Re: [gentoo-user] How reliable is ext3?
On 23/04/2013 23:10, Jarry wrote: On 23-Apr-13 22:40, Alan McKinnon wrote: ext4 is fine. All the horror stories ended years ago and almost all major distros ship it as a default. Hm, I remember one horror story about ext4 data corruption bug which circulated in public just a few months ago: https://lkml.org/lkml/2012/10/23/690 Jarry I dimly recall that one. Didn't it happen only in some very obscure circumstances that rarely happens in real life? Like rapidly mounting and unmounting the filesystem in a very specific use-scenario? What I do recall clearly is my conclusion at the time that the bug was just that - a bug. All software has bugs and not all bugs are equal; one has to learn to categorize them, and this one was relatively minor as far as filesystem bugs go. -- Alan McKinnon alan.mckin...@gmail.com
Re: (SOLVED)[gentoo-user] KDM stucking!
Jackie wrote: I still don't get a clue what; wrong here and why this all happend. Hope the information above will be helpful. I have had KDE behave similarly when my LDAP authentication was screwed up. There was an issue caused by a gnome library that was pulled in by gnucash. This only affected KDE logins, not console logins. Are you attempting to log in with a local user? This same thing also happened to me once when the disk was full. Cheers, Paul Good news here, I added nameserver 8.8.8.8 nameserver 8.8.4.4 to my /etc/resolv.conf,logout and login,no pause before splash appeared.Then I rebooted,/etc/resolv was automatically changed back and the PAUSE came back. I then used the chattr +i /etc/resolv.conf command to avoid resolv.conf being changed when rebooting.Rebooted and everything is clear now!Thanks all for your advice! You can set the defaults for resolv.conf in the net file. Here is mine: config_eth0=dhcp dhcp_eth0=nodns dns_servers_eth0=8.8.8.8 8.8.4.4 That should fix it as it should be without force. Yea, I had to dig. I'm getting old or something. :/ Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 01:22:37 -0400, Walter Dnes wrote: I have mix of various sizes. The best feature about ReiserFS is that it doesn't do inodes, so I don't have to be psychic about my future file mix when I format the partition. For that reason alone, I'm tempted to stay with ReiserFS3. I'm aware of the booby traps... - *NEVER EVER* have an uncompressed ReiserFS image on a ReiserFS partition - avoid Postfix and Qmail Why? I ask because I have a mail server with reiserfs on the mail spool, it's been running for several years and behaved impeccably, but if there is a good reason to switch, I will. -- Neil Bothwick X-Modem- A device on the losing end of an encounter with lightning. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Tue, 23 Apr 2013 21:37:52 -0400, Philip Webb wrote: I've used ReiserFS3 for years with no problems, but I keep hearing horror stories about it. I haven't read any horror stories re Reiser 3 , Where have you been f0r the last ten years? A quick search of this list's archives will reveal several. My understanding is that BTRFS and EXT4 are still a bit bleeding edge. My impression is that Btrfs is a bit unstable, but Ext4 is usable. I haven't used either. SUSE are using btrfs in SLES, so it can't be that experimental or unstable any more. -- Neil Bothwick A real programmer never documents his code. It was hard to make, it should be hard to read signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Tue, Apr 23, 2013 at 11:39 PM, Hilco Wijbenga hilco.wijbe...@gmail.com wrote: [...] So when I needed to install a new machine, I looked around and settled on JFS. This box has been running for about half a year now (so that includes several power failures) without any problems. I certainly am very pleased with JFS so perhaps you might want to consider it. I've also used (and still use) JFS on a lot of partitions (LVM actually), from my laptops (both rotating and SSD), desktop, VM's, etc. I've moved to it a few years ago after getting tired of all the Ext3 fsck's. Although JFS is quite efficient, and didn't create too much trouble --- never lost an entire file-system, never corrupted data, etc. --- it does have a few quirks: * empty files after panics --- I think in this regard it's not JFS's fault, but actually badly written software, because things go like this: say you edit a file, save it, and immediately (a few seconds) get either a panic or power failure, the result is an empty file; the technical details are like this: some software first truncate the file, write to it, and close it, but don't sync the data, thus you end up with an empty file; as said I think JFS is correct here, because you don't get a mix of old and new data, etc.; however I've encountered this behavior in quite a few instances... * no TRIM support --- obviously really useful on SSD and virtualized disks; (although I remember there was some work done in this respect;) * not enough tooling --- you get only the `jfs-utils`, and that's kind of it... * small community --- if you have a question, you can use the mailing list, it's quite responsive, but there aren't many data-points so that you can easily find someone in a similar situation, thus with a solution... All in all, I've started gradually migrating my partitions on Ext4. I stay away for Btrfs for now. And to be frank I don't quite like Btrfs's, and ZFS's for that matter, approach of throwing together all the layers, from the file-system, to the RAID, to the block management, etc. I find the layered approach more appealing --- as in if something goes wrong you can poke around --- of having completely separated block device management (LVM), RAID (MD), and file-system. A... and for backup file-systems, I use Ext2. Why? My take on this is: * I don't need write or read performance; I don't mind long fsck's; (thus any file-system could fit in here, however see below;) * I do really need reliability and, most importantly, recovery in case s**t... Therefore Ext2 is a perfect match: * it is so old, that I guess by now most bugs have been found and squashed; * it is so old, that virtually any Linux (or Windows, FreeBSD, or most other knows OS's) are able to at least read it; * it is so old, that by now I bet there are countless recovery tools; * it is so simple (compared with others), that someone could just re-implement a reader for it, or recovery tools; Any feedback about the Ext2 for backups? (Hope I'm not wrong on this one...) Ciprian.
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 10:27, Ciprian Dorin Craciun wrote: I stay away for Btrfs for now. And to be frank I don't quite like Btrfs's, and ZFS's for that matter, approach of throwing together all the layers, from the file-system, to the RAID, to the block management, etc. I find the layered approach more appealing --- as in if something goes wrong you can poke around --- of having completely separated block device management (LVM), RAID (MD), and file-system. For me, this is the whole attraction of ZFS and btrfs. I've just had to deal with 7 storage layers for so long I am now tired of it. I completely understand why LVM is designed the way it is - a PV, VG and LV are three distinct things handled differently and the code is compartmentalized out to reflect that. What I am so tired of is exposing that complexity in the interface so I have to be aware of it all the time. And partitions - don't get me started on that. A classic disk partition is something Bill Gates made popular for DOS and it should have died a long long time ago. Why the blazes do we STILL have this concept of a partition table, physical partitions, extended partitions. gr. Here's what I want from storage systems: I chuck a bunch of disks into a pool and inform the system how they must be used - maybe I want a certain RAID level, maybe the very fast SSD is reserved for a specific purpose. Then I want to tell the system how much storage I want for what purpose. If Joe Blow is to get 20G of storage for his ~, I want to tell the system there is a thing called joeb and it has a hard quota of 20G. The software must then go and do all the magic, because I am tired of doing the magic myself. ZFS is almost a sysadmin's wet dream come true - there's is no such thing as a filesystem as such, there are only chunks of storage with a purpose and characteristics. The concept of partitions goes away, there are only block devices. A volume is sort of a cross between a filesystem and a directory with the benefits of each (and few of the downsides). I suppose the main attraction can be summed up thusly: ZFS lets me stop being the human in a place where a computer belongs :-) -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] How reliable is ext3?
On 04/24/2013 10:26:52 AM, Neil Bothwick wrote: SUSE are using btrfs in SLES, so it can't be that experimental or unstable any more. That depends on the version of the kernel in use. I remember having lost all data of a btrfs file system with an early 3.x kernel. Meanwhile there have been quite a lot of patches to btrfs. With the more recent kernels (= 3.6 I believe) this hasn't happened any more. I'd recommend kernel 3.8.x, at least (I'm running 3.9_rc7) I remember that only last week, /sbin/btrfsck --repair DEVICE failed with some spurious error on a btrfs file system which happily turned out to be just OK. Note, that I emerge the GIT sources of btrfs-progs whenever I install a new kernel (each week in the last 7 weeks). So, as of now, I wouldn't rely on btrfsck doing a good job. But my btrfs file systems survived quite a few power losses without the need to btrfsck them. Helmut.
Re: (SOLVED)[gentoo-user] KDM stucking!
This same thing also happened to me once when the disk was full. Cheers, Paul Good news here, I added nameserver 8.8.8.8 nameserver 8.8.4.4 to my /etc/resolv.conf,logout and login,no pause before splash appeared.Then I rebooted,/etc/resolv was automatically changed back and the PAUSE came back. I then used the chattr +i /etc/resolv.conf command to avoid resolv.conf being changed when rebooting.Rebooted and everything is clear now!Thanks all for your advice! You can set the defaults for resolv.conf in the net file. Here is mine: config_eth0=dhcp dhcp_eth0=nodns dns_servers_eth0=8.8.8.8 8.8.4.4 That should fix it as it should be without force. Yea, I had to dig. I'm getting old or something. :/ Dale :-) :-) Copy that.Seen this on the Internet,I am just being lazy and pick the most easy and violent method to get it all done :) Jackie
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 10:24, Neil Bothwick wrote: On Wed, 24 Apr 2013 01:22:37 -0400, Walter Dnes wrote: I have mix of various sizes. The best feature about ReiserFS is that it doesn't do inodes, so I don't have to be psychic about my future file mix when I format the partition. For that reason alone, I'm tempted to stay with ReiserFS3. I'm aware of the booby traps... - *NEVER EVER* have an uncompressed ReiserFS image on a ReiserFS partition - avoid Postfix and Qmail Why? I ask because I have a mail server with reiserfs on the mail spool, it's been running for several years and behaved impeccably, but if there is a good reason to switch, I will. It's one of those maybe-it-is, maybe-it-isn't scenarios. Wiki has a pretty accurate description of the scene wrt mail spools: http://en.wikipedia.org/wiki/ReiserFS#Criticism Personally, I dunno. Yes, it could be an issue but it's not one I've actually seen rear it's head. I suspect Walter has an unfair opinion tainted my a few personal bad experiences (but that can happen with any system and software). His first statement though is very good advice. Never store a reiser image on a feiser fs, and never use reiser in a VM on a host fs that is also reiser. The reason is what happens when you try fsck it - reiser metadata (unlike ext*) is not all in fixed pre-determined locations on disk, so fsck can employ heuristics to go and look for it's metadata. If it finds it's own metadata and also the metadata in the stored image, it can't tell them apart. The results of that are not pretty. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 11:00:06 +0200, Alan McKinnon wrote: - avoid Postfix and Qmail Why? I ask because I have a mail server with reiserfs on the mail spool, it's been running for several years and behaved impeccably, but if there is a good reason to switch, I will. It's one of those maybe-it-is, maybe-it-isn't scenarios. Wiki has a pretty accurate description of the scene wrt mail spools: http://en.wikipedia.org/wiki/ReiserFS#Criticism Some directory operations (including unlink(2)) are not synchronous on ReiserFS, which can result in data corruption with applications relying heavily on file-based locks (such as mail transfer agents qmail[9] and Postfix[10]) if the machine halts before it has synchronized the disk. So I can lose stuff if the computer crashes. I don't see that as a specific problem with MTAs. although they do tend to have a lot of file throughput. On the other hand, I think the fact that maildir uses so many files is one of the reasons I went with ResierFS in the first place, running out of inodes on a mail server would not be my idea of fun. His first statement though is very good advice. Never store a reiser image on a feiser fs, and never use reiser in a VM on a host fs that is also reiser. The reason is what happens when you try fsck it - reiser metadata (unlike ext*) is not all in fixed pre-determined locations on disk, so fsck can employ heuristics to go and look for it's metadata. If it finds it's own metadata and also the metadata in the stored image, it can't tell them apart. The results of that are not pretty. Absolutely, I have no dispute with that - nor with the MTA statement I just hasn't heard that one before. -- Neil Bothwick RAM disk is *not* an installation procedure. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 10:50:11 +0200, Alan McKinnon wrote: Then I want to tell the system how much storage I want for what purpose. If Joe Blow is to get 20G of storage for his ~, I want to tell the system there is a thing called joeb and it has a hard quota of 20G. The software must then go and do all the magic, because I am tired of doing the magic myself. It's a shame there appears to be no equivalent of a soft quota in ZFS. Maybe it is the use of the term quota that is misleading, when in reality it is more akin to volume size. I suppose the main attraction can be summed up thusly: ZFS lets me stop being the human in a place where a computer belongs :-) +1 on all but the quota thing. -- Neil Bothwick Mouse: (n.) an input device used by management to force computer users to keep at least a part of their desks clean. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
130424 Neil Bothwick wrote: 130423 Philip Webb hadn't read any horror stories re Reiser 3 : Where have you been for the last ten years? Reading this list various Linux news sites. A quick search of this list's archives will reveal several. If it's so easy, please point me to a couple (smile). The only one mentioned in this thread so far is a strange case of trying to use a RF image on a RF, which most users will never have any occasion to encounter. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] How reliable is ext3?
Neil Bothwick n...@digimed.co.uk wrote: On Wed, 24 Apr 2013 10:50:11 +0200, Alan McKinnon wrote: Then I want to tell the system how much storage I want for what purpose. If Joe Blow is to get 20G of storage for his ~, I want to tell the system there is a thing called joeb and it has a hard quota of 20G. The software must then go and do all the magic, because I am tired of doing the magic myself. It's a shame there appears to be no equivalent of a soft quota in ZFS. Maybe it is the use of the term quota that is misleading, when in reality it is more akin to volume size. The quota concept in ZFS ist just different... While Linux just uses the Melbourne Quota code that has been written for *BSD, zfs uses a new concept that fits the constraints of a COW filesystem with writable snapshots. ZFS may on the other side may allow to write much more than in the limitation data as the quota is checked only when a sync() happens (which is aprox. every 3 seconds). Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 11:27, Neil Bothwick wrote: On Wed, 24 Apr 2013 10:50:11 +0200, Alan McKinnon wrote: Then I want to tell the system how much storage I want for what purpose. If Joe Blow is to get 20G of storage for his ~, I want to tell the system there is a thing called joeb and it has a hard quota of 20G. The software must then go and do all the magic, because I am tired of doing the magic myself. It's a shame there appears to be no equivalent of a soft quota in ZFS. Maybe it is the use of the term quota that is misleading, when in reality it is more akin to volume size. quota is this context is indeed a misleading term. Volume size so far fits my needs just fine, but that's because I've never needed quotas as such. I find quotas too inflexible anyway, it's a case of forcing a simplistic hardware rule into the human space and that never really solves the problem properly. The problem quotas try to solve is don't let users use more than their fair share of stuff; all the kids must play nicely on the playground I suppose the main attraction can be summed up thusly: ZFS lets me stop being the human in a place where a computer belongs :-) +1 on all but the quota thing. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 11:21, Neil Bothwick wrote: On Wed, 24 Apr 2013 11:00:06 +0200, Alan McKinnon wrote: - avoid Postfix and Qmail Why? I ask because I have a mail server with reiserfs on the mail spool, it's been running for several years and behaved impeccably, but if there is a good reason to switch, I will. It's one of those maybe-it-is, maybe-it-isn't scenarios. Wiki has a pretty accurate description of the scene wrt mail spools: http://en.wikipedia.org/wiki/ReiserFS#Criticism Some directory operations (including unlink(2)) are not synchronous on ReiserFS, which can result in data corruption with applications relying heavily on file-based locks (such as mail transfer agents qmail[9] and Postfix[10]) if the machine halts before it has synchronized the disk. So I can lose stuff if the computer crashes. I don't see that as a specific problem with MTAs. although they do tend to have a lot of file throughput. On the other hand, I think the fact that maildir uses so many files is one of the reasons I went with ResierFS in the first place, running out of inodes on a mail server would not be my idea of fun. I solve that problem for me in the obvious way: I pay less attention to choice of filesystem and more attention on rigging systems that don't crash! Admittedly, I have the luxury of being able to do that, I don't work for Google (who need an entirely different approach due to scale) -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 12:08:12 +0200, Alan McKinnon wrote: It's a shame there appears to be no equivalent of a soft quota in ZFS. Maybe it is the use of the term quota that is misleading, when in reality it is more akin to volume size. quota is this context is indeed a misleading term. Volume size so far fits my needs just fine, but that's because I've never needed quotas as such. I find quotas too inflexible anyway, it's a case of forcing a simplistic hardware rule into the human space and that never really solves the problem properly. Sometimes a simplistic rule is what's needed. If you are selling off-site storage in 1GB chunks, you need to stop people using more than they have paid for. Hard quotas do this, soft quotas let you warn them first, before things get broken. The problem quotas try to solve is don't let users use more than their fair share of stuff; all the kids must play nicely on the playground That sounds reasonable to me. -- Neil Bothwick ISDN: It Still Does Nothing signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 12:10:56 +0200, Alan McKinnon wrote: Some directory operations (including unlink(2)) are not synchronous on ReiserFS, which can result in data corruption with applications relying heavily on file-based locks (such as mail transfer agents qmail[9] and Postfix[10]) if the machine halts before it has synchronized the disk. So I can lose stuff if the computer crashes. I don't see that as a specific problem with MTAs. although they do tend to have a lot of file throughput. On the other hand, I think the fact that maildir uses so many files is one of the reasons I went with ResierFS in the first place, running out of inodes on a mail server would not be my idea of fun. I solve that problem for me in the obvious way: I pay less attention to choice of filesystem and more attention on rigging systems that don't crash! Maybe that's why I never hit this bug, I don't recall my mail server ever crashing. If this mail does not arrive intact, I spoke too so^%£$£ -- Neil Bothwick OPERATOR ERROR: Nyah, Nyah, Nyah, Nyah, Nyah! signature.asc Description: PGP signature
Re: [gentoo-user] Removing pulseaudio
Am 24.04.2013 04:46, schrieb Walter Dnes: On Wed, Apr 24, 2013 at 12:12:56AM +0200, Michael Hampicke wrote Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Im not a gnome user as of yet, but I can tell you that the day is coming (Gnome 3.8 I believe) when gnome will not work without PA, so you will have to install it if you want newer Gnome. William That's true, gnome3.8 will require you to install pulseaudio-2 From a logic chapter in a highschool math text, the contrapositive version of this is that removing pulseaudio will require removing gnome. See my sig... Hm, that seems to be TRUE :-) signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 11:37, Philip Webb wrote: 130424 Neil Bothwick wrote: 130423 Philip Webb hadn't read any horror stories re Reiser 3 : Where have you been for the last ten years? Reading this list various Linux news sites. A quick search of this list's archives will reveal several. If it's so easy, please point me to a couple (smile). The only one mentioned in this thread so far is a strange case of trying to use a RF image on a RF, which most users will never have any occasion to encounter. It /used to be/ rare. But ever since vmware-workstation has been around and available to Linux users, it has become a much more serious issue at large, and you need to be aware of it. It's one of those issues that is not immediately obvious, where overlooking it is not a classic screwup and where it can bite you hard if you are not careful. We can't blame any of the software for this, it's just a side effect of the way things are nowadays -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] How reliable is ext3?
On 24/04/2013 12:17, Neil Bothwick wrote: On Wed, 24 Apr 2013 12:10:56 +0200, Alan McKinnon wrote: Some directory operations (including unlink(2)) are not synchronous on ReiserFS, which can result in data corruption with applications relying heavily on file-based locks (such as mail transfer agents qmail[9] and Postfix[10]) if the machine halts before it has synchronized the disk. So I can lose stuff if the computer crashes. I don't see that as a specific problem with MTAs. although they do tend to have a lot of file throughput. On the other hand, I think the fact that maildir uses so many files is one of the reasons I went with ResierFS in the first place, running out of inodes on a mail server would not be my idea of fun. I solve that problem for me in the obvious way: I pay less attention to choice of filesystem and more attention on rigging systems that don't crash! Maybe that's why I never hit this bug, I don't recall my mail server ever crashing. If this mail does not arrive intact, I spoke too so^%£$£ Postfix doesn't crash (for the everyday human definition of doesn't). Here's my pair of MTAs: $ uptime 12:24PM up 1295 days, 13:10, 1 user, load averages: 0.19, 0.20, 0.31 $ uptime 12:24PM up 1925 days, 20:30, 4 users, load averages: 0.90, 0.75, 0.84 Those two just keep on accepting and dealing with mail, they do that a million times a day and according to uptime have been doing it for 10 years. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Removing pulseaudio
Hello, William. On Tue, Apr 23, 2013 at 03:59:54PM -0500, William Hubbs wrote: On Fri, Apr 19, 2013 at 09:49:19AM +0100, Kevin Chadwick wrote: Feel free to remove PA if you don't need it. I really don't see any scope for Lennart to make all of alsa redundant anytime soon (unlike udev...) Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Im not a gnome user as of yet, but I can tell you that the day is coming (Gnome 3.8 I believe) when gnome will not work without PA, so you will have to install it if you want newer Gnome. Any idea why? Even on systems which lack audio entirely? I hate this recent phenomenom, where disparate entities are bundled together ever more tightly, reducing users' choice. William -- Alan Mackenzie (Nuremberg, Germany).
Re: [gentoo-user] Partitions - last questions...
On 2013-04-23 1:59 PM, Neil Bothwick n...@digimed.co.uk wrote: On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you can leave it as a sub-directory of /var. If this is a server, 5G is fine for this, but for a desktop it may need to be bigger, to accommodate LibreOffice builds. One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Last issue - I was planning on using XFS for my /var so I've been researching filesystems on VMs, and ran into this FAQ on the XFS site: http://xfs.org/index.php/XFS_FAQ#Q:_Which_settings_are_best_with_virtualization_like_VMware.2C_XEN.2C_qemu.3F Q: Which settings are best with virtualization like VMware, XEN, qemu? The biggest problem is that those products seem to also virtualize disk writes in a way that even barriers don't work any more, which means even a fsync is not reliable. Tests confirm that unplugging the power from such a system even with RAID controller with battery backed cache and hard disk cache turned off (which is safe on a normal host) you can destroy a database within the virtual machine (client, domU whatever you call it). In qemu you can specify cache=off on the line specifying the virtual disk. For others information is missing. Which says there IS NO BEST SETTING, and that XFS (and by implication, ANY FS) will always be very vulnerable to sudden power loss by the Host... Comments welcome...
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
On 04/24/13 07:11, J. Roeleveld wrote: On Wed, April 24, 2013 00:16, Joseph wrote: On 04/23/13 20:10, J. Roeleveld wrote: SNIP I am guessing Apache is running on the same machine as your Postgresql server? In this case. The connection will always originate from localhost and Postgresql is behaving as it should. You will need to secure access to the website to avoid people accessing it. Yes, every machine I run has apache on it, so Postgresql server runs on it as well. If I'm connecting from another network machine to a server, how does it originate from localhost? Something is not correct. I'll try to explain. When you connect to the website (Apache) the connection Apache sees originates from your machine. When Apache then needs to access PostgreSQL to access the data needed for the website, Postgresql sees the connection originating from Apache, which is running on the same machine. -- Joost Thank you for explanation. That is what I'm confused about. When I connect to pstgresql database from the same machine as postgres is running on I can understand. It is a local connection from localhost (127.0.0.1) so everybody is allowed but I don't understand why users on the local network can connect to my machine and login using apache when their IP is different. -- Joseph
Re: [gentoo-user] Partitions - last questions...
Am 24.04.2013 12:48, schrieb Tanstaafl: On 2013-04-23 1:59 PM, Neil Bothwick n...@digimed.co.uk wrote: On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: So - first, is 5G way too big for the two /tmp dirs? I have lots of space, but hate waste If you worry about waste consider bind-mounting both from the same partition and install quotas to avoid one filling up the other. Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you can leave it as a sub-directory of /var. If this is a server, 5G is fine for this, but for a desktop it may need to be bigger, to accommodate LibreOffice builds. One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: OT: emoticon display with Thunderbird
Stroller stroller at stellar.eclipse.co.uk writes: Stroller. [1] http://thommck.wordpress.com/2011/12/15/youve-got-emoji-smilie-characters-discovered-in-a-font/ [2] http://users.teilar.gr/~g1951d/ [3] https://github.com/android/platform_frameworks_base/tree/master/data/fonts [4] http://www.xda-developers.com/android/jelly-bean-emoji-font-on-ice-cream-sandwich/ [5] http://forum.xda-developers.com/showthread.php?t=1879056 You and others have given me much to consider. I've read about too many issues with version 10 of TB. So before I can continue this emoticon solution-quest, I must first complete some (many) network upgrades and systems upgrades (way far behind on these projects). What I'm really (eventually) after is a way to send a custom emoticon, tied to a specific trirgger. For example, every hour, I'd like to send a measured temperature from a remote linux system to the mail box on another system, that looks like a hollow emoticon (empty sphere) with these characters inside of it: 72F meaning the cpu temperature on this system is 72 degrees F. Think of it a simple graphical email, via expanded emoticons? In an ideal world, I'd like to auto-magically support billions of (custom) emoticonsThe reality is I'll settle for an easy to admin, simple subset.. for now (after some routine admin catchup).. James
Re: [gentoo-user] How reliable is ext3?
On 2013-04-24 1:22 AM, Walter Dnes waltd...@waltdnes.org wrote: - avoid Postfix and Qmail Eh??? Been running postfix/courier-imap and now dovecot for 8+ years on reiserfs with zarro problems... including a few scary moments after 2 unclean shutdown events due to extended power outage and the UPS not sending the shutdown signal in time (false battery level readings due to aging batteries), but it came back up fine... So no idea where you got the idea that postfix+reiserfs was a no-no...
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 07:17:26 -0400, Philip Webb wrote: So I continue to believe that Reiser 3 is remarkably reliable, at least if you don't try running it virtually on itself or blame hardware problems on the software. I didn't say otherwise, in fact I've already posted to this thread about running a mail server on it for many years. But there have been plenty of horror stories posted to this list and elsewhere. How much store you place by them is up to you. -- Neil Bothwick I have seen things you lusers would not believe. I've seen Sun monitors on fire off the side of the multimedia lab. I've seen NTU lights glitter in the dark near the Mail Gate. All these things will be lost in time, like the root partition last week. Time to die. signature.asc Description: PGP signature
Re: [gentoo-user] Partitions - last questions...
On 2013-04-24 8:48 AM, Florian Philipp li...@binarywings.net wrote: One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Thanks for the comments!
Re: [gentoo-user] How reliable is ext3?
On 2013-04-24 6:27 AM, Alan McKinnon alan.mckin...@gmail.com wrote: Here's my pair of MTAs: $ uptime 12:24PM up 1295 days, 13:10, 1 user, load averages: 0.19, 0.20, 0.31 $ uptime 12:24PM up 1925 days, 20:30, 4 users, load averages: 0.90, 0.75, 0.84 Those two just keep on accepting and dealing with mail, they do that a million times a day and according to uptime have been doing it for 10 years. ? Looks like 3.5 years and 5.2 years, respectively... You seriously haven't upgraded your kernel on those machines for 3.5/5.2 years??
Re: [gentoo-user] Partitions - last questions...
Am 24.04.2013 17:12, schrieb Tanstaafl: On 2013-04-24 8:48 AM, Florian Philipp li...@binarywings.net wrote: One thing I'm trying to do is make the system as secure as possible at the filesystem level, and I've read that making /tmp and /var/tmp separate partitions so you can mount them /nodev/noexec/nosuid is one way to make things a bit more secure... noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? It makes sense. Any world-writable directory should be noexec to make script injection harder. Other directories, too, like /var/www (if you can, i.e. no cgi). I cannot tell you if any application might need it. Try it. It is easy enough to revert, maybe even with a `mount -o remount`, I'm not sure. Also, look at http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec On that note, I realized I can't make two /tmp's in lvm, so, I guess I can make a vtmp, and just bind that to /var/tmp in fstab like: /dev/vg/vtmp/var/tmp ext4 nodev,noexec,nosuid 0 0 Will that work? Sure why not but you should set the pass column to 2 instead of 0. What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Okay, your fsck column is called pass in my fstab. Anyway, a value of two means fsck after root, one means fsck as root and 0 no fsck. See `man fstab`. Obviously you want fsck. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Partitions - last questions...
On 2013-04-23 12:34 PM, Florian Philipp li...@binarywings.net wrote: Am 23.04.2013 16:44, schrieb Tanstaafl: /boot (ext2), 100M /swap, 2G / (ext4), 40G then on LVM /tmp (ext2), 5G? - how big? /var/tmp (ext2), 5G? - how big? If this is a production server I wouldn't use ext2. In the case of a crash or reboot, you don't want to loose precious uptime just because of fsck or corrupted file systems. Noted, changed these to ext4... /var/log (ext4) - size? should I even have this separate? Doesn't need to be separate but could prevent a runaway process from filling /var just because it is spamming log entries. Could also be achieved with quotas. Filling up due to runaway logging is why I wanted this on a separate partition, and I prefer this to quotas... One question... I have some MySQL databases running on this system too, for my userdbs, and on the new server, SOGo (groupware)... Is it recommended to incorporate scripts to perform dumps of the dbs, or is the lvm snapshot reliable enough for backing these up in their raw state? Restoring from lvm snapshot is like restoring after a black out or similar crash. Having proper dumps is always a good idea. The snapshots are strictly transient, created/dropped during rsnapshot backups... I think I will schedule a cronjob for sql dumps too, for an extra backup/restore option... Hope this helps, Very much, thanks Florian!
Re: [gentoo-user] Partitions - last questions...
On 2013-04-24 11:31 AM, Florian Philipp li...@binarywings.net wrote: Am 24.04.2013 17:12, schrieb Tanstaafl: Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? It makes sense. Any world-writable directory should be noexec to make script injection harder. Other directories, too, like /var/www (if you can, i.e. no cgi). I cannot tell you if any application might need it. Try it. It is easy enough to revert, maybe even with a `mount -o remount`, I'm not sure. Also, look at http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec Hmmm, this only talks about /tmp... I'm talking about /var/tmp... So, I guess you're right, I'll just need to try it and see... What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Okay, your fsck column is called pass in my fstab. Anyway, a value of two means fsck after root, one means fsck as root and 0 no fsck. See `man fstab`. Obviously you want fsck. Gotcha, that's what I thought... Thanks again Florian
Re: [gentoo-user] Partitions - last questions...
On 04/24/2013 11:39 AM, Tanstaafl wrote: On 2013-04-23 12:34 PM, Florian Philipp li...@binarywings.net wrote: Am 23.04.2013 16:44, schrieb Tanstaafl: /boot (ext2), 100M /swap, 2G / (ext4), 40G then on LVM /tmp (ext2), 5G? - how big? /var/tmp (ext2), 5G? - how big? If this is a production server I wouldn't use ext2. In the case of a crash or reboot, you don't want to loose precious uptime just because of fsck or corrupted file systems. Noted, changed these to ext4... Sideways question: Are there disk-based filesystems which don't persist? I don't think I've heard of any, short of cranking up the amount of space dedicated to swap, and using tmpfs. signature.asc Description: OpenPGP digital signature
Re: PVSCSI vs LSI Logic Parallel/SAS - WAS: Re: [gentoo-user] Best filesystem for virtualized gentoo mail server - WAS: vmWare HowTo / best practices
Anyone? On 2013-04-23 3:28 PM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-04-22 8:56 AM, Andre Lucas Falco alfa...@gmail.com wrote: 2013/4/21 Tanstaafl tansta...@libertytrek.org wrote: Windows VMs see get an 'LSI Logic SAS', and my gentoo VM gets an 'LSI Logic Parallel' controller. Did you tested using pvscsi? It's improve performance with less cost to CPU usage. No, I didn't... It appears there is pvscsi support in the mainline linux kernel, but is it rock-solid? Anyone else here running gentoo linux with this driver for their primary/boot disk controller? Also, for my windows server 2008r2 vms, I used the default, which was the LSI SAS... I did search and found the knowledgebase article describing how to change them, but is the gain really worth the trouble (and more importantly, the risk)?
Re: [gentoo-user] How reliable is ext3?
On 24 April 2013, at 11:16, Neil Bothwick wrote: ... Volume size so far fits my needs just fine, but that's because I've never needed quotas as such. I find quotas too inflexible anyway, it's a case of forcing a simplistic hardware rule into the human space and that never really solves the problem properly. Sometimes a simplistic rule is what's needed. If you are selling off-site storage in 1GB chunks, you need to stop people using more than they have paid for. Hard quotas do this, soft quotas let you warn them first, before things get broken. I'm unclear how this warning would be addressed. Your system must be more complex than I'm imagining, because I see this obvious answer of a bash script which loops through /home/*, runs `du` or `df` and sends an email to anyone who's consuming more than 90%. Obviously this needs to be adapted to circumstance. Stroller.
Re: [gentoo-user] How reliable is ext3?
Am 24.04.2013 19:38, schrieb Stroller: On 24 April 2013, at 11:16, Neil Bothwick wrote: ... Volume size so far fits my needs just fine, but that's because I've never needed quotas as such. I find quotas too inflexible anyway, it's a case of forcing a simplistic hardware rule into the human space and that never really solves the problem properly. Sometimes a simplistic rule is what's needed. If you are selling off-site storage in 1GB chunks, you need to stop people using more than they have paid for. Hard quotas do this, soft quotas let you warn them first, before things get broken. I'm unclear how this warning would be addressed. Your system must be more complex than I'm imagining, because I see this obvious answer of a bash script which loops through /home/*, runs `du` or `df` and sends an email to anyone who's consuming more than 90%. Obviously this needs to be adapted to circumstance. That only works on small systems. I have systems here where a 'du' on /home would take hours and produce massive IO wait, because there's so much data in there. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: OT: emoticon display with Thunderbird
On 24 April 2013, at 15:10, James wrote: ... What I'm really (eventually) after is a way to send a custom emoticon, tied to a specific trirgger. For example, every hour, I'd like to send a measured temperature from a remote linux system to the mail box on another system, that looks like a hollow emoticon (empty sphere) with these characters inside of it: 72F meaning the cpu temperature on this system is 72 degrees F. Think of it a simple graphical email, via expanded emoticons? My immediate reaction to this is to suggest creating a PDF. My mail client shows PDFs inline, so this would display quite nicely. You could create the circle using Postscript, then dump the postscript document to PDF; PDFs allow arbitrary paper sizes. Alternatively, you could draw this as a gif or png using imagemagick or something. The imagemagick examples explain how to draw circles: http://www.imagemagick.org/Usage/draw/#circles Stroller.
Re: [gentoo-user] How reliable is ext3?
On 24 April 2013, at 18:53, Michael Hampicke wrote: ... Your system must be more complex than I'm imagining, because I see this obvious answer of a bash script which loops through /home/*, runs `du` or `df` and sends an email to anyone who's consuming more than 90%. Obviously this needs to be adapted to circumstance. That only works on small systems. I have systems here where a 'du' on /home would take hours and produce massive IO wait, because there's so much data in there. Of course. Excuse me. My original idea was in respect of the previous respondent's desire to offer hard limits of a gigabyte - allocating each user a partition and running `du`, which returns immediately, on it. I don't understand how a hard limit could be enforced if it's impractical to assess the size of used data. Stroller.
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 18:38:42 +0100, Stroller wrote: Sometimes a simplistic rule is what's needed. If you are selling off-site storage in 1GB chunks, you need to stop people using more than they have paid for. Hard quotas do this, soft quotas let you warn them first, before things get broken. I'm unclear how this warning would be addressed. Your system must be more complex than I'm imagining, because I see this obvious answer of a bash script which loops through /home/*, runs `du` or `df` and sends an email to anyone who's consuming more than 90%. Obviously this needs to be adapted to circumstance. The warnquota command, from sys-fs/quota, does this for all user and all filesystems with a single command called from cron. Yes, you could reinvent the wheel with a shell script, but the wheel already exists for filesystems other than ZFS. There's also the grace time element, which allows you to go over quota for a short period, allowing you, for example, to delete some old backups before the system fails on the new one. -- Neil Bothwick WITLAG: The delay between delivery and comprehension of a joke. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 19:07:05 +0100, Stroller wrote: That only works on small systems. I have systems here where a 'du' on /home would take hours and produce massive IO wait, because there's so much data in there. Of course. Excuse me. My original idea was in respect of the previous respondent's desire to offer hard limits of a gigabyte - allocating each user a partition and running `du`, which returns immediately, on it. I said by the gigabyte not of a gigabyte, a user could have hundreds of them. I don't understand how a hard limit could be enforced if it's impractical to assess the size of used data. Because the filesystem keeps track of the usage, just like it does for the whole filesystem, which is why df . is so much faster than du .. ZFS does this too, it just doesn't have a concept of a soft limit. -- Neil Bothwick Please rotate your phone 90 degrees and try again. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On 24 April 2013, at 19:32, Neil Bothwick wrote: ... Your system must be more complex than I'm imagining, because I see this obvious answer of a bash script which loops through /home/*, runs `du` or `df` and sends an email to anyone who's consuming more than 90%. Obviously this needs to be adapted to circumstance. The warnquota command, from sys-fs/quota, does this for all user and all filesystems with a single command called from cron. Yes, you could reinvent the wheel with a shell script, but the wheel already exists for filesystems other than ZFS. I don't see how it's reinventing the wheel if the wheel doesn't fit your vehicle. Stroller.
Re: [gentoo-user] How reliable is ext3?
Who's paying for this bandwith? N. On 4/24/13, Neil Bothwick n...@digimed.co.uk wrote: On Wed, 24 Apr 2013 19:07:05 +0100, Stroller wrote: That only works on small systems. I have systems here where a 'du' on /home would take hours and produce massive IO wait, because there's so much data in there. Of course. Excuse me. My original idea was in respect of the previous respondent's desire to offer hard limits of a gigabyte - allocating each user a partition and running `du`, which returns immediately, on it. I said by the gigabyte not of a gigabyte, a user could have hundreds of them. I don't understand how a hard limit could be enforced if it's impractical to assess the size of used data. Because the filesystem keeps track of the usage, just like it does for the whole filesystem, which is why df . is so much faster than du .. ZFS does this too, it just doesn't have a concept of a soft limit. -- Neil Bothwick Please rotate your phone 90 degrees and try again.
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 19:44:18 +0100, Stroller wrote: The warnquota command, from sys-fs/quota, does this for all user and all filesystems with a single command called from cron. Yes, you could reinvent the wheel with a shell script, but the wheel already exists for filesystems other than ZFS. I don't see how it's reinventing the wheel if the wheel doesn't fit your vehicle. That was my point, that the wheel doesn't fit. There are ways of kludging this in ZFS that do not involve the overhead of running du, such as parsing the output from zfs list, but nothing as convenient as the common method that exists for other filesystems. -- Neil Bothwick Windows Error #02: Multitasking attempted. System confused. signature.asc Description: PGP signature
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 14:45:21 -0400, Nick Khamis wrote: Who's paying for this bandwith? What bandwidth? We're discussing disk space usage. Unless you're referring to the bandwidth consumed by the discussion, which jumps massively every time someone quotes and reposts an entire email to add a one line comment. -- Neil Bothwick Three kinds of people: those who can count and those who can't. signature.asc Description: PGP signature
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
Joseph syscon...@gmail.com wrote: On 04/24/13 07:11, J. Roeleveld wrote: On Wed, April 24, 2013 00:16, Joseph wrote: On 04/23/13 20:10, J. Roeleveld wrote: SNIP I am guessing Apache is running on the same machine as your Postgresql server? In this case. The connection will always originate from localhost and Postgresql is behaving as it should. You will need to secure access to the website to avoid people accessing it. Yes, every machine I run has apache on it, so Postgresql server runs on it as well. If I'm connecting from another network machine to a server, how does it originate from localhost? Something is not correct. I'll try to explain. When you connect to the website (Apache) the connection Apache sees originates from your machine. When Apache then needs to access PostgreSQL to access the data needed for the website, Postgresql sees the connection originating from Apache, which is running on the same machine. -- Joost Thank you for explanation. That is what I'm confused about. When I connect to pstgresql database from the same machine as postgres is running on I can understand. It is a local connection from localhost (127.0.0.1) so everybody is allowed but I don't understand why users on the local network can connect to my machine and login using apache when their IP is different. -- Joseph Joseph. The connection to the database is done by apache. Apache connects from the server where Apache is running. Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. -- Joost Roeleveld -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: [gentoo-user] Removing pulseaudio
On Tue, Apr 23, 2013 at 10:46:12PM -0400, Walter Dnes wrote: On Wed, Apr 24, 2013 at 12:12:56AM +0200, Michael Hampicke wrote Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Im not a gnome user as of yet, but I can tell you that the day is coming (Gnome 3.8 I believe) when gnome will not work without PA, so you will have to install it if you want newer Gnome. William That's true, gnome3.8 will require you to install pulseaudio-2 From a logic chapter in a highschool math text, the contrapositive version of this is that removing pulseaudio will require removing gnome. See my sig... and your point is? William signature.asc Description: Digital signature
Re: [gentoo-user] Removing pulseaudio
On Wed, Apr 24, 2013 at 5:46 AM, Alan Mackenzie a...@muc.de wrote: Hello, William. On Tue, Apr 23, 2013 at 03:59:54PM -0500, William Hubbs wrote: On Fri, Apr 19, 2013 at 09:49:19AM +0100, Kevin Chadwick wrote: Feel free to remove PA if you don't need it. I really don't see any scope for Lennart to make all of alsa redundant anytime soon (unlike udev...) Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Im not a gnome user as of yet, but I can tell you that the day is coming (Gnome 3.8 I believe) when gnome will not work without PA, so you will have to install it if you want newer Gnome. Any idea why? Even on systems which lack audio entirely? I hate this recent phenomenom, where disparate entities are bundled together ever more tightly, reducing users' choice. William -- Alan Mackenzie (Nuremberg, Germany). Not that it likely affects a lot of people, but pulseaudio can transmit sound over the network to other pulseaudio servers -- a possible use case I can think of are media centers, though I'm sure there's more. There's even a guy streaming audio from his Android phone to another computer [1]. [1] https://www.youtube.com/watch?v=o5-phFVfZnQ -- Alecks Gates
Re: [gentoo-user] How reliable is ext3?
On Wed, Apr 24, 2013 at 12:22:36PM +0200, Alan McKinnon wrote On 24/04/2013 11:37, Philip Webb wrote: 130424 Neil Bothwick wrote: 130423 Philip Webb hadn't read any horror stories re Reiser 3 : Where have you been for the last ten years? Reading this list various Linux news sites. A quick search of this list's archives will reveal several. If it's so easy, please point me to a couple (smile). The only one mentioned in this thread so far is a strange case of trying to use a RF image on a RF, which most users will never have any occasion to encounter. It /used to be/ rare. But ever since vmware-workstation has been around and available to Linux users, it has become a much more serious issue at large, and you need to be aware of it. It's one of those issues that is not immediately obvious, where overlooking it is not a classic screwup and where it can bite you hard if you are not careful. We can't blame any of the software for this, it's just a side effect of the way things are nowadays I don't know if it's configurable somewhere, but I vaguely recall seeing an occasional bootup where I get a message about the system having gone more than X days without being fsck'd. So it helpfully does it for me automatically and then does a regular reboot. I don't know if it's for the 200 megabyte ext2 / or the huge ReiserFS3 /home partition. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] How reliable is ext3?
On Wed, 24 Apr 2013 19:04:27 -0400, Walter Dnes wrote: I don't know if it's configurable somewhere, but I vaguely recall seeing an occasional bootup where I get a message about the system having gone more than X days without being fsck'd. So it helpfully does it for me automatically and then does a regular reboot. I don't know if it's for the 200 megabyte ext2 / or the huge ReiserFS3 /home partition. It's an ext* feature, you can set the time or number of mounts with tune2fs and view it with dumpe2fs -h /dev/sdXN | grep -i mount\ count -- Neil Bothwick Top Oxymorons Number 29: Soft rock signature.asc Description: PGP signature
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
On 04/24/13 22:27, J. Roeleveld wrote: [snip] Thank you for explanation. That is what I'm confused about. When I connect to pstgresql database from the same machine as postgres is running on I can understand. It is a local connection from localhost (127.0.0.1) so everybody is allowed but I don't understand why users on the local network can connect to my machine and login using apache when their IP is different. -- Joseph Joseph. The connection to the database is done by apache. Apache connects from the server where Apache is running. Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. -- Joost Roeleveld Thank you, now this is clear, so that pg_hba.conf has a limited use. So simple statement in apache directory: Allow from localhost will fix the issue. When it comes to database. How can I limit certain users from certain IP to only one database. I don't thing this is possible via apache! The line: local all alltrust will give access to everybody. How those line in pg_hba.conf should look if I want user from remote computer to access only one database? Is it: local my_database alltrust local others_database allident alex Does ident refers to user who is allow to login into database? How to list users for a particular database? Thank you for your explanations. -- Joseph
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
On 04/24/13 22:27, J. Roeleveld wrote: The connection to the database is done by apache. Apache connects from the server where Apache is running. Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. -- Joost Roeleveld Those postgresql instructions are very,very confusing, for example on the following webpage: http://www.linuxtopia.org/online_books/database_guides/Practical_PostgreSQL_database/c15679_002.htm it states: ---copy local A local entry is semantically the same as a host entry. However, you do not need to specify a host that is allowed to connect. The local entry is used for client connections that are initiated from the same machine that the PostgreSQL server is operating on. ---end copy--- The above is not correct as users from any machine on a local network can connect to my database. If I put a line in pg_hba.conf host all 127.0.0.1 255.255.255.255 trust postgresql will not even starts, I get an error message: FATAL: could not load pg_hba.conf LOG: invalid IP mask trust: Name or service not known -- Joseph
Re: PVSCSI vs LSI Logic Parallel/SAS - WAS: Re: [gentoo-user] Best filesystem for virtualized gentoo mail server - WAS: vmWare HowTo / best practices
On Apr 24, 2013 2:29 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-04-22 8:56 AM, Andre Lucas Falco alfa...@gmail.com wrote: 2013/4/21 Tanstaafl tansta...@libertytrek.org wrote: Windows VMs see get an 'LSI Logic SAS', and my gentoo VM gets an 'LSI Logic Parallel' controller. Did you tested using pvscsi? It's improve performance with less cost to CPU usage. No, I didn't... It appears there is pvscsi support in the mainline linux kernel, but is it rock-solid? Anyone else here running gentoo linux with this driver for their primary/boot disk controller? Also, for my windows server 2008r2 vms, I used the default, which was the LSI SAS... I did search and found the knowledgebase article describing how to change them, but is the gain really worth the trouble (and more importantly, the risk)? My Gentoo VMs in the cloud (using VMware's vCloud) uses PV-SCSI. It's stable... but kind of sensitive: Everytime the cloud provider do something with their storage, my VMs become Read-Only. Other than that, performance is good, no fs corruption, etc. Rgds, --
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
On 4/24/2013 19:23, Joseph wrote: The above is not correct as users from any machine on a local network can connect to my database. In the scenario you described, as Joost explained, the users on your network are *not* connecting to your database; they are connecting to a website. The web server is connecting to the database on their behalf. PostgreSQL's host-based authentication controls only who access the database directly, not who access the applications that use it. If I put a line in pg_hba.conf host all 127.0.0.1 255.255.255.255 trust This line is not valid. pg_hba.conf entries take the form typedatabaseuser[address] method [options] type can be 'local' (connections over a Unix socket), 'host' (connections over TCP, maybe using SSL), 'hostssl' (connections over TCP using SSL), 'hostnossl' (connections over TCP not using SSL). To achieve what I think you are looking for, just remove all lines from pg_hba.conf except this one:: local all all trust This will prevent anyone from connecting to your databases using TCP at all. If you really need TCP from the localhost instead of Unix sockets, you can also add this line:: hostall all 127.0.0.1/32trust postgresql will not even starts, I get an error message: FATAL: could not load pg_hba.conf LOG: invalid IP mask trust: Name or service not known I would strongly advise you read all of the PostgreSQL documentation before you expose a database to the world. Specifically, please read the official page about pg_hba.conf[1]. [1] http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html Regards, -- ♫Dustin http://dustin.hatch.name/
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
On 04/25/13 00:16, Dustin C. Hatch wrote: On 4/24/2013 19:23, Joseph wrote: The above is not correct as users from any machine on a local network can connect to my database. In the scenario you described, as Joost explained, the users on your network are *not* connecting to your database; they are connecting to a website. The web server is connecting to the database on their behalf. PostgreSQL's host-based authentication controls only who access the database directly, not who access the applications that use it. If I put a line in pg_hba.conf host all 127.0.0.1 255.255.255.255 trust This line is not valid. pg_hba.conf entries take the form typedatabaseuser[address] method [options] type can be 'local' (connections over a Unix socket), 'host' (connections over TCP, maybe using SSL), 'hostssl' (connections over TCP using SSL), 'hostnossl' (connections over TCP not using SSL). To achieve what I think you are looking for, just remove all lines from pg_hba.conf except this one:: local all all trust This will prevent anyone from connecting to your databases using TCP at all. If you really need TCP from the localhost instead of Unix sockets, you can also add this line:: I just tried as you suggested, the only active line in: pg_hba.conf local all all trust anything else is commented out. I restarted the server but I still can connect to postgresql from another computer via Firefox. I'm trying to produce meaning-full report to see if I can record remote connection from external computer so I have enable in: postgresql.conf max_connections = 100 shared_buffers = 24MB log_destination = 'syslog' logging_collector = on log_directory = 'pg_log' log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' log_file_mode = 0600 syslog_facility = 'LOCAL0' syslog_ident = 'postgres' client_min_messages = notice log_min_messages = notice log_checkpoints = on log_connections = on log_disconnections = on log_error_verbosity = verbose log_hostname = on datestyle = 'iso, mdy' lc_messages = 'en_US.UTF-8' lc_monetary = 'en_US.UTF-8' lc_numeric = 'en_US.UTF-8' lc_time = 'en_US.UTF-8' default_text_search_config = 'pg_catalog.english' But I don't see any indication in any report which computer is the connection coming from. -- Joseph