Re: [CentOS] instlaling onto mdadm centos 6
--On Saturday, August 13, 2011 08:59:30 AM -0400 William Warren wrote: > On 8/13/2011 7:40 AM, B.J. McClure wrote: >> >> boot partition must be raid 1. Grub does not work with 5, 10. etc. > > found out grub will not boot directly off the /boot md device..but i can > make grub put itself on the mbr's of both disks..:) Both steps are necessary for a properly redundant configuration. Depending on the age/interface/BIOS of your machine, if you lose your primary/master hard disk you may have to switch cabling to make your other disk (containing the mirror of /boot) the primary/master. Many modern BIOSes will allow you to select the boot priority order between disks without moving cables. This is something that is best determined empirically before you put your machine into production ... Typically, I do the following: 1. Put /boot onto a mirrored md device based on 200MB partitions. 2. Put the remaining disk space into a second partition using whatever RAID level is appropriate (including 5 or 6) 3. Give the large raid device to LVM 4. Add LVM-based filesystems as necessary. 5. After the system is fully installed, ensure that all boot drives have a copy of the proper MBR. 6. Test by powering down, removing the original boot drive, and powering up again (after ensuring that all RAID sync operations have been completed). This has worked fine for quite a while (CentOS 5.x) and I can verify that RAID1 (/boot) + RAID6 (remainder) work just fine with CentOS 6, including putting an encryption layer between the RAID6 device and LVM. Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] hardware isues
I have a broadcom bcm5722 and a dual intel pro/1000 pt nic in a dell t110. The setup sees the cards and i put them into automatic mode. After the install no cards are detected at all. Astaro 8.01 detects and utilizes all of these cards just fine. I have also tried ubuntu server 10.04 lts and they work fine. I'm curious if this is a bug with Centos 6? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot problem -- not deleting messages from server after downloading them - SOLVED
On 08/13/2011 02:44 PM, Charlie Brune wrote:
> I recently installed CentOS 6.0 and Dovecot 2.0.
>
> My problem is that, when I download emails to my laptop (running
> Thunderbird), the emails are NOT deleted from my server. They stay
> there and are downloaded again and again. 8-(
>
> The "Leave messages on server" option in Thunderbird is not checked.
>
> I have several laptops that used to work when I ran CentOS 5.6 / Dovecot
> 1.x. I haven't changed their configuration and they all have the same
> problem.
>
> Here's a sample (personal data removed) of /var/log/maillog when I
> download messages (note the "del=0/487" on the 2nd line):
>
> Aug 13 14:28:54 chasserver dovecot: pop3-login: Login: user=,
> method=PLAIN, rip=192.168.0.2, lip=192.168.0.27, mpid=18393, TLS
> Aug 13 14:29:28 chasserver dovecot: pop3(centos): Disconnected: Logged
> out top=0/0, retr=487/2134628, del=0/487, size=2126323
>
> My "dovecot -n" output is below.
>
> Thanks,
> Charlie
>
> # dovecot -n
> # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final)
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mbox_write_locks = fcntl
> passdb {
> driver = pam
> }
> ssl_cert = ssl_key = userdb {
> driver = passwd
> }
>
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
I solved the problem by disabling SELinux. Not sure why that fixed it,
but it did make me dislike SELinux just a little bit more. LOL
Regards,
Charlie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot problem -- not deleting messages from server after downloading them
Am 13.08.2011 21:44, schrieb Charlie Brune:
> I recently installed CentOS 6.0 and Dovecot 2.0.
>
> My problem is that, when I download emails to my laptop (running
> Thunderbird), the emails are NOT deleted from my server. They stay
> there and are downloaded again and again. 8-(
>
> The "Leave messages on server" option in Thunderbird is not checked.
>
> I have several laptops that used to work when I ran CentOS 5.6 / Dovecot
> 1.x. I haven't changed their configuration and they all have the same
> problem.
>
> Here's a sample (personal data removed) of /var/log/maillog when I
> download messages (note the "del=0/487" on the 2nd line):
>
> Aug 13 14:28:54 chasserver dovecot: pop3-login: Login: user=,
> method=PLAIN, rip=192.168.0.2, lip=192.168.0.27, mpid=18393, TLS
> Aug 13 14:29:28 chasserver dovecot: pop3(centos): Disconnected: Logged
> out top=0/0, retr=487/2134628, del=0/487, size=2126323
>
> My "dovecot -n" output is below.
>
> Thanks,
> Charlie
>
> # dovecot -n
> # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final)
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mbox_write_locks = fcntl
> passdb {
>driver = pam
> }
> ssl_cert = ssl_key = userdb {
>driver = passwd
> }
According to the POP3 protocol messages are first marked to be deleted
by the server on DELE command, but only really deleted in the UPDATE
state, means after the QUIT command.
Alexander
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] dovecot problem -- not deleting messages from server after downloading them
I recently installed CentOS 6.0 and Dovecot 2.0.
My problem is that, when I download emails to my laptop (running
Thunderbird), the emails are NOT deleted from my server. They stay
there and are downloaded again and again. 8-(
The "Leave messages on server" option in Thunderbird is not checked.
I have several laptops that used to work when I ran CentOS 5.6 / Dovecot
1.x. I haven't changed their configuration and they all have the same
problem.
Here's a sample (personal data removed) of /var/log/maillog when I
download messages (note the "del=0/487" on the 2nd line):
Aug 13 14:28:54 chasserver dovecot: pop3-login: Login: user=,
method=PLAIN, rip=192.168.0.2, lip=192.168.0.27, mpid=18393, TLS
Aug 13 14:29:28 chasserver dovecot: pop3(centos): Disconnected: Logged
out top=0/0, retr=487/2134628, del=0/487, size=2126323
My "dovecot -n" output is below.
Thanks,
Charlie
# dovecot -n
# 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final)
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mbox_write_locks = fcntl
passdb {
driver = pam
}
ssl_cert = http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't list directories in ftp
On 08/13/11 11:07 AM, Barry Brimer wrote: >> Response:227 Entering Passive Mode (192,168,1,48,251,255). >> > Seriously thanks for your help here, it's greatly appreciated! > You're welcome. > > Look above where I've left in the "Entering Passive Mode" line. This is > the address that is being used to send the connection back through. As > expected with localhost, it used 127.0.0.1, remotely, it used > 192.168.1.48. That is not going to work if you are being NATed somewhere > using a different (public) IP address. That is where the > MasqueradeAddress comes into play. Of course this only applies to > *passive* ftp connections. Active FTP connections would be unaffected. > By any chance when you tested and this worked in the past could you have > been testing with active ftp? FTP servers behind NAT are a pain in the butt, you have to support passive, as its the CLIENT that decides which mode to use. if you load the ip connection tracker FTP module in your NAT (assuming its a linux system), then it will monitor the FTP port for these PORT commands and munge them on the fly to be correct, then your ftp server works inside or outside (you don't use the MasqueradeAddress in this mode) -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't list directories in ftp
On Sat, 13 Aug 2011, Tim Dunphy wrote: > To: CentOS mailing list > From: Tim Dunphy > Subject: Re: [CentOS] can't list directories in ftp > > Hello again, Barry > > Yes interestingly enough that seemed to do it for the > local test. This is odd, because I remember setting up > another ProFTPd server with this directive and never ran > into this issue. > > Nevertheless, once I commented out the MasqueradeAddress > directive it works locally. I've NEVER had any problems with proftpd for myself, running on Centos 5.6 - it's always worked out of the box for me. I use gFTP to login to my main machine from my laptops, even logged in from a Vista laptop to my Centos 5.6 machine via ftp, using WinSCP. I have created 2 directories under my normal user acount, and just login using a GUI client like gFTP, and that takes me to my home directory. I use ~/FTP-OUT for placing files I want to get things from, and another directory called ~/ftp-in for moving things to the main Centos machine. The ftp port is opened in my custom firewall to machines on the LAN side only. Works fine for me. I know it's lazy, but if I can't be bothered to get up and walk to the main machine, I can always login via ssh to move things around on the main Centos box while I'm on the laptop ;) HTH Keith Roberts - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't list directories in ftp
> Hello again, Barry > > Yes interestingly enough that seemed to do it for the local test. This is > odd, because I remember setting up another ProFTPd server with this directive > and never ran into this issue. > > Nevertheless, once I commented out the MasqueradeAddress directive it works > locally. > 227 Entering Passive Mode (127,0,0,1,253,20). > Which is nice! But when I try to connect remotely this is what occurs: > Response: 227 Entering Passive Mode (192,168,1,48,251,255). > Seriously thanks for your help here, it's greatly appreciated! You're welcome. Look above where I've left in the "Entering Passive Mode" line. This is the address that is being used to send the connection back through. As expected with localhost, it used 127.0.0.1, remotely, it used 192.168.1.48. That is not going to work if you are being NATed somewhere using a different (public) IP address. That is where the MasqueradeAddress comes into play. Of course this only applies to *passive* ftp connections. Active FTP connections would be unaffected. By any chance when you tested and this worked in the past could you have been testing with active ftp? Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't list directories in ftp
Hello again, Barry Yes interestingly enough that seemed to do it for the local test. This is odd, because I remember setting up another ProFTPd server with this directive and never ran into this issue. Nevertheless, once I commented out the MasqueradeAddress directive it works locally. [root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,253,20). 150 Opening ASCII mode data connection for file list -rw-r--r-- 1 apache apache 36834 Mar 11 2010 Copying -rw-r--r-- 1 apache apache266 Jul 9 10:30 How to install Piwik.html -rw-r--r-- 1 root apache1189469 Dec 20 2010 Illustration.ai -rw-r--r-- 1 root apache 236524 Dec 20 2010 Illustration.jpg -rw-r--r-- 1 root apache 230915 Dec 20 2010 Illustration.pdf -rw-r--r-- 1 root apache1206524 Dec 20 2010 Illustration_path.ai -rw-r--r-- 1 root apache2176338 Dec 20 2010 Illustration_path.eps Which is nice! But when I try to connect remotely this is what occurs: Response: 230 User bluethundr logged in Command:OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 "/" is the current directory Command:TYPE I Response: 200 Type set to I Command:PASV Response: 227 Entering Passive Mode (192,168,1,48,251,255). Status: Server sent passive reply with unroutable address. Using server address instead. Command:MLSD Error: Connection timed out Error: Failed to retrieve directory listing So remotely it's still having difficulty listing the directory. Here's a snippet from the logs. I've included a longer section of the logs in case this sheds any light on the issue. :) Seriously thanks for your help here, it's greatly appreciated! Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): USER bluethundr: Login successful. Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_tls Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_tls Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'OPTS_UTF8 ON' to mod_lang Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'OPTS_UTF8 ON' to mod_log Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'OPTS UTF8 ON' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): in dir_check_full(): path = '/', fullpath = '/'. Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'PWD' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'TYPE I' to mod_xfer Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.
Re: [CentOS] can't list directories in ftp
> Sorry for all the questions today. But I am trying to wrap up this ftp > business and still having some issues. I appreciate your input. > > SELinux is temporarily disabled (until I can work this all out) and I am now > able to log into the FTP server. > This is what my proftpd config is looking like at the moment. > # Masqurade Address > MasqueradeAddress xx.xxx.xxx.xxx I'm betting that your MasqueradeAddress is the issue. This is great when you are behind a NATing firewall, but for localhost testing, it could be your issue. Try commenting out your MasqueradeAddress line and it should create the connection back through the IP address you connected from instead of forcing the one in your MasqueradeAddress. When you want to test the real setup, put it back in. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] can't list directories in ftp
Hey list, Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input. SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server. [root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (xx,xx,xx,xxx,255,44). ftp: connect: Invalid argument ftp> I still have DebugLevel set to 10 in the config and this is what I see in the proftpd logs: Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): USER bluethundr: Login successful. Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_tls Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'SYST' to mod_log Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_tls Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): in dir_check_full(): path = '/', fullpath = '/'. Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): Entering Passive Mode (71,187,203,194,255,44). Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'PASV' to mod_log Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): Client session idle timeout, disconnected Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS at mod_auth_pam.c:173 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS: ID switching disabled Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS at mod_auth_pam.c:207 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS: ID switching disabled Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): FTP session closed. This is what my proftpd config is looking like at the moment. I have the default root set to this directory: DefaultRoot /var/www/html/jokefire.com And I give access to this directory with this directive: AllowAll I plan to tighten up the security a little bit as I make some more progress. But my immediate goal is just to get this to work. :) Here is the entire config.. just in case it might help! Thanks once again! Tim # This is the ProFTPD configuration file # # See: http://www.proftpd.org/docs/directives/linked/by-name.html # Server Config - config used for anything outside a or context # See: http://www.proftpd.org/docs/howto/Vhost.html ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on # Cause every FTP user except adm to be chrooted into their home directory # Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to # work at session-end time (http://bugzilla.redhat.com/477120) VRootEngine on DefaultRoot /var/www/html/jokefire.com #DefaultRoot~ !adm VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf # Masqurade Address MasqueradeAddress xx.xxx.xxx.xxx # Passive Ports PassivePorts6 65535 # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # If you use NIS/YP/LDAP you may need to disable PersistentPasswd #PersistentPasswd off # Don't do reverse DNS lookups (hangs on DNS problems) UseReverseDNS off # Set the user and group that the server runs as Usernobody Group nobody # To prevent DoS at
Re: [CentOS] java permission denied
> Hey Barry, > > That's good to know. Thank you again! > > tim You're welcome. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
Hey Barry, That's good to know. Thank you again! tim - Original Message - From: "Barry Brimer" To: "CentOS mailing list" Sent: Saturday, August 13, 2011 12:05:08 PM Subject: Re: [CentOS] java permission denied On Sat, 13 Aug 2011, Tim Dunphy wrote: > actually i replied to the wrong thread. D'OH! But it seems that SELinux was > behind each problem.. > > setenforce 0 on that machine allowed it to work. Tho I readily admit that I > wish I was more familiar with SELinux. :) You can use audit2allow to create SELinux policy for whatever is not working. I'd hate for you to disable SELinux altogether because of a few issues. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
On Sat, 13 Aug 2011, Tim Dunphy wrote: > actually i replied to the wrong thread. D'OH! But it seems that SELinux was > behind each problem.. > > setenforce 0 on that machine allowed it to work. Tho I readily admit that I > wish I was more familiar with SELinux. :) You can use audit2allow to create SELinux policy for whatever is not working. I'd hate for you to disable SELinux altogether because of a few issues. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
actually i replied to the wrong thread. D'OH! But it seems that SELinux was behind each problem.. setenforce 0 on that machine allowed it to work. Tho I readily admit that I wish I was more familiar with SELinux. :) [root@VIRTCENT09:/usr/lib] #java -version java version "1.7.0" Java(TM) SE Runtime Environment (build 1.7.0-b147) Java HotSpot(TM) Client VM (build 21.0-b17, mixed mode) - Original Message - From: "Tim Dunphy" To: "CentOS mailing list" Sent: Saturday, August 13, 2011 11:52:12 AM Subject: Re: [CentOS] java permission denied Hi Barry, Apparently the problem was SELinux! I did a 'setenforce 0' and was able to login to ftp! [root@LCENT05:~] #getenforce Permissive [root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. Thanks!! tim - Original Message - From: "Barry Brimer" To: "CentOS mailing list" Sent: Saturday, August 13, 2011 11:04:13 AM Subject: Re: [CentOS] java permission denied > I just tried installing jdk 1.0.7 on my centos 5.6 box and I am getting > a permission denied error when I try to display the java version. What are your SELinux settings? Are there any messages in /var/log/audit/audit.log Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
Hi Barry, Apparently the problem was SELinux! I did a 'setenforce 0' and was able to login to ftp! [root@LCENT05:~] #getenforce Permissive [root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. Thanks!! tim - Original Message - From: "Barry Brimer" To: "CentOS mailing list" Sent: Saturday, August 13, 2011 11:04:13 AM Subject: Re: [CentOS] java permission denied > I just tried installing jdk 1.0.7 on my centos 5.6 box and I am getting > a permission denied error when I try to display the java version. What are your SELinux settings? Are there any messages in /var/log/audit/audit.log Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
> Hey guys, > > I just tried installing jdk 1.0.7 on my centos 5.6 box and I am getting a > permission denied error when I try to display the java version. > > > > [root@VIRTCENT09:/usr/lib] #ln -s /usr/lib/jdk1.7.0 /etc/alternatives/jdk > [root@VIRTCENT09:/usr/lib] #ln -s /usr/lib/jdk1.7.0/bin/java > /etc/alternatives/java > [root@VIRTCENT09:/usr/lib] #ln -s /etc/alternatives/java /usr/bin/java > [root@VIRTCENT09:/usr/lib] #java -version > Error: dl failure on line 875 > Error: failed /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so, because > /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so: cannot restore segment > prot after reloc: Permission denied > > > I tried opening up the permissions every step of the way along the path to > /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so but no luck so far. > > > I would certainly appreciate any advice you'd be willing to provide! It's running fine here with the Oracle rpms but I'm not using the alternatives stuff. I have export JAVA_HOME="/usr/java/default" and symlinks like so lrwxrwxrwx 1 root root 26 Aug 4 11:25 /usr/bin/java -> /usr/java/default/bin/java lrwxrwxrwx 1 root root 27 Aug 4 11:25 /usr/bin/javac -> /usr/java/default/bin/javac lrwxrwxrwx 1 root root 29 Aug 4 11:25 /usr/bin/javadoc -> /usr/java/default/bin/javadoc lrwxrwxrwx 1 root root 28 Aug 4 11:25 /usr/bin/javaws -> /usr/java/default/bin/javaws Regards, Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] java permission denied
> I just tried installing jdk 1.0.7 on my centos 5.6 box and I am getting > a permission denied error when I try to display the java version. What are your SELinux settings? Are there any messages in /var/log/audit/audit.log Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] proftpd can't login locally
> I am trying to setup very simple authentication for proftpd under centos > 5.6. But for some reason it isn't working and I was hoping to get some > advice into how to resolve the issue. What about SELinux? Is it enabled? If so, are there any messages in /var/log/audit/audit.log What do you see in /var/log/secure? Can this user log in through ssh/any other service? Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] java permission denied
Hey guys, I just tried installing jdk 1.0.7 on my centos 5.6 box and I am getting a permission denied error when I try to display the java version. [root@VIRTCENT09:/usr/lib] #ln -s /usr/lib/jdk1.7.0 /etc/alternatives/jdk [root@VIRTCENT09:/usr/lib] #ln -s /usr/lib/jdk1.7.0/bin/java /etc/alternatives/java [root@VIRTCENT09:/usr/lib] #ln -s /etc/alternatives/java /usr/bin/java [root@VIRTCENT09:/usr/lib] #java -version Error: dl failure on line 875 Error: failed /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so, because /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so: cannot restore segment prot after reloc: Permission denied I tried opening up the permissions every step of the way along the path to /usr/lib/jdk1.7.0/jre/lib/i386/client/libjvm.so but no luck so far. I would certainly appreciate any advice you'd be willing to provide! thanks!! tim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] proftpd can't login locally
Hello list!! I am trying to setup very simple authentication for proftpd under centos 5.6. But for some reason it isn't working and I was hoping to get some advice into how to resolve the issue. Machine info: [code] [root@VIRTCENT07:~] #cat /etc/redhat-release CentOS release 5.6 (Final) [root@VIRTCENT07:~] #uname -a Linux VIRTCENT07 2.6.18-238.el5xen #1 SMP Thu Jan 13 17:49:40 EST 2011 i686 i686 i386 GNU/Linux [/code] Proftpd version [code] ProFTPD Version 1.3.3e [/code] When I try to log into FTP authentication fails even tho the password is typed correctly [code] [root@VIRTCENT07:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 530 Login incorrect. Login failed. Remote system type is UNIX. Using binary mode to transfer files. [/code] I've enabled the ExtendedLogs option in the config and this is what I saw as a result [code] 127.0.0.1 UNKNOWN nobody [12/Aug/2011:11:45:00 -0400] "USER bluethundr" 331 - 127.0.0.1 UNKNOWN nobody [12/Aug/2011:11:45:04 -0400] "PASS (hidden)" 530 - 127.0.0.1 UNKNOWN nobody [12/Aug/2011:11:45:04 -0400] "SYST" 215 - [/code] The user account is stored in LDAP [code] [root@VIRTCENT07:~] #getent passwd | grep bluethundr bluethundr:*:1001:1002:That Guy:/home/bluethundr:/bin/bash [/code] The proftpd user runs the 'nobody' account [code] Usernobody Group nobody [/code] Which is also stored in LDAP [code] [root@VIRTCENT07:~] #getent passwd | grep nobody nobody:x:99:99:Nobody:/:/sbin/nologin [/code] The user that ProFTPd runs as is using a valid shell [code] [root@VIRTCENT07:~] #cat /etc/shells /bin/sh /bin/bash /sbin/nologin /bin/tcsh /bin/csh /bin/ksh [/code] And this is what my entire ProFTPd config file is looking like [code] # This is the ProFTPD configuration file # # See: http://www.proftpd.org/docs/directives/linked/by-name.html # Server Config - config used for anything outside a or context # See: http://www.proftpd.org/docs/howto/Vhost.html ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on # Cause every FTP user except adm to be chrooted into their home directory # Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to # work at session-end time (http://bugzilla.redhat.com/477120) VRootEngine on DefaultRoot ~ !adm VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # If you use NIS/YP/LDAP you may need to disable PersistentPasswd PersistentPasswdoff # Don't do reverse DNS lookups (hangs on DNS problems) UseReverseDNS off # Set the user and group that the server runs as Usernobody Group nobody # To prevent DoS attacks, set the maximum number of child processes # to 20. If you need to allow more than 20 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode; in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances20 # Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile off # Define the log formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth"%v [%P] %h %t \"%r\" %s" # Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details # # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql.c # # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables # (contrib/mod_sql_passwd.html) # LoadModule mod_sql_passwd.c # # Mysql support (requires proftpd-mysql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_mysql.c # # Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_postgres.c # # Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html) # LoadModule mod_quotatab.c # # File-specific "driver" for storing quota table information in files # (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html) # LoadModule mod_quotatab_file.c # # SQL database "driver" for storing quota table information in SQL tables # (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html) # LoadModule mod_quotatab_sql.c # # LDAP support (requires proftpd-ldap package) # (http://www.proftpd.org/docs/directives/linked/con
Re: [CentOS] drop manitu.net
On Thursday, August 11, 2011 11:28 PM, Les Mikesell wrote: >>> That conversation would make sense if there were any spam blockers that >>> cared about the collateral damage to unrelated hosts that happen to be >> >> So, in your experience, there aren't *any*, they all block an entire range? >> >> If so, why is that a valid method for blocking spam? > > I haven't done extensive research, but there's not really a good way to > do it at all, much less correctly. Man, this is getting to sound more and more like SPAM-L. Outblaze Ltd, before they sold their message business to IBM, did the right thing. Where net blocks are proven to be entirely spew engines, the whole net block gets blocked, persistent abusive ones get firewalled. Said net block would be released a year later for review in case it had been reassigned. Single mail servers with spammy domains and clean ones get 'whitelisted' in that the ip is not stuffed in the block rules but the domains are. > >>> in an IP range that they don't like. I don't think you'll find any. >>> And it has always been that way since the start of those businesses. >>> >> Yes, 15 years ago. I reiterate: it has been *completely* wrong for about >> 10 years. > > It was always wrong. That doesn't mean it won't happen. > Whether it is wrong depends on the black list maintainer imho. Some black lists are very clear in their criteria. Whole country. eg: China. Don't like that? Don't use it. That's what you want? Good for you. When a black list starts doing things inconsistently, then maybe you can label them wrong. Maybe the Centos mail admins might want to take another look into manitu.net... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] instlaling onto mdadm centos 6
On 8/13/2011 7:40 AM, B.J. McClure wrote: > On Sat, 2011-08-13 at 00:01 -0400, William Warren wrote: >> I am attempting to use mdraid for booting my machine but it never does. >> Does the centos 5 guide for linux software raid work for centos 6? > Dunno, but boot partition must be raid 1. Grub does not work with 5, > 10. etc. > > Cheers, > B.J. > > > CentOS Linux release 6.0 (Final) > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos found out grub will not boot directly off the /boot md device..but i can make grub put itself on the mbr's of both disks..:) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] instlaling onto mdadm centos 6
On Sat, 2011-08-13 at 00:01 -0400, William Warren wrote: > I am attempting to use mdraid for booting my machine but it never does. > Does the centos 5 guide for linux software raid work for centos 6? Dunno, but boot partition must be raid 1. Grub does not work with 5, 10. etc. Cheers, B.J. CentOS Linux release 6.0 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
