Hello Rudi
On 18 Oct 2003 at 11:23, Rudi Starcevic wrote:
Is there anyway to resistict a non-root user's shell account ?
For example once he/she is logged in is there any way to deny, say,
reading the /etc/passwd file ?
We have a set-up that uses rbash. The client gets rbash as a
login
Hello Rudi
On 21 Oct 2003 at 22:58, Rudi Starcevic wrote:
Though I'd post something I found on the net about rbash.
I haven't tested it yet.
[quote]
But it's possible to get out from this chroot.
woockie_at_twoflower:~$ cd ..
rbash: cd: restricted
woockie_at_twoflower:~$ vi foo
Hello Rudi
On 18 Oct 2003 at 11:23, Rudi Starcevic wrote:
Is there anyway to resistict a non-root user's shell account ?
For example once he/she is logged in is there any way to deny, say,
reading the /etc/passwd file ?
We have a set-up that uses rbash. The client gets rbash as a
login
Hello Rudi
On 21 Oct 2003 at 22:58, Rudi Starcevic wrote:
Though I'd post something I found on the net about rbash.
I haven't tested it yet.
[quote]
But it's possible to get out from this chroot.
woockie_at_twoflower:~$ cd ..
rbash: cd: restricted
woockie_at_twoflower:~$ vi foo
Hi All
I am looking that the posibility sharing traffic through two pppoe
conections without chanel bundling.
I want to use a linux box as a NAT router, but the outgoing ip's must
be shared in round-robin fashion between two ppp interfaces.
Obviously each tcp connection will be linked to one
Hi All
I am looking that the posibility sharing traffic through two pppoe
conections without chanel bundling.
I want to use a linux box as a NAT router, but the outgoing ip's must
be shared in round-robin fashion between two ppp interfaces.
Obviously each tcp connection will be linked to one
Hello All
To those who may be interested. I have released an update to my
pyscan antivirus filter. It is available from
http://www.zsd.co.za/~ian/software/pyscan
This release is a bug fix release which sorts out a few outstanding
issues.
Pyscan is a filter system written in python. It
On 5 May 2003 at 16:11, Emmanuel Lacour wrote:
On Mon, May 05, 2003 at 03:27:32PM +0200, Gregory Machin wrote:
where does debian launch exim from cause when i telnet in exim is running
but not visable under ps -ef ??
Because by default, exim is running in standalone under debian. Just run
Hello Russell
On 18 Apr 2003 at 17:26, Russell Coker wrote:
On Thu, 17 Apr 2003 18:48, I. Forbes wrote:
Do you think there would be any benefit gained from burning in a
new drive, perhaps by running fsck -c -c, in order to find marginal
blocks and get them mapped out before the drive
Hello Russell
On 15 Apr 2003 at 20:21, Russell Coker wrote:
If you do a write and something goes wrong then the data will be re-mapped.
I
don't know how many (if any) drives do read after write verification. If
they don't then it's likely that an error will only be discovered some time
Hello All
I have had a number of cases with disk's reporting as failed on
systems with IDE drives in software RAID 1 configuration.
I suppose the good news is you can change the drive with minimal
downtime and no loss of data. But some of my customers are
querying the apparent high failure
Hello Dustin
On 2 Apr 2003 at 8:07, Dustin Douglas wrote:
I don't know of anything that does everything that you want, but a
good starting point might be the apache suexec docs. For apache 1.3.x
they can be found at http://httpd.apache.org/docs/suexec.html
Implementing the desired
Hello Dustin
On 2 Apr 2003 at 8:07, Dustin Douglas wrote:
I don't know of anything that does everything that you want, but a
good starting point might be the apache suexec docs. For apache 1.3.x
they can be found at http://httpd.apache.org/docs/suexec.html
Implementing the desired
Hi All
I have been playing with scripts to implement some intranet
functions via a webrowser cgi interface.
However I quicky run into a problem with all cgi scripts running with
a single uid/gid (normally that of the apache server). To make things
work, I must give the httpd server user more
Hi All
I have been playing with scripts to implement some intranet
functions via a webrowser cgi interface.
However I quicky run into a problem with all cgi scripts running with
a single uid/gid (normally that of the apache server). To make things
work, I must give the httpd server user more
Hello All
I have put together an antivirus filter for use with Exim.
The filter is written in Python, and it works by examining Mime
headers in e-mail messages. It does not make use of a pattern
database. You could describe it as an upgrade to the antivirus Exim
system filter published on the
Hello debian-isp
On 27 Feb 2003 at 12:10, debian-isp wrote:
I have the task of setting up a mailserver capabel of sending 400 000
mail in a max time of 12 hours. All mails have an attachment of 1 mb.
The system should be a mailer for a newsletter system. As I made quite
a couple of things
Hello debian-isp
On 27 Feb 2003 at 12:10, debian-isp wrote:
I have the task of setting up a mailserver capabel of sending 400 000
mail in a max time of 12 hours. All mails have an attachment of 1 mb.
The system should be a mailer for a newsletter system. As I made quite
a couple of things
Hello Kirk
On 25 Feb 2003 at 14:08, Kirk Ismay wrote:
Finally, one thing I've been considering is to use SQL-Ledger
(http://www.sql-ledger.org/) as a core accounting system and re-write my
recurring billing and provisioning programms as add on modules. I can't
promise that I'd be able to do
Hello Russell
On 21 Jan 2003 at 11:30, Russell Coker wrote:
There was a bug in 2.2.x kernels which could cause a kernel panic if you
swaped on a RAID device that was re-syncing. AFAIK 2.4.x had it fixed long
ago. So if you are running a 2.4.x kernel you can just edit the shell script
Hello All
I have picked up a problem with my servers running potato + raid 1
mirror drives.
The problem is as follows:
- raid gets out of sync for some reason,
- server gets rebooted,
- raid re-sync process starts automatically on boot,
- start-up scripts look for and detect
Hello All
We have about a dozen production machines running software RAID1 with
IDE drives. We have experience going back about year now and we have
had a number of raid drive failures in that time.
Good points:
- If a drive fails, the machine carries on running and you can sort
it out the
Hello Russell
On 28 Nov 2002 at 13:52, Russell Coker wrote:
On Thu, 28 Nov 2002 13:15, I. Forbes wrote:
- If you have a glitch on a drive the raid will mark the partition
as defective possibly when there is no permanent damage. You have to
reboot the server before you can attempt
Hello All
The latest bind fiasco seems a bit of a mess:
I only hope that these packages will plug the holes:
These problems have been fixed in version 8.3.3-2.0woody1 for the current
stable distribution (woody), in 8.2.3-0.potato.3 for the previous stable
distribution (potato) and in version
Hello All
The latest bind fiasco seems a bit of a mess:
I only hope that these packages will plug the holes:
These problems have been fixed in version 8.3.3-2.0woody1 for the current
stable distribution (woody), in 8.2.3-0.potato.3 for the previous stable
distribution (potato) and in version
Hi Joey
With regards to your Debian Security Survey
(http://lists.debian.org/debian-devel-announce/2002/debian-devel-
announce-200211/msg1.html).
Thank you for giving us the opportunity to listen to our feedback on
the issue of security updates for Potato.
We are a small ISP, but we have
Hi Joey
With regards to your Debian Security Survey
(http://lists.debian.org/debian-devel-announce/2002/debian-devel-
announce-200211/msg1.html).
Thank you for giving us the opportunity to listen to our feedback on
the issue of security updates for Potato.
We are a small ISP, but we have
Hello All
I am looking for a means to audit our DNS zone files.
Particularly I need something that checks that their are still
upstream NS records pointing to our server for each domain that we
host. Also I would like to check that our NS records point to valid
name servers (particularly with
Hello All
I am looking for a means to audit our DNS zone files.
Particularly I need something that checks that their are still
upstream NS records pointing to our server for each domain that we
host. Also I would like to check that our NS records point to valid
name servers (particularly with
Hello Jason
On 3 Sep 2002 at 6:49, Jason Lim wrote:
Lots of email... lots of mailing lists... i imagine that compressing
emails (of which i get maybe 50-100 each day... a chunk of that is spam,
but nonetheless it uses bandwidth) would yield very high compression
rates.
We use uucp mail for
Hello Christian
On 28 Aug 2002 at 0:39, Christian Hammers wrote:
On Wed, Aug 21, 2002 at 04:14:09PM +1000, Craig Sanders wrote:
I have a big size file about 33G in /home directory !!! and i wanna
backup this file into tape device
Why tape, buy a ATA (IDE) RAID controller that
Hello Bernie
On 23 Aug 2002 at 10:06, Bernie Berg wrote:
Hi, I have a project that could potentialy have 85 webcams. The easy
thing to do would be to use an Axis network camera and just link to its
own webserver from my linux web server (or whatever). But these run
about 300 bucks,
Hello Bernie
On 26 Aug 2002 at 9:56, Bernie Berg wrote:
I have tested two Dexxa webcams (compatible with Logitec Quickcam
Express), on the same USB bus. I set it up to take alternating snap
shots from each camera. This works well and could be expanded to more
camera's.
That should
Hello rj
On 4 Jul 2002 at 18:55, rj wrote:
What is the best way to delegate some root privileges for a user
which could only create e-mail accounts and make newaliases?
I have written a bunch of scripts in Python, that use the super
utility to give effective root access to certain users
Hello rj
On 4 Jul 2002 at 18:55, rj wrote:
What is the best way to delegate some root privileges for a user
which could only create e-mail accounts and make newaliases?
I have written a bunch of scripts in Python, that use the super
utility to give effective root access to certain users for
Hello Andrew
On 4 Mar 2002, at 14:06, Andrew Tait wrote:
Every so often we have spammers hammering our mail servers (running Exim)
attempting to relay messages. They fail of course, however they sit there,
some times for several weeks, attempting e-mail address after e-mail
address.
Are
Hello Russell
Yes it was nr-spare-disks 1
I just cut and copied setup from another machine and edited to
illustrate my message. I missed the spare disks. :-(
At least raidtools2 shouts very quickly when you do that (I know!).
Thanks
Ian
On 27 Feb 2002, at 15:14, Russell Coker wrote:
Hello Russell
Yes it was nr-spare-disks 1
I just cut and copied setup from another machine and edited to
illustrate my message. I missed the spare disks. :-(
At least raidtools2 shouts very quickly when you do that (I know!).
Thanks
Ian
On 27 Feb 2002, at 15:14, Russell Coker wrote:
Hello Russell
Thanks for your comments.
On 26 Feb 2002, at 11:32, Russell Coker wrote:
2) Then I had endless problems with raid1. It seems that the
failed-disk directive in /etc/raidtab does not work. I think
it has something to do with devfs - which is compiled into the
Hello Russell
Thanks for your comments.
On 26 Feb 2002, at 11:32, Russell Coker wrote:
2) Then I had endless problems with raid1. It seems that the
failed-disk directive in /etc/raidtab does not work. I think
it has something to do with devfs - which is compiled into the
Hi All
I have just spent many hours trying to setup raid1 on a machine with
an hpt366/htp370 ide chipset.
The machine has 3 ide hard drives as raid 1 + 1 hot spare, and a
CD Rom, each device has its own IDE interface.
The chipset has 4 ide ports and is supported on kernel 2.4. The
chipset
Hi All
I have just spent many hours trying to setup raid1 on a machine with
an hpt366/htp370 ide chipset.
The machine has 3 ide hard drives as raid 1 + 1 hot spare, and a
CD Rom, each device has its own IDE interface.
The chipset has 4 ide ports and is supported on kernel 2.4. The
chipset
Hello Craig
On 19 Feb 2002, at 10:38, Craig Sanders wrote:
i'd love to convert it over to Maildir/ but haven't yet found any way
that doesn't involve many hours of downtime while converting the
mailboxes from mbox format to Maildir.
I did this a while back. It is possible with very little
Hello Jeremy
On 14 Feb 2002, at 9:14, Jeremy C. Reed wrote:
old server directly to the new one. I have tried ipmasqadm --
portfw but there is no masquerading involved and it does not work.
Does not work? (Show us.)
This machine has two network cards, one with masquerading onto
a
Hello Jeremy
On 14 Feb 2002, at 9:14, Jeremy C. Reed wrote:
old server directly to the new one. I have tried ipmasqadm --
portfw but there is no masquerading involved and it does not work.
Does not work? (Show us.)
This machine has two network cards, one with masquerading onto
a
Hello All
I have an old e-mail server that is still accepting e-mail for some
domains. The MX records for these domains are controlled by
other parties and getting them changed would be a bit of a mission.
At the moment this server forwards all e-mail to my new e-mail
server. However in
Hello All
I have an old e-mail server that is still accepting e-mail for some
domains. The MX records for these domains are controlled by
other parties and getting them changed would be a bit of a mission.
At the moment this server forwards all e-mail to my new e-mail
server. However in the
Hello Andreas
It should be possible. I upgraded a number machines from slink to
potato - remotely but I have not started on remote potato to woody
upgrades yet. If helps if you have practised on a local machine.
I suggest you take a few precautions:
- use apt-get -d to download
surely is not in
the default kernel...
-Ursprüngliche Nachricht-
Von: Donovan Baarda [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 5. Februar 2002 14:08
An: I. Forbes
Cc: Andreas Rabus; [EMAIL PROTECTED]
Betreff: Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 11:52:49AM
Hello Andreas
It should be possible. I upgraded a number machines from slink to
potato - remotely but I have not started on remote potato to woody
upgrades yet. If helps if you have practised on a local machine.
I suggest you take a few precautions:
- use apt-get -d to download everything
surely is not in
the default kernel...
-Ursprüngliche Nachricht-
Von: Donovan Baarda [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 5. Februar 2002 14:08
An: I. Forbes
Cc: Andreas Rabus; debian-isp@lists.debian.org
Betreff: Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 11
Hello Oliver
On 2 Feb 2002, at 12:33, Oliver Andrich wrote:
I have to deal in the near future with a lot of Debian machines, that I will
setup and configure for two customers. I like to develop or use some mechanism
for mass installation of these machines, and for easily setting up a spare
Hello Oliver
On 2 Feb 2002, at 12:33, Oliver Andrich wrote:
I have to deal in the near future with a lot of Debian machines, that I will
setup and configure for two customers. I like to develop or use some mechanism
for mass installation of these machines, and for easily setting up a spare
Hello Russell
On 30 Jan 2002, at 9:08, Russell Coker wrote:
On Tue, 29 Jan 2002 22:43, I. Forbes wrote:
1) has anybody got a 'deb' of the latest lilo, back-ported onto
potato. I am looking for one to use on my stable machines?
http://www.coker.com.au/lilo/
Thanks very much
Hello Russell
On 31 Jan 2002, at 2:08, Russell Coker wrote:
On Wed, 30 Jan 2002 22:55, I. Forbes wrote:
1) has anybody got a 'deb' of the latest lilo, back-ported onto
potato. I am looking for one to use on my stable machines?
http://www.coker.com.au/lilo/
Thanks very
the machines that can be conveniently rebooted are running
woody )
Regards
Ian
On 31 Jan 2002, at 16:59, Russell Coker wrote:
On Thu, 31 Jan 2002 04:06, I. Forbes wrote:
1) has anybody got a 'deb' of the latest lilo, back-ported onto
potato. I am looking for one to use on my
Hello All
As a follow-up to the closest to debian thread.
I am using software raid 1, + IDE drives.
On a woody system with the latest lilo and a new bios it seems
pretty good. The bios will boot off the 2nd drive if the first one fails.
Both disks have an MBR and lilo is on both disks via
Hello All
I am not sure that I understand what the original poster wishes to
achieve, nor have I followed the lengthy discussions that ensued.
But, a thread with the above subject line would not be complete
without a mention of mirrordir.
Someone wrote:
Sigh... and I was hoping for a
Hello All
I am not sure that I understand what the original poster wishes to
achieve, nor have I followed the lengthy discussions that ensued.
But, a thread with the above subject line would not be complete
without a mention of mirrordir.
Someone wrote:
Sigh... and I was hoping for a
Hello Paul
On 6 Nov 2001, at 15:19, Paul Fleischer wrote:
I would either go with ext3 (which even is ext2 compatible AFAIK) or
XFS. They really seem to be the most stable. Reiser is not bad, but I
have had some terrible experiences with it - however, I do still use it,
it is nice, but IMHO
Hello All
I am looking at moving some of our potato based production
servers onto woody, and at the same time upgrading onto a
journaling FS.
I need the FS to meet the following in order of importance:
- MUST BE STABLE (our income depends on uptime!)
- Must be supported in woody,
Hello Russell
On 15 Oct 2001, at 17:58, Russell Coker wrote:
On Mon, 15 Oct 2001 11:18, I. Forbes wrote:
Perhaps the same or a similar configuration file could tell portslave
how to handle incoming calls detected by the modem as being
voice or fax as opposed to data calls.
Sure, I
Hello Russell
On 15 Oct 2001, at 17:58, Russell Coker wrote:
On Mon, 15 Oct 2001 11:18, I. Forbes wrote:
Perhaps the same or a similar configuration file could tell portslave
how to handle incoming calls detected by the modem as being
voice or fax as opposed to data calls.
Sure, I
Hello Russell
On 13 Oct 2001, at 19:14, Russell Coker wrote:
I have been thinking of implementing a way of telling Portslave to pass the
port to another program to allow minicom or a FAX transmission to take the
port.
I think the answer lies in by-passing radius. If we had a facility
Hello Russell
On 13 Oct 2001, at 19:14, Russell Coker wrote:
I have been thinking of implementing a way of telling Portslave to pass the
port to another program to allow minicom or a FAX transmission to take the
port.
I think the answer lies in by-passing radius. If we had a facility
Hello Russell
I have just tried this on my potato test system. I installed the deb
over my old version. I let the install script update my existing
plave.conf file but I did not change anything else. The kernel is
version 2.2.19
I works fine!
Thanks
Ian
On 9 Oct 2001, at 21:13,
Hello Russell
I have just tried this on my potato test system. I installed the deb
over my old version. I let the install script update my existing
plave.conf file but I did not change anything else. The kernel is
version 2.2.19
I works fine!
Thanks
Ian
On 9 Oct 2001, at 21:13,
Hello Russell
On 9 Oct 2001, at 0:02, Russell Coker wrote:
On Mon, 8 Oct 2001 16:36, I. Forbes wrote:
The versions before 2001-06-20 all sucked in various ways. It was only in
the 2001-06-20 version that I really got the source under control.
Do you know of a potato deb
Hello Russell
On 9 Oct 2001, at 0:02, Russell Coker wrote:
On Mon, 8 Oct 2001 16:36, I. Forbes wrote:
The versions before 2001-06-20 all sucked in various ways. It was only in
the 2001-06-20 version that I really got the source under control.
Do you know of a potato deb for the latest
Hello Russell
I am busy testing a portslave server to replace my old ancient
Cyclades-Y based terminal server.
The old one ran mgetty and a pppd patched for radius
authentication via the radius client library. The patches have not
been updated since pppd version 2.2 and the old machine
Hello Martin
On 28 Aug 2001, at 12:50, Martin WHEELER wrote:
2001-08-28 12:14:52 15bhjt-SE-00 Neither the system_aliases
director nor the address_pipe transport set a uid for local
delivery of |/var/lib/mailman/mail/wrapper post listname-l
Look in exim.conf for a block similar to this
Hello All
I have a quick question, but I am not sure that there is a quick
answer.
We run one DNS server as a caching DNS server. All DNS
queries from our site are forwarded to this server. It does not host
any primary or secondary zones and resolves all of its queries
from root servers.
Hello Duane
On 27 Mar 2001, at 21:58, Duane Powers wrote:
I don't know if anyone has the details on redhat's kickstart
program, and whether that is something that could be ported to
debian... Any suggestions?
At the moment we do the following:
- base install (3 floppies + base.tgz from
Hello Duane
On 27 Mar 2001, at 21:58, Duane Powers wrote:
I don't know if anyone has the details on redhat's kickstart
program, and whether that is something that could be ported to
debian... Any suggestions?
At the moment we do the following:
- base install (3 floppies + base.tgz from
Hello All
I wonder if anybody has seen something like this before.
We have a web server running apache which used to serve a dual
purpose as a proxy cache server. The proxy cache has long since
been replaced by a box running squid.
However instead of removing all of the "proxy" directives
Hello All
I wonder if anybody has seen something like this before.
We have a web server running apache which used to serve a dual
purpose as a proxy cache server. The proxy cache has long since
been replaced by a box running squid.
However instead of removing all of the proxy directives
Hello Jeff
I tried it, and I can answer my own question ...
On 9 Mar 2001, at 23:26, Jeff Waugh wrote:
quote who=I. Forbes
I was looking at the unstable debian package for Courier,
courier_0.31.1-2.dsc.
What chances are there to get this to compile on potato, or should I
just
Hello Jeff
I tried it, and I can answer my own question ...
On 9 Mar 2001, at 23:26, Jeff Waugh wrote:
quote who="I. Forbes"
I was looking at the unstable debian package for Courier,
courier_0.31.1-2.dsc.
What chances are there to get this to compile on potato, o
Hello All
As as follow up to recent discussions on compiling debs on old
releases:
I am running the latest Courier IMAP + POP3 on Potato. I am also
planning on installing Sqwebmail (which I have managed to
compile). But all of this is compiled from source and installed under
Hello Russell
On 6 Mar 2001, at 8:09, Russell Coker wrote:
Isn't there a security update for that?
There is, but the update has not been released for slink, just potato,
thats why I needed to recompile it.
The compilation bombs out with the following message:
make[3]: Entering
Hello Russell
On 6 Mar 2001, at 8:09, Russell Coker wrote:
Isn't there a security update for that?
There is, but the update has not been released for slink, just potato,
thats why I needed to recompile it.
The compilation bombs out with the following message:
make[3]: Entering
Hello All
I am trying to compile the latest "bind" on a slink system.
(It is a production system that I don't wish to upgrade right now, and
I am also not happy running the old vulnerable version ...)
The compilation bombs out with the following message:
make[3]: Entering directory
Hello All
I am trying to compile the latest bind on a slink system.
(It is a production system that I don't wish to upgrade right now, and
I am also not happy running the old vulnerable version ...)
The compilation bombs out with the following message:
make[3]: Entering directory
Hello All
I am considering deploying Reiser FS on partitions in a couple of
our productions servers. These servers run Debian "potato",
currently with 2.2.17 kernels. These systems are in production and
running sweetly, and I would like to change as little as possible.
I plan on using the
Hello Piet
On 1 Dec 2000, at 13:29, Piet Knoester wrote:
A reboot of the linux router gives the windows98-pc again exactly
one possible activation of the dial-on-demand function on it.
I have struggled for a week now and also taken another Compaq and
thus a new install but same
Hello All
Tunnelv is a userland package that works via the ethertap device. It
is quite neat and totally secure.
But it has a bug that conflicts with diald. Diald will also use the
ethertap device if the kernel supports it. The bug is that both
packages insist on using the first device
Hello All
Tunnelv is a userland package that works via the ethertap device. It
is quite neat and totally secure.
But it has a bug that conflicts with diald. Diald will also use the
ethertap device if the kernel supports it. The bug is that both
packages insist on using the first device
? I think I will try
that one next.
Regards
Ian
On 14 Sep 2000, at 13:25, Werner Fleck wrote:
May be it's a problem of diald -- I have a production system with three
simultaneous tunnel vision vpns running on tap0, tap1 and tap2.
Werner
-Original Message-
From: I. Forbes
Hello All
Has anybody get experience with and/or suggestions for mail
archiving software.
I want copies of all mail arriving at certain addresses (sales, info,
abuse etc) to be fed into an archive. Ideally it should have the
following features:
- The archive should be accessible by a web
Hello All
There is definitately some scope for development in this area.
Debian is one of the best distro's to maintain but it is one of the
worst to install. These advantages and disadvantages are
multiplied when you have many machines to maintain.
On 17 May 00, at 21:55, Karl M. Hegbloom
Hello All
I am looking at drawing up a policy for some of our local machines
and also client machines that we administer. Certain grades of
users will be made members of groups with specific privileges.
Then I can tweak things so that member of those groups have
access to things like read
Hello All
On 29 Mar 00, at 16:20, Smoerk wrote:
You know the web-enabled administration software used by Colbat servers?
I was wondering if anything for Linux (and hopefully debanized) was
similar?
Maybe Webmin (www.webmin.com)?
But why don't you write some scripts, which setup a
Hello All
A professional spammer is using a forged From: header line
which quotes a non existant address at one of our domains. Every
spam he sends to a bad address gets bounced to us. We are
running qmail, which by default, accepts these bounces then
handles them as double bounces.
To
93 matches
Mail list logo
