[gentoo-user] creating ssh account without directory browsing
Hi people! For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. for example: /work/ but not / or any other scope. How would you guys accomplish that?!
Re: [gentoo-user] creating ssh account without directory browsing
Tamer Higazi writes: For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. If you need this only for things like scp, net-misc/scponly might do what you want. http://sublimation.org/scponly/wiki/index.php/Main_Page Wonko
[gentoo-user] Re: autodepclean script (was how to remove HAL)
On Sunday 22 August 2010, Walter Dnes wrote: On Sat, Aug 21, 2010 at 12:07:40PM +0200, Francesco Talamona wrote I'm unclear about the aim of your script, what does different from emerge -a --depclean followed by revdep-rebuild -- -a? The autodepclean script automatically generates a list of of target ebuuilds to clean out (i.e. cleanscript). This gives you the opportunity to review it and delete items from the list before going ahead. Does emerge -a --depclean allow you to skip individual items? Ah ok, now i see the point. Usually I prefer to stop depclean (answering no) and specify the exceptions with emerge --noreplace. This is because the exclusion of some packages from depclean can affect the following result of it. If you install a package having many dependencies, with emerge --oneshot and then run emerge --depclean you'll see that is easier to run two times depclean than edit the generated list :) Cheers Francesco -- Linux Version 2.6.35-gentoo-r1, Compiled #1 SMP PREEMPT Wed Aug 11 07:11:30 CEST 2010 Two 2.9GHz AMD Athlon 64 Processors, 4GB RAM, 11657 Bogomips Total aemaeth
[gentoo-user] chrony logrotate script EOF error
Hi All,
The chrony installed logrotate script keeps erroring out:
logrotate_script: line 5: warning: here-document at line 2 delimited by end-
of-file (wanted `EOF')
Unrecognized command
This is the script:
/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
/etc/chrony/chrony.keys`
cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
I do not understand the error. Is it telling me to add backticks? Where?
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] chrony logrotate script EOF error
Mick writes:
The chrony installed logrotate script keeps erroring out:
logrotate_script: line 5: warning: here-document at line 2 delimited by
end- of-file (wanted `EOF')
Unrecognized command
This is the script:
/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
/etc/chrony/chrony.keys`
cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
I do not understand the error. Is it telling me to add backticks?
Where?
I don't know the logrotate syntax, but in bash this would not work if the
ending EOF has leading whitespace. Try replacing the '' by '-', then
whitespace is allowed.
Wonko
Re: [gentoo-user] Disable fcron logging
Stroller writes:
On 21 Aug 2010, at 14:25, Alex Schuster wrote:
...
I want to monitor the power status of my hard drives, so I wrote a
little
script that gives me this output:
sda: standby
sdb: standby
sdc: active/idle 32°C
sdd: active/idle 37°C
This script is called every minute via an fcron entry, output goes
into a log file, and I use the file monitor plasmoid to watch this log
file in KDE.
It's working fine, but also monitor my syslog in another file
monitor plamoid, and now I get lots of these entries:
Aug 21 14:21:06 [fcron] pam_unix(fcron:session): session opened for
user root by (uid=0)
Aug 21 14:21:06 [fcron] Job /usr/local/sbin/hdstate /var/log/
hdstate started for user root (pid 24483)
Aug 21 14:21:08 [fcron] Job /usr/local/sbin/hdstate /var/log/
hdstate completed
Aug 21 14:21:08 [fcron] pam_unix(fcron:session): session closed for
user root
#!/bin/bash
while true
do
for drive in a b c d
do
/usr/sbin/smartctl /dev/sd$drive --whatever /var/log/hdstate
done
sleep 60
done
I use hdparm and hddtemp:
for hd in sda sdb sdc sdd
do
str=$( /sbin/hdparm -C /dev/$hd )
state=${str##*is: }
if [[ $state == active/idle ]] [[ $hd =~ sd[c] ]]
then
temp=$( /usr/sbin/hddtemp -q /dev/$hd )
temp=${temp% or *}
temp=${temp##* }
else
temp=
fi
echo $hd: $state $temp
done
Unfortunately, reading the temperature makes a drive in standby spin up,
and prevents automatic spindown after a while of idle time. So now I ask
for the temperature only on my system drive, the others should sleep most
of the time anyway.
I would personally update more often than this, and my concern would
be that if the process fails then your plasmoid isn't showing the
correct data.
I presume this is the same with your current setup: if cron dies then
the current temperature will not be read to file, and the plasmoid
will continue reading the last lines in /var/log/hdstate - the drive
can overheat without you knowing about it.
Nah, it's really not that important for me. I show the temperature just
for the fun of it, and for extreme temperatures I have smartd running, see
below.
I'm more interested in the active/standby state. I just added two old
additonal IDE drives for additional backups, and I want them to be silent
most of the time. So I wrote a little script to show the status so I see
when they spin up again (and they do this sometimes), and used fcron to
get the data into a log file that the plasmoids shows.
The problem with cron is that I get those cron logs I do not like, and
that the update time of 60 seconds is a little long. Running the script in
a loop, started in .kde4/Autostart, would be better, but as a user I have
no permission to call hdparm or hdtemp. I do not want to be part of the
disk group, and when using sudo I would get the logs by sudo I wanted to
avoid. So now I SUID'ed hdparm and hddtemp, changed the group to wheel and
disabled execution for others. cron problem not solved, but workarounded.
So I would expect there to be a better plasmid for this task. I'm
completely unfamiliar with plasmids, but what you really want is a
plasmid that itself runs a script and displays the stdout on your
screen. That way if there's no data, or an error, then _you see that
in the plasmid_, instead of silently ignoring it (as you may be at
present).
The easiest (but dumb) way to handle this is to add the date to your
plasmid's display so that at least you can see that something's wrong
if it doesn't match the clock. A better way is not to have to watch a
status monitor at all, and just have a script running that emails you
if the temperature is above a specified range.
I have smartd running, which should send me mails about such things. For
each drive, I have a line like this in /etc/smartd.conf:
/dev/sdc -a -n standby -o on -S on -W 5,40,45 \
-s (S/../.././12|L/../../06/06) -m r...@wonkology.org
This does some regular health checks on the drive, when it is not in
standby mode. Temperature changes of more than 5 degrees and temperatures
of 40 degrees or more are logged. I will receive an email when the
temperature reaches 45 degrees, or when it reaches a new maximum. The
maximum values are preserved across boot cycles (option -S). Every day at
12:00, a short self test is scheduled, and a long self test each sunday on
06:00.
Wonko
[gentoo-user] OT: External sound card
Hi list! I'm looking for an external sound card with USB, Firewire or ExpressCard connector. It must not be professional equipment - just something with a working SPDIF output (optical preferred). If the card can be hot-plugged and unplugged without ALSA choking on it - even better. Any recommendations? Thanks in advance! Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] creating ssh account without directory browsing
In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto: : Hi people! For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. for example: /work/ but not / or any other scope. How would you guys accomplish that?! Hi Tamer, simply set the default shell of the desired account to: /bin/bash -r. In this mode the bash will start in restricted mode. You can get further information about that in the man page of bash (section: RESTRICTED SHELL). Bye Giampiero
[gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Any ideas on this would be appreciated. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
[gentoo-user] emerge strategy gamew 0ad fail
hi all, 0ad game is a strategy game like empire Age ,is an alpha version,so it is not contained in portage tree*. *I find some ebuild in overlay ,also find in http://bugs.gentoo.org/show_bug.cgi?id=278541 but they all do not work ,I try to build it use source ,also failed. any one who play this game can give me an ebuild? or any suggestions about the error ? here is my emerg ebuild log sounds like wxGTK problem **
[gentoo-user] Re: emerge strategy gamew 0ad fail
On 22 August 2010 21:00, sam new maoben1...@gmail.com wrote: hi all, 0ad game is a strategy game like empire Age ,is an alpha version,so it is not contained in portage tree*. *I find some ebuild in overlay ,also find in http://bugs.gentoo.org/show_bug.cgi?id=278541 but they all do not work ,I try to build it use source ,also failed. any one who play this game can give me an ebuild? or any suggestions about the error ? here is my emerg ebuild log sounds like wxGTK problem **
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
cov...@ccs.covici.com writes: Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Looks like a real bad problem, I'm glad I did not update yet. http://blog.flameeyes.eu/2010/08/18/compounded-issues-in-glibc-2-12 has some explanation on this. I wonder how this glibx version did make it into ~arch. Any ideas on this would be appreciated. Don't know. Maybe wait a little and see if another new glibc fixes this, or the packages having issues with the new glibc might get updated. Wonko
Re: [gentoo-user] open-iscsi-2.0.871.3 compile fail on 2.6.32-openvz-budarin.1 kernel
Xi Shen writes: i got this error while trying to emerge the open-iscis-2.0.871.3: be2iscsi.o transport.o iscsid.o iscsi_sysfs.o: In function `iscsi_sysfs_get_blockdev_from_lun': iscsi_sysfs.c:(.text+0xe71): undefined reference to `S_ISLNK' iscsi_sysfs.c:(.text+0xed3): undefined reference to `S_ISDIR' iscsi_sysfs.o: In function `iscsi_sysfs_get_sid_from_path': iscsi_sysfs.c:(.text+0x16ed): undefined reference to `S_ISDIR' iscsi_sysfs.c:(.text+0x17bd): undefined reference to `S_ISLNK' Same problem as John Covici just posted about in the 'glibc 2.12.1-r1 seems to not be working correctly' thread. Look there for possible solutions that might come up. Wonko
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
On 8/22/10, cov...@ccs.covici.com cov...@ccs.covici.com wrote: Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Any ideas on this would be appreciated. Which package is failing? Please check if it is already reported, and if not then please report a new bug, and if possible make it block this tracker bug: http://bugs.gentoo.org/show_bug.cgi?id=331665 A wild guess out of the blue would be that the error could be simply a missing include of stat.h in the package's sources. But there might be other omissions as well, so please provide more info. I think that unless API/ABIs were changed then the older, already installed version should still work just fine, as then the missing includes would only affect compile-time situation. -- Arttu V. -- Running Gentoo is like running with scissors
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Arttu V. arttu...@gmail.com wrote: On 8/22/10, cov...@ccs.covici.com cov...@ccs.covici.com wrote: Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Any ideas on this would be appreciated. Which package is failing? Please check if it is already reported, and if not then please report a new bug, and if possible make it block this tracker bug: http://bugs.gentoo.org/show_bug.cgi?id=331665 A wild guess out of the blue would be that the error could be simply a missing include of stat.h in the package's sources. But there might be other omissions as well, so please provide more info. I think that unless API/ABIs were changed then the older, already installed version should still work just fine, as then the missing includes would only affect compile-time situation. OK, I will check on that -- I am thinking that for that package a missing include will fix this, but I could shoot whoever broke this without thinking at all. I wonder if the failure of php to compile because my_compiler.h is missing has something to do with this also? -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
[gentoo-user] SOLVED: Re: nss_updatedb pam_ccreds
In data giovedì 29 luglio 2010 18:50:13, Giampiero Gabbiani ha scritto: : Hi all, I configured nss pam in order to make LDAP authentication. In order to have a proper authentication and attributes retrieving I added also ccreds and nss_updatedb modifying /etc/pam.d/system-auth for the first and /etc/nsswithch for both: /etc/pam.d/system-auth: auth[success=done default=ignore] pam_unix.so nullok_secure try_first_pass debug auth[authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass auth[default=done] pam_ccreds.so action=validate use_first_pass auth[default=done] pam_ccreds.so action=store auth[default=bad] pam_ccreds.so action=update account [user_unknown=ignore authinfo_unavail=ignore default=done] pam_unix.so debug account [user_unknown=ignore authinfo_unavail=ignore default=done] pam_ldap.so debug account required pam_permit.so passwordrequiredpam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3 passwordsufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow passwordsufficient pam_ldap.so use_authtok use_first_pass passwordrequiredpam_deny.so session optionalpam_mkhomedir.so skel=/etc/skel/ umask=0022 session requiredpam_limits.so session requiredpam_env.so session requiredpam_unix.so session optionalpam_permit.so session optionalpam_ldap.so # /etc/nsswitch.conf: # $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $ passwd: files ldap [NOTFOUND=return] db shadow: files ldap group: files ldap [NOTFOUND=return] db #passwd: files ldap #shadow: files ldap #group: files ldap # passwd:db files nis # shadow:db files nis # group: db files nis hosts: files dns networks:files dns services:db files protocols: db files rpc: db files ethers: db files netmasks:files netgroup:files ldap bootparams: files automount: files ldap aliases: files sudoers:ldap files the problem is that, when the connection to the ldap server is down, I can't login: Jul 18 19:22:59 athena login[10600]: pam_unix(login:auth): check pass; user unknown Jul 18 19:22:59 athena login[10600]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost= Jul 18 19:22:59 athena login[10600]: pam_ldap: ldap_simple_bind Can't contact LDAP server Jul 18 19:23:02 athena login[10600]: nss_ldap: failed to bind to LDAP server ldap://vesta.homenet.telecomitalia.it: Can't contact LDAP server Jul 18 19:23:02 athena login[10600]: nss_ldap: could not search LDAP server - Server is unavailable Jul 18 19:23:02 athena login[10600]: FAILED LOGIN (1) on 'tty2' FOR `UNKNOWN', User not known to the underlying authentication module from the last line above it seems like the credentials were not cached or the nss switch doesn't use the db service for the passwd and shadow database. Is there someone that has a working configuration in order to have the cached credentials systems working properly ? Regards Giampiero The problem was due to a missing sys-libs/nss-db ebuild. This one provide the needed NSS module for using Berkeley Databases as a naming service by glibc (actually the same used by nss-updatedb). Now everything works well. Bye all Giampiero P.S. - IMHO, this should be set as a dependecy in ebuild the for the nss- updatedb ebuild...
Re: [gentoo-user] creating ssh account without directory browsing
On Sunday 22 August 2010 13:31:20 Giampiero Gabbiani wrote: In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto: : Hi people! For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. for example: /work/ but not / or any other scope. How would you guys accomplish that?! Hi Tamer, simply set the default shell of the desired account to: /bin/bash -r. In this mode the bash will start in restricted mode. You can get further information about that in the man page of bash (section: RESTRICTED SHELL). If you find that rbash is too restrictive, you can also restrict the access rights of said users, so that they can only read/write their /home and the /work directories. Use some sensible umasks to achieve this. SUID and SGID files binaries may be more difficult to restrict though. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] chrony logrotate script EOF error
On Sunday 22 August 2010 11:25:05 Alex Schuster wrote:
Mick writes:
The chrony installed logrotate script keeps erroring out:
logrotate_script: line 5: warning: here-document at line 2 delimited by
end- of-file (wanted `EOF')
Unrecognized command
This is the script:
/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
/etc/chrony/chrony.keys`
cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
I do not understand the error. Is it telling me to add backticks?
Where?
I don't know the logrotate syntax, but in bash this would not work if the
ending EOF has leading whitespace. Try replacing the '' by '-', then
whitespace is allowed.
Thanks! I've used your suggestion and will see if the error goes away.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Apparently, though unproven, at 15:29 on Sunday 22 August 2010, Arttu V. did opine thusly: On 8/22/10, cov...@ccs.covici.com cov...@ccs.covici.com wrote: Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Any ideas on this would be appreciated. Which package is failing? Please check if it is already reported, and if not then please report a new bug, and if possible make it block this tracker bug: http://bugs.gentoo.org/show_bug.cgi?id=331665 A wild guess out of the blue would be that the error could be simply a missing include of stat.h in the package's sources. But there might be other omissions as well, so please provide more info. I think that unless API/ABIs were changed then the older, already installed version should still work just fine, as then the missing includes would only affect compile-time situation. There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] chrony logrotate script EOF error
Apparently, though unproven, at 12:11 on Sunday 22 August 2010, Mick did opine
thusly:
Hi All,
The chrony installed logrotate script keeps erroring out:
logrotate_script: line 5: warning: here-document at line 2 delimited by
end- of-file (wanted `EOF')
Unrecognized command
This is the script:
/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
/etc/chrony/chrony.keys`
cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
I do not understand the error. Is it telling me to add backticks? Where?
No, it's saying it wants EOF on a line all by itself with no leading
whitespace. That thing that looks like a backtick is an open quote.
--
alan dot mckinnon at gmail dot com
Re: [gentoo-user] creating ssh account without directory browsing
Apparently, though unproven, at 10:36 on Sunday 22 August 2010, Tamer Higazi did opine thusly: Hi people! For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. for example: /work/ but not / or any other scope. How would you guys accomplish that?! Make that user's shell rbash. In rbash the user cannot cd. There's a bunch of other stuff they also cannot do. Check man bash near the end to make sure it satisfies your needs. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] chrony logrotate script EOF error
On Sunday 22 August 2010 17:25:02 Alan McKinnon wrote:
Apparently, though unproven, at 12:11 on Sunday 22 August 2010, Mick did
opine
thusly:
Hi All,
The chrony installed logrotate script keeps erroring out:
logrotate_script: line 5: warning: here-document at line 2 delimited by
end- of-file (wanted `EOF')
Unrecognized command
This is the script:
/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
/etc/chrony/chrony.keys`
cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
I do not understand the error. Is it telling me to add backticks?
Where?
No, it's saying it wants EOF on a line all by itself with no leading
whitespace. That thing that looks like a backtick is an open quote.
Hmm ... so what should the corrected logrotate script look like then?
cat
EOF
| /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] chrony logrotate script EOF error
Apparently, though unproven, at 18:44 on Sunday 22 August 2010, Mick did opine thusly: No, it's saying it wants EOF on a line all by itself with no leading whitespace. That thing that looks like a backtick is an open quote. Hmm ... so what should the corrected logrotate script look like then? cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d' password $PASSWORD cyclelogs EOF endscript } Change the other EOF instead. It's a here document, search for that phrase in man bash to find out more. It tells bash what will cause input redirection from stdin to end. The first EOF is the string to look for, the second one is the trigger that ends input -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] chrony logrotate script EOF error
On Sunday 22 August 2010 17:50:02 Alan McKinnon wrote: Apparently, though unproven, at 18:44 on Sunday 22 August 2010, Mick did opine thusly: No, it's saying it wants EOF on a line all by itself with no leading whitespace. That thing that looks like a backtick is an open quote. Hmm ... so what should the corrected logrotate script look like then? cat EOF | /usr/bin/chronyc | sed '/^200 OK$/d' password $PASSWORD cyclelogs EOF endscript } Change the other EOF instead. It's a here document, search for that phrase in man bash to find out more. It tells bash what will cause input redirection from stdin to end. The first EOF is the string to look for, the second one is the trigger that ends input Thanks Alan, I think I got it now. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: Some corruption after gnome 2.30
Adam Carter adamcarter3 at gmail.com writes: Any more suggestions? I suppose this is the same problem as http://forums.gentoo.org/viewtopic-t-837535.html, in which case the easiest workaround is to downgrade ati-drivers from 10.7 to 10.5 for now. It is not a Gnome/GTK problem (or at least not directly, I don't know precisely).
[gentoo-user] system lag with gentoo-sources-2.6.35-r2
Hello, I am having some system performance issues with this kernel release. I have a SMP machine (dual xeon nehalem 8 core / 16 threads) with 24gb non-ecc memory. On occasion (seems random so far) my system feels like a Pentium II trying to cope with Vista. For example, I was in the middle of tar'ing a semi-large file and noticed all of my apps came to a crawl. Scrolling in firefox, typing in the terminal, or trying to navigate in my file manager resulted in breif pauses that came in waves. On one occasion my system froze completely and I had to manually reset the machine. (that was with 2.6.35-r1) I didn't activate anything new in this kernel release that I don't normally activate. ie, no cpuidle driver Is there a proper venu for debugging such matters, or should I just wait for this kernel to go prime-time? Thanks for your time, Alan
[gentoo-user] php 5.3.3 will not emerge
Hi. I am having problems emerging php-5.3.3-r1 -- I am not sure if its related to the glibc problems, however its strange -- the heart of the matter is that /usr/include/mysql/my_global.h is looking for my_compiler.h which does not exist -- google search reveals nothing -- so any ideas would be appreciated. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Alan McKinnon alan.mckin...@gmail.com wrote: Apparently, though unproven, at 15:29 on Sunday 22 August 2010, Arttu V. did opine thusly: On 8/22/10, cov...@ccs.covici.com cov...@ccs.covici.com wrote: Hi. I am running the unstable gentoo 32-bit and today I emerged -- amoung other packages in a system update -- glibc-2.12.1-r1, however after doing this at least one package had an undefined reference to S_ISCHR. I tried to downgrade glibc, but apparently this is not supported and I am a bit stumped as to how to fix this problem. Any ideas on this would be appreciated. Which package is failing? Please check if it is already reported, and if not then please report a new bug, and if possible make it block this tracker bug: http://bugs.gentoo.org/show_bug.cgi?id=331665 A wild guess out of the blue would be that the error could be simply a missing include of stat.h in the package's sources. But there might be other omissions as well, so please provide more info. I think that unless API/ABIs were changed then the older, already installed version should still work just fine, as then the missing includes would only affect compile-time situation. There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing I have another idea -- what would I have to restore from backup to completely cancel the entire update process I have done since yesterday -- and then I could mask off the bad glibc and be back to something at least somewhat consistent? -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2
On Sun, Aug 22, 2010 at 8:01 PM, Alan Warren bluemoonsh...@gmail.com wrote: Is there a proper venu for debugging such matters, or should I just wait for this kernel to go prime-time? Can you reliably reproduce the problem? If so, and you have a kernel that works git-bisect should allow you to pinpoint the offending commit. By the sounds of it though, this could be related to the problems Linux has when under heavy I/O, in which case you best bet would be to look to the upstream git as there are supposed to be fixes in it. Cheers, RobbieAB.
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Apparently, though unproven, at 20:57 on Sunday 22 August 2010, cov...@ccs.covici.com did opine thusly: There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing I have another idea -- what would I have to restore from backup to completely cancel the entire update process I have done since yesterday -- and then I could mask off the bad glibc and be back to something at least somewhat consistent? I too have another idea - look at emerge.log and tell us what you emerged since yesterday. Then restore those packages. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: gnome 2.6 won't install
On Fri, 2010-07-02 at 04:39 +0200, Nicolas Sebrecht wrote: On Thu, Jul 01, 2010 at 09:34:25PM -0400, Albert Hopkins wrote: The OP was over 3 months ago. I think a lack of response speaks volumes compared to responding so late. It was a thread that was DOA. Why did you decide to dig it up? The real reason is that I don't have time to track this list in a per day, week or even in a per month basis. I don't think it's a problem that much. Is there any reason to not answer, even late? Some problem are blocking, some aren't and can be delayed a long time. Who knows? Even if everything seems to show the problem is solved or turned around, people usually like to understand what could have happen or have more clues. I already had such feedback for problems older than one year. Now, what I was saying is more about how to make my chances bigger to have answers in general than trying to explain why a lack of response. You are absolutely correct. Please continue with this thread. We look forward to your response in a month or so.
Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2
Thanks, I'm not very savvy when it comes to working with the kernel beyond using the normal stable cut gentoo provides. I'll research git-bisect and see if I can't figure this out though. I think you are correct though. It does seem to only happen while the system is under heavy I/O. I've never experienced anything like this in previous versions of the linux kernel, and resorting back to gentoo-sources-2.6.34 fixes the issue completely. If there are I/O fixes upstream, then I am assuming you are referring to a cut that is more recent then gentoo-sources-2.6.35-r2 that the Gentoo devs have yet to provide their patches to? ( I see vanilla sources has 2.6.35 .3) Thanks again, Alan On Sun, Aug 22, 2010 at 2:14 PM, Robert Bridge rob...@robbieab.com wrote: On Sun, Aug 22, 2010 at 8:01 PM, Alan Warren bluemoonsh...@gmail.com wrote: Is there a proper venu for debugging such matters, or should I just wait for this kernel to go prime-time? Can you reliably reproduce the problem? If so, and you have a kernel that works git-bisect should allow you to pinpoint the offending commit. By the sounds of it though, this could be related to the problems Linux has when under heavy I/O, in which case you best bet would be to look to the upstream git as there are supposed to be fixes in it. Cheers, RobbieAB.
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Alan McKinnon alan.mckin...@gmail.com wrote: Apparently, though unproven, at 20:57 on Sunday 22 August 2010, cov...@ccs.covici.com did opine thusly: There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing I have another idea -- what would I have to restore from backup to completely cancel the entire update process I have done since yesterday -- and then I could mask off the bad glibc and be back to something at least somewhat consistent? I too have another idea - look at emerge.log and tell us what you emerged since yesterday. Then restore those packages. -- alan dot mckinnon at gmail dot com If I tried that -- how would I downgrade glibc in the process -- I am sure I could figure out all the packages, but that downgrade scares me -- would I do the packages in reverse order, or what? I also changed my gcc before this update, I could certainly reverse that as well. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Disable fcron logging
On 22 Aug 2010, at 20:00, Stroller wrote: On 22 Aug 2010, at 11:26, Alex Schuster wrote: Stroller writes: #!/bin/bash while true do for drive in a b c d do /usr/sbin/smartctl /dev/sd$drive --whatever /var/log/hdstate done sleep 60 done I use hdparm and hddtemp: for hd in sda sdb sdc sdd do ... echo $hd: $state $temp done The script with which you reply is missing the sleep 60 loop. ... The problem with cron is that I get those cron logs I do not like, and that the update time of 60 seconds is a little long. Running the script in a loop, started in .kde4/Autostart, would be better, but as a user I have no permission to call hdparm or hdtemp. I do not want to be part of the disk group, and when using sudo I would get the logs by sudo I wanted to avoid. So now I SUID'ed hdparm and hddtemp, changed the group to wheel and disabled execution for others. cron problem not solved, but workarounded. Running a script which contains `while true ... sleep 60` will cause only a single logging action. You can run it as root at startup using /etc/conf.d/local.start and have the file world readable. Sorry, this wasn't very clear: If your script contains `while true ... sleep 60` then you'll only need to run it once. Stroller.
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
Apparently, though unproven, at 21:44 on Sunday 22 August 2010, cov...@ccs.covici.com did opine thusly: Alan McKinnon alan.mckin...@gmail.com wrote: Apparently, though unproven, at 20:57 on Sunday 22 August 2010, cov...@ccs.covici.com did opine thusly: There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing I have another idea -- what would I have to restore from backup to completely cancel the entire update process I have done since yesterday -- and then I could mask off the bad glibc and be back to something at least somewhat consistent? I too have another idea - look at emerge.log and tell us what you emerged since yesterday. Then restore those packages. If I tried that -- how would I downgrade glibc in the process -- I am sure I could figure out all the packages, but that downgrade scares me -- would I do the packages in reverse order, or what? I also changed my gcc before this update, I could certainly reverse that as well. It all depends on what tools you have available and how many packages were upgraded between yesterday and today. If you have tarballs for at least system in your packages dir, then just merge the old ones back. If not, then downgrade glibc and either emerge -e system or run revdep-rebuild. gcc is not a major issue, it simply builds runnable code and links to other stuff. As long as the ABI didn't change, and it didn't, gcc will not cause any relevant problems. The real problem is glibc which provides the C library. Almost everything links to that and it's interfaces can and do change. So packages built since that upgrade may well break with a downgrade. But like I said the best approach will depend on what packages are involved and you still haven't provided that list. I used to have a crystal ball that could gaze into your mind and your disk to find these answer, but ironically it too is now broken by the very same glibc upgrade you are dealing with. So you must look into this yourself. However, it's not all bad news - at least my fee to you will not increase. -- alan dot mckinnon at gmail dot com
[gentoo-user] Re: creating ssh account without directory browsing
Hi, Young padawan Tamer Higazi th9...@googlemail.com spoke: Hi people! For a project I need to create ssh accounts (based on shared keys) who would be loged in a specific directory. They should only be able to login in the desired directory, but not be able for outside browsing. I think you mean chroot. OpenSSH supports this, have a look at it. kalkin- -- Paranoid sein heisst frei sein (Hal Faber)
Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2
On Sun, Aug 22, 2010 at 8:35 PM, Alan Warren bluemoonsh...@gmail.com wrote: I think you are correct though. It does seem to only happen while the system is under heavy I/O. I've never experienced anything like this in previous versions of the linux kernel, and resorting back to gentoo-sources-2.6.34 fixes the issue completely. If there are I/O fixes upstream, then I am assuming you are referring to a cut that is more recent then gentoo-sources-2.6.35-r2 that the Gentoo devs have yet to provide their patches to? ( I see vanilla sources has 2.6.35 .3) Well, the fix is in the line for 2.6.36 IIRC, so wouldn't be in an 2.6.35 kernel. That said, the problem supposedly being fixed goes back well before 2.6.34, so if that kernel works, it suggests that it is a different issue you are hitting. However... If there was a FF update, that could be triggering the bug, as FF3.5+ are pretty stinky for I/O levels.
Re: [gentoo-user] Disable fcron logging
Stroller writes: The script with which you reply is missing the sleep 60 loop. No, it's only the script that outputs the drive's state. It's called by ~/.kde4/Autostart/hdstate: #!/bin/bash while : do /usr/local/sbin/hdstate ~/log/hdstate.log sleep 10 done Running a script which contains `while true ... sleep 60` will cause only a single logging action. You can run it as root at startup using / etc/conf.d/local.start and have the file world readable. Yeah, local.start woudl also be a good idea, without the need to setuid things. Maybe I'll change this. BTW, my two additional drives spin up when I log into KDE. Weird, they are not even mounted. Wonko
[gentoo-user] sudo -l strange behavour when used via LDAP
Hi all, I configured sudo in order to use LDAP and set the corrisponding defaults on the DIT set to ignore_local_sudoers. After populating the DIT with the rules, sudo works perfectly but I have a problem with the list options of sudo (-l). It seems like sudo -l for NORMAL users (i.e. not root) doesn't print the corresponding matched rule when this comes from LDAP. More exactly it matches the rule (and actually the user can perform the commands he is enabled to do) BUT they are not shown with the list option. After setting the sudoers_debug to 2 in /etc/ldap.sonf.sudo I obtain the following: gia...@athena ~ $ sudo -l LDAP Config Summary === host vesta.homenet.telecomitalia.it port -1 ldap_version 3 sudoers_base ou=sudoers,dc=gabbiani,dc=org binddn (anonymous) bindpw (anonymous) ssl (no) === sudo: ldap_create() sudo: ldap_set_option(LDAP_OPT_HOST_NAME, vesta.homenet.telecomitalia.it) sudo: ldap_set_option: debug - 0 sudo: ldap_set_option: ldap_version - 3 sudo: ldap_sasl_bind_s() ok sudo: found:cn=defaults,ou=SUDOers,dc=gabbiani,dc=org sudo: ldap sudoOption: 'ignore_local_sudoers' sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoOption: '!authenticate' sudo: user_matches=1 sudo: host_matches=1 sudo: sudo_ldap_lookup(52)=0x02 Runas and Command-specific defaults for giampa: sudo: ldap search '(|(sudoUser=giampa)(sudoUser=%giampa)(sudoUser=%wheel) (sudoUser=%floppy)(sudoUser=%audio)(sudoUser=%cdrom)(sudoUser=%video) (sudoUser=%usb)(sudoUser=%portage)(sudoUser=%plugdev)(sudoUser=%netusers) (sudoUser=%cvsadmin)(sudoUser=ALL))' sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap search 'sudoUser=+*' The root user instead correctly prints the list informations: athena ~ # sudo -l LDAP Config Summary === host vesta.homenet.telecomitalia.it port -1 ldap_version 3 sudoers_base ou=sudoers,dc=gabbiani,dc=org binddn (anonymous) bindpw (anonymous) ssl (no) === sudo: ldap_create() sudo: ldap_set_option(LDAP_OPT_HOST_NAME, vesta.homenet.telecomitalia.it) sudo: ldap_set_option: debug - 0 sudo: ldap_set_option: ldap_version - 3 sudo: ldap_sasl_bind_s() ok sudo: found:cn=defaults,ou=SUDOers,dc=gabbiani,dc=org sudo: ldap sudoOption: 'ignore_local_sudoers' sudo: ldap sudoHost 'ALL' ... MATCH! sudo: user_matches=1 sudo: host_matches=1 sudo: sudo_ldap_lookup(52)=0x02 Runas and Command-specific defaults for root: sudo: ldap search '(|(sudoUser=root)(sudoUser=%root)(sudoUser=%bin) (sudoUser=%daemon)(sudoUser=%sys)(sudoUser=%adm)(sudoUser=%disk) (sudoUser=%wheel)(sudoUser=%floppy)(sudoUser=%dialout)(sudoUser=%tape) (sudoUser=%video)(sudoUser=ALL))' sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap search 'sudoUser=+*' User root may run the following commands on this host: (ALL) ALL (ALL) NOPASSWD: ALL The expected behavour for NORMAL user is instead (this comes from another machines running mandriva 2010.1): gia...@vesta ~ $ sudo -l Runas and Command-specific defaults for giampa: ignore_local_sudoers User giampa may run the following commands on this host: (ALL) NOPASSWD: ALL Is it a bug ? Is there anyone that experimented the same? Is there anything that I to set in gentoo in order to let a normal user to display correctly the sudoers commands when coming from ldap? Many thanks in advance Giampiero
Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly
On Sunday 22 August 2010, cov...@ccs.covici.com wrote: Alan McKinnon alan.mckin...@gmail.com wrote: Apparently, though unproven, at 20:57 on Sunday 22 August 2010, cov...@ccs.covici.com did opine thusly: There is a way to downgrade for the brave. quickpkg glibc move the 2.11.? version ebuild you want to your local overlay. Edit it and find the check that disallows downgrades. Comment it out. Mask glibc2.12 update glibc At this point it's probably very wise to rebuild at least system, then revdep- rebuild. Note that rebuilding system might fail in which case you are really up the creek. Feel free to rip to pieces the dev that committed this version. It could not possibly have undergone decent testing I have another idea -- what would I have to restore from backup to completely cancel the entire update process I have done since yesterday -- and then I could mask off the bad glibc and be back to something at least somewhat consistent? I too have another idea - look at emerge.log and tell us what you emerged since yesterday. Then restore those packages. If I tried that -- how would I downgrade glibc in the process -- I am sure I could figure out all the packages, but that downgrade scares me -- would I do the packages in reverse order, or what? I also changed my gcc before this update, I could certainly reverse that as well. you can also leave that glibc version in place. Only a few packages are affected, most are fixed already. Just sync and retry the failing package. No need to downgrade glibc and recompile a bunch of packages. Besides, between 2.12.1 and 2.12.0 you should not need to recompile anything.
[gentoo-user] KDE's RSSNow Browser Selection
In a recent upgrade, I forget which one, the KDE Plasmoid RSSNow now only opens a link in Konqueror despite my setting of Firefox as the default browser. Is anyone else seeing this, and might now a setting or fix to correct this RSSNow setting? Thanks Sean
Re: [gentoo-user] Disable fcron logging
On Sunday 22 August 2010 22:39:47 Alex Schuster wrote: Stroller writes: The script with which you reply is missing the sleep 60 loop. No, it's only the script that outputs the drive's state. It's called by ~/.kde4/Autostart/hdstate: #!/bin/bash while : do /usr/local/sbin/hdstate ~/log/hdstate.log sleep 10 done Running a script which contains `while true ... sleep 60` will cause only a single logging action. You can run it as root at startup using / etc/conf.d/local.start and have the file world readable. Yeah, local.start woudl also be a good idea, without the need to setuid things. Maybe I'll change this. BTW, my two additional drives spin up when I log into KDE. Weird, they are not even mounted. From KDE-4.4.4 the start up interferes with the hard drives: http://thread.gmane.org/gmane.linux.gentoo.user/232044 I don't why but it does, messes up any settings that hdparm may have set up and p*sses me off. o_O As soon as KDE starts up (even when waking up from suspend to ram) it resets the drives. I haven't found a way of telling it how to behave (i.e. by respecting existing settings in hdparm). -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] php 5.3.3 will not emerge
cov...@ccs.covici.com wrote: Hi. I am having problems emerging php-5.3.3-r1 -- I am not sure if its related to the glibc problems, however its strange -- the heart of the matter is that /usr/include/mysql/my_global.h is looking for my_compiler.h which does not exist -- google search reveals nothing -- so any ideas would be appreciated. http://bugs.gentoo.org/show_bug.cgi?id=333923 Time to locally mask the current latest MySQL version? -- Arttu V. -- Running Gentoo is like running with scissors
Re: [gentoo-user] php 5.3.3 will not emerge
Arttu V. arttu...@gmail.com wrote: cov...@ccs.covici.com wrote: Hi. I am having problems emerging php-5.3.3-r1 -- I am not sure if its related to the glibc problems, however its strange -- the heart of the matter is that /usr/include/mysql/my_global.h is looking for my_compiler.h which does not exist -- google search reveals nothing -- so any ideas would be appreciated. http://bugs.gentoo.org/show_bug.cgi?id=333923 Time to locally mask the current latest MySQL version? I guess so, quality control seems to be declining -- I still like gentoo very much, and maybe its my imagination, but there seems to be more screwups last several months. Thanks much for the bug I appreciate all the help from this list. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
