GrNotify is dead
Hi, I package GrNotify but the project is dead. I have reported some bug to upstream and I have proposed some patch but no new release since 9 months. I think remove it from Fedora but I don't know any replacement solution. That do you think about this ? -- Jabber/Gtalk : llaum...@gmail.com -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
Re: Pam configuration with ldap root user
I'm not very clear what you mean by accept connection from a user with uidgid = 0. You'd have to do something on purpose to lock root (uid=0) out of the system. Let me explain more ! On my systems, all root account are local (as all the default installation of every distrib do - infos are stored in /etc/passwd, /etc/shadows, and in /etc/groups.) For my company i setup a ldap directory to have a centralized administrations for the accounts. I'm able to connect on every workstation without any unprivileged user and home folder, default shell, groups or any user extended properties are read without any problem. Now the next step is to have a centralized root account. I create it in the directory, like a standard user but with the special uid gid attribute set to 0. And as i wrote before on this list, this user is i unable to connect to any fedora station while the pam config is not changed (see my precedent post). The purpose of this mail, is to speak about the potentially security weakness of this setup -specially the modification of PAM- and what can be the effect of such modification. Maybe this is not the right ML to post and if you think so, i'll search elsewhere for my answer :-D I'll try to share my limited understanding of PAM. auth merely establishes the user identity -is he who he claims to be? Ok with that The line auth requisite pam_succeed_if.so uid = 500 quiet is not to permit login, but rather to establish a user's identity; to be precise, a user whose id is not that of a system account. And if it's fail as pam man said (http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html) the status is set to failed if any other module failed, or control is return to application... based on the line auth required pam_deny.so The users whose IDs are listed in this block can be denied accesss (pam_deny.so) if their identity is not properly confirmed. Ok, so base on the previous item and the pam manual :) If the pam_succeed_if failed because my user use an uid 500 so the pam_deny module will issue a failure and block the auth phase. Later, these lines account sufficient pam_succeed_if.so uid 500 quiet account required pam_permit.so translate into are you root or a system account? no problem! go right ahead!; otherwise, some checks will run to further qualify the incoming user. You are a system account (uid lower than 500) then account is permit to login. But what is the purpose of account required pam_permit.so ? it always permit login no ? Thanks for your time ! :) -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Pam configuration with ldap root user
hi everyone, I hope someone can help me on this... I modify the pam configuration today to accept connection from a user with uidgid = 0. In /etc/pam.d/system-auth previously have this lines : ### authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so ### and i modify the auth part to : authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authsufficient pam_succeed_if.so uid = 0 authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass authrequired pam_deny.so I'm not sure about the consequences of this modifications. But tell me if i'm wrong, but a) the 3rd line auth sufficient pam_succeed_if.so uid = 0 permit user with uid lower than 0 to authenticate against the system and log it b) the 4th line permit login to user with uid more than 500. do not log it AND if any of other auth method have failed it return it to the pgm making the call to pam. right ? Thanks for your help. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
mv and exlude list
Hi, maybe some scripting genius gonna help me :D I need to move some file from one directory to other with some exclusions. Ex: move files from /data/product/ to /data/archives/2005 while the *.dat file/dirs stay in the right place. $mv /data/product/* !(/data/product/*.dat) /data/archives/2005 If you have a solution, please tell me :) Thanks for your time. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mv and exlude list
ok thank's for your help i'm gonna test this asap. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Problem configuring ldapphpadmin fedora directory server
Hi,
I setup a new Fedora Directory Server (v1.1.3-6) on fedora 10. And then, I
install ldapphpadmin (v1.1.0.5-2) to create new entry/populate the database.
But here is the problem. Each time i try to connect to ldapphpadmin, I can't
! Because the username/password does not exist. Except if i bind
anonymously. And then I can see default entries, except the cn=Directory
manager user specified at the init of the directory srver.
I think this issue is related to the netscape root used by FDS (but im not
sure).
Maybe i have to change the base DN used by PLA to match it to the core
netscapeDN.
Below are the config files used on this installation. Maybe someonce have an
idea about this issue and my own config.
/etc/phpldapadmin/config.php#
$config-custom-session['blowfish'] = '8276d3d6bbb59656fc600b8d7f324788';
# Autogenerated for auth.local
$i=0;
$ldapservers = new LDAPServers;
$ldapservers-SetValue($i,'server','name','[auth.local]');
$ldapservers-SetValue($i,'server','host','127.0.0.1');
$ldapservers-SetValue($i,'server','port','389');
$ldapservers-SetValue($i,'server','base',array('dc=local'));
$ldapservers-SetValue($i,'server','auth_type','session');
$ldapservers-SetValue($i,'server','sasl_mech','CRAM-MD5');
$ldapservers-SetValue($i,'appearance','password_hash','md5');
$ldapservers-SetValue($i,'login','attr','uid');
#
Thanks for your help.
--
Guillaume
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ssh-agent startup
2008/12/29 Aldo Foot luni...@gmail.com On Fri, Dec 26, 2008 at 4:41 AM, Guillaume guillaume.char...@gmail.com wrote: Hi, For now, when I want to use ssh-agent, i have to open a shell, and then use this command 'ssh-agent /bin/bash' to be able to use the ssh-agent fonctionnality. I would like to know if there is a tip to start ssh-agent at user login. Like editing /etc/passwd an adding in the shell field /usr/bin/ssh-agent /bin/bash like that : ***/etc/passwd*** user:x:500:500::/home/user:/usr/bin/ssh-agent /bin/bash And by the way avoiding multi nested bash execution, avoid user to type this command or multiple edit/modify of .bashrc of all my users. thanks for your help. -- Guillaume Boot the system in Run Level 3. After you login in text mode run $ ssh-agent `exec startx` The dollar sign is the user prompt. Use backticks. This makes the agent available to the entire user environment. Load your keys and you're good to go. ~af Thanks for your reply, but my system does not use any graphical interface. So, i have to find a way to run a bash session aware of ssh-agent. The previous tips from Anne is ok, but when user disconnect their session, the sshagent process is not killed. Now, i need to find a global config file equivalent of bash_logout by this way i'll be able to set a command like ssh-agent -k to all my users. Without editiing each ~/.bash_logout. But if i don't find i will create a small script to add a line like this automaticaly. Happy new year :-D -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
ssh-agent startup
Hi, For now, when I want to use ssh-agent, i have to open a shell, and then use this command 'ssh-agent /bin/bash' to be able to use the ssh-agent fonctionnality. I would like to know if there is a tip to start ssh-agent at user login. Like editing /etc/passwd an adding in the shell field /usr/bin/ssh-agent /bin/bash like that : ***/etc/passwd*** user:x:500:500::/home/user:/usr/bin/ssh-agent /bin/bash And by the way avoiding multi nested bash execution, avoid user to type this command or multiple edit/modify of .bashrc of all my users. thanks for your help. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ssh-agent startup
Thank you, this seems to works too with ssh-agent. But after user disconnection, there is still gpg-agent daemon running in background. I read on some forum I have to add some lines in ~/.bash_logout to end pgp-agent process running. Is there a global bash_logout like /etc/profile ? 2008/12/26 Anne Wilson an...@kde.org On Friday 26 December 2008 12:41:30 Guillaume wrote: Hi, For now, when I want to use ssh-agent, i have to open a shell, and then use this command 'ssh-agent /bin/bash' to be able to use the ssh-agent fonctionnality. I would like to know if there is a tip to start ssh-agent at user login. Like editing /etc/passwd an adding in the shell field /usr/bin/ssh-agent /bin/bash like that : ***/etc/passwd*** user:x:500:500::/home/user:/usr/bin/ssh-agent /bin/bash And by the way avoiding multi nested bash execution, avoid user to type this command or multiple edit/modify of .bashrc of all my users. thanks for your help. Add 'eval $(gpg-agent --daemon) ' to your ~/.bashrc or .bash_profile As far as I know it will work from either Anne -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
mail command and html
hi, I would like to send a html mail from console with the `mail` utility. I try this : cat html.file |mail -s subject [EMAIL PROTECTED] I try to had some header in the htlm.file but it does not work too. Maybe someone has a tip for me :) Thanks. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mail command and html
2008/11/27 Patrick O'Callaghan [EMAIL PROTECTED]: On Thu, 2008-11-27 at 16:59 +0100, Guillaume wrote: hi, I would like to send a html mail from console with the `mail` utility. I try this : cat html.file |mail -s subject [EMAIL PROTECTED] I try to had some header in the htlm.file but it does not work too. You need to say what you mean by does not work. Ok sorry ! When i send email with simple command like $cat html.file |mail -s subject [EMAIL PROTECTED] the mail arrive to recipient but is not read as HTML. In the mail reader the html tag appear in clear and text is not formatted... Of course, the file i use is well formated in html language. 2008/11/27 Iarly Selbir [EMAIL PROTECTED]: Hi, read it: http://www.liamdelahunty.com/tips/linux_send_html_email_from_command_line.php I try it but without sendmail cause it need root access. And it does not work. 2008/11/27 Fred Silsbee [EMAIL PROTECTED]: this once worked: mail [EMAIL PROTECTED]xxx.txt or mail [EMAIL PROTECTED]xxx.txt you'll be prompted And this does not work too. I'll check if `mail` have some options to correctly handle html. Thanks all for your replies :) -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
PKI graphical tool
Hi, I woul like to know if someone in this list use a graphical tool to manage pki infrastructure ? Like creating CA, creating revoking certificates. If this kind of tools exist, can someone tell me the name :) Thanks. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
sed script problem
hi, I hope that someone could answer my question :D I experience a problem with sed. If i run this sed in 'interactive' command line with this command line : sed -i -e '/%B5content%5D/d' file.tx Note that I use special char in the deleted part I search for. if I run the same in a script, the command does not delete any correspondant existing string. do you know why ? Thanks, -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: sed script problem
When you run it in a script is it as the same user with the same shell? yes, same user and same shell (/bin/bash) I forgot to mention the #!/bin/bash in the header. Is the script picking up your environment? Yes, I tought, i did not explicit any new environement var. -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: sed script problem
2008/8/22 Patrick Kaiser [EMAIL PROTECTED]: On Fri, Aug 22, 2008 at 03:32:47PM +0200, Guillaume wrote: 2008/8/22 Patrick Kaiser [EMAIL PROTECTED]: can you post the script or attach it? maybe you have to double escape special characters? Ok, youre right, i just have to add simple quote to $filename var. I was sure i do that before but Not ! thanks for your help ! sed -e '/$filename/d' ./$LINK_LIST sed -e '/'$filename'/d' ./$LINK_LIST -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Problem with crontab joblog
Are you sure the cronjobs are producing output? If there is no output, no email is going to be sent. Sorry for being late to replying to your post... Yes, the script i run produce output. As I describe my problem before, mail are sent when I cronjob are run with root but not with another standard user. I check some other things today. * path to the file in crontab * ACL on file (760) * crond logs in /var/log (seems to correctly run the script, and no errors reported) * results of the script I run (it works) * I set MAILTO var in user crontab to [EMAIL PROTECTED] and no entry are written in /var/log/maillog about this recipient address. In crond manual there was an option to set debug flag i set it up and i wait for the result maybe, it will show something... I'll tell you. In case someone as an idea, contact me :D -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Problem with crontab joblog
Hi, I have a problem with standard users after cronjobs ran, there is no mail sended to the cronjob owner after the job succeed. Problem does not seem to exist with superuser. I have no report about any transaction (about cronjob logs) in /var/log/maillog and i try to add the MAILTO=username in the crontab of the user but it does'nt change anything. Do you have any idea ? thanks for your help. Guillaume -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
need help with sed
Hi, When I run this command: echo 2008:04:23 | sed 's/://' The result is 200804:23 I expect to have this : 20080423 What is wrong with my very simple regexp ':' why all occurence of the char ':' are not deleted ? its make me crazy, can someone help me ? Thanks -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: need help with sed
Thanks guys, its works ! 2008/6/30 Dave Cook [EMAIL PROTECTED]: Hello Guillame, add a 'g' to the end of the sed command. 'g' means global i.e. EVERY occurence of : on the line is replaced. Dr. D B Cook Dept. of Chemistry The University of Sheffield -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: mounting filesytem for homedir
Maybe it helps if I give an example, this is the way I do it: I have an ext3 filesystem on /dev/sdd2 and a directory /var/backup that is used as the mount point. The directory /var/backup is owned by root and has file mode 000 (d-). You can safely do this and I even recommend it, as it prevents any access to this directory when the filesystem is not mounted (for whatever reason). As soon as I mount /dev/sdd2 on /var/backup, the owner of this directory becomes bacula and the file mode becomes 775 (drwxrwxr-x) because that is how it's stored in the file system on /dev/sdd2. After unmounting, this becomes 000/root again. So, what I wrote in my previous mail is good no ? -- Guillaume -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: PATCH: usb-storage-psc1350-v4.patch (was Linux scsi / usb-mass-storage and HP printer cardreader bug + fix)
Hello, On ven, 2008-01-11 at 21:14 +0100, Hans de Goede wrote: Boaz Harrosh wrote: Yes, you're right. in ULDs it is a much proper way to do this. So I guess you'll have to do that special host flag or device flag, and add a check for it in sd.c. You'll see that sd.c is already doing bufflen truncation at sd_prep_fn(), just add one more case. Done, thanks for the hint. Patch implementing my fix this way attached, please apply. Thanks Regards, Hans I have tested this time with two PSC 1610 printers, and two SD cards, the same bug occured without the patch. And is fixed with your new patch. Good work ! The bug however did not occur with a microSD card in a SD adaptator ?! But it fixes only two models. Do you think other devices (hp or not) can be impacted ? There are hundreds of models with card readers only for hp : http://hplip.sourceforge.net/supported_devices/combined.html Will this be possible to use LAST_SECTOR_BUG quirk for testing without recompiling a kernel ? Best regards, Guillaume B. ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
Re: Linux scsi / usb-mass-storage and HP printer cardreader bug + fix
Hello, Le vendredi 11 janvier 2008 à 13:48 +0100, Hans de Goede a écrit : That will work nicely, I'll write an updated patch this evening (when I have access to the printer to test again). Great news, i am impatient to test this new patch. I may face an other bug with the Transcend 1GB SD card, would be possible that the patch would be available for latests kernels ? Thanks in advance, Best regards, Guillaume B. ___ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
