SeLinux

[coreyh]

Hello

I have checked this doc,
https://wiki.debian.org/SELinux/Setup

Is selinux necessary in a production environment? Will it affect running 
services such as web, database, mail, etc., causing potential problems?


Thanks.

--
corey hickman

Re: combine two commands via pipe

[coreyh]

So, in summary, the glob solution:

 * Is shorter.
 * Is easier to read and understand.
 * Is more efficient.
 * Doesn't break if someone creates /tmp/apache420.


I know few about glob. But after checking the man page I think it is a 
good idea.


Many thanks!

--
corey hickman

Re: combine two commands via pipe

[coreyh]

I found this works though it's ugly.

$ sudo ls -ltr "/tmp/$(ls /tmp |grep apache)"
total 4

Thanks for all help.

On 2024-07-26 09:42, Max Nikulin wrote:

On 26/07/2024 06:59, cor...@free.fr wrote:


My actual requirement is that I want to 'ls -ltr' into a subdir in 
/tmp. that subdir is apache's tmp dir. but the name of the subdir is 
too long (hard to copy), so I am looking for a easier way.


Use glob if it is acceptable

sudo ls -ltr /tmp/*-apache2.service-*

If you need a private tmp directory of a specific systemd service then 
try to find proper tools to query it


service="bluetooth.service"
pid="$(systemctl show --property MainPID --value "$service")"
tmp="$(findmnt --task "$pid" --target /tmp --noheading --output FSROOT 
--raw)"

ls -ltr "$tmp"


--
corey hickman

Re: combine two commands via pipe

[coreyh]

There is only one subdir exists with chars ‘apache’ included in /tmp.

Regards

On 2024-07-26 08:14, Greg Wooledge wrote:

On Fri, Jul 26, 2024 at 07:59:42 +0800, cor...@free.fr wrote:


>
> I won't go any fancier than this until I know it's actually needed.

My actual requirement is that I want to 'ls -ltr' into a subdir in 
/tmp.
that subdir is apache's tmp dir. but the name of the subdir is too 
long

(hard to copy), so I am looking for a easier way.


Then how do you KNOW which subdirectory to use?

Is it the only one with "-apache" in its name?  If so:

ls -ltr /tmp/*-apache*

Otherwise, please describe how you (as a human with a mind) know which
directory it is.  Then we can try to duplicate that reasoning feat
with commands.


--
corey hickman

Re: combine two commands via pipe

[coreyh]

I won't go any fancier than this until I know it's actually needed.


My actual requirement is that I want to 'ls -ltr' into a subdir in /tmp. 
that subdir is apache's tmp dir. but the name of the subdir is too long 
(hard to copy), so I am looking for a easier way.


Thank you.

--
corey hickman

Re: combine two commands via pipe

[coreyh]

On 2024-07-26 07:14, Alain D D Williams wrote:

On Fri, Jul 26, 2024 at 07:04:37AM +0800, cor...@free.fr wrote:

Hello gurus,

I have the following commands:

$ ls /tmp/|grep apache2
systemd-private-653536fdd8d04538ab68da7469570d0c-apache2.service-UiHjaL

$ sudo ls -ltr
/tmp/systemd-private-653536fdd8d04538ab68da7469570d0c-apache2.service-UiHjaL
total 4


When I tried to run them in one line as follows,

$ ls /tmp/|grep apache2|sudo ls -ltr

It doesn't work as I expected.


You do not tell us what you expect; however it seems that you not 
understand
what you are trying to do. The 'ls' command does not read from stdin, 
so
putting it at the end of a pipeline will mean that data in the pipe is 
ignored.


Neither do you say what you are trying to achieve. Looking for files 
owned by

apache in a directory ?


yes.



Maybe the following will do what you want:

$ sudo ls -ltr 
/tmp/systemd-private-653536fdd8d04538ab68da7469570d0c-apache2.service-UiHjaL 
| grep apache2





this could work indeed. but it requires me to input a long path. so I am 
asking for a easier way.


Thanks.

--
corey hickman

combine two commands via pipe

[coreyh]

Hello gurus,

I have the following commands:

$ ls /tmp/|grep apache2
systemd-private-653536fdd8d04538ab68da7469570d0c-apache2.service-UiHjaL

$ sudo ls -ltr 
/tmp/systemd-private-653536fdd8d04538ab68da7469570d0c-apache2.service-UiHjaL

total 4


When I tried to run them in one line as follows,

$ ls /tmp/|grep apache2|sudo ls -ltr

It doesn't work as I expected.

How should I do that correctly?

Thank you.

--
corey hickman

Re: /var/run disappear after reboot

[coreyh]

For coreyh, here is the link to Linux Filesystem Hierarchy, v3:
<https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.pdf>. And here
is Wikipedia's page digesting it:
<https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard>. The
documents discuss where various bits should go, including 11 pieces
for various /var locations.



Thanks for all your help. Now it make sense to me.

--
corey hickman

/var/run disappear after reboot

[coreyh]

I found that after I rebooted the system, the dir /var/run/*** 
disappeared.

I put my app's web sessions under /var/run. so they got lost.
Is there an effective tool to manage /var/run dirs?

Thank you

--
corey hickman

update system periodically

[coreyh]

Hi list,

I have been running an old debian 11 for many days.
is it safe to run 'apt upgrade' and 'apt update' periodically?
for example put them into crontab.

I ask this question because I am worried that some software updates may 
conflict with each other after running in this way, resulting in system 
unavailability.


Thank you.

--
corey hickman

file descriptor VS file handle

[coreyh]

Hello,

In linux systems, are file descriptor and file handle meaning the same 
stuff?


Thanks.

ipv6 on debian

[coreyh]

greetings,

today I got a server from OVH with ipv6 only.
is there any lightweight getting started tutorial for using ipv6 on 
debian?

such as ipv6 setup, route, filters, DNS, etc.

thanks in advance.
Corey

Re: netmask question

[coreyh]

On 22/05/2023 11:08, Tim Woodall wrote:

On Mon, 22 May 2023, cor...@free.fr wrote:





Hello,

In CIDR a host address is xx.xx.xx.xx/32 which means 255.255.255.255.
isn't it?



It depends on what question you're asking.

An individual address is a /32, but a host address might be listed as a
/24 for example. This means there are 256 addresses that can be reached
without routing.


I see. thanks.
In some use cases my configuration requires a host address with /32 for 
CIDR. such as postscreen whitelist stuff.


I know 192.168.1.0/24 means a C class.
But 192.168.1.100/24 means what? C class or that separated address 
192.168.1.100?


kind regards
Corey

Re: netmask question

[coreyh]

On 22/05/2023 09:41, Tim Woodall wrote:

On Sun, 21 May 2023, Timothy M Butterworth wrote:


The only address that should have a netmask of 255.255.255.255 is the
Loopback interface.



I don't much use ipv4 any more if I can avoid it but isn't it normal 
for

point-to-point links to have a netmask of 255.255.255.255?

It definitely can be, maybe not so common as I assumed.

loopback is a /8


Hello,

In CIDR a host address is xx.xx.xx.xx/32 which means 255.255.255.255.
isn't it?

Thanks.

netmask question

[coreyh]

Hello list,

currently the netmask for an IPv4 is 255.255.255.255.
I am just not sure, why can't the netmask for IPv4 be 768.768.768.768?
Can I set that a netmask directly in linux OS?
If so we have much more IPv4 space available, even no IPv6 is needed.

Thank you.
Corey H.

how to reverse an IPv4

[coreyh]

Hello list,

I wrote this script for reversing an IP:

#!/bin/bash

IP=$1

if [ -z $IP ];then
  echo "$0 IP"
  exit 1
fi

REVERSE=$(echo $IP|awk -F\. '{print $4.$3.$2.$1}')
echo $REVERSE


it won't work as the output below.

$ bin/rbl.sh 61.144.56.32
325614461


The "." was lost.

If I changed the awk line to:
REVERSE=$(echo $IP|awk -F\. '{print "$4.$3.$2.$1"}')


It becomes:

$ bin/rbl.sh 61.144.56.32
$4.$3.$2.$1



Can you help with this?
Thanks

Re: sudo and echo

[coreyh]

On 29/04/2023 02:35, Greg Wooledge wrote:

On Sat, Apr 29, 2023 at 01:52:11AM +0200, cor...@free.fr wrote:

$ sudo echo 123 > /root/123.txt

It tells me "permission rejected".

Why this sudo can't get success?


Because the redirection is done by your shell before sudo is executed.

See  for suggestions,
but basically you're looking at variants of:

sudo sh -c 'echo 123 > /root/123.txt'


Thanks for explanation. I appreciate it.

sudo and echo

[coreyh]

Hello list,

When I run this command:

$ sudo echo 123 > /root/123.txt

It tells me "permission rejected".

Why this sudo can't get success?

Thanks.

Corey H

how to change default nameserver?

[coreyh]

greetings,

I know I can edit the entries in /etc/resolv.conf, but it will be 
overwritten by DHCP server.

I searched the internet and got one of the answers:

apt install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

what's the difference for /etc/resolv.conf and the method above?

Thanks & Happy weekend.
corey hickman

Re: my immature thoughts on perl

[coreyh]

On 08/04/2023 03:28, Emanuel Berg wrote:

Andy Smith wrote:


I think you should use Ruby if you like Ruby better!


Perl is the best language, maybe Lisp is the best language.
But everything else isn't as good.


The Language Wars Are Over: ChatGPT Won
https://bourgoin.dev/posts/programming-languages/

regards.

questions about cron.daily

[coreyh]

Hello list,

For scripts put under /etc/cron.daily, which special time will they be 
implemented?


I know they will be run daily, but not sure about the special run time.

And, I found some services like apache2, chkrootkit will put the scripts 
in this dir automatically. are they for system cleaning purpose?


Thanks.
Corey

Re: my immature thoughts on perl

[coreyh]

On 04/04/2023 11:50, Will Mengarini wrote:

* cor...@free.fr  [23-04/04=Tu 10:35 +0800]:

For instance, in ruby (irb) this is quite smooth:
irb(main):001:0> [1,2,3,4].map{|x|x+1}.reduce{|x,y|x+y}
=> 14

And in scala (shell):
scala> List(1,2,3,4).map{ _+1 }.reduce{_+_}
res1: Int = 14



In perl there is no interactive shell [...]


perl -le 'print eval $_ while <>'


In perl [...] the block statement seems strange:
$ perl -le '@x=(1,2,3,4); $sum+=$_ for( map {$_+1} @x );print $sum'
14


perl -le '@x=(1..4); print eval join "+", map $_+1, @x'

Too bad this is two days late, but Perl is an April 1 kind of language.


I heard in perl never 'eval' a string. :)

my immature thoughts on perl

[coreyh]

Hello list,

I am not that familiar with perl (though I like it), but I found it 
maybe have two flaws as follows.


1. doesn't have an interactive shell.
2. the block statement (like lambda) is ugly.

For instance, in ruby (irb) this is quite smooth:

irb(main):001:0> [1,2,3,4].map{|x|x+1}.reduce{|x,y|x+y}
=> 14


And in scala (shell):

scala> List(1,2,3,4).map{ _+1 }.reduce{_+_}
res1: Int = 14

In perl there is no interactive shell, and the block statement seems 
strange:


$ perl -le '@x=(1,2,3,4); $sum+=$_ for( map {$_+1} @x );print $sum'
14


How do you think of it?

Thanks
Corey

Re: Is perl still the No.1 language for sysadmin?

[coreyh]

On 03/04/2023 12:43, Andy Smith wrote:

Hello,

On Mon, Apr 03, 2023 at 12:23:19PM +0800, cor...@free.fr wrote:

I am just not sure, why perl6 is named to raku?


Because Perl 5 still exists and is still seeing new releases, and
what is now Raku is a completely different language, so there is no
prospect of Perl 5 ceasing to be developed with all its users moving
to what was then called Perl 6. Perl 6 needed a new name so as to
stop being a source of confusion between itself and Perl 5.


I think python3 is much different to python2, but it's still naming as
python.


The Python Software Foundation has marked CPython 2 (the default
Python interpreter) as End Of Life since 2020. It also owns the
trademark to "Python" and will not allow anyone else to make an
interpreter that is called Python that extends the life of Python 2
with new features. The only existing distributable versions of
CPython 2 are either old releases or strictly security fixes. The
PSF wants Python 2 to die; they only concern themselves with Python
3.

There are actively developed language interpreters that are
compatible with Python 2 that aren't called Python, e.g. PyPy and
Jython. So in fact even Python 2 is not yet dead as a language.


If perl6 was just named as perl6, isn't it more clear?


Perl 5 still has plenty of active developers of both itself and
applications written in it who don't want to move to Raku. Raku is a
lot more different to Perl 5 than Python 3 is different to Python 2.
The Perl Foundation (which owns the Perl and Raku trademarks)
doesn't want Perl 5 to die.

So hopefully you can see now that things are different because
things are different.




That's good info for perl5 and 6. Thanks for telling us.

regards.

Re: Is perl still the No.1 language for sysadmin?

[coreyh]

On 03/04/2023 04:59, Tom Browder wrote:

On Sun, Apr 2, 2023 at 3:42 PM Michel Verdier  wrote:


Le 2 avril 2023 Nicholas Geovanis a écrit :

> Python is a more modern programming language than perl, and more in the
> European CS tradition. Larry Wall said directly that the OO features in
> perl were fake :-) because it was another fad. You can feel the difference


Larry Wall and his many helpers released Perl 6 (now Raku) on
Christmas Day, 2015. It is a much more modern language than Python,
and it was designed as a "one-hundred year language." Check it out at
https://Raku.org.

-Tom


I am just not sure, why perl6 is named to raku?
for instance, in my default installation of debian 11, it has python3 
pre-installed.


$ python3 -V
Python 3.9.2

I think python3 is much different to python2, but it's still naming as 
python.


If perl6 was just named as perl6, isn't it more clear?

regards.
Corey

Is perl still the No.1 language for sysadmin?

[coreyh]

I saw many commands in /bin and /usr/bin are written by perl.
is perl still the first choice for sysadmin on linux?

Thanks.

mount a remote object storage

[coreyh]

Hello list,

I have the object storage service from the big providers (google cloud 
storage, Amazon S3).

Now I want to mount them in Debian Linux as a block device.

Though I know there is s3fs:
sudo apt-get install s3fs


But i have no experience on it. Do you have any suggestion on using 
remote object storage as local device?


Thanks
Corey H.

debian 11 vs ubuntu 22

[coreyh]

Dear list,

Though I have been using debian 11 for long days, I want to give a try 
on ubuntu 22.04.
Do you know what's the main difference for these two systems on dev/ops 
environment?


Thanks
Corey Hickman

should CLI have a nice UI today?

[coreyh]

Hello,

Should CLI (command line interface) have a nice UI library?
today web dev has so many libraries that make web pages with 
rich/colorful interactive views.

But CLI is still in dull mode. That should be improved in these days.
for example, run "df -h" we got the statistics with plain text. But web 
statistics for cloud storage (GCP,AWS etc) are chart like, which give 
people more intuitive feeling.


Thanks
Corey H.

Re: question about net address

[coreyh]

On 19/03/2023 18:32, Jeremy Ardley wrote:

On 19/3/23 18:28, cor...@free.fr wrote:

"v=spf1 ip4:188.66.63.1/24 -all"


According to an AI version 4 that cannot be named:

This is an SPF (Sender Policy Framework) record, which is a TXT record
in a domain's DNS settings. SPF records are used to help prevent email
spoofing by specifying which mail servers are authorized to send email
on behalf of a domain.

In this SPF record:

 * |v=spf1|: This indicates the SPF version used is SPF1.
 * |ip4:188.66.63.1/24|: This specifies that the IPv4 address range
   188.66.63.1 to 188.66.63.254 (a /24 range) is authorized to send
   email on behalf of the domain.
 * |-all|: This means that any host not listed in the SPF record (or
   not within the authorized IP range) is not allowed to send email on
   behalf of the domain.

To answer your question, this SPF record specifies a /24 range
(188.66.63.1 to 188.66.63.254) rather than a single host. Any mail
server with an IP address within that range is authorized to send
email for the domain, while other mail servers are not allowed.



So,

* 188.66.63.1/24 is a range, not a single host in SPF
* why it's not written as 188.66.63.0/24 which is more clear?

Thanks

Re: question about net address

[coreyh]

On 19/03/2023 18:00, David Christensen wrote:

On 3/18/23 16:31, cor...@free.fr wrote:

On 19/03/2023 06:17, Kushal Kumaran wrote:

On Sat, Mar 18 2023 at 07:28:23 PM, cor...@free.fr wrote:

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 ip4:188.66.63.1/24 
-all"




It means the same thing.  192.168.1.1/24 is the same range as
192.168.1.0/24, but written by someone not paying too much attention.



That's correct. Thanks.



AIUI:

* 192.168.1.0/24 identifies an IPv4 network with an address of
192.168.1.0 and a network prefix of 24 bits.  The address is within
the reserved private block 192.168.0.0/16.  The prefix corresponds to
a class C network.

* 192.168.1.1/24 identifies an IPv4 network interface with an address
of 192.168.1.1 and a network prefix of 24.  The interface is
configured to communicate over the 192.168.1.0/24 network.





So for Inleed (a local ISP)'s SPF:

spf.pinoad.se.  300 IN  TXT "v=spf1 ip4:188.66.63.1/24 -all"


They specify only 188.66.63.1 to send email?

But as far as I know their mailserver is 188.66.63.2:

mail.inleed.xyz.300 IN  A   188.66.63.2


Then this mail server should have problems in messages delivery.

Thanks
Corey

Re: question about net address

[coreyh]

On 19/03/2023 06:17, Kushal Kumaran wrote:

On Sat, Mar 18 2023 at 07:28:23 PM, cor...@free.fr wrote:

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.  300 IN  TXT "v=spf1 ip4:188.66.63.1/24 -all"



It means the same thing.  192.168.1.1/24 is the same range as
192.168.1.0/24, but written by someone not paying too much attention.



That's correct. Thanks.

question about net address

[coreyh]

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.  300 IN  TXT "v=spf1 ip4:188.66.63.1/24 -all"


Thanks.

Re: auto restarting in crontab

[coreyh]

updated: Thanks for all your helps, especially @Greg and @Yong

Now this systemd service has been enabled and just works.
I put a file on /etc/systemd/system/xxx.service whose content as,

[Unit]
Description=xxx Front
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=5
User=corey
Group=corey
ExecStart=serve -s /home/corey/workspace/xxx-frontend/build

[Install]
WantedBy=multi-user.target


And run "systemctl enable xxx.service" then "systemctl start 
xxx.service", and it works perfectly.


regards,
Corey

Re: auto restarting in crontab

[coreyh]

On 16/03/2023 09:32, Greg Wooledge wrote:

On Wed, Mar 15, 2023 at 08:00:20PM -0500, Nicholas Geovanis wrote:

On Wed, Mar 15, 2023, 7:56 PM  wrote:
> My script for monitoring Node.js app as follows. I put it in crontab for
> auto-check and restart if failure.


There's so much wrong with that.

If you want to manage a service, the *best* thing you could do would be
to write a systemd unit for it (either a system-wide unit, or a --user
unit, your choice).  Let systemd start it, restart it automatically 
when

it dies if that's what you want, and so on.

If that's more than you want to tackle, and if all you want is
automatic restarting (not the ability to stop it at will), then this
should suffice:

#!/bin/sh
PATH=/whatver/you/need
while true; do
serve -s /path/to/your/service
sleep 5
done

Then arrange for this script to be executed at boot time, and that's 
it.

No background stuff, no polling from crontab.  Just a simple loop.




Thanks Greg. I will update with the way you gave.
where will I setup this script for systemd job? any reference?

regards





>nohup serve -s  /home/myUsername/workspace/xxx-frontend/build &


This will log stdout and stderr in nohup.out in the working directory.
Look for errors there.  I bet it's a PATH issue.

Cron jobs run in a sanitized environment and may not be running with 
the

permissions you have as root on the command line.


I doubt the permissions are different.  Probably just PATH and maybe 
some

other environment variables that the Javascript program expects, but
which are not present in cron's environment.

auto restarting in crontab

[coreyh]

Greetings,

My script for monitoring Node.js app as follows. I put it in crontab for 
auto-check and restart if failure.


#!/bin/bash

# scan the port
nc -z 127.0.0.1 3000

if [ $? -eq 0 ];then
  exit
else
  killall node
  sleep 1
  nohup serve -s  /home/myUsername/workspace/xxx-frontend/build &
fi


I can run the script by manual, but in crontab it won't work. that 
means, when node.js dies, it will not get restarted by this script 
automatically.


Can you give any hints?

Thanks
Corey Hickman

Re: question on /var/run

[coreyh]

On 16/03/2023 02:08, Greg Wooledge wrote:

On Thu, Mar 16, 2023 at 02:02:35AM +0800, cor...@free.fr wrote:
I am having the question that why the dir I created in /var/run 
disappears

after rebooting the system? how to prevent that?


unicorn:~$ ls -ld /var/run
lrwxrwxrwx 1 root root 4 Jan 11  2018 /var/run -> /run/
unicorn:~$ df /run
Filesystem 1K-blocks  Used Available Use% Mounted on
tmpfs1215596  1928   1213668   1% /run

Because /var/run is a symlink to /run which is a transient, in-memory
file system not backed by permanent storage.



Thanks greg.

I have put these statement in @reboot crontab for auto startup.

@reboot mkdir -p /var/run/xxx && chown -R www-data:www-data /var/run/xxx

question on /var/run

[coreyh]

Hello,

I am having the question that why the dir I created in /var/run 
disappears after rebooting the system? how to prevent that?


Thanks
Corey

Re: real debian or true debian?

[coreyh]

On 13/03/2023 10:12, Jeffrey Walton wrote:

On Sun, Mar 12, 2023 at 9:02 PM  wrote:


When such a debian (the digital product) is authentic, should we say 
it

"real debian" or "true debian"?

I am not sure about this statement.


I am having trouble parsing what you are asking... What is the context?

Debian provides distribution media, and it has Debian packages and
installs a Debian system. If it is not a Debian system, then it is not
a Debian installer and does not have Debian packages.

I'm not sure what "true" and "authentic" have to do with things.

Maybe you are talking about the signature?



No. I meant, some people pre-installed some packages on debian and 
release it, which is declared as xxx-debian.


I am just not sure about the two words "true" and "real". which is 
suitable for description of the "official" debian?


Thanks
Corey

real debian or true debian?

[coreyh]

Hello,

When such a debian (the digital product) is authentic, should we say it 
"real debian" or "true debian"?


I am not sure about this statement.

Thanks
Corey H

debian for DNS servers

[coreyh]

Now I have three debian nodes in different DCs.
Can I deploy a distributed DNS service for fault tolerance?

the first node (KVM, NL)

# lsb_release -cd
Description:Debian GNU/Linux 11 (bullseye)
Codename:   bullseye

# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt 
Iface
0.0.0.0 193.36.132.10.0.0.0 UG0 0  0 
eth0



The second (openstack, Dallas):

# lsb_release -cd
Description:Debian GNU/Linux 11 (bullseye)
Codename:   bullseye

# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt 
Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG0 0  0 
ens3



The third (KVM, NL):

# lsb_release -cd
Description:Debian GNU/Linux 11 (bullseye)
Codename:   bullseye

# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt 
Iface
0.0.0.0 5.255.106.1 0.0.0.0 UG0 0  0 
eth0



Thanks.
Corey H

Re: question about rc.local

[coreyh]

On 11/03/2023 10:04, David Wright wrote:

On Fri 10 Mar 2023 at 18:47:02 (+0100), Vincent Lefevre wrote:

On 2023-03-10 18:00:41 +0100, Christoph Brinkhaus wrote:
> Am Fri, Mar 10, 2023 at 04:29:34PM +0100 schrieb Vincent Lefevre:
> > On 2023-03-10 09:58:55 -0500, Greg Wooledge wrote:
> > > On Fri, Mar 10, 2023 at 04:55:03PM +0200, Anssi Saari wrote:
> > > > Nicolas George  writes:
>
> [snip - almost everything]
>
> > > The man pages are most likely from upstream, and don't include the
> > > changes provided by Debian (in debian.conf).
> >
> > It would be useful to have the man page patched (as sometimes done),
> > otherwise the user could be surprised.
>
> I assume you read the man pages in French language?

No, in English, as usual (my whole system is in English, mainly to
avoid translations, and this is also better for bug reports).

The rc-local.service(8) man page says:


  $ man rc-local.service
  No manual entry for rc-local.service
  $ apt-file find rc-local.service
  systemd: /lib/systemd/system/rc-local.service
  systemd: /lib/systemd/system/rc-local.service.d/debian.conf




Is rc.local a regular service? I was thinking it's just a shell script 
run by systemd.


regards,
Corey H

Re: choose the right email address to send to the lists

[coreyh]

On 10/03/2023 19:30, cor...@free.fr wrote:

I saw some people using email addresses like yahoo, AOL, mail.ru to
post messages to the lists (such as debian-user, postfix-user etc).

I am thinking those addresses which have the strictest DKIM setup are
not suitable to send a list mail, they will be blocked by many
recipients (list members).

For example, yahoo has this DMARC setting:

v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com;
ruf=mailto:d...@ruf.agari.com;

And Mail.ru:

v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru

And zoho.com:

v=DMARC1; p=reject; sp=reject; fo=0;
rua=mailto:dmarcaggregat...@zoho.com;
ruf=mailto:dmarcaggregat...@zoho.com

The all have "p=reject" rules which mean when DKIM (most modern email
providers have this enabled) break at the recipient end, this mail
will be rejected by the recipient MTA.

As we know DKIM will fail due to:

1. SPF fail (for the From: address in header) - this will 100% happen
regardless list server implements SRS or not.
2. DKIM fail (for header address as well) - this will most probably
happen since some list servers change the message content by adding a
signature etc.


So we should choose a email address which at least has no "p=reject"
in their DKIM policy.




I am sorry for the typos. What I meant is DMARC, not DKIM. :)

sorry,
Corey

Re: home server for email box

[coreyh]

On 10/03/2023 19:57, Nicolas George wrote:

Vincent Lefevre (12023-03-10):

Mail may still be sent via the ISP's smarthost.


Unless the ISP's relay refuses to take mail not from the ISP's domain,
like I have seen a few times.


Or use an outgoing mail relay, such as mail gun, mail channel, they even 
have free budgets.


Corey H.

choose the right email address to send to the lists

[coreyh]

I saw some people using email addresses like yahoo, AOL, mail.ru to post 
messages to the lists (such as debian-user, postfix-user etc).


I am thinking those addresses which have the strictest DKIM setup are 
not suitable to send a list mail, they will be blocked by many 
recipients (list members).


For example, yahoo has this DMARC setting:

v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com; 
ruf=mailto:d...@ruf.agari.com;


And Mail.ru:

v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru

And zoho.com:

v=DMARC1; p=reject; sp=reject; fo=0; 
rua=mailto:dmarcaggregat...@zoho.com; 
ruf=mailto:dmarcaggregat...@zoho.com


The all have "p=reject" rules which mean when DKIM (most modern email 
providers have this enabled) break at the recipient end, this mail will 
be rejected by the recipient MTA.


As we know DKIM will fail due to:

1. SPF fail (for the From: address in header) - this will 100% happen 
regardless list server implements SRS or not.
2. DKIM fail (for header address as well) - this will most probably 
happen since some list servers change the message content by adding a 
signature etc.



So we should choose a email address which at least has no "p=reject" in 
their DKIM policy.


For example, gmail is good:
v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com

Free.fr (the one I am using):
v=DMARC1;p=none;adkim=r;aspf=r;sp=none

GMX.net:
v=DMARC1; p=none; sp=quarantine; rua=mailto:dmarcrep...@gmx.net; 
ruf=mailto:dmarc-...@gmx.net; adkim=r;aspf=r; fo=1



They all have "p=none" so they probably have no delivery issues to 
mailing lists.


Just my thought though...

Thanks
Corey H

Re: question about rc.local

[coreyh]

What’s the right way to run rsync —daemon then? Thanks

On 09/03/2023 21:02, Greg Wooledge wrote:

On Thu, Mar 09, 2023 at 01:32:54PM +0100, Nicolas George wrote:

Corey Hickman (12023-03-09):
> does debian 11 still use /etc/rc.local for startups after rebooting?

No, Debian does not use it. It lets you use it if you so want.


For the record, if you *do* want to use it, you'll have to create it
yourself.  Make sure you give it a proper shebang (#!/bin/sh) and +x 
bits,

or it won't work.

Older versions of Debian created a mostly empty rc.local for you to
use as a starting point, but the most recent versions (not sure how 
many)

have stopped doing that.

If the process you're trying to start is a long-running service of some
kind, which you may want to stop or restart, or which you may even want
to restart itself automatically if it dies, then you should definitely
look into creating a systemd unit instead of an rc.local hack.