Re: Traffic Monitoring
Kauffmann, Andreas schrieb am Dienstag, dem 10. September 2002: > Hallo liebe Liste ;) > > Ich habe ein problem und zwar möchte ich 3(!) Computer aus verschiedenen > Netzen überwachen. > > Das heißt, ich möchte das total verursachte Datenübertragungsvolumen (den > Traffic) von den Computern messen. > > Am Montsende sollte Ausdruck des Programmes so aussehen: > > PC01 machte 60GB Traffic > PC02 machte 34,3245GB Traffic Install ipaudit in combination with ipaudit-web. Google will show you the way. yours, peter [I CC you as you probably are not on this list, as you did write in German when it is obvious that this is an english language list.] -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpdQPPIiqt1S.pgp Description: PGP signature
Re: /root/ drwxr-xr-x?
On Wed, 07 Aug 2002, Pedro Larroy wrote: > On Wed, Jul 31, 2002 at 11:39:02PM +0200, Peter Palfrader wrote: > > On Wed, 31 Jul 2002, Thomas -Balu- Walter wrote: > > > > > # ls -lad /root/ > > > drwxr-xr-x9 root root 4096 Jul 31 18:25 /root/ > > > > > > I wonder if /root/ shouldn't be accessible by root only per default? But > > > in which package can I find this one? Should I make a bug-report or do > > > you think this is normal? (It might be some kind of SuSE-remembrance > > > from earlier days ;) > > > > This is not the first time this comes up. > > > > short version: /root 755 is no security risk and it wont get changed > >either. If you want, set it to 0700 on your box. > > long version: search the list archives (both -user and -devel will have > > some hits I guess). > > IMHO at least it should be noticed somewhere in the instalation or > something. Specially when it used to be 750 and there may be sensible > data there. It never (to my little knowledge) used to be 750 and upgrades don't change it anyway. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpR7zuKLVukk.pgp Description: PGP signature
Re: Maildirs in Debian
On Fri, 02 Aug 2002, Phillip Baker wrote: > Some would say, the solution would be to delete messages instead of hoarding > all your mailing list email which is more than likely archived automatically > by the list manager anyway (one would hope - I haven't actually checked, but > I'm sure theres got to be an archive of the debian lists somewhere). > > There's no way I'd consider keeping more than about 30 messages on hand at > any one time for any mailing list - I simply dont see the point in clogging > my machine up ;) I will store them away - when I find the time. Until then I expect my mail system to just handle it. At any rate, the point was that Maildir is not a silver bullet. mbox actually worked better. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpKGpavXHbXD.pgp Description: PGP signature
Re: Maildirs in Debian
On Fri, 02 Aug 2002, Nate Campi wrote: > On Fri, Aug 02, 2002 at 10:53:32AM +0200, Peter Palfrader wrote: > > > > Please realize that it's not enough to stat them. Your MUA needs to open > > all of them to read the mail headers: > > True, not the best proof, but opening that mail folder on ext3 takes > only a second or two with mutt, and opening it on reiserfs with mutt > takes 30 seconds or more. Opening debian-isp with a mere 6000 messages takes approximatly 30 seconds here. The NFS server is a P2 400, hd is some lvm scsi raid1, NFS client a P3 500 and the link is a Fast Ethernet (3com) with no load at all. I'm currently using ext3 on the server. I hoped to get some performance gain from switching to Maildir and it certainly has its advantages (locking) but I seriously consider going back to good old mbox which took perhaps 3 or 4 seconds to open. Opening debian-bugs-*, -devel or -user takes _minutes_, it is simply no longer fun. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpyLIFwb3tjO.pgp Description: PGP signature
Re: Maildirs in Debian
On Thu, 01 Aug 2002, Nate Campi wrote: > On Fri, Aug 02, 2002 at 03:53:24PM +1200, John Morton wrote: > > > > Maildir performance and scalability is dependant on the filesystem. If the > > filesystem your maildirs live on store small files efficiently, and can > > list > > and access files in directories filled with thousands of other small files, > > no problem (ie Reiserfs), but if not (ie ext2/3), performance will tend to > > suck. > > ext3 is extremely fast with directories with thousands of files in them. > > ext3: > $ time ls -al ~/mail/folders/systems/cur/ | wc -l >5602 > > real0m0.297s > user0m0.240s > sys 0m0.050s > > reiserfs: > $ time ls -al ~/mail/folders/systems/cur/ | wc -l >5584 > > real0m31.667s > user0m0.810s > sys 0m1.020s Please realize that it's not enough to stat them. Your MUA needs to open all of them to read the mail headers: I'm using ext3 ATM: [EMAIL PROTECTED]:...debian-bugs-closed$ time find -type f | wc -l 33933 find -type f 0.15s user 1.32s system 33% cpu 4.405 total wc -l 0.01s user 0.00s system 0% cpu 4.404 total [clear buffers && cache here] [EMAIL PROTECTED]:debian-bugs-closed$ time find -type f | xargs head > /dev/null find -type f0.17s user 1.38s system 1% cpu 1:46.14 total xargs head > /dev/null 1.02s user 5.59s system 6% cpu 1:47.62 total yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpyL6QoJN34k.pgp Description: PGP signature
Re: /root/ drwxr-xr-x?
On Wed, 31 Jul 2002, Thomas -Balu- Walter wrote: > # ls -lad /root/ > drwxr-xr-x9 root root 4096 Jul 31 18:25 /root/ > > I wonder if /root/ shouldn't be accessible by root only per default? But > in which package can I find this one? Should I make a bug-report or do > you think this is normal? (It might be some kind of SuSE-remembrance > from earlier days ;) This is not the first time this comes up. short version: /root 755 is no security risk and it wont get changed either. If you want, set it to 0700 on your box. long version: search the list archives (both -user and -devel will have some hits I guess). HTH yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpzF8Llu8V9Q.pgp Description: PGP signature
Re: Questions about using Postfix-ldap package on Woody
On Mon, 22 Jul 2002, Jacky Hui Chun Kit wrote: > Thanks very much! But why postconf can't show that it supports LDAP? > Interesting. Note: I'm not the postfix maintainer so this is a guess. postfix-ldap only contains the file »/usr/lib/postfix/dict_ldap.so« (and some docs). I guess that /usr/lib/postfix/dict_* are lookup tables that are loaded by postfix _on_ _demand_ dynamically. postconf probably doesn't know about those. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpBR3jX1GOUT.pgp Description: PGP signature
Re: Questions about using Postfix-ldap package on Woody
On Mon, 22 Jul 2002, Jacky Hui Chun Kit wrote: > Dear sir, > > I have a very stupid question I want to ask. I want to use postfix > with LDAP map support, I have installed the latest postfix and postfix-ldap > packages but I found that I do not know how to use them. A postconf -m > shows that there's no ldap support in postfix yet (only the following) [..] > Thus I am a bit lost and I want to ask if I have to use LDAP under > postfix > should I recompile from source or I missed something out? Hope that > you can kindly answer my question. Thanks! :) My postconf -m doesn't show it either, yet it works (Same with pcre). No need to recompile things. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpuGqTflG9KO.pgp Description: PGP signature
Re: Questions about using Postfix-ldap package on Woody
On Mon, 22 Jul 2002, Jacky Hui Chun Kit wrote: > Thanks very much! But why postconf can't show that it supports LDAP? > Interesting. Note: I'm not the postfix maintainer so this is a guess. postfix-ldap only contains the file »/usr/lib/postfix/dict_ldap.so« (and some docs). I guess that /usr/lib/postfix/dict_* are lookup tables that are loaded by postfix _on_ _demand_ dynamically. postconf probably doesn't know about those. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ msg06791/pgp0.pgp Description: PGP signature
Re: Questions about using Postfix-ldap package on Woody
On Mon, 22 Jul 2002, Jacky Hui Chun Kit wrote: > Dear sir, > > I have a very stupid question I want to ask. I want to use postfix > with LDAP map support, I have installed the latest postfix and postfix-ldap > packages but I found that I do not know how to use them. A postconf -m > shows that there's no ldap support in postfix yet (only the following) [..] > Thus I am a bit lost and I want to ask if I have to use LDAP under > postfix > should I recompile from source or I missed something out? Hope that > you can kindly answer my question. Thanks! :) My postconf -m doesn't show it either, yet it works (Same with pcre). No need to recompile things. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ msg06790/pgp0.pgp Description: PGP signature
Re: call me
On Thu, 11 Jul 2002, Joe Block wrote: > > On Thursday, July 11, 2002, at 11:21 , mammanjos wrote: > > > FEDERAL MINISTRY OF PETROLEUM > > Is there a particular reason the list is not restricted to members only > posting? Yes. > If someone has a second address they want to be able to post > from, they can subscribe it and set it nomail. Read the archives of any debian list. It has been discussed to death. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: call me
On Thu, 11 Jul 2002, Joe Block wrote: > > On Thursday, July 11, 2002, at 11:21 , mammanjos wrote: > > > FEDERAL MINISTRY OF PETROLEUM > > Is there a particular reason the list is not restricted to members only > posting? Yes. > If someone has a second address they want to be able to post > from, they can subscribe it and set it nomail. Read the archives of any debian list. It has been discussed to death. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Users deleting public_html and log causing Apache to fail startup
On Wed, 10 Jul 2002, Roger Abrahamsson wrote: > > > But what happens now if you allow every user to run scripts through > suexec beneath public_html? > that means they "have" to own their public_html directory and thus > always can change the access bits > and delete it, causing the server to refuse restarting? Earlier in this thread I wrote: | (owned by) (directory) | root client1/ | root client1/logs/ | root client1/site1/ | client1 client1/site1/cgi-bin/ | client1 client1/site1/htdocs/ | root client1/site2/ | client1 client1/site2/cgi-bin/ | client1 client1/site2/htdocs/ | root client1/site3/ | client1 client1/site3/cgi-bin/ | client1 client1/site3/htdocs/ | root client1/site4/ | client1 client1/site4/cgi-bin/ | client1 client1/site4/htdocs/ | root client2 | root client2/logs/ | root client2/site1/ | client2 client2/site1/cgi-bin/ | client2 client2/site1/htdocs/ | root client2/site2/ | client2 client2/site2/cgi-bin/ | client2 client2/site2/htdocs/ Please tell me which directory you mean when you refer to »public_html«. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpenvwqfJ83X.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
On Wed, 10 Jul 2002, Roger Abrahamsson wrote: > > > But what happens now if you allow every user to run scripts through > suexec beneath public_html? > that means they "have" to own their public_html directory and thus > always can change the access bits > and delete it, causing the server to refuse restarting? Earlier in this thread I wrote: | (owned by) (directory) | root client1/ | root client1/logs/ | root client1/site1/ | client1 client1/site1/cgi-bin/ | client1 client1/site1/htdocs/ | root client1/site2/ | client1 client1/site2/cgi-bin/ | client1 client1/site2/htdocs/ | root client1/site3/ | client1 client1/site3/cgi-bin/ | client1 client1/site3/htdocs/ | root client1/site4/ | client1 client1/site4/cgi-bin/ | client1 client1/site4/htdocs/ | root client2 | root client2/logs/ | root client2/site1/ | client2 client2/site1/cgi-bin/ | client2 client2/site1/htdocs/ | root client2/site2/ | client2 client2/site2/cgi-bin/ | client2 client2/site2/htdocs/ Please tell me which directory you mean when you refer to »public_html«. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ msg06751/pgp0.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
On Thu, 04 Jul 2002, Chris Wagner wrote: > >On Fri, 05 Jul 2002, Jason Lim wrote: > >They don't have write access to its parent directory: > > > >[EMAIL PROTECTED]:~/test$ mkdir public_html > >[EMAIL PROTECTED]:~/test$ sudo chown root. . > >[EMAIL PROTECTED]:~/test$ rmdir public_html > >rmdir: `public_html': Permission denied > >[EMAIL PROTECTED]:~/test$ ls -la > >total 16 > >drwxrwxr-x3 root root 4096 Jul 5 02:28 ./ > >drwxr-xr-x 135 weasel weasel 8192 Jul 5 02:28 ../ > >drwxrwxr-x2 weasel weasel 4096 Jul 5 02:28 public_html/ To go into some details, I have a setup like this: (owned by) (directory) root client1/ root client1/logs/ root client1/site1/ client1 client1/site1/cgi-bin/ client1 client1/site1/htdocs/ root client1/site2/ client1 client1/site2/cgi-bin/ client1 client1/site2/htdocs/ root client1/site3/ client1 client1/site3/cgi-bin/ client1 client1/site3/htdocs/ root client1/site4/ client1 client1/site4/cgi-bin/ client1 client1/site4/htdocs/ root client2 root client2/logs/ root client2/site1/ client2 client2/site1/cgi-bin/ client2 client2/site1/htdocs/ root client2/site2/ client2 client2/site2/cgi-bin/ client2 client2/site2/htdocs/ [..] > But won't "rmdir ." succeed if they are in the public_html directory? rmdirs _below_ client1/site1/cgi-bin/ and client1/site1/htdocs/ would all work. rmdirs of client1/site1/htdocs/, or client1/site1/cgi-bin/ themselves will not work as that requires modifying the parent directory (client1/site1) for which the client has no write priviliges. [that quoting thing goes for you too] yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgp54ATBTY9th.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, 05 Jul 2002, Jason Lim wrote: > > log directory read only > > Yeap... that can be done easily... chmod a-w log. > > > The user may not remove their document root > > How do you do that, while allowing them full access to that directory? They don't have write access to its parent directory: [EMAIL PROTECTED]:~/test$ mkdir public_html [EMAIL PROTECTED]:~/test$ sudo chown root. . [EMAIL PROTECTED]:~/test$ rmdir public_html rmdir: `public_html': Permission denied [EMAIL PROTECTED]:~/test$ ls -la total 16 drwxrwxr-x3 root root 4096 Jul 5 02:28 ./ drwxr-xr-x 135 weasel weasel 8192 Jul 5 02:28 ../ drwxrwxr-x2 weasel weasel 4096 Jul 5 02:28 public_html/ [ please remove the mail you replied to from the bottom of your messages. Only quoting the necessary parts in the right place. Thanks.] yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpLeU7XeH58l.pgp Description: PGP signature
Re: Users deleting public_html and log causing Apache to fail startup
On Fri, 05 Jul 2002, Jason Lim wrote: > The "users that know too much" keep on deleting their directories that > Apache uses to load up files from. > > For example, assume the user directory is /home/username/public_html (for > the HTML docs), and /home/username/log (for the LOG files). > So, how would you handle the above? The user may not remove their document root and the user only has read access to their log directory. Simple as that. yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpesenVQDWmn.pgp Description: PGP signature
Re: RCS control for config files
On Tue, 02 Jul 2002, Robert Waldner wrote: > On 01 Jul 2002 16:41:25 CDT, Alex Borges writes: > >Ive finnaly come to a point where i think im needing revision control > >for my configuration files on some servers > > > >So i thought id come in and ask you guys if there is some vertical stuff > >explicitly for this purpose or if you yourselves simply cvs ci your /etc > >directory et all.. > > > >Or any tips would be appreciated (like "i use emacs and rcs...works for > >me") > > :) [EMAIL PROTECTED]>~ $ cat `which rcsvi` > #!/bin/sh > > /usr/bin/co -l $1 && /usr/bin/vi $1 ; /usr/bin/ci -u $1 > > exit Here the luxus version: [EMAIL PROTECTED]:~$ cat `which rvi` #!/bin/sh co -l $1 if [ $? -ne 0 ] ; then echo "Check out failed." echo "Maybe someone else is currently editing this file." echo "Aborting rvi." exit 1 fi /usr/bin/rvim $1 ci -u $1 yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ pgpGYFH87erJg.pgp Description: PGP signature
Re: RCS control for config files
On Tue, 02 Jul 2002, Robert Waldner wrote: > On 01 Jul 2002 16:41:25 CDT, Alex Borges writes: > >Ive finnaly come to a point where i think im needing revision control > >for my configuration files on some servers > > > >So i thought id come in and ask you guys if there is some vertical stuff > >explicitly for this purpose or if you yourselves simply cvs ci your /etc > >directory et all.. > > > >Or any tips would be appreciated (like "i use emacs and rcs...works for > >me") > > :) waldner@beren->~ $ cat `which rcsvi` > #!/bin/sh > > /usr/bin/co -l $1 && /usr/bin/vi $1 ; /usr/bin/ci -u $1 > > exit Here the luxus version: weasel@marvin:~$ cat `which rvi` #!/bin/sh co -l $1 if [ $? -ne 0 ] ; then echo "Check out failed." echo "Maybe someone else is currently editing this file." echo "Aborting rvi." exit 1 fi /usr/bin/rvim $1 ci -u $1 yours, peter -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ msg06656/pgp0.pgp Description: PGP signature