Re: Which user env. variable tell me that it is in su - mode ?
John Summerfield wrote: The problem (in that particular case) is that your user does not seem to be part of the 'tty' group ! Other people may experience other problems It's not. Is yours? If the tool you use to create user accounts doesn't make it so (or at least suggest it should be so), and you don't know to do it, it's not done. However, setting ownership at login makes it so you can open files to it and read/write. OTOH, if I'm in the tty group, then I can write to any tty that is group writable. Do you smell a security problem here? Sorry.. I shouldn't have said 'problem'. I meant 'reason'.. I was just giving what I feel is the correct technical 'reason' why attempting to write to the file node returned by the tty command is giving a permission denied error. You were indicating that behavior was caused by the file node still having an opened file descriptor opened by root. I believe this is not the reason. Rather, the reason is that the user which you su to does not have permission to open in write mode the file node which is returned by the 'tty' command because the node ownership and permission is preventing you from doing so. That was my original point in discussing the differences between su - (which doesn't change tty ownership) and login (which does). You are of course correct that adding non privileged arbitrary users to the tty group could be a security issue. My observation is that screen creates pseudo ttys for all its sessions, sets TERM=screen and maps what comes back from the session to the tty _it_ writes to, the one active before it was started. And my observation is that screen is attempting at some point to re-open the process controlling terminal file node in order to ensure any redirection does not affect front-end 'screen' operations (as opposed to back-end which is indeed performed through the creation of ptys which DO have the appropriate ownership and permissions) - and that this fails when you su from root to a non-root user for the reason described above. This may be dependent on the version of the screen package.. But this is what I get : deb64-1:~# su - ivan i...@deb64-1:~$ screen Cannot open your terminal '/dev/pts/2' - please check. i...@deb64-1:~$ ls -l $(tty) crw--- 1 root tty 136, 2 2009-03-05 12:46 /dev/pts/2 i...@deb64-1:~$ dpkg -l screen snip/ ii screen4.0.3-11 terminal multiplexor with VT100/ANSI terminal emulation i...@deb64-1:~$ Note that the above is not restricted to Linux on z.. and not even restricted to linux altogether. Other Posix systems (Un*x, AIX, etc..) display the same difference between su - and login. --Ivan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
RHEL YUM Question
Given this YUM repos conf file..can anyone see why I am getting the following error? [RHEL5.3] name=Red Hat Enterprise Linux 5.3 baseurl=FTP://ftpuser:ftpu...@10.100.105.12/mnt2/Server/ (error msgs) ftp://ftpuser:ftpu...@10.100.105.12/mnt2/Server/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] 550 Failed to change directory. Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: RHEL5.3. Please verify its path and try again -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL YUM Question
Dave Myers píše v Čt 05. 03. 2009 v 06:01 -0700: Given this YUM repos conf file..can anyone see why I am getting the following error? [RHEL5.3] name=Red Hat Enterprise Linux 5.3 baseurl=FTP://ftpuser:ftpu...@10.100.105.12/mnt2/Server/ (error msgs) ftp://ftpuser:ftpu...@10.100.105.12/mnt2/Server/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] 550 Failed to change directory. Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: RHEL5.3. Please verify its path and try again When you use the same URL in wget, does it download the repomd.xml file? Is something interesting in the logs of the ftp server? -- Dan Horák, RHCE Software Engineer, BaseOS Red Hat Czech s.r.o., Purkyňova 99, 612 45 Brno -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL YUM Question
You should run createrepo first on the server side. 2009/3/5 Dave Myers dave.my...@siriuscom.com: Given this YUM repos conf file..can anyone see why I am getting the following error? [RHEL5.3] name=Red Hat Enterprise Linux 5.3 baseurl=FTP://ftpuser:ftpu...@10.100.105.12/mnt2/Server/ (error msgs) ftp://ftpuser:ftpu...@10.100.105.12/mnt2/Server/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] 550 Failed to change directory. Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: RHEL5.3. Please verify its path and try again -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- With best regards, Andrew -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Creating RAID Arrays on zLinux / zVM minidisks
Okay, this is not real work, been working on my RHCT, and decided to test what I can do on a PC to the zLinux platform. I am trying to create a RAID-1 Array (two disks mirroring each other) in a zVM environment. I created two minidisks in zVM and am trying to format them on the zLinux side, using fdasd (instead of fdisk on the PC side). But I see no option to format fd the disks, with the interactive, it keeps asking for partition number (here is the display): (/root)#fdasd /dev/dasdk reading volume label ..: VOL1 reading vtoc ..: ok Command action m print this menu p print the partition table n add a new partition d delete a partition v change volume serial t change partition type r re-create VTOC and delete all partitions u re-create VTOC re-using existing partition sizes s show mapping (partition number - data set name) q quit without saving changes w write table to disk and exit Command (m for help): t Disk /dev/dasdk: cylinders : 750 tracks per cylinder ..: 15 blocks per track .: 12 bytes per block ..: 4096 volume label .: VOL1 volume serial : 0X0205 max partitions ...: 3 --- tracks --- Device start end length Id System 21124911248 unused change partition type partition id (use 0 to exit): Has anyone played with software RAID on the mainframe Linux? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Creating RAID Arrays on zLinux / zVM minidisks
Yes. It works pretty much the same way as it does on Intel. You use the mdadm package to create raid arrays, but it's done at the partition level. Option t in fdasd can be used to change the partition type to Linux raid. Typically, minidisk devices only have a single partition because it doesn't make much sense to have more (just have more minidisks), but in practice you can have up to three. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Thursday, March 05, 2009 4:16 PM To: LINUX-390@VM.MARIST.EDU Subject: [LINUX-390] Creating RAID Arrays on zLinux / zVM minidisks Okay, this is not real work, been working on my RHCT, and decided to test what I can do on a PC to the zLinux platform. I am trying to create a RAID-1 Array (two disks mirroring each other) in a zVM environment. I created two minidisks in zVM and am trying to format them on the zLinux side, using fdasd (instead of fdisk on the PC side). But I see no option to format fd the disks, with the interactive, it keeps asking for partition number (here is the display): (/root)#fdasd /dev/dasdk reading volume label ..: VOL1 reading vtoc ..: ok Command action m print this menu p print the partition table n add a new partition d delete a partition v change volume serial t change partition type r re-create VTOC and delete all partitions u re-create VTOC re-using existing partition sizes s show mapping (partition number - data set name) q quit without saving changes w write table to disk and exit Command (m for help): t Disk /dev/dasdk: cylinders : 750 tracks per cylinder ..: 15 blocks per track .: 12 bytes per block ..: 4096 volume label .: VOL1 volume serial : 0X0205 max partitions ...: 3 --- tracks --- Device start end length Id System 21124911248 unused change partition type partition id (use 0 to exit): Has anyone played with software RAID on the mainframe Linux? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. References to Merrill Lynch are references to any company in the Merrill Lynch Co., Inc. group of companies, which are wholly-owned by Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this E-communication may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing. -- -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
VSWITCH and OSPF setup
Hi All, I'm looking for advice on converting from static IP on my VM stack to OSPF. I think I will need to go to two VSWITCHes rather than just the one I use for static IP. I've created a simple PowerPoint to illustrate. OSPF -1.ppt All advice welcomed. Betsie -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 OSPF -1.ppt Description: OSPF -1.ppt
Re: VSWITCH and OSPF setup
what do you mean by: OSA1 10.55.27.33 Is 10.55.27.33 an ip address in a host attached to a physical switch? David From: Linux on 390 Port on behalf of Spann, Elizebeth (Betsie) Sent: Thu 3/5/2009 6:09 PM To: LINUX-390@VM.MARIST.EDU Subject: VSWITCH and OSPF setup Hi All, I'm looking for advice on converting from static IP on my VM stack to OSPF. I think I will need to go to two VSWITCHes rather than just the one I use for static IP. I've created a simple PowerPoint to illustrate. OSPF -1.ppt All advice welcomed. Betsie -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: VSWITCH and OSPF setup
On the static IP setup, traffic going to 10.55.27.33 can take either path. The VSWITCH has a primary device address on the first OSA card and a second device address on the second OSA card as failover. The VM TCP/IP stack home address is 10.55.27.33. In the OSPF setup, each interface has an IP address associated with the VM stack. Does this answer the question? Betsie -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of David Kreuter Sent: Thursday, March 05, 2009 3:19 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: VSWITCH and OSPF setup what do you mean by: OSA1 10.55.27.33 Is 10.55.27.33 an ip address in a host attached to a physical switch? David From: Linux on 390 Port on behalf of Spann, Elizebeth (Betsie) Sent: Thu 3/5/2009 6:09 PM To: LINUX-390@VM.MARIST.EDU Subject: VSWITCH and OSPF setup Hi All, I'm looking for advice on converting from static IP on my VM stack to OSPF. I think I will need to go to two VSWITCHes rather than just the one I use for static IP. I've created a simple PowerPoint to illustrate. OSPF -1.ppt All advice welcomed. Betsie -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Which user env. variable tell me that it is in su - mode ?
Ivan Warren wrote: John Summerfield wrote: The problem (in that particular case) is that your user does not seem to be part of the 'tty' group ! Other people may experience other problems It's not. Is yours? If the tool you use to create user accounts doesn't make it so (or at least suggest it should be so), and you don't know to do it, it's not done. However, setting ownership at login makes it so you can open files to it and read/write. OTOH, if I'm in the tty group, then I can write to any tty that is group writable. Do you smell a security problem here? Sorry.. I shouldn't have said 'problem'. _I_ said, and mean, _problem_. I meant 'reason'.. I was just giving what I feel is the correct technical 'reason' why attempting to write to the file node returned by the tty command is giving a permission denied error. You were indicating that behavior was caused by the file node still having an opened file descriptor opened by root. I believe this is not the reason. In this discussion, file includes special files such as devices. In the case I illustrated, the behaviour I described is what is defined as happening. A process created by fork() inherits open file handles. exec(), to run another program, does not _necessarily_ close open file handles. As I recall it, the default behaviour is to inherit them. Since a process running as a user cannot open a file owned by root and with permissions 0600, the only reason it can read/rite to such a file is that it's inherited the handles. If the permissions are 0660, 0640 or 06200, and the file owned by group tty and lots of people are in group tty, then I smell a security problem. Do you? Rather, the reason is that the user which you su to does not have permission to open in write mode the file node which is returned by the 'tty' command because the node ownership and permission is preventing you from doing so. we agree that permissions prevent it. However, it's clear the user can read/write the terminal. That was my original point in discussing the differences between su - (which doesn't change tty ownership) and login (which does). You are of course correct that adding non privileged arbitrary users to the tty group could be a security issue. My observation is that screen creates pseudo ttys for all its sessions, sets TERM=screen and maps what comes back from the session to the tty _it_ writes to, the one active before it was started. And my observation is that screen is attempting at some point to re-open the process controlling terminal file node in order to ensure any redirection does not affect front-end 'screen' operations (as I wonder why it does that, rather than check (with isatty(), fstat() or ttyname()), then belch if it doesn't like what it sees? https://savannah.gnu.org/bugs/?25214 I've added comments, it's possible to do so anonymously. opposed to back-end which is indeed performed through the creation of ptys which DO have the appropriate ownership and permissions) - and that this fails when you su from root to a non-root user for the reason described above. This may be dependent on the version of the screen package.. But this is what I get : deb64-1:~# su - ivan i...@deb64-1:~$ screen Cannot open your terminal '/dev/pts/2' - please check. Ah, now I see. I don't think I've ever tried that combination of actions. I have reproduced the same behaviour with sudo. This gets around it: chmod g+wr $(tty) i...@deb64-1:~$ ls -l $(tty) crw--- 1 root tty 136, 2 2009-03-05 12:46 /dev/pts/2 i...@deb64-1:~$ dpkg -l screen snip/ ii screen4.0.3-11 terminal multiplexor with VT100/ANSI terminal emulation i...@deb64-1:~$ Note that the above is not restricted to Linux on z.. and not even I never thought that, such a difference would be a big fat BUG. restricted to linux altogether. Other Posix systems (Un*x, AIX, etc..) display the same difference between su - and login. Hmm. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL YUM Question
Dave Myers wrote: Given this YUM repos conf file..can anyone see why I am getting the following error? [RHEL5.3] name=Red Hat Enterprise Linux 5.3 baseurl=FTP://ftpuser:ftpu...@10.100.105.12/mnt2/Server/ (error msgs) ftp://ftpuser:ftpu...@10.100.105.12/mnt2/Server/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] 550 Failed to change directory. This means the directory doesn't exist (or maybe permissions don't allow access). I think Andrew's given the right answer. Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: RHEL5.3. Please verify its path and try again -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: VSWITCH and OSPF setup
Betsy, Prior to VSWITCHes, I ran with two different OSAs attached to my TCPIP stack (each with its own HOME address), and a VIPA address. OSPF provided for redundancy if one of the OSAs went down. The VIPA address was the one used by DNS to point to the system. When VSWITCHes were introduced, I defined a VSWITCH which used those two OSAs and attached the TCPIP stack to the VSWITCH. TCPIP saw a single interface and wasset up with static routing. Much simpler TCPIP configuration, and the VSWITCH provided the redundancy if one of the OSA links goes down. Unless you need OSPF to manage other interfaces (Hipersockets, GLANs, CTCs), I'd stick with static routes. Best regards, Mark Wheeler Date: Thu, 5 Mar 2009 15:09:18 -0800 From: bsp...@visa.com Subject: VSWITCH and OSPF setup To: LINUX-390@VM.MARIST.EDU Hi All, I'm looking for advice on converting from static IP on my VM stack to OSPF. I think I will need to go to two VSWITCHes rather than just the one I use for static IP. I've created a simple PowerPoint to illustrate. OSPF -1.ppt All advice welcomed. Betsie -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 _ Hotmail® is up to 70% faster. Now good news travels really fast. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Creating RAID Arrays on zLinux / zVM minidisks
James, I think your problem is that you need to do 'n' (create a new partition) before you do 't' (change a partition's type). Looks like it thinks you have an empty volume which is all unallocated space (i.e. there are no partitions on it). Douglas On Thu March 5 2009, CHAPLIN, JAMES (CTR) CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: Okay, this is not real work, been working on my RHCT, and decided to test what I can do on a PC to the zLinux platform. I am trying to create a RAID-1 Array (two disks mirroring each other) in a zVM environment. I created two minidisks in zVM and am trying to format them on the zLinux side, using fdasd (instead of fdisk on the PC side). But I see no option to format fd the disks, with the interactive, it keeps asking for partition number (here is the display): (/root)#fdasd /dev/dasdk reading volume label ..: VOL1 reading vtoc ..: ok Command action m print this menu p print the partition table n add a new partition d delete a partition v change volume serial t change partition type r re-create VTOC and delete all partitions u re-create VTOC re-using existing partition sizes s show mapping (partition number - data set name) q quit without saving changes w write table to disk and exit Command (m for help): t Disk /dev/dasdk: cylinders : 750 tracks per cylinder ..: 15 blocks per track .: 12 bytes per block ..: 4096 volume label .: VOL1 volume serial : 0X0205 max partitions ...: 3 --- tracks --- Device start end length Id System 21124911248 unused change partition type partition id (use 0 to exit): Has anyone played with software RAID on the mainframe Linux? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -- Permission is granted to use the email address(es), postal addresses, telephone numbers, Web site URLs, names, account numbers, userids, passwords, and other identifying or contact information contained in, or attached to, this email, for the purposes of responding to queries, providing support, or fulfilling sales orders contained in this email or its attachment(s) (if any). Trading, selling, otherwise publishing, or making available to employees or third parties, any identifying information contained in this email or its attachment(s) (if any) for other purposes, including use in advertising, is forbidden. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
