Re: F12 NFS Failures
On 11/24/2009 04:21 AM, John Austin wrote: Just tested my machine with UDP and TCP This was using md5sum for about 10GB over the NFS mount 1. The default for F12/Centos5.4 appears to be TCP - which freezes 2. Forcing UDP gives NO errors for 10GB transfer 3. Forcing TCP gives a freeze I know this is an old thread, but I thought I'd toss in that you will see symptoms very much like this if only one of your machines (probably the NFS server) is configured to use jumbo frames. You should check the MTU on the server and client. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F12 installs report here.
Dell Inspiron 531S: Installed 64-bit, everything I've tested works perfectly. Dell Latitude E6400: Installed 64-bit, everything I've tested works perfectly. Dell Inspiron 546: +Airlink 101 wireless PCI card Installed 64-bit, everything I've tested works perfectly. (Side note: it took me several hours to get the wireless card working in Windows 7) Toshiba (forgot the model number): I attempted an update of a friend's laptop Friday night and learned that the system crashes unless I use nomodeset as a kernel option. The Intel i915 driver is the offending code. I gathered some information and filed a bugzilla report, but haven't updated the laptop yet. I did boot the LiveCD with nomodeset and everything else seemed fine. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Preup to F12, won't boot
On 11/19/2009 10:51 AM, Oliver Ruebenacker wrote: I just preupgraded from F10 to F12, and booting goes as far as the Fedora logo (circle with lower tip) filling up with white, then flashing briefly. Then the screen goes and stays blank afterwards, except for a cursor, and it displays if I type somthing. Try to get /var/log/Xorg.0.log and send that to the list. It will probably clarify why you aren't getting a login. You might also try nomodeset as a boot option in GRUB. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: spoof rsa fingerprint
On 11/15/2009 05:08 AM, Patrick O'Callaghan wrote: Did you read the URL I posted? It's a tutorial with very explicit information. If you understand how public-key crypto works, you'll realize that spoofing the fingerprint doesn't help the attacker. In the scenario that the OP hypothesized, yes, spoofing the fingerprint would help the attacker. A user who attempted to ssh to the router would not be warned that the host had changed and would submit their password to a rogue host. In answer to the original question, though, spoofing the fingerprint would be extraordinarily difficult. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: spoof rsa fingerprint
On 11/17/2009 04:53 AM, Patrick O'Callaghan wrote: It's my understanding that the password would still be sent over an encrypted channel (using the original host's public key), so I don't see the problem. There is no original host in the hypothesized scenario. There's an attacker whose public key has a fingerprint that matches the original host. The victim connects to the attacker instead of the original host. Since the original host isn't involved, the original host's key won't be either. However, as previously stated, this is extraordinarily difficult by design. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: the ultimate fedora laptop?
I've been pretty happy with my Dell Latitude E6400. I bought mine from their outlet store. If you go that way, look for one with Intel wireless rather than Dell wireless (Intel vs Broadcom chipset) and Intel or AMD video. The E6400 has a Core 2 Duo which is 64bit and supports hw virtualization. It supports up to 8GB of RAM. No HDMI, but it has DisplayPort, which is probably a better long-term bet (and VGA). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: pseudo terminals
On 09/10/2009 08:12 AM, devi wrote: Hi, I think , I have not explained it correctly, in the first mail. I mean that echo service httpd status /dev/pts/2, is executed in first terminal(/dev/pts/1), and the output is redirected to the /dev/pts/2. That is correct. The echo command will execute in the terminal into which you entered the command, and the output (service httpd status) will be redirected to /dev/pts/2. Here /dev/pts/2 is the terminal of another machine to which we are connnected and is a virtual machine. But the output directed here is a command, so what happens is that, the output of the first terminal, is actually executed as a command in the /dev/pts/2 terminal, because the output is redirected directly to the terminal. That is not correct, and also contradicts your previous statements. Please test this again. Redirecting output to a different tty will not cause a command to be executed there. And I know the pty of the first terminal, I got it by command tty. Now, my requirement is that, after the command service httpd status is executed on the /dev/pts/2. I want to redirect or get the output on the first terminal(/dev/pts/1). Why do you need to execute a command in /dev/pts/2 without entering the command there? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux Exim Problem
On 09/09/2009 02:56 AM, John Horne wrote: On Wed, 2009-09-09 at 12:21 +0530, Didar Hossain wrote: But, why check /boot? As far as I understood from the statvfs(2), it accepts a path to get the information. /boot is not something that Exim will use as a spool directory. Or am I missing something!? As said, because /boot is a separate partition. Statvfs looks at all the partitions, not just the one containing the path, as far as I can tell (look at strace output and you will see /proc/mounts being checked, and then a stat of each partition). Right. IIRC, because some elements of the path may be symlinks or bind mounts, statvfs will stat() the path argument, and then stat() each filesystem in /proc/mounts. It will compare the st_dev elements of each filesystem listed to the st_dev from the path in order to determine which fs actually contains the path argument. The question I'd ask is why exim is using statvfs() instead of statfs(). The system is looking at /boot, but for some reason it is throwing up an selinux error. That's the bit I don't understand (unless the 'boot_t' context is somewhat specific about who can look at /boot, but then why aren't errors shown if I simply try and do 'ls -l /boot'?). That would be because exim is confined by policy and you are not. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: pseudo terminals
On 09/08/2009 09:16 AM, devi wrote: I executed a command like echo service httpd status /dev/pts/2 , where /dev/pts/2, is the virtual machine's terminal from the other terminal. The command service httpd status is executing in the virtual machine's terminal. I think you're mistaken. If you redirect output to another terminal in the method that you describe, you will cause that text to be displayed as output on that terminal. It does not become input to the shell (or other program) running there, and will not be executed. What I want is to get the output of the command service httpd status, executed in virtual machine into the terminal, where echo service httpd status /dev/pts/2 command was executed i.e to the other terminal. I have tried different options, but no use. The command line: service httpd status /dev/pts/2 21 ...will display the output of the command on the second pty. Can we use openvm command to achieve this requirement? I think you mean openvt. As far as I know, it won't do what you want. I believe that it only works on VTs (/dev/ttyN), and only on ones that are currently unattached. It's not clear what you want to do, but maybe the screen application would be of interest to you. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: exim: SELinux
On 07/14/2009 07:33 PM, Frank Chiulli wrote: Here's what I did: - as root, I ran '/etc/init.d/exim stop' - as root, I ran 'exim -bd -d+all/tmp/ex.file 21' - as a normal user, I ran 'fetchmail' In the past, this would result in an AVC error; but not this time. BTW, there was one new message in my mail file as a result of this. Sadly, starting exim in that way will not give it the same SELinux context as it would get when run by the init process. If you stop the service and service exim start, it should get its old context, and the AVC messages should return. That'll get you back to where you can debug the problem. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: PostgreSQL setup and use
On 07/15/2009 11:43 PM, Brad Pepers wrote: 2. So now I have it installed and I try to create a database using createdb. I'm logged in as bpepers and just do createdb foo on the command line. I get this error message: createdb: could not connect to database postgres: FATAL: Ident authentication failed for user bpepers Anyone know why this is happening? You need to createuser first. Add a bpepers user to PostgreSQL with the right to create new databases. Afterward, you'll be able to createdb as the system user bpepers. As root: su postgres -c createuser bpepers The pg_hba.conf is using ident sameuser for local connections. As far as I know this should allow the postgresql server to authenticate that I'm me. It does. The server knows your system user name, but does not have a user of its own to which you can be mapped. As such, it does not know what permissions should be given to you. The first problem means a number of extra steps run as root and the second seems to mean the user will have to edit PostgreSQL config files in order to get things running. No editing should be required. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Kickstart configurator
On 06/19/2009 03:49 AM, Patrick Dupre wrote: I wanted to install my fedora on an existing logical volume. However, the configurator want to have sdax or hdax. How, can I specify /dev/Vol_Group1/LV_usr ? Are you trying to upgrade an existing installation or install a fresh OS on an existing LV? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Client connect to NFS server as user?
On 06/21/2009 07:51 AM, Bob Goodwin wrote: I'm still trying to mount as user bobg without success! 192.168.1.48 is the server, 192.168.1.9 is a client and in the box9 client I have the following lines in /etc/fstab: 192.168.1.48:/home /home/NFS-files nfs rw,users 0 0 192.168.1.9:/home /home/NFS-files nfs rw,users 0 0 I'm not certain both are required but when I su to root everything works as expected. As user bobg I get the following: Don't list the client in fstab. You should have only one line specifying any given mount point. (That is, the second field should be unique) [b...@box9 ~]$ mount.nfs box48:/home/NFS-files /mnt/home mount.nfs: permission denied: no match for /mnt/home found in /etc/fstab /mnt/home is the directory on the client where the server files should appear Well, then, that's what you should have said in /etc/fstab: box48:/home /mnt/home nfs users 0 0 With that in /etc/fstab, a user should be able to mount the directory by mount /mnt/home and unmount with umount /mnt/home. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11 moans
On 06/16/2009 06:41 AM, William Murray wrote: c) kerneloops Always seems to be running on boot up. It consume 100% of a cpu core for 10 -20 minutes before popping up a notification. This may be due to LOTS of these messages: Jun 16 15:34:07 hepntl141 kernel: [drm:drm_wait_vblank] *ERROR* failed to acquire vblank counter, -22 CPU time and memory use appear to be tied to the size of /var/log/messages. This really sucked for me when I turned on NFS debugging (my F11 workstation's NFS mounted /home keeps hanging) and I ended up with several GB of logs. It looked like kerneloops loaded all of its contents into RAM. IIRC, that problem went away when I forced the rotation of my logs. e) virtual machines steal the sound. If I run a vm, then the host has no access to the speaker any more. From Virtual Machine Manager, double click on your VM. Click on the Details tab, select Sound: ... and then click the Remove button in the lower right. This isn't a regression, AFAIK. VMs have always had exclusive access to sound if you leave that device configured. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RPM noob (query, log, build)
On 06/05/2009 10:41 PM, Thufir wrote: So, I went and built my first RPM recently. I had to go back and forth a bit with the developers, but it's built from the most recent svn update of curl-java, and, from what I see, is exactly what I wanted to install is installed the way I want it installed. However, I don't understand why the rpm query isn't returning the expected result. ... [r...@arrakis i386]# rpm -qa curl-java-0.2.3-2.i386 [r...@arrakis i386]# rpm -qa curl-java-0.2.3-2.i386.rpm First, don't use -qa unless you need to. Using -qa is really only useful if you're matching a glob-style pattern against all package names. For instance, rpm -qa curl*. If you're not using a glob-style pattern, -qa is quite slow and provides no benefit over -q. Second, use only the name of the package with both query styles (again, unless you need to): rpm -q curl-java rpm -qa curl-java Using the name only will work with both query styles. Using the version and arch only works with -q. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11 - X forwarding display problem
On 05/31/2009 08:06 PM, John wrote: xorg-x11-xauth was already installed. I created a new user and tried to login. Here is the output: [j...@lt-02 ~]$ ssh -X t...@lt-01 t...@lt-01's password: /usr/bin/xauth: creating new authority file /home/tom/.Xauthority [...@lt-01 ~]$ gedit (gedit:2969): Gtk-WARNING **: cannot open display: localhost:10.0 When you log in to that account, what do you get from: ls -l $XAUTHORITY echo $XAUTHORITY -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Questions with rsync
On 06/03/2009 06:05 PM, Patrick O'Callaghan wrote: On Wed, 2009-06-03 at 10:05 -0430, Patrick O'Callaghan wrote: On Wed, 2009-06-03 at 03:02 -0700, GMS S wrote: Will this command do the job for backup? rsync -vpa / /home/user/backup Er, isn't this recursive? What I meant to say was isn't this an infinite loop? The entire filesystem rooted at / is being copied into one of its subtrees. The answer is that rsync is clever enough to avoid this (I tried it on a test directory), Try it a second time. rsync ain't that smart. The only reason it worked the first time is that rsync built a list of files/directories to copy before it copied them. With rsync 3, it only builds that list for one directory at a time. Older versions built the entire list before beginning. You'll get different results with the two versions, IIRC. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11 - X forwarding display problem
On 05/31/2009 10:53 AM, John Foisy wrote: I've already tried the -Y option with no results. Here is the content of the pertinent section of sshd_config: That's odd. I have two machines running F11 with all of the updates, and X11 forwarding between them works just fine with both -X and -Y. From one of the F11 hosts, log in to the other with: ssh -v f11host -X Once you're logged in, check the X cookie file: ls -lZ $XAUTHORITY Finally, try a simple X11 application: gedit If it doesn't work, send the output of all of the commands. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F11 - X forwarding display problem
On 05/31/2009 11:53 AM, John wrote: [j...@lt-02 ~]$ ssh -v LT-01 -X ... debug1: Requesting X11 forwarding with authentication spoofing. ... [j...@lt-01 ~]$ ls -lZ $XAUTHORITY drwxrwxr-x. john john unconfined_u:object_r:user_home_t:s0 bin ... It looks like XAUTHORITY isn't set, which means that you probably don't have xauth in your path (it's probably not installed). Install xorg-x11-xauth, and then log in again. On your next login, sshd should create the XAUTHORITY file. Having said that, if xauth is missing, you should see an error stating that in the output of ssh -v, which you don't. That's very odd. I'm fairly certain that the problem is the missing XAUTHORITY variable, I'm just not sure why it's missing. If xauth is present, try creating a new user on the system, and see if you have the same problem when you log in to that account. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: emacs c++ code completion help
Steven W. Orr wrote: BTW, How do you make a hormone? Two ways: ... I'd have thought that after the Rails Perform like a porn star debacle, more people would realize that this kind of thing isn't really appropriate in general, and serves to keep women from joining the community. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: If you wondered why Intel sucks on Fedora read this
g wrote: intel sucks on anything but ms, because intel joined the ms whore house years ago along with many other oem suppliers because of their fear of not being included in ms specs. in off quote of b.g., 'exclusively ms or be left out'. Balderdash! Intel appears to be working quite hard to make graphics on Linux work well. They're certainly putting money into developing the drivers. The problem currently seems to be that a lot of different areas of the driver have been re-architected at once, and rapid development has never been known to produce good quality. Sad, but true. We'd probably be better off if there were a stable branch of the Intel driver. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Running 32 bit binaries on 64 bit systems
Bill Davidsen wrote: Although I'm having this on FC11 I had it on FC6, so it's hardly new or testing material. The problem with trying to run 32 bit binaries is that they take vast numbers of libraries which have to be located and installed, and generally one at a time. find . -type f -perm /0001 | xargs file | grep ELF | cut -f1 -d: \ | xargs ldd | grep not found | awk '{print $1}' \ | sort | uniq | xargs yum provides -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to re-lock ssh private key?
Wolfgang S. Rupprecht wrote: I thought I'd posted the details earlier -- if not here they are. F10 64-bit x86 install with daily yum updates. Anything else you need to convince yourself this is a problem? I'm curious. I have the same setup (64bit F10), and I don't see the same problem. If I unlock my key, I can ssh to hosts where it is installed without any prompts, as expected. If I do ssh-add -D, it prints All identities removed. Afterward, I'm prompted for my ssh key passphrase. If I cancel the dialog, ssh will ask for my password. I can imagine a couple of things that might cause the problem that you're seeing, if you have time to do a couple of tests. First, do ssh-add -D and then ssh-add -l. Send the output of the latter command. Also, the output of set | grep SSH. Then ssh to a host where your key is installed with ssh -v and include the output of that command as well. Hopefully one of those three commands will illuminate what's going on. Thanks, Wolfgang. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: fedora LTS , why not?
Adel ESSAFI wrote: My idea is to build a distribution that is based on Fedora at 100% with 1. LTS 2. with a very reduce number of packages I don't mean to rain on your parade, but I think you underestimate the amount of effort involved in this. Fedora is a community with many members, and there still isn't enough manpower for an LTS release. The Fedora Legacy group already had a run at this, and eventually shut down for exactly that reason. People who are interested in something with a long lifetime are already using something else. If you're interested in a GNU/Linux system with a long support lifetime and no charge, I'd suggest using CentOS. Join up. Put your effort into supporting their work, and when you see what's involved, you'll be glad you didn't try to do it on your own. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F10 and built-in Intel graphics
M A Young wrote: I recommend that you do a text based install (add text to the boot line), and once you have it installed, boot to a text console (add 3 to the boot line), then add Option NoAccel true to the Device section of /etc/X11/xorg.conf I'm curious whether it's necessary to disable acceleration entirely, or simply revert to the older XAA method. On my Thinkpad X40, the Intel video driver in F10 had significant problems, where the driver on F9 was fine. I could either use XAA or revert to the older driver to get proper rendering. I've attached a minimal xorg.conf. I believe you can save it to /etc/X11 to test each of the options individually. Try disabling accel, and then try using XAA (both options are in the file). Let us know what kind of results you get, and then track down one of the bugzilla reports on this subject (I know a few are open) and add your information. Section ServerLayout Identifier Default Screen Screen0 EndSection Section Screen Identifier Screen0 Device Videocard0 EndSection Section Device Identifier Videocard0 Driver intel Option NoAccel true #Option AccelMethod XAA EndSection -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: creating own RPMs
David Hláčik wrote: So far i was creating packages by using rpmdevtools and rpmbuild itself. I've read about mock , which is chrooted environment for building SRPMs . But does this mock can be applied on spec files? Do i need to prepare srpm package before i can work with mock? If so, this will not help me much. I'm curious why that would be. What makes building src.rpm packages difficult enough that mock wouldn't be any further help? Normally you can just rpmbuild -bs --nodeps package.spec to build a src.rpm, and then use mock to set up the chroot directory for different releases and rebuild the package. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to re-lock ssh private key?
Wolfgang S. Rupprecht wrote: Gordon Messmer yiny...@eburg.com writes: I think you're confused by the fact that the identities are still listed by ssh-add -l. They're certainly deactivated and require a passphrase in order to be used again (tested in GNOME 2.24). No, I'm confused by the fact that I can still ssh to remote machines without entering my key-unlocking passphrase. ;-) Like I said, this works properly for me under GNOME 2.24 (F10). Since you didn't include any details of your own setup, I can't comment on why it's not working for you the way that it should. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to re-lock ssh private key?
Todd Zullinger wrote: Are you able to remove identities from the gnome provided agent? I am not. Not with the -d or -D switch. Yes, I am. Both -d and -D work properly on GNOME 2.24 in F10. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to re-lock ssh private key?
Wolfgang S. Rupprecht wrote: Another thing that appears not to work with the gnome version of the ssh-agent is ssh-add -d or ssh-add -D. Not good. I think you're confused by the fact that the identities are still listed by ssh-add -l. They're certainly deactivated and require a passphrase in order to be used again (tested in GNOME 2.24). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to re-lock ssh private key?
Todd Zullinger wrote: I do appreciate the efforts of the gnome keyring folks, but the documentation is sorely lacking, and having undocumented magic in the area of crypto key handling is not something that gives me warm fuzzies. I believe the documentation wasn't written because services were intended to be identical to ssh-agent. The ssh-add tool can still be used to add and remove identities, and has its own man page. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: FC9 Compromised...
Jack Lauman wrote: Have any other incidents like this been reported lately? Not that I know of. What network services were running on these hosts, and what web applications? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: can nat work in vlan
ann kok wrote: I want to configure 802.1q 3 vlans can nat work in those vlan? Yes. You can treat a VLAN interface as you would a real hardware interface. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: 2nd try: Was Firewall problem: Only works on a restart.
Tim wrote: And wouldn't that mean that for at least some time, you have a network without any firewall protecting you? Yes, but on a host firewall or NAT firewall, there's very little risk in that. In between the network init and firewall init, there's nothing exposed (unless you're using NetworkManager... */me rolls eyes*). If you're using a system that acts as a router for a network that's not RFC1918 numbered (or using NM), I'd recommend setting up the iptables firewall to deny everything, and allow that to start before the network. Then configure your preferred firewall service (such as Shorewall) to start after your network interfaces. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: 2nd try: Was Firewall problem: Only works on a restart.
Ed Greshko wrote: I've not looked into the OPs problem... But I do wonder about what you've said that prompts me to ask... I was actually wrong about the problem. His firewall set ip_forward to 1, but sysctl.conf set it to 0. During boot, the firewall service started first and enabled IP forwarding. The network service started later and reloaded sysctl.conf, turning IP forwarding off. When he restarted the firewall service, it would turn IP forwarding back on. The solution was to fix ip_forward in sysctl.conf. If the system brings up the network interfaces, but no services that utilize the network, prior to bringing up the firewall what vulnerability is the system exposed to...and for how long? If you use the network service, and start your firewall immediately after, you shouldn't have anything to worry about. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Using rsync to maintain local FC10 updates repo
Joseph L. Casale wrote: You can install from a mirror with updates such that no post install yum update would be needed? That's right. You can do it with either the script that I posted or with revisor. Or several other tools. I thought the original base packages were hardcoded in Anaconda? Nope. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Using rsync to maintain local FC10 updates repo
Bill Davidsen wrote: Gordon Messmer wrote: ... rsync -auv rsync://mirrors.usc.edu/fedora/linux/updates/10/i386/ \ --delete --exclude=debug/ /repos/fedora/10/updates/i386 Except that this mirror's rsync seems to be broken! ;) How does that work? Why don't you need -r to recurse? I tried a small test and it doesn't seem to have become the default behavior or anything. The man page for rsync states: -a, --archivearchive mode; equals -rlptgoD (no -H,-A,-X) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: CDMA PC Card (Verizon PC5570) no longer works in F10
Kenneth Lee wrote: Thank you for the link! The fix is also in the most recent kernel update. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: dmesg: any idea about this ssh error
ann kok wrote: any idea about this ssh error in dmesg? How to fix it? __ratelimit: 13 callbacks suppressed sshd[12827]: segfault at 0 ip 08048f03 sp bf97ca00 error 4 in sshd[8048000+c5000] Use memtest86 to check your RAM? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: CDMA PC Card (Verizon PC5570) no longer works in F10
Kenneth Lee wrote: When I first installed Fedora 10 when the distribution first was available, I was really pleased with how well integrated NM was with CDMA cards from Verizon. I would just plug the card in, and I was able to surf the net. It just worked. Last week, I was at a conference and checked out a CDMA card. https://bugzilla.redhat.com/show_bug.cgi?id=478315 It's a kernel bug. The card was mistakenly switched from the ACM driver to the option driver. It'll be fixed in kernels newer than 2.6.27.16 or 2.6.28.5. In the meantime, you can work around the problem by modifying one of HAL's files as indicated in comment #2 of the bug entry listed above. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [RANT] Installed F10 - X performance went into the crapper
john wendel wrote: Gordon Messmer wrote: My first guess is that your system is using the VESA driver rather than nv. Maybe you should send /var/log/Xorg.0.log ? Thanks, I didn't think of this one. I'll check when I return to work. Did you ever get to check that, John? If you're still having the problem, you should send Xorg.0.log. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: myqsl dummy needs help
Gene Heskett wrote: The bottom line would appear to be, if you don't have any databases to save, then yum remove *mysql*, updatedb locate and nuke ANYTHING left behind, then re-install. If you have a database to save, well, rotsa ruck. Hope you have backups. It's not quite that bad. You can reset by simply removing the contents of /var/lib/mysql and starting the mysql service. If you have a database to save, you can use --skip-grant-tables and resetting any passwords that you require. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: myqsl dummy needs help
Gene Heskett wrote: On Tuesday 17 February 2009, Gordon Messmer wrote: It's not quite that bad. You can reset by simply removing the contents of /var/lib/mysql and starting the mysql service. If you have a database to save, you can use --skip-grant-tables and resetting any passwords that you require. I am glad that it worked for you. I did that 4 times, and each time the restart was foiled by selinux. Only a total, complete nuke job, cleaning up all the leftovers with rm, succeeded in making a fresh install work. That is very likely because you removed /var/lib/mysql, and did not restorecon /var/lib/mysql when you re-created it. I'm also still curious how your /tmp got its permissions restricted. Did you do that intentionally? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: myqsl dummy needs help
Gene Heskett wrote: ... With all due respect Craig, what the hell use is it then when ALL the documentation is wrong? ... /tmp itself is drwxr-xr-x amanda disk system_u:object_r:tmp_t:s0 tmp Well, that's totally wrong. I'm curious about how permissions on /tmp got broken. That's almost certainly what caused the problem. My guess is that the first time mysql started, it began the initialization process for the databases in /var/lib/mysql, but failed partially through because of the problem with /tmp. After that, MySQL will not continue trying to initialize, so you've got a bad database. To correct the problem, you need to make sure that /tmp is in good order. It should look like this: # ls -ldZ /tmp drwxrwxrwt root root system_u:object_r:tmp_t:s0 /tmp/ If it doesn't, then chmod 1777 /tmp and chown root:root /tmp Next, delete the contents of /var/lib/mysql. That directory must also exist and must have the correct permissions. It should look like this: $ ls -ldZ /va/lib/mysql drwxr-xr-x mysql mysql system_u:object_r:mysqld_db_t /var/lib/mysql Once those two directories are fixed, you *should* be able to start msyql, and use the cli mysql and mysqladmin tools without a password. If not, check for new SELinux problems. And with all due respect, the documentation isn't wrong just because it doesn't cover recovery from the specific error condition on your host. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: myqsl dummy needs help
Gene Heskett wrote: See other posts that describe what I did to recover. Thanks. I read your other posts, but didn't see that you'd recovered. Things are working now? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: file search engine in fedora
Barry Yu wrote: Other than using find command, is there any GUI search engine like Spotlight in MAC or Search in Windows? The Search in Fedora File Browser I just don't know how to use it. If you install one of beagle or tracker, the Search item in the Gnome Places menu will use them for searching. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [RANT] Installed F10 - X performance went into the crapper
john wendel wrote: Now with F10 I'm using XFCE, and the box is a total P.O.S. Resizing or moving a window is a nightmare, the screen redraw is too slow to keep up with the cursor, and I see lots of screen glitches. When I open an app like Firefox with a complicated screen, I see the screen being drawn in individual pieces. Scrolling text in a Vim console is much too slow to be usable. My first guess is that your system is using the VESA driver rather than nv. Maybe you should send /var/log/Xorg.0.log ? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: XFCE depends on GNOME, why?
Globe Trotter wrote: I thought I provided a very specific list of dependencies as an example. It might be helpful if someone showed you how dependencies are generated, because I don't think you understand. It's not accidental on the part of the package maintainer. $ rpm -q --requires firefox | awk '!/rpmlib/ {print $1}' | \ while read req ; do rpm -q --whatprovides $req ; done | sort | uniq ... or leave off all of the processing, rpm -q --requires firefox In that list, you'll see gnome-vfs2. When the firefox package was built, rpm did something very much like: $ rpm -ql firefox | \ while read file ; do test -f $file -a -x $file ldd $file ; done \ | awk '{print $1}' | sort | uniq You'll see libgnomevfs-2.so.0 in the list. So, while you might be able to remove the gnome desktop and applications and still have firefox, you cannot remove gnome-vfs2, which you tried to do when you did yum erase gnome* Does it make sense now? Of course, but sometimes, dependencies are included in error, as in the R example. R requires cairo. Since I'm not sure what release you saw this on, I don't know if cairo depended on some gnome package or if something else was going on. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Wifi dies about once an hour. Bug in update ?
Linuxguy123 wrote: My wifi dies about once an hour. The only way I can get it working again is to reboot. Very irritating. ... uname -a Linux localhost.localdomain 2.6.27.12-170.2.5.fc10.i686 #1 SMP Wed Jan 21 02:09:37 EST 2009 i686 i686 i386 GNU/Linux Power management has been flaky on my laptop since I updated to 2.6.27.12-170.2.5.fc10.i686. Try booting an older kernel and see if your situation is any different. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: rsync using sudo.
gary artim wrote: The problem: the local files get permission denied on root owned files subdirs. If I add sudo /usr/bin/rsync --stats -ae ssh --rsync-path=sudo /usr/bin/rsync /my rs...@host1:/backup/my I get prompted for a ssh passwd. Has anyone solved or done this? sudo rsync --stat -ae ssh -i /path/to/id_rsa \ --rsync-path=sudo /usr/bin/rsync \ /my/ rs...@host1:/backup/my/ -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: is KDE dead - did Gnome win?
Mail Lists wrote: Switching was not without some discomfort and effort ... of note: - I've been unable to add items to my desktop menu(s) System - Preferences - Look and Feel - Main Menu I'm able to add and remove items using this tool. - keyring management needs help - and getting gpg-agent and ssh-agent to work sanely took some scripting which now works perfectly for me. If you're on F10, you're probably trying too hard. At least ssh-agent functionality is built in to the gnome-keyring-daemon. You don't have to start it yourself. You probably don't even need to run 'ssh-add'; you'll be prompted for the passphrase to keys in the default paths when ssh tries to use them for the first time (or at login, if you click a checkbox). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Ideal Swap Partition Size
Aaron Konstam wrote: This is explained in nearly all textbooks on Computer Architecture. So the question remains, where is the address space in Linux. Patrick isn't the only one confused by your question. I can't make heads or tails of it. Are you asking where the mapping between the virtual address space and physical memory is done, or what? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RAM question for everyone!
Dan Track wrote: I was recently asked a question about how much RAM should there be within a server given that the APP uses 8GB of Memory, should I buy 10Gig of memory and have a small harddrive and no swap space? Would this configuration allow everything in my OS to run from RAM and not from swap? If this is the case then there's no need to ever create swap, is there?!? We just discussed this in the Ideal swap partition size thread. If your application is 8GB, you need at least 16GB of address space in case the server attempts to call an external program. When it does so, it will call fork(). While fork() will not copy all of the pages of a process under Linux, you do generally need to have the space available. If you're going to run an 8GB database server, with 10GB of RAM, I would strongly recommend at least 10GB swap space. You won't use it, but the system won't work reliably if it's missing. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Software RAID 5 or something else?
arag...@dcsnow.com wrote: My original idea was to put them in a RAID 5 configuration. This sounded good until I started researching RAID controller cards. It looks like it will cost me $520 to get a good PCI-E card (3Ware 8 port). I don't think I want to spend that much if I don't have to. My goals are two fold. 1) I want to get some redundancy in case of a drive failure. 2) I want to increase my performance. If you want to increase performance relative to a single drive, RAID 5 is the wrong choice. Many (most, in my experience) workloads will run slower on RAID 5. I recommend running RAID 10 if you think the storage needs to be faster. Either get sixth drive for 2.25TB of storage, or set up a 1.5TB array with a hot spare. Software RAID is fine if you don't want to pay for a controller, but get yourself a UPS. I have benchmarked my read and write performance to and from this server. Using Samba, I seem to be able to get about 50Mb/sec reads and 40Mb/sec writes. I am on a gig network and would like to be able to max out the cards (90Mb/sec is what I get at work). More than likely, you need to enable jumbo frames on all of your systems. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Ideal Swap Partition Size
Tim wrote: On Tue, 2009-01-20 at 20:06 -0800, Gordon Messmer wrote: maybe based on the idea that swapping will cause the system to behave badly It seems strange to think that a system will swap just because there's swap space available. No where did I suggest that. What I was referring to was that several people are endorsing system configurations with little or no swap space in order to prevent the system from even being able to swap. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Ideal Swap Partition Size
Patrick O'Callaghan wrote: On Tue, 2009-01-20 at 20:06 -0800, Gordon Messmer wrote: It's also important to bear in mind that under the standard configuration, you must have at least as much free memory as the largest application in your server, or else that application won't be able to call external programs. If you don't have enough memory (RAM+Swap) for the largest app you need to run, then that app won't be able to run. You don't understand. Of course you need enough total memory to run your applications. What I was pointing out was that you need to have enough free memory beyond that for a second copy of the largest application that you run. Even if it won't be filled, it needs to be present. Let's imagine that you have a server with 2GB of RAM, and just 512MB of swap (maybe based on the idea that swapping will cause the system to behave badly). Let's also imagine that you've tuned your SQL server to keep as much data in memory as possible, so it's 1.5GB resident. Now, if you SQL server has helper applications that it wants to call, it has to fork() and then exec() to start them. When it does a fork(), the system doesn't actually copy all of its pages for the new process, but it does require that the memory be available (the extent to which that is true depends on your overcommit settings). This was true in older systems (actually the system just allocated space for data and stack, since the code segment was shared) but Linux uses a copy-on-write policy so I don't think it's true any more. The feature that you're referring to is called overcommit. I had hoped that by referring to it *by name*, I could avoid inaccurate corrections, but I guess not. Overcommit uses a heuristic algorithm to determine whether or not a request to allocate more memory than is present (either by malloc or fork) will be allowed. In many cases, fork() will fail if you do not have enough memory for a second copy of the application, even though Linux doesn't copy a complete set of pages during fork(). If you want the system to work *reliably*, you must have enough free memory for a second copy of your largest application. In most cases you should achieve that by having at least as much swap as physical memory. However, since you don't have 1.5GB of memory available, the fork() will probably fail, and the SQL server process can't execute its helper script. I don't think so (see above). You're wrong. I helped a friend track down exactly this issue just a couple of months ago. This situation would be much harder to diagnose if you had 1GB of swap and your SQL server were something like 1.3 GB. In that case, it might sometimes work and sometimes fail depending on how many other processes were using memory. And on how much the SQL process is using for a specific run. If it were specifically using 1.3 GB of memory in a total of 3GB, it might work some of the time and fail some of the time depending on whether the rest of the system were using 400MB of memory or 800MB. So, even if you expect to never *use* swap space, you should have at least as much swap as physical RAM. There is no reasonable amount of swap that will stop you from running out of memory in *every* conceivable circumstance. You need to know the behaviour of your system to make an educated guess. That's exactly what I'm trying to illustrate, because is is frequently overlooked. In systems which run applications that consume a lot of memory, you need to make sure that your total amount of phsycal memory and swap will leave enough free for a second copy of your very large application. If not, then fork() may fail, even though fork() doesn't copy pages. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT ? PyQt: how is the commercial license not GPL ?
Linuxguy123 wrote: The free version of PyQt is licensed under the GNU General Public License. If your use of PyQt is compatible with the GPL then you do not need to buy a commercial PyQt license. Similarly you do not need to buy a commercial Qt license. snip If your use of PyQt is not compatible with the GPL then you require a commercial PyQt license. === So if I buy a commercial license from Riverbank, I can violate the GPL ? I don't get this. No, you may not violate the GPL. If you choose to redistribute PyQT under the GPL along with your application, then your application must be licensed to users under terms compatible with the GPL. If you'd like to license your application under other terms, then you can get a commercial license from the PyQT developers which does not place restrictions on the way that you license your (derived) code. In this case, you're not violating the GPL because you're not distributing a GPL licensed product. === There is no functional difference between the GPL version and the commercial version of PyQt. === But I am supposed to buy a license to use it ? If you want to distribute an application under terms that aren't compatible with the GPL, then yes. === What Does the Commercial Version Give Me? A copy of the commercial license gives you the following. * A copy of the PyQt source code that you download via HTTP. === Doesn't the GPL require this for all applications ? Yes, but you aren't getting the library under the GPL. You're getting it under a completely different license, under which you can not expect the same rights. == * A copy of the QScintilla source code that you download via HTTP. * The right for a single developer to write applications under Windows, UNIX, Linux and MacOS/X. == Doesn't the GPL say that anyone can use it for any reason ? Yes[1]. However, as noted above, you aren't getting PyQT under the GPL. You're getting it under a completely different license that does not grant you the same rights. If you want to distribute an application under terms that aren't compatible with the GPL, using PyQT, then you'll need to license PyQT on the developer's terms. If you do that, then the GPL does not protect your rights. If you license PyQT under the commercial license and that license says you have the right to allow one developer to use it, then only one developer may use PyQT to build your application. You'll have to pay for additional license in order to hire more developers. [1]: Kind of. As Matthew pointed out the GPL doesn't govern use, it governs distribution == * The right to distribute the required PyQt modules and QScintilla library with your applications so long as the users of those applications do not themselves have direct access to PyQt. Otherwise those users themselves become developers and require their own copies of the commercial versions of both PyQt and Qt. = I really don't understand that. I thought that developers had to distribute code when they shipped a GPL product. This only really matters when you're shipping a product that's not GPL. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Ideal Swap Partition Size
Rick Stevens wrote: Reserving a swap area and its size is rather dependent on what the machine is doing. We have database servers that, on occasion, get hammered and revert to using swap for a brief time. We use a 2X swap size and we've come close to using it all, so it's still valid. You will have to watch it---as soon as you start really whacking swap, system performance is going to start suffering quite badly. It's also important to bear in mind that under the standard configuration, you must have at least as much free memory as the largest application in your server, or else that application won't be able to call external programs. Let's imagine that you have a server with 2GB of RAM, and just 512MB of swap (maybe based on the idea that swapping will cause the system to behave badly). Let's also imagine that you've tuned your SQL server to keep as much data in memory as possible, so it's 1.5GB resident. Now, if you SQL server has helper applications that it wants to call, it has to fork() and then exec() to start them. When it does a fork(), the system doesn't actually copy all of its pages for the new process, but it does require that the memory be available (the extent to which that is true depends on your overcommit settings). However, since you don't have 1.5GB of memory available, the fork() will probably fail, and the SQL server process can't execute its helper script. This situation would be much harder to diagnose if you had 1GB of swap and your SQL server were something like 1.3 GB. In that case, it might sometimes work and sometimes fail depending on how many other processes were using memory. So, even if you expect to never *use* swap space, you should have at least as much swap as physical RAM. I thought I'd read once that using twice as much swap as physical RAM actually allowed the system to use a linear map of swap pages to virtual address space, so that it didn't have to search for free pages of swap when it paged something out. The result was a faster swap manager, but I'm not sure if that's actually the case. I haven't been able to find documentation to back it up. Anyone know whether or not that's the case? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RAID5 gets a bad rap
Bill Davidsen wrote: Gordon Messmer wrote: ... No. Even in the worst case it would read N-2 blocks (you are writing a new data block and calculating new parity), and two writes. Let's just say that I've seen controllers behave in ways that I don't understand, and that I agree, the cost should not be as great as I previously estimated. It doesn't matter whether you're writing new files or modifying existing files, because all of this happens at the block level. It's especially bad on journalled filesystems, where writing to a file will update the files blocks, plus the filesystem's journal's blocks, and finally the filesystem's blocks. No again. You read the parity block and the old data block, XOR first the old then the new data with the parity block, and write the new data and parity. Yes, I understand what you're saying, but that in no way contradicts what I wrote there. Regardless of whether you create a new file or modify an existing file, there will be changes made to the filesystem to reflect the fact that changes have been made. If you modify a file, the inode's mtime is updated. If you create a new file, then a new inode is written, and the directory entry is modified. In both cases, the blocks which hold the file's data are written, the journal is written before the filesystem is updated, the filesystem is updated with the changes in the journal, and then the journal is modified again to mark it complete. We can argue about how much overhead RAID5 has, but I don't think you can argue either that there is *no* overhead or that the filesystem is not a database. Any given write to the disk will involve updating the journal twice and the filesystem once, which more or less creates the small random writes that RAID5 is so poor at performing. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RAID5 gets a bad rap
Bill Davidsen wrote: Gordon Messmer wrote: Your assertion ignores the fact that filesystems themselves are, in fact, databases. Real-world experience with many production systems and many workloads has convinced me to use RAID 5 as rarely as possible. Even when I'm forced to use it, I generally choose a RAID 5+0 configuration as I get much better performance. Or you might want to read the man pages for md and mdadm. RAID10 is faster (assuming you use the far 2 config). No, RAID10 is not another name for RAID1+0... When I read the man page for md, I see: RAID10 RAID10 provides a combination of RAID1 and RAID0, and is sometimes known as RAID1+0. ...so I'm not sure what man page you've been reading. I know that RAID 10 is faster than RAID 5+0. I meant that in the rare circumstance when I'm trying to build a very large volume of disks (say, 20), I'll usually create four RAID5 arrays with five disks each, and then stripe them. The resulting array (RAID 5+0) will be more resilient to failure and perform much better than a single RAID5 array containing all 20 disks. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RAID5 gets a bad rap
Chris Tyler wrote: On Tue, 2008-12-30 at 01:02 -0800, Gordon Messmer wrote: That's not quite it. RAID 5 performance suffers because every write requires that the entire block that's being written be read from every drive in the array, parity calculated, and then the data and parity written out. For each block written, the array has to do N reads plus two writes. You don't have to read all of the drives -- just the block you're updating and the parity block. XOR the old data you're about to overwrite with the parity block and the new data and you'll have the new parity block. Total activity: two reads plus two writes. I've understood that to be the case, but while watching the drive activity lights on RAID5 arrays, it seems like I always see the entire set flash at the same time. I guess I'll have to investigate that further to find out why. Thanks. RAID 5 tends to be most appropriate when you're trying to get as much disk space as you can with the lowest cost, you won't be running multiple simultaneous jobs on the same disk array, and when you'll be collecting data at a rate that's relatively low. I'd say the other way around -- RAID 5 is poor at small writes (hence the OP's comments about database updates), but very nearly approaches RAID-0 speeds when reading or writing large quantities of sequential data. Your assertion ignores the fact that filesystems themselves are, in fact, databases. Real-world experience with many production systems and many workloads has convinced me to use RAID 5 as rarely as possible. Even when I'm forced to use it, I generally choose a RAID 5+0 configuration as I get much better performance. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: RAID5 gets a bad rap
Philip A. Prindeville wrote: If you're *not* a database weenie, and you're doing usual manly things with your filesystem (like lots of compiles, for instance), you're typically not going to be modifying files in place at all. That's not quite it. RAID 5 performance suffers because every write requires that the entire block that's being written be read from every drive in the array, parity calculated, and then the data and parity written out. For each block written, the array has to do N reads plus two writes. It doesn't matter whether you're writing new files or modifying existing files, because all of this happens at the block level. It's especially bad on journalled filesystems, where writing to a file will update the files blocks, plus the filesystem's journal's blocks, and finally the filesystem's blocks. So is it just the database-heads that are maligning RAID5, or are there other performance issues I don't know about? Most of your comments don't reflect the way RAID 5 actually functions in any way. Because my empirical experience has always been that when writing large files, RAID5 performs on par with RAID0. The system on which you were testing was probably limited by other factors, if that was the case. A RAID 0 disk array will be much faster than a RAID 5 array. RAID 5 tends to be most appropriate when you're trying to get as much disk space as you can with the lowest cost, you won't be running multiple simultaneous jobs on the same disk array, and when you'll be collecting data at a rate that's relatively low. Usually, that's backups. Your network is probably slower than your disk array (unless the array is very large -- array speed decreases with array size), so streaming data in over the network to your disk array won't bog it down. Virtually any interactive workload will benefit from a better disk configuration. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: E-mail Server
There's plenty of advocacy for Postfix and Dovecot on this list; I occasionally like to chime in with a bit for Courier MTA: http://www.courier-mta.org/ Among the advantages I appreciate: * Maildrop is much easier to manage than procmail * Configuration is much simpler: it's substantially similar to the highly regarded Qmail * The entire system is a single integrated package, so you only have to configure things like authentication once rather than for each server (as in postfix and dovecot). * Courier supports an SMTP filtering API that's much simpler than either Postfix or Sendmail. I wrote courier-pythonfilter to help email admins filter and modify messages using Python. ;) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: home directory
Todd Denniston wrote: Craig White wrote, On 12/19/2008 12:03 PM: getent passwd | grep $1 | awk -F: '{ print $6 }' ... Thanks for that getent call suggestion, it simplifies one of my scripts greatly. The grep is useless, and should be discouraged. Use something like this instead: getent passwd $1 | awk -F: '{ print $6 }' or: getent passwd $1 | cut -d: -f6 Calling getent passwd on a machine that uses LDAP as an NSS source causes a full search of the directory, which can be very expensive on large directories. It's better not to make a habit of doing that. Plus, the grep method fails if the username that you're searching for is a substring of other usernames in the passwd database. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Apt-get really screwed up on F9
Nigel Henry wrote: [r...@localhost djmons]# apt-get update ... Hit http://rpm.livna.org 9/i386/ filelists.sqlite apt-get: rpm/rpmindexfile.cc:645: std::string rpmRepomdIndex::IndexURI(std::string) const: Assertion `Res.size() 0' failed. ... I've had to do a yum update to update F9, which went ok, but what the hell has gone wrong with apt, and apt-get? It's hard to say from the output, but it could be that Livna's repo is broken in some way. As a side issue rpmfusion has just come on the scene, and where I could you apt with livna, and freshrpm's, but rpmfusion has no support for users of apt, but only Yum. As far as I know, both yum and apt use the same repomd format. The only thing that should be standing in your way is that the release packages don't have apt repository files. If you manually add the repositories using the information provided for yum, apt should work. Fedora users ignore this post please. This is a complaint to the Fedora developers, who are living in their own little world. I thought that Linux was about choices, but it appears that Fedora devs have decided that Yum is the way to go, and Apt can go down the can, and be no longer supported. From what you've provided us, it looks like your problem has nothing to do with the Fedora developers. RPMFusion's maintainers are an entirely separate group. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: infrastructure modest proposal
Tom Horsley wrote: On Wed, 10 Dec 2008 23:33:49 -0800 Gordon Messmer wrote: Isn't that sort of the intent of the testing repo? I dunno :-). Maybe we don't need another layer, maybe we just need the simple check for obvious dependency problems in testing, but I think maybe the the associated packages might be in testing already, yet they weren't marked to go to updates at the same time. Perhaps a more useful bit of QA prior to each push of packages to updates would be to prep a new client (use mock), enable the [testing] repo, add includepkgs = package list, and then pass package list to yum install. If there are dependency problems, yum will fail. If you're concerned about it, you might want to propose such a thing in the dev list. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Sed programming question
Dan Thurman wrote: I tested your suggestion above with and without -r option but could not make it work as an AND operator: # echo foo har | sed -re '/foo/{/bar/{s/foo/goo/}}' goo har $ rpm -q sed sed-4.1.5-11.fc10.x86_64 $ echo foo har | sed -re '/foo/{/bar/{s/foo/goo/}}' foo har -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: infrastructure modest proposal
Tom Horsley wrote: With all the dependency problems that always seem to crop up in updates, I'd like to make a simple suggestion that would hide 99% of these issues from us pore old users: Add another layer of repos: Just before the updates repo, have a almost updates repo. Packages that get released to updates now, would instead get released to almost updates. Isn't that sort of the intent of the testing repo? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: How to get rid of selinux
gab_v wrote: p.s. I said not how to disabled SELinux because I did it once and I did not solve the problem and, after that, I had a block at boot process. You probably ran setenforce 0 or added a kernel arg in grub (but not grub.conf). Those don't permanently disable SELinux. To do that, you should modify /etc/selinux/config and set SELINUX=disabled -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: want to prevent people from making mistakes?
Jeff Spaleta wrote: The the current lifetime is an honest representation of the amount of contributor support that we have on hand. The Fedora Legacy sub-project was attempted but it did not have enough contributor support to be self-sustaining. Which reminds me of something I was thinking of earlier today... A lot of Ubuntu users point to the longer support lifetime of Ubuntu's regular releases as one of the reasons they choose not to use Fedora. I'm surprised that a company which isn't profitable is able to maintain as many releases as they do. On the other hand, it looks like in April, Canonical was discussing a scale-back to supporting only LTS releases and the current release. From the votes and my own speculation, I think it's likely that they will, eventually. I wonder how that will change the user base... -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mysql
ann kok wrote: I configure the mysql replication but got this warning How can I fix this problem? ... [Warning] No argument was provided to --log-bin, and --log-bin-index was not used; so replication may break when this MySQL server acts as a master and has his hostname changed!! Please use '--log-bin=/var/run/mysqld/mysqld-bin' to avoid this problem. Edit /etc/my.cnf and put a couple of lines in the [mysqld] section like: log-bin = mysqld-bin relay-log = mysqld-relay-bin -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Regenerating expired mail.crt?
Philip Prindeville wrote: How do I reconstruct an expired mail.crt file? As I remember, the cert was originally generated automatically by the .spec when I installed some package or another, but I can't figure out which it was or I'd just peek into the .spec and repeat it again. # cd /etc/pki/tls/certs # make mail.crt This will create new mail.key and mail.crt files, using openssl. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: DNS broken after Fedora 10 upgrade
woodson2 wrote: This is what I see in /var/log/messages 03-Dec-2008 10:07:46.262 /etc/named.conf:28: using specific query-source port suppresses port randomization and can be insecure. 03-Dec-2008 10:07:46.263 could not get query source dispatcher (0.0.0.0#53) You should probably take the default options used in /etc/named.caching-nameserver.conf and replace whatever you have in named.conf. This is the results of named-checkconf -z zone maizenblue.com/IN: maizenblue.com/MX 'mail.maizenblue.com' is a CNAME (illegal) Your MX record must be a hostname that resolves to an IP. That is, you have something like: maizenblue.com. MX 5 mail.maizenblue.com. mail.maizenblue.com.CNAME something Instead, you must use: maizenblue.com. MX 5 mail.maizenblue.com. mail.maizenblue.com.A 1.2.3.4 Some mail servers will not deliver mail to you or accept your mail, as your DNS records violate the relevant RFCs. zone maizenblue.com/IN: loaded serial 2007041818 zone 10.10.10.in-addr.arpa/IN: loading from master file 10.10.10.zone failed: file not found _default/10.10.10.in-addr.arpa/IN: file not found looks like it can't find the reverse zone file, however it is definitely thereAny help would be greatly appreciated...Thanks I'm not sure about that one. Maybe an SELinux issue? Check /var/log/audit/audit.log -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Disable sound for KVM guest
I've noticed that when I create a new virtual machine under F10, it takes control of the dsp device when it's running. I've tried commenting out the sound element in its XML configuration file, but that hasn't helped. Is there a way to disable sound support for KVM guests? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Disable sound for KVM guest
Bill Davidsen wrote: Which tool do you use to create the XML? I'll take a look, but I have been starting my stuff mostly from command line. Leaving off -soundhw seems to do the job. I used virt-manager to create the VM. The configuration file is /etc/libvirt/qemu/TestCentOS.xml. The guess will take over the sound device regardless of whether I start the VM from virt-manager or virsh. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F10 NFS Install Query
Simon Andrews wrote: John Austin wrote: I think it probably only needs the documentation updating to say put the install.img file in an images subdirectory for an NFS install I disagree. You shouldn't need to do this - and it make it a right pain if (as I have) you have an i386 and and x86_64 iso in the same nfs directory. Anaconda can handle this situation and I suspect that not being able to do this through the askmethod route will turn out to be a simple bug. Chris Lumens of Red Hat indicated in bug 466992 that anacanda can *not* handle this situation any more. The change was intentional. If you have your ISOs in the same location, you can specify the location of stage2.img using the stage2= parameter. It's probably easier to just keep different architectures' isos in separate directories (along with images/install.img) though. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Revisor
Martin Schiøtz wrote: Does somebody know what's going with the revisor project? The mailing list [EMAIL PROTECTED] does not seem to work. The lists were moved to [EMAIL PROTECTED] this afternoon. http://fedorahosted.org/mailman/listinfo/revisor-users I have been trying to build CentOS and Fedora on Fedora 9 and 10 with revisor for some time now with no succes at all. I have been trying different versions of revisor and different kinds builds (with CentOS and Fedora) on both Fedora 9 and 10. The result is alway some kind of error doing the beginning of the install process of the builded CD or DVD images. Apparently there are issues with different versions of squashfs in new Fedora releases and CentOS 5. You can use mock to create a centos 5 chroot and run revisor from there, which I'm told will work. I've quoted Jeroen's more detailed directions at the end of this message. Since the move, there's already been a post to the list about problems composing Fedora 10, and I'm hoping to see a resolution. Has anybody have any succes building images with revisor lately? Not yet. I've been talking to the author about similar problems. For the moment, I'm just composing the install trees and then using the vmlinuz/initrd/install.img from the distribution. -- The nasty thing between a (recent) Fedora station composing EL5 installation or live media is the version mismatch between squashfs. I very much doubt this is ever going to be solved, but you can run revisor in a mock chroot: # yum install mock $ mock -r epel-5-i386 init $ mock -r epel-5-i386 install comps-extras createrepo rhpl pykickstart \ ~livecd-tools anaconda-runtime squashfs-tools \ ~busybox-anaconda notify-python usermode \ ~pam python automake intltool gettext \ ~desktop-file-utils glib2-devel gcc \ ~cobbler koan deltarpm pygtk pygtk2-libglade \ ~gnome-python2-gconf system-config-kickstart jigdo \ ~livecd-tools python-virtinst git $ mock -r epel-5-i386 shell mock-chroot git clone git://git.fedorahosted.org/revisor mock-chroot cd revisor mock-chroot git checkout --track -b EL-5 origin/EL-5 mock-chroot autoreconf ./configure mock-chroot make install mock-chroot revisor --cli [options] ^ This is what I'm testing now, and it seems to work. Kind regards, Jeroen van Meeuwen -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: script help
Dave Ihnat wrote: On Mon, Dec 01, 2008 at 04:10:50PM -0500, RGH wrote: ls -1d *log | xargs rm -Rf Note that the first option is a one, not an el. Or for that matter, just echo *log instead of ls. Neither of those are reliable. If there are enough matches to require xargs, then both ls and echo will fail. xargs also doesn't care whether or not each entry is printed on its own line, so ls -1 isn't better than ls with no argument. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: F10 nfs installs
Mike Cloaked wrote: Interestingly I was trying to set this up from an existing F9 system with SElinux enabled, and following the guidance at the page you quote I did: [EMAIL PROTECTED] f10]# mount -o loop /home/mike/isos/f10/Fedora-10-i386-DVD.iso /mnt/tmp -t iso9660 then [EMAIL PROTECTED] f10]# cp -a /mnt/tmp/images . cp: cannot create directory `./images': Permission denied This is the same whether root or user. However cp -r does get copies of the files! Don't use cp -a to copy read-only filesystems. cp will create the destination directories with the same read-only permissions, and will be unable to write files into them. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ssh+background process in script
hari krishna angadi wrote: $ vim myscript.sh ./Pgm $ /usr/bin/ssh -x -n -o BatchMode=yes 127.0.0.1 cd /home/tom/Test_Dir/ '' ./myscript.sh If i run this command hello world is not printed. If i run this same in FC2 hello world in printed. *Whether there is solution to this or it is a bug of FC8?* The obvious solution would be to not run ./Pgm in the background. Why are you doing that? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: More strange F9 dependencies
Beartooth wrote: [EMAIL PROTECTED] ~]# yum remove bluez-* ... Removing: bluez-libsi386 3.36-1.fc9 installed 126 k bluez-utils-cups i386 3.36-1.fc9 installed 40 k I feel like I should point out that all of this fuss is over 166k. That disk space costs about $.02. Some make mud seem clear. I don't understand, despite googling, what gvfs is or does. It's the Glib virtual file system. Rather than use the standard libc routines for file access, applications which use glib can use its IO routines and will be able to access data from various sources in addition to plain files. For instance, an application can open an ftp://; file using the same functions as a local file on disk. But what of nautilus? It would be fine for bluez to depend on it; but why should it depend on bluez?? Because nautilus depends on gvfs, like virtually all of GNOME does, for file IO. According to the information that rpm has, removing bluez will break gvfs, which would break nautilus. Is someone going to tell me that pango uses bluez, with or without hardware? And then sneer down his nose that I'm welcome to write new code?? Are you bringing this up in order to pursue a vendetta from a previous conversation? You've got to relax, man. Maybe it'd help to understand how ld.so works. Simplified: When you start a dynamic executable, it gets loaded into memory. ld.so examines it for a list of libraries that it was linked to when it was compiled. It searches the directories configured in /etc/ld.so.conf and loads those into memory too. It then examines the dynamic executable for a list of functions that are used, and searched for those in the libraries. When found, it adjusts some pointers to functions and starts running the dynamic executable. The process of loading and searching for libraries is recursive; if a library is dynamically linked then ld.so has to process it in mostly the same way. If any library or function can't be found, an error is printed and the application fails to start. The point of illustrating that is that your idea of use isn't the same as ld.so's. The loader can't determine whether or not you will attempt to transfer files by bluetooth. Its job is simply to make sure that the libraries exist, and that they contain the correct symbols. An application always uses the libraries that it linked with. What ever became of linux being tailorable?? GNU/Linux systems are as tailorable as they ever were *because you have the source*. The ability to tailor a GNU system has never meant that you could tear out binary components that you thought looked funny without causing the system to fail. It means that if you are knowledgeable, you can modify the system to do what you want it to -- and it always has. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [sudo-users] How to disable ( deny ) user to change the password of root
[EMAIL PROTECTED] wrote: Sorry, what means about the sentence ? The last line of the script that I suggested to you was: passwd -- $1 That line would be more secure if it were specific about where passwd should be: /usr/bin/passwd -- $1 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Sudo from scripts
Mikkel L. Ellertson wrote: Patrick O'Callaghan wrote: In any case, the owner of the script is only security-relevant in two cases: 1) if it allows someone to edit the script who normally couldn't, or 2) if the script is setuid. Of course it could also change who can *execute* the script, but if it's not setuid they'll be doing it as themselves, not as the owner. Does setuid work on scrips? I know it did not in the past, but I have not checked to see if that has changed. No, it doesn't, and it never will. Making root a script's owner is not a security issue. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [sudo-users] How to disable ( deny ) user to change the password of root
[EMAIL PROTECTED] wrote: BUT there is another problem of it ( I think it is a bug of sudo ). When you enter sudo passwd without the option (eg:userid): [EMAIL PROTECTED] ~]$ sudo passwd Changing password for user root. New UNIX password: That's not a bug. sudo doesn't know what you're trying to do, only whether or not your commands match the patterns in its configuration files. They do, so sudo allows the access. OH...the user manager who can change root password ? So, is there any solution for this case of problem ? Yes, there is. Don't let users execute any of those commands directly. Write shell scripts that validate the commands that you want them to execute, and only allow users to execute those with sudo. For example: passwd-wrapper: #!/bin/sh # Validate that a username was given as an argument [ -n $1 ] || { echo Use: passwd-wrapper username 2 exit 64 } # Validate that the username wasn't root [ $1 != root ] || { echo Can't set the root user's password 2 exit 77 } # Use -- to make sure that the username given wasn't just # a switch that passwd would interpret. # THIS ONLY WORKS ON GNU SYSTEMS. passwd -- $1 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: [sudo-users] How to disable ( deny ) user to change the password of root
Matthew Flaschen wrote: Gordon Messmer wrote: Yes, there is. Don't let users execute any of those commands directly. That's not a solution. The user can still edit /etc/passwd manually. In the solution I propose, the user can only edit passwd-wrapper and other wrappers with sudo. In that configuration, they aren't given any access to edit /etc/passwd manually. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Domain of sender address ... does not resolve
Bill Davidsen wrote: I just did a new FC9 (fully updated) install, and it regularly rejects outgoing mail with the subject error message. The address does resolve, of course, so I'm not sure what it means instead of what it says. Take the domain from the error message and run host domain on the command line, on the server that's rejecting the mail. If you're sending mail from a host whose name does not resolve publicly, then the error that you're seeing is probably reported by mail servers outside your network that don't have access to your name servers. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Build 64-bit kernel on 32-bit system
john wendel wrote: john wendel wrote: Much to my surprise, there isn't a 32 vs 64 bit toggle in the kernel config. Google confused me, but did tell me I require a 64bit toolchain. This seems bogus, since the kernel is self contained. I think it should be enough just to set the proper gcc options. ... Yes, I'll do a 64bit F10. Just wanted to experiment, and maybe learn a little something while I'm waiting for F10. If that's your goal, you can do that. You do need a 64 bit toolchain. If you run gcc --help -v you'll notice that ld doesn't support 64 bit targets. The first thing you'll need to do is build the toolchain for 64 bit cross-compiling. Once that's available, you should be able to use it to create a 64 bit kernel. That's pretty much the way that you'd always build an OS for a foreign CPU. Build the toolchain first, then compile the OS using that toolchain, then create a boot disk using the cross-compiled binaries. Don't get confused by the fact that 64 bit CPUs are backward compatible. You need to treat them like a completely foreign CPU. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Dependency Champion
Beartooth wrote: On Fri, 07 Nov 2008 13:31:05 -0800, Gordon Messmer wrote: [...] If you instruct the tool to remove a package, it does not remove other packages randomly or haphazardly. You may not understand the package relationships, but that does not make them wrong. Nobody has suggested that any mental state makes them wrong. What does make them wrong, dead wrong, is a fundamental principle of Unix -- every tool should do *one* job, and do it well. Now you're arguing philosophy against fact, where wrong doesn't mean incorrect but not the way I think it should be done. If you're convinced of your philosophy, you're free to contribute a better solution. Pango does one job, and does it well. Pango does text layout. The intention behind pango is that it can lay out any text, including Thai. The pango developers reused an existing library for Thai layout rather than writing their own. Pango is a reusable component that builds on other reusable components; another popular development philosophy. You'll find that near the front of any book introducing people to linux. (Remember books? You probably still have some. They're very good for things like history, which doesn't change much.) Your condescending attitude will convince no one that you are right or reasonable, nor will it go far toward creating a community of people who are willing to provide you with advice or assistance in the future. Consider the ideal conduct of the community that you would like to be a part of, and act to create it. In most such books, you'll also find an assurance that that principle is what makes *ix the triumph that it is, and all the works of Redmond the creeping disasters that they are. Such assurances remain speculation. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: utf-8 typing problem in X
Carlo Nyto wrote: 2008/11/7 Gordon Messmer [EMAIL PROTECTED]: I think you should be using LANG=ja_JP.UTF-8 You think my problem is because I have it set to Japanese, or that I should change it to Japanese to get proper English text? I think you have *something* set to use Japanese locale. Your messages come through with these MIME headers: Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Your messages aren't UTF-8 at all. They're sent in a completely different encoding, and a Japanese character set. That's probably a setting in your browser. If you're using Firefox, check View menu - Character encoding. But if LANG isn't set to a Japanese locale, and none of the LC_ variables are set, I'm not sure where else to look. If you're using GNOME, you can try System - Preferences - Personal - Input Method, and see if an input method is enabled. You could also check System - Preferences - Hardware - Keyboard - Layouts (Tab) and see how your keyboard layout is set. I can tell you how to change the encoding of a file, but I'm not aware of any program that can shift characters to different unicode points. The problem isn't that the system is displaying your characters badly, it's that the characters are being entered as fullwidth latin characters rather than regular ascii. They look similar when printed, but they're not the same unicode characters. I agree this conversion would be a very difficult - perhaps impossible - problem to solve. Do you mean fullwidth as in a multi-byte UTF-8 character? Not at all. I mean that there is a Unicode character called Fullwidth Latin capital letter T which is an entirely different character (it's codepoint FF34) than the standard latin capital letter T (codepoint 0054, and ascii hex value 54). That is in fact my problem. The fact that they are rendered incorrectly Technically, they're rendered correctly. The problem is not rendering, but input. The characters are being input in the wrong locale. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Build 64-bit kernel on 32-bit system
john wendel wrote: After reading some of the 32bit vs 64bit thread(s), I thought I'd build a 64bit kernel on my 32bit F8 box. Got the latest kernel source and stable patch from kernel.org and tried running make menuconfig. Much to my surprise, there isn't a 32 vs 64 bit toggle in the kernel config. Google confused me, but did tell me I require a 64bit toolchain. This seems bogus, since the kernel is self contained. I think it should be enough just to set the proper gcc options. Even if you built a 64 bit kernel, the benefits of require 64 bit applications as well. Just install the 64 bit distribution. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Is F9 Security an oxymoron?
Dave Feustel wrote: I ask this because I am having new and persistant problems with both Firefox and Konqueror running on 32-bit F9. The problems suggest DOS exploits, and I wonder just how these exploits are being implemented against the two browsers. Install and run iptraf. Go to Detailed interface statistics and select the interface connected to the internet. Watch Total rates for a while. If those numbers are near your internet connections maximum bandwidth, then *maybe* you're being DOSed. Otherwise, you're not. I am pretty much of the conclusion that all operating systems can be cracked straightforewardly, mostly because of security holes in X11, which is becoming a requirement of effective computer use. No, it isn't. The vast majority of computers do not use X11, and as pointed out: modern Linux systems don't make X11 remotely accessible at all. Is anyone aware of legislation passed by Congress in 1995 mandating that ALL computers be remotely accessible regardless of OS running on the computer? No, and I suspect that if you attempt to identify the bill, you'll find that there isn't one. The government also can not watch you through your television or computer monitor. I normally keep these thoughts to myself, but the increasing buginess of the two browsers on F9 is beginning to aggravate me. All this seems to have gotten much worse after I posted a review on Amazon of the book _Judaism Discovered_ by Michael Coffman. I bought the book after I discovered that the book had been banned by Amazon, the only book ever banned by Amazon. Could I have pissed off someone by buying and/or reviewing the book? :-) It seems far fetched. Attempting to post this, I got a shell error: cannot connect to port 587. Connection Refused. Talk to your ISP about why it might have been unavailable briefly. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: dependency champion?
Henk Breimer wrote: I fully understand what caused this. My next question would be : what would happen if such a helper program for every small lanquage were included in the same way? Pango *is* a helper for every language. Thai just happens to be one case where the functionality required for rendering their language existed already and could be reused, rather than requiring the Pango team to write it themselves. This is how software is *supposed* to work. The only problem is people who *aren't* involved in solving problems are bitching at the people who have, without even understanding the system that they're criticizing. A better solution is needed for this kind of things. If you think so, you're free to contribute one. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: What is Fedora..
Monty wig wrote: Sorry for this silly question but I am a newbie trying to learn linux and wondering what is Fedora or what is the difference between Fedora and linux? Linux is a kernel which provides device drivers, memory management, networking, and other essential services. It is used by nearly all GNU systems, and a large number of systems that don't use GNU software. Fedora is one of the most popular distributions of GNU/Linux, of which there are many. (Wikipedia lists 184 distributions of Linux based systems) http://en.wikipedia.org/wiki/Linux_kernel http://en.wikipedia.org/wiki/GNU http://en.wikipedia.org/wiki/Fedora_(operating_system) http://en.wikipedia.org/wiki/Category:Linux_distributions -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: dependency champion?
Les Mikesell wrote: Gordon Messmer wrote: Henk Breimer wrote: Pango *is* a helper for every language. Thai just happens to be one case where the functionality required for rendering their language existed already and could be reused, rather than requiring the Pango team to write it themselves. This is how software is *supposed* to work. You mean all optional things are supposed to be linked whether needed at runtime or not? No, I mean that components should be reused to create broader, more capable, and more general components. As far as linking goes, Pango gets that right, too. Pango's thai module is linked to libthai, and it's the only component that is. If you're concerned enough about 400k of disk, you can spend your time modifying the pango spec file to package the thai modules separately, and submit patches for the spec and for the distributions comps.xml file so that pango only gets Thai support when the user specifically installs Thai language support. However, you should consider the value of your time; creating those patches, testing them, and working with the maintainers to get them included is probably going to cost you considerably more than the disk space. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: utf-8 typing problem in X
Carlo Nyto wrote: I have a problem with Fedora 9 - if I type in X, whether it is in a firefox window, a gaim window, an xterm, a gnome-terminal, a gvim window, it will randomly switch to some Unicode part of the character set. It looks to me like the problem is that you're /not/ using a UTF-8 locale. Can you confirm that? Open a terminal and run: $ set | egrep '^(LANG|LC)' I think you should be using LANG=ja_JP.UTF-8 I have found no way to convert the text to the proper part of the character set, and cut-n-paste preserves the problem. I can tell you how to change the encoding of a file, but I'm not aware of any program that can shift characters to different unicode points. The problem isn't that the system is displaying your characters badly, it's that the characters are being entered as fullwidth latin characters rather than regular ascii. They look similar when printed, but they're not the same unicode characters. The real mistake was using Fedora 9 in the first place, but I had no idea how bad it would be - between problems like this that are impossible to troubleshoot, It's not impossible... and an X server that won't listen on TCP without me making source changes. GDM is responsible for instructing X not to listen on TCP, and you'll find it used in other distributions of the same age. That problem isn't specific to Fedora. Still, I'm going to not personally worry about this, and switch to Ubuntu soon. Ubuntu uses the same gdm, the same X server, and the same input methods that Fedora does. I don't think switching distributions will get you as far as configuring the system properly will. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: dependency champion?
Beartooth wrote: Pango should never have required libthai in the first place -- not in a release -- not if libthai is anything remotely like what its name suggests. The alternatives are to a) write their own code for Thai font handling b) include libthai rather than link to it c) don't handle rendering Thai text. Either of the first two would do nothing to make the system any smaller, they'd just hide from you that Thai support was developed by someone outside the core Pango group. As far as I know, they wrote their own code for all of the other scripts that are supported, and were able to use libthai because it was already available. Surely not. We have developers all over the world, who must think, and often write (first drafts at least), in a vast number of languages. Should we jam some latter-day Tower of Babel into Fedora? Yes, that's generally the idea. The system software should support the languages of a global user base. As a compromise, the fonts and locale information which constitute the largest use of storage are optional. Are we to throw away the huge benefit that fell into our laps when the Internet developed a lingua franca from its outset? I think you're confusing the purpose of libthai/pango (font rendering) with the purpose of UTF-8 (character encoding). Thai language support uses UTF-8 in Fedora, too. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT: find command permissions: how to exclude dir?
Rick Stevens wrote: Gordon Messmer wrote: If -name is the first predicate, and you prune matches, find will not need to stat() the directory entry: Sorry, won't work for GVFS filesystem mountpoints. As soon as the non-owner touches the inode, the error occurs. ... Note that test was on F9, x86_64. Yep, that appears to be true for F9. It looks like the version of findutils included in F10 has been fixed in this respect, though. There's no need to touch the inode for directories which are being pruned based on their name. :) The platform difference explains the discrepancy between your tests and mine. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT: find command permissions: how to exclude dir?
Rick Stevens wrote: Nice to hear...or is it a change in GVFS? No, FUSE hasn't changed. The GVFS filesystem remains private to the user who mounted it. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT: find command permissions: how to exclude dir?
Dave Burns wrote: man page on find -prune was not clear to me, but I tried all combos I can think of, nothing works as I'd wish: ... [EMAIL PROTECTED] ~]$ sudo find /users/tburns -name .gvfs -prune find: /users/tburns/.gvfs: Permission denied [EMAIL PROTECTED] ~]$ sudo find /users/tburns -prune -name .gvfs [EMAIL PROTECTED] ~]$ sudo find /users/tburns \( -prune -name .gvfs \) [EMAIL PROTECTED] ~]$ sudo find /users/tburns \( -name .gvfs -prune \) find: /users/tburns/.gvfs: Permission denied You need to tell find what to do with files not named .gvfs: find /users/tburns -name .gvfs -prune -o -print And now that I've logged out back in and .gvfs is mounted again, I can test the other suggested workaround involving remount. This also does not work for me, though I may be giving the wrong form of mount command: [EMAIL PROTECTED] ~]$ sudo mount -o remount -o exec -o suid -o rw /users/tburns/.gvfs [EMAIL PROTECTED] ~]$ sudo find /users/tburns/.gvfs find: /users/tburns/.gvfs: Permission denied I'm not sure what was mounted in the examples mentioned earlier. My understanding of FUSE is that the process providing the FS is the one that must perform the mount. Remounting manually should mount nothing. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT: find command permissions: how to exclude dir?
Rick Stevens wrote: Gordon Messmer wrote: You need to tell find what to do with files not named .gvfs: find /users/tburns -name .gvfs -prune -o -print Will not work. As soon as the non-owner of .gvfs does a stat on the directory, the error will be spit out. find must stat() any item it finds to handle the remainder of the predicate and POP goes the error. If -name is the first predicate, and you prune matches, find will not need to stat() the directory entry: [EMAIL PROTECTED]:~/tmp/findtest]$ find . -print . ./noread find: `./noread': Permission denied ./read ./read/file [EMAIL PROTECTED]:~/tmp/findtest]$ find . -name noread -prune -o -print . ./read ./read/file -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: OT: find command permissions: how to exclude dir?
Joe Smith wrote: Dave Burns wrote: ... Not sure if it is a bug in find or gvfs, but -xdev and -mount do not help with this problem. I've never seen these options work, ever. I sure would like to know why, or what I'm doing wrong, it would be handy to be able to use them. That depends on what you're trying to do with them. In order to determine whether a directory is on the same filesystem, find attempts to stat() the directory. If it doesn't have read permission, it'll spit out an error and continue, which is what it's doing in this case. There is no bug. This is the way that it's supposed to work. If you do have read permission to the subdirectory, and the subdirectory is a different filesystem, then find will not search that directory for matching files. If you've ever seen find return results from a directory that it wasn't told to search when using -xdev or -mount, then that would be a bug. I've never seen find misbehave in that way, though. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines