eCryptfs slow on CIFS share
Hello, I tried to set up an eCryptfs onto an CIFS share which resulted in an incredibly slow transfer rate. The CIFS share is located on a QNAP NAS with Gbit-Ethernet connection. The CIFS share was normally mounted with: $ mount -o username=guest,password=guest -t cifs //nas/Public /tmp/test/ Test of the bare CIFS transfer rate, looks good: $ dd if=/dev/zero of=test.bin bs=1M count=1000 1048576000 bytes (1.0 GB) copied, 10.2111 s, 103 MB/s Then I mounted a eCryptfs into the CIFS share with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=d395309aaad4de06 ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=d395309aaad4de06 $ mount -t ecryptfs .ecryptfs_test/ ecryptfs_test/ Mounted eCryptfs And then tried again the transfer rate into the eCryptfs: $ dd if=/dev/zero of=test.bin bs=1M count=100 104857600 bytes (105 MB) copied, 22.5929 s, 4.6 MB/s Let's try the same again on a NFS share: $ mount -t nfs nas:/Public test/ $ dd if=/dev/zero of=test.bin bs=1M count=1000 1048576000 bytes (1.0 GB) copied, 10.5861 s, 99.1 MB/s $ mount -t ecryptfs .ecryptfs_test/ ecryptfs_test/ (with same options) $ dd if=/dev/zero of=test.bin bs=1M count=1000 1048576000 bytes (1.0 GB) copied, 13.8161 s, 75.9 MB/s This is a speedup of 16.5 from CIFS -> NFS. But there is no big speed difference between the bare CIFS and NFS. Is there any way to speedup the eCryptfs on CIFS or is this a known issue? -- Michael
Re: [Offtopic]: Compress Downloads on the fly
On 01/28/2017 08:10 PM, Rainer Dorsch wrote: I would like to download a large csv file from a JavaScript intensive web page. My client system has not enough storage for the file, but if I could compress the file on the fly, things would work, since the file has a huge compression ratio. If you could fetch the URL, then use wget or curl to do this: wget -O- http://www.example.com | bzip2 >your.file.bz2 curl http://www.example.com | bzip2 >your.file.bz2 -- Michael
Re: NTP insecure defaults
On 01/07/2017 09:33 AM, Mart van de Wege wrote: Turns out the Debian default is indeed to provide time service if you install NTP. Shouldn't that be limited to localhost only, so that an admin must deliberately open up the service if they want to provide NTP service to the outside world? Did you install any package that suggested or depended on the ntp package? Because on my system, the ntp package is not installed. ntp is handled by systemd-timesyncd. So the current Debian installer does not install the ntp by default in my opinion. I downloaded the ntp_4.2.6.p5+dfsg-7+deb8u2_amd64 package and looked into the /etc/ntp.conf and it is restricted to 127.0.0.1 and ::1 by default. I thought of opening a bug, but I'd like a second opinion first. Thoughts anyone? I think you should give us a little more details before filing a bug report (what did you install, which files did you change, ...). -- Michael
Re: jessie: ALSA fails on first use after reboot
D. R. Evans wrote: D. R. Evans wrote: Is there some way to find out what process is using ALSA when snd_pcm_open() returns that error? (If indeed there is such a process.) Still, if anyone has any suggestions as to how to discover what is going on, I'd appreciate it. I'm not a great fan of mysterious happenings on my computers. Maybe you could try this to find out if there is some process blocking the sound device: $ fuser -v /dev/snd/* /dev/dsp* --Michael
Re: sudo + gpg - howto?
On 11/27/2016 10:10 AM, Kamil Jońca wrote: 2. cannot run pinentry (my guess is that tty is owned by user kjonca and pinentry should be as user backup) That's the problem. The owner of ttyX must match with the user for which pinentry is running. You could change the permissions of tty to the backup user with # chown backup /dev/ttyX So my questions are: 1. is it possible to use passphrase-fd/passphrase-file options? 2. if not, how can I configure gpg/gpgagen/sudo/whatever in order to enter passphrase as sudo target user? You could also try putting the option "allow-loopback-pinentry" to ~/.gnupg/gpg-agent.conf and restarting the agent. Then you could start gpg with '--pinentry-mode loopback' or put "pinentry-mode loopback" to ~/.gnupg/gpg.conf. That worked for me with GnuPG 2 some time ago when I had a similar problem with duplicity. Best Regards, Michael
Re: Zero filling my HDD before installation
On Mon, May 2, 2016 at 7:39 PM, Ralph Sanchezwrote: > I can't find a reply to list, I tried reply all, does that work? It seems so, make sure you're replying to the list's address (here: "debian-user@lists.debian.org"). It's usually not neccessary to reply to all [1]. In this lists code of conduct [2] there's the rule, that one should not send a CC to the original poster unless he requested it. > I currently use PGP for disk encryption, I haven't delved much into > learning about LUKS, etc but I will now. I also don't use passphrases, > I use a minisd card so keylogging software can't catch me entering my > phrase. Thanks for all the advice, I'm pretty sure I know what > direction I'm heading at this point, and I'll continue researching > these other encryption methods. You could use a usb drive or a SD card with a keyfile on it with dm-crypt/LUKS. Maybe you want to read [3] which is a quiet good howto for dm-crypt. Michael [1] http://david.woodhou.se/reply-to-list.html [2] https://www.debian.org/MailingLists/index.en.html#codeofconduct [3] https://wiki.archlinux.org/index.php/Dm-crypt On Mon, May 2, 2016 at 7:39 PM, Ralph Sanchez wrote: > I can't find a reply to list, I tried reply all, does that work? I > currently use PGP for disk encryption, I haven't delved much into > learning about LUKS, etc but I will now. I also don't use passphrases, > I use a minisd card so keylogging software can't catch me entering my > phrase. Thanks for all the advice, I'm pretty sure I know what > direction I'm heading at this point, and I'll continue researching > these other encryption methods. > > On Mon, May 2, 2016 at 1:16 PM, heqami...@runbox.com > wrote: >> Ralph, Again, use the button reply to list. >> >> Disk encryption don't use gpg. You just have to remember a pass pharase >> that you use for unlock your hard disk. >> >> Installer will overwrite all your disk, but if you want you can skip >> this step by pressing "cancel" button >> >> >> please learn what gpg is and what is luks and use the reply to list button. >> >> https://wiki.archlinux.org/index.php/disk_encryption >> >
Re: Installation of openssh-client stops with error in groupadd
Hi, On 04/26/2016 09:03 PM, Michael Luecke wrote: My gut feeling tells me that one should blame filesystem (btrfs) implementation in cases such as this. It's nothing to blame btrfs for, the same thing happens at this system with ext4. Sent a bug-report. Bug#822808 Best regards Michael
Re: Installation of openssh-client stops with error in groupadd
Hello, On 04/26/2016 08:54 PM, Reco wrote: For the sake of the purity of the experiment, it would be nice to reboot the system with "init=/bin/sh" added to kernel commandline (to exclude systemd interference), but I foresee that the result would be the same. I'll try this if I have a little bit time and come back to this topic then. So, to sum it up. Your current kernel + root filesystem combo prevents you to overwrite /etc/group (and I suspect any existing file) with another file by means of conventional rename(2) syscall, which returns anomalous return code. My gut feeling tells me that one should blame filesystem (btrfs) implementation in cases such as this. This behavior justifies a bug report with severity 'serious' against 'linux-image' package as I don't see any easy way to fix this short of kernel patch or replacing the filesystem with something more conventional (ext4 comes to mind). I'll prepare a bug-report also. As this is a freshly set-up computer, I'll also try to reinstall it with ext4. So thank you for your help until here. Best regards Michael
Re: Installation of openssh-client stops with error in groupadd
Hi, I've done your commands: On 04/26/2016 08:04 PM, Reco wrote: > unshare -m /bin/bash > mount -o bind / /mnt > mount -o bind /proc /mnt/proc > mount -o bind /dev /mnt/dev > chroot /mnt Without failure until here. > strace groupadd -g 1234 test The known failure again: rename("/etc/group+", "/etc/group") = -1 EBUSY (Device or resource busy) > exit > exit Thank you for your patient help. I attached the complete strace output. //Michael strace.out.gz Description: application/gzip
Re: Installation of openssh-client stops with error in groupadd
Hi, as I restarted my computer today. I wanted to install lsof via apt-get and at least it configured openssh-client without failure. So I thought that problem fixed itself, but it didn't. I tried to add another group manually so I typed as root: # groupadd -g 1234 test groupadd: failure while writing changes to /etc/group and # strace groupadd -g 1234 test showed the known error: ... rename("/etc/group+", "/etc/group") = -1 EBUSY (Device or resource busy) On 04/25/2016 10:57 PM, Reco wrote: > /bin/fuser /etc/group # fuser /etc/group [ no output ] > /usr/bin/lsof /etc/group # lsof /etc/group [ no output ] //Michael
Re: Installation of openssh-client stops with error in groupadd
> Please post the output of: ... ++ # strace /usr/sbin/groupadd -g 117 ssh execve("/usr/sbin/groupadd", ["/usr/sbin/groupadd", "-g", "117", "ssh"], [/* 25 vars */]) = 0 brk(0) = 0x7f17b521 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b432 access("/etc/ld.so.preload", R_OK) = 0 open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 close(3)= 0 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=44647, ...}) = 0 mmap(NULL, 44647, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f17b4315000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20*\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=113024, ...}) = 0 mmap(NULL, 2249344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b3ccd000 mprotect(0x7f17b3ce7000, 2093056, PROT_NONE) = 0 mmap(0x7f17b3ee6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f17b3ee6000 mmap(0x7f17b3ee9000, 37504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3ee9000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20c\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=142728, ...}) = 0 mmap(NULL, 2246896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b3aa8000 mprotect(0x7f17b3ac9000, 2097152, PROT_NONE) = 0 mmap(0x7f17b3cc9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7f17b3cc9000 mmap(0x7f17b3ccb000, 6384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3ccb000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b4314000 mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b36fd000 mprotect(0x7f17b389f000, 2093056, PROT_NONE) = 0 mmap(0x7f17b3a9e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7f17b3a9e000 mmap(0x7f17b3aa4000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3aa4000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\27\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=448440, ...}) = 0 mmap(NULL, 2543976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b348f000 mprotect(0x7f17b34fb000, 2097152, PROT_NONE) = 0 mmap(0x7f17b36fb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6c000) = 0x7f17b36fb000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0 mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b328b000 mprotect(0x7f17b328e000, 2093056, PROT_NONE) = 0 mmap(0x7f17b348d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f17b348d000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20o\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b4313000 mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f17b306e000 mprotect(0x7f17b3086000, 2093056, PROT_NONE) = 0 mmap(0x7f17b3285000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f17b3285000 mmap(0x7f17b3287000, 13456, PROT_READ|PROT_WRITE,
Installation of openssh-client stops with error in groupadd
Hello, I have a fresh installation of Debian jessie. As I wanted to install 'openssh-client' it stops with an error in groupadd. It seems that I cannot add any groups, because I get the error also when I try to add the group manually. In /etc there are two files, group and group+. Their difference is the ssh group I and apt tried to add before. ++ michael@michael-wst:~$ sudo apt-get install openssh-client Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: ssh-askpass libpam-ssh keychain monkeysphere The following NEW packages will be installed: openssh-client 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 691 kB of archives. After this operation, 3,765 kB of additional disk space will be used. Get:1 http://security.debian.org/ jessie/updates/main openssh-client amd64 1:6.7p1-5+deb8u2 [691 kB] Fetched 691 kB in 0s (2,823 kB/s) Selecting previously unselected package openssh-client. (Reading database ... 57582 files and directories currently installed.) Preparing to unpack .../openssh-client_1%3a6.7p1-5+deb8u2_amd64.deb ... Unpacking openssh-client (1:6.7p1-5+deb8u2) ... Processing triggers for man-db (2.7.0.2-5) ... Setting up openssh-client (1:6.7p1-5+deb8u2) ... groupadd: failure while writing changes to /etc/group addgroup: `/usr/sbin/groupadd -g 117 ssh' returned error code 10. Exiting. dpkg: error processing package openssh-client (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: openssh-client E: Sub-process /usr/bin/dpkg returned an error code (1) ++ root@michael-wst:/etc# /usr/sbin/groupadd -g 117 ssh groupadd: failure while writing changes to /etc/group ++ root@michael-wst:/etc# ls -lh group* -rw-r--r-- 1 root root 813 Apr 25 20:45 group -rw--- 1 root root 813 Apr 25 20:45 group- -rw-r--r-- 1 root root 824 Apr 25 21:27 group+ ++ root@michael-wst:/etc# diff group group+ 56a57 > ssh:x:117: ++ //Michael