Re: Memory Resources - Howto Refresh
Eduardo A. dela Rosa wrote: So I shutdown Eclipse, MySQL, and JBoss, hoping that it would release resources that it ate up. Waited for quite a while, I tried to check my resources. To my puzzle, it just looks the same as it was before those major apps were properly shutdown. Show us the resource use while those are running, and after you stop them. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: patch management on production servers
Marvin Blackburn wrote: Has anyone developed a methodology for patch management in a production environment. Running up2date on the system regularly is not an option for us. What limitation keeps you from testing a set of patches in your dev enironment, and then using up2date or RHN to apply those patches to the production system? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Install different libs for different C++ compilers?
Toralf Lund wrote: I'd really like to be able to use this software *and* Red Hat 9/g++-3 apps utilising the same library functionality. Maybe what I want is to put the libs on /usr/lib/i386-redhat-linux7/2.96 or similar... I discussed the simple options... you may just be making one of those more complex than it needs to be. You're not going to get the gcc 3 C++ libraries unless you compile your software an all of the libraries it depends on using that compiler. Your options, then are to build your software once with each compiler and end up with one set of binaries optimal for 7.3 (gcc 2.96) and another set for 9 (gcc 3), or you can build all of the software on 7.3 and get binaries that will work on either platform. I suggest that you concentrate on the reason that you want to use the gcc 3 libraries. What do you stand to gain from recompiling with gcc 3? With that in mind, benchmark the differences between the binaries built by gcc 2.96 and those built by gcc 3 running on RHL 9. Whatever you hope to gain by your compiler contortions, you should be able to easily figure out whether or not it's worth the effort required. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Raid and OS together - performace drop or not ?
senthil wrote: I would like to know from you gurus out there if there will be a performace drop when the operating system is located along with a RAID array in time when any paging ( swap ) operations are done. That doesn't make much sense. I'm going to assume you're asking if performance will degrade when you put your swap partitions on a RAID array. The answer is: depends on what type of RAID. It would be silly to put your swap space on a RAID 5 array. Doing so would definitely hurt performance, since swapping data out would incur the additional overhead of reading all of the stripes in the array, calculating the parity, and writing both the parity and the data swapped out. However, placing your swap partitions on a RAID 0 array with a small strip size will almost certainly increase the speed of paging both in and out by balancing the disk activity across several disks. RAID 1 would probalby speed paging in to system RAM, but hurt paging out if you're using software RAID. Probably a net loss, in that case. Even in a trial testing installation which i did to test this out i found a performance drop. Using RAID 5, I would assume. Try on a RAID 0 volume with a small chunk-size (assuming you're using software RAID experiment to find the best values). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: How do you tell what options are compiled in your kernel
Douglas Phillipson wrote: The easiest way is to do a make oldconfig. That will load all of your old configuration and then do a make xconfig or which ever one you use. Forgive me for not yet being a kernel expert. Before I do this what exactly does make oldconfig do? Where does it get the config file from? If there is no file named .config, then it will examine /boot/kernel.h and try to get a config from the configs directory that matches the running kernel. That config should match /boot/config-`uname -r` exactly. If .config exists, make oldconfig will use that. If you are copying a config file to start from, why would you do a make oldconfig? You wouldn't need to. Under stock kernels, make oldconfig will ask you for the settings you'd like, individually. Under Red Hat's patched kernels, make oldconfig will try to find a prepared config that matches your arch, indicated by /boot/kernel.h. In either case, if .config exists, then you'll only be asked about new configuration items (which there should not be any of, if it uses one of the prepared configs). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: How do you tell what options are compiled in your kernel
Michael Schwendt wrote: On Fri, 17 Oct 2003 08:41:57 -0700, Gordon Messmer wrote: In either case, if .config exists, then you'll only be asked about new configuration items (which there should not be any of, if it uses one of the prepared configs). Isn't make oldconfig non-interactive? Not entirely. If the kernel has options which are not defined in .config (as in, you used the .config file from an older kernel, which did not have some of the drivers in the new kenel), then make oldconfig will ask you what you want to do with that new option. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Grrrrr .. Samba upgrade
[EMAIL PROTECTED] wrote: At this point I want to get rid of eveything samba and start over. Whats the best way to do that? rpm -e $(rpm -qa 'samba-*') Then install a new samba which was built for your platform. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Samba 3.0 on RH7.2 : shared libraries problem - unable to make stack executable ...
Paul Libert wrote: I'm trying to get openLDAP 2.1 and Samba 3.0 on 7.2-enigma (reason : this machines has Veritas VXfs and VXvm on it and thus I cannot upgrade the kernel ...) To achieve this, I've upgraded several packages with RawHide and RedHat 9.0 versions. Dependencies were OK but now, my system is mostly unusuable. That's not unusual. Don't (and by don't, I mean never) use binary packages from newer releases of the distribution. They're almost never compatible. The fact that your system is mostly unusable is no surprise. Attempt to revert the packages to their original versions. Failing that, reformat your system disks and reinstall the OS properly. When you've restored your system to a working state, get the src.rpm for Samba 3.0 and recompile it on the platform you're using. If it needs additional updates, get their src.rpm and recompile those, too. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: You are prone to dumb statements as I said. There's no reason to resort to personal insults in a technical forum. You need to study the meaning of democracy and the good points of debate. There is a raging debate about how to make things better. I didn't see it as a debate, certainly not one raging. Nor do I think anyone was struggling to justify g++'s behavior. We were explaining the current state of affairs, and how that relates to behavior that one user observed. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: Look at it this way. You should be able to move a c++ (not g++) compiler to any version of RH and it works!!! LIB's and all period, no explanation needed. I agree. You should be able to... but you can't. Maybe someday you will be able to. If the current promise of a stable ABI is kept, then someday may be now. Fact, it doesn't. The question is why. The explanation is that it is native to c++ and only c++ was stated. I was pointing out that actually it is a problem of the community that I believe is related to the resources available to the developers. That's where I think you're pointing fingers without understanding the situation. As it's been said, this is not a problem that's unique to the Free Software community. Generally, you can exect that different versions of a compiler will produce compatible C binaries. You can also often expect that different vendors compilers will produce compatible C binaries. There is a binary compatibility standard for C. There is no such standard for C++. You will not be able to link objects from one vendor's compilers against another's. This has been true of Intel's C++ compiler. It's been true of Sun's C++ compiler for Sparc. Are you going to tell us that it's because those developers don't understand the CPUs well enough? Or that they don't understand how to build binaries that run on those CPUs? Or that they don't have the time/money/resources to do it right? Get real. The individual in question made a statement that effectively, it should be accepted without complaints and I said and I still say that is dumb. I think the general idea is that no amount of bitching is going to change history, so don't. Very intellegent, talented, experienced people work on the compiler, and history shows that they *still* weren't able to get a good ABI on the first try. From your perspective, which as far as we know does *not* include extensive experience developing a compiler or an ABI, it seems like it should be a simple thing. Good for you. When you've *done* it, then you can preach about how everyone in the world has done it wrong so far. This needs to be fixed to where anyone can select a new compiler and not worry that it will break everything else and you need resources to test it against all previous versions. If you don't then no one will accept open community software period. OK. Which compiler will they use? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: I don't know where you been bud. One of the complaints is that linux is for programmers and tech people and not for the masses cause you need someone of a technical frame to fix it cause it breaks everything. So grow up to reality. Acceptance into the wide community requires that it works out of the box for everyone and you don't need a technical person to get it to work. Get your facts straight, people of a technical nature accept it but it ain't number one. Who are these non-technical people who are concerned about mixing objects from different versions of the g++ compiler? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Toralf Lund wrote: I see now why symbol resolution is not an issue even though an older compiler or OS has been used to build (as long as the same one is used for all object.) The runtime linker obviously only needs to concern itself with the symbols that are actually in the binaries; it doesn't need to know how they map into C++ objects or whatever, and it won't really notice that the symbol names are formatted differently from the way some other release of the compiler would. Exactly. Surely the lib version issues may be resolved by passing the appropriate linker command line arguments? No, that will not be sufficient. It should be sufficient for the libstdc++ version issue, but not the symbol naming one. Yep. And linking a library when none of the symbols match your executable isn't terribly useful. ;) Until the ABI is stable (which is should be now), Shouldn't it have been *years* ago??? Perhaps it should. Shouldn't compilers have supported the entire C++ language years ago? Probably. It's a terribly complicated language, however. Mixing libs from various releases of Red Hat 6 and 7 generally works fine. For C libraries, that is probably true. You can not, however, mix objects built by different major versions of the GCC C++ compiler. Of course, GCC was on the same major version for *years* until relatively recent release of 3.0. I actually meant *minor* version I apologise. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Install different libs for different C++ compilers?
Toralf Lund wrote: Regarding the recent discussion on C++ binary compatibility, or lack thereof: I am now compiling some of my code with g++296 from compat-gcc, and it works rather well. One question, though: Is there a simple and direct way to have the different g++ versions pick up different versions of a given non-standard library? option one: Install only the -devel package for the library built by the appropriate compiler. If the only libfoo++.so in the search path is the one built by gcc-2.96, then you're fine. option two: You can try building a separate root directory for the compatible system: (e.g. /opt/gcc296builds/usr/lib). Install your gcc-2.96 libraries there and use -L/opt/gcc296builds/usr/lib for your builds (often as CXXFLAGS=-L/opt/gcc296builds/usr/lib ./configure) option three: Install a full copy of the older OS in a separate root. chroot there to do your compiling. This is the option that I use, typically. We have one machine with a fair sized disk and several releases of Red Hat Linux (and other Linux distros) installed. When we need a package for a given release, we copy the required source there, chroot, and compile. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Memory Resources - Howto Refresh
Eduardo A. dela Rosa wrote: After days of work, without rebooting my box, it suddenly slowed down. My filesystem is just ... [EMAIL PROTECTED] xxx]$ free total used free sharedbuffers cached Mem:505220 428728 76492 0 16860 195208 -/+ buffers/cache: 216660 288560 Swap: 1052248 194312 857936 Swapping *might* be the cause of your system suddenly slowing down, but it doesn't seem like the most likely thing. Over half of your physical RAM is available. Run vmstat 2 and watch the colums under swap. From my own system: procs memory swap io system cpu r b swpd free buff cache si sobibo incs us sy wa id 0 0 19076 227272 92392 23682800 931 218 147 5 6 0 90 0 0 19076 227248 92392 23682800 0 0 180 170 0 0 0 100 0 0 19076 227248 92392 23682800 030 192 235 0 0 0 100 0 0 19076 227116 92392 23682800 0 0 287 523 1 0 0 99 0 0 19076 227116 92392 23682800 0 8 246 1294 38 3 0 59 So, over a period of 8 seconds, no blocks were swapped in (si column) and no blocks of memory were swapped out (so column). If you see activity in one of those columns, then your machine is swapping. You can use that to judge whether swap is affecting your machine. If not swap, you'll have to be more specific about what's slowed down to get more useful advice. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: OpenSSL Problem
rbragg wrote: I'm using RH7.3 and apache. My site was running fine for a while, and all of a sudden, now when I try to go to my https site, openssl fails, my site is left un-encrypted, and this is in the error log. Clarify what you mean by site is left un-encrypted. If you telnet to port 443, can you type GET / and get a response? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: You get there and decide to use version 7.3 and build your apps using the default compiler that comes with 7.3. You get everything working with some effort. Some A.H. comes along and says you ought to upgrade to version 9 and you do and get the default compiler with that version and in order to take advantage of the new version you rebuild all of your apps and they neither compile and definitely won't run. If you're recompiling an application against the system's libraries, then it works. If your app needs additional libraries, you'd recompile those on the new system as well, and it works. The only time the C++ binary compatibility becomes a problem is when you try to mix libraries from different compilers... as in you've brought some custom libraries from 7.3, but decide that recompiling the app would be nice. That does not work. Surprise! If you do stupid things, the system breaks. This is the non-technical person that does that. I recommend that he move the working application to the new system without attempting to recompile only half of it. Backwards compatibility is fine. You can continue running applications built on 7.3 on 9. He did it all the time with the other OS (MS) He recompiled his applications on a win32 platform with a different compiler all the time? , but this new and great OS doesn't allow him to do something simple without causing him grief. Compiling is not simple. I think it's silly to pretend that it is. If recompiling were a simple and straightforward thing, Red Hat would have documented and supported users recompiling their kernels. Compiling is something that developers should do. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: The problem is moving apps from linux 7.3 to 9 without breaking the world or merely upgrading from one c++ compiler to the latest and the world breaking. There is no reason for that to happen and it won't happen in a MS, DEC or SUN environ. Yes, it does: http://wwws.sun.com/software/sundev/previous/studio7/compatchart.html From that page: The binary interface for C++ underwent a major revision in the 5.0 release with the introduction of support for much of the ISO/ANSI C++ standard. Prior to 5.0, Sun's 4.x series of C++ compilers allowed developers to enjoy many enhancements with relatively no effect on the C++ binary interface. In most cases, this resulted in developers being able to mix-and-match .o's created with the different 4.x C++ compilers. As the numbering implies, the 5.0 release was incompatible with the 4.x generated .o's. The ANSI features couldn't have been implemented without this change. There you go... Just as in gcc, the binary interface for C++ objects had to change to support the addition of more of the C++ language features. C++ is a huge, HUGE language. No one got it all in the first version of their compiler. As a result, ABIs for C++ changed. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: You are completely of base as to what the point is. Then be more specific when you describe the problem. It is not the developers that have the problem as you are talking about. They don't have the resources to thoroughly checkout the compilers. That's why developers who distribute source are usually fairly clear about which compilers it's known to work with. Actually, it is not the compiler that is the problem. Remember that when you compile a program, it is the responsibility of the linker to resolve the symbols and the addresses no matter what the objects look like. So if a library contains a routine with the same name as a routine in another library then it should resolve to the routine it has. Actually, if you have two libraries with the conflicting symbols, compilation should bomb and tell you fix the situation. That isn't, however, the only problem with mixing objects from different compiler versions. They changed the way that symbol names are mangled, so the compiler will produce an application binary that won't link against the library binary produced by another compiler. The function name and call might be the same, but the mangled names are different, so they symbols can not be resolved. This needs to be fixed to where anyone can select a new compiler and not worry that it will break everything else and you need resources to test it against all previous versions. If you don't then no one will accept open community software period. OK. Which compiler will they use? The one that works out of the box and if necessary will pay for the one that works. In which case, they'll probably use the same compiler version on both releases of the distro... and it'll work. Imagine that. I think by your comments you completely missed the point. If everyone you're talking to is missing the point, you're probably not making it clearly. I know the situation sucks. I'm not trying to say that it doesn't. I'm mearly explaining part of why the situation arose (C++ is too complicated to have had a stable ABI from the very beginning), and what you can do about it (don't mix objects from different compilers). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: And further, I could understand the problem if it was different vendors. Imagine the problems if you bought a Borland compiler and then upgraded to a latter version of the same compiler and it didn't work. That's what you have here and that is totally unacceptable. It's okay if Borland c++ and GCC c++ are incompatible you sort of expect that, although if they are using the same standards they shouldn/t. As the last thing I'd like to say in this thread, take a look at the hoops C++ developers are expected to jump through to build objects that are binary compatible: http://aegisknight.org/cppinterface.html No STL. No exceptions. No vitual destructors. Don't overload methods. ...might as well drop the charade and just write in C. And that's on win32, where there's a stable binary interface. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: How do you tell what options are compiled in your kernel
Douglas Phillipson wrote: I'm wanting to use Samba for a Domain Controller and was having trouble changing permissions on files through samba from the Microsoft desktop. IIRC, you have to have a PDC to do that, ACLs or no. I was told you need to turn ACL's on in the Linux filesystem. How do you tell what options are compiled into the default kernel you get after an install from CD? Look at /boot/config-`uname -r` I would like to start with a config file that matches my kernel then add ACL's. You'll have to patch kernels that don't have ACLs already. I'd recommend using SGI's kernel and an XFS filesystem instead. http://www.oss.sgi.com/projects/xfs/ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Error with gnutls
rahul b jain cs student wrote: I have reached my level of patience with gnutls. everytime i try to run the configure script of gnutls, i get the following error Check the config.log file. The exact compiler error should be in there, and will be more useful than the error from configure. Also, remember to undo any change you make to the system which does not correct the problem. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: You do understand that win95 and win98 are of a different structure than winxp and win 2000 so tasks for those operating system are different and quite often win95 and win98 task won't run of winxp and win2000. Win 95 is 16bit and win 98 is 16 32. They have a different filesystem structure etc so that should tell you something. I don't know what but maybe ... the architecture Windows 95 was a 32bit kernel than was loaded by a 16bit DOS. The kernel and applications were, however, 32bit software. Certainly, win95 and NT are very different architectures, but not because they were not both 32bit kernels. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Otto Haliburton wrote: You are finally catching up. Maybe if you stop and think you'll figure things out. The developers are having to work out the kinks after the fact cause they don't have the resources. Assuming you're talking about the compiler developers, because you yelled at me for talking about them before: Yes, they've had to work out kinks. So have the developers of every other C++ compiler available. That includes compilers from Intel and Sun, both of whom had plenty of resources. This debate is not of much value and I wish you'd drop it. There is now a stable ABI (or so we're told) for C++ objects. You should be able to use C++ libraries built by gcc 3.2 with applications built by future versions of the compiler. However, older versions of gcc did not support this standard, as it did not exist. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Toralf Lund wrote: Jonathan Bartlett wrote: RH9 uses an updated libstdc++ which can cause problems. Also, if you are exporting anything but c-style functions declared with extern c or whatever that is, you will NOT have compatibility at all. There is some work for a standard C++ ABI, but it's still a little fluid. So you're basically saying that I have to compile *all* my C++ code for Red Hat 9 (i.e. gcc 3)? Yes. DSO's from 7.3 would be linked against libstdc++-libc6.2-2.so.3. DSO's from 9 would be linked against libstdc++.so.5. If you tried to link a C++ binary against both, it would end up linked against both libstdc++ versions, and no good could come of that. Is there really no way around this? You can either compile all of your libraries and applications on RHL9, or install the appropriate compat-* packages, including the older compiler, and compile using the older compiler set to link against the older libstdc++. Until the ABI is stable (which is should be now), there won't be compatiblity between libraries built by different versions of the compiler. I notice that the *runtime* linker is quite happy to accept binaries from Red Hat 7.3 (gcc 2) As long as the libraries to be linked are coherent (as in, only on libstdc++ to load), you should expect older binaries to load properly. I'm not sure what happens if you mix binaries from the two versions (e.g. by replacing one of the DSOs without relinking the app.) The last time I saw that done was when I was using RHL 5.2. I installed KDE from an older release and a version of QT for 5.2 (or something like that). The mixture of libraries simply caused the loader to go into a loop and eat CPU time. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Postfix Spam Control
Brett Franck wrote: Postfix 2.0 is the MTA. How can I allow a host of 63.111.163.37: 450 Client host rejected: cannot find your hostname to be allowed to transfer mail IN to my server but still use the reject_unknown_hostname recipient restriction? Looks like you should create an alternate smtpd_restrictions_class and add your client to that class: http://archives.neohapsis.com/archives/postfix/2001-06/0424.html Your other option would be to fix the client: either configure its name in DNS, or configure the mailer on that client to use an address that resolves (MASQUERADE under senmdail, mydomain under postfix, etc). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C++ lib compatibility between Red Hat 9 and 7.3
Toralf Lund wrote: Gordon Messmer wrote: Yes. DSO's from 7.3 would be linked against libstdc++-libc6.2-2.so.3. DSO's from 9 would be linked against libstdc++.so.5. If you tried to link a C++ binary against both, it would end up linked against both libstdc++ versions, and no good could come of that. Actually, I think the runtime linker will try to load all relevant versions , and make sure the correct one is used in each case But when the compiler/linker is trying to resolve symbols, how does it know which symbol to use? The two, incompatible versions of the C++ library will provide conflicting symbols. It won't work out. You've seen that it does not. You can either compile all of your libraries and applications on RHL9, or install the appropriate compat-* packages, including the older compiler, and compile using the older compiler set to link against the older libstdc++. Why would I need the old *compiler*? Because the binary interface used by C++ objects has changed. It has changed with every major release of GCC for a very long time. While C has had a well defined ABI, C++ has not (historically). C++ objects compiled by different major versions of the compiler have never been compatible. I believe that a stable ABI has been reached, and objects compiled by the current version of GCC should be compatible with objects compiled by future versions. Surely the lib version issues may be resolved by passing the appropriate linker command line arguments? No, that will not be sufficient. Until the ABI is stable (which is should be now), Shouldn't it have been *years* ago??? Perhaps, but it was not. I am not a GCC developer, so I don't know the situation well, but I believe that only recently has there been a C++ ABI that compiler vendors have agreed on. The last time I saw that done was when I was using RHL 5.2. I installed KDE from an older release and a version of QT for 5.2 (or something like that). The mixture of libraries simply caused the loader to go into a loop and eat CPU time Mixing libs from various releases of Red Hat 6 and 7 generally works fine. For C libraries, that is probably true. You can not, however, mix objects built by different major versions of the GCC C++ compiler. Just like it should. Obviously, you shouldn't need to recompile everything every time there is a new OS release. Has nothing to do with the OS, and everything to do with the compiler. As long as you stick with just one compiler (and libraries that it built), you should be fine. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: rsync and ssh simple question
MKlinke wrote: I haven't tried it with crontab so I don't know if it'll fit here but with batch jobs like this via ssh the ssh-agent mechanism works very well. The thought of null passphrases just leave me a little cold and shivering As well it should. There is a more secure option, though. It's possible to tie an SSH key to a specific command on a remote server, so that if the private key is stolen, it can only be used to execute the configured command. For instance, when you run rsync over ssh, the local rsync command spawns an ssh session and runs rsync on the remote end. If you were to issue the local command: rsync -av -e ssh /home/data/ server.example.com:/home/data/ then the command executed on the server would be: rsync --server -av . /home/data/ Notice that the arguments on the server side are basically the same as on the local side (mostly... I fibbed a little. rsync on the server actually gets the expanded options, equivalent to -a). Now, if you want this to happen at a regular interval, you might create an ssh key pair, and name the private file id_rsa-rsync-data. You would then install the key on the server side by editing the appropriate authorized_keys file, and putting the command before the key: command=rsync --server -av . /home/data/ ssh-rsa key You'd then set up the cron job on the local side to use that private key: rsync -av -e 'ssh -i id_rsa-sync-data' /home/data/ \ server.example.com:/home/data/ Using this configuration, if the private key is stolen, the attacker can only use rsync to modify the contens of /home/data on your server. It can't be used for login shells. It may still be dangerous, and you should still try to avoid running remote commands as root, but it's a huge step up from using a key with no passphrase to execute arbitrary commands on a remote server. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: question on symbolic link
TK wrote: Let's say file A1 and A2 are symbolic links to file R. Is there a way to tell which files are linked to R by examing file R only (stat doesn't seem to reveal anything, but I noticed hard link will increase the Links number), instead of searching through all the files in the FS? Especially if the FS containing A2 is not mounted yet. Or symbolic link is a one-way knowledge that only A2 knows about it but R has no clue at all? One-way. Creating backwards references would be difficult and ugly, especially when using filesystems from other machines, as in NFS. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Samba don't add users from NT PDC
Cleber P. de Souza wrote: I have been configuring smb.conf, but the system don't add automatic users to the system. The add user script has been configured like this: Security = share Password server = 192.168.1.1 Add user script = /usr/sbin/adduser -g users -M -c NT User -s /dev/null %u /usr/bin/smbpasswd -a %u Delete user script = /usr/bin/smbpasswd -x %u /usr/sbin/userdel %u If the user was added manually it's ok. What can to be wrong? As man smb.conf states: In order to use this option, smbd must NOT be set to security = share You set security = share. Thus, it doesn't work. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: nfs reporting stuff that isnt there anymore
Ian L wrote: in my exports file i have a few entries. When i run exportfs -a it has some entries where are no longer in the exports file. Anyone have any idea where its getting this old stuff from and how to fix it? machine:/disk3: Function not implemented machine:/disk2: Function not implemented machine:/disk: Function not implemented machine:/: Function not implemented those entries are no longer in the exportfs file ... and havent been for a quite a while. exportfs -r will fix that. Until you run that command, changes made to /etc/exports aren't synced to the active files in /var/lib/nfs/. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: rpm --root
Allen Wayne Best wrote: can anyone affirm that 'rpm --root /mnt/sysimage' will do what i think the man page is saying it will do: install the rpms in the system directories starting at /mnt/sysimage and not in the current /. Yeah, that's what it'll do. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: procmail folders and filters
christopher j bottaro wrote: yes it does. so i set up my kmail to check mail using IMAP and it downloaded my entire home directory. You need to tell kmail that the Prefix to folders is mail, or Mail, wherever mutt is keeping its messages. (UW-IMAP is retarded). right now, all my messages get put in $HOME/mailbox. thats where mutt looks when i start it up. i simply want procmail to filter certain emails into dirs in $HOME/my_mail/. i want these dirs to be in Maildir format. if an email doesn't match a procmail receipe, i want it to remain in $HOME/mailbox. You're going to be stuffed there. UW-IMAP doesn't read Maildir format mailboxes. Use mbox files or convince your admins to run a better IMAP server, like Courier-IMAP. p.s. i never knew email could be so complicated...=( Courier-IMAP is not retarded and will not cause your mail clients to download your entire home directory. Email will not be complicated. :) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: nfs problem
Ian L wrote: i'm trying to mount machine1 to machine2. machine1 mount machine2:/directory /machine2/directory times out Turn off the firewall on machine1, or make an exception to allow machine2 through the firewall rules. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Congrats on rh9 distr...but questions remain about choices made re: Apache/Samba
Mike Klein wrote: Problem#1: Apache2 that you distribute doesn't seem to have apxs support enabled. Install httpd-devel. It's in there. Problem#2: Your Samba distribution was linked against ssl libraries (ldd shows this), yet for some reason all of the ssl params in smb.conf give errors to effect of ignoring unknown parameter? Samba is probably linked to libssl by way of libcups, rather than having been configure --with-ssl. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: cron question
[EMAIL PROTECTED] wrote: At diferent time of the day the cron started to echo this message after some scripts was started: Sep 16 03:00:01 host CROND[27392]: (user) MAIL (mailed 55 bytes of output but got status 0x0047 ) Does someone have an idea? Check your maillog for the same date/time to see if there's an error reported there. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: still kernel panic
Dana Holland wrote: I take it back - I just *thought* the problem was fixed. Turns out I had failed to remove the boot disk before rebooting (duh!). So, I'm still getting kernel panic on reboot - but it's a different message this time: EXT3-fs: mounted filesystem with ordered data mode pivotroot: pivot_root(/sysroot,/sysroot,initrd) failed: 2 umount /initrd/proc failed: 2 kernel panic: No init found Trying passing init= option to kernel Boot with your floppy again, and make sure the directory /initrd exists. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: still kernel panic
Dana Holland wrote: Gordon Messmer wrote: Dana Holland wrote: So, I'm still getting kernel panic on reboot - but it's a different message this time: EXT3-fs: mounted filesystem with ordered data mode pivotroot: pivot_root(/sysroot,/sysroot,initrd) failed: 2 umount /initrd/proc failed: 2 kernel panic: No init found Trying passing init= option to kernel Boot with your floppy again, and make sure the directory /initrd exists. I did - and it does. There's nothing in it - but it exists. Are you sure that the kernel is mounting the correct root patition? If your grub configuration tells the kernel to mount a root partitoin with LABEL=/, then use e2label to check the labels on all of your ext3 partitions. Make sure that only one is labeled /. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Prefered backup method?
Kent Borg wrote:
Let me give and example. Let's say I have:
- initial backup
- incremental backup 1
- incremental backup 2
- incremental backup 3
- incremental backup 4
These backups share common files via hard links. How much space does
backup 2 take? Or, put another way, how much space will I recover if
I delete backup 2?
Need a little more information to be sure, but you should be able to
figure it out using the number of links each of the files has. (I
missed the early posts, but I assume the initial backup is a copy of
your disk, and not just hard links to those files)
Further assuming that incremental 3 is the difference of the initial,
and not the previous incremental, you'd use this to find the files that
are unique to that backup:
find /backup-root/incr3 -type f -links 1
And you might futher extend that to give you a byte count of the files:
find /backup-root/incr3 -type f -links 1 -printf '%s\n' | \
awk 'BEGIN { EST=0 }
{ EST=EST + $1 }
END { print EST }'
If, however, you're doing incremental backups against the previous
incremental, it's going to be more difficult to find out exactly what
you want to know. It can be done, but I'd need more details to tell you
how.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: server name
Steve Buehler wrote: I hope this isn't the wrong place to ask this. If it is, please forgive me. I am running RedHat 7.3. Some things that are done by root on the system, like emailing shows it as coming from [EMAIL PROTECTED] hostname shows the correct name of the host. How do I get the system setup so that it shows as [EMAIL PROTECTED] instead of [EMAIL PROTECTED] Have you restarted sendmail since you set the hostname? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Personalised tcp port not listening connections from outside RH7.3
[EMAIL PROTECTED] wrote: I made a Java application that listens on tcp/9696 (which of course is not already used), and i can connect locally to 127.0.0.1 and to eth0's ip address, but not from the exterior. Use netstat -tlnp to see what processes are listening, and identify yours. Let us know what that line in netstat's output looks like. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: root password and su (maybe)
Kelerion wrote: small world.. you must know my boss.. a) describes him perfectly!! :) whats even more ironic.. is when I approached him about this.. he said but changing the password on a regular basis sounds like a good idea for security.. My suggestion to appease your security minded boss: Configure SSH to allow only key-authenticated logins. Once you've done so, the root password is useless for anything except logins at the physical console (at least, that's so unless you've done something else to weaken security) and su. You can also change sus pam configuration if you don't trust users who have ssh access, and don't want the root password to work with that command either (there's an example in the default file that will restrict access to users in the wheel group, like most other Unix systems) With the root password only useful at the physical console, your weak point becomes the physical access to the box, and you can mostly disregard your root password as a security concern. (Be absolutely certain that all of your pam configurations prevent root logins, except for the login program) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: linux in windows environment for file serving
Chris W. Parker wrote: To make a long story short (or is it too late for that?) I'd like to know what the people on the list have to say about that. In particular, are there any Windows houses out there that use Linux as just a file server? I'm sure there are lots of them. I wouldn't call my employer a Windows house by any means, but most of the desktops are Windows systems for now. We start all of our RHL installs with this kickstart file, and customize from this base: http://rh-install.prognet.com/kickstart/ks.cfg Our file server is a 2TB RAID5 system using SGI's XFS, running Red Hat Linux 7.3. Samba has been recompiled to support ACLs. http://oss.sgi.com/projects/xfs/ It works exactly the way it should... No problems at all. :) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: sshd authentication failure message
lists wrote: One work around that I have found is to comment out the first line in the sshd pam configuration. #%PAM-1.0 #auth required pam_stack.so service=system-auth auth required pam_nologin.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionrequired pam_limits.so sessionoptional pam_console.so Have you verified that users who enter the wrong password are not allowed to log in? It looks to me like they would be. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: strange email behavior
Marc Adler wrote:
Ok, just as soon as I sent the above message, I realized I also had a
startup script for fetchmail that might have something to do with it. I
su'ed into root status and sure enough there in root's mutt were all the
lost messages. So now the problem is, what's wrong with the startup
script?
[snip init script]
Since running fetchmail as root is such an unbelievably bad idea that I
can't believe anyone suggested it, I'm reposting a script based on one
originally posted by Colin Cyr in 1998. Consider using this instead of
the init script that you've got.
This init script has two advantages. First, it doesn't run as root, so
you're less likely to have problems if someone finds an exploitable
problem in fetchmail. Second, it allows users control over their own
fetchmail process, so they can change the password in the fetchmailrc
and restart the process if they need to.
#!/bin/sh
#
# fetchmail This shell script takes care of starting and stopping
# fetchmail.
#
# chkconfig: 345 81 31
# description: Fetchmail is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: fetchmail
# config: ~/.fetchmailrc
# pidfile: ~/.fetchmail.pid
FETCHMAIL=/usr/bin/fetchmail
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = no ] exit 0
[ -f ${FETCHMAIL} ] || exit 0
# See how we were called.
case $1 in
start)
# Start daemons.
echo -n Starting fetchmail:
for userdata in `getent passwd | cut -d: -f1,6`; do
username=`echo ${userdata} | cut -d: -f1`
userdir=`echo ${userdata} | cut -d: -f2`/.fetchmailrc
if [ -f ${userdir} ]; then
su - ${username} -c ${FETCHMAIL} -d300 /dev/null
echo -n ${username}
fi
done
echo
;;
stop)
# Stop daemons.
echo -n Shutting down fetchmail:
for userdata in `getent passwd | cut -d: -f1,6`; do
username=`echo ${userdata} | cut -d: -f1`
userdir=`echo ${userdata} | cut -d: -f2`/.fetchmail.pid
if [ -f ${userdir} ]; then
su - ${username} -c ${FETCHMAIL} -q /dev/null
echo -n ${username}
fi
done
echo
;;
restart)
$0 stop
$0 start
;;
*)
echo Usage: fetchmail {start|stop|restart}
exit 1
esac
exit 0
Re: IP Masq Causes High Latency
Ted Behling wrote: I'm having a problem with IP Masq on a multihomed RedHat 7.0 box, running kernels 2.4.22 or 2.2.19. I've searched Google high and low to no avail. The box is connected to an Ethernet LAN and an Ethernet-connected cable modem, and performs IP Masq for the LAN. Logged onto console, with an empty ipchains or iptables rule set, pinging yahoo.com shows 70ms of latency. However, if I add an IP Masq rule, then ping yahoo.com from the Linux box itself, I show latency of 0.5 to 1.4 *seconds*. For what it's worth, I can not reproduce this problem using a Red Hat Linux kernel. Consider using a supported kernel, at least for testing purposes. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Name the damen that runs on the desktop that has the drop down menu
Clark wrote: Does any one know the name of the damen ( or program )that runs to give you the Drop down menu on the desktop ( gnome ) when you right click on the background ? ( you get terminal, new window and other things ) Version RH 9 would okay, Nautilus What config file turns it back on ? Just run nautilus . When you log out, choose to save your session. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: IPTables overhead
Res wrote: On Wed, 3 Sep 2003, David Hart wrote: I've about had it with attacks to our web server emanating from certain geographical areas. This is not a display of Xenophobia. I have never really used IPT. It takes about 4,000 lines for Korea and China alone and that's with CIDR formatting. You could shrink it a bit... In addition to shrinking the list by using larger networks, you can optimize your IPTables setup by testing more specific packets. For instance, if you only want to block connections to apache from those networks, create a new chain and only jump there on packets that initiate a connection to apache. example: # Create a chain which will filter out unwanted networks iptables -N DROP-ATTACKERS # Populate the chain with rules which will drop packets from # the unwanted networks iptables -A DROP-ATTACKERS -s 202.80.0.0/12 -j DROP iptables -A DROP-ATTACKERS -s 202.96.0.0/11 -j DROP # etc... # Create a rule in the input chain that will check incoming # connections to apache against the rules in the new chain iptables -A INPUT -p tcp --dport 80 --syn -j DROP-ATTACKERS Now, an incoming syn packet destined for port 80 will run through the costly iptables check for unwanted source networks. All other traffic will pass through the very short INPUT chain with minimal processing. This is a very effective optimization, especially when you plan to include a lot of filter rules. Also, because you have your unwanted networks in an existing chain, you can later choose to filter other network ports using the same list of unwanted source networks. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: segmentation fault in c progrmming
reza saeidinia wrote: I think that it is memory less error. in borland c when this error are accouring in options windows we check huge memory and this error is removed. but this option is'nt exist in kdeveloper (or I do'nt know it). I don't believe there is such an option on any Unix system. A program has access to as much memory as the system is configured to allow it at runtime, not compile time. If n is so large that you're running out of memory, then you should be checking the return value of malloc (actually, you should check the return value regardless) and abort if malloc returns a NULL pointer. You may want to call perror() before aborting. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: different clustering
edy wrote: any body want to give same explanation about clustering? Availability clusters group sets of machines which may or may not be load-balanced, in which one or more members of the cluster will assume the workload of any member which fails. This kind of cluster is useful when you're trying to provide service at 100% uptime: http://www.linux-ha.org/ Performance clusters group sets of machines which perform tasks in parallel. Many distinct computers are connected together to form a single computing service. http://openmosix.sourceforge.net/ http://www.beowulf.org/ what is the advantage of clustering and the different with non clusterig? A cluster enables you to acheive some goals which are not possible with an individual computer. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Premature end of script
Thomas E. Dukes wrote: Hello, Since upgrading to RH 9.0, I have had a rash of previously running .cgi's getting Premature end script. Has anyone had these problems? Is there a problem with perl in RH 9.0? Openwebmail was one. It did this twice, but a re-install fixed it for now. Now its my counter, wwwcount. This is a compiled, perl binary. You probably have perl modules installed in the old perl's site-lib folder. IIRC, when you upgrade perl to a new major version, you must recompile all of your site-lib modules for the new version. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
Bret Hughes wrote: PS what is the deal with the SO.Big or whatever I have never received over 2 or 3 of these in a single day and today fprot has found over 25! Sobig.F is a variant of the sobig virus which uses a multi-threaded smtp engine. Instead of spreading itself one message at a time to addresses in your address book/mailboxes, it delivers messages in parallel. Since an SMTP conversation usually has a lot of dead time, this vastly increases the number of messages sent out by the virus. It's slamming mail servers all over pretty damn hard. From my own mail systems: http://phantom.dragonsdawn.net/~gordon/sobig.f.outbreak/ We're seeing upwards of 1000 connections *per minute*, most of which are either the virus, or a mail server on the internet informing us that its found a virus in a message with one of our return addresses. There was a big dip this morning, and we believe that this corresponds with several major ISP's going offline. I'm told that Qwest shut their mail systems *off* last night, and my own Comcast cable connection was down this morning. Their support told me that their whole network was offline. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: questions on /etc/fstab syntax
David Eduardo Gomez Noguera wrote: 1. Cant mount interpret shell variables on fstab? No. I tried to tell it that samba credentials file for a mount are in their home directory, and that the mount point should be there too to no effect. Make smbmnt and smbumount SUID root, and users will be able to mount SMB shares in directories that they own. You don't need to meddle with fstab for this. chmod u+s /usr/bin/smbmnt chmod u+s /usr/bin/smbumount -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: HELP -- Grub on a floppy!
John Aldrich wrote: I recently reinstalled RedHat 9 from scratch. Thinking it would be good to have a boot-floppy, I said yes when prompted to make a boot floppy. Now, I realize, that was really asking if I wanted to make a boot floppy INSTEAD of installing GRUB on the /dev/hda. I don't think that's correct. Anaconda asks you where you want to install grub early on. The boot floppy is created after grub is already installed to the hard drive (IIRC). You probably chose to install grub to the first sector of the boot partition, rather than the MBR. Check /boot/grub/grub.conf, the boot= line may confirm that (but may not... I've never installed grub anywhere but the MBR). How do I get it to install on /dev/hda? Boot the system up, and: # grub-install /dev/hda -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Using PAM for authentication
Jason Williams wrote: Through a little bit of testing, I was able to setup /etc/pam.d/ssh to use LDAP for authentication of users. Since then, my users can SSH to the box and log in correctly. In addition to the resources that have been pointed out, I suggest you look at the authconfig application. It almost certainly would have saved you a bunch of time and effort. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Upgrading OpenLDAP on 7.3
Robert Fitzpatrick wrote: What is the best procedure to upgrade OpenLDAP on a RH7.3 server. The rpm package (openldap-2.0.27-2.7.3) is installed now and from my experience, I am trying to remove it before building a new version. However, many dependencies :( Should I go ahead and build with the other version there making prefix /usr? If so, will up2date want to update my openldap sometime or can I just configure not to and not have a problem? If you need some feature of a newer version of OpenLDAP, install it elsewhere (such as /usr/local). This way, the programs which were built against the installed openldap will not be broken, and you can run the newer openldap out of a different directory. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Input/output error
Leseney Thomas wrote: Running any command that requires write access on the disk (touch /tmp/foo for instance) results in Input/output error. What's dmesg say at that point? If you can't run dmesg, look at the messages log after you reboot to see if the kernel logged any errors prior to the reboot. My hosting provider claims that it has nothing to do with the server itself and that it is due to a software misuse. A few Linux admins told me that this could be related to a disk hardware or driver problem. Disk errors seems the most likely thing to me. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: kerberos update failed
Marc Adler wrote: Test install failed because of package conflicts: file /usr/kerberos/bin/sclient from install of krb5-server-1.2.7-14 conflicts with file from package krb5-devel-1.2.7-10 What's wrong and what should I do to fix the error and perform the update successfully? krb5-devel needs to be upgrade at the same time as krb5-server. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RPM dead?
Miguel M. wrote: thxs for the help. Is this process supppose to take a while? Cause think its working but its going on for some time and the __somefile i moved were put back in. That suppose to happen? Yes. --rebuilddb takes a while, and the __db.* files are a normal part of operations. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RPM dead?
Miguel M. wrote: Doh! after like 3 mins I get this error message: error: db4 error(16) from dbenv-remove: Device or resource busy This is a harmless error message. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Logrotate: 2 questions
Keith Soares wrote:
What happens is that each night a 4:02am it runs, but it seems to take a
very long time to run and use a lot of resources. It shows up as using
over 94% of the CPU time in Running Processes (Webmin). Plus to make
matters worse, it doesnt complete before the next instance runs, so
they continually build up (Ive seen 7 or 8 instances at once running)
and this ends up severely slowing the system
Apply all of the avilable errata. You probably have a release of
mailman or samba that includes a bad logrotate script.
To confirm the problem, cut and paste this command:
grep '*' /etc/logrotate.conf /etc/logrotate.d/*
If any of your logrotate files contain a pattern where '*' is at the end
of a glob, then that belongs to a broken package. On my system, I get
these results:
/etc/logrotate.d/cups:/var/log/cups/*_log {
/etc/logrotate.d/httpd:/var/log/httpd/*log {
/etc/logrotate.d/samba:/var/log/samba/*.log {
On each, the '*' is at the beginning of the filename, not the end. If
the '*' appears at the end, logrotate will attempt to also rotate the
files it has already rotated, and your log directory will eventually
fill with thousands of log files.
Figure out what directory now has all of those files, and clean it out
like so:
cd /var/log/mailman; find . -type f -name '*.1*' | xargs rm
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: udp port 624 listening?
Mike Vanecek wrote: [EMAIL PROTECTED] root]# service portmap start Starting portmapper: [ OK ] [EMAIL PROTECTED] root]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper [EMAIL PROTECTED] root]# netstat -naup ... udp0 0 0.0.0.0:916 0.0.0.0:* 21092/xinetd Testing indicates that portmap must be running when a portmap service starts in order for it to be registered properly. Portmap services won't re-register with a portmap that starts up later. You'd have to restart xinted after starting portmap to get valid data. Thats new info to me, but there you go. I must be doing something wrong, since it had not given me the same informatinon you show above. The only way I could find it, based on the suggestion of another poster, was to stop sig_fam and note that the connection was closed. Restart xinetd after you start portmap and you'll get better results. I have never found any use for portmapper, hence do not run it. Am I missing something? Yes. Local RPC services use the portmapper. I run sig_fam only because I have been told it improves the operation of some apps. Despite my reading about it, I never have quite understood what it really does. I am tempted to shut it down and see what happens. FAM is the File Alertation Monitor. It uses a kernel service to monitor files and directories for modifications, rather than poll(), select() or stat() the files/directories repeatedly. If your portmapper is running, and fam is registered with it, an open Nautilus window should immediately reflect any changes made to the files/directories it displays. Other GNOME applications use FAM as well. I believe that the text editor will use it to watch for changes to files it has open. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: what is sgi-fam used for on the default instal anyway?
Bret Hughes wrote: What is it used for on the default install. IIUC fam is used to monitor the status of files and if changed do something. Is there some desktop sort of deal that this is used for? Yeah, the file manager and anything else that uses gnome 2's VFS library may use FAM to watch the files or directories that they've got open. It's much more efficient to use FAM, which can simply ping the application to let it know there's an update, rather than checking for updates repeatedly. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: time_t size and year 2038 wrap
Andy Jackman wrote: Hi, I'm using redhat 7.4 and in bits/types.h time_t is defined as long int. This causes a wrap in 2038 (as I'm sure you all know). That's only true if your long int is 32 bits. On a 64 bit platform, which you're quite likely to be using in less than 35 years, a long int is probably 64 bits, and you will never have cause for concern. I need both date and time. I can write my own date to/from string routines. For the love of everyone who will ever be associated with your code: don't do that. You will probably be using a 64 bit platform such as PPC, Itanium, or Opteron very soon, and on that platform your clock will outlive the sun. Stick with the libc date functions, and you'll be fine. Is there a 64 bit version of time() available for the current version(s) of linux? On 64 bit platforms, yes. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: What is the difference between Samba and NFS?
bEEnHeX wrote: Sorry for some kind of a pitty question, but I would like to know what is the difference between Samba and NFS and what are main purposes they are used for? NFS is a protocol native to UNIX systems, while Samba is a program that provides SMB, a protocol native to Windows systems. Linux supports both as file systems. From the point of view of a Windows user, SMB may be the only available option. NFS isn't supported by Windows without additional software. From the point of view of a Linux user, the question is more one of security (trust) and functionality. NFS provides normal UNIX filesystem semantics (user, group, other and read, write, execute permissions) where SMB may not. NFS relies entirely on trust security though. When you export a filesystem to a machine over NFS, you are trusting that machine's security to be equivalent to the server's. NFS uses standard UNIX security semantics, so a given share may have several users' files on it, and on the client each user will only be able to access files that the UNIX permissions allow them. However, if you export the filesystem to a system that is under the administrative control of a user, he can simply become any UID he wants on his own system, and access that user's files. SMB does not do the same thing. When you connect to an FS over SMB, you authenticate with a username/password, and for the entire session, you will have that user's security clearance. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: problem sync'ing 2 fs through network
Thierry ITTY wrote: each machine has 3 NICs, one for service (eth0), two for mirroring (eth1 and eth2) actually enslaved in a bond0 interface. they are all accton en1207f/tx w/ tulip driver. my problem is that during network load traffic stops between the 2 machines and it looks like some nic just got frozen. Tulip cards aren't known to be the most stable things in existance. I would particularly shy away from cheap Accton cards. Try using some intel cards. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: what is sgi-fam used for on the default instal anyway?
Matthew Galgoci wrote: You hit the nail on the head. rpm -q --whatrequires fam Don't forget: rpm -q --whatrequires libfam.so.0 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: udp port 624 listening?
Mike Vanecek wrote: Portmap is stopped ... [EMAIL PROTECTED] root]# rpcinfo -p rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused So start the portmapper, and try again. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: udp port 624 listening?
Mike Vanecek wrote: [EMAIL PROTECTED] root]# rpcinfo -p rpcinfo: can't contact portmapper: RPC: Remote system error - Connection ... The suggestion to look at rpcinfo, rpc, and portmapper really has no relevance to the issue. Yes, it does. The variable port is a signature of portmap applications, and *using* the portmapper will tell you what requested the port: $ /usr/sbin/rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 3910022 tcp 32769 sgi_fam fam is useful, but not critical, for your desktop applications. Portmap is safe to use as long as you've got your firewall up. Even if you don't want to use it normally, turning it on to answer your question would have been a trivial and quick solution. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Compiling courier-imap on RH 9.0 fails
Jason Williams wrote: Hello everyone. Im working on installing courier-imap on a RH 9.0 box. You might try using the spec I've submitted to Sam, available here: http://phantom.dragonsdawn.net/~gordon/courier-patches/ This spec should have a full list of prerequisites for the build, and let you exclude some components using --without (ldap|mysql|pgsql|fax) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: OpenLdap issues
Michael Hamam wrote: Hello all, I configured OpenLdap, but when I rebooted the server I could not login even as root. The error is Authentication Failed. What seems to be the problem. You've probably got the LDAP server's hostname wrong, or some similar misconfiguration. First, you're going to need to boot to single user mode, and use authconfig to fix your authentication settings. After you've made your changes, start your network service network start. With the network up, test your changes using the getent tool, like getent passwd ldapuser. When getent returns data that looks correct, you can then fix /etc/pam.d/system-auth. Change the line: account required /lib/security/$ISA/pam_unix.so to: account sufficient /lib/security/$ISA/pam_unix.so This fix will allow you to log in as root when the LDAP server is down or settings are wrong. The current settings are hosed such that if you misconfigure your system, or the LDAP server is down, you cannot log in as any user. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Linux Mailserver
Joseph Aphraim Kaliyadan wrote: Hi All, I would like to know the best and free linux mail server which is highly scalable. The traffic could be around 1000 user accounts and around 200 users accessing simutaneously. My vote will go to Courier every time. Its architecture and configuration is similar to Qmail, but it provides a full mail suite (SMTP, POP3, IMAP, webmail, fax, mail filtering) which can be used as a whole or just the parts you like. If you run most any other modern SMTP server (such as Postfix), you'll probably use Courier's IMAP server with it. Give the suite a try. It's easier (IMO) to configure everything once, than to do it once for each piece of your mail server. I use the Courier system in my work environment, supporting about 1000 users. Our system uses an NFS backend and a cluster of identical mail servers. Each of the three mail server is an 800Mhz P3 with 512MB of RAM. Each one runs the Courier suite, plus SpamAssassin and RAV antivirus. The system is designed to scale linearly; if the load becomes too great, we just add another server and rsync the filesystem of an existing server onto the new one. Let me know if you're interested in more details. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: LDAP to csv or txt address book
Hiten Desai wrote: any info regarding configuring some web page which gives the current ldap users output which can be used as a csv or txt address book. there is this feature in horde but it is stopping at 500 entries I would like a simple webpage which can do this trick. Perhaps your LDAP server is configured to return at most 500 replies to any query. If that's the case, then you just need to fix the server. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Applied RHSA-2003:222 - now cat command corrupted
Melissa Meyer wrote: [EMAIL PROTECTED]:~# rpm -V $(rpm -qf $(which cat)) glibc ..5. /bin/cat ...T c /etc/rpc If rpm -V fileutils net-tools util-linux returns any executables that have been modified, you've probably been hacked. /bin/cat is one of those. You might also find ls, login, or netstat modified. These are all modified by common rootkits. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: ftp clients
Paulo Schopf wrote: I have RH9 server running Squid, without nat or iptables. My clients can access ftp pages using a browser, but dont using ftp clients for Windows (LeechFTP). What is the easier way to let them access ftp using ftp clients? The easiest way would be to add NAT for non HTTP services. Only applications specifically written to support proxy servers will work with the setup you've created. If you want to support the rest of the applications your users are using, you'll need NAT. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: OpenLdap errors
Michael Hamam wrote: I downloaded BDB, and installed as per instructions. When I tried to connect to ldap through a browser, I get the following errors, Invalid credentials, and error 32 no such object Did you create a database, and put some structural units in it? What is causing the error, and how can it be rectified. You should probably look at one of the LDAP HOWTO's for the initial steps in creating and populating and LDAP database. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: sendmail+imap to postfix+courier-imap
Fryclau wrote: I will move my mailserver from sendmail imap to postfix + courier-imap. The reason is the authentication features with mysql. The hard thing is move the mailbox to the new maildirs without losing emails. Easiest way is to set up the new mail server the way it should be (and test it real well), change your DNS records so that mail gets delivered to the new system. When that's done, copy the mail spools to the new server and use mbox2maildir or just: formail -s sendmail username username.mbx to inject the messages into the new mailboxes. Is there anyway to do that well?? I think in fetchmail.. Could it be? Using fetchmail would require you do know each user's password, and would do basically the same thing as the above formail command, with a lot more overhead. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RH: Please fix kernel make target rpm
Eric Wood wrote: # make mrproper `/bin/cp configs/kernel-2.4.20-i686.config .config` oldconfig dep clean rpm The above command will copy the configs/kernel-2.4.20-i686.config file to .config, then replace that part of the command line with cp's output (nothing, in most cases), and then run make mrproper oldconfig dep clean rpm, which will first delete .config. How about: make mrproper cp configs/kernel-2.4.20-i686.config .config make oldconfig dep clean rpm -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Help! How to restore glibc on a broken system?
Aeryn wrote: Now, I would like to upgrade to the glibc 2.3 version. I have been told to use the: glibc-2.3.2-27.9.i686.rpm glibc-common-2.3.2-27.9.i386.rpm glibc-debug-2.3.2-27.9.i386.rpm glibc-devel-2.3.2-27.9.i386.rpm glibc-profile-2.3.2-27.9.i386.rpm glibc-utils-2.3.2-27.9.i386.rpm That set of packages should be fine. You don't need to install any that aren't on your system already, so either remove glibc-debug, glibc-profile, and glibc-utils, or upgrade using: rpm -Fvh glibc*.rpm I mean, I don't remember it last summer being so difficult to upgrade the glibc (ok, I am a little rusty with my linux...it has been a while) In the past, the i386 and i686 packages didn't have feature sets that varied the way that these packages do. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Glibc updating
Aeryn wrote: Hello, I know this is an easy question, not much of a challenge, but...I am going to update on my linux server the Glibc from 2.2 to 2.3. Does anybody know of any issues I may face with this upgrade? I am using the Glibc 2.3 rpm to do the upgrade. Don't try to use the i386 rpm if you already have the i686 package installed. Use up2date, apt, or yum if you're not sure. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: A question.
reza saeidinia wrote: Is stdsyms.h a system file of linux? if it is true please send this file for me. I want to run a program and the error no rule to make /usr/includs/sys/stdsyms.h is accured . please help me. http://lists.parisc-linux.org/hypermail/parisc-linux/10707.html -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: best smtp pop3 server for RH9 ????
Fryclau wrote: I need a security imap-pop3-smtp server for multiple domains Authenticate users by mysql if is possible User login as '[EMAIL PROTECTED]' instead of user Courier's MTA supports this. You can get packages here: http://phantom.dragonsdawn.net/apt/redhat/7.3/en/i386/RPMS.dragonsdawn/ They'll work on 7.3 or newer RHL. Courier supports MySQL authentication, and is very easy to configure. Documentation is here: http://www.courier-mta.org/ If you have trouble, subscribe to the user list. One of us will help you out. Mailing list administration Courier includes courier-mlm, and it's also compatible with Mailman (which I recommend). Mailman packages can be found at the same location as my courier packages. Webmail interface with nice graphics and good functions Courier includes SQWebmail, which will be faster than IMAP based clients, but I like the interface of Squirrelmail better (particularly in the LDAP address book functionality). Sendmail it's safe but doesn't work with mysql. Isn't it? Sendmail will probably never be safe. Its security model is extremely flawed. Need 4 o 3 programs to run a full mail server as isp with multiple domains. If you run Courier, you may only need one package. Using Courier's SMTP, IMAP, and POP servers, you have only one configuration to learn and maintain. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Need help--x window client on windows
John Aldrich wrote: On Thursday 17 July 2003 06:00 pm, Gordon Messmer wrote: And if you're afraid of the actual installation of an X11 server (not a client) on the Windows terminals, you may be able to just run putty on the PC, and use the c3270 client on the Linux server. Why not VNC/TightVNC/XVnc? I use TightVNC on my linux box and connect to it from work via an encrypted PuTTY-SSH tunnel.. :-) Because c3270 is a terminal mode client. It's not windowed. There's no need for VNC. There's no need for X11. Putty should be sufficient on its own, without the need for additional software on the PC. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Need help--x window client on windows
Frank Bax wrote: At 02:57 PM 7/17/03, Timothy Stone wrote: Situation: I have 600+ clients on Windows desktops. Each connects to a mainframe data application via IBM Personal Communications 3270 Terminal Emulation over telnet (ugh!). It sounds like you want something like PuTTY, but that allows an X-application running on a linux box uses a windows client for display. I've never done it, but the PuTTY docs mention forwarding X applications: http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter3.html#3.4 And if you're afraid of the actual installation of an X11 server (not a client) on the Windows terminals, you may be able to just run putty on the PC, and use the c3270 client on the Linux server. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: How can I use Kdevelop with an already built executable
[EMAIL PROTECTED] wrote: I'd like to use Kdevelop to browse source calls in an executable that I've already built, which is dependent on a long list of .c and .h files. Kdevelop seems to be designed for building executables from scratch. How can I load my executable into Kdevelop? I don't believe that kdevelop is designed to do that, but if the application is not stripped you can probaby load it into kdbg. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Proper way to keep users out of a directory
Anton Piatek wrote: set the dir to be owned by group httpd, make sure that the group can read the files. chgrp httpd files chmod 750 files So long as apache/httpd is run as userid httpd it can read the files, other users cant! One more thing that you must consider is that your users can probably run PHP as well. That means that they can so something like: ?php system(tar cf servers-code.tar /var/www/html/private-php); ? If you want to prevent abuse by users, you have to disable their ability to run PHP as well. If you're on RHL 8 or 9, edit /etc/httpd/conf.d/php, and put a Directory limit around the Files section: Directory /var/www Files *.php SetOutputFilter PHP SetInputFilter PHP LimitRequestBody 524288 /Files /Directory You might want to duplicate that for /usr/share, so that applications like Squirrelmail will work. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: recursive word count (wc)
Tao Chen wrote: find . -type f | xargs cat | wc -l Why 'cat' ? find . -type f | xargs wc -l Just to be succinct. If you want the line count of each file, in addition to the line count of all of the files, then that will also work. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: POP3 with full email as user name
Fryclau wrote: Thank a lot to answer! Can I use mysql with ipop3? AFAIK, you can't. How you authenticate user with mysql from postfix and curier-imap? Both Courier IMAP and Postfix have special modules for MySQL support. In addition, Courier has a full MTA suite that you can use, rather than Courier's IMAP+Postfix. The biggest advantage will be easier setup. If you use Courier as a suite, you only need to configure MySQL authentication one time, rather than once for Courier's IMAP and again for Postfix. Is't the same from ipop3? No, it isn't. Then I can authenticate ftp users either with vsftp mysql? You should be able to, yes. THANK AGAIN P.S. Is't hard to move from ipop3 to postfix and courier-imap? Not terribly, but the two are very different. I'd recommend installing Courier on a separate box, configuring it the way you want it to work, and then putting it into the place of your existing server. Once that's done, you can inject the mail spools from the old sendmail/ipop3 server to the Courier box. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: recursive word count (wc)
Mike McMullen wrote: Brute force would be cat */* | wc ... which doesn't recurse, and so fails the requirements of the poster. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: recursive word count (wc)
fred smith wrote: On Fri, Jul 11, 2003 at 11:51:22AM -0400, Reuben D. Budiardja wrote: Hello, Just a quick question, wondering if somone can help. How do I do recursive word / line count using 'wc'? What I mean, eg if I have 3 directories in the current directory, I want wc to go inside each directory, cound the line / words for all the files in each directory, and display the total of the files in those 3 different directories. Any help ? Off the top of my head: wc -w `find . -name \* -print` ...which will fail if there are too many files for the command line. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: recursive word count (wc)
Reuben D. Budiardja wrote: Just a quick question, wondering if somone can help. How do I do recursive word / line count using 'wc'? What I mean, eg if I have 3 directories in the current directory, I want wc to go inside each directory, cound the line / words for all the files in each directory, and display the total of the files in those 3 different directories. If you want a simple aggregate: find . -type f | xargs cat | wc -l -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Read Exec by default - RH9 - why?
Ed Wilts wrote: On Wed, Jul 09, 2003 at 11:31:29AM -0700, Gordon Messmer wrote: Ed Wilts wrote: You're right - there is a security hole there. For example, I don't think it's a good idea that the password file is world readable since it gives information out that you may not want to share. If you're using shadow password files (and you don't have any excuse not to): no, it doesn't. Yes it does, even with shadow passwords. If you give a local user the list of all the userids on the system, he's got a head start on ids he can crack. Give him the last login time, and he's even better off - now he knows that if crack Joe Blow's account, and Joe only signs on once a month (as last while show), his nefarious activity might be hidden for a while longer. The more information you make public, the less secure you should feel. You could find all that out with 'ls -lu /home'. Even if you couldn't read the user database directly, you can find the information some other way. If you couldn't, you'd destroy one of the primary functions of multi-user computer systems: Helping users communicate with each other and work together. Obscurity is not security. Drawing your shutters closed does not make you safe. For the record, if I'm being authenticated by an ldap entry, ls -l still works, even though I'm not even in /etc/passwd. Big deal, your information is still in a user-accessible location. The only difference between 'grep ewilts /etc/passwd' and 'ldapsearch -x uid=ewilts' is one of process. The information is available to everyone, regardless of where it's stored. ... Users *should* be able to read /etc/passwd. I disagree with the last comment. I know why it works that way and understand that, but that doesn't mean it's the best way. That's just the way it is, for better or for worse. You could, for example, solve some of the issues with proper use of access control lists and various privilege models (a la VMS). On VMS, for example, the system username file is not world readable. You know what, dir/full works. Perhaps you could expand on that by telling us *how* it works. (Don't know...never used VMS). What, exactly, allows dir to read the user database, but prevents other applications from doing so? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: PHP Scripting - Hope you get all this
Brian Ashe wrote: Im getting an error when running a script : bad interpreter: No such file or directory If you ever see that in the shell, it means that the script you're running has DOS linefeeds in it. Use either dos2unix or tr -d '\n' oldfile newfile to remove them. snip Try it with a tr -d '\r' oldfile newfile. Unix uses Line feeds not carriage returns. Yeah... that'd certainly make a difference. My mistake :) -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: pop3 vs pop3s question
Gerry Doris wrote: I believe that pop3s is the regular pop3 daemon with TLS support. However, if a client doesn't meet the TLS requirements will the pop3s default back to regular usage or will mail just not work? In other words, if I want to support TLS for only some users do I have to run both a pop3 and a pop3s daemon or will the pop3s do the complete job. I'm assuming that imaps works the same as pop3s. Both of those services run on alternate ports, providing SSL. I believe that imap supports STARTTLS, but I'm not sure if pop3 supports STLS. You can telnet to port 110 and try the command to find out. In other words, pop3s and imaps will not work for clients that don't do SSL, but imap (and maybe pop3) will work for all clients, including those that want SSL (as long as they can do STARTTLS, which isn't always the case). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Read Exec by default - RH9 - why?
Fryclau wrote: I'am the the root user to applying the chmod... Obviously. The system works fine, but I don't like to leave the security access of each file in the disk with R-X to other users.. When some user login without privileges he could do something like this: Cat /etc/hosts And it works find Yeah, it's supposed to. If the users can't read /etc/hosts, then they can't resolve hosts. There's nothing magic about name resolution. A program has to open /etc/hosts, /etc/nsswitch.conf and /etc/resolv.conf to figure out how to resolve a name, and then resolve it (in the normal case, nsswitch.conf might tell the program to operate differently). If they can't read /etc/passwd, then ls -l can't show them login names. If they can't read /etc/bashrc or /etc/profile, then their shell won't have any PATH, or well, anything. I don't think this is good to my security. What can users do with the information in /etc/hosts that would impact your security? Make sure you have a good answer to that before you make changes to your system. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: sendmail vacation program
Richard Humphrey wrote: Anyone know if this comes with RH 8.0 sendmail? I know it is a seperate program, but sendmail includes it in their source. Does RH include it in RPM. I could not locate it. Is it in a seperate RPM or do I just need to d/l and compile? Looks like you'll have to build your own. I'm not seeing it anywhere in Red Hat's distribution. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Read Exec by default - RH9 - why?
Ed Wilts wrote: You're right - there is a security hole there. For example, I don't think it's a good idea that the password file is world readable since it gives information out that you may not want to share. If you're using shadow password files (and you don't have any excuse not to): no, it doesn't. If users can't read /etc/password then: * ls -l doesn't work, because users can't map numbers to names. * web servers (like apache) can't serve user directories, because it can't figure out where ~user is supposed to point. * MTA's that don't run smtpd as root (like Courier, and probably Postfix) can't verify whether or not a user exists, so they will probably fail outright. Other stuff breaks too, I'm sure. Those are just a few examples. User data, with the exception of authentication tokens, is not privileged information. Users *should* be able to read /etc/passwd. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: rpath and LD_LIBRARY_PATH
Ajay Bansal wrote: What is the difference between rpath and LD_LIBRARY_PATH in terms of library search paths at link time? Which one is better to use. I was using LD_LIB... But my customer says.. Remove it.. Use somethinig else.. You're probably best off making your application a shell script that locates its library directory and sets the LD_LIBRARY_PATH without the user's intervention. See the mozilla script for an example of how this is done. mozilla is a shell script that sets some variables, and then runs the program mozilla-bin. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: cgi-bin hardening
prashant Kulkarni wrote: can any body help me in hardening cgi-bin application. Are you looking for general advice, or someone you can pay to do the work? Assuming the former, please be specific about the language in which the CGI is written, and any library extensions that you're using. That will at least give list members somewhere to start giving you pointers. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Redhat Squirrelmail install
Ehrhart, Jay wrote: I installed Squirrelmail through the standard Redhat package manager in KDE. So it should be installed with all the standard RPM defaults. How do I access the web interface to check mail? If you installed Red Hat's version, /webmail becomes an alias for the squirrelmail installation. Point your browser at: http://server/webmail/ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: UTF-8
João Borsoi Soares wrote: I've asked before and had no answer. So, here I go again. I just want to change my default LANG environment environment from pt_BR.UTF-8 to pt_BR. I've tried changing /etc/sysconfig/i18n and it worked for the text mode consoles, but it didn't work for applications on X, like xterm, etc. Modify /etc/X11/gdm/locale.alias -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
