Re: Help with root password
On Sat, 20 Jul 2019, Nico Kadel-Garcia wrote: > > sudo passwd root > > If he had sudo access, why would he need or want a root password? a root password, rather than mediated 'sudo' access is needed from time to time Before the system is up and recognizing, to do fsck' and such which require the root password to be executed, comes to mind -- Russ herrold
Enterprise Linux 8 beta
On Tue, 15 Jan 2019, Yasha Karant wrote: > The following announcement appears on the wholly owned IBM subsidiary web > site: The RHT shareholder's meeting to consider the merger into IBM has not yet occurred, and is scheduoed for tomorrow, as it turns out The customary release annoucement of a new major release (which an '8' would be) has not been issued perhaps the rest these questions are premature -- Russ herrold
Re: kicked off the list via Office 365?
On Sat, 17 Nov 2018, Vasili Wylie wrote: > it is not all about office365, I don't use that and I was kicked off. somewhat humorously, I too was kicked off over the weekend. The accompanying message made it look as through the 'too many delayed or bounced pieces' trigger was hit, with a 'look-back of three months That is a configurable setting in Mailman, and may have inadvertently been encountered when rolling in a backup and not expressly disabling that counter for a few days to let it expire old pending non-sends -- Russ herrold
Re: kicked off the list via Office 365?
On Fri, 16 Nov 2018, Paul Richard Thomas wrote: > The curious thing is that it was an Outlook message whereas the > receiving email handler is gmail. I would guess, therefore, that the > problem is occurring at the Fermilab end. 'guessing' about causes of failures in the face of a straightforward explanation, testible by speaking to your email provider, rather than positing a testible hypothesis (as I did) seems useless -- Russ herrold
Re: kicked off the list via Office 365?
On Fri, 16 Nov 2018, Paul Richard Thomas wrote: > Could somebody explain why this is happening to those not versed in > these problems with office365 ? Every receiver of email decides the policies under which it will accept it, or indeed, whether it will accept an offered piece at all. Anti-spam defense systems are the most common reason offered The owners of the Office 365 product, and those of Gmail have (probably) decided that the content from the list 'looks spammy' ... their choice, and that decision is applied on behalf of their subscribers. Also, to avoid 'educating' senders of unsolicited email how to evade such restrictions, the criteria shift without notice and may get tighter or looser, depending on the whim of the email receiver that day The alternative approach is for a email receiver is to simply 'mark' such as with a spam-assassin score, their opinion as to how 'spammy' something is, and permit the mail user client to decide what to do with it I run under that latter system, and I see this as to your question piece: Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.2-r929478 (2010-03-31) on (elided) X-Spam-Level: X-Spam-Status: No, score=-0.8 required=4.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM, T_DKIM_INVALID autolearn=no version=3.3.2-r929478 The theory is that an unhappy subscriber will complain, or go elsewhere These questions should properly be directed to your email handling firm (here: Microsoft or Google) -- Russ herrold
Re: systemd tftp xinetd
On Tue, 11 Sep 2018, Ken Teh wrote: > I've done all that. But after I reboot the system, I cannot tftp a file from > the server. But if I start tftp.service manually, I can get the file. There may be permissions problems and more in play -- BUT you are trying to 'jump ahead' --- FIRST, verifying that the connection NOT working on localhost after reboot is the assertion which we need to test. We can manually do a transfer on localhost ## the directory: /var/lib/tftpboot/ is the default from which ## to pull per the configuration file. I create a file there [root@centos-7 ~]# echo "Ken Teh" > /var/lib/tftpboot/test [root@centos-7 ~]# ls -al /var/lib/tftpboot/test -rw-r--r--. 1 root root 8 Sep 11 13:41 /var/lib/tftpboot/test [root@centos-7 ~]# cat /var/lib/tftpboot/test Ken Teh [root@centos-7 ~]# tftp 127.0.0.1 tftp> verbose Verbose mode on. tftp> ascii mode set to netascii tftp> get test getting from 127.0.0.1:test to test [netascii] Received 8 bytes in 0.1 seconds [510 bit/s] tftp> quit [root@centos-7 ~]# cat test Ken Teh [root@centos-7 ~]# pwd /root [root@centos-7 ~]# Then I rebooted and repeated the process [herrold@centos-7 ~]$ sudo su - [sudo] password for herrold: Last login: Tue Sep 11 13:48:33 EDT 2018 on tty1 [root@centos-7 ~]# rm -f test [root@centos-7 ~]# tftp 127.0.0.1 tftp> ascii tftp> verbose Verbose mode on. tftp> get test getting from 127.0.0.1:test to test [netascii] Received 8 bytes in 0.1 seconds [547 bit/s] tftp> quit [root@centos-7 ~]# cat test Ken Teh [root@centos-7 ~]# uptime 13:49:49 up 1 min, 3 users, load average: 1.29, 0.47, 0.17 [root@centos-7 ~]# netstat -paun | grep 69 udp6 0 0 :::69 :::* 1/systemd [root@centos-7 ~]# and the log shows: [root@centos-7 ~]# grep tftp /var/log/messages ... Sep 11 13:44:49 centos-7 in.tftpd[32580]: Client :::127.0.0.1 finished test Sep 11 13:49:35 centos-7 in.tftpd[3116]: Client :::127.0.0.1 finished test and again on the non-localhost socket: [root@centos-7 ~]# rm -f test [root@centos-7 ~]# tftp 10.16.1.106 tftp> ascii tftp> verbose Verbose mode on. tftp> get test getting from 10.16.1.106:test to test [netascii] Received 8 bytes in 0.1 seconds [614 bit/s] tftp> quit [root@centos-7 ~]# cat test Ken Teh [root@centos-7 ~]# Notice that those are ALL the commands run since the reboot ... the tftp service was being run with no effort on my part. Now, it is perfectly well possible that the firewalld, or permissions, or more are in play as to ** off host ** transfers, ... but the tftp service IS alread running and working, and a localhost, and on-host transfer is working > If a service is never available on reboot after you've enabled it, what does > 'systemctl enable' mean? I do not know the background of why you assert it is 'never available' as I cannot reproduce such an unavailability locally ... I suspect rather it may simply not be available for off-host transfers > Is there some magic sequence of steps I need to take to "really" enable the > tftp service? The connection and transfer example above shows exactly what I did. I suggest using the tftp CLIENT to see [herrold@centos-7 ~]$ grep tftp /etc/services tftp69/tcp tftp69/udp I suspect your tftp-service is actually enabled and listening ... this might be tested and demonstrated with the tftp client thus: from a remote machine: [root@router ~]# tftp (to) 10.16.1.106 tftp> status Connected to 10.16.1.106. Mode: netascii Verbose: off Tracing: off Literal: on Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> quit [root@router ~] and we see in the process table 'netstat details' on the server machine: [root@centos-7 ~]# netstat -panu | grep 69 ... udp6 0 0 :::69 :::* 1/systemd We do not see a process containing the name 'tftp' in the process table, separately, as the 'systemd' is acting as the former 'xinetd' and watching the socket but it is still there, looking at the localhost nad the external IP of the server machine as well [root@centos-7 ~]# tftp 10.16.1.106 tftp> status Connected to 10.16.1.106. Mode: netascii Verbose: off Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> quit [root@centos-7 ~]# tftp 127.0.0.1 tftp> status Connected to 127.0.0.1. Mode: netascii Verbose: off Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> quit [root@centos-7 ~]# Notice the difference in the 'Connected to ' field Long ago and far away, I wrote a longer piece for debugging once I demonstrated a working tftp server and client, using tcpdump ... Things have changed some -- SElinux, wrappers to the firewalld, probably more https://urldefense.proofpoint.com/v2/url?u=http-3A__www.owlriver.com_tips_tftp-2Dxinetd_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQc
systemd tftp xinetd
On Tue, 11 Sep 2018, Ken Teh wrote: > I need help with how to enable tftp service. I am trying to > get something done and I have no patience for systemd's > convoluted logic. Time then, to retire from modern Unix, perhaps. Change and the tide of systemd will not be reversing > The tftp-server installs > > (1) /etc/xinetd.d/tftp Old way: Please examine this file, and as needed, edit to enable the service (normally services are / were shipped disabled, pre-systemd, as part of a hardening push back at RHL 7.2, back at the turn of the century). Particularly the line: disable = yes Alternatively (the old and) LSB specified way was: try as root: chkconfig tftp on - or the 'systemd way is: - systemctl enable tftp - View what is enabled, or not, thus. 'grep' will work with this form: systemctl list-unit-files --no-pager viz: [herrold@centos-7 ~]$ systemctl list-unit-files --no-pager | \ grep tftp tftp.service indirect tftp.socket enabled -- Russ herrold
Problem recreating grub2 menu in SL7 dual boot with Win10
On Wed, 24 Jan 2018, Bill Maidment wrote: > It appears that I need to do yum install grub2-efi-modules (why wasn't this > done before? I ask). Packages are partitioned into a main and sub-packages, so that the bloat of un-needed matter is avoided. UEFI is relatively new, and until Windows 10, not really mandated by Microsoft installations. Also the needed hardware (a TPM chip) was not universally present, and so that sub-package would seem to be bloat to most people As to how to get a copy, using an second machine to retrieve the needed package, and placing it on a data stick comes to mind. If no second machine is at hand, booting into Windows and getting it comes to mind. Also, an 'everything' ISO will fit on an 8 or 16 G datastick, so one can 'pull the full archive' and if there is a dependency problem it might be resolved. It is worth keeping a copy around for times like this ;) -- Russ herrold
Re: Error Installing ROOT6.11.02 on Linux. Help Appreciated
On Thu, 11 Jan 2018, Konstantin Olchanski wrote: > I recommend against installing ROOT from EPEL. By past experience > the version of ROOT in EPEL is always severely out of date > and is always built with the wrong options. To which bug do you refer? of course EPEL folks cannot fix what they do not get bugs get or respond to complaints they do not know about there is only one open and possibly relevant non-'cross platform build' bug open as I read bugzilla https://bugzilla.redhat.com/buglist.cgi?cmdtype=runnamed&list_id=8294084&namedcmd=root%20m-p%20Open and looking at the open to close history of the 51 closed bugs, it seems it is being actively maintained -- over 12 closes in 2017, some seemingly substantial https://bugzilla.redhat.com/buglist.cgi?cmdtype=runnamed&list_id=8294092&namedcmd=root%20m-p%20Closed As the OP seemed to be looking to bootstrap an install, concerns about temporary bootstrap staleness are probably is not relevant, as the library mentioned would get updated anyway -- Russ herrold
Error Installing ROOT6.11.02 on Linux. Help Appreciated
On Wed, 10 Jan 2018, Christopher Barnes wrote: > Hello, > > I am installing ROOT6.11.02 on an Ubuntu 16.04 machine (Ubuntu 16.04.2 LTS > (GNU/Linux 4.8.0-58-generic x86_64). When I try to compile a C++ macro > using this release of ROOT, I get the following error: In a Red Hat derived environment: # yum provides \*/libImt\* root-core seems to provide it, and it is in EPEL 7 Description : This package contains the core libraries used by ROOT: libCore, : libNew, libRint and libThread. https://root.cern.ch/ I do not see that headers are separately packaged: [root@centos-7 ~]# yum list root\* | wc 111 3358543 [root@centos-7 ~]# yum list root\* | grep dev [root@centos-7 ~]# M Go Blue -- Russ herrold U Mich Law '79
Re: systemd saned issues
On Tue, 21 Nov 2017, ToddAndMargo wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=1142369 ... > Plus, my version of sane-backends, does not have systemd > support compiled in. not that it is compiled in at all, but rather, as the bug showed how to check, just missing systemd support config files and you were asked to file a bug against the appropriate component, rather than hi-jacking a bug on a completely different issue in systemd and you have still not learned to trim a while ago you remarked: > My problem is that I have been trying to pound a square peg > into a round hole. RHEL is a really poor choice for a system > that has a lot of innovation going on on it. Perhaps you should consider moving to Fedora, as they are suited to your needs ** Please ** conform to FOSS norms here --- I have seriously considered just devnulling your content, as you use this venue far beyond its scope -- Russ herrold
RE: clock skew too great ** EXTERNAL **
On Wed, 18 Oct 2017, Howard, Chris wrote: > Is it possible the two boxes are talking to two different servers? as the initial post mentioned and showed it was using remote host lists to a pool alias, almost certainly -- as a way around, set up ONE unit to act as the local master, and then sync against it, to get 'site coherent' time [a person with more than one clock is never quite _sure_ what time is correct ;) ] for extra geek points, spend $25 on AMZN, and get a GPS USB dongle; run a local top strata server (the first three lintes of the following) [root@router etc]# ntpq -p remote refid st t when poll reach delay offset jitter == GPS_NMEA(0) .GPS.0 l- 1600.000 0.000 0.000 SHM(0) .GPS.0 l- 1600.000 0.000 0.000 SHM(1) .PPS.0 l- 1600.000 0.000 0.000 +ntp1.versadns.c .PPS.1 u 665 1024 377 51.817 -12.510 19.938 *tock.usshc.com .GPS.1 u 294 1024 377 34.608 -8.108 10.644 +clmbs-ntp1.eng. 130.207.244.240 2 u 429 1024 377 31.520 -5.674 7.484 +ntp2.sbcglobal. 151.164.108.15 2 u 272 1024 377 23.117 -6.825 10.479 +ntp3.tamu.edu 165.91.23.54 2 u 1063 1024 377 63.723 -3.319 16.813 [root@router etc]# configuring ntp.conf is not all that hard -- Russ herrold
Re: Tips for updating to SL7.4 (with yum-conf-sl7x installed)
On Tue, 3 Oct 2017, Konstantin Olchanski wrote: > It is prudent to "yum erase libgpod" beforehand, or good chance > yum will consume all ram and go into some kind of loop over dependancies. Perhaps should have a local 'blacklist' Conflicts: libgpod in the 7.4 sl-release file then? That way one would not inadvertently run into the issue ... and of course adding to the Release Notes the explanation of WHY a simple: yum clean all ; yum update better requires that erasure manually first -- Russ herrold
Weird curl, Firefox issue
On Tue, 19 Sep 2017, ToddAndMargo wrote: > https://support.kaspersky.com/viruses/rescuedisk > > Any idea why I can get to the right web site with > Firefox, but not curl? > > $ curl -L -vvv http://support.kaspersky.com/viruses/rescuedisk/ -o > eraseme.html lynx notes there is "** bad HTML **" getting there during one of the 3xx redirects -- Russ herrold
Transparent Screen Lock for Enterprise Linux
On Tue, 19 Jul 2016, O'Neal, Miles wrote: > On 07/15/2016 10:45 AM, Pat Riehecky wrote: > > Neat! > > > > Any chance you can get it into EPEL? There seems to be a dependency on 'xautolock' which is knknown to yum in base or EPEL A non-Proof-Point URI for the github atchive is: https://github.com/CLASSE-CornellUniversity/EnterpriseLinux-TransparentScreenLock -- Russ herrold
free ssl certificate
On Thu, 14 Jul 2016, Ian A Taylor wrote: > Can anyone recommend where I can get a free SSL certificate. I've been quite pleased with https://www.startssl.com/ for many years .. I know the cool kids ight recommend the 'Let's Encrypt' effort as well -- Russ herrold
Need specific LaTeX utiliities for EL7
On Tue, 14 Jun 2016, Yasha Karant wrote: > WYSIWYG (not LyX that produces LaTeX but internally is not LaTeX)? Thus far, > I have not found such a WYSIWYG. 'lyx' uses latex, but manually editting to 'touch up' its output is a PITA. In EPEL -- Russ herrold
Sendmail DH parameters fix: was: Re: SL5 problem with sendmail an openssl
On Fri, 10 Jul 2015, R P Herrold wrote: We reached the following addition of a DH parameters file solution, which also solved the authentication issue for certain Apple email clients on IOS 8.4 (an update within the last month) sendmail.mc fragment define(`CERT_DIR',`/etc/pki/tls')dnl define(`confCACERT_PATH', `CERT_DIR')dnl dnl https://www.sendmail.com/sm/open_source/docs/m4/tweaking_config.html dnl dnl http://weldon.whipple.org/sendmail/wwstarttls.html#DHParams dnl dnl http://lists.freebsd.org/pipermail/freebsd-questions/2015-June/266456.htm dnl > 3. If a setting for confDH_PARAMETERS exists and is set to dnl dnl > a file path, create a new file with: dnl dnl > openssl dhparam -out /path/to/file 2048 dnl dnl > for 2048-bit dnl dnl *** USED *** dnl dnl so: openssl dhparam -out /etc/pki/tls/certs/DH-options.pem 2048dnl dnl dnl define(`confDH_PARAMETERS', `CERT_DIR/certs/DH-options.pem')dnl -- Russ herrold
SL5 problem with sendmail an openssl
On Fri, 10 Jul 2015, Franchisseur Robert wrote: > since last security update of openssl I cannot send mail with sendmail > on SL5 I confirm that we received the same error when we applied the OpenSSL update, and had to revert as well; remember to add an 'exclude' rule in yum.conf to block it against future updates We are in the process of leaving '5' for mailservers and webservers (to get the alter TLS versions), so are not actively seeking a fix -- Russ herrold
Re: Installation issues in SL7
On Wed, 17 Sep 2014, Michael Tiernan wrote: > On 9/17/14 9:58 AM, Bluejay Adametz wrote: > > I always remove the quiet and rhgb options from the kernel line in the > > grub config * nod * Additionally, with some video switches, changes in resolution cause problems. I add the following to the right end of the 'kernel' line as well: nomodeset vga=769 to force a TUI console which is not rendered in whatever font the system and video card think they can do, but rather a historically familiar: 80 x 24 grub [older RHEL derived] will pick this up by default; grub2 [RHEL 7 derived] needs an edit in: /etc/sysconfig/grub thus: GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us nomodeset vga=769 " and ** then ** an express bootloader fixup: grub2-mkconfig -o /boot/grub2/grub.cfg -- Russ herrold
kvm bridge broadcast traffic
> > On my 6.5 x64 system my bridged KVM guests (several kind > > of Windows and > many kind of Linux guests) do not get the broadcast messages. Every network > packets reach them from the subnet except broadcast and multicast messages. > How can that be? My desk notes indicate we do this locally, so we can see messaged transit iptables: Next we have to make sure that network traffic going across the bridge(s) can be filtered. So... cat >> /etc/sysctl.conf <
Deterministic/reproducible builds (Was: Clarity on current status of Scientific Linux build)
On Wed, 2 Jul 2014, Brett Viren wrote: > To add, if deterministic builds were not possible it would mean this > could not exist: > > http://nixos.org/nix/ or that this website makes assertions not accurate There are timestamps and build IDs and more which, unless tinkered with, will mean that building ANY package at two different times will have (non-functional) differences that prevent an exact binary duplicate from ever existing. Similarly, with parallel threaded (-j N) build systems, a Makefile might comclude one time that sub-element FOO was done first, otehr times sub-element BAR, and so to traverse a build path in differing orders. Not anything invidious, but not 'identical' either -- Russ herrold