Re: user can exec the xset, in his crontab, its 100% failure
On Saturday 21 March 2015 05:18:18 Reco wrote: Hi. On Sat, 21 Mar 2015 05:02:53 -0400 Gene Heskett ghesk...@wdtv.com wrote: Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. Since cron should strip out every environment variable from whatever its told to run - that's to be expected. So I cannot script this reminder. You can. All you need to do is to define the needed DISPLAY and XAUTHORITY in the script itself. I.e. #!/bin/sh export DISPLAY=:0.0 It will not install, claiming bad minute export XAUTHORITY=your XAuthority goes here xset +foo -bar Reco This what I have, but it will not install #!/bin/sh export DISPLAY=:0:0 export XAUTHORITY=/home/gene/.Xauthority # m h dom mon dow command */5 * * * * /home/gene/bin/makesig 30 0 * * * /home/gene/bin/sa-train-bayes 01 * * * * xset -display 0:0 +dpms 02 * * * * xset -display 0:0 dpms 300 0 600 error msg on quitting nano: crontab: installing new crontab /tmp/crontab.O2BPk0/crontab:1: bad minute errors in crontab file, can't install. Its probably obvious, but I can't see why it fails. Thank you Reco Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503210558.44814.ghesk...@wdtv.com
Re: customize ligthdm manager
On Fri, 20 Mar 2015 19:59:57 + (UTC) Liam O'Toole liam.p.oto...@gmail.com wrote: On 2015-03-20, Abdelkader Belahcene abelahc...@gmail.com wrote: --089e012277468313560511b679c4 Content-Type: text/plain; charset=UTF-8 Hi everybody, I want to enter from a local machine using lightdm manager, to a remote server using XDMCP. I do it with a thin client, I mean on a thin client I have the list of all servers running XDMCP. I want to do the same, from an old PC that I want to use as a simple terminal. What software is running on the thin client? unfortunatly, in the login window I have only local accounts on my local machine, is it possible to customize the login window of lightdm to allow access to a remote server running XDMCP? thanks for help best regards I'm not aware of a way of doing that with lightdm. The old gdm2 used to have that feature, but that's long gone. You can still access an XDMCP server directly by running 'X -query server' in a VT. Just to add to that, you can also do it in a window with Xnest. I know there is also something similar called Xephyr, but I'm not really sure what's different about it. Petter -- I'm ionized Are you sure? I'm positive. pgp0pz1sGsRNc.pgp Description: OpenPGP digital signature
Re: customize ligthdm manager
On 2015-03-21T18:55:50+1100, Petter Adsen pet...@synth.no said: PA Just to add to that, you can also do it in a window with Xnest. I PA know there is also something similar called Xephyr, but I'm not PA really sure what's different about it. Unlike Xnest it supports modern X extensions ( even if host server doesn't ) such as Composite, Damage, randr etc (no GLX support now) http://www.freedesktop.org/wiki/Software/Xephyr/ Alexis. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tki218l@gmail.com
user can exec the xset, in his crontab, its 100% failure
Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. So I cannot script this reminder. And X forgets all this stuff long before uptime has reached 2 weeks. So I figured an hourly reminder in my crontab should to the trick. Is there any way around this PIMA? Thanks. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503210502.53646.ghesk...@wdtv.com
Re: user can exec the xset, in his crontab, its 100% failure
On Sat, 21 Mar 2015 05:58:44 -0400 Gene Heskett ghesk...@wdtv.com wrote: On Saturday 21 March 2015 05:18:18 Reco wrote: Hi. On Sat, 21 Mar 2015 05:02:53 -0400 Gene Heskett ghesk...@wdtv.com wrote: Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. Since cron should strip out every environment variable from whatever its told to run - that's to be expected. So I cannot script this reminder. You can. All you need to do is to define the needed DISPLAY and XAUTHORITY in the script itself. I.e. #!/bin/sh export DISPLAY=:0.0 It will not install, claiming bad minute export XAUTHORITY=your XAuthority goes here xset +foo -bar Reco This what I have, but it will not install #!/bin/sh export DISPLAY=:0:0 export XAUTHORITY=/home/gene/.Xauthority # m h dom mon dow command */5 * * * * /home/gene/bin/makesig 30 0 * * * /home/gene/bin/sa-train-bayes 01 * * * * xset -display 0:0 +dpms 02 * * * * xset -display 0:0 dpms 300 0 600 error msg on quitting nano: crontab: installing new crontab /tmp/crontab.O2BPk0/crontab:1: bad minute errors in crontab file, can't install. Its probably obvious, but I can't see why it fails. Either set the variables like DISPLAY=:0.0 or, better yet, write the line as: 01 * * * * /home/gene/bin/name-of-script and set the variables in the script itself. Petter -- I'm ionized Are you sure? I'm positive. pgpOLOt8fOqoV.pgp Description: OpenPGP digital signature
Re: Lenmus
Op 20-03-15 om 19:02 schreef Patrick Ruytings: Dag, Ik probeer Lenmus te installeren: http://www.lenmus.org/mws/noticias Ik probeer dat te doen via de richtlijnen: ** To instal LenMus repository, open a terminal and enter: sudo add-apt-repository ppa:lenmus-phonascus/ppa sudo apt-get update Now you're ready to install LenMus, either using the Ubuntu Software Center or by entering: sudo apt-get install lenmus That's all. LenMus will be installed and you will receive updates automatically. Once installed, you can run LenMus from main menu: Menu Education LenMus ** Maar als ik 'sudo apt-get update' uitvoer, krijg ik op het einde als foutmelding: W: Ophalen van http://ppa.launchpad.net/lenmus-phonascus/ppa/ubuntu/dists/trusty/main/source/Sources is mislukt 404 Not Found W: Ophalen van http://ppa.launchpad.net/lenmus-phonascus/ppa/ubuntu/dists/trusty/main/binary-amd64/Packages is mislukt 404 Not Found W: Ophalen van http://ppa.launchpad.net/lenmus-phonascus/ppa/ubuntu/dists/trusty/main/binary-i386/Packages is mislukt 404 Not Found E: Sommige indexbestanden konden niet worden opgehaald. Deze zijn genegeerd, of oude versies zijn gebruikt. Daardoor kan ik het programma niet installeren. De repositories bestaan niet, of zijn tijdelijk uit de lucht. Het zit ook niet standaard in de repositories. Ik wil dit programma onder Linux installeren omdat de Windowsversie herhaaldelijk crasht. Misschien is het software die nog niet erg stabiel is? Kan iemand mij helpen? Bedenk dat een programma installeren uit een PPA of iets dergelijks gevaarlijk is. Het kan je systeem volledig vernielen. Bedenk dat een Ubuntu PPA lang niet altijd bruikbaar is in Debian. Vraag misschien hulp bij de mensen achter het programma. Of kijk misschien eens op de alternativesto site: http://alternativeto.net/software/lenmus/?platform=linux Groet, Paul. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl -- To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550d9495.5070...@vandervlis.nl
Re: Ejecutar aplicaciones como root sin ingresar la pass
El sábado, 21 mar 2015, a las 17:51 UTC+1 horas, matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Gracias de antemano Mati Creo que para cosas como esa está sudo. Teamviewer no tengo ni idea de qué es, pero ¿Thunderbird como root? Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321175820.16868...@gmail.com
apt-cacher-ng and apt-get changelog result in http 500 error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi at all, I can't use `apt-get changelog` while have `apt-cacher-ng` running, which is really annoying. I.e.: ``` apt-get changelog screen Err Changelog for screen (http://packages.debian.org/changelogs/pool/main/s/screen/screen_4.1.0~2 0120320gitdb59704-7/changelog) 500 Bad redirection (invalid URL) Err Changelog for screen (http://ftp.de.debian.org/debian/pool/main/s/screen/screen_4.1.0~2012032 0gitdb59704-7.changelog) 404 Not Found E: changelog download failed ``` I have taken a look at other apt caching tools (for local networks), but the most pleasing feature of apt-cacher-ng is, that I don't have to do a full mirror, which will be atm not possible or configure specify mirror-/archive-urls in a config file. I often work mobil on my notebook and I need more then one architecture in my cache. So I'm look ether for a workaround or recommendation for an other tool, which does the same as apt-cacher-ng, which I have my be overlooke d. Thanks for replys and hints! Best regards, Bernd - -- Bernd Naumann be...@kr217.de PGP: 0xA150A04F via pool.sks-keyservers.net XMPP: b...@weimarnetz.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVDajnAAoJEEYW3OihUKBPFe4QAI3EwNoObt7As8cEVididnfP jDhHa5UEaTBODnVWSbJ6P6BCEBEs1qPVZszYbkPwZcYF5VnAc0kFazlDGu+LilTc nE5lBe6dFOH/ZeJ4fD/Un6Bgqwe0VO/QtkZ3JE5BZFxPHJ1tujHI2xQtk8aHHrsL RV/CL94WyEFvPC7FbcSeM9hB9ozfRUuo6bslV0Wlt76lDqBDJWrG2JCGCYrtuRQl iGOhtwqI2QT0X2M4cBOY1HWBCW7Ul3smOcy8kl8zp+OhDXCLEP/XnlTKwcDCN5mX ZwRnlOsvrx4EyDer6sASuZNi2IVsW7vZsWLeIZhpa09J+m5/J86Ye72DUT6w2Q0A AOy2LN3skLNvF6Jj3Cx6UNSrKHUuRpyaB0b7vYihpRQ+Mz5p8ZjeaFOuiHU4KkiM ZHILwQ9QWKJ+xckUa7TKlIDPwrx3fPOqivMR5AAy46p8q9wrC6AHN4OPhqP4kxx+ eKc62VbUppXu+6acQx88K5Nkgd2CPuJw24e3kHooYfVKrhayxHAuxGaUDrsAenoy wXjCL04ybj7jlGD9p0zCfvoEArfNx204P/NwIiNVTB7dyze6mtFO5hE6JZDE2YuJ XAHiEm7OIvCU/3lnJM68eYbWlWUtfKUhVPLTbLjf6fgZIGUuepaREr1UHS4bfjTj 0OG/pG76/kzYiIWX5/cJ =m0Xf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550da8e8.90...@kr217.de
Ejecutar aplicaciones como root sin ingresar la pass
Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Gracias de antemano Mati -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550da184.50...@gmail.com
Re: Ejecutar aplicaciones como root sin ingresar la pass
El sábado, 21 mar 2015, a las 18:04 UTC+1 horas, matlnx1...@gmail.com escribió: Claro, si no entro como root con SU en la terminal, no me aparece siquiera el comando thunderbird para ejecutar. Pues no lo veo tan claro, no debe ser necesario. ¿Puedes ver el valor de la variable PATH (sin entrar como root) y comprobar que es razonable? -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321180850.13334...@gmail.com
Re: X11/Thinkpad T430: partially drops input from USB devices after resume
On Sat, 21 Mar 2015, stefan.schwar...@gmx.net wrote: I am using my laptop (lenovo T430, debian testing) regularly in a docking station. The dock has a USB keyboard, USB mouse and monitor permanently attached. The laptops suspends from time to time, and _after_ resuming X11 or some other system component the input from USB mouse and keyboard to be dropped/ignored partially. Symptoms are that the cursor does not move with the mouse, however it will start moving again if I click any of the mouse buttons; or that the keyboard input is ignored until I hit some arbitrary keys very rapidly. The USB amnesia starts again if I leave the input device untouched for some seconds. The issue will not occur for newly connected devices or if I reconnect mouse/keyboard. The dock is not the issue as I can reproduce the phenomenon with a USB mouse directly connected to the laptop. I have no clue what could be going on... Probably a USB autosuspend issue. Do you have laptop-mode-tools installed? If yes, can you get rid of it and re-test? -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321074954.gh18...@anguilla.noreply.org
Re: user can exec the xset, in his crontab, its 100% failure
Hi. On Sat, 21 Mar 2015 05:02:53 -0400 Gene Heskett ghesk...@wdtv.com wrote: Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. Since cron should strip out every environment variable from whatever its told to run - that's to be expected. So I cannot script this reminder. You can. All you need to do is to define the needed DISPLAY and XAUTHORITY in the script itself. I.e. #!/bin/sh export DISPLAY=:0.0 export XAUTORITY=your XAuthority goes here xset +foo -bar Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321121818.b414a8ed678b4ae0bba5d...@gmail.com
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Fri, 20 Mar 2015 19:50:48 +0100, José Miguel (sio2) escribió: El Fri, 20 de Mar de 2015, a las 06:29:02PM +, Camaleón dijo: Los puentes los gestiona un módulo del kernel que obviamente debe estar cargado para que funcionen pero la gestión/configuración de los puentes se lleva a cabo a través de herramientas de usuario y bien pueden ser las dos que citas, bridge-utils e iproute2. ¿Ventajas de bridge-utils? Pues que está todo premontado, comandos, archivos de configuración, etc... es decir, no hay que hacer casi nada a mano. Al fin y al cabo, si miramos el contenido del paquete¹ vemos que contiene una serie de scripts (if-post, if-pre...) y un binario, poco más. ¿Puedes tirar de iproute2 desde /etc/network/interfaces? No directamente sino a través de los scripts. Sí, Camaleón, todo esto lo sé. Pero resulta que sin instalar vlan, ifupdown es capaz de gestionar interfaces vlan (y si se mira en if-pre-up.d, etc no hay ningún script para tal). Tampoco tienes tú que declarar los script de activación y desactivación de la interfaz. Esto: (...) Así que mi pregunta es si con las interfaces bridge se ha hecho algo parecido o hay que seguir instalando forzosamente bridge-utils. Pues nada mejor que probarlo y nos cuentas si funciona :-) Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.21.15.05...@gmail.com
Re: samba casero en solo lectura
El Fri, 20 Mar 2015 18:01:49 -0300, Gonzalo Rivero escribió: El mié, 18-03-2015 a las 16:19 +, Camaleón escribió: (...) De los registros y archivo de configuración que has enviado se deduce que los recursos compartidos (directorio /multimedia e impresora) están configurados para clientes invitados sin autentificar (guest) pero me ha parecido ver desde smbclient iniciabas sesión con el usuario sfish que no sé si tendrá los permisos adecuados de acceso. es que puse en nautilus smb://localhost, pero si pongo smb://sfish@localost/ es lo mismo: solo lectura Claro, porque el cliente guest es que está configurado para acceder a los recursos, los usuarios del sistema (como sfish) no tienen permisos de acceso definidos en el archivo de configuración de samba. Intenta identificarte en smblclient como guest para ver qué te dice, o en su defecto, configurar/mapear los usuarios windows como usuarios samba/ del sistema y configurando expresamente los permisos de acceso a los recursos para esos usuarios. Supongo que esta versión de samba se pusieron mas estrictos (y deb -changes no me dijo nada al respecto) y ahora debo agregar cosas como write users, valid users y tal No sé, me parece un cambio demasiado radical que además va contra el sentido común ya que existe mayor exposición dando permisos de escritura a los recursos ¿no crees? Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.21.15.14...@gmail.com
Re: ifupdown en jessie, iproute2 e interfaces bridge
Así que mi pregunta es si con las interfaces bridge se ha hecho algo parecido o hay que seguir instalando forzosamente bridge-utils. Pues nada mejor que probarlo y nos cuentas si funciona :-) Ya: el problema es que si la hay, no sé cuál es. Después de mirar mucho me inclino a pensar que no, porque con iproute2 no se puede hacer cosas como habilitar el stp para el puente (o al menos así lo he entendido yo). Tampoco he leído en ningún sitio que brtcl esté obsoleto o se desaconseje. Una cosa que me pasa con debian es que a veces no sé si estoy leyendo información desactualizada o no. Me refiero a documentación del propio sitio de debian. Aquí, por ejemplo: https://wiki.debian.org/es/NetworkConfiguration Hablan del vlan-raw-device para configurar las VLAN. Es cierto que citan etch y lenny, pero es que no se habla de las más modernas. Yo me enteré de que se podía hacer sin vconfig porque me topé con un mensaje en la lista de bugs de debian. No es problema de la traducción porque la versión inglesa dice lo mismo. En cuestión de documentación, distribuciones como archlinux están inifinitamente mejor. Un saludo. -- Como todo al fin se sabe yo he sabido la verdad. --- Muñoz Seca --- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321164515.ga3...@cubo.casa
Re: ifupdown en jessie, iproute2 e interfaces bridge
El sábado, 21 mar 2015, a las 17:45 UTC+1 horas, José Miguel (sio2) escribió: [...] Una cosa que me pasa con debian es que a veces no sé si estoy leyendo información desactualizada o no. Me refiero a documentación del propio sitio de debian. Aquí, por ejemplo: https://wiki.debian.org/es/NetworkConfiguration No hay más que mirar el pie de página para ver cuándo fue actualizado por última vez. Claro que eso no te dice hasta que punto ha sido actualizado; si se trata de una verdadera puesta al día o de una mera corrección tipográfica. Sería de utilidad que proporcionase un historial de cambios. [...] En cuestión de documentación, distribuciones como archlinux están inifinitamente mejor. Estoy de acuerdo, por desgracia. Un saludo. Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321175440.0119a...@gmail.com
Re: Ejecutar aplicaciones como root sin ingresar la pass
Claro, si no entro como root con SU en la terminal, no me aparece siquiera el comando thunderbird para ejecutar. Respecto de Teamviewer es como un VNC para acceso remoto de PCs. Saludos El 21/03/15 a las 13:58, Manolo Díaz escibió: El sábado, 21 mar 2015, a las 17:51 UTC+1 horas, matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Gracias de antemano Mati Creo que para cosas como esa está sudo. Teamviewer no tengo ni idea de qué es, pero ¿Thunderbird como root? Saludos. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550da4b2.2030...@gmail.com
Re: Ejecutar aplicaciones como root sin ingresar la pass
Hola El 21 de marzo de 2015, 12:21, matlnx1...@gmail.com matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Espero que estés consciente de los riesgos que estás corriendo. http://www.linuxito.com/seguridad/464-como-permitir-que-un-usuario-pueda-ejecutar-como-root-solo-un-comando-especifico-utilizando-sudo Saludos. Gracias de antemano Mati -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550da184.50...@gmail.com -- Juan Lavieri Errar es de humanos, pero es mas humano culpar a los demás.
Re: Ejecutar aplicaciones como root sin ingresar la pass
Aqui tienes otra apción: El 21 de marzo de 2015, 12:42, Juan Lavieri jlavi...@gmail.com escribió: Hola El 21 de marzo de 2015, 12:21, matlnx1...@gmail.com matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. Actualmente para abrirlas lo que hago es abrir una terminal, ejecutar SU, y una vez como root (previo a ingresar la pass), ejecutar la aplicación. Se que no parece mucho pero es muy tedioso tener que hacerlo, con lo cual necesitaria darle a mi usuario pepe permisos para ejecutar esas aplicaciones sin tener la pass de root. Espero que estés consciente de los riesgos que estás corriendo. http://www.linuxito.com/seguridad/464-como-permitir-que-un-usuario-pueda-ejecutar-como-root-solo-un-comando-especifico-utilizando-sudo http://systemadmin.es/2008/12/como-ejecutar-comandos-como-root-sin-password# Saludos. Gracias de antemano Mati -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550da184.50...@gmail.com -- Juan Lavieri Errar es de humanos, pero es mas humano culpar a los demás. -- Juan Lavieri Errar es de humanos, pero es mas humano culpar a los demás.
Re: Ejecutar aplicaciones como root sin ingresar la pass
El Sat, 21 Mar 2015 13:51:16 -0300, matlnx1...@gmail.com escribió: Buenas tardes: Tal vez alguien pueda tirarme alguna ayuda de por donde buscar, ya que no encuentro la forma de hacerlo aun. Estoy necesitando generar un acceso directo en Debian 7, para varias aplicaciones (por ejemplo teamviewer, thunderbird) etc. (...) Aunque los pasos exactos dependerán del escritorio que tengas instalado, botón derecho sobre el escritorio → crear lanzador. Busca el binario de la aplicación (p. ej., /usr/bin/thunderbird), selecciona un icono chulo y a correr. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.21.17.32...@gmail.com
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Sat, 21 Mar 2015 17:45:15 +0100, José Miguel (sio2) escribió: Así que mi pregunta es si con las interfaces bridge se ha hecho algo parecido o hay que seguir instalando forzosamente bridge-utils. Pues nada mejor que probarlo y nos cuentas si funciona :-) Ya: el problema es que si la hay, no sé cuál es. Después de mirar mucho me inclino a pensar que no, porque con iproute2 no se puede hacer cosas como habilitar el stp para el puente (o al menos así lo he entendido yo). Tampoco he leído en ningún sitio que brtcl esté obsoleto o se desaconseje. Como te he dicho antes, creo que no es posible por la simple lógica de el archivo /etc/network/interfaces trabaja con interfaces de red que existen en el sistema y que se han generado por los drivers/módulos del kernel y para crear un puente (br0) tienes que o bien usar el paquete de utilidades (bridge-utils) o a través de iproute2 (o el antiguo route), y no hay más... bueno, quizá con systemd que parece que ya hace de todo y te hace hasta una tortilla de queso si se lo pides :-) Una cosa que me pasa con debian es que a veces no sé si estoy leyendo información desactualizada o no. Me refiero a documentación del propio sitio de debian. Aquí, por ejemplo: https://wiki.debian.org/es/NetworkConfiguration Eso es la Wiki (generada por usuarios), la documentación oficial está en otra parte: Chapter 5. Network setup https://www.debian.org/doc/manuals/debian-reference/ch05.en.html Pero eso pasa en linux en general, por desgracia la documentación es un problema endémico. Hablan del vlan-raw-device para configurar las VLAN. Es cierto que citan etch y lenny, pero es que no se habla de las más modernas. Yo me enteré de que se podía hacer sin vconfig porque me topé con un mensaje en la lista de bugs de debian. No es problema de la traducción porque la versión inglesa dice lo mismo. En cuestión de documentación, distribuciones como archlinux están inifinitamente mejor. Yo no diría tanto, aunque cierto es que tiene artículos más actualizados y con ejemplos y casos prácticos que suelen venir muy bien para el día a día. Aún así, la documentación oficial de Debian es realmente buena y completa. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.21.17.28...@gmail.com
how to force a hold on a missing package during an apt-get upgrade
dear debian users, I really need to have a program compiled from source (that is, a src dir, not a debian source package) Let's say, the mysql server source distribution I can remove the mysql-* deb packages with dpkg --purge --force-depends (I know this causes dangling lib*.so dependencies, but they will be fixed after the mysql src compilation) but a later apt-get --ignore-missing insists on fetching what mysql-* was dpkg-purged I have tried a semi-fix of getting a --get-selections, adding the purged packages as hold and doing a --set-selections, but it has side effects (all mysql dependent packages get uninstalled in the apt-get upgrade) So, is there a way to for apt-get upgrade to keep ignoring broken dependencies caused by dpkg --force-depends --purge? thanks for any answer -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550d9e14.6060...@otenet.gr
Re: Créer boot Grub avec super grub disk sur clé usb
Bonjour, Personne n'a de réponse..? Je la résume alors : L'objectif est de créer un grub bootable sur un portable neuf qui n'a pas de lecteur DVD. Je créé une clé USB bootable avec super grub disk via unetbootin. Le portable boote bien sur la clé USB, le menu Super Grub Disk apparaît avec une rubrique = Default, et impossible d'aller plus loin : blocage. J'ai refait la clé avec d'autres, changé de PC, pareil. Il y a un blême avec le fichier image.iso de super grub disk, ou avec unetbootin... Merci... André On Friday 20 March 2015 19:09:59 andre_deb...@numericable.fr wrote: Sur un portable neuf (sans CD/DVD), j'ai créé une nouvelle partition avec Wheezy, via Toutou-Linux sur clé USB. Ensuite, je dois placer un boot Grub pour pouvoir accéder à Wheezy. J'utilise une clé USB contenant l'image .iso de Super Grub Disk, que je créé avec unetbootin. Lorsque je boote le portable avec la clé USB bootable Grub Disk, apparait un compteur m'invitant à attendre 10 secondes, ou à cliquer sur une ligne contenant Default. Mais aucun boot possible, et le compteur se remet sans cesse à 10 secondes... J'ai refait la clé USB Grub bootable, rien n'y fait. Je l'ai testée sur d'autres PC portables, de bureau, pareil, aucun boot possible. Comment créer une clé USB bootable avec Super Grub Disk ? Ou comment trouver un autre moyen pour installer le boot Grub ? -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201503211240.31268.andre_deb...@numericable.fr
Re: user can exec the xset, in his crontab, its 100% failure
On 2015-03-21, Gene Heskett ghesk...@wdtv.com wrote: Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. So I cannot script this reminder. And X forgets all this stuff long before uptime has reached 2 weeks. So I figured an hourly reminder in my crontab should to the trick. Is there any way around this PIMA? Thanks. Cheers, Gene Heskett There are various options related to DPMS in the Xorg xonfiguration. See the man page for xorg.conf. (Whether the driver you're using respects those options is another matter, but it's worth a try.) -- Liam -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnmgqj5b.tmb.liam.p.otoole@dipsy.tubbynet
Re: Re: customize ligthdm manager
thanks for reply, that what I did, it is ok for local machine, But i can't see any of remote servers running xdmcp thanks again
Re: customize ligthdm manager
On Sat, 21 Mar 2015 12:11:39 +0100 Abdelkader Belahcene abelahc...@gmail.com wrote: hi, * know Xephyr does the connection, but in that case you suppose you are already logged in the client machine.* *What I want is just to have in login window the menu, where I can find remote machine aside the local login.* *I used it in the past, in very old login, with kdm or gdm , I want to it with recent DM;* *thanks a lot* I think you may need to use xdm, or maybe just start an X server with -query. You can find some info and further links for reading here: https://wiki.archlinux.org/index.php/Xdmcp Petter -- I'm ionized Are you sure? I'm positive. pgpR82Czv8qr7.pgp Description: OpenPGP digital signature
Re: user can exec the xset, in his crontab, its 100% failure
On Saturday 21 March 2015 06:07:41 Petter Adsen wrote: On Sat, 21 Mar 2015 05:58:44 -0400 Gene Heskett ghesk...@wdtv.com wrote: On Saturday 21 March 2015 05:18:18 Reco wrote: Hi. On Sat, 21 Mar 2015 05:02:53 -0400 Gene Heskett ghesk...@wdtv.com wrote: Greetings; Running a wheezy based linux here. While I as a user can use xset to remind the system of the monitors dpms controls, an identical entry in my crontab results in an email that it could not open my 0:0 display. Since cron should strip out every environment variable from whatever its told to run - that's to be expected. So I cannot script this reminder. You can. All you need to do is to define the needed DISPLAY and XAUTHORITY in the script itself. I.e. #!/bin/sh export DISPLAY=:0.0 It will not install, claiming bad minute export XAUTHORITY=your XAuthority goes here xset +foo -bar Reco This what I have, but it will not install #!/bin/sh export DISPLAY=:0:0 export XAUTHORITY=/home/gene/.Xauthority # m h dom mon dow command */5 * * * * /home/gene/bin/makesig 30 0 * * * /home/gene/bin/sa-train-bayes 01 * * * * xset -display 0:0 +dpms 02 * * * * xset -display 0:0 dpms 300 0 600 error msg on quitting nano: crontab: installing new crontab /tmp/crontab.O2BPk0/crontab:1: bad minute errors in crontab file, can't install. Its probably obvious, but I can't see why it fails. Either set the variables like DISPLAY=:0.0 or, better yet, write the line as: 01 * * * * /home/gene/bin/name-of-script and set the variables in the script itself. Petter And that latter seems to have worked. Thank you Petter. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503210734.03293.ghesk...@wdtv.com
Re: Re: Re: customize ligthdm manager
hi, * know Xephyr does the connection, but in that case you suppose you are already logged in the client machine.* *What I want is just to have in login window the menu, where I can find remote machine aside the local login.* *I used it in the past, in very old login, with kdm or gdm , I want to it with recent DM;* *thanks a lot*
Re: Versión minima de Debian
2015-03-19 19:09 GMT-04:30, Carlos Zuniga carlos@gmail.com: On Thu, Mar 19, 2015 at 10:02 AM, Camaleón noela...@gmail.com wrote: El Thu, 19 Mar 2015 11:41:43 -0300, mramirez escribió: Hola! Ve si te sirve: http://www.damnsmalllinux.org/index_es.html No, no me vale. ¿Desde cuando Damn Small Linux es Debian? ;-) No es propiamente Debian, pero esta basado en Knoppix que a su vez esta basado en Debian ;) http://www.debian.org/misc/children-distros#damnsmall -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caabycjmfhkafhaate4tbzyo_4orb2n7yfhmzevhtgy+v5d...@mail.gmail.com Un buen titmpo sin escribir en esta lista, aunque siempre la estoy leyendo. Compañero Eduardo Gil, como dicen los compañeros listeros es más una práctica/aprendizaje de instalación mínima (sistema base + utilidades estándar del sistema + servidor de ventanas X + ambiente gráfico + aplicaciones seleccionadas). Pero depende mucho de la capacidad en términos de hardware presentes en esas máquinas algo viejas, como les dices, y del tiempo disponible para hacerlo con calma y no enredarse en el proceso. Sin embargo, busca distribuciones basadas en Debian, con gestores de ventanas instalados por defecto como ambiente gráfico, tipo AntiX, que corre bien con 256-512 MB de RAM y unos 3 GB de disco duro. Yo estoy/estaba terminando una guía para instalar Debian 7 con IceWM, hasta que me cercioré que AntiX ya viene con todo lo que me proponía a hacer, y hasta mejor configurado, pulido, y completo. Posee un conjunto de diferentes opciones de entornos gráficos ligeros (incluso más ligeros que LXDE) para usar al vuelo. Frederit Mogollon Saludos -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cabzkbch9d2argt6onv8kgzrnwdrja_0qsyu7zzlw+cvnm5y...@mail.gmail.com
Re: Créer boot Grub avec super grub disk sur clé usb
On 03/20/2015 07:20 PM, andre_deb...@numericable.fr wrote: Sur un portable neuf (sans CD/DVD), j'ai créé une nouvelle partition avec Wheezy, via Toutou-Linux sur clé USB. Si wheezy est installé, grub est déjà installé, sinon boot sur Toutou-Linux, cherche le gestionnaire de paquets, installe le paquet grub (grub-efi le cas échéant) et lance le, il trouvera tout seul la partition wheezy. Si toutou-linux est basé sur debian (j'ai regardé 5 min le site, pas vu grand-chose!), en root: ~ # aptitude install grub ~ # grub-install /dev/sda (en général) Si wheezy n'est pas installé, installe-le à partir de ta clef préalablement préparée (pareil, tu boot sur toutou linux puis dans un terminal: ) ~ # dd if=/chemin/vers/debian.iso of=/dev/sdb bs=1M // (si clef = /dev/sdb, bs optionnel) Si tu n'as qu'une clef avec toutou-linux, comme il se vante d'être uniquement en mémoire, ben pas de problème pour l'écraser. Par la suite tu peux toujours te resservir de ta clef debian en cas de problème de boot (ou autre). Salut, -- mireero -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/550d5957$0$3032$426a7...@news.free.fr
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Sat, 21 de Mar de 2015, a las 05:28:28PM +, Camaleón dijo: Como te he dicho antes, creo que no es posible por la simple lógica de el archivo /etc/network/interfaces trabaja con interfaces de red que existen en el sistema y que se han generado por los drivers/módulos del kernel y para crear un puente (br0) tienes que o bien usar el paquete de utilidades (bridge-utils) o a través de iproute2 (o el antiguo route), y no hay más Ya. y para crear una vlan tienes que usar vconfig o iproute2 y, sin embargo, ifupdown se las avía (a través de iproute2) desde hace un tiempo para crearlas. En este caso, no creo que esa lógica funcione. https://wiki.debian.org/es/NetworkConfiguration Eso es la Wiki (generada por usuarios), Bueno, la documentación de archlinux (que he citado como distribución que en este aspecto es envidiable) también es una wiki. la documentación oficial está en otra parte: Chapter 5. Network setup https://www.debian.org/doc/manuals/debian-reference/ch05.en.html También la vi, pero es que en esa documentación jamás aparece la palabra bridge (o vlan), así que de poco sirve para el caso que nos ocupa. Pero eso pasa en linux en general, por desgracia la documentación es un problema endémico. Sí, pero desgraciadamente pasa más con debian que con otras distribuciones. En cuestión de documentación, distribuciones como archlinux están inifinitamente mejor. Yo no diría tanto, aunque cierto es que tiene artículos más actualizados y con ejemplos y casos prácticos que suelen venir muy bien para el día a día. Aún así, la documentación oficial de Debian es realmente buena y completa. Pues no sé cómo será, pero un gran porcentaje de las veces que busco información sobre algo, acabo en la wiki de archlinux leyendo un artículo completo y práctico. Desgraciadamente en este caso, la información es sobre una herramienta de debian y sólo puedo recurrir a debian (o a alguna de sus derivadas). Saludos, Un saludo. -- Sabed que menda es don Mendo. --- Muñoz Seca --- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321193128.ga10...@cubo.casa
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Sat, 21 Mar 2015 20:31:28 +0100, José Miguel (sio2) escribió: El Sat, 21 de Mar de 2015, a las 05:28:28PM +, Camaleón dijo: Como te he dicho antes, creo que no es posible por la simple lógica de el archivo /etc/network/interfaces trabaja con interfaces de red que existen en el sistema y que se han generado por los drivers/módulos del kernel y para crear un puente (br0) tienes que o bien usar el paquete de utilidades (bridge-utils) o a través de iproute2 (o el antiguo route), y no hay más Ya. y para crear una vlan tienes que usar vconfig o iproute2 y, sin embargo, ifupdown se las avía (a través de iproute2) desde hace un tiempo para crearlas. En este caso, no creo que esa lógica funcione. Tú lo has dicho: a través de iproute2 ;-) https://wiki.debian.org/es/NetworkConfiguration Eso es la Wiki (generada por usuarios), Bueno, la documentación de archlinux (que he citado como distribución que en este aspecto es envidiable) también es una wiki. No te olvides de que ArchLinux tiene menos trabajo que hacer ya que sólo tiene soporte para dos arquitecturas (x86 y amd64) así que tendrán más tiempo para mejorar otras cosas como la documentación o la wiki. la documentación oficial está en otra parte: Chapter 5. Network setup https://www.debian.org/doc/manuals/debian-reference/ch05.en.html También la vi, pero es que en esa documentación jamás aparece la palabra bridge (o vlan), así que de poco sirve para el caso que nos ocupa. Que sea la documentación oficial no implica que contemple toda la casuística ni todas las opciones o configuraciones (y por cierto, sí aparece bridging) para eso tienes la documentación oficial del kernel que tampoco es que esté al día (2009) pero tiene más chicha: https://www.kernel.org/doc/Documentation/networking/ http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge Pero eso pasa en linux en general, por desgracia la documentación es un problema endémico. Sí, pero desgraciadamente pasa más con debian que con otras distribuciones. No, eso no es cierto o por lo menos yo no lo veo así. Para todo lo que toca Debian (me refiero a todas las arquitecturas que admite que no son moco de pavo) lo que no sé es cómo tiene tan buena documentación. En cuestión de documentación, distribuciones como archlinux están inifinitamente mejor. Yo no diría tanto, aunque cierto es que tiene artículos más actualizados y con ejemplos y casos prácticos que suelen venir muy bien para el día a día. Aún así, la documentación oficial de Debian es realmente buena y completa. Pues no sé cómo será, pero un gran porcentaje de las veces que busco información sobre algo, acabo en la wiki de archlinux leyendo un artículo completo y práctico. Sí, yo también pero repito que las wikis las generan los usuarios, será que en Debian la gente toma mucho pero ofrece poco ;-) Desgraciadamente en este caso, la información es sobre una herramienta de debian y sólo puedo recurrir a debian (o a alguna de sus derivadas). Si te refieres a las bridge-utils están disponibles en varias distribuciones. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.21.21.10...@gmail.com
Re: Cool things to do with server
On 03/17/2015 11:37 AM, Tazman DeVille wrote: Run a RedMatrix hub on it. See https://redmatrix.me What is that? looked at the site but don't really understand what it does. -Joris signature.asc Description: OpenPGP digital signature
Re: how to force a hold on a missing package during an apt-get upgrade
Am 21.03.2015 um 17:36 schrieb tandread: dear debian users, I really need to have a program compiled from source (that is, a src dir, not a debian source package) Let's say, the mysql server source distribution I can remove the mysql-* deb packages with dpkg --purge --force-depends (I know this causes dangling lib*.so dependencies, but they will be fixed after the mysql src compilation) but a later apt-get --ignore-missing insists on fetching what mysql-* was dpkg-purged I have tried a semi-fix of getting a --get-selections, adding the purged packages as hold and doing a --set-selections, but it has side effects (all mysql dependent packages get uninstalled in the apt-get upgrade) A simpler way then using --get and --set selections is apt-mark hold|unhold package(s) signature.asc Description: OpenPGP digital signature
Re: apt-cacher-ng and apt-get changelog result in http 500 error
Quoting Bernd Naumann (be...@kr217.de): I can't use `apt-get changelog` while have `apt-cacher-ng` running, which is really annoying. I.e.: ``` apt-get changelog screen Err Changelog for screen (http://packages.debian.org/changelogs/pool/main/s/screen/screen_4.1.0~2 0120320gitdb59704-7/changelog) 500 Bad redirection (invalid URL) Err Changelog for screen (http://ftp.de.debian.org/debian/pool/main/s/screen/screen_4.1.0~2012032 0gitdb59704-7.changelog) 404 Not Found E: changelog download failed ``` I can't reproduce this. Here's the output for an installed and an uninstalled package on my laptop (jessie) and my apt-cacher-ng box (wheezy). $ apt-get changelog sed Get:1 Changelog for sed (http://packages.debian.org/changelogs/pool/main/s/sed/sed_4.2.2-4/changelog) [19.1 kB] Fetched 19.1 kB in 1s (10.1 kB/s) $ apt-get changelog bless Get:1 Changelog for bless (http://packages.debian.org/changelogs/pool/main/b/bless/bless_0.6.0-4/changelog) [2,713 B] Fetched 2,713 B in 1s (1,920 B/s) $ $ apt-get changelog sed Get:1 Changelog for sed (http://packages.debian.org/changelogs/pool/main/s/sed/sed_4.2.1-10/changelog) [18.3 kB] Fetched 18.3 kB in 1s (9,854 B/s) $ apt-get changelog a2ps Get:1 Changelog for a2ps (http://packages.debian.org/changelogs/pool/main/a/a2ps/a2ps_4.14-1.1+deb7u1/changelog) [26.8 kB] Fetched 26.8 kB in 1s (15.5 kB/s) $ So it looks like something might be misconfigured somewhere. My /etc/apt/apt.conf contains Acquire::http::Proxy http://192.168.1.19:3142/;; Sources files are deb http://ftp.us.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free deb http://security.debian.org/ jessie/updates main contrib non-free deb-src http://security.debian.org/ jessie/updates main contrib non-free deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free and deb http://ftp.us.debian.org/debian/ wheezy main non-free contrib deb-src http://ftp.us.debian.org/debian/ wheezy main non-free contrib deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free deb http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free deb-src http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free Or another possibilty: I'm running the apt-cacher-ng version from wheezy-backports, otherwise I get problems expiring the post-wheezy packages. Cheers, David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321203828.gb22...@alum.home
Re: Why no security update of apache2 concerning SSLv3?
Vincent Lefevre wrote: Bob Proulx wrote: Vincent Lefevre wrote: Bob Proulx wrote: The Debian default Apache2 configuration for ssl is in local-ssl and it configures the self-signed so called snakeoil certificates. ... The /etc/apache2/mods-available/ssl.conf doesn't need to be modifed by the local admin because the cipher list there is commented out. No, it is not commented out. ./etc/apache2/mods-available/ssl.conf in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains: You are correct. I was confused because it was both. Sorry. Note that the recent option of interest is SSLCipherSuite. $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 No, it is not commented out. The default in unstable is: SSLProtocol all -SSLv3 And the default in wheezy is: SSLProtocol all -SSLv2 This illustrates that if the local admin has not set up the full configuration in their site config that they are not safe. I prefer this way to write the configuration. SSLProtocol -all +TLSv1 Even if it were commented out by default, there could be two solutions: 1. The configuration tool could uncomment the entry and change it. I think it unlikely that most people will have modified the /etc/apache2/mods-available/ssl.conf file. I think any changes there would propagate through simply. 2. The default (i.e. hardcoded value) could be changed, if possible. Changing the compiled in value of the default would be fine. I worry about removing the protocol from the executable becuase there will be some sites that have constraints requiring them maintain the older protocols. Those older protocols may be unsafe when used in a normal web site but for their specific use, perhaps on a private network, they may be okay. If the protocol is removed from the executable then this creates a hardship for them and would require them to split off. That would be worse. (Although it should wake up the admin that they need to merge files if they modified it. But I all too often see local admins simply keep their previous version of files without merging. Look at all of the people with trouble after the sudo secure_path change for examples.) Note that I suggested the change in the case the file was *not* modified. The admin I was mentioning wanted to keep Debian's default (i.e. without any local change). SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 Agreed. I worry about the catagorization of ciphers as high and medium. Those classifications change over time. I prefer to see them listed out because that way it is obvious what they mean. Bob signature.asc Description: Digital signature
Re: how to force a hold on a missing package during an apt-get upgrade
Michael Biebl wrote: Am 21.03.2015 um 17:36 schrieb tandread: but a later apt-get --ignore-missing insists on fetching what mysql-* was dpkg-purged I have tried a semi-fix of getting a --get-selections, adding the purged packages as hold and doing a --set-selections, but it has side effects (all mysql dependent packages get uninstalled in the apt-get upgrade) A simpler way then using --get and --set selections is apt-mark hold|unhold package(s) Since the user wants to remove a package that other packages depend upon holding doesn't help very much. A dead end. As Liam wrote the usual answer is to use the 'equivs' package to create a dummy package to hold the dependency for anything that is compiled and installed locally. Alternatively create a full replacement package. Starting from the Debian package and modifying it isn't usually very difficult. But if you just want to cut it loose and do the upstream thing directly through 'make install' then creating an equivs package is the way to go. Bob signature.asc Description: Digital signature
Re: how to force a hold on a missing package during an apt-get upgrade
On 2015-03-21, tandread tandr...@otenet.gr wrote: dear debian users, I really need to have a program compiled from source (that is, a src dir, not a debian source package) Let's say, the mysql server source distribution I can remove the mysql-* deb packages with dpkg --purge --force-depends (I know this causes dangling lib*.so dependencies, but they will be fixed after the mysql src compilation) but a later apt-get --ignore-missing insists on fetching what mysql-* was dpkg-purged I have tried a semi-fix of getting a --get-selections, adding the purged packages as hold and doing a --set-selections, but it has side effects (all mysql dependent packages get uninstalled in the apt-get upgrade) So, is there a way to for apt-get upgrade to keep ignoring broken dependencies caused by dpkg --force-depends --purge? thanks for any answer The 'equivs' package might be the way forward. From its description: Another use is to circumvent dependency checking: by letting dpkg think a particular package name and version is installed when it isn't -- Liam -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnmgrjkq.upc.liam.p.otoole@dipsy.tubbynet
Re: Why no security update of apache2 concerning SSLv3?
Gene Heskett wrote: Call me confused. And I do run my own web page from this machine. URL in sig. Genes Web page http://geneslinuxbox.net:6309/gene That is a non-https page. Do you operate any https pages requiring security? I didn't find any. If you aren't using https then the discussion here about the POODLE attach against https isn't relevant. First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a /etc/apache2/mods-available/ssl.conf Right. With relatively sparse bits of uncommenting that would appear to be related here: SSLCipherSuite AES128+EECDH:AES128+EDH SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 Header always set Strict-Transport-Security max-age=63072000; include SubDomains Header alway set X-Frame-Options DENY If you were operating an ssl site then the above would match the current recommendations from: https://cipherli.st/ But as far as I can see you are not running https. Therefore modifying those files is simply creating more work for yourself. :-( I will note that it is a fast changing environment. I hate to quote static lists like that since tomorrow they may be different. Instead I like to point to centralized information resources like the ssllabs.com and cipherli.st sites to coordinate the current wisdom. Documentation on this stuff and its interactions is sparse at best despite the fact that I have installed what s/b the correct man pages. For web servers most of the documentation is on the web. It is just the nature of things. Some of the above has been edited persuant to anti POODLE instructions found by google. So, am I safe, or low hanging fruit with those settings? As far as I can see you are safe since you are not operating a web site that uses encryption to secure any pages. Therefore none of this discussion applies to you as a web admin. The question here is whether a POODLE attack can allow a man in the middle attacker to see the plaintext of an SSL connection. To consider the danger lets say a web site requires a login, uses cookies to maintain a session, and https to keep others from sniffing your login credentials. A successful attack could give someone else your cookie data which they could use to log into that site as you. But you are talking about your own site that you are maintaining. If you are not using SSL then this simply does not apply to you. If you are using SSL then it depends upon what, where, why, and so forth. Someone using it just to add noise to the encrypted data traffic would always be safe too since it wouldn't be worse than not encrypting it. The POODLE attack doesn't allow someone to directly break into your web server. The attack is about listening to encrypted traffic. Information gained by sniffing may allow further attacks however. If someone were using something like SquirrelMail or Roundcube or Mailpile for a webmail interface for example then they should be directly concerned over this type of attack. Someone targeting them might be able to log into the web as them and send email as them. And the same for most other web login interfaces. (Many people are in terror over the idea of someone logging into Facebook as them. Research Firesheep.) Bob signature.asc Description: Digital signature
Re: Why no security update of apache2 concerning SSLv3?
On Saturday 21 March 2015 16:37:59 Bob Proulx wrote: Vincent Lefevre wrote: Bob Proulx wrote: Vincent Lefevre wrote: Bob Proulx wrote: The Debian default Apache2 configuration for ssl is in local-ssl and it configures the self-signed so called snakeoil certificates. ... The /etc/apache2/mods-available/ssl.conf doesn't need to be modifed by the local admin because the cipher list there is commented out. No, it is not commented out. ./etc/apache2/mods-available/ssl.conf in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains: You are correct. I was confused because it was both. Sorry. Note that the recent option of interest is SSLCipherSuite. $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 This is not valid for a 2.22 install # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 No, it is not commented out. The default in unstable is: SSLProtocol all -SSLv3 And the default in wheezy is: SSLProtocol all -SSLv2 This illustrates that if the local admin has not set up the full configuration in their site config that they are not safe. I prefer this way to write the configuration. SSLProtocol -all +TLSv1 Now set. Even if it were commented out by default, there could be two solutions: 1. The configuration tool could uncomment the entry and change it. I think it unlikely that most people will have modified the /etc/apache2/mods-available/ssl.conf file. I think any changes there would propagate through simply. 2. The default (i.e. hardcoded value) could be changed, if possible. Changing the compiled in value of the default would be fine. I worry about removing the protocol from the executable becuase there will be some sites that have constraints requiring them maintain the older protocols. Those older protocols may be unsafe when used in a normal web site but for their specific use, perhaps on a private network, they may be okay. If the protocol is removed from the executable then this creates a hardship for them and would require them to split off. That would be worse. (Although it should wake up the admin that they need to merge files if they modified it. But I all too often see local admins simply keep their previous version of files without merging. Look at all of the people with trouble after the sudo secure_path change for examples.) Note that I suggested the change in the case the file was *not* modified. The admin I was mentioning wanted to keep Debian's default (i.e. without any local change). SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 Agreed. I worry about the catagorization of ciphers as high and medium. Those classifications change over time. I prefer to see them listed out because that way it is obvious what they mean. Bob However on the restart, I logged this in /var/log/apache2/error.log: [Sat Mar 21 18:08:02 2015] [info] removed PID file /var/run/apache2.pid (pid=2954) [Sat Mar 21 18:08:02 2015] [notice] caught SIGTERM, shutting down [Sat Mar 21 18:08:03 2015] [notice] Apache/2.2.22 (Debian) configured -- resuming normal operations [Sat Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43 [Sat Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem) [Sat Mar 21 18:08:03 2015] [error] (2)No such file or directory: Couldn't bind unix domain socket /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944 No clue how to fix this one, APACHE_RUN_DIR is not set in the environment. Broken init.d script perhaps?? [Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize But this seems to be a never mind as it doesn't seem to effect performance in any case. How important is it? Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503211817.30225.ghesk...@wdtv.com
Re: intento de secuestro de cuenta
2015-03-18 21:47 GMT+01:00 Juan Carlos Rebate fhuv...@gmail.com: que casualidad que hable de la seguridad e google y hoy llevo ya 2 intentos de inicio de ssion desde otras maquinas Hola, ¿No intentarías acceder desde thunderbird/icedove? Gmail ha endurecido las condiciones de seguridad de acceso (por lo menos eso dicen) y ahora consideran thunderbird/icedove no suficientemente seguro. Como te han dicho en otra respuesta, mira las máquinas. Si son tuyas y este es el caso, hay una opción para relajar las condiciones si quieres. Si no son tuyas, te están intentando entrar. Saludos, -- Agustin -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAHMXK7ghrgsJBQOG5DEYUoamvuS5N5=x+hwxkub1ma5yfns...@mail.gmail.com
Re: Problem forward/postroute http/https thru vlan-ed interface.
Mimiko wrote: I set up in interfaces: auto eth0 iface eth0 inet static address local_lan_ip netmask mask auto eth1.2 iface eth1.2 inet static address isp1 netmask mask auto eth1.4 iface eth2.4 inet static address isp2 netmask mask VLAN ID 2 is for tagging to ISP1 VLAN ID 4 is for tagging to ISP2 I see no vlans in your configuration above. The above simply shows additional IP addresses being assigned. If your switch is requiring vlan tagging then that is likely your problem. See the documentation for setting up vlans here: https://wiki.debian.org/NetworkConfiguration Bob signature.asc Description: Digital signature
Re: Why no security update of apache2 concerning SSLv3?
On Saturday 21 March 2015 19:25:53 Bob Proulx wrote: Gene Heskett wrote: Bob Proulx wrote: $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 This is not valid for a 2.22 install What is the error you are seeing? That looks to be okay to me. That site said it was 2.24 newer only from the way I read it. rwp@havoc:~$ cat /etc/debian_version 7.8 rwp@havoc:~$ dpkg -l apache2 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait |/Trig-pend / Err?=(none)/Reinst-required (Status,Err: | uppercase=bad) | ||/ Name Version Architecture Description +++-==---= ii apache22.2.22-13+de i386 Apache HTTP Server metapackage rwp@havoc:~$ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 Note however that I always override it in the site config file. But the point is that I think you must have some other problem in your configuration. However on the restart, I logged this in /var/log/apache2/error.log: [Sat Mar 21 18:08:02 2015] [info] removed PID file /var/run/apache2.pid (pid=2954) [Sat Mar 21 18:08:02 2015] [notice] caught SIGTERM, shutting down [Sat Mar 21 18:08:03 2015] [notice] Apache/2.2.22 (Debian) configured -- resuming normal operations [Sat Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43 [Sat Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem) [Sat Mar 21 18:08:03 2015] [error] (2)No such file or directory: Couldn't bind unix domain socket /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944 Using /var/log/httpd on a Debian system? The use of httpd is more typical of a Red Hat system. Did you make an edit that followed a Red Hat guide on your Debian system and cross the streams? Are you running FastCGI with your Apache instead of the internal Apache handler? (Which is fine.) Check the configuration for it. Something might be snafu there setting the communication socket. I think I am, but its been years since I last messed with that. Is there a quick way to tell someplace in the /etc/apache2 tree? Also a cgi communication socket would normally go in /var/run not /var/log. So something is snafu there. For example using /var/run/fcgiwrap.socket is typical with fcgiwrap and spawn-fcgi. When I restart my Debian apache2 I see this: # service apache2 restart [Sat Mar 21 17:10:16 2015] [notice] caught SIGTERM, shutting down [Sat Mar 21 17:10:17 2015] [notice] Apache/2.2.22 (Debian) DAV/2 SVN/1.6.17 configured -- resuming normal operations So obviously I've enabled something, maybe fastcgi? I hate to ask but it is also important to know if you are using systemd or not since it affects everything. Not yet, although there are whispers of it presence in the form of unused directories a couple places I tripped over it. No clue how to fix this one, APACHE_RUN_DIR is not set in the environment. Broken init.d script perhaps?? It is in the /etc/apache2/envvars file. Ahh, lemme check. BRB. Humm, its not in that file, so $ grep APACHE_RUN_DIR /etc/apache2/envvars export APACHE_RUN_DIR=/var/run/apache2$SUFFIX Add this, restart. Solves both problems. Thank you, Bob. [Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize But this seems to be a never mind as it doesn't seem to effect performance in any case. How important is it? I have no idea. Bob Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503212021.45499.ghesk...@wdtv.com
Problem forward/postroute http/https thru vlan-ed interface.
Hello. Recently I tried to combine multiple ISP using a layer 2 switch into one port connected to a debian wheezy router. I set up in interfaces: auto eth0 iface eth0 inet static address local_lan_ip netmask mask auto eth1.2 iface eth1.2 inet static address isp1 netmask mask auto eth1.4 iface eth2.4 inet static address isp2 netmask mask VLAN ID 2 is for tagging to ISP1 VLAN ID 4 is for tagging to ISP2 Also for load balancing I do: ip route replace default scope global nexthop via $eth1.2_gateway dev $eth1.2_eth weight 100 nexthop via $eth2.4_gateway dev $eth2.4_eth weight 100 In iptables I do: iptables -t nat -A POSTROUTING -o eth1.2 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth1.4 -j MASQUERADE iptables -A FORWARD -j ACCEPT Now when i ping from the linux router - it works. When I ping from some workstation behind router - it works. When I open some ftp from workstation - it works. But, when I try to open a web page from workstation - it does not work. I even tried on linux router: wget google.com and after resolving to ip it waited long long time to download page and didn't received any packet. What is wrong with http/htpps ? Why icmp works, ftp works, but http/https is not working? The same configuration of iptables, ip route but moving to eth1 and eth2 - physical interfaces for each ISP - all works as it should be. Thank you. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550deed8.2060...@gmail.com
Re: Why no security update of apache2 concerning SSLv3?
Gene Heskett wrote: I have been considering switching to https. On the one hand it would be good ever all traffic used https. On the other hand it won't prevent someone from knowing what sites you visit or what visiters are visiting your site. All of your pages are publicly known anyway. Good to contribute to the https traffic though. No login will ever exist according to gene as I find the saving of usernames and passwords on a per site basis, a quite major pain in the ass. People who are interested in what I have to offer (a lot of horn blowing by an old fart to be sure) should not be subjected to that insanity. Then I am still of the mind that I would not worry about using https for it. For your use case keeping it simple is probably the better way to go. And they can do that with much less effort if I don't use it. One of the reasons my web page is a bit incomplete in re my hobbies. So I am much more concerned with keeping visitors in a user permissions jail so they cannot tour the rest of this machine. Help in that regard would be most appreciated. That sounds like something that would be a good question to this list with potential for a good discussion that many people might share an interest. Putting services such as web servers into containers is becoming the best practice these days. There are many ways to do it. If you do please start a new discussion thread for it rather than diverting here. Bob signature.asc Description: Digital signature
Re: Why no security update of apache2 concerning SSLv3?
Gene Heskett wrote: Bob Proulx wrote: $ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 This is not valid for a 2.22 install What is the error you are seeing? That looks to be okay to me. rwp@havoc:~$ cat /etc/debian_version 7.8 rwp@havoc:~$ dpkg -l apache2 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---= ii apache22.2.22-13+de i386 Apache HTTP Server metapackage rwp@havoc:~$ grep SSLCipherSuite /etc/apache2/mods-available/ssl.conf SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 Note however that I always override it in the site config file. But the point is that I think you must have some other problem in your configuration. However on the restart, I logged this in /var/log/apache2/error.log: [Sat Mar 21 18:08:02 2015] [info] removed PID file /var/run/apache2.pid (pid=2954) [Sat Mar 21 18:08:02 2015] [notice] caught SIGTERM, shutting down [Sat Mar 21 18:08:03 2015] [notice] Apache/2.2.22 (Debian) configured -- resuming normal operations [Sat Mar 21 18:08:03 2015] [info] Server built: Dec 27 2014 21:24:43 [Sat Mar 21 18:08:03 2015] [debug] worker.c(1757): AcceptMutex: sysvsem (default: sysvsem) [Sat Mar 21 18:08:03 2015] [error] (2)No such file or directory: Couldn't bind unix domain socket /var/log/httpd/${APACHE_RUN_DIR}/cgisock.4944 Using /var/log/httpd on a Debian system? The use of httpd is more typical of a Red Hat system. Did you make an edit that followed a Red Hat guide on your Debian system and cross the streams? Are you running FastCGI with your Apache instead of the internal Apache handler? (Which is fine.) Check the configuration for it. Something might be snafu there setting the communication socket. Also a cgi communication socket would normally go in /var/run not /var/log. So something is snafu there. For example using /var/run/fcgiwrap.socket is typical with fcgiwrap and spawn-fcgi. When I restart my Debian apache2 I see this: # service apache2 restart [Sat Mar 21 17:10:16 2015] [notice] caught SIGTERM, shutting down [Sat Mar 21 17:10:17 2015] [notice] Apache/2.2.22 (Debian) DAV/2 SVN/1.6.17 configured -- resuming normal operations I hate to ask but it is also important to know if you are using systemd or not since it affects everything. No clue how to fix this one, APACHE_RUN_DIR is not set in the environment. Broken init.d script perhaps?? It is in the /etc/apache2/envvars file. $ grep APACHE_RUN_DIR /etc/apache2/envvars export APACHE_RUN_DIR=/var/run/apache2$SUFFIX [Sat Mar 21 18:08:04 2015] [crit] cgid daemon failed to initialize But this seems to be a never mind as it doesn't seem to effect performance in any case. How important is it? I have no idea. Bob signature.asc Description: Digital signature
How to handle network problems
Networking inside some VM's was so slow as to be non-functional; I finally found https://bugzilla.redhat.com/show_bug.cgi?id=855640, which suggested (note 11) ethtool -K eth0 gro off With that change, everything worked well, except that speedtest.net was not able to connect for the upload speed test. So I'm not sure if the problem is completely fixed. If anyone has suggestions about diagnosing or solving the problem, that would be great. I am also wondering if I should let someone know about this problem since the solution is really just a work-around. I'm not sure if the real problem is with the virtio drivers, the hardware network drivers, the bridging code, kvm, I had the problem with a Windows 7 VM (with RedHat's virtio drivers), but there are reports of similar trouble with Linux guests. There is also a very similar report with newer kernels (http://askubuntu.com/questions/503863/poor-upload-speed-in-kvm-guest-with-virtio-eth-driver-in-openstack-on-3-14 and references from there), but since that is reported as a regression it may be different. The vm is running under KVM under libvirt, via virt-manager. Using bridged networking from libvirt and virtio from inside the VM. Thanks. Ross Boylan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cak3ntrcy4toh0uq2116ismpwd_0bjxfigyfesmk7zbedsm3...@mail.gmail.com
Re: how to debug this fuse problem
Eduard Bloch e...@gmx.de writes: searching with `aptitudue search ckt7' (or ckt4) finds nothing at all. It's just an arbitrary version string. It can be (almost) anything, even 1.2.3.myCuteVersion-10.9.8. I suspect I could/should be running i686 with pae. Not sure why the installer choose a 486 kernel originally ... (it changed to 586 during a full-upgrade a mnth or two ago) The jessie OS here is running as vbox guest on a 2x Xeon on HP xw8600 I don't know why the installer chose that kernel, your Xeon should be fully i686 compatible. If the installation is damaged somehow (see above) then switching to another kernel might make the problem disappear. Many thanks to all posters... this is quite a useful thread to me. Still haven't got to fixing the problem but with the information here I am now well armed. Thanks posters -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sicx3or2@reader.local.lan
Algo raro con las memorias flash y Debian 7 LXDE
Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo Debian 7 LXDE. Todo muy bien, solo un detalle, por ejemplo, cuando un usuario inserta una memoria flash o pendrive por vez primera y luego la retira, al insertar otra memoria diferente, pues le sale la información de la primera que retiró o anterior. Ya muchos usuarios se me han quejado al respecto y la única solución que le he dado es decirles que cierren la sesión y la vuevan a abrir, de esta forma es que se puede visualizar la información de la última memoria insertada, y así sucesivamente. Esta forma que utilizo es algo tediosa. Pudiera alguien darme una ayuda al respecto. Muchas gracias -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/62342.10.0.1.2.1426981817.squir...@www.correo.pinarte.cult.cu
Re: Algo raro con las memorias flash y Debian 7 LXDE
El 21/03/15 a las 20:50, c...@pinarte.cult.cu escibió: Hola lista. En mi trabajo tengo instalado en las estaciones de trabajo Debian 7 LXDE. Todo muy bien, solo un detalle, por ejemplo, cuando un usuario inserta una memoria flash o pendrive por vez primera y luego la retira, al insertar otra memoria diferente, pues le sale la información de la primera que retiró o anterior. Ya muchos usuarios se me han quejado al respecto y la única solución que le he dado es decirles que cierren la sesión y la vuevan a abrir, de esta forma es que se puede visualizar la información de la última memoria insertada, y así sucesivamente. Esta forma que utilizo es algo tediosa. Pudiera alguien darme una ayuda al respecto. Muchas gracias Para quitar la memoria Flash siempre hay que hacerlo en modo seguro, es decir, desmontándola desde pcmfm. Quizás lo que haces es quitarla sin mediar ese procedimiento. Deberías informale a los usuarios que desmonten antes de quitar la memoria. Saludos -- Sergio Bessopeanetto Buenos Aires - Argentina -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550e064a.6090...@inbox.im
Re: Why no security update of apache2 concerning SSLv3?
On Saturday 21 March 2015 17:04:03 Bob Proulx wrote: Gene Heskett wrote: Call me confused. And I do run my own web page from this machine. URL in sig. Genes Web page http://geneslinuxbox.net:6309/gene That is a non-https page. Do you operate any https pages requiring security? I didn't find any. If you aren't using https then the discussion here about the POODLE attach against https isn't relevant. First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a /etc/apache2/mods-available/ssl.conf Right. With relatively sparse bits of uncommenting that would appear to be related here: SSLCipherSuite AES128+EECDH:AES128+EDH SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 Header always set Strict-Transport-Security max-age=63072000; include SubDomains Header alway set X-Frame-Options DENY If you were operating an ssl site then the above would match the current recommendations from: I have been considering switching to https. https://cipherli.st/ But as far as I can see you are not running https. Therefore modifying those files is simply creating more work for yourself. :-( I will note that it is a fast changing environment. I hate to quote static lists like that since tomorrow they may be different. Might even be different by the time we had dinner. :) Instead I like to point to centralized information resources like the ssllabs.com and cipherli.st sites to coordinate the current wisdom. Best practice I believe. Better chance of everybody being on the same page that way. Documentation on this stuff and its interactions is sparse at best despite the fact that I have installed what s/b the correct man pages. For web servers most of the documentation is on the web. It is just the nature of things. Some of the above has been edited persuant to anti POODLE instructions found by google. So, am I safe, or low hanging fruit with those settings? As far as I can see you are safe since you are not operating a web site that uses encryption to secure any pages. Therefore none of this discussion applies to you as a web admin. The question here is whether a POODLE attack can allow a man in the middle attacker to see the plaintext of an SSL connection. To consider the danger lets say a web site requires a login, uses cookies to maintain a session, and https to keep others from sniffing your login credentials. A successful attack could give someone else your cookie data which they could use to log into that site as you. No login will ever exist according to gene as I find the saving of usernames and passwords on a per site basis, a quite major pain in the ass. People who are interested in what I have to offer (a lot of horn blowing by an old fart to be sure) should not be subjected to that insanity. But you are talking about your own site that you are maintaining. If you are not using SSL then this simply does not apply to you. If you are using SSL then it depends upon what, where, why, and so forth. Someone using it just to add noise to the encrypted data traffic would always be safe too since it wouldn't be worse than not encrypting it. The POODLE attack doesn't allow someone to directly break into your web server. The attack is about listening to encrypted traffic. Information gained by sniffing may allow further attacks however. And they can do that with much less effort if I don't use it. One of the reasons my web page is a bit incomplete in re my hobbies. So I am much more concerned with keeping visitors in a user permissions jail so they cannot tour the rest of this machine. Help in that regard would be most appreciated. If someone were using something like SquirrelMail or Roundcube or Mailpile for a webmail interface for example then they should be directly concerned over this type of attack. Someone targeting them might be able to log into the web as them and send email as them. And the same for most other web login interfaces. (Many people are in terror over the idea of someone logging into Facebook as them. Research Firesheep.) I heard about that, its just one of the reasons I do not inhabit any sites of that ilk, like most I value my privacy. We all should rebel at such intrusions in exactly the same way I treated the pols, who of course excluded them selves from the National Do Not Call Act. My phone # got unlisted after some penny ante pol called wanting my vote (in a different state mind you) at 3AM. Had he been standing at the foot of my bed, he would have left zipped up in a bag. What our ballots need is a none of the above box, and if none wins, they start all over with the current list of candidates disqualified from running again in this election cycle. OTOH, I vent enough on the mailing lists that I expect my name is well recorded in Utah. Tsk Tsk. Time (as in 80 years) has already done much of what they can do to me. Thanks Bob.
Re: Versión minima de Debian
El 19 de marzo de 2015 5:39:24 PM CST, Carlos Zuniga carlos@gmail.com escribió: On Thu, Mar 19, 2015 at 10:02 AM, Camaleón noela...@gmail.com wrote: El Thu, 19 Mar 2015 11:41:43 -0300, mramirez escribió: Hola! Ve si te sirve: http://www.damnsmalllinux.org/index_es.html No, no me vale. ¿Desde cuando Damn Small Linux es Debian? ;-) No es propiamente Debian, pero esta basado en Knoppix que a su vez esta basado en Debian ;) http://www.debian.org/misc/children-distros#damnsmall Porque la gente sigue recomendando esta distribución? Desde 2012 no veo movimiento? No es pregunta odiosa es que de verdad me gustaría saber. Sigue manteniendo actualizaciones? -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAABYcjMfHkafhaatE4tBZY=o_4orb2n7yfhmzevhtgy+v5d...@mail.gmail.com -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/da69cac3-3668-4690-b1e0-34e631c87...@riseup.net
Re: Problem forward/postroute http/https thru vlan-ed interface.
Bob Proulx b...@proulx.com wrote: Mimiko wrote: I set up in interfaces: auto eth0 iface eth0 inet static address local_lan_ip netmask mask auto eth1.2 iface eth1.2 inet static address isp1 netmask mask auto eth1.4 iface eth2.4 inet static address isp2 netmask mask VLAN ID 2 is for tagging to ISP1 VLAN ID 4 is for tagging to ISP2 I see no vlans in your configuration above. The above simply shows additional IP addresses being assigned. If your switch is requiring vlan tagging then that is likely your problem. Ah, nope. It's magic. Since Wheezy ifupdown knows the notation interface dot VLAN-ID and automatically creates an appropriatly configured interface. (In Squeeze you needed the vlan-package or a small scriptled in /etc/network/if-pre-up.d to issue the correct ip-commands.) Try for you self, put one config like the above in your network/interfaces file and use ifup -v to see what commands are used. Also see the man-page for interfaces(5): , | VLAN AND BRIDGE INTERFACES |To ease the configuration of VLAN interfaces, interfaces having . |(full stop character) in the name are configured as 802.1q tagged vir‐ |tual LAN interface. For example, interface eth0.1 is a virtual inter‐ |face having eth0 as physical link, with VLAN ID 1. ` See the documentation for setting up vlans here: https://wiki.debian.org/NetworkConfiguration That is horribly outdated. It even says Etch on the part for VLANs. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/hbfnsl4ro...@mids.svenhartge.de
sound vanished with a reboot?
Greetings audio guru's; All sound Except the new mail beep from kmail, vanished with the first reboot after 20 days uptime while dinking around with what was sold to me as a new 2Tb Toshiba drive, but which did not turn out to be a sealed box. I do not think its related. Pursuant to someones suggestions, I installed pavuctl and pavumeter this morning early, but according to synaptic, that is the extent of the pulse install, no other pulse stuff is seen as installed by synaptic. And of coarse, they don't work, no server. But it has just worked through 4 or 5 other reboots 20 days+ prior to this one. Do we have any tracing tools that would allow me to start at the usual iceweasal audio output and see how its all linked maybe discover where the stream of data is getting lost? From an lspci -vv output, this I believe is the motherboard hardware. There is also an eVga card with an unbonded HDMI output. It checks in in an lspci output as Device 1302 But it uses the same snd-hda-intel module as the motherboard one uses, so I cannot blacklist it by the usual means 00:06.1 Audio device: NVIDIA Corporation MCP55 High Definition Audio (rev a2) Subsystem: ASUSTeK Computer Inc. Device 81f6 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast TAbort- TAbort- MAbort- SERR- PERR- INTx- Latency: 0 (500ns min, 1250ns max) Interrupt: pin B routed to IRQ 20 Region 0: Memory at fe02 (32-bit, non-prefetchable) [size=16K] Capabilities: [44] Power Management version 2 Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold+) Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME- Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+ Address: Data: Masking: Pending: Capabilities: [6c] HyperTransport: MSI Mapping Enable- Fixed+ KMix shows two cards, both ID'd as hda-intel, one shows all the usual culprits, while the 2nd one is blank. No way to firmly tell which is which. The keyboard volume control still goes thru all the motions, while the speakers, except for the kmail driven new mail beep, are mute. Ideas please? Thanks Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503212212.35592.ghesk...@wdtv.com
Re: Why no security update of apache2 concerning SSLv3?
Gene Heskett wrote: Are you running FastCGI with your Apache instead of the internal Apache handler? (Which is fine.) Check the configuration for it. Something might be snafu there setting the communication socket. I think I am, but its been years since I last messed with that. Is there a quick way to tell someplace in the /etc/apache2 tree? I would try grep'ing the entire tree looking for the socket file name. That config has to be in there somewhere. grep -r cgisock /etc/apache2 No clue how to fix this one, APACHE_RUN_DIR is not set in the environment. Broken init.d script perhaps?? It is in the /etc/apache2/envvars file. Ahh, lemme check. BRB. Humm, its not in that file, so $ grep APACHE_RUN_DIR /etc/apache2/envvars export APACHE_RUN_DIR=/var/run/apache2$SUFFIX Add this, restart. Solves both problems. Thank you, Bob. That file has a lot of stuff in it. If you were missing that then you are probably missing a lot of that file. I would be inclined to re-install apache2.2-common in order to get a clean copy of that file. Normally there isn't any reason to need to modify it. I will include a copy from Wheezy 7 at the end. Bob # envvars - default environment variables for apache2ctl # this won't be correct after changing uid unset HOME # for supporting multiple apache2 instances if [ ${APACHE_CONFDIR##/etc/apache2-} != ${APACHE_CONFDIR} ] ; then SUFFIX=-${APACHE_CONFDIR##/etc/apache2-} else SUFFIX= fi # Since there is no sane way to get the parsed apache2 config in scripts, some # settings are defined via environment variables and then used in apache2ctl, # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. export APACHE_LOG_DIR=/var/log/apache2$SUFFIX ## The locale used by some modules like mod_dav export LANG=C ## Uncomment the following line to use the system default locale instead: #. /etc/default/locale export LANG ## The command to get the status for 'apache2ctl status'. ## Some packages providing 'www-browser' need '--dump' instead of '-dump'. #export APACHE_LYNX='www-browser -dump' ## If you need a higher file descriptor limit, uncomment and adjust the ## following line (default is 8192): #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' ## If you would like to pass arguments to the web server, add them below ## to the APACHE_ARGUMENTS environment. #export APACHE_ARGUMENTS='' signature.asc Description: Digital signature
Re: Why no security update of apache2 concerning SSLv3?
On Saturday 21 March 2015 20:28:50 Bob Proulx wrote: Gene Heskett wrote: [...] It is in the /etc/apache2/envvars file. Ahh, lemme check. BRB. Humm, its not in that file, so $ grep APACHE_RUN_DIR /etc/apache2/envvars export APACHE_RUN_DIR=/var/run/apache2$SUFFIX Add this, restart. Solves both problems. Thank you, Bob. That file has a lot of stuff in it. If you were missing that then you are probably missing a lot of that file. I would be inclined to re-install apache2.2-common in order to get a clean copy of that file. Normally there isn't any reason to need to modify it. I will include a copy from Wheezy 7 at the end. Bob # envvars - default environment variables for apache2ctl # this won't be correct after changing uid unset HOME Not present. I assume it has to do with the below missing stanza? # for supporting multiple apache2 instances if [ ${APACHE_CONFDIR##/etc/apache2-} != ${APACHE_CONFDIR} ] ; then SUFFIX=-${APACHE_CONFDIR##/etc/apache2-} else SUFFIX= fi This above if:fi stanza is not present, but I'm only running one startup. I assume this is for serving two+ unrelated sites from one machine? # Since there is no sane way to get the parsed apache2 config in scripts, some # settings are defined via environment variables and then used in apache2ctl, # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX And this one was missing too. Added, effect unk ATM. restart was as expected. # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. export APACHE_LOG_DIR=/var/log/apache2$SUFFIX Present. ## The locale used by some modules like mod_dav export LANG=C present. ## Uncomment the following line to use the system default locale instead: #. /etc/default/locale export LANG present. ## The command to get the status for 'apache2ctl status'. ## Some packages providing 'www-browser' need '--dump' instead of '-dump'. #export APACHE_LYNX='www-browser -dump' ## If you need a higher file descriptor limit, uncomment and adjust the ## following line (default is 8192): #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' ## If you would like to pass arguments to the web server, add them below ## to the APACHE_ARGUMENTS environment. #export APACHE_ARGUMENTS='' Unless someone else see's a problem, it looks like I am, as was said in 1960 while building Titan missiles in South Dakota, FAT, dumb happy. Now, sound, but that is another thread. Thanks for your patience Bob. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503212137.51407.ghesk...@wdtv.com
Re: Problem forward/postroute http/https thru vlan-ed interface.
Sven Hartge wrote: Bob Proulx b...@proulx.com wrote: I see no vlans in your configuration above. The above simply shows additional IP addresses being assigned. If your switch is requiring vlan tagging then that is likely your problem. Ah, nope. It's magic. Since Wheezy ifupdown knows the notation interface dot VLAN-ID and automatically creates an appropriatly configured interface. (In Squeeze you needed the vlan-package or a small scriptled in /etc/network/if-pre-up.d to issue the correct ip-commands.) What? They have changed the syntax and I am out of date?! Horrors! :-/ I will go and learn the new syntax for these things. VLAN AND BRIDGE INTERFACES To ease the configuration of VLAN interfaces, interfaces having . (full stop character) in the name are configured as 802.1q tagged vir- tual LAN interface. For example, interface eth0.1 is a virtual inter- face having eth0 as physical link, with VLAN ID 1. For compatibility with bridge-utils package, if bridge_ports option is specified, VLAN interface configuration is not performed. Thanks for pointing this out. See the documentation for setting up vlans here: https://wiki.debian.org/NetworkConfiguration That is horribly outdated. It even says Etch on the part for VLANs. Would you feel like updating it? It is a wiki after all. Bob signature.asc Description: Digital signature
Re: Problem forward/postroute http/https thru vlan-ed interface.
Mimiko wrote: What is wrong with http/htpps ? Why icmp works, ftp works, but http/https is not working? Since Sven pointed out that I was out of date I no longer have a clue. To debug this I would run tcpdump on both sides of the router and examine the packets for http and verify that they are being passed through and NAT'd correctly. You should be able to verify the return packets through the router. If there is a problem along the way then you should be able to see where the packets are getting lost. That should point to the problem. The same configuration of iptables, ip route but moving to eth1 and eth2 - physical interfaces for each ISP - all works as it should be. IMNHO if you can use two different physical interfaces then I think that is the better way to do it. Bob signature.asc Description: Digital signature