Re: stable vs testing
This brings up a question I have. Isn't testing technically the *last* of stable/testing/unstable to get security fixes? security fixes for stable are packported immediately, and the fixes are also incorporated into unstable asap. Now for testing, there would be at least a delay of a week for it to pass through unstable correct? This is annoying, because testing is acutally in most cases in a pretty stable state, and would be good for many production environments except for the fact that security fixes take the longest to get incorporated. Can anyone verify this? On Thu, Nov 08, 2001 at 11:37:08PM +1100, Glenn Hocking wrote: > Hi All > > I have a need for glibc2.2 so I may have to use the testing/unstable > distribution. This will be in a ISP environment but not as a public > host. > > My question is what other experiences have others have running > testing/unstable in a live environment with regards to both security and > stability. > > Thanks in advance. > > Kind regards > Glenn Hocking > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings
Re: stable vs testing
Nick Jennings wrote: > This brings up a question I have. Isn't testing technically the *last* > of stable/testing/unstable to get security fixes? Correct. > security fixes for stable are packported immediately, and the fixes are > also incorporated into unstable asap. Now for testing, there would be > at least a delay of a week for it to pass through unstable correct? > > This is annoying, because testing is acutally in most cases in a > pretty stable state, and would be good for many production environments > except for the fact that security fixes take the longest to get > incorporated. > > Can anyone verify this? This is one of the reasons why I use APT's pinning and default release feature. With testing *and* unstable entries in /etc/apt/sources.list plus the line 'APT::Default-Release "testing";' in /etc/apt/apt.conf, 'apt-get [install|upgrade|dist-upgrade]' defaults to retrieving testing packages. 'apt-get install foo -t unstable' will install package foo and all of its dependencies from sid onto an otherwise woody installation. From then on, apt retrieves updates of foo and its dependencies from unstable until the version installed moves over to testing. Very nice and handy for the bug fixes you just don't want to wait for. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stable vs testing
This brings up a question I have. Isn't testing technically the *last* of stable/testing/unstable to get security fixes? security fixes for stable are packported immediately, and the fixes are also incorporated into unstable asap. Now for testing, there would be at least a delay of a week for it to pass through unstable correct? This is annoying, because testing is acutally in most cases in a pretty stable state, and would be good for many production environments except for the fact that security fixes take the longest to get incorporated. Can anyone verify this? On Thu, Nov 08, 2001 at 11:37:08PM +1100, Glenn Hocking wrote: > Hi All > > I have a need for glibc2.2 so I may have to use the testing/unstable > distribution. This will be in a ISP environment but not as a public > host. > > My question is what other experiences have others have running > testing/unstable in a live environment with regards to both security and > stability. > > Thanks in advance. > > Kind regards > Glenn Hocking > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Nick Jennings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
sourceforge and postgresql
Has anyone installed sourceforge with the deb package? I am installing it and this is my output: Setting up sourceforge (2.5-14) ... You'll see some debugging info during this installation. Do not worry unless told otherwise. DBI->connect(dbname=sourceforge;host=192.168.10.2) failed: fe_senda at /usr/lib/sourceforge/lib/include.pl line 44 Uncaught exception from user code: Cannot connect to database: at /usr/lib/sourceforge/lib/include.pl line 46. main::db_connect called at /usr/lib/sourceforge/bin/db-upgrade.pl line 29 Installing chroot environnement at /var/lib/sourceforge/chroot Configuring DNS for domain name = dev.uprint.web and IP address = 192.168.10.2... dev.uprint.web Creating /var/lib/sourceforge/bind/dns.head DBI->connect(dbname=sourceforge;host=192.168.10.2) failed: fe_sendauth: no pass at /usr/lib/sourceforge/lib/include.pl line 44 Cannot connect to database: at /usr/lib/sourceforge/lib/include.pl line 46. DNS configuration done. Modifying inetd for cvs server CVS usual config is changed for sourceforge one Modifying /etc/ldap/slapd.conf WARNING: Please check referal line in /etc/ldap/slapd.conf Adding /etc/ldap/schema/core.schema Adding /etc/ldap/schema/cosine.schema Adding /etc/ldap/schema/inetorgperson.schema Adding /etc/ldap/schema/nis.schema Adding /etc/sourceforge/sourceforge.schema Restarting ldap server(s): Stopping ldap server(s): slapd. Starting ldap server(s): slapd. Modifying /etc/libnss-ldap.conf Modifying /etc/nsswitch.conf Load ldap WARNING: Can't load ldap table without /etc/slapd.secret file AFAIK : This file should be installed by libpam-ldap Restarting ldap server(s): Stopping ldap server(s): slapd. Starting ldap server(s): slapd. Setup SF_robot account Adding robot accounts ldap_bind: Can't contact LDAP server Changing SF_robot passwd using admin account ldap_initialize( ) ldap_bind: Can't contact LDAP server Changing dummy cn using SF_robot account ldap_initialize( ) ldap_bind: Can't contact LDAP server dpkg: error processing sourceforge (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: sourceforge E: Sub-process /usr/bin/dpkg returned an error code (1) Matt
[Debian system] tuning number of groups for a user
Hi, It is a question of increasing the number of groups to which a Linux user can belong. By default, this number is 32 (cf /usr/include/linux/limits.h or in the sources of the kernel /usr/src/linux/include/linux/limits.h). The distribution is Debian 2.2 (potato), the kernel is the 2.2.19. By modifying the following line in these headers: # define NGROUPS_MAX 32 in: # define NGROUPS_MAX 64 and by compiling the kernel, this one must be able to support the increase. One needs then recompile some packages: - shellutils - login - passwd which contain the utilities for managing users and groups. After their installation, some problems remains: usermod works correctly and wants to make well belong a user in 64 groups, but id returns only the first 32 groups to which belongs the user. IMO, the sources of id do not seem in question. The goal of the operation is to increase the number of VirtualHosts managed by Apache (a VHost = a User/Group couple). In detail: - Apache is started by a user (for Debian, www-data); - scripts PHP are also started by this user; - to preserve each VHost environment, only user and his/her group can go the base directory; - So that scripts PHP are executed correctly in the environment of each VHost, it is necessary that the user www-data belongs to the user group who possess each VHost. So, here are beginning my problems... Do I need to recompile Apache? If someone has an idea or eventually another solution? How is it managed on ISP servers? Best regards. -- ¤ Stéphane Le Béchennec ¤ ENIC Telecom Lille 1 - Promotion TTN03 ¤
sourceforge and postgresql
Has anyone installed sourceforge with the deb package? I am installing it and this is my output: Setting up sourceforge (2.5-14) ... You'll see some debugging info during this installation. Do not worry unless told otherwise. DBI->connect(dbname=sourceforge;host=192.168.10.2) failed: fe_senda at /usr/lib/sourceforge/lib/include.pl line 44 Uncaught exception from user code: Cannot connect to database: at /usr/lib/sourceforge/lib/include.pl line 46. main::db_connect called at /usr/lib/sourceforge/bin/db-upgrade.pl line 29 Installing chroot environnement at /var/lib/sourceforge/chroot Configuring DNS for domain name = dev.uprint.web and IP address = 192.168.10.2... dev.uprint.web Creating /var/lib/sourceforge/bind/dns.head DBI->connect(dbname=sourceforge;host=192.168.10.2) failed: fe_sendauth: no pass at /usr/lib/sourceforge/lib/include.pl line 44 Cannot connect to database: at /usr/lib/sourceforge/lib/include.pl line 46. DNS configuration done. Modifying inetd for cvs server CVS usual config is changed for sourceforge one Modifying /etc/ldap/slapd.conf WARNING: Please check referal line in /etc/ldap/slapd.conf Adding /etc/ldap/schema/core.schema Adding /etc/ldap/schema/cosine.schema Adding /etc/ldap/schema/inetorgperson.schema Adding /etc/ldap/schema/nis.schema Adding /etc/sourceforge/sourceforge.schema Restarting ldap server(s): Stopping ldap server(s): slapd. Starting ldap server(s): slapd. Modifying /etc/libnss-ldap.conf Modifying /etc/nsswitch.conf Load ldap WARNING: Can't load ldap table without /etc/slapd.secret file AFAIK : This file should be installed by libpam-ldap Restarting ldap server(s): Stopping ldap server(s): slapd. Starting ldap server(s): slapd. Setup SF_robot account Adding robot accounts ldap_bind: Can't contact LDAP server Changing SF_robot passwd using admin account ldap_initialize( ) ldap_bind: Can't contact LDAP server Changing dummy cn using SF_robot account ldap_initialize( ) ldap_bind: Can't contact LDAP server dpkg: error processing sourceforge (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: sourceforge E: Sub-process /usr/bin/dpkg returned an error code (1) Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[Debian system] tuning number of groups for a user
Hi, It is a question of increasing the number of groups to which a Linux user can belong. By default, this number is 32 (cf /usr/include/linux/limits.h or in the sources of the kernel /usr/src/linux/include/linux/limits.h). The distribution is Debian 2.2 (potato), the kernel is the 2.2.19. By modifying the following line in these headers: # define NGROUPS_MAX 32 in: # define NGROUPS_MAX 64 and by compiling the kernel, this one must be able to support the increase. One needs then recompile some packages: - shellutils - login - passwd which contain the utilities for managing users and groups. After their installation, some problems remains: usermod works correctly and wants to make well belong a user in 64 groups, but id returns only the first 32 groups to which belongs the user. IMO, the sources of id do not seem in question. The goal of the operation is to increase the number of VirtualHosts managed by Apache (a VHost = a User/Group couple). In detail: - Apache is started by a user (for Debian, www-data); - scripts PHP are also started by this user; - to preserve each VHost environment, only user and his/her group can go the base directory; - So that scripts PHP are executed correctly in the environment of each VHost, it is necessary that the user www-data belongs to the user group who possess each VHost. So, here are beginning my problems... Do I need to recompile Apache? If someone has an idea or eventually another solution? How is it managed on ISP servers? Best regards. -- ¤ Stéphane Le Béchennec ¤ ENIC Telecom Lille 1 - Promotion TTN03 ¤ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Squid acl help
On Fri Nov 16 2001 at 03:37:47PM +0200 'Charl Matthee' <[EMAIL PROTECTED]> wrote: > I'm no squid ACL expert but what about: > > acl bigbrothersa dstdomain bigbrothersa.com > acl all src 0.0.0.0/0.0.0.0 > acl allowtime1 time SMTWTFA !08:00-16:00 > acl allowtime2 time SMTWTFA 13:00-13:30 > acl disallowtime time SMTWTFA 08:00-16:00 > > http_access allow all allowtime1 allowtime2 > http_access deny bigbrothersa disallowtime This may be a little more sensible: acl all src 0.0.0.0/0.0.0.0 acl bbsadom dstdomain_regex -i .*bigbrothersa\.com acl nobbsa time SMTWTFA 08:00-13:00 acl nobbsa time SMTWTFA 13:30-16:00 http_access deny bbsadom nobbsa http_access allow all Ciao Charl __ The significant problems we face cannot be solved at the same level of thinking we were at when we created them. -- Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Reality Manufacturing ] [ +27-11-405-6508 ] __
Re: Squid acl help
On Fri Nov 16 2001 at 02:29:26PM +0200 'Craigsc' <[EMAIL PROTECTED]> wrote: > I am trying to setup acl's for squid so that before 8:00 and after 16:00 and > at 13:00 to 13:30 can surf > anywhere. But from 8:00 -> 16:00 excluding 13:00 to 13:30 they cannot go to > bigbrothersa.com. I'm no squid ACL expert but what about: acl bigbrothersa dstdomain bigbrothersa.com acl all src 0.0.0.0/0.0.0.0 acl allowtime1 time SMTWTFA !08:00-16:00 acl allowtime2 time SMTWTFA 13:00-13:30 acl disallowtime time SMTWTFA 08:00-16:00 http_access allow all allowtime1 allowtime2 http_access deny bigbrothersa disallowtime How does that look? Ciao Charl __ The significant problems we face cannot be solved at the same level of thinking we were at when we created them. -- Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Reality Manufacturing ] [ +27-11-405-6508 ] __
Re: Squid acl help
On Fri Nov 16 2001 at 03:37:47PM +0200 'Charl Matthee' <[EMAIL PROTECTED]> wrote: > I'm no squid ACL expert but what about: > > acl bigbrothersa dstdomain bigbrothersa.com > acl all src 0.0.0.0/0.0.0.0 > acl allowtime1 time SMTWTFA !08:00-16:00 > acl allowtime2 time SMTWTFA 13:00-13:30 > acl disallowtime time SMTWTFA 08:00-16:00 > > http_access allow all allowtime1 allowtime2 > http_access deny bigbrothersa disallowtime This may be a little more sensible: acl all src 0.0.0.0/0.0.0.0 acl bbsadom dstdomain_regex -i .*bigbrothersa\.com acl nobbsa time SMTWTFA 08:00-13:00 acl nobbsa time SMTWTFA 13:30-16:00 http_access deny bbsadom nobbsa http_access allow all Ciao Charl __ The significant problems we face cannot be solved at the same level of thinking we were at when we created them. -- Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Reality Manufacturing ] [ +27-11-405-6508 ] __ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Squid acl help
Hi Fellas I am trying to setup acl's for squid so that before 8:00 and after 16:00 and at 13:00 to 13:30 can surf anywhere. But from 8:00 -> 16:00 excluding 13:00 to 13:30 they cannot go to bigbrothersa.com. Please if anyone can assist :) ..Craig
Re: Squid acl help
On Fri Nov 16 2001 at 02:29:26PM +0200 'Craigsc' <[EMAIL PROTECTED]> wrote: > I am trying to setup acl's for squid so that before 8:00 and after 16:00 and > at 13:00 to 13:30 can surf > anywhere. But from 8:00 -> 16:00 excluding 13:00 to 13:30 they cannot go to > bigbrothersa.com. I'm no squid ACL expert but what about: acl bigbrothersa dstdomain bigbrothersa.com acl all src 0.0.0.0/0.0.0.0 acl allowtime1 time SMTWTFA !08:00-16:00 acl allowtime2 time SMTWTFA 13:00-13:30 acl disallowtime time SMTWTFA 08:00-16:00 http_access allow all allowtime1 allowtime2 http_access deny bigbrothersa disallowtime How does that look? Ciao Charl __ The significant problems we face cannot be solved at the same level of thinking we were at when we created them. -- Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Reality Manufacturing ] [ +27-11-405-6508 ] __ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Squid acl help
Hi Fellas I am trying to setup acl's for squid so that before 8:00 and after 16:00 and at 13:00 to 13:30 can surf anywhere. But from 8:00 -> 16:00 excluding 13:00 to 13:30 they cannot go to bigbrothersa.com. Please if anyone can assist :) ..Craig