Re: Intel soundcard does not work

[Doug]

On 01/15/2014 12:05 AM, Raffaele Morelli wrote:


2014/1/12 Martin mailto:twpim-...@yahoo.com.au>>

Hello,
I have new computer but soundcard does not work with Debian/Squeeze.
Maybe I need to tweak some configuration files or I need new driver?
It is integrated on motherboard Intel soundcard.
Can anybody give me an advice?

Bellow are output from some command that I tought would be needed.
BTW soudcard works under Windows.

If anybody is wondering why I use Squeeze instead of something more
recent it is because I do have complete set of DVD for Squeeze but do
not have internet connection capable for online installation of OS or
even easy acces to set of DVD for newer system.

boza@spongia:~/tmp$ lspci -n
00:1b.0 0403: 8086:1c20 (rev 05)

boza@spongia:~/tmp$ lspci -v
00:1b.0 Audio device: Intel Corporation Cougar Point High
Definition Audio Controller (rev 05)
Subsystem: Giga-byte Technology Device a002
Flags: bus master, fast devsel, latency 0, IRQ 22
Memory at f7d0 (64-bit, non-prefetchable) [size=16K]
Capabilities: 
Kernel driver in use: HDA Intel
   ]


run `aplay -l` and look at the card0 infos
eg. I have

$ aplay -l
 List of PLAYBACK Hardware Devices 
card 0: Intel [HDA Intel], device 0: AD1984 Analog [AD1984 Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

then `cd /usr/share/doc/alsa-base/driver`

check in HD-Audio-Models.txt (or the gzipped related) the model which 
fits to your card and add it in /etc/modprobe.d/alsa-base.conf like this


options snd-hda-intel model=YOUR_MODEL

reboot


/r

Check your mixer(s) and make sure that the sound is not muted, and if 
it's not muted, then make sure that it's turned up. You probably have at 
least two
mixers in the system, or maybe one and a volume control--any of these 
things turned down all the way or off can give you that problem. Look 
for alsamxr,
anything with pulse-audio, maybe kmix (don't know for your system)--you 
get the idea.

--doug

Re: Intel soundcard does not work

[Raffaele Morelli]

2014/1/12 Martin 

> Hello,
> I have new computer but soundcard does not work with Debian/Squeeze.
> Maybe I need to tweak some configuration files or I need new driver?
> It is integrated on motherboard Intel soundcard.
> Can anybody give me an advice?
>
> Bellow are output from some command that I tought would be needed.
> BTW soudcard works under Windows.
>
> If anybody is wondering why I use Squeeze instead of something more
> recent it is because I do have complete set of DVD for Squeeze but do
> not have internet connection capable for online installation of OS or
> even easy acces to set of DVD for newer system.
>
> boza@spongia:~/tmp$ lspci -n
> 00:1b.0 0403: 8086:1c20 (rev 05)
>
> boza@spongia:~/tmp$ lspci -v
> 00:1b.0 Audio device: Intel Corporation Cougar Point High Definition Audio
> Controller (rev 05)
> Subsystem: Giga-byte Technology Device a002
> Flags: bus master, fast devsel, latency 0, IRQ 22
> Memory at f7d0 (64-bit, non-prefetchable) [size=16K]
> Capabilities: 
> Kernel driver in use: HDA Intel
>  ]
>

run `aplay -l` and look at the card0 infos
eg. I have

$ aplay -l
 List of PLAYBACK Hardware Devices 
card 0: Intel [HDA Intel], device 0: AD1984 Analog [AD1984 Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

then `cd /usr/share/doc/alsa-base/driver`

check in HD-Audio-Models.txt (or the gzipped related) the model which fits
to your card and add it in /etc/modprobe.d/alsa-base.conf like this

options snd-hda-intel model=YOUR_MODEL

reboot


/r

Re: audio dropouts still

[Raffaele Morelli]

2014/1/15 Zenaan Harkness 

> On 1/11/14, Zenaan Harkness  wrote:
> > On 1/11/14, Klaus  wrote:
> >> On 10/01/14 14:26, Ralf Mardorf wrote:
> >>> On Fri, 2014-01-10 at 14:09 +, Klaus wrote:
>  correlation between absolute CPU power and drop-outs
> >
> >> What I added to this thread is that even with a whittled down system (in
> >> this case: no jackd, no pulseaudio), audio drop-out can still happen. As
> >
> > And thank you! This is interesting, and pertinent information, from my
> > perspective. I too am very keen to get to the bottom of this
> > apparently illogical problem.
> >
> >> far as I'm aware of, Zenaan has not tested -- or reported about his
> >> tests of -- the most minimalist system.
> >
> > I shall do so at some point, hopefully in next day or three, and
> > report back. It's an important test.
>
> Haven't been able to test no-X environment, but the following may be
> of interest (still getting the dropouts):
>
> I installed the latest 3.12-1-rt-amd64 (rt) kernel, with dist-upgrade
> and reboot of course.
>
> Reading some of the links provided in this thread, I note that
> Debian's -rt kernel has:
> CONFIG_HZ_250=y
> # CONFIG_HZ_300 is not set
> # CONFIG_HZ_1000 is not set
> CONFIG_HZ=250
>
> rather than CONFIG_HZ=1000, which is strongly indicated/recommended in
> some of the links provided, and by realtimeconfigquickscan.git
>
> So it looks like we who like audio with reasonably low latency and
> without dropouts, may be required to build our own kernels. I do
> wonder what the purpose of the debian -rt kernel is... if it is
> intended for audio, then a bug ought be filed, but I suspect not.
>
> Now, for the most interesting thing, and I have not found the bug with
> a google search, is zita-a2j (see package zita-ajbridge). I am running
> zita-a2j as follows:
> zita-a2j -j cloop -r 44100 -n 2 -c 2 -Q 1 -d hw:0 -v
> and jackd appears as follows:
> /usr/bin/jackd -dalsa -dhw:PCH -r44100 -p256 -n2 -D -Phw:PCH,7
>
> When I run zita-a2j (to capture alsa clients and feed them to jack,
> just like /usr/bin/alsa_in command) I haven't yet figured out why I'm
> not getting audio from alsaplayer (with alsa backend), BUT, I do get
> the following errors:
>
> Alsa_pcmi: error on capture pollfd.
>   -1.458   1.22 # this line is status output, not error
> Starting synchronisation.
>
> which appear every now and then; if I remove "-v" option, I just get
> the "Starting synchronisation." messages.
>
> The man page for zita-a2j has the following para:
>
>  When starting, and in case of major trouble, you will see the
>  'Starting synchronisation' message. This can happen if there is a
>  timeout on the Jack server, e.g. a client crashed or terminated in a
>  dirty way. Jack1 will skip one or more cycles when new apps are
>  started, or when a large number of port connections is done in a short
>  time.  his may interrupt the audio signal, but should otherwise not
>  have any ill consequences nor require a restart.
>
>
> So, we have an application, zita-a2j, which is consistently showing
> _some_ output which _may_ correspond to the audio dropouts we are
> hearing.
>
> My next step is to get zita-a2j to actually work the same as alsa_in
> command as in, to produce some audio through jack for me, so we can
> hopefully correlate the auditory audio drop out, with these errors
> (I'm hopeful).
>
> Also, looks like I'll have to get back to compiling own kernel. We'll see.


I see you are experiencing audio dropouts still, can I ask which audio card
are you using?

Re: audio dropouts still

[Ralf Mardorf]

Hi,

perhaps one of the maintainers mentioned at
http://packages.debian.org/wheezy/linux-image-rt-686-pae could add a few
notes.

On Wed, 2014-01-15 at 12:21 +1100, Zenaan Harkness wrote:
> I installed the latest 3.12-1-rt-amd64 (rt) kernel, with dist-upgrade
> and reboot of course.
> 
> Reading some of the links provided in this thread, I note that
> Debian's -rt kernel has:
> CONFIG_HZ_250=y
> # CONFIG_HZ_300 is not set
> # CONFIG_HZ_1000 is not set
> CONFIG_HZ=250

This might be ok if the new full no HZ features are used and unlikely
will have impact to audio. For MIDI still hr timer/hpet does provide a
much higher resolution than just 1000 Hz, it's 10 Hz. FWIW until
now no kernel-rt > 3.8 does work on my machine.

[rocketmouse@archlinux ~]$ grep HZ /mnt/debi386/boot/config-3.2.0-4-rt-686-pae 
CONFIG_NO_HZ=y
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
# CONFIG_HZ_300 is not set
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250
CONFIG_MACHZ_WDT=m

[rocketmouse@archlinux ~]$ grep CONFIG_NO_HZ_FULL 
/mnt/debi386/boot/config-3.2.0-4-rt-686-pae

Not available for this kernel version.

[rocketmouse@archlinux ~]$ grep HPET /mnt/debi386/boot/config-3.2.0-4-rt-686-pae
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
CONFIG_HPET=y
CONFIG_HPET_MMAP=y

I also installed from the Debian repositories, usually I build linux-rt
myself. It IMO is a bad idea to use 250 Hz since hr timer/hpet can't be
used by everybody and for MIDI queue timer resolution you want at least
1000 Hz, assumed you care for lets say MIDI jitter.

JFTR

[rocketmouse@archlinux ~]$ grep CONFIG_NO_HZ 
/mnt/debi386/boot/config-3.2.0-4-rt-686-pae
CONFIG_NO_HZ=y

is not the same as CONFIG_NO_HZ_FULL.

Next time I'll test such a 250 Hz kernel, but I will install a 1000 Hz
kernel too.

Regards,
Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1389751826.6024.31.camel@archlinux

Re: audio dropouts still

[Zenaan Harkness]

On 1/15/14, Zenaan Harkness  wrote:

> I installed the latest 3.12-1-rt-amd64 (rt) kernel, with dist-upgrade
> and reboot of course.

PS, btw, this kernel randomly fails to hibernate on me. I know that's
another thread, and I may start one after some more testing. Just a
random data point in case its useful to anyone.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOsGNSQCjc6mBGBVK2=Lw4hHQX=vS1_XUD+7Ae=0tp9dra4...@mail.gmail.com

Re: audio dropouts still

[Zenaan Harkness]

On 1/11/14, Zenaan Harkness  wrote:
> On 1/11/14, Klaus  wrote:
>> On 10/01/14 14:26, Ralf Mardorf wrote:
>>> On Fri, 2014-01-10 at 14:09 +, Klaus wrote:
 correlation between absolute CPU power and drop-outs
>
>> What I added to this thread is that even with a whittled down system (in
>> this case: no jackd, no pulseaudio), audio drop-out can still happen. As
>
> And thank you! This is interesting, and pertinent information, from my
> perspective. I too am very keen to get to the bottom of this
> apparently illogical problem.
>
>> far as I'm aware of, Zenaan has not tested -- or reported about his
>> tests of -- the most minimalist system.
>
> I shall do so at some point, hopefully in next day or three, and
> report back. It's an important test.

Haven't been able to test no-X environment, but the following may be
of interest (still getting the dropouts):

I installed the latest 3.12-1-rt-amd64 (rt) kernel, with dist-upgrade
and reboot of course.

Reading some of the links provided in this thread, I note that
Debian's -rt kernel has:
CONFIG_HZ_250=y
# CONFIG_HZ_300 is not set
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250

rather than CONFIG_HZ=1000, which is strongly indicated/recommended in
some of the links provided, and by realtimeconfigquickscan.git

So it looks like we who like audio with reasonably low latency and
without dropouts, may be required to build our own kernels. I do
wonder what the purpose of the debian -rt kernel is... if it is
intended for audio, then a bug ought be filed, but I suspect not.

Now, for the most interesting thing, and I have not found the bug with
a google search, is zita-a2j (see package zita-ajbridge). I am running
zita-a2j as follows:
zita-a2j -j cloop -r 44100 -n 2 -c 2 -Q 1 -d hw:0 -v
and jackd appears as follows:
/usr/bin/jackd -dalsa -dhw:PCH -r44100 -p256 -n2 -D -Phw:PCH,7

When I run zita-a2j (to capture alsa clients and feed them to jack,
just like /usr/bin/alsa_in command) I haven't yet figured out why I'm
not getting audio from alsaplayer (with alsa backend), BUT, I do get
the following errors:

Alsa_pcmi: error on capture pollfd.
  -1.458   1.22 # this line is status output, not error
Starting synchronisation.

which appear every now and then; if I remove "-v" option, I just get
the "Starting synchronisation." messages.

The man page for zita-a2j has the following para:

 When starting, and in case of major trouble, you will see the
 'Starting synchronisation' message. This can happen if there is a
 timeout on the Jack server, e.g. a client crashed or terminated in a
 dirty way. Jack1 will skip one or more cycles when new apps are
 started, or when a large number of port connections is done in a short
 time.  his may interrupt the audio signal, but should otherwise not
 have any ill consequences nor require a restart.


So, we have an application, zita-a2j, which is consistently showing
_some_ output which _may_ correspond to the audio dropouts we are
hearing.

My next step is to get zita-a2j to actually work the same as alsa_in
command as in, to produce some audio through jack for me, so we can
hopefully correlate the auditory audio drop out, with these errors
(I'm hopeful).

Also, looks like I'll have to get back to compiling own kernel. We'll see.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOsGNSTOg6JSp7x28ANtXVXy2egW3W9j-+OFjECYV-Vt=vi...@mail.gmail.com

Re: permissions: can you force ACL to be effective over unix perms?

[Tom Furie]

On Tue, Jan 14, 2014 at 05:21:18PM -0600, Bob Goldberg wrote:

> I have 2 classes of users - SFTP users (customers), and SFTP managers
> (company users that manage customer data).
> 
> I want a highly secure and privacy safe SFTP server. But I also want it to
> appear to users as simple and easy as possible. All users will access SFTP
> only via an SFTP client.
> so my wants are:
> - sftp access only. (but not to exclude ssh access for linux users).
> - sftp users chroot'ed to their home dir, without any added level's of
> directory's [beneath home].
> - so users should have "w" access to their home.
> - sftp managers should have "w" access to all sftp-users' home dir's.
> 
> what would be the best way to accomplish this?
> I don't care how complex the setup/config is - as long as it's as easy, and
> idiot-proof for my users as possible.

The first thing that springs to mind is to have the home dirs owned by
the user, with rwx permission, and group of sftpmanager (for example),
with rwx permissions. Have your sftp managers (and only your sftp
managers) be members of group sftpmanager. You could add g+s permission
so newly created files will have group sftpmanager.

You mentioned that the ftp server you are using requires that all
directories leading to the home directories be owned by root with no
group write permissions. Does that apply even to the user's home itself?

Cheers,
Tom



signature.asc
Description: Digital signature

Re: Fresh Jessie Install VLC freezes

[Scott Ferguson]

Resending to the list

On 15/01/14 05:44, Robert Crawford wrote:
> 
> 
> 
> 
> 
> Please post the output of:-
> $ cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep multim
> 
> and:-
> 
> $ dpkg -l vlc
> 
> 
> Kind regards
> 
> 
> --
> 
> ​Scott,
> 
> Test #1
> deb http://www.deb-multimedia.org stable main non-free
> deb http://www.deb-multimedia.org squeeze main non-free
> 
> Test #2
> Desired=Unknown/Install/Remove/Purge/Hold
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name   Version  Architecture Description
> +++-==---=
> ii  vlc2.1.2-2  i386 multimedia player and streamer
> 
> Robert
> ​
> 
There's the problem Robert, deb-multimedia exists to provide an
alternative to how Debian does things - and sometimes that breaks
things. I "suspect" the problem is not the vlc package but some of the
codecs from multimedia that are pulled in with it.
This is a hasty post so I'd appreciate alternative solutions from any
who knows for a fact another fix.

You can confirm the source of vlc with:-
$ apt-cache policy vlc


If you have a choice between installing from Debian or multimedia choose
Debian unless you have a *compelling* reason not to. Pinning and apt-get
-t is the way I do it.

Set up pinning:-
cat /etc/apt/preferences.d/multimedia.pref
Package: *
Pin: origin *.deb-multimedia.org
Pin-Priority: 200


NOTE that you run Jessie but are pulling stable (Wheezy) and old-stable
(Squeeze) from multi-media. Mix apples with apples.

Change that:-
cat /etc/apt/sources.list.d/multimedia.list
#apt-get install deb-multimedia-keyring
deb http://www.deb-multimedia.org jessie main non-free

Or:-
cat /etc/apt/sources.list.d/multimedia.list
#apt-get install deb-multimedia-keyring
deb http://www.deb-multimedia.org testing main non-free


To fix your existing problem remove vlc and the associated packages then
reinstall from Debian only - that 'should' fix the problem.
# apt-get --purge remove vlc;apt-get autoremove;apt-get remove `deborphan`

NOTE: check the outcome before running any of the above commands by
using the simulate switch (-s) e.g.:-
# apt-get -s --purge remove vlc | more

If the removal of any packages worries you keep a note of it. e.g.:-
# apt-get -s --purge remove vlc > ~/purge_vlc

It's easy to reinstall any packages that may be removed in the process
as you'll probably have a copy of the original in /var/cache/apt/archives


create the preferences file quoted above then:-
# apt-get update
# apt-get install vlc

For future reference with VLC problem there is a Messages option in one
of the drop-down menus, open it, increase the debug level, then restart
the problematic media file to get some useful debug messages.

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52d5d1c7.20...@gmail.com

Re: permissions: can you force ACL to be effective over unix perms?

[Scott Ferguson]

On 15/01/14 10:00, Bob Goldberg wrote:
> On Mon, Jan 13, 2014 at 5:40 PM, Scott Ferguson
>  > wrote:
> 
> I've followed the posts in this thread, dealing with the various
> tangents it's taken won't help you, probably the reason why it's
> received little attention.
> 
> 
> good point; noted, and TY.
>  
> 
> On 11/01/14 10:50, Bob Goldberg wrote:
> >
> > This action causes unix perms to OVERRIDE acl perms - NOT what I want
> 
> Then you'll have to find another way to achieve what you want.
> 
> *ACL should never override UNIX perms*. And they can't - if they did it
> 'would' be a bug.
> 
> 
> 
> 
> > shouldn't acl ALWAYS override unix perms?
> 
> 
> NO.  I'm sorry about your confusion, probably due to differences between
> the Windows system and UNIX. File attributes are not the same as UNIX
> permissions.
>  
> 
>  
> Scott;
> 
> you're right about my confusion; tho it doesn't stem from windows. I
> only used that ref. as an attempted comic comparison. (I actually
> learned *nix before windows existed).
> 
> Here's examples of where my confusion comes from:
> from: http://www.softpanorama.org/Commercial_linuxes/linux_acl.shtml
>>>
> /ACLs grant "higher-level" access rights that have priority over regular
> file permissions./


That's correct.  I won't get a chance till later tonight, but I need to
amend and retract my earlier emphatic statement. ACL does "override"
UNIX permissions, it can also "change" UNIX permissions - but they don't
conflict with the process/upsurp the order (root -> user -> group ->
world) resulting in anarchy. I know that doesn't make anything clearer -
probably because I'm a long way from expert on the subject  (I use ACL,
not design or define them).
In this instance we're talking about what I call ext2 ACL (I don't
remember the correct technical term)



I'm sorry I don't currently have time to give this thread the attention
it deserves. Thanks for the extra information about what you are wanting
to do as I was having trouble understanding, though not necessarily
through any failing on your part :)


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52d5cb2d.3040...@gmail.com

Re: permissions: can you force ACL to be effective over unix perms?

[Bob Goldberg]

On Tue, Jan 14, 2014 at 7:13 AM, Joel Rees  wrote:

> Caveat. I don't have the patience to work with ACLs, mostly because I
> can't see how they could really work without bringing a system to its
> knees.
>
>
To be honest - ACL's were by far my first choice for solving my problem.
There is no doubt there's been misinterpretations; I'm sorry for that.

So let me drop back to square one, and explain what I want - at the highest
level. SIMPLY, this:

I have 2 classes of users - SFTP users (customers), and SFTP managers
(company users that manage customer data).

I want a highly secure and privacy safe SFTP server. But I also want it to
appear to users as simple and easy as possible. All users will access SFTP
only via an SFTP client.
so my wants are:
- sftp access only. (but not to exclude ssh access for linux users).
- sftp users chroot'ed to their home dir, without any added level's of
directory's [beneath home].
- so users should have "w" access to their home.
- sftp managers should have "w" access to all sftp-users' home dir's.

what would be the best way to accomplish this?
I don't care how complex the setup/config is - as long as it's as easy, and
idiot-proof for my users as possible.

TIA - Bob

Samsung CLX4195SN and the Samsung Unified Linux Driver on Debian

[Lisi Reisz]

Debian Wheezy, stock kernel, ULD tarball downloaded from the Samsung 
website and compiled.

I am getting the following error message:

The components listed below are necessary for proper Unified Linux 
Driver operation. Click Cancel now, install these components from 
your Linux distribution CD-ROM or from Linux vendor Web site and then 
run Unified Linux Driver Installer again.
You may click Install Anyway to continue installation, but the result 
would be unpredictable.
Please click Help for explanations.

- SANE - "Scanner Access Now Easy" - scanner API


I am told that this may mean one of two things:
1) It is the wrong version of the driver package for the version of 
Debian that I am running.
or
2) the SANE files it needs are not in the location where it is looking 
for them, and need copying or moving so that the files are where the 
driver package is looking for them.  They recommend copying.

Does anyone know, or is anyone prepared to try to guess, where the 
driver may look?  The chap I was talking to seemed to be suggesting 
that the driver package would look in /etc/bin/, but I have 
no /etc/bin.  I could of course create one.  Do people think that 
that is what I ought to do?

I have googled.  I have found the error message, but so far not found 
a solution.  One hit suggested that it might need a 2.x series 
kernel.  I hope that that is not the solution!  Other than that I 
found nothing constructive.

Thanks,
Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201401142303.27265.lisi.re...@gmail.com

Re: permissions: can you force ACL to be effective over unix perms?

[Bob Goldberg]

On Mon, Jan 13, 2014 at 5:40 PM, Scott Ferguson <
scott.ferguson.debian.u...@gmail.com> wrote:

> I've followed the posts in this thread, dealing with the various
> tangents it's taken won't help you, probably the reason why it's
> received little attention.
>
>
good point; noted, and TY.


> On 11/01/14 10:50, Bob Goldberg wrote:
> >
> > This action causes unix perms to OVERRIDE acl perms - NOT what I want
>
> Then you'll have to find another way to achieve what you want.
>
> *ACL should never override UNIX perms*. And they can't - if they did it
> 'would' be a bug.
>
> 
>
>
> > shouldn't acl ALWAYS override unix perms?
>
>
> NO.  I'm sorry about your confusion, probably due to differences between
> the Windows system and UNIX. File attributes are not the same as UNIX
> permissions.
>


Scott;

you're right about my confusion; tho it doesn't stem from windows. I only
used that ref. as an attempted comic comparison. (I actually learned *nix
before windows existed).

Here's examples of where my confusion comes from:
from: http://www.softpanorama.org/Commercial_linuxes/linux_acl.shtml
>>
*ACLs grant "higher-level" access rights that have priority over regular
file permissions.*
<<

from: http://users.suse.com/~agruen/acl/linux-acls/online/
(under: Access Check Algorithm)
>>
*A process can be a member in more than one group, so more than one group
entry can match. If any of these matching group entries contain the
requested permissions, one that contains the requested permissions is
picked*
<<

I've read numerous articles which indicate ACL's should have priority over
normal unix-permissions.

my experiences, and information relayed in this thread contradict this.

whenever I have a problem - I always assume I'M doing something wrong.
These articles made me think my understanding was accurate, and therefore I
must not be communicating the problem correctly.

So - i'm happy to be wrong about something - that's how I learn. But if i'm
wrong here - then it appears there is a bug in the ACL implementation. (or
i've SERIOUSLY misinterpreted statements like those above).

If i'm wrong - i would really like to understand how i got here.

TIA - Bob

Re: Number of Procs

[Wawrzek Niewodniczanski]

On 8 January 2014 13:40, Hudson Flavio Meneses Lacerda
 wrote:
> Hi.
>
> Sometimes, the system raises a lot of processes, causing considerable
> delay to respond any input action. This moment, there are 312 processes
> running (in a personal laptop - Debian testing).

In your case it's probably memory issue, but in general you might find
those 2 blog posts helpful to trace what actually causing issues on
your machine:

http://larryn.blogspot.co.uk/2013/12/even-more-threads-counting.html
http://larryn.blogspot.co.uk/2013/10/number-of-threads-per-state.html

They shows how to count threads (in case you have multi-threaded
application) having impact on machine performance (running on waiting
on I/O).

Thanks,
Wawrzek

-- 
Dr  Wawrzyniec Niewodniczańskior Wawrzek for short
  PhD in Quantum Chemistry  & MSc in Molecular Engineering
   WWW: http://wawrzek.name E-MAIL: j...@wawrzek.name
  Linux User #177124


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAC7-vpAT2SthOz3eVzy9fZc�-npojxg83myn3_opejubz...@mail.gmail.com

Re: Should I be concerned that w/who reported 0 users?

[Bob Proulx]

Patrick Wiseman wrote:
> Bob Proulx wrote:
> >   $ ls -l /var/run/utmp
> >   -rw-rw-r-- 1 root utmp 24960 Jan 14 14:32 /var/run/utmp
>
> Thanks. After I rebooted, the information is back so I'm guessing its
> absence was caused by my having updated a few times without rebooting.
> All seems to be functioning properly.

Depending upon which version of Debian you are running there have been
changes.  Namely this one.

Old:
  ls -ld /var/run
  drwxr-xr-x 16 root root 4096 2014-01-14 06:33 /var/run

New:
  $ ls -ld /var/run
  lrwxrwxrwx 1 root root 4 Oct  6 19:05 /var/run -> /run

That happens upon upgrade from Squeeze to Wheezy.  That upgrade should
work okay.  But if for example it was an old Testing to a current
Testing then that would be jumping between versions that perhaps
didn't get as much testing.  There were some hiccups along the way.
You might have hit one of them.  But any release to another later
release should upgrade okay.

Bob



signature.asc
Description: Digital signature

Disk is not visible with Debian 7.2 Live

[Koji Tanaka]

Hi,

I'm having a issue that I cannot see disk with Debian 7.2 LiveCD boot.
fdisk -l doesn't show anything, and I cannot partition the disk. It
happens our old IBM dataplex servers. Did any one have the
same/similar issue? It didn't happen till 7.1.

Thank you and best regards,
Koji


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/calh919ifyu8+ckggunrgpdjfy5khqpsda40qfddrxya5z-a...@mail.gmail.com

Re: Should I be concerned that w/who reported 0 users?

[Patrick Wiseman]

On Tue, Jan 14, 2014 at 4:48 PM, Bob Proulx  wrote:
> Patrick Wiseman wrote:
>> I manage a virtual machine remotely, running Debian stable. Recently,
>> both 'w' and 'who' were reporting zero users. The machine had been up
>> for 141 days, so I did 'sudo shutdown -r now' and returned to it a few
>> minutes later, when 'w' and 'who' reported appropriately. Is this any
>> cause for concern?
>
> I would suspect a system problem more than a break-in.  The w and who
> commands simply dump the contents of the /var/run/utmp file.
>
> Does that file exist for you and does it have the correct permissions?
> Here is an example from my system.
>
>   $ ls -l /var/run/utmp
>   -rw-rw-r-- 1 root utmp 24960 Jan 14 14:32 /var/run/utmp
>
> That file is created at boot time by /etc/init.d/bootmisc.sh linked to
> the /etc/rcS.d/S??bootmisc.sh symlink in the tmpfs partitions.  It is
> tmpfs and always starts empty at boot time.  If that file does not
> exist then check that the symlink for it is installed.  If it is not
> installed then check all of the init links as others may be missing
> too.
>
>   $ ls -l /etc/rcS.d/S??bootmisc.sh

Thanks. After I rebooted, the information is back so I'm guessing its
absence was caused by my having updated a few times without rebooting.
All seems to be functioning properly.

Patrick


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cajvvksnzakwwkzjjpdp4inxns9j+by6nyemuctscuu9pwzk...@mail.gmail.com

Re: Question

[Bob Proulx]

Cameron Murgatroyd wrote:
> Hi I've recently become a frequent user of debian and I have a question if
> I were to want to make a .deb package for a game hack and to do it I needed
> to delete some files from the users file system before my files go in how
> would I do it?

Packages are associated with the system.  There are no system files in
the /home directory.  It would be a serious policy violation for an
official Debian package to reach into a user's $HOME directory and
change things there.  However if you are making a private package for
your own use only then of course you are free to do anything
non-standard that you wished to do.  But most of us would probably say
it is still a bad idea to do something like that in a .deb package.

There have been various questions asking exactly what you are wanting
to do.  Hard to help without knowing.  But let me guess that you would
like to modify dot files that control the game.  These are things that
the user could do themselves but automating the changes could be
convenient.

For a case such as that I think it would be best to package up the
helper script and then simply have the user call the script that makes
the change.  The package installs the script in /usr/bin/myfooscript
and the user simply calls the script to have it edit their files for
them.  That would seem to be fine.

Bob


signature.asc
Description: Digital signature

Re: Should I be concerned that w/who reported 0 users?

[Bob Proulx]

Patrick Wiseman wrote:
> I manage a virtual machine remotely, running Debian stable. Recently,
> both 'w' and 'who' were reporting zero users. The machine had been up
> for 141 days, so I did 'sudo shutdown -r now' and returned to it a few
> minutes later, when 'w' and 'who' reported appropriately. Is this any
> cause for concern?

I would suspect a system problem more than a break-in.  The w and who
commands simply dump the contents of the /var/run/utmp file.

Does that file exist for you and does it have the correct permissions?
Here is an example from my system.

  $ ls -l /var/run/utmp
  -rw-rw-r-- 1 root utmp 24960 Jan 14 14:32 /var/run/utmp

That file is created at boot time by /etc/init.d/bootmisc.sh linked to
the /etc/rcS.d/S??bootmisc.sh symlink in the tmpfs partitions.  It is
tmpfs and always starts empty at boot time.  If that file does not
exist then check that the symlink for it is installed.  If it is not
installed then check all of the init links as others may be missing
too.

  $ ls -l /etc/rcS.d/S??bootmisc.sh

Bob


signature.asc
Description: Digital signature

Re: Install-time non-free issues

[Brian]

On Mon 13 Jan 2014 at 18:08:50 +, Brian wrote:

> ls -l /lib/firmware
> 
> would confirm your assumption. The image you downloaded won't load
> firmware for me either. Putting it in /lib/firmware was quick and
> painless.

Curt's reference to a firmware loading bug in the present d-i is as
opportune a time as any to look at what is recommended above. It seems
firmware loading isn't as reliable as I thought it was on Wheezy, There
is an alternative technique which is worth trying if a user gets stuck at
this stage of the installation.

The installer looks on /media for firmware files. So mount the partition
containing them on /media. Switch to tty2 with ALT-F2 and

   mount /dev/ /media

before doing 'Detect network hardware'.

The partition which holds the files can be formatted FAT16 or FAT32.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140114200257.gc3...@copernicus.demon.co.uk

Re: sudo 1.8.9p3-1 in Debian sid - infinite loop?

[Sven Joachim]

On 2014-01-14 19:47 +0100, Florent Peterschmitt wrote:

> Le 14/01/2014 19:24, Florent Peterschmitt a écrit :
>>
>> I think there is something like an infinite loop in the latest sudo in
>> Debian sid.
>> 
>> Issuing a sudo -s make sudo consuming 100% CPU.

That has been noticed by several people, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732008.

If you run unstable, learn to use the Debian BTS - it's a must IMO.

> Here is the bug:
>
> http://www.sudo.ws/bugs/show_bug.cgi?id=631
>
> And workaround:
>
> In /etc/sudoers, add:
>
> Defaults use_pty

Thanks, I have added that information to the Debian bug.

Cheers,
   Sven


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87r48abcz8@turtle.gmx.de

Re: sudo 1.8.9p3-1 in Debian sid - infinite loop?

[Florent Peterschmitt]

Le 14/01/2014 19:24, Florent Peterschmitt a écrit :
> Hi,
> 
> I think there is something like an infinite loop in the latest sudo in
> Debian sid.
> 
> Issuing a sudo -s make sudo consuming 100% CPU.
> 
> An strace gives:
> 
> recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
> poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
> ([{fd=3, revents=POLLIN|POLLHUP}])
> recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
> poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
> ([{fd=3, revents=POLLIN|POLLHUP}])
> recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
> poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
> ([{fd=3, revents=POLLIN|POLLHUP}])
> recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
> poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
> ([{fd=3, revents=POLLIN|POLLHUP}])
> recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
> poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
> ([{fd=3, revents=POLLIN|POLLHUP}])

Here is the bug:

http://www.sudo.ws/bugs/show_bug.cgi?id=631

And workaround:

In /etc/sudoers, add:

Defaults use_pty


-- 
Florent Peterschmitt   | Please:
flor...@peterschmitt.fr|  * Avoid HTML/RTF in E-mail.
http://florent.peterschmitt.fr |  * Send PDF for documents.
Proudly powered by Open Source |  * Trim your quotations. Really.
   | Thank you :)



signature.asc
Description: OpenPGP digital signature

sudo 1.8.9p3-1 in Debian sid - infinite loop?

[Florent Peterschmitt]

Hi,

I think there is something like an infinite loop in the latest sudo in
Debian sid.

Issuing a sudo -s make sudo consuming 100% CPU.

An strace gives:

recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
([{fd=3, revents=POLLIN|POLLHUP}])
recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
([{fd=3, revents=POLLIN|POLLHUP}])
recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
([{fd=3, revents=POLLIN|POLLHUP}])
recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
([{fd=3, revents=POLLIN|POLLHUP}])
recvfrom(3, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 2, 4294967295) = 1
([{fd=3, revents=POLLIN|POLLHUP}])



-- 
Florent Peterschmitt   | Please:
flor...@peterschmitt.fr|  * Avoid HTML/RTF in E-mail.
http://florent.peterschmitt.fr |  * Send PDF for documents.
Proudly powered by Open Source |  * Trim your quotations. Really.
   | Thank you :)



signature.asc
Description: OpenPGP digital signature

Re: Intel soundcard does not work

[Klaus]

On 14/01/14 11:58, Martin wrote:

Realtek ALC887
Does any of this help: 
 ?


--
Klaus


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d57722.2050...@gmail.com

LogScape as a Splunk alternative?

[Robert Tanaka]

Hi Rafal,

I've been using Logscape on servers running different Nixes ( Solaris,
Redhat and Ubuntu Server). I have a few 2008 Windows servers  in the mix.
Getting installed was quite easy. I did have  problems on Ubuntu Server
because of OpenJDK so make sure you are using the jvm from Oracle.

As a Splunk alternative it appears to do everything we'd expect Splunk to
do. Bear in mind that we are still at the evaluation stage and are thinking
of adding more environments.

Rob

Re: How to patch files in a package's debian directory

[Alex Mestiashvili]

On 01/14/2014 03:04 PM, Malte Forkel wrote:

Am 14.01.2014 10:44, schrieb Alex Mestiashvili:

I am also interested in possible solutions, but I would use git with 2
branches - one for debian package, and one for the modified version.

This way by switching between branches you can build packages you need.


Using git is probably a good idea. I've briefly looked at packaging with
git a couple of times before, but never got around to actually using it.
Can I stick with the source format 3.0 (quilt) that the upstream
packager uses and still manage the project's sources or just the debian
directory with git?
Usually if a package maintained in a git repository than the whole 
source is in git, but in different branches:


Upstream sources are kept (in plain, uncompressed form) in the 
|upstream| branch. The data needed to regenerate original source 
tarballs from the |upstream| branch are kept with the help of the 
/pristine-tar(1)/ tool in the |pristine-tar| branch. Upstream sources 
are merged with Debian-specific changes in the |master| branch, which is 
the usual place to work in.


taken from here: http://pkg-perl.alioth.debian.org/git.html

In theory it should be fine to have one more branch with your local 
modifications, but I don't know if it will work with git-buildpackage 
out of box.


I think this kind of questions are best answered in debian-mentors 
mailing list or IRC.


Best regards,
Alex

Re: How to patch files in a package's debian directory

[Malte Forkel]

Am 14.01.2014 10:47, schrieb Jonathan Dowland:
> Is the package in question maintained in a version control repository
> (apt-cache showsrc pkgname | grep ^Vcs might help to determine this).
> If so, you could record the debian-specific changes in a commit and
> either mail the commit to a bug number or push a copy of your modified
> checkout somewhere (I use temporary github accounts for this, when the
> source is in a git repo to start with), thereby avoiding the limitation
> in dpkg-source.
> 
Actually, there is a git repository for the package. I wasn't aware of that.

That sounds like a good solution. Now I really have to read up on git and
packaging.




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/lb3goo$kdr$1...@ger.gmane.org

Re: image download with jigdo

[Darac Marjal]

On Tue, Jan 14, 2014 at 02:02:15PM +, Lisi Reisz wrote:
> On Monday 13 January 2014 09:05:20 Klaus Jantzen wrote:
> > why should I use 'DVD-1' when there is a
> > 'DVD-10'?
> 
> Because it is the first in the series and therefore is likely to be 
> the one that is bootable.  Why would you use DVD 10 when there is a 
> 1?
> 
> This is not a new idea.  Back when many programs and operating systems 
> had to be loaded off multiple floppies, one always started with the 
> first.  It is the logical place to start.

It's *a* logical place to start.

I can also understand Klaus' logic which appears to be that DVD-10 is
newer/better than DVD-1. If you don't know the concept of software
having to span multiple media (and with the internet, it's possible one
might not have come across that), then you might use the idea of
"Service Packs" or "Updates" instead: DVD-1 existed, but was superceded
by DVD-2 and so on.

Perhaps naming them "DVD-1-of-10" might be more explicit?


signature.asc
Description: Digital signature

Re: permissions: can you force ACL to be effective over unix perms?

[Scott Ferguson]

On 15/01/14 00:13, Joel Rees wrote:
> Caveat. I don't have the patience to work with ACLs, mostly because I
> can't see how they could really work without bringing a system to its
> knees.
> 
> On Tue, Jan 14, 2014 at 8:04 AM, Bob Goldberg  wrote:
>> [...]
>>> I may be wrong here, but how could ACLs override the native
>>> permissions system randomly without opening tons of new opportunities
>>> for discovering vulnerabilities?
>>


> 
> (I still, for example, didn't understand why each login user should
> have his/its own associated group. Seemed like such a waste at the
> time. Did not understand that allocating a user/group pair is
> basically zero overhead over just allocating a user and sticking the
> user in some general group like "user" or "admin". Didn't understand
> that the advantage I thought I saw in using primary groups to collect
> users into such groups was a mirage. Rambling here.)

Private (primary) groups can be useful, I'm not sure what you mean by
mirage but they do have problems that ACL don't. Non-teamplayer e.g:-
chmod u-rwx,g-rx $someFile




I don't want to confuse or inflame the issue, as a result of Jon
Dowlands recent post in this thread (he's correct I've had to reconsider
what I posted. ACL's *can* modify/override UNIX permissions, though it's
not that simple. It is not random, anarchaic or more insecure than UNIX
permissions and groups.
I'm trying to put together an unambiguous explanation of the benefits of
ACL and retraction/clarification of my original post, and understand the
OP's problem. Just doesn't look like I'm going to finish it tonight/this
morning :(
 - I'm working through the OP's problem, but I still don't understand
some parts of it (I'll post more questions later) and agree with you
(Joel) that it doesn't "seem" to be the best approach. ACLs yes, the
rest of the approach I'm not sure I properly understand (and so far I
can't recreate Bob's problem.


Kind regards.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52d543f0.9050...@gmail.com

Re: How to patch files in a package's debian directory

[Malte Forkel]

Am 14.01.2014 10:44, schrieb Alex Mestiashvili:
> I am also interested in possible solutions, but I would use git with 2
> branches - one for debian package, and one for the modified version.
> 
> This way by switching between branches you can build packages you need.
> 
Using git is probably a good idea. I've briefly looked at packaging with
git a couple of times before, but never got around to actually using it.
Can I stick with the source format 3.0 (quilt) that the upstream
packager uses and still manage the project's sources or just the debian
directory with git?



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/lb3g5h$cm7$1...@ger.gmane.org

Re: image download with jigdo

[Lisi Reisz]

On Monday 13 January 2014 09:05:20 Klaus Jantzen wrote:
> why should I use 'DVD-1' when there is a
> 'DVD-10'?

Because it is the first in the series and therefore is likely to be 
the one that is bootable.  Why would you use DVD 10 when there is a 
1?

This is not a new idea.  Back when many programs and operating systems 
had to be loaded off multiple floppies, one always started with the 
first.  It is the logical place to start.

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201401141402.15246.lisi.re...@gmail.com

Re: New to Debian (Gentoo user) - package management

[Sven Hartge]

Tanstaafl  wrote:
> On 2014-01-03 9:18 AM, Sven Hartge  wrote:
>>> emerge --pretend -vuDN world
>>> results in a list of all available updates, as well as any dependencies
>>> that would be installed, which I can then pick and choose from. I
>>> usually wait until newly available updates have been available for at
>>> least a few days before installing them, to avoid nasty surprises.

>> apt-get -s dist-upgrade

> Um... it looks like this actually performs the update?

> I want to see what updates would be applied, but NOT apply them yet.

> That is what the --pretend flag in gentoo does (actually the short 
> version is 'emerge -pvuDN world')...

man apt-get:

,
|  -s, --simulate, --just-print, --dry-run, --recon, --no-act
|  No action; perform a simulation of events that would occur but do not 
actually change
|  the system. Configuration Item: APT::Get::Simulate.
`

Grüße,
S°

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/6ac63kdmm...@mids.svenhartge.de

Re: permissions: can you force ACL to be effective over unix perms?

[Joel Rees]

Caveat. I don't have the patience to work with ACLs, mostly because I
can't see how they could really work without bringing a system to its
knees.

On Tue, Jan 14, 2014 at 8:04 AM, Bob Goldberg  wrote:
> [...]
>> I may be wrong here, but how could ACLs override the native
>> permissions system randomly without opening tons of new opportunities
>> for discovering vulnerabilities?
>
>
> ACLs DO OVERRIDE the native permissions - that's THE WHOLE POINT OF HAVING
> THEM !! They DO NOT do so "randomly" - man setfacl, and see that, ACLs are
> VERY explicit in how they override system perms.

Actually, the man pages seem a little ambiguous to me, at precisely
the point where you want to find a bug and I want to see the system
utilities trying to provide ACL behavior without blowing holes in the
permissions wide enough to sail aircraft carriers through.

>> > is this a bug in
>> > the ACL algorithm?
>>
>> 8-o
>>
>
> not sure what's surprising here.

Never mind my surprise. It doesn't seem to help you.

> [...]
>> > I'm using [openssh] internal-sftp to chroot users to their home dir.
>> > internal-sftp's chroot DEMANDS that all dir's leading to home MUST be
>> > root-owned, and NO g-w permissions !!
>>
>> Do you understand why?
>
> do i understand WHY?
>
> maybe i don't fully understand why. though to be blunt - i don't entirely
> care why.

You should.

> [...]
>> Nevertheless, sudo offers a solution to that false problem that is far
>> more to the point. As long as you are careful not to take the easy
>> route and put all the managers in the (unix) sudo group (or wheel, or
>> root, etc.)
>
> sudo is NOT a solution.

Well, that cuts off my best offer at a solution to your problem.

> The whole point of ACLs is to provide a greater
> level of detail in addressing problems of permission-ing. Thus you don't
> have to give NON-admin users ANY access to admin level commands (ie: sudo).
>
> Further, my users don't know linux - they are simply using an sftp client to
> talk to this server. You can't "sudo" inside an sftp client.
>
>>
>> > So NEITHER my sftp user, NOR my managing group have write access to the
>> > home
>> > directory !?!?
>>
>> Are you really sure your managers want to do that?
>
>
> absolutely - I WANT THEM TO DO THAT!
> they are "sftp managers" - I WANT them to manage the contents of sftp-users'
> home dir's !
>
> Sorry for not making this point more clear.

Well, now I'm wondering if you are having problems making sure they
can access their own ftp home directories.

Initially, I thought you were trying to provide them access to other
users' home directories. My apologies if I misunderstood.

>> > (yes, i know i can create another sub-dir they can get at, but i don't
>> > want
>> > to - that's sloppy, and un-intuitive.)
>>
>> It's not sloppy, and it's only counter-intuitive to people who don't
>> understand security. (IMO, perhaps, but I have pretty strong reasons
>> for saying so.)
>
>
> it IS sloppy AND counter-intuitive TO linux noob users who don't understand
> why they can't write files directly to their own private "home" dir.

There was a time I thought it was sloppy. I didn't really understand
Unix permissions, and I wasn't familiar with making sudo work for me.

(I still, for example, didn't understand why each login user should
have his/its own associated group. Seemed like such a waste at the
time. Did not understand that allocating a user/group pair is
basically zero overhead over just allocating a user and sticking the
user in some general group like "user" or "admin". Didn't understand
that the advantage I thought I saw in using primary groups to collect
users into such groups was a mirage. Rambling here.)

> This entire exercise is one I undertook ONLY because of my concerns over
> security, and privacy, and my need and desire to provide not only a secure
> environment, but a FRIENDLY (intuitive) one also.

If you are having trouble giving them access to their own ftp home
directories, I'm thinking that's not something to solve with ACLs.

>> > This SEEMS like such a simple task. And it PAINS me to no end, that this
>> > task would be relatively easy to implement under windoze - but seems
>> > impossible to solve under linux !!???
>> > ...sup w/ dat !?!?
>> >
>>
>> *** MSWindows is a null argument. ***
>>
>
> at least we agree on that.  :-)

Do we?

>> (Do you understand why?)
>>
>
> why are you asking me why again?

Microsoft built their empire providing tools that fool the users into
believing they are doing things they are not doing. 80% good at
getting the immediate visible results people want to see, not even 20%
at the underlying stuff that is necessary to make the results usable
on an on-going basis. Which is great for the support after-market.

In other words, just because MSWindows has the buttons to push, you
shouldn't believe that they have actually provided what you assert
above that they provided.

> [...]



-- 
Joel Rees

Be careful where you see conspiracy.
Look first in 

Re: xscreensaver-command -version is getting called every 30 seconds ?? (sid, xfce4)

[Selim T. Erdogan]

Zenaan Harkness, 13.01.2014:
> xscreensaver-command -version is getting called every 30 seconds. This
> causes my xscreensaver unlock/password dialog window to open up all
> the time...
> 
> Any idea how I can find out what's calling this command every 30 seconds?

Try running top and press V to get the "forest view" mode.  (Like pstree.)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140114125606.ga3...@cs.utexas.edu

Re: Intel soundcard does not work

[Martin]

On Sun, Jan 12, 2014 at 11:54:31AM +0100, Martin wrote:
> Bellow are output from some command that I tought would be needed.

Here are more info about errors I get when running some commands:

$ amixer  info
Card default 'PCH'/'HDA Intel PCH at 0xf7d0 irq 22'
  Mixer name: 'Realtek ALC887'
  Components: 'HDA:10ec0887,1458a002,00100302'
  Controls  : 39
amixer: Mixer load default error: Invalid argument

There are many lines as following one on the screen while
system is booting (but I could not find them neither in
/var/log/syslog file nor dmesg output):

amixer: Mixer hw:0 load error: Invalid argument

In file /var/log/syslog I found those lines:

Jan 13 21:14:06 spongia kernel: [3.975410] HDA Intel :00:1b.0: PCI INT 
A -> GSI 22 (level, low) -> IRQ 22
Jan 13 21:14:06 spongia kernel: [3.975455] HDA Intel :00:1b.0: setting 
latency timer to 64
Jan 13 21:14:06 spongia kernel: [4.113408] input: PS/2 Logitech Mouse as 
/devices/platform/i8042/serio1/input/input5
Jan 13 21:14:06 spongia kernel: [4.446503] input: HDA Digital PCBeep as 
/devices/pci:00/:00:1b.0/input/input6
Jan 13 21:14:06 spongia kernel: [4.745610] hda_codec: num_steps = 0 for 
NID=0xc (ctl = Front Playback Volume)
Jan 13 21:14:06 spongia kernel: [4.750654] hda_codec: num_steps = 0 for 
NID=0xc (ctl = Front Playback Volume)
Jan 13 21:14:06 spongia kernel: [4.752443] hda_codec: num_steps = 0 for 
NID=0xc (ctl = Front Playback Volume)
...

and many more (something like 70 for each booting) lines same as last
three.

Thanks
Martin


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140114115846.GA2525@alfa

Re: New to Debian (Gentoo user) - package management

[Pol Hallen]

   #!/bin/sh
   # At least once a day update the index package lists and download
   # pending upgrades.
   {
 apt-get -q update && apt-get -q autoclean && apt-get -q upgrade -d -y && 
apt-get -q dist-upgrade -d -y
   } 2>&1 | mailx -s "apt download output" root
   exit 0


cool! thanks

Pol

--
Pol


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d52261.7080...@fuckaround.org

Re: New to Debian (Gentoo user) - package management

[Alex Mestiashvili]

On 01/14/2014 12:05 PM, Tanstaafl wrote:

On 2014-01-03 9:18 AM, Sven Hartge  wrote:

emerge --pretend -vuDN world
results in a list of all available updates, as well as any dependencies
that would be installed, which I can then pick and choose from. I
usually wait until newly available updates have been available for at
least a few days before installing them, to avoid nasty surprises.



apt-get -s dist-upgrade


Um... it looks like this actually performs the update?

I want to see what updates would be applied, but NOT apply them yet.

That is what the --pretend flag in gentoo does (actually the short 
version is 'emerge -pvuDN world')...





are there man pages in gentoo :) ?

man apt-get

-s, --simulate, --just-print, --dry-run, --recon, --no-act
   No action; perform a simulation of events that would occur 
but do not actually change the system. Configuration Item: 
APT::Get::Simulate.


   Simulated runs performed as a user will automatically 
deactivate locking (Debug::NoLocking), and if the option 
APT::Get::Show-User-Simulation-Note is set (as it is by default) a 
notice will also
   be displayed indicating that this is only a simulation. Runs 
performed as root do not trigger either NoLocking or the notice - 
superusers should know what they are doing without further warnings

   from apt-get.

   Simulated runs print out a series of lines, each 
representing a dpkg operation: configure (Conf), remove (Remv) or unpack 
(Inst). Square brackets indicate broken packages, and empty square

   brackets indicate breaks that are of no consequence (rare).


Regards,
Alex


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d51b22.4020...@biotec.tu-dresden.de

chromium doesn't open acroread but the gnome preview

[Aldo Maggi]

after an update some months ago, pdf and jpg files started to be opened 
by gnome preview instead of geeqie and acroread.
i use xfce and find gnome preview not very useful because i can print 
only, not save files were i like.

how can i change this behavieur?
thanks

aldo


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d519eb.7040...@katamail.com

Re: New to Debian (Gentoo user) - package management

[Tanstaafl]

On 2014-01-03 9:18 AM, Sven Hartge  wrote:

emerge --pretend -vuDN world
results in a list of all available updates, as well as any dependencies
that would be installed, which I can then pick and choose from. I
usually wait until newly available updates have been available for at
least a few days before installing them, to avoid nasty surprises.



apt-get -s dist-upgrade


Um... it looks like this actually performs the update?

I want to see what updates would be applied, but NOT apply them yet.

That is what the --pretend flag in gentoo does (actually the short 
version is 'emerge -pvuDN world')...



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d51a17.4050...@libertytrek.org

Re: permissions: can you force ACL to be effective over unix perms?

[Jonathan Dowland]

On Sat, Jan 11, 2014 at 09:41:19AM +0900, Joel Rees wrote:
> But I may be wrong.I don't use ACLs.

This normally sets alarm bells off in my head...
 
> I may be wrong here, but how could ACLs override the native
> permissions system randomly without opening tons of new opportunities
> for discovering vulnerabilities?

You do misunderstand what ACLs are for. Consider the classic UNIX
permission model and permitting the apache httpd daemon to read your
web documents. Unless the httpd daemon is owner or a member of the group
for your web documents, you must set o+r. With ACLS, you can
specifically allow the httpd user to read the file(s), but nobody else.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140114095604.gc20...@bryant.redmars.org

Re: How to patch files in a package's debian directory

[Alex Mestiashvili]

On 01/13/2014 03:49 PM, Malte Forkel wrote:

Hello,

I'm testing some changes to an existing package which is using format
3.0 (quilt). I have split my changes into two patches: One modifies the
original source, one adapts files in the debian directory.

This approach fails when I build the package due to the way dpkg-source
build the source package. As described in dpkg-source(1), it extracts
the original tarball into a temporary directory, copies the existing
debian directory and then applies all patches. But since the files in
debian have already been patched, dpkg-source fails because my second
patch can not be applied twice.

There were three reasons for my approach: I would still like to be able
to build versions of the package without the changes I'm currently
testing. Plus, I would to easily reapply my changes when a new version
of the package is available. And finally, I thought the two patches were
a convenient format for passing along my changes to non-Debian and
Debian users, e.g. to the "upstream packager".

How would you handle this?

Thanks
Malte



Hi Malte,

I am also interested in possible solutions, but I would use git with 2 
branches - one for debian package, and one for the modified version.


This way by switching between branches you can build packages you need.

Regards,
Alex


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/52d5071b.9040...@biotec.tu-dresden.de

Re: How to patch files in a package's debian directory

[Jonathan Dowland]

Is the package in question maintained in a version control repository
(apt-cache showsrc pkgname | grep ^Vcs might help to determine this).
If so, you could record the debian-specific changes in a commit and
either mail the commit to a bug number or push a copy of your modified
checkout somewhere (I use temporary github accounts for this, when the
source is in a git repo to start with), thereby avoiding the limitation
in dpkg-source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140114094633.gb20...@bryant.redmars.org