[CentOS] Frank Brodbeck ist außer Haus.
Ich werde ab 30.03.2010 nicht im Büro sein. Ich kehre zurück am 31.03.2010. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RE: Slightly OT: check creation of a group
grep medintux /etc/group || groupadd medintux or in a if operation: if [[ ! grep medintux /etc/group ]] then groupadd medintux fi Regards, Frank. Niki Kovacs cont...@kikinovak.net schrieb am 01.03.2010 17:03:46: Hi, I'm currently writing an install script for an application, and my already limited Bash skills are a bit rusty. I want to check if a group exists, and if it doesn't, then create it. Only thing I found is: if [ grep medintux /etc/group ]; then continue else groupadd medintux fi Apparently I can't seem to negate the test, e. g. something like if !(grep medintux /etc/group) Any suggestions for the correct syntax here ? Thanks, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Passwordless ssh
Gregory P. Ennis po...@pomec.net schrieb am 02.02.2010 04:27:52: #1. If you change anything in sshd_config you must restart sshd before your changes will become active. You can do this in the root account easily by entering : service sshd restart Wrong. While this is working on CentOS and probably other Redhat based distros this will certainly cause trouble on most Unix boxen. service sshd reload is what would be a good advice, because SIGHUP won't drop your current OpenSSH/SunSSH connection, so the possibility to lock out yourself is somewhat minimized. And as a side effect, this is the way a lot of daemons are working, e.g. apache's httpd. #2. If you are connecting from one account to another account in different machines you must have id_dsa.pub in /home/user/.ssh/authorized_keys file of the account you are connecting with. ie if you are logged on as root in one machine and you connect to another machine to the root account then id_dsa.pub of the original account has to be in /root/.ssh/authorized_keys of the machine you are connecting to. That's just half the truth. ssh simply looks for a default pub key file. And it doesn't have to be $HOME/.ssh/id_dsa.pub, as it is depending on your sshd_config. Nothing stops you to use a different keypair as long as you're having access to it - including the passphrase if neccessary. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Determine security updates
Hi, is there a way / software to find out which security patches my different CentOS systems are missing? Maybe with the according CESA announcement displayed? TIA, Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Determine security updates
Karanbir Singh mail-li...@karan.org schrieb am 19.01.2010 11:48:54: On 01/19/2010 10:32 AM, frank.brodb...@klingel.de wrote: is there a way / software to find out which security patches my different CentOS systems are missing? Maybe with the according CESA announcement displayed? I am working on a bit of code that would make something like this possible in the near future ( ~ a month or so ). However, till then I'd recommend going with just yum list and if you want, some mangling with yum-changelog will give you cve's and bz's. As this is something I'd be very interested in, is there a way I could help? If so feel free to contact me on or off list :-) Thanks, Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] UID GID Problems.....
Tom Bishop bisho...@gmail.com schrieb am 19.01.2010 15:53:52: So I downloaded the tar file, wget running as root (su -). Looking at the file permissions owner and group are root but when I untar the file the new directory and all of the files have the UID and GID set to 1000, which was another user and not the one that I logged in with. What do you mean by 'looking at the file permissions'? Do you mean the file permissions of the tarball or the files inside the tarball? Sometimes it can be helpful to provide the actual commands and it's output :-/ What Brian tries to tell you is that if untarring as root the file ownership and modes are preserved as displayed by e.g.: tar tf archive.tar HTH, Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] format level 3 prompt
Hi, I'd try this as a quickshot: find /etc /root /home -type f -exec grep -l PS3 {} \; than I'd take a closer look at the files that will show up. And I'd read bash(1) closely to learn which files are being read in which order and especially when. If all of the above doesn't lead me anywhere, I'd start poking around on a mailing list to see if somebody could explain me what's going on, but maybe that's just me. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: chroot question - can you help?
You don't have to chroot to install grub on a different disk. Please read grub-install(8). Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudoers file
vijay shanker vijay.s...@gmail.com schrieb am 29.10.2009 16:24:54: No Ross, This is the irony; i am working on the same machine. There is no network in between Install strace, then run sudo via strace and look which syscall is causing the hangs. As always the manpage is your friend. As a sidenote: I don't know if you're aware of it but allowing vi/vim via sudo gives you full access as the user (in your case root). This is true for all programms with the possibility to break out into a shell. You may want to read sudo(8) and sudoers(5) and watch out for noexec. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Change from Root
Les Mikesell lesmikes...@gmail.com schrieb am 27.10.2009 16:04:56: Victor Subervi wrote: What I was interested in doing was to make it impossible for root to login directly, but rather enable other users to login and then su to root. So I edited /etc/ssh/sshd_config to read: #PermitRootLogin no (It was the dir I didn't know.) It initially said yes, but it was and is commented. How is it that I then and still can login directly as root? Is reboot necessary? It's not going to have any effect unless you remove the # sign. You don't need to reboot, but do a 'service sshd restart'. Please, *don't* restart the service. If you fuck up your sshd_config and you have no OOB remote access you're lost. `service sshd reload' is something more recommendable as it doesn't drop your current SSH sessions. Just for the records: Another way would be to set PermitRootLogin to without-password and thus pinning it down to logins via ssh-keys only. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Antwort: Re: Change from Root
Les Mikesell lesmikes...@gmail.com schrieb am 27.10.2009 16:29:18: frank.brodb...@klingel.de wrote: Les Mikesell lesmikes...@gmail.com schrieb am 27.10.2009 16:04:56: Victor Subervi wrote: What I was interested in doing was to make it impossible for root to login directly, but rather enable other users to login and then su to root. So I edited /etc/ssh/sshd_config to read: #PermitRootLogin no (It was the dir I didn't know.) It initially said yes, but it was and is commented. How is it that I then and still can login directly as root? Is reboot necessary? It's not going to have any effect unless you remove the # sign. You don't need to reboot, but do a 'service sshd restart'. Please, *don't* restart the service. If you fuck up your sshd_config and you have no OOB remote access you're lost. `service sshd reload' is something more recommendable as it doesn't drop your current SSH sessions. I've done a restart without being dropped. Are you sure it is supposed to drop existing connections? See me baffled. It is at least what I was expecting and I think it happens on some distros. Though reading /etc/init.d/sshd clearly shows that calling stop isn't suppossed to kill all connections. Which is funny, at least I would expect a service sshd stop to drop all ssh sessions. Good to know I have to kill all sessions by hand if I want to kick people out... :-/ Anyways, SIGHUP normally is enough to make OpenSSH reread it's configuration file, which makes it safe to use across distros and even platforms but this is a different story. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: du vs df size difference
Robert Heller hel...@deepsoft.com schrieb am 01.10.2009 19:35:20: At Thu, 01 Oct 2009 10:13:26 -0400 CentOS mailing list centos@centos.org wrote: Peter Kjellstrom wrote: One possibility is that the missing data is hiding under a mount-point in the normal case. /Peter So what you're saying is something is mounted on to a directory that had data in it before the mount. How do I see the data being hidden without unmounting the point? You can't. You must unmount. You should be able to do this from single user mode if the file system cannot be unmounted under multiuser mode (eg /usr, /var, etc.). Usually other mount points can be unmounted, but depends on what is running on the system at the time. Unmounting /home would require that you kick all users off for example, unmounting /var/www would require stopping apache, etc. This is absolutely untested but it could work: mount / to /mnt and delete the data from there. Dig into mount(8) and test this somewhere outside the production area: --bind Remount a subtree somewhere else (so that its contents are available in both places). See above. But again, this is untested and nothing more but a wild guess. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dualboot CentOS and Windows
Hi, I have to install CentOS on a spare partition of a laptop with Windows pre installed. Is there anything I have to watch out for? Couldn't find anything in the wiki or does the installer handle this well without me doing some magic, or so? TIA, Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Dualboot CentOS and Windows
Frank Thommen frank.thom...@embl-heidelberg.de schrieb am 29.09.2009 16:11:05: I have to install CentOS on a spare partition of a laptop with Windows pre installed. Is there anything I have to watch out for? Couldn't find anything in the wiki or does the installer handle this well without me doing some magic, or so? The installer will handle this perfectly if you select the correct partition for your CentOS installation :-) usually, you need at least two partitions: one for / and one for swap. best is to setup first a small /boot partition. i'm sure somewhere there are some docs about it :) You can do that from within the installer...or just let the installer create a default layout. Actually I do know how to install CentOS, I just never had to do a multi boot setup ;-) So if the installer regocnizes the Windows installation and will configure grub appropriately I have all I need to know, but thanks anyway. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: logrotate and regular expressions
Hi, Sol Fulop sfu...@core101.com schrieb am 23.09.2009 17:33:32: I am trying to use logrotate to rotate our web logs for our various vhosted sites to cut down on space and rotate out old logs that are not necessary to keep around personally. What Im curious to find out, is how supported extended regular expressions is within the logrotate.conf file. Ok... logrotate(8) is unpleasantly unspecific about that, though from googling [1], and reading glob(3) I believe that globbing is available through (g)libc which logrotate is linked to: # ldd /usr/sbin/logrotate libpopt.so.0 = /usr/lib64/libpopt.so.0 (0x003c8c00) libselinux.so.1 = /lib64/libselinux.so.1 (0x003c8800) libc.so.6 = /lib64/libc.so.6 (0x003c8680) libdl.so.2 = /lib64/libdl.so.2 (0x003c8700) libsepol.so.1 = /lib64/libsepol.so.1 (0x003c87c0) /lib64/ld-linux-x86-64.so.2 (0x003c8640) So I guess you can use glob(7) (as stated in [1]). Frank. [1] http://www.mail-archive.com/kplug-l...@kernel-panic.org/msg10293.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Question about iostat output
Hi, Pascal Robert prob...@macti.ca schrieb am 21.09.2009 20:01:20: [r...@golgoth ~]# iostat I've learned that you must always ignore the first output of iostat but do something along the line of ``iostat 5'' and let it collect some data before even starting to care about it. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: bind dns help?
Hi, Roland Roland r_o_l_a_...@hotmail.com schrieb am 16.09.2009 11:10:05: I can browse to abcd.com I can browse to local.abcd.com but I cannot access public.abcd.com as the dns search for public under it's records and it cannot find it.. how can I solve this? changing the domain is in no way possible, as there's almost 200 virtual host setup in my local network.. so I need a quick solution for this.. any advice? This is just a quickshot as I don't feel like I fully understood your problem, but maybe we're lucky ;-) Can you browse/ping/resolve public.abcd.com.abcd.com? Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: bind dns help?
Roland Roland r_o_l_a_...@hotmail.com schrieb am 16.09.2009 12:01:34: I'll explain again... excuse my english.. 1. I can browse local virtual hosts normaly 2. I can browse abcd.com (my company's website, and is set also as my local network domain) 3. if go to public.abcd.com from outside my network (any public place) I can access that page normally. 4. if try browsing public.abcd.com from inside my network, I cannot as my local DNS search it's own records for public and obviously it wont find it. the reason such a thing is happening is due to the fact that abcd.com' is also set as our network's domain. so instead of forwarding requests to my ISP's dns to resolve public.abcd.com it simply search it's own records. First of all, I'm no DNS expert, keep that in mind when reading my answer ;-) This sounds like a split horizon setup for your DNS. If I understand you correctly, public.abcd.com is a webserver in your LAN/DMZ but publicly available? If so, and if the bind you inherited only answers to requests from your LAN you can just add public.abcd.com to your zone file. But as I mentioned before, be careful with this advice. If possible, test this with something not in production or wait for someone with more DNS experience than me. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: patching from different directory
Hi Carlos Santana neu...@gmail.com schrieb am 10.09.2009 20:04:02: Howdy, I have a diff file in my /var/tmp and would like to apply patch to a file in a different directory (other than /va/tmp). I tried using patch with -d switch, but that doesn't work. It complains abt 'patch: Can't open patch file tilda.diff : No such file or directory'. Do I need to copy my diff file to the directory where original file resides? Or is there any other way round? The exact command you executed would've been nice. -d should work and so it does for me (though this particular usecase is on an OpenBSD box). If you haven't already tried it do the following from anywhere on your system: patch -d /other/dir -i /var/tmp/tilda.diff -p0 I'm not sure if the order of the options matters, so you might have to consult patch(1). Please test the above patch command and report back as I'd say it is a bug if it doesn't work. If it didn't work please also post the full patch command and the output of head -5 /var/tmp/tilda.diff Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Kickstart help
Hi, Daniel Burkland d...@dburkland.com schrieb am 04.09.2009 02:16:31: # Create /usr/bin/yum-check and make it executable cat EOF10 /usr/bin/yum-check First of all, I don't think this is a kickstart problem, I think you'd have the same problem doing that on the console. Compare: # cat EOF10 echo $USER EOF10 echo root with # cat 'EOF10' echo $USER EOF10 echo $USER For details lookup Here documents in e.g. bash(1) Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: what is the best way to delete so many queue files?
Hi, nate cen...@linuxpowered.net schrieb am 31.08.2009 23:57:09: MontyRee wrote: What is the best way to delete fast without too much load? If you put /var on another file system you could: - go to single user mode - copy all files off of /var except those in the queue directory - re-format the file system - copy all the files back - go to multi user mode If there are a TON of files that could be much much faster than deleting them individually. otherwise: find /var/spool/clientmqueue -type f -exec rm -f {} \; You probably want to do find /var/spool/clientmqueue -type f -exec rm -f {} \+ to reduce your load or if your find(1) isn't POSIX compliant: find /var/spool/clientmqueue -type f -print0 | xargs -0 rm -f If the load is of a problem use nice(1). Though I thought sendmail brings a way on its own to delete messages from the queue, which I would then prefer to use. Another option I've never tried passing two commands to find at the same time, but assuming doing that is not possible you could create a script that calls rm -f and sleeps a second in between each file deletion - You can't give 2 commands to find's -exec and [na...@us-cfe002:/tmp]$ cat test.sh #!/bin/bash rm -fv $1 echo Sleeping 1 second sleep 1 I strongly recommend mounting /tmp as nosuid,nodev *and* noexec, especially on a server. HTH, Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Strange connectivity problem from linux.
Les Mikesell lesmikes...@gmail.com schrieb am 27.08.2009 20:53:14: I'd assume that 'telnet hostname 443' is intended to be a test for an https web service - which should in fact not permit a connection without ssl encryption. The linux version of telnet probably tries to do some options negotiations before it says it is connected and perhaps the windows version doesn't. A better test would be wget https://adp.eease.com Just for completeness, s_client(1) would be an alternative for testing purposes, too. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: thinkpad x200 wireless LAN
Hi Roger, Roger K. Wells roger.k.we...@saic.com schrieb am 27.08.2009 14:26:17: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6 GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag' It means that you have gpgcheck enabled but the key to verify the packages' signature is missing. Go check yum.conf(5) and do a little research on how to properly configure the rpmforge repository (IIRC they have a RPM you can install which will do the magic) Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: How to clone CentOS server ?
Hi Kai Schaetzl mailli...@conactive.com schrieb am 26.08.2009 13:31:22: Ivan Varbanov wrote on Wed, 26 Aug 2009 14:10:27 +0300: It will not work if the drives are in raid Don't know if that is really true ... Anyway: Install a minimal system and then rsync everything over. I always prefer dump(8) and restore(8) via nc(1). All those programs are available from a CentOS boot cd. But be aware that this makes a full clone with all the possible crap and leftovers which might be hanging around on your system. So I tend to do an appropriate install of the new machine, and selectively copy configuration files and the data I know I want and install the packages I need. Yes, it's a bit more work than just cloning, but also a good opportunity to get rid of old ballast. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Antwort: Yum update from repo server
Morrien, Rob rob.morr...@eds.com schrieb am 26.08.2009 15:30:10: I did' an test , using the yum.repoes files from the new initialled systems which are working, I' copied those to the upgraded systems and there they are not working. Still the url problem Can you share the error message from yum with us? Have you looked at the logs of your provisioning software? Have you tried to do *) telnet your.reposerver.tld 80 and *) curl -O your.reposerver.tld/yourpackage.rpm Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: Antwort: Yum update from repo server
Johnny Hughes joh...@centos.org schrieb am 26.08.2009 15:56:08: Karanbir Singh wrote: On 08/26/2009 02:25 PM, frank.brodb...@klingel.de wrote: Nice... same problem here. yum upgrade probably sets a new /etc/yum.repos.d/CentOS-Base.repo in place, That should not happen, if you have edited or changes the .repo file yourself. A yum update should leave you with a .rpmnew file to handle as you wish. If this is not the case, and you have a situation where the .repo file is being replaced by the yum update - please file an issue report at bugs.centos.org. The only place where this might be acceptable is if you have a yum plugin like mergeconf that is trying to but failing at doing the right thing. An issue report for that, if that is indeed the case. One important thing is NOT to change the NAME of the .repo file ... Or, if you do change the name, make sure that you put a CentOS-Base.repo file there so that a new one is not placed in your yum.repos.d directory (as KB said, if there is a modified file, it will not be replaced ... if there is no file with that name, a new one will be put there). Boy, now that's kinda embarrasing. While provisioning I really do mv the CentOS-Base.repo out of the way, no wonder a new .repo showed up after my upgrade. Sorry for the noise. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos