Re: [gentoo-user] Restricting Firefox website access
On Saturday 17 January 2009 07:34:59 Grant wrote: That sounds good, how can I do that? iptables module owner handles that stuff, just man iptables if you'll have any trouble. iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j REJECT I brought this to the shorewall list for config advice, but I was told: a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any notion of domains. So filterinG by domain is a non-starter. b) When referring to packet filters, filtering by user id (e.g., root) can only be done for connections originating from the firewall. See man shoreall-rules and read about the USER/GROUP column. Here was my original request: I'd like to restrict the websites one of the computers on my network can access in Firefox. It only needs to access 2 different domain names and I don't want it to be able to access any others. I can restrict it at the router if necessary because the router is a Gentoo system. I think this leaves a squid proxy setup as my only option? Restrict by source AND destination IP This requires only that the computer in question has a static IP or a permanent lease (so you always know what it is), and you know the IP of the web sites to be accessed (dig is a very good friend). Allow these, deny everything else to destination port 80. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Restricting Firefox website access
On Saturday 17 January 2009 06:30:45 Mike Kazantsev wrote: And since you're using gentoo you can also pass rsync traffic through a proxy. Rsync (as well as wget and lots of other tools) will use proxy automatically if RSYNC_PROXY (http_proxy/ftp_proxy for other apps, lower- and uppercase) env var is set. For squid to pass rsync traffic you'll need to specify rsync ports in squid.conf, like this: acl SSL_ports port 873 # rsync acl Safe_ports port 873 # rsync Another way, of course, is to run rsyncd on one machine on the network, and point the other machines to it for emerge --sync. This is getting a bit off-topic, though. -- Rgds Peter
[gentoo-user] Problem with Kde 4.1.X
Hi, I have searched on google and bugtrack for weeks for people with a similar problem with the new kde 4.1.X but I didn't find anything. I have some problem even to describe the problem beacause I don't know how to figure out what is wrong with my system. The real problem is that kde 4.1.X didn't start if I use kwin. I only get it start if I use another window decorator (for example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. After the login screen i get the splash screen but at the end of the sequence I'm kicked out to the login screen. I need some advice to how and where begin to search for the problem. Which file I need to parse in search of the problem? Is there on the ML someone whith the same problem? Xorg:1.5.3-r1 nvidia-drivers:177.82 kernel:2.6.27-r7 Intel Core2Duo 8400 nvidia geforce8800GT Thanks Nicola
Re: [gentoo-user] Problem with Kde 4.1.X
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nicola wrote: Hi, I have searched on google and bugtrack for weeks for people with a similar problem with the new kde 4.1.X but I didn't find anything. I have some problem even to describe the problem beacause I don't know how to figure out what is wrong with my system. The real problem is that kde 4.1.X didn't start if I use kwin. I only get it start if I use another window decorator (for example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. After the login screen i get the splash screen but at the end of the sequence I'm kicked out to the login screen. I need some advice to how and where begin to search for the problem. Which file I need to parse in search of the problem? Is there on the ML someone whith the same problem? Xorg:1.5.3-r1 nvidia-drivers:177.82 kernel:2.6.27-r7 Intel Core2Duo 8400 nvidia geforce8800GT Thanks Nicola Hello, This may or may not be your problem, but I have found xorg-sever-1.5.3 and xorg-server-1.5.3-r1 to be unstable. However, xorg-server-1.5.2 works fine for me. I just masked the other two. What I mean by unstable is that they will lock up my system - the mouse and keyboard won't work, so I have to do a hard boot. Regards, Chris -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJJcbq9AAoJEIAhA8M9p9DAx7gP/2CBubwV5g+21f9r4QWxEQx2 Xv4pFYUz4oLI/b/JY2jBIXm+lMm88lToetneP8yLgjdTCadxDmB36dKyWqVo5aul TxphaB+uw50WEEN1ayYzVT4xWUCme63DxGsLGRjL+cID0xpvw42DJIvACaR94LOm GJAiHgt6SjoHHcizHqi5JJ6gpDZxgBGBYhlSqpRqgJAJUYIWDi/4FqUyGbIi6u2K S/6D+3SUI09SuPveCRwwdWzp11kcJFXlLVGb0w5A2Om69rxajGSIRoqle3aU+twO jx3CHpF4vCA9yg5aQaQ4kyILuss7cKnCfQt/8a+yU9KJYUjP5eWLExqSnYnDbmdU sFDgpGpgkez4OQikNKG4ti1xBXkjX1kLzCMj4Axda6ZuKRpAslGvOY4xeR5cDJ5S OSMuVu/C41C8BiWICQgQixhIuTROBo0pdoBXQDJMod0aLxfLtM/hBjBVDQphBt6i wUlgHEcFpSQJQwa+Cp4lc1SrZwNXPtYlT4Ma7Nhdcf7mX2VeJcbh8kio1pNwFGKp 9BZIwkIAsZiD44fUsB/iT0kMeG4DaOHoz+cs+mHBCW/onBH78RJCyEhEvHMiuTu2 HZlFWY6VMIcd52yQsJQdu0Ck3dEXnjSGG1q/JeISi5UbI5V05Am/pF6oolGykNca K7HSh3AOPaR9TA5Nxuj1 =C553 -END PGP SIGNATURE-
Re: [gentoo-user] Re: Append string on Kernel builds
On Fri, 16 Jan 2009 19:36:42 -0600 rea...@newsguy.com wrote: What I asked was if there is some tricky syntax I could use on that kernel setting that would do: linux-2.6.26-gentoo-$HOST-N Where N is an incremented number every time I build the kernel without running `mrproper'. Not quite what you are asking, but would appending a timestamp to the name work instead? It would pretty much guarantee a different name for every build. Just a thought, RobbieAB. signature.asc Description: PGP signature
[gentoo-user] Bash completion annoyance: escapes directory variables.
Hello all. Now, I am unsure whether this is a feature, but: when I tab-complete 'cd ' followed an environment variable, bash insists on escaping this variable. ex: cd $TAB - cd \$ Which means I end up typing for example # cd \$DOC and this is not resolved right. If the variable path is not preceded by 'cd ' , bash completes it OK, without escaping them. Is there any way I can fix this behaviour ? Thanks for your tips.
[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
rea...@newsguy.com wrote: Paul Hartman paul.hartman+gen...@gmail.com writes: I'm ashamed to admit I made the most basic mistake. I compiled uvesafb as a module. Oops! Compiled it as Y instead of M and now I have a pair of Tux sitting atop my kernel boot screen and no more 80x25 horror. :) Is there some difference in uvesafb and vesafb? I've always just ignored the uvesafb choice and used plain vesafb. I just assumed from the name of it and the menuconfig help on it that it was something only usable in `userspace'. I took that to mean after bootup.. something you'd do from the command line. Anyone here that can explain what the difference is. uvesafb also works on non-x86 system. It has one drawback though: it doesn't switch to graphical mode right from the start like vesafb does. Instead, you get the initial kernel messages in text mode and need to wait for graphics to kick-in. With vesafb, you're in graphics mode right from the start. That pretty much makes uvesafb a poor choice for bootsplash configurations.
[gentoo-user] Re: Problem with Kde 4.1.X
Nicola wrote: Hi, I have searched on google and bugtrack for weeks for people with a similar problem with the new kde 4.1.X but I didn't find anything. I have some problem even to describe the problem beacause I don't know how to figure out what is wrong with my system. The real problem is that kde 4.1.X didn't start if I use kwin. I only get it start if I use another window decorator (for example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. After the login screen i get the splash screen but at the end of the sequence I'm kicked out to the login screen. I have that too now but only after emerge updated to KDE 4.1.4. 4.1.3 was working fine. I didn't try to solve it since I use KDE3 and installed KDE4 only to check it out.
Re: [gentoo-user] Permissions of files in /sys/
Momesso Andrea wrote: snip Hmmm... Having not recived any answers might mean that my suspects are right and there is no way to create an udev rule for my scope. I think I will have to change those permissions manually at boot time You can make udev run a *sh script... man udev, locate RUN keyword. Best regards Peter K
[gentoo-user] digikam, gtkam,... what's else?
digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo bugs related to 'digikam'), gtkam shows PTP I/O error... Is there other software I have missed? I have Canon ixus 40 camera.
Re: [gentoo-user] Problem with Kde 4.1.X
Alle sabato 17 gennaio 2009, Chris Walters ha scritto: Nicola wrote: Hi, I have searched on google and bugtrack for weeks for people with a similar problem with the new kde 4.1.X but I didn't find anything. I have some problem even to describe the problem beacause I don't know how to figure out what is wrong with my system. The real problem is that kde 4.1.X didn't start if I use kwin. I only get it start if I use another window decorator (for example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. After the login screen i get the splash screen but at the end of the sequence I'm kicked out to the login screen. I need some advice to how and where begin to search for the problem. Which file I need to parse in search of the problem? Is there on the ML someone whith the same problem? Xorg:1.5.3-r1 nvidia-drivers:177.82 kernel:2.6.27-r7 Intel Core2Duo 8400 nvidia geforce8800GT Thanks Nicola Hello, This may or may not be your problem, but I have found xorg-sever-1.5.3 and xorg-server-1.5.3-r1 to be unstable. However, xorg-server-1.5.2 works fine for me. I just masked the other two. What I mean by unstable is that they will lock up my system - the mouse and keyboard won't work, so I have to do a hard boot. Regards, Chris Thanks for the reply, I didn't find xorg 1.5.3 unstable, I use every day with kde 3.5.10 or gnome. I had the mouse and keyboard problem too, but I resolved commenting out the entry in my xorg config file and switching to udev for keyboard and mouse configuration. I will try compiling switching back to 1.5.2 to see if something changes. Thanks again Nicola
[gentoo-user] Re: Append string on Kernel builds
Robert Bridge rob...@robbieab.com writes: On Fri, 16 Jan 2009 19:36:42 -0600 rea...@newsguy.com wrote: What I asked was if there is some tricky syntax I could use on that kernel setting that would do: linux-2.6.26-gentoo-$HOST-N Where N is an incremented number every time I build the kernel without running `mrproper'. Not quite what you are asking, but would appending a timestamp to the name work instead? It would pretty much guarantee a different name for every build. A timestamp would be fine. What syntax would I use on the kernel config item: inside menuconfig = General Setup/Local Version [...] to get a timestamp?
[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
Nikos Chantziaras rea...@arcor.de writes: rea...@newsguy.com wrote: Paul Hartman paul.hartman+gen...@gmail.com writes: I'm ashamed to admit I made the most basic mistake. I compiled uvesafb as a module. Oops! Compiled it as Y instead of M and now I have a pair of Tux sitting atop my kernel boot screen and no more 80x25 horror. :) Is there some difference in uvesafb and vesafb? I've always just ignored the uvesafb choice and used plain vesafb. I just assumed from the name of it and the menuconfig help on it that it was something only usable in `userspace'. I took that to mean after bootup.. something you'd do from the command line. Anyone here that can explain what the difference is. uvesafb also works on non-x86 system. It has one drawback though: it doesn't switch to graphical mode right from the start like vesafb does. Instead, you get the initial kernel messages in text mode and need to wait for graphics to kick-in. With vesafb, you're in graphics mode right from the start. That pretty much makes uvesafb a poor choice for bootsplash configurations. If you select both will that lead to problems? Could you invoke uvesafb from console session one you've booted?
[gentoo-user] More on /sys files
I'm in the process of rsyncing an OS to a remote file system. when rsyncing /sys to remote /sys... I get piles of errors of the form: WARNING: devices/LNXSYSTM:00/device:00/ACPI_CPU:00/power/wakeup failed verification -- update discarded (will try again). This is after a session failed so I'm re rsyncing directory by directory to make sure all is copied over. du -sh /sys on both remote and local shows: 0 But find shows something else: find /sys -type f|wc (on remote host) 5850 find /sys -type f|wc -l (on local host) 6915 What do I need to do to get remote /sys to mirror local /sys Will booting the remote... once the transfer is done cure the problem?
Re: [gentoo-user] Disable remote login for certain user
On Saturday January 17 2009 03:28:07 Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers or 3) What I usually do is, disable pam in ssh so only keys are accepted. Only if you have the key, you can login remotely. Of course that means you will have to carry your usb pendrive with you all the time :-) Regards, Norberto
Re: [gentoo-user] More on /sys files
On Sat, Jan 17, 2009 at 6:13 PM, Harry Putnam rea...@newsguy.com wrote: What do I need to do to get remote /sys to mirror local /sys Will booting the remote... once the transfer is done cure the problem? Why do you need to sync /sys? It's completely useless - kernel creates all files in /sys automatically. -- Vladimir Rusinov http://greenmice.info/
Re: [gentoo-user] Bash completion annoyance: escapes directory variables.
On 17 Jan 2009, at 13:23, Jean-Baptiste Mestelan wrote: ... Now, I am unsure whether this is a feature, but: when I tab-complete 'cd ' followed an environment variable, bash insists on escaping this variable. ex: cd $TAB - cd \$ Which means I end up typing for example # cd \$DOC and this is not resolved right. If the variable path is not preceded by 'cd ' , bash completes it OK, without escaping them. A system here does the same thing, another across town behaves correctly. (I don't actually have $DOC set on either, but `cd /` and then use autocomplete to `cd $HOME`, which is set.) I don't know much about this, but I wonder if it may be related to some of Gentoo's 3rd-party Bash-completion features? WORKING SYSTEM: $ eselect bashcomp list Available completions: [1] eselect [2] genlop * [3] vim [4] xxd $ NON-WORKING SYSTEM: $ eselect bashcomp list Available completions: [1] bash-completion-config [2] bitkeeper [3] bittorrent [4] cksfv [5] clisp [6] dsniff [7] freeciv [8] gcl [9] gentoo * [10] gkrellm [11] gnatmake [12] harbour [13] hg [14] isql [15] larch [16] lilypond [17] lisp [18] mailman [19] mcrypt [20] modules [21] mtx [22] p4 [23] povray [24] ri [25] sbcl [26] sitecopy [27] snownews [28] svk [29] unace * [30] unrar * $ You might also check bash-completion USE flags. Stroller.
Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Friday 16 January 2009 19:27:53 Paul Hartman wrote: Now I just need to find a good consolefont that doesn't look squished in 16:9 aspect ratio. Right now I'm using ter-112n (from terminus-fonts) and it's pretty good but still a little too wide for my taste. Thanks for the pointer to that rather nice font. I think the problem, if yours is like mine in having a 1280x800 screen, is that the frame buffer simply takes a standard 4:3 screen resolution and stretches it to fit. Thus I have a distorted 1024x768 console. The only way to get a narrower font seems to be to design one six or seven pixels wide instead of the usual eight. Or at least, to design a tall, narrow font that would look right when stretched in this way. I too would like to know if someone discovers one like this. -- Rgds Peter
Re: [gentoo-user] Restricting Firefox website access
On 17 Jan 2009, at 05:34, Grant wrote: ... I brought this to the shorewall list for config advice, but I was told: a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any notion of domains. So filterinG by domain is a non-starter. ... I'd like to restrict the websites one of the computers on my network can access in Firefox. It only needs to access 2 different domain names and I don't want it to be able to access any others. If it's a case of only 2 domains, then the chances are that dumb filtering will work ok. If you allow packets from computer X with a destination port of 80 only to computers with the IP address 12.154.191.10 then users of computer X will be able to access mylittlepony.com freely and also any hardcore porn sites also hosted on the same webserver (12.154.191.10). I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU. When I asked about content filtering a couple of months ago, everyone said Squid was rubbish. Actually, they ignored me. From now on, I will write all my questions in BLOCK CAPITALS in order to maximise my responses. But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Cheers, Stroller.
[gentoo-user] Re: More on /sys files
Vladimir Rusinov vladi...@greenmice.info writes: On Sat, Jan 17, 2009 at 6:13 PM, Harry Putnam rea...@newsguy.com wrote: What do I need to do to get remote /sys to mirror local /sys Will booting the remote... once the transfer is done cure the problem? Why do you need to sync /sys? It's completely useless - kernel creates all files in /sys automatically. Good... thanks
[gentoo-user] X Program to show tty messages
Hi. I looking for a way to see/monitor messages sent to the tty when a running X programs. I tryed xconsole, but it only works with /dev/console. Does anybody knows such a program ?
[gentoo-user] Re: Restricting Firefox website access
Stroller strol...@stellar.eclipse.co.uk writes: But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Did privoxy go out of business... or just not suitable for the need? I used to use it a few yrs ago but haven't had the need for quite a while now.
[gentoo-user] Grub Error 21: Selected disk does not exist
I just did an install onto a machine with a single internal IDE hard drive. hda1 is Win2K (NTFS), hda2 is swap, hda3 is Gentoo root (ext3). I was following the quick install doc, and everything went fine until I got to the section on installing grub. After emerging grub, the root command failed: grub root (hd0,2) Error 21: Selected disk does not exist I tried hd0,hd1,hd2,hd3 with various paritions from 0 to 2 and always got an Error 21. The drive is recognized correctly by the BIOS, and Win2K boots and runs fine. I rebooted and chroot'ed several times and always got Error 21. So, I downloaded a Grub CD from http://www.supergrubdisk.org/. The grub on the CD recognized the disk and all partitions correctly and installed just fine using the normal procedure: root (hd0,2) setup (hd0) I rebooted, and everything works great. Any ideas on why grub couldn't see any hard drives when it was run from the 2008.0 minimal install CD's chroot'ed environment? I've done dozens of Gentoo installs, and I've never seen this problem before. -- Grant
Re: [gentoo-user] Restricting Firefox website access
I brought this to the shorewall list for config advice, but I was told: a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any notion of domains. So filterinG by domain is a non-starter. ... I'd like to restrict the websites one of the computers on my network can access in Firefox. It only needs to access 2 different domain names and I don't want it to be able to access any others. If it's a case of only 2 domains, then the chances are that dumb filtering will work ok. If you allow packets from computer X with a destination port of 80 only to computers with the IP address 12.154.191.10 then users of computer X will be able to access mylittlepony.com freely and also any hardcore porn sites also hosted on the same webserver (12.154.191.10). I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU. I was quoting the other thread. Guess I should have used [quote][/quote]. - Grant When I asked about content filtering a couple of months ago, everyone said Squid was rubbish. Actually, they ignored me. From now on, I will write all my questions in BLOCK CAPITALS in order to maximise my responses. But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Cheers, Stroller.
Re: [gentoo-user] Bash completion annoyance: escapes directory variables.
On Sat, Jan 17, 2009 at 03:27:04PM +, Stroller wrote: On 17 Jan 2009, at 13:23, Jean-Baptiste Mestelan wrote: ... Now, I am unsure whether this is a feature, but: when I tab-complete 'cd ' followed an environment variable, bash insists on escaping this variable. ex: cd $TAB - cd \$ Which means I end up typing for example # cd \$DOC and this is not resolved right. If the variable path is not preceded by 'cd ' , bash completes it OK, without escaping them. A system here does the same thing, another across town behaves correctly. (I don't actually have $DOC set on either, but `cd /` and then use autocomplete to `cd $HOME`, which is set.) I don't know much about this, but I wonder if it may be related to some of Gentoo's 3rd-party Bash-completion features? I have the same problem, and it also won't tab complete file names inside back quotes as it used to. If I have /tmp/fix-me-now, this will simply beep. It used to work. I have gotten so used to gentoo enhancements screwing up things like this that I won't waste time filing bug reports or whining on the mailing liost until it has gone several weeks without being fixed. I figure sooner or later some dev will notice it without haviung to ignore my whinings in the mean time. $ emacs `cat /tmp/fix[TAB] -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
Re: [gentoo-user] Re: Restricting Firefox website access
But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Did privoxy go out of business... or just not suitable for the need? I used to use it a few yrs ago but haven't had the need for quite a while now. What is the advantage of privoxy over squid? Maybe simplicity? - Grant
Re: [gentoo-user] Restricting Firefox website access
That sounds good, how can I do that? iptables module owner handles that stuff, just man iptables if you'll have any trouble. iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j REJECT I brought this to the shorewall list for config advice, but I was told: a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any notion of domains. So filterinG by domain is a non-starter. b) When referring to packet filters, filtering by user id (e.g., root) can only be done for connections originating from the firewall. See man shoreall-rules and read about the USER/GROUP column. Here was my original request: I'd like to restrict the websites one of the computers on my network can access in Firefox. It only needs to access 2 different domain names and I don't want it to be able to access any others. I can restrict it at the router if necessary because the router is a Gentoo system. I think this leaves a squid proxy setup as my only option? Restrict by source AND destination IP This requires only that the computer in question has a static IP or a permanent lease (so you always know what it is), and you know the IP of the web sites to be accessed (dig is a very good friend). Allow these, deny everything else to destination port 80. That sounds good, but I won't be able to fetch all updates that portage might want, right? - Grant
Re: [gentoo-user] Restricting Firefox website access
On Saturday 17 January 2009 20:12:06 Grant wrote: This requires only that the computer in question has a static IP or a permanent lease (so you always know what it is), and you know the IP of the web sites to be accessed (dig is a very good friend). Allow these, deny everything else to destination port 80. That sounds good, but I won't be able to fetch all updates that portage might want, right? There's always a wrinkle isn't there? I find in real terms that my machines get all their updates from gentoo.org or from the gentoo mirror on the ftp server at work. That works for me, if those two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will not solve. Perhaps the same is true of your environment. Failing that, I think you need to haul out the big guns, along with the big administration burden, and run an http proxy -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Restricting Firefox website access
That sounds good, how can I do that? iptables module owner handles that stuff, just man iptables if you'll have any trouble. iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j REJECT I brought this to the shorewall list for config advice, but I was told: a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any notion of domains. So filterinG by domain is a non-starter. b) When referring to packet filters, filtering by user id (e.g., root) can only be done for connections originating from the firewall. See man shoreall-rules and read about the USER/GROUP column. Here was my original request: I'd like to restrict the websites one of the computers on my network can access in Firefox. It only needs to access 2 different domain names and I don't want it to be able to access any others. I can restrict it at the router if necessary because the router is a Gentoo system. I think this leaves a squid proxy setup as my only option? Restrict by source AND destination IP This requires only that the computer in question has a static IP or a permanent lease (so you always know what it is), and you know the IP of the web sites to be accessed (dig is a very good friend). Allow these, deny everything else to destination port 80. That sounds good, but I won't be able to fetch all updates that portage might want, right? - Grant But I could install a wide-open firewall on the system-to-restrict and use that firewall to restrict website access instead of the router's firewall. That way I could consider the user (root, non-root) when deciding whether or not to allow the 80/443 outbound connection since: When referring to packet filters, filtering by user id (e.g., root) can only be done for connections originating from the firewall. That should restrict website access and allow portage to do its thing. - Grant
Re: [gentoo-user] Disable remote login for certain user
an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. - Grant or 3) What I usually do is, disable pam in ssh so only keys are accepted. Only if you have the key, you can login remotely. Of course that means you will have to carry your usb pendrive with you all the time :-) Regards, Norberto
Re: [gentoo-user] Disable remote login for certain user
Should I do that via an ssh config setting, in shorewall, or somewhere else? I believe the right way would be to add 'account required pam_access.so' line to /etc/pam.d/system-auth and define login restrictions in /etc/securety/access.conf (it's also quite well documented). That way you'll block ssh/ftp/mail etc logins for that account, which should also be prone to brutforce attacks because of weak password. The catch is, of course, that you should have pam on your system ;) -- Mike Kazantsev // fraggod.net Can anyone tell me how to find out which users on a system have a login shell (e.g. not /bin/nologin)? - Grant
Re: [gentoo-user] digikam, gtkam,... what's else?
Andrew Gaydenko wrote: digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo bugs related to 'digikam'), gtkam shows PTP I/O error... Is there other software I have missed? I have Canon ixus 40 camera. Does one of these in Konqueror work? media:/camera system:/media/camera It doesn't here either but it is most likely miss configured here since I use gtkam. You may want to try gtkam if all else fails. Put CAMERAS=canon ptp2 in your make.conf and it should work. Dale :-) :-)
Re: [gentoo-user] Restricting Firefox website access
Alan McKinnon wrote: On Saturday 17 January 2009 20:12:06 Grant wrote: This requires only that the computer in question has a static IP or a permanent lease (so you always know what it is), and you know the IP of the web sites to be accessed (dig is a very good friend). Allow these, deny everything else to destination port 80. That sounds good, but I won't be able to fetch all updates that portage might want, right? There's always a wrinkle isn't there? I find in real terms that my machines get all their updates from gentoo.org or from the gentoo mirror on the ftp server at work. That works for me, if those two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will not solve. Perhaps the same is true of your environment. Failing that, I think you need to haul out the big guns, along with the big administration burden, and run an http proxy I setup my squid proxy probably 5 years ago, I moved the config over when I switched to gentoo a couple of years ago, and it still works. I would say I spend around 10 minutes a year performing admin tasks on my (home) squid server. I just wanted to let it be said that squid doesn't have to be a big burden. Matt
Re: [gentoo-user] Disable remote login for certain user
On Samstag 17 Januar 2009, Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I really would not do that. Instead create a user to log in and su to root. Root should not be allowed to log in - way to risky.
[gentoo-user] Re: Restricting Firefox website access
Grant emailgr...@gmail.com writes: But I had expected Squid + module to be the answer, and no-one mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious reply I got, so you might want to look at that, too. http://www.gossamer-threads.com/lists/gentoo/user/175114 I really should be implementing this internet filtering this weekend. Did privoxy go out of business... or just not suitable for the need? I used to use it a few yrs ago but haven't had the need for quite a while now. What is the advantage of privoxy over squid? Maybe simplicity? Not sure there is one. I ran privoxy through squid. Privoxy talked direct to squid.
Re: [gentoo-user] Disable remote login for certain user
an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I really would not do that. Instead create a user to log in and su to root. Root should not be allowed to log in - way to risky. Is the idea to put 2 passwords in the way of gaining root access? The problem is twice as many passwords to memorize. Even if the 2 passwords are the same, I suppose they would have to come up with the username too which is a (thin) extra layer. Is that done with 'AllowUsers user'? - Grant
Re: [gentoo-user] digikam, gtkam,... what's else?
On Saturday 17 January 2009 21:52:19 Dale wrote:
Andrew Gaydenko wrote:
digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo
bugs related to 'digikam'), gtkam shows PTP I/O error... Is there other
software I have missed? I have Canon ixus 40 camera.
Does one of these in Konqueror work?
media:/camera
system:/media/camera
Have tried with krusader ('camera:/') - just got infinite nested subdirs with
the camera name.
It doesn't here either but it is most likely miss configured here since
I use gtkam. You may want to try gtkam if all else fails. Put
CAMERAS=canon ptp2 in your make.conf and it should work.
Already have.
Dale
:-) :-)
Re: [gentoo-user] digikam, gtkam,... what's else?
Andrew Gaydenko wrote: On Saturday 17 January 2009 21:52:19 Dale wrote: It doesn't here either but it is most likely miss configured here since I use gtkam. You may want to try gtkam if all else fails. Put CAMERAS=canon ptp2 in your make.conf and it should work. Already have. Dale :-) :-) Does gtkam not work either? If not, you may have something other than software problems. It may be something not recognizing your camera for some reason. May want to check your logs for errors. I'm not using KDE 4 but gtkam should work regardless since it is not KDE. Dale :-) :-)
Re: [gentoo-user] Disable remote login for certain user
Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I really would not do that. Instead create a user to log in and su to root. Root should not be allowed to log in - way to risky. Is the idea to put 2 passwords in the way of gaining root access? The problem is twice as many passwords to memorize. Even if the 2 passwords are the same, I suppose they would have to come up with the username too which is a (thin) extra layer. Is that done with 'AllowUsers user'? - Grant I would think the point is every hacker out there knows the user root exists. They may not know the other users but they know root is there so they just script the user root and bang away at passwords and hope they get lucky. Eventually, they will get lucky if they try long enough. Think of it this way. If root is disabled, they have to figure out which user can su to root since all may not be allowed to. They also have to guess that users password. Then on top of that they have to guess the root password too. They have to get the user name, password and the root password right before they can do anything. If you allow root access, they only need the root password. Guessing one is easier than guessing three. Dale :-) :-)
Re: [gentoo-user] X Program to show tty messages
Fernando Antunes wrote:
Hi.
I looking for a way to see/monitor messages sent to the tty when a
running X programs.
I tryed xconsole, but it only works with /dev/console. Does anybody
knows such a program ?
I'm not sure this is what you are looking for but try knotify.
* kde-base/knotify
Available versions: (4.1) ~4.1.4
{debug kdeprefix}
Homepage:http://www.kde.org/
Description: The KDE notification daemon.
Dale
:-) :-)
Re: [gentoo-user] Disable remote login for certain user
On Samstag 17 Januar 2009, Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I really would not do that. Instead create a user to log in and su to root. Root should not be allowed to log in - way to risky. Is the idea to put 2 passwords in the way of gaining root access? one key+username and one password. The problem is twice as many passwords to memorize. Even if the 2 passwords are the same, I suppose they would have to come up with the username too which is a (thin) extra layer. just use pubkey for ssh. It is much saver anyway.
Re: [gentoo-user] Bash completion annoyance: escapes directory variables.
2009/1/17 Stroller strol...@stellar.eclipse.co.uk: I don't know much about this, but I wonder if it may be related to some of Gentoo's 3rd-party Bash-completion features? I have unmerged gentoo-bashcomp, but the problem remains. So, this would put the blame on bash-completion. I am using bash-completion-20060301. Following your message, I have upgraded to latest (unstable) bash-completion-20081218 *and this solved the original problem* : tab-completion now does not escape variables after 'cd' ! BUT (there had to be a 'but') ... gentoo-bashcomp does not play well with this latest version, meaning that after re-installing bashcomp, completion does not work after gentoo commands (emerge, ebuild ...). So, I think I will get back to bash-completion-20060301, and use cdb instead of path variables. Thanks for attention and suggestions. You might also check bash-completion USE flags. # equery uses app-shells/bash-completion [ Searching for packages matching app-shells/bash-completion... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [: Right column (I) - USE flags packages was installed with ] [ No USE flags found for app-shells/bash-completion-20060301]
Re: [gentoo-user] digikam, gtkam,... what's else?
On Saturday 17 January 2009 22:38:43 Dale wrote: Andrew Gaydenko wrote: On Saturday 17 January 2009 21:52:19 Dale wrote: It doesn't here either but it is most likely miss configured here since I use gtkam. You may want to try gtkam if all else fails. Put CAMERAS=canon ptp2 in your make.conf and it should work. Already have. Dale :-) :-) Does gtkam not work either? If not, you may have something other than software problems. It may be something not recognizing your camera for some reason. May want to check your logs for errors. In fact, there are many googling results wrt this gtkam error message - too many to identify the problem reason :-) I'm not using KDE 4 but gtkam should work regardless since it is not KDE. Dale :-) :-)
Re: [gentoo-user] Grub Error 21: Selected disk does not exist
On Saturday 17 January 2009, Grant Edwards wrote: I just did an install onto a machine with a single internal IDE hard drive. hda1 is Win2K (NTFS), hda2 is swap, hda3 is Gentoo root (ext3). I was following the quick install doc, and everything went fine until I got to the section on installing grub. After emerging grub, the root command failed: grub root (hd0,2) Error 21: Selected disk does not exist I tried hd0,hd1,hd2,hd3 with various paritions from 0 to 2 and always got an Error 21. The drive is recognized correctly by the BIOS, and Win2K boots and runs fine. I rebooted and chroot'ed several times and always got Error 21. So, I downloaded a Grub CD from http://www.supergrubdisk.org/. The grub on the CD recognized the disk and all partitions correctly and installed just fine using the normal procedure: root (hd0,2) setup (hd0) I rebooted, and everything works great. Any ideas on why grub couldn't see any hard drives when it was run from the 2008.0 minimal install CD's chroot'ed environment? I've done dozens of Gentoo installs, and I've never seen this problem before. Did you try tab completion at: grub root ( --tab Had you chrooted properly at the time and could you see the grub fs under /boot/grub ?. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] X Program to show tty messages
On Saturday 17 January 2009, Fernando Antunes wrote:
Hi.
I looking for a way to see/monitor messages sent to the tty when a running
X programs.
I tryed xconsole, but it only works with /dev/console. Does anybody knows
such a program ?
I think you need to comment out /dev/tty12 and enter something like:
destination xconsole { pipe(/dev/xconsole); };
destination console_all { file(/dev/console); };
in your /etc/syslog-ng/syslog-ng.conf.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] Grub Error 21: Selected disk does not exist
On Sat, Jan 17, 2009 at 05:31:22PM +, Grant Edwards wrote: I was following the quick install doc, and everything went fine until I got to the section on installing grub. After emerging grub, the root command failed: grub root (hd0,2) Error 21: Selected disk does not exist Did you try it on a chroot system ? If so, did you have access on /dev /proc and /sys inside the chroot ? -- Nicolas Sebrecht
Re: [gentoo-user] More on /sys files
On Sat, 17 Jan 2009 09:13:44 -0600, Harry Putnam wrote: I'm in the process of rsyncing an OS to a remote file system. when rsyncing /sys to remote /sys... I get piles of errors /sys is a virtual filesystem, like /dev and /proc. Even if you do succeed on copying the contents,you'll only waste space on the root partition of the new machine and the virtual filesystems will get mounted over them. On my desktop, one file in /proc is more that ten times the size of the root filesystem! Use the -x option with rsync to prevent copying these. -- Neil Bothwick Yes, I am an agent of Satan, but my duties are largely ceremonial. signature.asc Description: PGP signature
Re: [gentoo-user] digikam, gtkam,... what's else?
Andrew Gaydenko wrote: On Saturday 17 January 2009 22:38:43 Dale wrote: Andrew Gaydenko wrote: On Saturday 17 January 2009 21:52:19 Dale wrote: It doesn't here either but it is most likely miss configured here since I use gtkam. You may want to try gtkam if all else fails. Put CAMERAS=canon ptp2 in your make.conf and it should work. Already have. Dale :-) :-) Does gtkam not work either? If not, you may have something other than software problems. It may be something not recognizing your camera for some reason. May want to check your logs for errors. In fact, there are many googling results wrt this gtkam error message - too many to identify the problem reason :-) I'm not using KDE 4 but gtkam should work regardless since it is not KDE. Dale :-) :-) If that many programs can't access your camera, either the system is not able to recognize the camera or you have other problems. Maybe you can post the related portion of /var/log/messages or whatever log your system uses and we can help. Right now, I have no other clue. We have to have more info before we can help. Dale :-) :-)
Re: [gentoo-user] digikam, gtkam,... what's else?
On Sunday 18 January 2009 00:48:25 Dale wrote: If that many programs can't access your camera, either the system is not able to recognize the camera or you have other problems. Maybe you can post the related portion of /var/log/messages or whatever log your system uses and we can help. Right now, I have no other clue. We have to have more info before we can help. Dale :-) :-) Dale, you are right. I have tried gphoto2 from CLI - the error takes place. Probably will file an issue for upstream team. Unfortunately, there was very long period since last camera using, and I can not presume which update is the problem reason.
[gentoo-user] Re: Grub Error 21: Selected disk does not exist
On 2009-01-17, Nicolas Sebrecht nicolas.s-...@laposte.net wrote: On Sat, Jan 17, 2009 at 05:31:22PM +, Grant Edwards wrote: I was following the quick install doc, and everything went fine until I got to the section on installing grub. After emerging grub, the root command failed: grub root (hd0,2) Error 21: Selected disk does not exist Did you try it on a chroot system? Yes, that was in the chroot'ed system. If so, did you have access on /dev /proc and /sys inside the chroot? I thought so. Everything else seemed to work. I definitely checked to make sure /proc was mounted -- I cut/pasted the commands from the quick-install web page (changing sda to hda). But, now that you mention it, something in /dev was wrong because the first time I booted Gentoo off hda2, the issue message that's displayed before the login prompt gave instructions on how to fix /dev. I never figured out what exactly was wrong, but following the instructions fixed it. It took me a while to get to that point since I tripped over the grub bug that displays a blank menu and then corrupts the console. Apparently there's something wrong with the splash.xpm.gz file, and you have to comment out the splashcreen line in menu.lst. -- Grant
[gentoo-user] Re: Grub Error 21: Selected disk does not exist
On 2009-01-17, Mick michaelkintz...@gmail.com wrote: On Saturday 17 January 2009, Grant Edwards wrote: grub root (hd0,2) Error 21: Selected disk does not exist Did you try tab completion at: grub root ( --tab Nope, I didn't know about tab completion. And now that I've got grub installed and Gentoo is booted, it's working fine. I think something was broken in /dev Had you chrooted properly at the time and could you see the grub fs under /boot/grub ?. I cut/pasted the commands from the quick install guide to do the chroot. And I rebooted and chroot'ed twice just to make sure. -- Grant
[gentoo-user] Reconciling users and services
I have some users on a system and some services. How can I make sure only certain users can log into certain services? Do I need to explicitly define which users can log into each service? Are there different types of users so that some can only log into certain services? For example, I know any user that has their shell set to /bin/nologin can't log into a shell. How can I check on users' shell settings? - Grant
Re: [gentoo-user] digikam, gtkam,... what's else?
Andrew Gaydenko wrote: On Sunday 18 January 2009 00:48:25 Dale wrote: If that many programs can't access your camera, either the system is not able to recognize the camera or you have other problems. Maybe you can post the related portion of /var/log/messages or whatever log your system uses and we can help. Right now, I have no other clue. We have to have more info before we can help. Dale :-) :-) Dale, you are right. I have tried gphoto2 from CLI - the error takes place. Probably will file an issue for upstream team. Unfortunately, there was very long period since last camera using, and I can not presume which update is the problem reason. In my past, it was a permissions issue that got me. Make sure you are in the right groups, or try as root. If it works as root, then it should be a permissions problem or missing group. If it don't work as root, oh boy, you got problems now. ;-) Dale :-) :_)
[gentoo-user] Re: X Program to show tty messages
On Sat, Jan 17, 2009 at 1:55 PM, Fernando Antunes fs.antu...@gmail.comwrote: Hi. I looking for a way to see/monitor messages sent to the tty when a running X programs. I tryed xconsole, but it only works with /dev/console. Does anybody knows such a program ? Sorry if my poor english vocabulary didn't help you to understand me. I'd like to see the output text sent by the graphicals programs to the tty1 when a running in X. Nowaday I using CTRL+ALT+F1 to see them. I figure out if is there a program that capture and show them in X a window.
Re: [gentoo-user] Reconciling users and services
On Samstag 17 Januar 2009, Grant wrote: I have some users on a system and some services. How can I make sure only certain users can log into certain services? Do I need to explicitly define which users can log into each service? Are there different types of users so that some can only log into certain services? For example, I know any user that has their shell set to /bin/nologin can't log into a shell. How can I check on users' shell settings? /etc/passwd?
Re: [gentoo-user] Bash completion annoyance: escapes directory variables.
On Sat, 17 Jan 2009 20:59:38 +0100 Jean-Baptiste Mestelan meste...@gmail.com wrote: BUT (there had to be a 'but') ... gentoo-bashcomp does not play well with this latest version, meaning that after re-installing bashcomp, completion does not work after gentoo commands (emerge, ebuild ...). Did you try using unstable gentoo-bashcomp too? /PA
[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Sat, 17 Jan 2009 15:32:38 + Peter Humphrey pe...@humphrey.ukfsn.org wrote: On Friday 16 January 2009 19:27:53 Paul Hartman wrote: Now I just need to find a good consolefont that doesn't look squished in 16:9 aspect ratio. Right now I'm using ter-112n (from terminus-fonts) and it's pretty good but still a little too wide for my taste. Thanks for the pointer to that rather nice font. I think the problem, if yours is like mine in having a 1280x800 screen, is that the frame buffer simply takes a standard 4:3 screen resolution and stretches it to fit. Thus I have a distorted 1024x768 console. I also have a 1280x800 screen and uvesafb works for me without distortion with this kernel video option in grub.conf: video=uvesafb:1280x800-32,mtrr:3,ywrap -- »Q« Kleeneness is next to Gödelness.
Re: [gentoo-user] Bash completion annoyance: escapes directory variables.
2009/1/18 Peter Alfredsen loki_...@gentoo.org: Did you try using unstable gentoo-bashcomp too? Yes, exact same result, meaning gentoo specific completion is disabled. Does it work for you folks ?
[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Fri, 16 Jan 2009 01:42:30 -0600 Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman paul.hartman+gen...@gmail.com wrote: Hi, Does anyone here use uvesafb? I followed the instructions to install uvesafb from this page: http://dev.gentoo.org/~spock/projects/uvesafb/ However, it does not work. Is it required to use initrd in order to use uvesafb? (because I don't use it...) the 80x25 looks absolutely horrible and I'd love to have something usable without needing to be in X. I have an nvidia geforce 9600GT card using the latest nvidia-drivers, and am on amd64 if it matters. I'm ashamed to admit I made the most basic mistake. I compiled uvesafb as a module. Oops! Compiled it as Y instead of M and now I have a pair of Tux sitting atop my kernel boot screen and no more 80x25 horror. :) You mean you are now successfully using uvesafb *without* an initrd or initramfs? Spock's site says you need v86d, and I don't know how else to get it. If I boot a kernel without it, uvesafb doesn't work for me. -- »Q« Kleeneness is next to Gödelness.
Re: [gentoo-user] Reconciling users and services
On Saturday January 17 2009 20:09:31 Grant wrote: I have some users on a system and some services. How can I make sure only certain users can log into certain services? Depends on the service and how it is configured. Can you be more specific on what services yo want limited access?
Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Sat, Jan 17, 2009 at 6:32 PM, »Q« boxc...@gmx.net wrote: On Fri, 16 Jan 2009 01:42:30 -0600 Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman paul.hartman+gen...@gmail.com wrote: Hi, Does anyone here use uvesafb? I followed the instructions to install uvesafb from this page: http://dev.gentoo.org/~spock/projects/uvesafb/ However, it does not work. Is it required to use initrd in order to use uvesafb? (because I don't use it...) the 80x25 looks absolutely horrible and I'd love to have something usable without needing to be in X. I have an nvidia geforce 9600GT card using the latest nvidia-drivers, and am on amd64 if it matters. I'm ashamed to admit I made the most basic mistake. I compiled uvesafb as a module. Oops! Compiled it as Y instead of M and now I have a pair of Tux sitting atop my kernel boot screen and no more 80x25 horror. :) You mean you are now successfully using uvesafb *without* an initrd or initramfs? Spock's site says you need v86d, and I don't know how else to get it. If I boot a kernel without it, uvesafb doesn't work for me. Well you need the initramfs stuff is configured in the kernel as stated in the instructions at his website, but I'm not (not have I ever) used the initrd. My grub config (possibly wordwrapped by gmail) is: default 0 timeout 10 splashimage=(hd0,0)/grub/splash.xpm.gz title=Gentoo Linux 2.6 root (hd0,0) kernel /vmlinuz root=/dev/sda5 doscsi dodmraid nmi_watchdog=0 rootfstype=ext4 video=uvesafb:1280x720p-59,mtrr:3,ywrap
Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Sat, Jan 17, 2009 at 9:32 AM, Peter Humphrey pe...@humphrey.ukfsn.org wrote: On Friday 16 January 2009 19:27:53 Paul Hartman wrote: Now I just need to find a good consolefont that doesn't look squished in 16:9 aspect ratio. Right now I'm using ter-112n (from terminus-fonts) and it's pretty good but still a little too wide for my taste. Thanks for the pointer to that rather nice font. I think the problem, if yours is like mine in having a 1280x800 screen, is that the frame buffer simply takes a standard 4:3 screen resolution and stretches it to fit. Thus I have a distorted 1024x768 console. The only way to get a narrower font seems to be to design one six or seven pixels wide instead of the usual eight. Or at least, to design a tall, narrow font that would look right when stretched in this way. I too would like to know if someone discovers one like this. Well, my framebuffer is 1280x720 which is proper 16:9 aspect ratio for my monitor, but the consolefonts I've tried just don't seem quite my flavor. I want a small font (so I can fit a lot of characters in the screen) without being short, by which I mean I'd rather have an 8x16 font than an 8x8. In Konsole I'm using Fixed [ETL] 10pt, whatever that is, maybe it's the default, I can't remember, but it's nice.
Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
On Sat, Jan 17, 2009 at 9:20 PM, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Sat, Jan 17, 2009 at 6:32 PM, »Q« boxc...@gmx.net wrote: On Fri, 16 Jan 2009 01:42:30 -0600 Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman paul.hartman+gen...@gmail.com wrote: Hi, Does anyone here use uvesafb? I followed the instructions to install uvesafb from this page: http://dev.gentoo.org/~spock/projects/uvesafb/ However, it does not work. Is it required to use initrd in order to use uvesafb? (because I don't use it...) the 80x25 looks absolutely horrible and I'd love to have something usable without needing to be in X. I have an nvidia geforce 9600GT card using the latest nvidia-drivers, and am on amd64 if it matters. I'm ashamed to admit I made the most basic mistake. I compiled uvesafb as a module. Oops! Compiled it as Y instead of M and now I have a pair of Tux sitting atop my kernel boot screen and no more 80x25 horror. :) You mean you are now successfully using uvesafb *without* an initrd or initramfs? Spock's site says you need v86d, and I don't know how else to get it. If I boot a kernel without it, uvesafb doesn't work for me. Well you need the initramfs stuff is configured in the kernel as stated in the instructions at his website, but I'm not (not have I ever) used the initrd. My grub config (possibly wordwrapped by gmail) is: default 0 timeout 10 splashimage=(hd0,0)/grub/splash.xpm.gz title=Gentoo Linux 2.6 root (hd0,0) kernel /vmlinuz root=/dev/sda5 doscsi dodmraid nmi_watchdog=0 rootfstype=ext4 video=uvesafb:1280x720p-59,mtrr:3,ywrap I forgot to specify: the kernel setting CONFIG_INITRAMFS_SOURCE=/usr/share/v86d/initramfs compiled v86d into the kernel, so it doesn't need to execute the /sbin/v86d
[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?
In 58965d8a0901171927q12cac290ocead4eb8409d9...@mail.gmail.com, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Sat, Jan 17, 2009 at 9:20 PM, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Sat, Jan 17, 2009 at 6:32 PM, »Q« boxc...@gmx.net wrote: On Fri, 16 Jan 2009 01:42:30 -0600 You mean you are now successfully using uvesafb *without* an initrd or initramfs? Spock's site says you need v86d, and I don't know how else to get it. If I boot a kernel without it, uvesafb doesn't work for me. Well you need the initramfs stuff is configured in the kernel as stated in the instructions at his website, but I'm not (not have I ever) used the initrd. [snip] I forgot to specify: the kernel setting CONFIG_INITRAMFS_SOURCE=/usr/share/v86d/initramfs compiled v86d into the kernel, so it doesn't need to execute the /sbin/v86d Ah, thanks, I see. I think my initial confusion was due to my misreading of your original post. I do it the same way you do, compiling it into the kernel, both on Gentoo and Slackware. -- »Q« Kleeneness is next to Gödelness.
RE: [gentoo-user] Avahi Keeps failing on Emerge - Maybe a Python Error?
I'm sorry about the delay in closing this. I finally figured out if I remove -pipe from my /etc/make.conf CFLAGS that all my compile errors go away. Looking at the reference on the subject this option tells GCC not to create temporary files when compiling but to turn this off if low on RAM. Not sure why this happens as I have a 1GB Ram. Maybe this is not enough these days. Anyway problem solved. Regards, Richard === Try to find out why this strange configure command line is being called (take a look at the ebuild) Also, there are other logs you can post. I don't remember exactly the names, but I think there are multiple configure log files like configure.log and configure.error (or something like that) that says exactly why did configure concluded that a certain feature is missing. The log you provided does not say why configure concluded there is no pygtk, but configure usually *does* explain this (is specific log files. Do a little search). Regards, Jorge Peixoto -- Software is like sex: it is better when it is free - Linus Torvalds No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.8/1899 - Release Date: 17/01/2009 5:50 PM
Re: [gentoo-user] Disable remote login for certain user
On Sat, 17 Jan 2009 10:50:31 -0800
Grant emailgr...@gmail.com wrote:
Can anyone tell me how to find out which users on a system have a
login shell (e.g. not /bin/nologin)?
echo 'Unavailable user accounts:'; for usr in `cat /etc/passwd`; do
usr=${usr%%:*}; exit | su $usr /dev/null 21 || echo -n $usr ; done
--
Mike Kazantsev // fraggod.net
signature.asc
Description: PGP signature
Re: [gentoo-user] digikam, gtkam,... what's else?
On Sunday 18 January 2009 01:11:51 Dale wrote: In my past, it was a permissions issue that got me. Make sure you are in the right groups, or try as root. If it works as root, then it should be a permissions problem or missing group. If it don't work as root, oh boy, you got problems now. ;-) Yes, I have got :-) Have sent debug info to gphoto mailing list. Dale :-) :_)
Re: [gentoo-user] digikam, gtkam,... what's else?
Andrew Gaydenko wrote: On Sunday 18 January 2009 01:11:51 Dale wrote: In my past, it was a permissions issue that got me. Make sure you are in the right groups, or try as root. If it works as root, then it should be a permissions problem or missing group. If it don't work as root, oh boy, you got problems now. ;-) Yes, I have got :-) Have sent debug info to gphoto mailing list. Dale :-) :_) Most Canon cameras that I have read about are p2p or something. It should just work but maybe there is something specific about your model or they are changing the camera part. I'm just glad I like my little Canon PowerShotA95. It has the flip out display which is hard to find now. I like mine that way to protect the display. I don't think there is a scratch on mine anywhere. I hope they fix the bug or give a workaround soon. Dale :-) :-) P.S. I recently got me a little cheap card reader to use for the camera and the cell phone card. That works very well. You do have to mount it manually but it works well. Camera uses CF and phone uses MicroSD. That may be a option. The card reader has Targus wrote on it and it was pretty cheap.
Re: [gentoo-user] Avahi Keeps failing on Emerge - Maybe a Python Error?
On Sunday 18 January 2009 06:38:15 Richard Watson wrote: I'm sorry about the delay in closing this. I finally figured out if I remove -pipe from my /etc/make.conf CFLAGS that all my compile errors go away. Looking at the reference on the subject this option tells GCC not to create temporary files when compiling but to turn this off if low on RAM. Not sure why this happens as I have a 1GB Ram. Maybe this is not enough these days. Anyway problem solved. That's an interesting result, but I can't help thinking it's the wrong solution to the wrong problem. One of my machines has had merely 1G for 2 years, before that it had 512M for 3 years and it has never shown this symptom. I have servers at work with 512M - same thing, even when building current packages. Gut feel is telling me that removing -pipe is simply revealing a deeper symptom somewhere - 1G is actually an enormous amount of memory for compilation purposes. If you feel like digging deeper, I'd be very interested to see where this one leads. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] digikam, gtkam,... what's else?
On Sunday 18 January 2009 10:37:56 Dale wrote: Most Canon cameras that I have read about are p2p or something. It should just work but maybe there is something specific about your model or they are changing the camera part. ~2-3 months ago all did work. I'm just glad I like my little Canon PowerShotA95. It has the flip out display which is hard to find now. I like mine that way to protect the display. I don't think there is a scratch on mine anywhere. I hope they fix the bug or give a workaround soon. Dale :-) :-) P.S. I recently got me a little cheap card reader to use for the camera and the cell phone card. That works very well. I have SD-card-to-memory-stick adapter - it does work. You do have to mount it manually but it works well. Camera uses CF and phone uses MicroSD. That may be a option. The card reader has Targus wrote on it and it was pretty cheap.
Re: [gentoo-user] Reconciling users and services
On Sunday 18 January 2009 00:09:31 Grant wrote: I have some users on a system and some services. How can I make sure only certain users can log into certain services? Do I need to explicitly define which users can log into each service? Are there different types of users so that some can only log into certain services? For example, I know any user that has their shell set to /bin/nologin can't log into a shell. How can I check on users' shell settings? - Grant To do this you configure each service separately (there is no central registry-type thing for this). You don't say what services you are interested in, so I have to make some assumptions. apache, samba, ftp servers, all have their own authentication methods. You have to research what methods they provide, and choose which is most appropriate. For instance, Samba can auth against kerberos/ldap or using a local smbpasswd file. For a specific user to be able to access something via samba, you ensure they have an entry in AD or a line in smbpasswd. For more simple local services, you can use user and group permissions. I have to restrict cron and wget at work, I find the easiest way is to: chown root:trusted /usr/bin/wget chown root:trusted /usr/bin/crontab users authorized to use wget/cron must then be put in the trusted group. cron has it's cron.allow and cron.deny files that you can also use. sshd has config options to limit who can do what in sshd_config. If you post back with more specifics about what you want to achieve, we can assist you better. -- alan dot mckinnon at gmail dot com
