Re: startx + ~/.xsession and no ~/.xinitrc, results in reduced functionality (xfce4, sid)

[Zenaan Harkness]

On 12/13/13, Zenaan Harkness  wrote:
> On 12/13/13, Brian  wrote:
>> On Thu 12 Dec 2013 at 17:23:31 +1100, Zenaan Harkness wrote:
>>
>>> What seemed like a good idea, at, the, time ... is longer looking so
>>> good. Any ideas why this odd behaviour would appear as it does?
>>
>> You could try following the advice given in
>>
>>/usr/share/doc/xfce4-session/README.Debian
>
> This is excellent advice.
>
> Please Note: before these experiments, I simply had ~/.xinitrc, and
> startx worked.
>
> However, I was inspired by what is the new/current "debian way".
>
> On a whim, I removed ~/.xinitrc and ~/.xsession and I have no ~/.xsessionrc
> .
>
> So now things work as well as they did with ~/.xinitrc , but without
> any ~/.x* files! This is good.
>
> Clearly consolekit is started (logout, as well as reboot etc now
> work), my keyboard shortcuts work etc.
>
> This seems ideal - no per-user configuration, and it just works (TM)(C)(R).

This stopped working after a recent upgrade, since I too quickly
allowed apt to overwrite my change in /etc/pam.d/common-session

Is there any reason that the following, from
/usr/share/doc/xfce4-session/README.Debian :

   * install libpam-ck-connector
   * put:

   
   session   optional  pam_loginuid.so
   

   *before* pam_ck_connector.so in /etc/pam.d/common-session.

is _not_ part of the default install for Debian?

$ dpkg -S /etc/pam.d/common-session
dpkg-query: no path found matching pattern /etc/pam.d/common-session

I guess it must be generated by a script or something. What's the
process or rather command line command for determining which script
created a particular file such as this one?

TIA
Zenaan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOsGNSSjOzuGbyf=2d=B3RkcCuHmtcnWjb91BPGmOs=4+hp...@mail.gmail.com

Re: Dovecot *requires* MySQL?

[Stan Hoeppner]

On 1/2/2014 9:04 PM, Jordan Metzmeier wrote:
> On Thu, Jan 2, 2014 at 8:34 PM, Bob Bernstein  
> wrote:
>>
>> Setting out to install dovecot-imapd on a squeeze host via apt-get,
>> I discovered that:
>>
>> The following extra packages will be installed:
>>   dovecot-common libmysqlclient16 libpq5 mysql-common
>>
>> I understand that neither of the two mysql debs named above provide
>> MySQL _server_ function, so why are they needed? I refuse to have a
>> MySQL server on (or doing business with) any host for which I am
>> responsible. I ma not really happy with that 'client' mysql thingie,
>> to be completely honest!
>>
> 
> Dovecot does not require mysql. The dovecot-common package
> *recommends* dovecot-mysql. Apt installs recommended packages by
> default, but they are not required. You can exclude recommended
> packages with --no-install-recommends. The only technical downside to
> having mysql-common and libmysqlclient16 is about 5KB of disk space.

Dovecot also supports LDAP and sqlite as the user database, so you
should have seen dependencies for libldap and libsqlite as well, and
also libpam which is the default user database.  You'll also see libssl,
openssl, etc.

These are installed by default so that they simply work when you
configure dovecot to use them, instead of pulling your hair out when the
errors pile up in the log, and auth doesn't work.

-- 
Stan




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c63464.2010...@hardwarefreak.com

Re: Dovecot *requires* MySQL?

[Bob Bernstein]

On Thu, 2 Jan 2014, Jordan Metzmeier wrote:


Apt installs recommended packages by default, but they are not required.


Thank you *so* much.

I wonder when apt finally got me completely cowed into submission? So that 
I just abjectly succumbed, without question, to its brute, totalitarian 
demands?


Oh well...

--
Bob Bernstein


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
http://lists.debian.org/Pine.LNX.4.64.1401022230330.26492@trollboy.localdomain

Errors while running Netselect-Apt

[Muntasim-Ul-Haque]

Hi,
I've faced some problems while using the Netselect-Apt. While giving the 
command */sudo netselect-apt/* I get the following errors:

/*Did not find any valid hosts (you requested 10)*//*
*//*netselect was unable to find a mirror, this probably means that*//*
*//*you are behind a firewall and it is blocking ICMP and/or*//*
*//*UDP traceroute. Or the servers test are actively blocking*//*
*//*ICMP and/or UDP traceroute probes.*/

So what's the probable reason behind this? How can I use Netselect-Apt 
without any further problem?

Thanking you,
Muntasim-Ul-Haque

Re: Dovecot *requires* MySQL?

[Jordan Metzmeier]

On Thu, Jan 2, 2014 at 8:34 PM, Bob Bernstein  wrote:
>
> Setting out to install dovecot-imapd on a squeeze host via apt-get,
> I discovered that:
>
> The following extra packages will be installed:
>   dovecot-common libmysqlclient16 libpq5 mysql-common
>
> I understand that neither of the two mysql debs named above provide
> MySQL _server_ function, so why are they needed? I refuse to have a
> MySQL server on (or doing business with) any host for which I am
> responsible. I ma not really happy with that 'client' mysql thingie,
> to be completely honest!
>

Dovecot does not require mysql. The dovecot-common package
*recommends* dovecot-mysql. Apt installs recommended packages by
default, but they are not required. You can exclude recommended
packages with --no-install-recommends. The only technical downside to
having mysql-common and libmysqlclient16 is about 5KB of disk space.

Regards,
Jordan Metzmeier


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cad758rho3w4inkhmzsfwvloskkvhjvdrvaeub-9z_vmqrc7...@mail.gmail.com

Dovecot *requires* MySQL?

[Bob Bernstein]

Setting out to install dovecot-imapd on a squeeze host via apt-get, 
I discovered that:

The following extra packages will be installed:
  dovecot-common libmysqlclient16 libpq5 mysql-common

I understand that neither of the two mysql debs named above provide 
MySQL _server_ function, so why are they needed? I refuse to have a 
MySQL server on (or doing business with) any host for which I am 
responsible. I ma not really happy with that 'client' mysql thingie, 
to be completely honest!

tia

-- 
Bob Bernstein

I am dissatisfied, profoundly so, with the world as it is. But I 
would be dissatisfied with any world. And I'd hate to lose my 
dissatisfaction.

   Alfred Kazin
 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140103023404.ga15...@sixtiessurvivor.org

Re: [OT] non technical Q: bad or worse. Was: To do the same as Windows safe mode...........

[Chris Bannister]

On Wed, Jan 01, 2014 at 06:02:48PM +, Lisi Reisz wrote:
> On Wednesday 01 January 2014 17:49:59 Brian wrote:
> > If 'less worse' is a colloquialism it has no charm or character to
> > lift it out of the lazy speaking category.
> 
> :-)

Ain't that the truth! :-) (Sorry.)

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140103020752.GC26971@tal

Re: mtp://[usb:001,022]/131074

[André Nunes Batista]

On Thu, 2014-01-02 at 00:13 +, Sharon Kimble wrote:
> 'Titanium Backup' only works on rooted phones, and it isn't rooted! 
> 
> What I need to do is to be able to back it up to the external SD card,
> which I can then dismount, remove it from the mobile and mount it on my
> linux box. From there I can rsync it, but I was hoping for a solution
> that wasn't so labour intensive. 
> 

You could use some ssh implementation for android and then connect to it
through wireless + sshfs.

> That's the plan for this week, and once that system is working, it will
> be no hardship to redo it monthly, and maybe even set up obnam to back
> it up as well, which I much prefer.

Other than that, if you do a "$ dmesg | tail" after plugin your USB
device, the output will contain the flash disk device file on /dev/sdX.
After that, mount it with explicit arguments for "allow_other" and "rw"
flags set.

-- 
André N. Batista
GNUPG/PGP KEY: 6722CF80



signature.asc
Description: This is a digitally signed message part

Re: keyboard settings clobbered

[ChadDavis]

On Thu, Jan 2, 2014 at 1:55 PM, ChadDavis wrote:

> Something keeps turning off my key repeater setting.  I'm not sure if
> that's the technical term, but pressing and holding a key doesn't do
> anything.  I have to go into System Settings and toggle the "repeat"
> checkbox, then it works again.
>
> NOTE, it will then quit working in a short time frame, i.e. several times
> a day.  When it quits, it's still set in to repeat in the System Settings
> -> Keyboard settings.  If I toggle it off, and then back on, it resets it
> to repeat.
>
> Any idea what is causing this?
>
>
I figured out that it's caused by my interaction with a virtual machine
running in VMWare Workstation (9.x).  If I click into the workstation
session, and then back out.  The key repeater setting is lost.

Re: tuxboot-SOLVED

[Paul Cartwright]

On 01/02/2014 03:00 PM, Paul Cartwright wrote:
> anyone use tuxboot?? I was trying to install Clonezilla using their
> recommended tuxboot method. I'm running Wheezy. Either the download link
> doesn't work, or the executable doesn't do anything. When I tried to run
> the linux file(tuxboot-6), it just returned my command-line. I was able
> to burn it to a CD, but I'm just curious. My netbootin doesn't seem to
> make a real bootable image, or I'm doing it wrong:)
> I tried compiling the source, but I was just missing too many things,
> and I gave up.. QtCore was the last issue..
>
> what do you use to make a bootable image on a USB stick??
 well I just had an interesting session with tuxboot. I finally got it
installed after I installed a qt4-dev-tools package..
then I ran tuxboot to install clonezilla on a USB stick. It didn't work
I installed puppy linux on that stick and... it did'nt work. I just GOT
this stick and it was formatted fat32. I blew away the partition,
repartitioned it fat32, installed puppy linux, and... it booted. Now I
know why I had issues with a video I put on that stick. the video worked
fine on the laptop it came from, but it had errors once I transferred it
to the USB stick. Brand new PNY USB stick. 32 GB. one that I was using
to back up my photos...

-- 
Paul Cartwright
Registered Linux User #367800 and new counter #561587


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c5dc9f.1020...@gmail.com

tuxboot

[Paul Cartwright]

anyone use tuxboot?? I was trying to install Clonezilla using their
recommended tuxboot method. I'm running Wheezy. Either the download link
doesn't work, or the executable doesn't do anything. When I tried to run
the linux file(tuxboot-6), it just returned my command-line. I was able
to burn it to a CD, but I'm just curious. My netbootin doesn't seem to
make a real bootable image, or I'm doing it wrong:)
I tried compiling the source, but I was just missing too many things,
and I gave up.. QtCore was the last issue..

what do you use to make a bootable image on a USB stick??

-- 
Paul Cartwright


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c5c57a.2060...@pcartwright.com

keyboard settings clobbered

[ChadDavis]

Something keeps turning off my key repeater setting.  I'm not sure if
that's the technical term, but pressing and holding a key doesn't do
anything.  I have to go into System Settings and toggle the "repeat"
checkbox, then it works again.

NOTE, it will then quit working in a short time frame, i.e. several times a
day.  When it quits, it's still set in to repeat in the System Settings ->
Keyboard settings.  If I toggle it off, and then back on, it resets it to
repeat.

Any idea what is causing this?

wheezy/gnome3.4

Re: Disable ipv6.......

[Charlie]

On Thu, 2 Jan 2014 17:55:50 + Tom H sent:

> On Thu, Jan 2, 2014 at 1:53 PM, Bonno Bloksma 
> wrote:
> >>>
> >>> # rmmod ipv6
> >>>
> >>> libkmod: ERROR ../libkmod/libkmod-module.c:1802
> >>> kmod_module_get_holders: could not open
> >>> '/sys/module/ipv6/holders': No such file or directory Error:
> >>> Module ipv6 is in use
> >>
> >> So I am certain now that I don't have ipv6 enabled at all, and
> >> that message can be ignored.
> >
> > In previous Debian versions ipv6 was done via a module that one
> > could unload or disable to prevent ipv6 being activated. As of
> > Squeeze ipv6 is built in at the kernel level and cannot be disabled
> > that way.
> >
> > So unless you are still running Lenny or build your own kernel
> > there is no ipv6 module. Just do "ip addr" or "ifconfig" and you
> > will probably see ip6 lines, ip6 is default on now. If your uplink
> > does not do ipv6 then there is no ipv6 traffic going over the line
> > and no delay in using ipv4.
> 
> When ipv6 is compiled as a module, you can disable it with modprobe
> or sysctl.
> 
> When ipv6 is compiled in-kernel, you can disable it in two ways.
> 
> You can disable the ipv6 stack by adding "ipv6.disable=1" to the
> kernel cmdline.
> 
> You can disable the assignment of ipv6 addresses to nics by adding
> "ipv6.disable_ipv6=1" to the kernel cmdline.
> 
> The latter's the equivalent of creating
> "/etc/sysctl.d/disable_ipv6.conf" where
> 
> # cat /etc/sysctl.d/disable_ipv6.conf
> net.ipv6.conf.all.disable_ipv6=1
> net.ipv6.conf.default.disable_ipv6=1
> net.ipv6.conf.eth.disable_ipv6=1
> 
> (or you can "echo 1 > /proc/sys/net/ipv6/conf/.../disable_ipv6" at
> boot)

Thank you all. I believe I was on a witch hunt. 

I have disabled it on Windows machines for people who use satellite in
our area. To help them achieve better Internet performance. Just thought
I should be certain that, what I assumed, I'm not using it in Debian,
was correct.

I thought it wasn't an addition to my system, but after that spurious
message, doubts - doubts and more doubts.

Thought the beast better be hunted down and removed. Not being able to
find it, even after much googling as to commands that might flush it, or
how it might be recognised without any success at finding it in my
system.

Thought I better hand it to all you good people with greater knowledge
than myself, who have set my mind at rest. Proving it can't be
discovered. The reason being, it's not there except in the reply of that
message.

Thank you all.
Charlie
-- 
Registered Linux User:- 329524
***

"It is the duty of the patriot to protect his country from its
government." -- Thomas Paine

***

Debian GNU/Linux - just the best way to create magic

-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140103073914.25ddb037@taogypsy.wildlife

Re: Help: 'g++ -m32 ...' does not find

[Sven Joachim]

On 2014-01-02 19:22 +0100, Thomas Vaughan wrote:

> Using Debian unstable and default g++ (4.8.2), I am recently unable to
> build a project that was building a few weeks ago.
>
> ---BEGIN SNIPPET FROM BUILD LOG---
> libtool: compile:  g++ ... -m32 -fmessage-length=0 -O0 -fPIC -ggdb3
> -fvar-tracking-assignments -W -Wall -Wconversion -Wshadow -Wcast-align
> -Wwrite-strings -Wpointer-arith -MT bar.lo -MD -MP -MF .deps/bar.Tpo -c
> bar.cpp -o bar.o
> In file included from /usr/include/sys/socket.h:39:0,
>  from /usr/include/netinet/in.h:24,
>  from /usr/include/arpa/inet.h:22,
> ...
> /usr/include/bits/socket.h:343:24: fatal error: asm/socket.h: No such file
> or directory
>  #include 

Install gcc-multilib, it includes the necessary symlink
/usr/include/asm -> x86_64-linux-gnu/asm for "g++ -m32" to work.

Cheers,
   Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/871u0q6xl9@turtle.gmx.de

Help: 'g++ -m32 ...' does not find

[Thomas Vaughan]

Using Debian unstable and default g++ (4.8.2), I am recently unable to
build a project that was building a few weeks ago.

---BEGIN SNIPPET FROM BUILD LOG---
libtool: compile:  g++ ... -m32 -fmessage-length=0 -O0 -fPIC -ggdb3
-fvar-tracking-assignments -W -Wall -Wconversion -Wshadow -Wcast-align
-Wwrite-strings -Wpointer-arith -MT bar.lo -MD -MP -MF .deps/bar.Tpo -c
bar.cpp -o bar.o
In file included from /usr/include/sys/socket.h:39:0,
 from /usr/include/netinet/in.h:24,
 from /usr/include/arpa/inet.h:22,
...
/usr/include/bits/socket.h:343:24: fatal error: asm/socket.h: No such file
or directory
 #include 
^
compilation terminated.
---END SNIPPET FROM BUILD LOG---

% uname -a
Linux foo 3.12-1-amd64 #1 SMP Debian 3.12.6-2 (2013-12-29) x86_64 GNU/Linux

% dpkg -S asm/socket.h

linux-headers-3.12-1-common:
/usr/src/linux-headers-3.12-1-common/arch/x86/include/uapi/asm/socket.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/socket.h
linux-headers-3.11-2-common:
/usr/src/linux-headers-3.11-2-common/arch/x86/include/uapi/asm/socket.h

% dpkg -l 'lib*32*dev' | grep ii | awk '{print $2}'
lib32gcc-4.8-dev
lib32readline6-dev
lib32stdc++-4.8-dev
lib32tinfo-dev
libx32gcc-4.8-dev
libx32stdc++-4.8-dev

Any help would be appreciated.


-- 
Thomas E. Vaughan

Re: Disable ipv6.......

[Tom H]

On Thu, Jan 2, 2014 at 1:53 PM, Bonno Bloksma  wrote:
>>>
>>> # rmmod ipv6
>>>
>>> libkmod: ERROR ../libkmod/libkmod-module.c:1802
>>> kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
>>> such file or directory Error: Module ipv6 is in use
>>
>> So I am certain now that I don't have ipv6 enabled at all, and that message 
>> can be ignored.
>
> In previous Debian versions ipv6 was done via a module that one could unload 
> or disable to prevent ipv6 being activated.
> As of Squeeze ipv6 is built in at the kernel level and cannot be disabled 
> that way.
>
> So unless you are still running Lenny or build your own kernel there is no 
> ipv6 module.
> Just do "ip addr" or "ifconfig" and you will probably see ip6 lines, ip6 is 
> default on now. If your uplink does not do ipv6 then there is no ipv6 traffic 
> going over the line and no delay in using ipv4.

When ipv6 is compiled as a module, you can disable it with modprobe or sysctl.

When ipv6 is compiled in-kernel, you can disable it in two ways.

You can disable the ipv6 stack by adding "ipv6.disable=1" to the kernel cmdline.

You can disable the assignment of ipv6 addresses to nics by adding
"ipv6.disable_ipv6=1" to the kernel cmdline.

The latter's the equivalent of creating "/etc/sysctl.d/disable_ipv6.conf" where

# cat /etc/sysctl.d/disable_ipv6.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.eth.disable_ipv6=1

(or you can "echo 1 > /proc/sys/net/ipv6/conf/.../disable_ipv6" at boot)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=SwhpoHVecXgeXXa+jRLkfcKCKxg4hLu8G9FiLtQ5pj=d...@mail.gmail.com

Re: Possible to add an LVM to existing Wheezy box

[Chris Davies]

Ron Leach  wrote:
> Actually, the disk we are rescuing is the surviving member of a RAID1
> pair[1].  I realised, today, that I cannot simply install that in our
> Wheezy box because (I think) it needs a software RAID layer in order
> to read it (fstab refers to md1, md2 etc).

It depends on the RAID management level (0.9, 1.0, 1.1, 1.2, ddf,
imsm). Since your disk is from an older system the chances are quite
good that you *can* mount the partition directly as a non-RAID disk
(sdaX, etc.). Once you've done that, though, it gets quite exciting
trying to grow it back into a RAID1 configuration. You can do it - it's
a matter of creating a RAID1 configuration with an "initially missing"
second disk and then adding it later - but you have to be careful of
the existing on-disk RAID1 definition.


>> The RAID1+LVM solution can be implemented as part of your migration to
>> a new server

> OK.  If we were to do this (and I think we ought to, we do have 2 
> spare 2TB drives), I've a couple of quick planning queries.

> (a) Will Wheezy happily run RAID1 'only' on the 2 x 2TB disks, leaving 
> the OS on its non-RAID 250GB disk?

Yes, if that's what you want. You can choose to apply RAID and/or LVM
to any partition and/or disk.


> (b) More seriously, though, because we will need to expand the space, 
> there's only room on the motherboard for 4 SATA drives and to expand a 
> RAID1/LVM scheme I'll need another 2 drives, making 5 drives overall. 
>  I'll run out of SATA ports.  Happy to listen to any suggestions.

A couple of options spring to mind

1. Buy a pair of 3TB disks instead of 2TB ones. Proceed as before.

2. Buy three 3TB disks and use RAID5 instead of RAID1. Otherwise proceed
as before.

3. Buy four 3TB disks, discarding the existing 250GB disk. Use either
RAID1+0 (6TB ) or RAID5 (9TB) for your LVM/data partition.

You can replicate your OS across as many of the disks as you like. If
you do this, use either a simple /boot partition of 100MB or so or a
relatively small 20-50GB OS installation. You can RAID1 this across all
the disks if you want, but you have to remember to install Grub on each
disk individually.

Once you've done that, create a new partition for remaining space on
all the available data disks (1.95TB or whatever). You can RAID1 or
RAID5 these data partitions. Then create an LVM layer on top of the
resulting metadevice.


In my home situation I've got an HP ProLiant with four slots. One contains
the originally supplied 250GB disk; two of the other three contain 3TB
disks. I've got my OS on all the disks replicated with RAID1 (actually
across two with a hot spare). The remaining chunk of the 250GB disk has an
LVM Volume Group called "noraid", which I use for temporary allocations
that really don't need RAID. The remains of the two big disks are sliced
up into 500GB partitions. I can pair the corresponding partitions using
either RAID0 or RAID1. These then get added either to my "raid0" VG
or my "raid1" VG. Backups go to a partition created from the "raid0"
LV. Important stuff goes to a partition created from the "raid1" LV.


> A recent 
> posting on (I think) this list pointed to an Adaptec HW RAID card with 
> 4 ports, which might solve the ports problem and let us expand to 2 x 
> 2TB and (say) 2 x 3TB drives, albeit with some reconfiguration away 
> from software RAID.

The only "gotcha" I can see with hardware RAID is how to recover data from
the disks in the event of the card's failure. If it was a commercially
maintained corporate system (Dell, HP, IBM, whatever) under supplier
warranty then I'd not worry about this. For SOHO use I'd want to know
how to handle recovery from this situation.


> From an implementation point of view, presumably the steps are:
> - Build a RAID1 layer on the 2 2TB drives
> - Then build the LVM with pvcreate, etc,

Essentially, yes.


> [1] We did try to rebuild the RAID1 but we couldn't get the rebuild
> to work.  The disks have multiple partitions, each is a separate RAID1
> (I think this isn't recommended) and while we were partitioning the
> replacement disk, we ended up confusing mdadm.

I don't see anything wrong with having multiple RAID1 slices. You do
have to be careful when rebuilding a dead RAID configuration, though,
and you possibly just needed to tell mdadm the new minor device numbers
for the devices you were (re)building. BICBW of course.

Chris


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/u1igpaxm7c@news.roaima.co.uk

Re: packages status

[Bob Proulx]

Diogene Laerce wrote:
> >>Is there a simple way to get the list of packages installed since the fresh
> >>installation of deby ?
> >How long ago was your fresh installation?  There are backups of the
> >dpkg package status kept in /var/backups that go back a week.  And if
> >you have a system backup you could retrieve older copies going back as
> >far as your backups.  Those files list what is installed on the
> >machine and could be used to make this deduction.
> >
> >   $ zcat /var/backups/dpkg.status.6.gz | grep-dctrl -s Package -n "install 
> > ok installed" | sort > /tmp/list.prev
> >
> >   $ grep-status -s Package -n "install ok installed" | sort > /tmp/list.now
> >
> >   $ comm -3 /tmp/list.prev /tmp/list.now
> 
> Thanks a lot Mister Bob, it worked like a charm ! The install was nearly
> fresh, just 6 or 7 days and I didn't know those dctrl-tools commands so
> double thanks again. ;)
> 
> I start a script with those right now. :)

I am glad that worked for you.  A few more hints.  Debian's APT marks
packages as either being installed manually or installed automatically
as a dependency of something else.  If you get a full list of packages
that are installed then only the top level package names were
installed manually.  The rest were installed automatically.  This is
used to enable 'apt-get autoremove' functionality such that when
libraries and other autotmatically installed dependencies are no
longer needed that they can be detected as no longer being needed and
removed.

Better to separate out the top level packages and install those (which
marks them as manual) and let them automatically installed their
dependencies (which marks them as automatic) rather than install
everything (which marks the libs as manual too).  Meaning that those
libraries will never be offered for "autoremove" later when they are
no longer needed due to upgrades.

You can use the 'apt-mark' command to list and change these.

  apt-mark showmanual
  apt-mark showauto
  apt-mark auto libfoopackagename

You didn't say so I don't know why you wanted to know the package
differences.  I wanted to mention the above so that if possible you
could still track packages installed manually versus packages
installed automatically as a dependency.  It will keep the
"autoremove" functionality working for later as the system is upgraded
and keep things cleaner.

> Happy New Year !

Happy New Year! :-)

Bob


signature.asc
Description: Digital signature

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

[Bob Proulx]

Joel Rees wrote:
> I wonder whether we could design a set of default update calls for
> such a system. It's a project to keep on the back burner, I suppose.

Interesting ideas.  When I read your description two different ideas
in different directions came to my mind.  One was Linux containers.

Interesting posting concerning lxc on Debian:

  
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-February/005097.html

The other idea was GNU stow.

  https://www.gnu.org/software/stow/manual/stow.html#Introduction

And here is an article about using it.

  
http://brandon.invergo.net/news/2012-05-26-using-gnu-stow-to-manage-your-dotfiles.html

I don't know exactly what you are thinking about but perhaps something
in one of the above will spark an idea along the way.

> I think the point is that certain configuration files could well be
> owned by a special purpose user.
> 
> Say I'm building a content-management system called "zerostone" and it
> provides a web-facing configuration mechanism. I'd set it up so that
> the user "admst0ne" owned the configuration files that could be
> accessed from the web, and the server that provides access to the
> configuration files would maybe run as admst0ne.

Seems reasonable.  Again something popped into my mind as I read this.
I immediately envisioned an nginx frontend running normally.
(Normally with reverse proxies configured.)  Then setting up an
additional nginx server running as your admst0ne user to run on the
client end of the reverse proxy with its own dedicated document root.
Configure the main frontend nginx to reverse proxy to the dedicated
backend nginx.  Each are light weight.  Each would be able to access
what it could access and each would have OS level security blocking it
from accessing other files.  It would compartmentalize things nicely.

It is just an idea...  I don't know how well it would play with your
vision of things.

> The non-web-facing configuration files would be owned by "zishi", and
> all human users who are allowed to log in to a regular shell and edit
> the configuration files would be members of the "zishi" group, or be
> allowed to sudo to "zishi" by rules in the /etc/sudoers.d directory.

Seems reasonable.

> Or something like that.
> 
> Purely hypothetical, of course.

:-)  Time will tell!

Bob


signature.asc
Description: Digital signature

Re: mtp://[usb:001,022]/131074

[Siard]

Andreas Weber wrote:
> Whatever variant you pick, it seems to me that the whole MTP
> implementation is still a bit buggy and slow.

This is what I noticed as well. And I see that mtpfs has been removed
from stable and testing. It is in Sid, however, so a better working
version may be coming.

I found another way that works well though. Provided that the device
has a WiFi connection to the same router your PC is connected to (wired
or via WiFi), you can use the Software Data Cable app in Android to
access your device via FTP.
For example, it prompts you to connect to ftp://192.168.2.1:/
rsync does not work with FTP, but you can use the lftp program to
connect and use its 'mirror' function to sync with a local directory,
as explained here: www.cyberciti.biz/faq/lftp-mirror-example/
As far as I have been able to try, it works without problems.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140102164042.e9c3316d.shiems...@kpnplanet.nl

Re: Disable ipv6.......

[Federico Alberto Sayd]

On 02/01/14 04:08, Charlie wrote:


Apologies, let me say this before I resend it:

Running Jessie: 3.11-2-amd64 #1 SMP Debian 3.11.10-1 (2013-12-04)
x86_64 GNU/Linux

Toshiba c500/A00L w8 laptop

Another thing I would like to do is to disable ipv6 on this system
as satellite doesn't use ipv6

Without doing ifdown eth0 to see if I was using ipv6, I did:


# rmmod ipv6

libkmod: ERROR ../libkmod/libkmod-module.c:1802
kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
such file or directory Error: Module ipv6 is in use

So there is ipv6 in use.

How can I disable it and if someone knows, how can that enabled again
should I want to do so?

Thank you,
Charlie
 --
Registered Linux User:- 329524
***

Art is merely the refuge which the ingenious have invented,
when they were supplied with food and women, to escape the
tediousness of life. .W. Somerset Maugham

***

Debian GNU/Linux - just the best way to create magic

-



echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52c5820d.3070...@uncu.edu.ar

RE: Disable ipv6.......

[Bonno Bloksma]

Hello Charlie,

>> # rmmod ipv6
>> 
>> libkmod: ERROR ../libkmod/libkmod-module.c:1802
>> kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No 
>> such file or directory Error: Module ipv6 is in use
>
> Thank you Ivan and Pi for your help.
>
> I think the message above is spurious, a remnant of something that has not 
> yet been updated from Wheezy.
>
> [...]
>
> So I am certain now that I don't have ipv6 enabled at all, and that message 
> can be ignored.

In previous Debian versions ipv6 was done via a module that one could unload or 
disable to prevent ipv6 being activated.
As of Squeeze ipv6 is built in at the kernel level and cannot be disabled that 
way.

So unless you are still running Lenny or build your own kernel there is no ipv6 
module.
Just do "ip addr" or "ifconfig" and you will probably see ip6 lines, ip6 is 
default on now. If your uplink does not do ipv6 then there is no ipv6 traffic 
going over the line and no delay in using ipv4.

Bonno Bloksma


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/89d1798a7351d040b4e74e0a043c69d765dc8...@einexch-01.tio.nl

Re: nano vs VI

[Paul Cartwright]

  
  
On 01/02/2014 07:25 AM, shawn wilson
  wrote:


  No idea. I compile vim on Debian for ruby support
(command-t). Probably vim-gtk. So I'm putting this back on the
list. 
  On Jan 2, 2014 7:19 AM, "Paul Cartwright"

wrote:

  
On 01/02/2014 07:12 AM, shawn wilson wrote:


  
On Jan 1, 2014 7:43 PM, "Paul Cartwright" 

wrote:
>
> On 01/01/2014 07:00 PM, Richard Hector wrote:
> > Also perhaps:
> >
> > aptitude purge nano :-)
> >
> > Richard
> thanks, I might do that also, since I use either VI
or gedit..
>
  You do know about gvim right? 

not really.. should I?
when I try to install it I get:
 apt-get install gvim
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Package gvim is a virtual package provided by:
  vim-gtk 2:7.3.547-7
  vim-gnome 2:7.3.547-7
  vim-athena 2:7.3.547-7
You should explicitly select one to install.


so, which one is right?
  

  

 ok, so synaptics actually had VIM..
here is what I now have installed..
dpkg -l|grep vim
ii  vim  
2:7.3.547-7    amd64    Vi IMproved -
enhanced vi editor
ii  vim-addon-manager
0.5.2  all  manager of addons
for the Vim editor
ii  vim-common   
2:7.3.547-7    amd64    Vi IMproved - Common
files
ii  vim-gnome
2:7.3.547-7    amd64    Vi IMproved -
enhanced vi editor - with GNOME2 GUI
ii  vim-gui-common   
2:7.3.547-7    all  Vi IMproved - Common
GUI files
ii  vim-runtime  
2:7.3.547-7    all  Vi IMproved -
Runtime files
ii  vim-scripts  
20121007   all  plugins for vim,
adding bells and whistles
ii  vim-tiny 
2:7.3.547-7    amd64    Vi IMproved -
enhanced vi editor - compact version

I tried to vim a file.. nice interface! I'll have to play with it.
-- 
Paul Cartwright
Registered Linux User #367800 and new counter #561587
  



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c55ce0.5090...@gmail.com

Re: Disable ipv6.......

[Charlie]

On Thu, 2 Jan 2014 18:08:49 +1100 Charlie sent:

> # rmmod ipv6
> 
> libkmod: ERROR ../libkmod/libkmod-module.c:1802
> kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
> such file or directory Error: Module ipv6 is in use

Thank you Ivan and Pi for your help.

I think the message above is spurious, a remnant of something that has
not yet been updated from Wheezy.

I can't recall for certain, but this is how I usually do an install and
this is an install on a new machine.

I installed wheezy to get all the packages I wanted to use up and
running on the system. When I had it working the way I wanted, I
changed the /etc/apt/sources-list to jessie and updated and upgraded.
Then have the system I want up and running and work from there.

So I am certain now that I don't have ipv6 enabled at all, and that
message can be ignored.

Many thanks once again for your kindness.

I wish for you all the things you wish for yourselves in the new year.
Charlie
-- 
Registered Linux User:- 329524
***

Indeed, history is nothing more than a tableau of crimes and
misfortunes. Voltaire

***

Debian GNU/Linux - just the best way to create magic

-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140102233056.589d1925@taogypsy.wildlife

Re: nano vs VI

[shawn wilson]

No idea. I compile vim on Debian for ruby support (command-t). Probably
vim-gtk. So I'm putting this back on the list.
On Jan 2, 2014 7:19 AM, "Paul Cartwright"  wrote:

>  On 01/02/2014 07:12 AM, shawn wilson wrote:
>
>
> On Jan 1, 2014 7:43 PM, "Paul Cartwright"  wrote:
> >
> > On 01/01/2014 07:00 PM, Richard Hector wrote:
> > > Also perhaps:
> > >
> > > aptitude purge nano :-)
> > >
> > > Richard
> > thanks, I might do that also, since I use either VI or gedit..
> >
>
> You do know about gvim right?
>
> not really.. should I?
> when I try to install it I get:
>  apt-get install gvim
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Package gvim is a virtual package provided by:
>   vim-gtk 2:7.3.547-7
>   vim-gnome 2:7.3.547-7
>   vim-athena 2:7.3.547-7
> You should explicitly select one to install.
>
>
> so, which one is right?
>
> --
> Paul Cartwright
> Registered Linux User #367800 and new counter #561587
>
>

Re: nano vs VI

[Paul Cartwright]

  
  
On 01/02/2014 07:12 AM, shawn wilson
  wrote:


  
On Jan 1, 2014 7:43 PM, "Paul Cartwright" 
wrote:
>
> On 01/01/2014 07:00 PM, Richard Hector wrote:
> > Also perhaps:
> >
> > aptitude purge nano :-)
> >
> > Richard
> thanks, I might do that also, since I use either VI or
gedit..
>
  You do know about gvim right? 

gvim, is basically vim-tiny? portable? If I travel, I either have my
linux laptop., or android tablet..

-- 
Paul Cartwright
Registered Linux User #367800 and new counter #561587
  



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c55a64.5080...@gmail.com

Re: Disable ipv6.......

[Charlie]

On Thu, 02 Jan 2014 10:39:47 +0100 Ivan Jurišić sent:

> If wont to check loaded modules in memory try: 
> 
> lsmod 

nf_conntrack   70753  7
nf_nat,xt_state,nf_nat_ipv4,xt_conntrack,nf_conntrack_
ftp,iptable_nat,nf_conntrack_ipv4

> or lsmod | grep ipv6

returns nothing?

> then if not find in output "ipv6" that module is not active. 
> 
> also check with /sbin/ifconfig | grep inet if got any line with
> "inet6" in that case You have up & running ipv6.

Nothing with 6 in it at all.

So my system is tricking me all right with that spurious message.

Thanks for your help,
Charlie
-- 
Registered Linux User:- 329524
***

The generative energy, which, when we are loose, dissipates and
makes us unclean, when we are continent invigorates and
inspires us. Chastity is the flowering of man; and what are
called Genius, Heroism, Holiness, and the like, are but various
fruits which succeed it.Henry David Thoreau

***

Debian GNU/Linux - just the best way to create magic

-


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140102231603.671143de@taogypsy.wildlife

Re: nano vs VI

[shawn wilson]

On Jan 1, 2014 7:43 PM, "Paul Cartwright"  wrote:
>
> On 01/01/2014 07:00 PM, Richard Hector wrote:
> > Also perhaps:
> >
> > aptitude purge nano :-)
> >
> > Richard
> thanks, I might do that also, since I use either VI or gedit..
>

You do know about gvim right?

Re: nano vs VI

[Curt]

On 2014-01-02, Paul Cartwright  wrote:
> On 01/01/2014 08:01 PM, John Hasler wrote:
>> man select-editor
> man select-editor
> No manual entry for select-editor

I think you need to install 'sensible-utils', which provides

/usr/bin/sensible-browser
/usr/bin/sensible-editor
/usr/bin/sensible-pager

I guess it's the sensible thing to do (I haven't done it!)

Oops; he said 'select-editor'.  Mmm, maybe he meant what I 'read' 'cause I
can't find select-editor anywhere.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnlcaim8.3o4.cu...@einstein.electron.org

Re: how to configure pulseaudio to use analog speaker on motherboard not hdmi on video card

[Klaus]

On 02/01/14 02:44, Mitchell Laks wrote:


Before I kill pa the first time:

mlaks@Rashi:~$ aplay -D front piano2.wav
aplay: main:682: audio open error: Device or resource busy

then I do:

mlaks@Rashi:~$ ps aux|grep pulse
125   5074 14.4  0.0 457064  7192 ?Sl   21:13   1:07 
/usr/bin/pulseaudio --start --log-target=syslog
125   5570  0.0  0.0 117148  3204 ?S21:13   0:00 
/usr/lib/pulseaudio/pulse/gconf-helper
mlaks 6601  0.0  0.0 311224  6432 ?S
### Configuration dump generated at Wed Jan  1 21:34:11 2014



set-default-sink alsa_output.pci-_01_00.1.hdmi-stereo
set-default-source alsa_output.pci-_01_00.1.hdmi-stereo.monitor


It looks like a tough nut to crack...
Mitchell


We might be getting there. See the two different users running 
pulseaudio, uid '125' and 'mlaks'. Who is this '125' anyway? I'd accuse 
them of hogging the audio sink, making it unavailable to 'mlaks'. Here 
is a similar report: 



$ grep 125 /etc/passwd
$ grep audio  /etc/group

Here's a snipped I found on the ArchWiki Alsa pages:
"Membership in the audio group also allows direct access to devices, 
which can lead to applications grabbing exclusive output (breaking 
software mixing) (snip) Therefore, adding a user to the audio group is 
not recommended, unless you specifically need to[1].


[1] https://wiki.ubuntu.com/Audio/TheAudioGroup";

So, once you find out who '125' is, let's see whether you can then stop 
that process monopolising the audio card0.


BTW, killing and restarting the current user's PA process should be much 
easier than what you do:


$ pulseaudio -k

The default behaviour is to automatically respawn a process.

$ grep spawn /etc/pulse/client.conf
; autospawn = yes

--
Klaus


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52c539d2.4000...@gmail.com

lm_sensors log

[François Patte]

Bonjour,

After the last upgrade of my debien sid, lm_sensors reports in logwatch
(first time I see that! I didn't change anything in my config). Here is
the last report:

- lm_sensors output Begin 

 acpitz-virtual-0
 Adapter: Virtual device
 temp1:+27.8 C  (crit = +106.0 C)
 temp2:+29.8 C  (crit = +106.0 C)

 coretemp-isa-
 Adapter: ISA adapter
 Physical id 0:  +37.0 C  (high = +85.0 C, crit = +105.0 C)
 Core 0: +37.0 C  (high = +85.0 C, crit = +105.0 C)
 Core 1: +34.0 C  (high = +85.0 C, crit = +105.0 C)
 Core 2: +32.0 C  (high = +85.0 C, crit = +105.0 C)
 Core 3: +33.0 C  (high = +85.0 C, crit = +105.0 C)

 nct6779-isa-0290
 Adapter: ISA adapter
 in0:+0.94 V  (min =  +0.00 V, max =  +1.74 V)
 in1:+1.01 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in2:+3.33 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in3:+3.33 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in4:+1.02 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in5:+2.04 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in6:+2.04 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in7:+3.38 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in8:+3.30 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in9:+1.07 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in10:   +2.04 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in11:   +2.04 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in12:   +0.26 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in13:   +0.17 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 in14:   +2.04 V  (min =  +0.00 V, max =  +0.00 V)  ALARM
 fan1: 0 RPM  (min =0 RPM)
 fan2:  1166 RPM  (min =0 RPM)
 fan3: 0 RPM  (min =0 RPM)
 fan4: 0 RPM  (min =0 RPM)
 fan5: 0 RPM  (min =0 RPM)
 SYSTIN: +30.0 C  (high =  +0.0 C, hyst =  +0.0 C)
ALARM  sensor = thermistor
 CPUTIN: +27.0 C  (high = +80.0 C, hyst = +75.0 C)
sensor = thermistor
 AUXTIN0:-63.0 Csensor = thermistor
 AUXTIN1:-63.0 Csensor = thermistor
 AUXTIN2:-63.0 Csensor = thermistor
 AUXTIN3:-62.0 Csensor = thermistor
 PCH_CHIP_CPU_MAX_TEMP:   +0.0 C
 PCH_CHIP_TEMP:   +0.0 C
 PCH_CPU_TEMP:+0.0 C
 PCH_MCH_TEMP:+0.0 C
 intrusion0:ALARM
 intrusion1:ALARM
 beep_enable:   disabled


 -- lm_sensors output End -

What does it mean?

Thank you.

-- 
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte



signature.asc
Description: OpenPGP digital signature

Re: Re: Sources.list file for Debian Wheezy

[Muntasim-Ul-Haque]

Thanks, Bob. I think I would go for the /*http.debian.net */after 
reading about it from your supplied link. And for the record, */ or **/ 
was unintentional and wasn't on my sources.list .


Muntasim-Ul-Haque

Re: Disable ipv6.......

[Ivan Jurišić]

 

If wont to check loaded modules in memory try: 

lsmod or lsmod | grep ipv6 

then if not find in output "ipv6" that module is not active. 

also check with /sbin/ifconfig | grep inet if got any line with "inet6"
in that case You have up & running ipv6. 

Dana 02/01/2014 08:22, Charlie je napisao(la): 

> On Thu, 02 Jan 2014 07:58:24 +0100 Ivan Jurišić sent:
> 
>> Try this: 1. open file /etc/default/grub nano /etc/default/grub 2 add 
>> "ipv6.disable=1" in variable GRUB_CMDLINE_LINUX_DEFAULT, example: 
>> GRUB_CMDLINE_LINUX_DEFAULT="quiet ipv6.disable=1" 3. last step, update grup 
>> and reboot PC: update-grub reboot
> 
> Thank you Ivan,
> 
> Did that:
> 
> But I still get the same message:
> 
> # rmmod ipv6
> libkmod: ERROR ../libkmod/libkmod-module.c:1802
> kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
> such file or directory Error: Module ipv6 is in use
> 
> Which I can only assume means that ipv6 is actually still in use,
> unless it's tricking me of course? [laughing]
> 
> -- 
> Registered Linux User:- 329524
> ***
> 
> In our civilization, and under our republican form of
> government, intelligence is so highly honored that it is
> rewarded by exemption from the cares of office. ..Ambrose
> Bierce, The Devil's Dictionary
> 
> ***
> 
> Debian GNU/Linux - just the best way to create magic
> 
> -
 

Re: [OT] non technical Q: bad or worse. Was: To do the same as Windows safe mode...........

[Tom Furie]

On Thu, Jan 02, 2014 at 12:22:15PM +1100, Scott Ferguson wrote:

> Better presupposes good. If something doesn't approach good, e.g.
> someone misses the target by 10 metres are they "better" than the person
> who missed by 20 metres? Or "less worse". To call the 10 miss "better"
> is a version of newspeak.

Surely the correct term, rather than "less worse" would be "less bad"?

Cheers,
Tom

-- 
Stanford women are responsible for the success of many Stanford men:
they give them "just one more reason" to stay in and study every night.


signature.asc
Description: Digital signature

Re: Disable ipv6.......

[Charlie]

On Thu, 2 Jan 2014 18:22:09 +1100 Charlie sent:

> On Thu, 02 Jan 2014 07:58:24 +0100 Ivan Jurišić sent:
> 
> > Try this: 
> > 
> > 1. open file /etc/default/grub 
> > 
> > nano /etc/default/grub 
> > 
> > 2 add "ipv6.disable=1" in variable GRUB_CMDLINE_LINUX_DEFAULT,
> > example: 
> > 
> > GRUB_CMDLINE_LINUX_DEFAULT="quiet ipv6.disable=1" 
> > 
> > 3. last step, update grup and reboot PC: 
> > 
> > update-grub
> > reboot 
> 
> Thank you Ivan,
> 
> Did that:
> 
> But I still get the same message:
> 
> # rmmod ipv6
> libkmod: ERROR ../libkmod/libkmod-module.c:1802
> kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
> such file or directory Error: Module ipv6 is in use
> 
> Which I can only assume means that ipv6 is actually still in use,
> unless it's tricking me of course? [laughing]

Further to this tried:

 echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist

but received the same message as all the other times.

Did:

Ifdown eth0

then did:

# rmmod ipv6

Same error message:

libkmod: ERROR ../libkmod/libkmod-module.c:1802
kmod_module_get_holders: could not open '/sys/module/ipv6/holders': No
such file or directory Error: Module ipv6 is in use

Did:

net.ipv6.conf.all.disable_ipv6 = 1

in /etc/sysctl.conf

when I run:

sysctl -p

as root, I get this error message:


  sysctl: cannot stat /proc/sys/net/ipv6/conf/all/disable_ipv6: No
  such file or directory

So it has to be tricking me, because every line in /etc/sysctl.conf
ipv4 or ipv6 is commented out?

So it's trickin' or there is another file.

[sigh]
Charlie
-- 
Registered Linux User:- 329524
***

The cost of a thing is the amount of what I will call life
which is required to be exchanged for it, immediately or in the
long run. Henry David Thoreau

***

Debian GNU/Linux - just the best way to create magic

-


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140102203130.0aada2ad@taogypsy.wildlife

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

[Raffaele Morelli]

2014/1/2 Bob Proulx 

> Raffaele Morelli wrote:
> > Bob Proulx wrote:
> > > 2) The ownership of the files by root are safe.  The default owner is
> > > root.  Files owned by root with the default permissions are not
> > > writable by the web process.  Files in the default configuration are
> > > not exploitable by that vulnerability which requires write access to
> > > files in the DocumentRoot.  There is never a problem with web files
> > > owned by the root user.
> >
> > Quite wrong.
>
> No.  This is correct.  If you disagree then please file a bug report.
> Please let me know where it is filed so that I can participate in the
> review.  Peer review is the best way to deal with it.
>
> > Unless you are administering your own server with just you as user
> there's
> > no problem in using root for everything.
> > But if you have other users you should grant write permissions to the
> > website document root for them to upload stuff and simply you can't let
> > anyone other than you to access as root (would you?).
> > Now, rwx permissions and unprivileged users exist for that, root
> ownership
> > is absolutely not needed.
>
> Why are you responding here with this?  I never said that creating a
> non-priviledged and non-www-data account to hold the files was bad.
> Why are you responding as if I did?  Please read the thread again.  I
> repeatedly said creating such users were a good way to do things.
>
> Here I was discussing the reason the exploit was successful.  The
> exploit allowed the attacker access to the system as the www-data
> user.  Because the files were owned by the www-data user it allowed
> the attacker to write files.  The ability to write files gave the
> attacker even more capability in this case to generate spam from the
> server.  The ability of the attacker to write files enabled the
> attacker to leave more doors open even if the original exploit was
> closed until the attacker's files are cleaned up.
>
> If the files were not owned by the www-data user then while the
> exploit may still have occurred then the attacker would have been
> prevented by the OS from writing files into the DocumentRoot.  This
> would likely have prevented the compromised host from becoming the
> spam source that it was reported to have become.  Because it would
> have limited the attacker to the original exploit and prevented the
> attacker from created expanded capabilities by adding files on disk.
>
> > Unless you are administering your own server with just you as user
> > there's no problem in using root for everything.
>
> No one has proposing using root for everything.  That would be very
> bad.  Why do you respond as if someone did?
> Bob
>

Put it here as a whole to avoid unwanted breaks (as you did between "Quite
wrong." and the rest of the sentence).

root ownership for DocumentRoot is a problem when you deal with N
developers working on N websites, because you should provide write access
to them for their work to be uploaded.
I solve this clearer using unprivileged users other than www-data for the
ownership and r-x group access to www-data (repeating the fourth time).

So, I never said nor responded as your 2) statement was bad but IMHO is
just a case specific (phpmyadmin and others living in /usr/share/ which are
installed by root) and should not be used as a general rule for each and
every website.

As I stated in one of my first responses to the OP the exploit was
possibile because the dir was writeable, the files were owned by www-data
but a NEW file was uploaded in the dir not overwritten. If the dir is
writeable root ownership of files doesn't help, am I wrong?
Moreover, I bet that if the OP will have a look at the apache log files he
will find the POST request for that script.

/r

Message formatting: was Re: Sources.list file for Debian Wheezy

[Richard Hector]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/01/14 20:47, Bob Proulx wrote:
> What is up with the */ and /**/ stuff?

The HTML version has it bold and italic. I suspect it's icedove trying
to be clever, and use 'formatting' in a 'plain text' format ...

Richard

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJSxSkAAAoJELSi8I/scBaNHe8IALKGUo0uTA4qr9r89bDIhakU
XLHP1MfuwlTDPN/c6BDQT49JiAQL5rqarS1kidyekQrEz8Ehy6HBo80pfy4jR9oS
zaX638kVM5ZSlYPdEDQo7UBqA5MrBe42eH9CNmAWzSg3/USR1vcj7dvsmagFzCkY
K7REljE7YgrYklANpMb3JujfumN/6G2NnDVGVkHnF2A9FQPDtsNEHezFvIBIZHbp
OB+aRmidURC8L7zj/7EK+sDPMxvELcp2AngsG7Ml5sPAAwLTo/rh1iHoAH4ety4s
F+89ob93LO85tQXDrqAk+f2PDYH4v3kdbz20mgBfpk5tcZaDIAot/63aiNdD5tM=
=4QAG
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52c5290c.8080...@walnut.gen.nz

Re: packages status

[Diogene Laerce]

Is there a simple way to get the list of packages installed since the fresh
installation of deby ?

How long ago was your fresh installation?  There are backups of the
dpkg package status kept in /var/backups that go back a week.  And if
you have a system backup you could retrieve older copies going back as
far as your backups.  Those files list what is installed on the
machine and could be used to make this deduction.

   $ zcat /var/backups/dpkg.status.6.gz | grep-dctrl -s Package -n "install ok 
installed" | sort > /tmp/list.prev

   $ grep-status -s Package -n "install ok installed" | sort > /tmp/list.now

   $ comm -3 /tmp/list.prev /tmp/list.now


Thanks a lot Mister Bob, it worked like a charm ! The install was nearly
fresh, just 6 or 7 days and I didn't know those dctrl-tools commands so
double thanks again. ;)

I start a script with those right now. :)

Happy New Year !

--
“One original thought is worth a thousand mindless quotings.”
“Le vrai n'est pas plus sûr que le probable.”

  Diogene Laerce


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52c52775.9040...@yahoo.fr

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

[Joel Rees]

On Thu, Jan 2, 2014 at 12:24 PM, Bob Proulx  wrote:
> [...]
>  For example if you install squirrelmail it will include
> /usr/share/squirrelmail/**.php files in the package.  Root owns those
> files.  This is good because that prevents any other account from
> being able to modify those files.  That is just long standing good
> design.

Well, you know, I have been trying to work out a way to generate a
user to own each application. Without breaking the ability to update,
etc.

There are people who want to combine /bin, /sbin, /usr/bin, and
/usr/sbin. I want to go the opposite direction, to put each
application in its own subdirectory under /app or something, and put
links to the provided apps in /bin//bin or something, so that
each user can have his own chrooted /bin with only the apps that user
should be allowed to use.

And I want to allocate an application-specific user to own each
application. Maybe more than one. Separate from the user(s) allocated
to run the daemons and servers for the application.

To take advantage of such a setup, each application would need to
supply a set of standard update routines, and update itself when
directed to by the system, I suppose. Otherwise, admin users would
have to sudo or su to root anyway, which I suppose is one of the
reasons no one has been so, ehh, fanatical? about it yet.

I wonder whether we could design a set of default update calls for
such a system. It's a project to keep on the back burner, I suppose.

>> It is a very bad idea to use the root user to do such mundane
>> things.
>
> System administration is hardly mundane.  It is often misunderstood
> (as in this thread) but very important work.
> [...]

I think the point is that certain configuration files could well be
owned by a special purpose user.

Say I'm building a content-management system called "zerostone" and it
provides a web-facing configuration mechanism. I'd set it up so that
the user "admst0ne" owned the configuration files that could be
accessed from the web, and the server that provides access to the
configuration files would maybe run as admst0ne.

The non-web-facing configuration files would be owned by "zishi", and
all human users who are allowed to log in to a regular shell and edit
the configuration files would be members of the "zishi" group, or be
allowed to sudo to "zishi" by rules in the /etc/sudoers.d directory.

Or something like that.

Purely hypothetical, of course.

-- 
Joel Rees
Logic kills. How logical do you want to be?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAAr43iNy63YfReTiM-nJXMM32vvndLfAYHQZQcjn=tsq5ag...@mail.gmail.com