the > systemd unit and the conf file. I don’t believe that the volume will be mounted on boot in /run/media, that is for storage mounted by a user logged at the console. It would make more sense to set up a systemd .mount and .automount unit for the device and mount point (someplace outside of /run, such as /srv/mountpointname). Then set up the labels correctly. You need to use a file system that supports extended attribute if you want it to work with selinux, so XFS or ext4. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Invisible files and disk space
On Thu, Oct 08, 2020 at 12:31:34PM -0400, cent...@foxengines.net wrote: > find / -maxdepth 1 -xdev -type d | while read; do du -shx $d; done If you want to use du to find sparse files, add --apparent-size. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to solve missing net-snmp-perl?
On Tue, Oct 06, 2020 at 01:56:56PM +, Andre Herms wrote: > Since Centos 8.2 the net-snmp-perl RPM seems missing. For what its worth, net-snmp-perl isn't available any RHEL8 channels either. I suspect this is another one of those packages that aren't in CentOS because they aren't in RHEL. (Disclaimer: I don't know one way or the other, just checked on my RHEL8 system to see if I could install it, and I can't) -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] No sound after latest Firefox update (firefox-78.3.0-1.el6.centos.x86_64)
On Thu, Oct 01, 2020 at 04:01:29PM -0400, mailist wrote: > The Ubuntu-derived distros are much better suited to desktop. I run several > of them, as well as > CentOS 7 and 8. Ubuntu, Kubuntu (Ubuntu with KDE), Lubuntu, Debian, PopOS, > and Zorin. They all use systemd. If you're running CentOS 6 to avoid that, you're out of luck. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to restore deleted directory/files
On Wed, Sep 16, 2020 at 10:00:05PM +0800, qw wrote: > > Thanks for your advice. I will try the tools. > > > I also found the article about how to create and mount image. > > https://midnightprogrammer.net/post/create-mount-and-unmount-img-files-in-ubuntu/ > > > The article says, the image file created by dd should formated in > ubuntu. > > > For Centos, should I format the image file before mounting it as > virtual read-only disk? You generally don't want to mount it at all, it won't help you recover anything. The article is for creating a fresh, unformatted disk image and mounting it via the loopback. Since this image is already formatted, you'd just be deleting data by formatting it. Anyway, you don't generally need to mount anything if you're using photorec or similar tools. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to restore deleted directory/files
On Wed, Sep 16, 2020 at 07:21:08PM +0800, qw wrote: > I remove one directory by running rm -fr ./some-dir. How to restore > the directory and its files in the directory? If you don't have backups, then you're pretty much out of luck. Don't forget to back up any data that is important, and test your backups regularly! Depending on the filesystem, there might be ways to recover it, but the first thing you need to do is stop using the disk the files were on. Power it off. There are some tools that you can use to recover it, but it's not 100% effective. If it's very important and you are willing to spend money, there are data recovery services that might be able to extract the data. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with x2go
On Sep 15, 2020, at 19:32, Jack Bailey via CentOS wrote: > > This is not the answer to your question, but if this is a new install and not > an existing installation, consider NoMachine <https://www.nomachine.com/>. > It's free and so much better than x2go it's hard to even compare the two. It is “free” only for noncommercial use. It isn’t open source. https://www.nomachine.com/faq If you want to try something else, take a look at xpra (http://xpra.org/). It’s in EPEL8. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to Migrate Wordpress Website from 32-bit CentOS Linux 6.3 to 64-bit CentOS Linux 8.2 (2004)
On Mon, Aug 31, 2020 at 01:31:19PM +, Turritopsis Dohrnii Teo En Ming wrote> SECTION 4 Disable SELinux (Security Enhanced Linux) > === > > You MUST disable SELinux, otherwise Apache web server will not work. > > If you DO NOT want to disable SELinux, you must be an expert in SELinux to > configure SELinux. > > # nano /etc/selinux/config > > SELINUX=disabled > > # reboot Stop posting these terrible instructions to the list! This is terrible advice and should not be considered. Wordpress is such a huge vector for attacks, you need SELinux protecting your system. You don't need to be an expert, and people posting misleading information only makes more people think so. > SECTION 5 Disable firewalld Software Firewall > = > > Because already protected by Fortigate firewall at the perimeter. > > # systemctl disable firewalld > > # reboot Also terrible advice! That's just the case for your weird corner case. I looked at more of this post, and was amazed by the amount of cargo-cult apache configuration advice that's listed. mod_perl *and* mod_php? Each httpd must be huge! Why are you even posting this to a public list? Use your blog for this kind of thing. I know you have one, you post it repeatedly to random lists. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EL8: SElinux / dac_override / tmpwatch
On Aug 28, 2020, at 17:53, Leon Fauster via CentOS wrote: > > Is cron running in EL8 with stripped CAPs of? Does some one have an > idea to address this? In general, we no longer use tmpwatch at all. In CentOS 7 and 8, use systemd-tmpfiles. Here is a blog post that describes it pretty well: https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/ -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Laptop and NFS homedir
On Wed, Aug 26, 2020 at 12:08:56PM +0100, isdtor wrote: > Are there any documented best practices for using NFS home > directories on laptops? Right now, and this is on CentOS 7, when I > disconnect the machine from the network, the desktop freezes, and I > can't even tell if the machine switches to the wireless network. If > this sort of adapter switching, which is standard in e.g. Windows > 10, is even supported. I'd say: Don't do it. NFS does not handle disconnected operations well, nor does the client handle IP migrations well. You'd have to restart the client to get it to work, most likely, and processes that are living in $HOME would need to be killed before you could unmount it. There is some effort being made in making fscache work with NFS but I've not had much luck in CentOS7 or 8. It still wouldn't help with IP roaming. Best advice I can offer is to make $HOME local but have symlinks into NFS for directories that can be safely unmounted and remounted. Windows doesn't really have network home directories like UNIX does, and their SMB client handles IP roaming better. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mock config error
On Aug 24, 2020, at 16:48, m...@tdiehl.org wrote:
>
> Also, I am trying to add a dist tag to rpms that I build in mock.
> In the epel-7 configs I do something like the following:
> config_opts['macros']['%dist'] = '.el7.tnt' to get a dist tag on the
> rpms. In epel/centos 8 this does not work.
>
> If I run "mock --debug-config epel-8-x86_64"
> I see '%dist': '.el8.tnt'} in the output but the rpm name does not have the
> el8.tnt tag in the name.
>
> Below is what I actually get:
> (vgeppetto3 pts19) $ ll
> /var/lib/mock/epel-8-x86_64/result/centos-release-8.2-2.2004.0.1.el8.1.x86_64.rpm
> -rw-r--r--. 1 mock mock 20404 Aug 24 13:32
> /var/lib/mock/epel-8-x86_64/result/centos-release-8.2-2.2004.0.1.el8.1.x86_64.rpm
> (vgeppetto3 pts19)
>
> I have the following in the spec file:
> Release:%{centos_rel}.0.1%{?dist}.1
>
> Does anyone know how to apply a dist tag in the epel-8 mock configs?
>
> Is mock documented anywhere besides the src code? I cannot find any
> documentation that explains what actually needs to be in a mock
> configuration file or in this case how to specify my own dist tag.
Hello,
It seems that the OpenSUSE mock configs[1] use the same syntax. I wonder if
you need to invoke mock in a specific way to not override the macro?
1.
https://github.com/rpm-software-management/mock/blob/master/mock-core-configs/etc/mock/opensuse-leap-15.2-x86_64.cfg
--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mock config error
On Aug 23, 2020, at 12:07, m...@tdiehl.org wrote: > > Hi, > > I am trying to create a mock configuration file that points to my local dnf > repo. > I have the following in the mock config template: > > [local-repo] > name=my-Local > baseurl=http://yumrepo.example.com/yum-repository/local/centos/8/x86_64/ > failovermethod=priority > skip_if_unavailable=False > > When I try to run mock I get the following error: > > (vgeppetto3 pts18) $ mock -v -r epel-8-x86_64 > /home/mock/rpmbuild/SRPMS/centos-release-8.2-2.2004.0.1.el8.1.src.rpm > > File "", line 238 > >baseurl=http://yumrepo.example.com/yum-repository/local/centos/8/x86_64/ > >^ > SyntaxError: invalid syntax > > ERROR: Error in configuration > (vgeppetto3 pts18) $ > > I copied the url out of a yum repo file I am using that works with dnf on a > centos 8 machine. > > Can someone tell me what I am doing wrong? I assume you added the yum repo after a line that looks like this: config_opts['dnf.conf'] += """ And before a line that looks like this: “”” -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 shim fix failed
On Tue, Aug 04, 2020 at 10:54:50AM -0700, david wrote: > Yum got up to the point: > > Running transaction > Installing : kernel-3.10.0-1127.el7.x86_64 1/1 > > at which point the process appeared to hang. No further output happened for > five minutes. I opened a different terminal and entered "shutdown -r now". > The result is an unbootable system. > > > What did I do wrong? I must admit that there are multiple copies of advice > on the mailing list, so perhaps I followed the wrong one? Your system was most likely rebuilding the initrd, and you interrupted it leaving you with a broken initrd. Try booting off a rescue disk and chroot into the install, and run: dracut -f -v to regenerate all the initrds. Also, you don't need to reinstall the kernel but just do a 'yum update' to get everything up to the latest release. The shim package with the fix is the latest. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot failed on latest CentOS 7 update
On Aug 2, 2020, at 14:43, Pete Biggs wrote: > You don't have to use UEFI secure booting - most machines can fall back > to legacy booting using BIOS settings. If you do that, you won't use > any Microsoft signed code. Back in 2017, Intel said that it was going to deprecate the “Legacy” CSM by 2020. They might have changed their schedule but I suspect we’ll start seeing hardware without anything but UEFI. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenJDK vulnerability and best way to find status of package that remediates vulnerability for CentOS
On Fri, Jul 31, 2020 at 12:04:52AM +, Boushy, Phillip wrote: > 1. Is there a 11.0.8 update for java-11-openjdk-devel available for > CentOS 7? No, but it's in the process of being built and distributed. It's been released in RHEL and I suspect the GRUB2/shim/kernel security issue is taking some priority right now. > 2. Is there a page like Ubuntu's CVE Tracker site where it shows the > CVE, the package name, and the status > (e.g. > https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14578.html) Red Hat (CentOS's upsream) posts advisories for these sorts of things: https://access.redhat.com/errata/RHSA-2020:2969 This is the security advisory for this package. > 3. If 2 is no, How can I look up the status of a package that has > been released by upstream on CentOS? (e.g. it's been released in > Upstream, it's available in CentOS, it's pending backport for CentOS > 7) As I mentioned earlier, the Red Hat errata site is a good place to look. You can search for CVEs there too. There's also a RHSA-Announce mailing list if you'd prefer that they end up in your mailbox: https://www.redhat.com/mailman/listinfo/rhsa-announce -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tmpfs / selinux issue
On Jul 25, 2020, at 07:20, Leon Fauster via CentOS wrote: > > I wonder about the "remount" and the comm="ostnamed". > > I do not found any ostnamed application, the closest is hostnamed. You don’t happen to have snapd installed, do you? I can see several bugs posted related to snapd and selinux failures similar to that. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Force package install using yum?
On Jul 1, 2020, at 05:25, Jeffrey Walton wrote: > > /opt/rh/httpd24/root/etc/httpd/logs The rpm is complaining that cpio can’t extract this path. Is it supposed to be a link but now it’s a directory? -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php 5.6 on CentOS 6
> On Jun 21, 2020, at 16:38, Valeri Galtsev wrote: > This my reply is not intended for the OP, as he stated he will not listen > about End Of Life of of PHP 5. Just in case anybody comes across this thread, > please read what is written on the page referred to by Alexander Dalloz: > > >> PHP 5.6 is EOL. https://www.php.net/supported-versions.php If you are using the packages PHP packages in CentOS and keep your OS up to date, you can disregard this. > This in plain English language says that php 5 is not supported by vendor > since Jan 1 2019, i.e. almost a year a a half now. This means that PHP > development team does not release security patches, and even though RedHat > "backports" patches to older versions, difference in internals between PHP > version 5 and version 7 is quite significant, so you should not assume that > even if RedHat team still backports security patches for issues discovered in > version 7, you are safe: there may be still be issues in version 5 which by > no means are discovered by anyone. > > This boils down to one thing. If you still have anything using PHP version > 5.[any] you should migrate this to PHP version at least 7.2. You ideally > should have done that before Jan. 1, 2019. > I hope, this helps somebody. > > By no means I meant to question the brilliant job RedHat does backporting > (taking my hat off and bowing to RedHat here). However, as I said, there may > be bugs in PHP 5 that will not be relevant to PHP 7, hence there is nothing > to backport to fix them. I realize you are out of touch with how CentOS packages (and RHEL packages they’re built from) are handled, since you’ve decided to stop using it and move to FreeBSD, but this is how Red Hat backports fixes to php and other enterprise software: https://access.redhat.com/security/updates/backporting So if someone is coming across this thread, know that if you are using the supported PHP packages in CentOS’s repositories, security fixes are backported, and if security issues are identified in the version in RHEL, they’ll issues fixes during the lifetime of the release. So, in CentOS 7, expect the php 5 packages to be supported for a couple more years, despite all the gnashing off teeth of the PHP upstream developers. If you plan on starting a new project, definitely start with php 7. But if you have concerns about an existing 5.x codebase, as long as you are keeping your OS up to date, you have some time to migrate. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/networks file
On Jun 14, 2020, at 19:55, Jay Hart wrote: > > I am having some network connectivity issues that manifest itself through > ping, wget, dnf, etc. > The symptoms are intermittent ability to ping, was wget, or connect to > repositories. > > Where this inquiry is going is: If your internal network is using 192.168.1 > or 10..50.10, what > should be in /etc/networks. > > My current file contains: > > default 0.0.0.0 > loopback 127.0.0.0 > link-local 169.254.0.0 > > And I'm pretty sure this is the default OS installed contents. > > I don't think this is related to my connectivity issue, just curious about > what this file does. > > My old server (which is working just fine) has the same content in its > /etc/networks file so not > configuring this does not seem to matter one way or the other. These are CentOS systems, aren’t they? CentOS doesn’t configure networking with /etc/networks. The files they use are in /etc/sysconfig/network-scripts/ifcfg-*. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld / iptables / nftables
On Tue, Jun 09, 2020 at 02:19:17PM +0200, Leon Fauster via CentOS wrote: > > Despite that the migration of our applications comes with a significant > workload. It seems that also every aspect of common services had changed > with EL8. > > In EL8 firewalld uses nftables as backend. I wonder why iptables does not > list any rules while also configured to use nftables as backend. > > # iptables -V > iptables v1.8.2 (nf_tables) > > > # firewall-cmd --list-all |egrep -o '22|ssh' > ssh > > # nft list ruleset | egrep -o '22|ssh' > ssh > > # iptables -L -n | egrep -o '22|ssh' > > > Any hints? 'iptables' and 'nftables' are competing technologies. In CentOS 8, firewalld's backend was switched from iptables to nftables. So it would be expected that the iptables command wouldn't have any rules defined, it isn't being used by firewalld. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] perl-Curses in C8?
On Jun 6, 2020, at 09:57, Mike McCarthy, W1NR wrote: > > Are there any repos that would have perl-Curses for CentOS 8? It was > always available in epel but not anymore. Looks like it has been requested already: https://bugzilla.redhat.com/show_bug.cgi?id=1823368 The maintainer hasn’t branched it for epel8 yet. I suspect if other people piled on the ticket it might get more attention... -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] docker-firewalld
On May 31, 2020, at 05:46, Rudi Ahlers wrote: > As matter of interest, why would you want to run firewalld inside docker? The package isn’t to run firewalld inside docker, but to set up the firewall on a system hosting docker containers so they can properly send and receive traffic. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for ideas about how to create a constant data stream
On May 30, 2020, at 06:46, Anand Buddhdev wrote: > > You can't read from /dev/null. You get nothing from it. You're better off > using /dev/random, for example. That will give you a continuous stream of > random bytes. /dev/random will block when you run out of entropy, so you won’t get a consistent flow of data after some time. /dev/zero should always return data, though. It I agree it makes more sense to use iperf. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xinetd custom service - perl - remote address
On Thu, May 28, 2020 at 04:46:34PM +0100, Gary Stainburn wrote:
>
> Hi all,
>
> I can't believe that I can't find the answer to this one. I have a
> perl script which is called by xinetd.
>
> I want that perl script to be able to detect the remote IP address
> of the caller.
>
> I presumed that it would be an environment variable but I could be
> wrong. I've found reference to the ENV and PASSENV arguments for
> xinetd.conf but no examples, and no indication of what auguments to
> use.
>
> In my script I have the following code:
>
> foreach (keys %ENV) { print "$_=$ENV{$_}\n";}
>
>
> but the only line I get back is:
>
> XINETD_LANG=en_US
I don't believe that xinetd tells the underlying processes anything
about IPs, since xinetd handles the network connection and as far as
the process is concerned, it's just filehandles.
--
Jonathan Billings
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how does autofs deal with stuck NFS mounts and suspending to RAM?
On Mon, May 18, 2020 at 05:36:03PM -0600, Warren Young wrote: > On May 18, 2020, at 5:13 AM, hw wrote: > > > > Is there a better alternative for mounting remote file systems > > over unreliable > > connections? > > I don’t have a good answer for you, because if you’d asked me > without all this backstory whether NFS or SSHFS is more tolerant of > bad connections, I’d have told you SSHFS. On the other hand, NFS is a fully-featured filesystem that supports fancy features like locking and a full ACL system. SSHFS is a FUSE filesystem that will break a lot of software if you try to use it for anything more complex than 'ls' and 'cp'. For what it's worth, Samba with SMBv3 and the POSIX extension[1] is a lot more tolerant of bad connections, and presents itself as a real filesystem under linux. 1. https://wiki.samba.org/index.php/SMB3-Linux -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
